View previous topic :: View next topic |
Author |
Message |
Dun Newbie cheater Reputation: 0
Joined: 10 Dec 2015 Posts: 12
|
Posted: Thu Dec 10, 2015 6:27 am Post subject: how to find the correct pointer |
|
|
hi I new in this forum
I use Ce scan Aob which result to 3
I use trainer will change all three result and crash the game
I know only the last result which is the correct 1
any senior will like to help me or link to tutorial
thanks
|
|
Back to top |
|
|
Rydian Grandmaster Cheater Supreme Reputation: 31
Joined: 17 Sep 2012 Posts: 1358
|
Posted: Thu Dec 10, 2015 6:53 am Post subject: |
|
|
The easiest thing to do would be to improve/expand the signature so it only picks up on the third thing.
Could you show us the AOB and then show us the three results centered in the disassembler part of the memory viewer window?
_________________
Last edited by Rydian on Thu Dec 10, 2015 3:19 pm; edited 1 time in total |
|
Back to top |
|
|
Dun Newbie cheater Reputation: 0
Joined: 10 Dec 2015 Posts: 12
|
Posted: Thu Dec 10, 2015 7:35 am Post subject: |
|
|
3 result from AOB , the 3rd result is correct , 3 different addresses
[[Luacall(Aobswap("8B 41 70 85 C0 74 28 8B 50 08 8B 4A 50","8B 81 80 00 00 00 90 8B 50 08 8B 4A 50""))]],
the game crash coz change all 3 result
Description: |
|
Filesize: |
44.09 KB |
Viewed: |
12843 Time(s) |
|
Description: |
|
Filesize: |
51.22 KB |
Viewed: |
12850 Time(s) |
|
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4291
|
Posted: Thu Dec 10, 2015 10:37 am Post subject: |
|
|
Huh... it looks like the exact same instructions. Try scrolling up a bit in all 3 of those views, so that the instruction mov eax,[ecx+70] is at the very bottom instead of the very top. If they aren't the same instructions, then great, we can use that in the signature.
If they're still all the same, then you can try breaking and tracing that instruction back to the calling subroutine, and that subroutine might have a unique AoB.
It might also be crashing because of what you're replacing it with. It's completely overriding that test and je. If you manually make the replacement to only the third one, does it work, or does it crash?
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
Dun Newbie cheater Reputation: 0
Joined: 10 Dec 2015 Posts: 12
|
Posted: Thu Dec 10, 2015 11:15 am Post subject: |
|
|
ParkourPenguin
finally got this
8B 45 10 8B 08 8B 41 1C 85 C0 74 28 8B 50 08 8B 4A 50 8D 55(orig)
only show 2 result , tested many time , the correct result is the last result
8B 45 10 8B 08 8B 41 14 85 C0 74 28 8B 50 08 8B 4A 50 8D 55(replace)
do u think the following script work?
{$lua}
AoB = AOBScan("8B 45 10 8B 08 8B 41 1C 85 C0 74 28 8B 50 08 8B 4A 50 8D 55")
if (AoB) then -- check if there are results or not
lngt = AoB.getCount() -- get the AoB array length
if (lngt > 1) then writeBytes("8B 45 10 8B 08 8B 41 14 85 C0 74 28 8B 50 08 8B 4A 50 8D 55) end
AoB.Destroy() -- destroy the array
AoB = nil
else
-- print("No results found.")
end
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4291
|
Posted: Thu Dec 10, 2015 11:36 am Post subject: |
|
|
A lot of things in that Lua code are wrong, and that AoB isn't even the same as the one you posted. But whatever.
Put this into an AA script:
Code: | {$lua}
[ENABLE]
local res = AOBScan("8B 45 10 8B 08 8B 41 1C 85 C0 74 28 8B 50 08 8B 4A 50 8D 55")
if res then
addrOfMyHack = getAddress(res[res.Count-1])
writeBytes(addrOfMyHack+7,0x14)
res.destroy()
else
showMessage("No results found.")
end
[DISABLE]
if addrOfMyHack then
writeBytes(addrOfMyHack+7,0x1C)
end |
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
Dun Newbie cheater Reputation: 0
Joined: 10 Dec 2015 Posts: 12
|
Posted: Thu Dec 10, 2015 11:46 am Post subject: |
|
|
thank you bro for correcting the script
is this the correct way of doing this for various change in same AOB
{$lua}
[ENABLE]
local res = AOBScan("8B 41 70 85 C0 74 28 8B 50 08 8B 4A 50")
if res then
addrOfMyHack = getAddress(res[res.Count-1])
writeBytes(addrOfMyHack+1,0x81,0X80,0X00,0X00,0X00,0X90)
res.destroy()
else
showMessage("No results found.")
end
|
|
Back to top |
|
|
|