Cheat Engine

careca777 · Screenshot 2020-12-01 171531.png

Hi experts, im having an issue where i do an AOB scan, but the address it returns is very different from the one i want. Interestingly, if i do a manual search with the same array of bytes, it does find the correct spot, wildcards included and all that.

The code im using:

Csimbi · Posted: Wed Dec 02, 2020 11:31 am Post subject:

The code you posted (wrong) is not the same as you have on the picture (good).

careca777 · Posted: Wed Dec 02, 2020 1:05 pm Post subject:

Hi, thanks for the reply, i edited the post and changed the line, but the line itself is not important, the line is not the issue, i can use the line inside the memory viewer searcher and it finds the region i need.
What i intend to do is make it automatic, and retrieve the address where the AOB was found, but instead, when it locks/finds the address, it has nothing to do with what im searching at all, it returns a result miles away in terms of addresses. I tried many lines that i think are unique, but somehow it always returns the wrong address.

PS: when you say wrong, do you mean it's different between them, or do you mean there is a syntax error or something like that? Is the wildcard the "?" ?

Csimbi · Posted: Wed Dec 02, 2020 1:37 pm Post subject:

Again, you are scanning for the wrong bytes in that code.
Why would you expect it to find the right address?

You search for B when you want to find A.

careca777 · Posted: Wed Dec 02, 2020 1:43 pm Post subject:

Ok, new development, this should restrict the search, but now it doesn't even give me an odd address, it just gives nothing at all!
What am i doing wrong here?

If i remove the region bit and leave it to search everything, it gives me an odd address, last run was: D100000000422A
This is very far from the expected 2F40F3CF893

The line is unique and it finds it in the correct place through the byte search/array, now why doesn't it return the correct address through AOB?

All i want is the address where it was found.

careca777 · Posted: Thu Dec 03, 2020 12:04 pm Post subject:

ByTransient · Posted: Thu Dec 03, 2020 1:14 pm Post subject:

@Csimbi disappeared when you typed the name of the game. Very Happy

It; If it is a multiplayer game, CEF will not answer this question.
Correct the game names as "Game.exe" and try again.
(Correct previous pictures as well Wink

)

careca777 · Posted: Thu Dec 03, 2020 1:58 pm Post subject:

Understood.

careca777 · Posted: Sat Dec 05, 2020 3:27 am Post subject:

careca777 · Posted: Tue Dec 08, 2020 1:30 pm Post subject:

Bump. Still looking for a solution to this. AOB seems to find the bytes, but doesnt give me the address found into a pointer.

ParkourPenguin · Posted: Tue Dec 08, 2020 2:00 pm Post subject:

You're doing something wrong. I'm not going to sift through >20 bytes to tell you how you're wrong. Maybe check the region types you're scanning through (writable, executable, CoW).

aobscans for writable data is unreliable IMO. Try pointers or code injection (search "injection copy").

careca777 · Posted: Tue Dec 08, 2020 3:33 pm Post subject:

I leave this image for your appreciation.
Why am i getting two different return addresses?
Despite the region types, if i find only one address through the "normal" search method, why doesn't AOB give me the same address?
What can i possibly be doing wrong? Point me in a direction i can work on.

ParkourPenguin · Posted: Tue Dec 08, 2020 5:42 pm Post subject:

Put carbase in the address field. It's not a pointer since you're not dereferencing anything to get to the end address.

You can see in the found list that the 8-byte value at the address 2BF4CE388C0 is 0x422A0000, so it seems like it's working just fine.

careca777 · Posted: Wed Dec 09, 2020 5:30 am Post subject:

Thank you ParkourPenguin, that was it! I assumed placing it in the pointer part would make the reference, but it has to be in the address, and now shows the correct address.