Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Help with aobscan.

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials
View previous topic :: View next topic  
Author Message
Xoslorg
How do I cheat?
Reputation: 0

Joined: 03 Nov 2016
Posts: 5
Location: A Coruņa, Spain

PostPosted: Sat Jul 22, 2017 10:27 am    Post subject: Help with aobscan. Reply with quote

Hi I'm trying to implement aobscan in a script in the Axiom Verge Steam game but it does not work for me and I'm out of my mind.
The posting of the scripts.
First: With assert, it works perfectly.

Code:
define(address,OuterBeyond.THSaveData::SubtractHitPoints+25)
define(bytes,29 81 B0 00 00 00)

define(_HEALTH_CURRENT,000000B0)
define(_HEALTH_MAXIMUM,000000B4)

[ENABLE]

assert(address,bytes)

alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
label(code)
label(PLAYER_BaseAddress)
label(healthMaximum)

registersymbol(PLAYER_BaseAddress)
registersymbol(healthMaximum)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here

PLAYER_BaseAddress:
  dd 0
  dd 0

healthMaximum:
  push eax
  mov eax,[ecx+000000b4]
  mov [ecx+000000b0],eax
  pop eax
  jmp returnhere

code:
  // La Inyeccion comienza aqui.
  mov [PLAYER_BaseAddress],ecx
  jmp healthMaximum

originalcode:
  //sub [ecx+_HEALTH_CURRENT],eax

exit:
  jmp returnhere

address:
  jmp code
  nop

returnhere:

[DISABLE]
address:
  sub [ecx+_HEALTH_CURRENT],eax

dealloc(newmen)
unregistersymbol(PLAYER_BaseAddress)
unregistersymbol(healthMaximum)
{
OuterBeyond.THSaveData::SubtractHitPoints+1C - F2 0F10 04 24         - movsd xmm0,[esp]
OuterBeyond.THSaveData::SubtractHitPoints+21 - F2 0F2C C0            - cvttsd2si eax,xmm0
---------------------------------------------------------------------------------------------
OuterBeyond.THSaveData::SubtractHitPoints+25 - 29 81 B0000000        - sub [ecx+000000B0],eax   <<  INJECT - Decrease health.
---------------------------------------------------------------------------------------------
OuterBeyond.THSaveData::SubtractHitPoints+2B - 83 B9 B0000000 00     - cmp dword ptr [ecx+000000B0],00
}


Second: With aobscan, which does not work for me.

Code:
define(bytes,29 81 B0 00 00 00)

define(_HEALTH_CURRENT,000000B0)
define(_HEALTH_MAXIMUM,000000B4)

[ENABLE]

aobscan(aobbaseaddress,bytes)

alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
label(code)
label(PLAYER_BaseAddress)
label(healthMaximum)

registersymbol(aobbaseaddress)
registersymbol(PLAYER_BaseAddress)
registersymbol(healthMaximum)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here

PLAYER_BaseAddress:
  dd 0

healthMaximum:
  push eax
  mov eax,[ecx+000000b4]
  mov [ecx+000000b0],eax
  pop eax
  jmp returnhere

code:
  // La Inyeccion comienza aqui.
  mov [PLAYER_BaseAddress],ecx
  jmp healthMaximum

originalcode:
  //sub [ecx+_HEALTH_CURRENT],eax

exit:
  jmp returnhere

aob:
  jmp code
  nop

returnhere:

[DISABLE]
aobbaseaddress:
  sub [ecx+_HEALTH_CURRENT],eax

dealloc(newmen)
unregistersymbol(PLAYER_BaseAddress)
unregistersymbol(healthMaximum)
unregistersymbol(aob)
{
OuterBeyond.THSaveData::SubtractHitPoints+1C - F2 0F10 04 24         - movsd xmm0,[esp]
OuterBeyond.THSaveData::SubtractHitPoints+21 - F2 0F2C C0            - cvttsd2si eax,xmm0
---------------------------------------------------------------------------------------------
OuterBeyond.THSaveData::SubtractHitPoints+25 - 29 81 B0000000        - sub [ecx+000000B0],eax   <<  INJECT - Decrease health.
---------------------------------------------------------------------------------------------
OuterBeyond.THSaveData::SubtractHitPoints+2B - 83 B9 B0000000 00     - cmp dword ptr [ecx+000000B0],00
}


Can someone throw me some light, thank you.
Sorry for my faulty English.
Back to top
View user's profile Send private message
panraven
Grandmaster Cheater
Reputation: 54

Joined: 01 Oct 2008
Posts: 941

PostPosted: Sat Jul 22, 2017 10:54 am    Post subject: Reply with quote

AOBScan and friends execute before DEFINE command, so what AOBscan see the text 'bytes' is an aob itself instead of the defined textual pattern "29 81 B0 00 00 00" (when define works, which's not for aobscan).
The aobscan will see 'bytes' as aob pattern but some non-hexidecimal digit will seen as wild card, so what aobscan search is "bytes" -> "b? ?e ??".

Try write the aob pattern explicitly.

btw, if scan starting address is known, using aobscanRegion will have a quicker scan,eg
Code:

aobscanRegion(aobbaseaddress, OuterBeyond.THSaveData::SubtractHitPoints+000,OuterBeyond.THSaveData::SubtractHitPoints+100,29 81 B0 00 00 00)

_________________
- Retarded.
Back to top
View user's profile Send private message
Xoslorg
How do I cheat?
Reputation: 0

Joined: 03 Nov 2016
Posts: 5
Location: A Coruņa, Spain

PostPosted: Sat Jul 22, 2017 11:06 am    Post subject: Reply with quote

Thanks for the quick reply panraven.
I already tried and it does not work, it continues discounting life.

Code:
//define(bytes,29 81 B0 00 00 00)

define(_HEALTH_CURRENT,000000B0)
define(_HEALTH_MAXIMUM,000000B4)

[ENABLE]

aobscan(aobbaseaddress,29 81 B0 00 00 00)
Back to top
View user's profile Send private message
panraven
Grandmaster Cheater
Reputation: 54

Joined: 01 Oct 2008
Posts: 941

PostPosted: Sat Jul 22, 2017 11:35 am    Post subject: Reply with quote

Where the symbol "aob" come from?

Code:

exit:
  jmp returnhere

aob:            //////////// here, should be aobbaseaddress?
  jmp code
  nop

returnhere:

[DISABLE]
aobbaseaddress:
  sub [ecx+_HEALTH_CURRENT],eax

_________________
- Retarded.
Back to top
View user's profile Send private message
Xoslorg
How do I cheat?
Reputation: 0

Joined: 03 Nov 2016
Posts: 5
Location: A Coruņa, Spain

PostPosted: Sat Jul 22, 2017 11:41 am    Post subject: Reply with quote

Lol, what a mistake Shocked Shocked Shocked, I did not see, thank you very much, and I was going crazy.
Do not change aob for aobaddress.

And thank you, I did not know aobscanModule or aobscanRegion.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites