View previous topic :: View next topic |
Author |
Message |
Cowlick035 How do I cheat? Reputation: 0
Joined: 26 May 2022 Posts: 3
|
Posted: Thu May 26, 2022 5:49 am Post subject: Modifying a value that is being constantly written to |
|
|
I am trying to modify a float value of 1 stored at a pointer address. This controls Vermintide 2's viewmodel FOV. Increasing the value increases the viewmodel FOV and decreasing it does the opposite. Unfortunately, it is being constantly written to by this:
Code: | movups [rax+r8+10],xmm2 |
Usually I would just disable this code with nop, but in this instance the code in question writes to a lot of other addresses which need to continue functioning.
I have very little scripting experience so I'm at a loss for what to do. I've looked at the CE tutorials, but it doesn't make a lot of sense to me.
Is there a way I can prevent the code from writing to just this one specific address?
|
|
Back to top |
|
|
LeFiXER Grandmaster Cheater Supreme Reputation: 20
Joined: 02 Sep 2011 Posts: 1051 Location: 0x90
|
Posted: Thu May 26, 2022 7:10 am Post subject: |
|
|
You will need to find out what addresses access the instruction, and then assign the address that holds the value you want to manipulate to group one, and several other addresses to group two. From there you will have to scan for commonalities. Look for an offset that holds a value that is different from every other.
Then in your AA script:
Code: |
...
newmem:
cmp [rax+offset],value //where value is the value held at the offset
jne code
// instructions to execute here
code:
// original instructions
...
|
|
|
Back to top |
|
|
Cowlick035 How do I cheat? Reputation: 0
Joined: 26 May 2022 Posts: 3
|
Posted: Thu May 26, 2022 9:15 am Post subject: |
|
|
Thank you! This makes sense, but I haven't been able to find an offset that works. Is it just trial and error until it works? Does the register I use matter? 'Cause I'm seeing only RDX, RSP (Snapshot) and Base Address.
My script looks like this atm:
Code: | [ENABLE]
aobscanmodule(INJECT,vermintide2.exe,42 0F 11 54 00 10)
alloc(newmem,$1000,INJECT)
label(code)
label(return)
newmem:
cmp [rdx+offset],value
jne code
code:
movups [rax+r8+10],xmm2
jmp return
INJECT:
jmp newmem
nop
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db 42 0F 11 54 00 10
unregistersymbol(INJECT)
dealloc(newmem) |
|
|
Back to top |
|
|
LeFiXER Grandmaster Cheater Supreme Reputation: 20
Joined: 02 Sep 2011 Posts: 1051 Location: 0x90
|
Posted: Thu May 26, 2022 9:21 am Post subject: |
|
|
The register makes a difference. The instruction you have is:
Code: |
movups [rax+r8+10],xmm2
|
So you will want to use RAX. Also, be sure to change "offset".
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 137
Joined: 06 Jul 2014 Posts: 4250
|
Posted: Thu May 26, 2022 10:45 am Post subject: |
|
|
Also see step 9 of the CE tutorial for more information. I'm sure there are plenty of guides online.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
TsTg Master Cheater Reputation: 5
Joined: 12 Dec 2012 Posts: 334 Location: Somewhere....
|
Posted: Fri May 27, 2022 1:25 am Post subject: |
|
|
one of the two registers should be holding the base address of the values, the other should have the offset, take a look at both RAX and R8 and see
otherwise, you would need to do some digging, see where the loop that writes through the structure and work from there
|
|
Back to top |
|
|
Cowlick035 How do I cheat? Reputation: 0
Joined: 26 May 2022 Posts: 3
|
Posted: Fri May 27, 2022 8:18 pm Post subject: |
|
|
Ah thank you so much people
The main problem with my script was a missing 'jmp return' (my inexperience shows). Afterwards, I just had to make sure the offset value was static.
|
|
Back to top |
|
|
|