Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Help with replacing xmm1 with a floating point
Goto page Previous  1, 2, 3, 4, 5, 6, 7, 8  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
mgr.inz.Player
I post too much
Reputation: 222

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Mon Jul 15, 2013 6:15 am    Post subject: Reply with quote

CE crashes? Weird....

I used aobscan. CE should freeze only for few seconds if it didn't find that array of byte.


Try 32bit cheat engine.

_________________
Back to top
View user's profile Send private message MSN Messenger
shadowpt
Advanced Cheater
Reputation: 0

Joined: 04 Jun 2011
Posts: 82

PostPosted: Mon Jul 15, 2013 6:22 am    Post subject: Reply with quote

mgr.inz.Player wrote:
CE crashes? Weird....

I used aobscan. CE should freeze only for few seconds if it didn't find that array of byte.


Try 32bit cheat engine.


I tried both x64 and x86, the result is the same, CE stalls and then crashes.

Can't I use the address instead? (Phys_32.dll+XXXXXXXX) So far they don't change, not even after restarting the game.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 474

Joined: 09 May 2003
Posts: 25957
Location: The netherlands

PostPosted: Mon Jul 15, 2013 6:25 am    Post subject: Reply with quote

ce can freeze for 10 minutes or longer depending on your cpu and memory (especially if the aob can't be found)
So if the message shows ce is frozen, just ignore it

and do an aobscanmodule for a faster scan

_________________
Tools give you results. Knowledge gives you control.

Like my help? Join me on Patreon so i can keep helping


Last edited by Dark Byte on Mon Jul 15, 2013 6:27 am; edited 1 time in total
Back to top
View user's profile Send private message MSN Messenger
mgr.inz.Player
I post too much
Reputation: 222

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Mon Jul 15, 2013 6:26 am    Post subject: Reply with quote

Yes, you can use Phys_32.dll+XXXXXXXX.
I used aobscan, because I don't know exact location (address).
Use movss xmm0,[eax+30] as your hack point.




@DB
Is it possible that aobscan with 113 bytes can crash CE ?

_________________
Back to top
View user's profile Send private message MSN Messenger
shadowpt
Advanced Cheater
Reputation: 0

Joined: 04 Jun 2011
Posts: 82

PostPosted: Mon Jul 15, 2013 6:30 am    Post subject: Reply with quote

mgr.inz.Player wrote:
Yes, you can use Phys_32.dll+XXXXXXXX.

I used aobscan, because I don't know exact location (address).


Use movss xmm0,[eax+30] as your hack point.


I did, I mentioned the 3 opcodes that I tried. That one specifically sent me flying against the wall, even with 1.5 float.


---------------------------


Edit:

Ok so this is what I figure out so far.

The value that I'm changing is the X axis value (or Y, one of them as I mentioned before) which is the result of some calculations.

The vehicle has a specific incremental value that adds up or down to the total vehicle velocity.

The vehicle has X and Y axis so the game splits the incremental value according to those (where I am pointing at/where I am driving towards at)

It then takes the current speed, adds or decreases and then it ends up as the final Axis velocity.

Now what is going on here is that I am always changing the operation/value at the last part, it is always taking the current speed value, adding the increment and in the end resulting in a way bigger value than before, constantly increasing.

A simple explanation:

What the game is doing all the time (these functions are constantly running)

Speed increment + current X value = new X value

What I am doing

Speed increment + current X value *2 = new X value

So even when I am standing still it will always ramp up, ex:

0.03 + 25 * 2 = 50.03 (instead of just 25.03)

Then the function runs yet again and again and again

0.03 + 50.03 * 2 = 100.09 (this is just the 2nd time the operation is running ant it is already at the hundreds)


So what I am trying is really to find that increment value and double it up so this works as it should

0.03 * 2 + 25 = 25.06
0.03 * 2 + 25.06 = 25.12
0.03 * 2 + 25.12 = 25.18

This is how it should be.

Hope I was clear about it for a better understanding.


Last edited by shadowpt on Mon Jul 15, 2013 6:46 am; edited 2 times in total
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 474

Joined: 09 May 2003
Posts: 25957
Location: The netherlands

PostPosted: Mon Jul 15, 2013 6:36 am    Post subject: Reply with quote

Quote:

@DB
Is it possible that aobscan with 113 bytes can crash CE ?


I really doubt it. At most a very long freeze causing ce's gui to go unresponsive and stops rendering(blank parts) with the text "this program is not responding" in the caption (some people think that's the same as a crash)

If the system's cpu is being eaten up by the game, it can take a while


And try different values, e.g: 0.5 instead of 1.5

_________________
Tools give you results. Knowledge gives you control.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
mgr.inz.Player
I post too much
Reputation: 222

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Mon Jul 15, 2013 6:46 am    Post subject: Reply with quote

Sorry, off topic

@DB, hmm something weird

This works:
aobscan(aob,8B 46 40 F3 0F 10 40 30 F3 0F 58 86 94 00 00 00 F3 0F)

But this doesn't
aobscanmodule(aob,'calc.exe',8B 46 40 F3 0F 10 40 30 F3 0F 58 86 94 00 00 00 F3 0F)

(on calc.exe process)


@shadowpt

Just give me exact address of movss xmm0,[eax+30]


My script (the one which doesn't work for you, because CE freezes)


Works like this:
new speed X = SpeedXDetla *1.5 + current Speed X
new speed Y = SpeedYDetla *1.5 + current Speed Y
new speed Z = SpeedZDetla *1.5 + current Speed Z

_________________


Last edited by mgr.inz.Player on Mon Jul 15, 2013 6:50 am; edited 1 time in total
Back to top
View user's profile Send private message MSN Messenger
shadowpt
Advanced Cheater
Reputation: 0

Joined: 04 Jun 2011
Posts: 82

PostPosted: Mon Jul 15, 2013 6:49 am    Post subject: Reply with quote

Dark Byte wrote:
Quote:

@DB
Is it possible that aobscan with 113 bytes can crash CE ?


I really doubt it. At most a very long freeze causing ce's gui to go unresponsive and stops rendering(blank parts) with the text "this program is not responding" in the caption (some people think that's the same as a crash)

If the system's cpu is being eaten up by the game, it can take a while


And try different values, e.g: 0.5 instead of 1.5


Please read my last edit, it explains why no matter what float value I use it will not work as we expect.

In case of your suggestion it would be like this

0.03+25*0.5=12.8

Effectively slowing it down to a halt and it is indeed what really happens when I use that value in the game.


PS: I already said it but this is never said enough times, I really appreciate all your help you have been giving.






@mgr.inz.Player

The correct address for that OPcode is Phys_x86.dll+1D7C55


Last edited by shadowpt on Mon Jul 15, 2013 6:56 am; edited 2 times in total
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 474

Joined: 09 May 2003
Posts: 25957
Location: The netherlands

PostPosted: Mon Jul 15, 2013 6:53 am    Post subject: Reply with quote

mgr.inz.player:
this works:
Code:

aobscanmodule(aob,calc.exe,8B 46 40 F3 0F 10 40 30 F3 0F 58 86 94 00 00 00 F3 0F)


(Note that modules that have a , in their name will cause problems... )

shadowpt but what about very precise values?
I assume 1.0 works as expected ? (normal speed?)
then what about 1.0000000001 ?

_________________
Tools give you results. Knowledge gives you control.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
mgr.inz.Player
I post too much
Reputation: 222

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Mon Jul 15, 2013 7:06 am    Post subject: Reply with quote

try this (without aobscan)

Then, try changing 1.5 to something smaller: 1.001, 1.0001, and finally 1.0
(after editing AA script you have to disable and then enable it again)



alterspeeddelta.CT
 Description:

Download
 Filename:  alterspeeddelta.CT
 Filesize:  1.13 KB
 Downloaded:  1599 Time(s)


_________________


Last edited by mgr.inz.Player on Mon Jul 15, 2013 7:07 am; edited 1 time in total
Back to top
View user's profile Send private message MSN Messenger
shadowpt
Advanced Cheater
Reputation: 0

Joined: 04 Jun 2011
Posts: 82

PostPosted: Mon Jul 15, 2013 7:07 am    Post subject: Reply with quote

Dark Byte wrote:
mgr.inz.player:
this works:
Code:

aobscanmodule(aob,calc.exe,8B 46 40 F3 0F 10 40 30 F3 0F 58 86 94 00 00 00 F3 0F)


(Note that modules that have a , in their name will cause problems... )

shadowpt but what about very precise values?
I assume 1.0 works as expected ? (normal speed?)
then what about 1.0000000001 ?


Yes 1.0 works for normal speed, it is the same as if it wasn't there.

If I use precise values the same happens, just slower at start. Instead of just flying against the wall I drive normally for a bit and eventually wooosh, I am a smudge on the wall again.


Edit: Wait, no, I will report exactly that back.

Edit2: Well that worked perfectly! I was using 1.5 before and it was too fast, using smaller 1.0001 did the trick! now I only need to put a limiter and I tried this suggestion

mgr.inz.Player wrote:
So, you have to add upper limit.


Code:
sub esp,04
mov [esp],(float)2.0
mulss xmm0,[esp]
add esp,04
movss [eax+30],xmm0

cmp dword ptr [eax+30],(float)400
jb donotadjust
mov dword ptr [eax+30],(float)400

donotadjust:


But it gives me an error "jb donotadjust This instruction can't be compiled", any thoughts?
Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 222

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Mon Jul 15, 2013 7:48 am    Post subject: Reply with quote

This instruction can't be compiled - because you must initialize it with label(donotadjust) at the beginning.




"Well that worked perfectly"
Could you be more specific? Which script worked perfectly? Latest alterspeeddelta.CT ?

And, this isn't that easy. Vehicle (hero, projectiles, etc) speed is a vector.
Vector consists of three scalars (3D games) or two scalars (2D games).

So, in our case we have to limit "vector length", that is:
SQRT(SpeedX*SpeedX + SpeedY*SpeedY + SpeedZ*SpeedZ) must be smaller than "upper limit".

_________________
Back to top
View user's profile Send private message MSN Messenger
shadowpt
Advanced Cheater
Reputation: 0

Joined: 04 Jun 2011
Posts: 82

PostPosted: Mon Jul 15, 2013 7:59 am    Post subject: Reply with quote

mgr.inz.Player wrote:
This instruction can't be compiled - because you must initialize it with label(donotadjust) at the beginning.




"Well that worked perfectly"
Could you be more specific? Which script worked perfectly? Latest alterspeeddelta.CT ?

And, this isn't that easy. Vehicle (hero, projectiles, etc) speed is a vector.
Vector consists of three scalars (3D games) or two scalars (2D games).

So, in our case we have to limit "vector length", that is:
SQRT(SpeedX*SpeedX + SpeedY*SpeedY + SpeedZ*SpeedZ) must be smaller than "upper limit".


Your first suggestion worked perfectly with the float set at 1.0001

This one



Code:
sub esp,04
mov [esp],(float)2.0
mulss xmm0,[esp]
add esp,04
movss [eax+30],xmm0


So how can I do the vector length limit in your code?

BTW this is what currently is working for me, the script that I am using:

Code:
[ENABLE]
//Speedhack
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem6,2048) //2kb should be enough
label(returnhere6)
label(originalcode6)
label(exit6)

newmem6: //this is allocated memory, you have read,write,execute access
//place your code here

sub esp,04
mov [esp],(float)1.015
mulss xmm0,[esp]
add esp,04
movss [eax+48],xmm0

originalcode6:
movss [eax+48],xmm0

exit6:
jmp returnhere6

"Phys_x86.dll"+1D7Caf:
jmp newmem6
returnhere6:




[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem6)
"Phys_x86.dll"+1D7Caf:
movss [eax+48],xmm0
//Alt: db F3 0F 11 86 C8 00 00 00


the "6" is just a script differentiator, it has to be applied to the 6 xmm codes there so I just made 6 different scripts for each opcode that is responsible for the movements. (maybe they are X+ X- Y+ Y- Z+ Z- I have no idea)
Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 222

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Mon Jul 15, 2013 8:41 am    Post subject: Reply with quote

So, when I asked for address for
movss xmm0,[eax+30]

you gave me address for movss [eax+30],xmm0


This is why my latest alterspeeddelta.CT doesn't work

_________________
Back to top
View user's profile Send private message MSN Messenger
shadowpt
Advanced Cheater
Reputation: 0

Joined: 04 Jun 2011
Posts: 82

PostPosted: Mon Jul 15, 2013 8:55 am    Post subject: Reply with quote

mgr.inz.Player wrote:
So, when I asked for address for
movss xmm0,[eax+30]

you gave me address for movss [eax+30],xmm0


This is why my latest alterspeeddelta.CT doesn't work


Oh I'm so sorry! Dislexic moment :/
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Goto page Previous  1, 2, 3, 4, 5, 6, 7, 8  Next
Page 3 of 8

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites