| View previous topic :: View next topic |
| Author |
Message |
omoe
Grandmaster Cheater
 Reputation: 8
Joined: 11 Jun 2013
Posts: 547
|
 Posted: Sun Jul 28, 2013 7:38 am Post subject: Help with AOB shadowrun |
 |
|
I dont know a lot about AOB so anyway .attachment picture has the memory region
| Code: |
[ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
aobscan(aob,89 86 E0 00 00 00 8B 46 70 89 45 BC 8B 86 E0 00 00 00)
registersymbol(aob)
newmem:
mov [esi+000000E0],C8
originalcode:
mov eax,[esi+000000E0]
exit:
jmp returnhere
aob:
jmp newmem
nop
returnhere:
[DISABLE]
aob:
mov eax,[esi+000000E0]
db 89 86 E0 00 00 00 8B 46 70 89 45 BC 8B 86 E0 00 00 00
unregistersymbol(aob)
dealloc(newmem)
|
| Description: |
|
| Filesize: |
198.68 KB |
| Viewed: |
3458 Time(s) |
|
|
|
| Back to top |
|
 |
mgr.inz.Player
I post too much
 Reputation: 218
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sun Jul 28, 2013 7:50 am Post subject: |
|
|
Enable and then disable script while you can see memory viewer and
FB4EEE9 address.
Does it change "mov eax,[esi+000000E0]" to "jmp {someaddresshere}" ?
This screenshot, did you make it with "show module address" and "show symbols" (under View menu)
Keep in mind that this code (what you see inside memory viewer ) might be dynamically loaded (just after launching game, this code doesn't exist, but once you start playing, it is loaded. Game example: Terraria)
_________________
|
|
| Back to top |
|
|
omoe
Grandmaster Cheater
Reputation: 8
Joined: 11 Jun 2013
Posts: 547
|
| Posted: Sun Jul 28, 2013 9:54 am Post subject: |
|
|
| mgr.inz.Player wrote: | Enable and then disable script while you can see memory viewer and
FB4EEE9 address.
Does it change "mov eax,[esi+000000E0]" to "jmp {someaddresshere}" ?
This screenshot, did you make it with "show module address" and "show symbols" (under View menu)
Keep in mind that this code (what you see inside memory viewer ) might be dynamically loaded (just after launching game, this code doesn't exist, but once you start playing, it is loaded. Game example: Terraria) |
Yest it changes to jmp (Address)
I got to this code by finding the changing value then - Find what writes to this address -Used a point in game and got a result and then i press browser this memory region , Im sure this is the code because i changed it to nop and the value in game got freezed and i was able to use as many points as i want , But i want it in AOB script .
And yes this code in the memory viewer is dynamically loaded .
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 218
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sun Jul 28, 2013 10:13 am Post subject: |
|
|
Script looks good with one exception - bottom line:
db 89 86 E0 00 00 00 8B 46 70 89 45 BC 8B 86 E0 00 00 00
Delete it. So it will be:
| Code: | [DISABLE]
aob:
mov eax,[esi+000000E0] |
Or this:
| Code: | [DISABLE]
aob:
db 89 86 E0 00 00 00 8B |
_________________
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
