Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Damage Multiplier and Defense Boost script

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
MiNDTH3G4P
How do I cheat?
Reputation: 0

Joined: 20 Aug 2022
Posts: 9

PostPosted: Fri Mar 24, 2023 6:39 pm    Post subject: Damage Multiplier and Defense Boost script Reply with quote

I am trying to do a damage multiplier and defense boost in Elden Ring


which I have been following a youtube tutorial however nothing works as expected. For damage multiplier I used the IMUL command to multiply the damage with a supplied value to increase the damage input but its not working and for the defense boost I have used the idiv command to boost my defense of an incoming attack but the game freezes. Please have a look at the code and screenshot for any references.


Code:

alloc(saveRDX,8,"start_protected_game.exe"+434C1A)
alloc(saveRAX,8,"start_protected_game.exe"+434C1A)
alloc(saveRCX,8,"start_protected_game.exe"+434C1A)


newmem:
mov [rsi+0000018C],edx // not sure if it holds the max Health or something else but its health regardless
cmp [rsi+00000238],5 //compare if not hero jump to enemy otherwise continue
jne originalcode


mov [saveRDX],rdx //later on to retrive the original values
mov [saveRAX],rax //later on to retrive the original values
mov [saveRCX],rcx //later on to retrive the original values


mov eax,#0 // move 0 to eax so once combined with edx doesn't change damage value
mov edx,ebp // move damage to edx
mov rcx,#5 // divide whatever in EDX:EAX with 5
idiv rcx // use rcx to divide EDX:EAV with RCX
mov ebp,edx //move the reduced damage value to ebp


mov rdx,[saveRDX] //push the original value back to RDX
mov rax,[saveRAX] //push the original value back to RAX
mov rcx,[saveRCX] //push the original value back to RCX


sub edx,ebp // health - damage
test edx,edx
jle start_protected_game.exe+434C4A
jmp exit

originalcode:
imul ebp,#20 //Multiply damage * 20
sub edx,ebp // health - damage
test edx,edx
jle start_protected_game.exe+434C4A



DMndDB1.png
 Description:
 Filesize:  207 KB
 Viewed:  1797 Time(s)

DMndDB1.png


Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Fri Mar 24, 2023 7:48 pm    Post subject: Reply with quote

`saveR*X` - use push/pop

Why are you not injecting at the instruction that writes to the health?

The `sub` instruction is located after the instruction that writes to your health, so it probably doesn't do whatever you think it does.

`idiv` stores the quotient in eax and the remainder in edx. You have it backwards.

That looks like a shared opcode. Are you sure it's accessing only the addresses you want to access, and are you sure the comparison works fine every time?


I'd use floating point arithmetic to do multipliers, but that's a personal choice.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
MiNDTH3G4P
How do I cheat?
Reputation: 0

Joined: 20 Aug 2022
Posts: 9

PostPosted: Sat Mar 25, 2023 8:56 am    Post subject: Reply with quote

Hi Penguin

ParkourPenguin wrote:
`saveR*X` - use push/pop

Why are you not injecting at the instruction that writes to the health?


This guy who I am following his tutorial is injecting into the subtract but went now and injected the code into Health instruction but with no luck yet for both

ParkourPenguin wrote:
The `sub` instruction is located after the instruction that writes to your health, so it probably doesn't do whatever you think it does.

So injecting the code into this instruction cant achieve what Iam trying to achieve?

ParkourPenguin wrote:
`idiv` stores the quotient in eax and the remainder in edx. You have it backwards.


my bad now my health is unlimited

ParkourPenguin wrote:
That looks like a shared opcode. Are you sure it's accessing only the addresses you want to access, and are you sure the comparison works fine every time?


its accessing all game health which the offset i use never changed.


ParkourPenguin wrote:
I'd use floating point arithmetic to do multipliers, but that's a personal choice.


I dont mind actually using float it just I am not able to achieve this yet regardless what I am using for multipliers.

Code:

alloc(newmem,2048,"start_protected_game.exe"+434C0F)
label(returnhere)
label(originalcode)
label(exit)

newmem:

cmp [rsi+00000238],5
jne originalcode
push rdx
push rax
push rcx


mov edx,0
mov eax,ebp
mov rcx,#5
idiv rcx
mov ebp,eax

pop rdx
pop rax
pop rcx


jmp exit


originalcode:
mov [rsi+0000018C],edx
imul ebp,#20


Can you please let me know why I am not getting this right and why its not working as I am not doing any complicated stuff
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites