Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Devil may cry 4 Tutorial Trainer Making

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials -> Auto Assembler tutorials
View previous topic :: View next topic  
Author Message
vergilganesh
Expert Cheater
Reputation: 0

Joined: 01 Jul 2013
Posts: 134
Location: India

PostPosted: Sun Jul 21, 2013 9:19 am    Post subject: Devil may cry 4 Tutorial Trainer Making Reply with quote

How to write a trainer script step by step procedure
---------------------------------------------------------------------------------------------
This tutorial includes a lot of steps only on changing scripts using code injection techniques. I have to thank

CheatEngine Forum Moderators Dark Byte, Geri, Jgoemat, Mgr.inz.Player, ++METHOS and each and every

persons who clearing my doubt instantly.
For small games it is very easy to find out values and codes for bigger games it is a bit difficult and a good processor

is needed. If u have not you must lower all of your graphic settings before proceed.

The game taken for this tutorial is Devil May cry 4. Of course it is one of a biggest game of size around 9GB. I am not a

master cheater. I may be in a position of Intermediate. I have already done this hack by trial and error method. Lets get

into tutorial...


The DMC4 have lot of things to do. Some of them are listed below.

1. Infinite Health
2. Infinite Devil
3. Infinite Orbs
4. Infinite ProudSouls
5. Infinite Airhikes
6. Infinite Disaster Gauge
7. Infinite Royalguard Gauge
8. Auto Maxact
9. Instant charge
10. One Hit Kill
11. High Stylish Points
12. No Time Constrain
13. Increase Running Speed
14. Fix Stylish Points at SSS
15. Teleportation


These are the Things we have to do. Lets start with First.

1. Infinite Health
----------------------------------------------------------------------------------
In DMC4 health is a bar value, So it may be Float(1bar=1000). Lets start with the first scan as unknown initial

value then find using decreased value by(calculate with ur brain howmuch will the percentage be) or decreased/increased

value scan. If you have lot of values Try freezing each one manually to test it. If anything freezes Perfectly double

click on it to put that into cheat table. In the table rightclick on it and "Find what writes to this address" then you

will find an instruction. Open in the dissassembler to show this in memory view. Now rightclick on this instruction and

select "what addresses change by this instruction" Play the game and hit some enemies.(don`t kill them just hit once and

move to other enemy)
Now you notice that it is a shared code. That is Enemy health and player health is controlled by the same

instruction. If u just noping the code it will cause infinite health to enemy also. To make difference between Player and

enemy we have to dissect data/structures.

This is the code that changes health.

Code:

movss [esi+18],xmm0


In memory view goto tools--->dissectdata/structures or press ctrl+D
A window opens, in that type the addresses of your and enemy health and subract offsets like this. Add addresses if you

want.

0FD86058-18
0FD87818-18
0FD87718-18
0FD78718-18


If you have lot number of addresses it is better to dissect easier. After filling up addresses press ctrl+N or goto

structures ----> define new structures-----> next next ok ok...
Dont panic.., now you have a lot of addresses and its values. In left side there is offsets which starts with 0000. You

will have your health at 0018. Check the row of offset 0018 which have your health. And search near rows 0000 to 00FF to

find difference Between hero and enemy. If u have sharp eyes you will notice that offset 001C have maximum health of the

player and also enemy. And the important one is offset 00C8. It has the value of 0 for player and 2 for enemy.(((((((

select more offsets which have difference note them and close game. reopen and search again you will find C8 ))))))) now we

are ready to write a script.



Code:

alloc(newmem,2048)      //2kb should be enough
label(god)
label(exit)

cmp [esi+c8],0         //compare with 00000000(player)
jne god                //jump if not equal
mov eax,[esi+1c]       // move max health to eax
mov [esi+18],eax       //move max health to current value
jmp exit               //jump to exit
god:
movss [esi+18],xmm0     //originalcode
exit:
jmp returnhere

"DevilMayCry4_DX9.exe"+11BFE5:
jmp newmem
returnhere:




Now Check if cheat works.., if not works, there is an error in script.



2. Infinite DevilTrigger
-------------------------------------------------------------------------------------------------------------
The same way used for Infinite health is enough to make this hack. Search float for Unknown Initial Value and use

increase/decrease scanning to find value of DT gauge.(1 orb=1000). If you have lot of values Try freezing each one

manually to test it. If anything freezes Perfectly double click to add into Cheat table. Right click on it find what

writes to this address while DT is active. You will just noping(right click and replace with the code does nothing) to

make unlimited DT. But make sure that it doesn't affect increase of DT gauge. If DT gauge is not increased, we have to

dissect data/structures (single value). The code Changed DT gauge While decreasing is..,,

Code:

movss [edi+00001F24],xmm0
movss [edi+00001F24],xmm0


The first instruction executes while DT decreases gradually and second instruction executes one time at the time of

activation that is decreases one orb only. So just nop second instruction. For 1st instruction we have to dissect. Dont

subract 1F24 just subtract 0024 and notice nearby. The offset 0028 has maximum value of DT. So now write code as below.

Code:

alloc(newmem,2048)
label(returnhere)
newmem:

mov eax,[edi+1f28]
mov [edi+1f24],eax
jmp returnhere

"DevilMayCry4_DX9.exe"+3A8187:
jmp newmem
returnhere:


3. Infinite Orbs/Easy Orbs
--------------------------------------------------------------------------------------------------------------------
Orbs are stored in 4bytes. Scan for exact value and You will find it easily. There are 3 values in orbs are of

different purposes. similarly attach into cheat table and find out what writes to this addresse individually. The code for

addition of orbs is shown in below.

Code:

add [esi+00000118],ecx
add [esi+00000114],ecx

The 1st one is current orb and next one is displayed in mission end. Our job is just multiply with a value equal to 100.
The instruction used is

Code:

imul ecx,ecx,00000064       //ecx= ecx X 100

Use code injection to inject this instruction in both values then it is done.

Otherwise another method is used to add orbs. Right click on the address and do a pointerscan. This will add orbs.

For pointerscan watch this video www.youtube.com/watch?v=wZH1sQhZ6ig

4. Infinite Proudsouls
----------------------------------------------------------------------------------------------------------------------
The similar way used for orbs. Scan and find soul address. The instruction Executed while adding is below.

Code:

add [esi+000001EC],edi


use imul instruction to multiply edi with an integer. DO a pointerscan to increase souls with a number.


5. Infinite AirHikes
----------------------------------------------------------------------------------------------------------------------
This is done in a concept of jump counter. Jump in air and scan for 0 (1 Byte) then jump using AirHike and scan

for 1. Repeat this step until you find the correct instruction. Just noping instruction and try if infinite jump works, if

not mov the pointer to 0.

6. Infinite Disaster Gauge
----------------------------------------------------------------------------------------------------------------------
The same way for infinite devil trigger is used for this hack. Find using inc/dec value to find correct value and

find the instruction that writes this addresses. Dissect data to find out the maximum value of the disaster gauge.

Otherwise just findout maximum value and move the instruction to that pointer.
[code]
originalcode:
movss [esi+000151F4],xmm0

newcode:
mov [esi+151f4],(float)10000
[\code]

7. Infinite RoyalGuard Gauge:
------------------------------------------------------------------------------------------------------------------------

The same way for infinite devil trigger is used for this hack. Find using inc/dec value to find correct value and

find the instruction that writes this addresses. Dissect data to find out the maximum value of the Royal gauge. Otherwise

just findout maximum value and move the instruction to that pointer.

[code]
originalcode:
movss [esi+00014DAC],xmm1

newcode:
mov [esi+00014DAC],(float)30000
[\code]
And Important One is decreasing instruction becomes noped.

8. Auto MaxAct
------------------------------------------------------------------------------------------------------------------
Search for unknown initial value and use inc/dec of exceed gauge and find the correct value (4bytes = 3 when full)

then find the instruction that decreases it and nop that. Dissect data and find the maximum value and mov into current

instruction using code injection or just mov 00000003 to this instruction to complete this hack.

[code]
originalcode:
mov [ecx+04],eax
newcode1:
nop
nop
nop
newcode2:
mov [ecx+04],00000003
[/code]


9. Instant Charge:
-----------------------------------------------------------------------------------------------------------------------
Use exact value scan stating as 0(float) and charge weapon then try increased value. Repeat this until you find

the exact value. If you have more values try freeze at zero and charge it. Find the correct value and find what writes to

this address. Dissect to find the maximum value or note maximum value to move it.

[code]

newcode:
mov [ebp+10],(float)1000 // both for inc/dec

originalcode:
movss [ebp+10],xmm0 // increasing
movss [ebp+10],xmm3 // decreasing

[/code]

10. One Hit Kill
-----------------------------------------------------------------------------------------------------------------------
In DMC4 health is a bar value, So it may be Float(1bar=1000). Lets start with the first scan as unknown initial

value then find using decreased value by(calculate with ur brain howmuch will the percentage be) or decreased/increased

value scan. If you have lot of values Try freezing each one manually to test it. If anything freezes Perfectly double

click on it to put that into cheat table. In the table rightclick on it and "Find what writes to this address" then you

will find an instruction. Open in the dissassembler to show this in memory view. Now rightclick on this instruction and

select "what addresses change by this instruction" Play the game and hit some enemies.(don`t kill them just hit once and

move to other enemy)
Now you notice that it is a shared code. That is Enemy health and player health is controlled by the same

instruction. If u just noping the code it will cause infinite health to enemy also. To make difference between Player and

enemy we have to dissect data/structures.

This is the code that changes health.

[code]
movss [esi+18],xmm0
[/code]

In memory view goto tools--->dissectdata/structures or press ctrl+D
A window opens, in that type the addresses of your and enemy health and subract offsets like this. Add addresses if you

want.

0FD86058-18
0FD87818-18
0FD87718-18
0FD78718-18


If you have lot number of addresses it is better to be dissected easier. After filling up addresses press ctrl+N or goto

structures ----> define new structures-----> next next ok ok...
Dont panic.., now you have a lot of addresses and its values. In left side there is offsets which starts with 0000. You

will have your health at 0018. Check the row of offset 0018. And search near rows 0000 to 00FF to find difference Between

hero and enemy. If u have sharp eyes you will notice that offset 001C have maximum health of the player and also enemy.

And the important one is offset 00C8. It has the value of 0 for player and 2 for enemy.((((((( select more offsets which

have difference note them and close game. reopen and search again you will find C8 ))))))) now we are ready to write a

script.



[code]
alloc(newmem,2048) //2kb should be enough
label(god)
label(exit)

cmp [esi+c8],0 //compare with 00000000(player)
jne god //jump if not equaljump if player
mov eax,[esi+1c] // move max health to eax
mov [esi+18],eax //move max health to current value
jmp exit //jump to exit
god:
mov [esi+18],0000000 // set enemy health to 0
exit:
jmp returnhere

"DevilMayCry4_DX9.exe"+11BFE5:
jmp newmem
returnhere:
[/code]



Now Check if cheat works.., if not works, there is an error in script.


11. High Stylish Points
-----------------------------------------------------------------------------------------------------------------------
Scan Unknown initial Value and try increased value. Better you noped the health instruction and scan for stylish

points. (float = stlish points x 10) Once you find the Stylish point counter and find that instruction. Just multiply the

value to get easy stylish points or move high value to that pointer.

[code]
originalcode:
movss [edx+04],xmm0

easystylishpts:
addss xmm0,xmm0
addss xmm0,xmm0
addss xmm0,xmm0
addss xmm0,xmm0
movss [edx+04],xmm0

highstylishpts:
mov [edx+04],(float)99999999
[/code]

12. Kill Timer
------------------------------------------------------------------------------------------------------------------------
Scan for inc/dec value in float to find the accurate time value. If you find more values try freeze each one . (9:31:30 has value equal to (((9x60) + 31) x 60) +30))

manually and find correct address and instruction. Just nop to findout the time is decreasing or not. If time is

decreasing mov a high value.

13. Increase Running Speed
------------------------------------------------------------------------------------------------------------------------
Stand a paticular location and scan (float)0. Then walk and pause the game scan for increased value. Then run and

search increased value. Try continuous and find correct value. This value is float and we have to mutiply with a float the

method is as follows. we have to create a memory address that stores a float value.
[code]
alloc(newmem,2048) //2kb should be enough
alloc(value,512) //512 bytes is enough
label(returnhere)

value:
dd (float)2.00 //define dword 2.00

newmem:
fmul dword ptr [value] //multiply current float with value
fstp dword ptr [esi+00000014]
jmp returnhere

"DevilMayCry4_DX9.exe"+3BB977:
jmp newmem
nop
nop
nop
returnhere:
[/code]
14. Fix Sickling smoking style
(4bytes) Scanning deadly =1, carnage= 2, ........ and SSS = 7. Once you found the apt address(try freeze and find it). and Search for what writes this addresses..,, there must be a lot of instructions decreases and increases and set to the value as 7. goto game and check it.
[code]
[ENABLE]
004A6506:
mov [esi+20],00000007
004A64F4:
mov [esi+20],00000007
004A64FD:
mov [esi+20],00000007
004A5EDB:
mov [esi+20],00000007
004A5D45:
mov [esi+20],00000007
004A5D5F:
mov [esi+20],00000007
004A64EB:
mov [esi+20],00000007



[DISABLE]
004A6506:
mov [esi+20],00000003
004A64F4:
mov [esi+20],00000001
004A64FD:
mov [esi+20],00000002
004A5EDB:
mov [esi+20],00000005
004A5D45:
mov [esi+20],00000006
004A5D5F:
mov [esi+20],00000005
004A64EB:
mov [esi+20],00000000
[/code]
15. Increases Running Speed
You better go to this topic http://forum.cheatengine.org/viewtopic.php?t=566564
16. Teleportation
------------------------------------------------------------------------------------------------------------------------
It is very difficult one and I didnt try this till now. Scan for value and move character then changed value as

next scan. Dont move and unchanged value. Repeat until u find XYZ co-ordinates. Freeze each one manually to find perfect

values and set values and hotkeys to make telepotion hack

17. Trainer Making
------------------------------------------------------------------------------------------------------------------------
Create all the scripts with [enable] and [disable] section. Then create trainer using lua scripts.
--------------------------------------------------------------------------------------------------------------------------

--------------------------------------------------------------------------------------------------------------------------

--------------------------------------------------------------------------------------------------------------------------

--------------------------------------------------------------------------------------------------------------------------
Click here to Download the Trainer.
http://youtu.be/i-8ZylG-ukM

--------------------------------------------------------------------------------------------------------------------------

----------------------------------------

THANKS FOR READING



dmchack3.jpg
 Description:
 Filesize:  344.81 KB
 Viewed:  73394 Time(s)

dmchack3.jpg



DevilMayCry4_DX9.CT
 Description:

Download
 Filename:  DevilMayCry4_DX9.CT
 Filesize:  21.24 KB
 Downloaded:  8174 Time(s)



Last edited by vergilganesh on Mon Jul 29, 2013 12:05 pm; edited 2 times in total
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger
SouthernGenius
How do I cheat?
Reputation: 0

Joined: 02 Jul 2012
Posts: 1

PostPosted: Mon Jul 29, 2013 7:05 am    Post subject: Still learning assembly, but this doesn't look right to me. Reply with quote

I am a bit confused about the section that is describing the "God Mode" for health. the code reads:

cmp [esi+c8],0 //compare with 00000000(enemy)
jne god //jump if not equal
mov eax,[esi+1c] // move max health to eax
mov [esi+18],eax //move max health to current value
jmp exit //jump to exit
god:
movss [esi+18],xmm0 //originalcode
exit:

You say that offset 00C8 has a value of 1 for player and 0 for enemy. So I am gonna assume we are looking at an enemy right now. [esi+c8] = ZERO if it is an enemy. So the first line cmp [esi+c8],0 is true(or in this case EQUAL). The next line says jump if NOT EQUAL to god label. Well, it is equal, so no jump. It then goes on to move MAX health into current health and exits.
Didn't that just put MAX health into the enemy's health bar? If [esi+c8] is ONE because it is the player's health bar then the code does jump down to god label and it uses the original line of code. Obviously the original line of code subtracts health as normal so how can that be a god mode of any kind? It's the ORIGINAL code!

I apologize if this sounds like an un-friendly reply. I am not being angry. I simply don't understand. I hope you remember how it is when you are first learning something really difficult. I am just really frustrated because I thought I was learning to read assembly better. Either I don't understand or there is a mistake in the explanation above. If I am making a simple and basic mistake, can someone be kind enough to explain where my brain is misfiring?

Thank you for the tutorial!!!! People like you, vergilganesh, have taught me everything I know by posting these tutorials. I hope I can return the favor one day.
Back to top
View user's profile Send private message
vergilganesh
Expert Cheater
Reputation: 0

Joined: 01 Jul 2013
Posts: 134
Location: India

PostPosted: Mon Jul 29, 2013 11:35 am    Post subject: Reply with quote

I m extremly sorry for that. Actualy the code was correct but the explanation given by me was the wrong one. I ve checked only the codes at end not the explanations. Bcoz i've done god mode for a long tym ago in my friend's laptop. I only have a laptop with a pentium dual core processor. And i m little bit confused while typing. Now i have corrected and adds some more hacks.
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger
Onim
Newbie cheater
Reputation: 0

Joined: 02 Feb 2014
Posts: 18
Location: Malaysia

PostPosted: Mon Feb 03, 2014 4:51 am    Post subject: Reply with quote

hye. nice tutorial. i manage to follow until i tried Auto MaxAct. can u explain me a lil bit more this part. i keep crashing my game when i move the value to [ecx+4] .. and is [ecx+4],00000003 same as [ecx+4],3 ? Crying or Very sad
_________________
From that day forth... my arm changed... and a voice echoed "Power! Give me more power!" and if I become a demon, so be it... I'll endure the exile... anything... to protect her!
Back to top
View user's profile Send private message
akumakuja28
Master Cheater
Reputation: 16

Joined: 28 Jun 2015
Posts: 432

PostPosted: Sun Feb 14, 2016 9:38 pm    Post subject: Reply with quote

What an epic bump
_________________
Back to top
View user's profile Send private message
tam10diem
How do I cheat?
Reputation: 0

Joined: 10 Jul 2016
Posts: 2

PostPosted: Mon Jul 11, 2016 3:49 am    Post subject: Reply with quote

hi, can u help me about infinite health Devil may cry 4 special edition? Very Happy
i learn form your topic dmc4 trainer making but it wont work.
I am very grateful if you help me or make a short video how to do Razz
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials -> Auto Assembler tutorials All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites