 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
chis101
How do I cheat?
![]() Reputation: 0
Joined: 02 Oct 2019
Posts: 5
|
 Posted: Thu Oct 24, 2019 5:36 pm Post subject: Use address found by AOBScan in AutoAssembler? |
 |
|
I'm having trouble figuring out how to store an address found by AOBScan in autoassembler.
Basically, I use AOBScan to find a function. I then want to store the address of this function in a variable (which I then pass to an injected DLL, which will then call the found function).
Ideally, I'd be able to store the results directly into a variable:
| Code: |
aobScanModule( FuncPtrAddr, game.exe, 33 db 48 85 d2 8b c3 49 0f 45 c0 )
FuncPtrAddr:
dq 0000000000000000
|
However, I couldn't get this to work. I ended up injecting code to run
| Code: |
aobScanModule( AOB_FuncPtrAddr, game.exe, 33 db 48 85 d2 8b c3 49 0f 45 c0 )
FuncPtrAddr:
dq 0000000000000000
injectedCode:
mov eax, AOB_FuncPtrAddr
mov [FuncPtrAddr], AOB_FuncPtrAddr
|
This worked fine for a while, until I moved the injected code. Now, instead of getting the absolute address of AOB_FuncPtrAddr, it gets.. "0x22A5E9B0".
EDIT: The issue here is that I'm trying to store in EAX instead of RAX, so I've solved this issue, but is there a better way?
I don't have any idea how it gets that number (the injected code is at 0x7FF6211B007A, the target function is at 0x7FF622A5E9B0)
Is there any way I can store the results of an AOBScan somewhere that I can access from my DLL?
Thanks!
|
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4703
|
| Posted: Thu Oct 24, 2019 5:53 pm Post subject: |
|
|
| Code: | aobScanModule( FuncPtrAddr, game.exe, 33 db 48 85 d2 8b c3 49 0f 45 c0 )
FuncPtrAddr:
dq 0000000000000000 |
This writes eight 0x00 bytes to wherever FuncPtrAddr is.
| Code: | aobScanModule( AOB_FuncPtrAddr, game.exe, 33 db 48 85 d2 8b c3 49 0f 45 c0 )
FuncPtrAddr:
dq 0000000000000000
injectedCode:
mov eax, AOB_FuncPtrAddr
mov [FuncPtrAddr], AOB_FuncPtrAddr |
This won't run by itself. If you're asking for help resolving a problem with your script, please post the entire script and not just part of it.
Maybe you failed to allocate or register symbols properly. Maybe the AoB signature isn't unique. If it's an actual code injection, the game may not run it when you want it to; otherwise, you're probably not running createThread.
Try this:
| Code: | aobScanModule(AOB_FuncPtrAddr,game.exe,33 db 48 85 d2 8b c3 49 0f 45 c0)
globalalloc(FuncPtrAddr,8)
FuncPtrAddr:
dq AOB_FuncPtrAddr |
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
chis101
How do I cheat?
![]() Reputation: 0
Joined: 02 Oct 2019
Posts: 5
|
| Posted: Fri Oct 25, 2019 12:37 pm Post subject: |
|
|
| ParkourPenguin wrote: |
Try this:
| Code: | aobScanModule(AOB_FuncPtrAddr,game.exe,33 db 48 85 d2 8b c3 49 0f 45 c0)
globalalloc(FuncPtrAddr,8)
FuncPtrAddr:
dq AOB_FuncPtrAddr |
|
Ah, I bet that will do it! It seems obvious now that I see it.
Definitely much nicer than prefilling with zeros and then using assembly to copy the address in  . I had just been thinking of 'dq 0000000000000000' as "placeholder for 8 bytes," not thinking 'prefill with this many zeroes." Then tying to then get Cheat Engine to fill in those placeholders wasn't going well... didn't even consider simply placing the label *as the initial value*
Thanks for the help!
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
