Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Problems With AOB Scan

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
j.c
How do I cheat?
Reputation: 0

Joined: 27 Aug 2022
Posts: 7
PostPosted: Tue Feb 07, 2023 4:48 pm    Post subject: Problems With AOB Scan Reply with quote
I am trying to give myself unlimited gas and turbo for a racing game. I found the turbo value (integer), created an AOB scan script to give myself unlimited turbo. When I restart the game this scripts still works like it should.

Now I moved on and found the gas value (float). I found the value, generated the script and it works fine until I restart the game. The scan seems to not be able to find it after restarting the game.

I have verified when I found the value that the array is found and it is unique. When I restart the game and find the value again I can confirm that the bytes are still there, and after I go through the process of finding the gas value again the gas script suddenly works again. I have also tried changing the array to add bytes, confirming it is still unique it still wont work once I restart the game.

I am using Cheat Engine 7.4.

This is the gas script that works until I restart the game:
Code:


[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat

 
aobscan(gas,F3 0F 11 6E 40 F3 0F 10 46 40 F3 0F 5A C0 66 0F 57 C9) // should be unique
alloc(newmem,$1000,gas)

label(code)
label(return)

newmem:

code:
//  movss [rsi+40],xmm5
  jmp return

gas:
  jmp newmem
return:
registersymbol(gas)

[DISABLE]
//code from here till the end of the code will be used to disable the cheat
gas:
  db F3 0F 11 6E 40 F3 0F 10 46 40 F3 0F 5A C0 66 0F 57 C9

unregistersymbol(gas)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: 1B1A45CB192

1B1A45CB165: F3 0F 5A C0                    - cvtss2sd xmm0,xmm0
1B1A45CB169: 66 0F 57 C9                    - xorpd xmm1,xmm1
1B1A45CB16D: F2 0F 5A C9                    - cvtsd2ss xmm1,xmm1
1B1A45CB171: F2 0F 5A C0                    - cvtsd2ss xmm0,xmm0
1B1A45CB175: 48 83 EC 20                    - sub rsp,20
1B1A45CB179: 49 BB 30 82 4C E6 B1 01 00 00  - mov r11,000001B1E64C8230
1B1A45CB183: 41 FF D3                       - call r11
1B1A45CB186: 48 83 C4 20                    - add rsp,20
1B1A45CB18A: F3 0F 5A C0                    - cvtss2sd xmm0,xmm0
1B1A45CB18E: F2 0F 5A E8                    - cvtsd2ss xmm5,xmm0
// ---------- INJECTING HERE ----------
1B1A45CB192: F3 0F 11 6E 40                 - movss [rsi+40],xmm5
// ---------- DONE INJECTING  ----------
1B1A45CB197: F3 0F 10 46 40                 - movss xmm0,[rsi+40]
1B1A45CB19C: F3 0F 5A C0                    - cvtss2sd xmm0,xmm0
1B1A45CB1A0: 66 0F 57 C9                    - xorpd xmm1,xmm1
1B1A45CB1A4: 66 0F 2F C8                    - comisd xmm1,xmm0
1B1A45CB1A8: 0F 82 6D 00 00 00              - jb 1B1A45CB21B
1B1A45CB1AE: F3 0F 10 45 F0                 - movss xmm0,[rbp-10]
1B1A45CB1B3: F3 0F 5A C0                    - cvtss2sd xmm0,xmm0
1B1A45CB1B7: 66 0F 57 C9                    - xorpd xmm1,xmm1
1B1A45CB1BB: 66 0F 2F C8                    - comisd xmm1,xmm0
1B1A45CB1BF: 0F 86 56 00 00 00              - jbe 1B1A45CB21B
}


Here is the turbo script that works every time I restart the game as expected.

Code:


[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat

 
aobscan(turbo,24 89 48 40 48 83 C4 18) // should be unique
alloc(newmem,$1000,turbo)

label(code)
label(return)

newmem:

code:
  mov ecx,#3
  mov [rax+40],ecx
  add rsp,18
  jmp return

turbo+01:
  jmp newmem
  nop 2
return:
registersymbol(turbo)

[DISABLE]
//code from here till the end of the code will be used to disable the cheat
turbo+01:
  db 89 48 40 48 83 C4 18

unregistersymbol(turbo)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: 1DA8643DFA4

1DA8643DF86: 00 00           - add [rax],al
1DA8643DF88: 00 00           - add [rax],al
1DA8643DF8A: 00 00           - add [rax],al
1DA8643DF8C: 00 00           - add [rax],al
1DA8643DF8E: 00 00           - add [rax],al
1DA8643DF90: 48 83 EC 18     - sub rsp,18
1DA8643DF94: 48 89 0C 24     - mov [rsp],rcx
1DA8643DF98: 48 89 54 24 08  - mov [rsp+08],rdx
1DA8643DF9D: 48 8B CA        - mov rcx,rdx
1DA8643DFA0: 48 8B 04 24     - mov rax,[rsp]
// ---------- INJECTING HERE ----------
1DA8643DFA4: 89 48 40        - mov [rax+40],ecx
// ---------- DONE INJECTING  ----------
1DA8643DFA7: 48 83 C4 18     - add rsp,18
1DA8643DFAB: C3              - ret
1DA8643DFAC: 00 00           - add [rax],al
1DA8643DFAE: 00 00           - add [rax],al
1DA8643DFB0: 00 00           - add [rax],al
1DA8643DFB2: 00 00           - add [rax],al
1DA8643DFB4: 1C 00           - sbb al,00
1DA8643DFB6: 00 00           - add [rax],al
1DA8643DFB8: 2C 00           - sub al,00
1DA8643DFBA: 00 00           - add [rax],al
}
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 152

Joined: 06 Jul 2014
Posts: 4700
PostPosted: Tue Feb 07, 2023 5:17 pm    Post subject: Reply with quote
My first guess is JIT compilation. Basically, the assembly code you see gets created the first time it needs to be run. It doesn't exist before then. The turbo script always works because the code is always JIT-compiled before the script needs to be enabled. The gas script only works if you perform a certain action in game that JIT-compiles the code.

There aren't any easy ways around that other than to always do that certain action in game before enabling the script for the first time.

You could target the bytecode being JIT-compiled, but that's too annoying without a decompiler. Using a different injection point is sometimes an option, but that wouldn't directly help here.
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
j.c
How do I cheat?
Reputation: 0

Joined: 27 Aug 2022
Posts: 7
PostPosted: Tue Feb 07, 2023 5:31 pm    Post subject: Reply with quote
Will this problem also exist if I make a trainer for it?
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 152

Joined: 06 Jul 2014
Posts: 4700
PostPosted: Tue Feb 07, 2023 6:46 pm    Post subject: Reply with quote
Yes. The only difference between a trainer and a cheat table is how it's presented to the user. The general mechanics behind how they work stay the same.
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites