View previous topic :: View next topic |
Did you found this useful? |
Yes |
|
100% |
[ 1 ] |
No |
|
0% |
[ 0 ] |
|
Total Votes : 1 |
|
Author |
Message |
Rissorr Master Cheater Reputation: 3
Joined: 17 Sep 2013 Posts: 273 Location: Israel!
|
Posted: Tue Jun 10, 2014 4:32 pm Post subject: [TUT] Finding an Array Of Bytes of a Value |
|
|
Well.. I think that many people are looking for this information so i decided to try to teach it. Its probably won't be the best tutorial ever.
P.S.: Sorry for my bad English, Im from Israel
So lets begin:
NOTE:
In this tutorial im going to use the CE Tutorial (STEP 2)
Finding AOB of a value in few steps:
1. Find the dinamic (normal) value.
2. Take his 48* bytes and write them into a text file.
3. Restart the application (In my case it is the CE TUT)
4. Then repeat steps 1-3 few times (In this tutorial i will repeat it 5 times).
5. Just "Build" a final AOB from all the AOB's that we found.
One AOB for every time you restart the program, 48 bytes each AOB.
6. Check if the AOB that you found is working properly, If not - find the wrong** byte and fix it.
* You may take less/more bytes, in most cases 48 is enough.
** The byte that doesn't matching all of the AOB's.
=====================================
Detailed Instructions
=====================================
Step 1:
CE:
Value Type: 4 bytes
Scan Type: Exact Value
Input: 100
CE TUT:
Click: "Hit me"
CE:
Input the new value, Next Scan
=====================================
Step 2: (Attached "Screen1", "Screen2")
Right click on the address you found (Of the health on step 2 CE Tutorial)
Click on: " Browse this memory region | Ctrl + B "
The Dissambler Window will pop up, in the bottom you have "The Bytes Part" of the memory view, the first line will be the address that you cliked "Browse this memory rigeon".
Now coppy the first 48 bytes
If you have 8 bytes seperators, 16 bytes per row, so take the first 3 lines (Just like in the "Screen2" pic)
Then open a Notepad (Im using Notepad++) and paste the bytes.
=====================================
Step 3:
Nothing realy to explain, just close the CE TUT and open it again, then in the CE open again the process (In my case: Tutorial-i386.exe) and click "Keep Table".
=====================================
Step 5:
The most complicated step of all the tutorial:
when you got the 48 bytes X 5 times , like:
Code: |
First AOB:
62 00 00 00 90 04 00 00 C4 09 63 00 92 02 00 00 D0 EA 59 00 00 00 00 00 C0 78 56 00 88 42 7F 01 10 0C 7D 01 00 00 00 00 00 00 00 00 00 00 00 00
Second AOB:
60 00 00 00 90 04 00 00 C4 09 63 00 92 02 00 00 D0 EA 59 00 00 00 00 00 C0 78 56 00 88 42 87 01 10 0C 85 01 00 00 00 00 00 00 00 00 00 00 00 00
Third AOB:
63 00 00 00 90 04 00 00 C4 09 63 00 92 02 00 00 D0 EA 59 00 00 00 00 00 C0 78 56 00 88 42 87 01 10 0C 85 01 00 00 00 00 00 00 00 00 00 00 00 00
Forth AOB:
64 00 00 00 90 04 00 00 C4 09 63 00 92 02 00 00 D0 EA 59 00 00 00 00 00 C0 78 56 00 88 42 24 00 10 0C 22 00 00 00 00 00 00 00 00 00 00 00 00 00
Fifth AOB:
5F 00 00 00 90 04 00 00 C4 09 63 00 92 02 00 00 D0 EA 59 00 00 00 00 00 C0 78 56 00 88 42 20 00 10 0C 1E 00 00 00 00 00 00 00 00 00 00 00 00 00
|
You need to "Extract" from all this the working Final AOB.
How to do it? ill show you right now:
first we need to know that if we have 4 bytes value, so the first 4 bytes will be '??'
so lats start building it:
Then we look at the next byte, we can see that in EVERY!!! AOB (of the 5) the next byte is '90' so we add the '90' to our FINAL AOB:
Lets look at the next one:
'04' ,we can see that it 04 in all the AOBs , so we add it to the FINAL AOB
Lats just continue so lats look at the next byte if all the 5 AOBs have the same byte if it the same on all of them so take the next byte and add it to the FINAL.
*adding bytes to the FINAL AOB*
*adding*
*adding*
WHOPS!!!
in the byte # 31 we have a PROBLEM!!! the bytes are NOT MATCHING!!
What to do in this case???
In this case: we put '??'
So in the FINAL AOB it will be:
Code: | ?? ?? ?? ?? 90 04 00 00 C4 09 63 00 92 02 00 00 D0 EA 59 00 00 00 00 00 C0 78 56 00 88 42 ?? |
ok.. continue...
Again WHOOPS!!
Also the next byte is not matching!!!
Note: If you see that some bytes are not matching,
It doesnt mean that the rest of the AOB will be '??'!
Lets do it till the end of the AOBs...
That what i got in the FINAL AOB:
Code: | ?? ?? ?? ?? 90 04 00 00 C4 09 63 00 92 02 00 00 D0 EA 59 00 00 00 00 00 C0 78 56 00 88 42 ?? ?? 10 0C ?? ?? 00 00 00 00 00 00 00 00 00 00 00 00 |
Ok.. so we actually "Built" the Final AOB, now we can test it
=====================================
Step 6:
We want to see that our AOB is really working, so... :
Go to CE
Value Type: Array Of Bytes
Scan Type: Search for this array
Input: the FINAL AOB
( Code: | ?? ?? ?? ?? 90 04 00 00 C4 09 63 00 92 02 00 00 D0 EA 59 00 00 00 00 00 C0 78 56 00 88 42 ?? ?? 10 0C ?? ?? 00 00 00 00 00 00 00 00 00 00 00 00 | )
And if we did everything right
we should get ONLY ONE working address!
take it to the table and double-click on the 'Type' of the address, and change it to 4 Bytes, if it shows you something like:
Simply Right-click on it and "Show as decimal".
WELL DONE!
Hope you LEARNED something from this tutorial because its my first time posting something trivial Please COMMENT! So next time i will know what i need to add and what to remove from/to the tutorial.
Goodbye see you later![/b]
Description: |
|
Filesize: |
367.37 KB |
Viewed: |
68865 Time(s) |
|
Description: |
|
Filesize: |
317.16 KB |
Viewed: |
68865 Time(s) |
|
Last edited by Rissorr on Thu May 05, 2016 2:47 pm; edited 3 times in total |
|
Back to top |
|
|
DeRol Newbie cheater Reputation: 0
Joined: 26 Aug 2009 Posts: 18
|
Posted: Sun Sep 14, 2014 2:30 am Post subject: Useful |
|
|
Thanks for writing this tutorial. A bit rough on the English, but it helped clarify some things I've been trying to learn.
|
|
Back to top |
|
|
Sohail__Saha Advanced Cheater Reputation: 0
Joined: 21 May 2014 Posts: 82 Location: India
|
Posted: Thu Sep 18, 2014 1:28 pm Post subject: |
|
|
Thanks, I will try it...
_________________
Don't underestimate the power of a common code.
|
|
Back to top |
|
|
Hatschi Master Cheater Reputation: 2
Joined: 28 Jan 2010 Posts: 327
|
Posted: Thu Sep 18, 2014 1:56 pm Post subject: |
|
|
Question, why do you search for this array of bytes:
Code: | ?? ?? ?? ?? 90 04 00 00 C4 09 63 00 92 02 00 00 D0 EA 59 00 00 00 00 00 C0 78 56 00 88 42 ?? ?? 10 0C ?? ?? 00 00 00 00 00 00 00 00 00 00 00 00 |
Because you already skip the first four bytes. There is no need to mask them or include them at all. Also I know this is a tutorial for the CE tutorial BUT tutorials should help users in other situations as well and you told us to take the first 48 bytes. Which is quite a lot. I would rather recommend using the AOB script in the AA which gives you a unique aob from scratch (in most cases).
|
|
Back to top |
|
|
snowflake How do I cheat? Reputation: 0
Joined: 04 Aug 2009 Posts: 5
|
Posted: Sat Nov 08, 2014 7:16 am Post subject: |
|
|
That's a tut very easy to understand and follow.
If I got it right, AOB is a way to find a static address starting off a dynamic one. Am I right? It's basically an alternative to point scanner.
I also suppose range 48 could be changed to 24 or 1024 just fine. How to choose the right range?
|
|
Back to top |
|
|
Nemexia55 Expert Cheater Reputation: 0
Joined: 28 Jan 2014 Posts: 160
|
Posted: Thu Dec 18, 2014 2:33 pm Post subject: |
|
|
WOW Thanks, nice TUT
but remember there is an easy way...
just look at the picture
Description: |
|
Filesize: |
20.4 KB |
Viewed: |
64958 Time(s) |
|
_________________
|
|
Back to top |
|
|
darkcheater93 How do I cheat? Reputation: 0
Joined: 07 Sep 2015 Posts: 2 Location: indonesia
|
Posted: Thu Jan 28, 2016 4:45 am Post subject: lol |
|
|
thanks man!
|
|
Back to top |
|
|
Rissorr Master Cheater Reputation: 3
Joined: 17 Sep 2013 Posts: 273 Location: Israel!
|
Posted: Wed May 04, 2016 4:21 pm Post subject: |
|
|
@nemexia You are right, this way is more effective (at least in this case)
@mireazma Yes you are right.
To find the optimal range try less bytes (e.g. 16) then if you cant find the unique aob that willing to work try to create an aob with more bytes (e.g. 32) and then more and more, until you got the aob that is working after every game restart (and maybe even game update)
@Hatschi If you not include the four wildcards at the beginning of the aob your aob will "point" to the address that is +4 from the address that we want to find.
Its an alternative way, but just keep in mind that your address will be +4.
Sorry for the grammer
|
|
Back to top |
|
|
|