View previous topic :: View next topic |
Author |
Message |
MGGA Advanced Cheater Reputation: 2
Joined: 10 Jan 2016 Posts: 54
|
Posted: Sat Oct 08, 2016 4:26 am Post subject: Problem with AOB injection, address keep changing |
|
|
This script is working but it will crashed everytime i restart game client because an address of "mov eax,04C18E80" keep changing.
Code: | [ENABLE]
aobscan(Health,89 08 E8 ?? ?? ?? ?? 8B 40 2C) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
mov eax,04C18E80 <--- this address 041F8E80 is keep changing everytime restart game client.
mov [eax],(int)10
jmp return
Health-5:
jmp newmem
nop
return:
registersymbol(Health)
[DISABLE]
Health-5:
db B8 80 8E ?? ?? 89 08 <--- this part also gives me a problem, if i turn it off it will crash game client. so i have to keep it on.
unregistersymbol(Health)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 179F8B0D
""+179F8AEB: 57 - push edi
""+179F8AEC: 83 EC 24 - sub esp,24
""+179F8AEF: 8B 7D 08 - mov edi,[ebp+08]
""+179F8AF2: C7 45 EC 00 00 00 00 - mov [ebp-14],00000000
""+179F8AF9: 0F B6 47 66 - movzx eax,byte ptr [edi+66]
""+179F8AFD: 85 C0 - test eax,eax
""+179F8AFF: 75 0E - jne 179F8B0F
""+179F8B01: 8B 0D 80 8E C1 04 - mov ecx,[04C18E80]
""+179F8B07: 49 - dec ecx
""+179F8B08: B8 80 8E C1 04 - mov eax,04C18E80
// ---------- INJECTING HERE ----------
""+179F8B0D: 89 08 - mov [eax],ecx
""+179F8B0F: E8 04 D6 FC FF - call 179C6118
// ---------- DONE INJECTING ----------
""+179F8B14: 8B 40 2C - mov eax,[eax+2C]
""+179F8B17: 39 00 - cmp [eax],eax
""+179F8B19: 8B 80 00 01 00 00 - mov eax,[eax+00000100]
""+179F8B1F: 25 80 00 00 00 - and eax,00000080
""+179F8B24: 3D 80 00 00 00 - cmp eax,00000080
""+179F8B29: 0F 94 C0 - sete al
""+179F8B2C: 0F B6 C0 - movzx eax,al
""+179F8B2F: 85 C0 - test eax,eax
""+179F8B31: 74 0D - je 179F8B40
""+179F8B33: E8 0C C1 89 ED - call 05294C44
} |
How to solve this?
|
|
Back to top |
|
|
mgostIH Expert Cheater Reputation: 3
Joined: 01 Jan 2016 Posts: 159
|
Posted: Sat Oct 08, 2016 4:52 am Post subject: |
|
|
Use AOB wildcards.
_________________
|
|
Back to top |
|
|
MGGA Advanced Cheater Reputation: 2
Joined: 10 Jan 2016 Posts: 54
|
Posted: Sat Oct 08, 2016 4:54 am Post subject: |
|
|
mgostIH wrote: | Use AOB wildcards. |
How?
|
|
Back to top |
|
|
mgostIH Expert Cheater Reputation: 3
Joined: 01 Jan 2016 Posts: 159
|
Posted: Sat Oct 08, 2016 4:58 am Post subject: |
|
|
pooly-wooly wrote: | mgostIH wrote: | Use AOB wildcards. |
What's that.....? |
Sorry, didn't see you were already using them. Wildcards are the ?? symbols that can be used for code that changes.
I think your problem may be that your AOB scan is simply too short, try including more bytes in the scan.
_________________
|
|
Back to top |
|
|
MGGA Advanced Cheater Reputation: 2
Joined: 10 Jan 2016 Posts: 54
|
Posted: Sat Oct 08, 2016 5:06 am Post subject: |
|
|
mgostIH wrote: | pooly-wooly wrote: | mgostIH wrote: | Use AOB wildcards. |
What's that.....? |
Sorry, didn't see you were already using them. Wildcards are the ?? symbols that can be used for code that changes.
I think your problem may be that your AOB scan is simply too short, try including more bytes in the scan. |
The AOB is fine, everytime i restart the game it always gives the correct address (1 result in search) and leads me to mov [eax],ecx.
Code: | mov eax,04C18E80 <---- this address keep changing
mov [eax],ecx <---- this address i use to change health
call 179C6118 <---- this address keep changing too |
the problem i stuck between those two.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Sat Oct 08, 2016 5:11 am Post subject: |
|
|
instead of
try
Code: |
reassemble(Health-5)
|
or change your hook position and just replace
Code: |
""+179F8B01: 8B 0D 80 8E C1 04 - mov ecx,[04C18E80]
""+179F8B07: 49 - dec ecx
|
with
Code: |
mov ecx,(int)10
nop
nop
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
MGGA Advanced Cheater Reputation: 2
Joined: 10 Jan 2016 Posts: 54
|
Posted: Sat Oct 08, 2016 5:16 am Post subject: |
|
|
Dark Byte wrote: | instead of
try
Code: |
reassemble(Health-5)
|
or change your hook position and just replace
Code: |
""+179F8B01: 8B 0D 80 8E C1 04 - mov ecx,[04C18E80]
""+179F8B07: 49 - dec ecx
|
with
Code: |
mov ecx,(int)10
nop
nop
|
|
Thanks !
Edit: It's working with 2nd one, thanks again Dark Byte!
|
|
Back to top |
|
|
|