| View previous topic :: View next topic |
| Author |
Message |
sbryzl
Master Cheater
![]() Reputation: 6
Joined: 25 Jul 2016
Posts: 252
|
 Posted: Wed Aug 17, 2022 2:03 pm Post subject: |
 |
|
Have you tried writing a value directly to the address?
| Code: | mov dword ptr [rax+00000230],(float)9000
mov dword ptr [rax+00000238],(float)9000 |
|
|
| Back to top |
|
 |
sbryzl
Master Cheater
![]() Reputation: 6
Joined: 25 Jul 2016
Posts: 252
|
| Posted: Thu Aug 18, 2022 7:42 am Post subject: |
|
|
Here is a method you could use to set a speed limit after the multiplier.
| Code: | newmem:
cmp byte ptr [speed_input],1
je fast
jmp originalcode
fast:
fld dword [rax+00000230]
fmul dword [speed_modifier]
fld dword [speed_maxlimit]
fcomi ST(0),ST(1)
jl short floatflip
fxch
floatflip:
fstp dword [rax+00000230]
fstp st(0)
jne originalcode
fld dword [rax+00000238]
fmul dword [speed_modifier]
fld dword [speed_maxlimit]
fcomi ST(0),ST(1)
jl short floatflip
fxch
floatflip:
fstp dword [rax+00000238]
fstp st(0)
originalcode:
movups xmm1,[rax+00000230]
jmp return
align 4
speed_input:
db 0
speed_modifier:
dd (float)1.03
speed_maxlimit:
dd (float)9 |
|
|
| Back to top |
|
|
sbryzl
Master Cheater
![]() Reputation: 6
Joined: 25 Jul 2016
Posts: 252
|
| Posted: Thu Aug 18, 2022 8:41 am Post subject: |
|
|
The conditional jump may need to be different.
Instead of
jl short floatflip
try
jb short floatflip
or
jna short floatflip
|
|
| Back to top |
|
|
sbryzl
Master Cheater
![]() Reputation: 6
Joined: 25 Jul 2016
Posts: 252
|
| Posted: Thu Aug 18, 2022 9:22 am Post subject: |
|
|
The second jump to originalcode isn't necessary as it would already be handled initially. That may be your problem. Here it is commented out.
| Code: |
newmem:
cmp byte ptr [speed_input],1
jne originalcode
//je fast
//jmp originalcode
fast:
fld dword [rax+00000230]
fmul dword [speed_modifier]
fld dword [speed_maxlimit]
fcomi ST(0),ST(1)
jl short floatflip
fxch
floatflip:
fstp dword [rax+00000230]
fstp st(0)
//jne originalcode
fld dword [rax+00000238]
fmul dword [speed_modifier]
fld dword [speed_maxlimit]
fcomi ST(0),ST(1)
jl short floatflip
fxch
floatflip:
fstp dword [rax+00000238]
fstp st(0)
originalcode:
movups xmm1,[rax+00000230]
jmp return
align 4
speed_input:
db 0
speed_modifier:
dd (float)1.03
speed_maxlimit:
dd (float)9 |
|
|
| Back to top |
|
|
sbryzl
Master Cheater
![]() Reputation: 6
Joined: 25 Jul 2016
Posts: 252
|
| Posted: Thu Aug 18, 2022 1:47 pm Post subject: |
|
|
This should be all the necessary alterations cleaned up a bit. I don't know what the issue is since I can't see it myself. If you need the second jump for some reason you should redo the compare before it. If there is an issue with forward or sideways motion maybe one of the 2 components could be removed so it's not affected.
| Code: | [ENABLE]
aobscanmodule(aob_speed,SnowRunner.exe,0F 10 88 30 02 00 00 0F 59 C9)
alloc(newmem,$1000,aob_speed)
label(return)
label(fast)
label(speed_input)
label(speed_modifier)
registersymbol(aob_speed)
registersymbol(speed_input)
registersymbol(speed_modifier)
newmem:
cmp byte ptr [speed_input],1
jne originalcode
fast:
fld dword [rax+00000230]
fmul dword [speed_modifier]
fld dword [speed_maxlimit]
fcomi ST(0),ST(1)
jna short @F
fxch
@@:
fstp dword [rax+00000230]
fstp st(0)
//cmp byte ptr [speed_input],1
//jne originalcode
fld dword [rax+00000238]
fmul dword [speed_modifier]
fld dword [speed_maxlimit]
fcomi ST(0),ST(1)
jna short @F
fxch
@@:
fstp dword [rax+00000238]
fstp st(0)
originalcode:
movups xmm1,[rax+00000230]
jmp return
align 4
speed_input:
db 0
speed_modifier:
dd (float)1.03
speed_maxlimit:
dd (float)9
aob_speed:
jmp newmem
nop 2
return:
[DISABLE]
aob_speed:
db 0F 10 88 30 02 00 00
dealloc(newmem) |
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
