'; echo ' '; echo ' '; echo ' '; echo ' '; echo ' '; echo ' '; echo ' '; echo ' '; echo '
Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Is it possible to directly inject bytes from an AOB

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Discussions
View previous topic :: View next topic  
Author Message
Jordancyre
Newbie cheater
Reputation: 0

Joined: 30 May 2017
Posts: 11
PostPosted: Fri Feb 11, 2022 3:11 pm    Post subject: Is it possible to directly inject bytes from an AOB Reply with quote
All I'm interested in is the disassembly of this AOB:

```
57 56 5f 5e 48 31 c0 48 89 f0 48 01 f0 48 05 00 04 00 00 48 81 ef 00 01 00 00 48 01 f8 c3
```

My thought process was: "Damn, I have a pretty sweet x64 disassembler right here in CE! I can get the whole function that way!"

but I'm having a hard time getting these bytes into the disassembler.

Any thoughts on how to do this?
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 152

Joined: 06 Jul 2014
Posts: 4709
PostPosted: Fri Feb 11, 2022 5:49 pm    Post subject: Reply with quote
If that AoB actually exists in the game, then just go to that address in the disassembler.

If it doesn't, then allocate some memory (or find a code cave) and write the bytes to it. e.g.
Code:
globalalloc(foo,4096)
foo:
  db 57 56 5f 5e 48 31 c0 48 89 f0 48 01 f0 48 05 00 04 00 00 48 81 ef 00 01 00 00 48 01 f8 c3

PS: you're exchanging rsi and rdi with those push/pop instructions.
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Csimbi
I post too much
Reputation: 97

Joined: 14 Jul 2007
Posts: 3326
PostPosted: Sat Feb 12, 2022 4:06 am    Post subject: Reply with quote
I usually take a whole copy of the code (using readmem), and I add the instructions I want in a cave.
If you want to write directly, do as ParkourPenguin suggested: define the bytes somewhere and make sure it's written to address you want. Although the address could be the actual process, it does not have to be allocated memory. (meaning, instead of 'foo' you put there myprocess.exe+592850 or something)
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Discussions All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
'][0]['L_POST_REPLY_TOPIC'] : '') , '" align="middle" /> '; $_switch_quick_reply_count = (isset($this->_tpldata['switch_quick_reply'])) ? sizeof($this->_tpldata['switch_quick_reply']) : 0;for ($_switch_quick_reply_i = 0; $_switch_quick_reply_i < $_switch_quick_reply_count; $_switch_quick_reply_i++){ echo '   ' , ((isset($this->_tpldata['.'][0]['L_POST_SQR_TOPIC'])) ? $this->_tpldata['.'][0]['L_POST_SQR_TOPIC'] : '') , ' '; } // END switch_quick_reply echo '		   ' , ((isset($this->_tpldata['.'][0]['L_INDEX'])) ? $this->_tpldata['.'][0]['L_INDEX'] : '') , ' '; $_switch_parent_link_count = (isset($this->_tpldata['switch_parent_link'])) ? sizeof($this->_tpldata['switch_parent_link']) : 0;for ($_switch_parent_link_i = 0; $_switch_parent_link_i < $_switch_parent_link_count; $_switch_parent_link_i++){ echo ' -> ' , ((isset($this->_tpldata['.'][0]['PARENT_NAME'])) ? $this->_tpldata['.'][0]['PARENT_NAME'] : '') , ' '; } // END switch_parent_link echo ' -> ' , ((isset($this->_tpldata['.'][0]['FORUM_NAME'])) ? $this->_tpldata['.'][0]['FORUM_NAME'] : '') , '' , ((isset($this->_tpldata['.'][0]['S_TIMEZONE'])) ? $this->_tpldata['.'][0]['S_TIMEZONE'] : '') , '
' , ((isset($this->_tpldata['.'][0]['PAGINATION'])) ? $this->_tpldata['.'][0]['PAGINATION'] : '') , ' '; echo '
' , ((isset($this->_tpldata['.'][0]['PAGE_NUMBER'])) ? $this->_tpldata['.'][0]['PAGE_NUMBER'] : '') , '
'; echo ' '; $_switch_quick_reply_count = (isset($this->_tpldata['switch_quick_reply'])) ? sizeof($this->_tpldata['switch_quick_reply']) : 0;for ($_switch_quick_reply_i = 0; $_switch_quick_reply_i < $_switch_quick_reply_count; $_switch_quick_reply_i++){ echo ' ' , ((isset($this->_tpldata['.'][0]['QRBODY'])) ? $this->_tpldata['.'][0]['QRBODY'] : '') , ' '; } // END switch_quick_reply echo ' '; echo ' '; echo ' '; echo ' '; echo ' '; echo ' '; echo ' '; echo '
' , ((isset($this->_tpldata['.'][0]['S_WATCH_TOPIC'])) ? $this->_tpldata['.'][0]['S_WATCH_TOPIC'] : '') , '
'; echo '  
'; echo ' ' , ((isset($this->_tpldata['.'][0]['S_TOPIC_ADMIN'])) ? $this->_tpldata['.'][0]['S_TOPIC_ADMIN'] : '') , '		' , ((isset($this->_tpldata['.'][0]['JUMPBOX'])) ? $this->_tpldata['.'][0]['JUMPBOX'] : '') , '' , ((isset($this->_tpldata['.'][0]['S_AUTH_LIST'])) ? $this->_tpldata['.'][0]['S_AUTH_LIST'] : '') , '
'; echo ' '; ?>


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites