Trying to find array of bytes from address in WinHex

Hey guys so today I started playing with WinHex.. not really modifying anything because I've never used WinHex before.. but im wondering is there an easy way to maybe find an AoB from an address in WinHex? Like if I have an updated offset then I search for it and I can find the array.. but lets say I dont have the updated offset and I need an AoB from the address.. how do I find it if I have the old offset and how do I know how long the AoB is? Im trying to teach myself but I dont wanna mess something up so a little bit of help is always welcomed. Thanks

read this, i really doubt that u know what ur talking about tho
[Only registered and activated users can see links. Click Here To Register...]

Quote:

Originally Posted by waidas123 read this, i really doubt that u know what ur talking about tho [Only registered and activated users can see links. Click Here To Register...]

Ok well like I said I am new at this but thank you for that info Im checkin it out now.. I couldnt find anything on it but basically I have came across different situations where I had a CE script and I had the old offset but I needed to find the new offset but didnt have an AoB to scan for.. so basically what I was wondering is what do you do when your in this situation? Because you have to be able to find it somehow? Iono I was just playin around with WinHex a little bit and I could see dekarons entire memory and If I searched for the the offset I could see everything related to that memory range.. I donno like I said Im new but Im just kinda playin around and trying to figure things out.

open winhex/hexworkshop goto the address copy the bytes that you want. The array of bytes is just a representation of code or data, if you have used a cheat eninge script you will see the assembly code in them, also you can take notice of the [Enable] and [Disable] sections. Normally the code you want to find will be the disable, and if you dont have the bytes for that you can try writing it in assembly or doing an opcode scan. The length can be whatever you want say there is a code like

you can just type this into a disassebler and you will get

the red are the bytes

you can try scanning for say 8B 52 0C and if there are a billion results you can add the second part to get 8B 52 0C 83 C2 0A

the length just makes it more specific


then you can scan for that array of bytes in winhex or even cheat engine hex scanner

Quote:

Originally Posted by ind3siszive open winhex/hexworkshop goto the address copy the bytes that you want. The array of bytes is just a representation of code or data, if you have used a cheat eninge script you will see the assembly code in them, also you can take notice of the [Enable] and [Disable] sections. Normally the code you want to find will be the disable, and if you dont have the bytes for that you can try writing it in assembly or doing an opcode scan. The length can be whatever you want say there is a code like Code: mov edx,[edx+0c] add edx,0A you can just type this into a disassebler and you will get Code: [COLOR="DeepSkyBlue"]01111111 [/COLOR] [COLOR="Red"] 8B52 0C [/COLOR] [COLOR="Yellow"]MOV EDX,DWORD PTR DS:[EDX+C][/COLOR] [COLOR="DeepSkyBlue"]01111114[/COLOR] [COLOR="Red"]83C2 0A[/COLOR] [COLOR="Yellow"]ADD EDX,0A[/COLOR] the red are the bytes you can try scanning for say 8B 52 0C and if there are a billion results you can add the second part to get 8B 52 0C 83 C2 0A the length just makes it more specific then you can scan for that array of bytes in winhex or even cheat engine hex scanner

Ohhhhh ok I see what your saying now.. thanks a lot :)