Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Rydian's Guide To Basic AOBs And Scripts
Goto page Previous  1, 2, 3, 4, 5, 6  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials
View previous topic :: View next topic  
Author Message
JohannesJoestar
Advanced Cheater
Reputation: 0

Joined: 01 Nov 2015
Posts: 79

PostPosted: Wed Feb 03, 2016 3:24 pm    Post subject: Reply with quote

Rydian wrote:
I had an infinite HP script that worked with...
mov [esi+00000118],edx
But I haven't played Rogue Legacy in a while (I don't even have it installed here) so that may have been constantly-run code or something.

So you attached to an enemy's HP and found what wrote it when it got damaged and it's just one main opcode but it's different each game run?


Exactly.

It was
mov [eax+118],ebx
when I restarted and damaged the monster It was something like
mov [ebx+118],esi

since registers are different It wouldn't work anymore
Back to top
View user's profile Send private message
Rydian
Grandmaster Cheater Supreme
Reputation: 31

Joined: 17 Sep 2012
Posts: 1358

PostPosted: Thu Feb 04, 2016 12:33 am    Post subject: Reply with quote

That's pretty weird, I've never encountered that before without the game or .NET or whatever updating between runs. I'd suggest taking another approach, like finding character strength and increasing it to insane levels.
_________________
Back to top
View user's profile Send private message
JohannesJoestar
Advanced Cheater
Reputation: 0

Joined: 01 Nov 2015
Posts: 79

PostPosted: Thu Feb 04, 2016 2:01 am    Post subject: Reply with quote

Rydian wrote:
That's pretty weird, I've never encountered that before without the game or .NET or whatever updating between runs. I'd suggest taking another approach, like finding character strength and increasing it to insane levels.


Yeah I was really confused when this came up.

There are different swords so I may be able to find their structure or just their attack value maybe and go on from there.

Thanks for the help!
Back to top
View user's profile Send private message
Gorfblat
How do I cheat?
Reputation: 0

Joined: 04 Feb 2016
Posts: 3

PostPosted: Fri Feb 05, 2016 1:50 am    Post subject: Reply with quote

Thanks for writing the excellent tutorial, it's been very useful.

I'm struggling badly trying to do something that I feel ought to be pretty elementary, but my scripts don't work and I can't figure out why. I'm working from a cheat table written by Shiren for Underrail (I can't post URLs as a new user, sorry) - I'm trying to add a script that lets me directly change the character's level.

I'm looking at his script that lets you change the character's experience, and I kind of see how it works, but there's some stuff I don't get. Here's the code:

Code:
define(LEVEL,"underrail.exe")

[ENABLE]
aobscan(aob_exp,8B 86 34 01 00 00 89 45 D8)
registersymbol(aob_exp)
alloc(Experience,$1000,LEVEL)
registersymbol(Experience)
label(myexperience)
label(returnhere)
label(originalcode)
// Variable Definition
label(howmuchxp)
registersymbol(howmuchxp)


Experience:
// Variable Set
howmuchxp:
dd 0

myexperience:
mov [howmuchxp],esi
add [howmuchxp],00000134


originalcode:
mov eax,[esi+00000134]
jmp returnhere


aob_exp:
jmp myexperience
nop
returnhere:


 
 
[DISABLE]
aob_exp:
db 8B 86 34 01 00 00
unregistersymbol(howmuchxp)
unregistersymbol(aob_exp)
unregistersymbol(Experience)
dealloc(Experience)
//mov eax,[esi+00000134]
//Alt: db 8B 86 34 01 00 00 - 89 45 D8


And here's where I'd post a picture of the relevant area in the disassembler that points to the experience value, but I'm a new user and can't post pictures yet. God damn it.

Suffice it to say that Shiren's code looks at 8B 86 34 01 00 00 89 45 D8. I don't know where 8B comes from, it isn't in this offset. I see 86 34 01 00 00, and then I don't know where 89 45 D8 are either.

I don't know what "dd 0" does, I assume it just lets you substitute a value for whatever value's there? Probably a dangerous assumption.

Again, this is where I'd post an image of the disassembler area for the instruction I found to change level, but I can't. I found this value by searching for my character's level, using Shiren's table to max out my experience for the next level, then levelling up, then scanning for the new value. I guess it's right? But I got three values. I tried creating an AOB injection script that referred to each of them using CE's templates, and they looked like this:

Code:
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat

 
 
aobscan(aob_levelchange,8B 8E C8 00 00 00 8B 96 38) // should be unique
alloc(newmem,$1000)

label(code)
label(return)

newmem:

code:
  mov ecx,[esi+000000C8]
  jmp return

aob_levelchange:
  jmp code
  nop
return:
registersymbol(aob_levelchange)

[DISABLE]
//code from here till the end of the code will be used to disable the cheat
aob_levelchange:
  db 8B 8E C8 00 00 00

unregistersymbol(aob_levelchange)
dealloc(newmem)


Notably missing are the define string, and bytes that don't exist in the actual disassembler (the template used the offset referenced plus the next one), in addition to some extra stuff I'm guessing is to substitute for adding the offset in the address that refers to the script? (again, may well be totally and utterly wrong).

