Posted: Wed Jul 13, 2022 8:49 am Post subject: Need Help In Finding Weapon Damage
Absolute noob here looking for some help. I'm trying to find the address of the damage of the weapon I am holding, so I went about it like this.
-I found an enemy with a large amount HP and got its address and value etc.
- I then click "find out what writes to this address" and proceed to damage the enemy with the weapon I am trying to change the damage number of.
- The instruction is then written as "movss [r12+00000198] , xmm6"
I understand after watching a bunch of youtube videos that the xmm6 is the new health value of the enemy after subtracting its original health with my weapons damage. When pressing more information and pressing the letter f on the right I find "xmm7" which has the number 600 attributed to it which is the exact damage of my weapon, and I verified that by looking into the game's files, so I know for a fact the damage of my weapon is 600.
I guess my question is, now that I found the instruction that updates the health of the enemy, how do I backtrack and find the address of my weapons damage? Where is the address of this xmm7 which has my weapons damage attributed to it?
Any help or ideas you guys can give me would be greatly appreciated. Maybe a link to a youtube video or something. Thank you.
You may need to step into a caller or step out to a callee (break and trace using step over w/ a conditional breakpoint to only break on the address you want can give you a callstack).
If you don't know how to read assembly, you should work on that first. _________________
I don't know where I'm going, but I'll figure it out when I get there.
Let's say for instance I wanted to start tracing back from that specific instruction, what would I set the break condition as considering the instruction written was "movss [r12+00000198] , xmm6"? I tried things like xmm6 == (address of the enemy HP I'm testing) and a bunch of other combinations, but the game does not break when damaging the enemy which means I'm entering the wrong break condition from what I understand. I've watched some youtube videos here and there but I haven't found yet one which placed a break condition on an xmm so I don't have a clear grasp on how to write a break condition for xmm's yet. Thank you for your help.
`movss [r12+00000198] , xmm6` - movss means "move scalar single". i.e. xmm6 contains a float. r12+0x198 is the address being accessed.
The simple breakpoint condition would be something like `R12+0x198 == 0x1423A57C` if I'm not mistaken (can't test this now). _________________
I don't know where I'm going, but I'll figure it out when I get there.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum