Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Castle Crashers XP multiplier?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
logane1102
How do I cheat?
Reputation: 0

Joined: 27 Aug 2017
Posts: 4

PostPosted: Sun Aug 27, 2017 3:53 pm    Post subject: Castle Crashers XP multiplier? Reply with quote

I want to multiply the XP gain in castle crashers.

You get 1 xp for every successful hit on an enemy.
I want to be able to multiply that by 2, 4 ,6, etc.

I searched the total XP address, found it, and clicked the
"Find what writes to this address" button.

I get this opcode:

0044A0F3 - C7 46 04 04000000 - mov [esi+04],00000004
0044A0FA - E8 417DFFFF - call castle.exe+41E40
0044A0FF - 89 46 08 - mov [esi+08],eax <<
0044A102 - B0 01 - mov al,01
0044A104 - 59 - pop ecx

EAX=00000004
EBX=0229F8C4
ECX=00000001
EDX=00000078
ESI=0291A6C0
EDI=025D92E8
ESP=0018EEB8
EBP=0018EEE0
EIP=0044A102

How do I change the opcode to make it add a number higher than 1 to the address?
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater Supreme
Reputation: 53

Joined: 09 Aug 2013
Posts: 1091

PostPosted: Sun Aug 27, 2017 5:49 pm    Post subject: Reply with quote

hook it and have it run something like this inbetween the call and the move: "add eax, <2,4,6,etc.>-1", eg. "add eax, 5" so that you gain 6 (original 1 + 5)...

you could also dec eax / sub eax, 1 / add eax, -1 / etc. and then add 6 for a multiplier of 6 but unless you're trying to let the user change the multiplier then there's not much point.

Alternatively you can look inside the function to see how the new value in eax is
being calculated and change the code there...
Back to top
View user's profile Send private message
logane1102
How do I cheat?
Reputation: 0

Joined: 27 Aug 2017
Posts: 4

PostPosted: Sun Aug 27, 2017 7:19 pm    Post subject: Reply with quote

I think I'm in way over my head with this..

I am mostly a noob when it comes to cheat engine.

Anyway, I used auto assemble to create this script (This has nothing added into it btw) :

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat

alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)

newmem: //this is allocated memory, you have read,write,execute access
//place your code here

originalcode:
mov [esi+08],eax
mov al,01

exit:
jmp returnhere

"castle.exe"+4A0FF:
jmp newmem
returnhere:



[DISABLE]
//code from here till the end of the code will be used to disable the cheat

I am not sure where exactly to add in "add eax, 5".

I tried inserting it before the mov code, which crashed the game.
I tried inserting it after and in between the two mov codes which did nothing.
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater Supreme
Reputation: 53

Joined: 09 Aug 2013
Posts: 1091

PostPosted: Sun Aug 27, 2017 7:31 pm    Post subject: Reply with quote

Before the move is correct, that way it's changed before it's stored in memory. Hm, only thing I can think of other than anti-cheat is that there's a jump depending on the flags and the add is changing it, if that's the case then pushing and popping the flags to the stack should fix the issue

Code:

...
newmem:
  // could just go in original code but makes the script a little more organized
  pushfd // save flags
  add eax, 5 // add 5 to eax, changes flags
  popfd // restore flags
originalcode:
  mov [esi+08],eax // move new xp value into xp memory address
  mov al,01 // probably the return value for the function
...
Back to top
View user's profile Send private message
logane1102
How do I cheat?
Reputation: 0

Joined: 27 Aug 2017
Posts: 4

PostPosted: Sun Aug 27, 2017 7:41 pm    Post subject: Reply with quote

I changed the script to this:

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat

alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)

newmem:
// could just go in original code but makes the script a little more organized
pushfd // save flags
add eax, 5 // add 5 to eax, changes flags
popfd // restore flags

originalcode:
mov [esi+08],eax
mov al,01

exit:
jmp returnhere

"castle.exe"+4A0FF:
jmp newmem
returnhere:



[DISABLE]
//code from here till the end of the code will be used to disable the cheat

This does the exact same thing as simply inserting "add eax, 5" before the mov code.

What is does when I say it crashes is it pulls up a loading screen and locks up.
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater Supreme
Reputation: 53

Joined: 09 Aug 2013
Posts: 1091

PostPosted: Sun Aug 27, 2017 8:00 pm    Post subject: Reply with quote

yeah, 'crash' usually refers to the program actually closing. Hm, I suppose it could also be because that code is used for a lot of different values, you can check by right clicking the instruction and choosing 'Find out what addresses this instruction accesses'. If so, those can be quite difficult to hook for just one value because you have to find a way to know when you want to change it (if you want to you can search google/youtube for "shared opcodes" and sn34kymofo's video on gamemaker games).

An alternative in that case is to try and find some other code that accesses just the xp value and write code to check if it's been changed, and if so then find how by how much and multiply that and then add it. If you can get a static address or pointer to it then it's probably little simpler with a lua timer eg.

Code:

[ENABLE]
{$lua}
xp_timer = createTimer()
xp_oldvalue = 0
xp_timer.interval = 100 -- check every 100 milliseconds, 10 times a second
xp_timer.OnTimer = function(timer)
  local xp_multiplier = 6
  local xp_address  = '[[baseaddress+0xoffset]+0xoffset1]+0xoffset2 ...'
  local xp_curvalue = readInteger(xp_address)
  -- assuming it's a 4 byte value, use readFloat for floats
  -- and readDouble for doubles
  -- (from celua.txt in CE install dir, though there's a wiki too)
 
  if xp_curvalue ~= xp_oldvalue then
    -- could use xp_curvalue > xp_oldvalue if xp can decrease and you don't want to mult that
    -- again, assuming 4 byte value
    writeInteger(xp_address, (xp_curvalue-xp_oldvalue)*xp_multiplier)
  end
end
{$asm}
[DISABLE]
xp_timer.destroy() -- stop and free timer
Back to top
View user's profile Send private message
logane1102
How do I cheat?
Reputation: 0

Joined: 27 Aug 2017
Posts: 4

PostPosted: Sun Aug 27, 2017 8:05 pm    Post subject: Reply with quote

Ok, if that's the case then I don't think I am experienced in cheat engine enough to be able to make this work.

Thanks for the quick replies.
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 20

Joined: 01 Feb 2016
Posts: 1586

PostPosted: Sun Aug 27, 2017 11:37 pm    Post subject: Reply with quote

i did not read all the posts, anyway have you tried this:

inc eax

just add it above the original instructions.

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote:
i am a sweetheart.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites