movss help

Anything Cheat Engine related, bugs, suggestions, helping others, etc..
Post Reply
Cralont
Noobzor
Noobzor
Posts: 7
Joined: Fri Sep 01, 2017 2:46 am
Reputation: 0

movss help

Post by Cralont » Sun Sep 03, 2017 7:38 pm

So im making a table for DOOM the 2016 release and it seems that it uses movss at an opcode for calculating health. The problem is that it also calculates enemy health. Ive made a script that makes the player invincible, but you can still die sometimes from random things, like one time I died from a barrel explosion on ultra nightmare difficulty, but on hurt me plenty difficulty I wouldnt die from the barrel explosion. This is my working script that I found almost on accident,

{ Game : DOOMx64.exe
Version: Godmode Version 1, Made in Table V .04
Date : 2 September 2017
Author : Cralont(Legendary Ebon Steed)

This script makes the player invincible. The code is shared with enemy health calculation though so it may also make some enemies invincible along with the player. A workaround would be to just turn the script off and then kill them. Further testing is required to see if this does actually make enemies invincible too, so far all the enemies in UAC(first level) are killable.
}

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat



aobscanmodule(INJECT,DOOMx64.exe,00 F3 0F 10 74 24 40 F3 0F 11 44 1E 1C) // should be unique
alloc(newmem,$1000,"DOOMx64.exe"+3AD720)

label(code)
label(return)

newmem:

code:
movss [rsi+rbx+1C],xmm3
jmp return
//This used to be movss [rsi+rbx+1C],xmm0. I forgot what it was when I went to change it back and so I put xmm3. Somehow it makes player invincible

INJECT+07:
jmp newmem
nop
return:
registersymbol(INJECT)

[DISABLE]
//code from here till the end of the code will be used to disable the cheat
INJECT+07:
db F3 0F 11 44 1E 1C

unregistersymbol(INJECT)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "DOOMx64.exe"+3AD720

"DOOMx64.exe"+3AD6E1: 48 8B 0D E8 AC 93 03 - mov rcx,[DOOMx64.exe+3CE83D0]
"DOOMx64.exe"+3AD6E8: BA 01 00 00 00 - mov edx,00000001
"DOOMx64.exe"+3AD6ED: 48 8B 01 - mov rax,[rcx]
"DOOMx64.exe"+3AD6F0: FF 90 20 02 00 00 - call qword ptr [rax+00000220]
"DOOMx64.exe"+3AD6F6: 89 83 B8 00 00 00 - mov [rbx+000000B8],eax
"DOOMx64.exe"+3AD6FC: F3 0F 58 B3 B0 00 00 00 - addss xmm6,[rbx+000000B0]
"DOOMx64.exe"+3AD704: F3 0F 10 44 24 44 - movss xmm0,[rsp+44]
"DOOMx64.exe"+3AD70A: 48 8B AC 24 C8 00 00 00 - mov rbp,[rsp+000000C8]
"DOOMx64.exe"+3AD712: F3 0F 11 B3 B0 00 00 00 - movss [rbx+000000B0],xmm6
"DOOMx64.exe"+3AD71A: F3 0F 10 74 24 40 - movss xmm6,[rsp+40]
// ---------- INJECTING HERE ----------
"DOOMx64.exe"+3AD720: F3 0F 11 44 1E 1C - movss [rsi+rbx+1C],xmm0
// ---------- DONE INJECTING ----------
"DOOMx64.exe"+3AD726: 0F B6 74 24 4C - movzx esi,byte ptr [rsp+4C]
"DOOMx64.exe"+3AD72B: F3 0F 11 75 00 - movss [rbp+00],xmm6
"DOOMx64.exe"+3AD730: 40 84 F6 - test sil,sil
"DOOMx64.exe"+3AD733: 74 40 - je DOOMx64.exe+3AD775
"DOOMx64.exe"+3AD735: 48 8B 13 - mov rdx,[rbx]
"DOOMx64.exe"+3AD738: 0F 28 CF - movaps xmm1,xmm7
"DOOMx64.exe"+3AD73B: 48 8B CB - mov rcx,rbx
"DOOMx64.exe"+3AD73E: FF 92 98 01 00 00 - call qword ptr [rdx+00000198]
"DOOMx64.exe"+3AD744: 48 8B 13 - mov rdx,[rbx]
"DOOMx64.exe"+3AD747: 48 8B CB - mov rcx,rbx
}

Id like to find a way to do it without having this accidental script be what I have in the table. Ive found multiple ways to create godmode scripts, but none of them seem to work, this is the latest way Ive tried. http://forum.cheatengine.org/viewtopic.php?t=583376

dl748
Expert Cheater
Expert Cheater
Posts: 103
Joined: Sun Jul 09, 2017 3:17 am
Reputation: 77

Re: movss help

Post by dl748 » Mon Sep 04, 2017 5:13 am

There is probably some code that does "if damage > health then die" without actually modifying the value.

User avatar
FreeER
Expert Cheater
Expert Cheater
Posts: 50
Joined: Fri Mar 10, 2017 7:11 pm
Reputation: 5
Contact:

Re: movss help

Post by FreeER » Mon Sep 04, 2017 11:33 am

or something could be use xmm0 as the most up to date value instead of reading from memory, try "movss xmm0, xmm3" instead of moving xmm3 into memory. If that doesn't work then check out where xmm0's value is coming from (rsp+44)

Post Reply

Who is online

Users browsing this forum: No registered users