 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
redoxo
How do I cheat?
![]() Reputation: 0
Joined: 07 Sep 2024
Posts: 2
|
 Posted: Sat Sep 07, 2024 3:21 pm Post subject: Help with modifying xmm |
 |
|
I managed to find what writes to the address and tried using AOB injection, but I don't know how to modify the xmm value. Here's the code:
| Code: | newmem:
code:
movups [rbx+28],xmm2
movsd [rbx+38],xmm0
jmp return
INJECT:
jmp newmem
nop 4
return:
registersymbol(INJECT) |
Sorry, I'm new to anything that's not high level programming.
|
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 147
Joined: 06 Jul 2014
Posts: 4570
|
| Posted: Sat Sep 07, 2024 3:59 pm Post subject: |
|
|
How exactly do you want to modify it?
Also, show the address of the value you want to modify as well as the value of rbx when the instruction accessed that address (click "more information")
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
redoxo
How do I cheat?
![]() Reputation: 0
Joined: 07 Sep 2024
Posts: 2
|
| Posted: Sun Sep 08, 2024 12:12 am Post subject: |
|
|
| ParkourPenguin wrote: | How exactly do you want to modify it?
Also, show the address of the value you want to modify as well as the value of rbx when the instruction accessed that address (click "more information") |
Normally, what I'd see is something like | Code: | mov [rbx+28],eax
jmp return |
and I'd just put mov eax,#100000 before that, for example, to set the value to something higher. I don't know how to do that in this case.
Also, the address is 2AE6D317530, and the rbx value is 2AE6D317500. Now I'm even more confused. What I did was press "Find what's writing to this address" and modified it in-game. But rbx+28 doesn't match up with the address, despite CE saying the instruction writes to it.
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 147
Joined: 06 Jul 2014
Posts: 4570
|
| Posted: Sun Sep 08, 2024 10:01 am Post subject: |
|
|
That instruction does write to that address.
xmm registers are 16 bytes- 4 floats or 2 doubles. Scalar operations (e.g. `movsd`, "move scalar double") operate on only the first value and either zero or ignore the remaining values within the xmm register. Vector operations (e.g. `movups`, "move unaligned packed singles") operate on all values at once.
Since `rbx+28` is 8 less than the address you're watching, the float you want to modify must be the third in the xmm register.
Change the third float and leave the rest unmodified. Simple version that just copies memory:
| Code: | newmem:
movups [rbx+28],xmm2
mov dword ptr[rbx+30],(float)100000
movsd [rbx+38],xmm0
jmp return |
(for doubles, you'd need to go through a register first- e.g. `mov rcx,(double)1234` / `mov [rdi+40],rcx`)
More complicated version that modifies the xmm register itself:
| Code: | label(my_new_value)
newmem:
sub rsp,10
movups [rsp],xmm1
movss xmm1,[my_new_value]
shufps xmm1,xmm2,30
shufps xmm2,xmm1,84
movups xmm1,[rsp]
add rsp,10
movups [rbx+28],xmm2
movsd [rbx+38],xmm0
jmp return
align 4 CC
my_new_value:
dd (float)100000 |
Edit: better "complicated" version w/ insertps:
| Code: | label(my_new_value)
newmem:
insertps xmm2,[my_new_value],20
movups [rbx+28],xmm2
movsd [rbx+38],xmm0
jmp return
align 4 CC
my_new_value:
dd (float)100000 |
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
