Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Devil may cry 4 infinite jump hack
Goto page 1, 2  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
vergilganesh
Expert Cheater
Reputation: 0

Joined: 01 Jul 2013
Posts: 134
Location: India

PostPosted: Sun Jul 21, 2013 2:40 am    Post subject: Devil may cry 4 infinite jump hack Reply with quote

I have played devil may cry 4 and i tried to make infinite mid air hack. Someone told that the counter must have 0 and 1 when jump scan for 0 and then double jump scan for 1 he said. I do the same vice versa and used inc dec scan also.(in all type) But i'm unable to find the jump counter. I have been spent more than 20hrs to find this filthy value. Please help me. If u already found infinite jump counter in dmc4 pls tell the address
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger
mgr.inz.Player
I post too much
Reputation: 222

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Sun Jul 21, 2013 2:51 am    Post subject: Reply with quote

Do two jumps: normal and midair , pause game before you fall on ground
Search for value:1 , value type: Byte (1 Byte)

Now, do only one normal jump and pause game before you fall on ground
next scan value:0

after two jumps, next scan value 1
after one jump, next scan value 0
...
...

_________________
Back to top
View user's profile Send private message MSN Messenger
vergilganesh
Expert Cheater
Reputation: 0

Joined: 01 Jul 2013
Posts: 134
Location: India

PostPosted: Sun Jul 21, 2013 3:50 am    Post subject: Reply with quote

yep i found what mistake i ve done previously thanks 4 the immediate response. i have another doubt. i have found walking and running speeds and i doubled it using code injection techniques. but i cant move at double speed. the value is doubled and i move at same speeds but there is a sudden teleport between frames. game doesnt run smoothy. any ideas?
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger
vergilganesh
Expert Cheater
Reputation: 0

Joined: 01 Jul 2013
Posts: 134
Location: India

PostPosted: Sun Jul 21, 2013 11:44 pm    Post subject: Reply with quote

i want to move the character fast not the frames how?
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger
mgr.inz.Player
I post too much
Reputation: 222

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Mon Jul 22, 2013 5:11 pm    Post subject: Reply with quote

Try to find speed vector (speed vector is: three scalar values, one for X, another for Y, and last for Z axis)



Or maybe you already found one of those three scalars? Those scalars are almost always stored as four float values, last value is zero. Possible speed vector structure:

struct speedVector
{
float speed_X; // left right
float speed_Y; // forward backward
float speed_Z; // up down
unsigned int 0;
};

or
struct speedVector
{
float speed_X; // left right
float speed_Z; // up down
float speed_Y; // forward backward
unsigned int 0;
};


Do 'what access' on first scalar value (X speed value), for every opcode found, analyze code (50 lines above and 50 below, of course it depends, 50-50 or better 100-100). There should be some comiss, ucomiss, fcom or fcomp instructions. One of them should be our "hero have his maximum possible speed" check.

Some games are using "speed delta vector" (acceleration vector, a). Some games use "a = F / m". And some of them use friction factor too.


Try finding those comiss, ucomiss, fcom or fcomp instructions. (compare instruction).

Probably speed is compared with value:
- 5.0 - average human walking speed is about 5.0 kilometres per hour
- 1.38 meters per second
- 3.1 miles per hour
- feets or meters per minute (or second)
- units (game engine units) per second



You have to just dig deeper.

_________________
Back to top
View user's profile Send private message MSN Messenger
vergilganesh
Expert Cheater
Reputation: 0

Joined: 01 Jul 2013
Posts: 134
Location: India

PostPosted: Tue Jul 23, 2013 10:45 am    Post subject: Reply with quote

I have found all the three values XYZ co-ordinates. I do what accesses this address. I got lot of instruction of the format of move scalar value to a pointer. some of them are shown below

Code:

movss [ebx+34],xmm0
movss [ecx+34],xmm1
movss [ebx+04],xmm2
movss {ecx+34],xmm3

as you said in the prevoius comment., i searched 100-100. below some of the instructions there is comiss fcom and fcomp instructions. but that instructions doesnt writes any addresses.., Now what should i do to make player faster?[/code]
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger
mgr.inz.Player
I post too much
Reputation: 222

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Tue Jul 23, 2013 4:00 pm    Post subject: Reply with quote

Hmm, maybe my friend still have this game (version 1.00 I think).
(but he is angry when I use CE on his PC. You know, his point of view: CE = hack tool = viruses)

_________________
Back to top
View user's profile Send private message MSN Messenger
vergilganesh
Expert Cheater
Reputation: 0

Joined: 01 Jul 2013
Posts: 134
Location: India

PostPosted: Wed Jul 24, 2013 2:34 am    Post subject: Reply with quote

if u please y dont u just copy the game and test in ur pc. i think all the dmc pc games are just a directplay one. there is no need to install it
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger
mgr.inz.Player
I post too much
Reputation: 222

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Wed Jul 24, 2013 5:08 am    Post subject: Reply with quote

Hmm, I downloaded rip.

I didn't found speed limit yet. But I found this:
DevilMayCry4_DX9.exe+404589: mov byte ptr [ebx+00002838],00
DevilMayCry4_DX9.exe+404590: mov byte ptr [ebx+00002839],00
change this 00 to 01. You will always run.




DevilMayCry4_DX9.exe+3ACA33: add byte ptr [ecx+00001E7E],01
DevilMayCry4_DX9.exe+3ACA51: add byte ptr [ecx+00001E7E],01
change this 01 to 00. You will have infinite air hikes, and you can airhike just after wall jump.

_________________
Back to top
View user's profile Send private message MSN Messenger
vergilganesh
Expert Cheater
Reputation: 0

Joined: 01 Jul 2013
Posts: 134
Location: India

PostPosted: Wed Jul 24, 2013 5:16 am    Post subject: Reply with quote

thanks... pls find speed limit:
stand on ground search(float) 0. walk, pause game, increased value (437.xxxxx) then attain max speed, increased value(454.xxxxxxx). repeat this u find in 6th or 7th scan
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger
mgr.inz.Player
I post too much
Reputation: 222

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Wed Jul 24, 2013 6:44 am    Post subject: Reply with quote

I don't know, It looks like animation timer or something.
_________________
Back to top
View user's profile Send private message MSN Messenger
vergilganesh
Expert Cheater
Reputation: 0

Joined: 01 Jul 2013
Posts: 134
Location: India

PostPosted: Wed Jul 24, 2013 6:55 am    Post subject: Reply with quote

did u find the address and instruction i said before? it writes to some fstp. double the value using code injection and game moves faster not the player not the frames. only a frameskipping takes place. for XYz co-ordinates it varies from -2000 to 2000 (float) and vertical movement -20 to 20(no jumping) in bloody palace.
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger
mgr.inz.Player
I post too much
Reputation: 222

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Wed Jul 24, 2013 8:11 am    Post subject: Reply with quote

Now I'm using this custom type (AA custom type):
Code:
alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)
alloc(TypeName,256)
alloc(ByteSize,4)
alloc(UsesFloat,1)
alloc(PREFEREDALIGNMENT,4)

TypeName:
db 'speed vector normal',0

ByteSize:
dd (int)12

UsesFloat:
db 1

PREFEREDALIGNMENT:
dd 4

ConvertRoutine:
[64-bit]
fld [rcx]
fmul ST(0),ST(0)
fld [rcx+4]
fmul ST(0),ST(0)
faddp
fld [rcx+8]
fmul ST(0),ST(0)
faddp
fsqrt
push eax
fstp [rsp]
pop eax

ret
[/64-bit]

[32-bit]
push ebp
mov ebp,esp
mov eax,[ebp+8] //place the address that contains the bytes into eax

fld [eax]
fmul ST(0),ST(0)
fld [eax+4]
fmul ST(0),ST(0)
faddp
fld [eax+8]
fmul ST(0),ST(0)
faddp
fsqrt
push eax
fstp [esp]
pop eax

pop ebp
ret 4
[/32-bit]


Maybe I will find something.

_________________
Back to top
View user's profile Send private message MSN Messenger
vergilganesh
Expert Cheater
Reputation: 0

Joined: 01 Jul 2013
Posts: 134
Location: India

PostPosted: Wed Jul 24, 2013 9:45 am    Post subject: Reply with quote

007ACF91 - F3 0F11 48 38 - movss [eax+38],xmm1
007A88AB - F3 0F11 4E 38 - movss [esi+38],xmm1
005102FC - F3 0F11 51 08 - movss [ecx+08],xmm2



or

DevilMayCry4_DX9.exe+3ACF91 - F3 0F11 48 38 - movss [eax+38],xmm1
DevilMayCry4_DX9.exe+3A88AB - F3 0F11 4E 38 - movss [esi+38],xmm1
DevilMayCry4_DX9.exe+1102FC - F3 0F11 51 08 - movss [ecx+08],xmm2

this writes lot of addresses
DevilMayCry4_DX9.exe+5FB640 - F3 0F11 4F 38 - movss [edi+38],xmm1




this writes to one single co-ordinate
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger
mgr.inz.Player
I post too much
Reputation: 222

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Wed Jul 24, 2013 10:30 am    Post subject: Reply with quote

OK I found something. This opcode access player position:
0052BE16 - D9 40 30 - fld dword ptr [eax+30]

So, I have player position (XZY), I tried: "find out what access ...", back to game for a few second, move, then back to CE.

("find out what accesses" look for opcodes, those read or overwrite value)
("find out what writes" look for opcodes, those only overwrite value)
So I searched for pair: "read then write", address of opcode which reads must be just before opcode which writes (I think we can assume that maximum opcode address difference can be about 0x200)

And I ignored pair, when only simple copy memory were performed.


And I found this pair:
007ACF79 - F3 0F58 40 30 - addss xmm0,[eax+30]
007ACF87 - F3 0F11 40 30 - movss [eax+30],xmm0

Just above there is interesting opcode, finally:
007ACF75 - F3 0F59 C2 - mulss xmm0,xmm2
007ACF79 - F3 0F58 40 30 - addss xmm0,[eax+30]
(...)
007ACF87 - F3 0F11 40 30 - movss [eax+30],xmm0

Explanation:
xmm0 has something, then xmm0 is multiplied by xmm2. Then value (hero current X position) is added to xmm0.
X position is updated by xmm0.

Formula is:
Xd := Xd * XMM2
PlayerX := Xd + PlayerX




XMM2 is used for Y and Z axis calculations too.



At the beginning of this function, there is:
007ACEF0 - F3 0F10 50 10 - movss xmm2,[eax+10]


So, I made this script:
Code:
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)

newmem:
movss xmm2,[eax+10]
addss xmm2,xmm2

jmp returnhere


"DevilMayCry4_DX9.exe"+3ACEF0:
jmp newmem
returnhere:
 
 
[DISABLE]
dealloc(newmem)
"DevilMayCry4_DX9.exe"+3ACEF0:
movss xmm2,[eax+10]
//Alt: db F3 0F 10 50 10

It doubles xmm2 value. Back in game, walking (while aiming) speed and jumping speed is increased.
Formula is:
XMM2:= XMM2 + XMM2
Xd := Xd * XMM2
PlayerX := Xd + PlayerX




Link

(xmm2 * 2)


I will try other pairs....

_________________
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites