 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
alexator3000
How do I cheat?
![]() Reputation: 0
Joined: 30 Dec 2025
Posts: 5
|
 Posted: Tue Dec 30, 2025 4:54 am Post subject: Help inject AOB to getItem id |
 |
|
Hello, I'm French, currently using Google Translate. If this isn't understandable, please forgive me. I'm also a beginner because there are very few good YouTube tutorials. I've watched many, but few are relevant to what I'm trying to do.
I'm trying to create a cheat in Fantasy Life, primarily to understand how to do it. I'm using someone else's code to learn how to make it so I can recreate it later, but unfortunately, it's not working, hence this post.
I'm trying to retrieve the ID of the item my mouse hovers over when I'm in my inventory.
I've managed to isolate the 4 bytes that correspond to displaying the quantity, but here's the problem.
There are 5 matching results, and when I change them, the quantity of the item doesn't change... To reduce the number of results, I switched inventory pages, and only one result changed accordingly, so I kept it. But despite several value changes, the quantity remains the same.
I thought it wasn't a big deal, so I tried AOB code injection and retrieved the ID's hexadecimal value as gItem, but it didn't work. After checking, it's the same code that works, the one I'm "learning." The only difference is that it has a different AOB location and a few minor modifications that shouldn't affect the result. The only factor that should influence the AOB is the modification location.
Can you help me?
| Code: | [ENABLE]
aobscanmodule(getItem, NFL1-Win64-Shipping.exe, 8B 43 20 48 8D 53 60)
alloc(newmem, $1000, getItem)
label(code)
label(return)
label(gItem)
registersymbol(gItem)
newmem:
code:
mov [gItem], rbx // adresse de l'objet
mov eax,[rbx+20]
lea rdx,[rbx+60]
jmp return
gItem:
dq 0
getItem:
jmp newmem
nop 2
return:
registersymbol(getItem)
[DISABLE]
getItem:
db 8B 43 20 48 8D 53 60
unregistersymbol(getItem)
dealloc(newmem)
unregistersymbol(gItem)] |
This code is exactly the same as the one that works, except for "8B 43 20 48 8D 53 60". Here's the original: (I understand how the code works, so copying it isn't the point here)
| Code: | [ENABLE]
aobscanmodule(getItem,NFL1-Win64-Shipping.exe,75 13 48 8B 07 48 8B CF 48) // should be unique
alloc(newmem,$64,getItem)
label(code)
label(return)
label(gItem)
registersymbol(gItem)
newmem:
code:
mov [gItem],rax
mov rax,[rdi]
mov rcx,rdi
jmp return
gItem:
dq 0
getItem+02:
jmp newmem
nop
return:
registersymbol(getItem)
[DISABLE]
getItem+02:
db 48 8B 07 48 8B CF
unregistersymbol(getItem)
dealloc(newmem)
unregistersymbol(gItem) |
Help plzzzz
|
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4724
|
| Posted: Tue Dec 30, 2025 2:06 pm Post subject: |
|
|
| alexator3000 wrote: | | There are 5 matching results, and when I change them, the quantity of the item doesn't change |
That means none of them are the correct value.
If changing the value doesn't work, using a pointer to change the value isn't going to work either.
Maybe some action changed the address of the value as you were searching for it. In some games, moving items in the inventory or merging / splitting them will change the address.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
alexator3000
How do I cheat?
![]() Reputation: 0
Joined: 30 Dec 2025
Posts: 5
|
| Posted: Tue Dec 30, 2025 2:46 pm Post subject: |
|
|
| ParkourPenguin wrote: | | alexator3000 wrote: | | There are 5 matching results, and when I change them, the quantity of the item doesn't change |
That means none of them are the correct value.
If changing the value doesn't work, using a pointer to change the value isn't going to work either.
Maybe some action changed the address of the value as you were searching for it. In some games, moving items in the inventory or merging / splitting them will change the address. |
I understand, and I actually tried something recently that's more consistent with what you're saying:
I retrieved the actual address of the quantity of two objects, subsequently called obj 1 and 2 (I'm referring to the "actual" address here because modifying its value actually really changes it).
I checked what had access to these two addresses when I hovered the mouse over the two objects: the same operation (exactly the same instruction).But, if I switch to object 1, the count of the number of times the instruction for object 2 is executed remains unchanged, and for object 1 it increases by 2.
I then wrote this (which still doesn't work ^^):
| Code: | [ENABLE]
aobscanmodule(getItem,NFL1-Win64-Shipping.exe,0F B7 68 24 03 F5 FF C7 41 3B 7E 10 72 AD) // should be unique
alloc(newmem,$1000,getItem)
label(code)
label(return)
label(gItem)
registersymbol(gItem)
newmem:
code:
mov [gItem],rax
movzx ebp,word ptr [rax+24]
add esi,ebp
jmp return
gItem:
dq 0
getItem:
jmp newmem
nop
return:
registersymbol(getItem)
[DISABLE]
getItem:
db 0F B7 68 24 03 F5
unregistersymbol(getItem)
dealloc(newmem)
unregistersymbol(gItem) |
I'm out of ideas for how to succeed, do you have any?
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4724
|
| Posted: Tue Dec 30, 2025 6:38 pm Post subject: |
|
|
What doesn't work?
If the memory record doesn't look correct in the address list (the bottom half of the main window), make sure the "pointer" checkbox is checked, the base address is gItem, and the only offset is 24. The type should also be 2-byte
That instruction could be accessing other addresses. Right click the instruction `movzx ebp,word ptr [rax+24]` in the disassembler (the top half of the "Memory View" window) and select "Find out what addresses this instruction accesses".
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
alexator3000
How do I cheat?
![]() Reputation: 0
Joined: 30 Dec 2025
Posts: 5
|
| Posted: Wed Dec 31, 2025 5:07 am Post subject: |
|
|
| ParkourPenguin wrote: | What doesn't work?
If the memory record doesn't look correct in the address list (the bottom half of the main window), make sure the "pointer" checkbox is checked, the base address is gItem, and the only offset is 24. The type should also be 2-byte
That instruction could be accessing other addresses. Right click the instruction `movzx ebp,word ptr [rax+24]` in the disassembler (the top half of the "Memory View" window) and select "Find out what addresses this instruction accesses". |
The problem was that when I manually pointed to the object with a 4-byte offset of 24, gItem, I couldn't retrieve the quantity (and the value even changed).
I just tried again using your instructions: look at "Find out what addresses this instruction accesses," and it worked. I was able to retrieve all the information about the object's quantity and address.
But when injecting the AOB, I execute it and then "add to the current cheat table." When I try to check the box (to enable it), it says "Not all results found." So I asked Gemini for help (shame on me, I know), and it told me to use 0F B7 68 24 03 F5 ?? ?? ?? ?? ?? ?? 72. Except that last time it worked, the pointer with a 4-byte offset of 24 didn't work. And this morning when I repeat the same procedure, same address, same instructions (except for the step you suggested), I get a "not all results found" error...
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4724
|
| Posted: Wed Dec 31, 2025 1:20 pm Post subject: |
|
|
It would be helpful if you included the comment at the end of the script that shows the instructions around the original code.
I got these from the AoB pattern:
| Code: | 0F B7 68 24 - movzx ebp,word ptr [rax+24]
03 F5 - add esi,ebp
FF C7 - inc edi
41 3B 7E 10 - cmp edi,[r14+10]
72 AD - jb 0230FFBB |
I don't see any bytes that need to be replaced with wildcards.
| alexator3000 wrote: | | When I try to check the box (to enable it), it says "Not all results found." |
Maybe you had a different script active using the same injection point. Close both Cheat Engine and the game, restart them, attach Cheat Engine to the game, and try enabling the script then. After the script is enabled, do something in game to execute the code (hover over an item) and it should work.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
alexator3000
How do I cheat?
![]() Reputation: 0
Joined: 30 Dec 2025
Posts: 5
|
| Posted: Fri Jan 02, 2026 10:56 am Post subject: |
|
|
| ParkourPenguin wrote: | | Maybe you had a different script active using the same injection point. Close both Cheat Engine and the game, restart them, attach Cheat Engine to the game, and try enabling the script then. After the script is enabled, do something in game to execute the code (hover over an item) and it should work. |
Yes, it was something similar. It turned out I was pressing "execute" before adding it to my cheat table and enabling it, so it wasn't working.
Now, everything works fine on that end, but I have another problem similar to the previous one: I'm trying to retrieve the rarity address of an item.
I retrieved the address, which has the rarity value (as a star from 1 to 5) of the item I hover over with my mouse. I retrieved what was at that address and tried injecting an AOB to retrieve the rarity value of all items. However, when I "enable" the cheat, I get "not all results found".
Numbering of attempted solutions:
1. I initially thought I had pressed "execute" again. I tried again, and the same problem occurred.
2. I tried replacing them with question marks, but it was unsuccessful.
3. I thought aobscan wasn't working because the address of the executing movzx files was changing. So, I took the current address and looked at what was interacting with it. I closed the inventory, reopened it, retrieved the new address of the rarity, and clicked on "Found out what accesses to this address." It turned out to be the same movzx file and the same other instructions, despite the inventory being opened and closed repeatedly.
4. I then tried taking a larger aobscan file and the following bytes; I tried changing it from "0F B6 43 28 88 47 28" to "0F B6 43 28 88 47 28 0F B6 43 29 88 47 29", which also didn't work.
!!!!!!!!!!!!!!!!!I found a major error that doesn't explain everything but is consistent!!!!!!!!!!!!!!!!!
It's possible I copied the wrong address; after checking, the rarity is rdi+28. However, what is al? I can't find it in : | Code: | "NFL1-Win64-Shipping.exe"+69D7F50:
7FF60D4E7F49 - 89 47 24 - mov [rdi+24],eax
7FF60D4E7F4C - 0FB6 43 28 - movzx eax,byte ptr [rbx+28]
7FF60D4E7F50 - 88 47 28 - mov [rdi+28],al <<
7FF60D4E7F53 - 0FB6 43 29 - movzx eax,byte ptr [rbx+29]
7FF60D4E7F57 - 88 47 29 - mov [rdi+29],al
RAX=0000000000000001
RBX=000002162ADD4408
RCX=0000021617C0A060
RDX=000002162ADD4468
RSI=00000000131CA408
RDI=0000021617C0A000
RBP=0000021617C0A0B8
RSP=000000BF6237CFD0
R8=0000000000000022
R9=0000000000000040
R10=00007FFCBB0C0000
R11=00007FFCBB0D14C1
R12=0000000000000001
R13=00000000000000B8
R14=0000000000000001
R15=0000021617C0A000
RIP=00007FF60D4E7F53
First seen:12:38:25
Last seen:17:42:17 |
And this error doesn't change anything (I think) regarding "Not all results found," so why on earth isn't it working?
!!!!!!!!!!!!!!!!!EDIT!!!!!!!!!!!!!!!!!
After changing the code, here it is. It still doesn't work, otherwise I would have told you the opposite.
When I pressed "inject AOB scan" in the aobscanmodule, I got the error "ERROR NOT ALL RESULTS FOUND: "88 47 28 0F B6 43 29". I simply removed it and replaced it with "88 47 28 0F B6 43 29" (as in the code below). It no longer gives an error, but when I set a pointer to "stars" with an offset of 28, it doesn't work. In fact, it's as if "stars" doesn't exist; it's 00000000. When I set the offset, it returns "?" as the address value, 00000028 (which makes sense). What doesn't make sense is the 00000000.
So here I am again, asking for help!!
Injected AOB code:
| Code: | { Game : NFL1-Win64-Shipping.exe
Version:
Date : 2026-01-02
Author : Alexis Meffre
This script does blah blah blah
}
[ENABLE]
aobscanmodule(Rarity_searcher,NFL1-Win64-Shipping.exe,88 47 28 0F B6 43 29) // should be unique
alloc(newmem,$1000,Rarity_searcher)
label(code)
label(return)
label(stars)
registersymbol(stars)
newmem:
mov [stars],al
code:
mov [rdi+28],al
movzx eax,byte ptr [rbx+29]
jmp return
stars:
dq 0
Rarity searcher:
jmp newmem
nop 2
return:
registersymbol(Rarity_searcher)
[DISABLE]
Rarity_searcher:
db 88 47 28 0F B6 43 29
unregistersymbol(Rarity_searcher)
dealloc(newmem)
unregistersymbol(stars)
{
// ORIGINAL CODE - INJECTION POINT: "NFL1-Win64-Shipping.exe"+69D7F50
"NFL1-Win64-Shipping.exe"+69D7F2B: 48 8B 43 04 - mov rax,[rbx+04]
"NFL1-Win64-Shipping.exe"+69D7F2F: 48 89 47 04 - mov [rdi+04],rax
"NFL1-Win64-Shipping.exe"+69D7F33: E8 48 88 89 FC - call "NFL1-Win64-Shipping.exe"+3270780
"NFL1-Win64-Shipping.exe"+69D7F38: 8B 43 20 - mov eax,[rbx+20]
"NFL1-Win64-Shipping.exe"+69D7F3B: 48 8D 53 60 - lea rdx,[rbx+60]
"NFL1-Win64-Shipping.exe"+69D7F3F: 89 47 20 - mov [rdi+20],eax
"NFL1-Win64-Shipping.exe"+69D7F42: 48 8D 4F 60 - lea rcx,[rdi+60]
"NFL1-Win64-Shipping.exe"+69D7F46: 8B 43 24 - mov eax,[rbx+24]
"NFL1-Win64-Shipping.exe"+69D7F49: 89 47 24 - mov [rdi+24],eax
"NFL1-Win64-Shipping.exe"+69D7F4C: 0F B6 43 28 - movzx eax,byte ptr [rbx+28]
// ---------- INJECTING HERE ----------
"NFL1-Win64-Shipping.exe"+69D7F50: 88 47 28 - mov [rdi+28],al
// ---------- DONE INJECTING ----------
"NFL1-Win64-Shipping.exe"+69D7F53: 0F B6 43 29 - movzx eax,byte ptr [rbx+29]
"NFL1-Win64-Shipping.exe"+69D7F57: 88 47 29 - mov [rdi+29],al
"NFL1-Win64-Shipping.exe"+69D7F5A: 8B 43 2C - mov eax,[rbx+2C]
"NFL1-Win64-Shipping.exe"+69D7F5D: 89 47 2C - mov [rdi+2C],eax
"NFL1-Win64-Shipping.exe"+69D7F60: 0F B6 43 30 - movzx eax,byte ptr [rbx+30]
"NFL1-Win64-Shipping.exe"+69D7F64: 88 47 30 - mov [rdi+30],al
"NFL1-Win64-Shipping.exe"+69D7F67: 48 8B 43 34 - mov rax,[rbx+34]
"NFL1-Win64-Shipping.exe"+69D7F6B: 48 89 47 34 - mov [rdi+34],rax
"NFL1-Win64-Shipping.exe"+69D7F6F: 0F B6 43 3C - movzx eax,byte ptr [rbx+3C]
"NFL1-Win64-Shipping.exe"+69D7F73: 88 47 3C - mov [rdi+3C],al
} |
What accesses to this adress (rarity adress that I founded and is changing everytime I close and open the inventory):
| Code: | 7FF60D4E7F50 - 88 47 28 - mov [rdi+28],al
7FF60D4E7F57 - 88 47 29 - mov [rdi+29],al
7FF60D4E7F4C - 0FB6 43 28 - movzx eax,byte ptr [rbx+28]
7FF60D4E7F53 - 0FB6 43 29 - movzx eax,byte ptr [rbx+29]
|
Memory view near the adress instruction :
| Code: | 0FB6 43 28 - movzx eax,byte ptr [rbx+28]
88 47 28 - mov [rdi+28],al
0FB6 43 29 - movzx eax,byte ptr [rbx+29]
88 47 29 - mov [rdi+29],al
|
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4724
|
| Posted: Fri Jan 02, 2026 1:31 pm Post subject: |
|
|
| alexator3000 wrote: | | I retrieved what was at that address and tried injecting an AOB to retrieve the rarity value of all items. However, when I "enable" the cheat, I get "not all results found". |
This is the exact same problem as before. You did something that modified the injection point. Maybe you clicked execute, or maybe it was some other script. In any case, you don't just try again- you close CE and the game, restart both, attach CE to the process, then try again. Never click on "Execute" in an AA script window unless you know what you're doing.
If you want to see why CE can't find the AOB pattern, then disassemble the address you're trying to inject at. Open the memory view, right click in the disassembler (the top half of the memory view), select "Go to address", then copy / paste the address in the comment of your script ("NFL1-Win64-Shipping.exe"+69D7F50).
| alexator3000 wrote: | However, what is al? I can't find it in :
| Code: | ...
RAX=0000000000000001
... |
|
`al` is the least significant 8 bits of the 64-bit register RAX. In this case, it's 01.
| alexator3000 wrote: | | It's possible I copied the wrong address |
You shouldn't need to copy anything. Find out what writes or accesses an address, click "Show disassembler" to open that address in the disassembler, click Tools -> Auto Assembler, and finally click Template -> AOB Injection. The address gets filled in for you.
| alexator3000 wrote: | I tried replacing them with question marks, but it was unsuccessful.
...
I simply removed it and replaced it with "88 47 28 0F B6 43 29" |
Don't modify the AOBScan pattern like that. The pattern needs to be unique. If it's not, then you'll change some other code. Maybe that would do nothing, or maybe it would crash the game. It won't do what you want it to do.
If you want to find out if it's unique or not, scan for the pattern yourself in the main window. Start a new scan, change the type to Array of bytes, right click in the area with the checkboxes "Writable" / "Executable" / "CopyOnWrite", select "Preset: scan all memory", then scan for the AoB pattern. If you only want to scan through a certain module (like `aobscanmodule` is doing), use the dropdown menu just above the memory scan start / stop fields.
| alexator3000 wrote: | | Code: | aobscanmodule(Rarity_searcher, ...
...
Rarity searcher: |
|
You forgot the underscore.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
alexator3000
How do I cheat?
![]() Reputation: 0
Joined: 30 Dec 2025
Posts: 5
|
| Posted: Fri Jan 02, 2026 2:37 pm Post subject: |
|
|
| ParkourPenguin wrote: |
If you want to see why CE can't find the AOB pattern, then disassemble the address you're trying to inject at. Open the memory view, right click in the disassembler (the top half of the memory view), select "Go to address", then copy / paste the address in the comment of your script ("NFL1-Win64-Shipping.exe"+69D7F50). |
I tried it, it worked well, but it turns out I was already there ^^.
| ParkourPenguin wrote: |
If you want to find out if it's unique or not, scan for the pattern yourself in the main window. Start a new scan, change the type to Array of bytes, right click in the area with the checkboxes "Writable" / "Executable" / "CopyOnWrite", select "Preset: scan all memory", then scan for the AoB pattern. If you only want to scan through a certain module (like `aobscanmodule` is doing), use the dropdown menu just above the memory scan start / stop fields. |
I tried and found 29 results, what to do next? It's clear the path code isn't unique now, but how do I fix it? (This is what I get : )
| Code: | "NFL1-Win64-Shipping.exe"+33B95EA
"NFL1-Win64-Shipping.exe"+4FB9392
"NFL1-Win64-Shipping.exe"+5036E4F
"NFL1-Win64-Shipping.exe"+592AE13
"NFL1-Win64-Shipping.exe"+5932EBB
"NFL1-Win64-Shipping.exe"+612B6BF
"NFL1-Win64-Shipping.exe"+6929741
"NFL1-Win64-Shipping.exe"+692AD6B
"NFL1-Win64-Shipping.exe"+6931A11
"NFL1-Win64-Shipping.exe"+6942C61
"NFL1-Win64-Shipping.exe"+6943E11
"NFL1-Win64-Shipping.exe"+6993B02
"NFL1-Win64-Shipping.exe"+69D7F50
"NFL1-Win64-Shipping.exe"+6C0BC60
"NFL1-Win64-Shipping.exe"+6C0CA21
"NFL1-Win64-Shipping.exe"+6CCA851
"NFL1-Win64-Shipping.exe"+6CDA6DF
"NFL1-Win64-Shipping.exe"+6CEAA93
"NFL1-Win64-Shipping.exe"+6CEB9B7
"NFL1-Win64-Shipping.exe"+6D78160
"NFL1-Win64-Shipping.exe"+70BC5F9
"NFL1-Win64-Shipping.exe"+7593F11
"NFL1-Win64-Shipping.exe"+760B1D1
"NFL1-Win64-Shipping.exe"+761DC6D
"NFL1-Win64-Shipping.exe"+76DBB35
"NFL1-Win64-Shipping.exe"+7799783
"NFL1-Win64-Shipping.exe"+7D057B4
"NFL1-Win64-Shipping.exe"+7D7FC9E
"EOSSDK-Win64-Shipping.dll"+A608F6
|
(Otherwise, I don't remember how my memory scan settings were before doing this; can you tell me how to revert to normal or simply what Writable, executable... correspond to? I mean, I've already read what's written when you hover your mouse over them, but it's not clear enough for me.)
Here are the steps I take to inject my AOB code in order: right-click, Find out what accesses to this address, left-click on the instruction {mov [rdi+28],al}, Show Disassembler, Tools, Auto Assemble, Template, AOB Injection. Then, I just write the label and register symbol, giving the label space (e.g., stars, db 0 here for al), I put the mov file right after "code" so it's clearly visible in the memory view, unregistersymbol, file, assign to current cheat table. And that's it, I just do that, and the moment I click AOB Injection and it displays the script, it already says "ERROR: not all results found : "98 26 78 92 9F 7A"(Fictitious)." I also don't see the mov [stars],al file in the memory view, which would indicate that it was injected correctly.
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4724
|
| Posted: Fri Jan 02, 2026 5:13 pm Post subject: |
|
|
| alexator3000 wrote: | | I tried it, it worked well, but it turns out I was already there ^^. |
What was there? If enabling the script gives the error "Not all results found" then clearly it was modified since CE generated the AOB Injection template.
| alexator3000 wrote: | | I tried and found 29 results, what to do next? |
Extend the AOB pattern until it's unique.
I would strongly suggest you let CE do this for you. Use the AOB Injection template and don't modify it.
| alexator3000 wrote: | | giving the label space (e.g., stars, db 0 here for al) |
Use dq 0. You're storing the address of the value (8 bytes) and not the value itself.
Try it again. Restart the game and CE. Don't enable any other scripts. Use the AOB pattern CE generates. Don't click execute- assign it to the cheat table and close the AA script window. Try enabling the script in the address list (bottom half of main window).
If it gives the error "Not all results found", go to the injection point in the disassembler ("NFL1-Win64-Shipping.exe"+69D7F50) and copy / paste about 20 instructions around there (10 before that address and 10 after). Also double click the AA script in the address list and copy / paste that too.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
