|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
logane1102 How do I cheat? Reputation: 0
Joined: 27 Aug 2017 Posts: 4
|
Posted: Sun Aug 27, 2017 3:53 pm Post subject: Castle Crashers XP multiplier? |
|
|
I want to multiply the XP gain in castle crashers.
You get 1 xp for every successful hit on an enemy.
I want to be able to multiply that by 2, 4 ,6, etc.
I searched the total XP address, found it, and clicked the
"Find what writes to this address" button.
I get this opcode:
0044A0F3 - C7 46 04 04000000 - mov [esi+04],00000004
0044A0FA - E8 417DFFFF - call castle.exe+41E40
0044A0FF - 89 46 08 - mov [esi+08],eax <<
0044A102 - B0 01 - mov al,01
0044A104 - 59 - pop ecx
EAX=00000004
EBX=0229F8C4
ECX=00000001
EDX=00000078
ESI=0291A6C0
EDI=025D92E8
ESP=0018EEB8
EBP=0018EEE0
EIP=0044A102
How do I change the opcode to make it add a number higher than 1 to the address?
|
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
Posted: Sun Aug 27, 2017 5:49 pm Post subject: |
|
|
hook it and have it run something like this inbetween the call and the move: "add eax, <2,4,6,etc.>-1", eg. "add eax, 5" so that you gain 6 (original 1 + 5)...
you could also dec eax / sub eax, 1 / add eax, -1 / etc. and then add 6 for a multiplier of 6 but unless you're trying to let the user change the multiplier then there's not much point.
Alternatively you can look inside the function to see how the new value in eax is
being calculated and change the code there...
|
|
Back to top |
|
|
logane1102 How do I cheat? Reputation: 0
Joined: 27 Aug 2017 Posts: 4
|
Posted: Sun Aug 27, 2017 7:19 pm Post subject: |
|
|
I think I'm in way over my head with this..
I am mostly a noob when it comes to cheat engine.
Anyway, I used auto assemble to create this script (This has nothing added into it btw) :
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode:
mov [esi+08],eax
mov al,01
exit:
jmp returnhere
"castle.exe"+4A0FF:
jmp newmem
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
I am not sure where exactly to add in "add eax, 5".
I tried inserting it before the mov code, which crashed the game.
I tried inserting it after and in between the two mov codes which did nothing.
|
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
Posted: Sun Aug 27, 2017 7:31 pm Post subject: |
|
|
Before the move is correct, that way it's changed before it's stored in memory. Hm, only thing I can think of other than anti-cheat is that there's a jump depending on the flags and the add is changing it, if that's the case then pushing and popping the flags to the stack should fix the issue
Code: |
...
newmem:
// could just go in original code but makes the script a little more organized
pushfd // save flags
add eax, 5 // add 5 to eax, changes flags
popfd // restore flags
originalcode:
mov [esi+08],eax // move new xp value into xp memory address
mov al,01 // probably the return value for the function
...
|
|
|
Back to top |
|
|
logane1102 How do I cheat? Reputation: 0
Joined: 27 Aug 2017 Posts: 4
|
Posted: Sun Aug 27, 2017 7:41 pm Post subject: |
|
|
I changed the script to this:
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem:
// could just go in original code but makes the script a little more organized
pushfd // save flags
add eax, 5 // add 5 to eax, changes flags
popfd // restore flags
originalcode:
mov [esi+08],eax
mov al,01
exit:
jmp returnhere
"castle.exe"+4A0FF:
jmp newmem
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
This does the exact same thing as simply inserting "add eax, 5" before the mov code.
What is does when I say it crashes is it pulls up a loading screen and locks up.
|
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
Posted: Sun Aug 27, 2017 8:00 pm Post subject: |
|
|
yeah, 'crash' usually refers to the program actually closing. Hm, I suppose it could also be because that code is used for a lot of different values, you can check by right clicking the instruction and choosing 'Find out what addresses this instruction accesses'. If so, those can be quite difficult to hook for just one value because you have to find a way to know when you want to change it (if you want to you can search google/youtube for "shared opcodes" and sn34kymofo's video on gamemaker games).
An alternative in that case is to try and find some other code that accesses just the xp value and write code to check if it's been changed, and if so then find how by how much and multiply that and then add it. If you can get a static address or pointer to it then it's probably little simpler with a lua timer eg.
Code: |
[ENABLE]
{$lua}
xp_timer = createTimer()
xp_oldvalue = 0
xp_timer.interval = 100 -- check every 100 milliseconds, 10 times a second
xp_timer.OnTimer = function(timer)
local xp_multiplier = 6
local xp_address = '[[baseaddress+0xoffset]+0xoffset1]+0xoffset2 ...'
local xp_curvalue = readInteger(xp_address)
-- assuming it's a 4 byte value, use readFloat for floats
-- and readDouble for doubles
-- (from celua.txt in CE install dir, though there's a wiki too)
if xp_curvalue ~= xp_oldvalue then
-- could use xp_curvalue > xp_oldvalue if xp can decrease and you don't want to mult that
-- again, assuming 4 byte value
writeInteger(xp_address, (xp_curvalue-xp_oldvalue)*xp_multiplier)
end
end
{$asm}
[DISABLE]
xp_timer.destroy() -- stop and free timer
|
|
|
Back to top |
|
|
logane1102 How do I cheat? Reputation: 0
Joined: 27 Aug 2017 Posts: 4
|
Posted: Sun Aug 27, 2017 8:05 pm Post subject: |
|
|
Ok, if that's the case then I don't think I am experienced in cheat engine enough to be able to make this work.
Thanks for the quick replies.
|
|
Back to top |
|
|
OldCheatEngineUser Whateven rank Reputation: 20
Joined: 01 Feb 2016 Posts: 1587
|
Posted: Sun Aug 27, 2017 11:37 pm Post subject: |
|
|
i did not read all the posts, anyway have you tried this:
inc eax
just add it above the original instructions.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote: | i am a sweetheart. |
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|