Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


AOB Scan

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
BestJava
How do I cheat?
Reputation: 0

Joined: 16 Jun 2019
Posts: 5

PostPosted: Sun Jun 23, 2019 10:10 pm    Post subject: AOB Scan Reply with quote

So I'm hacking this game called Brawlhalla and after about 30hrs of not being able to locate the base address of modules to access the values of certain multilevel pointers -- I decided to just use an AOB scan to get the playerclass.
I found this specific string
(00 00 00 00 00 00 00 00 00 00 00 00 00 00 0E 40 1F 85 EB 51 B8 9E 16 40 00 00 00 00 00 00 39 40 9A 99 99 99 99 99 E9 3F)
that when plugged into cheat engine Array of Byte scan gives me an address which is always by the playerclass-- so I can add however many bytes I need forward to get different values.

So I understand that I can do this in cheat engine and even in the Auto Assembly Script creator.

But I want to do more complex operations with these values and thus want to integrate an AOB scan into an external cpp application. I have looked at several implementations on the internet and they haven't worked for various reasons which are not exactly easy to look up, but if they arise again in any of your guys' implementations, you will be able to help me much more effectively. It's probably because I'm not getting the base address of the module properly, but I still would like to have and understand a source code for an external (or internal, I've just had less luck with that) aob scan.

If anyone could give me any tips or a source for this specific purpose I would appreciate it hugely. I've been trying very, very hard to break into the game-hacking scene via hacking Brawlhalla and it's incredibly fun. I will give back to this community what I have learned from it, but I really need some help in this thread.

Thank you to everyone who replies

Edit: I have determined that it must be an issue with hooking into Brawlhalla with C++.

Code:

MODULEINFO GetModuleInfo(char *szModule)
{
   MODULEINFO modinfo = { 0 };
   HMODULE hModule = GetModuleHandle(szModule);
   if (hModule == 0)
      return modinfo;
   GetModuleInformation(GetCurrentProcess(), hModule, &modinfo, sizeof(MODULEINFO));
   return modinfo;
}

DWORD FindPattern(char *module, char *pattern, char *mask)
{
   //Get all module related information
   MODULEINFO mInfo = GetModuleInfo(module);

   //Assign our base and module size
   DWORD base = (DWORD)mInfo.lpBaseOfDll;
   DWORD size = (DWORD)mInfo.SizeOfImage;

   //Get length for our mask, this will allow us to loop through our array
   DWORD patternLength = (DWORD)strlen(mask);

   for (DWORD i = 0; i < size - patternLength; i++)
   {
      bool found = true;
      for (DWORD j = 0; j < patternLength; j++)
      {
         //if we have a ? in our mask then we have true by default,
         //or if the bytes match then we keep searching until finding it or not
         found &= mask[j] == '?' || pattern[j] == *(char*)(base + i + j);
      }

      //found = true, our entire pattern was found
      if (found)
      {
         return base + i;
      }
   }
   return NULL;
}



Using that code,
Code:

DWORD dmgAddy = FindPattern("Brawlhalla.exe", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0E\x40\x1F\x85\xEB\x51\xB8\x9E\x16\x40\x00\x00\x00\x00\x00\x00\x39\x40\x9A\x99\x99\x99\x99\x99\xE9\x3F", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx");

returns 0

While in cheat engine, it works. So it's not hooking into brawlhalla correctly.
Even when I replace "Brawlhalla.exe" with "Adobe AIR.dll" (another module in the memory) it doesn't work. What module do I use? How do I know where to scan? I followed Fleep's tutorial on youtube exactly.

(this one)
/watch?v=5M2rjjdX6DQ


thanks again! Smile
Back to top
View user's profile Send private message
BestJava
How do I cheat?
Reputation: 0

Joined: 16 Jun 2019
Posts: 5

PostPosted: Mon Jun 24, 2019 12:48 pm    Post subject: Reply with quote

UPDATE:
So I'm sorry for rushing into this without much of a basic knowledge of modules and their base addresses.
When telling the program to return the base module address it returns 0xbc0000 which lines up with cheat engine. This is where the memory starts.
i.imgur.
com/oV7xKOj.png

So it hooks into brawlhalla correctly. Why does FindPattern always return 0x0?
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Mon Jun 24, 2019 10:35 pm    Post subject: Reply with quote

BestJava wrote:
But I want to do more complex operations with these values and thus want to integrate an AOB scan into an external cpp application.

Two different processes have two different virtual address spaces.
Code:
*(char*)(base + i + j);
All this does is access some random garbage in your program's virtual address space. It doesn't touch the game's memory.

The "correct" way of accessing another process's memory is to ask the operating system. Look up ReadProcessMemory.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites