 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Deadscale
How do I cheat?
![]() Reputation: 0
Joined: 20 Oct 2012
Posts: 4
|
 Posted: Sat Oct 20, 2012 8:21 am Post subject: Help with Code Injection(?/Script(?) problem |
 |
|
Howdy, I've recently started to learn a bit more about hacking then just Nopping and changing values. And I've run across a little problem
I'm attempting to make an Ammo hack for a game, but not one that freezes the value. Apparently the Anti-Cheat doesn't mind if you change values at all, but Nop or freeze the ammo and Boom it bans you. And i can't figure out how to make a script that just Adds value. I'm not sure if this is because the ammo value is Float but I still can't get around it, When ever i use the ADD prefix and shoot it instantly reloads my gun no matter what value i ask it to add.(for example I've tried using add (ecx+10),(float)5 and it just makes me reload, doesn't add anything)
My code atm looks like this (without having the ADD value in)
| Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode:
movss [ecx+10],xmm0
exit:
jmp returnhere
randomgame.exe+randomadress:
jmp newmem
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
randomgame.exe+randomadress:
movss [ecx+10],xmm0
|
Now i figured I'd have to leave the original code alone so it still decreases ammo. But my aim is to remove the [Disable] part later on, and have the script just add 999 ammo to the current value, and then i can turn the script off without reducing the value back down to it's original one (This apparently bypasses the Anti-cheat, I've only left the Disable part there while i figure it out incase i screw something up)
I've tried using add like so
| Code: | originalcode:
movss [ecx+10],xmm0
add [ecx+10],(float)5
|
and this just instantly makes me reload.
I know how to change the value and freeze it by using
| Code: | originalcode:
movss [ecx+10],xmm0
mov [ecx+10],(float)5
|
but this isn't what i want as it keeps the value frozen.
So any ideas? If you need help understanding what I've wrote (I'm quite new to the whole idea of making my own scripts and such, just picking up bits and pieces from tutorials and other code etc.) Then feel free to ask.
Thanks in advance for the help.
Note: I did think about trying to search for a static pointer for the ammo, and I did find one (although apparently it only works Sometimes and if i change the value when it's Not pointing at the ammo it crashes... there's probably more then 1 static pointer but w/e) But i'd like to learn how to do it with a script rather then just using a pointer as in the long run it makes it a lot easier.
EDIT: As per usual When i finally ask about a problem rather then figuring it out myself, i find a topic that has more or less of the same problem.
Apparently I'm supposed to use ADDSS instead of ADD. But i can't get ADDSS working.. It's quite confusing. If anyone would care to explain, i've been able to use ADDSS to another register and use that instead but that continually adds Ammo every time i shoot, and ends up crashing the game.
Edit 2: Still no further forward on it >.< No matter what I do using ADDSS it continually adds the ammo when ever I shoot, I get the feeling this is because i'm using the breakpoint for shooting ammo, whiich is fine, but I can't turn it off once I've turned it on, If i could add 99 ammo when ever I shoot i wouldn't really mind. I'd shoot 2/3 times and turn it off, but apparently it won't turn off, probably because i'm adding it to the xmm0 register. So yeah stuck again.
Last edited by Deadscale on Sat Oct 20, 2012 11:27 am; edited 4 times in total |
|
| Back to top |
|
 |
Tolbin
How do I cheat?
![]() Reputation: 1
Joined: 26 Sep 2011
Posts: 5
|
| Posted: Sat Oct 20, 2012 8:38 am Post subject: |
|
|
Seems addss destination can only be a xmm register.
Maybe try
| Code: | addss xmm0,(float)5.0
movss [ecx+10],xmm0 |
Not 100% sure if you can add a float directly or if you have to go through another xmm register.
|
|
| Back to top |
|
|
Deadscale
How do I cheat?
![]() Reputation: 0
Joined: 20 Oct 2012
Posts: 4
|
| Posted: Sat Oct 20, 2012 8:42 am Post subject: |
|
|
| Tolbin wrote: | Seems addss destination can only be a xmm register.
Maybe try
| Code: | addss xmm0,(float)5.0
movss [ecx+10],xmm0 |
Not 100% sure if you can add a float directly or if you have to go through another xmm register. |
Apparently not, I attempted to do that and it came back with an Error.
It works if you just use
| Code: | addss xmm0, [ecx+10]
movss [ecx+10],xmm0 |
but that again, just keeps adding ammo every time i shoot till it crashes.
|
|
| Back to top |
|
|
DamagedPacket
How do I cheat?
![]() Reputation: 0
Joined: 03 Oct 2010
Posts: 6
|
| Posted: Tue Oct 23, 2012 9:05 am Post subject: |
|
|
Can you simply set the value instead of adding one?
|
|
| Back to top |
|
|
SteveAndrew
Master Cheater
 Reputation: 30
Joined: 02 Sep 2012
Posts: 323
|
| Posted: Fri Oct 26, 2012 1:08 pm Post subject: |
|
|
@Damaged Packet, that isn't a valid instruction... You would have to do
| Code: |
movss xmm0,[ValueOfFive]
ValueOfFive:
dd (float)5
|
Working with SSE instructions is a bit different than regular instructions, the same rules don't apply... the source operand has to be either an xmm register or a 32-bit memory location in this case...
OP said that wouldn't work anyway, he can't just freeze the value, he needs to still get infinite ammo without 'freezing' the value at a certain amount...
@DeadScale:
EDIT: I just realized something, xmm0 at the start of this hook probably contains your current amount of bullets with 1 subtracted already, so make sure to change:
| Code: |
OneSingleBullet:
dd (float)1.0
|
To:
| Code: |
OneSingleBullet:
dd (float)2.0
|
Or actually I'll change that for you so you wont get banned LOL or it will likely just end up freezing the value lol
Okay you said you would get banned if you just 'freeze' the value as the game likely has a check that if your ammo stays at the same value too long it knows your 'freezing' it at that value and bans you... Now I don't condone online hacking (as if you can get banned its probably an online game) but try this:
What should work is increasing the value until it hits a certain amount then reset it back to 1, and let it increase again until it hits that amount again... You'll see your ammo moving around between 1 and whatever number you want, but if it works and doesn't kick you out of the game then so what...
For example, each time you shoot a bullet it will increase your bullets by 1 instead of decrease, then when it gets to say 99 bullets reset it to 1 and keep doing the same thing...
The issue here is we can't use a regular compare, ex. "cmp" because xmm registers are used and in this case the SS variety of instructions are used...
So we can either use 'CMPSS' to compare the xmm0 register with a value (say 99.0) or we can just use a regular compare 'CMP' after moving the value from xmm0 into a memory location or converting it to a standard register (cvttss2si)... But lets use CMPSS first to have some fun, and learn how it works in case we ever need to actually use it! EDIT: actually we need it in this case you'll see below 
Try this script:
| Code: |
[enable]
alloc(InfiniteAmmoProVersion,128)
label(KeepAddingUntilBulletsAreNinetyNineOrGreater)
label(RegularCode)
label(CurrentBulletsAmount)
label(NinetyNineBullets)
label(OneSingleBullet)
label(AmmoRet)
InfiniteAmmoProVersion:
movss [CurrentBulletsAmount],xmm0
cmpss xmm0,[NinetyNineBullets],1
push eax
cvttss2si eax,xmm0
test eax,eax
pop eax
jne KeepAddingUntilBulletsAreNinetyNineOrGreater
//Bullets equals 99 or greater here, so reset it to 1, so it can repeat this again :D
movss xmm0,[OneSingleBullet]
jmp RegularCode
KeepAddingUntilBulletsAreNinetyNineOrGreater:
movss xmm0,[CurrentBulletsAmount]
addss xmm0,[OneSingleBullet]
RegularCode:
movss [ecx+10],xmm0
jmp AmmoRet
CurrentBulletsAmount:
dd 0
NinetyNineBullets:
dd (float)99.0
OneSingleBullet:
dd (float)2.0
randomgame.exe+randomadress:
jmp InfiniteAmmoProVersion
AmmoRet:
[disable]
randomgame.exe+randomadress:
movss [ecx+10],xmm0
dealloc(InfiniteAmmoProVersion)
|
Okay so lets break down whats going on here in this script:
| Code: |
movss [CurrentBulletsAmount],xmm0
|
This stores your current bullets amount as the next instruction: cmpss overwrites the xmm0 with the result of the compare...
| Code: |
cmpss xmm0,[NinetyNineBullets],1
|
Checks if xmm0 is less than [NinetyNineBullets] and stores the result in the first position of xmm0...
The first position in xmm0 contains 0xFFFFFFFF for true, or 0 for false
Converts the value from the first position of xmm0 into a standard value and puts it into eax so we can test against it...
Checks if the eax register's value is zero, basically the same as 'or eax,eax' or 'cmp eax,0'
Everything else is pretty self explanatory, we push and pop eax to not alter its value...
Ask me if you have any questions...
Of course you have to fix the randomgame.exe+randomaddress as you didn't include the true address or what game it is, but I'm sure you know that...
| Code: |
CMPSS xmm0, [NinetyNineBullets],0
|
Would have compared if its equal to 99 bullets instead of less than... I think what I used is better as you might pickup some bullets in the game and have more then 99 so to keep it working in all cases might be best to do it like I did it!
changing the last operand, specifies how to compare it... 0 is equal to, 1 is less than, 2 is equal to or less than, etc... here's a good reference: http://asm.inightmare.org/opcodelst/index.php?op=CMPSS
Oh and here's the less pro version which doesn't use cmpss and instead just uses a regular compare, and actually I just realized something... this one will still crash you! As since we aren't comparing against the actual float value we cannot check if its greater than a certain amount, etc... We can only compare directly to the value... So the problem here is that you could go over the amount of bullets we are checking against in which case well keep adding bullets until you crash... So its actually good that I took the time to figure out CMPSS in the script above, as it is actually needed in this case...
| Code: |
alloc(InfiniteAmmo,128)
label(KeepAddingUntilBulletsEqualsNinetyNine)
label(RegularCode)
label(CurrentBulletsAmount)
label(NinetyNineBullets)
label(OneSingleBullet)
label(AmmoRet)
InfiniteAmmo:
movss [CurrentBulletsAmount],xmm0
cmp [CurrentBulletsAmount],(float)99.0
jne KeepAddingUntilBulletsEqualsNinetyNine
//Bullets equals 99 here, so reset it to 1, so it can repeat this again :D
movss xmm0,[OneSingleBullet]
jmp RegularCode
KeepAddingUntilBulletsEqualsNinetyNine:
addss xmm0,[OneSingleBullet]
RegularCode:
movss [ecx+10],xmm0
jmp AmmoRet
CurrentBulletsAmount:
dd 0
NinetyNineBullets:
dd (float)99.0
OneSingleBullet:
dd (float)2.0
randomgame.exe+randomadress:
jmp InfiniteAmmo
AmmoRet:
[disable]
randomgame.exe+randomadress:
movss [ecx+10],xmm0
dealloc(InfiniteAmmo)
|
cvttss2si could be used in this script instead of movss [CurrentAmountAmount],xmm0... or movss [CompareWasTrueOrFalse],xmm0 could be used in the pro script instead of cvttss2si and then cmp [CompareWasTrueOrFalse],0 instead of test,eax,eax, so I didn't have to use cvttss2si I just chose to...
So they could be swapped around if desired...
Hope this helps!
_________________
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
