Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


multiple objects sharing code

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
chochang262
Newbie cheater
Reputation: 0

Joined: 31 May 2012
Posts: 20
Location: United States

PostPosted: Mon Jun 29, 2015 3:15 pm    Post subject: multiple objects sharing code Reply with quote

Hi, I'm back again with yet another question. I'm playing Mortal Kombat: Komplete Edition, and I am faced with another problem. As I have stated in previous posts, I know the simple method to solving most of my issues, however I would like to learn more advanced methods to better my self as a game hacker and programmer. My problem is that I am trying to use code injection to make my health not decrease, while my enemy's health still does. What the real problem is, is that I cannot find anything to CMP against with the Dissect data/Structure tool that would determine what side you are on (ex.Team 1/Team 2) I've done this searching method in tag team, so there were more addresses to put into the structure scanner. I've literally spent over 45 minutes just looking through the addresses for anything that might even seem like it was the right one. Is there a way of doing this that's not as straight forward, because this method is not seeming to lead anywhere. Or perhaps I should ask Is there anything else i could look for that would be able to differentiate between what team I'm on so that I can execute the code at the right time? (sorry for all of the questions I've been asking, but it seems like every time I think I know how to do something, another game comes and shoves it new code right in my face) Neutral
____________________________________________________ - - - - - - -
Literally any method that will allow me to still use code injection will be accepted.

The main reason I want to do code injection, and not just use the pointer, is a user in my previous thread suggested it, and I decided that it was time to learn something new.


Edit: (I don't know much about ASM so bear with me) I should mention that the Code that writes to the health(I think) is
Code:

MKKE.exe+67EB4E - F6 41 68 01           - test byte ptr [ecx+68],01
MKKE.exe+67EB52 - 75 28                 - jne MKKE.exe+67EB7C
MKKE.exe+67EB54 - F3 0F10 8E C0780000   - movss xmm1,[esi+000078C0]
MKKE.exe+67EB5C - F3 0F58 C8            - addss xmm1,xmm0
------->>MKKE.exe+67EB60 - F3 0F11 8E C0780000   - movss [esi+000078C0],xmm1<<--------
MKKE.exe+67EB68 - F3 0F10 8F CC0B0000   - movss xmm1,[edi+00000BCC]
MKKE.exe+67EB70 - F3 0F58 C8            - addss xmm1,xmm0
MKKE.exe+67EB74 - F3 0F11 8F CC0B0000   - movss [edi+00000BCC],xmm1
MKKE.exe+67EB7C - D9 44 24 18           - fld dword ptr [esp+18]
MKKE.exe+67EB80 - 51                    - push ecx



So what I assume from that is, that the value stored in esi is key to finding which player is actually going to receive damage. But I can't figure out how to determine where esi is actually given the specific player to retract health from.
-------------
Again not sure if i'm even close to the right ball-park here
Back to top
View user's profile Send private message
Zanzer
I post too much
Reputation: 126

Joined: 09 Jun 2013
Posts: 3278

PostPosted: Mon Jun 29, 2015 4:48 pm    Post subject: Reply with quote

Well the troubling part is that the instruction shows +78C0.
That means the structure starts at ESI and the health related to that structure is 30,912 bytes away.
So somewhere within those 30k bytes (or beyond) is likely a '0' for player one and a '1' for player two.
That's a large area to search and the values could even be '1' and '2' or anything.

Possibly try doing a search for addresses containing the value of ESI.
See what accesses those. Maybe those instructions won't be shared.
In which case you can save the value in one script and compare ESI against it during the subtract.

You could also do a pointer scan for the health, and then use that static pointer for your compare.
Back to top
View user's profile Send private message
vng21092
Grandmaster Cheater
Reputation: 15

Joined: 05 Apr 2013
Posts: 644

PostPosted: Mon Jun 29, 2015 7:26 pm    Post subject: Reply with quote

well, I don't have the game anymore but luckily I keep all my old tables around. I believe offset 10 from the health structure is your ID.
Code:
cmp [esi+10],(int)1000
In single player it worked fine if I remember correctly, but when I had a buddy over to play 2 player fight, he ended up having infinite health, I think it depends on what player you are. Either way, I'm fairly certain offset 10 is what you're looking for.

Edit: Heres my crappy old table, not an AOB, but judging by the address of your code, we have the same version.



Mortal Kombat - Komplete Edition.CT
 Description:

Download
 Filename:  Mortal Kombat - Komplete Edition.CT
 Filesize:  2.6 KB
 Downloaded:  553 Time(s)

Back to top
View user's profile Send private message
Gniarf
Grandmaster Cheater Supreme
Reputation: 43

Joined: 12 Mar 2012
Posts: 1285

PostPosted: Tue Jun 30, 2015 5:54 am    Post subject: Reply with quote

In the current steam version, the health pointers are:
P1:[MKKE.exe+A89D7C+1c]+78c0
P2:[MKKE.exe+A89D7C+c8c+1c]+78c0
So an alternative to vng21092's method is to cmp esi,[MKKE.exe+A89D7C+1c] .It might be a little bit more complicated for tag battles tough.

_________________
DO NOT PM me if you want help on making/fixing/using a hack.
Back to top
View user's profile Send private message
vng21092
Grandmaster Cheater
Reputation: 15

Joined: 05 Apr 2013
Posts: 644

PostPosted: Tue Jun 30, 2015 7:36 am    Post subject: Reply with quote

Gniarf wrote:
In the current steam version, the health pointers are:
P1:[MKKE.exe+A89D7C+1c]+78c0
P2:[MKKE.exe+A89D7C+c8c+1c]+78c0
So an alternative to vng21092's method is to cmp esi,[MKKE.exe+A89D7C+1c] .It might be a little bit more complicated for tag battles tough.

How would that work though? esi itself isnt holding the health, wouldnt you have to push esi+78C0 into something like eax, and then compare eax to the pointer? Otherwise, esi would never match the health because... It doesn't hold the health... Unless Im missing something Confused I'm thinking something like
Code:
push eax
mov eax,[esi+78C0]
cmp eax,[[[MKKE.exe+A89D7C]+1C]+78C0]
pop eax
je infiniteHealth
Back to top
View user's profile Send private message
Gniarf
Grandmaster Cheater Supreme
Reputation: 43

Joined: 12 Mar 2012
Posts: 1285

PostPosted: Tue Jun 30, 2015 8:50 am    Post subject: Reply with quote

@vng21092: the thing you're missing is that the check I suggest is based on comparing the address of the health and not the health itself (which wouldn't be reliable since both players start with 1.0 health).

Code:
movss [esi+000078C0],xmm1
writes the health, so esi holds health's address-78C0 .
[MKKE.exe+A89D7C+1c]+78c0 points to the P1's health, so [MKKE.exe+A89D7C+1c] contains P1 health's address-78C0, the same thing as esi when the above instruction is writing P1's health.

BTW the pointer is [MKKE.exe+A89D7C+1c]+78c0, not [[MKKE.exe+A89D7C]+1c]+78c0 .
MKKE.exe+A89D7C is the base of an array of objects that contains P1/P2-related data, and I wanted to keep that info just in case that's why I wrote MKKE.exe+A89D7C+1c instead of MKKE.exe+A89D98. Each element in this array is c8c byte long which explains how I wrote P2's health pointer.

_________________
DO NOT PM me if you want help on making/fixing/using a hack.
Back to top
View user's profile Send private message
vng21092
Grandmaster Cheater
Reputation: 15

Joined: 05 Apr 2013
Posts: 644

PostPosted: Tue Jun 30, 2015 9:28 am    Post subject: Reply with quote

Hmmm interesting, didnt know you could do that... Good stuff
Back to top
View user's profile Send private message
chochang262
Newbie cheater
Reputation: 0

Joined: 31 May 2012
Posts: 20
Location: United States

PostPosted: Tue Jun 30, 2015 5:36 pm    Post subject: Reply with quote

Got it! Thanks for being helpful everyone. I learned something today (hopefully).
Back to top
View user's profile Send private message
vng21092
Grandmaster Cheater
Reputation: 15

Joined: 05 Apr 2013
Posts: 644

PostPosted: Tue Jun 30, 2015 5:44 pm    Post subject: Reply with quote

I know it wasn't mentioned above but, in times where you really can't find a player ID in the structure, under the right conditions, it's actually possible to CREATE your own player ID Wink
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites