Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Failure Allocating Memory Near 1402A5877

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
daixka
How do I cheat?
Reputation: 0

Joined: 06 Dec 2021
Posts: 4

PostPosted: Mon Dec 06, 2021 12:25 pm    Post subject: Failure Allocating Memory Near 1402A5877 Reply with quote

Hi all,

I'm hoping someone will be able to help me out with this. I also need to preface this thread by saying I'm a complete newbie to this and the only coding experience I have is from when I edited the HTML for my Neopets home page back in the day, so any and all advice would be welcome (especially if you can explain it in layman's terms).

I'm trying to use a cheat engine for Final Fantasy XV Windows Edition for PC (Steam Version). The code is below (I wanted to attach the URL to the forum where I got it but seems my account is too new to post URLs) and was able to use it maybe once or twice while running the game, but I would say 8 out 10 times the script does not activate and I get a "Failure Allocating Memory Near 1402A5877."

I found a previous thread on here where someone else had the same issue, but couldn't figure out how to fix it with the code from what I downloaded. I also double checked and my Query Memory Region Routines is disabled in Cheat Engine.

Any and all help is appreciated. Thanks!

Code:

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
{$lua}

function lua_aobscan(name,module,bytes,index)
  index = index - 1
  if(module == "") then
    local resultSet = AOBScan(bytes)
      if(resultSet == nil) then
        unregisterSymbol(name)
        print(name.." not found")
      else
        unregisterSymbol(name)
        registerSymbol(name,resultSet[index])
        resultSet.destroy()
      end
  else
    if(getModuleSize(module) == nil) then
      print("Module "..module.." not found")
    else
      local memScanner = createMemScan()
      local memFoundList = createFoundList(memScanner)
      memScanner.firstScan(
        soExactValue,vtByteArray,rtRounded,bytes,nil,
        getAddress(module),(getAddress(module)+getModuleSize(module)),"",
        fsmNotAligned,"",true,false,false,false)
      memScanner.waitTillDone()
      memFoundList.initialize()
        if(memFoundList.Count == 0) then
          unregisterSymbol(name)
          print(name.." in module "..module.." not found")
        else
          unregisterSymbol(name)
          registerSymbol(name,memFoundList.Address[index])
        end
      memScanner.destroy()
      memFoundList.destroy()
    end
  end
end
{$asm}

//luaCall(lua_aobscan("humanStaminaWritesAOB","ffxv_s.exe","F3 0F 10 ** ** ** ** ** F3 0F 5D C1 F3 0F 11 ** ** ** ** ** C3",2))
//luaCall(lua_aobscan("techWritesAOB","ffxv_s.exe","F3 0F 10 ** ** ** ** ** F3 0F 5D C1 F3 0F 11 ** ** ** ** ** C3",3))

///***********************************************///
//aobscanmodule(healthReadOnChangeAOB,ffxv_s.exe,8B ** ** ** ** ** 2B ** 8B ** ** ** ** ** ** ** 41 ** ** 89)
//registersymbol(healthReadOnChangeAOB)
luaCall(lua_aobscan("healthReadOnChangeAOB","ffxv_s.exe","8B ** ** ** ** ** 2B 02 8B ** ** ** ** ** ** ** 41",2))

label(dMinHealth)
registersymbol(dMinHealth)
label(pEntityJustBeenHit)
registersymbol(pEntityJustBeenHit)
label(bUndeadTeam)
registersymbol(bUndeadTeam)
label(bUndead)
registersymbol(bUndead)
label(bAdvanceEvadeKey)
registersymbol(bAdvanceEvadeKey)

alloc(newmem,2048,healthReadOnChangeAOB) //"ffxv_s.exe"+1F8AB7)
label(originalcode_undead)
registersymbol(originalcode_undead)
label(exit)

newmem: //this is allocated memory, you have read,write,execute access
//place your code here
push r12

mov r12,pEntityJustBeenHit
mov [r12],rbx

xor rax,rax
mov r12,bUndeadTeam
cmp byte ptr [r12],1
jne @f
//cmp dword ptr [rbx+264],0000ff00 //0xff00 - team
//je dominhealth
//cmp dword ptr [rbx+174],ffffffff //0,1,2,3,4.. - team
//jne dominhealth
cmp dword ptr [rbx+15c],0 //0  - team
jne dominhealth

@@:
mov r12,bUndead

cmp dword ptr [rbx+d4],'Noct' //0x74636f4e
jne @f
cmp word ptr [rbx+d8],'is'    //0x7369
je dominhealth

@@:
cmp dword ptr [rbx+d4],E5BEABE8
jne @f
cmp dword ptr [rbx+d8],8FE68B85
jne @f
cmp dword ptr [rbx+dc],AF96E690
je dominhealth

@@:
inc rax
cmp dword ptr [rbx+d4],'Glad' //0x64616c47
jne @f
cmp dword ptr [rbx+d8],'iolu' //0x756c6f69
jne @f
cmp byte ptr [rbx+dc],'s'     //0x73
je dominhealth

@@:
cmp dword ptr [rbx+d4],E6BCA0E6
jne @f
cmp dword ptr [rbx+d8],BFE8898B
jne @f
cmp dword ptr [rbx+dc],90ADE6AA
jne @f
cmp dword ptr [rbx+e0],E68D97E8
jne @f
cmp word ptr [rbx+e4],AF96
je dominhealth

@@:
inc rax
cmp dword ptr [rbx+d4],'Prom' //0x6d6f7250
jne @f
cmp word ptr [rbx+d8],'pt'    //0x7470
jne @f
cmp byte ptr [rbx+da],'o'     //0x6f
je dominhealth

@@:
cmp dword ptr [rbx+d4],E7AE99E6
jne @f
cmp dword ptr [rbx+d8],81E685BE
jne @f
cmp dword ptr [rbx+dc],AE99E6A9
jne @f
cmp dword ptr [rbx+e0],00B989E7
je dominhealth

@@:
inc rax
cmp dword ptr [rbx+d4],'Igni' //0x696e6749
jne @f
cmp byte ptr [rbx+d8],'s'     //0x73
je dominhealth

@@:
cmp dword ptr [rbx+d4],E68ABCE4
jne @f
cmp dword ptr [rbx+d8],B0E5BCA0
jne @f
cmp dword ptr [rbx+dc],AF96E6BC
je dominhealth

@@:
inc rax
cmp dword ptr [rbx+d4],706c6f53
jne @f
cmp word ptr [rbx+d8],6968
jne @f
cmp word ptr [rbx+da],65
je dominhealth

@@:
inc rax
cmp dword ptr [rbx+d4],00726f43 //'Cor'+0x00
je dominhealth

@@:
inc rax
cmp dword ptr [rbx+d4],73697249 //'Iris'
je dominhealth

@@:
jmp end

dominhealth:
cmp byte ptr [r12+rax],1
jne @f
readmem(healthReadOnChangeAOB,6)
//mov eax,[rbx+198]
sub eax,[rdx]

mov r12,dMinHealth

cmp eax,[r12]
jge @f
mov eax,[r12]
add eax,[edx]
db 89
readmem(healthReadOnChangeAOB+1,5)
//mov [rbx+198],eax

end:
pop r12

originalcode_undead:
readmem(healthReadOnChangeAOB,14)
//mov eax,[rbx+00000198]
//sub eax,[rdx]
//mov ecx,[rbx+0000019C]

exit:
jmp healthReadOnChangeAOB+e

///
bAdvanceEvadeKey:
dd 0
dMinHealth:
dd 0
pEntityJustBeenHit:
dq 0
dq 0
bUndeadTeam:
dd 0
bUndead:
db 0 //Noctis
db 0 //Gladiolus
db 0 //Prompto
db 0 //Ignis
db 0 //
db 0 //Cor
db 0 //Iris
///

healthReadOnChangeAOB: //"ffxv_s.exe"+1F8AB7:
jmp newmem

///***********************************************///
luaCall(lua_aobscan("maxHealthReadOnChangeAOB","ffxv_s.exe","8B ** ** ** ** ** 2B 02 8B ** ** ** ** ** ** ** 41",1))

alloc(newmem2,2048,maxHealthReadOnChangeAOB) //"ffxv_s.exe"+1F9D17)
label(originalcode2_undead)
registersymbol(originalcode2_undead)
label(exit2)

newmem2: //this is allocated memory, you have read,write,execute access
//place your code here
push r12

mov r12,pEntityJustBeenHit
mov [r12],rbx

mov r12,bUndeadTeam
cmp byte ptr [r12],1
jne @f
//cmp dword ptr [rbx+264],0000ff00 //0xff00 - team, 0xffff - not team, 0x00000000 - ?
//je dominmaxhealth2
//cmp dword ptr [rbx+174],ffffffff //0,1,2,3,4.. - team
//jne dominmaxhealth2
cmp dword ptr [rbx+15c],0 //0  - team
jne dominmaxhealth2

@@:
xor rax,rax
mov r12,bUndead

//cmp byte ptr [r12+rax],1
//jne @f
cmp dword ptr [rbx+d4],'Noct' //0x74636f4e
jne @f
cmp word ptr [rbx+d8],'is'    //0x7369
je dominmaxhealth2

@@:
cmp dword ptr [rbx+d4],E5BEABE8
jne @f
cmp dword ptr [rbx+d8],8FE68B85
jne @f
cmp dword ptr [rbx+dc],AF96E690
je dominmaxhealth2

@@:
inc rax
//cmp byte ptr [r12+rax],1
//jne @f
cmp dword ptr [rbx+d4],'Glad' //0x64616c47
jne @f
cmp dword ptr [rbx+d8],'iolu' //0x756c6f69
jne @f
cmp byte ptr [rbx+dc],'s'     //0x73
je dominmaxhealth2

@@:
cmp dword ptr [rbx+d4],E6BCA0E6
jne @f
cmp dword ptr [rbx+d8],BFE8898B
jne @f
cmp dword ptr [rbx+dc],90ADE6AA
jne @f
cmp dword ptr [rbx+e0],E68D97E8
jne @f
cmp word ptr [rbx+e4],AF96
je dominmaxhealth2

@@:
inc rax
//cmp byte ptr [r12+rax],1
//jne @f
cmp dword ptr [rbx+d4],'Prom' //0x6d6f7250
jne @f
cmp word ptr [rbx+d8],'pt'    //0x7470
jne @f
cmp byte ptr [rbx+da],'o'     //0x6f
je dominmaxhealth2

@@:
cmp dword ptr [rbx+d4],E7AE99E6
jne @f
cmp dword ptr [rbx+d8],81E685BE
jne @f
cmp dword ptr [rbx+dc],AE99E6A9
jne @f
cmp dword ptr [rbx+e0],00B989E7
je dominmaxhealth2

@@:
inc rax
//cmp byte ptr [r12+rax],1
//jne @f
cmp dword ptr [rbx+d4],'Igni' //0x696e6749
jne @f
cmp byte ptr [rbx+d8],'s'     //0x73
je dominmaxhealth2

@@:
cmp dword ptr [rbx+d4],E68ABCE4
jne @f
cmp dword ptr [rbx+d8],B0E5BCA0
jne @f
cmp dword ptr [rbx+dc],AF96E6BC
je dominmaxhealth2

@@:
inc rax
//cmp byte ptr [r12+rax],1
//jne @f
cmp dword ptr [rbx+d4],706c6f53
jne @f
cmp word ptr [rbx+d8],6968
jne @f
cmp byte ptr [rbx+da],65
je dominmaxhealth2

@@:
inc rax
//cmp byte ptr [r12+rax],1
//jne @f
cmp dword ptr [rbx+d4],00726f43 //'Cor'+0x00
je dominmaxhealth2

@@:
inc rax
//cmp byte ptr [r12+rax],1
//jne @f
cmp dword ptr [rbx+d4],73697249 //'Iris'
je dominmaxhealth2

@@:
jmp end2

dominmaxhealth2:
cmp byte ptr [r12+rax],1
jne @f
readmem(maxHealthReadOnChangeAOB,6)
//mov eax,[rbx+18c]
sub eax,[rdx]

mov r12,dMinHealth

mov r12d,[r12]
inc r12d
cmp eax,r12d
jge @f
mov eax,r12d
add eax,[edx]
db 89
readmem(maxHealthReadOnChangeAOB+1,5)
//mov [rbx+19c],eax

end2:
pop r12

originalcode2_undead:
readmem(maxHealthReadOnChangeAOB,14)
//mov eax,[rbx+0000019C]
//sub eax,[rdx]
//mov ecx,[rbx+000001a0]

exit2:
jmp maxHealthReadOnChangeAOB+e

///

maxHealthReadOnChangeAOB: //"ffxv_s.exe"+1F9D17:
jmp newmem2

///***********************************************///
//aobscanmodule(partyCurMaxHealthReadAOB,ffxv_s.exe,FF 90 ** ** ** ** 8B 80 A4 01 00 00 48 ** ** ** 5B C3 48 ** ** ** 5B C3)
aobscanmodule(partyCurMaxHealthReadAOB,ffxv_s.exe,FF 90 ** ** ** ** 8B 80 ** ** 00 00 48 ** ** ** 5B C3 48 ** ** ** 5B C3)
registersymbol(partyCurMaxHealthReadAOB)

label(pNoctisAutoEvadeFlag)
registersymbol(pNoctisAutoEvadeFlag)
label(pNoctisAutoEvadeTimer)
registersymbol(pNoctisAutoEvadeTimer)
label(pParty)
registersymbol(pParty)

alloc(newmem6,2048,partyCurMaxHealthReadAOB) //"ffxv_s.exe"+5B6712C)
label(originalcode6_enable)
registersymbol(originalcode6_enable)
label(exit6)

newmem6: //this is allocated memory, you have read,write,execute access
//place your code here
readmem(partyCurMaxHealthReadAOB,6)
push rcx
mov rbx,pParty
xor rcx,rcx

cmp dword ptr [rax+d4],'Noct' //0x74636f4e
jne @f
cmp word ptr [rax+d8],'is'    //0x7369
jne @f

@@:
cmp dword ptr [rax+d4],E5BEABE8
jne @f
cmp dword ptr [rax+d8],8FE68B85
jne @f
cmp dword ptr [rax+dc],AF96E690
jne @f

push rdx
push rdi
mov rdx,pNoctisAutoEvadeFlag
lea rdi,[rax+a+268]
mov [rdx],rdi
//lea rdi,[rax+a*2+368]
lea rdi,[rax+14+368]
mov [rdx+8],rdi
pop rdi
pop rdx
jmp assignpparty6

@@:
inc rcx
cmp dword ptr [rax+d4],'Glad' //0x64616c47
jne @f
cmp dword ptr [rax+d8],'iolu' //0x756c6f69
jne @f
cmp byte ptr [rax+dc],'s'     //0x73
je assignpparty6

@@:
cmp dword ptr [rax+d4],E6BCA0E6
jne @f
cmp dword ptr [rax+d8],BFE8898B
jne @f
cmp dword ptr [rax+dc],90ADE6AA
jne @f
cmp dword ptr [rax+e0],E68D97E8
jne @f
cmp word ptr [rax+e4],AF96
je assignpparty6

@@:
inc rcx
cmp dword ptr [rax+d4],'Prom' //0x6d6f7250
jne @f
cmp word ptr [rax+d8],'pt'    //0x7470
jne @f
cmp byte ptr [rax+da],'o'     //0x6f
je assignpparty6

@@:
cmp dword ptr [rax+d4],E7AE99E6
jne @f
cmp dword ptr [rax+d8],81E685BE
jne @f
cmp dword ptr [rax+dc],AE99E6A9
jne @f
cmp dword ptr [rax+e0],00B989E7
je assignpparty6

@@:
inc rcx
cmp dword ptr [rax+d4],'Igni' //0x696e6749
jne @f
cmp byte ptr [rax+d8],'s'     //0x73
je assignpparty6

@@:
cmp dword ptr [rax+d4],E68ABCE4
jne @f
cmp dword ptr [rax+d8],B0E5BCA0
jne @f
cmp dword ptr [rax+dc],AF96E6BC
je assignpparty6

@@:
inc rcx
cmp dword ptr [rax+d4],706c6f53
jne @f
cmp word ptr [rax+d8],6968
jne @f
cmp byte ptr [rax+da],65
je assignpparty6

@@:
inc rcx
cmp dword ptr [rax+d4],00726f43 //'Cor'+0x00
je assignpparty6

@@:
inc rcx
cmp dword ptr [rax+d4],73697249 //'Iris'
je assignpparty6

@@:
jmp end6

assignpparty6:
mov [rbx+rcx*8],rax

end6:
pop rcx
readmem(partyCurMaxHealthReadAOB+6,10)
jmp exit6

originalcode6_enable:
readmem(partyCurMaxHealthReadAOB,16)
//call qword ptr [rax+00000AA8]
//mov eax,[rax+0000018C]
//add rsp,20

exit6:
jmp partyCurMaxHealthReadAOB+10

///
pNoctisAutoEvadeFlag:
dq 0
pNoctisAutoEvadeTimer:
dq 0
pParty:
///

partyCurMaxHealthReadAOB: //"ffxv_s.exe"+5B6712C:
jmp newmem6

///***********************************************///
aobscanmodule(weaponStructureBaseReadInCGearsMenusAOB,ffxv_s.exe,44 ** ** BA ** ** ** ** 48 ** ** ** ** E8 ** ** ** ** 83 ** ** ** ** 74 ** 48 ** ** ** ** ** 74 ** 33 ** 8B)
registersymbol(weaponStructureBaseReadInCGearsMenusAOB)

label(pCWeaponStats)
registersymbol(pCWeaponStats)

alloc(newmem11,2048,weaponStructureBaseReadInCGearsMenusAOB) //"ffxv_s.exe"+7C42F2)
label(originalcode11_enable)
registersymbol(originalcode11_enable)
label(exit11)

newmem11: //this is allocated memory, you have read,write,execute access
//place your code here
mov rcx,pCWeaponStats
mov [rcx],ebx

readmem(weaponStructureBaseReadInCGearsMenusAOB,13)
reassemble(weaponStructureBaseReadInCGearsMenusAOB+d)
jmp exit11

originalcode11_enable:
readmem(weaponStructureBaseReadInCGearsMenusAOB,18)
//mov r8d,[rbx]
//mov edx,0101AA13
//lea rcx,[rsp+28]
//call ffxv_s.exe+265350

exit11:
jmp weaponStructureBaseReadInCGearsMenusAOB+12

///
pCWeaponStats:
///

weaponStructureBaseReadInCGearsMenusAOB: //"ffxv_s.exe"+7C42F2:
jmp newmem11

///***********************************************///
/*
aobscanmodule(weaponAttkRead1AOB,ffxv_s.exe,8B ** 1C 44 ** ** 20 8B ** 14 89)
registersymbol(weaponAttkRead1AOB)

label(bDamageMultiplierEnable)
registersymbol(bDamageMultiplierEnable)
label(dDamageMultiplierC)
registersymbol(dDamageMultiplierC)
label(bTeamWeaponDamageMultiply)
registersymbol(bTeamWeaponDamageMultiply)
label(dTeamWeaponDamageMultiplier)
registersymbol(dTeamWeaponDamageMultiplier)
label(dWeaponDamageMultiplier)
registersymbol(dWeaponDamageMultiplier)

alloc(newmem12,2048,weaponAttkRead1AOB) //"ffxv_s.exe"+6043095)
label(originalcode12_weapondamagemultipier)
registersymbol(originalcode12_weapondamagemultipier)
label(exit12)

newmem12: //this is allocated memory, you have read,write,execute access
//place your code here
mov r12,bDamageMultiplierEnable
cmp byte ptr [r12],1
jne donormalweapondamage12

mov rsi,1
mov r12,bTeamWeaponDamageMultiply
cmp byte ptr [r12],1
jne @f
cmp dword ptr [rbx+254],0000ff00
je doweapondamagemultiply12

@@:
xor rsi,rsi
mov r12,dWeaponDamageMultiplier

cmp dword ptr [rbx+c4],'Noct' //0x74636f4e
jne @f
cmp word ptr [rbx+c8],'is'    //0x7369
je doweapondamagemultiply12

@@:
inc rsi
cmp dword ptr [rbx+c4],'Glad' //0x64616c47
jne @f
cmp dword ptr [rbx+c8],'iolu' //0x756c6f69
jne @f
cmp byte ptr [rbx+cc],'s'     //0x73
je doweapondamagemultiply12

@@:
inc rsi
cmp dword ptr [rbx+c4],'Prom' //0x6d6f7250
jne @f
cmp word ptr [rbx+c8],'pt'    //0x7470
jne @f
cmp byte ptr [rbx+ca],'o'     //0x6f
je doweapondamagemultiply12

@@:
inc rsi
cmp dword ptr [rbx+c4],'Igni' //0x696e6749
jne @f
cmp byte ptr [rbx+c8],'s'     //0x73
je doweapondamagemultiply12

@@:
inc rsi
cmp dword ptr [rbx+c4],706c6f53
jne @f
cmp word ptr [rbx+c8],6968
jne @f
cmp word ptr [rbx+ca],65
je doweapondamagemultiply12

@@:
inc rsi
cmp dword ptr [rbx+c4],00726f43 //'Cor'+0x00
je doweapondamagemultiply12

@@:
inc rsi
cmp dword ptr [rbx+c4],73697249 //'Iris'
je doweapondamagemultiply12

@@:
jmp donormalweapondamage12

doweapondamagemultiply12:
cmp dword ptr [r12+rsi*4],(float)1
je @f
//push [rax+1c]
//fild dword ptr [rsp]
//fmul dword ptr [r12+rsi*4]
//fistp dword ptr [rsp]

fld dword ptr [r12+rsi*4]
mov r12,dDamageMultiplierC
fstp dword ptr [r12]

//pop rsi
jmp end12

donormalweapondamage12:
fld1
mov r12,dDamageMultiplierC
fstp dword ptr [r12]

end12:

originalcode12_weapondamagemultipier:
readmem(weaponAttkRead1AOB,14)
//mov esi,[rax+1C]
//mov r12d,[rax+20]
//mov ebp,[rax+14]
//mov [rsp+68],ecx

exit12:
jmp weaponAttkRead1AOB+e

///
bDamageMultiplierEnable:
dd 0
dDamageMultiplierC:
dd (float)1
bTeamWeaponDamageMultiply:
dd 0
dTeamWeaponDamageMultiplier:
dd (float)2
dWeaponDamageMultiplier:
dd (float)10 //Noctis
dd (float)1 //Gladiolus
dd (float)1 //Prompto
dd (float)1 //Ignis
dd (float)10 //
dd (float)1 //Cor
dd (float)1 //Iris
///

weaponAttkRead1AOB: //"ffxv_s.exe"+6043095:
jmp newmem12

///***********************************************///
aobscanmodule(damageOutputAdjustAfterCapChhAOB,ffxv_s.exe,8B ** ** 0F B6 C0 85 DB B9 ** ** ** ** 0F)
registersymbol(damageOutputAdjustAfterCapChhAOB)

label(bCustomDamageCap)
registersymbol(bCustomDamageCap)
label(dCustomDamageCap)
registersymbol(dCustomDamageCap)
label(bDamageMultiplierEnable)
registersymbol(bDamageMultiplierEnable)
label(dDamageMultiplierC)
registersymbol(dDamageMultiplierC)
label(bTeamWeaponDamageMultiply)
registersymbol(bTeamWeaponDamageMultiply)
label(dTeamWeaponDamageMultiplier)
registersymbol(dTeamWeaponDamageMultiplier)
label(dWeaponDamageMultiplier)
registersymbol(dWeaponDamageMultiplier)

alloc(newmem14,2048,damageOutputAdjustAfterCapChhAOB) //"ffxv_s.exe"+AF397)
label(dodamagemultiply14)
registersymbol(dodamagemultiply14)
label(originalcode14_damagecapraised)
registersymbol(originalcode14_damagecapraised)
label(exit14)

newmem14: //this is allocated memory, you have read,write,execute access
//place your code here
test edi,edi
js originalcode14_damagecapraised
mov rax,bDamageMultiplierEnable
cmp byte ptr [rax],1
jne bcustomdamagecapchk14

mov rcx,[rbp-58]
//
push rsi
//push rax
push rcx
push rdx
push r8
push r9
mov rbx,r8
//
mov rdx,8
////rcx
call isbadreadptr
////test eax,eax
//
mov r8,rbx
mov [rsp+8],r8
pop r9
pop r8
pop rdx
pop rcx
//pop rax
pop rsi
//
test eax,eax
jnz bcustomdamagecapchk14

mov rbx,1
mov rax,bTeamWeaponDamageMultiply
cmp byte ptr [rax],1
jne @f
cmp dword ptr [rcx+264],0000ff00
je dodamagemultiply14

@@:
xor rbx,rbx
mov rax,dWeaponDamageMultiplier

cmp dword ptr [rcx+d4],'Noct' //0x74636f4e
jne @f
cmp word ptr [rcx+d8],'is'    //0x7369
je dodamagemultiply14

@@:
cmp dword ptr [rcx+d4],E5BEABE8
jne @f
cmp dword ptr [rcx+d8],8FE68B85
jne @f
cmp dword ptr [rcx+dc],AF96E690
je dodamagemultiply14

@@:
inc rbx
cmp dword ptr [rcx+d4],'Glad' //0x64616c47
jne @f
cmp dword ptr [rcx+d8],'iolu' //0x756c6f69
jne @f
cmp byte ptr [rcx+dc],'s'     //0x73
je dodamagemultiply14

@@:
cmp dword ptr [rcx+d4],E6BCA0E6
jne @f
cmp dword ptr [rcx+d8],BFE8898B
jne @f
cmp dword ptr [rcx+dc],90ADE6AA
jne @f
cmp dword ptr [rcx+e0],E68D97E8
jne @f
cmp word ptr [rcx+e4],AF96
je dodamagemultiply14

@@:
inc rbx
cmp dword ptr [rcx+d4],'Prom' //0x6d6f7250
jne @f
cmp word ptr [rcx+d8],'pt'    //0x7470
jne @f
cmp byte ptr [rcx+da],'o'     //0x6f
je dodamagemultiply14

@@:
cmp dword ptr [rcx+d4],E7AE99E6
jne @f
cmp dword ptr [rcx+d8],81E685BE
jne @f
cmp dword ptr [rcx+dc],AE99E6A9
jne @f
cmp dword ptr [rcx+e0],00B989E7
je dodamagemultiply14

@@:
inc rbx
cmp dword ptr [rcx+d4],'Igni' //0x696e6749
jne @f
cmp byte ptr [rcx+d8],'s'     //0x73
je dodamagemultiply14

@@:
cmp dword ptr [rcx+d4],E68ABCE4
jne @f
cmp dword ptr [rcx+d8],B0E5BCA0
jne @f
cmp dword ptr [rcx+dc],AF96E6BC
je dodamagemultiply14

@@:
inc rbx
cmp dword ptr [rcx+d4],706c6f53
jne @f
cmp word ptr [rcx+d8],6968
jne @f
cmp word ptr [rcx+da],65
je dodamagemultiply14

@@:
inc rbx
cmp dword ptr [rcx+d4],00726f43 //'Cor'+0x00
je dodamagemultiply14

@@:
inc rbx
cmp dword ptr [rcx+d4],73697249 //'Iris'
je dodamagemultiply14

@@:
jmp bcustomdamagecapchk14

dodamagemultiply14:
push rdi
fild dword ptr [rsp]
fmul dword ptr [rax+rbx*4]
fistp dword ptr [rsp]
pop rdi
test edi,edi
jns @f
mov edi,7fffffff

bcustomdamagecapchk14:
mov ecx,#9999
mov eax,#99999
test r14d,r14d
cmovnz ecx,eax
mov rax,bCustomDamageCap
cmp byte ptr [rax],1
mov rax,dCustomDamageCap
mov eax,[rax]
cmove ecx,eax
mov ebx,edi
cmp ebx,ecx
jle @f
mov ebx,ecx

originalcode14_damagecapraised:
readmem(damageOutputAdjustAfterCapChhAOB,16)
//mov eax,[rbp-28]
//movzx eax,al
//test ebx,ebx
//mov ecx,00000001
//cmovg eax,ecx

exit14:
jmp damageOutputAdjustAfterCapChhAOB+10

///
bCustomDamageCap:
dd 0
dCustomDamageCap:
dd #1000000000
dd 0
bDamageMultiplierEnable:
dd 0
dDamageMultiplierC:
dd (float)1
bTeamWeaponDamageMultiply:
dd 0
dTeamWeaponDamageMultiplier:
dd (float)2
dWeaponDamageMultiplier:
dd (float)10 //Noctis
dd (float)1 //Gladiolus
dd (float)1 //Prompto
dd (float)1 //Ignis
dd (float)10 //
dd (float)1 //Cor
dd (float)1 //Iris
///

damageOutputAdjustAfterCapChhAOB: //"ffxv_s.exe"+AF397:
jmp newmem14

///***********************************************///
aobscanmodule(techWritesAOB,ffxv_s.exe,72 0C F3 0F 10 ** C4 57 00 00 F3 0F 5D C1 F3 0F 11 ** ** ** ** ** C3)
registersymbol(techWritesAOB)

label(pSomeGameInfoA)
registersymbol(pSomeGameInfoA)
label(bMaxTech)
registersymbol(bMaxTech)

alloc(newmem17,2048,techWritesAOB) //"ffxv_s.exe"+74B76B6)
label(originalcode17_enable)
registersymbol(originalcode17_enable)
label(exit17)

newmem17: //this is allocated memory, you have read,write,execute access
//place your code here
push rax
jb @f

mov rax,pSomeGameInfoA
mov [rax],rcx

readmem(techWritesAOB+2,8)
mov rax,bMaxTech
cmp byte ptr [rax],1
je @f
readmem(techWritesAOB+a,4)

end17:
pop rax
jmp exit17

originalcode17_enable:
readmem(techWritesAOB,14)
//jb ffxv_s.exe+74B76C4
//movss xmm0,[rcx+000057C4]
//minss xmm0,xmm1

exit17:
jmp techWritesAOB+e

///
pSomeGameInfoA:
dq 0
bMaxTech:
dd 0
///

techWritesAOB: //"ffxv_s.exe"+74B76B6:
jmp newmem17




[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
healthReadOnChangeAOB: //"ffxv_s.exe"+1F8AB7:
readmem(originalcode_undead,14)
//db 8B 83 88 01 00 00 2B 02 8B 8B 8C 01 00 00
//Alt: mov eax,[rbx+00000188]
//Alt: sub eax,[rdx]
//Alt: mov ecx,[rbx+0000018C]

unregistersymbol(dMinHealth)
unregistersymbol(pEntityJustBeenHit)
unregistersymbol(bUndeadTeam)
unregistersymbol(bUndead)
unregistersymbol(bAdvanceEvadeKey)

unregistersymbol(originalcode_undead)

///***********************************************///
dealloc(newmem2)
maxHealthReadOnChangeAOB: //"ffxv_s.exe"+1F9D17:
readmem(originalcode2_undead,14)
//db 8B 83 8C 01 00 00 2B 02 8B 8B 90 01 00 00
//Alt: mov eax,[rbx+0000018C]
//Alt: sub eax,[rdx]
//Alt: mov ecx,[rbx+00000190]


unregistersymbol(originalcode2_undead)

///***********************************************///
dealloc(newmem6)
partyCurMaxHealthReadAOB: //"ffxv_s.exe"+5B6712C:
readmem(originalcode6_enable,16)
//db FF 90 A8 0A 00 00 8B 80 8C 01 00 00 48 83 C4 20
//Alt: call qword ptr [rax+00000AA8]
//Alt: mov eax,[rax+0000018C]
//Alt: add rsp,20

unregistersymbol(originalcode6_enable)
unregistersymbol(pNoctisAutoEvadeFlag)
unregistersymbol(pNoctisAutoEvadeTimer)
unregistersymbol(pParty)

///***********************************************///
dealloc(newmem11)
weaponStructureBaseReadInCGearsMenusAOB: //"ffxv_s.exe"+7C42F2:
readmem(originalcode11_enable,18)
//db 44 8B 03 BA 13 AA 01 01 48 8D 4C 24 28 E8 4C 10 AA FF
//Alt: mov r8d,[rbx]
//Alt: mov edx,0101AA13
//Alt: lea rcx,[rsp+28]
//Alt: call ffxv_s.exe+265350
unregistersymbol(originalcode11_enable)

unregistersymbol(pCWeaponStats)

///***********************************************///
/*
dealloc(newmem12)
weaponAttkRead1AOB: //"ffxv_s.exe"+6043095:
readmem(originalcode12_weapondamagemultipier,14)
//db 8B 70 1C 44 8B 60 20 8B 68 14 89 4C 24 68
//Alt: mov esi,[rax+1C]
//Alt: mov r12d,[rax+20]
//Alt: mov ebp,[rax+14]
//Alt: mov [rsp+68],ecx

unregistersymbol(originalcode12_weapondamagemultipier)
unregistersymbol(bDamageMultiplierEnable)
unregistersymbol(dDamageMultiplierC)
unregistersymbol(bTeamWeaponDamageMultiply)
unregistersymbol(dTeamWeaponDamageMultiplier)
unregistersymbol(dWeaponDamageMultiplier)

///***********************************************///
dealloc(newmem14)
damageOutputAdjustAfterCapChhAOB: //"ffxv_s.exe"+AF397:
readmem(originalcode14_damagecapraised,16)
//db 8B 45 D8 0F B6 C0 85 DB B9 01 00 00 00 0F 4F C1
//Alt: mov eax,[rbp-28]
//Alt: movzx eax,al
//Alt: test ebx,ebx
//Alt: mov ecx,00000001
//Alt: cmovg eax,ecx

unregistersymbol(dodamagemultiply14)
unregistersymbol(originalcode14_damagecapraised)
unregistersymbol(bCustomDamageCap)
unregistersymbol(dCustomDamageCap)
unregistersymbol(bDamageMultiplierEnable)
unregistersymbol(dDamageMultiplierC)
unregistersymbol(bTeamWeaponDamageMultiply)
unregistersymbol(dTeamWeaponDamageMultiplier)
unregistersymbol(dWeaponDamageMultiplier)

///***********************************************///
dealloc(newmem17)
techWritesAOB: //"ffxv_s.exe"+74B76B6:
readmem(originalcode17_enable,14)
//db 72 0C F3 0F 10 81 C4 57 00 00 F3 0F 5D C1
//Alt: jb ffxv_s.exe+74B76C4
//Alt: movss xmm0,[rcx+000057C4]
//Alt: minss xmm0,xmm1

unregistersymbol(originalcode17_enable)
unregistersymbol(bMaxTech)
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Mon Dec 06, 2021 12:53 pm    Post subject: Reply with quote

In this game you can not use the 3th alloc parameter

You'll have to use 14 byte jmp's. (jmp far label) and adjust the script to take into account that 14 bytes are replaced (so originalcode has to change as well)

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
daixka
How do I cheat?
Reputation: 0

Joined: 06 Dec 2021
Posts: 4

PostPosted: Mon Dec 06, 2021 1:05 pm    Post subject: Reply with quote

Dark Byte wrote:
In this game you can not use the 3th alloc parameter

You'll have to use 14 byte jmp's. (jmp far label) and adjust the script to take into account that 14 bytes are replaced (so originalcode has to change as well)


Thanks for the quick response, I appreciate it! Could you tell me step by step how to adjust this?
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Mon Dec 06, 2021 1:18 pm    Post subject: Reply with quote

it looks like the script already takes that into account so replace all
alloc(xxx,yyy,zzz) with alloc(xxx,yyy)

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
daixka
How do I cheat?
Reputation: 0

Joined: 06 Dec 2021
Posts: 4

PostPosted: Mon Dec 06, 2021 3:19 pm    Post subject: Reply with quote

Dark Byte wrote:
it looks like the script already takes that into account so replace all
alloc(xxx,yyy,zzz) with alloc(xxx,yyy)


Thank you! Just to clarify so I'm understanding correctly, if this is the original code:

Code:
alloc(newmem,2048,healthReadOnChangeAOB) //"ffxv_s.exe"+1F8AB7)
label(originalcode_undead)
registersymbol(originalcode_undead)
label(exit)


I would change it to:

Code:
alloc(newmem,2048) //"ffxv_s.exe"+1F8AB7)
label(originalcode_undead)
registersymbol(originalcode_undead)
label(exit)


I.E. deleting the third item in parentheses after alloc ? And then do that for each instance in the code where there is alloc(xxx,yyy,zzz)? Would I have to do that for the dealloc items too?
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Mon Dec 06, 2021 5:17 pm    Post subject: Reply with quote

correct.

and no, not for dealloc

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
daixka
How do I cheat?
Reputation: 0

Joined: 06 Dec 2021
Posts: 4

PostPosted: Tue Dec 07, 2021 10:40 am    Post subject: Reply with quote

Great, that seems to have worked. Thank you so much! Smile
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites