Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Help with mov/movss

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
kik4444
Expert Cheater
Reputation: 0

Joined: 07 Sep 2013
Posts: 120
Location: Bulgaria

PostPosted: Wed Nov 20, 2013 5:43 am    Post subject: Help with mov/movss Reply with quote

Hey, I know I already made a topic about this, but is something else and I need a veteran's opinion on this. So this is a code for a game where my and my enemies' health is stored in the same code. So I found the base addresses and compared them and found an offset which I'm pretty sure doesn't move and I used that to compare it to. I made the code something like (the game kept crashing so I recreated it on memory) this:
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)

newmem: //this is allocated memory, you have read,write,execute access
//place your code here

cmp [esi+1F1],00000001
je exit
jmp originalcode

originalcode:
movss [esi+eax*4+00000384],xmm0
jmp returnhere

exit:
movss [esi+999999999999],xmm0
movss [esi+eax*4+00000384],xmm0
jmp returnhere

"Injustice.exe"+9304BF:
jmp newmem
nop
nop
nop
nop
returnhere:




[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"Injustice.exe"+9304BF:
movss [esi+eax*4+00000384],xmm0
//Alt: db F3 0F 11 84 86 84 03 00 00

But when activating this and when I hit my enemy or if he hits me, the game instantly crashes to the desktop without an error report. Is there something wrong with the code?
In EXIT if I were to do it like this:

mov xmm0,#999999

CE refuses to compile it.
Back to top
View user's profile Send private message
zm0d
Master Cheater
Reputation: 7

Joined: 06 Nov 2013
Posts: 423

PostPosted: Wed Nov 20, 2013 6:00 am    Post subject: Reply with quote

kik4444 wrote:
movss [esi+999999999999],xmm0


Shocked Here you're moving the float value from the xmm0 register to the ESI address with the OFFSET
999999999999.

The value from the xmm0 register will tried to be store at ESI+999999999999, that is even out of the virtual address space for process.

Search for virtual address space and you will find something about it at the MSDN.

What should the 999999999999 be? Your health value?
Back to top
View user's profile Send private message
kik4444
Expert Cheater
Reputation: 0

Joined: 07 Sep 2013
Posts: 120
Location: Bulgaria

PostPosted: Wed Nov 20, 2013 6:08 am    Post subject: Reply with quote

Yes. I want to put that number into xmm0 or at the very least freeze it in the script. I tried both freezing it and doing it like this:

movss [esi+999999999999],xmm0

but both times the game crashes to desktop without an error report when I hit my enemy or if he hits me.
BTW, when I say "Freezing it in the script", I mean doing it like this:

//movss [esi+eax*4+00000384],xmm0

but both times the game crashes
Back to top
View user's profile Send private message
zm0d
Master Cheater
Reputation: 7

Joined: 06 Nov 2013
Posts: 423

PostPosted: Wed Nov 20, 2013 6:12 am    Post subject: This post has 1 review(s) Reply with quote

ESI+999999999999 will access an address totally out of your processes memory. That won't work. I edit my upper post right before you posted. Take a look at Virtual Address Space.
Back to top
View user's profile Send private message
podstanar
Advanced Cheater
Reputation: 4

Joined: 02 May 2012
Posts: 82
Location: Flatland

PostPosted: Wed Nov 20, 2013 6:14 am    Post subject: Reply with quote

Hello. You made a few mistakes here. For example,
Code:
mov xmm0,#999999

refuses to compile because MMX/SSE registers don't have store/load operation for immediate values. Also,
Code:
movss [esi+999999999999],xmm0

will obviously never work, considering the noted offset. In short, you can try using something like this:

Code:
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)


newmem: //this is allocated memory, you have read,write,execute access

cmp [esi+1F1],1
jne originalcode

push eax
mov eax,(float) "Input max value here" (Without the quotation marks)
movd xmm0,eax
pop eax

originalcode:
movss [esi+eax*4+00000384],xmm0
jmp returnhere

exit:
jmp returnhere

"Injustice.exe"+9304BF:
jmp newmem
nop
nop
nop
nop
returnhere:


[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"Injustice.exe"+9304BF:
movss [esi+eax*4+00000384],xmm0
//Alt: db F3 0F 11 84 86 84 03 00 00


If you can't find maximum value, try just skipping over it, e.g:
Code:
cmp [esi+1F1],1
je exit

originalcode:
movss [esi+eax*4+00000384],xmm0
jmp returnhere

exit:
jmp returnhere

_________________
Singularity is nearer.


Last edited by podstanar on Wed Nov 20, 2013 11:48 am; edited 6 times in total
Back to top
View user's profile Send private message
kik4444
Expert Cheater
Reputation: 0

Joined: 07 Sep 2013
Posts: 120
Location: Bulgaria

PostPosted: Wed Nov 20, 2013 6:18 am    Post subject: Reply with quote

I'll try that out later, right now I have to go to school. I'll report back to tell you if it worked and +rep you if it did Very Happy
Back to top
View user's profile Send private message
SteveAndrew
Master Cheater
Reputation: 30

Joined: 02 Sep 2012
Posts: 323

PostPosted: Wed Nov 20, 2013 11:20 am    Post subject: Reply with quote

Code:

[ENABLE]
alloc(newmem,1024)
label(returnhere)
label(originalcode)
label(FullHealthValue)

newmem:
cmp [esi+1F1],1
jne originalcode

push eax
mov eax,#999999999 //alternate v1
cvtsi2ss xmm0,eax     //using convert integer to scalar single precision floating point
//mov eax,(float)999999999.0 //ColdFusion73's recommendation
//movd xmm0,eax
pop eax

//alternate 2: //(wouldn't need push and pop eax, but requires pre-defined float value)
//movss xmm0,[FullHealthValue]

originalcode:
movss [esi+eax*4+384],xmm0
jmp returnhere

FullHealthValue:
dd (float)999999999.0

"Injustice.exe"+9304BF:
jmp newmem
db 90 90 90 90
returnhere:

[DISABLE]
dealloc(newmem)
"Injustice.exe"+9304BF:
movss [esi+eax*4+384],xmm0
//Alt: db F3 0F 11 84 86 84 03 00 00


ColdFusion's way will work fine! I'll point out two other ways you could do it in this case though too!

alternate 1:
cvtsi2ss along with converting an integer value into a float, before writing it to the destination operand, also doesn't zero extend like movss and movd (/w using an xmm register). cvtss2si does the opposite. There are others of course, but in this case it's a float value (32-bit) your dealing with ([SS] Scalar Single-precision floating point). If it was a double(64-bit) it would be a double-precision floating point ([SD] Scalar Double-precision floating point)

alternate 2:
Is maybe less desirable to use, since you have to pre-define a value as shown 'FullHealthValue'(allocate some memory, or make a label in some memory you've allocated already, and hard code a float value to it) It's probably the way I've used mostly though up to this point!

Smile

_________________
Back to top
View user's profile Send private message
kik4444
Expert Cheater
Reputation: 0

Joined: 07 Sep 2013
Posts: 120
Location: Bulgaria

PostPosted: Wed Nov 20, 2013 12:22 pm    Post subject: Reply with quote

I think it'll be a long time before I learn to script like that, so for now I'm just looking for a way to make it work with a simple script without any side-effects. BTW I'm finally back from school and now I'll try ColdFusion's method and I'll report back with my findings.
EDIT: I'm gonna try something else, but for now I did it like this:

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)

newmem: //this is allocated memory, you have read,write,execute access
//place your code here

cmp [esi+1F1],00000001
jne originalcode
push eax
mov eax,99999
pop eax

originalcode:
movss [esi+eax*4+00000384],xmm0

exit:
jmp returnhere

"Injustice.exe"+9304BF:
jmp newmem
nop
nop
nop
nop
returnhere:




[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"Injustice.exe"+9304BF:
movss [esi+eax*4+00000384],xmm0
//Alt: db F3 0F 11 84 86 84 03 00 00

and nothing changed
EDIT2: Ok, so I did it like this:

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)

newmem: //this is allocated memory, you have read,write,execute access
//place your code here

cmp [esi+278],00000021
jne originalcode

push eax
mov eax,1065353216
movd xmm0,eax
pop eax

originalcode:
movss [esi+eax*4+00000384],xmm0

exit:
jmp returnhere

"Injustice.exe"+9304BF:
jmp newmem
nop
nop
nop
nop
returnhere:




[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"Injustice.exe"+9304BF:
movss [esi+eax*4+00000384],xmm0
//Alt: db F3 0F 11 84 86 84 03 00 00

and it worked!!! I don't know what happened before tho, I guess I maybe not have been comparing it to a static value. But now it works anyways, thx again. I'll give you +rep once my rep timer runs out Very Happy Very Happy Very Happy
Back to top
View user's profile Send private message
podstanar
Advanced Cheater
Reputation: 4

Joined: 02 May 2012
Posts: 82
Location: Flatland

PostPosted: Wed Nov 20, 2013 12:52 pm    Post subject: Reply with quote

You forgot one crucial line, take a look at my post above: movd xmm0,eax
So the code would be:
Code:
push eax
mov eax,99999
movd xmm0,eax <<--
pop eax

The whole point of pushing was that we can modify EAX's value, load it into the required register and then pop it back. Since you forgot to store our new value into xmm0, the code lost its original purpose.
In any case, my suggestion is to read DABhand's tutorial, for start: Basic Assembly Tutorial

It should give you the basic/fundamental understanding of intel's x86 architecture, and a little bit of how stack works.

_________________
Singularity is nearer.


Last edited by podstanar on Wed Nov 20, 2013 1:37 pm; edited 3 times in total
Back to top
View user's profile Send private message
kik4444
Expert Cheater
Reputation: 0

Joined: 07 Sep 2013
Posts: 120
Location: Bulgaria

PostPosted: Wed Nov 20, 2013 1:02 pm    Post subject: Reply with quote

Oh and for the record, can this same script be used to make a one hit kill script by making it compare the enemy's health and setting it to 0 like this?:

cmp [esi+278],00000023
jne originalcode

push eax
mov eax,0
movd xmm0,eax
pop eax
Back to top
View user's profile Send private message
podstanar
Advanced Cheater
Reputation: 4

Joined: 02 May 2012
Posts: 82
Location: Flatland

PostPosted: Wed Nov 20, 2013 1:14 pm    Post subject: Reply with quote

Actually it can. However, if the injection point is accessing only you and your enemies (excluding other possible objects), there is no need for an additional compare. Just redirect filtered addresses, and you will get Infinite Health + One-Hit Kill.

Example:
Code:
label(player)
label(enemy)

cmp [esi+278],00000021
je player
jmp enemy

player:
push eax
mov eax,1065353216 --> (find something better)
movd xmm0,eax
pop eax
jmp originalcode

enemy:
xorps xmm0,xmm0

originalcode:
movss [esi+eax*4+00000384],xmm0

exit:
jmp returnhere

_________________
Singularity is nearer.


Last edited by podstanar on Wed Nov 20, 2013 1:26 pm; edited 1 time in total
Back to top
View user's profile Send private message
kik4444
Expert Cheater
Reputation: 0

Joined: 07 Sep 2013
Posts: 120
Location: Bulgaria

PostPosted: Wed Nov 20, 2013 1:23 pm    Post subject: Reply with quote

I was talking about if it's possible to make a separate script for one hit kill.
Back to top
View user's profile Send private message
podstanar
Advanced Cheater
Reputation: 4

Joined: 02 May 2012
Posts: 82
Location: Flatland

PostPosted: Wed Nov 20, 2013 1:30 pm    Post subject: This post has 1 review(s) Reply with quote

Read my answer above carefully, you should notice that i provided an answer to that question: It can be done.
Side-effect: You will not be able to activate both cheats at the same time. That's why i provided an alternative.

_________________
Singularity is nearer.
Back to top
View user's profile Send private message
kik4444
Expert Cheater
Reputation: 0

Joined: 07 Sep 2013
Posts: 120
Location: Bulgaria

PostPosted: Wed Nov 20, 2013 2:15 pm    Post subject: Reply with quote

Well I suppose that's enough, thx. I'll +rep you when my timer runs out in around 1.6K seconds.
Back to top
View user's profile Send private message
justa_dude
Grandmaster Cheater
Reputation: 23

Joined: 29 Jun 2010
Posts: 891

PostPosted: Wed Nov 20, 2013 10:00 pm    Post subject: Reply with quote

kik4444 wrote:
I was talking about if it's possible to make a separate script for one hit kill.


The easiest way, probably, is to just store a boolean flag that tells the script whether or not to enable/disable each of the cheats and then checking its value inside the code cave. Recifense does this in almost all of his scripts, so they'd be good material for study.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites