movss help

Memory scanning, code injection, debugger internals and other gamemodding related discussion
Post Reply
Posts: 7
Joined: Fri Sep 01, 2017 2:46 am
Reputation: 0

movss help

Post by Cralont » Sun Sep 03, 2017 7:38 pm

So im making a table for DOOM the 2016 release and it seems that it uses movss at an opcode for calculating health. The problem is that it also calculates enemy health. Ive made a script that makes the player invincible, but you can still die sometimes from random things, like one time I died from a barrel explosion on ultra nightmare difficulty, but on hurt me plenty difficulty I wouldnt die from the barrel explosion. This is my working script that I found almost on accident,

{ Game : DOOMx64.exe
Version: Godmode Version 1, Made in Table V .04
Date : 2 September 2017
Author : Cralont(Legendary Ebon Steed)

This script makes the player invincible. The code is shared with enemy health calculation though so it may also make some enemies invincible along with the player. A workaround would be to just turn the script off and then kill them. Further testing is required to see if this does actually make enemies invincible too, so far all the enemies in UAC(first level) are killable.

//code from here to '[DISABLE]' will be used to enable the cheat

aobscanmodule(INJECT,DOOMx64.exe,00 F3 0F 10 74 24 40 F3 0F 11 44 1E 1C) // should be unique



movss [rsi+rbx+1C],xmm3
jmp return
//This used to be movss [rsi+rbx+1C],xmm0. I forgot what it was when I went to change it back and so I put xmm3. Somehow it makes player invincible

jmp newmem

//code from here till the end of the code will be used to disable the cheat
db F3 0F 11 44 1E 1C



"DOOMx64.exe"+3AD6E1: 48 8B 0D E8 AC 93 03 - mov rcx,[DOOMx64.exe+3CE83D0]
"DOOMx64.exe"+3AD6E8: BA 01 00 00 00 - mov edx,00000001
"DOOMx64.exe"+3AD6ED: 48 8B 01 - mov rax,[rcx]
"DOOMx64.exe"+3AD6F0: FF 90 20 02 00 00 - call qword ptr [rax+00000220]
"DOOMx64.exe"+3AD6F6: 89 83 B8 00 00 00 - mov [rbx+000000B8],eax
"DOOMx64.exe"+3AD6FC: F3 0F 58 B3 B0 00 00 00 - addss xmm6,[rbx+000000B0]
"DOOMx64.exe"+3AD704: F3 0F 10 44 24 44 - movss xmm0,[rsp+44]
"DOOMx64.exe"+3AD70A: 48 8B AC 24 C8 00 00 00 - mov rbp,[rsp+000000C8]
"DOOMx64.exe"+3AD712: F3 0F 11 B3 B0 00 00 00 - movss [rbx+000000B0],xmm6
"DOOMx64.exe"+3AD71A: F3 0F 10 74 24 40 - movss xmm6,[rsp+40]
// ---------- INJECTING HERE ----------
"DOOMx64.exe"+3AD720: F3 0F 11 44 1E 1C - movss [rsi+rbx+1C],xmm0
// ---------- DONE INJECTING ----------
"DOOMx64.exe"+3AD726: 0F B6 74 24 4C - movzx esi,byte ptr [rsp+4C]
"DOOMx64.exe"+3AD72B: F3 0F 11 75 00 - movss [rbp+00],xmm6
"DOOMx64.exe"+3AD730: 40 84 F6 - test sil,sil
"DOOMx64.exe"+3AD733: 74 40 - je DOOMx64.exe+3AD775
"DOOMx64.exe"+3AD735: 48 8B 13 - mov rdx,[rbx]
"DOOMx64.exe"+3AD738: 0F 28 CF - movaps xmm1,xmm7
"DOOMx64.exe"+3AD73B: 48 8B CB - mov rcx,rbx
"DOOMx64.exe"+3AD73E: FF 92 98 01 00 00 - call qword ptr [rdx+00000198]
"DOOMx64.exe"+3AD744: 48 8B 13 - mov rdx,[rbx]
"DOOMx64.exe"+3AD747: 48 8B CB - mov rcx,rbx

Id like to find a way to do it without having this accidental script be what I have in the table. Ive found multiple ways to create godmode scripts, but none of them seem to work, this is the latest way Ive tried.

Expert Cheater
Expert Cheater
Posts: 111
Joined: Sun Jul 09, 2017 3:17 am
Reputation: 88

Re: movss help

Post by dl748 » Mon Sep 04, 2017 5:13 am

There is probably some code that does "if damage > health then die" without actually modifying the value.

User avatar
Expert Cheater
Expert Cheater
Posts: 72
Joined: Fri Mar 10, 2017 7:11 pm
Reputation: 11

Re: movss help

Post by FreeER » Mon Sep 04, 2017 11:33 am

or something could be use xmm0 as the most up to date value instead of reading from memory, try "movss xmm0, xmm3" instead of moving xmm3 into memory. If that doesn't work then check out where xmm0's value is coming from (rsp+44)

Posts: 11
Joined: Fri Feb 09, 2018 2:14 pm
Reputation: 0

Re: movss help

Post by movss » Fri Feb 09, 2018 4:24 pm

register compare

User avatar
Posts: 130
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 65

Re: movss help

Post by SunBeam » Fri Feb 09, 2018 5:18 pm

Start by studying the engine and do a structure pointer compare. Simple. Wrote a DOOM article at some point. Might revive it. As for tables.. who needs them when we have all console commands/CVars active and usable?..

Post Reply

Who is online

Users browsing this forum: No registered users