Cheat Engine

[pilgrams]

Hi, I was wondering how do you exacly do a aobscan? Also would it work for static address?

[JohnT]

yeah

look you have and instruction
01FAD71E - 8B 40 58 - mov eax,[eax+58]
01FAD721 - 2B 45 08 - sub eax,[ebp+08]
01FAD724 - 8B 75 0C - mov esi,[ebp+0C]
01FAD727 - 89 06 - mov [esi],eax
01FAD729 - 8B 57 0C - mov edx,[edi+0C]


mov eax,[eax+58] is the intruction of my help ok???

so do you see the bytes???

8B 40 58
2B 45 08
8B 75 0C
89 06
8B 57 0C


so these are the bytes of all of them if it is bigger then its better

so i want to write a value so i did this

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscan(_health,8B 40 58 2B 45 08 8B 75 0C 89 06 8B 57 0C)
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)

_health:
jmp newmem
nop
returnhere:

newmem:

mov dword ptr [eax+58],#500

originalcode:
//mov eax,[eax+58]
//sub eax,[ebp+08]

exit:
jmp returnhere


[DISABLE]
//code from here till the end of the code will be used to disable the cheat
aobscan(_health,E9 DD xx xx xx 90 8B 75 0C 89 06 8B 57 0C)
dealloc(newmem)
_health:
mov eax,[eax+58]
sub eax,[ebp+08]

aobscan(_health,E9 DD xx xx xx 90 8B 75 0C 89 06 8B 57 0C) see this

i did that by enabling the cheat if you enable the cheat

those bytes ,8B 40 58 2B 45 08 8B 75 0C 89 06 8B 57 0C)
will be

E9 DD xx xx xx 90 8B 75 0C 89 06 8B 57 0C)

i placed with xx xx xx because there was an address wich addresses get changed that why you should place them with xx

E.x see
01FAD71E - E9 DD284706 - jmp 08420000
01FAD723 - 90 - nop
01FAD724 - 8B 75 0C - mov esi,[ebp+0C]
01FAD727 - 89 06 - mov [esi],eax
01FAD729 - 8B 57 0C - mov edx,[edi+0C]

see 01FAD71E - E9 DD284706 - jmp 08420000
01FAD723 - 90 - nop

dd 28 47 06 = 08420000
thats why i did e9 dd xx xx xx the dd doent change but 284706 always change because this 08420000 gets changed


Hope you understand

[pilgrams]

Thanks for the great information "I am still learning so some of this stuff is kind of confusing". So what if the vehdebbuger doesn't write anything with you attach it, how would you get the codes to make the script?

thanks again

[JohnT]

look i bet you have used the cheat engine 6.0 and 6.1 if you have used
6.1 then you cant use the debugger of 6.0 if you have used the 6.0 you cant use the debugger of 6.1

Hope you understand

[pilgrams]

I did make the table with CE 6.0 and I tried then to attached the debugger wouldn't write anything. It is like a static address never changes. So was just wondering why it wouldn't write anything.

[JohnT]

try using 6.1
well not because it is a static address then you can do a code injection try using 6.0 and 6.1 ce

[pilgrams]

[JohnT]

ok
look you have health my health address is A012D45 <---- example
the i did what accesses then i went back to the game a got hit and then i saw some instuctions i took the first one which is mov eax,[eax+58]

This intruction is the first one
then
01FAD721 - 2B 45 08 - sub eax,[ebp+08]
01FAD724 - 8B 75 0C - mov esi,[ebp+0C]
01FAD727 - 89 06 - mov [esi],eax
01FAD729 - 8B 57 0C - mov edx,[edi+0C]

and so on

Then i took the bytes
and did aobscan(anynameyouwant,the bytes here)

then in the newmem i wrote the value that i want
i kept the originalcode as it is

_health: <here is the [anynameyouwant] it was"ACBSP.exe"+8878787
jmp newmem
nop
returnhere:

and here the same

_health:
mov eax,[eax+58]
sub eax,[ebp+08]

the other instruction are from here

[pilgrams]

Ok, I think I understand it more now thanks for explaining it to me.

[JohnT]

i am glad so try it now

and then tell me i am here for half an hour

I am glad you understand

[pilgrams]

I might have to try with another game cause this game will not write anything when I get hit by the enemie.

[JohnT]

look is this address an address of you health???

or you just picked one?

[pilgrams]

[JohnT]

make sure that the health is not freezed and make sure you haven't changed the value and try the "what accesses this address" of the
"what writes this address"

[pilgrams]

So I tried what you said and it crashes my game, then I tried again and it didn't crash still nothing writes when attaching debugger.