FearLess Cheat Engine

Hello, everyone, I'm still a newbie in CE,



here's something in game, it's a gauge in float value, with instruction : always writes to the address all the time



[quote]04D6AC36: F3 41 0F 11 AF B0 00 00 00 - movss [r15+000000B0],xmm5[/quote]



In the game,you need to do something so the gauge goes up slowly, if you stop doing anything, that gauge value reduce over time, so...



for some reason I don't want to make it instant full by doing like [B]mov [r15+000000B0],(float)100.0[/B]



I want to make a cheat that speeds up the value increase, like double or more by multiplier



normally i know how to do multiplier cheats but I don't know how when there's xmm register and it's Float value



have any idea how to do that?



I was trying to find a way to get latest value from xmm5 to a register, then sub the value with current value, multiply it, add it to the current value, and put the final value back to xmm5.



is it possible to do that?







Thanks

Its basically like the same way I taught you before, except now the commands change slightly.



ADD>ADDSS

SUB>SUBSS

MUL>MULSS



You can also look a couple lines up from the MOVSS to see if there is something like [B]addss[/B] [B]xmm5,xmm(x)[/B]. Then you can inject there and simply add this before anything:

[B]mulss xmm(x)[/B],[B][yourmultiplier][/B]

[QUOTE="squall0833, post: 44925, member: 639"]...get latest value from xmm5 to a register...[/QUOTE]

[CODE=nasm]cvtss2si eax,xmm5

//..

cvtsi2ss xmm5,eax[/CODE]

[U][URL]https://wiki.cheatengine.org/index.php?title=Assembler:Commands:CVTSI2SD[/URL]

[URL]https://wiki.cheatengine.org/index.php?title=Assembler:Commands:CVTSI2SS[/URL][/U]



But like [USER=240]@Squall8[/USER] said, look to see if it has a multiplier it most likely does and you can just hijack that.



[U][URL]https://wiki.cheatengine.org/index.php?title=Assembler:Commands:MOVSS[/URL]

[URL]https://wiki.cheatengine.org/index.php?title=Assembler:Commands:SUBSS[/URL]

[URL]https://wiki.cheatengine.org/index.php?title=Assembler:Commands:ADDSS[/URL][/U]

[QUOTE="Squall8, post: 44927, member: 240"]Its basically like the same way I taught you before, except now the commands change slightly.



ADD>ADDSS

SUB>SUBSS

MUL>MULSS



You can also look a couple lines up from the MOVSS to see if there is something like [B]addss[/B] [B]xmm5,xmm(x)[/B]. Then you can inject there and simply add this before anything:

[B]mulss xmm(x)[/B],[B][yourmultiplier][/B][/QUOTE]

[QUOTE="ShyTwig16, post: 44929, member: 91"][CODE=nasm]cvtss2si eax,xmm5

//..

cvtsi2ss xmm5,eax[/CODE]

[U][URL]https://wiki.cheatengine.org/index.php?title=Assembler:Commands:CVTSI2SD[/URL]

[URL]https://wiki.cheatengine.org/index.php?title=Assembler:Commands:CVTSI2SS[/URL][/U]



But like [USER=240]@Squall8[/USER] said, look to see if it has a multiplier it most likely does and you can just hijack that.



[U][URL]https://wiki.cheatengine.org/index.php?title=Assembler:Commands:MOVSS[/URL]

[URL]https://wiki.cheatengine.org/index.php?title=Assembler:Commands:SUBSS[/URL]

[URL]https://wiki.cheatengine.org/index.php?title=Assembler:Commands:ADDSS[/URL][/U][/QUOTE]





What I see are these

[quote]

""+2B6E7672: 41 83 3E 00 - cmp dword ptr [r14],00

""+2B6E7676: 49 BB 20 97 6F 2B 00 00 00 00 - mov r11,000000002B6F9720

""+2B6E7680: 41 FF D3 - call r11

""+2B6E7683: 48 83 C4 20 - add rsp,20

""+2B6E7687: F3 41 0F 10 87 B0 00 00 00 - movss xmm0,[r15+000000B0]

""+2B6E7690: F3 0F 5A C0 - cvtss2sd xmm0,xmm0

""+2B6E7694: F3 0F 10 4D C8 - movss xmm1,[rbp-38]

""+2B6E7699: F3 0F 5A C9 - cvtss2sd xmm1,xmm1

""+2B6E769D: F3 41 0F 10 97 E4 00 00 00 - movss xmm2,[r15+000000E4]

""+2B6E76A6: F3 0F 5A D2 - cvtss2sd xmm2,xmm2

// ---------- INJECTING HERE ----------

""+2B6E76AA: F2 0F 59 CA - mulsd xmm1,xmm2

""+2B6E76AE: F2 0F 58 C1 - addsd xmm0,xmm1 /// I tried add a line before this mulsd xmm1,[multiplier] but the gauge freezed

// ---------- DONE INJECTING ----------

""+2B6E76B2: F2 0F 5A E8 - cvtsd2ss xmm5,xmm0 ///the only line has xmm5,what does it do?

""+2B6E76B6: F3 41 0F 11 AF B0 00 00 00 - movss [r15+000000B0],xmm5 /// The Current Gauge Value

""+2B6E76BF: F3 41 0F 10 87 B0 00 00 00 - movss xmm0,[r15+000000B0]

""+2B6E76C8: F3 0F 5A C0 - cvtss2sd xmm0,xmm0[/quote]



did i do wrong ?

[USER=639]@squall0833[/USER]

Did you use MULSD with a double or MULSS with a single? Those are doubles so the instructions I gave before won't work, but most will if you use a double and change the [B]SS[/B] to [B]SD[/B], i.e.: [B]ADDSS[/B] to [B]ADDSD[/B].

[CODE=cea]//...

alloc(someMem, ...

label(someValue)

//...

someMem:

//...

mulsd xmm1,[someValue]

addsd xmm0,xmm1

//...

jmp return

someValue:

dq (double)2.5 //// Data quad / 8 bytes; (double precision floating point)

//...[/CODE]

[QUOTE="ShyTwig16, post: 44960, member: 91"][USER=639]@squall0833[/USER]

Did you use MULSD with a double or MULSS with a single? Those are doubles so the instructions I gave before won't work, but most will if you use a double and change the [B]SS[/B] to [B]SD[/B], i.e.: [B]ADDSS[/B] to [B]ADDSD[/B].

[CODE=cea]//...

alloc(someMem, ...

label(someValue)

//...

someMem:

//...

mulsd xmm1,[someValue]

addsd xmm0,xmm1

//...

jmp return

someValue:

dq (double)2.5 //// Data quad / 8 bytes; (double precision floating point)

//...[/CODE][/QUOTE]





OOOoohh, it works :D



by changing that multiplier [somevalue] to double value, it works!



thanks, learnt something new about how to deal with xmm registers, and single, double float :)

Good to hear.



I have a tutorial here and on the wiki that goes over [URL='https://fearlessrevolution.com/threads/value-types.6506/'][U]value types[/U][/URL], you may find it helpful.

That and I just posted a new one on integers and one on [URL='https://fearlessrevolution.com/threads/code-injection-working-with-floats.6715/'][U]floats[/U][/URL], it lightly goes over singles and doubles.