 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Stylo
Grandmaster Cheater Supreme
![]() Reputation: 3
Joined: 16 May 2007
Posts: 1073
Location: Israel
|
 Posted: Sun Oct 21, 2007 12:43 pm Post subject: [request] how can i find AoB with my CE..? |
 |
|
title**
how can i find AoB in game / program i want?
_________________
Stylo |
|
| Back to top |
|
 |
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Sun Oct 21, 2007 1:03 pm Post subject: Re: [request] how can i find AoB with my CE..? |
|
|
| 1qaz wrote: | title**
how can i find AoB in game / program i want? |
Attach the disassembler and look at the instruction that you need and use the bytes for the opcodes around it.
|
|
| Back to top |
|
|
Stylo
Grandmaster Cheater Supreme
![]() Reputation: 3
Joined: 16 May 2007
Posts: 1073
Location: Israel
|
|
| Back to top |
|
|
Symbol
I'm a spammer
![]() Reputation: 0
Joined: 18 Apr 2007
Posts: 5094
Location: Israel.
|
| Posted: Mon Oct 22, 2007 4:35 am Post subject: |
|
|
He means the memory view...
Go to memory and in the lower part, where all the bytes are go to the address you want and gather some bytes. 
Then simply scan for aob's. (Value type: Array of Bytes)
|
|
| Back to top |
|
|
SXGuy
I post too much
![]() Reputation: 0
Joined: 19 Sep 2006
Posts: 3551
|
| Posted: Mon Oct 22, 2007 6:07 am Post subject: |
|
|
| Symbol wrote: | He means the memory view...
Go to memory and in the lower part, where all the bytes are go to the address you want and gather some bytes.
Then simply scan for aob's. (Value type: Array of Bytes) |
wtf? 
symbol bro, listen, 1 your assuming he can use debugs, not everyone can, nor does everyone have dbvm. And im not just talking about MS. it would be better to explain a method that will always work and is quite simple.
If you know the address you want aob's for, open memory view, and right click the bottom section, select "go to address" and type your address in, then copy the first top line of numbers and letters, they will look somthing like 00 3F 34 2C etc etc.
That is your AOB's you want.
If you only have aob's and you want the address, just click search in the same sections, select Array, and paste your AOB's in, then it will bring up the first result at the top, thats your address.
_________________
Proud member of "The DACEF" (Distruction Against Criminal Egotistical Forces"
Sign up today and receive your free "I Hate x0r Badge" |
|
| Back to top |
|
|
Flyte
Peanuts!!!!
 Reputation: 6
Joined: 19 Apr 2006
Posts: 1887
Location: Canada
|
| Posted: Mon Oct 22, 2007 9:51 am Post subject: |
|
|
| SXGuy wrote: | symbol bro, listen, 1 your assuming he can use debugs, not everyone can, nor does everyone have dbvm. And im not just talking about MS. it would be better to explain a method that will always work and is quite simple.
If you know the address you want aob's for, open memory view, and right click the bottom section, select "go to address" and type your address in, then copy the first top line of numbers and letters, they will look somthing like 00 3F 34 2C etc etc.
That is your AOB's you want.
If you only have aob's and you want the address, just click search in the same sections, select Array, and paste your AOB's in, then it will bring up the first result at the top, thats your address. |
Don't be stupid, you just said the exact same thing Symbol did. It is obvious you have no clue what you are talking about. 
|
|
| Back to top |
|
|
SXGuy
I post too much
![]() Reputation: 0
Joined: 19 Sep 2006
Posts: 3551
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Mon Oct 22, 2007 12:21 pm Post subject: |
|
|
| Symbol wrote: | He means the memory view...
Go to memory and in the lower part, where all the bytes are go to the address you want and gather some bytes.
Then simply scan for aob's. (Value type: Array of Bytes) |
Thats not what I meant.
Heres some pictures and an explanation of what I meant:
I'm using Minesweeper for this example, firstly, open Minesweeper and attach Cheat Engine to it:
Next locate your flag address by scanning for 10, use a flag, filter for 9, and you should find it. Add it to your cheat table. (Mind the fact that is green which means static, but this is just an example.)
Once you add it to your table, right click it and choose find what writes to this address.
Next, use 1 more flag and you should end up with this:
Once you have that, click on that function inside the 'The following opcodes changed the selected address' box and click on Show Disassembler.
Now, notice the bytes next to our instruction?
01 05 94 51 00 01
That would be the array of bytes we would want, but, this is 1 opcode which could be found elsewhere, so you want to use some others inside your array. Now look ahead 1 instruction. We have a call. I highly suggest you DONT use calls or jumps inside your array of bytes as their bytes can change depending on where the module your AoB might be located. (Calls and Jumps are not static addresses, they are calculated by the distance between the call point and call location.)
Instead, we look behind our instruction:
Good, we have some clean bytes.
mov eax,[esp+04]
Which should never change unless they update the game and something effects that opcode directly. So, we have two opcodes:
mov eax,[esp+04]
add [01005194],eax
Which should be enough to only find this address. (You could throw the e8 of the call in here too if you wanted, but not needed.)
So your AoB would be:
8b 44 24 04 01 05 94 51 00 01
When you code your function to find this, you will need to add a param to offset from the start. Why? Well if you just have your function return the address where this was found (the start of it) you would land up getting:
100346A as your return. Which is not what you want. Instead you want
AoB+4. A little quick explaination:
Scans for: 8b 44 24 04 01 05 94 51 00 01
Locates at: 100346A
Add 4 bytes to get correct address: 100346A+4
Use end result: 100346E
We are adding 4 to our result because of:
mov eax,[esp+04]
The result will return the address of the start of that instruction cause thats where the array was found and started. Beings that mov eax,[esp+04]'s bytes were 4 long, we just add 4 to the result.
For what ever reason, Cheat Engine and Artmoney both wont locate the array, my own functions written in VB6 and C++ both found it though. So you will need to code your own trainer and such  Hope that helps.
|
|
| Back to top |
|
|
Labyrnth
Moderator
![]() Reputation: 10
Joined: 28 Nov 2006
Posts: 6301
|
| Posted: Tue Oct 23, 2007 5:57 pm Post subject: |
|
|
| SXGuy wrote: |
If you know the address you want aob's for, open memory view, and right click the bottom section, select "go to address" and type your address in, then copy the first top line of numbers and letters, they will look somthing like 00 3F 34 2C etc etc.
That is your AOB's you want.
|
I needed to quote you on this SXGuy, You cant just select the top row of bytes like this. You got to know what they are for.
If you just start selecting bytes and make changes your going to get screwy results because you could change, lets say
Ok you found:
mov eax,[esp+04]
8B 44 24 04 90 66 00 74 00 20 00 54 00 72 00 65
^ here is your top line of bytes in lower window.
This is the bytes for more then just mov eax,[esp+04].
It is more like:
mov eax,[esp+04]
nop
add [eax+eax+20],dh
add [eax+eax+72],dl
add [ebp+00],ah
So all you need in the first line is just
8B 44 24 04 and thats mov eax,[esp+04]
ok, then you change the bytes to
2b 44 24 04
You just messed up the instruction, it now is this:
sub eax,[esp+04]
Also if you altered the bytes behind this 8B 44 24 04, you would be altering other instructions. Pretty much sure this would give you a crash most times.
So you see what i mean by you cant just select the top line of bytes and go to town altering them. You have to know what they are for when reading or writing bytes.
|
|
| Back to top |
|
|
thiefgod1010
Newbie cheater
![]() Reputation: 0
Joined: 27 Oct 2007
Posts: 11
Location: framingham
|
| Posted: Sun Oct 28, 2007 12:30 am Post subject: |
|
|
i need a CT for PKO
sombody send me one pwease!!!!
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
