Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Script doesnt wanna work , help .

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
omoe
Grandmaster Cheater
Reputation: 8

Joined: 11 Jun 2013
Posts: 547

PostPosted: Fri Aug 23, 2013 11:08 am    Post subject: Script doesnt wanna work , help . Reply with quote

So i found my HP address and attacked three enemies and got their addresses then i put it all together and wrote this but it isnt working :/
i die with one shoot everytime , sorry i spammed the forum .
Code:

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(player)
registersymbol(aob3)
aobscan(aob3, F2 0F 5C C1 66 0F 5A C0 F3 0F 11 46 6C 0F 57 C0 0F 2F 46 6C)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
cmp [esi+30],0
je player
jmp originalcode
originalcode:
subsd xmm0,xmm1
jmp returnhere

player:
addsd xmm0,xmm1
jmp returnhere

aob3:
jmp newmem
nop
nop
nop
returnhere:




[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
aob3:
subsd xmm0,xmm1
cvtpd2ps xmm0,xmm0
//Alt: db F2 0F 5C C1 66 0F 5A C0
unregistersymbol(aob3)



ss.jpg
 Description:
 Filesize:  369.92 KB
 Viewed:  9938 Time(s)

ss.jpg


Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 474

Joined: 09 May 2003
Posts: 25954
Location: The netherlands

PostPosted: Fri Aug 23, 2013 11:18 am    Post subject: Reply with quote

perhaps health is stored as damage taken
_________________
Tools give you results. Knowledge gives you control.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
omoe
Grandmaster Cheater
Reputation: 8

Joined: 11 Jun 2013
Posts: 547

PostPosted: Fri Aug 23, 2013 11:20 am    Post subject: Reply with quote

Dark Byte wrote:
perhaps health is stored as damage taken

Uhmm , What should i do then? when i nop the code both player and enemy get inf.health just like you said, Btw This cheat is for Tom Clancy's Splinter Cell® Blacklist™
Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 222

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Fri Aug 23, 2013 11:57 am    Post subject: Reply with quote

Maybe your filter doesn't always work ([esi+30])



Create script that doesn't change anything. Just do simple default injection and add this:
Code:

(...)
cmp esi,playerHealthBaseAddress
jne notPlayerDoOriginalStuff

push eax
mov eax,[esi+30] // get value
lea eax,[eax]       // load effective address
pop eax
(...)


and use "globalalloc(newmem,2048)"


Inject that code, open memory viewer, go to "newmem", right click at
lea eax,[eax]

And choose "find out what .....". That way you can test what values are kept here [esi+30]. Maybe for player it's not always zero.




How did you found this health address anyway? "Scan increased after health increased, and scan decreased after health decreased/yougotdamage" ?

_________________
Back to top
View user's profile Send private message MSN Messenger
omoe
Grandmaster Cheater
Reputation: 8

Joined: 11 Jun 2013
Posts: 547

PostPosted: Fri Aug 23, 2013 12:35 pm    Post subject: Reply with quote

mgr.inz.Player wrote:
Maybe your filter doesn't always work ([esi+30])



Create script that doesn't change anything. Just do simple default injection and add this:
Code:

(...)
cmp esi,playerHealthBaseAddress
jne notPlayerDoOriginalStuff

push eax
mov eax,[esi+30] // get value
lea eax,[eax]       // load effective address
pop eax
(...)


and use "globalalloc(newmem,2048)"


Inject that code, open memory viewer, go to "newmem", right click at
lea eax,[eax]

And choose "find out what .....". That way you can test what values are kept here [esi+30]. Maybe for player it's not always zero.




How did you found this health address anyway? "Scan increased after health increased, and scan decreased after health decreased/yougotdamage" ?

Yes actually and when i nop it health freezed but for both player and enemy.


looks like [esi+30] doesnt have a value .
Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 222

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Fri Aug 23, 2013 2:19 pm    Post subject: Reply with quote

Did you use your own playerHealthBaseAddress ?
_________________
Back to top
View user's profile Send private message MSN Messenger
omoe
Grandmaster Cheater
Reputation: 8

Joined: 11 Jun 2013
Posts: 547

PostPosted: Fri Aug 23, 2013 2:41 pm    Post subject: Reply with quote

mgr.inz.Player wrote:
Did you used your own playerHealthBaseAddress ?

Yes i did , It doesnt work :/
Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 222

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Fri Aug 23, 2013 2:42 pm    Post subject: Reply with quote

How many entries occurred in "Changed Addresses" window ?
_________________
Back to top
View user's profile Send private message MSN Messenger
omoe
Grandmaster Cheater
Reputation: 8

Joined: 11 Jun 2013
Posts: 547

PostPosted: Sat Aug 24, 2013 4:11 am    Post subject: Reply with quote

mgr.inz.Player wrote:
How many entries occurred in "Changed Addresses" window ?

one entry , the value of it " lea eax,[eax] " was ??????


Last edited by omoe on Sat Aug 24, 2013 5:06 am; edited 2 times in total
Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 222

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Sat Aug 24, 2013 4:58 am    Post subject: Reply with quote

In this case, if we "find out what ....." lea instruction, values aren't important, addresses are.
Anyway, one entry = one address = filtering works.


By looking at code you posted (screenshot):
Code:
xorps xmm0,xmm0          // A[ ] := {0,0,0,0}
cvtsi2ss xmm0,eax        // A[0] := eax
jmp
xor eax,eax              // eax:=0
xorps xmm0,xmm0          // A[ ] := {0,0,0,0}
cvtsi2ss xmm0,eax        // A[0] := eax
jmp
cvtps2pd xmm0,xmm0       // A[ ]:=(double)A[]
cvtps2pd xmm1,xmm1       // B[ ]:=(double)B[]
subsd xmm0,xmm1          // A[0]:=A[0]-B[0]
cvtpd2ps xmm0,xmm0       // A[ ]:=(single)A[]
movss [esi+6c],xmm0      // [esi+6c]:=A[0]
xorps xmm0,xmm0          // A[ ]:= {0,0,0,0}
comiss xmm0,[esi+6c]     // compare 0.0 with [esi+6c]
jb                       // jump if 0.0 < [esi+6c]



try something like this:
cvtps2pd xmm0,xmm0 <- hackpoint

Code:
(...)
newmem:
cmp [esi+30],0
jne original

xorps xmm1,xmm1

original:
cvtps2pd xmm0,xmm0
cvtps2pd xmm1,xmm1
jmp returnhere
(...)

_________________
Back to top
View user's profile Send private message MSN Messenger
omoe
Grandmaster Cheater
Reputation: 8

Joined: 11 Jun 2013
Posts: 547

PostPosted: Sat Aug 24, 2013 5:08 am    Post subject: Reply with quote

mgr.inz.Player wrote:
In this case, if we "find out what ....." lea instruction, values aren't important, addresses are.
Anyway, one entry = one address = filtering works.


By looking at code you posted (screenshot):
Code:
xorps xmm0,xmm0          // A[ ] := {0,0,0,0}
cvtsi2ss xmm0,eax        // A[0] := eax
jmp
xor eax,eax              // eax:=0
xorps xmm0,xmm0          // A[ ] := {0,0,0,0}
cvtsi2ss xmm0,eax        // A[0] := eax
jmp
cvtps2pd xmm0,xmm0       // A[ ]:=(double)A[]
cvtps2pd xmm1,xmm1       // B[ ]:=(double)B[]
subsd xmm0,xmm1          // A[0]:=A[0]-B[0]
cvtpd2ps xmm0,xmm0       // A[ ]:=(single)A[]
movss [esi+6c],xmm0      // [esi+6c]:=A[0]
xorps xmm0,xmm0          // A[ ]:= {0,0,0,0}
comiss xmm0,[esi+6c]     // compare 0.0 with [esi+6c]
jb                       // jump if 0.0 < [esi+6c]



try something like this:
cvtps2pd xmm0,xmm0 <- hackpoint

Code:
(...)
newmem:
cmp [esi+30],0
jne original

xorps xmm1,xmm1

original:
cvtps2pd xmm0,xmm0
cvtps2pd xmm1,xmm1
jmp returnhere
(...)


just adding "cvtpd2ps xmm0,xmm0" to the first script under " subsd xmm0,xmm1 " and under " addsd xmm0,xmm1 " fixed the problem , Thank you !
Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 222

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Sat Aug 24, 2013 5:40 am    Post subject: Reply with quote

Code:
(...)
newmem:
cmp [esi+30],0
jne original

xorps xmm1,xmm1

original:
cvtps2pd xmm0,xmm0
cvtps2pd xmm1,xmm1
jmp returnhere
(...)

Should work too. xmm1 keeps damageValue and we just zero it if player.



Yes, now I see you forgot cvtpd2ps xmm0,xmm0 in your previous script (I didn't check that, I though you used default code injection).
Converting from double to single is important. Otherwise you write 0 instead of 450.0


407C200000000000 hex = 450.0 (double)
00000000 hex = 0.0 (single)
407C2000 hex = 3.939453125 (single)




You used this: addsd xmm0,xmm1
Instead subtracting damageValue from currentHealth you do the otherwise. But, other games can break if currentHealth is bigger than max (HUD can break, game can crash).

_________________
Back to top
View user's profile Send private message MSN Messenger
omoe
Grandmaster Cheater
Reputation: 8

Joined: 11 Jun 2013
Posts: 547

PostPosted: Sun Aug 25, 2013 8:49 am    Post subject: Reply with quote

mgr.inz.Player wrote:
Code:
(...)
newmem:
cmp [esi+30],0
jne original

xorps xmm1,xmm1

original:
cvtps2pd xmm0,xmm0
cvtps2pd xmm1,xmm1
jmp returnhere
(...)

Should work too. xmm1 keeps damageValue and we just zero it if player.



Yes, now I see you forgot cvtpd2ps xmm0,xmm0 in your previous script (I didn't check that, I though you used default code injection).
Converting from double to single is important. Otherwise you write 0 instead of 450.0


407C200000000000 hex = 450.0 (double)
00000000 hex = 0.0 (single)
407C2000 hex = 3.939453125 (single)




You used this: addsd xmm0,xmm1
Instead subtracting damageValue from currentHealth you do the otherwise. But, other games can break if currentHealth is bigger than max (HUD can break, game can crash).

I actually used addsd to test if it was working correctly, In my script i just put //movsd xmm0,xmm1
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites