| View previous topic :: View next topic |
| Author |
Message |
ogpayne
Cheater
 Reputation: 0
Joined: 08 Dec 2014
Posts: 45
|
 Posted: Wed Aug 26, 2015 12:06 pm Post subject: movss-xmm0 ~help understand what is happening |
 |
|
So the highlighted code is what is happening upon shooting, but if I nop this address it does stop ammo from decreasing. But then when I do that, weapons do not do damage anymore. Please help me understand what is happening as I do not understand movss and xmm0 very well..
|
|
| Back to top |
|
 |
deama1234
Master Cheater
![]() Reputation: 3
Joined: 20 Dec 2014
Posts: 328
|
| Posted: Wed Aug 26, 2015 12:33 pm Post subject: |
|
|
| Code: | | movss [ecx+18],xmm0 |
That just moves the lowest quater of "xmm0" into "[ecx+18]".
think of it as:
{Q1}{Q2}{Q3}{Q4}
{??} {??} {??} {??}
each quater can have a max value of 32-bits. What "movss" does is it just moves the "Q1"; there's other instructions that move both Q1 and Q2 (64bits), or the whole thing (128bits).
I think movsd moves Q1 and Q2 (if they're float, otherwise use movq)...
pretty much, think of it as:
Anyway, that intruction I think is accessing other addresses, probably that's why.
|
|
| Back to top |
|
|
Rydian
Grandmaster Cheater Supreme
 Reputation: 31
Joined: 17 Sep 2012
Posts: 1358
|
| Posted: Wed Aug 26, 2015 12:38 pm Post subject: |
|
|
Right-click the code and choose "find what addresses this instruction accesses". If it shows more than just the address you used as an example, then it's shared code that affects other things and you'll want to take another approach or something.
http://forum.cheatengine.org/viewtopic.php?t=583376
Has some general ideas.
_________________
|
|
| Back to top |
|
|
ogpayne
Cheater
Reputation: 0
Joined: 08 Dec 2014
Posts: 45
|
| Posted: Wed Aug 26, 2015 12:58 pm Post subject: |
|
|
| deama1234 wrote: | | Code: | | movss [ecx+18],xmm0 |
That just moves the lowest quater of "xmm0" into "[ecx+18]".
think of it as:
{Q1}{Q2}{Q3}{Q4}
{??} {??} {??} {??}
each quater can have a max value of 32-bits. What "movss" does is it just moves the "Q1"; there's other instructions that move both Q1 and Q2 (64bits), or the whole thing (128bits).
I think movsd moves Q1 and Q2 (if they're float, otherwise use movq)...
pretty much, think of it as:
Anyway, that intruction I think is accessing other addresses, probably that's why. |
| Rydian wrote: | Right-click the code and choose "find what addresses this instruction accesses". If it shows more than just the address you used as an example, then it's shared code that affects other things and you'll want to take another approach or something.
http://forum.cheatengine.org/viewtopic.php?t=583376
Has some general ideas. |
Thank you that helped deama, and Rydian, this actually is a shared code jackpot! Now if only I were better with shared code; just learned how to do that yesterday.. This code seems to be addressing my ammo, enemy ammo, enemy health, my health, and a few other things.. Hopefully I can put everything together and make a quick god mode/ohk/infinite ammo very quickly!
Edit 1: now I have found my health address being that's being accessed by the shared op, but I don't really understand what is happening in the dissect data struct.. Why is the address of my health at a pointer in the dissect data struct? 
Edit 2: I forgot value is displayed in hex. My value is at offset 20.. 
|
|
| Back to top |
|
|
STN
I post too much
 Reputation: 43
Joined: 09 Nov 2005
Posts: 2676
|
| Posted: Wed Aug 26, 2015 1:31 pm Post subject: |
|
|
The dissect data structure just guesses data types, it can't really tell what is what so some values may show up as pointers or other data types than they really are.
Put the other addresses in as well and then compare them to yours. See if you can find a difference between your and enemy's health ammo etc.
In my experience though, with games that share health/ammo and other stuff through one instruction almost always have some sort of identifier that will tell you if its health/ammo thats being accessed. It maybe in a register, a location, stack etc somewhere inside the function. You would have to debug the game to find out.
_________________
|
|
| Back to top |
|
|
deama1234
Master Cheater
![]() Reputation: 3
Joined: 20 Dec 2014
Posts: 328
|
| Posted: Wed Aug 26, 2015 1:52 pm Post subject: |
|
|
| Remove the "-18" there by the address.
|
|
| Back to top |
|
|
ogpayne
Cheater
Reputation: 0
Joined: 08 Dec 2014
Posts: 45
|
| Posted: Wed Aug 26, 2015 2:39 pm Post subject: |
|
|
| deama1234 wrote: | | Remove the "-18" there by the address. |
Why would I do this?
|
|
| Back to top |
|
|
deama1234
Master Cheater
![]() Reputation: 3
Joined: 20 Dec 2014
Posts: 328
|
| Posted: Wed Aug 26, 2015 2:41 pm Post subject: |
|
|
| It screws with the structure. Remove it and go down to the 18 offset, see if it's still a pointer.
|
|
| Back to top |
|
|
ogpayne
Cheater
Reputation: 0
Joined: 08 Dec 2014
Posts: 45
|
| Posted: Wed Aug 26, 2015 2:50 pm Post subject: |
|
|
| deama1234 wrote: | | It screws with the structure. Remove it and go down to the 18 offset, see if it's still a pointer. |
So if I did that I'd still be able to find my offset at 20 though right? I figured out my health offset was indeed at 20.. Also how could I add to the xmm0? what I want to do is say "if this is not accessing offset 20, multiply xmm0 (by whatever) then execute, which would create a one hit kill for all health values not at offset 20 (which mine is at) if it was
mov [offset],eax
I could do
mov eax, ffff
but obviously that won't work. and I'm just hoping this would create a one hit kill, from my experience with other games it SHOULD, but I'm not sure because of xmm0..
|
|
| Back to top |
|
|
deama1234
Master Cheater
![]() Reputation: 3
Joined: 20 Dec 2014
Posts: 328
|
| Posted: Wed Aug 26, 2015 3:03 pm Post subject: |
|
|
| ogpayne wrote: | | deama1234 wrote: | | It screws with the structure. Remove it and go down to the 18 offset, see if it's still a pointer. |
So if I did that I'd still be able to find my offset at 20 though right? I figured out my health offset was indeed at 20.. Also how could I add to the xmm0? what I want to do is say "if this is not accessing offset 20, multiply xmm0 (by whatever) then execute, which would create a one hit kill for all health values not at offset 20 (which mine is at) if it was
mov [offset],eax
I could do
mov eax, ffff
but obviously that won't work. and I'm just hoping this would create a one hit kill, from my experience with other games it SHOULD, but I'm not sure because of xmm0.. |
Eh, you know what; nvm.
use "addss" for xmm registers' Q1.
At this point I'd suggest using some sort of instruction reference; I like to use this one:
http://x86.renejeschke.de/
|
|
| Back to top |
|
|
ogpayne
Cheater
Reputation: 0
Joined: 08 Dec 2014
Posts: 45
|
| Posted: Wed Aug 26, 2015 3:05 pm Post subject: |
|
|
| deama1234 wrote: | | ogpayne wrote: | | deama1234 wrote: | | It screws with the structure. Remove it and go down to the 18 offset, see if it's still a pointer. |
So if I did that I'd still be able to find my offset at 20 though right? I figured out my health offset was indeed at 20.. Also how could I add to the xmm0? what I want to do is say "if this is not accessing offset 20, multiply xmm0 (by whatever) then execute, which would create a one hit kill for all health values not at offset 20 (which mine is at) if it was
mov [offset],eax
I could do
mov eax, ffff
but obviously that won't work. and I'm just hoping this would create a one hit kill, from my experience with other games it SHOULD, but I'm not sure because of xmm0.. |
Eh, you know what; nvm.
use "addss" for xmm registers' Q1.
At this point I'd suggest using some sort of instruction reference; I like to use this one:
http://x86.renejeschke.de/ |
Ah; helpful. Thanks once again!
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
