Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Singularity v1.0-1.1
Goto page 1, 2  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Auto Assemble scripts
View previous topic :: View next topic  
Author Message
SER[G]ANT
Expert Cheater
Reputation: 10

Joined: 29 Dec 2005
Posts: 194
Location: Russia

PostPosted: Fri Jun 25, 2010 2:09 am    Post subject: Singularity v1.0-1.1 Reply with quote

Infinite Health :
Code:
[ENABLE]
 aobscan(_faddress,d9xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxc2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx8bxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx8bxx8b)
 alloc(_newmem,2048)
 label(_returnhere)
 label(_originalcode)

_newmem:
 push eax
 mov eax,[ecx+000002e8]
 mov [ecx+000002e4],eax
_originalcode:
 fld dword ptr [ecx+000002e4]
 pop eax
 jmp _returnhere

_faddress:    // 0102CFE0 = GImage::GImage+28B760
 jmp _newmem
 nop
_returnhere:
 
[DISABLE]
 aobscan(_faddress,90xxxxxxxxxxxxxxxxxxxxc2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx8bxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx8bxx8b)

_faddress-5:
 fld dword ptr [ecx+000002e4]

 dealloc(_newmem)

Infinite Energy :
Code:
[ENABLE]
 aobscan(_faddress,f3xxxxxxxxxxxxxx76xxf3xxxxxxxxxxxxxxf3xxxxxxxxxxxxxxb8)
 aobscan(_faddress2,f3xxxxxxxxxxxxxx76xxf3xxxxxxxxxxxxxxf3xxxxxxxxxxxxxx8bxxxxxx8b)

_faddress:    // 0100D603 = GImage::GImage+26BE43
 db 90 90 90 90 90 90 90 90

_faddress2:    // 00FFFECB = GImage::GImage+25E70B
 db 90 90 90 90 90 90 90 90

[DISABLE]
 aobscan(_faddress,90909076xxf3xxxxxxxxxxxxxxf3xxxxxxxxxxxxxxb8)
 aobscan(_faddress2,90909076xxf3xxxxxxxxxxxxxxf3xxxxxxxxxxxxxx8bxxxxxx8b)

_faddress-5:
 movss [esi+0000038c],xmm0

_faddress2-5:
 movss [esi+0000038c],xmm0

Infinite Ammo :
Code:
[ENABLE]
 aobscan(_faddress,8bxxxxxxxxxxxxxxc2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx8bxx8bxx8b)
 alloc(_newmem,2048)
 label(_returnhere)
 label(_originalcode)

_newmem:
 mov dword ptr [ecx+eax*4+000002ec],63
_originalcode:
 mov eax,[ecx+eax*4+000002ec]
 jmp _returnhere

_faddress:    // 00FAE657 = GImage::GImage+20CDD7
 jmp _newmem
 nop
 nop
_returnhere:
 
[DISABLE]
 aobscan(_faddress,9090xxc2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx8bxx8bxx8b)

_faddress-5:
 mov eax,[ecx+eax*4+000002ec]

 dealloc(_newmem)

No Reload :
Code:
[ENABLE]
 aobscan(_faddress,8bxxxxxxxxxxxxxxc2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx8bxx0f)
 alloc(_newmem,2048)
 label(_returnhere)
 label(_originalcode)

_newmem:
 push ebp
 mov ebp,[ecx+eax*4+00000ac]
 mov [ecx+eax*4+000001fc],ebp
_originalcode:
 mov eax,[ecx+eax*4+000001fc]
 pop ebp
 jmp _returnhere

_faddress:    // 00FAE987 = GImage::GImage+20D1C7
 jmp _newmem
 nop
 nop
_returnhere:
 
[DISABLE]
 aobscan(_faddress,9090xxc2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx8bxx0f)

_faddress-5:
 mov eax,[ecx+eax*4+000001fc]

 dealloc(_newmem)

Infinite Stamina :
Code:
[ENABLE]
 aobscan(_faddress,d9xxxxxxxxxxd8xxxxxxxxxxxxxxxxxxxx8bxx81xxxxxxxxxxxx8bxx83)
 alloc(_newmem,2048)
 label(_returnhere)
 label(_originalcode)

_newmem:
 mov dword ptr [ecx+00000648],42C80000
_originalcode:
 fld dword ptr [ecx+00000648]
 jmp _returnhere

_faddress:    // 0102DFD0 = GImage::GImage+28C750
 jmp _newmem
 nop
_returnhere:
 
[DISABLE]
 aobscan(_faddress,90d8xxxxxxxxxxxxxxxxxxxx8bxx81xxxxxxxxxxxx8bxx83)

_faddress-5:
 fld dword ptr [ecx+00000648]

 dealloc(_newmem)

Infinite Tempolar Dialation :
Code:
[ENABLE]
 aobscan(_faddress,f3xxxxxxxxxxxxxxf3xxxxxx0fxxxx0fxxxxf3xxxxxxxxxxxxxx76xx8b)
 alloc(_newmem,2048)
 label(_returnhere)
 label(_originalcode)

_newmem:
 mov dword ptr [esi+0000059c],40A00000
_originalcode:
 movss xmm0,[esi+0000059c]
 jmp _returnhere

_faddress:    // 00E5D7B6 = GImage::GImage+BBF36
 jmp _newmem
 nop
 nop
 nop
_returnhere:
 
[DISABLE]
 aobscan(_faddress,909090f3xxxxxx0fxxxx0fxxxxf3xxxxxxxxxxxxxx76xx8b)

_faddress-5:
 movss xmm0,[esi+0000059c]

 dealloc(_newmem)

Infinite Oxygen :
Code:
[ENABLE]
 aobscan(_faddress,f3xxxxxxxxxxxxxx76xxf3xxxxxxxxxxxxxxe8xxxxxxxx80xxxxxxxxxxxx75)

_faddress:    // 009E74DF = GetStackOwnerClass+25853F
 nop
 nop
 nop
 nop
 nop
 nop
 nop
 nop
 
[DISABLE]
 aobscan(_faddress,90909076xxf3xxxxxxxxxxxxxxe8xxxxxxxx80xxxxxxxxxxxx75)

_faddress-5:
 movss [esi+000002ec],xmm0

 dealloc(_newmem)

+10 Weapon Tech/+1k E99 Tech/+1 Health Pack/+1 E99 Vial:
Code:
//Enable script and add address "_cmp" (type 1 byte) to CE table
//Change value of this address to
//"1" - you get +10 Weapon Tech
//"2" - you get +1.000 E99 Tech
//"3" - you get +1 Health Pack
//"4" - you get +1 E99 Vial
[ENABLE]
 aobscan(_faddress,8bxxxxxxxxxxxxxxc2xxxx33xxxxc2xxxxxxxxxx8bxxxx8bxxxxxx8bxx80)
 alloc(_newmem,2048)
 label(_returnhere)
 label(_originalcode)
 label(_cmp)
 registersymbol(_cmp)
 label(_weapontech)
 label(_e99)
 label(_healthpack)
 label(_e99vial)

 

_newmem:
 cmp byte ptr [_cmp],0
 je _originalcode
 cmp byte ptr [_cmp],1
 je _weapontech
 cmp byte ptr [_cmp],2
 je _e99
 cmp byte ptr [_cmp],3
 je _healthpack
 cmp byte ptr [_cmp],4
 je _e99vial
 
 _weapontech:
  add dword ptr [ecx+36c],0a
  jmp _originalcode
 
_e99:
 add dword ptr [ecx+370],3E8
jmp _originalcode

_healthpack:
 add dword ptr [ecx+364],1
 jmp _originalcode
 
_e99vial:
 add dword ptr [ecx+368],1
 jmp _originalcode
 
_originalcode:
 mov eax,[ecx+eax*4+00000364]
 mov byte ptr [_cmp],0
 jmp _returnhere

_cmp:
 dd 0

_faddress:    // 00FAE75D = GImage::GImage+20CEDD
 jmp _newmem
 nop
 nop
_returnhere:
 
[DISABLE]
 aobscan(_faddress,9090xxc2xxxx33xxxxc2xxxxxxxxxx8bxxxx8bxxxxxx8bxx80)

_faddress-5:
 mov eax,[ecx+eax*4+00000364]

 dealloc(_newmem)


ENJOY!


Last edited by SER[G]ANT on Mon Jul 26, 2010 5:01 am; edited 3 times in total
Back to top
View user's profile Send private message
Mr. X
Cheater
Reputation: 0

Joined: 27 Jun 2010
Posts: 31

PostPosted: Sun Jun 27, 2010 6:05 pm    Post subject: Reply with quote

Hi,

What was your approach to find the health value/address, also did you do the same thing with the rest of the values/addresses for the other parts? Did you use only Cheat Engine to achieve this?
Back to top
View user's profile Send private message
SER[G]ANT
Expert Cheater
Reputation: 10

Joined: 29 Dec 2005
Posts: 194
Location: Russia

PostPosted: Mon Jun 28, 2010 5:06 am    Post subject: Reply with quote

Mr. X wrote:
Hi,

What was your approach to find the health value/address, also did you do the same thing with the rest of the values/addresses for the other parts? Did you use only Cheat Engine to achieve this?


Basically I used descrease/inscrease scan.
Yes, I use CE only
Back to top
View user's profile Send private message
Mr. X
Cheater
Reputation: 0

Joined: 27 Jun 2010
Posts: 31

PostPosted: Mon Jun 28, 2010 7:05 am    Post subject: Reply with quote

Okay, thanks for your reply.
Back to top
View user's profile Send private message
Csimbi
Grandmaster Cheater Supreme
Reputation: 65

Joined: 14 Jul 2007
Posts: 1836

PostPosted: Tue Aug 10, 2010 4:01 am    Post subject: This post has 1 review(s) Reply with quote

Problems with v1.1:

1. At the beginning of the game I pick up the pistol.
Whenever I activate the infinite ammo hack, it weapon is reloaded over and over again (without even firing a bullet).
Fix for v1.1:
replace this:
Code:
mov ebp,[ecx+eax*4+00000ac]

with this:
Code:
mov ebp,[ecx+eax*4+0000238]

in the no reload script.

2. Infinite health works for enemies, too. It appears you hooked the wrong code.
Here's the v1.1 aob (replace appropriate bytes with ?? for 1.0) that works correctly:
Code:
[ENABLE]
alloc(_newmem,1024)
label(_faddress_r)
registersymbol(_faddress_r)
aobscan(_faddress,d9 82 e4 02 00 00 f3 0f 11 86 84 06 00 00 d9 9e 80 06 00 00 0f 84 9e 00 00 00 8b 86 20 06 00 00 8b 17)

_faddress:    // 00F1B268 = GImage::GImage+179AA8 or Singularity.exe+B1B268
_faddress_r:
call _newmem
nop

_newmem:
fld dword ptr [edx+000002e8]
fst dword ptr [edx+000002e4]
ret

 
[DISABLE]
_faddress_r:
fld dword ptr [edx+000002e4]
// d9 82 e4 02 00 00

unregistersymbol(_faddress_r)
dealloc(_newmem)


Thanks.

Now, here's something I like to call: Bullseye; no more recoil and spread.
Now with Superweapon enhancer (set damage to 1000, fire rate to 0.01); it is controlled with superweapon_*, see in the script. Note: hacks the currently held weapon only, and it cannot be undone (unless you reload a checkpoint).
Code:

[ENABLE]
alloc(newmem,1024)
label(superweapon_dohack) // Add to table manually as "4 bytes" and set to 1 to hack currently held weapon
label(superweapon_damage) // Add to table manually as "float" and change weapon's damage to be set when hack is enabled. Default is 1000.
label(superweapon_firerate) // Add to table manually as "float" change weapon's fire rate to be set when hack is enabled. Default is 0.01.
label(superweapon_c)
label(superweapon_done)
label(recoil1_r)
label(recoil1_c)
label(recoil2_r)
label(recoil2_c)
label(recoil3_r)
label(recoil4_r)
label(recoil5_r)
label(recoil6_r)
registersymbol(superweapon_dohack)
registersymbol(superweapon_damage)
registersymbol(superweapon_firerate)
registersymbol(recoil1_r)
registersymbol(recoil2_r)
registersymbol(recoil3_r)
registersymbol(recoil4_r)
registersymbol(recoil5_r)
registersymbol(recoil6_r)
aobscan(recoil1,f3 0f 58 86 9c 04 00 00 f3 0f 11 86 9c 04 00 00 eb 5f)
aobscan(recoil2,f3 0f 58 8e 9c 04 00 00 f3 0f 11 8e 9c 04 00 00 ff 15 84 35 78 01)
aobscan(recoil3,f3 0f 11 86 9c 04 00 00 f3 0f 11 8e b0 04 00 00 f3 0f 11 8e b4 04 00 00 f3 0f 11 8e b8 04 00 00)
aobscan(recoil4,f3 0f 11 86 b0 04 00 00 f3 0f 10 86 b4 04 00 00)
aobscan(recoil5,f3 0f 11 86 b4 04 00 00 f3 0f 10 86 b8 04 00 00)
aobscan(recoil6,f3 0f 11 86 b8 04 00 00 8b 75 fc)

newmem:
recoil1_c:
call superweapon_c
mov [esi+0000049c],0
mov [esi+00000454],0
movss xmm0,[esi+0000049c]
ret
recoil2_c:
call superweapon_c
mov [esi+0000049c],0
mov [esi+00000454],0
movss xmm1,[esi+0000049c]
ret
superweapon_c:
push eax
xor eax,eax
cmp eax,[superweapon_dohack]
je short superweapon_done
mov [superweapon_dohack],eax
push ebx
mov ebx,[superweapon_damage]
mov eax,[esi+0000026C]
mov dword ptr [eax],ebx
mov ebx,[superweapon_firerate]
mov eax,[esi+00000254]
mov dword ptr [eax],ebx
pop ebx
superweapon_done:
pop eax
ret
// Variables
superweapon_dohack:
dd 0
superweapon_damage:
dd 447A0000 // float 1000
superweapon_firerate:
dd 3C23D70A // float 0.01

recoil1:
recoil1_r:
call recoil1_c
nop
nop
nop

recoil2:
recoil2_r:
call recoil2_c
nop
nop
nop

recoil3:
recoil3_r:
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop

recoil4:
recoil4_r:
nop
nop
nop
nop
nop
nop
nop
nop

recoil5:
recoil5_r:
nop
nop
nop
nop
nop
nop
nop
nop

recoil6:
recoil6_r:
nop
nop
nop
nop
nop
nop
nop
nop

[DISABLE]
recoil1_r:
addss xmm0,[esi+0000049c]
movss [esi+0000049c],xmm0
//Alt: db F3 0F 58 86 9C 04 00 00 f3 0f 11 86 9c 04 00 00

recoil2_r:
addss xmm1,[esi+0000049c]
movss [esi+0000049c],xmm1
//Alt: db F3 0F 58 8E 9C 04 00 00 f3 0f 11 8e 9c 04 00 00

recoil3_r:
movss [esi+0000049c],xmm0
movss [esi+000004b0],xmm1
movss [esi+000004b4],xmm1
movss [esi+000004b8],xmm1
//Alt: db f3 0f 11 86 9c 04 00 00 f3 0f 11 8e b0 04 00 00 f3 0f 11 8e b4 04 00 00 f3 0f 11 8e b8 04 00 00

recoil4_r:
movss [esi+000004b0],xmm0
//Alt: db f3 0f 11 86 b0 04 00 00

recoil5_r:
movss [esi+000004b4],xmm0
//Alt: db f3 0f 11 86 b4 04 00 00

recoil6_r:
movss [esi+000004b8],xmm0
//Alt: db f3 0f 11 86 b8 04 00 00

unregistersymbol(superweapon_dohack)
unregistersymbol(superweapon_damage)
unregistersymbol(superweapon_firerate)
unregistersymbol(recoil1_r)
unregistersymbol(recoil2_r)
unregistersymbol(recoil3_r)
unregistersymbol(recoil4_r)
unregistersymbol(recoil5_r)
unregistersymbol(recoil6_r)
dealloc(newmem)


Edit:
Added Superweapon enhancer to the Bullseye script.
Back to top
View user's profile Send private message
shadel
Advanced Cheater
Reputation: 0

Joined: 19 May 2010
Posts: 52

PostPosted: Sat Aug 28, 2010 10:29 am    Post subject: Reply with quote

Csimbi, your health cheat works for the beginning of the game but when you get health upgrades,
the bar is not full, and later, some ennemis can kill you with one shot or two.

Could you add a modification for full health ?
Or care to explain what you do in those asm lines ?
Even with asm references I don't get it.
Back to top
View user's profile Send private message
Csimbi
Grandmaster Cheater Supreme
Reputation: 65

Joined: 14 Jul 2007
Posts: 1836

PostPosted: Sat Aug 28, 2010 11:34 am    Post subject: Reply with quote

The reason for that is very simple: I did not waste time on tracking down the memory locations for the upgrades. So, yes, the bar is not full, but does it really matter? At least you can pick up the stim packs. I have never died throughout the entire game - unless I deliberately jumped from very high up.
Probably it's a very high damage value. Try to avoid damage that kills you in one shot (explosions, shotguns from close range, maybe headshots).

I finished the game and it was not good enough to waste any more time on it ever again, so I have to say no to updating the code above.
Yeah, I could do, but would it help? The code above is the easy part. Finding out the code you need to patch is the hard part.
Back to top
View user's profile Send private message
shadel
Advanced Cheater
Reputation: 0

Joined: 19 May 2010
Posts: 52

PostPosted: Sun Aug 29, 2010 8:23 am    Post subject: Reply with quote

Okey, sorry for asking...

Anyway I found out the cause. It was not the life cheat but the superweapon cheat.
With superweapon_damage at 1000, the guys with heavy machine guns also get the power-up.
At this point it doesn't matter anymore where you're hit...
Back to top
View user's profile Send private message
Csimbi
Grandmaster Cheater Supreme
Reputation: 65

Joined: 14 Jul 2007
Posts: 1836

PostPosted: Sun Aug 29, 2010 10:27 am    Post subject: Reply with quote

shadel wrote:
Okey, sorry for asking...

Anyway I found out the cause. It was not the life cheat but the superweapon cheat.
With superweapon_damage at 1000, the guys with heavy machine guns also get the power-up.
At this point it doesn't matter anymore where you're hit...

You're right. 1000x is probably too much; I played at 8x. Perhaps the default value in the code above should be updated...
Back to top
View user's profile Send private message
shadel
Advanced Cheater
Reputation: 0

Joined: 19 May 2010
Posts: 52

PostPosted: Mon Aug 30, 2010 6:01 pm    Post subject: Reply with quote

I found some valid pointer chains for v1.1 (I don't know if it works for 1.0).
Health is one of them so in the end you can still put a 1000 for weapon damage.
Here they are :

Code:
Health
Singularity.exe+018F5DF4, 4, 28, 2E4

Max health
Singularity.exe+018F5DF4, 4, 28, 2E8

Medkits
Singularity.exe+018F5DE8, 1C, 364

Weapon techs
Singularity.exe+018F5DE8, 1C, 36C

E99 techs
Singularity.exe+018F5DE8, 1C, 370

Valkyrie clip
Singularity.exe+018F5DE8, 1C, 200

Valkyrie clip capacity
Singularity.exe+018F5DE8, 1C, 23C


Other weapons clip addresses are following Valkyrie's.
Back to top
View user's profile Send private message
Iyeru
Expert Cheater
Reputation: 0

Joined: 21 May 2012
Posts: 130
Location: Madison, WI

PostPosted: Thu May 01, 2014 7:34 pm    Post subject: Reply with quote

Can someone make a cheat table? Whenever I copy/paste lua scripts, it says unexpected [ at [ENABLE]
Back to top
View user's profile Send private message Visit poster's website
Geri
Moderator
Reputation: 108

Joined: 05 Feb 2010
Posts: 5636

PostPosted: Thu May 01, 2014 7:45 pm    Post subject: Reply with quote

These are not lua scripts.
_________________
My trainers can be found here: http://www.szemelyesintegracio.hu/cheats

If you are interested in any of my crappy articles/tutorials about CE and game hacking, you can find them here:
http://www.szemelyesintegracio.hu/cheats/41-game-hacking-articles

Don't request cheats or updates.
Back to top
View user's profile Send private message
sortajan
How do I cheat?
Reputation: 0

Joined: 07 Mar 2011
Posts: 9

PostPosted: Thu Feb 16, 2017 9:29 am    Post subject: Reply with quote

I threw this table together using the above scripts. Super easy to use. All credit to SER[G]ANT and Csimbi for the scripts.


Singularity.ct
 Description:

Download
 Filename:  Singularity.ct
 Filesize:  13.93 KB
 Downloaded:  12 Time(s)

Back to top
View user's profile Send private message
SunBeam
I post too much
Reputation: 61

Joined: 25 Feb 2005
Posts: 3962
Location: Romania

PostPosted: Thu Feb 16, 2017 10:09 am    Post subject: Reply with quote

I am still wondering what "Tempolar Dialation" means Very Happy Maybe.. temporal dilation?
_________________
More stuff on sb.deviatted.com. Work in progress.
Back to top
View user's profile Send private message
STN
I post too much
Reputation: 26

Joined: 09 Nov 2005
Posts: 2121

PostPosted: Fri Feb 17, 2017 3:16 am    Post subject: Reply with quote

SunBeam wrote:
I am still wondering what "Tempolar Dialation" means Very Happy Maybe.. temporal dilation?


Sounds like someone's brain (temporal lobe) dilating/exploding

_________________
Subscribe to my youtube channel <3
DEViATTED
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Auto Assemble scripts All times are GMT - 6 Hours
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter