 |
Cheat Engine The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
deama1234 Master Cheater
Reputation: 3
Joined: 20 Dec 2014 Posts: 328
|
Posted: Sat Aug 29, 2015 7:59 am Post subject: |
|
|
| Quote: | I tied to find in internet, how to push 999, instead of fld1 (1), but failed, lol - game crashed or no effect.
I tied to use fild qword ptr or fld qword ptr - with no succes =(
Code:
check:
push edi
mov edi, 63
fld qword ptr [edi]
pop edi
fstp qword ptr [edi]
jmp exit |
You can only use "fld1" to put "1.0" into the stack, there's also 0.0 "fldz".
Heh, what your doing is assigning the address 63 to "edi", then puting whatever value the address has on "63" into the the stack, which is probably "0"; or maybe is used for some important system sh_t, idk.
You need to make a custom address like [mine], then assign it a value like "mov [mine],(float)100", then you can use fld [mine] properly.
|
|
| Back to top |
|
 |
Bl00dWolf Advanced Cheater
Reputation: 0
Joined: 04 Jan 2010 Posts: 79 Location: Russia, Moscow
|
Posted: Sat Aug 29, 2015 8:21 am Post subject: |
|
|
| deama1234 wrote: |
You can only use "fld1" to put "1.0" into the stack, there's also 0.0 "fldz".
|
I know about fld1\fldz\fldpi, yep.
| deama1234 wrote: |
Heh, what your doing is assigning the address 63 to "edi", then puting whatever value the address has on "63" into the the stack, which is probably "0"; or maybe is used for some important system sh_t, idk.
|
oooooooops xD
| deama1234 wrote: |
You need to make a custom address like [mine], then assign it a value like "mov [mine],(float)100", then you can use fld [mine] properly. |
Oh.... Thx! Exactly, what I needed.
Look my previous post please, I updated it
UPDATE 1:
Yep, with this all is ok, ammo now is 99.
| Code: |
....
alloc(mine,4)
....
check:
mov [mine],63 // 63 hex = 99 dec
fld [mine]
fstp qword ptr [edi]
jmp exit
|
UPDATE 2:
Inf. Stars ( And ofcourse this script can't work at the same time with Inf.Ammo\Inf.HP scripts. (cas "RelicHuntersZero.exe"+109E4F again) )
| Code: |
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,64)
alloc(star,4)
label(infstars)
label(returnhere)
label(originalcode)
label(exit)
newmem:
cmp [edi+8],73726550
je infstars
originalcode:
fstp qword ptr [edi]
pop edi
pop esi
pop ebp
jmp returnhere
infstars:
mov [star],(float)99999
fld [star]
fstp qword ptr [edi]
pop edi
pop esi
pop ebp
jmp returnhere
exit:
jmp returnhere
"RelicHuntersZero.exe"+109E4F:
jmp newmem
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"RelicHuntersZero.exe"+109E4F:
fstp qword ptr [edi]
pop edi
pop esi
pop ebp
//Alt: db DD 1F 5F 5E 5D
|
Inf. Grenades (can work with any other scripts at the same time):
| Code: |
[ENABLE]
alloc(newmem,64)
alloc(gr,4)
label(returnhere)
label(originalcode)
label(infgr)
label(exit)
newmem:
cmp [esi+1D],1913F39B000000
je infgr
originalcode:
fstp qword ptr [esi]
pop esi
pop ebp
pop ebx
jmp returnhere
infgr:
mov [gr],(float)5
fld [gr]
fstp qword ptr [esi]
pop esi
pop ebp
pop ebx
jmp returnhere
exit:
jmp returnhere
"RelicHuntersZero.exe"+109C6C:
jmp newmem
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"RelicHuntersZero.exe"+109C6C:
fstp qword ptr [esi]
pop esi
pop ebp
pop ebx
//Alt: db DD 1E 5E 5D 5B
|
_________________
Sry for my english, Hitler.
 |
|
| Back to top |
|
 |
Cake-san Grandmaster Cheater
Reputation: 8
Joined: 18 Dec 2014 Posts: 541 Location: Semenanjung
|
Posted: Sat Aug 29, 2015 11:10 am Post subject: |
|
|
well you can always combine the code like this
| Code: |
alloc(_star,8)
registersymbol(_star)
alloc(_hp,8)
registersymbol(_hp)
newmem:
cmp [edi+10],187B2
jne originalcode
cmp [edi+170],0 // << new offset.
jne infhp
cmp [edi+8],73726550
je infstars
originalcode:
fstp qword ptr [edi]
pop edi
pop esi
pop ebp
jmp returnhere
infstars:
cmp [_star],01
jne returnhere
mov [star],(float)99999
fld [star]
fstp qword ptr [edi]
pop edi
pop esi
pop ebp
jmp returnhere
infhp:
cmp [_hp],01
jne returnhere
fld1
fstp qword ptr [edi]
pop edi
pop esi
pop ebp
exit:
jmp returnhere
_star:
db 0
_hp:
db 0
"RelicHuntersZero.exe"+109E4F:
jmp newmem
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"RelicHuntersZero.exe"+109E4F:
db DD 1F 5F 5E 5D
//fstp qword ptr [edi]
//pop edi
//pop esi
//pop ebp
dealloc(_star,8)
unregistersymbol(_star)
dealloc(_hp,8)
unregistersymbol(_hp)
|
then make another external asm script
| Code: |
[Enabled]
_star:
db 01
[Disabled]
_star:
db 0
|
| Code: |
[Enabled]
_hp:
db 01
[Disabled]
_hp:
db 0
|
I'm sorry if I'm wrong
|
|
| Back to top |
|
 |
deama1234 Master Cheater
Reputation: 3
Joined: 20 Dec 2014 Posts: 328
|
Posted: Sat Aug 29, 2015 11:39 am Post subject: |
|
|
| Nah; can't find a good unique for the hp. My guess is that the player's ID is somewhere in there, but it changes as well; so you'll have to find an instruction that handles the player's ID, then reference it back into the hp script.
|
|
| Back to top |
|
 |
Bl00dWolf Advanced Cheater
Reputation: 0
Joined: 04 Jan 2010 Posts: 79 Location: Russia, Moscow
|
Posted: Sat Aug 29, 2015 11:40 am Post subject: |
|
|
| deama1234 wrote: | | Nah; can't find a good unique for the hp. My guess is that the player's ID is somewhere in there, but it changes as well; so you'll have to find an instruction that handles the player's ID, then reference it back into the hp script. |
+ can't find anything for about 4-5 hours.
And I think this game is not for me, I mean I'm not ready to hack games like that Too difficult.
_________________
Sry for my english, Hitler.
 |
|
| Back to top |
|
 |
Rydian Grandmaster Cheater Supreme
Reputation: 31
Joined: 17 Sep 2012 Posts: 1358
|
Posted: Sat Aug 29, 2015 5:06 pm Post subject: |
|
|
The issue is, this being a Game Maker game (break some stuff and you'll get a standard Game Maker script interpreter error screen so it's not even a guess on my part), only a few variables are built-into the engine (things like "score" and "life" assuming the devs even use those) and anything the devs code custom will be done via scripts and you'll have to find some way to parse the structures or something for comparisons since it'll all be shared code (whether it would make sense or not in another engine).
That is assuming somebody doesn't know of a way to actually find and patch the scripts themselves, which would be great if anybody had info on that, 'cause since the script interpreter is throwing out errors with the creator's custom variable names, I'm pretty sure it's still using scripts internally.
_________________
|
|
| Back to top |
|
 |
deama1234 Master Cheater
Reputation: 3
Joined: 20 Dec 2014 Posts: 328
|
Posted: Sat Aug 29, 2015 5:18 pm Post subject: |
|
|
| "parse the structures"?
|
|
| Back to top |
|
 |
Bl00dWolf Advanced Cheater
Reputation: 0
Joined: 04 Jan 2010 Posts: 79 Location: Russia, Moscow
|
Posted: Sat Aug 29, 2015 5:58 pm Post subject: |
|
|
| Rydian wrote: | The issue is, this being a Game Maker game (break some stuff and you'll get a standard Game Maker script interpreter error screen so it's not even a guess on my part), only a few variables are built-into the engine (things like "score" and "life" assuming the devs even use those) and anything the devs code custom will be done via scripts and you'll have to find some way to parse the structures or something for comparisons since it'll all be shared code (whether it would make sense or not in another engine).
That is assuming somebody doesn't know of a way to actually find and patch the scripts themselves, which would be great if anybody had info on that, 'cause since the script interpreter is throwing out errors with the creator's custom variable names, I'm pretty sure it's still using scripts internally. |
It's OPEN SOURCE game. So anyone can look original code (on c++???). But I do not want to do this. (cas not all games on this engine will be open source. Better to find way with cheat engine for all games on this engine)
http://www.relichunters.com.br/forums/discussion/9/download-the-source-code-here
_________________
Sry for my english, Hitler.

Last edited by Bl00dWolf on Sat Aug 29, 2015 6:46 pm; edited 1 time in total |
|
| Back to top |
|
 |
Rydian Grandmaster Cheater Supreme
Reputation: 31
Joined: 17 Sep 2012 Posts: 1358
|
Posted: Sat Aug 29, 2015 6:21 pm Post subject: |
|
|
It's a Game Maker game, the Game Maker project file is inside that source zip. No C++ or anything like that, the project file is a collection of resources, custom data like rooms, and GML scripts (in one form or another).
Access to the "sources" isn't a concern, it's access to the actual scripts from inside the running exe file from CE's point of view. Actually modding the running game so to speak.
... unless you wanted somebody to make a cheaty version of that game by loading up the project in a licensed copy of Game Maker and editing some of the scripts/data and resaving it or something.
_________________
|
|
| Back to top |
|
 |
Bl00dWolf Advanced Cheater
Reputation: 0
Joined: 04 Jan 2010 Posts: 79 Location: Russia, Moscow
|
Posted: Sat Aug 29, 2015 6:44 pm Post subject: |
|
|
| Rydian wrote: | It's a Game Maker game, the Game Maker project file is inside that source zip. No C++ or anything like that, the project file is a collection of resources, custom data like rooms, and GML scripts (in one form or another).
|
Useless files.
| Rydian wrote: |
... unless you wanted somebody to make a cheaty version of that game by loading up the project in a licensed copy of Game Maker and editing some of the scripts/data and resaving it or something. |
I just want to find way to hack any gamer maker game. So, only hardcore, only Cheat Engine.
Or wait until someone will find a way (more experienced than me)
_________________
Sry for my english, Hitler.
 |
|
| Back to top |
|
 |
Gniarf Grandmaster Cheater Supreme
Reputation: 43
Joined: 12 Mar 2012 Posts: 1285
|
Posted: Sat Aug 29, 2015 10:16 pm Post subject: |
|
|
| Rydian wrote: | | That is assuming somebody doesn't know of a way to actually find and patch the scripts themselves, which would be great if anybody had info on that. | You can cause a variable name conflict. Variable names are written only once in the whole data.win file and if you replace "ammo_current" (ammo in clip) by "can_fire" (have you finished the refire animation?) the interpreter will think those variables are the same.
If you do that replacement you will have to reload after each shot until you no longer have any reserve ammo, then you'll have a bottomless clip, 'coz as soon as you've finished the firing animation, 1 ammo pops up in your clip and the reload anim doesn't start in-between since you don't have any reserve ammo.
If you look in the source at the definition of the player's class you'll see a: | Code: | | if (room == room_start) hp = hp_max; | Which will make you want to replace "room_start" by "room", well, no dice, probably because the function isn't called as often as I had thought.
EDIT: You can get significantly harder to kill by replacing "energy_regen_time_current" by "energy_regen_time" in data.win. Reason:
| Code: | //Shield
if energy < (energy_max+overshield)
{
energy_regen_time_current++;
if energy_regen_time_current >= energy_regen_time //Since they wrote ">=" instead of ">" here and we turned both variable into aliases of each other, that statement is always true -> shield regen happens all the time when we're not at max shield.
{
if (!energy) energy = 1;
shield = true;
energy += energy_regen_speed;
if (energy > (energy_max+overshield)) energy = energy_max+overshield;
}
if energy_regen_time_current = energy_regen_time //unfortunately this statement is also always true, casing a massive performance hog... Still, good enough.
{
myRecharge = instance_create(x,y,fx_shield_up);
audio_play(audio_emitter,false,1,sfx_shield_regen_start);
myRecharge.owner = id;
}
if (energy < 0) energy = 0;
} | (from class_player.object.gmx)
For stray googlers that would be unfamiliar with text replacements while keeping filesize unchanged:
ammo:
replace: 00 61 6D 6D 6F 5F 63 75 72 72 65 6E 74 00
by: 00 63 61 6E 5F 66 69 72 65 00 65 6E 74 00
in data.win
supershield:
replace: 00 65 6E 65 72 67 79 5F 72 65 67 65 6E 5F 74 69 6D 65 5F 63 75 72 72 65 6E 74 00
by: 00 65 6E 65 72 67 79 5F 72 65 67 65 6E 5F 74 69 6D 65 00 63 75 72 72 65 6E 74 00
in data.win
EDIT 2: crap, super shield also works for shielded enemies, gotta find something else.
EDIT 3: linking isVulnerable to isDigging makes the player invulnerable to projectiles and explosions, but you can still take damage from melee attacks (dogs and flying green animals). Enemies are unaffected.
directions for non hackers: replace 00 69 73 56 75 6C 6E 65 72 61 62 6C 65 00 by 00 69 73 44 69 67 67 69 6E 67 00 6C 65 00
_________________
DO NOT PM me if you want help on making/fixing/using a hack.
Last edited by Gniarf on Mon Oct 05, 2015 8:40 pm; edited 1 time in total |
|
| Back to top |
|
 |
deama1234 Master Cheater
Reputation: 3
Joined: 20 Dec 2014 Posts: 328
|
Posted: Sun Aug 30, 2015 9:23 am Post subject: |
|
|
Alright, managed to get inf hp going.
| Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
label(check)
label(health)
label(health2)
alloc(mine,16)
alloc(count,16)
registersymbol(mine)
registersymbol(count)
newmem: //this is allocated memory, you have read,write,execute access
cmp [edi+10],00018720
je check
cmp [edi+10],000187B2
je health
jmp originalcode
check: // inf ammo too
fstp st(0)
fld1
fstp qword ptr [edi]
jmp exit
///////////////////////////////////////////////////////////////////////////////
health:
cmp [count],01
je health2
fstp st(0)
fldl2t
fmul st(0)
fmul st(0)
fstp qword ptr [edi]
mov [count],01
jmp exit
///////////////////////////////////////////////////////////////////////////////
originalcode:
fstp qword ptr [edi]
exit:
pop edi
pop esi
pop ebp
jmp returnhere
///////////////////////////////////////////////////////////////////////////////
health2:
cmp [edi+04],405E71A6
jne originalcode
fstp st(0)
fldl2t
fmul st(0)
fmul st(0)
fstp qword ptr [edi]
jmp exit
///////////////////////////////////////////////////////////////////////////////
"RelicHuntersZero.exe"+109E4F:
jmp newmem
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
dealloc(mine)
dealloc(count)
unregistersymbol(mine)
unregistersymbol(count)
"RelicHuntersZero.exe"+109E4F:
fstp qword ptr [edi]
pop edi
pop esi
pop ebp
//Alt: db DD 1F 5F 5E 5D |
Since the player's hp seems to always be first in the line, I just assign it a unique value (I think 121.2464556 or something like that), then I just keep comparing for that unique hp value, that seems to work.
Last edited by deama1234 on Sun Aug 30, 2015 9:44 am; edited 1 time in total |
|
| Back to top |
|
 |
Bl00dWolf Advanced Cheater
Reputation: 0
Joined: 04 Jan 2010 Posts: 79 Location: Russia, Moscow
|
Posted: Sun Aug 30, 2015 9:36 am Post subject: |
|
|
Working
But I can't understand dat code. Need comments ->>> //. If u can, please
For example
| Code: |
health:
cmp [count],01
je health2
|
?_?
UPDATE:
Hm, after some time my hp starts decreasing after hit 0_0
_________________
Sry for my english, Hitler.
 |
|
| Back to top |
|
 |
deama1234 Master Cheater
Reputation: 3
Joined: 20 Dec 2014 Posts: 328
|
Posted: Sun Aug 30, 2015 9:58 am Post subject: |
|
|
| Code: | health:
cmp [count],01
je health2 |
Pretty much it waits until [count] is assigned a 1; probably should have called it something like check instead lol.
| Code: | fstp st(0)
fldl2t
fmul st(0)
fmul st(0)
fstp qword ptr [edi]
mov [count],01
jmp exit |
Once you activate the script, [count] is gonna be 0; so it'll execute this piece of code (pretty much assigns the player 121.12312hp or something like that). Then it will stop executing this code because [count] is a 1 now.
| Code: | health2:
cmp [edi+04],405E71A6
jne originalcode |
Once that happens it will then start checking for the player's health. Since the players health is a big decimal value (121.775777368908802765), I just compare a half of the double value (405E71A6), should be enough.
| Code: |
fstp st(0)
fldl2t
fmul st(0)
fmul st(0)
fstp qword ptr [edi]
jmp exit |
So, if cmp is fine, it then executes the code that stops hp from going down.
EDIT: I just realised that the:
| Code: | health2:
cmp [edi+04],405E71A6
jne originalcode
fstp st(0)
fldl2t
fmul st(0)
fmul st(0)
fstp qword ptr [edi]
jmp exit |
is almost useless and can be replaced with:
| Code: | health2:
cmp [edi+04],405E71A6
jne originalcode
fstp st(0)
jmp exit |
|
|
| Back to top |
|
 |
Cake-san Grandmaster Cheater
Reputation: 8
Joined: 18 Dec 2014 Posts: 541 Location: Semenanjung
|
Posted: Sun Aug 30, 2015 10:04 am Post subject: |
|
|
Deleted
Last edited by Cake-san on Sat Sep 26, 2015 4:56 am; edited 1 time in total |
|
| Back to top |
|
 |
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|