 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
panraven
Grandmaster Cheater
![]() Reputation: 55
Joined: 01 Oct 2008
Posts: 942
|
 Posted: Sat Oct 24, 2020 1:05 am Post subject: AobScanRegion Error? |
 |
|
Not sure if there was already mentioned, it seems aa command AOBScanRegion is not behaved as expected in some case.
In a game, there are 2 functions quite similar and located side by side, ~Water and ~Rice function, see pic please.
They has almost exact same bytes, and I need to scan exact same aob bytes sequence ie.[8b 49 34 5d e9] start from the 2 functions, to have 2 different result. So the AOBScanRegion is need.
However, as shown in pic, it located the bytes sequence in ~Rice even start scan from ~Water (~Water come before ~Rice). The scanned address should be ~Water+3 instead of ~Rice+3.
Tested on ce 7.1 & ce 7.2RC1
Is it some error or my mistake?
Thank you~
ADDED:
I also copy the 2 functions' bytes to a allocated ( globalalloc ) memory,
and start the scan from the copyed 1st function (equivalent to ~Water),
this time the result is correct!
More Info:
The said functions is in the *.exe module, looking at the memopry region table, they are all within the same region. I've not enable (unable) kernel mode.
| Description: |
|
| Filesize: |
116.24 KB |
| Viewed: |
1531 Time(s) |
|
_________________
- Retarded. |
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 458
Joined: 09 May 2003
Posts: 25287
Location: The netherlands
|
| Posted: Sat Oct 24, 2020 3:42 am Post subject: |
|
|
rice is within the +100 range. change the +100 to +10 and see if it still happens
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
panraven
Grandmaster Cheater
![]() Reputation: 55
Joined: 01 Oct 2008
Posts: 942
|
| Posted: Sat Oct 24, 2020 4:55 am Post subject: |
|
|
Hi,
It has no result if end address less than ~Water+14,
which is same as ~Rice+8, ie. it is the address of the byte just following
the last byte of aob sequence (e9 in the aob pattern) within ~Rice .
ie.(~Water+14 == ~Rice+8 ).
If end address is equal or more than ~Water+14, scan result is same land
on ~Rice+3 instead of ~Water+3.
My PC is Ryzen 3, 32G windows 10 if that matter.
The game is "Battle Realms Zen" v1.56.3 (source p*), if someone interested to see if they can reproduce the same behaviors.
_________________
- Retarded. |
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 458
Joined: 09 May 2003
Posts: 25287
Location: The netherlands
|
| Posted: Sat Oct 24, 2020 3:20 pm Post subject: |
|
|
ok, I can reproduce it with this script:
| Code: |
if not injected then
injecter=[[
alloc(bla,65536,4f0000)
label(xxx)
registersymbol(xxx)
bla+72d3:
xxx:
db 55 8b ec 8b 49 34 5d e9 67 6c ff ff 55 8b ec 8b 49 34 5d e9 8e 6c ff ff 55
]]
injected=autoAssemble(injecter)
end
xxx=getAddressSafe('XXX')
if autoAssemble(string.format([[
unregistersymbol(YYY)
aobscanRegion(YYY, %X, %X+10, 8b 49 34 5d e9)
registersymbol(YYY)
]], xxx, xxx)) then
local aYYY=getAddressSafe("YYY")
if aYYY~=xxx+3 then
print(string.format("Error: %x",aYYY))
else
print("Correct")
end
else
print("AA error")
end
|
probably an alignment issue. If you change %x,%x+10 to %x-10,%x+10 it works.
I'll see if I can make it work without doing this
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
panraven
Grandmaster Cheater
![]() Reputation: 55
Joined: 01 Oct 2008
Posts: 942
|
| Posted: Sat Oct 24, 2020 6:22 pm Post subject: |
|
|
Hi,
I align the start address with (address & ~0x7), then it give correct result.
But it may be not enough, as mgr.inz.Player said
https://www.cheatengine.org/forum/viewtopic.php?t=611417#5755071
it may be has to be 32-byte aligned.
Can it be fixed anyway?
As aobscanRegion (progressive custom command version, ie its result can be used by another immediately following scan) is good to make update resisting code for jit mono game, which may generate some unexpected code, eg. random nop, no meaningful result comparison eg cmp [rax],0 without following jxx jump etc.
Such scan usually scan in a small following range with short aob, which more likely hit the problem. ( tho I never encounter the problem before ~_~ )
Thank you~
_________________
- Retarded. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
