 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
shadowpt
Advanced Cheater
![]() Reputation: 0
Joined: 04 Jun 2011
Posts: 82
|
 Posted: Fri Jul 12, 2013 12:41 pm Post subject: Help with replacing xmm1 with a floating point |
 |
|
So I am trying to increase the speed at which a vehicle moves and I have traced back to this opcode
| Code: | | movss [eax+24],xmm1 |
Now I can change the speed directly in the address, the problem is that it will either be a constant speed or normal speed, no middle term.
So I am now trying to change that opcode so it doubles, triples, n increases the value each time it runs so everytime the vehicle moves it moves at a faster speed than normal.
I tried changing that same opcode in the memory viewer with
| Code: | | movss [eax+24],(float)10.00 |
But gives me | Quote: | "I don't understand what you mean with
movss [eax+24],(float)10.00" |
So I am now stuck at this part, thought it would be easy and quick but I was wrong.
Can anyone guide me through this?
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 458
Joined: 09 May 2003
Posts: 25296
Location: The netherlands
|
| Posted: Fri Jul 12, 2013 12:52 pm Post subject: |
|
|
mov [eax+24],(float)10
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
shadowpt
Advanced Cheater
![]() Reputation: 0
Joined: 04 Jun 2011
Posts: 82
|
| Posted: Fri Jul 12, 2013 1:17 pm Post subject: |
|
|
| Dark Byte wrote: | | mov [eax+24],(float)10 |
With no SS?? I thought I couldn't do that, will try later when I get home, thanks for the quick reply!
|
|
| Back to top |
|
|
shadowpt
Advanced Cheater
![]() Reputation: 0
Joined: 04 Jun 2011
Posts: 82
|
| Posted: Sat Jul 13, 2013 10:24 am Post subject: |
|
|
So I did what you said and it worked but the result was not what I was expecting. Doing what I did kinda kills the physics of the game, the vehicle starts floating around and restoring the code makes no difference.
It seems that the opcode I mentioned is responsible for more things than I thought and I have been reading the code above and below trying to figure out what it is going on.
When I scan for what writes to that address there are 3 specific opcodes that popup, constantly. Doesn't matter if I move or not, they are always writing to that address (This is only for the address responsible for movement in X axis):
| Code: | movss [eax+30],xmm0
movss [eax+20],xmm2
fstp dword ptr [eax+20] |
Now I already changed the first 2 opcodes by replacing the xmm with (float)10 but this isn't really what I was trying to achieve, I actually just want to double or triple the value each time the function runs.
This way whenever I move up down left or right the movement increments are doubled or trippled resulting in a speedhack.
Now here is what the surrounding opcodes look like for the first 2
| Code: | je Phys_x86.dll+1D7CB4
mov eax,[esi+40]
movss xmm0,[eax+30]
addss xmm0,[esi+00000094]
movss [eax+30],xmm0
movss xmm0,[esi+00000098]
addss xmm0,[eax+34]
movss [eax+34],xmm0
movss xmm0,[esi+0000009C]
addss xmm0,[eax+38]
movss [eax+38],xmm0
movss xmm0,[esi+000000A0]
addss xmm0,[eax+40]
movss [eax+40],xmm0
movss xmm0,[esi+000000A4]
addss xmm0,[eax+44]
movss [eax+44],xmm0
movss xmm0,[esi+000000A8]
addss xmm0,[eax+48]
movss [eax+48],xmm0
push 30
|
| Code: | jna Phys_x86.dll+132510
divss xmm7,xmm0
sqrtss xmm0,xmm7
movaps xmm7,xmm0
mulss xmm7,xmm4
movaps xmm4,xmm7
mulss xmm5,xmm0
mulss xmm6,xmm0
mov ecx,[ebp-0C]
mov edx,[ecx]
movss [eax+20],xmm2
movss [eax+24],xmm1
movss [eax+28],xmm3
push edx
push eax
movss [eax+30],xmm4
movss [eax+34],xmm5
movss [eax+38],xmm6
lea eax,[esi-00000140]
|
I assume that the opcodes for the XYZ are all there because their addresses are always separated by 4 (xxxxxxxx0 xxxxxxxx4 xxxxxxxx8)
I have been trying to figure out what I should change and how I should change it in order to double the movement increment but I am lost, do you happen to know what I should do?
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sat Jul 13, 2013 3:11 pm Post subject: |
|
|
You need to find an instruction that writes to your coordinate values only when you are moving your character (or figure out a way to apply your changes only when you are moving)...otherwise, the incrementing value for your speed hack will constantly move your character.
By the way, this is not how a typical speed hack is made. This is technically more of a teleport hack, as your character is basically skipping frames. It will be interesting to see how it pans out.
|
|
| Back to top |
|
|
shadowpt
Advanced Cheater
![]() Reputation: 0
Joined: 04 Jun 2011
Posts: 82
|
| Posted: Sat Jul 13, 2013 6:24 pm Post subject: |
|
|
| GNIREENIGNE wrote: | You need to find an instruction that writes to your coordinate values only when you are moving your character (or figure out a way to apply your changes only when you are moving)...otherwise, the incrementing value for your speed hack will constantly move your character.
By the way, this is not how a typical speed hack is made. This is technically more of a teleport hack, as your character is basically skipping frames. It will be interesting to see how it pans out. |
Well the thing is, like I said above, the addresses that hold the value for the movement speed are always being written, even when I don't move, and those 3 are the instructions that pop up when I move and when I don't move.
I know those are speed values because when I change them the vehicle speeds up, if I freeze and change it will speed up until it hits the max speed limit.
If this isn't the way to speedhack then which one is it? Teleporting is already done and that is not what I am trying to achieve here, teleporting allows me to move from A to B instantly, I just want to drive the vehicles faster. CE's speedhack is a no go, it cripples the entire game.
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sat Jul 13, 2013 7:10 pm Post subject: |
|
|
Sorry, it seems I overlooked some important things in your post (my fault). I was under the impression that you were trying to alter your character's XZ coordinates to simulate a speed hack. I now see that I failed. 
I assume that the first two instructions give you a result that is close to what you want?:
| Code: | movss [eax+30],xmm0
movss [eax+20],xmm2 |
If that is the case, I would start by right-clicking on the first instruction (in disassembler window), and checking to see what addresses it accesses. Do the same for the second instruction. If both instructions access multiple addresses, you will need to filter out the unnecessary addresses in your script.
Are you mostly concerned with incrementing this value, so that your speed transitions smoothly...or are you more concerned with just having more speed options to work with (as opposed to just normal and fast)?
Do you know if the value that you are manipulating is your actual speed value, or is it your top speed value? What are we working with?
If you want, we can assign a controller button to increment/decrement it, for convenience.
|
|
| Back to top |
|
|
shadowpt
Advanced Cheater
![]() Reputation: 0
Joined: 04 Jun 2011
Posts: 82
|
| Posted: Sun Jul 14, 2013 5:52 am Post subject: |
|
|
I did check which addresses they access and a ton of addresses popup, hundreds of them.
All I am trying to achieve is something like this
| Code: | movss [eax+30],xmm0*(float)2
movss [eax+20],xmm2*(float)2 |
to double the speed or
| Code: | movss [eax+30],xmm0*(float)3
movss [eax+20],xmm2*(float)3 |
to triple the speed
The best and easiest way would be to set a hotkey for the speed address to multiply the value, just like with the function of "Increase value with" but it would be like this: "Multiply value with"
This would be a great addition to CE and would make my life so much easier :/
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 458
Joined: 09 May 2003
Posts: 25296
Location: The netherlands
|
| Posted: Sun Jul 14, 2013 7:00 am Post subject: |
|
|
Set a hotkey and make it a set value hotkey
then in the new value fill in:
| Code: |
[getAddressList().getMemoryRecordByDescription('something').value*3]
|
and replace something with the description of your cheat entry
sure, it's not as nice looking as a multiply value by hotkey, but it works the same
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping
Last edited by Dark Byte on Sun Jul 14, 2013 7:03 am; edited 1 time in total |
|
| Back to top |
|
|
mgr.inz.Player
I post too much
 Reputation: 218
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sun Jul 14, 2013 7:00 am Post subject: |
|
|
| shadowpt wrote: | All I am trying to achieve is something like this
| Code: | | movss [eax+30],xmm0*(float)2 |
to double the speed or
|
| Code: |
sub esp,04
mov [esp],(float)2.0
mulss xmm0,[esp]
add esp,04
movss [eax+30],xmm0 |
| shadowpt wrote: | I did check which addresses they access and a ton of addresses popup, hundreds of them.
|
Not good. You have to use some "filtering" techniques.
_________________
|
|
| Back to top |
|
|
shadowpt
Advanced Cheater
![]() Reputation: 0
Joined: 04 Jun 2011
Posts: 82
|
| Posted: Sun Jul 14, 2013 7:53 am Post subject: |
|
|
| Dark Byte wrote: | Set a hotkey and make it a set value hotkey
then in the new value fill in:
| Code: |
[getAddressList().getMemoryRecordByDescription('something').value*3]
|
and replace something with the description of your cheat entry
sure, it's not as nice looking as a multiply value by hotkey, but it works the same |
This worked! But not as I expected :/
When I use this it will always multiply the present value, so if the speed is 10.00 it will multiply by 3 = 30.00 and since I have to keep the hotkey pressed so the value doesn't return to the default it will again multiply 30.00 by 3 again = 60.00 and so on, I ended up warping against the map limits, it was so fast!
I guess I am not approaching this the right way, I will instead try to find the default increment value that the game has set and change that value to a bigger one so when I move the game takes the increased value and adds up to the speed.
@mgr.inz.Player I tried your code but the result was the same as the first suggestion in this thread, the physics went bananas and the vehicle just started floating forever.
I am very gratefull for everyone's help, I have learned a lot here today that I didn't know before, I will post back when I have found anything worth changing.
Any tips regarding on how to find the specific default speed value that the address is picking up? I already went through the data structure and didn't find anything usefull so this might be located in a very different place.
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 218
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sun Jul 14, 2013 8:03 am Post subject: |
|
|
So, you have to add upper limit.
| Code: | sub esp,04
mov [esp],(float)2.0
mulss xmm0,[esp]
add esp,04
movss [eax+30],xmm0
cmp dword ptr [eax+30],(float)400
jb donotadjust
mov dword ptr [eax+30],(float)400
donotadjust: |
_________________
|
|
| Back to top |
|
|
shadowpt
Advanced Cheater
![]() Reputation: 0
Joined: 04 Jun 2011
Posts: 82
|
| Posted: Sun Jul 14, 2013 2:31 pm Post subject: |
|
|
| mgr.inz.Player wrote: | So, you have to add upper limit.
| Code: | sub esp,04
mov [esp],(float)2.0
mulss xmm0,[esp]
add esp,04
movss [eax+30],xmm0
cmp dword ptr [eax+30],(float)400
jb donotadjust
mov dword ptr [eax+30],(float)400
donotadjust: |
|
I am sorry, I thought I was doing what you said right but as I discovered I was doing it wrong.
I thought I just had to copy and paste your code in place of the original one but it only allows one line of code.
I tried selecting the code and open Auto Assemble but it says "Not all instructions could be injected".
Isn't this the way to do what you suggested?
Also I have studied the code as best as I could and as far as I can tell the correct way is to alter the xmm value in order to achieve the speedhack, I tried address and pointer value changes but it is really extenuating so my last choice is to alter the opcode which is responsible for all the movement speed changes.
And again I really appreciate all the help you guys are giving.
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 218
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sun Jul 14, 2013 3:00 pm Post subject: |
|
|
Game name ?
_________________
|
|
| Back to top |
|
|
shadowpt
Advanced Cheater
![]() Reputation: 0
Joined: 04 Jun 2011
Posts: 82
|
| Posted: Sun Jul 14, 2013 3:11 pm Post subject: |
|
|
| mgr.inz.Player wrote: | | Game name ? |
Sent you a PM.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
