| View previous topic :: View next topic |
| Author |
Message |
dharmang1910
Expert Cheater
![]() Reputation: 0
Joined: 09 May 2010
Posts: 102
|
 Posted: Tue Mar 15, 2022 11:38 pm Post subject: How to check multiple AOB result and remove breakpoint after |
 |
|
I want to hack a game which have multiple same type of codes and I want to get a code which fulfill my defined condition and address of that code.
I am using below code but I think I am doing something wrong, so can anyone please help me??
| Code: | local pattern = "F3 0F 10 44 24 10 33 D2 F3 0F 5C 00"
aob_scan_results = AOBScan(pattern)
for i = 0, aob_scan_results.Count - 1 do
if readFloat("ESP"+0x10) == 1 then
local codeAddress = EIP
end
end |
Last edited by dharmang1910 on Fri Mar 18, 2022 10:06 pm; edited 1 time in total |
|
| Back to top |
|
 |
TheyCallMeTim13
Wiki Contributor
 Reputation: 51
Joined: 24 Feb 2017
Posts: 976
Location: Pluto
|
| Posted: Tue Mar 15, 2022 11:50 pm Post subject: |
|
|
You just need to index the list aob scan returns.
| Code: | | readFloat(aob_scan_results[i]..'+10') |
_________________
|
|
| Back to top |
|
|
dharmang1910
Expert Cheater
![]() Reputation: 0
Joined: 09 May 2010
Posts: 102
|
| Posted: Wed Mar 16, 2022 2:09 am Post subject: |
|
|
| TheyCallMeTim13 wrote: | You just need to index the list aob scan returns.
| Code: | | readFloat(aob_scan_results[i]..'+10') |
|
Thank you very much for reply,
But how did I get ESP value with this code? Can you please give me hint?
I think I can not get register value without placing breakpoint at every found AOBs.
|
|
| Back to top |
|
|
dharmang1910
Expert Cheater
![]() Reputation: 0
Joined: 09 May 2010
Posts: 102
|
| Posted: Thu Mar 17, 2022 9:58 am Post subject: |
|
|
I have tried below code and game crashes after fetching right value. How can I solve crash??
| Code: | {$asm}
alloc(mem,4)
registersymbol(mem)
{$lua}
local pattern = "F3 0F 11 44 24 1C 8B 4C 24 1C 81 F1 ?? ?? CD DD 89 0C 83 0F B7 43 14"
aob_scan_results = AOBScan(pattern)
for i = 0, aob_scan_results.Count - 1 do
debug_setBreakpoint(aob_scan_results[i])
end
function debugger_onBreakpoint()
for i = 0, aob_scan_results.Count - 1 do
EIP = aob_scan_results[i]
vBase = ESP
if readFloat(vBase+0x10) == 1 then
pBase = EBX
registerSymbol("pBase")
local code = getAddressSafe(aob_scan_results[i])
registerSymbol("location",code)
autoAssemble([[aobscanregion(jump,location,location+20,74 1D 83 EC 28)]])
writeByte(getAddressSafe("jump"),0xEB)
end
end
debug_continueFromBreakpoint(co_run)
debugProcess(2)
debug_removeBreakpoint(aob_scan_results[i])
return 1
end
{$asm} |
|
|
| Back to top |
|
|
TheyCallMeTim13
Wiki Contributor
Reputation: 51
Joined: 24 Feb 2017
Posts: 976
Location: Pluto
|
| Posted: Thu Mar 17, 2022 12:44 pm Post subject: |
|
|
| dharmang1910 wrote: | I have tried below code and game crashes after fetching right value. How can I solve crash??
| Code: | {$asm}
alloc(mem,4)
registersymbol(mem)
{$lua}
local pattern = "F3 0F 11 44 24 1C 8B 4C 24 1C 81 F1 ?? ?? CD DD 89 0C 83 0F B7 43 14"
aob_scan_results = AOBScan(pattern)
for i = 0, aob_scan_results.Count - 1 do
debug_setBreakpoint(aob_scan_results[i])
end
function debugger_onBreakpoint()
for i = 0, aob_scan_results.Count - 1 do
EIP = aob_scan_results[i]
vBase = ESP
if readFloat(vBase+0x10) == 1 then
pBase = EBX
registerSymbol("pBase")
local code = getAddressSafe(aob_scan_results[i])
registerSymbol("location",code)
autoAssemble([[aobscanregion(jump,location,location+20,74 1D 83 EC 28)]])
writeByte(getAddressSafe("jump"),0xEB)
end
end
debug_continueFromBreakpoint(co_run)
debugProcess(2)
debug_removeBreakpoint(aob_scan_results[i])
return 1
end
{$asm} |
|
if your doing something with "pBase" then it might be because you don't actually set the symbols address it needs to be see like this "registerSymbol("pBase", address)". And if you mean for the jump to only happen when ESP+0x10 == 1 then you need to restore the bytes too. Otherwise everything would be running the changed byte since you write to the instruction.
_________________
|
|
| Back to top |
|
|
dharmang1910
Expert Cheater
![]() Reputation: 0
Joined: 09 May 2010
Posts: 102
|
| Posted: Thu Mar 17, 2022 11:05 pm Post subject: |
|
|
| TheyCallMeTim13 wrote: |
if your doing something with "pBase" then it might be because you don't actually set the symbols address it needs to be see like this "registerSymbol("pBase", address)". And if you mean for the jump to only happen when ESP+0x10 == 1 then you need to restore the bytes too. Otherwise everything would be running the changed byte since you write to the instruction. |
Thanks for reply.
Even if I comment out writebyte AND AOBscanmodule codes then also it is crashing. I have same doubt prior so I have already tested it.
with this code, I only want to get EBX register which I get perfectly and address of the AOB that fulfill my condition.
I have made jump because it is double checking value and I have doubt that it is anti cheat mechanism.
This game has more than 50 AOB result and only one of them is active in that game session and all others are inactive and none of value passed through it. So basically I have made iteration script to get active code and filter out inactive codes. I think it may be crash due to lots of breakpoints, 4 hardware one and all others are software one. I have added remove breakpoint in breakpoint function but it is not removed from inactive codes.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
