| View previous topic :: View next topic |
| Author |
Message |
vergilganesh
Expert Cheater
 Reputation: 0
Joined: 01 Jul 2013
Posts: 134
Location: India
|
 Posted: Wed Jul 24, 2013 4:49 am Post subject: how to make tougher enemies |
 |
|
In DMC4 is there anyway to make enemies tougher? because i m too bored of enemies die in a few seconds. i found the shared code controlls health of enemy and player
| Code: |
movss [esi+18],xmm0
|
player health = 20000(float)
enemy heath = 600 to 30000(float)
I want some tougher enemies of health 1800 t0 90000. How to do it?
|
|
| Back to top |
|
 |
vergilganesh
Expert Cheater
Reputation: 0
Joined: 01 Jul 2013
Posts: 134
Location: India
|
| Posted: Fri Jul 26, 2013 12:25 am Post subject: |
|
|
| I tried using addss xmm0,xmm0. but every time health is doubled so there is increaing. i can do it in the principle of counter . but how to do with this CE?
|
|
| Back to top |
|
|
eax.qbyte
Advanced Cheater
![]() Reputation: 3
Joined: 25 Jun 2011
Posts: 59
Location: CEDisasmView
|
| Posted: Fri Jul 26, 2013 2:34 am Post subject: |
|
|
Find out what accesses your enemies health. It should show you some lines. Ignore them all.
With the break-point(find out ...) running go in game and shoot a single bullet to the enemy.
It will add some instructions which have run for a few times.
Those are where you should search around for the value that subtracts from an enemy's current health when you hit them. Then you can change that value ex. divide it by 2.
Using code injection that should be easily possible.
_________________
My special thanx to Cheat Engine and its developers. It helps me do the hard and boring but valuable process of understanding the code, easily and with fun. |
|
| Back to top |
|
|
vergilganesh
Expert Cheater
Reputation: 0
Joined: 01 Jul 2013
Posts: 134
Location: India
|
| Posted: Fri Jul 26, 2013 4:45 am Post subject: |
|
|
but accessed instructions are scalar instructions. there is one subss ins but whic is never accessed. see the picture that shows what i got
| Description: |
|
| Filesize: |
134.82 KB |
| Viewed: |
13893 Time(s) |
|
|
|
| Back to top |
|
|
eax.qbyte
Advanced Cheater
![]() Reputation: 3
Joined: 25 Jun 2011
Posts: 59
Location: CEDisasmView
|
| Posted: Fri Jul 26, 2013 6:14 am Post subject: |
|
|
Picture sent by you contains good information.
What I get from it is:
- ESI+18 is your enemy's current health
- ESI+28 is a factor that amplifies the damage taken to that enemy
- EAX+14 is the damage your gun is trying to deal that enemy.
and may be that subss instruction never accesses the health address directly but it subtracts the value received from esi+18 in this op-code movss xmm0,[esi+18] and stores the result in xmm0 then after it, the result value is returned back to [esi+18] in this op-code movss [esi+18],xmm0.
So... at exactly that selected op-code in the picture you have no problem to inject a code to divide the value of xmm1(the dealth dmg that will be subtracted from xmm0) by 2 or 3 or whatever.
| Code: |
....
newmem:
push (float)2.0
divss xmm1, [esp]
add esp,4
originalcode:
....
|
I hope it works.
_________________
My special thanx to Cheat Engine and its developers. It helps me do the hard and boring but valuable process of understanding the code, easily and with fun. |
|
| Back to top |
|
|
mgr.inz.Player
I post too much
 Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Fri Jul 26, 2013 7:30 am Post subject: |
|
|
"there is one subss ins but whic is never accessed"
What eax.qbyte said.
Btw. I found better "super speed" (check other topic)
X axis is accessed by "addss xmm1,[edi+30]"
and Y is accessed by "movss xmm1,[edi+38]"
After analyzing, we can see there are those calculations performed:
newX := Xd * XdMultiplier + oldX
newY := Yd * YdMultiplier + oldY
_________________
|
|
| Back to top |
|
|
vergilganesh
Expert Cheater
Reputation: 0
Joined: 01 Jul 2013
Posts: 134
Location: India
|
| Posted: Sat Jul 27, 2013 12:25 am Post subject: |
|
|
| Analyzing set of instructions is essential in advanced cheating. got it. Special thanks to mgr.inz.player & eaz.qbyte. Thank u buddies.
|
|
| Back to top |
|
|
vergilganesh
Expert Cheater
Reputation: 0
Joined: 01 Jul 2013
Posts: 134
Location: India
|
| Posted: Sun Jul 28, 2013 11:58 am Post subject: |
|
|
i want to know abt floating points. If the codes accessing addresses are
| Code: |
fld dword ptr [memadds]
fsub dword ptr [another]
fstp dword ptr [memadds]
|
how to use the same thing as above
|
|
| Back to top |
|
|
_Veggy
Cheater
![]() Reputation: 2
Joined: 30 Apr 2013
Posts: 34
Location: BReWErS rox your dox
|
| Posted: Mon Jul 29, 2013 1:34 am Post subject: |
|
|
The only difference between what you posted and what mr ing player posted are the stacks being used.
mr ing player uses the system stack (esp) :
push (float)2.0 //push floating point value 40200000 (hex) on the stack
divss xmm1, [esp] //Divide xmm1 reg with 40200000 (divide by 2)
add esp,4 //balance the stack, so we get back to Original stack
before we applied the code
Your code vergilganesh uses the floating point stack.
fld dword ptr [memadds] //push floating point on stack
fsub dword ptr [another] //substract
fstp dword ptr [memadds] //pop back result from stack
Not sure what you exactly want, but both things are doing the same thing.
About your question giving them a higher health.
I would stick your code on a flag like this:
cmp [HealthFlag],01h
je > ..
mov [HealthFlag],00h
mov [HealthAddress], <high value>
etc..
Basicly the above code enables the code ones, than disables the code.
Although you might not have all the enemies at a higher health because it
disables so fast.
In that case I would go for a mouse routine function, hover mouse over enemy, increase health, than fight him like usual.
|
|
| Back to top |
|
|
vergilganesh
Expert Cheater
Reputation: 0
Joined: 01 Jul 2013
Posts: 134
Location: India
|
| Posted: Tue Jul 30, 2013 1:35 am Post subject: |
|
|
If it is fadd instruction is no prblm.
because add ins is like below.
fld dword ptr [pointer]
fadd dword ptr [pointer2]
fstp dword ptr [pointer2]
just multiply with 0.5 or below after the load instruction then the code will be done.
but for the sub instruction this is not actually works. Bcoz fsub ins load floating point of full health at beginning. Hope u understand my prblm
|
|
| Back to top |
|
|
eax.qbyte
Advanced Cheater
![]() Reputation: 3
Joined: 25 Jun 2011
Posts: 59
Location: CEDisasmView
|
| Posted: Tue Jul 30, 2013 7:20 am Post subject: |
|
|
| vergilganesh wrote: | i want to know abt floating points. If the codes accessing addresses are
| Code: |
fld dword ptr [memadds]
fsub dword ptr [another]
fstp dword ptr [memadds]
|
how to use the same thing as above |
I don't get it.
| vergilganesh wrote: | just multiply with 0.5 or below after the load instruction then the code will be done.
but for the sub instruction this is not actually works. Bcoz fsub ins load floating point of full health at beginning. Hope u understand my prblm |
I still don't get it.
Do you want to know what those instructions do? do you want to reverse what they have done? do you want to use SSE instructions to do a similar job?
I mean
| Code: | movss xmm0,[memadds]
subss xmm0,[another]
movss [memadds],xmm0 |
_________________
My special thanx to Cheat Engine and its developers. It helps me do the hard and boring but valuable process of understanding the code, easily and with fun. |
|
| Back to top |
|
|
vergilganesh
Expert Cheater
Reputation: 0
Joined: 01 Jul 2013
Posts: 134
Location: India
|
| Posted: Wed Jul 31, 2013 4:31 am Post subject: |
|
|
I want to make enemies tougher.. I can do it from these codes
| Code: |
fld dword ptr [eax+0c]
fadd dword ptr [ebp+a0]
fstp dword ptr [ebp+a0]
|
Using this code i create a code injection script.
| Code: |
val:
dd (float)0.3
newmem:
fmul dword ptr [val]
originalcode:
fadd dword ptr [ebp+a0]
fstp dword ptr [ebp+a0]
|
for those codes the script is ok.
but what will be the same script if instruction is as shown below.
| Code: |
fld dword ptr [ebp+a0]
fsub dword ptr [eax+0c]
fstp dword ptr [ebp+a0]
|
hope u understand
|
|
| Back to top |
|
|
eax.qbyte
Advanced Cheater
![]() Reputation: 3
Joined: 25 Jun 2011
Posts: 59
Location: CEDisasmView
|
| Posted: Wed Jul 31, 2013 11:01 am Post subject: |
|
|
Ok. If we assume the value stored in [eax+0c] is the dealt damage to the enemy then I think this code does what we want.
| Code: |
label(reHealAmount)
val:
dd (float)0.3
reHealAmount: // we store a percentage of damage taken here and then
dd (float)0.0 // we add it to enemy's health.
newmem: // The hook is after fld dword ptr [ebp+a0] like before.
fld dword ptr [eax+0c] // loading original damage into fpu-stack
fmul dword ptr [val] // getting 0.3 of it
fstp dword ptr [reHealAmount] // storing it in our memory.
fadd dword ptr [reHealAmount] // adding it to enemy's health.
originalcode:
fsub dword ptr [eax+0c]
fstp dword ptr [ebp+a0] |
The code above in math form:
[ebp+a0] = [ebp+a0] - [eax+0c] + ( [eax+0c] *0.3)
Note: In code above I tried to not use other FPU(fld, fstp, ...) instructions than those we have used before and to not change the place you hooked the code.
So you can write a better code by studying more about FPU and it's instructions.
_________________
My special thanx to Cheat Engine and its developers. It helps me do the hard and boring but valuable process of understanding the code, easily and with fun. |
|
| Back to top |
|
|
vergilganesh
Expert Cheater
Reputation: 0
Joined: 01 Jul 2013
Posts: 134
Location: India
|
| Posted: Wed Sep 04, 2013 10:49 am Post subject: |
|
|
I think i found a better route.
| Code: |
fld dword ptr [eax+0c]
movss xmm0, dword [ebp+3c]
mulss xmm0, [multiplier]
movss [ebp+3c], xmm0
fsub dword ptr [ebp+3c]
fstp dword ptr [eax+0c]
|
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
