(Before reading this, know that if you have any questions about any of the steps below, make a comment replying to this below, and you will get answers)
Find/Change Unwritable AoBs Manually Using nop
Lets say for example, you're doing health. You've already scanned and found the value you need. Now the next step would be to right click it and click "Find out what writes to this address". After that, get hit and you should now have what writes to your health value.
After that, right click it and click "replace with code that does nothing", then test it by getting hit and seeing if you take any damage. Once you've verrified that you've found the code that writes to health, click "show disassembler" and you'd see something that looks like this:
What you'd want to do after that, is to right click the code and click restore with original code like this:
Then you'd want to copy the code by holding shift, right click the 2nd or third code under your code, go to copy to clipboard, and click "Bytes only (no addresses). Look:
Now that you've copied the AoBs, go to scan and scan for the aray of bytes that you've just copied. It's very important to remember to double click writable so it becomes a gray box. Otherwise, you won't get any results. The part where the arrow is pointing has to be a gray box:
If your scan found only one result, that's perfect. If not, you'd have to add extra bytes to narrow down the results. There are two ways you can do this, you could add more bytes from above your code or from below your code. Take A look at this:
The yellow highlighted parts are bytes added from above the code and the green highlighted parts are bytes from below the code.
8D 40 FF 89 43 7C 8D D0 C6 00 00 8D 55 F0 E8 92 D0 81 56.
While we're here, take a look at the green highlighted bytes and look at it in the image above. Notice it says "call" and "pepperflashplayer" next to it? That's something to beware of, bytes like those tend to change alot so you'd wan't to wildcard them. The way you would do this, would be to keep the first byte (E8) and replace the rest (92 D0 81 56) with ?? ?? ?? ??, so it becomes E8 ?? ?? ?? ?? and add the next byte below (8B) to help with the narrowing down of results. Added to your code, and it would look like
89 43 7C 8D D0 C6 00 00 8D 55 F0 E8 ?? ?? ?? ?? 8B.
Alright then, so you have your code and it only gives 1 result as it should. Go back to memory viewer and nop the same code (89 43 7C) again, and copy the bytes. After you're done you should now have your before and after code.
Before:
8D 40 FF 89 43 7C 8D D0 C6 00 00 8D 55 F0 E8 ?? ?? ?? ?? 8B
After:
8D 40 FF 90 90 90 8D D0 C6 00 00 8D 55 F0 E8 ?? ?? ?? ?? 8B
Now you know how to find/change unwritable aobs manually using nop.
Credits to:
kolonelkadat It was through his video(removed by youtube) and his raw data aob extractor that I learned how to find and make aob hacks with cheat engine(using nop), how to manually wildcard them, and even how to add extra bytes to rarrow down the results.
EHoK If it wasn't for his video on finding and changing unwritable aobs manually, I would have given up. That is because it helped me to realize my one crucial mistake of forgetting to tick the writable box so it becomes a gray box so that I could scan for the unwritable aobs. https://youtu.be/ubNGgZuDiy4
Opcode Editing: lea
Basically this will allow you to do cool things like make buying add money, taking damage increase health, shooting increase ammo, make one coin count as 5 and so on. It's actually pretty simple. Lets say you found health, you found what writes to the address, and you open that in memory viewer.
Take a look at the code directly above the one you've find. The one that says 8D 40 FF and has the opcode
lea eax,[eax-01]. Anytime you find something like that directly above the code that writes to your address, you're in luck. All you have to do is to double click that code, change the negative sign to a positive sign, and now you've changed the code to add health 1 health each time you get hit instead of taking 1 health each time you get hit.
When you click ok, 8D 40 FF would change to 8D 40 01. You could also change the 01 in lea eax,[eax+01] to any number you want so for example, if the code was for coins and you changed the 01 to 02, you'd get two coins for each one coin you pick up. Take note of the fact that if you're going to change the 01 to any number that is 10 and above, you would need to convert that number into a hex number. (This also applies if to any byte you change in an aray of bytes) To do that, open windows calculator, put it in porgramming mode, type the number and click Hex.
It's always good to test once you've made your edit. If for example you found out what writes to your address and find an op code that looks like lea eax[eax+01] DIRECTLTY ABOVE the code that writes to your address and you change lea eax,[eax+01]to lea eax,[eax+19] (19 is 25 in hex) and you test it and it does indeed
increase by 25 as you edited it to, then you're good and all you had to do was to change the 01 to 19. If however you tested and you're money changes from 10 to something uncontrollable like 75984 each time you get a coin for instance(or if it doesen't change, or change to 0), then in that case you should just change the lea,[eax+19] to add eax,19.
Opcode Editing: add & sub
In this scenario; you've found health, you found what writes to that address, and you open it in memory viewer. Notice that there is a set of bytes above it that has the op code sub
All you have to do is to double click it, change the sub to add and now you gain lives instead of loosing them.
Opcode Editing: addsd & subsd
In this scenario; you've found ammo, you found what writes to the address, and you open it in memory viewer. Then you see an opcode addsd above your code.
All you have to do is to double click it, change the add to sub, and now your ammo increases every time you shoot.
Few more stuff could have been added, but this is just the basics so it's good enough. As you build your experience, you'll discover new things you can do when it comes to making unwritable AoB hacks with cheat engine. The most important thing is practice, practice makes perfect.