Cheat Engine

[Gestalt]

Hi, I wonder if someone could give a hint on how to get infinite Item/Weapon durability. I'm fairly new I have mostly done pointer-searches before, learned a bit of basic assembly.
When I take the address for 1 specific weapon and click " see what writes to..." I get this address:

033CCDA7 - fstp dword ptr [edi+04]

Any advice what to do with this?
Thanks!

[SwaggaJackin']

It copies the floating point value inside of register ST(0) to the destination operand (in this case the pointer of [edi+04]) and then it pops the register stack.

The durability address location is at [edi+04] during that instruction and the amount of durability left is being written from ST(0). So whatever is in ST(0) is the amount of durability the item will have after that instruction is performed.

http://siyobik.info/main/reference/instruction/FST%2FFSTP

So if you wanted to set your own durability value, you could just copy whatever value you want it at into [edi+04].

I suggest you let that instruction get performed so it pops the register stack as intended and then write to the address.

[Gestalt]

I didn't succeed with copying the value. The value is 1109717748

I tried:

fstp dword ptr [edi+04]
mov [edi+04],1109717748
pop esi
ret 0004

It resulted in 0% condition on my stuff.
I tried some other stuff to but it wouldn't work and then it crashed.
Any thoughts?

And Then I found a new problem, it seems the mem addresses changes between sessions. So I don't know if it's even possible to do this.

I would like to know the problem though in educational purposes. (So that I can do right next time when It is actually possible)


[EDIT]
Ok I solved the moving mem addresses. I looked up the new address and i mem view I presses ctr-M (show module addresses) and now i got a static one.

game_x86_rwdi.dll+23CDA7

I still haven't got the, insert the value in [ebi+04], to work yet. It feels like it should be an easy thing to do. I'll continue to look around, but if any one got it, don't be afraid to share. I would really appreciate it.

Thank you SwaggaJackin' for your clue and thanks in advance.

[Gestalt]

No thoughts?

[Coldzer0]

i think you should make it like this

fstp dword ptr [edi+04] to mov dword ptr [edi+04],1109717748

Try it

[Gestalt]

Thanks Coldzer0 for advice. Sadly the game crashed if I replaced it.

[SwaggaJackin']

[haunted5]

Hi,

As SwaggaJackin' said, the game crashed probably because the pop wasnt implemented.

Generally if the code you want to change involves a pop as in the 'p' in fstp instruction, if you dont pop the address the value will stay on stack and the next line of code that uses the stack to get a value will get this value as we didnt remove it. So all the values that use the stack will probably be getting wrong values from then on.

Normally if I want to implement a nop kind of code for instructions that require a pop, I would replace the fstp instruction with

fstp st(0)

This basically just pops the top value off the stack, so the new weopon durability is not stored.

I think to store a value into [edi+04] you have to pass it a hexadecimal value

Im not sure what 1109717748 is. Looks like its a decimal value of a 4Byte in which case if you convert it to Hex using Windows calculator you will get 4224F2F4. This if you convert to Float equivalent in decimal will be 41.237259. Is this the value you are trying to use? In any case instead of:

mov [edi+04],1109717748

try:

mov dword ptr [edi+04],4224F2F4

or in the latest cheat engine something like this might work:

mov dword ptr [edi+04],(float)41.237259 -- maybe this wont work,,not sure

Hope this helps


EDIT:

I see you are playing DeadIsland:

This is the script i used that worked for me:

[Gestalt]

Thank you so much!
Of course it works to disable the script. But just for fun, any one out there knows how to make a if statement in auto assembler language?
I figure I need to use jumps but don't know how to compare the values in this particular case.

Thank you again.


Edit 1
I solved how to get perfect state on all weapons. but it is not optimal.
add this to the script mov dword ptr [edi+04],(float)99.00
It will make the item have more durability than it supposed to but I haven't seen any problem with that.
The question about the if statement is still up because it would be nice to optimize the script.

[haunted5]

Hey,

To implement a compare for 4 bytes values and less you can use the following:

cmp eax,ebx

Follow this by a jump code that can be used like, je(jump if equal),jne(jump not equal),jl(jump if less),jg(jump if greater) etc

With floats you would have to load the 2 floats you want to compare onto the stack using 'fld' opcode. like:

fld dword ptr [edi+04]

Once loaded you can compare using 'fcom' instruction. Look up the usage of fcom in google. Although with this instruction you will not be able to use some of the useful jump instructions mentioned above. je and jne will still work but jl and jg will not. Instead you will have to use ja,jb (jumpabove/jump below). Just make sure you pop whatever extra you put on stack otherwise it will probably crash the game. Experiment and read up and im sure you will manage it

Hope this helps

[Gestalt]

Its really strange. I tried on my stamina and on Item durability.

[haunted5]

After the fcom instruction you need these 2 instructions before you can use conditional jumps:example:

fcom
fstsw
sahf

ja goSomeWhere

I dunno too much details but essentially they copy the flags over for our jumps to work

I think it should work after this

[Gestalt]

Very good haunted5. Very good.
It works thank you!

[gamehackspot]

Thanks