 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
user5594
Advanced Cheater
![]() Reputation: 0
Joined: 03 Oct 2014
Posts: 72
Location: ::1
|
 Posted: Wed Jun 28, 2017 11:40 am Post subject: God Mode script help (Targeting unique reads) |
 |
|
So I've run into a problem creating God Mode for a single-player game I'm currently playing. The problem is that the instruction for modifying health is shared between you and your enemies. I've solved this problem in another game before but this one is a little trickier.
Here is the highlighted instruction:
I couldn't find anything obvious in the structure of the players, but maybe I can use offset 04? Looks like player ID numbers or something? 1,2,3,4 etc.
I wrote this Auto Assembler script which more than likely is wrong. Can I string a bunch of compares after each other and jump elsewhere if it's equal?
| Code: | [ENABLE]
alloc(newmem,2048,"PDUWP.exe"+24C4E0)
label(returnhere)
label(originalcode)
label(newcode)
label(exit)
newmem:
cmp dword [rbx+04],0
je newcode
cmp dword [rbx+04],1
je newcode
jne originalcode
newcode:
db 90 90 90
originalcode:
mov [rbx+0C],eax
test eax,eax
exit:
jmp returnhere
"PDUWP.exe"+24C4E0:
jmp newmem
returnhere:
[DISABLE]
dealloc(newmem)
"PDUWP.exe"+24C4E0:
mov [rbx+0C],eax
test eax,eax |
This script seems like it's not even doing anything. |
|
| Back to top |
|
 |
OldCheatEngineUser
Whateven rank
 Reputation: 20
Joined: 01 Feb 2016
Posts: 1587
|
| Posted: Wed Jun 28, 2017 12:56 pm Post subject: Re: God Mode script help (Targeting unique reads) |
|
|
| user5594 wrote: | | I couldn't find anything obvious in the structure of the players, but maybe I can use offset 04? Looks like player ID numbers or something? 1,2,3,4 etc. |
try to go higher.
| user5594 wrote: | | I wrote this Auto Assembler script which more than likely is wrong. Can I string a bunch of compares after each other and jump elsewhere if it's equal? |
yes you can, (NOTE: i didnt look into your script. so i dont know if theres anything wrong.)
but since you did it before, you should be fine. just try to go higher in offsets. (sometimes going higher in offsets doesnt help at all. in this case go minus).
ONE MORE NOTE:
since the alignment is by 4, (00, 04, 08, 0C, 00 and so on..) << the end of the addresses. sometimes its better to go by 1.
also for comparing you can use your health cap. which is (and most of the time) better. usually its located 4 bytes after the health value, or 4 bytes before the health value. and very rarely you
find your health cap in a different location.
if you want to find your health cap ( in case its in a different location ), its easy and it depend on the game actually.
try find out whats accessing this address, and try to get health while your health is full. once you found that instruction, see what addresses this instruction accesses. and you should end up with a value.
theres multiple methods to find out your cap/limit and im not going to say anything here. since it require lot of typing to explain the steps.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
user5594
Advanced Cheater
![]() Reputation: 0
Joined: 03 Oct 2014
Posts: 72
Location: ::1
|
| Posted: Thu Jun 29, 2017 11:53 am Post subject: Re: God Mode script help (Targeting unique reads) |
|
|
| OldCheatEngineUser wrote: |
yes you can, (NOTE: i didnt look into your script. so i dont know if theres anything wrong.)
but since you did it before, you should be fine. just try to go higher in offsets. (sometimes going higher in offsets doesnt help at all. in this case go minus).
ONE MORE NOTE:
since the alignment is by 4, (00, 04, 08, 0C, 00 and so on..) << the end of the addresses. sometimes its better to go by 1.
also for comparing you can use your health cap. which is (and most of the time) better. usually its located 4 bytes after the health value, or 4 bytes before the health value. and very rarely you
find your health cap in a different location.
if you want to find your health cap ( in case its in a different location ), its easy and it depend on the game actually.
try find out whats accessing this address, and try to get health while your health is full. once you found that instruction, see what addresses this instruction accesses. and you should end up with a value.
theres multiple methods to find out your cap/limit and im not going to say anything here. since it require lot of typing to explain the steps. |
Yes, the health cap is directly after the health address, however I don't think I can use a compare in the assembler because sometimes player and enemy health cap is exactly the same.
I think it may be a problem with my script because it should work with comparing the 1,2,3,4 but nothing happens. |
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 199
Joined: 25 Jan 2006
Posts: 8518
Location: 127.0.0.1
|
| Posted: Thu Jun 29, 2017 9:07 pm Post subject: |
|
|
Another common method you can use is find a function that only affects your player specifically and store the pointer of your player used from that function. Then in the health function, compare the current entity pointer being used to see if it matches your player pointer or something else. If it matches yours, set the health, otherwise, skip and run like normal.
_________________
- Retired. |
|
| Back to top |
|
|
user5594
Advanced Cheater
![]() Reputation: 0
Joined: 03 Oct 2014
Posts: 72
Location: ::1
|
| Posted: Thu Jun 29, 2017 10:41 pm Post subject: |
|
|
| atom0s wrote: | | Another common method you can use is find a function that only affects your player specifically and store the pointer of your player used from that function. Then in the health function, compare the current entity pointer being used to see if it matches your player pointer or something else. If it matches yours, set the health, otherwise, skip and run like normal. |
Hmm, I also tried this method by finding everything that accesses the health address. I found about 12 other functions but all of them also access enemy health. |
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
Reputation: 20
Joined: 01 Feb 2016
Posts: 1587
|
| Posted: Thu Jun 29, 2017 11:11 pm Post subject: Re: God Mode script help (Targeting unique reads) |
|
|
| OldCheatEngineUser wrote: | | (NOTE: i didnt look into your script. so i dont know if theres anything wrong.) |
just now decided to see your code.
| user5594 wrote: |
| Code: | [ENABLE]
alloc(newmem,2048,"PDUWP.exe"+24C4E0)
label(returnhere)
label(originalcode)
label(newcode)
label(exit)
newmem:
cmp dword [rbx+04],0
je newcode
cmp dword [rbx+04],1
je newcode
jmp originalcode // this line should be jmp not jne as you wrote.
newcode:
db 90 90 90 // what are these nops for?
// if you mean noping mov [rbx+0C],eax, then you dont need to nop it.
// lets say you place your three nops. ill tell you how it works now. under the quotation.
/* whatever the nops are for! you should place a jmp here!
if theres no jmp then it will continue to "here" */
jmp returnhere // you must add this line.
originalcode:
mov [rbx+0C],eax "here" <<<<<
test eax,eax
exit:
jmp returnhere
"PDUWP.exe"+24C4E0:
jmp newmem
returnhere:
[DISABLE]
dealloc(newmem)
"PDUWP.exe"+24C4E0:
mov [rbx+0C],eax
test eax,eax |
|
your code was basically comparing if its 1 and 0 then go to newcode.
in newcode there is 3 NOPs.
it will execute each line of these nops THEN WHAT? where to go?
it will continue to MOV [RBX+0C],EAX and decrease your health.
thats why you need to place a "JMP RETURN"
because you want to keep original code for your enemies.
you can also instead of doing JE newcode. you replace it with JE return. and bam you dont need that label"newcode".
what you did is created a label and redirected your health address to there and did NO OPERATION, then you went back to the originalcode and subtracted your health.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
user5594
Advanced Cheater
![]() Reputation: 0
Joined: 03 Oct 2014
Posts: 72
Location: ::1
|
| Posted: Fri Jun 30, 2017 12:01 pm Post subject: Re: God Mode script help (Targeting unique reads) |
|
|
| OldCheatEngineUser wrote: |
just now decided to see your code.
| user5594 wrote: |
| Code: | [ENABLE]
alloc(newmem,2048,"PDUWP.exe"+24C4E0)
label(returnhere)
label(originalcode)
label(newcode)
label(exit)
newmem:
cmp dword [rbx+04],0
je newcode
cmp dword [rbx+04],1
je newcode
jmp originalcode // this line should be jmp not jne as you wrote.
newcode:
db 90 90 90 // what are these nops for?
// if you mean noping mov [rbx+0C],eax, then you dont need to nop it.
// lets say you place your three nops. ill tell you how it works now. under the quotation.
/* whatever the nops are for! you should place a jmp here!
if theres no jmp then it will continue to "here" */
jmp returnhere // you must add this line.
originalcode:
mov [rbx+0C],eax "here" <<<<<
test eax,eax
exit:
jmp returnhere
"PDUWP.exe"+24C4E0:
jmp newmem
returnhere:
[DISABLE]
dealloc(newmem)
"PDUWP.exe"+24C4E0:
mov [rbx+0C],eax
test eax,eax |
|
|
I made some changes but it's still not working. Seems to just set my health to 0 whenever any NPC or I am damaged.
| Code: | [ENABLE]
alloc(newmem,2048,"PDUWP.exe"+24C4E0)
label(returnhere)
label(originalcode)
label(exit)
newmem:
cmp dword [rbx+04],0
je returnhere
cmp dword [rbx+04],1
je returnhere
cmp dword [rbx+04],2
je originalcode
cmp dword [rbx+04],3
je originalcode
jmp returnhere
originalcode:
mov [rbx+0C],eax
test eax,eax
exit:
jmp returnhere
"PDUWP.exe"+24C4E0:
jmp newmem
returnhere:
[DISABLE]
dealloc(newmem)
"PDUWP.exe"+24C4E0:
mov [rbx+0C],eax
test eax,eax |
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 199
Joined: 25 Jan 2006
Posts: 8518
Location: 127.0.0.1
|
| Posted: Sat Jul 01, 2017 1:04 pm Post subject: |
|
|
| user5594 wrote: | | atom0s wrote: | | Another common method you can use is find a function that only affects your player specifically and store the pointer of your player used from that function. Then in the health function, compare the current entity pointer being used to see if it matches your player pointer or something else. If it matches yours, set the health, otherwise, skip and run like normal. |
Hmm, I also tried this method by finding everything that accesses the health address. I found about 12 other functions but all of them also access enemy health. |
Don't just look at health, look at anything reading your players specific pointer. Based on what you showed above, you said that:
Is used for the health updates. Which means the base pointer to each object is within rbx. Find the pointer that is specifically yours, and find other functioins that use the pointer itself, regardless of what offsets within the pointer are being used. Try to find a function that is only called with your pointer to use as a method of grabbing your pointer to use to compare in other functions.
_________________
- Retired. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
