Damage Multiplier ?

Anything Cheat Engine related, bugs, suggestions, helping others, etc..
Post Reply
User avatar
Kalas
Expert Cheater
Expert Cheater
Posts: 130
Joined: Fri Mar 03, 2017 9:49 am
Reputation: 6

Damage Multiplier ?

Post by Kalas » Sun Apr 30, 2017 5:36 pm

Ok so I've seen many tables using the Script called Mutlipler, I don't really understand what they do there:

But this is a code that displays my current Damage:

Code: Select all

[ENABLE]

aobscan(aobDamageIncrease,8B 80 CC 00 00 00 89 45 C0)
alloc(newmem,$100,aobDamageIncrease)

label(code)
label(return)

newmem:

code:
  mov eax,[eax+000000CC]
  jmp return

aobDamageIncrease:
  jmp newmem
  nop
return:
registersymbol(aobDamageIncrease)

[DISABLE]

aobDamageIncrease:
  db 8B 80 CC 00 00 00

unregistersymbol(aobDamageIncrease)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: 17403352

""+17403333: 83 EC 04           -  sub esp,04
""+17403336: 68 90 BB 3E 55     -  push 553EBB90
""+1740333B: 6A 04              -  push 04
""+1740333D: 50                 -  push eax
""+1740333E: E8 CD DC 84 EE     -  call 05C51010
""+17403343: 83 C4 10           -  add esp,10
""+17403346: 8B 45 BC           -  mov eax,[ebp-44]
""+17403349: 89 45 C4           -  mov [ebp-3C],eax
""+1740334C: 89 45 C8           -  mov [ebp-38],eax
""+1740334F: 8B 47 1C           -  mov eax,[edi+1C]
// ---------- INJECTING HERE ----------
""+17403352: 8B 80 CC 00 00 00  -  mov eax,[eax+000000CC]
// ---------- DONE INJECTING  ----------
""+17403358: 89 45 C0           -  mov [ebp-40],eax
""+1740335B: 83 EC 0C           -  sub esp,0C
""+1740335E: 68 44 8B 1F 02     -  push 021F8B44
""+17403363: E8 48 DC 84 EE     -  call 05C50FB0
""+17403368: 83 C4 10           -  add esp,10
""+1740336B: 8B C8              -  mov ecx,eax
""+1740336D: 8B 45 C4           -  mov eax,[ebp-3C]
""+17403370: 8B 55 C0           -  mov edx,[ebp-40]
""+17403373: 89 51 08           -  mov [ecx+08],edx
""+17403376: 83 EC 04           -  sub esp,04
}

Instead of changing it to 999 can I do some sort of Multiplier for it? and also a way for people to change it via adding manual address.

Squall8
Expert Cheater
Expert Cheater
Posts: 56
Joined: Fri Mar 03, 2017 7:43 am
Reputation: 10

Re: Damage Multiplier ?

Post by Squall8 » Sun Apr 30, 2017 6:27 pm

You're better off finding the instruction that relates to decreasing enemy health. A SUB or MOV works just fine.

Here is a couple methods I have used.

Set it up like this:

SUB:

Code: Select all

newmem:
  mov XYZ,[yoursymbol]  // I usually just choose an empty register to work with. You can use PUSH/POP here as well.
  imul esi,XYZ
  
code:
  sub [ebx+3C],esi
  jmp return

yoursymbol:
  dd or dq 2 // Depending on whether the target process is 32 or 64 bit
  
MOV:

Code: Select all

newmem:
  sub edx,dword [rbx+00001884]
  imul edx,[yoursymbol]
  add dword [rbx+00001884],edx
  jmp return

code:
  mov [rbx+00001884],edx
  jmp return
  
yoursymbol:
  dq 2
  

User avatar
Kalas
Expert Cheater
Expert Cheater
Posts: 130
Joined: Fri Mar 03, 2017 9:49 am
Reputation: 6

Re: Damage Multiplier ?

Post by Kalas » Sun Apr 30, 2017 6:41 pm

Oh so like imul just duplicates whatever that's in edx which carries whatever in 1884 ?

So like whatever that's in edx It will multiple it ?

What exactly the dq means? I know It's define q but like why 2?

If I change the value to 10 It will mean like 10x Multiplier pretty much ?

Squall8
Expert Cheater
Expert Cheater
Posts: 56
Joined: Fri Mar 03, 2017 7:43 am
Reputation: 10

Re: Damage Multiplier ?

Post by Squall8 » Sun Apr 30, 2017 7:09 pm

Yes. Basically its isolating the last written value with SUB edx,dword [rbx+00001884] (say 50 damage points). Multiplies that by 10 or whatever value. Then adds 500 back. Thinking about it, my SUB and ADD my be wrong because that example was for an EXP multiplier. You may just need to change ADD to SUB. But its the same concept.

Code: Select all

yoursymbol:
  dq 2
You can put whatever number you want there. When you activate the script your multiplier will be that value, in that case 2.

User avatar
Kalas
Expert Cheater
Expert Cheater
Posts: 130
Joined: Fri Mar 03, 2017 9:49 am
Reputation: 6

Re: Damage Multiplier ?

Post by Kalas » Sun Apr 30, 2017 7:26 pm

Squall8 wrote:
Sun Apr 30, 2017 7:09 pm
Yes. Basically its isolating the last written value with SUB edx,dword [rbx+00001884] (say 50 damage points). Multiplies that by 10 or whatever value. Then adds 500 back. Thinking about it, my SUB and ADD my be wrong because that example was for an EXP multiplier. You may just need to change ADD to SUB. But its the same concept.

Code: Select all

yoursymbol:
  dq 2
You can put whatever number you want there. When you activate the script your multiplier will be that value, in that case 2.
I understand, thank you so much.

User avatar
Kalas
Expert Cheater
Expert Cheater
Posts: 130
Joined: Fri Mar 03, 2017 9:49 am
Reputation: 6

Re: Damage Multiplier ?

Post by Kalas » Sun Apr 30, 2017 7:36 pm

Code: Select all

[ENABLE]

aobscan(aobXP,89 46 38 83 EC 08)
alloc(newmem,$100,aobXP)

registersymbol(XP_Multiplier)

label(code)
label(return)
label(XP_Multiplier)

newmem:
  sub eax,dword [esi+38]
  imul eax,[XP_Multiplier]
  add dword [esi+38],eax
  jmp return

code:
  mov [esi+38],eax
  sub esp,08
  jmp return

XP_Multiplier:
  dq 2

aobXP:
  jmp newmem
  nop
return:
registersymbol(aobXP)

[DISABLE]

aobXP:
  db 89 46 38 83 EC 08

unregistersymbol(aobXP)
unregistersymbol(XP_Multiplier)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: 43CE3235

""+43CE321B: 8B 46 38           -  mov eax,[esi+38]
""+43CE321E: 83 EC 08           -  sub esp,08
""+43CE3221: 50                 -  push eax
""+43CE3222: 53                 -  push ebx
""+43CE3223: 39 1B              -  cmp [ebx],ebx
""+43CE3225: E8 B6 82 FB FF     -  call 43C9B4E0
""+43CE322A: 83 C4 10           -  add esp,10
""+43CE322D: 89 45 F0           -  mov [ebp-10],eax
""+43CE3230: 8B 46 38           -  mov eax,[esi+38]
""+43CE3233: 03 C7              -  add eax,edi
// ---------- INJECTING HERE ----------
""+43CE3235: 89 46 38           -  mov [esi+38],eax
""+43CE3238: 83 EC 08           -  sub esp,08
// ---------- DONE INJECTING  ----------
""+43CE323B: 50                 -  push eax
""+43CE323C: 53                 -  push ebx
""+43CE323D: 39 1B              -  cmp [ebx],ebx
""+43CE323F: E8 9C 82 FB FF     -  call 43C9B4E0
""+43CE3244: 83 C4 10           -  add esp,10
""+43CE3247: 8B F8              -  mov edi,eax
""+43CE3249: 8B C7              -  mov eax,edi
""+43CE324B: 2B 45 F0           -  sub eax,[ebp-10]
""+43CE324E: 89 45 EC           -  mov [ebp-14],eax
""+43CE3251: 85 C0              -  test eax,eax
}
Did It, thank you :)

Post Reply

Who is online

Users browsing this forum: No registered users