Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Help with replacing xmm1 with a floating point
Goto page Previous  1, 2, 3, 4, 5, 6, 7, 8
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
mgr.inz.Player
I post too much
Reputation: 222

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Sun Jul 21, 2013 2:53 am    Post subject: Reply with quote

movlhps xmm2,xmm2 doesn't assemble correctly, have to use db 0F 16 D2


Code:
[ENABLE]
alloc(UserValues,1024)
alloc(hack,1024)
label(retHere)
label(multiplyBy)
label(skip)
label(doNothing)
label(speedLimit)

UserValues:
multiplyBy:
dd (float)1.10   // speed multiplier

speedLimit:
dd (float)150.0  // speed limit


hack:
push ebx
mov ebx,[Game.exe+02A6F758]
test ebx,ebx
jz skip

mov ebx,[ebx+AC]
test ebx,ebx
jz skip

mov ebx,[ebx+3D8]
test ebx,ebx
jz skip

mov ebx,[ebx+0]
lea ebx,[ebx+60]          // we compare ebx+90 with eax+30, we can compare ebx+60 with eax as well

cmp eax,ebx
jne skip                  // not our vehicle


sub esp,20                  // prepare space
movdqu [esp],xmm1           // store xmm1
movdqu [esp+10],xmm2        // store xmm2

// now we can use xmm0,xmm1 and xmm2

movss xmm0,[multiplyBy]     // get multiply factor
shufps xmm0,xmm0,00

movups xmm1,[esi+00000094]  // get current delta vector
mulps xmm0,xmm1             // multiply delta vector by user value
// xmm0 keeps buffed delta vector

movups xmm1,[eax+30]        // get current speed vector
mulps xmm1,xmm1             // compute squares
movss xmm2,xmm1             // \
shufps xmm1,xmm1,09         //  \
addss xmm2,xmm1             //   calculate vector length
shufps xmm1,xmm1,09         //  /
addss xmm2,xmm1             // /
sqrtss xmm2,xmm2            ///

//movlhps xmm2,xmm2           // store in high
//instruction doesn't assemble, CE needs to be fixed
db 0F 16 D2

movups xmm1,[eax+30]        // get current speed vector
addps xmm1,xmm0             // and add buffed delta vector
mulps xmm1,xmm1             // compute squares
movss xmm2,xmm1             // \
shufps xmm1,xmm1,09         //  \
addss xmm2,xmm1             //   calculate vector length
shufps xmm1,xmm1,09         //  /
addss xmm2,xmm1             // /
sqrtss xmm1,xmm2            ///

movhlps xmm2,xmm2
// xmm1 (low) keeps buffed scalar speed
// xmm2 (low) keeps original scalar speed

comiss xmm1,xmm2             // compare new buffed speed with original speed
jb doNothing                 // if buffed is smaller, vehicle is slowing down. Do normally - do nothing!

comiss xmm1,[speedLimit]     // compare with limit
ja doNothing



movq [esi+00000094],xmm0    // store new delta
movhlps xmm0,xmm0
movss [esi+0000009C],xmm0

doNothing:
movdqu xmm1,[esp]           // restore xmm1
movdqu xmm2,[esp+10]        // restore xmm2
add esp,20

skip:
pop ebx
movss xmm0,[eax+30] //original code
jmp retHere


Phys_x86.dll+1D7C48:
jmp hack
retHere:

[DISABLE]
Phys_x86.dll+1D7C48:
db F3 0F 10 40 30

dealloc(hack)
dealloc(UserValues)

_________________
Back to top
View user's profile Send private message MSN Messenger
shadowpt
Advanced Cheater
Reputation: 0

Joined: 04 Jun 2011
Posts: 82

PostPosted: Sun Jul 21, 2013 7:42 am    Post subject: Reply with quote

That one doesn't crash but it doesn't do anything special too.

I changed the values to higher ones so I could notice a change and all I could tell was the vehicle getting higher? It is as if the suspension got buffed or something like that or the vertical movements got exagerated a bit.

But so far no speed increase, vehicle still drives like before.

EDIT: I tried with another vehicle that has higher speed and it does something after a certain speed is reached, it switches the velocity faster but the overall final velocity is still the same.

It is very similar to what I reported here http://forum.cheatengine.org/viewtopic.php?p=5485599#5485599
Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 222

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Mon Jul 22, 2013 12:31 pm    Post subject: Reply with quote

PM sent.
_________________
Back to top
View user's profile Send private message MSN Messenger
shadowpt
Advanced Cheater
Reputation: 0

Joined: 04 Jun 2011
Posts: 82

PostPosted: Tue Jul 23, 2013 10:46 pm    Post subject: Reply with quote

Hey there just wanted to tell you that I have found a identifier for the esi values!!!

My vehicle always has float -16 @ [ESI+D4], I have compared with other vehicles that aren't mine, enemy and friendly vehicles, they all have 0 and I have -16 at that ESI location.

This is true for the esi+94, 98 and 9C

I have also found the addresses that hold the delta values, changing them does affect my velocity, BIG time so I have to use small values.

Sadly they have no pointers, I went up to 5 levels and zip, nothing. All my other pointers don't go higher than 4 levels so I assume that these addresses are dynamic placeholders for temporary math results which go away once I get a new vehicle.


I am learning so much thanks to your help, guys.



Edit: Corrected esi-d4 to esi+d4 plus more text below


My problem now is, how do I filter it?
Can I do this?

Code:

newmem:
cmp dword ptr [esi+d4],-16
jne originalcode

sub esp,04
mov [esp],(float)2.0
movss xmm9,[esi+0000094]
mulss xmm9,(float)1.015
movss [esi+0000094],xmm9
add esp,04


originalcode:
addss xmm0,[esi+00000094]
Back to top
View user's profile Send private message
daspamer
Grandmaster Cheater Supreme
Reputation: 54

Joined: 13 Sep 2011
Posts: 1588

PostPosted: Tue Jul 23, 2013 11:12 pm    Post subject: Reply with quote

it's floa right?
Then use
cmp [esi+d4],(float)-16.00

_________________
I'm rusty and getting older, help me re-learn lua.
Back to top
View user's profile Send private message Visit poster's website
shadowpt
Advanced Cheater
Reputation: 0

Joined: 04 Jun 2011
Posts: 82

PostPosted: Tue Jul 23, 2013 11:17 pm    Post subject: Reply with quote

DaSpamer wrote:
it's floa right?
Then use
cmp [esi+d4],(float)-16.00


That is correct, it is a float value, wasn't sure if I could directly compare it via dword ptr or without.

And the rest, is it right? My intention is to multiply the current value at esi+0000094 before it is used by the original code


Edit: well that didn't work as I expected, I used

Code:
[ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)

newmem:
cmp [esi+d4],(float)-16.00
jne originalcode

sub esp,04
mov [esp],(float)1.001
movss xmm2,[esi+00000094]
mulss xmm2,[esp]
movss [esi+00000094],xmm2
add esp,04

originalcode:
addss xmm0,[esi+00000094]

exit:
jmp returnhere

Phys_x86.dll+1D7C4D:
jmp newmem
returnhere:




[DISABLE]
dealloc(newmem)
Phys_x86.dll+1D7C4D:
addss xmm0,[esi+00000094]


And when I activate the script, the opcode turns from this

Code:
addss xmm0,[esi+00000094]


to this

Code:
jmp 06070000
add [eax],al
add bl,dh


And eventually the game crashes... Why do those 2 lines show up? Am I using wrong sizes somewhere?
Back to top
View user's profile Send private message
shadowpt
Advanced Cheater
Reputation: 0

Joined: 04 Jun 2011
Posts: 82

PostPosted: Sat Jul 27, 2013 10:02 pm    Post subject: Reply with quote

I think the problem might be that I am replacing the wrong opcode, maybe the best way is to go like this

Code:
[ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)

newmem:
cmp [esi+d4],(float)-16.00
jne originalcode

sub esp,04
mov [esp],(float)1.001
movss xmm2,[esi+00000094]
mulss xmm2,[esp]
movss [esi+00000094],xmm2
add esp,04

originalcode:

exit:
jmp returnhere

Phys_x86.dll+1D7C48:
movss xmm0,[eax+30]
jmp newmem
returnhere:




[DISABLE]
dealloc(newmem)
Phys_x86.dll+1D7C48:
movss xmm0,[eax+30] 


This way I still change the delta before it is used by addss xmm0,[esi+00000094] or at least I think it will, hopefully. Will test it out and see how it goes.

Although I am still confused about the sub esp,04, don't understand how the variables are being accounted for.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Goto page Previous  1, 2, 3, 4, 5, 6, 7, 8
Page 8 of 8

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites