Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


AOB Scan help :/
Goto page Previous  1, 2
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
FreeER
Grandmaster Cheater
Reputation: 30

Joined: 09 Aug 2013
Posts: 708

PostPosted: Wed Jan 10, 2018 10:26 am    Post subject: Reply with quote

You can always constrain the address with an if statement eg.

Code:

  for i=0,results.Count-1 do
    local numberAddress = getAddress(results[i]) -- will translate hex string to number
    if numberAddress > 0x17000000 and numberAddress < 0x1BFFFFFF then
      print(results[i])
    end
  end


It's code so there are various ways you can narrow down the one(s) you want, it's just up to the programmer to figure out what they can use to do so Smile
Back to top
View user's profile Send private message
muGaen
Newbie cheater
Reputation: 0

Joined: 10 Jan 2018
Posts: 17

PostPosted: Thu Jan 11, 2018 2:46 am    Post subject: Reply with quote

Sad Sad

So I've made a tiny lua script that stores multiple results, however there is just this one result in this case.

And whenever I find the right pattern, I'm getting that wrong Address.

I just don't understand what is actually happening in the background. What exactly could be a possible reason for that AOBScan to return me a wrong address, although the pattern totally seems to be uniqe..?

Does anyone got some other idea?

Thanks for helping me into lua nevertheless Smile .. It's good that I finally could get a reason to crawl myself through the syntax.

Summary:
LuaAOBScan for multiple results -> gives one result
-->(pattern is apperently unique)
still returning the wrong Address

--> is there something like a complex function describtion to look into that describes how the aob scan works in detail?


EDIT: I found out that I'm always getting the same address from that scan, which is 05656C6D - no matter how often I try to start the game under different circumstances.
It seems to be some kind of static, which I will try to analyze in order to understand, what's happening
Back to top
View user's profile Send private message
muGaen
Newbie cheater
Reputation: 0

Joined: 10 Jan 2018
Posts: 17

PostPosted: Thu Jan 11, 2018 2:58 pm    Post subject: Reply with quote

if I add that address as a pointer, it's pointing at 05656C6D.
Is there a way to initialize some variable with the address, not the value it's pointing at? using auto assembler? I'm totally new to auto assembler to tell the truth.
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater
Reputation: 30

Joined: 09 Aug 2013
Posts: 708

PostPosted: Thu Jan 11, 2018 6:53 pm    Post subject: Reply with quote

should be able to do something like

Code:
alloc(copy,$1000)
registerSymbol(copy)
aobscan(base,....)
copy:
  readmem(base,8)


you'd only need to copy 4 for an x86 game. Or if you were using actual code (hook/createThread) then you could use mov or lea.
Back to top
View user's profile Send private message
muGaen
Newbie cheater
Reputation: 0

Joined: 10 Jan 2018
Posts: 17

PostPosted: Fri Jan 12, 2018 12:25 am    Post subject: Reply with quote

it's pointing at that value again..
I just don't understand this Sad
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater
Reputation: 30

Joined: 09 Aug 2013
Posts: 708

PostPosted: Fri Jan 12, 2018 7:51 am    Post subject: Reply with quote

Honestly, I don't either. The only thing I can vaguely think of is some anti-cheat thing working like stealthedit but I really don't have any experience with that kind of thing...
Back to top
View user's profile Send private message
muGaen
Newbie cheater
Reputation: 0

Joined: 10 Jan 2018
Posts: 17

PostPosted: Sat Jan 13, 2018 6:15 pm    Post subject: Reply with quote

I think that the address I'm getting is where the calculations take place in order to create that specific block or AOB. That AOB is unique because it has something to do with gained experience. So as soon as I get my skill experience, I'd have to find a new pattern.
I was actually trying to do this, because I felt like the time for auto assembly, and Lua had ctome.
Now I understand how assembly works.. It's not that hard, I'd have to understand more of the syntax though.


I've took another way to solve that problem.. The normal way.
AOB injection, and copying the address from the right register.
I've also understood what push and pop do, and that's a good step for me. So thank you for all your help. I've learned a lot while monitoring this thread, in order to try out. Now I'm trying to learn a bit more about what the best solutions to approach fstp, using those jne/jn/je -if-statements.

Again I want to say thank you to everybody who tried to help me on this one.
Thank you FreeER for all you hints.


___________________________________________________
EDIT: so many hours, and it's still counting as a double post?
I mean.. come on. I've even got a new question..
___________________________________________________


is there a possibilty to check either a register is pointing at certain bytes?

for example
I'm using edi to initialize a label I wanna use outside assembly later.
now let's say, this edi at that very spot does access more than one addresses.
so I would like to have a code that compares the bytes of the address it's pointing to, to something static I've defined before.

something like the first 3 bytes of a certain position.

let's say, that esi is accessing 25430123, and at a different player behavior it's accessing 34234312. Let's say, we take the first 3 bytes as hexadecimal from 25430123, and compare it to a predefined 3-byte label
so I'd want to check if the place edi is pointing at has the bytes I defined before, or not.
Back to top
View user's profile Send private message
muGaen
Newbie cheater
Reputation: 0

Joined: 10 Jan 2018
Posts: 17

PostPosted: Sun Jan 14, 2018 4:08 am    Post subject: Reply with quote

okay, I've done it this way..:

Code:
condition:
  cmp [myLabel]-2cc,'s'
    je code
  cmp [myLabel]-2cb,'k'
    je code
  cmp [myLabel]-2ca,'l'
    je code
  mov [myLabel],eax
  jmp code

code:
  //original code here
  jmp return




I don't know why. Although I can monitor all the values, [myLabel] is still changing to something where the condition doesn't meet.
however, [myLabel] became much more stable as a pointer (less switching to other addresses)
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater
Reputation: 30

Joined: 09 Aug 2013
Posts: 708

PostPosted: Sun Jan 14, 2018 1:04 pm    Post subject: Reply with quote

Quote:
Let's say, we take the first 3 bytes as hexadecimal from 25430123, and compare it to a predefined 3-byte label
sounds like a good use case for and

Code:
mov eax, [myLabel]  // load saved pointer
sub eax, 2CA        // subtract offset
and eax, 0xFFFFFF00 // ignore last byte by making it zero
cmp eax, 0x25430100 // check value
je code
...


The reason behind doing the load in two steps is because [myLabel]-2CA isn't actually valid assembly code, CE will quietly assemble it when the script is enabled by figuring out what [myLabel] is and then subtracting 2CA and using that constant value in the code, but separating it into two valid assembly instructions means it'll load the value every time the code runs rather than just when it's first assembled.

at least... I thought it would lol apparently CE just assembles it as [myLabel]


I thought it would because I know it'll assemble something like [[myLabel]+4] that way


You could use lea to get that effect

but... if the address stored in [myLabel] can change during the game then that's not really what you want anyways otherwise the code would only use the original address from when it was enabled.
Back to top
View user's profile Send private message
muGaen
Newbie cheater
Reputation: 0

Joined: 10 Jan 2018
Posts: 17

PostPosted: Mon Jan 15, 2018 3:10 pm    Post subject: Reply with quote

thank you very much, FreeEr. I'd like to give you reputation, if I knew how.

I found out that my comparisons didn't work, because I compared dword to byte..

This is how it works..

Code:
code:
cmp byte ptr [edx+04],61 //compare the byte at edx+04
je initPointer  //if yes, initialize the pointer
jmp oCode //if no, just go on with the original code

initPointer:
  mov [myLabeledPointer],edx
  jmp oCode

oCode:
  ... //original code here


so.. Edx is switching between 4 different addresses.
This code initializes myLabeledPointer only if the right address is found, which has an 'a' at the position

the axtual thing I was missing, was the "byte ptr" which was necessary to do a comparison of the same types
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater
Reputation: 30

Joined: 09 Aug 2013
Posts: 708

PostPosted: Mon Jan 15, 2018 3:17 pm    Post subject: Reply with quote

ah yeah, that byte ptr makes sense in context with the string/char Smile

as far as reputation um, you click the thumbs up icon next to "reputation"

Back to top
View user's profile Send private message
muGaen
Newbie cheater
Reputation: 0

Joined: 10 Jan 2018
Posts: 17

PostPosted: Mon Jan 15, 2018 4:34 pm    Post subject: Reply with quote

I see. Thank you again. I guess, I'm too new to this forum, in order to be able to thumb someone up, yet.

Thank you very much for all your help. I appreciate it. Smile

I think the next thing I'm going to write is something that analyzes an AOB, and search it for a specific string.. If I'll be able to do that, I think I'll be able to create own pointers for almost every game I ever played.. Even if you have a dynamic subclass allocation ..

But I think I'm going to use Lua for that next step
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Goto page Previous  1, 2
Page 2 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites