Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Using aobscan for injection addresses

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
jgoemat
Master Cheater
Reputation: 22

Joined: 25 Sep 2011
Posts: 252
PostPosted: Tue Aug 07, 2012 2:14 pm    Post subject: Using aobscan for injection addresses This post has 1 review(s) Reply with quote
I see that most people hard-code their addresses, is there a reason to do that rather than use AOBSCAN to find the code? For example, hard-coding addresses would be like this:

Code:
[ENABLE]
ShippingPC-Bzb2Game.exe+49094:
    nop
    nop

[DISABLE]
ShippingPC-Bzb2Game.exe+49094:
    db 89 01


Using aobscan would keep most trainers working with most updates to the game, and make it easier for someone to fix the trainer themselves if an update broke it.

Code:
[ENABLE]
{ CODE TO REPLACE:
ShippingPC-Bzb2Game.exe+49090 - 8B 4C 24 10           - mov ecx,[esp+10]
ShippingPC-Bzb2Game.exe+49094 - 89 01                 - mov [ecx],eax << CODE
ShippingPC-Bzb2Game.exe+49096 - 83 C4 08              - add esp,08
ShippingPC-Bzb2Game.exe+49099 - C2 0800               - ret 0008
ShippingPC-Bzb2Game.exe+4909C - 8B 54 24 10           - mov edx,[esp+10]
}

// skip 4 to get mov [ecx],eax
AOBSCAN(Cheat1_AOB, 8b 4c 24 10 89 01 83 c4 08 c2 08 00 8b 54 24 10)

label(Cheat1_Replace)
registersymbol(Cheat1_Replace)

Cheat1_AOB+4:
Cheat1_Replace:
    nop
    nop
Cheat1_Return:

[DISABLE]
Cheat1_Replace:
    db 89 01

unregistersymbol(Cheat1_Replace)



If the Array of Bytes isn't found, there is a several second delay when trying to enable the script and it fails, but it would fail if the code changed anyway.

I always scan for my array of bytes (don't forget to mark 'CopyOnWrite' to search executable code) and make sure it only occurs once. If there are call statements or hard-coded addresses, replace them with ?? to ignore them in the scan:

Code:
{
ShippingPC-Bzb2Game.exe+49066 - 89 46 18              - mov [esi+18],eax
ShippingPC-Bzb2Game.exe+49069 - FF 15 C48EC401        - call dword ptr [ShippingPC-Bzb2Game.exe+1848EC4]
ShippingPC-Bzb2Game.exe+4906F - 8B 44 24 04           - mov eax,[esp+04]
}

// ignore hard-coded address
aobscan(AOBAddress1,89 46 18 ff 15 ?? ?? ?? ?? 8b 44 24 04)


While I'm on the subject, is there a reason I can't register Cheat1_AOB as a symbol instead of having to create a new label and register it?
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 458

Joined: 09 May 2003
Posts: 25295
Location: The netherlands
PostPosted: Tue Aug 07, 2012 2:21 pm    Post subject: Reply with quote
People don't use it because they find it too difficult(wildcard parts confuse them),or are just lazy
As for the labek thing, that is because aobscan sets a define/const instead of a label, and registersymbol demands an alloc label
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
DaSpamer
Grandmaster Cheater Supreme
Reputation: 52

Joined: 13 Sep 2011
Posts: 1578
PostPosted: Mon Sep 24, 2012 11:56 am    Post subject: Reply with quote
I use aobscan only Razz
I hack flash games only (facebook, online MMO and etc.)
So hacking with adresses is impossible when playing flashplayer.
Example of coin hack in facebook for Zombie Lane:
Code:
[ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
label(timelabel)
registersymbol(timelabel)
aobscan(aobtime,0F 8E ?? ?? ?? ?? BB 01 00 00 00 66 0F 57 C9 F2 0F 2A CB F2 0F 58 C1 66 0F D6 47 58)

newmem:
nop
originalcode:
//jng 0A67BC75 <=== this is random adresses.. idk why I put it

exit:
jmp returnhere

aobtime:
timelabel:
jmp newmem
nop
returnhere:


[DISABLE]

_________________
HEY Hitler
Do you get lazy when making trainers?
Well no more!
My CETrainer will generate it for you in seconds, so you won't get lazy! Very Happy

http://forum.cheatengine.org/viewtopic.php?t=564919
Back to top
View user's profile Send private message
shadel
Advanced Cheater
Reputation: 0

Joined: 19 May 2010
Posts: 52
PostPosted: Fri Nov 16, 2012 10:10 am    Post subject: Reply with quote
When I use aobscan, I use it this way to keep a label on that address :

label (myaddress)
registersymbol (myaddress)

aobscan (scan, xx xx xx)

scan:
myaddress:
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites