Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


How do I setup an AOB on a section?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
Kajih
Cheater
Reputation: 1

Joined: 08 Feb 2021
Posts: 32

PostPosted: Thu Apr 21, 2022 7:18 am    Post subject: How do I setup an AOB on a section? Reply with quote

I'm not sure of the exact wording but basically up until now I didn't really need to have an injection on more than a single instruction so running the AOB template on said instruction was all I needed, also made multiple AOBs in the same script if needed. However i ran into something today and I'm not quite sure how to set it up correctly. I have multiple instructions I want to inject on:

Code:

GameAssembly.dll+2065127 - 89 47 30          - mov [rdi+30],eax
GameAssembly.dll+206512A - 66 0F6E C8        - movd xmm1,eax
GameAssembly.dll+206512E - 0F5B C9           - cvtdq2ps xmm1,xmm1
GameAssembly.dll+2065131 - 66 41 0F6E C5     - movd xmm0,r13d
GameAssembly.dll+2065136 - 0F5B C0           - cvtdq2ps xmm0,xmm0
GameAssembly.dll+2065139 - F3 0F5E C8        - divss xmm1,xmm0
GameAssembly.dll+206513D - F3 0F11 4F 34     - movss [rdi+34],xmm1


The reason being is that I need to modify the first instruction here and the last one. I thought I could just AOB on all the bytes listed here and then nop the remaining bytes?something like:

Code:

aobscanmodule(infHealth,GameAssembly.dll,89 47 30 66 0F 6E C8 0F 5B C9 66 41 0F 6E C5 0F 5B C0 F3 0F 5E C8 F3 0F 11 4F 34) // should be unique
alloc(newmem,$1000,infHealth)

label(code)
label(return)

newmem:
  cmp [rdi+DA4],0
  je return
code:
  mov [rdi+30],eax
  movd xmm1,eax
  cvtdq2ps xmm1,xmm1
  movd xmm0,r13d
  cvtdq2ps xmm0,xmm0
  divss xmm1,xmm0
  movss [rdi+34],xmm1
  jmp return

infHealth:
  jmp newmem
  nop 22
return:
registersymbol(infHealth)

[DISABLE]

infHealth:
  db 89 47 30 66 0F 6E C8 0F 5B C9 66 41 0F 6E C5 0F 5B C0 F3 0F 5E C8 F3 0F 11 4F 34

unregistersymbol(infHealth)
dealloc(newmem)


Is the Nop 22 correct here? I keep 5 bytes and nop the rest?

Thanks in advance for any clarification, or any tips on how to make this better.
Back to top
View user's profile Send private message
LeFiXER
Grandmaster Cheater Supreme
Reputation: 20

Joined: 02 Sep 2011
Posts: 1053
Location: 0x90

PostPosted: Thu Apr 21, 2022 7:50 am    Post subject: Reply with quote

Is the health contained in [RDI+34]?
Back to top
View user's profile Send private message
Kajih
Cheater
Reputation: 1

Joined: 08 Feb 2021
Posts: 32

PostPosted: Thu Apr 21, 2022 8:20 am    Post subject: Reply with quote

The health value is contained in RDI+30 and the health bar value (UI controller) is contained in RDI+34. I could just inject at mov [rdi+30],eax and ignore the health bar (UI), or do another AOB, but I would rather be able to just grab that whole section and modify both if possible.

Edit: Although I suppose I could simply put my current health value into EAX and that should handle the other instruction down the line. I would still like to know if what i am asking is even possible though.
Back to top
View user's profile Send private message
LeFiXER
Grandmaster Cheater Supreme
Reputation: 20

Joined: 02 Sep 2011
Posts: 1053
Location: 0x90

PostPosted: Thu Apr 21, 2022 11:04 am    Post subject: Reply with quote

The UI value is updated after the health value has updated because it grabs the value from eax:
Code:

mov [rdi+30],eax
movd xmm1,eax


You could just do this:
Code:

aobscanmodule(infHealth,GameAssembly.dll,89 47 30 66 0F 6E C8 0F 5B C9 66 41 0F 6E C5 0F 5B C0 F3 0F 5E C8 F3 0F 11 4F 34) // should be unique
alloc(newmem,$1000,infHealth)

label(code)
label(return)

newmem:
  cmp [rdi+DA4],0
  je code // You'll want the original instructions to execute if the criteria isn't met
  mov eax,270F // 9999, you can change it to whatever you want

code:
  mov [rdi+30],eax
  movd xmm1,eax
  cvtdq2ps xmm1,xmm1
  movd xmm0,r13d
  cvtdq2ps xmm0,xmm0
  divss xmm1,xmm0
  movss [rdi+34],xmm1
  jmp return

infHealth:
  jmp newmem
  nop 22 // this should be remedied though
return:
registersymbol(infHealth)

[DISABLE]

infHealth:
  db 89 47 30 66 0F 6E C8 0F 5B C9 66 41 0F 6E C5 0F 5B C0 F3 0F 5E C8 F3 0F 11 4F 34

unregistersymbol(infHealth)
dealloc(newmem)
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Thu Apr 21, 2022 11:16 am    Post subject: This post has 1 review(s) Reply with quote

The code in your first post is almost correct: CE's "pseudoargument" for nop is in hexadecimal, not decimal. 22 == 0x16, so put `nop 16` instead.

The aobscan pattern still has to be unique, but given how long it is, that shouldn't be a problem.

Depending on the changes you want to make, sometimes it's possible to not allocate any memory and make your changes in-place. You have to be really careful about instruction length.

In this case, I'd inject at the first instruction and change eax before executing the original code.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Kajih
Cheater
Reputation: 1

Joined: 08 Feb 2021
Posts: 32

PostPosted: Thu Apr 21, 2022 12:01 pm    Post subject: Reply with quote

Ah! I wasn't sure if the nop amount was decimal or hex. That's what I did in the end is to just update eax. Thanks for the tip about length, whenever I do injections, I'll stick with the just using the first instruction as per the template.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites