Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Want to access multiple address from what write to this addr

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
dharmang1910
Expert Cheater
Reputation: 0

Joined: 09 May 2010
Posts: 102

PostPosted: Tue Nov 06, 2018 11:41 am    Post subject: Want to access multiple address from what write to this addr Reply with quote

Hi,
I want to get multiple player ID from a code, which only access our team member's addresses, not the enemy's. So it is very important for making godmode for both our player and companion player. I have write code in asm but when i activate the script, game hangs. I think game goes in infinite loop when i activate the script. Can anybody please correct my script. Or if someone have lua code which works like this , please share template of it, so i copy paste it in my script, because i have not knowledge of lua.

Code:

[ENABLE]

aobscanmodule(PlayersID,LC2.exe,66 0F 6E 40 14 0F 5B C0 0F 2F C2 76 10) // should be unique
alloc(newmem,$100)

label(code)
label(return)
label(isPlayer2)
alloc(player1,4)
alloc(player2,4)
registersymbol(player1)
registersymbol(player2)

newmem:
mov [player1],eax
xor eax,eax
mov eax,[ecx+000001D0] //EAX == [ecx+000001D0]
cmp [player1],eax
jne isPlayer2
jmp newmem

isPlayer2:
mov [player2],eax
mov eax,[player1] //put back original address
jmp code

code:
  movd xmm0,[eax+14]
  jmp return

PlayersID:
  jmp newmem
return:
registersymbol(PlayersID)

[DISABLE]

PlayersID:
  db 66 0F 6E 40 14

unregistersymbol(PlayersID)
dealloc(newmem)
dealloc(player1)
dealloc(player2)
unregistersymbol(player1)
unregistersymbol(player2)

Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 20

Joined: 01 Feb 2016
Posts: 1586

PostPosted: Tue Nov 06, 2018 12:59 pm    Post subject: Reply with quote

you may wanna give some useful info about register/memory location contents, anyhow i think i know what you need. (but still your script wont do anything special)

Code:
// mov eax,[ecx+000001D0] //EAX == [ecx+000001D0]

// if [ecx+000001D0] holds a pointer, then the above instruction is valid.
// otherwise you need LEA instead of MOV
// question goes here: what does [ecx+000001D0] holds? and is related to what?


Code:
cmp [player1],eax
jne isPlayer2
jmp newmem // if previous condition failed, then it will loop again.


Code:
isPlayer2:
mov [player2],eax
mov eax,[player1] //put back original address
jmp code

// you are not doing anything special, no godmode no infinite health ... only eax is being moved into player2 memory location.
// and then original code gets executed normally, and it will affect both player 1&2.

code:
  movd xmm0,[eax+14]
  jmp return


dharmang1910 wrote:
I want to get multiple player ID from a code

if that instruction operand is a memory location that holds a pointer, then you can use MOV to get whatever in there.
otherwise you need LEA.

dharmang1910 wrote:
which only access our team member's addresses, not the enemy's.

if the instruction only accesses the player and player's team, then why would you need a compare?

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote:
i am a sweetheart.
Back to top
View user's profile Send private message Visit poster's website
dharmang1910
Expert Cheater
Reputation: 0

Joined: 09 May 2010
Posts: 102

PostPosted: Tue Nov 06, 2018 10:00 pm    Post subject: Reply with quote

OldCheatEngineUser wrote:
you may wanna give some useful info about register/memory location contents, anyhow i think i know what you need. (but still your script wont do anything special)

Code:
// mov eax,[ecx+000001D0] //EAX == [ecx+000001D0]

// if [ecx+000001D0] holds a pointer, then the above instruction is valid.
// otherwise you need LEA instead of MOV
// question goes here: what does [ecx+000001D0] holds? and is related to what?


Code:
cmp [player1],eax
jne isPlayer2
jmp newmem // if previous condition failed, then it will loop again.


Code:
isPlayer2:
mov [player2],eax
mov eax,[player1] //put back original address
jmp code

// you are not doing anything special, no godmode no infinite health ... only eax is being moved into player2 memory location.
// and then original code gets executed normally, and it will affect both player 1&2.

code:
  movd xmm0,[eax+14]
  jmp return


dharmang1910 wrote:
I want to get multiple player ID from a code

if that instruction operand is a memory location that holds a pointer, then you can use MOV to get whatever in there.
otherwise you need LEA.

dharmang1910 wrote:
which only access our team member's addresses, not the enemy's.

if the instruction only accesses the player and player's team, then why would you need a compare?


This code is only access our team's health so this is the good location to fetch player ids. This is not the code that write to our health so there is not need to write any god mode related code here. This code is just for fetching player IDs. When we are click on "find out what addresses this instruction accesses" i found two addresses of team member's health. So i want to assign one address to [player1] and second address to [player2].

Here is code snippet

Code:

{
// ORIGINAL CODE - INJECTION POINT: "LC2.exe"+1C49CD

"LC2.exe"+1C49AF: CC                       -  int 3
"LC2.exe"+1C49B0: 55                       -  push ebp
"LC2.exe"+1C49B1: 8B EC                    -  mov ebp,esp
"LC2.exe"+1C49B3: 51                       -  push ecx
"LC2.exe"+1C49B4: 66 0F 6E 89 D8 01 00 00  -  movd xmm1,[ecx+000001D8]
"LC2.exe"+1C49BC: 0F 5B C9                 -  cvtdq2ps xmm1,xmm1
"LC2.exe"+1C49BF: 0F 57 D2                 -  xorps xmm2,xmm2
"LC2.exe"+1C49C2: 0F 2F CA                 -  comiss xmm1,xmm2
"LC2.exe"+1C49C5: 76 23                    -  jna LC2.exe+1C49EA
"LC2.exe"+1C49C7: 8B 81 D0 01 00 00        -  mov eax,[ecx+000001D0]
// ---------- INJECTING HERE ----------
"LC2.exe"+1C49CD: 66 0F 6E 40 14           -  movd xmm0,[eax+14]
// ---------- DONE INJECTING  ----------
"LC2.exe"+1C49D2: 0F 5B C0                 -  cvtdq2ps xmm0,xmm0
"LC2.exe"+1C49D5: 0F 2F C2                 -  comiss xmm0,xmm2
"LC2.exe"+1C49D8: 76 10                    -  jna LC2.exe+1C49EA
"LC2.exe"+1C49DA: F3 0F 5E C1              -  divss xmm0,xmm1
"LC2.exe"+1C49DE: F3 0F 11 45 FC           -  movss [ebp-04],xmm0
"LC2.exe"+1C49E3: D9 45 FC                 -  fld dword ptr [ebp-04]
"LC2.exe"+1C49E6: 8B E5                    -  mov esp,ebp
"LC2.exe"+1C49E8: 5D                       -  pop ebp
"LC2.exe"+1C49E9: C3                       -  ret
"LC2.exe"+1C49EA: D9 EE                    -  fldz
}


[/code]

My script is only accessing first health address then going to infinite loop because it is not accessing the second health address to get out from the loop. So is there any other code there to access the second health address, specially Dark Byte knows if he have made some provisions for this.



ce1.png
 Description:
 Filesize:  8.76 KB
 Viewed:  4594 Time(s)

ce1.png


Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 20

Joined: 01 Feb 2016
Posts: 1586

PostPosted: Tue Nov 06, 2018 10:25 pm    Post subject: This post has 1 review(s) Reply with quote

Code:
newmem:
cmp dword ptr [player1],eax
jz isPlayer2
mov dword ptr [player1],eax
jmp code

isPlayer2:
mov dword ptr [player2],eax

code:
movd xmm0,[eax+14]
jmp return

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote:
i am a sweetheart.
Back to top
View user's profile Send private message Visit poster's website
dharmang1910
Expert Cheater
Reputation: 0

Joined: 09 May 2010
Posts: 102

PostPosted: Tue Nov 06, 2018 10:42 pm    Post subject: Reply with quote

OldCheatEngineUser wrote:
Code:
newmem:
cmp dword ptr [player1],eax
jz isPlayer2
mov dword ptr [player1],eax
jmp code

isPlayer2:
mov dword ptr [player2],eax

code:
movd xmm0,[eax+14]
jmp return


Thanks it works and great logic to access both the addresses.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites