|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
samuraiboss666 Newbie cheater Reputation: 0
Joined: 03 Dec 2016 Posts: 19
|
Posted: Sat Dec 03, 2016 11:08 pm Post subject: I need help making a script for Final Fantasy X-2 steam |
|
|
Hello people,
I am a modding enthusiast and I am trying to mod the enemies of FFX-2 tougher by making a script with Cheat Engine.
I already know the correct code strings cause I have been modding the PS2 version of the game. However things are a bit more difficult with the pc version since the addresses of the code keep changing.
I am trying to mod HP, Strength and Magic values. the structure of the code is as follows:
0-3bit: HP
4-7bit: MP
8 bit: Level
9 bit: Strength
10 bit: Defense
11 bit: Magic
So basically i would need to change the values of 0-3. After that 9 and then 11.
I have lots of questions and I would appreciate it if someone could help me out.
The HP value of certain boss is in address "13D2CF18". I would like to *2 that value. The same boss' Strength value is in address "13D2CF21" and Magic value in "13D2CF23". I would like to double those values as well. What would the code of that command look like?
The boss' code string i'm trying to modify looks like this:
"E0 01 00 00 00 00 00 00 08 10 03 02"
"E0 01" is HP value, "10" Str and "02" Mag value.
However, whenever I try to enter the following code to assembler I get an error practically saying the string starting with E0 01 is not unique, which leads me to believe there are other addresses accessing/writing into 13D2CF18. Here is exactly what the program says:
______________________________________________________________
aobscanmodule(INJECT,FFX-2.exe,ERROR: Could not find unique AOB, tried code "E0 01 00 00 00 00") // should be unique
______________________________________________________________
What can I do to fix this issue?
Another thing. Let's pretend I fixed that issue and now I want to make my adjustments on the boss.
Here is the code Cheat Engine has on default:
______________________________________________________________
[ENABLE]
aobscanmodule(INJECT,FFX-2.exe,ERROR: Could not find unique AOB, tried code "E0 01 00 00 00 00") // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
loopnz 13D2CF1A
add [eax],al
add [eax],al
jmp return
INJECT+53A0C:
jmp code
nop
return:
registersymbol(INJECT)
[DISABLE]
INJECT+53A0C:
db E0 01 00 00 00 00
unregistersymbol(INJECT)
dealloc(newmem)
______________________________________________________________
What would I need to change in this code to double the HP, Strength and Magic values of the boss? Also, I will need to repeat the process for LOTS of other enemies, so how would it be done best? Maybe 1 script with tons of data? And if it could be done like that could someone give me an example of what the code would look like with multiple code entries?
I know this was long message but I hope I didn't put anyone to sleep. I really need help and I appreciate any help I can get.
|
|
Back to top |
|
|
Zanzer I post too much Reputation: 126
Joined: 09 Jun 2013 Posts: 3278
|
Posted: Sun Dec 04, 2016 1:07 am Post subject: |
|
|
Those are bytes, not bits.
That error means CE was unable to find a unique byte pattern for you.
Such a pattern probably exists quite a lot throughout the game's memory.
Had you found a usable byte pattern, you could use Lua to double the values.
Code: | [ENABLE]
{$lua}
autoAssemble([[
aobscan(INJECT, {blah blah blah})
registersymbol(INJECT)
]])
writeInteger("INJECT", readInteger("INJECT") * 2)
writeInteger("INJECT+4", readInteger("INJECT+4") * 2)
writeBytes("INJECT+9", readBytes("INJECT+9", 1) * 2)
writeBytes("INJECT+B", readBytes("INJECT+B", 1) * 2)
{$asm}
[DISABLE] |
|
|
Back to top |
|
|
samuraiboss666 Newbie cheater Reputation: 0
Joined: 03 Dec 2016 Posts: 19
|
Posted: Sun Dec 04, 2016 11:05 am Post subject: |
|
|
Zanzer wrote: | Those are bytes, not bits.
That error means CE was unable to find a unique byte pattern for you.
Such a pattern probably exists quite a lot throughout the game's memory.
Had you found a usable byte pattern, you could use Lua to double the values.
Code: | [ENABLE]
{$lua}
autoAssemble([[
aobscan(INJECT, {blah blah blah})
registersymbol(INJECT)
]])
writeInteger("INJECT", readInteger("INJECT") * 2)
writeInteger("INJECT+4", readInteger("INJECT+4") * 2)
writeBytes("INJECT+9", readBytes("INJECT+9", 1) * 2)
writeBytes("INJECT+B", readBytes("INJECT+B", 1) * 2)
{$asm}
[DISABLE] |
|
Thank u man that really helped. Never thought i'd have to type in a code like that. Well now i know.
Would this kinda code work as well?:
_____________________________________________________________
writeInteger("INJECT", readInteger("INJECT") * 1,2)
writeBytes("INJECT+9", readBytes("INJECT+9", 1) * 1,2)
writeBytes("INJECT+B", readBytes("INJECT+B", 1) * 1,2)
_____________________________________________________________
In this case I would *1,2 the values.
Also I read that you could use wild cards in order for the pattern to become unique. Is there any other way to get unique byte pattern? I searched the same pattern through CE and I always get only 1 result.
|
|
Back to top |
|
|
Zanzer I post too much Reputation: 126
Joined: 09 Jun 2013 Posts: 3278
|
Posted: Sun Dec 04, 2016 12:06 pm Post subject: |
|
|
Decimals use the period (.), but that code should work fine. It will simply truncate the result.
Maybe full Lua will provide a better AOB scan, since it can ignore the game's executable bytes:
Code: | {$lua}
if syntaxcheck then return end
[ENABLE]
local aob = AOBScan("E0 01 00 00 00 00 00 00 08 10 03 02", "+W")
if aob then
for i = 0, aob.Count - 1 do
local addr = tonumber(aob[i], 16)
print(string.format("%X", addr))
writeInteger(addr, readInteger(addr) * 1.2)
writeInteger(addr+4, readInteger(addr+4) * 1.2)
writeBytes(addr+9, readBytes(addr+9, 1) * 1.2)
writeBytes(addr+0xB, readBytes(addr+0xB, 1) * 1.2)
end
aob.Destroy()
else
print("not found")
end
[DISABLE] |
|
|
Back to top |
|
|
samuraiboss666 Newbie cheater Reputation: 0
Joined: 03 Dec 2016 Posts: 19
|
Posted: Sun Dec 04, 2016 1:32 pm Post subject: |
|
|
Zanzer wrote: | Decimals use the period (.), but that code should work fine. It will simply truncate the result.
Maybe full Lua will provide a better AOB scan, since it can ignore the game's executable bytes:
Code: | {$lua}
if syntaxcheck then return end
[ENABLE]
local aob = AOBScan("E0 01 00 00 00 00 00 00 08 10 03 02", "+W")
if aob then
for i = 0, aob.Count - 1 do
local addr = tonumber(aob[i], 16)
print(string.format("%X", addr))
writeInteger(addr, readInteger(addr) * 1.2)
writeInteger(addr+4, readInteger(addr+4) * 1.2)
writeBytes(addr+9, readBytes(addr+9, 1) * 1.2)
writeBytes(addr+0xB, readBytes(addr+0xB, 1) * 1.2)
end
aob.Destroy()
else
print("not found")
end
[DISABLE] |
|
You have been great help so far. Actually now the byte string works and CE recognizes it as unique everytime. My code looks like this right now:
_____________________________________________________________
{$lua}
[ENABLE]
aobscan(INJECT,E0 01 00 00 00 00 00 00 08 10 03 02) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
print(string.format("%X", addr))
writeInteger(addr, readInteger(addr) * 2)
writeInteger(addr+4, readInteger(addr+4) * 2)
writeBytes(addr+9, readBytes(addr+9, 1) * 2)
writeBytes(addr+0xB, readBytes(addr+0xB, 1) * 2)
INJECT:
jmp code
nop
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db E0 01 00 00 00 00 00 00 08 10 03 02
unregistersymbol(INJECT)
dealloc(newmem)
_____________________________________________________________
And I keep getting syntax errors from the "{$lua}" line and after that from all lines in the following section:
_____________________________________________________________
print(string.format("%X", addr))
writeInteger(addr, readInteger(addr) * 2)
writeInteger(addr+4, readInteger(addr+4) * 2)
writeBytes(addr+9, readBytes(addr+9, 1) * 2)
writeBytes(addr+0xB, readBytes(addr+0xB, 1) * 2)
_____________________________________________________________
Could you help me correct this whole thing so there wouldn't be errors?
|
|
Back to top |
|
|
mgr.inz.Player I post too much Reputation: 218
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Sun Dec 04, 2016 2:54 pm Post subject: |
|
|
you mixed Lua code and AA code the wrong way.
I'll try to explain this (with as little details as possible) on a simple example:
Let's say you have this AA code:
Code: | [ENABLE]
01202540:
nop
nop
[DISABLE]
01202540:
sub eax,edx |
While activating/deactivating AA code, CE strips not needed parts. When activating - it strips whole DISABLE section.
When deactivating - it strips whole ENABLE section.
Anything above ENABLE section is a COMMON section. If DISABLE section is the first section, anything above DISABLE is the COMMON.
COMMON section won't be stripped.
So while enabling, CE takes only this:
while disabling, CE takes only this:
Code: | 01202540:
sub eax,edx |
Then it analyze and assemble above.
Inside AA script we can add Lua script blocks (it's a new feature since CE6.4). You have to treat it more or less as a text preprocessor.
Lua script doesn't know anything about what AA script is doing. And, Lua script blocks are executed before the "analyzing and assembling" mentioned earlier. But it would be a bad feature if there was not any way of passing some information from one to another. Lua script can pass some information to the AA script (can be done with "return something" at the end of Lua block).
Note: AA scripts and Lua scripts can get and set user symbols. We can use it to extend Lua<->AA communication.
Let's say you have AA with Lua block:
Code: | [ENABLE]
01202540:
{$Lua}
local lines = ''
for i=1,2 do
lines = lines .. "nop // done with Lua \n"
end
return lines
{$Asm}
[DISABLE]
01202540:
sub eax,edx |
So while enabling, CE takes only this:
Code: | 01202540:
{$Lua}
local lines = ''
for i=1,2 do
lines = lines .. "nop // done with Lua \n"
end
return lines
{$Asm} |
Because there is Lua block, CE will execute it first. It will put above inside a function:
Code: | function executeLuaBlock(syntaxcheck)
local lines = ''
for i=1,2 do
lines = lines .. "nop // done with Lua\n"
end
return lines
end |
This function returns a multi-line string. This string will be used instead of Lua block:
Code: | 01202540:
nop // done with Lua
nop // done with Lua
|
Now. AA script is analyzed and assembled as normal.
More advanced users can place any Lua code there. It don't have to return any text.
Zanzer code is just a Lua code inside an empty AA script.
this one
Code: | [ENABLE]
{$lua}
autoAssemble([[
aobscan(INJECT, {blah blah blah})
registersymbol(INJECT)
]])
writeInteger("INJECT", readInteger("INJECT") * 2)
writeInteger("INJECT+4", readInteger("INJECT+4") * 2)
writeBytes("INJECT+9", readBytes("INJECT+9", 1) * 2)
writeBytes("INJECT+B", readBytes("INJECT+B", 1) * 2)
{$asm}
[DISABLE] |
In reality is something like this:
Code: | function executeLuaBlock(syntaxcheck)
autoAssemble([[aobscan(INJECT, {blah blah blah})
registersymbol(INJECT)
]])
writeInteger("INJECT", readInteger("INJECT") * 2)
writeInteger("INJECT+4", readInteger("INJECT+4") * 2)
writeBytes("INJECT+9", readBytes("INJECT+9", 1) * 2)
writeBytes("INJECT+B", readBytes("INJECT+B", 1) * 2)
end |
and empty AA code.
As you see, he extended "Lua <-> AA" communication with a little trick - autoAssemble() function and registered symbols.
Note2:
"Lua <-> AA" communication I was talking about is made only once while enabling/disabling AA script.
If you want to exchange data between assembled code (working in game thread and game memory) and Lua script (working in CE thread and accessing game memory) for a longer time period, you just use user symbols. In AA something like this: "mov [usersymbol],eax", in Lua something like this: readInteger("usersymbol") inside ontimer function of Lua timer object.
_________________
|
|
Back to top |
|
|
samuraiboss666 Newbie cheater Reputation: 0
Joined: 03 Dec 2016 Posts: 19
|
Posted: Sun Dec 04, 2016 3:41 pm Post subject: |
|
|
mgr.inz.Player wrote: | you mixed Lua code and AA code the wrong way.
I'll try to explain this (with as little details as possible) on a simple example:
Let's say you have this AA code:
Code: | [ENABLE]
01202540:
nop
nop
[DISABLE]
01202540:
sub eax,edx |
While activating/deactivating AA code, CE strips not needed parts. When activating - it strips whole DISABLE section.
When deactivating - it strips whole ENABLE section.
Anything above ENABLE section is a COMMON section. If DISABLE section is the first section, anything above DISABLE is the COMMON.
COMMON section won't be stripped.
So while enabling, CE takes only this:
while disabling, CE takes only this:
Code: | 01202540:
sub eax,edx |
Then it analyze and assemble above.
Inside AA script we can add Lua script blocks (it's a new feature since CE6.4). You have to treat it more or less as a text preprocessor.
Lua script doesn't know anything about what AA script is doing. And, Lua script blocks are executed before the "analyzing and assembling" mentioned earlier. But it would be a bad feature if there was not any way of passing some information from one to another. Lua script can pass some information to the AA script (can be done with "return something" at the end of Lua block).
Note: AA scripts and Lua scripts can get and set user symbols. We can use it to extend Lua<->AA communication.
Let's say you have AA with Lua block:
Code: | [ENABLE]
01202540:
{$Lua}
local lines = ''
for i=1,2 do
lines = lines .. "nop // done with Lua \n"
end
return lines
{$Asm}
[DISABLE]
01202540:
sub eax,edx |
So while enabling, CE takes only this:
Code: | 01202540:
{$Lua}
local lines = ''
for i=1,2 do
lines = lines .. "nop // done with Lua \n"
end
return lines
{$Asm} |
Because there is Lua block, CE will execute it first. It will put above inside a function:
Code: | function executeLuaBlock(syntaxcheck)
local lines = ''
for i=1,2 do
lines = lines .. "nop // done with Lua\n"
end
return lines
end |
This function returns a multi-line string. This string will be used instead of Lua block:
Code: | 01202540:
nop // done with Lua
nop // done with Lua
|
Now. AA script is analyzed and assembled as normal.
More advanced users can place any Lua code there. It don't have to return any text.
Zanzer code is just a Lua code inside an empty AA script.
this one
Code: | [ENABLE]
{$lua}
autoAssemble([[
aobscan(INJECT, {blah blah blah})
registersymbol(INJECT)
]])
writeInteger("INJECT", readInteger("INJECT") * 2)
writeInteger("INJECT+4", readInteger("INJECT+4") * 2)
writeBytes("INJECT+9", readBytes("INJECT+9", 1) * 2)
writeBytes("INJECT+B", readBytes("INJECT+B", 1) * 2)
{$asm}
[DISABLE] |
In reality is something like this:
Code: | function executeLuaBlock(syntaxcheck)
autoAssemble([[aobscan(INJECT, {blah blah blah})
registersymbol(INJECT)
]])
writeInteger("INJECT", readInteger("INJECT") * 2)
writeInteger("INJECT+4", readInteger("INJECT+4") * 2)
writeBytes("INJECT+9", readBytes("INJECT+9", 1) * 2)
writeBytes("INJECT+B", readBytes("INJECT+B", 1) * 2)
end |
and empty AA code.
As you see, he extended "Lua <-> AA" communication with a little trick - autoAssemble() function and registered symbols.
Note2:
"Lua <-> AA" communication I was talking about is made only once while enabling/disabling AA script.
If you want to exchange data between assembled code (working in game thread and game memory) and Lua script (working in CE thread and accessing game memory) for a longer time period, you just use user symbols. In AA something like this: "mov [usersymbol],eax", in Lua something like this: readInteger("usersymbol") inside ontimer function of Lua timer object. |
I appreciate all this help but I'm not sure if I understand what I did wrong. I don't understand the order I need to enter code in the different sections. I've been trying to put the "Lua" and "writeInteger" parts in different places but I always get syntax errors. Could you guys clean the code I provided earlier and show me what it looks like when it's clean of syntax errors? I really am not getting forward if I can't see and compare the faulty one to the one done properly.
|
|
Back to top |
|
|
mgr.inz.Player I post too much Reputation: 218
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Sun Dec 04, 2016 4:11 pm Post subject: |
|
|
Code: | {$lua}
[ENABLE]
aobscan(INJECT,E0 01 00 00 00 00 00 00 08 10 03 02) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
print(string.format("%X", addr))
writeInteger(addr, readInteger(addr) * 2)
writeInteger(addr+4, readInteger(addr+4) * 2)
writeBytes(addr+9, readBytes(addr+9, 1) * 2)
writeBytes(addr+0xB, readBytes(addr+0xB, 1) * 2)
INJECT:
jmp code
nop
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db E0 01 00 00 00 00 00 00 08 10 03 02
unregistersymbol(INJECT)
dealloc(newmem) |
Let's analyze what happens when you try to enable this thing.
DISABLE section is stripped. COMMON and ENABLE sections are merged:
Code: | {$lua}
aobscan(INJECT,E0 01 00 00 00 00 00 00 08 10 03 02) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
print(string.format("%X", addr))
writeInteger(addr, readInteger(addr) * 2)
writeInteger(addr+4, readInteger(addr+4) * 2)
writeBytes(addr+9, readBytes(addr+9, 1) * 2)
writeBytes(addr+0xB, readBytes(addr+0xB, 1) * 2)
INJECT:
jmp code
nop
return:
registersymbol(INJECT) |
Because there is {$lua} at the beginning. Whole script is treated as Lua script. But the only proper Lua script is this:
Code: | print(string.format("%X", addr))
writeInteger(addr, readInteger(addr) * 2)
writeInteger(addr+4, readInteger(addr+4) * 2)
writeBytes(addr+9, readBytes(addr+9, 1) * 2)
writeBytes(addr+0xB, readBytes(addr+0xB, 1) * 2) |
You could place {$Asm} to tell CE where Lua script ends. And move {$Lua} too. So, back to the original script, you should change it to:
Code: | [ENABLE]
aobscan(INJECT,E0 01 00 00 00 00 00 00 08 10 03 02) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
{$lua}
print(string.format("%X", addr))
writeInteger(addr, readInteger(addr) * 2)
writeInteger(addr+4, readInteger(addr+4) * 2)
writeBytes(addr+9, readBytes(addr+9, 1) * 2)
writeBytes(addr+0xB, readBytes(addr+0xB, 1) * 2)
{$Asm}
INJECT:
jmp code
nop
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db E0 01 00 00 00 00 00 00 08 10 03 02
unregistersymbol(INJECT)
dealloc(newmem) |
But. That is not what you want:
First, Lua script is executed before anything else, before symbol "INJECT" is registered.
Second, Lua doesn't have addr variable initialized.
3rd, "E0 01 00 00 00 00 00 00 08 10 03 02" is used here like for "code injection".
You overwrite the memory (npc data) with a jump instruction instead of updating it with "doubled" (or multiplied by 1.2) statistics.
There's a lot of those mistakes. You should really try built-in tutorial first.
Steps to do after finishing the tutorial. Start a boss fight and:
do the "group" first scan with this:
4p:hp 4p:mp 1:level 1:strength 1:defense 1:magic
for example:
4p:1400 4p:1123 1:77 1:48 1:33 1:22
continue fighting for a while. And do the next scan
for example:
4p:1167 4p:923 1:77 1:48 1:33 1:22
and so on. Do not end this battle too soon. We still need this boss.
When you have only one address left (top left list), double click it. Boss hp and mp will be added to the bottom list.
Highlight the first one, right-click and select "find out what accesses this address". Do the same for mp.
You will have two windows. Go to game and fight for a while. Those windows should have one or more instructions which accessed HP and MP. Highlight first entry in first window and click "show disassembler". Resize memory viewer windows so we could see 10 lines above and 10 lines below and all columns clearly visible (resize columns if they are to tight). Do screenshot. Do the same with other entries in that window. Then do the same with second window.
Post screenshots here.
PS: you are another forum member which quotes whole post when it is not needed. And makes whole thread harder to read. Really, quoting should be disabled for all new forum members...
Edit:
typos
_________________
|
|
Back to top |
|
|
samuraiboss666 Newbie cheater Reputation: 0
Joined: 03 Dec 2016 Posts: 19
|
Posted: Sun Dec 04, 2016 5:14 pm Post subject: |
|
|
I did the tutorial before and I know about finding out the values in-game. However you cannot find the enemy str and mag values through playing through a boss. And I just can't keep doing this thing for every enemy. I already know the byte string that contain the right values. I just need to get the script right.
I did some changes to the script. Right now it looks like this:
_____________________________________________________________
[ENABLE]
aobscan(INJECT,E0 01 00 00 00 00 00 00 08 10 03 02) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
registersymbol(INJECT)
code:
{$lua}
print(string.format("%X", addr))
writeInteger(addr, readInteger(addr) * 2)
writeInteger(addr+4, readInteger(addr+4) * 2)
writeBytes(addr+9, readBytes(addr+9, 1) * 2)
writeBytes(addr+0xB, readBytes(addr+0xB, 1) * 2)
{$Lua}
{$Asm}
INJECT:
mov code
nop
return:
[DISABLE]
INJECT:
db E0 01 00 00 00 00 00 00 08 10 03 02
unregistersymbol(INJECT)
dealloc(newmem)
_____________________________________________________________
I changed
_____________________________________________________________
INJECT:
jmp code
nop
return:
_____________________________________________________________into
_____________________________________________________________
INJECT:
mov code
nop
return:
_____________________________________________________________
Also I moved Lua and Asm into the right places but I still get syntax error in the Lua portion of the code. Is the code still wrong somehow?
|
|
Back to top |
|
|
Zanzer I post too much Reputation: 126
Joined: 09 Jun 2013 Posts: 3278
|
Posted: Sun Dec 04, 2016 5:35 pm Post subject: |
|
|
Code: | [ENABLE]
aobscan(INJECT,E0 01 00 00 00 00 00 00 08 10 03 02)
registersymbol(INJECT)
luacall(writeInteger("INJECT", readInteger("INJECT") * 2))
luacall(writeInteger("INJECT+4", readInteger("INJECT+4") * 2))
luacall(writeBytes("INJECT+9", readBytes("INJECT+9", 1) * 2))
luacall(writeBytes("INJECT+B", readBytes("INJECT+B", 1) * 2))
[DISABLE]
INJECT:
db E0 01 00 00 00 00 00 00 08 10 03 02
unregistersymbol(INJECT) |
|
|
Back to top |
|
|
mgr.inz.Player I post too much Reputation: 218
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Sun Dec 04, 2016 5:56 pm Post subject: |
|
|
Quote: | I changed
Code: | INJECT:
jmp code
nop
return: |
into
Code: | INJECT:
mov code
nop
return: |
Also I moved Lua and Asm into the right places but I still get syntax error in the Lua portion of the code.
Is the code still wrong somehow? |
Still wrong.
addr variable not assigned.
NPC statistics overwrote with wrong data
Better do not use Lua and AA in one window for now. Let's try something easier.
Ok, you don't know what str and mag values are. We just skip it.
Start a fight and:
do the "group" first scan with this:
4p:hp 4p:mp 1:level 1:* 1:defense
for example:
4p:1400 4p:1123 1:77 1:* 1:33
continue fighting for a while. And do the next scan
for example:
4p:1167 4p:923 1:77 1:* 1:33
and so on. Do not end this battle too soon. We still need this boss.
When you have only one address left (top left list), double click it. Boss hp and mp will be added to the bottom list.
Highlight the first one, right-click and select "find out what accesses this address". Do the same for mp.
You will have two windows. Go to game and fight for a while. Those windows should have one or more instructions which accessed HP and MP. Highlight first entry in first window and click "show disassembler". Resize memory viewer windows so we could see 10 lines above and 10 lines below and all columns clearly visible (resize columns if they are to tight). Do screenshot. Do the same with other entries in that window. Then do the same with second window.
Post screenshots here.
_________________
|
|
Back to top |
|
|
samuraiboss666 Newbie cheater Reputation: 0
Joined: 03 Dec 2016 Posts: 19
|
Posted: Sun Dec 04, 2016 8:14 pm Post subject: |
|
|
Ok this is my current code:
_____________________________________________________________
[ENABLE]
aobscan(INJECT,E0 01 00 00 00 00 00 00 08 10 03 02) // should be unique
alloc(newmem,$1000)
label(code)
registersymbol(INJECT)
newmem:
jmp code
code:
{$Lua}
luacall(writeInteger("INJECT", readInteger("INJECT") * 2))
luacall(writeInteger("INJECT+4", readInteger("INJECT+4") * 2))
luacall(writeBytes("INJECT+9", readBytes("INJECT+9", 1) * 2))
luacall(writeBytes("INJECT+B", readBytes("INJECT+B", 1) * 2))
{$Asm}
[DISABLE]
INJECT:
db E0 01 00 00 00 00 00 00 08 10 03 02
unregistersymbol(INJECT)
dealloc(newmem)
_____________________________________________________________
CE still complains about {$Lua}. In this instance it says "Lua error in the script at line 20: [string "local syntaxcheck=......"]:2: attempt to perform arithmetic on a nil value. What does that mean? Help please.
|
|
Back to top |
|
|
Zanzer I post too much Reputation: 126
Joined: 09 Jun 2013 Posts: 3278
|
Posted: Sun Dec 04, 2016 9:36 pm Post subject: |
|
|
Why couldn't you just copy my code, in its entirety, as is?
|
|
Back to top |
|
|
samuraiboss666 Newbie cheater Reputation: 0
Joined: 03 Dec 2016 Posts: 19
|
Posted: Sun Dec 04, 2016 9:55 pm Post subject: |
|
|
Zanzer wrote: | Why couldn't you just copy my code, in its entirety, as is? |
Please don't give up on me yet I'm trying. When I copied that code you provided which was this:
_____________________________________________________________
[ENABLE]
aobscan(INJECT,E0 01 00 00 00 00 00 00 08 10 03 02)
registersymbol(INJECT)
luacall(writeInteger("INJECT", readInteger("INJECT") * 2))
luacall(writeInteger("INJECT+4", readInteger("INJECT+4") * 2))
luacall(writeBytes("INJECT+9", readBytes("INJECT+9", 1) * 2))
luacall(writeBytes("INJECT+B", readBytes("INJECT+B", 1) * 2))
[DISABLE]
INJECT:
db E0 01 00 00 00 00 00 00 08 10 03 02
unregistersymbol(INJECT)
_____________________________________________________________
I got an error saying: Error in line 6(luacall/writeBytes("INJECT+9", readBytes(" 097CCF18+9", 1) * 2))) :Undefined lua error.
And even after I remove the last 2 luacall lines I get error from the [DISABLE] line saying the instruction can't be compiled.
|
|
Back to top |
|
|
Zanzer I post too much Reputation: 126
Joined: 09 Jun 2013 Posts: 3278
|
Posted: Sun Dec 04, 2016 10:39 pm Post subject: |
|
|
Code: | Error in line 6(luacall/writeBytes("INJECT+9", readBytes(" 097CCF18+9", 1) * 2))) :Undefined lua error. |
So where'd readBytes(" 097CCF18+9", 1) come from?
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|