FearLess Cheat Engine

[CODE] mov [rdx+68],eax



//mov eax,[rdx+68]

test eax,eax

jmp return[/CODE]



I would like to edit x2 damage for some this



I try mov [rdx+68],0 but its effect hit 1 dead. i just want only x2 damage. but went i try 1 or more increase damage will not decrease and freeze score

Some that I can think of if you are trying to multiply EAX by 2.

[CODE=cea]

shl eax

mov [rdx+68],eax

//mov eax,[rdx+68]

test eax,eax

jmp return

[/CODE]

[CODE=cea]

imul eax,2

mov [rdx+68],eax

//mov eax,[rdx+68]

test eax,eax

jmp return

[/CODE]

[CODE=cea]

push ebx

mov ebx,2

mul ebx

pop ebx

mov [rdx+68],eax

//mov eax,[rdx+68]

test eax,eax

jmp return

[/CODE]

But, it depends.

[QUOTE="happyTugs, post: 135990, member: 39952"]

Some that I can think of if you are trying to multiply EAX by 2.

[/QUOTE]

What is [B][rdx+68][/B] exactly? If it's health then those won't work. As you'll be multiplying the health. So if you have 100 health, take 50 damage, you'll multiply 50*2 and get 100 health back again.

[QUOTE]If it's health then those won't work [/QUOTE]

Thank you for catching me. I am assuming that eax is some value and is not the calculated health value. If [B][rdx+68][/B] contains health then the below should work. However, you may need to check for integer overflows if health is unsigned.

[CODE=cea]

shl eax

sub [rdx+68],eax

//mov [rdx+68],eax

//mov eax,[rdx+68]

test eax,eax

jmp return

[/CODE]

[CODE=cea]

imul eax,2

sub [rdx+68],eax

//mov [rdx+68],eax

//mov eax,[rdx+68]

test eax,eax

jmp return

[/CODE]

[CODE=cea]

push ebx

mov ebx,2

mul ebx

pop ebx

sub [rdx+68],eax

//mov [rdx+68],eax

//mov eax,[rdx+68]

test eax,eax

jmp return

[/CODE]

If eax is the calculated health value, I would trace backwards to find how eax is calculated instead of trying to modify eax at that point. But, you could do that as well.

[CODE][ENABLE]



aobscanmodule(DmgInc,Psycosid.exe,03 89 73 68 48 8B 5C 24 30) // should be unique

alloc(newmem,$1000,"Psycosid.exe"+746105)



label(code)

label(return)



newmem:



code:

mov [rbx+68],esi

mov rbx,[rsp+30]

jmp return



DmgInc+01:

jmp newmem

nop 3

return:

registersymbol(DmgInc)



[DISABLE]



DmgInc+01:

db 89 73 68 48 8B 5C 24 30



unregistersymbol(DmgInc)

dealloc(newmem)



{

// ORIGINAL CODE - INJECTION POINT: "Psycosid.exe"+746105



"Psycosid.exe"+7460EA: 75 1C - jne Psycosid.exe+746108

"Psycosid.exe"+7460EC: 8B 43 68 - mov eax,[rbx+68]

"Psycosid.exe"+7460EF: 85 C0 - test eax,eax

"Psycosid.exe"+7460F1: 74 12 - je Psycosid.exe+746105

"Psycosid.exe"+7460F3: 85 F6 - test esi,esi

"Psycosid.exe"+7460F5: 75 0E - jne Psycosid.exe+746105

"Psycosid.exe"+7460F7: 89 43 6C - mov [rbx+6C],eax

"Psycosid.exe"+7460FA: 48 8B 47 50 - mov rax,[rdi+50]

"Psycosid.exe"+7460FE: 48 83 78 18 00 - cmp qword ptr [rax+18],00

"Psycosid.exe"+746103: 75 03 - jne Psycosid.exe+746108

// ---------- INJECTING HERE ----------

"Psycosid.exe"+746105: 89 73 68 - mov [rbx+68],esi

"Psycosid.exe"+746108: 48 8B 5C 24 30 - mov rbx,[rsp+30]

// ---------- DONE INJECTING ----------

"Psycosid.exe"+74610D: 48 8B 74 24 38 - mov rsi,[rsp+38]

"Psycosid.exe"+746112: 48 83 C4 20 - add rsp,20

"Psycosid.exe"+746116: 5F - pop rdi

"Psycosid.exe"+746117: C3 - ret

"Psycosid.exe"+746118: CC - int 3

"Psycosid.exe"+746119: CC - int 3

"Psycosid.exe"+74611A: CC - int 3

"Psycosid.exe"+74611B: CC - int 3

"Psycosid.exe"+74611C: CC - int 3

"Psycosid.exe"+74611D: CC - int 3 [/CODE]



Look right all crash inject. here original code

You can do something like this. Example code from one of my tables.



[CODE][ENABLE]

aobscanmodule(xpMultiplier,D_2.exe,44 01 B1 C4 01 00 00)

alloc(newmem,$1000,xpMultiplier)



label(code)

label(return)



newmem:

sub r14d,[rcx+000001C4] // subtract "new" XP value from old value

imul r14d,#2 // multiply gained XP by 2

add r14d,[rcx+000001C4] // add "old" XP value to multiplied value



code:

mov [rcx+000001C4],r14d // give player modified XP amount

jmp return



xpMultiplier:

jmp newmem

nop 2

return:

registersymbol(xpMultiplier)[/CODE]