Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Jump hack problem

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
deama1234
Master Cheater
Reputation: 3

Joined: 20 Dec 2014
Posts: 328
PostPosted: Sat Dec 20, 2014 9:47 am    Post subject: Jump hack problem Reply with quote
Alright, so I scanned for 1 (able to jump) and 0 (not able to jump) and got down to a single address. The problem is that when I freeze it, it doesn't actually give me infinite jumps, it sorta does but only if I REALLY mash the jump button a lot. So what I did was I tried some auto assembly scripts, these are what I found when I found what writes to that address:

inc [rdi+08]

if I change this to "nop" then my character falls through the ground when I jump. If I change it to ANYTHING else the game just crashes.

dec [rdi+08]

If I change ANYTHING on this one the game just crashes.

So... how do I "properly" change those instructions so the game doesn't crash? Or am I doing something wrong?

I also tried to "select current function" on dec [rdi+08] (it also includes inc [rdi+08] further below), here it is:
Note: To be more specific, I am refering to:

DragonAgeInquisition.exe+4581D1B - inc [rdi+08]
DragonAgeInquisition.exe+4581C8B - dec [rdi+08]

Code:

DragonAgeInquisition.exe+4581B80 - mov rax,[rdx+rbx]
DragonAgeInquisition.exe+4581B84 - lea rbx,[rbx+08]
DragonAgeInquisition.exe+4581B88 - mov [rbx-08],rax
DragonAgeInquisition.exe+4581B8C - dec rcx
DragonAgeInquisition.exe+4581B8F - jne DragonAgeInquisition.exe+4581B80
DragonAgeInquisition.exe+4581B91 - mov eax,[rsp+000000C8]
DragonAgeInquisition.exe+4581B98 - mov rbp,[rsp+38]
DragonAgeInquisition.exe+4581B9D - mov ecx,[rsp+20]
DragonAgeInquisition.exe+4581BA1 - mov rdx,[rsp+40]
DragonAgeInquisition.exe+4581BA6 - mov r11,[rsp+30]
DragonAgeInquisition.exe+4581BAB - dec ecx
DragonAgeInquisition.exe+4581BAD - sub rdx,40
DragonAgeInquisition.exe+4581BB1 - sub rbp,40
DragonAgeInquisition.exe+4581BB5 - mov [rsp+20],ecx
DragonAgeInquisition.exe+4581BB9 - mov [rsp+40],rdx
DragonAgeInquisition.exe+4581BBE - mov [rsp+38],rbp
DragonAgeInquisition.exe+4581BC3 - mov r10d,00000000
DragonAgeInquisition.exe+4581BC9 - test ecx,ecx
DragonAgeInquisition.exe+4581BCB - jns DragonAgeInquisition.exe+4581A96
DragonAgeInquisition.exe+4581BD1 - mov r13,[rsp+000000D0]
DragonAgeInquisition.exe+4581BD9 - movaps xmm7,[rsp+60]
DragonAgeInquisition.exe+4581BDE - test eax,eax
DragonAgeInquisition.exe+4581BE0 - jng DragonAgeInquisition.exe+4581D3A
DragonAgeInquisition.exe+4581BE6 - mov r15,r11
DragonAgeInquisition.exe+4581BE9 - lea rsi,[r11+10]
DragonAgeInquisition.exe+4581BED - mov esp,eax
DragonAgeInquisition.exe+4581BF0 - movaps xmm0,[rsi]
DragonAgeInquisition.exe+4581BF3 - shufps xmm0,xmm0,-01
DragonAgeInquisition.exe+4581BF7 - ucomiss xmm0,xmm8
DragonAgeInquisition.exe+4581BFB - jne DragonAgeInquisition.exe+4581D29
DragonAgeInquisition.exe+4581C01 - lea rdx,[rsi-10]
DragonAgeInquisition.exe+4581C05 - mov r8,rdi
DragonAgeInquisition.exe+4581C08 - mov rcx,r14
DragonAgeInquisition.exe+4581C0B - call DragonAgeInquisition.exe+4582687
DragonAgeInquisition.exe+4581C10 - test eax,eax
DragonAgeInquisition.exe+4581C12 - js DragonAgeInquisition.exe+4581CCE
DragonAgeInquisition.exe+4581C18 - movsxd  rbx,eax
DragonAgeInquisition.exe+4581C1B - shl rbx,06
DragonAgeInquisition.exe+4581C1F - add rbx,[rdi]
DragonAgeInquisition.exe+4581C22 - mov rax,[rbx+30]
DragonAgeInquisition.exe+4581C26 - cmp [rsi+20],rax
DragonAgeInquisition.exe+4581C2A - je DragonAgeInquisition.exe+4581C43
DragonAgeInquisition.exe+4581C2C - mov rdx,rbx
DragonAgeInquisition.exe+4581C2F - mov rcx,r14
DragonAgeInquisition.exe+4581C32 - call DragonAgeInquisition.exe+4582930
DragonAgeInquisition.exe+4581C37 - lea rdx,[rsi-10]
DragonAgeInquisition.exe+4581C3B - mov rcx,r14
DragonAgeInquisition.exe+4581C3E - call DragonAgeInquisition.exe+45828CA
DragonAgeInquisition.exe+4581C43 - movaps xmm0,[rsi-10]
DragonAgeInquisition.exe+4581C47 - movaps [rbx],xmm0
DragonAgeInquisition.exe+4581C4A - movaps xmm1,[rsi]
DragonAgeInquisition.exe+4581C4D - movaps [rbx+10],xmm1
DragonAgeInquisition.exe+4581C51 - mov rax,[rsi+10]
DragonAgeInquisition.exe+4581C55 - mov [rbx+20],rax
DragonAgeInquisition.exe+4581C59 - mov eax,[rsi+18]
DragonAgeInquisition.exe+4581C5C - mov [rbx+28],eax
DragonAgeInquisition.exe+4581C5F - mov rax,[rsi+20]
DragonAgeInquisition.exe+4581C63 - mov [rbx+30],rax
DragonAgeInquisition.exe+4581C67 - mov eax,[rsi+28]
DragonAgeInquisition.exe+4581C6A - mov [rbx+38],eax
DragonAgeInquisition.exe+4581C6D - jmp DragonAgeInquisition.exe+4581D29
DragonAgeInquisition.exe+4581C72 - add [rax-75],cl
DragonAgeInquisition.exe+4581C75 - cmovs ecx,[rbx+4838246C]
DragonAgeInquisition.exe+4581C7C - mov edx,[rsp+40]
DragonAgeInquisition.exe+4581C80 - add rdx,rcx
DragonAgeInquisition.exe+4581C83 - mov rcx,r14
DragonAgeInquisition.exe+4581C86 - call DragonAgeInquisition.exe+4582930
DragonAgeInquisition.exe+4581C8B - dec [rdi+08]
DragonAgeInquisition.exe+4581C8E - movsxd  rcx,dword ptr [rdi+08]
DragonAgeInquisition.exe+4581C92 - cmp ecx,[rsp+20]
DragonAgeInquisition.exe+4581C96 - je DragonAgeInquisition.exe+4581CC2
DragonAgeInquisition.exe+4581C98 - mov rax,[rdi]
DragonAgeInquisition.exe+4581C9B - mov r8,rcx
DragonAgeInquisition.exe+4581C9E - mov edx,00000008
DragonAgeInquisition.exe+4581CA3 - shl r8,06
DragonAgeInquisition.exe+4581CA7 - lea rcx,[rax+rbp]
DragonAgeInquisition.exe+4581CAB - add r8,rax
DragonAgeInquisition.exe+4581CAE - sub r8,rcx
DragonAgeInquisition.exe+4581CB1 - mov rax,[r8+rcx]
DragonAgeInquisition.exe+4581CB5 - lea rcx,[rcx+08]
DragonAgeInquisition.exe+4581CB9 - mov [rcx-08],rax
DragonAgeInquisition.exe+4581CBD - dec rdx
DragonAgeInquisition.exe+4581CC0 - jne DragonAgeInquisition.exe+4581CB1
DragonAgeInquisition.exe+4581CC2 - mov eax,[rsp+000000C8]
DragonAgeInquisition.exe+4581CC9 - jmp DragonAgeInquisition.exe+4581B9D
DragonAgeInquisition.exe+4581CCE - mov eax,[rdi+0C]
DragonAgeInquisition.exe+4581CD1 - and eax,3FFFFFFF : [00000000]
DragonAgeInquisition.exe+4581CD6 - cmp [rdi+08],eax
DragonAgeInquisition.exe+4581CD9 - jne DragonAgeInquisition.exe+4581CF0
DragonAgeInquisition.exe+4581CDB - lea rcx,[DragonAgeInquisition.exe+260DAE0]
DragonAgeInquisition.exe+4581CE2 - mov r8d,00000040
DragonAgeInquisition.exe+4581CE8 - mov rdx,rdi
DragonAgeInquisition.exe+4581CEB - call DragonAgeInquisition.exe+443618B
DragonAgeInquisition.exe+4581CF0 - movsxd  rax,dword ptr [rdi+08]
DragonAgeInquisition.exe+4581CF4 - shl rax,06
DragonAgeInquisition.exe+4581CF8 - add rax,[rdi]
DragonAgeInquisition.exe+4581CFB - je DragonAgeInquisition.exe+4581D1B
DragonAgeInquisition.exe+4581CFD - movaps xmm0,[rsi-10]
DragonAgeInquisition.exe+4581D01 - movaps [rax],xmm0
DragonAgeInquisition.exe+4581D04 - movaps xmm1,[rsi]
DragonAgeInquisition.exe+4581D07 - movaps [rax+10],xmm1
DragonAgeInquisition.exe+4581D0B - movaps xmm0,[rsi+10]
DragonAgeInquisition.exe+4581D0F - movaps [rax+20],xmm0
DragonAgeInquisition.exe+4581D13 - movaps xmm1,[rsi+20]
DragonAgeInquisition.exe+4581D17 - movaps [rax+30],xmm1
DragonAgeInquisition.exe+4581D1B - inc [rdi+08]
DragonAgeInquisition.exe+4581D1E - mov rdx,r15
DragonAgeInquisition.exe+4581D21 - mov rcx,r14
DragonAgeInquisition.exe+4581D24 - call DragonAgeInquisition.exe+45828CA
DragonAgeInquisition.exe+4581D29 - add r15,40
DragonAgeInquisition.exe+4581D2D - add rsi,40
DragonAgeInquisition.exe+4581D31 - dec rsp
DragonAgeInquisition.exe+4581D34 - jne DragonAgeInquisition.exe+4581BF0
DragonAgeInquisition.exe+4581D3A - cmp dword ptr [r13+18],00
DragonAgeInquisition.exe+4581D3F - movaps xmm8,[rsp+50]
DragonAgeInquisition.exe+4581D45 - jle DragonAgeInquisition.exe+4581DB9
DragonAgeInquisition.exe+4581D47 - mov rbx,[r13+10]
DragonAgeInquisition.exe+4581D4B - mov r8,rdi
DragonAgeInquisition.exe+4581D4E - mov rcx,r14
DragonAgeInquisition.exe+4581D51 - mov rdx,rbx
DragonAgeInquisition.exe+4581D54 - call DragonAgeInquisition.exe+4582687
DragonAgeInquisition.exe+4581D59 - cmp eax,-01
DragonAgeInquisition.exe+4581D5C - jne DragonAgeInquisition.exe+4581DB9
DragonAgeInquisition.exe+4581D5E - mov eax,[rdi+0C]
DragonAgeInquisition.exe+4581D61 - and eax,3FFFFFFF : [00000000]
DragonAgeInquisition.exe+4581D66 - cmp [rdi+08],eax
DragonAgeInquisition.exe+4581D69 - jne DragonAgeInquisition.exe+4581D80
DragonAgeInquisition.exe+4581D6B - lea rcx,[DragonAgeInquisition.exe+260DAE0]
DragonAgeInquisition.exe+4581D72 - mov r8d,00000040
DragonAgeInquisition.exe+4581D78 - mov rdx,rdi
DragonAgeInquisition.exe+4581D7B - call DragonAgeInquisition.exe+443618B
DragonAgeInquisition.exe+4581D80 - movsxd  rax,dword ptr [rdi+08]
DragonAgeInquisition.exe+4581D84 - shl rax,06
DragonAgeInquisition.exe+4581D88 - add rax,[rdi]
DragonAgeInquisition.exe+4581D8B - je DragonAgeInquisition.exe+4581DAB
DragonAgeInquisition.exe+4581D8D - movaps xmm0,[rbx]
DragonAgeInquisition.exe+4581D90 - movaps [rax],xmm0
DragonAgeInquisition.exe+4581D93 - movaps xmm1,[rbx+10]
DragonAgeInquisition.exe+4581D97 - movaps [rax+10],xmm1
DragonAgeInquisition.exe+4581D9B - movaps xmm0,[rbx+20]
DragonAgeInquisition.exe+4581D9F - movaps [rax+20],xmm0
DragonAgeInquisition.exe+4581DA3 - movaps xmm1,[rbx+30]
DragonAgeInquisition.exe+4581DA7 - movaps [rax+30],xmm1
DragonAgeInquisition.exe+4581DAB - inc [rdi+08]
DragonAgeInquisition.exe+4581DAE - mov rdx,rbx
DragonAgeInquisition.exe+4581DB1 - mov rcx,r14
DragonAgeInquisition.exe+4581DB4 - call DragonAgeInquisition.exe+45828CA
DragonAgeInquisition.exe+4581DB9 - mov esi,[rdi+08]
DragonAgeInquisition.exe+4581DBC - dec esi
DragonAgeInquisition.exe+4581DBE - movsxd  r12,esi
DragonAgeInquisition.exe+4581DC1 - test esi,esi
DragonAgeInquisition.exe+4581DC3 - jng DragonAgeInquisition.exe+4581E68
DragonAgeInquisition.exe+4581DC9 - movss xmm6,[DragonAgeInquisition.exe+1D0BB14]
DragonAgeInquisition.exe+4581DD1 - shl rsp,06
DragonAgeInquisition.exe+4581DD5 - mov r13,r12
DragonAgeInquisition.exe+4581DD8 - lea ebx,[rsi-01]
DragonAgeInquisition.exe+4581DDB - mov [rsp+000000D8],ebx
DragonAgeInquisition.exe+4581DE2 - cmp esi,01
DragonAgeInquisition.exe+4581DE5 - jnge DragonAgeInquisition.exe+4581E51
DragonAgeInquisition.exe+4581DE7 - mov rbp,[rdi]
DragonAgeInquisition.exe+4581DEA - mov r15,r13
DragonAgeInquisition.exe+4581DED - add r15,rbp
DragonAgeInquisition.exe+4581DF0 - movsxd  r8,ebx
DragonAgeInquisition.exe+4581DF3 - mov rdx,r15
DragonAgeInquisition.exe+4581DF6 - mov rcx,r14
DragonAgeInquisition.exe+4581DF9 - shl r8,06
DragonAgeInquisition.exe+4581DFD - add r8,rbp
DragonAgeInquisition.exe+4581E00 - call DragonAgeInquisition.exe+4583864
DragonAgeInquisition.exe+4581E05 - comiss xmm0,xmm6
DragonAgeInquisition.exe+4581E08 - jb DragonAgeInquisition.exe+4581E10
DragonAgeInquisition.exe+4581E0A - dec ebx
DragonAgeInquisition.exe+4581E0C - jns DragonAgeInquisition.exe+4581DF0
DragonAgeInquisition.exe+4581E0E - jmp DragonAgeInquisition.exe+4581E51
DragonAgeInquisition.exe+4581E10 - mov rdx,r15
DragonAgeInquisition.exe+4581E13 - mov rcx,r14
DragonAgeInquisition.exe+4581E16 - call DragonAgeInquisition.exe+4582930
DragonAgeInquisition.exe+4581E1B - dec [rdi+08]
DragonAgeInquisition.exe+4581E1E - movsxd  rcx,dword ptr [rdi+08]
DragonAgeInquisition.exe+4581E22 - cmp ecx,esi
DragonAgeInquisition.exe+4581E24 - je DragonAgeInquisition.exe+4581E51
DragonAgeInquisition.exe+4581E26 - mov rax,[rdi]
DragonAgeInquisition.exe+4581E29 - mov r8,rcx
DragonAgeInquisition.exe+4581E2C - mov edx,00000008
DragonAgeInquisition.exe+4581E31 - shl r8,06
DragonAgeInquisition.exe+4581E35 - lea rcx,[r12+rax]
DragonAgeInquisition.exe+4581E39 - add r8,rax
DragonAgeInquisition.exe+4581E3C - sub r8,rcx
DragonAgeInquisition.exe+4581E3F - nop
DragonAgeInquisition.exe+4581E40 - mov rax,[r8+rcx]
DragonAgeInquisition.exe+4581E44 - lea rcx,[rcx+08]
DragonAgeInquisition.exe+4581E48 - mov [rcx-08],rax
DragonAgeInquisition.exe+4581E4C - dec rdx
DragonAgeInquisition.exe+4581E4F - jne DragonAgeInquisition.exe+4581E40
DragonAgeInquisition.exe+4581E51 - mov esi,[rsp+000000D8]
DragonAgeInquisition.exe+4581E58 - sub r13,40
DragonAgeInquisition.exe+4581E5C - sub rsp,40
DragonAgeInquisition.exe+4581E60 - test esi,esi
DragonAgeInquisition.exe+4581E62 - jg DragonAgeInquisition.exe+4581DD8
DragonAgeInquisition.exe+4581E68 - cmp byte ptr [rsp+000000F0],00
DragonAgeInquisition.exe+4581E70 - movaps xmm6,[rsp+70]
DragonAgeInquisition.exe+4581E75 - mov r13,[rsp+00000090]
DragonAgeInquisition.exe+4581E7D - mov r12,[rsp+00000098]
DragonAgeInquisition.exe+4581E85 - jne DragonAgeInquisition.exe+4581EC2
DragonAgeInquisition.exe+4581E87 - cmp dword ptr [rdi+08],00
DragonAgeInquisition.exe+4581E8B - jle DragonAgeInquisition.exe+4581EC2
DragonAgeInquisition.exe+4581E8D - mov r15,[rsp+000000E0]
DragonAgeInquisition.exe+4581E95 - mov rbp,[rsp+000000E8]
DragonAgeInquisition.exe+4581E9D - xor esi,esi
DragonAgeInquisition.exe+4581E9F - mov ebx,esi
DragonAgeInquisition.exe+4581EA1 - mov rdx,[rdi]
DragonAgeInquisition.exe+4581EA4 - mov r9,rbp
DragonAgeInquisition.exe+4581EA7 - mov r8,r15
DragonAgeInquisition.exe+4581EAA - mov rdx,[rdx+rbx+30]
DragonAgeInquisition.exe+4581EAF - mov rcx,r14
DragonAgeInquisition.exe+4581EB2 - call DragonAgeInquisition.exe+4583690
DragonAgeInquisition.exe+4581EB7 - inc esi
DragonAgeInquisition.exe+4581EB9 - lea rbx,[rbx+40]
DragonAgeInquisition.exe+4581EBD - cmp esi,[rdi+08]
DragonAgeInquisition.exe+4581EC0 - jnge DragonAgeInquisition.exe+4581EA1
DragonAgeInquisition.exe+4581EC2 - mov ebx,[rsp+24]
DragonAgeInquisition.exe+4581EC6 - mov ecx,[DragonAgeInquisition.exe+2A6EF98]
DragonAgeInquisition.exe+4581ECC - shl ebx,06
DragonAgeInquisition.exe+4581ECF - add ebx,7F
DragonAgeInquisition.exe+4581ED2 - and ebx,-80
DragonAgeInquisition.exe+4581ED5 - push r8
DragonAgeInquisition.exe+4581ED7 - mov r8,gs:[00000030]
DragonAgeInquisition.exe+4581EE0 - mov r8d,[r8+40]
DragonAgeInquisition.exe+4581EE4 - mov rax,[DragonAgeInquisition.exe+4E6C40F]
DragonAgeInquisition.exe+4581EEB - sub rax,r8
DragonAgeInquisition.exe+4581EEE - pop r8
DragonAgeInquisition.exe+4581EF0 - call eax
DragonAgeInquisition.exe+4581EF2 - mov r15,[rsp+00000080]
DragonAgeInquisition.exe+4581EFA - mov r14,[rsp+00000088]
DragonAgeInquisition.exe+4581F02 - mov rdi,[rsp+000000A0]
DragonAgeInquisition.exe+4581F0A - mov rbp,[rsp+000000A8]
DragonAgeInquisition.exe+4581F12 - mov rsi,[rsp+30]
DragonAgeInquisition.exe+4581F17 - lea r8d,[rbx+0F]
DragonAgeInquisition.exe+4581F1B - and r8d,-10
DragonAgeInquisition.exe+4581F1F - cmp ebx,[rax+10]
DragonAgeInquisition.exe+4581F22 - mov rbx,[rsp+000000C0]
DragonAgeInquisition.exe+4581F2A - jg DragonAgeInquisition.exe+4581F44
DragonAgeInquisition.exe+4581F2C - movsxd  rcx,r8d
DragonAgeInquisition.exe+4581F2F - add rcx,rsi
DragonAgeInquisition.exe+4581F32 - cmp rcx,[rax+18]
DragonAgeInquisition.exe+4581F36 - jne DragonAgeInquisition.exe+4581F44
DragonAgeInquisition.exe+4581F38 - cmp [rax+28],rsi
DragonAgeInquisition.exe+4581F3C - je DragonAgeInquisition.exe+4581F44
DragonAgeInquisition.exe+4581F3E - mov [rax+18],rsi
DragonAgeInquisition.exe+4581F42 - jmp DragonAgeInquisition.exe+4581F4F
DragonAgeInquisition.exe+4581F44 - mov rdx,rsi
DragonAgeInquisition.exe+4581F47 - mov rcx,rax
DragonAgeInquisition.exe+4581F4A - call DragonAgeInquisition.exe+44350BB
DragonAgeInquisition.exe+4581F4F - mov eax,[rsp+28]
DragonAgeInquisition.exe+4581F53 - test eax,eax
DragonAgeInquisition.exe+4581F55 - js DragonAgeInquisition.exe+4581F76
DragonAgeInquisition.exe+4581F57 - and eax,3FFFFFFF : [00000000]
DragonAgeInquisition.exe+4581F5C - lea rcx,[DragonAgeInquisition.exe+260DAE0]
DragonAgeInquisition.exe+4581F63 - mov rdx,rsi
DragonAgeInquisition.exe+4581F66 - shl eax,06
DragonAgeInquisition.exe+4581F69 - mov r8d,eax
DragonAgeInquisition.exe+4581F6C - mov rax,[DragonAgeInquisition.exe+260DAE0]
DragonAgeInquisition.exe+4581F73 - call qword ptr [rax+20]
DragonAgeInquisition.exe+4581F76 - add rsp,000000B0
DragonAgeInquisition.exe+4581F7D - pop rsi
DragonAgeInquisition.exe+4581F7E - ret


Yeah, I'm trying to hack the jump in dragon age... hehe.
Pretty much, I want the ability to keep jumping however many times I want to, or increase my jump height; and I can't figure out how to do that cause the game keeps crashing...
Back to top
View user's profile Send private message
indianachones
Cheater
Reputation: 0

Joined: 23 Nov 2014
Posts: 27
PostPosted: Mon Dec 22, 2014 6:35 pm    Post subject: Reply with quote
mmmm lets see.
could it be the same if you just teleport at a high height and then you fall down with gravity as usual?

if is that the case you may want to do this:

1- look for the address that stores the Y position of you character (assuming Y is height). Probably it will be a float or double number. just jump and use increse decrese method as always.
2- find what writes that address when you press the jump key
3- make an script that sets Y position address to the desired height
Back to top
View user's profile Send private message
deama1234
Master Cheater
Reputation: 3

Joined: 20 Dec 2014
Posts: 328
PostPosted: Mon Dec 22, 2014 7:38 pm    Post subject: Reply with quote
indianachones wrote:
mmmm lets see.
could it be the same if you just teleport at a high height and then you fall down with gravity as usual?

if is that the case you may want to do this:

1- look for the address that stores the Y position of you character (assuming Y is height). Probably it will be a float or double number. just jump and use increse decrese method as always.
2- find what writes that address when you press the jump key
3- make an script that sets Y position address to the desired height


Yeah but then my character will just "teleport"; I want him to actually jump, with the animations and stuff.
Back to top
View user's profile Send private message
indianachones
Cheater
Reputation: 0

Joined: 23 Nov 2014
Posts: 27
PostPosted: Mon Dec 22, 2014 8:01 pm    Post subject: Reply with quote
ok. lets say that you found the Y position address.
i belive that there is 2 posible codes

1st code: 1 code when you go up and another code when you go down
2nd code: it sets height going up or down with the same opcode

well. the first 1 its easy you just nop the code that sends you down.

the second code its the problem and its really common to find. you have to check the previous value and if current value it is lower just nop it
Back to top
View user's profile Send private message
Demolish
Cheater
Reputation: 0

Joined: 27 Dec 2010
Posts: 32
PostPosted: Mon Dec 22, 2014 9:02 pm    Post subject: Reply with quote
I think these values are not made for finding if you can jump or not, these values are for finding that if you are still rising/falling or You are in the sky/or on ground, that may be your problem. You have to set [rdi+08] to 1 for a while after pressing jump key and set it back to 0 so it will recognize that you are on ground and jump then and after while it will detect that you are in the sky rising up.
Back to top
View user's profile Send private message
deama1234
Master Cheater
Reputation: 3

Joined: 20 Dec 2014
Posts: 328
PostPosted: Mon Dec 22, 2014 11:36 pm    Post subject: Reply with quote
Demolish wrote:
I think these values are not made for finding if you can jump or not, these values are for finding that if you are still rising/falling or You are in the sky/or on ground, that may be your problem. You have to set [rdi+08] to 1 for a while after pressing jump key and set it back to 0 so it will recognize that you are on ground and jump then and after while it will detect that you are in the sky rising up.


Yeah, well, if I change those values to anything other than what they are now, the game just crashes.

indianachones wrote:
ok. lets say that you found the Y position address.
i belive that there is 2 posible codes

1st code: 1 code when you go up and another code when you go down
2nd code: it sets height going up or down with the same opcode

well. the first 1 its easy you just nop the code that sends you down.

the second code its the problem and its really common to find. you have to check the previous value and if current value it is lower just nop it


That could work... I'll try it later

PS: Do any of you guys know how to make a timer in assembly? Say I want a thread to wait a second or so before continuing on?
Back to top
View user's profile Send private message
zm0d
Master Cheater
Reputation: 7

Joined: 06 Nov 2013
Posts: 423
PostPosted: Tue Dec 23, 2014 6:02 am    Post subject: Reply with quote
What do you mean with infinite jumps?

A) Jumping 1 time and then flying to the universe?
B) Being able to jump again if you are still in air?

If A) then slightly increase the Y value.

If B) then get your value again, that indicates if you're in air or not. There you attach the Debugger with "Find out what accesses this address". Jump then ingame and check the result list of the breakpoint. I bet my ass there will be some CMP or TEST after the value got loaded to a register. And right after the CMP will come a JUMP and a CALL to the games jump function. Your job is now to let the game always execute the jump function regardless if the value indicating that you're in air is 0 or 1. (Probably by removing the CMP/TEST with NOPs)

Code:
Pseudocode:

public void PressedJumpKey() {
    If (player.isInAir)
        return;
    player.jump ();
}
Back to top
View user's profile Send private message
deama1234
Master Cheater
Reputation: 3

Joined: 20 Dec 2014
Posts: 328
PostPosted: Tue Dec 23, 2014 11:06 am    Post subject: Reply with quote
zm0d wrote:
What do you mean with infinite jumps?

A) Jumping 1 time and then flying to the universe?
B) Being able to jump again if you are still in air?

If A) then slightly increase the Y value.

If B) then get your value again, that indicates if you're in air or not. There you attach the Debugger with "Find out what accesses this address". Jump then ingame and check the result list of the breakpoint. I bet my ass there will be some CMP or TEST after the value got loaded to a register. And right after the CMP will come a JUMP and a CALL to the games jump function. Your job is now to let the game always execute the jump function regardless if the value indicating that you're in air is 0 or 1. (Probably by removing the CMP/TEST with NOPs)

Code:
Pseudocode:

public void PressedJumpKey() {
    If (player.isInAir)
        return;
    player.jump ();
}

I found the cmp opcode and turned it into a nop; though it didn't do anything...
here's what I get from the debugger:
Code:

34 144581C8B - FF 4F 08  - dec [rdi+08]
34 144581C8E - 48 63 4F 08  - movsxd  rcx,dword ptr [rdi+08]
54 14458268F - 45 8B 58 08  - mov r11d,[r8+08]
15 144581CD6 - 39 47 08  - cmp [rdi+08],eax
34 144581CF0 - 48 63 47 08  - movsxd  rax,dword ptr [rdi+08]
34 144581D1B - FF 47 08  - inc [rdi+08]
22 143E75F97 - 83 78 08 01 - cmp dword ptr [rax+08],01
6 143E8BD1C - 41 39 77 08  - cmp [r15+08],esi

I tried to replace all the CMPs with NOPs, but nothing; and after a minute or two, the game crashed. I think I jumped like 12 times or so.
Back to top
View user's profile Send private message
Demolish
Cheater
Reputation: 0

Joined: 27 Dec 2010
Posts: 32
PostPosted: Tue Dec 23, 2014 4:02 pm    Post subject: Reply with quote
Never try to nop inc or dec when it comes to bool value(because value will go to infinite or else to -infinite over time, and that value is to recognize true/false). Try to do something like this:
Code:

globalalloc(memory,2000)
createthread(memory)

memory:
push ' ' //space button
call GetAsyncKeyState
cmp eax,0
jge memory
mov "POINTER TO THIS VALUE->[rdi+08]",0
push #100
call Sleep
mov "POINTER TO THIS VALUE->[rdi+08]",1
jmp memory
Back to top
View user's profile Send private message
deama1234
Master Cheater
Reputation: 3

Joined: 20 Dec 2014
Posts: 328
PostPosted: Tue Dec 23, 2014 5:45 pm    Post subject: Reply with quote
Demolish wrote:
Never try to nop inc or dec when it comes to bool value(because value will go to infinite or else to -infinite over time, and that value is to recognize true/false). Try to do something like this:
Code:

globalalloc(memory,2000)
createthread(memory)

memory:
push ' ' //space button
call GetAsyncKeyState
cmp eax,0
jge memory
mov "POINTER TO THIS VALUE->[rdi+08]",0
push #100
call Sleep
mov "POINTER TO THIS VALUE->[rdi+08]",1
jmp memory

Uhh, I'm new to assembly...
"push ' ' // space button" - nice, didn't know that...
"mov "POINTER TO THIS VALUE->[rdi+08]",0" - what?
"mov "POINTER TO THIS VALUE->[rdi+08]",1" - again, what?

Where do I put this in? Do I remove those inc/dec opcodes and put this code in?
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites