FearLess Cheat Engine

Made by SteveAndrew

Hello! I just started playing Battlefield 4 and making some cheats for it as usual... After finding and building an ammo cheat, I got lazy with finding health and came here to see if it's already been posted and what other kind of cheats are circulating for the game lol.

Upon testing ColdFusion73's health script found here: forum.cheatengine.org/viewtopic.php?p=5503875#5503875

There were two main issues I noticed with it! It didn't even feel like it was even really working (though it does, sort of work... It only very occasionally works! lol I'll explain...) Visible HUD blood damage was still showing, and although it seemed to protect you somewhat in a firefight, by a tank I was easily killed! So I knew this health cheat could be improved!

I found that:

1. The filter isn't quite correct... (can be better)

2. It hooks one of the addresses that reads the health value rather than the single write address (which actually causes you to be damaged)...


Okay, so ColdFusion73 used this filter (to ignore any other address besides our players health):
Code:

cmp rcx,1
jne short originalcode
cmp r10,0
jne short originalcode


This was actually pretty close to being solid! I agree with the second compare that one looks good, as upon checking it out yes it does seem that the r10 register is always zero when the player health is the one being written to!

However the first one, rcx == 1... After messing around from what I saw, I found that rcx is either a 1 or 2 when its the player, but it's always a 1 when its not... Even more it appears its even more likely to be at 2 when its the player health (I've seen rcx more often being equal to 2 than 1 when its the player health)

So that cancels out rcx being equal to 1 as identifying when its the player health, as it could and more often is equal to 2 instead, and the other addresses use it as 1 also so it doesn't really help filter anything out...

Look here: (first one is register states when the player was hurt, others are any other address that wasn't player health [probably enemies])



As you can see there is another obvious choice which looks promising, and well since I've tested it yes is much better working! Smile

When it isn't the player health, the rdx register seems to always be 1, where as when it is the player health it is filled in with an address instead! We can use this instead to really have a much better working health, that doesn't just once in a while know which address is your players health address but knows all the time!

So it could be edited like this as improvement number 1:

Code:

cmp rdx,1
je short originalcode
cmp r10,0
jne short originalcode



Furthermore, even with that fix up, the address hooked is one that constantly reads your health value along with others... The actual address that decreases your health is still out there! It still is actually writing to and decreasing your health! If that address is able to kill you (put your health to zero) faster than this hooked address is able to be executed again and re-write full health to your health address, then you will still be able to be killed! Most games are like this!

I don't know about you but, when I still get killed from a health drain, it doesn't really feel like my health cheat is working (even if it works for the most part, except under heavy fire [that once again is able to zero you before you get refreshed!))

The issue here though is the address which writes to your health, doesn't have the same way we can filter it down... (no similar data to filter with rdx != 1, r10 == 0, etc... [even different registers, the data isn't there the same way])
So whenever that is a problem though my solution is to use the way I know to get the pointer, and then write to it when it needs to be written to (by hooking the address that writes health)

In other words, when the game damages you instead of it subtracting from your health, it instead just sets it to full 100%! Very Happy

Which is much better than, the game being able to still subtract from your health and you having to 'catch up' quickly writing it back to full health.

Fixed and improved script:
Code:

//Battlefield 4 - 64 bit version
//Infinite Health (Can't be killed version)
//Steve Andrew [Credit to: ColdFusion73 for original script]
[enable]
alloc(InfiniteHealthCantBeKilled,1024,bf4.exe)
label(NotPlayer)
label(ApplyInfiniteHealth)
label(DoNormal)
label(HealthRet)
label(HealthRet2)
label(PlayerHealthPtr)
label(DesiredHealthValue)
registersymbol(PlayerHealthPtr)

InfiniteHealthCantBeKilled:
cmp rdx,1 //this is better, it wasn't working that great before...
je short NotPlayer
cmp r10,0
jne short NotPlayer

mov [PlayerHealthPtr],rbx

NotPlayer:
movss xmm7,[rbx+20]
jmp HealthRet

ApplyInfiniteHealth:
cmp rcx,[PlayerHealthPtr]
jne DoNormal

movss xmm1,[DesiredHealthValue]

DoNormal:
movss [rcx+20],xmm1
jmp HealthRet2

PlayerHealthPtr: //64-bit pointer
dq 0

DesiredHealthValue:
dd (float)100.0

bf4.SetPlatform+229246:
jmp InfiniteHealthCantBeKilled
HealthRet:

bf4.SetPlatform+222447: //The address that writes is much more important for health!
jmp ApplyInfiniteHealth
HealthRet2:

[disable]

bf4.SetPlatform+229246:
movss xmm7,[rbx+20]

bf4.SetPlatform+222447:
movss [rcx+20],xmm1

dealloc(InfiniteHealthCantBeKilled)
unregistersymbol(PlayerHealthPtr)