View previous topic :: View next topic |
Author |
Message |
azamalvi Cheater Reputation: 0
Joined: 16 Aug 2013 Posts: 26
|
Posted: Sat Jun 11, 2016 6:05 am Post subject: aobscan help |
|
|
I have a code that uses aobscan. This code is basically for facbook game and it works fine. Now that game is available for Windows. So i want to apply same code on windows but i received below error
Error while scanning AOB's: _fpq
This is code that I am using
Code: |
[ENABLE]
Aobscan(_fpq,0F 4A 00 00 62 07 66 EB 41 62 07 46 F5 41 00 A0 D0 66 B2 2E 0D 32 00 00 60 D5 01 46 E9 5C 00)
_fpq:
db 0F 00 00 00 62 07 66 EB 41 62 07 46 F5 41 00 A0 D0 66 B2 2E 29 29 02 02 60 D5 01 46 E9 5C 00
[DISABLE] |
|
|
Back to top |
|
|
cooleko Grandmaster Cheater Reputation: 11
Joined: 04 May 2016 Posts: 717
|
Posted: Sat Jun 11, 2016 9:39 am Post subject: |
|
|
There is no guarantee that code written for a FB game is exactly the same as code written for a windows game. In fact, it is almost certain the code has changed.
You really should run the FB game with this code:
Code: | [ENABLE]
Aobscan(_fpq,0F 4A 00 00 62 07 66 EB 41 62 07 46 F5 41 00 A0 D0 66 B2 2E 0D 32 00 00 60 D5 01 46 E9 5C 00)
registersymbol(_fpq)
[DISABLE]
unregistersymbol(_fpq) |
Open the memory viewer and scan for address _fpq in the instructions window
take a screenshot of what you see.
Open the windows game and search for array of bytes "0D 32 00 00"
If there arent too many results (lets say 50+) then just disassemble each location and look at those instructions, see which one is similar to the FB one.
Alternatively, you can just blindly guess and check. For instance, look at the code below:
Code: |
?0F? 4A ?00? ?00? ?62? ?07? ?66? ?EB? ?41? ?62? ?07? ?46? ?F5? ?41? ?00? ?A0? ?D0? ?66? ?B2? ?2E? 0D 32 00 00 ?60? ?D5? ?01? ?46? ?E9? ?5C? ?00?
|
for each byte that i enclosed in ?xx?, this byte may be changed in the windows game, you could start by replacing some, of the bytes with ?? (and removing ?xx? from the remaining or it wont scan). Try 100s of combinations of ?? with the original AOB and hope something works!
Either way, you need to understand what is happening in the FB code to find it in the Windows code. Because of that, I recommend the first method. Good luck!
|
|
Back to top |
|
|
Cake-san Grandmaster Cheater Reputation: 8
Joined: 18 Dec 2014 Posts: 541 Location: Semenanjung
|
|
Back to top |
|
|
|