Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Script Help: not working/crashing Silent hill 3

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
m0rc0m
How do I cheat?
Reputation: 0

Joined: 29 May 2023
Posts: 8
Location: sysadmin
PostPosted: Sun Jul 02, 2023 4:13 pm    Post subject: Script Help: not working/crashing Silent hill 3 Reply with quote
Hello folks, im kinda new to all this of game hacking , and as a first project i decided to try and fix a small bug i found at Silent Hill 3. The bug is in the ammo multiplier option, sometimes it automatically sets to 0 and you cant pick up ammo for the rest of the game. I found this bug once and it nearly ruined my game. I managed to change the value with CE but i want to work around an automatic fix

Now the multiplier should store values between 1 and 5. so 0 or 6 are invalid values.

Flash foward this is what my original script does.

Code:


[ENABLE]

aobscanmodule(INJECT,sh3.exe,A0 21 67 0E 07) // should be unique
alloc(newmem,$1000)

label(code)
label(return)

newmem:
   mov [00BCC1B1], 01 // move to multiplier address 01.
code:
  [b]mov al, [sh3.exe+6CE6721] // this code is the original one *[/b]
  jmp return

INJECT:
  jmp newmem
return:
registersymbol(INJECT)

[DISABLE]

INJECT:
  db A0 21 67 0E 07

unregistersymbol(INJECT)
dealloc(newmem)



Now i thought that simple Mov would work since the game already checks if the multiplier value is between the valid range, the problem is that if the cmp are triggered it calls a function that move other value to another adress (the code i marked in bold) so it is never changing the multiplier value. Since im injecting in the call to that function in theory the checks are already done by original game code and only if triggered would jump to my code.

Now the problem is that my script works... it changes the multiplier value to 1 but it does so even when you move a valid value like 2 o 3. So basically its like hardcoding a 1 in the multiplier.


First I tried setting a breakpoint to control the control flow but i can go "step into" for nearly half an hour and i cant find any struction directly interfirying with my injection (but as long as i try to run it would again change the multiplier to 1)

So then i tried the next modification. Since it looks like it changes the value regardless of the cmp in the original code i tried adding my own cmp

Code:

[ENABLE]

aobscanmodule(INJECT, sh3.exe, A0 21 67 0E 07) // should be unique
alloc(newmem, $1000)

label(code)
label(return)

newmem:
  cmp byte ptr [00BCC1B1], 05    // Compare the value at memory address 00BCC1B1 with 5
  jle code               // Jump to code if the value is less than or equal to 5

  cmp byte ptr [00BCC1B1], 01    // Compare the value at memory address 00BCC1B1 with 1
  jge code               // Jump to code if the value is greater than or equal to 1

  mov byte ptr [00BCC1B1], 01    // Set the value at memory address 00BCC1B1 to 1

original_code:
  mov al, [sh3.exe+6CE6721]           
  jmp return           

INJECT:
  jmp newmem                     
return:
registersymbol(INJECT)

[DISABLE]

INJECT:
  db A0 21 67 0E 07             

unregistersymbol(INJECT)
dealloc(newmem)



But once i enable the "fixed" script it wont change the value at [00BCC1B1] aka "our multiplier" at all. I can set it at values as high as 8 or 10 or to 0 and it wont set it back to 1 like with my first simple script.
Even sometimes (not always) would directly crash the game.


Im trully starting to lose hope and get mentaly blocked with this proyect since i dont know what else to try. Thanks for reading it all, im very thankful and excuse my poor english im a native spanish speaker
Very Happy o btw i would gladly add the game function that does the cmp but i don't know if thats permitted but if you want to search by yourself, with the multiplier address thats in my script and the "what access this address" function should be easy
_________________
The end may justify the means as long as there is something that justifies the end.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites