So I thought I'd give COSMOS a try on South Park: The Stick of Truth. After trial and error, I was able to locate three addresses that handle health.
1353D368 - Double
1353D2E8 - Double
19F08D28 - Float
All three change, but only the Float appears to update if I change the value. So woot to me!
Now I assume the next step is a script that basically does the job of constantly inject the max HP value. I'm not sure how to do this. I have programming experience but I've never written trainer scripts. Could someone direct me to the correct documentation, or provide some guidelines?
A window shows up and as soon as your health gets accesses, it will log the memory address of the function. If you found one, double click on it to jump to that adress in memory viewer.
Then right click on it and select 'Inject here'. Then you can choose between:
- offset injection. This requires that the function is located inside the a memory module (dll or game exe) and the injection is then based on the offset (base address of module + offset = injection point). Obviously as soon as the module changes due to a patch your injection script breaks. This method is kinda outdated nowadays.
- AOB (array of bytes) injection. This will try to find a unique byte pattern either inside module or inside the whole process. You can expect this to be the best way as it probably works through several patches.
After that step you are inside the script editor. You need to understand assembly language to know how to freeze / move values. As CoSMOS has nearly the same script syntax as Cheat Engine you can adopt any tutorial for cheatengine. If you have any specific question feel free to ask.
Update: I bought the Assembly Language Adventures: Complete Course for $5 on Udemy. I spend more than $5 at Starbucks.
[Edited by tommy3467, 9/18/2017 4:27:50 PM]
You have to know the difference between byte, word, dword, qword, float and double.
You have to know the mov and cmp (possible fld and fstp) command as well.
Also you should know about the registers (eax, ecx, etc).
After that the rest is pretty much learning by doing. But of course, if you fully learn assembly it will only have a positive effect.
Also, I noticed the float address for hp changes each battle as you can see in my screenshot. Is this what you meant by "Find out what access" so that I can trace all these addresses back to function? Kind of like a reverse engineer.
[Edited by tommy3467, 9/18/2017 8:19:40 PM]
In your case it moves the float value stored in ecx+18 into xmm0.
This is important because if it would be the other way around (moving float value from register into ecx+18) you would have to write your code behind the original code.
Anyway it should be enough to write a single line behind 'codecave:'
mov dword ptr[ecx+18],(float)999
So it moves the float value 999 into ecx+18 and then execute the original code. And it does that each time the function gets accessed. As a float value takes 4 bytes in memory, we're using mov dword.
If your maximum health is stored nearby you can also do something better like:
fld dword ptr[ecx+18+4]
fstp dword ptr[ecx+18]
Assuming your maximum health is stored at ecx+1C this code will load the float value stored in ecx+1C (pushes it into FPU stack) and paste it into ecx+18 (pops from FPU stack).
* Updated game trainers and cheats daily
* Get notified when new cheats are added
* Request which games get new trainers
* Priority support with any problem