Difference between revisions of "Auto Assembler:aobScanModule"

From Cheat Engine
Jump to navigation Jump to search
m
 
(8 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 +
[[Category:Assembler]]
 
'''Auto Assembler''' aobScanModule(''SymbolName'', ''ModuleName'', ''AOBString'')
 
'''Auto Assembler''' aobScanModule(''SymbolName'', ''ModuleName'', ''AOBString'')
  
Scans the memory of a specific module for the given array of byte and sets the result to the symbol name.
+
Scans the memory used by the module ''ModuleName'' for a specific byte pattern defined by ''AOBString'' and sets the resulting address to the symbol ''SymbolName''.
Anything not an integer will be seen as a wildcard.
+
 
 +
'''Note:''' ''AOBString'' definition is composed by a list of one or several bytes optionally separated by spaces. Each byte definition has 2 variants:
 +
 
 +
- A group of 2 characters, where the first character is the high order nibble and the second is the low order nibble. Each character can be an hexadecimal digit (from '0' to 'F') or a wildcard character (interpreted as any hexadecimal value from 0 to 15)
 +
 
 +
- An unique wildcard surrounded by spaces (interpreted as any value from 0 to 255)
 +
 
 +
The wildcards are defined by any of these 3 characters: 'x', '?', or '*'.
 +
Some valid patterns:
 +
 
 +
5x 48 8D 6x 24 E0
 +
5? 48 8D 6? 24 E0
 +
5* 48 8D 6* 24 E0
 +
xx 48 8D xx 24 E0
 +
?? 48 8D ?? 24 E0
 +
** 48 8D ** 24 E0
 +
x 48 8D x 24 E0
 +
? 48 8D ? 24 E0
 +
* 48 8D * 24 E0
 +
 
 +
'''Tip:'''  One can use for ''ModuleName'' the variable '''$process''' defined as the current open process.  
  
 
=== Command Parameters ===
 
=== Command Parameters ===
Line 12: Line 33:
 
|SymbolName
 
|SymbolName
 
|string
 
|string
|The symbol name to use if aob is found
+
|The symbol name to define if ''AOBString'' is found
 
|-
 
|-
 
|ModuleName
 
|ModuleName
Line 20: Line 41:
 
|AOBString
 
|AOBString
 
|string
 
|string
|The string of bytes, as hex, to scan for
+
|The byte pattern, as hex, to scan for
 
|}
 
|}
  
Line 26: Line 47:
 
== Examples ==
 
== Examples ==
 
  aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 53 48 8D 64 24 E0)
 
  aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 53 48 8D 64 24 E0)
 +
 +
aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 xx xx 8D 64 24 E0)
 +
 +
aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 x x 8D 64 24 E0)
  
 
  aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 ** ** 8D 64 24 E0)
 
  aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 ** ** 8D 64 24 E0)
 +
 +
aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 * * 8D 64 24 E0)
  
 
  aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 ?? ?? 8D 64 24 E0)
 
  aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 ?? ?? 8D 64 24 E0)
 +
 +
aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 ? ? 8D 64 24 E0)
 +
 +
aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 5* 48 *D 64 24 E0)
 +
 +
aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00xx8D6424E0)
  
 
  aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00**8D6424E0)
 
  aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00**8D6424E0)
  
 
  aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00??8D6424E0)
 
  aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00??8D6424E0)
 +
 +
aobScanModule(SomeSymbol, $process, 00 1? 8D 64 24 *)
  
 
== See also ==
 
== See also ==
 
* [[Cheat_Engine:Auto Assembler|Auto Assembler]]
 
* [[Cheat_Engine:Auto Assembler|Auto Assembler]]
 +
* [[Auto_Assembler:Commands|Auto Assembler Commands]]
  
 
=== Related Commands ===
 
=== Related Commands ===
 
* [[Auto Assembler:aobScan|aobScan]]
 
* [[Auto Assembler:aobScan|aobScan]]
 +
* [[Auto_Assembler:aobScanRegion|aobScanRegion]]
 
* [[Auto Assembler:alloc|alloc]]
 
* [[Auto Assembler:alloc|alloc]]
 
* [[Auto Assembler:dealloc|dealloc]]
 
* [[Auto Assembler:dealloc|dealloc]]
 +
* [[Auto Assembler:globalAlloc|globalAlloc]]
 
* [[Auto Assembler:createThread|createThread]]
 
* [[Auto Assembler:createThread|createThread]]
 
* [[Auto Assembler:define|define]]
 
* [[Auto Assembler:define|define]]

Latest revision as of 16:33, 22 April 2022

Auto Assembler aobScanModule(SymbolName, ModuleName, AOBString)

Scans the memory used by the module ModuleName for a specific byte pattern defined by AOBString and sets the resulting address to the symbol SymbolName.

Note: AOBString definition is composed by a list of one or several bytes optionally separated by spaces. Each byte definition has 2 variants:

- A group of 2 characters, where the first character is the high order nibble and the second is the low order nibble. Each character can be an hexadecimal digit (from '0' to 'F') or a wildcard character (interpreted as any hexadecimal value from 0 to 15)

- An unique wildcard surrounded by spaces (interpreted as any value from 0 to 255)

The wildcards are defined by any of these 3 characters: 'x', '?', or '*'. Some valid patterns:

5x 48 8D 6x 24 E0
5? 48 8D 6? 24 E0
5* 48 8D 6* 24 E0
xx 48 8D xx 24 E0
?? 48 8D ?? 24 E0
** 48 8D ** 24 E0
x 48 8D x 24 E0
? 48 8D ? 24 E0
* 48 8D * 24 E0

Tip: One can use for ModuleName the variable $process defined as the current open process.

Command Parameters[edit]

Parameter Type Description
SymbolName string The symbol name to define if AOBString is found
ModuleName string The name of the module to scan in
AOBString string The byte pattern, as hex, to scan for


Examples[edit]

aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 53 48 8D 64 24 E0)
aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 xx xx 8D 64 24 E0)
aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 x x 8D 64 24 E0)
aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 ** ** 8D 64 24 E0)
aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 * * 8D 64 24 E0)
aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 ?? ?? 8D 64 24 E0)
aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 ? ? 8D 64 24 E0)
aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 5* 48 *D 64 24 E0)
aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00xx8D6424E0)
aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00**8D6424E0)
aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00??8D6424E0)
aobScanModule(SomeSymbol, $process, 00 1? 8D 64 24 *)

See also[edit]

Related Commands[edit]