 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Seergaze3
Master Cheater
![]() Reputation: -1
Joined: 10 Mar 2009
Posts: 347
Location: earth
|
 Posted: Wed Jul 31, 2019 4:03 am Post subject: AOB injection disable bytes and number of nop |
 |
|
2 questions about using the AOB injection script template in CE
1. In many cases where I needed to add extra bytes to make a unique signature for the AOB scan, I also added the same bytes to the [DISABLE] function, but i see some scripts by others that have different signature and disable byte lengths
How do I determine how many bytes to add back into the code for [DISABLE]?
2. with new memory from alloc(newmem,$1000), do I still need to write 3 "nop" when I want to remove opcodes that uses 3 bytes?
thanks!
|
|
| Back to top |
|
 |
FreeER
Grandmaster Cheater Supreme
![]() Reputation: 53
Joined: 09 Aug 2013
Posts: 1091
|
| Posted: Wed Jul 31, 2019 10:24 am Post subject: |
|
|
| Quote: | | How do I determine how many bytes to add back into the code for [DISABLE]? |
look at how many bytes you actually overwrite for the jmp
| Quote: | | 2. with new memory from alloc(newmem,$1000), do I still need to write 3 "nop" when I want to remove opcodes that uses 3 bytes? |
most jmps to newmem are going to be 5 bytes so that depends on what other instruction(s) are being overwritten. In newmem itself you can just not write that instruction or comment it out if you want to make it more obvious what's being removed and eventually jump back to the original code. If you aren't changing or writing any extra code in newmem other than the return... you can write a script that just nops the instruction you want to remove instead of allocating memory to jump to and immediately jump back from, the number of nops of course depends on the number of bytes there are in the instruction(s) you want to skip.
Remember, there are 4 separate but related parts to a typical AOB script
1. The array of bytes that let you find the code you want to change accurately, meaning you usually want it to be unique ie. only find one result when scanning
2. allocating the new memory and writing the new code to run there and a jump back to after the original/hooked code to continue running the game.
3. Overwriting the original code with a hook ie. jmp, to the new memory with the code that you want to run, nops are used to overwrite instructions only partially overwritten by the jump so that they are not interpreted as weird instructions and mess up the disassembly when you look at it.
4. Disabling the hook by rewriting the original bytes over the jmp and nops, and deallocating the new memory that won't be used anymore without a hook to jump to it.
_________________
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
