Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Relic Hunters Zero - any ideas?
Goto page Previous  1, 2, 3, 4  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
deama1234
Master Cheater
Reputation: 3

Joined: 20 Dec 2014
Posts: 328

PostPosted: Sat Aug 29, 2015 7:59 am    Post subject: Reply with quote

Quote:
I tied to find in internet, how to push 999, instead of fld1 (1), but failed, lol - game crashed or no effect.

I tied to use fild qword ptr or fld qword ptr - with no succes =(

Code:
check:
push edi
mov edi, 63
fld qword ptr [edi]
pop edi
fstp qword ptr [edi]
jmp exit

You can only use "fld1" to put "1.0" into the stack, there's also 0.0 "fldz".

Heh, what your doing is assigning the address 63 to "edi", then puting whatever value the address has on "63" into the the stack, which is probably "0"; or maybe is used for some important system sh_t, idk.

You need to make a custom address like [mine], then assign it a value like "mov [mine],(float)100", then you can use fld [mine] properly.
Back to top
View user's profile Send private message
Bl00dWolf
Advanced Cheater
Reputation: 0

Joined: 04 Jan 2010
Posts: 79
Location: Russia, Moscow

PostPosted: Sat Aug 29, 2015 8:21 am    Post subject: Reply with quote

deama1234 wrote:

You can only use "fld1" to put "1.0" into the stack, there's also 0.0 "fldz".


I know about fld1\fldz\fldpi, yep.

deama1234 wrote:

Heh, what your doing is assigning the address 63 to "edi", then puting whatever value the address has on "63" into the the stack, which is probably "0"; or maybe is used for some important system sh_t, idk.


oooooooops xD

deama1234 wrote:

You need to make a custom address like [mine], then assign it a value like "mov [mine],(float)100", then you can use fld [mine] properly.


Oh.... Thx! Exactly, what I needed.

Look my previous post please, I updated it


UPDATE 1:
Yep, with this all is ok, ammo now is 99.

Code:

....
alloc(mine,4)
....
check:
mov [mine],63 // 63 hex = 99 dec
fld [mine]
fstp qword ptr [edi]
jmp exit


UPDATE 2:
Inf. Stars ( And ofcourse this script can't work at the same time with Inf.Ammo\Inf.HP scripts. (cas "RelicHuntersZero.exe"+109E4F again) )
Code:

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,64)
alloc(star,4)
label(infstars)
label(returnhere)
label(originalcode)
label(exit)

newmem:
cmp [edi+8],73726550
je infstars

originalcode:
fstp qword ptr [edi]
pop edi
pop esi
pop ebp
jmp returnhere

infstars:
mov [star],(float)99999
fld [star]
fstp qword ptr [edi]
pop edi
pop esi
pop ebp
jmp returnhere

exit:
jmp returnhere

"RelicHuntersZero.exe"+109E4F:
jmp newmem
returnhere:


 
 
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"RelicHuntersZero.exe"+109E4F:
fstp qword ptr [edi]
pop edi
pop esi
pop ebp
//Alt: db DD 1F 5F 5E 5D


Inf. Grenades (can work with any other scripts at the same time):
Code:

[ENABLE]
alloc(newmem,64)
alloc(gr,4)
label(returnhere)
label(originalcode)
label(infgr)
label(exit)

newmem:
cmp [esi+1D],1913F39B000000
je infgr

originalcode:
fstp qword ptr [esi]
pop esi
pop ebp
pop ebx
jmp returnhere

infgr:
mov [gr],(float)5
fld [gr]
fstp qword ptr [esi]
pop esi
pop ebp
pop ebx
jmp returnhere

exit:
jmp returnhere

"RelicHuntersZero.exe"+109C6C:
jmp newmem
returnhere:


 
 
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"RelicHuntersZero.exe"+109C6C:
fstp qword ptr [esi]
pop esi
pop ebp
pop ebx
//Alt: db DD 1E 5E 5D 5B

_________________
Sry for my english, Hitler.
Back to top
View user's profile Send private message
Cake-san
Grandmaster Cheater
Reputation: 8

Joined: 18 Dec 2014
Posts: 541
Location: Semenanjung

PostPosted: Sat Aug 29, 2015 11:10 am    Post subject: Reply with quote

well you can always combine the code like this
Code:

alloc(_star,8)
registersymbol(_star)
alloc(_hp,8)
registersymbol(_hp)

newmem:
cmp [edi+10],187B2
jne originalcode
cmp [edi+170],0 // << new offset.
jne infhp
cmp [edi+8],73726550
je infstars

originalcode:
fstp qword ptr [edi]
pop edi
pop esi
pop ebp
jmp returnhere

infstars:
cmp [_star],01
jne returnhere
mov [star],(float)99999
fld [star]
fstp qword ptr [edi]
pop edi
pop esi
pop ebp
jmp returnhere

infhp:
cmp [_hp],01
jne returnhere
fld1
fstp qword ptr [edi]
pop edi
pop esi
pop ebp

exit:
jmp returnhere

_star:
db 0

_hp:
db 0

"RelicHuntersZero.exe"+109E4F:
jmp newmem
returnhere:

