I don't understand nothing

i have a question. how do u create an aob script that works after a restart

Matt Eason Hey, thanks! I'm just glad people out there are finding them useful! I actually have these posted in a thread on the CE forums; my nickname there is h3x1c. =)

I know right, I think I've linked this tut for questions more then the number of likes.

Frank Wier yeah. 😂😂😂😂

I'm = X

Same thing, I'm enjoying this series too and I wanted to like this video but it's at 666 likes right now and I don't want to spoil it :) Thank you, Stephen!

Glenn Watts Thanks for watching, Glenn; I'm glad you found it useful!

Glad you found it helpful!

Mr. Kalidor Glad you've found them helpful! Thanks for the feedback!

Diego Novaes Thanks! I'm really glad you've enjoyed them. Most of my early CE learning took place here, on KZbin, and on the CE forum. Here on KZbin, I watched Cheat Engine videos from Fleep Hacks , jgoemat , ***** , tutorialsfromgeri , and others. For really learning Assembly, I cannot recommend enough these guys: Open SecurityTraining That channel is full of HOURS worth of amazing, amazing content--all free! Lastly, check out videos from these two guys: kzbin.infovideos and kzbin.infovideos

+Biosystem Studios Always individualize the names, yes! Change "inject" to whatever your script is going to do. For instance, I usually change mine to something like aobInfiniteHealth, aobMaxExperience, aobAllTheGold, etc. The same should be the case for each AOB scan you have if you have multiple in one single script.

mixmax35 Thanks for watching! Yeah, scripting will be the next thing I touch on, but I'll get slowly into that. I'm getting ready to start picking up Lua so I can start teaching that. Everyone references generic Lua tutorials, but there's not any clarity out there that says, "here are some of the specific things of Lua that you can primarily use in CE." I want to change that! I'll probably start it off with discussing CE's built-in trainer generator, but...yeah, this will be a couple of months down the road likely. =) Thanks for the offer to help; I appreciate it!

Porkchopio I'll have to see if there's a way to set a scan like that, but for the time being, you can hold ctrl and click on all the addresses you'd like to change to doubles at the same time. Once you've selected all the ones you want, right-click and select "change element," then select "double" from the drop-down box and click OK.

Glenbob1337 Which section (time-wise) in the video are you talking about? Perhaps I can try to clarify more for you.

For your first question, start studying registers--specifically, the differences between x86 (32-bit) and x64 (64-bit) registers. RAX, EAX, AX, AH, and AL all refer to different sections of the same register. There are also references to various regions (or bits) of other registers, but you'll need to familiarize yourself with them. Here's a good reference image: goo.gl/oSyIIt This will give you enough to go on to start searching Google, StackOverflow, and KZbin for answers on registers. As for your next question, if CE doesn't find your scan, then you either have bytes in the array that are incorrect (which can happen if your byte array contains a memory address, meaning that will certainly change the next time you start the game), or if you're doing a manual scan, you have to make sure to set your scan settings to scan both read/write memory (it's one of the check boxes beneath where you scan).

thank you for your help stephan. :)

+KaLul0 You can use * to pretty much say its a wild card, so if you notice the first two bytes are always the same you can do it like this: f2 08 * * * 40 30 80 50 also, check if 01 is always the same as well, i doubt it but if it is include that, the closest you can get it, the best. PS: im a newb when it comes to cheat engine and this may not be the best answer, just posting one since you havnt got an answer yet

+shwb9 nooooow i get it xD thank you! someone helped me out with the script and he placed "*" inside and i searched for his lines to fill in the "missing" bytes. but in fact those where just place holders. anyway his script couldnt be activated before i placed the bytes inside so i have to look about what was wrong. maybe i need to fill in some more bytes to not find another array of bytes fitting in

I guess what I'm asking is, how did you come up with the term ebx? How did you know to use that? Can we just make up something like ebb, or aol, I'm not trying to sound dumb, I'm just trying to know where the ebx term came from....

hi. he covers this in a different post. i'll repost it for you " Stephen Chapman 2 years ago +TrayShade I pretty much did pull EBX out of my ass, as it were. =) There are 8 general purpose registers in x86: EAX, EBX, ECX, EDX, ESI, EDI, EBP, and ESP. Unless you REALLY know what you're doing, you should always assume that every register has something in it when you go to do code injections. At that point in the script, I could have used any register except EDI (since the game was referencing EDI plus an offset, we don't want to futz with that; we have 7 other registers we can work with to do stuff in), so I chose EBX since the game uses a MOV instruction to move something from EAX (so I chose not to use it) into EDI+offset at the point where we're injecting code. The PUSH instruction basically says, "okay, I want you to move whatever's sitting in this register right now (EBX, in our case), to some address in memory that you'll know where it is and you'll pull it again when I'm done messing with this register." The POP instruction says, "I'm done using this register now, so go fetch what was in it when I told you to PUSH it and put that back in the register." So, PUSH EBX saves whatever might be in EBX before we start fucking with it, then POP EBX returns EBX to the state it was in before we came along! Lots of script writers will just PUSHAD/POPAD (stores/restores what's in EVERY register) and PUSHFD/POPFD (stores/restores all EFLAGS, which is a totally different topic I won't delve into), but if my script is for something like this and I know I only need 1-3 registers, then I'll just PUSH/POP them individually. There's a lot more to all this that will help you understand it all in context, but I hope the aforementioned helps you at least understand where EBX comes from in this scenario. =)"

No particular reason. You could use any register you want to there, with the exception of EDI since it's where the base of that particular structure is referenced (with offsets A0 and A4 containing the data we're interested in).

lol holy crap u answered so fast! hahah thanks! I edited the original post though! You explained it to someone else kinda more in depth! THANKS! :D

AOB scans serve a number of purposes: 1: You find your way to instructions related to values you want to modify. While this means you can directly hack a value like health, the greater point is that you're taken to a relevant place within a subroutine that you may want to reverse engineer. For instance, instead of just giving yourself infinite health, maybe you trace your way back to the start of an entire health-related function that, if injecting a RET, will not only do nothing to your health, but will also get rid of other health-related subroutines, like making blood appear on your screen when you get hit, or triggering your character to make a sound, etc., etc. 2: Few are the games these days that store values in static locations. Instructions, sure. But values tend to move around in various addresses. Thus pointer scanning, or AOB scanning--the latter of which can future-proof your hacks in the event that a game update is pushed which only adds content (thus shifting around memory addresses containing data, but not necessarily resulting in a recompile of instructions that might change bytes), etc. 3: In a game that uses shared instructions to modify multiple values (such as one health-related function that writes to player, enemy, and object health), you can't rely on memory addresses alone unless you want to search for them every single time an enemy/item/etc. spawns -- and even then, you may never find the value because the enemy/item/etc. might not have enough "health" for you to find in time. Thus, you can do an AOB scan on the player to find the instruction, then use that to find addresses the instruction writes to, and then you can compare the data structure and write cheats that set apart the player from everything else, etc. There are many reasons for AOB scans! This video may not have been the best vehicle to convey exactly why, but it's been 2 years since I recorded this and I don't remember what I covered, lol. If you keep watching my videos in this series, you'll get an overall idea of why AOB scans are so handy.

Thanks a lot! :)

This Video and this answer just spared me an insane amount of time of practicing! Thanks a lot :-)

Aeshwarye Aggarwal I would say watch again a bit closer; however, you may want to supplement with this guide: forum.cheatengine.org/viewtopic.php?t=572465 Make sure to check out the other AOB-related tutorial in his signature. He basically explains how to do the same thing, so maybe his tutorial and some of the questions others ask in it will help you with a lot of these questions!

Thanks!

Derpy Leedle If this is concerning a multiplayer game, then I can't help you. Otherwise, you've either found the wrong value, or you need to find the instruction that writes to the address, then create a code injection to make the value change in the way you want it to.

[Atumi] You're welcome! =)

I'm not skilled enough at Cheat Engine to know how, but if you were able to find where the cloth texture is stored in memory, you can change it. However it's probably easier to try and find where the game is reading the cloth texture from and modify that. If you want to change it on the fly, the easiest way to test it's possible is to find the game file the cloth texture is stored in, and look for the same bytes in a memory viewer. Alternatively, you could try looking for a magic key - for example, if you know the textures are JPG files you can try looking for the phrase "JFIF". The only danger is if your image you're trying to replace is larger than the original, you'll need to change the length to avoid overwriting another file later in memory in the process.

I do look at them often, but only have time to reply selectively these days ("time" meaning the time it takes to write replies, and time to dig around in the games people inquire about). I haven't dug around any RPG Maker VX Ace games, but I do recall seeing others having issues with it. If I were you, I'd head over to the Cheat Engine forum and do some searches there. If you don't come up with much, then create a post there inquiring about your issues. They're typically really good about steering you in the right direction over there.

BoyEastern I actually can't. The only language I really know anything significant about at this point is Assembly; however, go take a look at Fleep's channel. He's got a ton of excellent tutorials related to game hacking and C++! kzbin.info/www/bejne/o3y4hH-An9GUoMk

Dont worry you'll figure it out, I was the same when trying to use this.

I was, too. =)

Don't worry, just keep matching the jems, and you'll see cartoon boobies sooner or later XD

If you aren't aware of registers, then this video is going to leave you with plenty of questions. I talk all about registers in previous videos in the series. At 23:36, I arbitrarily chose EBX to use, which is why I push its original contents to the stack, then pop it off back into EBX at the end of the script. Check out other videos in the series; each video successively builds off the previous. And if you feel lost, it's fine; we all felt that way and I undoubtedly didn't cover every possible base, so expect to do some additional research to supplement.

***** I pretty much did pull EBX out of my ass, as it were. =) There are 8 general purpose registers in x86: EAX, EBX, ECX, EDX, ESI, EDI, EBP, and ESP. Unless you REALLY know what you're doing, you should always assume that every register has something in it when you go to do code injections. At that point in the script, I could have used any register *except* EDI (since the game was referencing EDI plus an offset, we don't want to futz with that; we have 7 other registers we can work with to do stuff in), so I chose EBX since the game uses a MOV instruction to move something from EAX (so I chose not to use it) into EDI+offset at the point where we're injecting code. The PUSH instruction basically says, "okay, I want you to move whatever's sitting in this register right now (EBX, in our case), to some address in memory that you'll know where it is and you'll pull it again when I'm done messing with this register." The POP instruction says, "I'm done using this register now, so go fetch what was in it when I told you to PUSH it and put that back in the register." So, PUSH EBX saves whatever might be in EBX before we start fucking with it, then POP EBX returns EBX to the state it was in before we came along! Lots of script writers will just PUSHAD/POPAD (stores/restores what's in EVERY register) and PUSHFD/POPFD (stores/restores all EFLAGS, which is a totally different topic I won't delve into), but if my script is for something like this and I know I only need 1-3 registers, then I'll just PUSH/POP them individually. There's a lot more to all this that will help you understand it all in context, but I hope the aforementioned helps you at least understand where EBX comes from in this scenario. =)

Stephen Chapman Thank you, that did it. I love the way you explain things, because of that i am confident i could go do this myself now, though it would probably take a while longer with a different game as i would then have to apply the concept in a new scenario. All this after watching the video only once. I am not trying to brag, I am simply implying that your way of explaining is extremely efficient. :) What i can also state with confidence, is that i am sticking around for more great videos. :)

I'm glad you found the video so useful! It means a lot for me to know that I can help people understand this stuff better, because I had (and, with many things, am still having) a hell of a time getting this stuff to really click from the guides/videos I followed initially. As for you carrying forward with another game, I highly recommend Terraria. It's absolutely perfect for everything Cheat Engine offers (especially the data dissector). Check out my video on hacking time in Terraria; it's a good supplemental video to this AOB one!

Stephen Chapman I will definitely do that as Terraria is a game I have experience with (outside of CE). Thanks once again.