| View previous topic :: View next topic |
| Author |
Message |
MiNDTH3G4P
How do I cheat?
![]() Reputation: 0
Joined: 20 Aug 2022
Posts: 9
|
 Posted: Thu Apr 13, 2023 8:20 am Post subject: Player dies before health reaches zero |
 |
|
I am manipulating the damage dealt to the player through the sub instruction. the damage dealt is an integer value which if damage is set to 1 the player dies normally but if it is set to 5 for example the player die way earlier before the health reaches zero and the game still running
any idea why this is happening
|
|
| Back to top |
|
 |
LeFiXER
Grandmaster Cheater Supreme
![]() Reputation: 20
Joined: 02 Sep 2011
Posts: 1055
Location: 0x90
|
| Posted: Thu Apr 13, 2023 11:14 am Post subject: |
|
|
| Would help if you posted the instruction you changed plus some surrounding the instruction.
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Thu Apr 13, 2023 4:20 pm Post subject: |
|
|
Yes, we can only speculate here.
Depending on the nature of the game and how that data is being handled, it could be many different things.
We also might need more details regarding what is happening in-game when this occurs (e.g. is the player being attacked when they die and is the attack and death sequences functioning normally? What do you mean when you say that the game is still running... is it supposed to stop upon death? etc.).
It could be the the value that you are manipulating is not really the damage dealt value.
It could also be that there is a max value that could be applied, that would instantly result in death (e.g. games that have an instant death if you are hit by a specific type of weapon/enemy).
I could probably think of more, but guessing may not help much.
|
|
| Back to top |
|
|
MiNDTH3G4P
How do I cheat?
![]() Reputation: 0
Joined: 20 Aug 2022
Posts: 9
|
| Posted: Sat Apr 15, 2023 12:50 pm Post subject: |
|
|
Okay so I am going to give as much of information as possible so you can guys understand the issue here im facing. This is the snippet of the code
| Code: |
alloc(newmem,2048,"nioh.exe"+7AFB83)
label(returnhere)
label(originalcode)
label(exit)
alloc(defenseMultiplier,4,"nioh.exe"+7AFB83)
registersymbol(defenseMultiplier)
defenseMultiplier:
dd 5
newmem:
cmp [rbx+A00],2 //Compare if player is 2
jne originalcode // Don't jump to originalcode if player is 2 otherwise
push RDX // This will keep enemy damage
push RAX // this will keep the current health
push RCX // this will be used for division of enemy damage
mov edx,0 // move 0 to edx so we divide only ecx with eax
mov eax,edi // move damage to eax
mov ecx,[defenseMultiplier] //move 5 to ecx
idiv ecx //divide ecx with eax and the quotient is stored in eax
mov edi,eax // move the new divided damage value to edi
pop RDX // rever to original value
pop RAX // rever to original value
pop RCX // rever to original value
sub eax,edi // substract health - damage
test eax,eax // check if eax is zero
jle nioh.exe+7AFBA9 // if eax is zero or less jump to death scene
jmp exit // jump out to execute the rest of instructions
originalcode:
sub eax,edi
test eax,eax
jle nioh.exe+7AFBA9
exit:
jmp returnhere
"nioh.exe"+7AFB83:
jmp newmem
nop
returnhere:
|
I can't yet post URLs so first attachment shows the script in memory view and tried to explain as much as possible but please pardon me if anything sounds completely wrong as i am just starting to learn CE. Second attachment and third shows the instruction running if player is not dead. Forth attachment shows what death scene instructions are runs when player is dead. Fifth attachment shows when the player is dead and game counts the player as dead but enemy can still attack but can't reach the player
thank you in advance
| Description: |
| This is the script in memory view with comments |
|
| Filesize: |
71.2 KB |
| Viewed: |
947 Time(s) |
|
| Description: |
| if the player health didn't reached zero and player isn't dead those instruction will run |
|
| Filesize: |
108.41 KB |
| Viewed: |
947 Time(s) |
|
| Description: |
| if the player health didn't reached zero and player isn't dead those instruction will run |
|
| Filesize: |
73.85 KB |
| Viewed: |
948 Time(s) |
|
| Description: |
| Howeer, if the player health reaches zero those instruction will run |
|
| Filesize: |
97.42 KB |
| Viewed: |
947 Time(s) |
|
| Description: |
| If the player has died but game still running means the enemy still can attack player but can't reach its like the game count the player as dead but since its abnormal because health yet not reached 0 still enemy attack the player |
|
| Filesize: |
312.19 KB |
| Viewed: |
948 Time(s) |
|
|
|
| Back to top |
|
|
LeFiXER
Grandmaster Cheater Supreme
![]() Reputation: 20
Joined: 02 Sep 2011
Posts: 1055
Location: 0x90
|
| Posted: Sat Apr 15, 2023 1:29 pm Post subject: |
|
|
It looks as if it's reverting your changes because the popped registers happen before the sub/test instructions are executed which could be the cause of the behaviour you described:
| Code: |
...
newmem:
cmp [rbx+A00],2 //Compare if player is 2
jne originalcode // Don't jump to originalcode if player is 2 otherwise
push RDX // This will keep enemy damage
push RAX // this will keep the current health
push RCX // this will be used for division of enemy damage
mov edx,0 // move 0 to edx so we divide only ecx with eax
mov eax,edi // move damage to eax
mov ecx,[defenseMultiplier] //move 5 to ecx
idiv ecx //divide ecx with eax and the quotient is stored in eax
mov edi,eax // move the new divided damage value to edi
sub eax,edi // substract health - damage
pop RDX // rever to original value
pop RAX // rever to original value
pop RCX // rever to original value
test eax,eax // check if eax is zero
jle nioh.exe+7AFBA9 // if eax is zero or less jump to death scene
|
Also just a tip, with the instruction jle nioh.exe+7AFBA9. You could remove the hardcoded address and have it jump to a location relative to the injection point by subtracting the offset from the injection point address, in this case it'll be 38 bytes. We came to this by subtracting 7AFBA9 from 7AFB83 the result is 26 in hex:
| Code: |
jle defenseMultiplier+26
|
There may be situations where the address+offset changes but you still want it to work and this will do the trick. Anyway, I digress.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
