|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
MiNDTH3G4P How do I cheat? Reputation: 0
Joined: 20 Aug 2022 Posts: 9
|
Posted: Fri Mar 24, 2023 6:39 pm Post subject: Damage Multiplier and Defense Boost script |
|
|
I am trying to do a damage multiplier and defense boost in Elden Ring
which I have been following a youtube tutorial however nothing works as expected. For damage multiplier I used the IMUL command to multiply the damage with a supplied value to increase the damage input but its not working and for the defense boost I have used the idiv command to boost my defense of an incoming attack but the game freezes. Please have a look at the code and screenshot for any references.
Code: |
alloc(saveRDX,8,"start_protected_game.exe"+434C1A)
alloc(saveRAX,8,"start_protected_game.exe"+434C1A)
alloc(saveRCX,8,"start_protected_game.exe"+434C1A)
newmem:
mov [rsi+0000018C],edx // not sure if it holds the max Health or something else but its health regardless
cmp [rsi+00000238],5 //compare if not hero jump to enemy otherwise continue
jne originalcode
mov [saveRDX],rdx //later on to retrive the original values
mov [saveRAX],rax //later on to retrive the original values
mov [saveRCX],rcx //later on to retrive the original values
mov eax,#0 // move 0 to eax so once combined with edx doesn't change damage value
mov edx,ebp // move damage to edx
mov rcx,#5 // divide whatever in EDX:EAX with 5
idiv rcx // use rcx to divide EDX:EAV with RCX
mov ebp,edx //move the reduced damage value to ebp
mov rdx,[saveRDX] //push the original value back to RDX
mov rax,[saveRAX] //push the original value back to RAX
mov rcx,[saveRCX] //push the original value back to RCX
sub edx,ebp // health - damage
test edx,edx
jle start_protected_game.exe+434C4A
jmp exit
originalcode:
imul ebp,#20 //Multiply damage * 20
sub edx,ebp // health - damage
test edx,edx
jle start_protected_game.exe+434C4A
|
Description: |
|
Filesize: |
207 KB |
Viewed: |
1797 Time(s) |
|
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 138
Joined: 06 Jul 2014 Posts: 4275
|
Posted: Fri Mar 24, 2023 7:48 pm Post subject: |
|
|
`saveR*X` - use push/pop
Why are you not injecting at the instruction that writes to the health?
The `sub` instruction is located after the instruction that writes to your health, so it probably doesn't do whatever you think it does.
`idiv` stores the quotient in eax and the remainder in edx. You have it backwards.
That looks like a shared opcode. Are you sure it's accessing only the addresses you want to access, and are you sure the comparison works fine every time?
I'd use floating point arithmetic to do multipliers, but that's a personal choice.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
MiNDTH3G4P How do I cheat? Reputation: 0
Joined: 20 Aug 2022 Posts: 9
|
Posted: Sat Mar 25, 2023 8:56 am Post subject: |
|
|
Hi Penguin
ParkourPenguin wrote: | `saveR*X` - use push/pop
Why are you not injecting at the instruction that writes to the health?
|
This guy who I am following his tutorial is injecting into the subtract but went now and injected the code into Health instruction but with no luck yet for both
ParkourPenguin wrote: | The `sub` instruction is located after the instruction that writes to your health, so it probably doesn't do whatever you think it does. |
So injecting the code into this instruction cant achieve what Iam trying to achieve?
ParkourPenguin wrote: | `idiv` stores the quotient in eax and the remainder in edx. You have it backwards. |
my bad now my health is unlimited
ParkourPenguin wrote: | That looks like a shared opcode. Are you sure it's accessing only the addresses you want to access, and are you sure the comparison works fine every time? |
its accessing all game health which the offset i use never changed.
ParkourPenguin wrote: | I'd use floating point arithmetic to do multipliers, but that's a personal choice. |
I dont mind actually using float it just I am not able to achieve this yet regardless what I am using for multipliers.
Code: |
alloc(newmem,2048,"start_protected_game.exe"+434C0F)
label(returnhere)
label(originalcode)
label(exit)
newmem:
cmp [rsi+00000238],5
jne originalcode
push rdx
push rax
push rcx
mov edx,0
mov eax,ebp
mov rcx,#5
idiv rcx
mov ebp,eax
pop rdx
pop rax
pop rcx
jmp exit
originalcode:
mov [rsi+0000018C],edx
imul ebp,#20
|
Can you please let me know why I am not getting this right and why its not working as I am not doing any complicated stuff
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|