 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
warheadtris
How do I cheat?
![]() Reputation: 0
Joined: 06 Dec 2023
Posts: 2
|
 Posted: Wed Dec 06, 2023 5:17 pm Post subject: One Hit Kills & Godmode |
 |
|
Hey guys I was trying to set up an auto assemble script for Middle Earth Shadow of war and after I finished the script and activated it I noticed that instead of giving me infinite health any enemy is able to one shot me.
I found the address that writes to players health and its shared w/ the enemies
I scanned for commonalities and was able to find the offset for max health
Health in this game is a floating Point so in my case the instruction is
---movss [rbx+0000042C],xmm2(writes to player and enemy Health)
Here is my bare bones script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048,"ShadowOfWar.exe"+2E4D29)
label(returnhere)
label(originalcode)
label(exit)
alloc(newaddress,4,"ShadowOfWar.exe"+2E4D29)
newaddress:
dd (float)0
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
cmp [rbx+344],1
jne originalcode
movss xmm2,[rbx+428]
movss [rbx+0000042C],xmm2
jmp exit
originalcode:
movss [rbx+0000042C],xmm2
exit:
jmp returnhere
"ShadowOfWar.exe"+2E4D29:
jmp newmem
nop 3
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
dealloc(newaddress)
"ShadowOfWar.exe"+2E4D29:
db F3 0F 11 93 2C 04 00 00
//movss [rbx+0000042C],xmm2 |
|
| Back to top |
|
 |
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Wed Dec 06, 2023 10:08 pm Post subject: |
|
|
| Code: | movss xmm2,[rbx+428]
movss [rbx+0000042C],xmm2 |
-We can only guess that this is correct. You can test by changing it:
| Code: | //movss xmm2,[rbx+428] //remove this line of code
mov [rbx+0000042C],(float)999 |
Also, I do not see what newaddress is doing or why you would need it:
| Code: | alloc(newaddress,4,"ShadowOfWar.exe"+2E4D29)
newaddress:
dd (float)0 |
|
|
| Back to top |
|
|
LeFiXER
Grandmaster Cheater Supreme
![]() Reputation: 20
Joined: 02 Sep 2011
Posts: 1069
Location: 0x90
|
| Posted: Wed Dec 06, 2023 10:43 pm Post subject: |
|
|
In conjunction with what ++METHOS has said. Here is how I would make a one-hit-kill/god mode toggle script:
| Code: |
[ENABLE]
alloc(newmem,2048,"ShadowOfWar.exe"+2E4D29)
alloc(ohk,1)
alloc(gm,1)
label(returnhere)
label(originalcode)
label(onehitkill)
label(godmode)
label(exit)
registersymbol(ohk)
registersymbol(gm)
newmem:
cmp [rbx+344],1
jne originalcode
cmp byte ptr [godmode],1
jne onehitkill
movss xmm2,[rbx+428]
movss [rbx+42C],xmm2
jmp onehitkill
onehitkill:
cmp byte ptr [ohk],1
jne originalcode
xorps xmm2,xmm2
movss [rbx+42C],xmm2
jmp exit
originalcode:
movss [rbx+0000042C],xmm2
exit:
jmp returnhere
"ShadowOfWar.exe"+2E4D29:
jmp newmem
nop 3
returnhere:
[DISABLE]
dealloc(newmem)
dealloc(newaddress)
"ShadowOfWar.exe"+2E4D29:
db F3 0F 11 93 2C 04 00 00
//movss [rbx+0000042C],xmm2
|
This does assume that the addresses are correct and the offsets also. You must also add two more scripts to the table for each respective option:
God Mode Toggle:
| Code: |
[ENABLE]
gm:
db 1
[DISABLE]
gm:
db 0
|
One-Hit Kill Toggle:
| Code: |
[ENABLE]
ohk:
db 1
[DISABLE]
ohk:
db 0
|
|
|
| Back to top |
|
|
warheadtris
How do I cheat?
![]() Reputation: 0
Joined: 06 Dec 2023
Posts: 2
|
| Posted: Thu Dec 07, 2023 12:49 am Post subject: |
|
|
Is there a difference between instructions that have an offset like this [rbx+34]
and an offset like this [rbx+0000034]
if so how are they different? |
|
| Back to top |
|
|
LeFiXER
Grandmaster Cheater Supreme
![]() Reputation: 20
Joined: 02 Sep 2011
Posts: 1069
Location: 0x90
|
| Posted: Thu Dec 07, 2023 6:20 am Post subject: |
 |
|
| warheadtris wrote: | Is there a difference between instructions that have an offset like this [rbx+34]
and an offset like this [rbx+0000034]
if so how are they different? |
It doesn't make a difference. 0 is null therefore does not count as anything. It only matters if the digit is larger than zero. |
|
| Back to top |
|
|
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4707
|
| Posted: Thu Dec 07, 2023 1:45 pm Post subject: |
|
|
| warheadtris wrote: | Is there a difference between instructions that have an offset like this [rbx+34]
and an offset like this [rbx+0000034]
if so how are they different? |
Practically, no, they're the same thing. Leading zeroes don't matter. e.g. the number 1 is the same exact number as 01, 001, 0001, etc.
Technically, there is a difference when disassembling instructions:
| Code: | 8B 86 10000000 - mov eax,[rsi+00000010]
8B 46 10 - mov eax,[rsi+10] |
This distinction doesn't matter when assembling instructions. i.e. CE will assemble `mov eax,[rsi+00000010]` to the machine code `8B 46 10` even though CE disassembles that machine code differently. This is one example of why you should restore the original code using `db ...` in code injections.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
