But I want a proper hack for unlimited health. And it once again uses movss with those XMM registers.
I don't know how I'm suppose to isolate the one that writes to the player's health.
The function that controls health is this:
0045D67D - f3 0f 11 87 20 01 00 00 - movss [edi+00000120],xmm0
Now what I know is that the health is written to edi+00000120. Here is a screenshot of the values at the address, captured via Cheat Engine. Link
Now if I take the address shown at EDI and add the offset you get 8553280. Navigating to that address gives you this code:
08553280 - 00 80 ab 43 00 00 - add [eax+000043ab],al
This is the address that my life is stored to. But changing this results in it to reset to add [eax+000043ab],al.
Now what I've been thinking of doing is instituting a conditional jump, in which if edi = 08553160, and if it does, set the value to a set value, to cause the true infinite life effect. Does this sound right? if so, how would I code the edi conditional jump inside my code cave.
Thanks for the help Dabs... Your guidance has put me on the path to understand ASM and SSE better. But one thing that I don't really understand is Conditional Jumps.
Help would be appreciated :]
Ok, so I want to use a condition jump if edi is equal to 08553160. I'm going to look at the tuts more and see if there is a way to do it.
[Edited by Sil3nt_Pr0digy, 3/21/2010 8:09:56 PM]
My bad... I realized that it won't work because the address I was seeing (8553160) was a DMA address for health; not what I was looking for... Damn it... isn't there some other way to sort out the player's health?
BTW, I got my conditional jump working... now if I just knew what to put in it...
[Edited by Sil3nt_Pr0digy, 3/21/2010 9:43:44 PM]
This would be so much easier if I could find an example of infinite health in which a game has similar functions for health.
Ok... Still having problems separating the codes... how does everyone else do this? lol, There obviously have to be some way for me to do it because others have done it.... I just wish someone would tell me how and finally let me know.
[Edited by Sil3nt_Pr0digy, 3/21/2010 11:02:57 PM]
I can't seem to find the website; do you have a link?
[Edited by Sil3nt_Pr0digy, 3/22/2010 2:04:34 AM]
Nvm, I found the site, I'm reading up on them right now. They are hard to understand, as he is using MASM. I really don't see how this will help me figure out how to do my infinite health tho.
[Edited by Sil3nt_Pr0digy, 3/22/2010 2:16:53 AM]
I went through the Exagone tuts, they are pretty basic, and stuff that is already listed in your tuts.
[Edited by Sil3nt_Pr0digy, 3/22/2010 2:26:44 AM]
Well after reading a bit more; I still cannot seem to find anything relating to my problem, or having to do with things that I haven't already learned in tutorials from CH and other websites.
Hopefully someone has a URL, example, or can assist me, so that I may figure out the way to get my code working.
I believe a conditional jump is the right idea; but I do not know how to make sure that the conditional jump will only be executed if the pointer is that of the player's health;
I was thinking about checking pointers; but several thousand tend to show up when I am doing a pointer scan of the address; Which does not help me at all.
[Edited by Sil3nt_Pr0digy, 3/22/2010 2:39:04 AM]
The pointer you found was for the player/NPC structure.
You will have to check with each structure to see if there is a difference at the start of each. Most of the time, the first byte could be a 01 and for NPC's 00.
If that is the case, then you could do something like
PUSH EAX << Save content of register for later
MOV EAX, [Pointeraddress] -- Move address into EAX
CMP [EAX+xx],01 - compare the memory location + offset to the check byte with 1
JNE xxxxxx - Jump if not equal - i.e. Jump if not player
MOV [EAX+xx],64 - Force decimal value of 100 into player health (xx being the offset for health)
XOR EAX,EAX - This effectivaly makes EAX 0
POP EAX - Put back the original value.
JMP xxxxxx - Jump back to game.
POP EAX - Put back to original value - also this is where JNE jumps to
(Place back original instructions here for NPC)
JMP xxxxxx - Jump back to game
That was just an example, dont have the game your using so its just an idea of how it works
EDIT: When I said [Pointeraddress] I mean the register+offset not the actual value
[Edited by DABhand, 3/22/2010 4:12:53 AM]
Version as in patched version