Damage Multiplier ?

Memory scanning, code injection, debugger internals and other gamemodding related discussion
Post Reply
User avatar
Kalas
Expert Cheater
Expert Cheater
Posts: 551
Joined: Fri Mar 03, 2017 9:49 am
Reputation: 134

Damage Multiplier ?

Post by Kalas »

Ok so I've seen many tables using the Script called Mutlipler, I don't really understand what they do there:

But this is a code that displays my current Damage:

Code: Select all

[ENABLE]

aobscan(aobDamageIncrease,8B 80 CC 00 00 00 89 45 C0)
alloc(newmem,$100,aobDamageIncrease)

label(code)
label(return)

newmem:

code:
  mov eax,[eax+000000CC]
  jmp return

aobDamageIncrease:
  jmp newmem
  nop
return:
registersymbol(aobDamageIncrease)

[DISABLE]

aobDamageIncrease:
  db 8B 80 CC 00 00 00

unregistersymbol(aobDamageIncrease)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: 17403352

""+17403333: 83 EC 04           -  sub esp,04
""+17403336: 68 90 BB 3E 55     -  push 553EBB90
""+1740333B: 6A 04              -  push 04
""+1740333D: 50                 -  push eax
""+1740333E: E8 CD DC 84 EE     -  call 05C51010
""+17403343: 83 C4 10           -  add esp,10
""+17403346: 8B 45 BC           -  mov eax,[ebp-44]
""+17403349: 89 45 C4           -  mov [ebp-3C],eax
""+1740334C: 89 45 C8           -  mov [ebp-38],eax
""+1740334F: 8B 47 1C           -  mov eax,[edi+1C]
// ---------- INJECTING HERE ----------
""+17403352: 8B 80 CC 00 00 00  -  mov eax,[eax+000000CC]
// ---------- DONE INJECTING  ----------
""+17403358: 89 45 C0           -  mov [ebp-40],eax
""+1740335B: 83 EC 0C           -  sub esp,0C
""+1740335E: 68 44 8B 1F 02     -  push 021F8B44
""+17403363: E8 48 DC 84 EE     -  call 05C50FB0
""+17403368: 83 C4 10           -  add esp,10
""+1740336B: 8B C8              -  mov ecx,eax
""+1740336D: 8B 45 C4           -  mov eax,[ebp-3C]
""+17403370: 8B 55 C0           -  mov edx,[ebp-40]
""+17403373: 89 51 08           -  mov [ecx+08],edx
""+17403376: 83 EC 04           -  sub esp,04
}

Instead of changing it to 999 can I do some sort of Multiplier for it? and also a way for people to change it via adding manual address.

Squall8
RCE Fanatics
RCE Fanatics
Posts: 564
Joined: Fri Mar 03, 2017 7:43 am
Reputation: 1117

Re: Damage Multiplier ?

Post by Squall8 »

You're better off finding the instruction that relates to decreasing enemy health. A SUB or MOV works just fine.

Here is a couple methods I have used.

Set it up like this:

SUB:

Code: Select all

newmem:
  mov XYZ,[yoursymbol]  // I usually just choose an empty register to work with. You can use PUSH/POP here as well.
  imul esi,XYZ
  
code:
  sub [ebx+3C],esi
  jmp return

yoursymbol:
  dd or dq 2 // Depending on whether the target process is 32 or 64 bit
  
MOV:

Code: Select all

newmem:
  sub edx,dword [rbx+00001884]
  imul edx,[yoursymbol]
  add dword [rbx+00001884],edx
  jmp return

code:
  mov [rbx+00001884],edx
  jmp return
  
yoursymbol:
  dq 2
  

User avatar
Kalas
Expert Cheater
Expert Cheater
Posts: 551
Joined: Fri Mar 03, 2017 9:49 am
Reputation: 134

Re: Damage Multiplier ?

Post by Kalas »

Oh so like imul just duplicates whatever that's in edx which carries whatever in 1884 ?

So like whatever that's in edx It will multiple it ?

What exactly the dq means? I know It's define q but like why 2?

If I change the value to 10 It will mean like 10x Multiplier pretty much ?

Squall8
RCE Fanatics
RCE Fanatics
Posts: 564
Joined: Fri Mar 03, 2017 7:43 am
Reputation: 1117

Re: Damage Multiplier ?

Post by Squall8 »

Yes. Basically its isolating the last written value with SUB edx,dword [rbx+00001884] (say 50 damage points). Multiplies that by 10 or whatever value. Then adds 500 back. Thinking about it, my SUB and ADD my be wrong because that example was for an EXP multiplier. You may just need to change ADD to SUB. But its the same concept.

Code: Select all

yoursymbol:
  dq 2
You can put whatever number you want there. When you activate the script your multiplier will be that value, in that case 2.

User avatar
Kalas
Expert Cheater
Expert Cheater
Posts: 551
Joined: Fri Mar 03, 2017 9:49 am
Reputation: 134

Re: Damage Multiplier ?

Post by Kalas »

Squall8 wrote:
Sun Apr 30, 2017 7:09 pm
Yes. Basically its isolating the last written value with SUB edx,dword [rbx+00001884] (say 50 damage points). Multiplies that by 10 or whatever value. Then adds 500 back. Thinking about it, my SUB and ADD my be wrong because that example was for an EXP multiplier. You may just need to change ADD to SUB. But its the same concept.

Code: Select all

yoursymbol:
  dq 2
You can put whatever number you want there. When you activate the script your multiplier will be that value, in that case 2.
I understand, thank you so much.

User avatar
Kalas
Expert Cheater
Expert Cheater
Posts: 551
Joined: Fri Mar 03, 2017 9:49 am
Reputation: 134

Re: Damage Multiplier ?

Post by Kalas »

Code: Select all

[ENABLE]

aobscan(aobXP,89 46 38 83 EC 08)
alloc(newmem,$100,aobXP)

registersymbol(XP_Multiplier)

label(code)
label(return)
label(XP_Multiplier)

newmem:
  sub eax,dword [esi+38]
  imul eax,[XP_Multiplier]
  add dword [esi+38],eax
  jmp return

code:
  mov [esi+38],eax
  sub esp,08
  jmp return

XP_Multiplier:
  dq 2

aobXP:
  jmp newmem
  nop
return:
registersymbol(aobXP)

[DISABLE]

aobXP:
  db 89 46 38 83 EC 08

unregistersymbol(aobXP)
unregistersymbol(XP_Multiplier)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: 43CE3235

""+43CE321B: 8B 46 38           -  mov eax,[esi+38]
""+43CE321E: 83 EC 08           -  sub esp,08
""+43CE3221: 50                 -  push eax
""+43CE3222: 53                 -  push ebx
""+43CE3223: 39 1B              -  cmp [ebx],ebx
""+43CE3225: E8 B6 82 FB FF     -  call 43C9B4E0
""+43CE322A: 83 C4 10           -  add esp,10
""+43CE322D: 89 45 F0           -  mov [ebp-10],eax
""+43CE3230: 8B 46 38           -  mov eax,[esi+38]
""+43CE3233: 03 C7              -  add eax,edi
// ---------- INJECTING HERE ----------
""+43CE3235: 89 46 38           -  mov [esi+38],eax
""+43CE3238: 83 EC 08           -  sub esp,08
// ---------- DONE INJECTING  ----------
""+43CE323B: 50                 -  push eax
""+43CE323C: 53                 -  push ebx
""+43CE323D: 39 1B              -  cmp [ebx],ebx
""+43CE323F: E8 9C 82 FB FF     -  call 43C9B4E0
""+43CE3244: 83 C4 10           -  add esp,10
""+43CE3247: 8B F8              -  mov edi,eax
""+43CE3249: 8B C7              -  mov eax,edi
""+43CE324B: 2B 45 F0           -  sub eax,[ebp-10]
""+43CE324E: 89 45 EC           -  mov [ebp-14],eax
""+43CE3251: 85 C0              -  test eax,eax
}
Did It, thank you :)

squall0833
Table Makers
Table Makers
Posts: 196
Joined: Sat Mar 04, 2017 1:46 pm
Reputation: 81

Re: Damage Multiplier ?

Post by squall0833 »

Hello Squall8, lol

I'm new to CE, also looking for something like this

previously I was using imul for triple xp such as

push eax
mov eax,3
imul edx,eax
pop eax
add [ebx+04],edx //original code adds XP

now im looking for something like getting damage value from the typical health value like "mov [ecx+20],eax" and multiplies it putting back the health

so i found ur two methods for that, now i got few basic questions, look BOLD text below

I can understand your first code, but got little confused in second code below,
Squall8 wrote:
Sun Apr 30, 2017 6:27 pm
You're better off finding the instruction that relates to decreasing enemy health. A SUB or MOV works just fine.

Here is a couple methods I have used.

Set it up like this:


Let's assume rbx+1884 is the Current Health

MOV:

Code: Select all

newmem:
  sub edx,[b]dword [rbx+00001884][/b]           [b]    <-- what does that mean adding "dword" before [rbx+00001884]? without that it wont pick up the value for subtracting the edx with Current Health? [/b]
  imul edx,[yoursymbol]
  add [b]dword [rbx+00001884],edx[/b]   
  jmp return

code:
  mov [rbx+00001884],edx 
  jmp return
  
yoursymbol:
  dq 2
  
can you explain this piece of code in math calculation formula? so i can understand how those "sub" and "add" works
im kinda confuse at:

newmem:
sub edx,dword [rbx+00001884] // is this 800-1000 or 1000-800?
imul edx,[yoursymbol]
add dword [rbx+00001884],edx // why is this reverse? does it changes edx or dword [rbx+00001884] ?
jmp return

code:
mov [rbx+00001884],edx
jmp return

thanks :)

Squall8
RCE Fanatics
RCE Fanatics
Posts: 564
Joined: Fri Mar 03, 2017 7:43 am
Reputation: 1117

Re: Damage Multiplier ?

Post by Squall8 »

So I used an Exp Multiplier in that example, but it's the same concept.

Using your instruction above mov [ecx+20],eax, say your enemy has 100 HP and got dealt 20 damage. Now it's just moving 80 into your enemy's health.

I haven't messed around with Damage Multipliers in a while, but this is what I came up with on the spot:

Code: Select all

sub [ecx+20],eax - (100-80=20). This isolates the amount of damage done. New health=20.
push ebx
mov ebx,[ecx+20] - Moves 20 into ebx
imul ebx,[multiplervalue] - Multiples ebx by defined value. Lets just say (20*2=40).
add [ecx+20],eax - Restores the health value to what it was before you dealt damage (20+80=100).
sub [ecx+20],ebx - Subtracts now 40 points from health instead of the initial 20.
pop ebx
I'm pretty sure there is a better way to write this out, but this should work fine.

squall0833
Table Makers
Table Makers
Posts: 196
Joined: Sat Mar 04, 2017 1:46 pm
Reputation: 81

Re: Damage Multiplier ?

Post by squall0833 »

Squall8 wrote:
Sat Nov 04, 2017 11:19 pm
So I used an Exp Multiplier in that example, but it's the same concept.

Using your instruction above mov [ecx+20],eax, say your enemy has 100 HP and got dealt 20 damage. Now it's just moving 80 into your enemy's health.

I haven't messed around with Damage Multipliers in a while, but this is what I came up with on the spot:

Code: Select all

sub [ecx+20],eax - (100-80=20). This isolates the amount of damage done. New health=20.
push ebx
mov ebx,[ecx+20] - Moves 20 into ebx
imul ebx,[multiplervalue] - Multiples ebx by defined value. Lets just say (20*2=40).
add [ecx+20],eax - Restores the health value to what it was before you dealt damage (20+80=100).
sub [ecx+20],ebx - Subtracts now 40 points from health instead of the initial 20.
pop ebx
I'm pretty sure there is a better way to write this out, but this should work fine.
oh thanks, :D

so there's many way or writing the code, but works same

ByteXavier
What is cheating?
What is cheating?
Posts: 3
Joined: Tue Nov 07, 2017 11:17 pm
Reputation: 0

Re: Damage Multiplier ?

Post by ByteXavier »

I'm also trying to write a script to multiply my damage, although when I scan to see what writes to the address that correlates to my enemies health I get this:

[Link]

Any suggestions?

Squall8
RCE Fanatics
RCE Fanatics
Posts: 564
Joined: Fri Mar 03, 2017 7:43 am
Reputation: 1117

Re: Damage Multiplier ?

Post by Squall8 »

Look no more than 3 lines above that movss for a subss instruction. For example, you find subss xmm0,xmm2.

Code: Select all

newmem:
  mulss xmm2,[multipliervalue] - Add this.
  
code:
  subss xmm0,xmm2 - In this case, xmm0 holds your enemy's current health and xmm2 is the amount of damage done.
  ...
  

Post Reply

Who is online

Users browsing this forum: No registered users