Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


getting an address from an AOB scan?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Discussions
View previous topic :: View next topic  
Author Message
HexMurder
How do I cheat?
Reputation: 0

Joined: 14 Oct 2014
Posts: 8
PostPosted: Wed May 25, 2016 11:29 pm    Post subject: getting an address from an AOB scan? Reply with quote
ok i'm writing a teleport hack, and i am having a bit of trouble. i cant find a pointer for my player location, so i am using aob scans. the address that i want changes every time i load a new level. i then have to go in and manually do a scan for my aob and add the address that pops up, and then i can start modifying it.

Is there a script i can write or something that will just update the address when its not connected to the correct array of bytes? or anything along those lines? i need to change the player location a lot so i need direct access to it. aob injection or code injection does not let me modify the address unless i change the code so i don't think those are what i want.
Back to top
View user's profile Send private message
Zanzer
I post too much
Reputation: 126

Joined: 09 Jun 2013
Posts: 3278
PostPosted: Thu May 26, 2016 5:27 pm    Post subject: Reply with quote
You find out what accesses the address you want, or some other address within that same structure.
You need to find the instruction that only touches the player's location and nothing else.
Or find a way of filtering out the non-player addresses.
At that instruction, save the base address of the player to a registered symbol.
Now you can use that registered symbol as the address of your table entries.
Best of luck! http://forum.cheatengine.org/viewtopic.php?t=572465
Back to top
View user's profile Send private message
cooleko
Grandmaster Cheater
Reputation: 11

Joined: 04 May 2016
Posts: 717
PostPosted: Thu May 26, 2016 8:02 pm    Post subject: Reply with quote
Their are two ways of accomplishing your objective (that I know of).

The easiest (for me) is to find the instruction that accesses your float and store the address to a registeredsymbol

Here is an example where I did it in a recent script:

Parent Script setting the global variables (aka registered symbols)
Code:
[ENABLE]
{$asm}
registersymbol(myShip)
registersymbol(boost)
registersymbol(speed)

alloc(myShip, 8)
alloc(boost,8)
alloc(speed,8)

[DISABLE]
{$asm}
unregistersymbol(myShip)
unregistersymbol(boost)
unregistersymbol(speed)

dealloc(myShip)
dealloc(boost)
dealloc(speed)


Child script setting a base address for the variables using an instruction (had to filter out unwanted addresses because my instruction touched mine and other's values)
Code:
[ENABLE]

aobscan(Shield,F3 44 0F 11 7E 58 48 8B 75 F8 C9 C3 00 00 00 00 00 00 00 5D)
alloc(newmem,$1000,0EC437A1)

label(code)
label(return)
label(SaveShip)
newmem:

code:
  push eax
  mov eax, [rsi+40] //Set pointer to parentcontrols
  cmp dword ptr [eax+1DC], (float)0 //compare lookYrotation to 0
  jne SaveShip
  movss [rsi+58],xmm15
  pop eax
  jmp return

SaveShip:
  mov [myShip], rsi
  movss [rsi+58],xmm15
  //40 40 40 9c
  mov eax, [rsi+40]
  mov eax, [eax+40]
  mov eax, [eax+40]
  add eax, 9c
  mov [boost], eax
  mov eax, [rsi+40]
  mov eax, [eax+40]
  mov eax, [eax+40]
  add eax, 6c
  mov [speed], eax
  pop eax
  jmp return

Shield:
  jmp code
  nop
return:
registersymbol(Shield)

[DISABLE]

Shield:
  db F3 44 0F 11 7E 58

unregistersymbol(Shield)
dealloc(newmem)


Second child script (child to first child, so a third level in):
Code:
[ENABLE]
[speed]:
dd (float)200

[DISABLE]
[speed]:
dd (float)30


As you can see, it takes some set up, but once it is done it makes accessing an unknown, changing pointer very easy.

The second way would be to use a lua script which simply performs the AOB scan based on a timer event. I havent done this method yet, but if you google cheatengine lua health (https://www.google.com/#q=cheat+engine+lua+health+timer+site:forum.cheatengine.org&safe=off)
each of the first few results explains how to do this with example scripts.

You would just need the AOBscan that you are performing, and a registeredsymbol from my example above, and the timer set to update the symbol with the aobscan every X time.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Discussions All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites