 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
XaneXXXX
Expert Cheater
 Reputation: 0
Joined: 29 Nov 2012
Posts: 212
|
 Posted: Fri Aug 28, 2015 9:38 am Post subject: cmp function only works for some games? (Problem) |
 |
|
So I'm trying to write a godmode script for Avp 2010. I have done this many times before for different. Sometimes it works and sometimes not..
In this case the health just keep decreasing.. Here is my code:
| Code: | [ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(health)
label(exit)
newmem:
cmp dword [esi+38],43C30000
je health
jmp originalcode
health:
nop
nop
nop
nop
nop
originalcode:
movss [esi+34],xmm0
jmp exit
exit:
jmp returnhere
"AvP_DX11.exe"+146A3C:
jmp newmem
returnhere:
[DISABLE]
dealloc(newmem)
"AvP_DX11.exe"+146A3C:
movss [esi+34],xmm0 |
it just won't work.. If i nop the function manually it works fine (except that the enemies also have god mode because of the shared instruction).
I've also tried another offset with another compare.
Health still decreasing, does anyone has some idea what it might be? Maybe I'm missing something..
Thanks!
|
|
| Back to top |
|
 |
Bl00dWolf
Advanced Cheater
 Reputation: 0
Joined: 04 Jan 2010
Posts: 79
Location: Russia, Moscow
|
| Posted: Fri Aug 28, 2015 9:41 am Post subject: |
|
|
UPDATED: deama1234 is right
*deleted*
_________________
Sry for my english, Hitler.
Last edited by Bl00dWolf on Fri Aug 28, 2015 9:56 am; edited 3 times in total |
|
| Back to top |
|
|
deama1234
Master Cheater
![]() Reputation: 3
Joined: 20 Dec 2014
Posts: 328
|
| Posted: Fri Aug 28, 2015 9:47 am Post subject: |
|
|
| Code: | health:
nop
nop
nop
nop
nop
originalcode:
movss [esi+34],xmm0
jmp exit |
What are you trying to nop? All it does here is execute "movss [esi+34],xmm0" then jumps to exit.
Try this:
| Code: | health:
jmp exit
originalcode:
movss [esi+34],xmm0
jmp exit |
|
|
| Back to top |
|
|
XaneXXXX
Expert Cheater
Reputation: 0
Joined: 29 Nov 2012
Posts: 212
|
| Posted: Fri Aug 28, 2015 11:07 am Post subject: |
|
|
| deama1234 wrote: | | Code: | health:
nop
nop
nop
nop
nop
originalcode:
movss [esi+34],xmm0
jmp exit |
What are you trying to nop? All it does here is execute "movss [esi+34],xmm0" then jumps to exit.
Try this:
| Code: | health:
jmp exit
originalcode:
movss [esi+34],xmm0
jmp exit |
|
The health function of course. I will try 
|
|
| Back to top |
|
|
Stregum
Advanced Cheater
 Reputation: 0
Joined: 17 Jun 2014
Posts: 56
Location: We make baguettes there !
|
| Posted: Fri Aug 28, 2015 11:26 am Post subject: |
|
|
deama1234's script should work.
If you want more info about this, here is it, feel free to read it if you want, I had nothing to do anyways ^^.
See this portion of code:
| Code: |
newmem:
cmp dword [esi+38],43C30000
je health
jmp originalcode
health:
nop
nop
nop
nop
nop
originalcode:
movss [esi+34],xmm0
jmp exit
|
Technically your cmp is correct, your "health" part isn't correct, it's in fact useless.
What you tried to do is good; "If [esi+38] equals 43C30000, jump to health", that's correct, but your health part does nop's, and theses nops means "Hey computer, do nothing, just waste some time, (actually it does something behind the scenes "xchg eax,eax" : which does nothing in theory)"
So instead of doing these nops, you can remove them, because it's useless.
The real problem is after doing these nops, the cpu executes the next instructions:
| Code: |
health:
nop
nop
nop
nop
nop
//HERE, THE CPU CONTINUES BELOW, TO "originalcode"
originalcode:
movss [esi+34],xmm0
jmp exit
|
You HAVE TO tell the cpu to jump over the original code, right after you've done your things
You could do this:
| Code: |
health:
nop
nop
nop
nop
nop
jmp exit //This jump says "Jump over the original code, DO NOT EXECUTE IT", otherwise, it continues below
originalcode:
movss [esi+34],xmm0
jmp exit
exit:
jmp returnhere
|
Since the nops are useless, you could simplify the code to:
| Code: |
health: //Remove the nop's
jmp exit
originalcode:
movss [esi+34],xmm0
jmp exit
exit:
jmp returnhere
|
and since there is nothing between 'health' and 'jmp exit', you could simplify even more the code;
| Code: |
newmem:
cmp dword [esi+38],43C30000
je exit //Exit the script right now, because I want a godmode right ? i don't want to execute fancy stuff that subtracts my health right ?
jmp originalcode
originalcode:
movss [esi+34],xmm0
jmp exit
exit:
jmp returnhere
|
Your final code should look like this; (and don't forget to remove the 'label(health)' if you don't use it
| Code: |
[ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem:
cmp dword [esi+38],43C30000
je exit
//The "jmp originalcode" is useless, because it leads to it if the "je exit" is not executed
originalcode:
movss [esi+34],xmm0
jmp exit
exit:
jmp returnhere
"AvP_DX11.exe"+146A3C:
jmp newmem
returnhere:
[DISABLE]
dealloc(newmem)
"AvP_DX11.exe"+146A3C:
movss [esi+34],xmm0
|
And now it would work. Cheers , I hope you understand now why it wasn't working (It wasn't the CMP's fault )
_________________
Rhaa Stregum Vitae |
|
| Back to top |
|
|
XaneXXXX
Expert Cheater
Reputation: 0
Joined: 29 Nov 2012
Posts: 212
|
| Posted: Fri Aug 28, 2015 8:12 pm Post subject: |
|
|
| Stregum wrote: | deama1234's script should work.
If you want more info about this, here is it, feel free to read it if you want, I had nothing to do anyways ^^.
See this portion of code:
| Code: |
newmem:
cmp dword [esi+38],43C30000
je health
jmp originalcode
health:
nop
nop
nop
nop
nop
originalcode:
movss [esi+34],xmm0
jmp exit
|
Technically your cmp is correct, your "health" part isn't correct, it's in fact useless.
What you tried to do is good; "If [esi+38] equals 43C30000, jump to health", that's correct, but your health part does nop's, and theses nops means "Hey computer, do nothing, just waste some time, (actually it does something behind the scenes "xchg eax,eax" : which does nothing in theory)"
So instead of doing these nops, you can remove them, because it's useless.
The real problem is after doing these nops, the cpu executes the next instructions:
| Code: |
health:
nop
nop
nop
nop
nop
//HERE, THE CPU CONTINUES BELOW, TO "originalcode"
originalcode:
movss [esi+34],xmm0
jmp exit
|
You HAVE TO tell the cpu to jump over the original code, right after you've done your things
You could do this:
| Code: |
health:
nop
nop
nop
nop
nop
jmp exit //This jump says "Jump over the original code, DO NOT EXECUTE IT", otherwise, it continues below
originalcode:
movss [esi+34],xmm0
jmp exit
exit:
jmp returnhere
|
Since the nops are useless, you could simplify the code to:
| Code: |
health: //Remove the nop's
jmp exit
originalcode:
movss [esi+34],xmm0
jmp exit
exit:
jmp returnhere
|
and since there is nothing between 'health' and 'jmp exit', you could simplify even more the code;
| Code: |
newmem:
cmp dword [esi+38],43C30000
je exit //Exit the script right now, because I want a godmode right ? i don't want to execute fancy stuff that subtracts my health right ?
jmp originalcode
originalcode:
movss [esi+34],xmm0
jmp exit
exit:
jmp returnhere
|
Your final code should look like this; (and don't forget to remove the 'label(health)' if you don't use it
| Code: |
[ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem:
cmp dword [esi+38],43C30000
je exit
//The "jmp originalcode" is useless, because it leads to it if the "je exit" is not executed
originalcode:
movss [esi+34],xmm0
jmp exit
exit:
jmp returnhere
"AvP_DX11.exe"+146A3C:
jmp newmem
returnhere:
[DISABLE]
dealloc(newmem)
"AvP_DX11.exe"+146A3C:
movss [esi+34],xmm0
|
And now it would work. Cheers , I hope you understand now why it wasn't working (It wasn't the CMP's fault ) |
This was exactly what i needed! Thank you for your detailed answer, i understand it now! 
I always thought:
je health
health:
nop
nop
nop
nop
nop
= if "this" is equal, then jump to health, then the "nop" simply does the same as "db/define byte". It replaces the original code with 90 90 90 90 90. But i got it now hehe.
|
|
| Back to top |
|
|
Stregum
Advanced Cheater
Reputation: 0
Joined: 17 Jun 2014
Posts: 56
Location: We make baguettes there !
|
| Posted: Sat Aug 29, 2015 2:24 am Post subject: |
|
|
Ohh I see Glad I could help
It took some time to understand for me too, the best way to learn is to inject your code, go to the new allocated region (right click > follow) and see your script in action (with breakpoints if you want) so you know what's happening exactly.
I beleive your method would work if you put the health label below your injection point, like
| Code: |
module.exe+healthoffset:
health:
|
The reason health doesn't jump to the original instructions in your script is that the label is below your allocated region (I hope I'm right)
| Code: |
newmem:
.....
health:
.....
|
I'm not sure tho, to be verified and tested. I could be wrong.
I never used it that way, and my knowledge level is not at boss level like some people out there but seems kinda logic (to me at least hehe)
_________________
Rhaa Stregum Vitae |
|
| Back to top |
|
|
mgr.inz.Player
I post too much
 Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sat Aug 29, 2015 3:47 am Post subject: |
|
|
Using NOP instructions inside allocated memory region ( you used alloc command) is not equal to using "replace with code that does nothing".
| Quote: | [ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(health)
label(exit)
//allocated memory section START (allocated by you)
newmem:
cmp dword [esi+38],43C30000
je health
jmp originalcode
health:
nop
nop
nop
nop
nop
originalcode: // a copy of original code
movss [esi+34],xmm0
jmp exit
exit:
jmp returnhere
//allocated memory section END
//original game memory section
// you overwrite original code with JUMP (and maybe NOPS),
// also you set returnhere variable.
// there might be just JUMP, or JUMP and NOPs (if you used CE AA Template and CE added NOPs here, do not remove them, returnhere will be incorrect without them)
"AvP_DX11.exe"+146A3C:
jmp newmem
returnhere:
[DISABLE]
dealloc(newmem)
"AvP_DX11.exe"+146A3C:
movss [esi+34],xmm0 |
So, you maybe want to use this:
| Quote: | [ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(health)
//allocated memory section START (allocated by you)
newmem:
cmp dword [esi+38],43C30000
je health
originalcode:
movss [esi+34],xmm0
jmp returnhere
health:
mov [esi+34],(float)100.0 -- set max HP (don't have this game, it's just an example)
jmp returnhere
//allocated memory section END
//original game memory section
"AvP_DX11.exe"+146A3C:
jmp newmem
returnhere:
[DISABLE]
dealloc(newmem)
"AvP_DX11.exe"+146A3C:
movss [esi+34],xmm0 |
_________________
|
|
| Back to top |
|
|
XaneXXXX
Expert Cheater
Reputation: 0
Joined: 29 Nov 2012
Posts: 212
|
| Posted: Sat Aug 29, 2015 11:06 am Post subject: |
|
|
| mgr.inz.Player wrote: | Using NOP instructions inside allocated memory region ( you used alloc command) is not equal to using "replace with code that does nothing".
| Quote: | [ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(health)
label(exit)
//allocated memory section START (allocated by you)
newmem:
cmp dword [esi+38],43C30000
je health
jmp originalcode
health:
nop
nop
nop
nop
nop
originalcode: // a copy of original code
movss [esi+34],xmm0
jmp exit
exit:
jmp returnhere
//allocated memory section END
//original game memory section
// you overwrite original code with JUMP (and maybe NOPS),
// also you set returnhere variable.
// there might be just JUMP, or JUMP and NOPs (if you used CE AA Template and CE added NOPs here, do not remove them, returnhere will be incorrect without them)
"AvP_DX11.exe"+146A3C:
jmp newmem
returnhere:
[DISABLE]
dealloc(newmem)
"AvP_DX11.exe"+146A3C:
movss [esi+34],xmm0 |
So, you maybe want to use this:
| Quote: | [ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(health)
//allocated memory section START (allocated by you)
newmem:
cmp dword [esi+38],43C30000
je health
originalcode:
movss [esi+34],xmm0
jmp returnhere
health:
mov [esi+34],(float)100.0 -- set max HP (don't have this game, it's just an example)
jmp returnhere
//allocated memory section END
//original game memory section
"AvP_DX11.exe"+146A3C:
jmp newmem
returnhere:
[DISABLE]
dealloc(newmem)
"AvP_DX11.exe"+146A3C:
movss [esi+34],xmm0 |
|
Thanks for all the answers mgr.inz.Player and Stregum! One of the best explanations that I've heard to be honest!
Cheers!
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
