 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
vergilganesh
Expert Cheater
 Reputation: 0
Joined: 01 Jul 2013
Posts: 134
Location: India
|
|
| Back to top |
|
 |
mgr.inz.Player
I post too much
 Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
 Posted: Fri Jul 26, 2013 6:49 am Post subject: |
 |
|
Previously I used pair1. Just before I tried pair2:
| Code: | DevilMayCry4_DX9.exe+5FB5D6 - jne DevilMayCry4_DX9.exe+5FB632
DevilMayCry4_DX9.exe+5FB5D8 - mulss xmm1,[edi+50]
DevilMayCry4_DX9.exe+5FB5DD - movss xmm2,[edi+54]
DevilMayCry4_DX9.exe+5FB5E2 - addss xmm1,[edi+30] // <- second pair, reading
DevilMayCry4_DX9.exe+5FB5E7 - mulss xmm2,xmm7
DevilMayCry4_DX9.exe+5FB5EB - movss xmm7,[edi+34]
DevilMayCry4_DX9.exe+5FB5F0 - movss [esp+000002F4],xmm2
DevilMayCry4_DX9.exe+5FB5F9 - movss xmm2,[edi+58]
DevilMayCry4_DX9.exe+5FB5FE - mulss xmm2,[esp+00000098]
DevilMayCry4_DX9.exe+5FB607 - addss xmm7,[esp+000002F4]
DevilMayCry4_DX9.exe+5FB610 - movss [esp+000002E0],xmm1
DevilMayCry4_DX9.exe+5FB619 - movss xmm1,[edi+38]
DevilMayCry4_DX9.exe+5FB61E - addss xmm1,xmm2
DevilMayCry4_DX9.exe+5FB622 - movss xmm2,[esp+000002E0]
DevilMayCry4_DX9.exe+5FB62B - movss [edi+30],xmm2 // <- second pair, writing
DevilMayCry4_DX9.exe+5FB630 - jmp DevilMayCry4_DX9.exe+5FB640
DevilMayCry4_DX9.exe+5FB632 - movss [edi+30],xmm1
DevilMayCry4_DX9.exe+5FB637 - movss xmm1,[esp+00000098]
DevilMayCry4_DX9.exe+5FB640 - movss [edi+38],xmm1
DevilMayCry4_DX9.exe+5FB645 - movss [edi+34],xmm7
|
We are interested in changing [edi+30](X) and [edi+38](Y), fall and jump speed should be the same
Lets analyze what this code writes, X axis, we go from the bottom to top:
- movss [edi+30],xmm2 - we go up until we find something with xmm2 on the left side,
- movss xmm2,[esp+000002E0] - xmm2 is overwritten with [esp+000002E0], we are serching for esp+2e0
- movss [esp+000002E0],xmm1 - now we look for xmm1
- addss xmm1,[edi+30] - and then above
- mulss xmm1,[edi+50]
- movss xmm1,[esp+00000090]
so, finally we have this:
movss xmm1,[esp+00000090]
mulss xmm1,[edi+50]
addss xmm1,[edi+30]
movss [esp+000002E0],xmm1
movss xmm2,[esp+000002E0]
movss [edi+30],xmm2
we can simplify it to:
movss xmm1,[esp+00000090]
mulss xmm1,[edi+50]
addss xmm1,[edi+30]
movss [edi+30],xmm1
translates to:
newX := Xd * XdMultiplier + oldX
Now the Y axis, we go from the bottom to top:
- movss [edi+38],xmm1 - above there is jump to this instruction, so, we ignore DevilMayCry4_DX9.exe+5FB632 and DevilMayCry4_DX9.exe+5FB637
- addss xmm1,xmm2 - we have to find out what is inside xmm1 and xmm2
- movss xmm1,[edi+38] - we have xmm1
- mulss xmm2,[esp+00000098]
- movss xmm2,[edi+58]
so, finally we have this:
movss xmm2,[edi+58]
mulss xmm2,[esp+00000098]
movss xmm1,[edi+38]
addss xmm1,xmm2
movss [edi+38],xmm1
we can simplify it to:
movss xmm2,[esp+00000098] // multiplication is commutative
mulss xmm2,[edi+58]
movss xmm1,[edi+38]
addss xmm1,xmm2
movss [edi+38],xmm1
simplify it more:
movss xmm2,[esp+00000098] // multiplication is commutative
mulss xmm2,[edi+58]
addss xmm2,[edi+38]
movss [edi+38],xmm2
translates to:
newY := Yd * YdMultiplier + oldY
To achieve super speed, we have to multiply value again before addss instruction.
Hackpoints:
DevilMayCry4_DX9.exe+5FB5D8 - mulss xmm1,[edi+50], X axis, we can multiply xmm1 again with our value
DevilMayCry4_DX9.exe+5FB5FE - mulss xmm2,[esp+00000098], Y axis, we can multiply xmm2 again with our value
super speed cheat:
| Code: | [ENABLE]
alloc(superspeed,2048)
label(superspeed_X)
label(superspeed_Y)
label(returnhere1)
label(returnhere2)
alloc(customMultiplier,4)
customMultiplier:
dd (float)2.50
superspeed:
superspeed_X:
mulss xmm1,[edi+50]
mulss xmm1,[customMultiplier]
jmp returnhere1
superspeed_Y:
mulss xmm2,[esp+00000098]
mulss xmm2,[customMultiplier]
jmp returnhere2
"DevilMayCry4_DX9.exe"+5FB5D8:
jmp superspeed_X
returnhere1:
"DevilMayCry4_DX9.exe"+5FB5FE:
jmp superspeed_Y
nop
nop
nop
nop
returnhere2:
[DISABLE]
dealloc(superspeed)
"DevilMayCry4_DX9.exe"+5FB5D8:
mulss xmm1,[edi+50]
//Alt: db F3 0F 59 4F 50
"DevilMayCry4_DX9.exe"+5FB5FE:
mulss xmm2,[esp+00000098]
//Alt: db F3 0F 59 94 24 98 00 00 00
|
With above code we change this:
newX := Xd * XdMultiplier + oldX
newY := Yd * YdMultiplier + oldY
to this:
newX := Xd * XdMultiplier*2.50 + oldX
newY := Yd * YdMultiplier*2.50 + oldY
_________________
Last edited by mgr.inz.Player on Sat Jul 27, 2013 3:22 am; edited 1 time in total |
|
| Back to top |
|
|
vergilganesh
Expert Cheater
Reputation: 0
Joined: 01 Jul 2013
Posts: 134
Location: India
|
| Posted: Sat Jul 27, 2013 12:21 am Post subject: |
|
|
| yep i understand.., Itz amazing :0 . So finding the base value and mutiplying it. Got it. I will try in DMC4 as well as in other games.
|
|
| Back to top |
|
|
vergilganesh
Expert Cheater
Reputation: 0
Joined: 01 Jul 2013
Posts: 134
Location: India
|
| Posted: Sat Jul 27, 2013 12:20 pm Post subject: |
|
|
Is there anyway to make player invinsible?
I mean there is no change of co-ordinates when an attack is received. I tried using jmp intruction but game is crashing. Now i have no idea, my mind is blank. Any idea????
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