[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"RelicHuntersZero.exe"+109E4F:
db DD 1F 5F 5E 5D
//fstp qword ptr [edi]
//pop edi
//pop esi
//pop ebp
dealloc(_star,8)
unregistersymbol(_star)
dealloc(_hp,8)
unregistersymbol(_hp)

then make another external asm script
Code:

[Enabled]
_star:
db 01
[Disabled]
_star:
db 0

Code:

[Enabled]
_hp:
db 01
[Disabled]
_hp:
db 0

I'm sorry if I'm wrong
Back to top
View user's profile Send private message
deama1234
Master Cheater
Reputation: 3

Joined: 20 Dec 2014
Posts: 328

PostPosted: Sat Aug 29, 2015 11:39 am    Post subject: Reply with quote

Nah; can't find a good unique for the hp. My guess is that the player's ID is somewhere in there, but it changes as well; so you'll have to find an instruction that handles the player's ID, then reference it back into the hp script.
Back to top
View user's profile Send private message
Bl00dWolf
Advanced Cheater
Reputation: 0

Joined: 04 Jan 2010
Posts: 79
Location: Russia, Moscow

PostPosted: Sat Aug 29, 2015 11:40 am    Post subject: Reply with quote

deama1234 wrote:
Nah; can't find a good unique for the hp. My guess is that the player's ID is somewhere in there, but it changes as well; so you'll have to find an instruction that handles the player's ID, then reference it back into the hp script.


+ can't find anything for about 4-5 hours.
And I think this game is not for me, I mean I'm not ready to hack games like that Very Happy Too difficult.

_________________
Sry for my english, Hitler.
Back to top
View user's profile Send private message
Rydian
Grandmaster Cheater Supreme
Reputation: 31

Joined: 17 Sep 2012
Posts: 1358

PostPosted: Sat Aug 29, 2015 5:06 pm    Post subject: Reply with quote

The issue is, this being a Game Maker game (break some stuff and you'll get a standard Game Maker script interpreter error screen so it's not even a guess on my part), only a few variables are built-into the engine (things like "score" and "life" assuming the devs even use those) and anything the devs code custom will be done via scripts and you'll have to find some way to parse the structures or something for comparisons since it'll all be shared code (whether it would make sense or not in another engine).

That is assuming somebody doesn't know of a way to actually find and patch the scripts themselves, which would be great if anybody had info on that, 'cause since the script interpreter is throwing out errors with the creator's custom variable names, I'm pretty sure it's still using scripts internally.

_________________
Back to top
View user's profile Send private message
deama1234
Master Cheater
Reputation: 3

Joined: 20 Dec 2014
Posts: 328

PostPosted: Sat Aug 29, 2015 5:18 pm    Post subject: Reply with quote

"parse the structures"?
Back to top
View user's profile Send private message
Bl00dWolf
Advanced Cheater
Reputation: 0

Joined: 04 Jan 2010
Posts: 79
Location: Russia, Moscow

PostPosted: Sat Aug 29, 2015 5:58 pm    Post subject: Reply with quote

Rydian wrote:
The issue is, this being a Game Maker game (break some stuff and you'll get a standard Game Maker script interpreter error screen so it's not even a guess on my part), only a few variables are built-into the engine (things like "score" and "life" assuming the devs even use those) and anything the devs code custom will be done via scripts and you'll have to find some way to parse the structures or something for comparisons since it'll all be shared code (whether it would make sense or not in another engine).

That is assuming somebody doesn't know of a way to actually find and patch the scripts themselves, which would be great if anybody had info on that, 'cause since the script interpreter is throwing out errors with the creator's custom variable names, I'm pretty sure it's still using scripts internally.


It's OPEN SOURCE game. So anyone can look original code (on c++???). But I do not want to do this. (cas not all games on this engine will be open source. Better to find way with cheat engine for all games on this engine)
http://www.relichunters.com.br/forums/discussion/9/download-the-source-code-here

_________________
Sry for my english, Hitler.


Last edited by Bl00dWolf on Sat Aug 29, 2015 6:46 pm; edited 1 time in total
Back to top
View user's profile Send private message
Rydian
Grandmaster Cheater Supreme
Reputation: 31

Joined: 17 Sep 2012
Posts: 1358

PostPosted: Sat Aug 29, 2015 6:21 pm    Post subject: Reply with quote

It's a Game Maker game, the Game Maker project file is inside that source zip. No C++ or anything like that, the project file is a collection of resources, custom data like rooms, and GML scripts (in one form or another).

Access to the "sources" isn't a concern, it's access to the actual scripts from inside the running exe file from CE's point of view. Actually modding the running game so to speak.

... unless you wanted somebody to make a cheaty version of that game by loading up the project in a licensed copy of Game Maker and editing some of the scripts/data and resaving it or something.

_________________
Back to top
View user's profile Send private message
Bl00dWolf
Advanced Cheater
Reputation: 0

Joined: 04 Jan 2010
Posts: 79
Location: Russia, Moscow

PostPosted: Sat Aug 29, 2015 6:44 pm    Post subject: Reply with quote

Rydian wrote:
It's a Game Maker game, the Game Maker project file is inside that source zip. No C++ or anything like that, the project file is a collection of resources, custom data like rooms, and GML scripts (in one form or another).

Useless files.

Rydian wrote:

... unless you wanted somebody to make a cheaty version of that game by loading up the project in a licensed copy of Game Maker and editing some of the scripts/data and resaving it or something.


I just want to find way to hack any gamer maker game. So, only hardcore, only Cheat Engine.
Or wait until someone will find a way (more experienced than me)

_________________
Sry for my english, Hitler.
Back to top
View user's profile Send private message
Gniarf
Grandmaster Cheater Supreme
Reputation: 43

Joined: 12 Mar 2012
Posts: 1285

PostPosted: Sat Aug 29, 2015 10:16 pm    Post subject: Reply with quote

Rydian wrote:
That is assuming somebody doesn't know of a way to actually find and patch the scripts themselves, which would be great if anybody had info on that.
You can cause a variable name conflict. Variable names are written only once in the whole data.win file and if you replace "ammo_current" (ammo in clip) by "can_fire" (have you finished the refire animation?) the interpreter will think those variables are the same.
If you do that replacement you will have to reload after each shot until you no longer have any reserve ammo, then you'll have a bottomless clip, 'coz as soon as you've finished the firing animation, 1 ammo pops up in your clip and the reload anim doesn't start in-between since you don't have any reserve ammo.

If you look in the source at the definition of the player's class you'll see a:
Code:
if (room == room_start) hp = hp_max;
Which will make you want to replace "room_start" by "room", well, no dice, probably because the function isn't called as often as I had thought.

EDIT: You can get significantly harder to kill by replacing "energy_regen_time_current" by "energy_regen_time" in data.win. Reason:
Code:
//Shield
if energy < (energy_max+overshield)
{
    energy_regen_time_current++;
    if energy_regen_time_current >= energy_regen_time //Since they wrote ">=" instead of ">" here and we turned both variable into aliases of each other, that statement is always true -> shield regen happens all the time when we're not at max shield.
    {
        if (!energy) energy = 1;
        shield = true;
        energy += energy_regen_speed;
        if (energy > (energy_max+overshield)) energy = energy_max+overshield;
    }
    if energy_regen_time_current = energy_regen_time //unfortunately this statement is also always true, casing a massive performance hog... Still, good enough.
    {
        myRecharge = instance_create(x,y,fx_shield_up); 
        audio_play(audio_emitter,false,1,sfx_shield_regen_start);
        myRecharge.owner = id;
    }
   
    if (energy < 0) energy = 0;
}
(from class_player.object.gmx)

For stray googlers that would be unfamiliar with text replacements while keeping filesize unchanged:
ammo:
replace: 00 61 6D 6D 6F 5F 63 75 72 72 65 6E 74 00
by: 00 63 61 6E 5F 66 69 72 65 00 65 6E 74 00
in data.win

supershield:
replace: 00 65 6E 65 72 67 79 5F 72 65 67 65 6E 5F 74 69 6D 65 5F 63 75 72 72 65 6E 74 00
by: 00 65 6E 65 72 67 79 5F 72 65 67 65 6E 5F 74 69 6D 65 00 63 75 72 72 65 6E 74 00
in data.win

EDIT 2: crap, super shield also works for shielded enemies, gotta find something else.

EDIT 3: linking isVulnerable to isDigging makes the player invulnerable to projectiles and explosions, but you can still take damage from melee attacks (dogs and flying green animals). Enemies are unaffected.
directions for non hackers: replace 00 69 73 56 75 6C 6E 65 72 61 62 6C 65 00 by 00 69 73 44 69 67 67 69 6E 67 00 6C 65 00

_________________
DO NOT PM me if you want help on making/fixing/using a hack.


Last edited by Gniarf on Mon Oct 05, 2015 8:40 pm; edited 1 time in total
Back to top
View user's profile Send private message
deama1234
Master Cheater
Reputation: 3

Joined: 20 Dec 2014
Posts: 328

PostPosted: Sun Aug 30, 2015 9:23 am    Post subject: Reply with quote

Alright, managed to get inf hp going.

Code:
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)

label(check)
label(health)
label(health2)

alloc(mine,16)
alloc(count,16)
registersymbol(mine)
registersymbol(count)

newmem: //this is allocated memory, you have read,write,execute access
cmp [edi+10],00018720
je check
cmp [edi+10],000187B2
je health
jmp originalcode

check: // inf ammo too
fstp st(0)
fld1
fstp qword ptr [edi]
jmp exit

///////////////////////////////////////////////////////////////////////////////
health:
cmp [count],01
je health2

fstp st(0)
fldl2t
fmul st(0)
fmul st(0)

fstp qword ptr [edi]
mov [count],01
jmp exit
///////////////////////////////////////////////////////////////////////////////

originalcode:
fstp qword ptr [edi]


exit:
pop edi
pop esi
pop ebp
jmp returnhere

///////////////////////////////////////////////////////////////////////////////
health2:
cmp [edi+04],405E71A6
jne originalcode

fstp st(0)
fldl2t
fmul st(0)
fmul st(0)

fstp qword ptr [edi]
jmp exit
///////////////////////////////////////////////////////////////////////////////

"RelicHuntersZero.exe"+109E4F:
jmp newmem
returnhere:


 
 
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
dealloc(mine)
dealloc(count)
unregistersymbol(mine)
unregistersymbol(count)
"RelicHuntersZero.exe"+109E4F:
fstp qword ptr [edi]
pop edi
pop esi
pop ebp
//Alt: db DD 1F 5F 5E 5D


Since the player's hp seems to always be first in the line, I just assign it a unique value (I think 121.2464556 or something like that), then I just keep comparing for that unique hp value, that seems to work.


Last edited by deama1234 on Sun Aug 30, 2015 9:44 am; edited 1 time in total
Back to top
View user's profile Send private message
Bl00dWolf
Advanced Cheater
Reputation: 0

Joined: 04 Jan 2010
Posts: 79
Location: Russia, Moscow

PostPosted: Sun Aug 30, 2015 9:36 am    Post subject: Reply with quote

Working Shocked
But I can't understand dat code. Need comments ->>> //. If u can, please

For example
Code:

health:
cmp [count],01
je health2

?_?

UPDATE:
Hm, after some time my hp starts decreasing after hit 0_0

_________________
Sry for my english, Hitler.
Back to top
View user's profile Send private message
deama1234
Master Cheater
Reputation: 3

Joined: 20 Dec 2014
Posts: 328

PostPosted: Sun Aug 30, 2015 9:58 am    Post subject: Reply with quote

Code:
health:
cmp [count],01
je health2

Pretty much it waits until [count] is assigned a 1; probably should have called it something like check instead lol.

Code:
fstp st(0)
fldl2t
fmul st(0)
fmul st(0)

fstp qword ptr [edi]
mov [count],01
jmp exit

Once you activate the script, [count] is gonna be 0; so it'll execute this piece of code (pretty much assigns the player 121.12312hp or something like that). Then it will stop executing this code because [count] is a 1 now.

Code:
health2:
cmp [edi+04],405E71A6
jne originalcode

Once that happens it will then start checking for the player's health. Since the players health is a big decimal value (121.775777368908802765), I just compare a half of the double value (405E71A6), should be enough.
Code:

fstp st(0)
fldl2t
fmul st(0)
fmul st(0)

fstp qword ptr [edi]
jmp exit

So, if cmp is fine, it then executes the code that stops hp from going down.

EDIT: I just realised that the:

Code:
health2:
cmp [edi+04],405E71A6
jne originalcode

fstp st(0)
fldl2t
fmul st(0)
fmul st(0)

fstp qword ptr [edi]
jmp exit

is almost useless and can be replaced with:

Code:
health2:
cmp [edi+04],405E71A6
jne originalcode

fstp st(0)
jmp exit
Back to top
View user's profile Send private message
Cake-san
Grandmaster Cheater
Reputation: 8

Joined: 18 Dec 2014
Posts: 541
Location: Semenanjung

PostPosted: Sun Aug 30, 2015 10:04 am    Post subject: Reply with quote

Deleted

Last edited by Cake-san on Sat Sep 26, 2015 4:56 am; edited 1 time in total
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Goto page Previous  1, 2, 3, 4  Next
Page 2 of 4

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites