 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Domih4x
How do I cheat?
![]() Reputation: 0
Joined: 26 Dec 2014
Posts: 4
|
 Posted: Fri Dec 26, 2014 6:34 pm Post subject: Activating one script nullifies the other script |
 |
|
So recently I've started getting into this cheat engine hacking thing. Thought it was kinda fun and interesting..however now i've ran across following problem, and I really hope one of you can help me with that.
There is this one game that uses I wrote two scripts for in the auto assembler. (Game is Borderlands the Pre Sequel btw)
I've looked for the base address of O2 draining and Health draining.
They both share this code
| Code: | originalcode:
movss [esi+6C],xmm0 |
So to write two seperated scripts that either activate infinite O2 and/or infinite Health, I've done this for O2:
| Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
cmp [esi+64],2 // stores the ID (2 stores O2)
jne originalcode
mov eax,[esi+58] // maximum value
mov [esi+6C],eax //stores the current value
jmp exit
originalcode:
movss [esi+6C],xmm0
exit:
jmp returnhere
"BorderlandsPreSequel.exe"+843E52:
jmp newmem
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"BorderlandsPreSequel.exe"+843E52:
movss [esi+6C],xmm0
//Alt: db F3 0F 11 46 6C |
and this for infinite Health:
| Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
cmp [esi+64],1 //stores the ID (1 stores the players health)
jne originalcode
mov eax,[esi+58] // maximum value
mov [esi+6C],eax //stores the current value
jmp exit
originalcode:
movss [esi+6C],xmm0
exit:
jmp returnhere
"BorderlandsPreSequel.exe"+843E52:
jmp newmem
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"BorderlandsPreSequel.exe"+843E52:
movss [esi+6C],xmm0
//Alt: db F3 0F 11 46 6C |
Both their maximum value is stored at [esi+58], their current value is stored at [esi+6C], and their ID (which I used to dissect/seperate the code to write one for the players health and the players o2, is stored at [esi+64].
Those scripts work very well, however one problem: If I activate one script, it nullifies the other (already activated) script.
Example:
If I Enable my script for infinite health, it will work fine. But once I additionally enable my script for infinite o2, it will activate my infinite o2 script, but nullify my health script (although cheat engine still says its enabled). That means the other script will no longer work once i activated the other one.
Thanks in advance.
|
|
| Back to top |
|
 |
mgr.inz.Player
I post too much
 Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Fri Dec 26, 2014 7:01 pm Post subject: |
|
|
read this, http://forum.cheatengine.org/viewtopic.php?t=578375
Other user had similar problem, can be resolved with "additional user symbols" method (method 1)
The other way to solve this conflict is to use different injection point (method 2).
You can try to choose other hackpoint (injection point).
In many cases, it hasn't to be the same instruction you got by using "find out what .... this address".
You can use
"BorderlandsPreSequel.exe"+843E52 for infinite O2
and
"BorderlandsPreSequel.exe"+843EXX (few lines below or above) for infinite health.
Create screenshot of memory viewer and post it here. With line at "BorderlandsPreSequel.exe"+843E52 clearly visible (and also few lines above and below clearly visible, so I can send you an example)
_________________
|
|
| Back to top |
|
|
Domih4x
How do I cheat?
![]() Reputation: 0
Joined: 26 Dec 2014
Posts: 4
|
| Posted: Fri Dec 26, 2014 7:28 pm Post subject: |
|
|
I will send you an attached screenshot.
However I have now tried this code, but what to do next? Is it even correct?
| Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem_comparisons,2048)
label(returnhere)
label(originalcode)
label(infiniteo2)
label(infinitehealth)
label(cheat)
label(info2enable)
label(infhealthenable)
registersymbol(info2enable)
registersymbol(infhealthenable)
newmem_comparisons: //this is allocated memory, you have read,write,execute access
cmp [esi+64],2
je infiniteo2
cmp [esi+64],1
je infinitehealth
jmp originalcode
infiniteo2:
cmp [info2enable],1
je cheat
jmp originalcode
infinitehealth:
cmp [infhealthenable],1,
je cheat
jmp originalcode
originalcode:
movss [esi+6C],xmm0
cheat:
mov eax,[esi+58]
mov [esi+6C],eax
jmp returnhere
info2enable:
dd 0
infhealthenable:
dd 0
"BorderlandsPreSequel.exe"+843E52:
jmp newmem_comparisons
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"BorderlandsPreSequel.exe"+843E52:
movss [esi+6C],xmm0
unregistersymbol(info2enable)
unregistersymbol(infhealthenable)
//Alt: db F3 0F 11 46 6C |
| Description: |
| There you go mate, the screenshot. |
|
| Filesize: |
534.38 KB |
| Viewed: |
10516 Time(s) |
|
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Fri Dec 26, 2014 9:19 pm Post subject: |
|
|
Looks almost 100% good. You forgot one instruction:
| Code: | originalcode:
movss [esi+6C],xmm0
jmp returnhere // <<<<<<<<<< add this line
cheat:
mov eax,[esi+58]
mov [esi+6C],eax
jmp returnhere |
And you can add those two scripts to cheat table, then set hotkeys:
| Code: | [ENABLE]
info2enable:
dd 01
[DISABLE]
info2enable:
dd 00 |
| Code: | [ENABLE]
infhealthenable:
dd 01
[DISABLE]
infhealthenable:
dd 00 |
I looked at your screenshot (ps: you forgot to resize opcode column, it is too thin, anyway, I managed to analyze it)
You can use those scripts:
infinite health (it is your script)
| Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
cmp [esi+64],1 //stores the ID (1 stores the players health)
jne originalcode
mov eax,[esi+58] // maximum value
mov [esi+6C],eax //stores the current value
jmp exit
originalcode:
movss [esi+6C],xmm0
exit:
jmp returnhere
"BorderlandsPreSequel.exe"+843E52:
jmp newmem
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"BorderlandsPreSequel.exe"+843E52:
movss [esi+6C],xmm0
//Alt: db F3 0F 11 46 6C |
For infinite O2, you can use hack point BorderlandsPreSequel.exe+843E2F
If it's not O2, then return back to BorderlandsPreSequel.exe+843E34
If it's O2, get max , set current, and jump to BorderlandsPreSequel.exe+843E57 (it will jump/skip code block we do not need)
| Code: | [ENABLE]
alloc(newmem,2048)
label(return)
newmem:
movss xmm1,[esi+44] // orig
cmp [esi+64],2
jne return
mov eax,[esi+58] // maximum value
mov [esi+6C],eax //stores the current value
jmp BorderlandsPreSequel.exe+843E57
BorderlandsPreSequel.exe+843E2F:
jmp newmem
return:
[DISABLE]
BorderlandsPreSequel.exe+843E2F:
movss xmm1,[esi+44]
dealloc(newmem) |
_________________
|
|
| Back to top |
|
|
Domih4x
How do I cheat?
![]() Reputation: 0
Joined: 26 Dec 2014
Posts: 4
|
| Posted: Sat Dec 27, 2014 11:54 am Post subject: |
|
|
Thanks for your reply and patience.
However as I am almost completely new to this, I politely ask you to apologize my inexperience and stupid questions.
Why is 'jmp returnhere' so important? And when to use it?
and secondly, how do i assign the info2enable and infhealthenable to below the major script (this one)
| Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem_comparisons,2048)
label(returnhere)
label(originalcode)
label(infiniteo2)
label(infinitehealth)
label(cheat)
label(info2enable)
label(infhealthenable)
registersymbol(info2enable)
registersymbol(infhealthenable)
newmem_comparisons: //this is allocated memory, you have read,write,execute access
cmp [esi+64],2
je infiniteo2
cmp [esi+64],1
je infinitehealth
jmp originalcode
infiniteo2:
cmp [info2enable],1
je cheat
jmp originalcode
infinitehealth:
cmp [infhealthenable],1,
je cheat
jmp originalcode
originalcode:
movss [esi+6C],xmm0
jmp returnhere
cheat:
mov eax,[esi+58]
mov [esi+6C],eax
jmp returnhere
info2enable:
dd 0
infhealthenable:
dd 0
"BorderlandsPreSequel.exe"+843E52:
jmp newmem_comparisons
returnhere: |
Simply so that I can tick them to enable/disable?
Also, I have tried your suggestion of trying to inject code at BorderlandsPreSequel.exe+843E2F, but it does not seem to to be responsible for the o2 value.
And what about BorderlandsPreSequel.exe+843E34 and BorderlandsPreSequel.exe+843E57? How do you know about them? Is this pure speculations until one finally finds the right point where to inject or are there some hints which help me find the correct one?
Thank you!
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sat Dec 27, 2014 1:17 pm Post subject: |
|
|
| Domih4x wrote: | | Why is 'jmp returnhere' so important? And when to use it? |
Look at this (wrong) script:
| Code: | originalcode:
movss [esi+6C],xmm0
cheat:
mov eax,[esi+58]
mov [esi+6C],eax
jmp returnhere |
If it is not health or O2, or cheats aren't enabled, you jump to originalcode. Code flow will be:
movss [esi+6C],xmm0
mov eax,[esi+58]
mov [esi+6C],eax
jmp returnhere
Do you see it? Taking max value and storing it in current value will always execute. Even if's not health or O2, even when cheats are disabled (info2enable and infhealthenable both set to zero)
With good script
| Code: | originalcode:
movss [esi+6C],xmm0
jmp returnhere
cheat:
mov eax,[esi+58]
mov [esi+6C],eax
jmp returnhere |
If it is not health or O2, or cheats aren't enabled, you jump to originalcode, code flow will be:
movss [esi+6C],xmm0
jmp returnhere
| Domih4x wrote: | | how do i assign the info2enable and infhealthenable to below the major script (this one) |
Just add two new AA scripts.
| Domih4x wrote: | | Also, I have tried your suggestion of trying to inject code at BorderlandsPreSequel.exe+843E2F, but it does not seem to to be responsible for the o2 value. |
Did you try my script or not? (Just a warning. I couldn't test this O2 script, I don't have the game)
| Domih4x wrote: | | And what about BorderlandsPreSequel.exe+843E34 and BorderlandsPreSequel.exe+843E57? How do you know about them? |
I just know what's happening in the code, between BorderlandsPreSequel.exe+843E2F and BorderlandsPreSequel.exe+843E57.
tip: disabling "Show symbols" ( "View" sub-menu) in "Memory Viewer" can help.
Anyway, try below CT
| Description: |
|
Download |
| Filename: |
blps_O2script_different_hackpoint.CT |
| Filesize: |
1.33 KB |
| Downloaded: |
662 Time(s) |
| Description: |
|
Download |
| Filename: |
blps.CT |
| Filesize: |
3.5 KB |
| Downloaded: |
821 Time(s) |
_________________
|
|
| Back to top |
|
|
Domih4x
How do I cheat?
![]() Reputation: 0
Joined: 26 Dec 2014
Posts: 4
|
| Posted: Sat Dec 27, 2014 6:59 pm Post subject: |
|
|
Thanks a lot! I do now understand.
No I had not tested your code in-game, I have looked at and thought replacing movss xmm1,[esi+44] at BorderlandsPreSequel.exe+843E2F would show me if the code affects my o2 or not (in-game o2 counter would've stopped going down, but it did not, so I assumed this code is not affecting it).
But yes, both your tables you posted are working perfectly. Thank you.
Just goes to show that I have a lot to learn about this stuff.
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sat Dec 27, 2014 7:33 pm Post subject: |
|
|
Great, you can use my blps.CT
Method 1. Only one hackpoint, two cheats.
Achieved by using user symbols.
Method 2. Use two scripts (yours, and mine from blps_O2script_different_hackpoint.CT), two hackpoints, two cheats. Achieved by using different spot.
BorderlandsPreSequel.exe+843E2F - this hackpoint for Inf O2
BorderlandsPreSequel.exe+843E52 - this hackpoint for Inf Health
PS:
Of course you can do the opposite:
BorderlandsPreSequel.exe+843E2F - this hackpoint for Inf Health
BorderlandsPreSequel.exe+843E52 - this hackpoint for Inf O2
_________________
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
