Cheat Engine

Niko · Cheater Reputation: 0 Joined: 28 Mar 2014 Posts: 33

Hi all

So I'm using an ammo script for the game aliens vs predator 2010 (AvP_Dx11, because it has a Dx9 executable) , an ammo script. When I freeze it, it works fine, ammo does not decrease, however when I kill an enemy the game crashes. Or if I do too much damage to an enemy. I'm quite noobish with cheatengine and gamehacking so any help would be appreciated.
Here's the script for ammo:
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)

007A4D52:
jmp newmem
returnhere:

newmem: //this is allocated memory, you have read,write,execute access

originalcode:
//movss [ecx+10],xmm0

exit:
jmp returnhere

[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
007A4D52:
movss [ecx+10],xmm0
//Alt: db F3 0F 11 41 10

Now I also tried making a custom script that directly nops the function, which looks like this:
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
007A4D52:
nop
nop
nop
nop
nop

[DISABLE]
007A4D52:
movss [ecx+10],xmm0
//code from here till the end of the code will be used to disable the cheat

but the result was the same, ammo does not decrease, I can shoot opjects, objectives etc, but as soon as I do too much damage or kill an enemy the game crashes.

lamafao · Posted: Mon May 12, 2014 10:27 am Post subject:

I am not good with these xmm things, but have you tried adding a value to ecx+10 (1)? or movss xmm0,#10 (2)
2nd example might be really wrong

Try (float)10 instead of #10 too

1.

Niko · Cheater Reputation: 0 Joined: 28 Mar 2014 Posts: 33

Hello and thanks for the suggestion lamafao

I tired the first script before, and I did the one you just made, but it just sets the ammo in clip to 0 when enabled, and when I click fire it makes a buzzing sound it makes when its empty without reloading, then I switch the weapon and reload it. 2nd script has an error in line 7 (movss xmm0,#10): can't be complied.

I also tried replacing with float 10, no success. It also still crashes when I kill an enemy when I do something with that instruction.

Im still open for any other suggestions one might want to post here, and your help was appreciated. Tell me if you have any other ideas. Maybe if you somehow identify the player only? But this very script I've put has been used in the past versions of the game. Apparently it has been working with a direct nop. Idnk, maybe I should somehow make this active for the player only, like in godmode hacks.

NanoByte · Posted: Mon May 12, 2014 2:30 pm Post subject:

Yeah it would be nice if some one could explain what the movss does and all the xmm business

Try this it might work, dont know about all the xmm stuff so it might crash

++METHOS · Posted: Mon May 12, 2014 2:49 pm Post subject:

Right-click on the instruction in memory viewer, and check to see what addresses it accesses (be sure to return to game and play for a minute). If more than one address shows up, then that is probably why the game is crashing - you need to filter out the unwanted addresses or use a different instruction that is exclusive to your ammo. If only one address shows up, then show your entire script here so that we might see why it is crashing.

Geri · Moderator Reputation: 111 Joined: 05 Feb 2010 Posts: 5636

The non-cracked version of the game has anti-cheat to detect code injection.

Niko · Cheater Reputation: 0 Joined: 28 Mar 2014 Posts: 33

++METHOS · Posted: Mon May 12, 2014 3:17 pm Post subject:

If the game has anti-cheat, look at that first. Once you have a workaround for that, then look to see if you need to filter out addresses or find a different instruction. Once you have found a good filter/instruction, test it. If it's still crashing, paste your script here in its entirety.

The script does nothing because it runs originalcode...fix to this:

Geri · Moderator Reputation: 111 Joined: 05 Feb 2010 Posts: 5636

That info is like 4 years old, maybe they have removed it, it was just a hint.

Niko · Cheater Reputation: 0 Joined: 28 Mar 2014 Posts: 33

NanoByte · Posted: Mon May 12, 2014 3:37 pm Post subject:

Niko · Cheater Reputation: 0 Joined: 28 Mar 2014 Posts: 33

STN · Posted: Mon May 12, 2014 5:02 pm Post subject:

Wait...is it just me who is wondering why the hell would you guys write integers to an address that is most likely a float or double. Unless i am missing something (and i probably am because there's not much information given) based on this instruction

movss [ecx+10],xmm0

ecx+10 is either a float or double and considering xmm instructions are used, its most likely a double for size though a float is just as likely. This also makes me think very strongly of a float

Dark Byte · Posted: Mon May 12, 2014 5:51 pm Post subject:

movss is a sse specific instruction. It copies a single precision (float) from/to xmm registers

To set a specific value in xmm registers use a construct like this:

Geri · Moderator Reputation: 111 Joined: 05 Feb 2010 Posts: 5636