|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
ulysse31 Master Cheater Reputation: 2
Joined: 19 Mar 2015 Posts: 324 Location: Paris
|
Posted: Sat Feb 11, 2017 10:39 am Post subject: |
|
|
akimikage wrote: | What's software BP? |
A software BP is a bp that doesn't use any of your CPU debug register, it insteads overwrite 1 memory byte by "CC" (the debugger does it under the hood and hides it from you so that you still see the original byte). When the CC byte is executed or read/written from/to, it raises an exception which the debugger handles.
|
|
Back to top |
|
|
ulysse31 Master Cheater Reputation: 2
Joined: 19 Mar 2015 Posts: 324 Location: Paris
|
Posted: Sun Feb 12, 2017 9:26 am Post subject: |
|
|
At PM request I dl'd game and took a look.
1)First thing I did is look for memory integrity checks (guess i work too much on themida targets), there is none.
2)My settings are standard VEH debug : hardware breakpoints and veh with getset context thread on default values.
3)one odd thing with this game is that it never loads at the same Virtual Address.
4)Indeed there are strange things happening when debugging with occasional crashs. In particular sometimes instead of breaking on breakpoint (as the program flow 100% goes there), game just stops responding.
An odd thing is that around these EXP opcodes breakpoint, when killing a mob, using F7 (thus going one opcode further) would make the game pop the hitting mob sound action, which i find very odd, maybe the crashs are due to thread sync?
5)Eventually I made this code injection and got no problem after 16 battles (while I guess you couldn't do more than 3), It's far from being a resolved matter however it already took me 2 h so I'll leave it at that. (By the way, Disgaea series is my favorite series of all times in video games, closely followed by Fire Emblem)
Afaik the instruction doesn't access anything else than exp.
If you want to select the characters affected by the injection, you simply need to compare to eax's value at the begining of the script.
Code: | AOBSCAN(found, c70000000000c7400400000001e9)
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
push ebx
push esi
push edi// ecx has game's new exp value
mov ebx,[eax] //ebx has former exp value
sub ecx,ebx //ecx has the legit gained exp
imul ecx, ecx,100//there is our multiplier coef
//ecx now holds multiplied EXP GAIN, ebx still holds OLD EXP
add ecx,ebx //ecx now holds new exp
originalcode:
mov [eax],ecx//game writes new exp to variable
mov [eax+04],edx
pop edi
pop esi
pop ebx
exit:
jmp returnhere
found+12:
jmp newmem
returnhere: |
|
|
Back to top |
|
|
akimikage Cheater Reputation: 0
Joined: 04 Nov 2009 Posts: 38
|
Posted: Mon Feb 13, 2017 7:55 am Post subject: |
|
|
It worked! thank you very much for going the extra mile to help me. I'm just an amateur cheat maker so I don't know what principle you used to make it work though . You're pushing values that I have no idea what the functions are.
I also got my code to work without crashing by putting my code on the originalcode section and not on the newmem section. Anyways, a rep for you my friend
|
|
Back to top |
|
|
ulysse31 Master Cheater Reputation: 2
Joined: 19 Mar 2015 Posts: 324 Location: Paris
|
Posted: Mon Feb 13, 2017 5:52 pm Post subject: |
|
|
akimikage wrote: | It worked! thank you very much for going the extra mile to help me. I'm just an amateur cheat maker so I don't know what principle you used to make it work though . You're pushing values that I have no idea what the functions are.
I also got my code to work without crashing by putting my code on the originalcode section and not on the newmem section. Anyways, a rep for you my friend |
Great
I am just pushing register that I want to use in calculating the new exp gain with injected multiplier.
Then They get popped from the stack in reverse order to make sure the original function doesn't get affected by code injection.
If you inject code inside an existing function and if you use a register, you need to first save it, then inject your code, then restore the regist (pop).
If you want to change the amount of EXP you gain with my script, you only need to change "100" to whatever other coef multiplier you like in this line :
imul ecx, ecx,100//there is our multiplier coef
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|