| View previous topic :: View next topic |
| Author |
Message |
Gestalt
Newbie cheater
![]() Reputation: 0
Joined: 08 Sep 2011
Posts: 21
|
 Posted: Thu Sep 08, 2011 6:16 pm Post subject: Item Durability |
 |
|
Hi, I wonder if someone could give a hint on how to get infinite Item/Weapon durability. I'm fairly new I have mostly done pointer-searches before, learned a bit of basic assembly.
When I take the address for 1 specific weapon and click " see what writes to..." I get this address:
033CCDA7 - fstp dword ptr [edi+04]
Any advice what to do with this?
Thanks!
|
|
| Back to top |
|
 |
SwaggaJackin'
Master Cheater
 Reputation: 2
Joined: 06 Nov 2009
Posts: 304
|
| Posted: Thu Sep 08, 2011 6:23 pm Post subject: |
|
|
It copies the floating point value inside of register ST(0) to the destination operand (in this case the pointer of [edi+04]) and then it pops the register stack.
The durability address location is at [edi+04] during that instruction and the amount of durability left is being written from ST(0). So whatever is in ST(0) is the amount of durability the item will have after that instruction is performed.
http://siyobik.info/main/reference/instruction/FST%2FFSTP
So if you wanted to set your own durability value, you could just copy whatever value you want it at into [edi+04].
I suggest you let that instruction get performed so it pops the register stack as intended and then write to the address.
|
|
| Back to top |
|
|
Gestalt
Newbie cheater
![]() Reputation: 0
Joined: 08 Sep 2011
Posts: 21
|
| Posted: Thu Sep 08, 2011 8:03 pm Post subject: |
|
|
I didn't succeed with copying the value. The value is 1109717748
I tried:
fstp dword ptr [edi+04]
mov [edi+04],1109717748
pop esi
ret 0004
It resulted in 0% condition on my stuff.
I tried some other stuff to but it wouldn't work and then it crashed.
Any thoughts?
And Then I found a new problem, it seems the mem addresses changes between sessions. So I don't know if it's even possible to do this.
I would like to know the problem though in educational purposes. (So that I can do right next time when It is actually possible)
[EDIT]
Ok I solved the moving mem addresses. I looked up the new address and i mem view I presses ctr-M (show module addresses) and now i got a static one.
game_x86_rwdi.dll+23CDA7
I still haven't got the, insert the value in [ebi+04], to work yet. It feels like it should be an easy thing to do. I'll continue to look around, but if any one got it, don't be afraid to share. I would really appreciate it.
Thank you SwaggaJackin' for your clue and thanks in advance.
|
|
| Back to top |
|
|
Gestalt
Newbie cheater
![]() Reputation: 0
Joined: 08 Sep 2011
Posts: 21
|
| Posted: Sat Sep 10, 2011 8:08 am Post subject: |
|
|
| No thoughts?
|
|
| Back to top |
|
|
Coldzer0
How do I cheat?
![]() Reputation: 0
Joined: 07 Sep 2011
Posts: 1
Location: ntdll.dll
|
| Posted: Sat Sep 10, 2011 11:35 am Post subject: |
|
|
i think you should make it like this 
fstp dword ptr [edi+04] to mov dword ptr [edi+04],1109717748
Try it 
|
|
| Back to top |
|
|
Gestalt
Newbie cheater
![]() Reputation: 0
Joined: 08 Sep 2011
Posts: 21
|
| Posted: Sat Sep 10, 2011 3:10 pm Post subject: |
|
|
| Thanks Coldzer0 for advice. Sadly the game crashed if I replaced it.
|
|
| Back to top |
|
|
SwaggaJackin'
Master Cheater
Reputation: 2
Joined: 06 Nov 2009
Posts: 304
|
| Posted: Sat Sep 10, 2011 5:20 pm Post subject: |
|
|
| Gestalt wrote: | | Thanks Coldzer0 for advice. Sadly the game crashed if I replaced it. |
Probably because it expects the stack pop.
|
|
| Back to top |
|
|
haunted5
Cheater
![]() Reputation: 1
Joined: 23 Aug 2011
Posts: 35
|
| Posted: Mon Sep 19, 2011 8:44 am Post subject: |
|
|
Hi,
As SwaggaJackin' said, the game crashed probably because the pop wasnt implemented.
Generally if the code you want to change involves a pop as in the 'p' in fstp instruction, if you dont pop the address the value will stay on stack and the next line of code that uses the stack to get a value will get this value as we didnt remove it. So all the values that use the stack will probably be getting wrong values from then on.
Normally if I want to implement a nop kind of code for instructions that require a pop, I would replace the fstp instruction with
fstp st(0)
This basically just pops the top value off the stack, so the new weopon durability is not stored.
I think to store a value into [edi+04] you have to pass it a hexadecimal value
Im not sure what 1109717748 is. Looks like its a decimal value of a 4Byte in which case if you convert it to Hex using Windows calculator you will get 4224F2F4. This if you convert to Float equivalent in decimal will be 41.237259. Is this the value you are trying to use? In any case instead of:
mov [edi+04],1109717748
try:
mov dword ptr [edi+04],4224F2F4
or in the latest cheat engine something like this might work:
mov dword ptr [edi+04],(float)41.237259 -- maybe this wont work,,not sure
Hope this helps
EDIT:
I see you are playing DeadIsland:
This is the script i used that worked for me:
| Code: |
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048) //2kb should be enough
label(returnhere)
//label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
fstp st(0)
exit:
pop esi
ret 0004
jmp returnhere
"game_x86_rwdi.dll"+23CDA7:
jmp newmem
nop
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"game_x86_rwdi.dll"+23CDA7:
fstp dword ptr [edi+04]
pop esi
ret 0004
//Alt: db D9 5F 04 5E C2 04 00 |
EDIT 2:
Although this script will stop you repairing items aswell. You can change the script to compare if the new value to be added is greater then value of weopon, then it can use original code, otherwise use fstp st(0). When I was playing the game, I just disabled the script any time I repaired or updated the weopons.
Hope this helps
|
|
| Back to top |
|
|
Gestalt
Newbie cheater
![]() Reputation: 0
Joined: 08 Sep 2011
Posts: 21
|
| Posted: Wed Sep 28, 2011 9:43 am Post subject: |
|
|
Thank you so much!
Of course it works to disable the script. But just for fun, any one out there knows how to make a if statement in auto assembler language?
I figure I need to use jumps but don't know how to compare the values in this particular case.
Thank you again.
Edit 1
I solved how to get perfect state on all weapons. but it is not optimal.
add this to the script mov dword ptr [edi+04],(float)99.00
It will make the item have more durability than it supposed to but I haven't seen any problem with that.
The question about the if statement is still up because it would be nice to optimize the script.
|
|
| Back to top |
|
|
haunted5
Cheater
![]() Reputation: 1
Joined: 23 Aug 2011
Posts: 35
|
| Posted: Wed Sep 28, 2011 6:32 pm Post subject: |
|
|
Hey,
To implement a compare for 4 bytes values and less you can use the following:
cmp eax,ebx
Follow this by a jump code that can be used like, je(jump if equal),jne(jump not equal),jl(jump if less),jg(jump if greater) etc
With floats you would have to load the 2 floats you want to compare onto the stack using 'fld' opcode. like:
fld dword ptr [edi+04]
Once loaded you can compare using 'fcom' instruction. Look up the usage of fcom in google. Although with this instruction you will not be able to use some of the useful jump instructions mentioned above. je and jne will still work but jl and jg will not. Instead you will have to use ja,jb (jumpabove/jump below). Just make sure you pop whatever extra you put on stack otherwise it will probably crash the game. Experiment and read up and im sure you will manage it
Hope this helps
|
|
| Back to top |
|
|
Gestalt
Newbie cheater
![]() Reputation: 0
Joined: 08 Sep 2011
Posts: 21
|
| Posted: Wed Sep 28, 2011 9:08 pm Post subject: |
|
|
Its really strange. I tried on my stamina and on Item durability.
| Code: | // load old value on to the stack
fld dword ptr [ebx+0000091C]
// compares st(0) against st(1)
// pops the st(0)
fcomp
//jump if below
jb runnormal
// does nothing
fst st(0)
//Jumps to exit
jmp exit
runnormal:
//Runs the original code
fst dword ptr [ebx+0000091C] |
With stamina I get the wanted effect, only something in the code must be wrong becouse if I change jb to ja (or jg or jl) the same thing will happen, no drain much gain. Very weird.
Then there are the item durability
| Code: | fcom [edi+04]
ja skip
fstp dword ptr [edi+04]
jmp exit
skip:
fstp st(0) |
It does matters which one I choose I cannot change to jb. But it seems like the code always jump to skip. I cannot repair. And if I put it like this it has the same effect
| Code: | fcom [edi+04]
jb run
fstp st(0)
jmp exit
run:
fstp dword ptr [edi+04] |
I will continue to read and try but it all seems very strange to me.
|
|
| Back to top |
|
|
haunted5
Cheater
![]() Reputation: 1
Joined: 23 Aug 2011
Posts: 35
|
| Posted: Wed Sep 28, 2011 10:15 pm Post subject: |
|
|
After the fcom instruction you need these 2 instructions before you can use conditional jumps:example:
fcom
fstsw
sahf
ja goSomeWhere
I dunno too much details but essentially they copy the flags over for our jumps to work
I think it should work after this
|
|
| Back to top |
|
|
Gestalt
Newbie cheater
![]() Reputation: 0
Joined: 08 Sep 2011
Posts: 21
|
| Posted: Wed Sep 28, 2011 10:46 pm Post subject: |
|
|
Very good haunted5. Very good.
It works thank you!
|
|
| Back to top |
|
|
gamehackspot
How do I cheat?
![]() Reputation: 0
Joined: 29 Sep 2011
Posts: 4
|
| Posted: Thu Sep 29, 2011 1:10 pm Post subject: |
|
|
| Thanks
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
