Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Finding Mouse Over aob/opcode - shortcuts?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
Reidlos65
How do I cheat?
Reputation: 0

Joined: 12 Feb 2019
Posts: 2
PostPosted: Mon Mar 04, 2019 11:10 pm    Post subject: Finding Mouse Over aob/opcode - shortcuts? Reply with quote
I am trying to find a mouse over AOB to try and fix a broken existing cheat for Divinity OS2. I am trying

First Scan - Unknown Initial Value
then doing a series of Mouse overs - Changed/unchanged values

but im only getting down to 2k addresses.

Is there a way to use the OLD script to find the new ?

im very noob but trying to take the basics to mid level stuff i started learning recently to try and fix this but prolly not approaching it right.

I checked for the AOB, increased the old one by alot behind and ahead of the origional so its completely changed sadly. I have the Original Code instructions. Is there a way to use that to find somthing?

// ORIGINAL CODE - INJECTION POINT: "EoCApp.exe"+171F0C0

"EoCApp.exe"+171F0A0: 4D 8B C8 - mov r9,r8
"EoCApp.exe"+171F0A3: 4C 2B CA - sub r9,rdx
"EoCApp.exe"+171F0A6: 8B C8 - mov ecx,eax
"EoCApp.exe"+171F0A8: 49 83 C1 07 - add r9,07
"EoCApp.exe"+171F0AC: 49 C1 E9 03 - shr r9,03
"EoCApp.exe"+171F0B0: 49 3B D0 - cmp rdx,r8
"EoCApp.exe"+171F0B3: 4C 0F 47 C8 - cmova r9,rax
"EoCApp.exe"+171F0B7: 4D 85 C9 - test r9,r9
"EoCApp.exe"+171F0BA: 74 1C - je EoCApp.exe+171F0D8
"EoCApp.exe"+171F0BC: 0F 1F 40 00 - nop [rax+00]
// ---------- INJECTING HERE ----------
"EoCApp.exe"+171F0C0: 4C 8B 02 - mov r8,[rdx]
"EoCApp.exe"+171F0C3: 4D 85 C0 - test r8,r8
// ---------- DONE INJECTING ----------
"EoCApp.exe"+171F0C6: 74 04 - je EoCApp.exe+171F0CC
"EoCApp.exe"+171F0C8: 41 03 40 6C - add eax,[r8+6C]
"EoCApp.exe"+171F0CC: 48 83 C2 08 - add rdx,08
"EoCApp.exe"+171F0D0: 48 FF C1 - inc rcx
"EoCApp.exe"+171F0D3: 49 3B C9 - cmp rcx,r9
"EoCApp.exe"+171F0D6: 75 E8 - jne EoCApp.exe+171F0C0
"EoCApp.exe"+171F0D8: B9 03 00 00 00 - mov ecx,00000003
"EoCApp.exe"+171F0DD: 3B C1 - cmp eax,ecx
"EoCApp.exe"+171F0DF: 0F 4F C1 - cmovg eax,ecx
"EoCApp.exe"+171F0E2: C3 - ret
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 140

Joined: 06 Jul 2014
Posts: 4291
PostPosted: Tue Mar 05, 2019 9:26 am    Post subject: Reply with quote
If the code finds the injection point using a static offset of the module base, you can probably search for the AoB (i.e. 4C 8B 02 4D 85 C0) and find the injection point.

If it's using an aobscan, then try different combinations of bytes and wildcards until something relevant pops up (e.g. 4C ?? ?? 4D ?? ?? 74 ?? 41...).

(don't forget to scan through all memory, not just writable)
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites