 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Autem
Expert Cheater
![]() Reputation: 1
Joined: 30 Jan 2023
Posts: 149
|
 Posted: Thu Nov 02, 2023 9:43 am Post subject: Struggling w/ conflicting info for comparing negative floats |
 |
|
I've seen comments in the past about how using cmp for floats can be iffy, some have said they'll work and some have said they won't... but in my experience I've been able to get them to work so I prefer writing it using cmp since I can memorize that method. The other float compare examples I've seen in the past were very long and complicated for one compare, and not something I have ever been able to really get the hang of or memorize.
In the below script, my traditionally less approved method of comparing floats seems to be working unless they're a negative (signed?) value. For those negatives, nothing I try will work. I also tried toggling the CE option ON to show values as signed but I don't think that applies inside the script. How would I apply it inside the script?
Here's the current version of my attempt. You'll see one of the lines I keep changing around to different attempts. I just need the 2 negative compares to work as expected in this string of compares. The rest all seems to work already.
Note: The action this script attempts is to prevent somebody being shot off the screen by a glitch. It is supposed to reduce their x y and z locations back to values that place them where they belong if the values get too big or too small (negative).
| Code: | /[ENABLE]
aobscanmodule(INJECTteleprotec,WWE2K23_x64.exe,03 C5 F8 5C 89 D0 00 00 00) // should be unique
alloc(newmem,$1000,INJECTteleprotec)
label(code)
label(return)
newmem:
push rcx
mov rcx,[rcx+000000B9]
cmp rcx,0
pop rcx
je code
cmp dword ptr [rcx+000000D4],(float)150 //checking elevation
jl @f
mov [rcx+000000D4],(float)-2500 //sending high
mov [rcx+000000D8],(float)-100
mov [rcx+000000D0],(float)100
jmp code //jumping to code in this instance because we auto set x and y anyway if z was corrected, so we skip the rest of those checks below since they're all for x and y stuff that won't need a z correction.
@@:
cmp [rcx+000000D0],FC18 //attempted to write this line's negative value as hex value to see if that works instead. It didn't.
jg @f
mov [rcx+000000D0],(float)400
@@:
cmp [rcx+000000D0],(float)1000
jl @f
mov [rcx+000000D0],(float)-400
@@:
//cmp dword ptr [rcx+000000D8],0000FC18 //this is the other negative I can't get to work but have been trying to rewrite a few ways
//jg @f
//mov [rcx+000000D8],(float)100
//jmp code
//@@:
//cmp dword ptr [rcx+000000D8],(float)3000
//jl code
//mov [rcx+000000D8],(float)-100
//jmp code
code:
vsubps xmm1,xmm0,[rcx+000000D0]
jmp return
INJECTteleprotec+01:
jmp newmem
nop 3
return:
registersymbol(INJECTteleprotec)
[DISABLE]
INJECTteleprotec+01:
db C5 F8 5C 89 D0 00 00 00
unregistersymbol(INJECTteleprotec)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: WWE2K23_x64.exe+8B2DC0
WWE2K23_x64.exe+8B2D8F: 48 8D 35 0A A3 DF 02 - lea rsi,[WWE2K23_x64.exe+36AD0A0]
WWE2K23_x64.exe+8B2D96: 83 FF 40 - cmp edi,40
WWE2K23_x64.exe+8B2D99: 0F 83 D0 01 00 00 - jae WWE2K23_x64.exe+8B2F6F
WWE2K23_x64.exe+8B2D9F: 49 8B 0A - mov rcx,[r10]
WWE2K23_x64.exe+8B2DA2: 48 85 C9 - test rcx,rcx
WWE2K23_x64.exe+8B2DA5: 0F 84 C4 01 00 00 - je WWE2K23_x64.exe+8B2F6F
WWE2K23_x64.exe+8B2DAB: 45 39 39 - cmp [r9],r15d
WWE2K23_x64.exe+8B2DAE: 0F 84 A0 01 00 00 - je WWE2K23_x64.exe+8B2F54
WWE2K23_x64.exe+8B2DB4: 0F B6 15 FD FB FD 02 - movzx edx,byte ptr [WWE2K23_x64.exe+38929B8]
WWE2K23_x64.exe+8B2DBB: C4 C1 78 10 03 - vmovups xmm0,[r11]
// ---------- INJECTING HERE ----------
WWE2K23_x64.exe+8B2DC0: C5 F8 5C 89 D0 00 00 00 - vsubps xmm1,xmm0,[rcx+000000D0]
// ---------- DONE INJECTING ----------
WWE2K23_x64.exe+8B2DC8: C4 E3 71 40 C9 5F - vdpps xmm1,xmm1,xmm1,5F
WWE2K23_x64.exe+8B2DCE: C5 F8 51 D1 - vsqrtps xmm2,xmm1
WWE2K23_x64.exe+8B2DD2: 48 85 DB - test rbx,rbx
WWE2K23_x64.exe+8B2DD5: 74 5A - je WWE2K23_x64.exe+8B2E31
WWE2K23_x64.exe+8B2DD7: 8D 42 EC - lea eax,[rdx-14]
WWE2K23_x64.exe+8B2DDA: 3C 03 - cmp al,03
WWE2K23_x64.exe+8B2DDC: 76 14 - jna WWE2K23_x64.exe+8B2DF2
WWE2K23_x64.exe+8B2DDE: 8D 42 80 - lea eax,[rdx-80]
WWE2K23_x64.exe+8B2DE1: 3C 03 - cmp al,03
WWE2K23_x64.exe+8B2DE3: 76 0D - jna WWE2K23_x64.exe+8B2DF2
} |
|
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 150
Joined: 06 Jul 2014
Posts: 4652
|
| Posted: Thu Nov 02, 2023 11:14 am Post subject: |
|
|
| Autem wrote: | | Code: | mov rcx,[rcx+000000B9]
cmp rcx,0 |
|
That's an unaligned 8-byte value... you sure that's correct?
| Autem wrote: | | Code: | | cmp [rcx+000000D0],FC18 //attempted to write this line's negative value as hex value to see if that works instead. It didn't. |
|
0xFC18 is the float 9.043419769E-41. As a signed 2-byte value it would be -1000, but the type "float" and the type "2-byte integer" are not even close to the same thing. The float -1000 is 0xC47A0000.
| Code: | ...
label(code)
label(otherLimit)
label(L_F150)
label(L_FN1000)
label(L_F1000)
label(return)
newmem:
cmp qword ptr[rcx+B9],0
je code
vmovss xmm1,[rcx+D4]
vucomiss xmm1,[L_F150]
jae sendHigh
vmovss xmm1,[rcx+D0]
vucomiss xmm1,[L_FN1000]
jb otherLimit
vucomiss xmm1,[L_F1000]
jb code
mov [rcx+D0],(float)-400
jmp code
otherLimit:
mov [rcx+D0],(float)400
jmp code
sendHigh:
mov [rcx+D0],(float)100
mov [rcx+D4],(float)-2500
mov [rcx+D8],(float)-100
code:
vsubps xmm1,xmm0,[rcx+000000D0]
jmp return
db CC
align 4 CC
L_F150:
dd (float)150
L_FN1000:
dd (float)-1000
L_F1000:
dd (float)1000
... |
If you don't know assembly, you can use C:
| Code: |
newmem:
{$ccode ptr=rcx}
typedef unsigned long long u64;
char *p = (char *)(ptr);
if (*(u64 *)(p + 0xB9) != 0) {
float *axes = (float *)(p+0xD0);
if (axes[1] >= 150.f) {
axes[0] = 100.f;
axes[1] = -2500.f;
axes[2] = -100.f;
} else if (axes[0] <= -1000.f) {
axes[0] = 400.f;
} else if (axes[0] >= 1000.f) {
axes[0] = -400.f;
}
}
{$asm}
code:
vsubps xmm1,xmm0,[rcx+000000D0]
jmp return |
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
Autem
Expert Cheater
![]() Reputation: 1
Joined: 30 Jan 2023
Posts: 149
|
| Posted: Fri Nov 03, 2023 11:51 am Post subject: |
|
|
| This method of comparing the floats seems to be working great for me in a couple scripts I'm putting together so thank you very much. That pretty much solves my issue in general!
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 150
Joined: 06 Jul 2014
Posts: 4652
|
| Posted: Fri Nov 03, 2023 1:40 pm Post subject: |
|
|
As an aside, the only reason I used `vucomiss` / `vmovss` (AVX instructions) is because the game was using them. If the game used stuff like `movss` / `ucomiss` (SSE2 instructions), I'd use those instead.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
