Need help with 100 mln Damage Script for Sniper Fury v3.9.0l

Anything Cheat Engine related, bugs, suggestions, helping others, etc..
Post Reply
MartaLabieniec
Cheater
Cheater
Posts: 47
Joined: Sat Oct 06, 2018 3:19 pm
Reputation: 9

Need help with 100 mln Damage Script for Sniper Fury v3.9.0l

Post by MartaLabieniec » Mon Oct 15, 2018 8:43 pm

Hello Guys.

I need help with understanding this script below:

ENABLE
Bytes:

Code: Select all

db 3D 00 00 C8 43 77 0A 89 45 F4 F3 0F 10 45 F4 EB 24 C7 45 F4 20 BC BE 4C F3 0F 10 45 F4 EB 16
Opcodes:

Code: Select all

FutureWar_W8.Windows.exe+674A47 - 3D 00 00 C8 43             - cmp eax,43C80000 { 400.00 }
FutureWar_W8.Windows.exe+674A4C - 77 0A                           - ja FutureWar_W8.Windows.exe+674A58
FutureWar_W8.Windows.exe+674A4E - 89 45 F4                       - mov [ebp-0C],eax
FutureWar_W8.Windows.exe+674A51 - F3 0F 10 45 F4              - movss xmm0,[ebp-0C]
FutureWar_W8.Windows.exe+674A56 - EB 24                            - jmp FutureWar_W8.Windows.exe+674A7C
FutureWar_W8.Windows.exe+674A58 - C7 45 F4 20 BC BE 4C     - mov [ebp-0C],4CBEBC20 { 1287568416 }
FutureWar_W8.Windows.exe+674A5F - F3 0F 10 45 F4               - movss xmm0,[ebp-0C]
FutureWar_W8.Windows.exe+674A64 - EB 16                            - jmp FutureWar_W8.Windows.exe+674A7C
DISABLE
Bytes:

Code: Select all

db F3 0F 10 01 89 45 F4 8B 41 08 8B 49 04 F3 0F 11 45 F8 33 45 F8 F3 0F 10 45 F4 D3 C8 89 45 F8
Opcodes:

Code: Select all

FutureWar_W8.Windows.exe+674A47 - F3 0F 10 01            - movss xmm0,[ecx]
FutureWar_W8.Windows.exe+674A4B - 89 45 F4                - mov [ebp-0C],eax
FutureWar_W8.Windows.exe+674A4E - 8B 41 08                - mov eax,[ecx+08]
FutureWar_W8.Windows.exe+674A51 - 8B 49 04                - mov ecx,[ecx+04]
FutureWar_W8.Windows.exe+674A54 - F3 0F 11 45 F8        - movss [ebp-08],xmm0
FutureWar_W8.Windows.exe+674A59 - 33 45 F8                 - xor eax,[ebp-08]
FutureWar_W8.Windows.exe+674A5C - F3 0F 10 45 F4        - movss xmm0,[ebp-0C]
FutureWar_W8.Windows.exe+674A61 - D3 C8                     - ror eax,cl
FutureWar_W8.Windows.exe+674A63 - 89 45 F8                 - mov [ebp-08],eax
When you enable this script, this script will change the Damage of All Weapons to 100.000.000.000 DAMAGE! It is very High Number and it is very easy to detect! So I want to make a possibility to write any number of the Damage that you want to avoid getting detected so easy but I really don't understand this script because I can't see any values in HEX or 4-bytes which will show me that it will write 100 mln Damage to all Weapons. So how are this script is working ???

Before activating 100 MLN DAMAGE script:

Image

After activating 100 MLN DAMAGE script:

Image


I am waiting for your answers,
Thank you.

User avatar
TheyCallMeTim13
Administration
Administration
Posts: 1178
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 232
Contact:

Re: Need help with 100 mln Damage Script for Sniper Fury v3.9.0l

Post by TheyCallMeTim13 » Mon Oct 15, 2018 9:47 pm

MartaLabieniec wrote:
Mon Oct 15, 2018 8:43 pm
...
This line seems to be setting it.
FutureWar_W8.Windows.exe+674A58 - C7 45 F4 20 BC BE 4C - mov [ebp-0C],4CBEBC20 { 1287568416 }
0x4CBEBC20 (4 byte hex) == 100000000 (single precision floating point) == 1287568416 (4 byte integer)

You can use something like this to find the value you want more easily (I just googled "online float to hex").
https://gregstoll.dyndns.org/~gregstoll/floattohex/

MartaLabieniec
Cheater
Cheater
Posts: 47
Joined: Sat Oct 06, 2018 3:19 pm
Reputation: 9

Re: Need help with 100 mln Damage Script for Sniper Fury v3.9.0l

Post by MartaLabieniec » Mon Oct 15, 2018 10:04 pm

Heh I already found it that this line is setting a value, just need to write something like that:

mov [ebp-0C],(float)YOUR VALUE and it will be 100% working! But now I have another problem xd when I want to save this script in Opcodes - I have then a lot of problems and script is not working xd

I just rewrite the same opcodes but I am confused about this JUMPS - JA, JMP.. I dont know how to save it in script - like a JMP EXIT or JMP RETURNHERE or how I must do that? Script in bytes is working perfectly but when I want to convert bytes to Code Injection Script - it is not working :-(

MartaLabieniec
Cheater
Cheater
Posts: 47
Joined: Sat Oct 06, 2018 3:19 pm
Reputation: 9

Re: Need help with 100 mln Damage Script for Sniper Fury v3.9.0l

Post by MartaLabieniec » Mon Oct 15, 2018 10:17 pm

I made something like that and it is working, is it good or not ???

Code: Select all

[ENABLE]
globalalloc(sok_dmg,4)
"FutureWar_W8.Windows.exe"+682387:
cmp eax,43C80000
ja FutureWar_W8.Windows.exe+682398
mov [ebp-0C],eax
movss xmm0,[ebp-0C]
jmp FutureWar_W8.Windows.exe+6823BC
push eax
mov eax,(float)[sok_dmg]
mov [ebp-0C],eax
pop eax
movss xmm0,[ebp-0C]
jmp FutureWar_W8.Windows.exe+6823BC
[DISABLE]
"FutureWar_W8.Windows.exe"+682387:
dealloc(sok_dmg)
db F3 0F 10 01 89 45 F4 8B 41 08 8B 49 04 F3 0F 11 45 F8 33 45 F8 F3 0F 10 45 F4 D3 C8 89 45 F8
Image

User avatar
TheyCallMeTim13
Administration
Administration
Posts: 1178
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 232
Contact:

Re: Need help with 100 mln Damage Script for Sniper Fury v3.9.0l

Post by TheyCallMeTim13 » Mon Oct 15, 2018 10:36 pm

Try something like this:

Code: Select all

[ENABLE]
alloc(sok_dmg,4)
registerSymbol(sok_dmg)
sok_dmg:
	dd (float)10000
"FutureWar_W8.Windows.exe"+682387:
	cmp eax,43C80000
	ja @f
		mov [ebp-0C],eax
		movss xmm0,[ebp-0C]
		jmp FutureWar_W8.Windows.exe+6823BC
	@@:
	movss xmm0,[sok_dmg]
	movss [ebp-0C],xmm0 // this line may not be needed.
	jmp FutureWar_W8.Windows.exe+6823BC
[DISABLE]
"FutureWar_W8.Windows.exe"+682387:
	db F3 0F 10 01 89 45 F4 8B 41 08 8B 49 04 F3 0F 11 45 F8 33 45 F8 F3 0F 10 45 F4 D3 C8 89 45 F8
dealloc(sok_dmg)
unregisterSymbol(sok_dmg)

MartaLabieniec
Cheater
Cheater
Posts: 47
Joined: Sat Oct 06, 2018 3:19 pm
Reputation: 9

Re: Need help with 100 mln Damage Script for Sniper Fury v3.9.0l

Post by MartaLabieniec » Mon Oct 15, 2018 10:52 pm

Thank you! It is working perfectly!

Can you explain me what @f and @@ mean and when we must use it ??? And why we don't use globalalloc function, only you use alloc function? why?

User avatar
TheyCallMeTim13
Administration
Administration
Posts: 1178
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 232
Contact:

Re: Need help with 100 mln Damage Script for Sniper Fury v3.9.0l

Post by TheyCallMeTim13 » Mon Oct 15, 2018 11:01 pm

I've just had issues with "globalAlloc", and you can't deallocate the memory. But by using "registerSymbol" it's similar to "globalAlloc" in that in can be accessed anywhere. "globalAlloc" is really only useful for shared memory, so it will only be allocated once.

And "@@:" is a generic label, and "@f" means "first generic label forwards", and there is also "@b" which means "first generic label backwards"; so there it "jumps if above" to the "first generic label forwards". The reason for using a label for the jump is to insure that in will jump to the right place even in the amount of bytes in between is not the same.

MartaLabieniec
Cheater
Cheater
Posts: 47
Joined: Sat Oct 06, 2018 3:19 pm
Reputation: 9

Re: Need help with 100 mln Damage Script for Sniper Fury v3.9.0l

Post by MartaLabieniec » Mon Oct 15, 2018 11:29 pm

very nice! I understand now! Thank you for explanation. If you will have free time, please try to help me hacking blue and purple energy.

Post Reply

Who is online

Users browsing this forum: No registered users