Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Cannot find AOB string...

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
LtO
Cheater
Reputation: 0

Joined: 09 Mar 2015
Posts: 46

PostPosted: Fri Feb 09, 2018 9:46 am    Post subject: Cannot find AOB string... Reply with quote

I'm looking for an AOB in a game, but I cannot find it. In the (decompiled) code it says: public static const kComboGoalReward:Array = new Array(0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 4, 5, 5, 5, 5, 5);
Or: private static const kComboGoalReward:Array = new Array(0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 4, 5, 5, 5, 5, 5);
And refers a few times back to it again, but when I look for that array or string, I can't find anywhere in the memory... How comes this isn't showing up, and how could I find it? it's code that should be static and not be changed during the game...
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater
Reputation: 30

Joined: 09 Aug 2013
Posts: 718

PostPosted: Fri Feb 09, 2018 11:10 am    Post subject: Reply with quote

if you're just looking for an aob like 0 0 1 1 2 2 ... then it'll fail since AOB is an array of Bytes but the code is probably not defining an array of bytes but rather an array of integers/4 byte values (I don't see a type specifier so I'll assume a 4 byte int, though theoretically it could be floats or doubles etc.)

So you'd need to scan for 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 02 00 00 00 00 02 00 00 00 00 ... with each value expanded to it's 4 byte equivalent, or use the group scan and prefix each value with it's type shorthand (4, f, etc. there's a generator to use when the type is changed to group scan) 4:0 4:0 4:1 4:1 4:2 4:2 ...
Back to top
View user's profile Send private message
LtO
Cheater
Reputation: 0

Joined: 09 Mar 2015
Posts: 46

PostPosted: Thu Feb 15, 2018 7:32 am    Post subject: Reply with quote

Thanks, I tried that but it didn't work, didn't find anything, could you give me the exact parameter i should search with?
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater
Reputation: 30

Joined: 09 Aug 2013
Posts: 718

PostPosted: Thu Feb 15, 2018 8:26 am    Post subject: Reply with quote

LtO wrote:
could you give me the exact parameter i should search with?
I gave you the best I could without actually knowing what the game is doing (either from having programmed it myself, knowing the language well enough to assume, or from having reversed the game code).
_________________
https://github.com/FreeER/ has a few CE related repos
Back to top
View user's profile Send private message
panraven
Grandmaster Cheater
Reputation: 28

Joined: 01 Oct 2008
Posts: 689

PostPosted: Thu Feb 15, 2018 2:00 pm    Post subject: Reply with quote

If it is compiled from flash byte-code (hint from type is 'array'), the array could be constructed by 'code' instead of pre-allocated in memory (or your saying 'static', byte[16] or int[16] in c notation?).
Then array constructed by the flash player in runtime may not necessarily in a continued block of memory, so you sometime cannot aobscan such array.

The byte code may be some thing like (avm2 byte code):
Code:

push byte <byte>-> 24 00 -- 1st element
push byte <byte>-> 24 00 -- 2nd
...
push byte <byte>-> 24 05 -- 15th
push byte <byte>-> 24 05 -- 16th
newarray <cnt>  56 10 (new array for 16 elements)

... look regular, but it could be like this (fewer byte-code count)
Code:

... (last 5 elements)
push byte <byte> 24 05
setlocal1 d5
getlocal1 d1
getlocal1 d1
getlocal1 d1
getlocal1 d1
getlocal1 d1
newarray <cnt>  56 10 (new array for 16 elements)


So the byte-code can be quite 'random' by blind guess.

But, if you can decompiled it, you should be able to find the exact byte-code.

AOBSCan search that exact bye-code and modify it before it got jit compiled at runtime may make your cheat, that is a bit more failsafe.

The attached pic is a ffdec result of array of strings (cannot find a example of integer), left is decompiled source, right is byte-code.

_________________
- Retarded.
Back to top
View user's profile Send private message
LtO
Cheater
Reputation: 0

Joined: 09 Mar 2015
Posts: 46

PostPosted: Thu Feb 22, 2018 12:55 pm    Post subject: Reply with quote

Thanks! This is pretty complicated for me, but I'm learning cuz it's interesting stuff Smile I'll learn to work with auto assembler and lua scripting too, now I made a little mistake with this that I used the original swf to decompile and find this, but that source is probably almost 10 years old... I was sticking to that cuz the newer version has anti debugger that crashed my decompiler, but now I use a better debugger. I'm trying to find the right values, bytecode etc that I need, here a picture of the decompiled code and pcode (attachment), I think I can't be too far of it anymore now...
Back to top
View user's profile Send private message
LtO
Cheater
Reputation: 0

Joined: 09 Mar 2015
Posts: 46

PostPosted: Thu Mar 01, 2018 7:47 am    Post subject: Reply with quote

Just wanted to say I found what I needed, along with lots of other related things I could do with this knowledge Smile that 0,0,1,1 etc is stored in the memory as 24 00 2a 24 01 2a etc... I could easily see it when I also let the hex code show with the asm instructions, which I didn't in that picture you saw here... Oh and it's really fun to play with this and change aob strings, so much you can do with it, I used to think cheat engine was useless for this game almost, boy was I wrong lol...
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater
Reputation: 30

Joined: 09 Aug 2013
Posts: 718

PostPosted: Thu Mar 01, 2018 7:51 am    Post subject: Reply with quote

So, very similar to
panraven wrote:
The byte code may be some thing like (avm2 byte code):
Code:
push byte <byte>-> 24 00 -- 1st element
push byte <byte>-> 24 00 -- 2nd
...
push byte <byte>-> 24 05 -- 15th
push byte <byte>-> 24 05 -- 16th
newarray <cnt>  56 10 (new array for 16 elements)


just with 2a after each for whatever reason. edit: hm, maybe a "duplicate" instruction. edit2: oh yeah, duh. that's exactly what the image shows Laughing

_________________
https://github.com/FreeER/ has a few CE related repos
Back to top
View user's profile Send private message
LtO
Cheater
Reputation: 0

Joined: 09 Mar 2015
Posts: 46

PostPosted: Thu Mar 01, 2018 9:49 am    Post subject: Reply with quote

FreeER wrote:
So, very similar to
panraven wrote:
The byte code may be some thing like (avm2 byte code):
Code:
push byte <byte>-> 24 00 -- 1st element
push byte <byte>-> 24 00 -- 2nd
...
push byte <byte>-> 24 05 -- 15th
push byte <byte>-> 24 05 -- 16th
newarray <cnt>  56 10 (new array for 16 elements)


just with 2a after each for whatever reason. edit: hm, maybe a "duplicate" instruction. edit2: oh yeah, duh. that's exactly what the image shows Laughing


Yeah Smile Thanks, I was able to modify a lot of other kind of aobs already too, to do funny and crazy shit :p
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites