Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Inf. Health issue

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
KalasDev
Master Cheater
Reputation: 1

Joined: 29 May 2016
Posts: 311
PostPosted: Wed Jun 15, 2016 1:50 am    Post subject: Inf. Health issue Reply with quote
Tried to make a script for the game Bully, this is the code I finally came up with!

Code:
[ENABLE]

aobscanmodule(Health,Bully.exe,24 D9 91 B8 1C 00 00) // should be unique
alloc(newmem,$100)

label(PlayerCheck)
label(code)
label(return)

newmem:

PlayerCheck:

  push rax
  mov rax,[ecx+1CBC]
  cmp rax,(float)200
  jne code
  jmp return

code:
  fst dword ptr [ecx+00001CB8]
  jmp return

Health+01:
  jmp PlayerCheck
  nop
return:
registersymbol(Health)

[DISABLE]

Health+01:
  db D9 91 B8 1C 00 00

unregistersymbol(Health)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "Bully.exe"+731A6

"Bully.exe"+7317A: D9 05 6C 39 A3 00  -  fld dword ptr [Bully.exe+63396C]
"Bully.exe"+73180: D8 0D A4 A9 C1 00  -  fmul dword ptr [Bully.exe+81A9A4]
"Bully.exe"+73186: D9 1C 24           -  fstp dword ptr [esp]
"Bully.exe"+73189: D9 04 24           -  fld dword ptr [esp]
"Bully.exe"+7318C: D9 81 AC 1C 00 00  -  fld dword ptr [ecx+00001CAC]
"Bully.exe"+73192: DC 35 30 01 90 00  -  fdiv qword ptr [Bully.exe+500130]
"Bully.exe"+73198: DE C9              -  fmulp st(1),st(0)
"Bully.exe"+7319A: D8 81 B8 1C 00 00  -  fadd dword ptr [ecx+00001CB8]
"Bully.exe"+731A0: D9 1C 24           -  fstp dword ptr [esp]
"Bully.exe"+731A3: D9 04 24           -  fld dword ptr [esp]
// ---------- INJECTING HERE ----------
"Bully.exe"+731A6: D9 91 B8 1C 00 00  -  fst dword ptr [ecx+00001CB8]
// ---------- DONE INJECTING  ----------
"Bully.exe"+731AC: D9 81 A4 1C 00 00  -  fld dword ptr [ecx+00001CA4]
"Bully.exe"+731B2: DE D9              -  fcompp
"Bully.exe"+731B4: DF E0              -  fnstsw ax
"Bully.exe"+731B6: F6 C4 05           -  test ah,05
"Bully.exe"+731B9: 7A 0C              -  jp Bully.exe+731C7
"Bully.exe"+731BB: D9 81 A4 1C 00 00  -  fld dword ptr [ecx+00001CA4]
"Bully.exe"+731C1: D9 99 B8 1C 00 00  -  fstp dword ptr [ecx+00001CB8]
"Bully.exe"+731C7: 59                 -  pop ecx
"Bully.exe"+731C8: C3                 -  ret
"Bully.exe"+731C9: CC                 -  int 3
}



Basically:

1CBC = 200

I took this offset as the max health from Group Different, my game is crashing after punching or getting hit.
Back to top
View user's profile Send private message
cooleko
Grandmaster Cheater
Reputation: 11

Joined: 04 May 2016
Posts: 717
PostPosted: Wed Jun 15, 2016 2:26 am    Post subject: Reply with quote
You dont pop rax, you also are using ST(0) without actually putting a value there, and you are not using cmp dword ptr.


Some thoughts since I'm confused on what the code is actually doing
Code:

fld dword ptr [ecx+00001CAC]
fdiv qword ptr [Bully.exe+500130]
fmulp st(1),st(0)
(If 1CB8 is your current HP, then why is it being added in here? Perhaps the first few lines of code are calculating the damage to be applied, and then it adding current HP to the damage amount?)
fadd dword ptr [ecx+00001CB8]
(If 1CB8 is current HP, why is it being stored at ESP and then loaded back again)
fstp dword ptr [esp]
fld dword ptr [esp]
// ---------- INJECTING HERE ----------
(If this is your Current HP, it needs to be set twice, once in ST(0) and once at 1CB8 because the value isnt popped out of the stack yet)
fst dword ptr [ecx+00001CB8]
// ---------- DONE INJECTING  ----------
(Why is your current HP being compared with 1CA4? What is 1CA4? is it MAX HP, 0, or a saved version of you current HP?)
fld dword ptr [ecx+00001CA4]
fcompp
fnstsw ax
test ah,05
(Is this jump being taken while alive, while dead, while your HP > MAX HP?)
jp Bully.exe+731C7
fld dword ptr [ecx+00001CA4]
(See how after these values are compared, the precumed current HP is set as 1CA4? I think this is a max HP check, and it is placing a ceiling on your max HP, if you change jp to jmp, you may be able to change your max HP)
fstp dword ptr [ecx+00001CB8]


Also, to look at your code,
Code:

PlayerCheck:

  push rax //You forgot to pop RAX, this definitely caused the crash)
  mov rax,[ecx+1CBC] //I'm assuming you just placed 200 into the rax register
  cmp rax,(float)200  //Why are you comparing this value now? you told us that 1CBC was 200, but you are now comparing this value, seems unnecessary
  jne code //This jump will never occur (if what you said is correct), and you havent changed a single value because all you did was load RAX with 200
  jmp return

code:
  fst dword ptr [ecx+00001CB8] (You are storing the original value with no changes)
  jmp return

Health+01:
  jmp PlayerCheck
  nop
return:
registersymbol(Health)



Assuming that 1CB8 is Current HP and 1CBC is Max HP, you could

Code:

PlayerCheck:
  fstp dword ptr [ecx+00001CB8] //Clears ST(0)
  fld dword ptr [ecx+1cbc] //Loads max HP into ST(0)
  fst dword ptr [ecx+1cb8] //Stores max HP into Current HP
  jmp return

Health+01:
  jmp PlayerCheck
  nop
return:
registersymbol(Health)


This code sets your current HP to the max value (200), and also leaves the max value 200 in the register for the next couple of instructions to operate on.

Last edited by cooleko on Wed Jun 15, 2016 2:54 am; edited 4 times in total
Back to top
View user's profile Send private message
KalasDev
Master Cheater
Reputation: 1

Joined: 29 May 2016
Posts: 311
PostPosted: Wed Jun 15, 2016 2:49 am    Post subject: Reply with quote
Alright, sorry I'm new to this, I was learning AA about 2 weeks now. Idea
Back to top
View user's profile Send private message
cooleko
Grandmaster Cheater
Reputation: 11

Joined: 04 May 2016
Posts: 717
PostPosted: Wed Jun 15, 2016 2:55 am    Post subject: Reply with quote
NP, i made a few edits to my post because i looked at the original instructions a bit more, see if it makes sense to you now and let us know if it works.
Back to top
View user's profile Send private message
KalasDev
Master Cheater
Reputation: 1

Joined: 29 May 2016
Posts: 311
PostPosted: Wed Jun 15, 2016 3:04 am    Post subject: Reply with quote
Yea it works, I had to add the pop rax.

The issue with those is that the HP is shared with the AI's so I had to cmp it, so yea I found my max hp offset and simply did the code, thank you for explaining me Very Happy
Back to top
View user's profile Send private message
cooleko
Grandmaster Cheater
Reputation: 11

Joined: 04 May 2016
Posts: 717
PostPosted: Wed Jun 15, 2016 3:08 am    Post subject: Reply with quote
If 1CBC is Max HP (or 200), then it will work for any of the AIs if they have 200hp
Back to top
View user's profile Send private message
KalasDev
Master Cheater
Reputation: 1

Joined: 29 May 2016
Posts: 311
PostPosted: Wed Jun 15, 2016 3:16 pm    Post subject: Reply with quote
Not while it's not their MAX hp, yea I could find different offset, Thx I just added pop rax, works just fine
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites