Page 1 of 1
Damage Multiplier ?
Posted: Sun Apr 30, 2017 5:36 pm
by Kalas
Ok so I've seen many tables using the Script called Mutlipler, I don't really understand what they do there:
But this is a code that displays my current Damage:
Code: Select all
[ENABLE]
aobscan(aobDamageIncrease,8B 80 CC 00 00 00 89 45 C0)
alloc(newmem,$100,aobDamageIncrease)
label(code)
label(return)
newmem:
code:
mov eax,[eax+000000CC]
jmp return
aobDamageIncrease:
jmp newmem
nop
return:
registersymbol(aobDamageIncrease)
[DISABLE]
aobDamageIncrease:
db 8B 80 CC 00 00 00
unregistersymbol(aobDamageIncrease)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 17403352
""+17403333: 83 EC 04 - sub esp,04
""+17403336: 68 90 BB 3E 55 - push 553EBB90
""+1740333B: 6A 04 - push 04
""+1740333D: 50 - push eax
""+1740333E: E8 CD DC 84 EE - call 05C51010
""+17403343: 83 C4 10 - add esp,10
""+17403346: 8B 45 BC - mov eax,[ebp-44]
""+17403349: 89 45 C4 - mov [ebp-3C],eax
""+1740334C: 89 45 C8 - mov [ebp-38],eax
""+1740334F: 8B 47 1C - mov eax,[edi+1C]
// ---------- INJECTING HERE ----------
""+17403352: 8B 80 CC 00 00 00 - mov eax,[eax+000000CC]
// ---------- DONE INJECTING ----------
""+17403358: 89 45 C0 - mov [ebp-40],eax
""+1740335B: 83 EC 0C - sub esp,0C
""+1740335E: 68 44 8B 1F 02 - push 021F8B44
""+17403363: E8 48 DC 84 EE - call 05C50FB0
""+17403368: 83 C4 10 - add esp,10
""+1740336B: 8B C8 - mov ecx,eax
""+1740336D: 8B 45 C4 - mov eax,[ebp-3C]
""+17403370: 8B 55 C0 - mov edx,[ebp-40]
""+17403373: 89 51 08 - mov [ecx+08],edx
""+17403376: 83 EC 04 - sub esp,04
}
Instead of changing it to 999 can I do some sort of Multiplier for it? and also a way for people to change it via adding manual address.
Re: Damage Multiplier ?
Posted: Sun Apr 30, 2017 6:27 pm
by Squall8
You're better off finding the instruction that relates to decreasing enemy health. A SUB or MOV works just fine.
Here is a couple methods I have used.
Set it up like this:
SUB:
Code: Select all
newmem:
mov XYZ,[yoursymbol] // I usually just choose an empty register to work with. You can use PUSH/POP here as well.
imul esi,XYZ
code:
sub [ebx+3C],esi
jmp return
yoursymbol:
dd or dq 2 // Depending on whether the target process is 32 or 64 bit
MOV:
Code: Select all
newmem:
sub edx,dword [rbx+00001884]
imul edx,[yoursymbol]
add dword [rbx+00001884],edx
jmp return
code:
mov [rbx+00001884],edx
jmp return
yoursymbol:
dq 2
Re: Damage Multiplier ?
Posted: Sun Apr 30, 2017 6:41 pm
by Kalas
Oh so like imul just duplicates whatever that's in edx which carries whatever in 1884 ?
So like whatever that's in edx It will multiple it ?
What exactly the dq means? I know It's define q but like why 2?
If I change the value to 10 It will mean like 10x Multiplier pretty much ?
Re: Damage Multiplier ?
Posted: Sun Apr 30, 2017 7:09 pm
by Squall8
Yes. Basically its isolating the last written value with SUB edx,dword [rbx+00001884] (say 50 damage points). Multiplies that by 10 or whatever value. Then adds 500 back. Thinking about it, my SUB and ADD my be wrong because that example was for an EXP multiplier. You may just need to change ADD to SUB. But its the same concept.
You can put whatever number you want there. When you activate the script your multiplier will be that value, in that case 2.
Re: Damage Multiplier ?
Posted: Sun Apr 30, 2017 7:26 pm
by Kalas
Squall8 wrote: ↑Sun Apr 30, 2017 7:09 pm
Yes. Basically its isolating the last written value with SUB edx,dword [rbx+00001884] (say 50 damage points). Multiplies that by 10 or whatever value. Then adds 500 back. Thinking about it, my SUB and ADD my be wrong because that example was for an EXP multiplier. You may just need to change ADD to SUB. But its the same concept.
You can put whatever number you want there. When you activate the script your multiplier will be that value, in that case 2.
I understand, thank you so much.
Re: Damage Multiplier ?
Posted: Sun Apr 30, 2017 7:36 pm
by Kalas
Code: Select all
[ENABLE]
aobscan(aobXP,89 46 38 83 EC 08)
alloc(newmem,$100,aobXP)
registersymbol(XP_Multiplier)
label(code)
label(return)
label(XP_Multiplier)
newmem:
sub eax,dword [esi+38]
imul eax,[XP_Multiplier]
add dword [esi+38],eax
jmp return
code:
mov [esi+38],eax
sub esp,08
jmp return
XP_Multiplier:
dq 2
aobXP:
jmp newmem
nop
return:
registersymbol(aobXP)
[DISABLE]
aobXP:
db 89 46 38 83 EC 08
unregistersymbol(aobXP)
unregistersymbol(XP_Multiplier)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 43CE3235
""+43CE321B: 8B 46 38 - mov eax,[esi+38]
""+43CE321E: 83 EC 08 - sub esp,08
""+43CE3221: 50 - push eax
""+43CE3222: 53 - push ebx
""+43CE3223: 39 1B - cmp [ebx],ebx
""+43CE3225: E8 B6 82 FB FF - call 43C9B4E0
""+43CE322A: 83 C4 10 - add esp,10
""+43CE322D: 89 45 F0 - mov [ebp-10],eax
""+43CE3230: 8B 46 38 - mov eax,[esi+38]
""+43CE3233: 03 C7 - add eax,edi
// ---------- INJECTING HERE ----------
""+43CE3235: 89 46 38 - mov [esi+38],eax
""+43CE3238: 83 EC 08 - sub esp,08
// ---------- DONE INJECTING ----------
""+43CE323B: 50 - push eax
""+43CE323C: 53 - push ebx
""+43CE323D: 39 1B - cmp [ebx],ebx
""+43CE323F: E8 9C 82 FB FF - call 43C9B4E0
""+43CE3244: 83 C4 10 - add esp,10
""+43CE3247: 8B F8 - mov edi,eax
""+43CE3249: 8B C7 - mov eax,edi
""+43CE324B: 2B 45 F0 - sub eax,[ebp-10]
""+43CE324E: 89 45 EC - mov [ebp-14],eax
""+43CE3251: 85 C0 - test eax,eax
}
Did It, thank you
Re: Damage Multiplier ?
Posted: Sat Nov 04, 2017 8:52 pm
by squall0833
Hello Squall8, lol
I'm new to CE, also looking for something like this
previously I was using imul for triple xp such as
push eax
mov eax,3
imul edx,eax
pop eax
add [ebx+04],edx //original code adds XP
now im looking for something like getting damage value from the typical health value like "mov [ecx+20],eax" and multiplies it putting back the health
so i found ur two methods for that, now i got few basic questions, look
BOLD text below
I can understand your first code, but got little confused in second code below,
Squall8 wrote: ↑Sun Apr 30, 2017 6:27 pm
You're better off finding the instruction that relates to decreasing enemy health. A SUB or MOV works just fine.
Here is a couple methods I have used.
Set it up like this:
Let's assume rbx+1884 is the Current Health
MOV:
Code: Select all
newmem:
sub edx,[b]dword [rbx+00001884][/b] [b] <-- what does that mean adding "dword" before [rbx+00001884]? without that it wont pick up the value for subtracting the edx with Current Health? [/b]
imul edx,[yoursymbol]
add [b]dword [rbx+00001884],edx[/b]
jmp return
code:
mov [rbx+00001884],edx
jmp return
yoursymbol:
dq 2
can you explain this piece of code in math calculation formula? so i can understand how those "sub" and "add" works
im kinda confuse at:
newmem:
sub edx,
dword [rbx+00001884] // is this 800-1000 or 1000-800?
imul edx,[yoursymbol]
add
dword [rbx+00001884],edx // why is this reverse? does it changes edx or dword [rbx+00001884] ?
jmp return
code:
mov [rbx+00001884],edx
jmp return
thanks
Re: Damage Multiplier ?
Posted: Sat Nov 04, 2017 11:19 pm
by Squall8
So I used an Exp Multiplier in that example, but it's the same concept.
Using your instruction above
mov [ecx+20],eax, say your enemy has 100 HP and got dealt 20 damage. Now it's just moving 80 into your enemy's health.
I haven't messed around with Damage Multipliers in a while, but this is what I came up with on the spot:
Code: Select all
sub [ecx+20],eax - (100-80=20). This isolates the amount of damage done. New health=20.
push ebx
mov ebx,[ecx+20] - Moves 20 into ebx
imul ebx,[multiplervalue] - Multiples ebx by defined value. Lets just say (20*2=40).
add [ecx+20],eax - Restores the health value to what it was before you dealt damage (20+80=100).
sub [ecx+20],ebx - Subtracts now 40 points from health instead of the initial 20.
pop ebx
I'm pretty sure there is a better way to write this out, but this should work fine.
Re: Damage Multiplier ?
Posted: Sun Nov 05, 2017 1:58 pm
by squall0833
Squall8 wrote: ↑Sat Nov 04, 2017 11:19 pm
So I used an Exp Multiplier in that example, but it's the same concept.
Using your instruction above
mov [ecx+20],eax, say your enemy has 100 HP and got dealt 20 damage. Now it's just moving 80 into your enemy's health.
I haven't messed around with Damage Multipliers in a while, but this is what I came up with on the spot:
Code: Select all
sub [ecx+20],eax - (100-80=20). This isolates the amount of damage done. New health=20.
push ebx
mov ebx,[ecx+20] - Moves 20 into ebx
imul ebx,[multiplervalue] - Multiples ebx by defined value. Lets just say (20*2=40).
add [ecx+20],eax - Restores the health value to what it was before you dealt damage (20+80=100).
sub [ecx+20],ebx - Subtracts now 40 points from health instead of the initial 20.
pop ebx
I'm pretty sure there is a better way to write this out, but this should work fine.
oh thanks,
so there's many way or writing the code, but works same
Re: Damage Multiplier ?
Posted: Wed Nov 15, 2017 12:06 am
by ByteXavier
I'm also trying to write a script to multiply my damage, although when I scan to see what writes to the address that correlates to my enemies health I get this:
[Link]
Any suggestions?
Re: Damage Multiplier ?
Posted: Wed Nov 15, 2017 3:14 am
by Squall8
Look no more than 3 lines above that
movss for a
subss instruction. For example, you find
subss xmm0,xmm2.
Code: Select all
newmem:
mulss xmm2,[multipliervalue] - Add this.
code:
subss xmm0,xmm2 - In this case, xmm0 holds your enemy's current health and xmm2 is the amount of damage done.
...