Then I added an address with the value [aob_levelchange]+C8 ...and got nothing but a confused look from CE. Sad

Any help you can offer? Sorry if this is confusing nonsense, it seemed so much clearer with the images.
Back to top
View user's profile Send private message
Rydian
Grandmaster Cheater Supreme
Reputation: 31

Joined: 17 Sep 2012
Posts: 1358

PostPosted: Fri Feb 05, 2016 3:59 pm    Post subject: Reply with quote

db = define byte (one byte)
dw = define word (two bytes)
dd = define dword (four bytes)

If what you want is to take an address (or structure) that the code touches and expose it in the table for player reading and editing, I wrote a simpler way to do that here.

http://forum.cheatengine.org/viewtopic.php?t=572465
The second method, "injection copies" shows you how to do it in a quick/basic fashion once you know some code that reads/writes it.

Assuming you don't need to do any specific math or checks on it like theirs is doing first.

_________________
Back to top
View user's profile Send private message
Bwtt_er
How do I cheat?
Reputation: 0

Joined: 16 Feb 2016
Posts: 3
Location: Somewhere

PostPosted: Wed Feb 17, 2016 1:43 am    Post subject: Reply with quote

So I made 2 AOB Scripts with the AA, basic ones, I just made them do nothing so the MP and Boost just freezes but I have a problem whenever I use both when I jump or just being in the air the game "crashes" if I use them on the ground, without jumping, they work without any problem, I dont know what to do, any help? How can I make them work together in air without my game fucking up?
_________________
No signature boiz.
Back to top
View user's profile Send private message
Rydian
Grandmaster Cheater Supreme
Reputation: 31

Joined: 17 Sep 2012
Posts: 1358

PostPosted: Wed Feb 17, 2016 4:29 am    Post subject: Reply with quote

Well, that depends on the game, and the code.
_________________
Back to top
View user's profile Send private message
squall0833
Cheater
Reputation: 0

Joined: 20 Oct 2012
Posts: 35

PostPosted: Sat Feb 27, 2016 9:48 am    Post subject: Reply with quote

a quick question Razz, I'm new to AOB, just finished read the very last 2 parts

if I use aobscan method, i don't have to use db to modify, I can just modify instructions right?

and it can restore back to original instructions again with db "original bytes" right?
Back to top
View user's profile Send private message
Stregum
Advanced Cheater
Reputation: 0

Joined: 17 Jun 2014
Posts: 56
Location: We make baguettes there !

PostPosted: Sat Feb 27, 2016 6:39 pm    Post subject: Reply with quote

Yes.

Basically aobscan's purpose is to find the address/injection point of the instructions (also bytes) that are defined by your given array of bytes.

So instead of having "YourGame.exe"+BABE for instance, you search for bytes signatures.

Once you've got this point, you assign a label to it and you can do whatever you like from it, either read from the memory or modify it, that implies that you can use whatever you want, "nop" "db 90" etc..

So you could write instructions instead of db's

_________________
Rhaa Stregum Vitae Smile
Back to top
View user's profile Send private message
ghosts
Expert Cheater
Reputation: 0

Joined: 13 Jan 2012
Posts: 116

PostPosted: Sat Mar 19, 2016 9:32 am    Post subject: Reply with quote

So this is some great information. So I am still trying to find health value for total war games. If you could help that be great?

Also I learn alot from this. So just wanted to say keep making these great stuff so people can learn how make scripts.

So if you ever get a chance would you make a guide for total war game how to find health value. So I need some help finding it.

thanks
Back to top
View user's profile Send private message
erundil
How do I cheat?
Reputation: 0

Joined: 16 May 2016
Posts: 1

PostPosted: Mon May 16, 2016 4:24 pm    Post subject: Reply with quote

Noob question. I don't need much, just want to copy a value from 1 variable to the other.
Let's say that I want to take whatever is in [foo.exe+20] and copy it to [foo.exe+30].

I tried:
mov [foo.exe+30],[foo.exe+20]

but CheatEngine insists that it's not injectable.

I've been programming in high-level languages for a while and assembler just astounds me with how many things that seem logical are not working at all. What am I doing wrong?

Ok, I just noticed I necro'ed the 4 years old topic... Great. My first post and I'm already annoying moderators... fml...
So - where do I post this instead?
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Mon May 16, 2016 6:22 pm    Post subject: Reply with quote

The general gamehacking forum would be appropriate for those kinds of questions.

Regardless, there is no addressing mode of the mov instruction (or of most instructions) that allows you to use two memory locations. You need to use a register:
Code:
mov eax,[foo.exe+20]
mov [foo.exe+30],eax

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
rlurking
Newbie cheater
Reputation: 0

Joined: 07 Mar 2015
Posts: 21

PostPosted: Sat Jun 25, 2016 10:33 am    Post subject: Reply with quote

What's the best way to organize a script with multiple injection (and thus return) points? Or is that not advised at all?
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Sat Jun 25, 2016 10:42 am    Post subject: Reply with quote

You can organize it however you want to. Just make sure to use unique labels.

Personally, I try to keep every aobscan, alloc, label, and registersymbol near the top of the [ENABLE] section. Past that point, it's whatever you want.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
frubam
Cheater
Reputation: 0

Joined: 13 Jul 2016
Posts: 29

PostPosted: Wed Jul 27, 2016 7:52 pm    Post subject: Reply with quote

Many many thanks Rydian for your tutorial on scripts. Instructions were great(even though it took me a while to get the hang of things =02) and relatively easy to understand =03.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials All times are GMT - 6 Hours
Goto page Previous  1, 2, 3, 4, 5, 6  Next
Page 5 of 6

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites