 |
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
Mobie Cheater
Reputation: 0
Joined: 10 Feb 2011 Posts: 43
|
Posted: Sat Dec 01, 2012 11:48 am Post subject: Cheat Engine Dll Select? |
|
|
How i can view withe the memory viewer only in a dll? Example FarCry 3 all cheats stored in a dll for Direct X 11 and normal Direct X 9. When i use the Assemply scan from cheat engine how i can select directly, the .dll for search in the modul.
greets a sry for my english |
|
Back to top |
|
 |
Dark Byte Site Admin
Reputation: 470
Joined: 09 May 2003 Posts: 25794 Location: The netherlands
|
Posted: Sat Dec 01, 2012 12:47 pm Post subject: |
|
|
the auto assembler's aobscan will always scan till the first occurance. Is there really no way to distinguish between the dx9 and 11 dll with anything nearby ?
Anyhow, the lua version of AOBScan will return all addresses, so you can use that and then scan through all the results looking for a address that falls in the range of the given dll, it's slow, but pretty easy (getAddress('dllname.dll') for base and getModuleSize('dllname.dll') for size)
If you do want a bit more effort and speed you can make use of the memscan_ class object and specifically scan the region of the dll.
---
I've written an function and a easy to use example that can be used in your table
Code: |
function aobscandll(dllname, aobstring)
local dllbase=getAddress(dllname)
local dllsize=getModuleSize(dllname)
local ms=createMemScan()
memscan_returnOnlyOneResult(ms, true)
memscan_firstScan(ms, soExactValue, vtByteArray, 0, aobstring, "", string.format("%x", dllbase), string.format("%x", dllbase+dllsize) , "", fsmNotAligned, "1", true, false,false,false)
memscan_waitTillDone(ms)
local r=memscan_getOnlyResult(ms)
object_destroy(ms)
return r
end
AOBCompatibleAddressSpecifier=string.format("%x", aobscandll("tutorial-i386.exe", "c6 05 20 e0 68 00 00 e8 b4 ff ff ff"))
|
After this script gets executed you can use an auto assembler script like this:
Code: |
[enable]
$AOBCompatibleAddressSpecifier:
nop
nop
nop
[disable]
$AOBCompatibleAddressSpecifier:
db c6 05 20
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
 |
gir489 Grandmaster Cheater
Reputation: 14
Joined: 03 Jan 2012 Posts: 841 Location: Maryland, United States
|
Posted: Sun Dec 02, 2012 6:22 pm Post subject: |
|
|
There isn't really "anything near by", the main difference in the FC3_d3d11.dll is that it uses D3D11 calls instead of D3D9. Which could've been done with some simple intrinsics, but what do I know, I'm just a reverse engineer.
It looks like it loads FC3.dll, kicks that off, then loads FC3_d3d11 and then kicks that off, too. So it looks like both DLLs are running at the same time.
I thought that it would just load FC3_d3d11 instead of FC3.dll. They're both relatively the same size. |
|
Back to top |
|
 |
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|