Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Double Value Scripting

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
QuarryTen
Newbie cheater
Reputation: 0

Joined: 25 Aug 2019
Posts: 19
PostPosted: Sun Jul 26, 2020 8:04 pm    Post subject: Double Value Scripting Reply with quote
Okay, so, here's the orignal code:

Code:

{
// ORIGINAL CODE - INJECTION POINT: "SGWContracts.exe"+1C6E10D

"SGWContracts.exe"+1C6E0DF: 4C 39 74 24 38                 -  cmp [rsp+38],r14
"SGWContracts.exe"+1C6E0E4: 74 50                          -  je SGWContracts.exe+1C6E136
"SGWContracts.exe"+1C6E0E6: F2 0F 11 44 24 38              -  movsd [rsp+38],xmm0
"SGWContracts.exe"+1C6E0EC: 4C 39 64 24 38                 -  cmp [rsp+38],r12
"SGWContracts.exe"+1C6E0F1: 74 43                          -  je SGWContracts.exe+1C6E136
"SGWContracts.exe"+1C6E0F3: 66 41 0F 2E C5                 -  ucomisd xmm0,xmm13
"SGWContracts.exe"+1C6E0F8: F2 44 0F 10 74 24 50           -  movsd xmm14,[rsp+50]
"SGWContracts.exe"+1C6E0FF: 74 3C                          -  je SGWContracts.exe+1C6E13D
"SGWContracts.exe"+1C6E101: 66 45 0F 2E F1                 -  ucomisd xmm14,xmm9
"SGWContracts.exe"+1C6E106: 48 8B 8F D8 00 00 00           -  mov rcx,[rdi+000000D8]
// ---------- INJECTING HERE ----------
"SGWContracts.exe"+1C6E10D: 48 8B 46 18                    -  mov rax,[rsi+18]
"SGWContracts.exe"+1C6E111: 48 89 41 08                    -  mov [rcx+08],rax
// ---------- DONE INJECTING  ----------
"SGWContracts.exe"+1C6E115: 74 07                          -  je SGWContracts.exe+1C6E11E
"SGWContracts.exe"+1C6E117: 66 41 0F 2F C2                 -  comisd xmm0,xmm10
"SGWContracts.exe"+1C6E11C: 76 08                          -  jna SGWContracts.exe+1C6E126
"SGWContracts.exe"+1C6E11E: 41 0F 28 C1                    -  movaps xmm0,xmm9
"SGWContracts.exe"+1C6E122: 45 0F 28 F3                    -  movaps xmm14,xmm11
"SGWContracts.exe"+1C6E126: 44 0F 28 E8                    -  movaps xmm13,xmm0
"SGWContracts.exe"+1C6E12A: EB 11                          -  jmp SGWContracts.exe+1C6E13D
"SGWContracts.exe"+1C6E12C: 49 BE 00 00 00 00 00 00 F0 FF  -  mov r14,FFF0000000000000
"SGWContracts.exe"+1C6E136: F2 44 0F 10 74 24 50           -  movsd xmm14,[rsp+50]
"SGWContracts.exe"+1C6E13D: 0F B6 86 E0 00 00 00           -  movzx eax,byte ptr [rsi+000000E0]
}


And here's everything that I've tried doing:

Code:

aobscanmodule(health,SGWContracts.exe,48 8B 46 18 48 89 41 08) // should be unique
alloc(newmem,$1000,"SGWContracts.exe"+1C6E10D)
alloc(maxhlt,16)
label(code)
label(return _hlt)
registersymbol(_hlt)
newmem:
//pushf
mov rax,[rsi+18]
cmp [rcx+C00],0
jne code
cmp [rcx+C30],0
jne code
cmp [rcx+C34],0
jne code
mov [_hlt],rcx
//movsd xmm4,[maxhlt]
//movsd [rax],xmm4
//movsd [rcx+08],xmm7
//xorps xmm4,xmm4
fld qword ptr [maxhlt]
fstp qword ptr [_hlt+08]
//popf
//  mov [rcx+08],rax
code:
//popf
mov [rcx+08],rax
  jmp return
_hlt:
dq 0
maxhlt:
dq (double)100
health:
  jmp newmem
  nop 3
return:
registersymbol(health)
unregistersymbol(_hlt)
[DISABLE]

health:
  db 48 8B 46 18 48 89 41 08

unregistersymbol(health)
dealloc(newmem maxhlt)


As you can probably guess, the game is Sniper Ghost Warrior--an aggravating 64-bit game that is making me pull my hair out.

My goal is to create an infinite health script. The health value as well as every value that I'm aware of uses double ints. I know there are tables already out there but I want to create the scripts myself (of course, with a bit of guidance).

So, please, PLEASE, tell me why everything I searched for and tried doesn't seem to work.
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 140

Joined: 06 Jul 2014
Posts: 4297
PostPosted: Sun Jul 26, 2020 9:49 pm    Post subject: Reply with quote
I'm assuming rcx+8 is the address of your health.

"alloc(maxhlt,16)" should use a third parameter with the same argument as the newmem alloc. Maybe CE does the right thing, but you shouldn't rely on that in general.

"label(return _hlt)" - no clue if this is valid syntax, but it's wrong. Use two separate label(...) declarations.

_hlt and maxhlt are inconsistent: one is a label and the other is its own alloc. Both approaches are valid, but pick one and be consistent.

Change those three "jne code" instructions to be "jne short code" (very minor optimization)

What's at rcx+C00 / +C30 / +C34? xmm7? Why zero xmm4?

"movsd [rax],xmm4" doesn't make sense. rax is a value, not an address. Use "movq rax,xmm4" instead.
Or even simpler "mov rax,[maxhlt]" - no need to use xmm4 as an intermediary.

"fstp qword ptr [_hlt+08]" writes to empty space in newmem just after _hlt. Use rcx instead of _hlt in the square brackets.

The original code "mov [rcx+08],rax" is run unconditionally after your code. It'll always overwrite whatever changes you make to the value at the health address. Unless you modify rax itself (see above), it won't work.

_hlt should be aligned (not terribly important in this case):
Code:
  ...
  jmp return

align 8 CC
_hlt:
  dq 0
...
As long as allocs are defined in descending powers of 2 sizes, they'll always be aligned (i.e. the maxhlt alloc is aligned).

"unregistersymbol(_hlt)" is in the enable section. Move it somewhere under [DISABLE].

"dealloc(newmem maxhlt)" - again, no clue if this is valid syntax, but make this 2 deallocs anyway.
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
QuarryTen
Newbie cheater
Reputation: 0

Joined: 25 Aug 2019
Posts: 19
PostPosted: Mon Jul 27, 2020 12:42 am    Post subject: Reply with quote
Thanks, Penguin. You are correct about that particular opcode being my code of interest.

I'll admit, I was adding and removing a bunch of stuff that didn't work. Some if it I left there because my morale was shrinking and I was not even concerned about cleaning it up. I'm a noob who barely skated by the tutorial, thanks to YouTube. That's also another reason why a lot of it doesn't make sense haha.

Regarding the registersymbol and label having multiple params as well as unregistersymbol being in the enabled section, I got all of these practices from a Youtuber who stated that with CE's 7.1 update, doing all of these things is fine.

When I get a chance, I'll tackle it again and report back with my findings if all goes wrong. Thanks.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites