Earth Defence Force 4.1 loot script

Add topics here with methods, analysis, code snippets, mods etc. for a certain game that normally won't make it in the Tables or Requests sections.
Post Reply
Djinn247
What is cheating?
What is cheating?
Posts: 1
Joined: Fri Oct 12, 2018 2:00 pm
Reputation: 0

Earth Defence Force 4.1 loot script

Post by Djinn247 » Fri Oct 12, 2018 2:09 pm

I have no experience coding on CE.
I lately stumbled upon a script that someone made to automatically loot boxes dropped on the map.

It specifically picks up armor and weapon drops, which is really well made.
I want to change it so it only takes armor and nothing else.
The commented line says values for each box, but changing the number after the comma is not changing behavior.

Code: Select all

{
  Game : EDF41.exe
  Version:
  Date : 2016-11-13
  Author : user

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(LootArmorWeps,EDF41.exe,0F 2F C2 76 68) // should be unique
alloc(newmem,$1000,"EDF41.exe"+1AE9DF)

label(code)
label(return)

newmem:
 cmp [rdi+00000098],0 //lootbox: armor=1,wep=0,hp=2=3
 ja code //if hp, jump to normalcode (code:) and don't use custom
 comiss xmm0,xmm2 //check if loot crate is nearby
 ja EDF41.exe+1AEA4C //use reverse jump that evalutates crates as always "nearby"
 jmp return

code:
 comiss xmm0,xmm2
 jna EDF41.exe+1AEA4C
 jmp return

LootArmorWeps:
 jmp newmem 
return:
registersymbol(LootArmorWeps)

[DISABLE]

LootArmorWeps:
 db 0F 2F C2 76 68

unregistersymbol(LootArmorWeps)
dealloc(newmem) 

{ 
// ORIGINAL CODE - INJECTION POINT: "EDF41.exe"+1AE9DF 

"EDF41.exe"+1AE9B2: F3 0F 10 4C 24 28 - movss xmm1,[rsp+28] 
"EDF41.exe"+1AE9B8: F3 0F 59 D2 - mulss xmm2,xmm2 
"EDF41.exe"+1AE9BC: F3 41 0F 5C 47 04 - subss xmm0,[r15+04] 
"EDF41.exe"+1AE9C2: F3 41 0F 5C 4F 08 - subss xmm1,[r15+08] 
"EDF41.exe"+1AE9C8: F3 0F 59 C0 - mulss xmm0,xmm0 
"EDF41.exe"+1AE9CC: F3 0F 59 C9 - mulss xmm1,xmm1 
"EDF41.exe"+1AE9D0: F3 0F 58 D0 - addss xmm2,xmm0 
"EDF41.exe"+1AE9D4: 0F 28 C6 - movaps xmm0,xmm6 
"EDF41.exe"+1AE9D7: F3 0F 59 C6 - mulss xmm0,xmm6 
"EDF41.exe"+1AE9DB: F3 0F 58 D1 - addss xmm2,xmm1 
// ---------- INJECTING HERE ---------- 
"EDF41.exe"+1AE9DF: 0F 2F C2 - comiss xmm0,xmm2 
"EDF41.exe"+1AE9E2: 76 68 - jna EDF41.exe+1AEA4C 
// ---------- DONE INJECTING ---------- 
"EDF41.exe"+1AE9E4: 48 8B 05 B5 9A B1 00 - mov rax,[EDF41.exe+CC84A0] 
"EDF41.exe"+1AE9EB: 8B 48 38 - mov ecx,[rax+38] 
"EDF41.exe"+1AE9EE: 83 F9 FF - cmp ecx,-01 
"EDF41.exe"+1AE9F1: 74 31 - je EDF41.exe+1AEA24 
"EDF41.exe"+1AE9F3: 48 8B 40 20 - mov rax,[rax+20] 
"EDF41.exe"+1AE9F7: 48 8B 0C C8 - mov rcx,[rax+rcx*8] 
"EDF41.exe"+1AE9FB: 48 8B 51 10 - mov rdx,[rcx+10] 
"EDF41.exe"+1AE9FF: 48 63 42 08 - movsxd rax,dword ptr [rdx+08] 
"EDF41.exe"+1AEA03: 83 7C 10 5C 00 - cmp dword ptr [rax+rdx+5C],00 
"EDF41.exe"+1AEA08: 0F 95 C0 - setne al
}

User avatar
TheyCallMeTim13
Administration
Administration
Posts: 1203
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 255
Contact:

Re: Earth Defence Force 4.1 loot script

Post by TheyCallMeTim13 » Fri Oct 12, 2018 3:12 pm

Djinn247 wrote:
Fri Oct 12, 2018 2:09 pm
I have no experience coding on CE.
I lately stumbled upon a script that someone made to automatically loot boxes dropped on the map.

It specifically picks up armor and weapon drops, which is really well made.
I want to change it so it only takes armor and nothing else.
The commented line says values for each box, but changing the number after the comma is not changing behavior.
...
You'll have to do some digging then, according to their notes it should only be working for "wep" (weapons I'm guessing), because armor is 1 and it jumps to the original code when any thing is above zero.

You can try enabling the script then open the memory view form (Ctrl+M), then hit Ctrl+G and paste in the injection symbol ("LootArmorWeps") and hit ok/enter to goto the address, then with the injected jump selected hit space to follow that and select the cmp [rdi+00000098],0 line and right click and select "see what addresses this instruction accesses" to see what values go through when you interact with the loot boxes; to see what values the armor and weapons actually are.

But according to their notes, this should work.

Code: Select all

{
  Game : EDF41.exe
  Version:
  Date : 2016-11-13
  Author : user

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(LootArmorWeps,EDF41.exe,0F 2F C2 76 68) // should be unique
alloc(newmem,$1000,LootArmorWeps)

label(code)
label(return)

newmem:
 cmp [rdi+00000098],1 //lootbox: armor=1,wep=0,hp=2=3
 jne code //// if not armor, jump to the original code
 comiss xmm0,xmm2 //check if loot crate is nearby
 ja EDF41.exe+1AEA4C //use reverse jump that evalutates crates as always "nearby"
 jmp return

code:
 comiss xmm0,xmm2
 jna EDF41.exe+1AEA4C
 jmp return

LootArmorWeps:
 jmp newmem 
return:
registersymbol(LootArmorWeps)

[DISABLE]

LootArmorWeps:
 db 0F 2F C2 76 68

unregistersymbol(LootArmorWeps)
dealloc(newmem) 

{ 
// ORIGINAL CODE - INJECTION POINT: "EDF41.exe"+1AE9DF 

"EDF41.exe"+1AE9B2: F3 0F 10 4C 24 28 - movss xmm1,[rsp+28] 
"EDF41.exe"+1AE9B8: F3 0F 59 D2 - mulss xmm2,xmm2 
"EDF41.exe"+1AE9BC: F3 41 0F 5C 47 04 - subss xmm0,[r15+04] 
"EDF41.exe"+1AE9C2: F3 41 0F 5C 4F 08 - subss xmm1,[r15+08] 
"EDF41.exe"+1AE9C8: F3 0F 59 C0 - mulss xmm0,xmm0 
"EDF41.exe"+1AE9CC: F3 0F 59 C9 - mulss xmm1,xmm1 
"EDF41.exe"+1AE9D0: F3 0F 58 D0 - addss xmm2,xmm0 
"EDF41.exe"+1AE9D4: 0F 28 C6 - movaps xmm0,xmm6 
"EDF41.exe"+1AE9D7: F3 0F 59 C6 - mulss xmm0,xmm6 
"EDF41.exe"+1AE9DB: F3 0F 58 D1 - addss xmm2,xmm1 
// ---------- INJECTING HERE ---------- 
"EDF41.exe"+1AE9DF: 0F 2F C2 - comiss xmm0,xmm2 
"EDF41.exe"+1AE9E2: 76 68 - jna EDF41.exe+1AEA4C 
// ---------- DONE INJECTING ---------- 
"EDF41.exe"+1AE9E4: 48 8B 05 B5 9A B1 00 - mov rax,[EDF41.exe+CC84A0] 
"EDF41.exe"+1AE9EB: 8B 48 38 - mov ecx,[rax+38] 
"EDF41.exe"+1AE9EE: 83 F9 FF - cmp ecx,-01 
"EDF41.exe"+1AE9F1: 74 31 - je EDF41.exe+1AEA24 
"EDF41.exe"+1AE9F3: 48 8B 40 20 - mov rax,[rax+20] 
"EDF41.exe"+1AE9F7: 48 8B 0C C8 - mov rcx,[rax+rcx*8] 
"EDF41.exe"+1AE9FB: 48 8B 51 10 - mov rdx,[rcx+10] 
"EDF41.exe"+1AE9FF: 48 63 42 08 - movsxd rax,dword ptr [rdx+08] 
"EDF41.exe"+1AEA03: 83 7C 10 5C 00 - cmp dword ptr [rax+rdx+5C],00 
"EDF41.exe"+1AEA08: 0F 95 C0 - setne al
}

User avatar
jungletek
Shogun
Shogun
Posts: 181
Joined: Tue Oct 17, 2017 7:31 am
Reputation: 23

Re: Earth Defence Force 4.1 loot script

Post by jungletek » Sat Dec 15, 2018 4:51 am

FWIW, if you just want to auto-collect everything, you can just nop the conditional jump, like so:

Code: Select all

[ENABLE]
aobscanmodule(aobAutoPickup,EDF41.exe,76 68 48 8B 05 D5 9A B1 00)

aobAutoPickup:
registersymbol(aobAutoPickup)
  db 90 90

[DISABLE]
aobAutoPickup:
  db 76 68

unregistersymbol(aobAutoPickup)

Post Reply

Who is online

Users browsing this forum: No registered users