Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


How to change the float point value without affecting game?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Discussions
View previous topic :: View next topic  
Author Message
Twistedfate
Expert Cheater
Reputation: 1

Joined: 11 Mar 2016
Posts: 231

PostPosted: Thu Apr 21, 2016 1:19 pm    Post subject: How to change the float point value without affecting game? Reply with quote

Warning :
-Bad English .
-very long Question .



I am playing stupid pc game not multiple one or online ...
-The idea ( attacking the nearest monster without moving the cursor on him.
- what did i do to select the monster ?
i changed the monster body size by a cheat i found for this game ,,
so when i get more body size i get more area for selection ....
-what i want to ??
i want to select the monster at larger area and keep his normal body without increasing .
-I did multiple scans with changing the monster size to big and normal

- Finally i found the value of the monster which can let me attacking him without moving the cursor on him .

- when i change this value to 0 i can attack him without moving the cursor and i can attack him with( right and left click) .
-But !! this value for selection of one monster .
____________________________________________________
What did i do ?
right click on the address

1-Find out what Writes to this address
Code:
10001D90 - D9 5E 1C - fstp dword ptr [esi+1C] // this alyways writes to the address

10004791 - D9 56 1C - fst dword ptr [esi+1C] // this writes when the monster appear or disappear
___________________________________________________
2-Find out what address this instruction access :
I pressed right click on this address
code: 10001D90 - D9 5E 1C - fstp dword ptr [esi+1C] .

then Find out what address this instruction access
I seen all the address of the nearest monsters to me and i counted them and the addresses are the same ..
_____________________________________________________
now what ??
If i picked all these addresses and changed them to 0 . now I can select all monsters and i can attack the nearest one to me if i didn't move my cursor on him and clicked right in empty area .
- and i can select him with my cursor and attack him with click right and left .
____________________________________________________________
-AOB injection ( Array of Bytes ) + The problem is here :

thats is the normal code :
code:
fstp dword ptr [esi+1C]
pop esi
pop ebp
jmp return
__________________________________
My code
code:
fstp dword ptr [esi+1C]
mov dword ptr [esi+1C],0
pop esi
pop ebp
jmp return

_______________________________________________________
What happens now ???
I Cannot select the monsters with Left click I walk through them
I cannot attack the monster body with right click !!
I can attack the monster only with pressing right click with out moving the cursor on him and if i moved it to another monster it will not attack him it will attacks the nearest monster to me only
__________________________________________________________
Shortcut for my Question : -
When when i obtain the values from the instruction
by Find out what address this instruction access of this
code: fstp dword ptr [esi+1C]
and changing the values it to 0 works good .
but when i do code injection to the instruction work bad .
And i dont want to attach the debugger every time i want to select them.
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Thu Apr 21, 2016 3:10 pm    Post subject: Reply with quote

Code:
code:
mov dword ptr [esi+1C],0
fstp dword ptr [esi+1C]
pop esi
pop ebp
jmp return
Back to top
View user's profile Send private message
Cake-san
Grandmaster Cheater
Reputation: 8

Joined: 18 Dec 2014
Posts: 541
Location: Semenanjung

PostPosted: Thu Apr 21, 2016 4:14 pm    Post subject: Reply with quote

Confused
Code:

code:
fstp st(0)
mov [esi+1C],0
pop esi
pop ebp
jmp return

_________________
...
Back to top
View user's profile Send private message
Twistedfate
Expert Cheater
Reputation: 1

Joined: 11 Mar 2016
Posts: 231

PostPosted: Thu Apr 21, 2016 7:38 pm    Post subject: Did not work :( Reply with quote

How i can write codes like you in the forum?

The codes didn't work correctly
the first one every thing is go hidden and the game crashed
the 2nd one did not change anything
i selected the function :


/CODE:
RoleView.dll+1D5E - 55 - push ebp
RoleView.dll+1D5F - 8B EC - mov ebp,esp
RoleView.dll+1D61 - D9 45 08 - fld dword ptr [ebp+08]
RoleView.dll+1D64 - 56 - push esi
RoleView.dll+1D65 - 8B F1 - mov esi,ecx
RoleView.dll+1D67 - D9 5E 04 - fstp dword ptr [esi+04]
RoleView.dll+1D6A - D9 45 0C - fld dword ptr [ebp+0C]
RoleView.dll+1D6D - D9 5E 08 - fstp dword ptr [esi+08]
RoleView.dll+1D70 - FF 15 E8F10110 - call dword ptr [RoleView.dll+1F1E8]
RoleView.dll+1D76 - 85 C0 - test eax,eax
RoleView.dll+1D78 - 75 07 - jne RoleView.dll+1D81
RoleView.dll+1D7A - D9 45 10 - fld dword ptr [ebp+10]
RoleView.dll+1D7D - DCC0 - fadd st(0),st(0)
RoleView.dll+1D7F - EB 03 - jmp RoleView.dll+1D84
RoleView.dll+1D81 - D9 45 10 - fld dword ptr [ebp+10]
RoleView.dll+1D84 - 8B 45 14 - mov eax,[ebp+14]
RoleView.dll+1D87 - D9 5E 0C - fstp dword ptr [esi+0C]
RoleView.dll+1D8A - D9 45 18 - fld dword ptr [ebp+18]
RoleView.dll+1D8D - 89 46 18 - mov [esi+18],eax
INJECTasasdd - D9 5E 1C - fstp dword ptr [esi+1C] //this instruction writes to my address
RoleView.dll+1D93 - 5E - pop esi
RoleView.dll+1D94 - 5D - pop ebp
RoleView.dll+1D95 - C2 1400 - ret 0014
_________________________________________________________
and these instructions which access my address (the upper one is the write ) ↑

/CODE:
roleview.dll+2020 - 8D 45 24 - lea eax,[ebp+24]
**roleview.dll+2023 - D8 4E 1C - fmul dword ptr [esi+1C]
roleview.dll+2026 - DC 35 80F30110 - fdiv qword ptr [roleview.dll+1F380]
roleview.dll+202C - 0F84 99000000 - je roleview.dll+20CB
roleview.dll+2032 - D9 5D 64 - fstp dword ptr [ebp+64]
roleview.dll+2035 - D9 45 64 - fld dword ptr [ebp+64]
roleview.dll+2038 - D9 5C 24 08 - fstp dword ptr [esp+08]
roleview.dll+203C - D9 45 64 - fld dword ptr [ebp+64]
roleview.dll+203F - D9 5C 24 04 - fstp dword ptr [esp+04]
roleview.dll+2043 - D9 45 64 - fld dword ptr [ebp+64]
roleview.dll+2046 - D9 1C 24 - fstp dword ptr [esp]
roleview.dll+2049 - 50 - push eax

______________________________________________________
/CODE:
roleview.dll+2165 - 50 - push eax
roleview.dll+2166 - FF D7 - call edi
roleview.dll+2168 - D9 46 0C - fld dword ptr [esi+0C]
****roleview.dll+216B - D8 4E 1C - fmul dword ptr [esi+1C]
roleview.dll+216E - 83 C4 04 - add esp,04
roleview.dll+2171 - 8D 45 E4 - lea eax,[ebp-1C]
roleview.dll+2174 - DA 4E 20 - fimul [esi+20]
____________________________________________________
/CODE:
roleview.dll+3E2F - D9 46 1C - fld dword ptr [esi+1C]
roleview.dll+3E32 - 83 EC 0C - sub esp,0C
roleview.dll+3E35 - D9 5C 24 08 - fstp dword ptr [esp+08]
roleview.dll+3E39 - 85 C0 - test eax,eax
roleview.dll+3E3B - D9 46 1C - fld dword ptr [esi+1C]
roleview.dll+3E3E - 8D 45 1C - lea eax,[ebp+1C]
roleview.dll+3E41 - D9 5C 24 04 - fstp dword ptr [esp+04]
*** - D9 46 1C - fld dword ptr [esi+1C]
roleview.dll+3E48 - D9 1C 24 - fstp dword ptr [esp]
roleview.dll+3E4B - 50 - push eax

____________________________________________
/CODE:
roleview.dll+3E3B - D9 46 1C - fld dword ptr [esi+1C]
roleview.dll+3E3E - 8D 45 1C - lea eax,[ebp+1C]
roleview.dll+3E41 - D9 5C 24 04 - fstp dword ptr [esp+04]
**** - D9 46 1C - fld dword ptr [esi+1C]
roleview.dll+3E48 - D9 1C 24 - fstp dword ptr [esp]
roleview.dll+3E4B - 50 - push eax
_____________________________________________________
/CODE:
roleview.dll+3E3B - D9 46 1C - fld dword ptr [esi+1C]
roleview.dll+3E3E - 8D 45 1C - lea eax,[ebp+1C]
roleview.dll+3E41 - D9 5C 24 04 - fstp dword ptr [esp+04]
****** - D9 46 1C - fld dword ptr [esi+1C]
roleview.dll+3E48 - D9 1C 24 - fstp dword ptr [esp]
roleview.dll+3E4B - 50 - push eax
______________________________________________________

the marked one with star is the code ↑

these are the list which access my address :
126 10002023 - D8 4E 1C - fmul dword ptr [esi+1C]
126 1000216B - D8 4E 1C - fmul dword ptr [esi+1C]
63 10001D90 - D9 5E 1C - fstp dword ptr [esi+1C]
63 10003E2F - D9 46 1C - fld dword ptr [esi+1C]
63 10003E3B - D9 46 1C - fld dword ptr [esi+1C]
63 10003E45 - D9 46 1C - fld dword ptr [esi+1C]



dont hate me for this long questions and codes but am trying to learn from you Sad
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Thu Apr 21, 2016 9:33 pm    Post subject: Reply with quote

You need to hook a function that is ONLY accessing the value types that you want. If that's not possible, then you need to set up a filter so that ONLY the addresses that you are targeting will be affected.

Complete the last step of the CE tutorial that covers data structure dissection.


Last edited by ++METHOS on Thu Apr 21, 2016 9:33 pm; edited 1 time in total
Back to top
View user's profile Send private message
Zanzer
I post too much
Reputation: 126

Joined: 09 Jun 2013
Posts: 3278

PostPosted: Thu Apr 21, 2016 9:33 pm    Post subject: Reply with quote

The instruction you're hacking likely touches a lot more addresses than you're expecting.
Right-click it and select Find out what addresses this instruction accesses.
If it's a lot, you may be SOL.
Back to top
View user's profile Send private message
Twistedfate
Expert Cheater
Reputation: 1

Joined: 11 Mar 2016
Posts: 231

PostPosted: Thu Apr 21, 2016 9:48 pm    Post subject: Reply with quote

++METHOS wrote:
You need to hook a function that is ONLY accessing the value types that you want. If that's not possible, then you need to set up a filter so that ONLY the addresses that you are targeting will be affected.

Complete the last step of the CE tutorial that covers data structure dissection.




thank you found the correct one in the data structure it was under the address ^^
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Discussions All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites