Posted: Sun Jul 21, 2013 2:40 am Post subject: Devil may cry 4 infinite jump hack
I have played devil may cry 4 and i tried to make infinite mid air hack. Someone told that the counter must have 0 and 1 when jump scan for 0 and then double jump scan for 1 he said. I do the same vice versa and used inc dec scan also.(in all type) But i'm unable to find the jump counter. I have been spent more than 20hrs to find this filthy value. Please help me. If u already found infinite jump counter in dmc4 pls tell the address
yep i found what mistake i ve done previously thanks 4 the immediate response. i have another doubt. i have found walking and running speeds and i doubled it using code injection techniques. but i cant move at double speed. the value is doubled and i move at same speeds but there is a sudden teleport between frames. game doesnt run smoothy. any ideas?
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
Posted: Mon Jul 22, 2013 5:11 pm Post subject:
Try to find speed vector (speed vector is: three scalar values, one for X, another for Y, and last for Z axis)
Or maybe you already found one of those three scalars? Those scalars are almost always stored as four float values, last value is zero. Possible speed vector structure:
struct speedVector
{
float speed_X; // left right
float speed_Y; // forward backward
float speed_Z; // up down
unsigned int 0;
};
or
struct speedVector
{
float speed_X; // left right
float speed_Z; // up down
float speed_Y; // forward backward
unsigned int 0;
};
Do 'what access' on first scalar value (X speed value), for every opcode found, analyze code (50 lines above and 50 below, of course it depends, 50-50 or better 100-100). There should be some comiss, ucomiss, fcom or fcomp instructions. One of them should be our "hero have his maximum possible speed" check.
Some games are using "speed delta vector" (acceleration vector, a). Some games use "a = F / m". And some of them use friction factor too.
Try finding those comiss, ucomiss, fcom or fcomp instructions. (compare instruction).
Probably speed is compared with value:
- 5.0 - average human walking speed is about 5.0 kilometres per hour
- 1.38 meters per second
- 3.1 miles per hour
- feets or meters per minute (or second)
- units (game engine units) per second
I have found all the three values XYZ co-ordinates. I do what accesses this address. I got lot of instruction of the format of move scalar value to a pointer. some of them are shown below
as you said in the prevoius comment., i searched 100-100. below some of the instructions there is comiss fcom and fcomp instructions. but that instructions doesnt writes any addresses.., Now what should i do to make player faster?[/code]
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
Posted: Tue Jul 23, 2013 4:00 pm Post subject:
Hmm, maybe my friend still have this game (version 1.00 I think).
(but he is angry when I use CE on his PC. You know, his point of view: CE = hack tool = viruses) _________________
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
Posted: Wed Jul 24, 2013 5:08 am Post subject:
Hmm, I downloaded rip.
I didn't found speed limit yet. But I found this:
DevilMayCry4_DX9.exe+404589: mov byte ptr [ebx+00002838],00
DevilMayCry4_DX9.exe+404590: mov byte ptr [ebx+00002839],00
change this 00 to 01. You will always run.
DevilMayCry4_DX9.exe+3ACA33: add byte ptr [ecx+00001E7E],01
DevilMayCry4_DX9.exe+3ACA51: add byte ptr [ecx+00001E7E],01
change this 01 to 00. You will have infinite air hikes, and you can airhike just after wall jump. _________________
thanks... pls find speed limit:
stand on ground search(float) 0. walk, pause game, increased value (437.xxxxx) then attain max speed, increased value(454.xxxxxxx). repeat this u find in 6th or 7th scan
did u find the address and instruction i said before? it writes to some fstp. double the value using code injection and game moves faster not the player not the frames. only a frameskipping takes place. for XYz co-ordinates it varies from -2000 to 2000 (float) and vertical movement -20 to 20(no jumping) in bloody palace.
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
Posted: Wed Jul 24, 2013 10:30 am Post subject:
OK I found something. This opcode access player position:
0052BE16 - D9 40 30 - fld dword ptr [eax+30]
So, I have player position (XZY), I tried: "find out what access ...", back to game for a few second, move, then back to CE.
("find out what accesses" look for opcodes, those read or overwrite value)
("find out what writes" look for opcodes, those only overwrite value)
So I searched for pair: "read then write", address of opcode which reads must be just before opcode which writes (I think we can assume that maximum opcode address difference can be about 0x200)
And I ignored pair, when only simple copy memory were performed.
And I found this pair:
007ACF79 - F3 0F58 40 30 - addss xmm0,[eax+30]
007ACF87 - F3 0F11 40 30 - movss [eax+30],xmm0
Explanation:
xmm0 has something, then xmm0 is multiplied by xmm2. Then value (hero current X position) is added to xmm0.
X position is updated by xmm0.
Formula is:
Xd := Xd * XMM2
PlayerX := Xd + PlayerX
XMM2 is used for Y and Z axis calculations too.
At the beginning of this function, there is:
007ACEF0 - F3 0F10 50 10 - movss xmm2,[eax+10]
So, I made this script:
Code:
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
It doubles xmm2 value. Back in game, walking (while aiming) speed and jumping speed is increased.
Formula is:
XMM2:= XMM2 + XMM2
Xd := Xd * XMM2
PlayerX := Xd + PlayerX
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Reputation: 0
Reputation: 222
