|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
NoMoreBSoD Advanced Cheater Reputation: 3
Joined: 03 Sep 2013 Posts: 85
|
Posted: Thu Apr 24, 2014 7:53 pm Post subject: Float values |
|
|
I found the assembly code that update current stamina in Dark Souls 2 and it's a float value :
Code: | fstp dword ptr [eax+00000140] |
I also now that the max value is stored very close in eax+148.
How do I make it so that my max stamina is always copied in my current stamina ? I can do it easily with 4 bytes values but float (and doubles) are a mystery to me.
|
|
Back to top |
|
|
justa_dude Grandmaster Cheater Reputation: 23
Joined: 29 Jun 2010 Posts: 891
|
Posted: Thu Apr 24, 2014 10:26 pm Post subject: Re: Float values |
|
|
NoMoreBSoD wrote: | I found the assembly code that update current stamina in Dark Souls 2 and it's a float value :
Code: | fstp dword ptr [eax+00000140] |
I also now that the max value is stored very close in eax+148.
How do I make it so that my max stamina is always copied in my current stamina ? I can do it easily with 4 bytes values but float (and doubles) are a mystery to me. |
Since both values are already encoded as floats, you merely overwrite one with the other. You can use your normal mov operations to do so, as a float is merely a four-byte chunk of memory.
_________________
A nagy kapu mellett, mindig van egy kis kapu.
----------------------
Come on... |
|
Back to top |
|
|
NoMoreBSoD Advanced Cheater Reputation: 3
Joined: 03 Sep 2013 Posts: 85
|
Posted: Thu Apr 24, 2014 10:31 pm Post subject: |
|
|
Thank you Justa_dude !
But let's say I want to create an easy kill script that would store the float value 1 as long as the enemy health value is higher than 1. How would I do that ? It's easy with 4 bytes, but mysterious in float/double.
|
|
Back to top |
|
|
justa_dude Grandmaster Cheater Reputation: 23
Joined: 29 Jun 2010 Posts: 891
|
Posted: Fri Apr 25, 2014 1:32 am Post subject: |
|
|
NoMoreBSoD wrote: | Thank you Justa_dude ! :D
But let's say I want to create an easy kill script that would store the float value 1 as long as the enemy health value is higher than 1. How would I do that ? It's easy with 4 bytes, but mysterious in float/double. |
I don't know anything about the game you're trying to hack, and you haven't given me any information whatsoever about enemy health values. If it works like the health you've described above, though, you'd fld the constant 1.0 and fcomp it to the location you've already found and branch accordingly.
_________________
A nagy kapu mellett, mindig van egy kis kapu.
----------------------
Come on... |
|
Back to top |
|
|
mgr.inz.Player I post too much Reputation: 218
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Fri Apr 25, 2014 7:44 am Post subject: |
|
|
Sometimes two hit kill is better. One hit kill cheat can cause some issues (for example DeadSpace2 and DeadSpace3 miniboss fights. After "one hit kill" that boss, doors are still locked)
Example, for HL1 mod:
Code: | hl.dll+AB846 - D9 81 64010000 - fld dword ptr [ecx+00000164] // load health to ST0
hl.dll+AB84C - D8 65 F8 - fsub dword ptr [ebp-08] // subtract (damage dealt)
hl.dll+AB84F - 8B 55 FC - mov edx,[ebp-04]
hl.dll+AB852 - 8B 42 04 - mov eax,[edx+04]
hl.dll+AB855 - D9 98 64010000 - fstp dword ptr [eax+00000164] // save "decreased" health value
|
This piece of code touches player health and enemy health. So, it is "shared" code (function). Player and monsters inherit from some base class which implements a method which deducts health.
Cheat:
Code: | [ENABLE]
alloc(newmem,2048)
label(returnhere)
label(exit)
newmem:
cmp [ebp+04],hl.player+B97
je exit
cmp dword ptr [ecx+00000164],(float)6.0
jnge exit
mov dword ptr [ecx+00000164],(float)5.0
exit:
fld dword ptr [ecx+00000164]
jmp returnhere
"hl.dll"+AB846:
jmp newmem
nop
returnhere:
[DISABLE]
dealloc(newmem)
"hl.dll"+AB846:
fld dword ptr [ecx+00000164]
//Alt: db D9 81 64 01 00 00 |
As mentioned earlier, this code access player health and enemies health, so we have to take that into account.
You need a way of identifying whether or not the receiver object is your main character. For this, you need to reverse engineer the object and try to find something which would be unique to your character. For example, is some games I analyze those:
call stack (return addresses kept in stack), stack, data structure, registers.
Read tutorials, "filtering", "compare structures", do tutorial step 9.
I found out I can use call stack:
Code: | cmp [ebp+04],hl.player+B97 // compare value kept in [ebp+4] with hl.player+B97
je exit // if equal, this is player, so skip cheat |
Because, in this game, health is "float value" and is always bigger than zero (or equal to zero when dead) we can use cmp and jl jle jnle jnl jg jge jnge jng ja jae jnae jna jb jbe jnbe jnb instructions. (note, jle==jng, jg==jnle, and so on)
It will work because we compare positive value (bigger or equal to zero) with another positive value.
This piece of code checks monster (enemy) health. If it is less than 6.0, just skip cheat.
Code: | cmp dword ptr [ecx+00000164],(float)6.0
jnge exit // jump if not greater or equal, so ( NOT >= ) == ( < ), so, jump if less |
If it is not lower, write 5.0
Code: | mov dword ptr [ecx+00000164],(float)5.0 |
_________________
|
|
Back to top |
|
|
NoMoreBSoD Advanced Cheater Reputation: 3
Joined: 03 Sep 2013 Posts: 85
|
Posted: Fri Apr 25, 2014 9:27 am Post subject: |
|
|
Wow thanks a lot ! I was getting in assembly hell by trying to do it with compss, fcomip, comisd, ucomisd and even converting values with cvtss2sd and the like when all I had to add was use a dword ptr argument and a (float). Your explanation should simplify by Cheat Engine life by a lot.
|
|
Back to top |
|
|
mgr.inz.Player I post too much Reputation: 218
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Fri Apr 25, 2014 11:02 am Post subject: |
|
|
Yes, for simple tasks, cmp and jl jle jg jge is enough.
_________________
|
|
Back to top |
|
|
justa_dude Grandmaster Cheater Reputation: 23
Joined: 29 Jun 2010 Posts: 891
|
Posted: Fri Apr 25, 2014 3:07 pm Post subject: |
|
|
mgr.inz.Player wrote: | NoMoreBSoD wrote: | Wow thanks a lot ! I was getting in assembly hell by trying to do it with compss, fcomip, comisd, ucomisd and even converting values with cvtss2sd and the like when all I had to add was use a dword ptr argument and a (float). Your explanation should simplify by Cheat Engine life by a lot. |
Yes, for simple tasks, cmp and jl jle jg jge is enough. |
No offense to miP, who knows a lot about a lot of things, but your first inclination is the correct one. It isn't safe to assume that for two floats, the largest will have a correspondingly larger encoding. Eg, 2.0 = 0x40000000 while -2.0 = 0xc0000000. It's easy enough to use the x87 float routines, so if you're doing arithmetic with floats or doubles that's probably what you should be doing.
_________________
A nagy kapu mellett, mindig van egy kis kapu.
----------------------
Come on... |
|
Back to top |
|
|
mgr.inz.Player I post too much Reputation: 218
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Fri Apr 25, 2014 3:54 pm Post subject: |
|
|
Quote: | Because, in this game, health is "float value" and is always bigger than zero (or equal to zero when dead) |
Quote: | It will work because we compare positive value (bigger or equal to zero) with another positive value. |
Quote: | Yes, for simple tasks, cmp and jl jle jg jge is enough. |
simple tasks == the one discussed in this topic + other "health", "stamina", "char attributes bigger than zero" cheats.
_________________
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|