| View previous topic :: View next topic |
| Author |
Message |
careca777
Expert Cheater
![]() Reputation: 0
Joined: 27 Jul 2013
Posts: 121
|
 Posted: Sat Sep 18, 2021 7:18 am Post subject: Obtain the second result out of 4 from opcode |
 |
|
Hi, im looking for a way to get the second result from this:
| Code: | | movaps xmm2,[rax+00000090] |
When i do a "find out what addresses this instructions accesses"
i always get 4 addresses, and the one i need is the second most accessed.
I dug a lot for an instruction that is unique, but this time i couldn't find it, and this one was a though one to find.
So i am wondering if anyone knows a way to do this, i was thinking maybe if i could ignore the first, most accessed result, put it in some sort of blacklist, and then just use the rest.
The results i found in the forum were all for the second result from an AOB search.
Thanks in advance.
| Description: |
|
| Filesize: |
30.32 KB |
| Viewed: |
1655 Time(s) |
|
|
|
| Back to top |
|
 |
LeFiXER
Grandmaster Cheater Supreme
![]() Reputation: 20
Joined: 02 Sep 2011
Posts: 1055
Location: 0x90
|
| Posted: Sat Sep 18, 2021 8:24 am Post subject: |
|
|
Add the address that holds the value you want to manipulate into group 1, and the rest into group 2. Then scan for commonalities via the right-click menu. When prompted choose the register RAX because the instruction:
| Code: |
movaps xmm2,[rax+00000090]
|
Deals with the RAX register.
Scroll down until you find a value like 1 or 0 for the blue entry while all the other columns hold a different value f or the same row. Once you have found it, note the offset in the far left column.
In your script you can compare like this:
| Code: |
[ENABLE]
aobscan(...)
alloc(...)
label(code)
label(return)
label(isDifferentAddress)
newmem:
cmp [rax+offset], 1
jne isDifferentAddress
// Code to do w/e here, move a value into rax+90 or something
mov [rax+90], (float) 500
jmp return
isDifferentAddress:
// code to do w/e you want providing the compared value isn't 1
// mov [rax+90], 0
jmp return
return:
registersymbol(...)
[DISABLE]
...
|
Obviously this isn't a copy/paste kind of script but more of an idea how you can go about filtering shared opcodes.
|
|
| Back to top |
|
|
careca777
Expert Cheater
![]() Reputation: 0
Joined: 27 Jul 2013
Posts: 121
|
| Posted: Sat Sep 18, 2021 2:45 pm Post subject: |
|
|
| Ah, a very nice tool, first time i encountered this, thank you very much!
|
|
| Back to top |
|
|
LeFiXER
Grandmaster Cheater Supreme
![]() Reputation: 20
Joined: 02 Sep 2011
Posts: 1055
Location: 0x90
|
| Posted: Sat Sep 18, 2021 2:47 pm Post subject: |
|
|
No problem at all 
|
|
| Back to top |
|
|
careca777
Expert Cheater
![]() Reputation: 0
Joined: 27 Jul 2013
Posts: 121
|
| Posted: Sat Sep 18, 2021 6:22 pm Post subject: |
|
|
Yes! made it work, had to do some changes and ended up using a 4 byte hex value. Offset B8.
| Code: | define(address,"Game.exe"+A8808E)
define(bytes,0F 28 90 90 00 00 00)
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000,"Game.exe"+A8808E)
registersymbol(PersonalVeh)
alloc(PersonalVeh,4)
label(return)
label(isDifferentAddress)
newmem:
cmp [rax+B8],0x000001FF
jne isDifferentAddress
mov [PersonalVeh],rax
//movaps xmm2,[rax+00000090]
jmp return
isDifferentAddress:
// code to do w/e you want providing the compared value isn't 1
// skip
jmp return
address:
jmp newmem
nop 2
return: |
Thank you once again!
EDIT: What do you do when you have levels on that window that compares structures? how does that translate into the code? i'm failing, not sure if it's the brackets or what, but now i have 2 levels and cannot make it work. Had to search for another offset because after i restarted the game it stopped working.
| Description: |
|
| Filesize: |
123.58 KB |
| Viewed: |
1562 Time(s) |
|
|
|
| Back to top |
|
|
careca777
Expert Cheater
![]() Reputation: 0
Joined: 27 Jul 2013
Posts: 121
|
| Posted: Sun Sep 19, 2021 3:00 am Post subject: |
|
|
Im trying to use
| Code: | | cmp [[[rax+20]+58]+3C8],0x00000000 |
for the levels, as i would for a multilevel pointer, but the assembler gives an error (cant be compiled).
|
|
| Back to top |
|
|
LeFiXER
Grandmaster Cheater Supreme
![]() Reputation: 20
Joined: 02 Sep 2011
Posts: 1055
Location: 0x90
|
| Posted: Sun Sep 19, 2021 5:16 am Post subject: |
|
|
| See if you find results using a single level pointer.
|
|
| Back to top |
|
|
careca777
Expert Cheater
![]() Reputation: 0
Joined: 27 Jul 2013
Posts: 121
|
| Posted: Sun Sep 19, 2021 7:05 am Post subject: |
|
|
I think i found one that seems to work reliably, but as curiosity, since i plan to use this method for another thing, how should multi level pointers be handled? Did i simply mess up the brackets?
This image as an example, the smallest is 2 level.
| Description: |
|
| Filesize: |
212.28 KB |
| Viewed: |
1486 Time(s) |
|
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
