View previous topic :: View next topic |
Author |
Message |
Corroder Grandmaster Cheater Supreme Reputation: 75
Joined: 10 Apr 2015 Posts: 1667
|
Posted: Fri May 08, 2015 11:44 pm Post subject: Is this auto assembler and how it method work ? |
|
|
Does anybody could give some explanation about this code :
Code: |
[ENABLE]
aobscan(_aob,66 ?? ?? ?? 46 ?? ?? 03 61)
_aob:
db 29 29 29 29 25 ac 02 75
[DISABLE]
|
That I need is :
- What is code mean ?
- How the method work ?.
I just try to learn and understand what is CE do in a method.
I am sorry if my question are wrong and dumb.
regards |
|
Back to top |
|
|
justa_dude Grandmaster Cheater Reputation: 23
Joined: 29 Jun 2010 Posts: 891
|
Posted: Sat May 09, 2015 12:38 am Post subject: |
|
|
It scans the target's memory for bytes that match the ones given in the aobscan and replaces them (or the first several of them) with the ones in the db line when someone enables the script. _________________
A nagy kapu mellett, mindig van egy kis kapu.
----------------------
Come on... |
|
Back to top |
|
|
STN I post too much Reputation: 42
Joined: 09 Nov 2005 Posts: 2672
|
Posted: Sat May 09, 2015 12:25 pm Post subject: |
|
|
aobscan searches for that signature/aob (66 ?? ?? ?? 46 ?? ?? 03 61),
2. How does it work ? well it dumps the whole memory (or part of it dunno how DB does it) and make a comparison by fetching parts of the dumped memory with the signature you gave until it finds the right match then returns the address where it found the match.
_aob:
db 29 29 29 29 25 ac 02 75
_aob is a label defined in the code above to reference the found signature address, the db part simply writes the bytes at that location, which translates to
sub [rcx],ebp
sub [rcx],ebp
and eax,007502AC
i guessed the byte after 75 to be 00 but it could be anything and will change the address 007502AC in the bold part only.
- How the method work ?.
Erm, a little complex to explain look at CE's code but in short words, CE stores/fetches the code, stores the labels and changes it into an address, WPMs the bytes and other things to inject the AA script.
Hope it helps, tried my best to explain in easy terms. _________________
|
|
Back to top |
|
|
panraven Grandmaster Cheater Reputation: 55
Joined: 01 Oct 2008 Posts: 942
|
Posted: Sat May 09, 2015 1:06 pm Post subject: |
|
|
(off-topic) Code: | db 29 29 29 29 25 ac 02 75 |
is flash bytecode pop-pop-pop-pop-push 300-conv2dbl |
|
Back to top |
|
|
Corroder Grandmaster Cheater Supreme Reputation: 75
Joined: 10 Apr 2015 Posts: 1667
|
Posted: Sat May 09, 2015 10:05 pm Post subject: |
|
|
Thank so much for explanation from all of you.
Now, I have more understand how it work.
I get conclusion, the wildcard ?? in use as AOB Pattern and search AOB in memory randomly and filtering the results as AOB pattern given.
Next if AOB found as results, it will be replacing by AOB in db has stated.
Just a little doubt, Is all results should replace by AOB in db ?.
Does it only replace the first result like use in auto assembler ?
Edit :
Is need to apply speed hack to 0 while doing the process scan and replace?
Regards |
|
Back to top |
|
|
Rydian Grandmaster Cheater Supreme Reputation: 31
Joined: 17 Sep 2012 Posts: 1358
|
Posted: Tue May 19, 2015 9:31 pm Post subject: |
|
|
It replaces the first result.
No need to speedhack. _________________
|
|
Back to top |
|
|
Corroder Grandmaster Cheater Supreme Reputation: 75
Joined: 10 Apr 2015 Posts: 1667
|
Posted: Fri May 22, 2015 1:08 am Post subject: |
|
|
okay, thank for reply.
Then to replace all results, is it right function :
Code: |
resultList = AOBScan("66 ?? ?? ?? 46 ?? ?? 03 61", "+W*X-C")
if (resultList) then
lngt = resultList.getCount() 29 29 29 29 25 ac 02 75
for x=0, lngt-1, 1 do
writeBytes(resultList[x], 0x29, 0x29, 0x29, 0x29, 0x25, 0xac, 0x02, 0x75)
end
resultList.Destroy()
resultList = nil
end
|
|
|
Back to top |
|
|
|