 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
PinPoint
Expert Cheater
 Reputation: 10
Joined: 07 Apr 2016
Posts: 223
Location: Scotland
|
 Posted: Thu Apr 14, 2016 8:15 am Post subject: help with AA, pointers |
 |
|
Im practicing writing aobscan scripts with the CE tutorial and im stuck on step 6!
Ive got a script to pass it after i change the pointer but I want to write a script where i execute it then change the pointer and its done.
this is what i've been working with
| Code: | [ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
label(storedaob)
registersymbol(storedaob)
aobscan(aob1,89 02 A1 60 53 64 00)
newmem:
???
originalcode:
//mov [edx],eax
//mov eax,[Tutorial-i386.exe+245360]
exit:
jmp returnhere
aob1:
storedaob:
jmp newmem
nop
nop
returnhere:
[DISABLE]
dealloc(newmem)
storedaob:
db 89 02 A1 60 53 64 00
unregistersymbol(storedaob) |
how can I change the opcodes to set the address which is pointed to at 5000?
|
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4702
|
| Posted: Thu Apr 14, 2016 10:01 am Post subject: |
|
|
Assuming edx is the address of the pointer and eax is the new value of the pointer, just dereference the pointer and write whatever value you want into it. This injection point even makes it easy for you by giving you the value of the pointer, eax.
| Code: | // assuming a level 1 pointer:
...
mov [edx],eax
add eax, offset
mov [eax],5000
mov eax,[Tutorial-i386.exe+245360]
... |
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
PinPoint
Expert Cheater
Reputation: 10
Joined: 07 Apr 2016
Posts: 223
Location: Scotland
|
| Posted: Thu Apr 14, 2016 12:35 pm Post subject: |
|
|
I get an access violation when i try to change the value, and changing the pointer with the script toggled doesnt do anything to it.
this is what i put in newmem:
| Code: | mov [edx],eax
add eax, 0
mov [eax],5000
mov eax,[Tutorial-i386.exe+245360] |
the pointer is
| Code: | | [Tutorial-i386.exe+245360]+0 |
in dissembler it does change however from:
| Code: | Tutorial-i386.exe+26562 - 89 02 - mov [edx],eax
Tutorial-i386.exe+26564 - A1 60536400 - mov eax,[Tutorial-i386.exe+245360]
|
to:
| Code: | storedaob - E9 999AF8FF - jmp 003B0000
Tutorial-i386.exe+26567- 90 - nop
Tutorial-i386.exe+26568- 90 - nop
|
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4702
|
| Posted: Thu Apr 14, 2016 8:11 pm Post subject: |
|
|
And that's why I said "Assuming edx is the address of the pointer...".
Try this and let me know what happens.
| Code: | mov [edx],eax
mov eax,[Tutorial-i386.exe+245360]
push ecx
mov ecx,[eax]
mov [ecx],5000
pop ecx |
Perhaps you should learn a bit more about what pointers are before you try to mess with them.
CEF topic (low-level)
YouTube video (high-level)
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
Cake-san
Grandmaster Cheater
 Reputation: 8
Joined: 18 Dec 2014
Posts: 541
Location: Semenanjung
|
| Posted: Thu Apr 14, 2016 9:09 pm Post subject: |
|
|
| Code: |
[ENABLE]
aobscanmodule(aob_inj,Tutorial-i386.exe,E8 * * * * 89 C3 89 D8 5E 5B C3)
aobscanmodule(_pointer,Tutorial-i386.exe,8B 35 * * * * 8B 56 04)
label(_meh)
_pointer+2:
_meh:
label(_inj)
registersymbol(_inj)
alloc(newmem,2048)
label(returnhere)
label(originalcode)
newmem:
push eax
mov eax,[_meh]
cmp eax,0
je originalcode
mov eax,[eax]
cmp eax,0
je originalcode
mov eax,[eax+C]
cmp eax,0
je originalcode
mov eax,[eax+14]
cmp eax,0
je originalcode
mov eax,[eax]
cmp eax,0
je originalcode
mov [eax+18],#5000
originalcode:
pop eax
mov eax,ebx
pop esi
pop ebx
jmp returnhere
aob_inj+7:
_inj:
jmp newmem
returnhere:
ret
[DISABLE]
dealloc(newmem)
_inj:
db 89 D8 5E 5B C3 00
//mov eax,ebx
//pop esi
//pop ebx
//ret
unregistersymbol(_inj)
|
_________________
... |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
