 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
dharmang1910
Expert Cheater
![]() Reputation: 0
Joined: 09 May 2010
Posts: 102
|
 Posted: Tue Nov 06, 2018 11:41 am Post subject: Want to access multiple address from what write to this addr |
 |
|
Hi,
I want to get multiple player ID from a code, which only access our team member's addresses, not the enemy's. So it is very important for making godmode for both our player and companion player. I have write code in asm but when i activate the script, game hangs. I think game goes in infinite loop when i activate the script. Can anybody please correct my script. Or if someone have lua code which works like this , please share template of it, so i copy paste it in my script, because i have not knowledge of lua.
| Code: |
[ENABLE]
aobscanmodule(PlayersID,LC2.exe,66 0F 6E 40 14 0F 5B C0 0F 2F C2 76 10) // should be unique
alloc(newmem,$100)
label(code)
label(return)
label(isPlayer2)
alloc(player1,4)
alloc(player2,4)
registersymbol(player1)
registersymbol(player2)
newmem:
mov [player1],eax
xor eax,eax
mov eax,[ecx+000001D0] //EAX == [ecx+000001D0]
cmp [player1],eax
jne isPlayer2
jmp newmem
isPlayer2:
mov [player2],eax
mov eax,[player1] //put back original address
jmp code
code:
movd xmm0,[eax+14]
jmp return
PlayersID:
jmp newmem
return:
registersymbol(PlayersID)
[DISABLE]
PlayersID:
db 66 0F 6E 40 14
unregistersymbol(PlayersID)
dealloc(newmem)
dealloc(player1)
dealloc(player2)
unregistersymbol(player1)
unregistersymbol(player2)
|
|
|
| Back to top |
|
 |
OldCheatEngineUser
Whateven rank
 Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
| Posted: Tue Nov 06, 2018 12:59 pm Post subject: |
|
|
you may wanna give some useful info about register/memory location contents, anyhow i think i know what you need. (but still your script wont do anything special)
| Code: | // mov eax,[ecx+000001D0] //EAX == [ecx+000001D0]
// if [ecx+000001D0] holds a pointer, then the above instruction is valid.
// otherwise you need LEA instead of MOV
// question goes here: what does [ecx+000001D0] holds? and is related to what? |
| Code: | cmp [player1],eax
jne isPlayer2
jmp newmem // if previous condition failed, then it will loop again. |
| Code: | isPlayer2:
mov [player2],eax
mov eax,[player1] //put back original address
jmp code
// you are not doing anything special, no godmode no infinite health ... only eax is being moved into player2 memory location.
// and then original code gets executed normally, and it will affect both player 1&2.
code:
movd xmm0,[eax+14]
jmp return |
| dharmang1910 wrote: | | I want to get multiple player ID from a code |
if that instruction operand is a memory location that holds a pointer, then you can use MOV to get whatever in there.
otherwise you need LEA.
| dharmang1910 wrote: | | which only access our team member's addresses, not the enemy's. |
if the instruction only accesses the player and player's team, then why would you need a compare?
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
dharmang1910
Expert Cheater
![]() Reputation: 0
Joined: 09 May 2010
Posts: 102
|
| Posted: Tue Nov 06, 2018 10:00 pm Post subject: |
|
|
| OldCheatEngineUser wrote: | you may wanna give some useful info about register/memory location contents, anyhow i think i know what you need. (but still your script wont do anything special)
| Code: | // mov eax,[ecx+000001D0] //EAX == [ecx+000001D0]
// if [ecx+000001D0] holds a pointer, then the above instruction is valid.
// otherwise you need LEA instead of MOV
// question goes here: what does [ecx+000001D0] holds? and is related to what? |
| Code: | cmp [player1],eax
jne isPlayer2
jmp newmem // if previous condition failed, then it will loop again. |
| Code: | isPlayer2:
mov [player2],eax
mov eax,[player1] //put back original address
jmp code
// you are not doing anything special, no godmode no infinite health ... only eax is being moved into player2 memory location.
// and then original code gets executed normally, and it will affect both player 1&2.
code:
movd xmm0,[eax+14]
jmp return |
| dharmang1910 wrote: | | I want to get multiple player ID from a code |
if that instruction operand is a memory location that holds a pointer, then you can use MOV to get whatever in there.
otherwise you need LEA.
| dharmang1910 wrote: | | which only access our team member's addresses, not the enemy's. |
if the instruction only accesses the player and player's team, then why would you need a compare? |
This code is only access our team's health so this is the good location to fetch player ids. This is not the code that write to our health so there is not need to write any god mode related code here. This code is just for fetching player IDs. When we are click on "find out what addresses this instruction accesses" i found two addresses of team member's health. So i want to assign one address to [player1] and second address to [player2].
Here is code snippet
| Code: |
{
// ORIGINAL CODE - INJECTION POINT: "LC2.exe"+1C49CD
"LC2.exe"+1C49AF: CC - int 3
"LC2.exe"+1C49B0: 55 - push ebp
"LC2.exe"+1C49B1: 8B EC - mov ebp,esp
"LC2.exe"+1C49B3: 51 - push ecx
"LC2.exe"+1C49B4: 66 0F 6E 89 D8 01 00 00 - movd xmm1,[ecx+000001D8]
"LC2.exe"+1C49BC: 0F 5B C9 - cvtdq2ps xmm1,xmm1
"LC2.exe"+1C49BF: 0F 57 D2 - xorps xmm2,xmm2
"LC2.exe"+1C49C2: 0F 2F CA - comiss xmm1,xmm2
"LC2.exe"+1C49C5: 76 23 - jna LC2.exe+1C49EA
"LC2.exe"+1C49C7: 8B 81 D0 01 00 00 - mov eax,[ecx+000001D0]
// ---------- INJECTING HERE ----------
"LC2.exe"+1C49CD: 66 0F 6E 40 14 - movd xmm0,[eax+14]
// ---------- DONE INJECTING ----------
"LC2.exe"+1C49D2: 0F 5B C0 - cvtdq2ps xmm0,xmm0
"LC2.exe"+1C49D5: 0F 2F C2 - comiss xmm0,xmm2
"LC2.exe"+1C49D8: 76 10 - jna LC2.exe+1C49EA
"LC2.exe"+1C49DA: F3 0F 5E C1 - divss xmm0,xmm1
"LC2.exe"+1C49DE: F3 0F 11 45 FC - movss [ebp-04],xmm0
"LC2.exe"+1C49E3: D9 45 FC - fld dword ptr [ebp-04]
"LC2.exe"+1C49E6: 8B E5 - mov esp,ebp
"LC2.exe"+1C49E8: 5D - pop ebp
"LC2.exe"+1C49E9: C3 - ret
"LC2.exe"+1C49EA: D9 EE - fldz
} |
[/code]
My script is only accessing first health address then going to infinite loop because it is not accessing the second health address to get out from the loop. So is there any other code there to access the second health address, specially Dark Byte knows if he have made some provisions for this.
| Description: |
|
| Filesize: |
8.76 KB |
| Viewed: |
6095 Time(s) |
|
|
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
| Posted: Tue Nov 06, 2018 10:25 pm Post subject: |
 |
|
| Code: | newmem:
cmp dword ptr [player1],eax
jz isPlayer2
mov dword ptr [player1],eax
jmp code
isPlayer2:
mov dword ptr [player2],eax
code:
movd xmm0,[eax+14]
jmp return |
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
dharmang1910
Expert Cheater
![]() Reputation: 0
Joined: 09 May 2010
Posts: 102
|
| Posted: Tue Nov 06, 2018 10:42 pm Post subject: |
|
|
| OldCheatEngineUser wrote: | | Code: | newmem:
cmp dword ptr [player1],eax
jz isPlayer2
mov dword ptr [player1],eax
jmp code
isPlayer2:
mov dword ptr [player2],eax
code:
movd xmm0,[eax+14]
jmp return |
|
Thanks it works and great logic to access both the addresses.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
