| View previous topic :: View next topic |
| Author |
Message |
talkerzero
Grandmaster Cheater
![]() Reputation: 1
Joined: 24 Jul 2008
Posts: 560
Location: California
|
 Posted: Sun May 10, 2009 6:13 pm Post subject: [?] AOBs |
 |
|
| In Kitterz Trainer, when the function FindPattern is called, for the masking, it uses “x?????xxxx?????x”. If I have an AOB, how do I tell which ones are valid bytes (‘x’) and which ones are question marks?
|
|
| Back to top |
|
 |
lurc
Grandmaster Cheater Supreme
 Reputation: 2
Joined: 13 Nov 2006
Posts: 1900
|
| Posted: Sun May 10, 2009 7:15 pm Post subject: |
|
|
well they're in order.
If you had the AOB:
E8 ?? ?? ?? ?? 6A ??
Then you'd call the function with the mask of
x????x?
And you'd just switch the AOB ??'s to 00's in the actual array.
_________________
|
|
| Back to top |
|
|
pkedpker
Master Cheater
![]() Reputation: 1
Joined: 11 Oct 2006
Posts: 412
|
| Posted: Wed May 13, 2009 9:41 pm Post subject: |
|
|
it's obvious to me you may not understand what AOB means talker0..
It means array of bytes but in reality it's not a array of bytes.. because all arrays have a size parameter to label them as a array or some kind of terminator like byte 0x00 (which can't work in modifying assembly if say some datatype requires part of it to be 0x00 to represent a bigger image and it screws up thinking it's the terminator.. so AOB has nothing to do with patching assembly code in memory. But sure it's coined by CheatEngine and has the ability to this but it's dangerous if you were to change the memory while it's getting executed that would of had unexpected results from a crash to a bsod (blue screen of death) based on your operating system actually.
I don't know what gave me the urge to post this since it's not that helpful but when I did I feel like I let off some of the burden I was carrying.
_________________
|
|
| Back to top |
|
|
talkerzero
Grandmaster Cheater
![]() Reputation: 1
Joined: 24 Jul 2008
Posts: 560
Location: California
|
| Posted: Thu May 14, 2009 1:22 pm Post subject: |
|
|
All right, what if I had this AOB: 35 98 00 19 b2 e6 00 00 54 (just an example, not a real AOB)
For the masking, I'd use "xx?xxx??x"?
|
|
| Back to top |
|
|
igoticecream
Grandmaster Cheater Supreme
 Reputation: 0
Joined: 23 Apr 2006
Posts: 1807
Location: 0x00400000
|
| Posted: Thu May 14, 2009 5:34 pm Post subject: |
|
|
just replace the known byte to x and the unknown to ?
0x00 could be a known byte, so you put a x
|
|
| Back to top |
|
|
ElJEffro
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 15 Apr 2007
Posts: 1881
Location: La Tierra
|
| Posted: Thu May 14, 2009 10:08 pm Post subject: |
|
|
I don't really like that way of doing it, I use a method ripped from FerrisBuellerYourMyHero's work...
| Code: | BYTE* ScanAOB(BYTE* AOB, BYTE* memdump, unsigned long searchsize, int aobsize)
{
unsigned long a = 0, i = 0;
for(i = 0; i < searchsize; i++)
{
while(*(BYTE*)&AOB[a] == '?')
{
a++;
i++;
}
if(*(BYTE*)&memdump[i] == *(BYTE*)&AOB[a])
{
if(a == (aobsize - 1))
{
BYTE* addy = (BYTE*)&memdump[i-a];
}
a++;
}
else
{
a = 0;
}
}
return 0;
} |
call it like
| Code: |
byte someAob[6] = { 0x40, 0x30, 0x20, 0x10, '?', 0x0};
DWORD scanStartAddress = 0x00400000;
ScanAOB(someAob, // AOB
(byte*)scanStartAddress, // Address to start scan at
0x00500000, // size of the scan (this one does 0x00400000-0x00900000)
6); // number of bytes in the aob
|
|
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Sat May 16, 2009 2:50 pm Post subject: |
|
|
| talker0 wrote: | All right, what if I had this AOB: 35 98 00 19 b2 e6 00 00 54 (just an example, not a real AOB)
For the masking, I'd use "xx?xxx??x"? |
Uh... If you know all the parts you would use all x...
If you treat zeros as unknowns then yes.
|
|
| Back to top |
|
|
talkerzero
Grandmaster Cheater
![]() Reputation: 1
Joined: 24 Jul 2008
Posts: 560
Location: California
|
| Posted: Fri May 22, 2009 12:55 am Post subject: |
|
|
| ElJEffro wrote: | I don't really like that way of doing it, I use a method ripped from FerrisBuellerYourMyHero's work...
| Code: | BYTE* ScanAOB(BYTE* AOB, BYTE* memdump, unsigned long searchsize, int aobsize)
{
unsigned long a = 0, i = 0;
for(i = 0; i < searchsize; i++)
{
while(*(BYTE*)&AOB[a] == '?')
{
a++;
i++;
}
if(*(BYTE*)&memdump[i] == *(BYTE*)&AOB[a])
{
if(a == (aobsize - 1))
{
BYTE* addy = (BYTE*)&memdump[i-a];
}
a++;
}
else
{
a = 0;
}
}
return 0;
} |
call it like
| Code: |
byte someAob[6] = { 0x40, 0x30, 0x20, 0x10, '?', 0x0};
DWORD scanStartAddress = 0x00400000;
ScanAOB(someAob, // AOB
(byte*)scanStartAddress, // Address to start scan at
0x00500000, // size of the scan (this one does 0x00400000-0x00900000)
6); // number of bytes in the aob
|
|
Doesn't that always return 0?
|
|
| Back to top |
|
|
Jonyleeson
Master Cheater
 Reputation: 0
Joined: 03 May 2007
Posts: 484
Location: Hérault, France
|
| Posted: Fri May 22, 2009 4:12 am Post subject: |
|
|
| talker0 wrote: | | Doesn't that always return 0? |
Yes, it does.
Not only that, it's a horrible way of doing it too, and would provide inaccurate results if your AoB had 0x3F in it. I find it hard to believe that that's FerrisBuellerYourMyHero's work, and if it is, I hope it's extremely old.
_________________
|
|
| Back to top |
|
|
ElJEffro
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 15 Apr 2007
Posts: 1881
Location: La Tierra
|
| Posted: Sat May 23, 2009 2:49 pm Post subject: |
|
|
It has come to my attention that the return addy; has been left out of that function, I don't know why (maybe because I removed some useless comments and deleted it by mistake)
the function should be
| Code: | BYTE* ScanAOB(BYTE* AOB, BYTE* memdump, unsigned long searchsize, int aobsize)
{
unsigned long a = 0, i = 0;
for(i = 0; i < searchsize; i++)
{
while(*(BYTE*)&AOB[a] == '?')
{
a++;
i++;
}
if(*(BYTE*)&memdump[i] == *(BYTE*)&AOB[a])
{
if(a == (aobsize - 1))
{
BYTE* addy = (BYTE*)&memdump[i-a];
return addy;
}
a++;
}
else
{
a = 0;
}
}
return 0;
} |
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
