|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
user5594 Advanced Cheater Reputation: 0
Joined: 03 Oct 2014 Posts: 72 Location: ::1
|
Posted: Sat Nov 09, 2019 6:14 pm Post subject: A few questions about Offsets, XMM registers and assembly |
|
|
Hello everyone! I've come back to CE and have been using regularly.
There are a few questions I have that will hopefully give me a better understanding of how things work and how to make slightly more complicated scripts.
1. Registers
Say for example I want to make a double coin hack. When I pickup 1 coin, it uses this instruction:
Code: | movss [rcx+rax*8],xmm6 |
What would be the correct way to add 2 coins instead of 1?
I cannot do addss,xmm6 and using something like the code below will increase it exponentially due to the multiplication. Am I missing something obvious?
Code: | newmem:
mulss xmm6,[something]
movss [rcx+rax*8],xmm6
originalcode:
movss [rcx+rax*8],xmm6
exit:
jmp returnhere
something:
dd (float)2 |
2. Offsets
Most of my scripts that do God mode and 1-hits kills utilize simple offsets like:
Code: | cmp [ebx+14],(int)0 //team number
jne originalcode
db 90 90 90 //take no damage
jmp exit
originalcode:
mov [ebx+08],0 //1-hit kill
xor edx,edx |
What about something like the offset I referenced in my first question: [rcx+rax*8] ?
Is it as simple as double clicking on the instruction, reading RAX = 1B, and multiplying it by 8: 1B*8 = D8
Then if I were to use this in the Data Structure feature I would fill it with the address for the coin value subtracted by D8? "207E9406298-D8"
Screenshot for reference:
3. Assembly
When I'm making a script to add nops to an instruction, is there a method to dermine how many nops I should add?
I generally select "Replace with code that does nothing" and remember how many nops Cheat Engine automatically adds. Then I just go into my script and add the correct amount with "db 90 90 90 90" etc.
Thanks so much!
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4300
|
Posted: Sat Nov 09, 2019 10:48 pm Post subject: |
|
|
1. The value in the register xmm6 is the new value of the coins. Doubling that doesn't double the amount by which the coins are changing - it just doubles the number of coins.
Usually, there's code between the read/write from/to the address that adds the value. e.g.:
Code: | movss xmm6,[rcx+rax*8]
addss xmm6,xmm4
movss [rcx+rax*8],xmm6 | In this example, xmm4 is the amount the value is changing by. You would want to inject at or just before the addss instruction and double that instead.
If that's not feasible, add the difference between the new value and the old value to the new value.
One of those two movss instructions in your code is useless.
2. That's equivalent to using rcx as the base address.
If I had to guess, you're probably looking for a structure that contains a pointer to rcx instead. Or maybe you'll get lucky and there will be something in other registers or the stack that you can use.
Those nop instructions (db 90...) are useless.
3. Use CE's script templates to make the code injection for you. CE will add the correct number of nops to pad bytes after the jump at the injection point to the next instruction.
If you're adding them inside your code, don't. It's probably useless.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|