Help with doing something xmm registers related cheats

Memory scanning, code injection, debugger internals and other gamemodding related discussion
Post Reply
squall0833
Expert Cheater
Expert Cheater
Posts: 97
Joined: Sat Mar 04, 2017 1:46 pm
Reputation: 22

Help with doing something xmm registers related cheats

Post by squall0833 » Sun May 06, 2018 6:16 pm

Hello, everyone, I'm still a newbie in CE,



here's something in game, it's a gauge in float value, with instruction : always writes to the address all the time



[quote]04D6AC36: F3 41 0F 11 AF B0 00 00 00 - movss [r15+000000B0],xmm5[/quote]



In the game,you need to do something so the gauge goes up slowly, if you stop doing anything, that gauge value reduce over time, so...



for some reason I don't want to make it instant full by doing like [B]mov [r15+000000B0],(float)100.0[/B]



I want to make a cheat that speeds up the value increase, like double or more by multiplier



normally i know how to do multiplier cheats but I don't know how when there's xmm register and it's Float value



have any idea how to do that?



I was trying to find a way to get latest value from xmm5 to a register, then sub the value with current value, multiply it, add it to the current value, and put the final value back to xmm5.



is it possible to do that?







Thanks
Last edited by squall0833 on Sun May 06, 2018 6:35 pm, edited 3 times in total.

Squall8
RCE Fanatics
RCE Fanatics
Posts: 558
Joined: Fri Mar 03, 2017 7:43 am
Reputation: 298

Help with doing something xmm registers related cheats

Post by Squall8 » Sun May 06, 2018 7:07 pm

Its basically like the same way I taught you before, except now the commands change slightly.



ADD>ADDSS

SUB>SUBSS

MUL>MULSS



You can also look a couple lines up from the MOVSS to see if there is something like [B]addss[/B] [B]xmm5,xmm(x)[/B]. Then you can inject there and simply add this before anything:

[B]mulss xmm(x)[/B],[B][yourmultiplier][/B]

User avatar
TheyCallMeTim13
Administration
Administration
Posts: 980
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 154
Contact:

Help with doing something xmm registers related cheats

Post by TheyCallMeTim13 » Sun May 06, 2018 7:12 pm

[QUOTE="squall0833, post: 44925, member: 639"]...get latest value from xmm5 to a register...[/QUOTE]

[CODE=nasm]cvtss2si eax,xmm5

//..

cvtsi2ss xmm5,eax[/CODE]

[U][URL]https://wiki.cheatengine.org/index.php?title=Assembler:Commands:CVTSI2SD[/URL]

[URL]https://wiki.cheatengine.org/index.php?title=Assembler:Commands:CVTSI2SS[/URL][/U]



But like [USER=240]@Squall8[/USER] said, look to see if it has a multiplier it most likely does and you can just hijack that.



[U][URL]https://wiki.cheatengine.org/index.php?title=Assembler:Commands:MOVSS[/URL]

[URL]https://wiki.cheatengine.org/index.php?title=Assembler:Commands:SUBSS[/URL]

[URL]https://wiki.cheatengine.org/index.php?title=Assembler:Commands:ADDSS[/URL][/U]

squall0833
Expert Cheater
Expert Cheater
Posts: 97
Joined: Sat Mar 04, 2017 1:46 pm
Reputation: 22

Help with doing something xmm registers related cheats

Post by squall0833 » Sun May 06, 2018 8:59 pm

[QUOTE="Squall8, post: 44927, member: 240"]Its basically like the same way I taught you before, except now the commands change slightly.



ADD>ADDSS

SUB>SUBSS

MUL>MULSS



You can also look a couple lines up from the MOVSS to see if there is something like [B]addss[/B] [B]xmm5,xmm(x)[/B]. Then you can inject there and simply add this before anything:

[B]mulss xmm(x)[/B],[B][yourmultiplier][/B][/QUOTE]

[QUOTE="TheyCallMeTim13, post: 44929, member: 91"][CODE=nasm]cvtss2si eax,xmm5

//..

cvtsi2ss xmm5,eax[/CODE]

[U][URL]https://wiki.cheatengine.org/index.php?title=Assembler:Commands:CVTSI2SD[/URL]

[URL]https://wiki.cheatengine.org/index.php?title=Assembler:Commands:CVTSI2SS[/URL][/U]



But like [USER=240]@Squall8[/USER] said, look to see if it has a multiplier it most likely does and you can just hijack that.



[U][URL]https://wiki.cheatengine.org/index.php?title=Assembler:Commands:MOVSS[/URL]

[URL]https://wiki.cheatengine.org/index.php?title=Assembler:Commands:SUBSS[/URL]

[URL]https://wiki.cheatengine.org/index.php?title=Assembler:Commands:ADDSS[/URL][/U][/QUOTE]





What I see are these

[quote]

""+2B6E7672: 41 83 3E 00 - cmp dword ptr [r14],00

""+2B6E7676: 49 BB 20 97 6F 2B 00 00 00 00 - mov r11,000000002B6F9720

""+2B6E7680: 41 FF D3 - call r11

""+2B6E7683: 48 83 C4 20 - add rsp,20

""+2B6E7687: F3 41 0F 10 87 B0 00 00 00 - movss xmm0,[r15+000000B0]

""+2B6E7690: F3 0F 5A C0 - cvtss2sd xmm0,xmm0

""+2B6E7694: F3 0F 10 4D C8 - movss xmm1,[rbp-38]

""+2B6E7699: F3 0F 5A C9 - cvtss2sd xmm1,xmm1

""+2B6E769D: F3 41 0F 10 97 E4 00 00 00 - movss xmm2,[r15+000000E4]

""+2B6E76A6: F3 0F 5A D2 - cvtss2sd xmm2,xmm2

// ---------- INJECTING HERE ----------

""+2B6E76AA: F2 0F 59 CA - mulsd xmm1,xmm2

""+2B6E76AE: F2 0F 58 C1 - addsd xmm0,xmm1 /// I tried add a line before this mulsd xmm1,[multiplier] but the gauge freezed

// ---------- DONE INJECTING ----------

""+2B6E76B2: F2 0F 5A E8 - cvtsd2ss xmm5,xmm0 ///the only line has xmm5,what does it do?

""+2B6E76B6: F3 41 0F 11 AF B0 00 00 00 - movss [r15+000000B0],xmm5 /// The Current Gauge Value

""+2B6E76BF: F3 41 0F 10 87 B0 00 00 00 - movss xmm0,[r15+000000B0]

""+2B6E76C8: F3 0F 5A C0 - cvtss2sd xmm0,xmm0[/quote]



did i do wrong ?
Last edited by squall0833 on Thu Jan 01, 1970 12:00 am, edited 1 time in total.

User avatar
TheyCallMeTim13
Administration
Administration
Posts: 980
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 154
Contact:

Help with doing something xmm registers related cheats

Post by TheyCallMeTim13 » Sun May 06, 2018 10:54 pm

[USER=639]@squall0833[/USER]

Did you use MULSD with a double or MULSS with a single? Those are doubles so the instructions I gave before won't work, but most will if you use a double and change the [B]SS[/B] to [B]SD[/B], i.e.: [B]ADDSS[/B] to [B]ADDSD[/B].

[CODE=cea]//...

alloc(someMem, ...

label(someValue)

//...

someMem:

//...

mulsd xmm1,[someValue]

addsd xmm0,xmm1

//...

jmp return

someValue:

dq (double)2.5 //// Data quad / 8 bytes; (double precision floating point)

//...[/CODE]
Last edited by TheyCallMeTim13 on Thu Jan 01, 1970 12:00 am, edited 3 times in total.

squall0833
Expert Cheater
Expert Cheater
Posts: 97
Joined: Sat Mar 04, 2017 1:46 pm
Reputation: 22

Help with doing something xmm registers related cheats

Post by squall0833 » Mon May 07, 2018 3:02 pm

[QUOTE="TheyCallMeTim13, post: 44960, member: 91"][USER=639]@squall0833[/USER]

Did you use MULSD with a double or MULSS with a single? Those are doubles so the instructions I gave before won't work, but most will if you use a double and change the [B]SS[/B] to [B]SD[/B], i.e.: [B]ADDSS[/B] to [B]ADDSD[/B].

[CODE=cea]//...

alloc(someMem, ...

label(someValue)

//...

someMem:

//...

mulsd xmm1,[someValue]

addsd xmm0,xmm1

//...

jmp return

someValue:

dq (double)2.5 //// Data quad / 8 bytes; (double precision floating point)

//...[/CODE][/QUOTE]





OOOoohh, it works :D



by changing that multiplier [somevalue] to double value, it works!



thanks, learnt something new about how to deal with xmm registers, and single, double float :)
Last edited by squall0833 on Mon May 07, 2018 4:24 pm, edited 1 time in total.

User avatar
TheyCallMeTim13
Administration
Administration
Posts: 980
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 154
Contact:

Help with doing something xmm registers related cheats

Post by TheyCallMeTim13 » Mon May 07, 2018 9:04 pm

Good to hear.



I have a tutorial here and on the wiki that goes over [URL='https://fearlessrevolution.com/threads/value-types.6506/'][U]value types[/U][/URL], you may find it helpful.

That and I just posted a new one on integers and one on [URL='https://fearlessrevolution.com/threads/code-injection-working-with-floats.6715/'][U]floats[/U][/URL], it lightly goes over singles and doubles.
Last edited by TheyCallMeTim13 on Thu Jan 01, 1970 12:00 am, edited 1 time in total.

Post Reply

Who is online

Users browsing this forum: No registered users