Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


[TUT] Finding an Array Of Bytes of a Value

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials
View previous topic :: View next topic  

Did you found this useful?
Yes
100%
 100%  [ 1 ]
No
0%
 0%  [ 0 ]
Total Votes : 1

Author Message
Rissorr
Master Cheater
Reputation: 3

Joined: 17 Sep 2013
Posts: 273
Location: Israel!

PostPosted: Tue Jun 10, 2014 4:32 pm    Post subject: [TUT] Finding an Array Of Bytes of a Value Reply with quote

Well.. I think that many people are looking for this information so i decided to try to teach it. Its probably won't be the best tutorial ever.

P.S.: Sorry for my bad English, Im from Israel Confused

So lets begin:

NOTE:
In this tutorial im going to use the CE Tutorial (STEP 2)


Finding AOB of a value in few steps:

1. Find the dinamic (normal) value.

2. Take his 48* bytes and write them into a text file.

3. Restart the application (In my case it is the CE TUT)

4. Then repeat steps 1-3 few times (In this tutorial i will repeat it 5 times).

5. Just "Build" a final AOB from all the AOB's that we found.
One AOB for every time you restart the program, 48 bytes each AOB.

6. Check if the AOB that you found is working properly, If not - find the wrong** byte and fix it.

* You may take less/more bytes, in most cases 48 is enough.
** The byte that doesn't matching all of the AOB's.

=====================================

Detailed Instructions

=====================================

Step 1:

CE:
Value Type: 4 bytes
Scan Type: Exact Value
Input: 100

CE TUT:
Click: "Hit me"

CE:
Input the new value, Next Scan

=====================================

Step 2: (Attached "Screen1", "Screen2")

Right click on the address you found (Of the health on step 2 CE Tutorial)

Click on: " Browse this memory region | Ctrl + B "

The Dissambler Window will pop up, in the bottom you have "The Bytes Part" of the memory view, the first line will be the address that you cliked "Browse this memory rigeon".

Now coppy the first 48 bytes
If you have 8 bytes seperators, 16 bytes per row, so take the first 3 lines (Just like in the "Screen2" pic)

Then open a Notepad (Im using Notepad++) and paste the bytes.

=====================================

Step 3:

Nothing realy to explain, just close the CE TUT and open it again, then in the CE open again the process (In my case: Tutorial-i386.exe) and click "Keep Table".

=====================================

Step 5:

The most complicated step of all the tutorial:

when you got the 48 bytes X 5 times , like:

Code:

First AOB:
62 00 00 00 90 04 00 00 C4 09 63 00 92 02 00 00 D0 EA 59 00 00 00 00 00 C0 78 56 00 88 42 7F 01 10 0C 7D 01 00 00 00 00 00 00 00 00 00 00 00 00
Second AOB:
60 00 00 00 90 04 00 00 C4 09 63 00 92 02 00 00 D0 EA 59 00 00 00 00 00 C0 78 56 00 88 42 87 01 10 0C 85 01 00 00 00 00 00 00 00 00 00 00 00 00
Third AOB:
63 00 00 00 90 04 00 00 C4 09 63 00 92 02 00 00 D0 EA 59 00 00 00 00 00 C0 78 56 00 88 42 87 01 10 0C 85 01 00 00 00 00 00 00 00 00 00 00 00 00
Forth AOB:
64 00 00 00 90 04 00 00 C4 09 63 00 92 02 00 00 D0 EA 59 00 00 00 00 00 C0 78 56 00 88 42 24 00 10 0C 22 00 00 00 00 00 00 00 00 00 00 00 00 00
Fifth AOB:
5F 00 00 00 90 04 00 00 C4 09 63 00 92 02 00 00 D0 EA 59 00 00 00 00 00 C0 78 56 00 88 42 20 00 10 0C 1E 00 00 00 00 00 00 00 00 00 00 00 00 00


You need to "Extract" from all this the working Final AOB.
How to do it? ill show you right now:

first we need to know that if we have 4 bytes value, so the first 4 bytes will be '??'
so lats start building it:

Code:
?? ?? ?? ??


Then we look at the next byte, we can see that in EVERY!!! AOB (of the 5) the next byte is '90' so we add the '90' to our FINAL AOB:

Code:
?? ?? ?? ?? 90


Lets look at the next one:
'04' ,we can see that it 04 in all the AOBs , so we add it to the FINAL AOB

Code:
?? ?? ?? ?? 90 04


Lats just continue so lats look at the next byte if all the 5 AOBs have the same byte if it the same on all of them so take the next byte and add it to the FINAL.

*adding bytes to the FINAL AOB*
*adding*
*adding*

WHOPS!!!
in the byte # 31 we have a PROBLEM!!! the bytes are NOT MATCHING!!
What to do in this case???

In this case: we put '??'

So in the FINAL AOB it will be:

Code:
?? ?? ?? ?? 90 04 00 00 C4 09 63 00 92 02 00 00 D0 EA 59 00 00 00 00 00 C0 78 56 00 88 42 ??


ok.. continue...

Again WHOOPS!!
Also the next byte is not matching!!!

Note: If you see that some bytes are not matching,
It doesnt mean that the rest of the AOB will be '??'!


Lets do it till the end of the AOBs...

That what i got in the FINAL AOB:

Code:
?? ?? ?? ?? 90 04 00 00 C4 09 63 00 92 02 00 00 D0 EA 59 00 00 00 00 00 C0 78 56 00 88 42 ?? ?? 10 0C ?? ?? 00 00 00 00 00 00 00 00 00 00 00 00


Ok.. so we actually "Built" the Final AOB, now we can test it Very Happy

=====================================

Step 6:

We want to see that our AOB is really working, so... :

Go to CE

Value Type: Array Of Bytes
Scan Type: Search for this array

Input: the FINAL AOB

(
Code:
?? ?? ?? ?? 90 04 00 00 C4 09 63 00 92 02 00 00 D0 EA 59 00 00 00 00 00 C0 78 56 00 88 42 ?? ?? 10 0C ?? ?? 00 00 00 00 00 00 00 00 00 00 00 00
)

And if we did everything right
we should get ONLY ONE working address!

take it to the table and double-click on the 'Type' of the address, and change it to 4 Bytes, if it shows you something like:
Code:
00000064

Simply Right-click on it and "Show as decimal".

WELL DONE!

Hope you LEARNED something from this tutorial because its my first time posting something trivial Smile Please COMMENT! So next time i will know what i need to add and what to remove from/to the tutorial.

Goodbye see you later![/b]



Screen1.png
 Description:
 Filesize:  367.37 KB
 Viewed:  68470 Time(s)

Screen1.png



Screen2.png
 Description:
 Filesize:  317.16 KB
 Viewed:  68470 Time(s)

Screen2.png




Last edited by Rissorr on Thu May 05, 2016 2:47 pm; edited 3 times in total
Back to top
View user's profile Send private message
DeRol
Newbie cheater
Reputation: 0

Joined: 26 Aug 2009
Posts: 18

PostPosted: Sun Sep 14, 2014 2:30 am    Post subject: Useful Reply with quote

Thanks for writing this tutorial. A bit rough on the English, but it helped clarify some things I've been trying to learn.
Back to top
View user's profile Send private message
Sohail__Saha
Advanced Cheater
Reputation: 0

Joined: 21 May 2014
Posts: 82
Location: India

PostPosted: Thu Sep 18, 2014 1:28 pm    Post subject: Reply with quote

Thanks, I will try it... Very Happy
_________________
Don't underestimate the power of a common code.
Laughing
Back to top
View user's profile Send private message Visit poster's website
Hatschi
Master Cheater
Reputation: 2

Joined: 28 Jan 2010
Posts: 327

PostPosted: Thu Sep 18, 2014 1:56 pm    Post subject: Reply with quote

Question, why do you search for this array of bytes:

Code:
?? ?? ?? ?? 90 04 00 00 C4 09 63 00 92 02 00 00 D0 EA 59 00 00 00 00 00 C0 78 56 00 88 42 ?? ?? 10 0C ?? ?? 00 00 00 00 00 00 00 00 00 00 00 00


Because you already skip the first four bytes. There is no need to mask them or include them at all. Also I know this is a tutorial for the CE tutorial BUT tutorials should help users in other situations as well and you told us to take the first 48 bytes. Which is quite a lot. I would rather recommend using the AOB script in the AA which gives you a unique aob from scratch (in most cases).
Back to top
View user's profile Send private message
snowflake
How do I cheat?
Reputation: 0

Joined: 04 Aug 2009
Posts: 5

PostPosted: Sat Nov 08, 2014 7:16 am    Post subject: Reply with quote

That's a tut very easy to understand and follow.
If I got it right, AOB is a way to find a static address starting off a dynamic one. Am I right? It's basically an alternative to point scanner.

I also suppose range 48 could be changed to 24 or 1024 just fine. How to choose the right range?
Back to top
View user's profile Send private message
Nemexia55
Expert Cheater
Reputation: 0

Joined: 28 Jan 2014
Posts: 160

PostPosted: Thu Dec 18, 2014 2:33 pm    Post subject: Reply with quote

WOW Thanks, nice TUT
but remember there is an easy way...
just look at the picture



AOB.png
 Description:
 Filesize:  20.4 KB
 Viewed:  64563 Time(s)

AOB.png



_________________
Back to top
View user's profile Send private message
darkcheater93
How do I cheat?
Reputation: 0

Joined: 07 Sep 2015
Posts: 2
Location: indonesia

PostPosted: Thu Jan 28, 2016 4:45 am    Post subject: lol Reply with quote

thanks man! Laughing
Back to top
View user's profile Send private message
Rissorr
Master Cheater
Reputation: 3

Joined: 17 Sep 2013
Posts: 273
Location: Israel!

PostPosted: Wed May 04, 2016 4:21 pm    Post subject: Reply with quote

@nemexia You are right, this way is more effective (at least in this case)

@mireazma Yes you are right.
To find the optimal range try less bytes (e.g. 16) then if you cant find the unique aob that willing to work try to create an aob with more bytes (e.g. 32) and then more and more, until you got the aob that is working after every game restart (and maybe even game update)

@Hatschi If you not include the four wildcards at the beginning of the aob your aob will "point" to the address that is +4 from the address that we want to find.
Its an alternative way, but just keep in mind that your address will be +4.

Sorry for the grammer
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites