Page 1 of 1

movss help

Posted: Sun Sep 03, 2017 7:38 pm
by Cralont
So im making a table for DOOM the 2016 release and it seems that it uses movss at an opcode for calculating health. The problem is that it also calculates enemy health. Ive made a script that makes the player invincible, but you can still die sometimes from random things, like one time I died from a barrel explosion on ultra nightmare difficulty, but on hurt me plenty difficulty I wouldnt die from the barrel explosion. This is my working script that I found almost on accident,

{ Game : DOOMx64.exe
Version: Godmode Version 1, Made in Table V .04
Date : 2 September 2017
Author : Cralont(Legendary Ebon Steed)

This script makes the player invincible. The code is shared with enemy health calculation though so it may also make some enemies invincible along with the player. A workaround would be to just turn the script off and then kill them. Further testing is required to see if this does actually make enemies invincible too, so far all the enemies in UAC(first level) are killable.
}

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat



aobscanmodule(INJECT,DOOMx64.exe,00 F3 0F 10 74 24 40 F3 0F 11 44 1E 1C) // should be unique
alloc(newmem,$1000,"DOOMx64.exe"+3AD720)

label(code)
label(return)

newmem:

code:
movss [rsi+rbx+1C],xmm3
jmp return
//This used to be movss [rsi+rbx+1C],xmm0. I forgot what it was when I went to change it back and so I put xmm3. Somehow it makes player invincible

INJECT+07:
jmp newmem
nop
return:
registersymbol(INJECT)

[DISABLE]
//code from here till the end of the code will be used to disable the cheat
INJECT+07:
db F3 0F 11 44 1E 1C

unregistersymbol(INJECT)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "DOOMx64.exe"+3AD720

"DOOMx64.exe"+3AD6E1: 48 8B 0D E8 AC 93 03 - mov rcx,[DOOMx64.exe+3CE83D0]
"DOOMx64.exe"+3AD6E8: BA 01 00 00 00 - mov edx,00000001
"DOOMx64.exe"+3AD6ED: 48 8B 01 - mov rax,[rcx]
"DOOMx64.exe"+3AD6F0: FF 90 20 02 00 00 - call qword ptr [rax+00000220]
"DOOMx64.exe"+3AD6F6: 89 83 B8 00 00 00 - mov [rbx+000000B8],eax
"DOOMx64.exe"+3AD6FC: F3 0F 58 B3 B0 00 00 00 - addss xmm6,[rbx+000000B0]
"DOOMx64.exe"+3AD704: F3 0F 10 44 24 44 - movss xmm0,[rsp+44]
"DOOMx64.exe"+3AD70A: 48 8B AC 24 C8 00 00 00 - mov rbp,[rsp+000000C8]
"DOOMx64.exe"+3AD712: F3 0F 11 B3 B0 00 00 00 - movss [rbx+000000B0],xmm6
"DOOMx64.exe"+3AD71A: F3 0F 10 74 24 40 - movss xmm6,[rsp+40]
// ---------- INJECTING HERE ----------
"DOOMx64.exe"+3AD720: F3 0F 11 44 1E 1C - movss [rsi+rbx+1C],xmm0
// ---------- DONE INJECTING ----------
"DOOMx64.exe"+3AD726: 0F B6 74 24 4C - movzx esi,byte ptr [rsp+4C]
"DOOMx64.exe"+3AD72B: F3 0F 11 75 00 - movss [rbp+00],xmm6
"DOOMx64.exe"+3AD730: 40 84 F6 - test sil,sil
"DOOMx64.exe"+3AD733: 74 40 - je DOOMx64.exe+3AD775
"DOOMx64.exe"+3AD735: 48 8B 13 - mov rdx,[rbx]
"DOOMx64.exe"+3AD738: 0F 28 CF - movaps xmm1,xmm7
"DOOMx64.exe"+3AD73B: 48 8B CB - mov rcx,rbx
"DOOMx64.exe"+3AD73E: FF 92 98 01 00 00 - call qword ptr [rdx+00000198]
"DOOMx64.exe"+3AD744: 48 8B 13 - mov rdx,[rbx]
"DOOMx64.exe"+3AD747: 48 8B CB - mov rcx,rbx
}

Id like to find a way to do it without having this accidental script be what I have in the table. Ive found multiple ways to create godmode scripts, but none of them seem to work, this is the latest way Ive tried. [Link]

Re: movss help

Posted: Mon Sep 04, 2017 5:13 am
by dl748
There is probably some code that does "if damage > health then die" without actually modifying the value.

Re: movss help

Posted: Mon Sep 04, 2017 11:33 am
by FreeER
or something could be use xmm0 as the most up to date value instead of reading from memory, try "movss xmm0, xmm3" instead of moving xmm3 into memory. If that doesn't work then check out where xmm0's value is coming from (rsp+44)

Re: movss help

Posted: Fri Feb 09, 2018 4:24 pm
by movss
register compare

Re: movss help

Posted: Fri Feb 09, 2018 5:18 pm
by SunBeam
Start by studying the engine and do a structure pointer compare. Simple. Wrote a DOOM article at some point. Might revive it. As for tables.. who needs them when we have all console commands/CVars active and usable?..