 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
XxSongixX
How do I cheat?
![]() Reputation: 0
Joined: 06 Mar 2022
Posts: 6
|
 Posted: Sun Mar 06, 2022 4:13 pm Post subject: Help with 1 hit kill |
 |
|
Hello, I'm having a bit of a problem with the 1-hit kill code.
The issue is that in the game I manage to drop the life of the enemies to 0 in one hit, but they don't die until they receive the second one, I have tried to solve it on my own, but I can't understand the logic behind it.
I think it's because they activated the death sequence before the life is updated, but I don't know how to fix that.
| Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048,"nioh2.exe"+A30646)
label(returnhere)
label(originalcode)
label(exit)
alloc(ourcode,4,"nioh2.exe"+A30646)
ourcode:
dd (float)9999
newmem: //this is allocated memory, you have read,write,execute access
cmp [rcx+3D4],1
jne originalcode
mov rdx,[ourcode]
mov [rcx+10],rdx
mov rdx,[rcx+28]
jmp exit
originalcode:
mov [rcx+10],rdx
mov rdx,[rcx+28]
mov [rcx+10],0 |
Thanks for your time.
| Description: |
| I don't know if this image will help, but I'm attaching it anyway. |
|
| Filesize: |
53.51 KB |
| Viewed: |
2488 Time(s) |
|
|
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4700
|
| Posted: Sun Mar 06, 2022 4:33 pm Post subject: |
|
|
Might have something to do with writing 0 to [rcx]. That test rdx,rdx checks if rdx is 0 (which you basically set it to in your injection), and if it is zero, it jumps past writing 0 to rcx. You may want to inject further up to avoid this write and see what happens.
It could also be a check made by the caller. e.g. pseudocode:
| Code: | if damageDealt >= healthRemaining then
kill(...)
else
damage(...) // the function you're looking at
end |
If you don't know how to read assembly, you're going to have a hard time with this.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
cooleko
Grandmaster Cheater
![]() Reputation: 11
Joined: 04 May 2016
Posts: 717
|
| Posted: Sun Mar 06, 2022 9:13 pm Post subject: |
|
|
To supplement ParkourPenguin's advice, You can find the jump pretty easily using break and trace.
Break and trace this instruction once to find the Ret. Follow it, go up one line of code to the call, follow that (This takes you to the start of the current function you are looking at most of the time). Then break and trace from one of the instructions there.
You will perform this last break and trace twice. Once when you are hurting the enemy and once when you are killing the enemy. You will be able to immediately see where the killing branches differently than the hurting. You can change the JE, JNE, JA, JB, etc to a JMP, which means it will always take that branch.
Make sure it does not run for your character or you will be one hit killed, too!
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sun Mar 06, 2022 11:54 pm Post subject: |
|
|
If instruction is accessing health constantly, you can try something like this:
| Code: | alloc(newmem,2048,"nioh2.exe"+A30646)
label(returnhere)
label(originalcode)
label(exit)
label(kill)
alloc(ourcode,4,"nioh2.exe"+A30646)
ourcode:
dd (float)9999
newmem: //this is allocated memory, you have read,write,execute access
cmp [rcx+3D4],1
jne kill
mov rdx,[ourcode]
mov [rcx+10],rdx
mov rdx,[rcx+28]
jmp exit
kill:
cmp [rcx+10],0
je originalcode
mov [rcx+10],0
mov rdx,[rcx+28]
jmp exit
originalcode:
mov [rcx+10],rdx
mov rdx,[rcx+28]
jmp exit |
|
|
| Back to top |
|
|
XxSongixX
How do I cheat?
![]() Reputation: 0
Joined: 06 Mar 2022
Posts: 6
|
| Posted: Tue Mar 08, 2022 6:59 am Post subject: |
|
|
| ++METHOS wrote: | If instruction is accessing health constantly, you can try something like this:
| Code: | alloc(newmem,2048,"nioh2.exe"+A30646)
label(returnhere)
label(originalcode)
label(exit)
label(kill)
alloc(ourcode,4,"nioh2.exe"+A30646)
ourcode:
dd (float)9999
newmem: //this is allocated memory, you have read,write,execute access
cmp [rcx+3D4],1
jne kill
mov rdx,[ourcode]
mov [rcx+10],rdx
mov rdx,[rcx+28]
jmp exit
kill:
cmp [rcx+10],0
je originalcode
mov [rcx+10],0
mov rdx,[rcx+28]
jmp exit
originalcode:
mov [rcx+10],rdx
mov rdx,[rcx+28]
jmp exit |
|
The health is not constantly accessing, what happens is that the life reaches 0 but the instructions that make it die are not activated, having to hit again to activate it.
I know I have to inject the code somewhere else, since the time to kill and take life seems to be separate, but I don't know how to find the right place to test. (I hope to make myself understood)
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Tue Mar 08, 2022 7:15 am Post subject: |
|
|
| Check to see what accesses and choose an instruction that is accessing constantly. Then try the same approach as posted above and report back.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
