How to separate 2 or more different cheats that have the same bytes?

Memory scanning, code injection, debugger internals and other gamemodding related discussion
Post Reply
User avatar
SilverRabbit90
Table Makers
Table Makers
Posts: 178
Joined: Fri Jan 15, 2021 12:01 am
Reputation: 149

How to separate 2 or more different cheats that have the same bytes?

Post by SilverRabbit90 »

I want to separate two cheats which are very similar, but I don't understand how to do it, I know you can use $lua but I'm not capable at all XD


Code 1 for Add 999 Money on pick up:

[ENABLE]

aobscanmodule(Money2,Beard_Blade.exe,F2 0F 11 07 5F 5E 5D 5B 83 C4 08 C3 8B 06 89 07 8B 46 04 89 47 04)
alloc(newmem,$1000)

label(code)
label(return)
label(w)

newmem:
//0019EB18 (esp+18) - 00463091 - (pointer)Beard_Blade.exe+63091
//0019EB38 (esp+38) - 00018A27 - (dword)00018A27(100903)
//0019EB2C (esp+2C) - FFFFFFFB - (dword)FFFFFFFB(4294967291)
//0019EB4C (esp+4C) - 4555FFFB - (float)3424.00
//0019EB5C (esp+5C) - C005FFFB - (float)-2.09
//0019EB64 (esp+64) - 00018A27 - (dword)00018A27(100903)

//Maybe work better:
//0019EB38 (esp+38) - 00018A27 - (dword)00018A27(100903)
//0019EB64 (esp+64) - 00018A27 - (dword)00018A27(100903)

cmp [esp+64],00018A27
jne code

addsd xmm0,[w]
movsd [edi],xmm0

code:
movsd [edi],xmm0
pop edi
jmp return

w:
dq (double)999

Money2:
jmp newmem
return:
registersymbol(Money2)

[DISABLE]

Money2:
db F2 0F 11 07 5F

unregistersymbol(Money2)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: Beard_Blade.exe+1722B6

Beard_Blade.exe+17229D: 83 78 08 00 - cmp dword ptr [eax+08],00
Beard_Blade.exe+1722A1: 0F 85 0C 03 00 00 - jne Beard_Blade.exe+1725B3
Beard_Blade.exe+1722A7: 5F - pop edi
Beard_Blade.exe+1722A8: 89 70 08 - mov [eax+08],esi
Beard_Blade.exe+1722AB: 5E - pop esi
Beard_Blade.exe+1722AC: 5D - pop ebp
Beard_Blade.exe+1722AD: 5B - pop ebx
Beard_Blade.exe+1722AE: 83 C4 08 - add esp,08
Beard_Blade.exe+1722B1: C3 - ret
Beard_Blade.exe+1722B2: F2 0F 10 06 - movsd xmm0,[esi]
// ---------- INJECTING HERE ----------
Beard_Blade.exe+1722B6: F2 0F 11 07 - movsd [edi],xmm0
// ---------- DONE INJECTING ----------
Beard_Blade.exe+1722BA: 5F - pop edi
Beard_Blade.exe+1722BB: 5E - pop esi
Beard_Blade.exe+1722BC: 5D - pop ebp
Beard_Blade.exe+1722BD: 5B - pop ebx
Beard_Blade.exe+1722BE: 83 C4 08 - add esp,08
Beard_Blade.exe+1722C1: C3 - ret
Beard_Blade.exe+1722C2: 8B 06 - mov eax,[esi]
Beard_Blade.exe+1722C4: 89 07 - mov [edi],eax
Beard_Blade.exe+1722C6: 8B 46 04 - mov eax,[esi+04]
Beard_Blade.exe+1722C9: 89 47 04 - mov [edi+04],eax
}


Code 2 for Infinite Hp:

[ENABLE]

aobscanmodule(Hp2,Beard_Blade.exe,F2 0F 11 07 5F 5E 5D 5B 83 C4 08 C3 8B 06 89 07 8B 46 04 89 47 04) // should be unique
alloc(newmem,$1000)

label(code)
label(return)
label(w)
newmem:
//0019EAF8 (esp+38) - 00018A1F - (dword)00018A1F(100895)
//0019EB0C (esp+4C) - 4555FFFB - (float)3424.00
//0019EB24 (esp+64) - 00018A1F - (dword)00018A1F(100895)
//0019EB48 (esp+88) - FFFFFFFB - (dword)FFFFFFFB(4294967291)

//Maybe work better:
//0019EAF8 (esp+38) - 00018A1F - (dword)00018A1F(100895)

cmp [esp+38],00018A1F
jne code

addsd xmm0,[w]
movsd [edi],xmm0

code:
movsd [edi],xmm0
pop edi
jmp return
w:
dq (double)3

Hp2:
jmp newmem
return:
registersymbol(Hp2)

[DISABLE]

Hp2:
db F2 0F 11 07 5F

unregistersymbol(Hp2)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: Beard_Blade.exe+1722B6

Beard_Blade.exe+17229D: 83 78 08 00 - cmp dword ptr [eax+08],00
Beard_Blade.exe+1722A1: 0F 85 0C 03 00 00 - jne Beard_Blade.exe+1725B3
Beard_Blade.exe+1722A7: 5F - pop edi
Beard_Blade.exe+1722A8: 89 70 08 - mov [eax+08],esi
Beard_Blade.exe+1722AB: 5E - pop esi
Beard_Blade.exe+1722AC: 5D - pop ebp
Beard_Blade.exe+1722AD: 5B - pop ebx
Beard_Blade.exe+1722AE: 83 C4 08 - add esp,08
Beard_Blade.exe+1722B1: C3 - ret
Beard_Blade.exe+1722B2: F2 0F 10 06 - movsd xmm0,[esi]
// ---------- INJECTING HERE ----------
Beard_Blade.exe+1722B6: F2 0F 11 07 - movsd [edi],xmm0
// ---------- DONE INJECTING ----------
Beard_Blade.exe+1722BA: 5F - pop edi
Beard_Blade.exe+1722BB: 5E - pop esi
Beard_Blade.exe+1722BC: 5D - pop ebp
Beard_Blade.exe+1722BD: 5B - pop ebx
Beard_Blade.exe+1722BE: 83 C4 08 - add esp,08
Beard_Blade.exe+1722C1: C3 - ret
Beard_Blade.exe+1722C2: 8B 06 - mov eax,[esi]
Beard_Blade.exe+1722C4: 89 07 - mov [edi],eax
Beard_Blade.exe+1722C6: 8B 46 04 - mov eax,[esi+04]
Beard_Blade.exe+1722C9: 89 47 04 - mov [edi+04],eax
}


As you can see:
aobscanmodule (Money2, Beard_Blade.exe, F2 0F 11 07 5F 5E 5D 5B 83 C4 08 C3 8B 06 89 07 8B 46 04 89 47 04) and
aobscanmodule (Hp2, Beard_Blade.exe, F2 0F 11 07 5F 5E 5D 5B 83 C4 08 C3 8B 06 89 07 8B 46 04 89 47 04) already have the same bytes.
When I activate one of these cheats I cannot activate the other, the cheats work perfectly if I activate them individually.

What did I have to do to solve?

Thx for the help ^^
Top
User avatar
Marc
Table Makers
Table Makers
Posts: 378
Joined: Mon Mar 26, 2018 2:35 pm
Reputation: 377

Re: How to separate 2 or more different cheats that have the same bytes?

Post by Marc »

Well, you are targeting the very same destination of the original game code. You can only make one injection in this code, so you have to join both cheat codes into one single injection, where you have to distinct if you are currently picking up money or getting hit.

Something like this (smashed together, I have to admit):

Code: Select all

cmp [esp+64],00018A27 // check if you're picking up money
jne health  // if not, see if you're getting hurt

addsd xmm0,[w]  // money cheat going on here...
movsd [edi],xmm0
jmp code // back to normal game code

health:
cmp [esp+38],00018A1F // check if you're getting hurt
jne code  // if not, back to normal

addsd xmm0,[w] // health cheat here
movsd [edi],xmm0

code:
movsd [edi],xmm0
pop edi
jmp return
hope this helps,
Marc
Top
Post Reply

Return to “General Gamehacking”

Who is online

Users browsing this forum: No registered users