movss help

Memory scanning, code injection, debugger internals and other gamemodding related discussion
Post Reply
Cralont
Noobzor
Noobzor
Posts: 7
Joined: Fri Sep 01, 2017 2:46 am
Reputation: 0

movss help

Post by Cralont »

So im making a table for DOOM the 2016 release and it seems that it uses movss at an opcode for calculating health. The problem is that it also calculates enemy health. Ive made a script that makes the player invincible, but you can still die sometimes from random things, like one time I died from a barrel explosion on ultra nightmare difficulty, but on hurt me plenty difficulty I wouldnt die from the barrel explosion. This is my working script that I found almost on accident,

{ Game : DOOMx64.exe
Version: Godmode Version 1, Made in Table V .04
Date : 2 September 2017
Author : Cralont(Legendary Ebon Steed)

This script makes the player invincible. The code is shared with enemy health calculation though so it may also make some enemies invincible along with the player. A workaround would be to just turn the script off and then kill them. Further testing is required to see if this does actually make enemies invincible too, so far all the enemies in UAC(first level) are killable.
}

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat



aobscanmodule(INJECT,DOOMx64.exe,00 F3 0F 10 74 24 40 F3 0F 11 44 1E 1C) // should be unique
alloc(newmem,$1000,"DOOMx64.exe"+3AD720)

label(code)
label(return)

newmem:

code:
movss [rsi+rbx+1C],xmm3
jmp return
//This used to be movss [rsi+rbx+1C],xmm0. I forgot what it was when I went to change it back and so I put xmm3. Somehow it makes player invincible

INJECT+07:
jmp newmem
nop
return:
registersymbol(INJECT)

[DISABLE]
//code from here till the end of the code will be used to disable the cheat
INJECT+07:
db F3 0F 11 44 1E 1C

unregistersymbol(INJECT)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "DOOMx64.exe"+3AD720

"DOOMx64.exe"+3AD6E1: 48 8B 0D E8 AC 93 03 - mov rcx,[DOOMx64.exe+3CE83D0]
"DOOMx64.exe"+3AD6E8: BA 01 00 00 00 - mov edx,00000001
"DOOMx64.exe"+3AD6ED: 48 8B 01 - mov rax,[rcx]
"DOOMx64.exe"+3AD6F0: FF 90 20 02 00 00 - call qword ptr [rax+00000220]
"DOOMx64.exe"+3AD6F6: 89 83 B8 00 00 00 - mov [rbx+000000B8],eax
"DOOMx64.exe"+3AD6FC: F3 0F 58 B3 B0 00 00 00 - addss xmm6,[rbx+000000B0]
"DOOMx64.exe"+3AD704: F3 0F 10 44 24 44 - movss xmm0,[rsp+44]
"DOOMx64.exe"+3AD70A: 48 8B AC 24 C8 00 00 00 - mov rbp,[rsp+000000C8]
"DOOMx64.exe"+3AD712: F3 0F 11 B3 B0 00 00 00 - movss [rbx+000000B0],xmm6
"DOOMx64.exe"+3AD71A: F3 0F 10 74 24 40 - movss xmm6,[rsp+40]
// ---------- INJECTING HERE ----------
"DOOMx64.exe"+3AD720: F3 0F 11 44 1E 1C - movss [rsi+rbx+1C],xmm0
// ---------- DONE INJECTING ----------
"DOOMx64.exe"+3AD726: 0F B6 74 24 4C - movzx esi,byte ptr [rsp+4C]
"DOOMx64.exe"+3AD72B: F3 0F 11 75 00 - movss [rbp+00],xmm6
"DOOMx64.exe"+3AD730: 40 84 F6 - test sil,sil
"DOOMx64.exe"+3AD733: 74 40 - je DOOMx64.exe+3AD775
"DOOMx64.exe"+3AD735: 48 8B 13 - mov rdx,[rbx]
"DOOMx64.exe"+3AD738: 0F 28 CF - movaps xmm1,xmm7
"DOOMx64.exe"+3AD73B: 48 8B CB - mov rcx,rbx
"DOOMx64.exe"+3AD73E: FF 92 98 01 00 00 - call qword ptr [rdx+00000198]
"DOOMx64.exe"+3AD744: 48 8B 13 - mov rdx,[rbx]
"DOOMx64.exe"+3AD747: 48 8B CB - mov rcx,rbx
}

Id like to find a way to do it without having this accidental script be what I have in the table. Ive found multiple ways to create godmode scripts, but none of them seem to work, this is the latest way Ive tried. [Link]

dl748
Table Makers
Table Makers
Posts: 116
Joined: Sun Jul 09, 2017 3:17 am
Reputation: 98

Re: movss help

Post by dl748 »

There is probably some code that does "if damage > health then die" without actually modifying the value.

User avatar
FreeER
Expert Cheater
Expert Cheater
Posts: 116
Joined: Fri Mar 10, 2017 7:11 pm
Reputation: 28

Re: movss help

Post by FreeER »

or something could be use xmm0 as the most up to date value instead of reading from memory, try "movss xmm0, xmm3" instead of moving xmm3 into memory. If that doesn't work then check out where xmm0's value is coming from (rsp+44)

movss
Noobzor
Noobzor
Posts: 11
Joined: Fri Feb 09, 2018 2:14 pm
Reputation: 0

Re: movss help

Post by movss »

register compare

User avatar
SunBeam
RCE Fanatics
RCE Fanatics
Posts: 4665
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 4186

Re: movss help

Post by SunBeam »

Start by studying the engine and do a structure pointer compare. Simple. Wrote a DOOM article at some point. Might revive it. As for tables.. who needs them when we have all console commands/CVars active and usable?..

Post Reply

Who is online

Users browsing this forum: No registered users