 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
adky29
How do I cheat?
![]() Reputation: 0
Joined: 17 Aug 2010
Posts: 2
|
 Posted: Tue Aug 17, 2010 11:40 am Post subject: aobscan |
 |
|
| anyone please show link for download aobscan
|
|
| Back to top |
|
 |
fico23f
How do I cheat?
![]() Reputation: 0
Joined: 16 Aug 2010
Posts: 8
|
| Posted: Tue Aug 17, 2010 12:01 pm Post subject: |
|
|
| Try google
|
|
| Back to top |
|
|
Recifense
I post too much
 Reputation: 166
Joined: 17 Mar 2008
Posts: 3688
Location: Pernambuco - Brazil
|
| Posted: Tue Aug 17, 2010 12:30 pm Post subject: |
|
|
OABSCAN is, in fact, a Cheat Engine Auto Assembler command. It is only valid from version 5.6 or later. Please have a look at your Cheat Engine Help (Auto Assembler).
Cheers!
|
|
| Back to top |
|
|
adky29
How do I cheat?
![]() Reputation: 0
Joined: 17 Aug 2010
Posts: 2
|
| Posted: Tue Aug 17, 2010 5:38 pm Post subject: |
|
|
| please give me turtorial !!!
|
|
| Back to top |
|
|
XaLeX
Expert Cheater
![]() Reputation: 0
Joined: 19 Aug 2008
Posts: 226
|
| Posted: Tue Aug 17, 2010 6:44 pm Post subject: |
|
|
| Check the cheat engine help.. just hit F1 while in CE.
|
|
| Back to top |
|
|
GH*master
Expert Cheater
 Reputation: 8
Joined: 10 Jan 2008
Posts: 159
|
| Posted: Tue Aug 17, 2010 7:01 pm Post subject: |
|
|
adky29, "aobscan" is a great feature, but you need to know how to use it.
This function finds the address of a given signature bytes that you want to know how to do.
h t t p ://a.imageshack.us/img696/986/84915865.gif
Bold byte is a signature that can be used. In this example, it will be ...
83 ec xx 8b xx xx xx xx xx xx xx 8b xx 8b xx ff xx xx 8b xx xx xx xx xx 8b...
aobscan(fadd,83ecxx8bxxxxxxxxxxxxxx8bxx8bxxffxxxx8bxxxxxxxxxx8b)
To do this manually, you can use my code to Delphi.
It is necessary to replace the "frmautoinjectunit.pas" in source CE
| Code: | procedure TfrmAutoInject.Codeinjection1Click(Sender: TObject);
function inttostr(i:int64):string;
begin
if i=0 then result:='' else result:=sysutils.IntToStr(i);
end;
function getbytes(adr:dword):string;
var i,j,len,count:byte; frwrdaddr:dword; stlist:TstringList; s,s0,s1,intsr:string;
begin
stlist:=TstringList.create;
frwrdaddr:=adr;
repeat
stlist.Add(disassemble(frwrdaddr)); // заполнили список ассемблерных инструкций типа '0061c2d3 - e8 61 c0 ff ff - call 00618339'
// frwrdaddr:=previousopcode(frwrdaddr)-1;
until frwrdaddr>=adr+120;
//После этого берём первые байты, если их количество не меньше 3 на опкод, остальные помечаем как xx
for i := 0 to stlist.Count-1 do
begin // Получаем:
s:=stlist.Strings[i];
s0:=copy(s,1,pos(' - ',s)); // адрес
delete(s,1,pos(' - ',s)+2);
s1:=copy(s,1,pos(' - ',s)); // байты
delete(s,1,pos(' - ',s)+2); // инструкция
intsr:=s;
//Если в строке байт находится больше трёх байт
len:=length(s1);
count:=(len div 3); //количество байт
s:='';
if (count>1)and(pos('push',intsr)=0) then
begin
s1:=copy(s1,1,3); // копируеме первый байт "FA "
for j := 2 to count
do s:=s+'xx '; // остальные затераем "хх хх хх хх "
s1:=s1+s; //s1:= "FA хх хх хх хх "
end
else // если байт меньше трёх то заливаем всё как "хх "
begin
for j := 1 to count
do s:=s+'xx ';
s1:=s; //s1: = "xx хх хх "
end;
result:=result+s1; //=)
end;
// delete(s1,length(s1)-1,1); // Удяляем последнюю пустоту
delete(result,(32*3),length(result)); //режем первые 32 байта
for I := 32 downto 1 do
delete(result,i*3,1);
while 'xx'=copy(result,length(result)-1,2) do
delete(result,length(result)-1,2);
stlist.Destroy;
end;
var address: string;
addressdw: dword;
originalcode: array of string;
originalbytes: array of byte;
codesize: integer;
a,b: dword;
x: string;
i,j,k: integer;
prev_usesymbols: boolean;
injectnr: integer;
enablepos: integer;
disablepos: integer;
enablecode: tstringlist;
disablecode: tstringlist;
simbol:boolean;
bofset:byte;
provbyte:string;
begin
{$ifndef standalonetrainerwithassembler}
CheatTablecompliantcodee1.Click; // обрамление
simbol:=symhandler.showmodules; //запоминаем "нужно ли показывать модули"
symhandler.showmodules:=true; //в любом случае показываем модули в метках
a:=memorybrowser.disassemblerview.SelectedAddress;
address:=inttohex(a,8);
{ if inputquery('Code inject template','On what address do you want the jump?',address) then
begin}
try
a:=strtoint('$'+address);
except
a:=symhandler.getaddressfromname(address);
end;
b:=a;
injectnr:=0;
for i:=0 to assemblescreen.Lines.Count-1 do
begin
j:=pos('alloc(newmem',lowercase(assemblescreen.lines[i]));
if j<>0 then
begin
x:=copy(assemblescreen.Lines[i],j+12,length(assemblescreen.Lines[i]));
x:=copy(x,1,pos(',',x)-1);
try
k:=strtoint(x);
if injectnr<=k then
injectnr:=k+1;
except
inc(injectnr);
end;
end;
end;
//disassemble the old code
setlength(originalcode,0);
codesize:=0;
while codesize<5 do
begin
setlength(originalcode,length(originalcode)+1);
originalcode[length(originalcode)-1]:=disassemble(a,x);
i:=posex('-',originalcode[length(originalcode)-1]);
i:=posex('-',originalcode[length(originalcode)-1],i+1);
originalcode[length(originalcode)-1]:=copy(originalcode[length(originalcode)-1],i+2,length(originalcode[length(originalcode)-1]));
codesize:=a-b;
end;
setlength(originalbytes,codesize);
ReadProcessMemory(processhandle, pointer(b), @originalbytes[0], codesize, a);
enablecode:=tstringlist.Create;
disablecode:=tstringlist.Create;
try
with enablecode do
begin
// Необходимое сканирование при активации, когда адрес сместился
//aobscan(_address,d8xxxxxxdfxxf6xxxx0fxxxxxxxxxx8bxxe8xxxxxxxx8bxxe8xxxxxxxxd9xxd8)
provbyte:=getbytes(strtoint('$'+address));
add(' aobscan(_faddress,'+provbyte+')');
add(' alloc(_newmem'+inttostr(injectnr)+',2048)');
add(' label(_returnhere'+inttostr(injectnr)+')');
add(' label(_originalcode'+inttostr(injectnr)+')');
add('');
add('_newmem'+inttostr(injectnr)+':');
// add(' mov [],eax //mov eax,');
add('');
add('_originalcode'+inttostr(injectnr)+':');
for i:=0 to length(originalcode)-1 do
add(' '+originalcode[i]);
add(' jmp _returnhere'+inttostr(injectnr)+'');
add('');
add('_faddress: // '+address+' = '+symhandler.getNameFromAddress(strtoint('$'+address)));
// add(symhandler.getnamefromaddress(strtoint('$'+address))+':');//прыжок после выделения памяти
// add(address+':');
add(' jmp _newmem'+inttostr(injectnr)+'');
bofset:=5;
while codesize>5 do
begin
add(' nop');
dec(codesize);
inc(bofset); // для посторения проверочных байта отмены
end;
add('_returnhere'+inttostr(injectnr)+':');
end;
delete(provbyte,1,bofset*2); // удаляем то чего не надо искать
dec(bofset,5);
for I := 1 to bofset do
provbyte:='90'+provbyte;
with disablecode do
begin
add(' aobscan(_faddress,'+provbyte+')');
add('');
// add(address+':');
add('_faddress-5:');
for i:=0 to length(originalcode)-1 do
add(' '+originalcode[i]);
add('');
add(' dealloc(_newmem'+inttostr(injectnr)+')');
x:='db';
for i:=0 to length(originalbytes)-1 do
x:=x+' '+inttohex(originalbytes[i],2);
add('//Alt: '+x);
end;
getenableanddisablepos(assemblescreen.lines,enablepos,disablepos);
//skip first comment(s)
if enablepos>=0 then
begin
while enablepos<assemblescreen.lines.Count-1 do
begin
if pos('//',trim(assemblescreen.Lines[enablepos+1]))=1 then inc(enablepos) else break;
end;
end;
for i:=enablecode.Count-1 downto 0 do
assemblescreen.Lines.Insert(enablepos+1,enablecode[i]);
getenableanddisablepos(assemblescreen.lines,enablepos,disablepos);
//skip first comment(s)
if disablepos>=0 then
begin
while disablepos<assemblescreen.lines.Count-1 do
begin
if pos('//',trim(assemblescreen.Lines[disablepos+1]))=1 then inc(enablepos) else break;
inc(disablepos);
end;
//only if there actually is a disable section place this code
for i:=disablecode.Count-1 downto 0 do
assemblescreen.Lines.Insert(disablepos+1,disablecode[i]);
end;
finally
enablecode.free;
disablecode.Free;
end;
symhandler.showmodules:=simbol;
//
{$endif}
end; |
You end up with something like this ...
| Code: | [ENABLE]
aobscan(_faddress,d9xxxxxxxxxxxxd9xxd8xxdfxxf6xxxx75xxddxxebxxf6xxxx7axxd8)
alloc(_newmem,2048)
label(_returnhere)
label(_originalcode)
_newmem:
mov dword ptr [esi+00000ca4],3F800000
_originalcode:
fld dword ptr [esi+00000ca4]
jmp _returnhere
_faddress: // 00ADFCFD = GameDLL_x86.dll+50FCFD
jmp _newmem
nop
_returnhere:
[DISABLE]
aobscan(_faddress,90xxd9xxd8xxdfxxf6xxxx75xxddxxebxxf6xxxx7axxd8)
_faddress-5:
fld dword ptr [esi+00000ca4]
dealloc(_newmem) |
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
