|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
fuzzayboy Newbie cheater Reputation: 0
Joined: 15 Dec 2007 Posts: 17
|
Posted: Sat Feb 06, 2016 11:40 pm Post subject: [Question] AoBScan ONLY if AoB isn't at the last address |
|
|
Hey everyone, I don't usually ask for help, but I'm really wondering how I should go about this one.
I'm being picky and I would like my AoBScan to be faster IF the address of the AoB hasn't changed.
That and right now if I don't disable my script when a loading screen happens (Pretty randomly sometimes) then I crash because I'm playing with registers where I shouldn't be anymore. So I would like to maybe have it check if the memory region is still relevant.
In a nutshell, I've thought about it (but don't really know how to go about it or if there's an easier way) and what I think I could do is this:
Upon activation:
1. Create a global variable to hold the Address of the AoB around the float, call it AoBAddress.
2. test the AoB(00 00 0C 00 00 00 00 ?? 43 00 00 C8 ?? ?? ?? 16 44) starting at AoBAddress up to 17 bytes further. // Wildcard the speed as we change it / it changes.
Warning: Horrible pseudocode incoming.
Code: | if AoB at AoBAddress up to 17 bytes further isn't found
{
je StopWritingValueAndExitThread
do a full AoB scan for the Address and store the address in AoBAddress
then continue
}
Else
Use the address of the float that was already found)
|
I'm really trying to find a way to skip doing a full range AoB scan every time and making activating / deactivating as smooth as possible.
Well, I ended up doing this (see end of post), because it's my first time working with Floats and ASM. Maybe someone can shed some light as of why this float: 00 00 00 78 actually starts a byte after. Is it because of al? 00 00 78 This really throws me off.
I'm at least rewriting everything now, but I want to make it user friendly, if at all possible not have to ask them to shut it off everytime they think there might be a loading screen.
Here's what it looks like
Code: | 479BE2B5 - 00 00 - add [eax],al
479BE2B7 - 00 00 - add [eax],al
479BE2B9 - 0C 00 - or al,00
479BE2BB - 00 00 - add [eax],al
479BE2BD - 00 78 43 - add [eax+43],bh
479BE2C0 - 00 00 - add [eax],al
479BE2C2 - C8 4200 00 - enter 0042,00
479BE2C6 - 16 - push ss
479BE2C7 - 44 - inc esp
479BE2C8 - 00 00 - add [eax],al
479BE2CA - 48 - dec eax
479BE2CB - 43 - inc ebx |
and here's my code
Code: | [enable]
aobscan(aob1, 00 00 0C 00 00 00 00 78 43 00 00 C8 ?? ?? ?? 16 44)
alloc(ConstantlyWrite,1024)
label(StopWritingValueAndExitThread)
label(ScriptDisabled)
label(pauseECM)
registersymbol(ScriptDisabled)
registersymbol(pauseECM)
createthread(ConstantlyWrite)
aob1+5:
pauseECM: //only associate pauseECM with the proper address here
ConstantlyWrite:
push 0a
call kernel32.Sleep
cmp [ScriptDisabled],1
je StopWritingValueAndExitThread //when script disabled, thread will exit
mov eax,pauseECM //move address of pauseECM into register
mov edx,(float)400.0 //value to write into another register
mov [eax],edx //write value
jmp ConstantlyWrite //loop forever until script disabled
StopWritingValueAndExitThread: //only reached when script is disabled
ret
ScriptDisabled:
dd 0
[disable]
ScriptDisabled:
dd 1
unregistersymbol(ScriptDisabled)
unregistersymbol(pauseECM) |
Some of this might not make any sense because I've been at it for a couple hours and it's very very late now. Thanks for any help!
|
|
Back to top |
|
|
fuzzayboy Newbie cheater Reputation: 0
Joined: 15 Dec 2007 Posts: 17
|
Posted: Fri Feb 12, 2016 10:40 am Post subject: |
|
|
bumping in hope someone can shed some light. Not looking for a spoonfed answer, just to be pointed in the right direction.
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4289
|
Posted: Tue Feb 16, 2016 11:27 am Post subject: |
|
|
You could use Lua for only doing an AoB scan once:
Code: | [ENABLE]
{$lua}
local function cmpBytes(table1,table2)
if #table1 ~= #table2 then return false end
for i,v in pairs(table1) do
if table2[i] ~= v then
return false
end
end
return true
end
if myAoBAddy == nil or not cmpBytes({0x12, 0x34, 0xAB, 0xDC, 0x77},readBytes(myAoBAddy,5,true)) then
local list = AOBScan("12 34 AB DC 77")
if list ~= nil and list.Count == 1 then
myAoBAddy = tonumber(list[0])
list.destroy()
else
list.destroy()
return nil
end
end
registerSymbol("myAoBAddy",myAoBAddy)
{$asm}
...
[DISABLE]
unregisterSymbol(myAoBAddy)
... |
If you want it to stop crashing, then stop constantly writing to it. Hook some instruction that accesses (preferably writes to) that address instead and write your value to it there.
fuzzayboy wrote: | Maybe someone can shed some light as of why this float: 00 00 00 78 actually starts a byte after. Is it because of al? 00 00 78 This really throws me off. | I don't know what you mean by this. I'm pretty sure it's not even executable code, as it doesn't make sense regardless of where you start disassembling it.
While both ASM and data are stored in memory as bytes, they are hardly interchangeable. Try to jump into a block of memory that stores data and see how many instructions it takes for the application to crash.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
fuzzayboy Newbie cheater Reputation: 0
Joined: 15 Dec 2007 Posts: 17
|
Posted: Wed Feb 24, 2016 10:45 pm Post subject: |
|
|
ParkourPenguin wrote: |
While both ASM and data are stored in memory as bytes, they are hardly interchangeable. Try to jump into a block of memory that stores data and see how many instructions it takes for the application to crash. |
So in a nutshell, CE is still trying to interpret it as instructions from the bytes, because that's what it does, but if I know all that memory region contains, is floats one after another, I should disregard the OPCodes I'm seeing?
That would make a LOT of sense and I wish I would have clued in a lot sooner. So much time spent trying to find the relation.
Thank you very much for both that information and the Lua code.
|
|
Back to top |
|
|
Zanzer I post too much Reputation: 126
Joined: 09 Jun 2013 Posts: 3278
|
Posted: Wed Feb 24, 2016 10:59 pm Post subject: |
|
|
Code: | myAoBAddy = tonumber(list[0],16) |
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|