 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Betcha
Expert Cheater
 Reputation: 4
Joined: 13 Aug 2015
Posts: 232
Location: Somewhere In Space
|
 Posted: Sun Nov 08, 2015 10:24 pm Post subject: How To Correctly Edit This Injection? |
 |
|
Instead of Inf.Health, it makes One Hit Monster Kill, One Hit From Monsters to Kill Me, No exp when kill monsters, Quests stays uncompleted without counting monster kills...
Spent hours in dissect data/structures, read/watched pretty much tutorials/videos about finding correct id ..
but looks like it's not enough, cause of this line?
movss [esi+14],xmm0
tried to edit, in to movq [esi+14],xmm0 and with movd
Works Exp and quests, but this time my health goes minus 2Billion, when monster hits, and i die after third hit. Monsters still dies with one hit.
Tried more many things, but without results, cause i met this line for the first time and have no idea what im doing even if i read about it.
Only didnt tried registry Q1 Q2 Q3 Q4 cause didnt found how.?!
| Code: | [ENABLE]
alloc(newmem,1024)
label(returnhere)
label(player)
newmem:
cmp [esi+110],5
je player
jmp returnhere
player:
movss [esi+14],xmm0
jmp returnhere
"SporeApp.exe"+1CFBB0:
jmp newmem
returnhere:
[DISABLE]
dealloc(newmem)
"SporeApp.exe"+1CFBB0:
movss xmm0,[esi+14]
//Alt: db F3 0F 10 46 14 |
| Description: |
|
| Filesize: |
61.49 KB |
| Viewed: |
6826 Time(s) |
|
| Description: |
|
| Filesize: |
83.55 KB |
| Viewed: |
6825 Time(s) |
|
Last edited by Betcha on Mon Nov 09, 2015 4:58 am; edited 1 time in total |
|
| Back to top |
|
 |
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Sun Nov 08, 2015 11:28 pm Post subject: |
|
|
Right click on the find out what access window and activate check if found opcodes also...
Go play a bit, lose some health, and hit a monster.
Get back in cheat engine, a number between parenthesis will appear in the count column, this is the number of addresses accessed by each instruction that accessed your health.
Pick a result that only accessed one address (your health) and make your godmode here, since this instruction only accessed your health and nothing else, you do not need to bother with structure dissection & player IDs.
Also if you want to make a godmode you don't want to original movss [esi+14],xmm0 to write the player's health, you want this to happen only for non-players.
For the player you might want something simple like mov [esi+14],(float)100.0 .
Any mov*** A,B just means "copy B into A", this has no impact on your player id.
_________________
DO NOT PM me if you want help on making/fixing/using a hack. |
|
| Back to top |
|
|
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Sun Nov 08, 2015 11:36 pm Post subject: |
|
|
As Gniarf mentioned, games often have unique instructions reserved for accessing the player's health only.
This is due to the HUD showing your health, for example. The HUD doesn't normally show monster health.
Once you find that instruction, save the value of the base structure to a custom variable.
Then in your one-hit script, use cmp esi,[myvar] to distinguish between player and monster.
|
|
| Back to top |
|
|
Betcha
Expert Cheater
Reputation: 4
Joined: 13 Aug 2015
Posts: 232
Location: Somewhere In Space
|
| Posted: Mon Nov 09, 2015 4:57 am Post subject: |
|
|
Gniarf
I Did,already before: Right click on the find out what access window and activate check if found opcodes also...
Results affect on my Health and monsters Health.
If i Nop, me and monsters are in god mod,
if edit in any way it affects on both of us!
So also this ''mov [esi+14],(float)100.0'', makes my and monsters health jump to 100..
That's why i used Structure.
Even if In memory view when open ''Find out what addresses this instruction access'', shows up addresses for my health and every monster's health i hit...
Zanzer
Umm.. It's not one hit kill script, it should be No Dmg Script.
And somehow didn't understood what i should do with cmp esi,[myvar] ...
|
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Mon Nov 09, 2015 6:52 am Post subject: |
|
|
| realbecha wrote: | Results affect on my Health and monsters Health.
If i Nop, me and monsters are in god mod. |
Do ALL results affect both player and monsters ?
In other words: Does the fdivr dword [esi+14] you showed on 1.jpg also access the health of the monsters? Same question for the movss xmm0,[esi+4f4].
If the answer is "yes" to all 3 questions, try to find a pointer to your health (use the pointerscanner).
Once you have a stable pointer you can either:
-simply freeze it in CE.
-or use it in your script to replace a player ID.
_________________
DO NOT PM me if you want help on making/fixing/using a hack. |
|
| Back to top |
|
|
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Mon Nov 09, 2015 7:10 am Post subject: |
|
|
In your pic of instructions, go the very first one.
Right-click it and Find out what addresses this instruction accesses.
Now go beat up a monster. Does the instruction ONLY access the player's health?
If so, setup your injection there. Add the following instruction before the original:
| Code: | | fst dword ptr [esi+14] |
If not, see what addresses the second instruction accesses.
That one has a different offset which might just be for the player structure only.
|
|
| Back to top |
|
|
Betcha
Expert Cheater
Reputation: 4
Joined: 13 Aug 2015
Posts: 232
Location: Somewhere In Space
|
| Posted: Mon Nov 09, 2015 8:15 am Post subject: |
|
|
Gniarf And Zanzer ..
Yes all results effects on player and monsters..
And if talk about health pointer, then it works kind weird, cause it won't always show the exact value of health.. Most time it's under ?? , and in pointer scan i filtered until got 1000+ results and all do same..
I don't know what was the bug, but today i recreated everything from scratch and works Inf. Health + One Hit Kill if needed...
But there is other thing what still is... Exp doesn't comes and Quests doesn't counts.. Here is the video of me doing everything from scratch.. To See what exactly im doing..
https://youtu.be/059JQQV0_pU
|
|
| Back to top |
|
|
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Mon Nov 09, 2015 9:34 am Post subject: |
|
|
Your video showed several instructions only ever touched a single address. #2, 3, and 5.
Put your injection into one of those instead.
I would also assume that the one-hit kill doesn't work because of the compare right above your current injection.
I'm assuming that jump is ignoring all of the "if dead, give reward" logic because you are setting the value to 0 AFTER the compare.
Use the following for your one-hit kill script:
| Code: | xorps xmm0,xmm0
comiss xmm1,xmm0
movss [esi+14],xmm0 |
|
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Mon Nov 09, 2015 10:04 am Post subject: |
|
|
| Zanzer wrote: | Your video showed several instructions only ever touched a single address. #2, 3, and 5.
Put your injection into one of those instead. |
+1, but they may be used under different circunstances. To check once for all if we have a communication issue there, RealBecha, please try this:
| Code: | [ENABLE]
alloc(CodeBuffer,30)
label(Return)
CodeBuffer:
mov dword [esi+4f4],(float)10000.0
movss xmm0,dword [esi+4f4] //original code
jmp Return
7211CE:
jmp CodeBuffer
nop
nop
nop
Return:
[DISABLE]
dealloc(CodeBuffer)
7211CE:
movss xmm0,dword [esi+4f4] |
-If the game crashes then I've done a stupid mistake that I don't see right now, please attempt to fix my script.
-If you get a player-only godmode, then we had a language problem. This instruction only accessed one address: your health.
-If some monsters also get a godmode then I give up, because I completely overlooked that this game is spore, which means that it's soon going to turn into a real time strategy game, in which the only generic way I know to get a godmode is to rely on teamID, and I cannot give useful tips on teamID without experimenting on the game myself. I don't have spore.
_________________
DO NOT PM me if you want help on making/fixing/using a hack. |
|
| Back to top |
|
|
Betcha
Expert Cheater
Reputation: 4
Joined: 13 Aug 2015
Posts: 232
Location: Somewhere In Space
|
| Posted: Mon Nov 09, 2015 11:05 am Post subject: |
|
|
Thank you so much Zanzer and Gniarf Or
Thank you so much Gniarf and Zanzer for fast and nice Replay's.
Zanzer
My injection with teamID now works, cause i added your 3 lines in it.
God Mod for player (works)
One Hit To Kill monsters (works)
Now also Works Rewards, (Exp,Quests)
| Code: |
[ENABLE]
aobscanmodule(INJECT,SporeApp.exe,F3 0F 11 46 14 76 43) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
label(player)
newmem:
cmp [esi+110],5
je player
jmp code
player:
jmp return
code:
xorps xmm0,xmm0
comiss xmm1,xmm0
movss [esi+14],xmm0
jmp return
INJECT:
jmp newmem
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db F3 0F 11 46 14
unregistersymbol(INJECT)
dealloc(newmem) |
Gniarf .
I Tried your code and everything works too.
After monster hit's, my health goes to 10.000.
Monsters health decreases on each hit, like it suppose to.
Works fine without glitches/crashes.
by the way, how can i make code like this on my own?
I'm new with Injection's, that's why problem's come's from nowhere.
|
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Tue Nov 10, 2015 1:20 am Post subject: |
|
|
@RealBecha: First Look at the picture below. You can see that there are 3 places where we can make our hack: 7211CE, 854A59, and 5DE6E1. I chose 7211CE because it had a bigger hit count (346) than 854A59 (104) and 5DE6E1 (27).
Now select the desired hack point, click show disassembler->tools->auto assemble->template->cheat table framework, then template->code injection or AOB injection.
AOB injection is better but I could not make an aobscan script from your video, so I'll continue this explanation with a simple code injection.
With simple injection you'll get this: | Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode:
movss xmm0,dword [esi+4f4]
exit:
jmp returnhere
"SporeApp.exe"+3211CE:
jmp newmem
nop
nop
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"SporeApp.exe"+3211CE:
movss xmm0,dword [esi+4f4]
//Alt: db f3 0f 10 86 f4 04 00 00 |
And if you remove the labels that are not used/referenced, you get: | Code: | [ENABLE]
alloc(newmem,2048)
label(returnhere)
newmem:
movss xmm0,dword [esi+4f4]
jmp returnhere
"SporeApp.exe"+3211CE:
jmp newmem
nop
nop
nop
returnhere:
[DISABLE]
dealloc(newmem)
"SporeApp.exe"+3211CE:
movss xmm0,dword [esi+4f4]
//Alt: db f3 0f 10 86 f4 04 00 00 |
Now look at movss xmm0,dword [esi+4f4].
Since the [] are around esi+4f4 then your health is at esi+4f4.
Since the [] are on the right side or the "," symbol, then the movss is reading (not writing) your health so you want to overwrite your health before=above the movss. To do that simply add mov [esi+4f4],(float)10000.0 above the movss, and there you have the godmode I posted.
| Description: |
|
| Filesize: |
155.2 KB |
| Viewed: |
6610 Time(s) |
|
_________________
DO NOT PM me if you want help on making/fixing/using a hack. |
|
| Back to top |
|
|
Betcha
Expert Cheater
Reputation: 4
Joined: 13 Aug 2015
Posts: 232
Location: Somewhere In Space
|
| Posted: Tue Nov 10, 2015 2:12 am Post subject: |
|
|
Now i see, how to make it. 
Looks like i did it almost always wrong, cause i picked always from the access results that, who shows up when monsters hits me..
(That explains my bugs and crashes in games)
Picture i attached is from another monster, so once touched is now only #2 and #5, and i see the #2 is place what you picked..
Simply i ''know'' how to edit injections with mov, add, sub, and adding something from dissect data/structure..
So when i saw these xmm0, xmm1, movss, addss, was kind upset 
Thank you once again for help.
| Description: |
|
| Filesize: |
180.39 KB |
| Viewed: |
6602 Time(s) |
|
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
