 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
akimikage
Cheater
![]() Reputation: 0
Joined: 04 Nov 2009
Posts: 38
|
 Posted: Tue Feb 17, 2015 10:06 am Post subject: Help with muliplier |
 |
|
So I'm playing DS II again and I want to play it now with cheats. I'm making a multiplier for the souls I get. I already got what address adds the souls
mov [ecx+000000E8],eax
Now, when I edit the address like this
mov [ecx+000000E8],eax
add [ecx+000000E8],eax
Instead of doubling the souls I get from monsters, it adds the souls I currently have then doubles the souls I get from monsters. For example, I currently have 1000 souls then I kill a monster worth 30 souls. Instead of getting 1030 souls, I get 2060. So my guess is only part of mov [ecx+000000E8],eax is the souls I get from the monsters. The problem is I don't have any background in any coding language so everything I tried didn't work. It's either cheat engine doesn't inject the code or when cheat engine does inject the code the game crashes.
I know it's easier to just edit the souls itself but I'm also doing this so I can make multipliers on other games in the future too . 
|
|
| Back to top |
|
 |
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
|
| Back to top |
|
|
aikoncwd
Grandmaster Cheater
 Reputation: 23
Joined: 21 Dec 2012
Posts: 591
Location: Spain (Barcelona)
|
| Posted: Tue Feb 17, 2015 11:07 am Post subject: |
|
|
| Gniarf wrote: | | http://forum.cheatengine.org/viewtopic.php?p=5483595 |
Oh man, linking that post... 
_________________
Hey Hitler
Test here your skill with CheatEngine, I coded a challenge for you. Try to beat it!
HERE |
|
| Back to top |
|
|
akimikage
Cheater
![]() Reputation: 0
Joined: 04 Nov 2009
Posts: 38
|
| Posted: Tue Feb 17, 2015 11:53 am Post subject: |
|
|
Okay, I've tried everything from that link and one of the results is the same from what I've been doing which is adding the current souls + the doubled souls from the monsters. Other result is instead of getting doubled souls from monsters, I get doubled of my current souls. I'm still figuring out what I'm supposed to do with all the clues I've got from the link but it'll be faster if you guys spoonfeed me 
Edit : Okay, this is confusing. I experimented with the clues that I've got and I think the part that I should multiply is [ecx+000000E8] ? coz I when I try this
imul eax,eax,3
mov [ecx+000000E8],eax
I get x3 of my current souls + x3 of the souls I get from monsters but I can't multiply [ecx+000000E8].
Edit 2: So how can I multiply or add [ecx+000000E8] by itself ?
mov [ecx+000000E8]*2,eax doesn't work
Edit 3 : Okay, I really have no idea what's going on so here are the results of my experiment that I think can you help you guys solve this
add [ecx+000000E8],eax
move [ecx+000000E8],eax -
adds my current souls + double of the souls I get from the monsters. I.E 1000 current souls and killing 30 souls worth of monster = 2060 souls
while
add eax,dword [ecx+000000E8]
move [ecx+000000E8],eax
adds my current souls + souls I get from monsters. I.E 1000 current souls and killing 30 souls worth of monster = 2030 souls
The result I want is to have 1000 current souls and killing 30 souls worth of monster = 1060 souls
|
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Tue Feb 17, 2015 3:23 pm Post subject: |
|
|
@akimikage: When we wrote this: | Code: | sub eax,dword [esi+34] //now eax=new xp-old xp=xp income
shl eax,1 //twice eax ie: twice income
add dword [esi+34], eax //add incomex2 to the old xp |
or that: | Code: | sub eax,dword [esi+34] //now eax has "xp income"
imul eax,eax,7 //multiply it by 7
add dword [esi+34], eax //add modified income to the old xp |
we didn't mean "pick one of the 3 lines to get the effect", you need all 3. But of course the esi+34 bit has to be updated according your game.
@AikonCWD: old memories hehe. I tend to remember rather well which questions I have answered.
_________________
DO NOT PM me if you want help on making/fixing/using a hack. |
|
| Back to top |
|
|
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Tue Feb 17, 2015 5:26 pm Post subject: |
|
|
Sounds like EAX is holding the total after both numbers have been combined.
Scroll up in the code block and see what values change EAX.
My guess is somewhere you'll see:
mov eax,[ecx+000000E8]
add eax,[some other value]
Otherwise, you'll likely see:
mov eax,[some other value]
add eax,[ecx+000000E8]
To double the value earned, simply add to the EAX register again:
add eax,[some other value]
|
|
| Back to top |
|
|
aikoncwd
Grandmaster Cheater
Reputation: 23
Joined: 21 Dec 2012
Posts: 591
Location: Spain (Barcelona)
|
| Posted: Tue Feb 17, 2015 6:36 pm Post subject: |
|
|
I want to give a tip for this, this example is for the game "Darkest Dungeon":
This is the original code:
| Code: | "darkest.exe"+531478: F3 0F 10 4D 08 - movss xmm1,[ebp+08]
"darkest.exe"+53147D: 83 C4 10 - add esp,10
"darkest.exe"+531480: 0F 57 D2 - xorps xmm2,xmm2
"darkest.exe"+531483: 8B 45 14 - mov eax,[ebp+14]
"darkest.exe"+531486: 8B 00 - mov eax,[eax]
"darkest.exe"+531488: 89 86 08 06 00 00 - mov [esi+00000608],eax
"darkest.exe"+53148E: 0F 2F D1 - comiss xmm2,xmm1
"darkest.exe"+531491: F3 0F 10 46 24 - movss xmm0,[esi+24]
"darkest.exe"+531496: F3 0F 5C C1 - subss xmm0,xmm1
// ---------- INJECTING HERE ----------
"darkest.exe"+53149A: F3 0F 11 46 24 - movss [esi+24],xmm0 |
The code apply dmg to the enemy, I wanted to make a "x5 dmg hack", so I solved doing this:
| Quote: | subss xmm0,xmm1
subss xmm0,xmm1
subss xmm0,xmm1
subss xmm0,xmm1
subss xmm0,xmm1
movss [esi+24],xmm0 |
This code is not elegant, it's not efficient, looks n00bish... BUT it works as expected, the original code is moving the value of xmm0 to [esi+24], so I injected 5x subss to make the trick.
You can do the same, look above and find where EAX is getting the value, then inject some code (like more sub, push-mov-pop, etc...)
Hope this can help you 
@Gniarf: Yeah, It's fun to read an old post from your own and see how stupid your question was. haha
_________________
Hey Hitler
Test here your skill with CheatEngine, I coded a challenge for you. Try to beat it!
HERE |
|
| Back to top |
|
|
mgr.inz.Player
I post too much
 Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Tue Feb 17, 2015 7:28 pm Post subject: |
|
|
| AikonCWD wrote: | | This code is not elegant, it's not efficient, looks n00bish.. |
Nope. It's good.
@AikonCWD, @ALL
Also, who said it has to be linear. As an example, my two cheats for Dead Space 1:
Stasis effect duration, original code:
| Code: | | movss xmm0,[eax+00000C70] |
Cheat, duration squared (stasis will be for 49seconds instead of 7, or 121 seconds instead of 11):
| Code: | movss xmm0,[eax+00000C70]
mulss xmm0,xmm0 |
Current weapon damage, original code:
| Code: | | fld dword ptr [ecx+00000800] - read just before projectile creation |
Cheat:
| Code: | fld dword ptr [ecx+00000800] // ST(0):=baseDamage
fmul ST(0),ST(0) // ST(0):=baseDamage*baseDamage = baseDamage^2
fmul ST(0),ST(0) // ST(0):=baseDamage^2*baseDamage^2 = baseDamage^4
// ST(0) is baseDamage^4
|
(it works pretty well)
@akimikage
| Code: | | mov [ecx+000000E8],eax |
before above line is executed, this [ecx+000000E8] keeps original value , EAX contains new value. You have to:
| Code: | //compute the gain
sub eax,[ecx+000000E8]
//then double it
add eax,eax
//or triple it
// lea eax,[eax+eax*2]
//or septuple it
// imul eax,eax,7
//then update value in our "souls" address
add [ecx+000000E8],eax |
Just in case code you found is also for "buying":
| Code: |
sub eax,[ecx+000000E8]
js buying
imul eax,eax,7
add [ecx+000000E8],eax
jmp returnhere
buying:
add [ecx+000000E8],eax
|
_________________
|
|
| Back to top |
|
|
akimikage
Cheater
![]() Reputation: 0
Joined: 04 Nov 2009
Posts: 38
|
| Posted: Wed Feb 18, 2015 1:31 am Post subject: |
|
|
Thanks guys. I found a code that works
sub eax,[ecx+000000E8]
add eax,eax
add [ecx+000000E8],eax
for some reason
sub eax,[ecx+000000E8]
shl eax,1
add [ecx+000000E8],eax
crashes the game  and I found a code before mov [ecx+000000E8],eax which is mov eax,eax and doubling the code crashes the game too. Why is that ?
Edit : Can you guys redirect me to an explanation of the terms used here ? like mov and lea ? Maybe I can figure them out on my own if I know the meaning of these
|
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
|
| Back to top |
|
|
aikoncwd
Grandmaster Cheater
Reputation: 23
Joined: 21 Dec 2012
Posts: 591
Location: Spain (Barcelona)
|
|
| Back to top |
|
|
SteveAndrew
Master Cheater
 Reputation: 30
Joined: 02 Sep 2012
Posts: 323
|
| Posted: Wed Feb 18, 2015 1:08 pm Post subject: |
 |
|
How about some alternatives just for good measure or in case you wanted to multiply it by an arbitrary amount, or so it doesn't have to be a power of 2. (Like with bit shifting)
Multiply By Integer Value:
| Code: |
[enable]
alloc(SoulMultiplier,1024)
label(MultiplyByInteger)
label(returnhere)
registersymbol(MultiplyBy)
SoulMultiplier:
push edx
sub eax,[ecx+e8] //calculate souls gained
mul [MultiplyByInteger] //eax * [MultiplyByInteger] (result in eax, product in edx)
add [ecx+e8],eax //add multiplied souls to current souls
pop edx
jmp returnhere
MultiplyByInteger: //Multiply by a whole number only, 3x, 4x, 5x, etc...
dd 3
Game.exe+123456:
jmp SoulMultiplier
nop
returnhere:
[disable]
Game.exe+123456:
mov eax,[ecx+e8]
dealloc(SoulMultiplier)
unregistersymbol(MultiplyByInteger)
|
Multiply By Float Value (XMM)
| Code: |
[enable]
alloc(SoulMultiplier,1024)
label(MultiplyBy)
label(returnhere)
registersymbol(MultiplyBy)
SoulMultiplier:
sub eax,[ecx+e8]
cvtsi2ss xmm7,eax //convert int to float
movss xmm6,[MultiplyBy]
mulss xmm7,xmm6 //souls gained * [MultiplyBy]
cvtss2si eax,xmm7 //convert float back to int
add [ecx+e8],eax //add multiplied souls to current souls
jmp returnhere
MultiplyBy: //x9.86, x4.5, etc... multiply by any amount desired
dd (float)9.8696044010893586188344909998762
Game.exe+123456:
jmp SoulMultiplier
nop
returnhere:
[disable]
Game.exe+123456:
mov eax,[ecx+e8]
dealloc(SoulMultiplier)
unregistersymbol(MultiplyBy)
|
Multiply By Float Value:
| Code: |
[enable]
alloc(SoulMultiplier,1024)
label(MultiplyBy)
label(MultipliedAmount)
label(returnhere)
registersymbol(MultiplyBy)
SoulMultiplier:
sub eax,[ecx+e8]
mov [MultipliedAmount],eax
fld [MultiplyBy] //load [MultiplyBy] value as float
fimul [MultipliedAmount] //[MultiplyBy] * souls gained
fistp [MultipliedAmount] //store back multiplied souls amount as 32-bit integer
mov eax,[MultipliedAmount]
add [ecx+e8],eax //add newly multiplied souls to current souls
jmp returnhere
MultiplyBy:
dd (float)3.1415926535897932384626433832795
MultipliedAmount:
dd 0
Game.exe+123456:
jmp SoulMultiplier
nop
returnhere:
[disable]
Game.exe+123456:
mov eax,[ecx+e8]
dealloc(SoulMultiplier)
unregistersymbol(MultiplyBy)
|
_________________
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
