mgr.inz.Player I post too much Reputation: 218 Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Sun Feb 28, 2016 11:56 am Post subject: Custom 'AOB Injection' Templates [ver. 1.3.6] |
|
|
Installing / requirements :
1.
version 1.3.6 - only CE6.5.1 and above are supported
version 1.3.4 - only CE6.5.1 and above are supported
version 1.3.3 - only CE6.5.1 and above are supported
version 1.2 - CE6.4 and above are supported
2. place it in CE autorun folder.
Usage:
1. open "auto assemble" window
2. in template submenu you will see additional entries
3. click one of them,
4. type the name (it check if it collides with existing names)
Example:
1. you have found two injection points, one for receiveDamageGeneric and one for receiveDamageFromGrenade
2. highlight first address, open "auto assemble" window, choose custom template (e.g. "Alternative AOB")
3. give it a name: Godmode
4. still with the same "auto assemble" window, highlight second address
5. choose again custom template (e.g. "Alternative AOB")
6. give it a name: noGrenadeDamage
You can add your own templates, just update lua file with another entry:
Code: | {
displayName="name for alternative AOB template", -- visible name
submenu="submenu caption", -- submenu caption
group=1, -- group, helps arranging menu items
defaultSymbolName="cheatnamehere", -- default symbol name
templateSections=
[==[
<<INFO>>
<<INFO_END>>
<<ENABLE>>
<<ENABLE_END>>
<<DISABLE>>
<<DISABLE_END>>
]==]
},
|
Keywords are:
%cheatName%, %authorName%, %processName% - self explainable
%originalCodeLines%, %nopLines%, %originalBytes% - self explainable
%_originalCodeLines%, %_nopLines% - with indent
%db90s% - it will be "db 90 90 90" when %nopLines% contains three "nop"
%CoriginalCodeLines% - commented out version of %originalCodeLines%
%moduleName% - self explainable, if selected instruction is not inside a module, it will be empty
%isModuleScan% - if aob scan is the aobscanmodule, it will contain "module" word, otherwise it will be empty
%searchPattern% - array of byte search pattern
%CmoduleName%, %moduleNameC% - same as %moduleName%, plus it has a comma at the beginning or at the end
%aobAdjust% - sometimes found searchPattern doesn't exactly point to address we need, this will contain adjustment, e.g. "-7" or "+C"
%additionalInfo% - "original code" as a comment (chosen opcode with surrounding lines)
%bracketsRegsOffset% - if the first line of original code (selected instruction) is e.g. "movsxd rax,dword ptr [rax+3C]", it will contain "dword ptr [rax+3C]", otherwise it is empty
%regsOffset% - if the first line is e.g. "movsxd rax,dword ptr [rax+3C]", it will contain "rax+3C", otherwise it is empty
%replacedInstructionsSize% - byte count of all original instructions that are overwritten., e.g. if there are three nops, it will be "8"
%replacedInstructionsSizeHex% - hexadecimal version of above
predprey suggested
"Mono Inject" template and keywords:
%monoAddress% - If mono data collector is active, it returns the methodname+offset. Else it is empty.
%injectAddress% - Hooking point.
keywords added in newer versions:
https://forum.cheatengine.org/viewtopic.php?p=5753247#5753247
With this template:
Code: | <<INFO>>
// Game : %processName%
// Version:
// Date :
// Author : %authorName%
<<INFO_END>>
<<ENABLE>>
aobscan%isModuleScan%(aob_%cheatName%,%moduleNameC%%searchPattern%)
registersymbol(aob_%cheatName%)
alloc(newmem_%cheatName%,1024%CmoduleName%)
label(return_%cheatName%)
newmem_%cheatName%:
%originalCodeLines%
jmp return_%cheatName%
aob_%cheatName%%aobAdjust%:
jmp newmem_%cheatName%
%nopLines%
return_%cheatName%:
<<ENABLE_END>>
<<DISABLE>>
aob_%cheatName%%aobAdjust%:
db %originalBytes%
unregistersymbol(aob_%cheatName%)
dealloc(newmem_%cheatName%)
<<DISABLE_END>> |
It will generate something like this:
Code: | // Game : game.exe
// Version:
// Date :
// Author : mgr.inz.Player
[ENABLE]
aobscanmodule(aob_itemQuantity,game.exe,48 63 40 3C 48 8D 04 03)
registersymbol(aob_itemQuantity)
alloc(newmem_itemQuantity,1024,game.exe)
label(return_itemQuantity)
newmem_itemQuantity:
movsxd rax,dword ptr [rax+3C]
lea rax,[rbx+rax]
jmp return_itemQuantity
aob_itemQuantity:
jmp newmem_itemQuantity
nop
nop
nop
return_itemQuantity:
[DISABLE]
aob_itemQuantity:
db 48 63 40 3C 48 8D 04 03
unregistersymbol(aob_itemQuantity)
dealloc(newmem_itemQuantity) |
_________________ Dark Souls II Item Swap and Item List
My Borderlands2 tables
Recent CheatEngine builds
Last edited by mgr.inz.Player on Sun Dec 01, 2019 2:40 pm; edited 27 times in total
|
|