Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Ammo script problem
Goto page 1, 2, 3  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
Niko
Cheater
Reputation: 0

Joined: 28 Mar 2014
Posts: 33

PostPosted: Mon May 12, 2014 8:52 am    Post subject: Ammo script problem Reply with quote

Hi all

So I'm using an ammo script for the game aliens vs predator 2010 (AvP_Dx11, because it has a Dx9 executable) , an ammo script. When I freeze it, it works fine, ammo does not decrease, however when I kill an enemy the game crashes. Or if I do too much damage to an enemy. I'm quite noobish with cheatengine and gamehacking so any help would be appreciated.
Here's the script for ammo:
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)

007A4D52:
jmp newmem
returnhere:

newmem: //this is allocated memory, you have read,write,execute access



originalcode:
//movss [ecx+10],xmm0

exit:
jmp returnhere



[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
007A4D52:
movss [ecx+10],xmm0
//Alt: db F3 0F 11 41 10

Now I also tried making a custom script that directly nops the function, which looks like this:
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
007A4D52:
nop
nop
nop
nop
nop

[DISABLE]
007A4D52:
movss [ecx+10],xmm0
//code from here till the end of the code will be used to disable the cheat

but the result was the same, ammo does not decrease, I can shoot opjects, objectives etc, but as soon as I do too much damage or kill an enemy the game crashes.
Back to top
View user's profile Send private message
lamafao
Expert Cheater
Reputation: 1

Joined: 17 Apr 2013
Posts: 130

PostPosted: Mon May 12, 2014 10:27 am    Post subject: Reply with quote

I am not good with these xmm things, but have you tried adding a value to ecx+10 (1)? or movss xmm0,#10 (2)
2nd example might be really wrong

Try (float)10 instead of #10 too

1.
Code:
[ENABLE]
alloc(newmem,2048)
label(returnhere)


newmem:
movss [ecx+10],xmm0
mov [ecx+10],#10 //10
jmp returnhere

007A4D52:
jmp newmem
returnhere:


[DISABLE]
dealloc(newmem)
007A4D52:
movss [ecx+10],xmm0


2.
Code:
[ENABLE]
alloc(newmem,2048)
label(returnhere)


newmem:
movss xmm0,#10 //10
movss [ecx+10],xmm0
jmp returnhere

007A4D52:
jmp newmem
returnhere:


[DISABLE]
dealloc(newmem)
007A4D52:
movss [ecx+10],xmm0
Back to top
View user's profile Send private message
Niko
Cheater
Reputation: 0

Joined: 28 Mar 2014
Posts: 33

PostPosted: Mon May 12, 2014 11:22 am    Post subject: Reply with quote

Hello and thanks for the suggestion lamafao

I tired the first script before, and I did the one you just made, but it just sets the ammo in clip to 0 when enabled, and when I click fire it makes a buzzing sound it makes when its empty without reloading, then I switch the weapon and reload it. 2nd script has an error in line 7 (movss xmm0,#10): can't be complied.

I also tried replacing with float 10, no success. It also still crashes when I kill an enemy when I do something with that instruction.

Im still open for any other suggestions one might want to post here, and your help was appreciated. Tell me if you have any other ideas. Maybe if you somehow identify the player only? But this very script I've put has been used in the past versions of the game. Apparently it has been working with a direct nop. Idnk, maybe I should somehow make this active for the player only, like in godmode hacks.
Back to top
View user's profile Send private message
NanoByte
Expert Cheater
Reputation: 1

Joined: 13 Sep 2013
Posts: 222

PostPosted: Mon May 12, 2014 2:30 pm    Post subject: Reply with quote

Yeah it would be nice if some one could explain what the movss does and all the xmm business

Try this it might work, dont know about all the xmm stuff so it might crash

Code:

[ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)

newmem:
//place your code here
cmp [ecx+10],2
jg originalcode
mov [ecx+10],1E

originalcode:
movss [ecx+10],xmm0

exit:
jmp returnhere

007A4D52:
jmp newmem
returnhere:


[DISABLE]
dealloc(newmem)
007A4D52:
movss [ecx+10],xmm0
//Alt: db F3 0F 11 41 10
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Mon May 12, 2014 2:49 pm    Post subject: Reply with quote

Right-click on the instruction in memory viewer, and check to see what addresses it accesses (be sure to return to game and play for a minute). If more than one address shows up, then that is probably why the game is crashing - you need to filter out the unwanted addresses or use a different instruction that is exclusive to your ammo. If only one address shows up, then show your entire script here so that we might see why it is crashing.
Back to top
View user's profile Send private message
Geri
Moderator
Reputation: 111

Joined: 05 Feb 2010
Posts: 5636

PostPosted: Mon May 12, 2014 3:03 pm    Post subject: Reply with quote

The non-cracked version of the game has anti-cheat to detect code injection.
_________________
My trainers can be found here: http://www.szemelyesintegracio.hu/cheats

If you are interested in any of my crappy articles/tutorials about CE and game hacking, you can find them here:
http://www.szemelyesintegracio.hu/cheats/41-game-hacking-articles

Don't request cheats or updates.
Back to top
View user's profile Send private message
Niko
Cheater
Reputation: 0

Joined: 28 Mar 2014
Posts: 33

PostPosted: Mon May 12, 2014 3:08 pm    Post subject: Reply with quote

Geri wrote:
The non-cracked version of the game has anti-cheat to detect code injection.


It doesn't, I have done some cheats on it mp and sp. maybe it did in the past but nothing that bans you for cheating, maybe you mean something that prevents you/makes it harder to use codes? On the steam page it also says its not vac secured. I also have a godmode and an instantkill code that works just find, also ammo address works fine multiplayer, exept I cant find a direct pointer to any of the weapon ammo addresses, and the problem with the ammo script is that it crashes my game for some reason.

NanoByte wrote:
Yeah it would be nice if some one could explain what the movss does and all the xmm business

Try this it might work, dont know about all the xmm stuff so it might crash

Code:

[ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)

newmem:
//place your code here
cmp [ecx+10],2
jg originalcode
mov [ecx+10],1E

originalcode:
movss [ecx+10],xmm0

exit:
jmp returnhere

007A4D52:
jmp newmem
returnhere:


[DISABLE]
dealloc(newmem)
007A4D52:
movss [ecx+10],xmm0
//Alt: db F3 0F 11 41 10


thanks for the help but that code does nothing when I enable it

++METHOS wrote:
Right-click on the instruction in memory viewer, and check to see what addresses it accesses (be sure to return to game and play for a minute). If more than one address shows up, then that is probably why the game is crashing - you need to filter out the unwanted addresses or use a different instruction that is exclusive to your ammo. If only one address shows up, then show your entire script here so that we might see why it is crashing.


there were 2 addresses that popped up 2 times, random, not related to anything, their value was 1 float. once it accesed them a 2nd time the game crashed. It also crashed again, exept this time no values exept my ammo were actually recorded. Btw the game doesnt usually crash when I freeze an ammo script, ive played with one for hours on the same version.


Last edited by Niko on Mon May 12, 2014 3:19 pm; edited 1 time in total
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Mon May 12, 2014 3:17 pm    Post subject: Reply with quote

If the game has anti-cheat, look at that first. Once you have a workaround for that, then look to see if you need to filter out addresses or find a different instruction. Once you have found a good filter/instruction, test it. If it's still crashing, paste your script here in its entirety.

The script does nothing because it runs originalcode...fix to this:

Code:
[ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)

newmem:
//place your code here
cmp [ecx+10],2
jg originalcode
mov [ecx+10],1E
jmp returnhere

originalcode:
movss [ecx+10],xmm0

exit:
jmp returnhere

007A4D52:
jmp newmem
returnhere:


[DISABLE]
dealloc(newmem)
007A4D52:
movss [ecx+10],xmm0
//Alt: db F3 0F 11 41 10
Back to top
View user's profile Send private message
Geri
Moderator
Reputation: 111

Joined: 05 Feb 2010
Posts: 5636

PostPosted: Mon May 12, 2014 3:22 pm    Post subject: Reply with quote

That info is like 4 years old, maybe they have removed it, it was just a hint.
_________________
My trainers can be found here: http://www.szemelyesintegracio.hu/cheats

If you are interested in any of my crappy articles/tutorials about CE and game hacking, you can find them here:
http://www.szemelyesintegracio.hu/cheats/41-game-hacking-articles

Don't request cheats or updates.
Back to top
View user's profile Send private message
Niko
Cheater
Reputation: 0

Joined: 28 Mar 2014
Posts: 33

PostPosted: Mon May 12, 2014 3:30 pm    Post subject: Reply with quote

++METHOS wrote:
If the game has anti-cheat, look at that first. Once you have a workaround for that, then look to see if you need to filter out addresses or find a different instruction. Once you have found a good filter/instruction, test it. If it's still crashing, paste your script here in its entirety.

The script does nothing because it runs originalcode...fix to this:

Code:
[ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)

newmem:
//place your code here
cmp [ecx+10],2
jg originalcode
mov [ecx+10],1E
jmp returnhere

originalcode:
movss [ecx+10],xmm0

exit:
jmp returnhere

007A4D52:
jmp newmem
returnhere:


[DISABLE]
dealloc(newmem)
007A4D52:
movss [ecx+10],xmm0
//Alt: db F3 0F 11 41 10


As far as anti-cheat goes, I've never seen it stated anywhere or have felt the concequences of an anti-cheat. There are tons of cheat-engine speedhackers and what not on this game's servers. Ive also hacked quite a bit multiplayer and singpleplayer on this game. By hack I mean basic searching for ammo address and freezing it, or something similar. As far as the table goes, it still doesn't work after the fix :/ the game doesn't even crash. Its as if its not even there when its frozen. Also the address for ammo is only accessed by that instruction alone, but it writes to 3 other instructions constantly.
Back to top
View user's profile Send private message
NanoByte
Expert Cheater
Reputation: 1

