Jump to content
Moopler
hippo

Tutorial How to update a script (with aobs)

Recommended Posts

Hello guys,

since many people dont know how to update a script, i thought its time to make little tutorial.

This tutorial shows only how to update a script with given aobs. 

So lets start:

 

What you need:

- Cheat Engine 

- Script  to update (with aobs)

- Bypass

 

Step 1: 

Chose a script you want to update and where the aobs are already given. 

For this tutorial i chose a very simple script:

[Enable]
01210D60: //6A FF 68 ? ? ? ? 64 A1 ? ? ? ? 50 81 EC ? ? ? ? 53 55 56 57 A1 ? ? ? ? 33 C4 50 8D 84 ? ? ? ? ? 64 A3 ? ? ? ? 8B E9 8B 9C ? ? ? ? ? C7 44 ? ? ? ? ? ? 85 DB
db C2 2C 00

[Disable]
01210D60:
db 6A FF 68

The only part we have to update is this Addy:  

01210D60

Right next to the Addy we see the AoB:

6A FF 68 ? ? ? ? 64 A1 ? ? ? ? 50 81 EC ? ? ? ? 53 55 56 57 A1 ? ? ? ? 33 C4 50 8D 84 ? ? ? ? ? 64 A3 ? ? ? ? 8B E9 8B 9C ? ? ? ? ? C7 44 ? ? ? ? ? ? 85 DB

We need this AoB to update the script.

To find the new Addy with the AoB, we need to change some settings from Cheat Engine:

Look at the field Value Type. Change the Setting from 4 Bytes to Array of byte. It should look like this:

1.thumb.PNG.e3fb7f26805b4f4f05052cddbbd7

Insert now the AoB in the textbox and click on First Scan.

After the scan you should see 2 Addys on the left side.

2.thumb.PNG.e74b78e932ef52c19cb444dd7c21

Now compare both Addys with the original Addy. You will see that the Addy 01211A70 is pretty similar to the original addy from our script. 

Replace now the Addy 01210D60 with our new similar found addy 01211A70

The updated script will now look like this:

[Enable]
01211A70: //6A FF 68 ? ? ? ? 64 A1 ? ? ? ? 50 81 EC ? ? ? ? 53 55 56 57 A1 ? ? ? ? 33 C4 50 8D 84 ? ? ? ? ? 64 A3 ? ? ? ? 8B E9 8B 9C ? ? ? ? ? C7 44 ? ? ? ? ? ? 85 DB
db C2 2C 00

[Disable]
01211A70:
db 6A FF 68

 

  • Like 9

Share this post


Link to post

Nice tutorial, hippo.

You can also search on AoB through Memory View -> Search -> Find Memory. This will show you the first result.

Share this post


Link to post

or you do it like this... and it will be always updated.

 

[ENABLE]
aobscan(FunctionName,6A FF 68 ? ? ? ? 64 A1 ? ? ? ? 50 81 EC ? ? ? ? 53 55 56 57 A1 ? ? ? ? 33 C4 50 8D 84 ? ? ? ? ? 64 A3 ? ? ? ? 8B E9 8B 9C ? ? ? ? ? C7 44 ? ? ? ? ? ? 85 DB)
label(FunctionName_)
registersymbol(FunctionName_)

FunctionName + 0:
FunctionName_:
db C2 2C 00

[DISABLE]
FunctionName_:
db 6A FF 68
unregistersymbol(FunctionName_)

 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×