Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Multiply Integer by Float?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
god22
How do I cheat?
Reputation: 0

Joined: 19 Sep 2017
Posts: 6

PostPosted: Tue Sep 19, 2017 5:57 am    Post subject: Multiply Integer by Float? Reply with quote

Hello I am trying to hack some PS2 games but I have run into some snags. What I am trying to do is multiply exp gained in Atelier Iris by a floating point but it crashes every time. I think the game will only accept an integer or something.


[code]
{ Game : pcsx2.exe
Version:
Date : 2017-09-19
Author : GOD

This script does blah blah blah
}

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat



aobscan(INJECT,18 D3 89 11 89 35 E8 F9 D1 01 A1) // should be unique
alloc(newmem,$1000)

label(code)
label(return)
storage:
dd 0
multiplier:
dd (float)1.2
newmem:
mov [storage],edx
fld dword ptr [storage]
fmul dword ptr [multiplier]
fstp dword ptr [storage]
mov edx,[storage]
code:
mov [ecx],edx
mov [pcsx2.exe+10CF9E8],esi
jmp return

INJECT+02:
jmp newmem
nop
nop
nop
return:
registersymbol(INJECT)

[DISABLE]
//code from here till the end of the code will be used to disable the cheat
INJECT+02:
db 89 11 89 35 E8 F9 D1 01

unregistersymbol(INJECT)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: 305DF817

305DF7E7: E9 14 F8 20 D3 - jmp pcsx2.exe+2B9F000
305DF7EC: 8B 35 30 F9 D1 01 - mov esi,[pcsx2.exe+10CF930]
305DF7F2: 8B 15 60 F7 D1 01 - mov edx,[pcsx2.exe+10CF760]
305DF7F8: 8B 0D 80 F7 D1 01 - mov ecx,[pcsx2.exe+10CF780]
305DF7FE: 89 C8 - mov eax,ecx
305DF800: C1 E8 0C - shr eax,0C
305DF803: 8B 04 85 30 20 B4 1D - mov eax,[eax*4+1DB42030]
305DF80A: BB 19 F8 5D 30 - mov ebx,305DF819
305DF80F: 01 C1 - add ecx,eax
305DF811: 0F 88 09 A9 18 D3 - js pcsx2.exe+2B1A120
// ---------- INJECTING HERE ----------
305DF817: 89 11 - mov [ecx],edx
305DF819: 89 35 E8 F9 D1 01 - mov [pcsx2.exe+10CF9E8],esi
// ---------- DONE INJECTING ----------
305DF81F: A1 00 FB D1 01 - mov eax,[pcsx2.exe+10CFB00]
305DF824: 83 C0 02 - add eax,02
305DF827: A3 00 FB D1 01 - mov [pcsx2.exe+10CFB00],eax
305DF82C: 2B 05 28 F6 D1 01 - sub eax,[pcsx2.exe+10CF628]
305DF832: 0F 88 CD F7 20 D3 - js pcsx2.exe+2B9F005
305DF838: E9 C3 F7 20 D3 - jmp pcsx2.exe+2B9F000
305DF83D: A1 40 F8 D1 01 - mov eax,[pcsx2.exe+10CF840]
305DF842: 03 05 60 F8 D1 01 - add eax,[pcsx2.exe+10CF860]
305DF848: 99 - cdq
305DF849: A3 40 F8 D1 01 - mov [pcsx2.exe+10CF840],eax
}
[/code]

When I just use
[code]shl edx,2[/code]
it works fine but I don't want it to be that high; just an extra 15 percent or so.
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 20

Joined: 01 Feb 2016
Posts: 1586

PostPosted: Tue Sep 19, 2017 7:13 am    Post subject: Reply with quote

Code:
storage:
dd 0
multiplier:
dd (float)1.2

place these two anywhere under newmem, unless you will allocate another memory above newmem.

Code:
code:
mov [ecx],edx
mov [pcsx2.exe+10CF9E8],esi
jmp return

the opcode mov [ecx],edx in 99.99% of the time such instructions are called shared instructions and it may access and/or write to 10s of addresses or even 100s.

so make sure its not shared, otherwise you want to separate your address from the others which is nearly impossible with emu's.

the best choice is to use pointers in your script, but also keep in mind that most of the time pointer scans for games that run inside emu's are useless and you might not find a valid pointer.

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote:
i am a sweetheart.
Back to top
View user's profile Send private message Visit poster's website
panraven
Grandmaster Cheater
Reputation: 54

Joined: 01 Oct 2008
Posts: 941

PostPosted: Tue Sep 19, 2017 7:47 am    Post subject: Reply with quote

Try use fild / fistp http://x86.renejeschke.de/html/file_module_x86_id_95.html
instead of fld / fstp because the original format is 4 bytes.
And may use cpu stack to do the fild / fistp since fpu doesn't directly access normal register, eg.
Code:

push  edx
fild  dword ptr[esp]
fmul  dword ptr[multiplier]
fistp dword ptr[esp]
pop   edx

_________________
- Retarded.
Back to top
View user's profile Send private message
god22
How do I cheat?
Reputation: 0

Joined: 19 Sep 2017
Posts: 6

PostPosted: Tue Sep 19, 2017 8:48 am    Post subject: Reply with quote

I have tried both methods to no avail. Side note, sometimes editing edx gives a crazy number. That is the same problem I had with Xenosaga. Edx should be a caclucated value but when you try to change it, it goes batshit insane. I wonder if it is byteswapped or something.

With regular stats, there is no problem ever from my experience.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites