View previous topic :: View next topic |
Author |
Message |
honestabelink How do I cheat? Reputation: 0
Joined: 08 Sep 2014 Posts: 4
|
Posted: Mon Sep 08, 2014 1:09 am Post subject: AOB Scan Finds Address Only After I Manually Find It First |
|
|
My issue is when I AOBScan to match this byte pattern
83 c4 10 8b c8 b8 04 00 00 00 89 4d d0
I get no results.
But if I manually find the address I am looking for first, then AOBScan, it finds it and everything works just fine.
Is there something I'm missing?
This holds true in both the lau scripting side and the normal gui for cheat engine with the preset "Scan All Memory" set.
*edit
I found by making the search pattern shorter the ABOScan was able to return the address I was looking for. If anyone knows why this is I'd still like to know even though my problem is solved.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Mon Sep 08, 2014 3:31 am Post subject: |
|
|
Perhaps you are reading out the second result (1) instead of the first result (0)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
honestabelink How do I cheat? Reputation: 0
Joined: 08 Sep 2014 Posts: 4
|
Posted: Mon Sep 08, 2014 1:38 pm Post subject: |
|
|
Thanks for the response Dark Byte.
Indexing correctly wasn't the issue, the return of the AOBScan was null.
After shortening the ABOScan I got many results.
Change
83 c4 10 8b c8 b8 04 00 00 00 89 4d d0 - original (not working)
83 c4 10 8b c8 b8 04 00 00 00 - returns many results
I do understand some byte code changes each time a new instance of the program allocates memory, so certain byte array searches cannot be counted on. (correct me if I'm wrong)
Here's the disassembly I'm scanning for
0335AE01 - 83 C4 10 - add esp,10
0335AE04 - 8B C8 - mov ecx,eax
0335AE06 - B8 04000000 - mov eax,00000004
0335AE0B - 89 4D D0 - mov [ebp-30],ecx
if I adjust search for this
0335AE01 - 83 C4 10 - add esp,10
0335AE04 - 8B C8 - mov ecx,eax
0335AE06 - B8 04000000 - mov eax,00000004
The scan works fine and return many results.
But the thing that is really perplexing is if I go through the steps of hunting down the address manually, IE scanning for values, breakpoints on access,
going to memory addresses, following the disassembly, ect. The AOBScan returns the address every time, even when using the longer search.
What do you think is causing this behavior?
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Mon Sep 08, 2014 1:48 pm Post subject: |
|
|
Perhaps a copy paste error with an invisible character somewhere at the end of the aob?
How do you call AOBScan? Each parameter a byte or one string?
Perhaps it's jitted code which may mean that the code needs to be executed at least once before you can find it
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
honestabelink How do I cheat? Reputation: 0
Joined: 08 Sep 2014 Posts: 4
|
Posted: Mon Sep 08, 2014 2:41 pm Post subject: |
|
|
Perhaps a copy paste error with an invisible character somewhere at the end of the aob?
I had this issue earlier, and then finally noticed it. I thought that it was the issue but, the problem is still occurring.
How do you call AOBScan?
I call the AOBScan from a Forms Cheat Table using the click event on a checkbox.
I pass the entire search all at once as one string
AOBScan("83 c4 10 8b c8 b8 04 00 00 00 89 4d d0");
Perhaps it's jitted code which may mean that the code needs to be executed at least once before you can find it?
I think you may be correct, but I am unsure. Does flash rely on a JIT. I do believe it does. (correct me if I'm wrong) If so you probably are correct.
I could, have the user of the cheat, execute the code by performing an action in the game and then search for it. But that seems rather messy.
If it means anything there are other abo's I do and they all work correctly. But maybe this comes back to what you said about the jitted code.
If it is jitted, what solutions would you use?
Thanks for the help so far.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Mon Sep 08, 2014 3:17 pm Post subject: |
|
|
Try scanning that aob every few minutes till found. It will always have to be after the user has executed the code.
You could try finding the actionscript bytecode of the swf and edit that, but you'll have less options on what to do then
Tip: code that reads your health has a higher chance of being executed then the one that writes it
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
honestabelink How do I cheat? Reputation: 0
Joined: 08 Sep 2014 Posts: 4
|
Posted: Mon Sep 08, 2014 3:40 pm Post subject: |
|
|
Thanks Dark Byte again for the quick responses. This definitively has helped in coming up with the right solution.
Is my understanding of a JIT wrong?
We write code, code eventually reaches a compiler, which turns it into their specific byte code. On the end users machine the JIT takes that byte code and turns it into their machine specific code.
It always was my belief that the JIT compiled the entire program before it was run. But in this case it's showing only the parts of the program that are executed are actually compiled to machine code.
Is this what is going on?
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Mon Sep 08, 2014 8:05 pm Post subject: |
|
|
Correct Some jitters compile everything, but a lot only compile what is actually needed
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
sitapea1337 Newbie cheater Reputation: 0
Joined: 29 Mar 2010 Posts: 19
|
Posted: Sat Sep 13, 2014 9:25 am Post subject: |
|
|
Sorry to hijack your thread, but I think since I also have an issue with AOBScan, then this might be the correct place to ask my question.
Anyway, is there a possibility to make mathematical calculations with AOBScan results? Any way to convert resulting strings into HEX or DEC numbers?
Thank you!
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Sat Sep 13, 2014 9:57 am Post subject: |
|
|
tonumber('0x'..hexadecimaladdress) converts it to an integer
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
sitapea1337 Newbie cheater Reputation: 0
Joined: 29 Mar 2010 Posts: 19
|
Posted: Sat Sep 13, 2014 10:28 am Post subject: |
|
|
Oh! Never knew it would be so simple! Thank you!
Just for testing, how to convert DEC to HEX? Somekind BASE function?
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Sat Sep 13, 2014 11:04 am Post subject: |
|
|
most ce functions can deal with integers fine, but the easiest is string.format("%x", value)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
sitapea1337 Newbie cheater Reputation: 0
Joined: 29 Mar 2010 Posts: 19
|
Posted: Sat Sep 13, 2014 11:59 am Post subject: |
|
|
Yeah, noticed That's a very strong feature
Anyway! Thank you very much! I use it mostly for "print-debugging" to see if I have correct addresses/pointers etc.
|
|
Back to top |
|
|
|