Joined: 13 Sep 2013
Posts: 222

PostPosted: Mon May 12, 2014 3:37 pm    Post subject: Reply with quote

Code:
[ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)

newmem:
//place your code here
cmp [ecx+10],2
jg originalcode
mov xmm0,1E // dont know if you can mov value into xmm0 buts its worth a try :D

originalcode:
movss [ecx+10],xmm0

exit:
jmp returnhere

007A4D52:
jmp newmem
returnhere:


[DISABLE]
dealloc(newmem)
007A4D52:
movss [ecx+10],xmm0
//Alt: db F3 0F 11 41 10
Back to top
View user's profile Send private message
Niko
Cheater
Reputation: 0

Joined: 28 Mar 2014
Posts: 33

PostPosted: Mon May 12, 2014 3:41 pm    Post subject: Reply with quote

NanoByte wrote:
Code:
[ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)

newmem:
//place your code here
cmp [ecx+10],2
jg originalcode
mov xmm0,1E // dont know if you can mov value into xmm0 buts its worth a try :D

originalcode:
movss [ecx+10],xmm0

exit:
jmp returnhere

007A4D52:
jmp newmem
returnhere:


[DISABLE]
dealloc(newmem)
007A4D52:
movss [ecx+10],xmm0
//Alt: db F3 0F 11 41 10


Nope. "Error in line 11(mov xmm0,1E): This instruction can't be complied"
Btw maybe the previous script didn't work at all because you didn't have 007A4D52 anywhere in the enable section? I don't really know where its supposed to be placed. Ah its placed at the end. Well idnk. Like I said, im really noobish at auto-assembling and coding scripts. I don't really know anything apart from nopping and a lil bit bout memory viewer.
Back to top
View user's profile Send private message
STN
I post too much
Reputation: 43

Joined: 09 Nov 2005
Posts: 2676

PostPosted: Mon May 12, 2014 5:02 pm    Post subject: Reply with quote

Wait...is it just me who is wondering why the hell would you guys write integers to an address that is most likely a float or double. Unless i am missing something (and i probably am because there's not much information given) based on this instruction

movss [ecx+10],xmm0

ecx+10 is either a float or double and considering xmm instructions are used, its most likely a double for size though a float is just as likely. This also makes me think very strongly of a float

Quote:
I tired the first script before, and I did the one you just made, but it just sets the ammo in clip to 0 when enabled, and when I click fire it makes a buzzing sound it makes when its empty without reloading, then I switch the weapon and reload it.


It would help if you can take a screenshot of the instructions around that code and let us know if the instruction is accessing more than one address. Because if it is then that is most likely the cause of your crash.

I thought anti-cheat protection too when this game was mentioned first, maybe they did remove it but at the time of its release it was a pain to train, VAC enabled or disabled doesn't mean anything SP gaming wise at least for the titles i have touched it doesn't. The anti-cheats did code checks meaning if you did something in the game it would trigger a code-check and if the code was modified result in crash. Are you 100% sure those checks are removed ?

An easy to tell is just jump to a cave re-creating the game's code and letting the game run, if it still crashes then your checks are there and you need to deal with them.



Also why do you guys keep trying to write to xmm0 with mov instruction ? Xmm are huge registers that need their own instruction set for manipulation/usage, just google SSE instruction. You will not use FPU instructions for mov right ? because they are completely different types of data

_________________
Cheat Requests/Tables- Fearless Cheat Engine
https://fearlessrevolution.com
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 470

Joined: 09 May 2003
Posts: 25785
Location: The netherlands

PostPosted: Mon May 12, 2014 5:51 pm    Post subject: Reply with quote

movss is a sse specific instruction. It copies a single precision (float) from/to xmm registers

To set a specific value in xmm registers use a construct like this:
Code:

...
Alloc(newvalue,4)
Newvalue:
dd (float)123.45

...
movss xmm0,[newvalue]

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Geri
Moderator
Reputation: 111

Joined: 05 Feb 2010
Posts: 5636

PostPosted: Mon May 12, 2014 6:33 pm    Post subject: Reply with quote

STN wrote:
Wait...is it just me who is wondering why the hell would you guys write integers to an address that is most likely a float or double.


I know, but he said in one of his posts above that he tried to write float value to it too, so that's not the problem.

Simply nopping this code should work. It has worked for me in the old cracked version. This is why I have mentioned the anti-cheat, but if that's not the problem either, then I don't know, because then the game obviously changed from the version that I have used and the info I have is obsolete.

_________________
My trainers can be found here: http://www.szemelyesintegracio.hu/cheats

If you are interested in any of my crappy articles/tutorials about CE and game hacking, you can find them here:
http://www.szemelyesintegracio.hu/cheats/41-game-hacking-articles

Don't request cheats or updates.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Goto page 1, 2, 3  Next
Page 1 of 3

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites