call286
How do I cheat?
![]() Reputation: 0
Joined: 18 Dec 2013
Posts: 8
|
 Posted: Thu Dec 19, 2013 3:25 pm Post subject: Script - Star Wolves 2 shield also freezes enemies shields |
 |
|
Can someone give me a hint how to distinguish between shield draining of player ship and shield draining of enemy ship?
It seems that pointerscan is not an option for this game, so i tried it with Auto Assembler. I found my own Auto Assembler Script for Skill Points and Money.
I found already the line, which causes shield to drain:
| Code: | Star Wolves 2.exe+219730 - E8 3B0CE0FF - call Star Wolves 2.exe+1A370
Star Wolves 2.exe+219735 - D8 A4 24 90000000 - fsub dword ptr [esp+00000090] // Here shield is drained (Line1)
Star Wolves 2.exe+21973C - D9 9C 24 90000000 - fstp dword ptr [esp+00000090]
Star Wolves 2.exe+219743 - D9 84 24 90000000 - fld dword ptr [esp+00000090]
Star Wolves 2.exe+21974A - D9 9E E80B0000 - fstp dword ptr [esi+00000BE8] // Here stored (Line2)
Star Wolves 2.exe+219750 - 83 3D 380B7B00 00 - cmp dword ptr [Star Wolves 2.exe+3B0B38],00 |
My first try was to replace Line1 or Line2 with nop, but then the enemy ships didn't lose shield also.
At the moment my script looks like this:
| Code: |
[ENABLE]
aobscan(aobShieldSaver, D9 9E E8 0B 00 00 83 3D 38 0B 7B 00 00)
alloc(newmem, $1000)
label(aobShieldSaver_r)
registersymbol(aobShieldSaver_r)
label(lblShieldSaver)
label(lblShieldSaverRet)
newmem:
lblShieldSaver:
jmp lblShieldSaverRet
aobShieldSaver:
aobShieldSaver_r:
jmp lblShieldSaver
nop
lblShieldSaverRet:
[DISABLE]
aobShieldSaver_r:
//Star Wolves 2.exe+2194BF - D9 9E E80B0000 - fstp dword ptr [esi+00000BE8]
db D9 9E E8 0B 00 00
unregistersymbol(aobShieldSaver_r)
dealloc(newmem)
|
I tried to look into the cheat table for Star Wolves 1 which was created by Csimbi in forum(.)cheatengine(.)org/viewtopic.php?t=567812
But I don't understand exactly what the code there does. What i don't get is how to find the values for some of the code parts.
I hope it's ok to post pieces of Csimbi's code from the Star Wolves 1 table here, all credits for the following go to him:
| Code: |
///////////////////////
// Armour
lblArmourGetter:
fld dword ptr [esi+000003D8] // Original code // i found this also in SW2
cmp dword ptr [bEnableArmourHack],1
jne short lblArmourGetterSkip
fst dword ptr [esi+D0] // i found this also in SW2 (Line2)?
lblArmourGetterSkip:
jmp lblArmourGetterRet
///////////////////////
// Armour
lblArmorChecker:
pushad
cmp dword ptr [bEnableArmourHack],1
jne lblArmorCheckerSkip
mov eax,[esi+37c] // is in register esi+37c the player stored? Or how do i know that i have to use this?
test eax,eax
jz lblArmorCheckerSkip
push sPlayer // the word '_player' is pushed onto the stack?
push eax // the value of eax is pushed onto the stack
call strstr // is this a builtin function in ce (strstr)?
add esp,8 // how does this affect the next line? Also the mov an test lines are a secret for me...
test eax,eax
jz lblArmorCheckerSkip
mov eax,[esi+e74]
test eax,eax
jz lblArmorCheckerSkip
mov eax,[eax+5fc]
test eax,eax
jz lblArmorCheckerSkip
cmp byte ptr [eax],0
je lblArmorCheckerSkip
fld dword ptr [esi+3D8] // Player armor loaded
fst dword ptr [esi+D0] // and stored without changing
mov dword ptr [esp+34],0 // secret
fstp st(0)
fldz
lblArmorCheckerSkip:
popad
fcomp dword ptr [esi+000000D0] // Original code
jmp lblArmorCheckerRet
sPlayer:
db '_player' 00
|
I know, that there are other cheats for this game, but i'm trying to improve my knowledge in using cheat engine.
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
