Solved How to find array of byte patterns?

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

dydrax

Newbie
Full Member
Jan 8, 2013
22
234
0
many cheater using AoB to find offset of game ,, but i'm confusing
what is array of byte ??
what hell is it ?
how can i get it?
please give tut because i'm newbie
 

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,096
78,998
2,372
Let's just say, for instance I want to hack a game but I do not want to manually search for the same instruction again in any feature updates.

Health:

C++:
Torchlight2.EditorDumpStatsAverages+4C004 - D8 9E 58050000        - fcomp dword ptr [esi+00000558]
So we got the address for our health but in order to find it again in any future game updates we want to search for a bigger block since this address occurs multiple times in the game. So what we are going to do is select a bigger block.

C++:
Torchlight2.EditorDumpStatsAverages+4BFFA - DB 44 24 78           - fild dword ptr [esp+78]
Torchlight2.EditorDumpStatsAverages+4BFFE - D8 0D DC1F0302        - fmul dword ptr [Torchlight2.exe+1C31FDC]
Torchlight2.EditorDumpStatsAverages+4C004 - D8 9E 58050000        - fcomp dword ptr [esi+00000558]
Torchlight2.EditorDumpStatsAverages+4C00A - DFE0                  - fnstsw ax
Torchlight2.EditorDumpStatsAverages+4C00C - F6 C4 01              - test ah,01
Now of course, we only want the bytes of all these addresses. It'll look like this.

C++:
DB 44 24 78 D8 0D DC 1F 03 02 D8 9E 58 05 00 00 DF E0 F6 C4 01
Now all you have to do is open the Memory Viewer and in the opcode window right click and select Search Memory now you want to make the necessary changes.

1. Select (Array of) byte
2. Change From to 00000000
3. Change To to FFFFFFFF

Now enter your array of bytes you've collected.

C++:
DB 44 24 78 D8 0D DC 1F 03 02 D8 9E 58 05 00 00 DF E0 F6 C4 01
And press OK

You should now land at the right address in the opcode window. Simply search for that address in Cheat Engine and you'll land at this address.

C++:
Torchlight2.EditorDumpStatsAverages+4BFFA - DB 44 24 78           - fild dword ptr [esp+78]
Now simply scroll down and you will see your health address in that area.

C++:
Torchlight2.EditorDumpStatsAverages+4C004 - D8 9E 58050000        - fcomp dword ptr [esi+00000558]
[hr][/hr]

And that should be all. This should work for future updates unless some nasty changes were made then you have to do it differently. But this should work in most cases.

I hope you understood what I wrote as I do not know a different way to explain it. :)

do the video
 
Last edited:

c5

Kim Kong Trasher
Dank Tier VIP
Dank Tier Donator
Jul 19, 2012
1,187
12,638
76
And it doesn't necessarily have to be opcodes, it can be anything within programs memory space
 

dydrax

Newbie
Full Member
Jan 8, 2013
22
234
0
wow thats amazing,, thanks to explainig it @ Magnificient &C5,,i will try to understanding it
in my mind it's a packet of instruction and we only change the value,
but how can i make cheat only use the offset after search the AoB,,
how can they using cheat with offset without change the value ???

sorry if i had many question,,
and sorry for my poor english,,
thanks before
 

xploiitz

Coder
Fleep Tier Donator
Trump Tier Donator
Nobleman
Jul 26, 2012
155
1,698
7
wouldnt we have to use some wild cards when applying this? Because the pointers might change with the update no?

for example

Torchlight2.EditorDumpStatsAverages+4BFFA - DB 44 24 78 - fild dword ptr [esp+78]
Torchlight2.EditorDumpStatsAverages+4BFFE - D8 0D DC1F0302 - fmul dword ptr [Torchlight2.exe+1C31FDC]
Torchlight2.EditorDumpStatsAverages+4C004 - D8 9E 58050000 - fcomp dword ptr [esi+00000558]
Torchlight2.EditorDumpStatsAverages+4C00A - DFE0 - fnstsw ax
Torchlight2.EditorDumpStatsAverages+4C00C - F6 C4 01 - test ah,01


on the bolded line DC 1F 03 02 (little endian for torchlight.exe+1c31fdc) might not always be the same, so would you not use wild cards when searching in future updates?

ex:
DB 44 24 78 D8 0D ?? ?? ?? ?? D8 9E 58 05 00 00 DF E0 F6 C4 01
 

c5

Kim Kong Trasher
Dank Tier VIP
Dank Tier Donator
Jul 19, 2012
1,187
12,638
76
Definetly. If something could change/is changing you have to skip them when matching a pattern :)
 

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,096
78,998
2,372
wouldnt we have to use some wild cards when applying this? Because the pointers might change with the update no?

for example

Torchlight2.EditorDumpStatsAverages+4BFFA - DB 44 24 78 - fild dword ptr [esp+78]
Torchlight2.EditorDumpStatsAverages+4BFFE - D8 0D DC1F0302 - fmul dword ptr [Torchlight2.exe+1C31FDC]
Torchlight2.EditorDumpStatsAverages+4C004 - D8 9E 58050000 - fcomp dword ptr [esi+00000558]
Torchlight2.EditorDumpStatsAverages+4C00A - DFE0 - fnstsw ax
Torchlight2.EditorDumpStatsAverages+4C00C - F6 C4 01 - test ah,01


on the bolded line DC 1F 03 02 (little endian for torchlight.exe+1c31fdc) might not always be the same, so would you not use wild cards when searching in future updates?

ex:
DB 44 24 78 D8 0D ?? ?? ?? ?? D8 9E 58 05 00 00 DF E0 F6 C4 01
Yes, you have to use 'em wildcards :)

I just didn't include them. My bad. Thanks for adding it there though! :)
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods