 |
Cheat Engine The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
omoe Grandmaster Cheater
Reputation: 8
Joined: 11 Jun 2013 Posts: 547
|
Posted: Fri Aug 23, 2013 11:08 am Post subject: Script doesnt wanna work , help . |
|
|
So i found my HP address and attacked three enemies and got their addresses then i put it all together and wrote this but it isnt working :/
i die with one shoot everytime , sorry i spammed the forum .
| Code: |
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(player)
registersymbol(aob3)
aobscan(aob3, F2 0F 5C C1 66 0F 5A C0 F3 0F 11 46 6C 0F 57 C0 0F 2F 46 6C)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
cmp [esi+30],0
je player
jmp originalcode
originalcode:
subsd xmm0,xmm1
jmp returnhere
player:
addsd xmm0,xmm1
jmp returnhere
aob3:
jmp newmem
nop
nop
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
aob3:
subsd xmm0,xmm1
cvtpd2ps xmm0,xmm0
//Alt: db F2 0F 5C C1 66 0F 5A C0
unregistersymbol(aob3) |
| Description: |
|
| Filesize: |
369.92 KB |
| Viewed: |
9933 Time(s) |

|
|
|
| Back to top |
|
 |
Dark Byte Site Admin
Reputation: 474
Joined: 09 May 2003 Posts: 25954 Location: The netherlands
|
Posted: Fri Aug 23, 2013 11:18 am Post subject: |
|
|
perhaps health is stored as damage taken
_________________
Tools give you results. Knowledge gives you control.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
 |
omoe Grandmaster Cheater
Reputation: 8
Joined: 11 Jun 2013 Posts: 547
|
Posted: Fri Aug 23, 2013 11:20 am Post subject: |
|
|
| Dark Byte wrote: | | perhaps health is stored as damage taken |
Uhmm , What should i do then? when i nop the code both player and enemy get inf.health just like you said, Btw This cheat is for Tom Clancy's Splinter Cell® Blacklist™
|
|
| Back to top |
|
 |
mgr.inz.Player I post too much
Reputation: 222
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Fri Aug 23, 2013 11:57 am Post subject: |
|
|
Maybe your filter doesn't always work ([esi+30])
Create script that doesn't change anything. Just do simple default injection and add this:
| Code: |
(...)
cmp esi,playerHealthBaseAddress
jne notPlayerDoOriginalStuff
push eax
mov eax,[esi+30] // get value
lea eax,[eax] // load effective address
pop eax
(...) |
and use "globalalloc(newmem,2048)"
Inject that code, open memory viewer, go to "newmem", right click at
lea eax,[eax]
And choose "find out what .....". That way you can test what values are kept here [esi+30]. Maybe for player it's not always zero.
How did you found this health address anyway? "Scan increased after health increased, and scan decreased after health decreased/yougotdamage" ?
_________________
|
|
| Back to top |
|
 |
omoe Grandmaster Cheater
Reputation: 8
Joined: 11 Jun 2013 Posts: 547
|
Posted: Fri Aug 23, 2013 12:35 pm Post subject: |
|
|
| mgr.inz.Player wrote: | Maybe your filter doesn't always work ([esi+30])
Create script that doesn't change anything. Just do simple default injection and add this:
| Code: |
(...)
cmp esi,playerHealthBaseAddress
jne notPlayerDoOriginalStuff
push eax
mov eax,[esi+30] // get value
lea eax,[eax] // load effective address
pop eax
(...) |
and use "globalalloc(newmem,2048)"
Inject that code, open memory viewer, go to "newmem", right click at
lea eax,[eax]
And choose "find out what .....". That way you can test what values are kept here [esi+30]. Maybe for player it's not always zero.
How did you found this health address anyway? "Scan increased after health increased, and scan decreased after health decreased/yougotdamage" ? |
Yes actually and when i nop it health freezed but for both player and enemy.
looks like [esi+30] doesnt have a value .
|
|
| Back to top |
|
 |
mgr.inz.Player I post too much
Reputation: 222
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Fri Aug 23, 2013 2:19 pm Post subject: |
|
|
Did you use your own playerHealthBaseAddress ?
_________________
|
|
| Back to top |
|
 |
omoe Grandmaster Cheater
Reputation: 8
Joined: 11 Jun 2013 Posts: 547
|
Posted: Fri Aug 23, 2013 2:41 pm Post subject: |
|
|
| mgr.inz.Player wrote: | | Did you used your own playerHealthBaseAddress ? |
Yes i did , It doesnt work :/
|
|
| Back to top |
|
 |
mgr.inz.Player I post too much
Reputation: 222
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Fri Aug 23, 2013 2:42 pm Post subject: |
|
|
How many entries occurred in "Changed Addresses" window ?
_________________
|
|
| Back to top |
|
 |
omoe Grandmaster Cheater
Reputation: 8
Joined: 11 Jun 2013 Posts: 547
|
Posted: Sat Aug 24, 2013 4:11 am Post subject: |
|
|
| mgr.inz.Player wrote: | | How many entries occurred in "Changed Addresses" window ? |
one entry , the value of it " lea eax,[eax] " was ??????
Last edited by omoe on Sat Aug 24, 2013 5:06 am; edited 2 times in total |
|
| Back to top |
|
 |
mgr.inz.Player I post too much
Reputation: 222
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Sat Aug 24, 2013 4:58 am Post subject: |
|
|
In this case, if we "find out what ....." lea instruction, values aren't important, addresses are.
Anyway, one entry = one address = filtering works.
By looking at code you posted (screenshot):
| Code: | xorps xmm0,xmm0 // A[ ] := {0,0,0,0}
cvtsi2ss xmm0,eax // A[0] := eax
jmp
xor eax,eax // eax:=0
xorps xmm0,xmm0 // A[ ] := {0,0,0,0}
cvtsi2ss xmm0,eax // A[0] := eax
jmp
cvtps2pd xmm0,xmm0 // A[ ]:=(double)A[]
cvtps2pd xmm1,xmm1 // B[ ]:=(double)B[]
subsd xmm0,xmm1 // A[0]:=A[0]-B[0]
cvtpd2ps xmm0,xmm0 // A[ ]:=(single)A[]
movss [esi+6c],xmm0 // [esi+6c]:=A[0]
xorps xmm0,xmm0 // A[ ]:= {0,0,0,0}
comiss xmm0,[esi+6c] // compare 0.0 with [esi+6c]
jb // jump if 0.0 < [esi+6c] |
try something like this:
cvtps2pd xmm0,xmm0 <- hackpoint
| Code: | (...)
newmem:
cmp [esi+30],0
jne original
xorps xmm1,xmm1
original:
cvtps2pd xmm0,xmm0
cvtps2pd xmm1,xmm1
jmp returnhere
(...) |
_________________
|
|
| Back to top |
|
 |
omoe Grandmaster Cheater
Reputation: 8
Joined: 11 Jun 2013 Posts: 547
|
Posted: Sat Aug 24, 2013 5:08 am Post subject: |
|
|
| mgr.inz.Player wrote: | In this case, if we "find out what ....." lea instruction, values aren't important, addresses are.
Anyway, one entry = one address = filtering works.
By looking at code you posted (screenshot):
| Code: | xorps xmm0,xmm0 // A[ ] := {0,0,0,0}
cvtsi2ss xmm0,eax // A[0] := eax
jmp
xor eax,eax // eax:=0
xorps xmm0,xmm0 // A[ ] := {0,0,0,0}
cvtsi2ss xmm0,eax // A[0] := eax
jmp
cvtps2pd xmm0,xmm0 // A[ ]:=(double)A[]
cvtps2pd xmm1,xmm1 // B[ ]:=(double)B[]
subsd xmm0,xmm1 // A[0]:=A[0]-B[0]
cvtpd2ps xmm0,xmm0 // A[ ]:=(single)A[]
movss [esi+6c],xmm0 // [esi+6c]:=A[0]
xorps xmm0,xmm0 // A[ ]:= {0,0,0,0}
comiss xmm0,[esi+6c] // compare 0.0 with [esi+6c]
jb // jump if 0.0 < [esi+6c] |
try something like this:
cvtps2pd xmm0,xmm0 <- hackpoint
| Code: | (...)
newmem:
cmp [esi+30],0
jne original
xorps xmm1,xmm1
original:
cvtps2pd xmm0,xmm0
cvtps2pd xmm1,xmm1
jmp returnhere
(...) |
|
just adding "cvtpd2ps xmm0,xmm0" to the first script under " subsd xmm0,xmm1 " and under " addsd xmm0,xmm1 " fixed the problem , Thank you !
|
|
| Back to top |
|
 |
mgr.inz.Player I post too much
Reputation: 222
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Sat Aug 24, 2013 5:40 am Post subject: |
|
|
| Code: | (...)
newmem:
cmp [esi+30],0
jne original
xorps xmm1,xmm1
original:
cvtps2pd xmm0,xmm0
cvtps2pd xmm1,xmm1
jmp returnhere
(...) |
Should work too. xmm1 keeps damageValue and we just zero it if player.
Yes, now I see you forgot cvtpd2ps xmm0,xmm0 in your previous script (I didn't check that, I though you used default code injection).
Converting from double to single is important. Otherwise you write 0 instead of 450.0
407C200000000000 hex = 450.0 (double)
00000000 hex = 0.0 (single)
407C2000 hex = 3.939453125 (single)
You used this: addsd xmm0,xmm1
Instead subtracting damageValue from currentHealth you do the otherwise. But, other games can break if currentHealth is bigger than max (HUD can break, game can crash).
_________________
|
|
| Back to top |
|
 |
omoe Grandmaster Cheater
Reputation: 8
Joined: 11 Jun 2013 Posts: 547
|
Posted: Sun Aug 25, 2013 8:49 am Post subject: |
|
|
| mgr.inz.Player wrote: | | Code: | (...)
newmem:
cmp [esi+30],0
jne original
xorps xmm1,xmm1
original:
cvtps2pd xmm0,xmm0
cvtps2pd xmm1,xmm1
jmp returnhere
(...) |
Should work too. xmm1 keeps damageValue and we just zero it if player.
Yes, now I see you forgot cvtpd2ps xmm0,xmm0 in your previous script (I didn't check that, I though you used default code injection).
Converting from double to single is important. Otherwise you write 0 instead of 450.0
407C200000000000 hex = 450.0 (double)
00000000 hex = 0.0 (single)
407C2000 hex = 3.939453125 (single)
You used this: addsd xmm0,xmm1
Instead subtracting damageValue from currentHealth you do the otherwise. But, other games can break if currentHealth is bigger than max (HUD can break, game can crash). |
I actually used addsd to test if it was working correctly, In my script i just put //movsd xmm0,xmm1
|
|
| Back to top |
|
 |
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|