Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


[Help] AOB pointer

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
lambdabandit
How do I cheat?
Reputation: 0

Joined: 06 Sep 2020
Posts: 2
PostPosted: Sun Sep 06, 2020 9:24 pm    Post subject: [Help] AOB pointer Reply with quote
The AOB scan I'm running is as follows:

Code:

[ENABLE]
globalalloc(aoffset,8)
aobscan(INJECT,8B 51 40 * * * * 0F 38 F0 04 10)
alloc(newmem,$1000,61AF7D0E)
globalalloc(lastbullet,6)
label(code)
label(return)

newmem:

code:
  mov [lastbullet], rdx
  movbe eax,[rax+rdx]
  jmp return

INJECT+07:
  jmp newmem
return:
registersymbol(INJECT)

[DISABLE]

INJECT+07:
  db 0F 38 F0 04 10

unregistersymbol(INJECT)
dealloc(newmem)
dealloc(lastbullet)


A few examples of the addresses returned are:
- 30BA7804, when I need 330BA7804
- 30BA7BC4, when I need 330BA7BC4

I generally prefer to figure out where I'm going wrong when it comes to coding, but I am very new with this and would just love some direction
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 152

Joined: 06 Jul 2014
Posts: 4703
PostPosted: Sun Sep 06, 2020 11:20 pm    Post subject: Reply with quote
In a 64-bit process, addresses are 8 bytes (64 bits), not 6. (Windows, as with most OSes, only uses a subset of this, but you should still use 8)

There's no guarantee the globalalloc will be allocated anywhere near newmem, so you may not be able to directly address lastbullet like that (Intel's software developer manuals, volume 2, "rip-relative addressing"). You can usually just use a regular alloc (or a label, but align it yourself) and registersymbol/unregistersymbol instead.

The third parameter to alloc should be the symbol used for the aobscan (i.e. INJECT).

I'm not sure any of those problems would cause the behaviour you're experiencing. What's the value of rax/rdx before the movbe is executed? Perhaps you should be storing rax+rdx instead.
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
lambdabandit
How do I cheat?
Reputation: 0

Joined: 06 Sep 2020
Posts: 2
PostPosted: Mon Sep 07, 2020 2:07 pm    Post subject: Reply with quote
I was able to figure it out using the below code. Thank you for your input.

Code:

[ENABLE]

aobscan(INJECT, 8B 51 40 * * * * 0F 38 F0 04 10) // should be unique
alloc(newmem,$1000,61AF7D0E)
alloc(lastbullet,8, INJECT)


label(code)
label(return)

newmem:

code:
  mov [lastbullet], rax
  add [lastbullet], rdx
  movbe eax,[rax+rdx]
  jmp return

INJECT+07:
  jmp newmem
return:
registersymbol(INJECT)
registersymbol(lastbullet)

[DISABLE]

INJECT+07:
  db 0F 38 F0 04 10

unregistersymbol(INJECT)
unregistersymbol(lastbullet)
dealloc(newmem)
dealloc(lastbullet)
[/quote]
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites