 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
tysman
Cheater
![]() Reputation: 0
Joined: 06 Jan 2020
Posts: 29
|
 Posted: Sat Apr 09, 2022 12:05 pm Post subject: No damage but can repair |
 |
|
I have a script where if i damage a vehicle it increases how can i use a compare so that it cant increase but i can decrease it
| Code: |
[ENABLE]
aobscanmodule(damage,MudRunner.exe,41 03 CF 89 8E C8 00 00 00) // should be unique
alloc(newmem,$100,"MudRunner.exe"+6A923B)
label(code)
label(return)
newmem:
sub [rsi+000000C8],0
jmp return
code:
mov [rsi+000000C8],ecx
jmp return
damage+03:
jmp newmem
nop
return:
registersymbol(damage)
[DISABLE]
damage+03:
db 89 8E C8 00 00 00
unregistersymbol(damage)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "MudRunner.exe"+6A923B
"MudRunner.exe"+6A9213: 48 8D 54 24 60 - lea rdx,[rsp+60]
"MudRunner.exe"+6A9218: 48 8B CF - mov rcx,rdi
"MudRunner.exe"+6A921B: E8 00 64 00 00 - call MudRunner.exe+6AF620
"MudRunner.exe"+6A9220: 90 - nop
"MudRunner.exe"+6A9221: 48 83 7D 88 08 - cmp qword ptr [rbp-78],08
"MudRunner.exe"+6A9226: 72 0B - jb MudRunner.exe+6A9233
"MudRunner.exe"+6A9228: 48 8B 4C 24 70 - mov rcx,[rsp+70]
"MudRunner.exe"+6A922D: FF 15 6D E8 2A 00 - call qword ptr [MudRunner.exe+957AA0]
"MudRunner.exe"+6A9233: 41 8B 4C 24 48 - mov ecx,[r12+48]
"MudRunner.exe"+6A9238: 41 03 CF - add ecx,r15d
// ---------- INJECTING HERE ----------
"MudRunner.exe"+6A923B: 89 8E C8 00 00 00 - mov [rsi+000000C8],ecx
// ---------- DONE INJECTING ----------
"MudRunner.exe"+6A9241: 83 BE CC 00 00 00 00 - cmp dword ptr [rsi+000000CC],00
"MudRunner.exe"+6A9248: 76 08 - jna MudRunner.exe+6A9252
"MudRunner.exe"+6A924A: 48 8B CE - mov rcx,rsi
"MudRunner.exe"+6A924D: E8 2E FD 1B 00 - call MudRunner.exe+868F80
"MudRunner.exe"+6A9252: 48 3B 77 10 - cmp rsi,[rdi+10]
"MudRunner.exe"+6A9256: 75 0A - jne MudRunner.exe+6A9262
"MudRunner.exe"+6A9258: C7 05 42 FC 48 00 00 00 00 00 - mov [MudRunner.exe+B38EA4],00000000
"MudRunner.exe"+6A9262: 66 41 0F 6E FF - movd xmm7,r15d
"MudRunner.exe"+6A9267: 0F 5B FF - cvtdq2ps xmm7,xmm7
"MudRunner.exe"+6A926A: F3 41 0F 5E FB - divss xmm7,xmm11
}
|
These are the instructions when i repair vehicle at a garage or use repair supplies
| Code: |
7FF6B5153241 - 44 89 B7 C8000000 - mov [rdi+000000C8],r14d
7FF6B5155763 - 44 89 B9 C8000000 - mov [rcx+000000C8],r15d
|
|
|
| Back to top |
|
 |
TsTg
Master Cheater
 Reputation: 5
Joined: 12 Dec 2012
Posts: 340
Location: Somewhere....
|
| Posted: Sun Apr 10, 2022 1:31 am Post subject: |
|
|
decrease but not increase(assuming the values are integers):
| Code: | newmem:
code:
cmp ecx,dword [rsi+000000C8]
jae return
mov [rsi+000000C8],ecx
jmp return |
you can do the same for the two other instructions as following, you get the idea by now:
| Code: | cmp r14d,dword [rdi+000000C8]
jae return
mov [rdi+000000C8],r14d
jmp return |
| Code: | cmp r15d,dword [rcx+000000C8]
jae return
mov [rcx+000000C8],r15d
jmp return |
if they are float values, the compare is different, take care:
| Code: |
label(SomeTempValue)
newmem:
code:
push rax
push rdx
mov dword [SomeTempValue],ecx
fld dword ptr [SomeTempValue]
fld dword ptr [rsi+000000C8]
fcompp
fwait
fnstsw ax
and ah,41
sete dl
and edx,FF
mov eax,edx
test eax,eax
pop rdx
pop rax
je return //jump if [rsi+C8] is smaller than the float in ECX
mov [rsi+000000C8],ecx
jmp return
SomeTempValue:
dd 0 |
|
|
| Back to top |
|
|
tysman
Cheater
![]() Reputation: 0
Joined: 06 Jan 2020
Posts: 29
|
| Posted: Sun Apr 10, 2022 9:56 am Post subject: |
|
|
I tried this which seems to work
| Code: |
cmp rcx,[rsi+C8]
jbe @f
mov [rsi+000000C8],ecx
@@:
jmp return
|
except for water damage thats also writing to
| Code: |
mov [rsi+000000C8],ecx
|
But from a different location which is:
MudRunner.combine::DRIVE_LOGIC::ProcessTrucks+16E2 - 89 8E C8000000 - mov [rsi+000000C8],ecx
I used your top code works great also will use it instead of mine. I put it under newmem instead of code, still water seems to be damaging vehicle though
|
|
| Back to top |
|
|
cooleko
Grandmaster Cheater
![]() Reputation: 11
Joined: 04 May 2016
Posts: 717
|
| Posted: Sun Apr 10, 2022 8:28 pm Post subject: |
|
|
| Water damage is likely calculated elsewhere, find its instruction the same way you found these. Otherwise, trace it taking water damage and see why it is different than expected.
|
|
| Back to top |
|
|
Euphoria133
Newbie cheater
![]() Reputation: 0
Joined: 11 Apr 2022
Posts: 16
|
| Posted: Mon Apr 11, 2022 6:22 pm Post subject: |
|
|
| Isn’t this game online? Sorry if I am confusing it with some other game
|
|
| Back to top |
|
|
tysman
Cheater
![]() Reputation: 0
Joined: 06 Jan 2020
Posts: 29
|
| Posted: Mon Apr 11, 2022 7:01 pm Post subject: |
|
|
Here is water damage
| Code: |
[ENABLE]
aobscanmodule(wdamage,MudRunner.exe,48 03 CF 89 8E C8 00 00 00) // should be unique
alloc(newmem,$100,"MudRunner.exe"+6A84C2)
label(code)
label(return)
newmem:
code:
mov [rsi+000000C8],ecx
jmp return
wdamage+03:
jmp newmem
nop
return:
registersymbol(wdamage)
[DISABLE]
wdamage+03:
db 89 8E C8 00 00 00
unregistersymbol(wdamage)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "MudRunner.exe"+6A84C2
"MudRunner.exe"+6A848A: F3 0F 10 0D 1A A3 36 00 - movss xmm1,[MudRunner.exe+A127AC]
"MudRunner.exe"+6A8492: F3 0F 11 4C 24 28 - movss [rsp+28],xmm1
"MudRunner.exe"+6A8498: C6 44 24 20 00 - mov byte ptr [rsp+20],00
"MudRunner.exe"+6A849D: 45 33 C9 - xor r9d,r9d
"MudRunner.exe"+6A84A0: F3 0F 10 15 AC A5 36 00 - movss xmm2,[MudRunner.exe+A12A54]
"MudRunner.exe"+6A84A8: 48 8D 95 E4 00 00 00 - lea rdx,[rbp+000000E4]
"MudRunner.exe"+6A84AF: 48 8D 0D 0A 6F 31 00 - lea rcx,[MudRunner.exe+9BF3C0]
"MudRunner.exe"+6A84B6: E8 75 34 11 00 - call MudRunner.exe+7BB930
"MudRunner.exe"+6A84BB: 41 8B 4C 24 48 - mov ecx,[r12+48]
"MudRunner.exe"+6A84C0: 03 CF - add ecx,edi
// ---------- INJECTING HERE ----------
"MudRunner.exe"+6A84C2: 89 8E C8 00 00 00 - mov [rsi+000000C8],ecx
// ---------- DONE INJECTING ----------
"MudRunner.exe"+6A84C8: 83 BE CC 00 00 00 00 - cmp dword ptr [rsi+000000CC],00
"MudRunner.exe"+6A84CF: 76 08 - jna MudRunner.exe+6A84D9
"MudRunner.exe"+6A84D1: 48 8B CE - mov rcx,rsi
"MudRunner.exe"+6A84D4: E8 A7 0A 1C 00 - call MudRunner.exe+868F80
"MudRunner.exe"+6A84D9: 49 3B 77 10 - cmp rsi,[r15+10]
"MudRunner.exe"+6A84DD: 75 0A - jne MudRunner.exe+6A84E9
"MudRunner.exe"+6A84DF: C7 05 BB 09 49 00 00 00 00 00 - mov [MudRunner.exe+B38EA4],00000000
"MudRunner.exe"+6A84E9: 48 83 BD 18 01 00 00 08 - cmp qword ptr [rbp+00000118],08
"MudRunner.exe"+6A84F1: 0F 82 C9 00 00 00 - jb MudRunner.exe+6A85C0
"MudRunner.exe"+6A84F7: 48 8B 8D 00 01 00 00 - mov rcx,[rbp+00000100]
}
|
|
|
| Back to top |
|
|
TsTg
Master Cheater
Reputation: 5
Joined: 12 Dec 2012
Posts: 340
Location: Somewhere....
|
| Posted: Tue Apr 12, 2022 3:09 pm Post subject: |
|
|
| so since the water damage was also found, what is the issue now?, the decrease but not increase will be just the same as the others, if you want to cancel the damage from water totally, just use NOP on the mov [rsi+000000C8],ecx line.
|
|
| Back to top |
|
|
tysman
Cheater
![]() Reputation: 0
Joined: 06 Jan 2020
Posts: 29
|
| Posted: Tue Apr 12, 2022 6:45 pm Post subject: |
|
|
yah the NOP works but how could i add it in with my other script under newmem where i have
| Code: |
newmem:
cmp ecx,dword [rsi+000000C8]
jae return
mov [rsi+000000C8],ecx
jmp return
|
|
|
| Back to top |
|
|
TsTg
Master Cheater
Reputation: 5
Joined: 12 Dec 2012
Posts: 340
Location: Somewhere....
|
| Posted: Tue Apr 12, 2022 7:59 pm Post subject: |
|
|
if you are cancelling all water damage, you can either do this:
(no need to allocate memory or anything, just this)
| Code: | aobscan(water_target).....
[ENABLE]
water_target:
nop
nop
nop
nop
nop
nop
[DISABLE]
water_target:
//original bytes here as usuall
|
or in case you want to do extra code + nopping, then you simply ignore putting the line to be NOP'ed, as following:
| Code: | newmem:
//do your extra stuff here....
//mov [rsi+000000C8],ecx you dont need this anymore, delete this line, i just left it so you can get a clear picture
jmp return //straight jump to the line after the mov [rsi+c8],ecx
|
|
|
| Back to top |
|
|
tysman
Cheater
![]() Reputation: 0
Joined: 06 Jan 2020
Posts: 29
|
| Posted: Wed Apr 13, 2022 9:17 pm Post subject: |
|
|
ok i sorta understand what yah mean, i like the first choice with the nop's. I added the aob scan and the wdamage+03 just need to know where to put those nop's
| Code: |
[ENABLE]
aobscanmodule(damage,MudRunner.exe,41 03 CF 89 8E C8 00 00 00) // should be unique
aobscanmodule(wdamage,MudRunner.exe,48 03 CF 89 8E C8 00 00 00) // should be unique
alloc(newmem,$100,"MudRunner.exe"+6A923B)
label(code)
label(return)
newmem:
cmp ecx,dword [rsi+C8]
jae return
mov [rsi+000000C8],ecx
jmp return
code:
mov [rsi+000000C8],ecx
jmp return
damage+03:
jmp newmem
nop
return:
registersymbol(damage)
[DISABLE]
damage+03:
db 89 8E C8 00 00 00
wdamage+03:
db 89 8E C8 00 00 00
unregistersymbol(damage)
unregistersymbol(wdamage)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "MudRunner.exe"+6A923B
"MudRunner.exe"+6A9213: 48 8D 54 24 60 - lea rdx,[rsp+60]
"MudRunner.exe"+6A9218: 48 8B CF - mov rcx,rdi
"MudRunner.exe"+6A921B: E8 00 64 00 00 - call MudRunner.exe+6AF620
"MudRunner.exe"+6A9220: 90 - nop
"MudRunner.exe"+6A9221: 48 83 7D 88 08 - cmp qword ptr [rbp-78],08
"MudRunner.exe"+6A9226: 72 0B - jb MudRunner.exe+6A9233
"MudRunner.exe"+6A9228: 48 8B 4C 24 70 - mov rcx,[rsp+70]
"MudRunner.exe"+6A922D: FF 15 6D E8 2A 00 - call qword ptr [MudRunner.exe+957AA0]
"MudRunner.exe"+6A9233: 41 8B 4C 24 48 - mov ecx,[r12+48]
"MudRunner.exe"+6A9238: 41 03 CF - add ecx,r15d
// ---------- INJECTING HERE ----------
"MudRunner.exe"+6A923B: 89 8E C8 00 00 00 - mov [rsi+000000C8],ecx
// ---------- DONE INJECTING ----------
"MudRunner.exe"+6A9241: 83 BE CC 00 00 00 00 - cmp dword ptr [rsi+000000CC],00
"MudRunner.exe"+6A9248: 76 08 - jna MudRunner.exe+6A9252
"MudRunner.exe"+6A924A: 48 8B CE - mov rcx,rsi
"MudRunner.exe"+6A924D: E8 2E FD 1B 00 - call MudRunner.exe+868F80
"MudRunner.exe"+6A9252: 48 3B 77 10 - cmp rsi,[rdi+10]
"MudRunner.exe"+6A9256: 75 0A - jne MudRunner.exe+6A9262
"MudRunner.exe"+6A9258: C7 05 42 FC 48 00 00 00 00 00 - mov [MudRunner.exe+B38EA4],00000000
"MudRunner.exe"+6A9262: 66 41 0F 6E FF - movd xmm7,r15d
"MudRunner.exe"+6A9267: 0F 5B FF - cvtdq2ps xmm7,xmm7
"MudRunner.exe"+6A926A: F3 41 0F 5E FB - divss xmm7,xmm11
}
|
|
|
| Back to top |
|
|
TsTg
Master Cheater
Reputation: 5
Joined: 12 Dec 2012
Posts: 340
Location: Somewhere....
|
| Posted: Thu Apr 14, 2022 5:10 am Post subject: |
|
|
you can place it at the end of [ENABLE] section for convenience, CE knows what to do
| Code: |
[ENABLE]
.
.
return:
registersymbol(damage)
wdamage:
//you can also use db 90 90 90 90 90 90
nop
nop
nop
nop
nop
nop
[DISABLE]
........
|
|
|
| Back to top |
|
|
tysman
Cheater
![]() Reputation: 0
Joined: 06 Jan 2020
Posts: 29
|
| Posted: Thu Apr 14, 2022 9:44 am Post subject: |
|
|
| OK thanks
|
|
| Back to top |
|
|
tysman
Cheater
![]() Reputation: 0
Joined: 06 Jan 2020
Posts: 29
|
| Posted: Fri Oct 21, 2022 10:24 am Post subject: SnowRunner no damage but can repair |
|
|
Hello im playing snowrunner now and cant seem to get a no damage but can repair script working i tried this which is simular to my script for mudrunner but game will crash as soon as start vehicle
| Code: |
[ENABLE]
aobscanmodule(damage,SnowRunner.exe,89 07 E8 FF F9 A1 00) // should be unique
alloc(newmem,$100,"SnowRunner.exe"+B777EA)
label(code)
label(return)
newmem:
cmp eax,dword [rdi]
jae return
mov [rdi],eax
jmp return
code:
mov [rdi],eax
call SnowRunner.exe+15971F0
jmp return
damage:
jmp newmem
nop
nop
return:
registersymbol(damage)
[DISABLE]
damage:
db 89 07 E8 FF F9 A1 00
unregistersymbol(damage)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "SnowRunner.exe"+B777EA
"SnowRunner.exe"+B777C7: E8 34 FE A1 00 - call SnowRunner.exe+1597600
"SnowRunner.exe"+B777CC: 48 63 D8 - movsxd rbx,eax
"SnowRunner.exe"+B777CF: 48 03 DE - add rbx,rsi
"SnowRunner.exe"+B777D2: EB 03 - jmp SnowRunner.exe+B777D7
"SnowRunner.exe"+B777D4: 48 8B DF - mov rbx,rdi
"SnowRunner.exe"+B777D7: E8 E4 F8 A1 00 - call SnowRunner.exe+15970C0
"SnowRunner.exe"+B777DC: 48 8D 43 08 - lea rax,[rbx+08]
"SnowRunner.exe"+B777E0: 48 85 DB - test rbx,rbx
"SnowRunner.exe"+B777E3: 48 0F 45 F8 - cmovne rdi,rax
"SnowRunner.exe"+B777E7: 41 8B 06 - mov eax,[r14]
// ---------- INJECTING HERE ----------
"SnowRunner.exe"+B777EA: 89 07 - mov [rdi],eax
"SnowRunner.exe"+B777EC: E8 FF F9 A1 00 - call SnowRunner.exe+15971F0
// ---------- DONE INJECTING ----------
"SnowRunner.exe"+B777F1: 48 8B 5C 24 30 - mov rbx,[rsp+30]
"SnowRunner.exe"+B777F6: 48 8B 74 24 38 - mov rsi,[rsp+38]
"SnowRunner.exe"+B777FB: 48 8B 7C 24 40 - mov rdi,[rsp+40]
"SnowRunner.exe"+B77800: 83 38 00 - cmp dword ptr [rax],00
"SnowRunner.exe"+B77803: 0F 95 C0 - setne al
"SnowRunner.exe"+B77806: 48 83 C4 20 - add rsp,20
"SnowRunner.exe"+B7780A: 41 5E - pop r14
"SnowRunner.exe"+B7780C: C3 - ret
"SnowRunner.exe"+B7780D: CC - int 3
"SnowRunner.exe"+B7780E: CC - int 3
}
|
|
|
| Back to top |
|
|
tysman
Cheater
![]() Reputation: 0
Joined: 06 Jan 2020
Posts: 29
|
| Posted: Sat Oct 22, 2022 8:40 am Post subject: |
|
|
I moved my script up so wasnt having that call in it. And i was able to not have game crash and good news is no damage is working but the repair isnt. Its not letting it decrease
| Code: |
[ENABLE]
aobscanmodule(damage,SnowRunner.exe,41 8B 06 89 07 E8 FF F9) // should be unique
alloc(newmem,$100,"SnowRunner.exe"+B777E7)
label(code)
label(return)
newmem:
cmp eax,dword [rdi]
jae return
mov [rdi],eax
jmp return
code:
mov eax,[r14]
mov [rdi],eax
jmp return
damage:
jmp newmem
return:
registersymbol(damage)
[DISABLE]
damage:
db 41 8B 06 89 07
unregistersymbol(damage)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "SnowRunner.exe"+B777E7
"SnowRunner.exe"+B777C3: 48 8D 4A 18 - lea rcx,[rdx+18]
"SnowRunner.exe"+B777C7: E8 34 FE A1 00 - call SnowRunner.exe+1597600
"SnowRunner.exe"+B777CC: 48 63 D8 - movsxd rbx,eax
"SnowRunner.exe"+B777CF: 48 03 DE - add rbx,rsi
"SnowRunner.exe"+B777D2: EB 03 - jmp SnowRunner.exe+B777D7
"SnowRunner.exe"+B777D4: 48 8B DF - mov rbx,rdi
"SnowRunner.exe"+B777D7: E8 E4 F8 A1 00 - call SnowRunner.exe+15970C0
"SnowRunner.exe"+B777DC: 48 8D 43 08 - lea rax,[rbx+08]
"SnowRunner.exe"+B777E0: 48 85 DB - test rbx,rbx
"SnowRunner.exe"+B777E3: 48 0F 45 F8 - cmovne rdi,rax
// ---------- INJECTING HERE ----------
"SnowRunner.exe"+B777E7: 41 8B 06 - mov eax,[r14]
"SnowRunner.exe"+B777EA: 89 07 - mov [rdi],eax
// ---------- DONE INJECTING ----------
"SnowRunner.exe"+B777EC: E8 FF F9 A1 00 - call SnowRunner.exe+15971F0
"SnowRunner.exe"+B777F1: 48 8B 5C 24 30 - mov rbx,[rsp+30]
"SnowRunner.exe"+B777F6: 48 8B 74 24 38 - mov rsi,[rsp+38]
"SnowRunner.exe"+B777FB: 48 8B 7C 24 40 - mov rdi,[rsp+40]
"SnowRunner.exe"+B77800: 83 38 00 - cmp dword ptr [rax],00
"SnowRunner.exe"+B77803: 0F 95 C0 - setne al
"SnowRunner.exe"+B77806: 48 83 C4 20 - add rsp,20
"SnowRunner.exe"+B7780A: 41 5E - pop r14
"SnowRunner.exe"+B7780C: C3 - ret
"SnowRunner.exe"+B7780D: CC - int 3
}
|
|
|
| Back to top |
|
|
tysman
Cheater
![]() Reputation: 0
Joined: 06 Jan 2020
Posts: 29
|
| Posted: Mon Oct 24, 2022 7:20 pm Post subject: |
|
|
| will need some help figuring out how to to allow it to decrease.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
