Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


How to ignore damage on only player?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
Kajih
How do I cheat?
Reputation: 0

Joined: 08 Feb 2021
Posts: 9

PostPosted: Sat Feb 20, 2021 12:24 pm    Post subject: How to ignore damage on only player? Reply with quote

Hi, I am trying to ignore damage to the player however the same operation is called to apply damage to the enemy so I can't just Nop the operations.

The first thing I did was find a hook to the player object, which I did and works just fine in my PlayerHook script:

Code:

[ENABLE]
aobscanmodule(playerHook,48 8B 01 FF 90 50 03 00 00 48 8B 0F)
alloc(newmem,$1000,playerHook)

label(code)
label(return)
label(playerPtr)

newmem:
  mov [playerPtr], rcx
code:
  mov rax,[rcx]
  call qword ptr [rax+00000350]
  jmp return

playerPtr:
  dq 0

playerHook:
  jmp newmem
  nop 4
return:
registersymbol(playerHook)
registersymbol(playerPtr)

[DISABLE]
playerHook:
  db 48 8B 01 FF 90 50 03 00 00

unregistersymbol(playerHook)
dealloc(newmem)


I tested this and created a manual address in my cheat table to grab the player health which works using [playerPtr]+EC.

now I found where the damage was applied and what I need to change:
Code:

minss xmm0,xmm6
movaps xmm1,xmm0
movss [rbx+000001FC],xmm1


Here is my code for my UnlimitedHealth script:
Code:

[ENABLE]

aobscanmodule(damageHook,F3 0F 5D C6 0F 28 C8 F3 0F 11 8B) // should be unique
alloc(newmem,$1000,damageHook)

label(code)
label(return)

newmem:
  mov rax,playerPtr
  mov rax,[rax]
  cmp [rax],rbx
  je code
  minss xmm0,xmm6
code:
  movaps xmm1,xmm0
  jmp return

damageHook:
  jmp newmem
  nop 2
return:
registersymbol(damageHook)

[DISABLE]

damageHook:
  db F3 0F 5D C6 0F 28 C8

unregistersymbol(damageHook)
dealloc(newmem)


The main idea is if the target is the player (playerPtr) then ignore the substract operation. This seemed to be working just fine but then it stopped working all of a sudden and I can't figure out why. Yes, the playerPtr is still valid as I can see the value change in my cheat table using my [playerPtr]+EC. Any idea what I am missing here?
Back to top
View user's profile Send private message
sbryzl
Expert Cheater
Reputation: 5

Joined: 25 Jul 2016
Posts: 200

PostPosted: Sat Feb 20, 2021 2:26 pm    Post subject: Reply with quote

I could only guess. Perhaps the game is using a different player pointer even though the one you have still works. Perhaps there is another instruction accessing the value. It's something you have to debug. Find what accesses the address and trace it to see what's different.
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 163

Joined: 25 Jan 2006
Posts: 8161
Location: 127.0.0.1

PostPosted: Sat Feb 20, 2021 2:27 pm    Post subject: Reply with quote

Just a guess based on a quick glance, but it looks like you may be accidentally comparing the actual first 4 bytes of the object rather than the addresses of the objects. (In this case it'd probably be a vtable pointer for the object type which you and other objects probably share.)

Code:
cmp [rax],rbx


May just need to be:
Code:
cmp rax, rbx

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
Kajih
How do I cheat?
Reputation: 0

Joined: 08 Feb 2021
Posts: 9

PostPosted: Sat Feb 20, 2021 3:07 pm    Post subject: Reply with quote

Ok so I went back to check what writes to my [playerPtr]+EC health value and the only thing that writes to it when damage is applied is the instruction I listed. I went to that instruction again to see what addresses the instruction accesses and it is the exact same address as my [playerPtr]+EC address.

I also tried making the change to the compare to cmp rax, rbx but that did not make any difference.

I know I am in the correct spot, because If I nop it, I don't receive damage. so there is something wrong with the way I am comparing the base addresses.
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 90

Joined: 06 Jul 2014
Posts: 2879

PostPosted: Sat Feb 20, 2021 3:41 pm    Post subject: Reply with quote

atom0s is correct: you're accessing a pointer to the vtable with cmp [rax],rbx.

In the structure whose base address you're storing to playerPtr, you say the offset to the player's health is +EC. In the code writing to health, the offset appears to be +1FC. What's the deal with that?
Try accounting for it:
Code:
mov rax,[playerPtr]  // this is fine- mov rax,moffs64 (opcode A1) exists
sub rax,110   // 1FC - EC
cmp rax,rbx
...

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Kajih
How do I cheat?
Reputation: 0

Joined: 08 Feb 2021
Posts: 9

PostPosted: Sat Feb 20, 2021 4:07 pm    Post subject: Reply with quote

Yuuuup... I was in the process of checking rbx's address when I was getting hit and of course it didn't match. The final piece I was missing though was the difference between 1FC and EC offsets.

I didn't take into account that rbx had a different offset. ugh I need more practice! lol

Thanks guys, the changes seemed to have worked. I will test further to make sure.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites