 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
LimeOrRed
How do I cheat?
![]() Reputation: 0
Joined: 08 Sep 2022
Posts: 2
|
 Posted: Sun Sep 11, 2022 7:40 pm Post subject: Help With Shared OpCode |
 |
|
Hey guys, I need help with shared opcodes in this game. I know how to separate the mobs HP from the main players HP. Like the process to do it. When I do it in this game. The main players HP address is always changing and being updated to a new address. Sometimes the value returns to the first address I try to use to separate myself from the mobs. When I scan for commonalities, the values in the offsets for main player HP, is always changing... my guess is it's because the value of main HP is always moved to another address and then would return back at some point just to be moved again in about 1-2 second span. In the end, I need help because I made a 1 hit kill script. If I don't provide a condition, I'll also be 1 hit and that's annoying. Like a condition I put would be for me to lose some HP so it is not 100 so all the mobs who are at 100 jump to the 1 hit kill. I'll provide an attachment of what I am talking about.
Here is the assembly area of the code that writes to my HP and the mobs HP:
| Code: | rufi.exe+721C0 - 55 - push ebp
rufi.exe+721C1 - 8B EC - mov ebp,esp
rufi.exe+721C3 - 56 - push esi
rufi.exe+721C4 - 8B F1 - mov esi,ecx
rufi.exe+721C6 - 8B 46 40 - mov eax,[esi+40]
rufi.exe+721C9 - 0FB6 48 04 - movzx ecx,byte ptr [eax+04]
rufi.exe+721CD - 8B 14 8D E8F07D00 - mov edx,[ecx*4+rufi.exe+3DF0E8]
rufi.exe+721D4 - 33 10 - xor edx,[eax]
rufi.exe+721D6 - 8B 4D 08 - mov ecx,[ebp+08]
rufi.exe+721D9 - 3B D1 - cmp edx,ecx
rufi.exe+721DB - 7E 04 - jle rufi.exe+721E1
rufi.exe+721DD - 2B D1 - sub edx,ecx
rufi.exe+721DF - EB 02 - jmp rufi.exe+721E3
rufi.exe+721E1 - 33 D2 - xor edx,edx
rufi.exe+721E3 - 8B 48 04 - mov ecx,[eax+04]
rufi.exe+721E6 - 69 C9 FD430300 - imul ecx,ecx,000343FD { 214013 }
rufi.exe+721EC - 89 10 - mov [eax],edx
rufi.exe+721EE - 81 C1 C39E2600 - add ecx,00269EC3 { 2531011 }
rufi.exe+721F4 - 89 48 04 - mov [eax+04],ecx
rufi.exe+721F7 - 0FB6 C9 - movzx ecx,cl
rufi.exe+721FA - 8B 0C 8D E8F07D00 - mov ecx,[ecx*4+rufi.exe+3DF0E8]
rufi.exe+72201 - 33 CA - xor ecx,edx
rufi.exe+72203 - 89 08 - mov [eax],ecx
rufi.exe+72205 - 8A 50 01 - mov dl,[eax+01]
rufi.exe+72208 - F6 D2 - not dl
rufi.exe+7220A - 02 C9 - add cl,cl
rufi.exe+7220C - 32 D1 - xor dl,cl
rufi.exe+7220E - 32 50 02 - xor dl,[eax+02]
rufi.exe+72211 - 88 50 07 - mov [eax+07],dl
rufi.exe+72214 - 8B 46 40 - mov eax,[esi+40]
rufi.exe+72217 - 0FB6 50 04 - movzx edx,byte ptr [eax+04]
rufi.exe+7221B - 8B 14 95 E8F07D00 - mov edx,[edx*4+rufi.exe+3DF0E8]
rufi.exe+72222 - 33 10 - xor edx,[eax]
rufi.exe+72224 - 8B 4E 44 - mov ecx,[esi+44]
rufi.exe+72227 - 0FB6 41 04 - movzx eax,byte ptr [ecx+04]
rufi.exe+7222B - 89 55 08 - mov [ebp+08],edx
rufi.exe+7222E - 8B 14 85 E8F07D00 - mov edx,[eax*4+rufi.exe+3DF0E8]
rufi.exe+72235 - 33 11 - xor edx,[ecx]
rufi.exe+72237 - DB 45 08 - fild dword ptr [ebp+08]
rufi.exe+7223A - DC 0D 903D7300 - fmul qword ptr [rufi.exe+333D90] { (100.00) }
rufi.exe+72240 - 89 55 08 - mov [ebp+08],edx
rufi.exe+72243 - DA 75 08 - fidiv dword ptr [ebp+08]
rufi.exe+72246 - D9 5E 04 - fstp dword ptr [esi+04]
rufi.exe+72249 - 5E - pop esi
rufi.exe+7224A - 5D - pop ebp
rufi.exe+7224B - C2 0400 - ret 0004 { 4 }
|
Here is the code that writes to my HP and the mobs HP:
| Code: | | rufi.exe+72246 - D9 5E 04 - fstp dword ptr [esi+04] |
Any help will do, I have the hack working right now with just some small conditions like losing HP or using MP to separate me from the mobs but it's inconsistent.
Thank you, 
| Description: |
| The top value is enemy HP after I hit it, the rest of the values are my HP but keeps being a new address and sometimes return to a previous address... |
|
| Filesize: |
322.89 KB |
| Viewed: |
747 Time(s) |
|
_________________
Which Color Should I Pick? The Lime Or The Red? |
|
| Back to top |
|
 |
cooleko
Grandmaster Cheater
![]() Reputation: 11
Joined: 04 May 2016
Posts: 717
|
| Posted: Sun Sep 11, 2022 8:09 pm Post subject: |
|
|
| Do the similarity check while the process is frozen or while a breakpoint is triggered. Then you can find your differentiator while the addresses aren't changing.
|
|
| Back to top |
|
|
TsTg
Master Cheater
 Reputation: 5
Joined: 12 Dec 2012
Posts: 334
Location: Somewhere....
|
| Posted: Mon Sep 12, 2022 2:18 am Post subject: |
|
|
you could first right-click on each of those address entries in the list, and "Show register states" might find something usefull there like a unique register that would distinguish your HP from the enemy,
if that didn't help, then further tracking through the code is needed, i see there are some xor'ing operations going on the new HP that will be set, anyways you need to look at the code that sets the base address of esi register, once you return from this routine (after the RET 4) you should look at the earlier code before this routine is called, usually for shared code like this, there should be a loop nearby, with that loop in hand, you can check at which index the game will access your HP, and that would be the way to filter it.
there are other ways ofc but in general it depends on how the game is designed.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
