but when i restart the game as you know the bytes for the origbytes
&HE8, &HDE, &H75, &H1F, &HB2, &H90, &HD9, &HE8, &H33, &HF6
the &HDE, &H75, &H1F, &HB2 changes
so i would like to do this code injection but alwas has the caveaddr as it is without me having to put new bytes for the trainer to transport the bytes into the correct cave address
Ok,
go to your originalcode and follow this call (&HE8, &HDE, &H75, &H1F, &HB2)
and then tell me, where the call ends (modulebase and offset)
RE: Problem Applying Aobscan - giassamarkos - 26.07.2011
Look the module base and the offset is
"gamex86.dll"+188A1D
the assemble code is
E8 DE7577AF - call 04E30000
90 - nop
the DE7577AF changes everytime i restart the game
i need a byte like that but to be standard
i meen the address that this byte holds get changed from 04E30000
to 03E30000 or anything
and as a caveaddr = cave
RE: Problem Applying Aobscan - Acubra - 26.07.2011
(26.07.2011, 00:03)giassamarkos schrieb: Look the module base and the offset is
"gamex86.dll"+188A1D
the assemble code is
E8 DE7577AF - call 04E30000
90 - nop
the DE7577AF changes everytime i restart the game
i need a byte like that but to be standard
i meen the address that this byte holds get changed from 04E30000
to 03E30000 or anything
and as a caveaddr = cave
Hey,
the Opcodes change every time you restart the game. To use the aobscan anyways you need to use wildcards. In CE you use them by writing questionmarks, so the function will scan specific bytes, but not the ones with a questionmark. So you don't need to care for the changing opcodes due the call command.
RE: Problem Applying Aobscan - giassamarkos - 26.07.2011
i know that... this is now solved..at the moment but now i need to see the module addresses in vb thats why i need something that can make not to change
RE: Problem Applying Aobscan - giassamarkos - 26.07.2011
(26.07.2011, 00:19)Acubra schrieb:
(26.07.2011, 00:03)giassamarkos schrieb: Look the module base and the offset is
"gamex86.dll"+188A1D
the assemble code is
E8 DE7577AF - call 04E30000
90 - nop
the DE7577AF changes everytime i restart the game
i need a byte like that but to be standard
i meen the address that this byte holds get changed from 04E30000
to 03E30000 or anything
and as a caveaddr = cave
Hey,
the Opcodes change every time you restart the game. To use the aobscan anyways you need to use wildcards. In CE you use them by writing questionmarks, so the function will scan specific bytes, but not the ones with a questionmark. So you don't need to care for the changing opcodes due the call command.
But you are right
i need something like that for the origbytes too
Such as {&HE8,&H??,&H??,&H??,&H??,&H90}
but i tried and it says that it cant make an argument
RE: Problem Applying Aobscan - giassamarkos - 26.07.2011
Well Dna i suppose you remember this codesnippet
Visual Basic Code
1 2 3 4 5 6 7 8 9 10 11 12 13
PublicSub JmpToCave(ByVal DestinationAddi As Int32,ByVal sourceaddi As Int32,OptionalByVal NumberOfNops As Int32 =0)Dim JmpBytes As Int32 = DestinationAddi - sourceaddi -5
Write_Byte(sourceaddi,&HE9)
Write_Long(sourceaddi +1, JmpBytes)For i =0To NumberOfNops -1
Write_Byte(sourceaddi +5+ i,&H90)NextEndSubPublicFunction GetJmpBytes(ByVal DestinationAddi As Int32,ByVal SourceAddi As Int32)Dim JmpBytes As Int32 = DestinationAddi - SourceAddi -5Return JmpBytes
EndFunction
Ans i suppose you remember the assassin's creed brotherhood trainer that you made for me doing this
If GetAsyncKeyState(VK_NUMPAD0)Then'ACBSP.exe+10571A7'ACBSP.exe+1057206If health =FalseThen'023BA845 codecave nowot
modulebase = GetModuleBase(ProcName,"ACBSP.exe")Dim caveaddr = allocmemstart
MsgBox(Hex(caveaddr)&" - "& Hex(modulebase))
RemoveProtection(ProcName, caveaddr,67)Dim cavebytes()AsByte= {&H83,&HF8,&H56,&HF,&H85,&H19,&H1,&H0,&H0,&H82,&H3D,&HBA,&HB,&H1,&H0,&H1,&HF,&H85,&H1,&H1,&H0,&H0,&HC7,&H46,&H58,&H0,&H5,&H0,&H0,&H89,&H46,&H58,&H56,&HE9,&HF,&H67,&H3F,&H2,&H80,&H7E,&H58,&H1,&H0,&H0,&H0,&HF,&H85,&HFF,&H0,&H0,&H0,&HC7,&H46,&H58,&H0,&H0,&H0,&H0,&H89,&H46,&H58,&H56,&HE9,&HF2,&H66,&H3F,&H2}
Dim jmpbytes AsByte= GetJmpBytes(modulebase +&H24071FE, caveaddr +&HF)
Write_Long(caveaddr +&H10, jmpbytes)
autopatcher(caveaddr, cavebytes)
JmpToCave(caveaddr, modulebase +&H24071F0)
Console.Beep()
health =True
System.Threading.Thread.Sleep(500)ElseIf health =TrueThen
modulebase = GetModuleBase(ProcName,"ACBSP.exe")Dim origaddr =&H24071F0Dim origbytes()AsByte= {&HE9,&HCA,&H98,&HC0,&HFD,&H90}
autopatcher(origaddr, origbytes)
Console.Beep()
health =False
System.Threading.Thread.Sleep(500)EndIf
First of all i dont remember actually where did you get this one
Dim jmpbytes As Byte = GetJmpBytes(modulebase + &H24071FE, caveaddr + &HF) ...the &H24071FE...
If GetAsyncKeyState(Keys.NumPad1)=&HFFFF8001ThenIf health12 =FalseThenDim cave AsInteger= AllocMem(ProcName)
modulebase = GetModuleBase(ProcName,"gamex86.dll")Dim caveaddr = cave
Dim cavebytes()AsByte= {&HC7,&H87,&H98,&H1B,&H0,&H0,&HF4,&H0,&H0,&H0,&H8B,&H9F,&H98,&H1B,&H0,&H0,&HE9,&H49,&H7F,&H8D,&H58}
Dim jmpbytes AsByte= GetJmpBytes(modulebase +&H188A23, cave +&HF)
WriteInt32(cave +&H10, jmpbytes)
autopatcher(caveaddr, cavebytes)
AllocJump(caveaddr, modulebase +&H188A1D,1)
Console.Beep()
Health =True
System.Threading.Thread.Sleep(500)ElseIf Health =TrueThen
modulebase = GetModuleBase(ProcName,"gamex86.dll")Dim origaddr = modulebase +&H188A1DDim origbytes()AsByte= {&HE8,&H4,&H4,&H11,&H4,&H90}
autopatcher(origaddr, origbytes)
Console.Beep()
Health =False
System.Threading.Thread.Sleep(500)EndIfEndIfEndSub
i took that Dim jmpbytes As Byte = GetJmpBytes(modulebase + &H188A23, cave + &HF)... the &H188A23 from the second opcode of the first intruction that holdes the health address
But i get and error
Called
OverflowException was unhandled
Arithmetic operation resulted in an overflow
Troubleshooting Tips:
Make sure you not dividing by zero