Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


How to assemble this code?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
Taibreah
Cheater
Reputation: 0

Joined: 19 Mar 2014
Posts: 35

PostPosted: Tue Sep 06, 2016 9:15 pm    Post subject: How to assemble this code? Reply with quote

Hello, it's been a while since I last worked on a table and I'm trying to get back into it again, but these results have me stumped on how to edit it to make it an unlimited health script.

I'm looking at the line movss xmm0,[rcx+10] because each time my character was hit, the count went up. But, there is also the one below that line (in the screenshot), so I'm not sure which one I should be paying attention to.

I originally wrote it this way:

newmem:
movss [rcx+10],(Float)999

originalcode:
movss xmm0,[rcx+10]


But, didn't work. How can I properly assemble this code? Thanks.

PS: This is a 64-bit game if that makes a difference.



Screenshot_20160906.png
 Description:
 Filesize:  351.69 KB
 Viewed:  11335 Time(s)

Screenshot_20160906.png


Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Tue Sep 06, 2016 9:19 pm    Post subject: Reply with quote

this code will work:
Code:

newmem:
mov [rcx+10],(Float)999

originalcode:
movss xmm0,[rcx+10]


It's a 4 byte value, encoded as a float. Mov will work fine

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Taibreah
Cheater
Reputation: 0

Joined: 19 Mar 2014
Posts: 35

PostPosted: Thu Sep 08, 2016 10:58 pm    Post subject: Reply with quote

Thanks, that worked but only temporarily. The higher level enemies must be sharing an address with the player because they won't die.

I did "Find out what address this instruction accessed" and got hit a few times by different enemies, and they showed up in the window along with the player. I'm not sure where to go from here. This is all the code I have.

Should I try something different? Like using pointers instead? Thanks.

Code:

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(health,2048,"CryGameSDK.dll"+DA794)
label(returnhere)
label(originalcode)
label(exit)

health:
mov [rcx+10],(float)1000

originalcode:
//movss [rcx+10],xmm0

exit:
jmp returnhere

"CryGameSDK.dll"+DA794:
jmp health
returnhere:

 
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(health)
"CryGameSDK.dll"+DA794:
movss [rcx+10],xmm0
//Alt: db F3 0F 11 41 10
Back to top
View user's profile Send private message
hhhuut
Grandmaster Cheater
Reputation: 6

Joined: 08 Feb 2015
Posts: 607

PostPosted: Fri Sep 09, 2016 2:19 am    Post subject: Reply with quote

Right-click them in the debugger window and select "Open in dissect window" (or something like that).

Then see if you can find any player-strings, IDs or whatsoever to separate your player from the AI.
Back to top
View user's profile Send private message
Taibreah
Cheater
Reputation: 0

Joined: 19 Mar 2014
Posts: 35

PostPosted: Tue Sep 13, 2016 7:46 pm    Post subject: Reply with quote

It's still not working. Sad I followed the guide "Invincibility Code Fixes (Segregating Players/Enemies)" by Rydian using method #3 "Check The Player Structure" and I feel like I did everything right in following the guide, but when I get down to finishing up the code, I got the error "Not all code is injectable".

Code:

health:
cmp dword [rcx+08],(float)100 //I'm comparing offset 08 to the player and enemy
je return //The guide says to use this to jump the code if it's equal for the player.

mov [rcx+10],(float)1000 //edited from original code.
jmp return //The guide adds this jump, so I added it.

originalcode:
//movss [rcx+10],xmm0 //I have this commented out. I'm not sure if I should have, but I've seen other people comment out their originalcode.


Are there any helpful video guides about how to do this? I think maybe a video might help me to understand this more.



Screenshot_Structure.png
 Description:
 Filesize:  328.3 KB
 Viewed:  10879 Time(s)

Screenshot_Structure.png


Back to top
View user's profile Send private message
Zanzer
I post too much
Reputation: 126

Joined: 09 Jun 2013
Posts: 3278

PostPosted: Tue Sep 13, 2016 9:17 pm    Post subject: Reply with quote

Judging by your code, I'm assuming "rcx+08" is equal to 100 for all enemies and never the player.
If it's the opposite, then change JE to JNE.

edit: Since you now provided the error, your problem is that your label is called "returnhere" not "return".
Don't just copy code blindly, try to understand what it is you are doing.
Code:
health:
cmp dword [rcx+08],(float)100
je originalcode

mov [rcx+10],(float)1000
jmp returnhere

originalcode:
movss [rcx+10],xmm0
Back to top
View user's profile Send private message
Taibreah
Cheater
Reputation: 0

Joined: 19 Mar 2014
Posts: 35

PostPosted: Tue Sep 13, 2016 9:43 pm    Post subject: Reply with quote

Zanzer wrote:
Judging by your code, I'm assuming "rcx+08" is equal to 100 for all enemies and never the player.
If it's the opposite, then change JE to JNE.

The 100 is supposed to be equal for the player only, it is compared against the enemies 19.60000038, so I should change it then, to what you said: JNE

Quote:

edit: Since you now provided the error, your problem is that your label is called "returnhere" not "return".
Don't just copy code blindly, try to understand what it is you are doing.

Thanks for the help. I am trying to learn and also understand, so I assumed if I found the instructions on a tutorial then it was the correct way to write it. But, I'll be more careful in the future and make sure everything matches up. I'll post back again later with the results.
Back to top
View user's profile Send private message
Taibreah
Cheater
Reputation: 0

Joined: 19 Mar 2014
Posts: 35

PostPosted: Wed Sep 14, 2016 3:14 pm    Post subject: Reply with quote

Well, with the new code added edited in, it makes the player die in one hit as well as the enemy.
So, I'm not sure what's going on. I first tried it with je originalcode, then with jne originalcode, but both had the same outcome.

I looked over the dissect structure again and added more enemies to compare by.
The player still has an unchanging 100 next to the offset 0008 and the enemies have different numbers, which from my understanding (reading the tutorial) is how it should be.

I think I'm just going to have to take a break on this one, because I feel like I'm getting more confused than being able to understand.
Back to top
View user's profile Send private message
Zanzer
I post too much
Reputation: 126

Joined: 09 Jun 2013
Posts: 3278

PostPosted: Wed Sep 14, 2016 6:50 pm    Post subject: Reply with quote

Why did you move your injection point down? Use the original instruction you showed.
Code:
movss xmm0,[rcx+10]
Code:
health:
cmp dword [rcx+08],(float)100
jne originalcode
xorps xmm1,xmm1

originalcode:
movss xmm0,[rcx+10]
Back to top
View user's profile Send private message
Taibreah
Cheater
Reputation: 0

Joined: 19 Mar 2014
Posts: 35

PostPosted: Thu Sep 15, 2016 3:37 pm    Post subject: Reply with quote

I wrote these notes yesterday as I was trying one more time to get it to work...

Something weird:
Before I go any further I was taking a look over the structure in my most recent screenshot. Well, the offset that came up the most in all of my reads was 0010, none of the others appeared in my reads, but looking at it now it appears to me that 000C is my health and 0008 is my max health.

The weird thing about 000C is that when I change the value to anything, it just snaps back to what it was before. If I change the value in 0008 from 100 to 200, then it affects the value in 000C by 100 points. So, it would end up 223.42836 in 000C.

Now, if I make any changes to any value in 0010, my player automatically dies, why is this? The value right now is around 5.544 but if I change it to 5.55 the player will die. For lower values than 5.55, too.

I wrote the following notes and code today...

Starting over:
Well, ended up starting from scratch but this time I'll use AOB injection and use "What Accesses" instead of "What Writes". This time around I quickly found an address that only matches the player. I really want to understand this, so I'll write down what I'm doing and make notes in the comments. If there is something I'm not understaning correctly in my notes, please correct me.

At this point I've already found the player's base health:
Step 1: I showed the disassembler on the following: 390D02DD - F3 44 0F10 61 10 - movss xmm12,[rcx+10]
Step 2: From the disassembler I right clicked on it and selected "Find out what addresses this instruction access".
Step 3: I ran around and got hit and hit enemies and still nothing showed up in the window. So that means it's only my player's code right?
Step 4: I then proceeded to go to Tools->Dissect Data/Structures and do the usual. My player's Health ID at the time was 0A91B510, so I did that minus offset 10. Put 0A91B510-10 in the box, then Tools->Define new struture->new. The window populates.

The structure window:
Code:

0000 - Pointer           A91B500 : P->52BEED80         
0008 - Float             A91B508 : 100                       //Max Health; It doesn't change.
000C - Float             A91B50C : 123.42836                //Actual Health; Snaps back if manually changed.
0010 - Double            A91B510 : 5.55068092692731E-315     //If this value is changed the player will die automatically.
0018 - Float             A91B518 : 0.05000000075            //I don't know what this is, I don't know if it matters or not.
001C - 4 Bytes (Hex)     A91B51C : DEDEDEDE           
0020 - 4 Bytes (Hex)     A91B520 : DEDEDEDE           
0024 - 4 Bytes (Hex)     A91B524 : DEDEDEDE


The full script:
Code:

[ENABLE]
aobscanmodule(health,CryGameSDK.dll,F3 44 0F 10 61 10 * * * * 84)
alloc(newmem,$1000,"CryGameSDK.dll"+D02DD)

label(code)
label(return)

newmem:
//I didn't use cmp this time because I was able to find a value that was unique to the player only. The script works without comparing player/enemy, but should I still use it anyway?

  push rax                                   //push rax on the stack - uses rax to store some information
  mov rax,[rcx+08]                           //max health - moves the value of rcx+08 into rax (rcx+08 is 123.5975266)
  mov [rcx+0C],rax                         //actual health - moves rax into the value of rcx+0C (rcx+0C is 100)
  pop rax                                  //erase rax from the stack - rax is done being used, so erase what's in it
  jmp return

code:
  movss xmm12,[rcx+10]                  //didn't touch the orginal code
  jmp return

health:
  jmp newmem                        //changed this from code to newmem since I didn't edit code.
  nop
return:
registersymbol(health)

[DISABLE]
health:
  db F3 44 0F 10 61 10

unregistersymbol(health)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "CryGameSDK.dll"+D02DD

"CryGameSDK.dll"+D02A9: 66 44 0F 6E D0                 -  movd xmm10,eax
"CryGameSDK.dll"+D02AE: 48 8B 05 4B 97 7F 00           -  mov rax,[CryGameSDK.dll+8C9A00]
"CryGameSDK.dll"+D02B5: 48 8B 88 08 01 00 00           -  mov rcx,[rax+00000108]
"CryGameSDK.dll"+D02BC: 45 0F 5B D2                    -  cvtdq2ps xmm10,xmm10
"CryGameSDK.dll"+D02C0: 48 8B 01                       -  mov rax,[rcx]
"CryGameSDK.dll"+D02C3: FF 90 E8 01 00 00              -  call qword ptr [rax+000001E8]
"CryGameSDK.dll"+D02C9: 66 44 0F 6E C0                 -  movd xmm8,eax
"CryGameSDK.dll"+D02CE: 48 8B 47 70                    -  mov rax,[rdi+70]
"CryGameSDK.dll"+D02D2: 48 8B 88 30 25 00 00           -  mov rcx,[rax+00002530]
"CryGameSDK.dll"+D02D9: 45 0F 5B C0                    -  cvtdq2ps xmm8,xmm8
// ---------- INJECTING HERE ----------
"CryGameSDK.dll"+D02DD: F3 44 0F 10 61 10              -  movss xmm12,[rcx+10]
// ---------- DONE INJECTING  ----------
"CryGameSDK.dll"+D02E3: F3 44 0F 11 84 24 20 01 00 00  -  movss [rsp+00000120],xmm8
"CryGameSDK.dll"+D02ED: E8 6E AC 00 00                 -  call CryGameSDK.dll+DAF60
"CryGameSDK.dll"+D02F2: 48 8B 4F 70                    -  mov rcx,[rdi+70]
"CryGameSDK.dll"+D02F6: 48 8B 81 38 25 00 00           -  mov rax,[rcx+00002538]
"CryGameSDK.dll"+D02FD: 48 8B 89 48 25 00 00           -  mov rcx,[rcx+00002548]
"CryGameSDK.dll"+D0304: F3 44 0F 5E E0                 -  divss xmm12,xmm0
"CryGameSDK.dll"+D0309: F3 44 0F 10 78 10              -  movss xmm15,[rax+10]
"CryGameSDK.dll"+D030F: F3 44 0F 10 68 0C              -  movss xmm13,[rax+0C]
"CryGameSDK.dll"+D0315: E8 46 AC 00 00                 -  call CryGameSDK.dll+DAF60
"CryGameSDK.dll"+D031A: 48 8B 4F 70                    -  mov rcx,[rdi+70]
}


The only thing now that I find weird is that when the script is enabled it shows 123.5/100. See in screenshot. And as I explained further above, when I change the value in 0008 the health snaps back to what it was.



Screenshot (13).png
 Description:
Health shows 123.5/100
 Filesize:  105.55 KB
 Viewed:  10621 Time(s)

Screenshot (13).png


Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Thu Sep 15, 2016 4:55 pm    Post subject: Reply with quote

You're treating the value at the address +10 as a double when it should be treated as a float. The address at +8 isn't important and should be ignored.
Now that you have an instruction which only accesses your health, do the same thing you did with DB's advice. Don't make things more complicated than they need to be.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Taibreah
Cheater
Reputation: 0

Joined: 19 Mar 2014
Posts: 35

PostPosted: Thu Sep 15, 2016 8:01 pm    Post subject: Reply with quote

This worked, Thanks! Can you explain to me why the other ones didn't work? They were both originally using newmem: mov [rcx+10],(Float)999. Is it because of the originalcode: movss xmm0,[rcx+10] & originalcode: movss [rcx+10],xmm0 being incorrect? I also don't understand "treating the value at the address +10 as a double when it should be treated as a float"? Does that mean they are two different values, the one that I saw in the dissect window is not the same as the one in the opcodes? Sorry for all the questions, you've all been very helpful and I appreciate it.
Code:

[ENABLE]
alloc(health,2048,"CryGameSDK.dll"+DA794)
label(returnhere)
label(originalcode)
label(exit)

health:
mov [rcx+10],(Float)999

originalcode:
movss xmm12,[rcx+10]

exit:
jmp returnhere

"CryGameSDK.dll"+DA794:
jmp health

returnhere:
 
[DISABLE]
dealloc(health)
"CryGameSDK.dll"+DA794:
movss [rcx+10],xmm0
//Alt: db F3 0F 11 41 10
Back to top
View user's profile Send private message
Zanzer
I post too much
Reputation: 126

Joined: 09 Jun 2013
Posts: 3278

PostPosted: Thu Sep 15, 2016 8:47 pm    Post subject: Reply with quote

You keep changing up your injection point to different locations.
First location failed because it was used by the enemy too.
Second location failed because you were using a CMP and it was messing up the previous compare's flags.
The final location works because it's already player only and you're simply setting an address.
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Thu Sep 15, 2016 8:52 pm    Post subject: Reply with quote

Quote:
I originally wrote it this way:

newmem:
movss [rcx+10],(Float)999

At first you thought the value type at that address was a float. I'm assuming you modified this value and it had a correlative effect on your health in-game.

Quote:
Now, if I make any changes to any value in 0010, my player automatically dies... The value right now is around 5.544....

The structure window:
Code:
0000 - Pointer           A91B500 : P->52BEED80         
0008 - Float             A91B508 : 100                       //Max Health; It doesn't change.
000C - Float             A91B50C : 123.42836                //Actual Health; Snaps back if manually changed.
0010 - Double            A91B510 : 5.55068092692731E-315     //If this value is changed the player will die automatically.
...

Here you thought the value type at that address was a double, and that changing the value would cause your player to die. I'm not sure why you thought the value magically changed types, but I'm guessing it's because you didn't notice it and just believed CE when it told you that it's a double. CE isn't psychic; it's not always correct in its guesses about values' types.

What's important is that the game consistently treats that value as a float. This is evident by the instructions that access that address: namely, movss, an instruction that is used to move single-precision floating point data (i.e. the "float" value type).

The reason why it was crashing for you when you changed that value was because you were changing it as if it were a double when it wasn't. This could have modified not only those 4 bytes abnormally but also the 4 bytes after it (no clue what that value is used for). Those first 4 bytes probably would've only set your health to a weird value (e.g. easy to kill), but modifying those other 4 bytes could've crashed the game.


Your third script (the one before your current working one) didn't work because you were trying to modify a value that had little to do with your health. Just because something looks like it could be important doesn't mean it is.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Taibreah
Cheater
Reputation: 0

Joined: 19 Mar 2014
Posts: 35

PostPosted: Tue Sep 20, 2016 10:59 pm    Post subject: Reply with quote

Thanks for all the help, guys. I have a much clearer understanding now, but I will still continue to learn more. Very Happy
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites