I'm very new when it comes to actually using Cheat Engine. Meaning I've done the bare minimum basic things like finding, changing and freezing values as well as using tables for years, but I'm finally diving into properly making my own scripts and learning how to make these tables myself and I decided AC Valhalla was a good starting point but I'm finding that to be less and less true as I go about things. Here's a recent problem I'm having while experimenting.
I'm trying to make something akin to aSwedishMagyar's Damage Multiplier viewtopic.php?f=4&t=14392
in where it multiplies Stun Damage instead. First I set my damage multiplier in his table to 0 that way I could keep my target from dying. I was using a boss enemy with a large amount of Defense as to give myself the most amount of time. Using unknown initial value and subsequent decreased value scans with some unchanged value scans thrown in to widdle it down, I finally found the enemy's Defense address and through that found the opcode, via the debugger for what accesses the address, that handles how much damage is being dealt to it per hit.
This is what I have so far.
I'm multiplying the amount subtracted from the enemy's Defense by an integer value and it works. My stun damage is multiplied according to whatever I change the attached value to. r8d is storing it as an integer but what I want to do is convert that integer to a float with fild, use fmul to multiply it by my variable, then fist it back into an integer before it goes through the normal process. It is not letting me do this as it says unable to compile when attempting and my assumption here is that I cannot convert values stored in any of the r# areas. That's just my immediate assumption though.
Here is the memory view location:
The "mov r8d,edx" opcode near the top is storing my stun damage as well so I tried making my script there instead and it did allow me to compile the script via converting to float, multiply, convert to integer but it would crash the moment I hit anything in testing.
Here is the test script:
Now am I just missing something incredibly simple here? Any help would be greatly appreciated.
Assassin's Creed Valhalla - Stun Damage Integer to Float Multiplier question
-
- Noobzor
- Posts: 6
- Joined: Tue Oct 31, 2017 2:05 pm
- Reputation: 0
-
- Table Makers
- Posts: 674
- Joined: Mon Jul 06, 2020 3:19 am
- Reputation: 1219
Re: Assassin's Creed Valhalla - Stun Damage Integer to Float Multiplier question
You are treating edx as a pointer, it is actually holding an integer so when you reference the address it crashes.
Try and see if this works:
Alternatively you can make a temp variable to store the value like this:
Try and see if this works:
Code: Select all
push edx
fild [esp]
fmul [multVal]
fistp [esp]
pop edx
Code: Select all
mov [tempVar],edx
fild [tempVar]
fmul [multVal]
fistp [tempVar]
mov edx,[tempVar]
-
- Noobzor
- Posts: 6
- Joined: Tue Oct 31, 2017 2:05 pm
- Reputation: 0
Re: Assassin's Creed Valhalla - Stun Damage Integer to Float Multiplier question
aSwedishMagyar wrote: ↑Wed Mar 03, 2021 6:41 amYou are treating edx as a pointer, it is actually holding an integer so when you reference the address it crashes.
Try and see if this works:Code: Select all
push edx fild [esp] fmul [multVal] fistp [esp] pop edx
That worked beautifully, and I definitely didn't expect the man himself to respond. I still have a question as to how this is actually working though if you wouldn't mind answering. How have you determined that esp is the one that needs to be multiplied if edx is holding the value? Is the fistp storing that into edx and that is why we are pushing edx before using esp in the first place, then popping it so the rest of the code can use it as normal? Or is the pop itself storing whatever the esp value ends up being into edx?
Also with the pointer thing, does that mean I was essentially multiplying the address itself or? Sorry, I just started learning this stuff like 3 or so days ago so if these questions seem stupid, that's why.
-
- Table Makers
- Posts: 674
- Joined: Mon Jul 06, 2020 3:19 am
- Reputation: 1219
Re: Assassin's Creed Valhalla - Stun Damage Integer to Float Multiplier question
The reason why is that esp holds an address and what is in that address is the last thing pushed onto the stack.CyanicDream wrote: ↑Wed Mar 03, 2021 8:01 amThat worked beautifully, and I definitely didn't expect the man himself to respond. I still have a question as to how this is actually working though if you wouldn't mind answering. How have you determined that esp is the one that needs to be multiplied if edx is holding the value? Is the fistp storing that into edx and that is why we are pushing edx before using esp in the first place, then popping it so the rest of the code can use it as normal? Or is the pop itself storing whatever the esp value ends up being into edx?
Also with the pointer thing, does that mean I was essentially multiplying the address itself or? Sorry, I just started learning this stuff like 3 or so days ago so if these questions seem stupid, that's why.
Pushing edx onto the stack would be the same thing as this:
Code: Select all
sub rsp,8
mov [rsp],edx
Also, I forgot but AC Valhalla is a 64 bit game so use [rsp] not [esp] in the code I gave earlier.
-
- Noobzor
- Posts: 6
- Joined: Tue Oct 31, 2017 2:05 pm
- Reputation: 0
Re: Assassin's Creed Valhalla - Stun Damage Integer to Float Multiplier question
Ohhhh okay, now that makes sense. So by pushing edx onto the stack, rsp would then contain the address associated with edx since, obviously, edx was the last thing pushing onto the stack. Then do said manipulation with rsp, and pop edx back into the register.aSwedishMagyar wrote: ↑Wed Mar 03, 2021 8:53 amThe reason why is that esp holds an address and what is in that address is the last thing pushed onto the stack.CyanicDream wrote: ↑Wed Mar 03, 2021 8:01 amThat worked beautifully, and I definitely didn't expect the man himself to respond. I still have a question as to how this is actually working though if you wouldn't mind answering. How have you determined that esp is the one that needs to be multiplied if edx is holding the value? Is the fistp storing that into edx and that is why we are pushing edx before using esp in the first place, then popping it so the rest of the code can use it as normal? Or is the pop itself storing whatever the esp value ends up being into edx?
Also with the pointer thing, does that mean I was essentially multiplying the address itself or? Sorry, I just started learning this stuff like 3 or so days ago so if these questions seem stupid, that's why.
Pushing edx onto the stack would be the same thing as this:The reason why it would crash as soon as you tried to do fild [edx] because edx held an integer value which was not within the valid address range.Code: Select all
sub rsp,8 mov [rsp],edx
Also, I forgot but AC Valhalla is a 64 bit game so use [rsp] not [esp] in the code I gave earlier.
Thank you for throwing that bit of code my way as well as answering my questions. I didn't wanna just take the code and yeet off since I wouldn't have learned anything that way lmao. Anyway, thanks again
Re: Assassin's Creed Valhalla - Stun Damage Integer to Float Multiplier question
I will ask this once: Why are you using FPU in an x64 game? What's so hard about MMX? They follow the same typology any normal ASM follows.
Instead of doing that big ass sequence of instructions: push, fld, whatever-f, fstp, pop.. you can just do:
Let's "grow up" a bit, shall we?
P.S.#1: If xmm1 is used after your hook and you think you're overwriting it, then you have 14 more to pick from: xmm2 .. xmm15
P.S.#2: If you want to convert the value back and forth between float and integer, there are MMX mechanisms for that too. Just gotta find a good example But then again, I believe there will be just the same amount of instructions involved or perhaps even more. But hey.. you're learning something extra, how to do it with MMX
Instead of doing that big ass sequence of instructions: push, fld, whatever-f, fstp, pop.. you can just do:
Code: Select all
movss xmm1,[r64+offset] // read; now you have your float value in lower xmm1: xmm1 <- [r64+offset]
mulss xmm1,[fValue] // multiply; xmm1 * fValue
movss [r64+offset],xmm1 // write; get it back, updated: xmm1 -> [r64+offset]
P.S.#1: If xmm1 is used after your hook and you think you're overwriting it, then you have 14 more to pick from: xmm2 .. xmm15
P.S.#2: If you want to convert the value back and forth between float and integer, there are MMX mechanisms for that too. Just gotta find a good example But then again, I believe there will be just the same amount of instructions involved or perhaps even more. But hey.. you're learning something extra, how to do it with MMX
-
- Table Makers
- Posts: 674
- Joined: Mon Jul 06, 2020 3:19 am
- Reputation: 1219
Re: Assassin's Creed Valhalla - Stun Damage Integer to Float Multiplier question
Sure sure man, but since its an integer value in edx we'd use cvtsi2ss xmm1,edx and then just multiply normally.SunBeam wrote: ↑Wed Mar 03, 2021 9:42 pmI will ask this once: Why are you using FPU in an x64 game? What's so hard about MMX? They follow the same typology any normal ASM follows.
Instead of doing that big ass sequence of instructions: push, fld, whatever-f, fstp, pop.. you can just do:
movss xmm1,[r64+offset] // read; now you have your float value in lower xmm1: xmm1 <- [r64+offset]
mulss xmm1,[fValue] // multiply; xmm1 * fValue
movss [r64+offset],xmm1 // write; get it back, updated: xmm1 -> [r64+offset]
Let's "grow up" a bit, shall we?
P.S.: If xmm1 is used after your hook and you think you're overwriting it, then you have 14 more to pick from: xmm2 .. xmm15
I just like using the FPU as a personal preference, don't opcode-shame me.
Re: Assassin's Creed Valhalla - Stun Damage Integer to Float Multiplier question
I was asking the OP, man There's nothing wrong in using what you like, I am just suggesting leveling up a bit, moving away from that comfort zone and routine. It will become super boring if you do it 2389719237 times. You'll even think how boring it is BEFORE you even get to write a script "bleah, I have to write again that fld, fmul, fstp crap; why can't it be simpler.. or different, even if more lines of code?". But even so, take it as a challenge to learn something new We all need a change in our lives, at some point, hehe.aSwedishMagyar wrote: ↑Wed Mar 03, 2021 9:50 pmSure sure man, but since its an integer value in edx we'd use cvtsi2ss xmm1,edx and then just multiply normally.
I just like using the FPU as a personal preference, don't opcode-shame me.
-
- Noobzor
- Posts: 6
- Joined: Tue Oct 31, 2017 2:05 pm
- Reputation: 0
Re: Assassin's Creed Valhalla - Stun Damage Integer to Float Multiplier question
It's all I know at the moment and I'm very open to learning how to do it in different ways. Sadly I only have a few hours a day to sit down and learn this kind of stuff so I've only read a handful of tutorials and watched some videos. I want to see if I can dedicate some time to read through the CE documentation to see if that has any useful information as well.SunBeam wrote: ↑Wed Mar 03, 2021 10:02 pmI was asking the OP, man There's nothing wrong in using what you like, I am just suggesting leveling up a bit, moving away from that comfort zone and routine. It will become super boring if you do it 2389719237 times. You'll even think how boring it is BEFORE you even get to write a script "bleah, I have to write again that fld, fmul, fstp crap; why can't it be simpler.. or different, even if more lines of code?". But even so, take it as a challenge to learn something new We all need a change in our lives, at some point, hehe.aSwedishMagyar wrote: ↑Wed Mar 03, 2021 9:50 pmSure sure man, but since its an integer value in edx we'd use cvtsi2ss xmm1,edx and then just multiply normally.
I just like using the FPU as a personal preference, don't opcode-shame me.
Now the reason why I was using FPU instead of MMX is as of right now, I'm not even sure what either of those really are. I'm assuming FPU are your eax ebx ecx and MMX are the xmm*, is that correct? Or am I not even in the right ball park on that one? Also thank you for adding comments on your code earlier to help explain what each line is doing. I've got a text file I'm keeping a bunch of notes in that I've learned so far lmao
I am 100% willing to "grow up" as I really do want to learn as much as I can on my limited time available to me.
Re: Assassin's Creed Valhalla - Stun Damage Integer to Float Multiplier question
I recommend trying to use a debugger in the real sense of the word that does only that, debug. CE is more of a swiss army knife, it's not aimed at debugging as a major component.CyanicDream wrote: ↑Thu Mar 04, 2021 3:10 pmI'm assuming FPU are your eax ebx ecx and MMX are the xmm*, is that correct?
Here: [Link]
Then when you open an executable in the debugger, you will see this:
< x64 registers and flags >
< FPU >
< MMX >
So you have quite a shitload of registers to play with in case you want to save/restore states (yes, you can store the information for normal x64 registers in FPU or MMX) So: x64; FPU; MMX. 3 independent spaces.
BR,
Sun
-
- Noobzor
- Posts: 6
- Joined: Tue Oct 31, 2017 2:05 pm
- Reputation: 0
Re: Assassin's Creed Valhalla - Stun Damage Integer to Float Multiplier question
Oooo, I'm gonna go play around with that right now. Thank you for taking the time to educate me a bit.SunBeam wrote: ↑Thu Mar 04, 2021 3:32 pmI recommend trying to use a debugger in the real sense of the word that does only that, debug. CE is more of a swiss army knife, it's not aimed at debugging as a major component.CyanicDream wrote: ↑Thu Mar 04, 2021 3:10 pmI'm assuming FPU are your eax ebx ecx and MMX are the xmm*, is that correct?
Here: [Link]
Then when you open an executable in the debugger, you will see this:
< x64 registers and flags >
< FPU >
< MMX >
So you have quite a shitload of registers to play with in case you want to save/restore states (yes, you can store the information for normal x64 registers in FPU or MMX) So: x64; FPU; MMX. 3 independent spaces.
BR,
Sun
- PeaceBeUponYou
- Expert Cheater
- Posts: 75
- Joined: Sat Dec 12, 2020 8:09 am
- Reputation: 124
Re: Assassin's Creed Valhalla - Stun Damage Integer to Float Multiplier question
XMM registers are NOT MMX registers, they are SSE registers(128-bit registers used in SSE-SSE_4.2). MMX register are MM0 - MM7 (64bit registers), and they are not supported by CE assembler.(As a matter of fact they are not used by any modern process which are advancing for AVX(YMM: 256-bit) and AVX-512(ZMM: 512-bit))
Re: Assassin's Creed Valhalla - Stun Damage Integer to Float Multiplier question
[Link]
Correct. I guess I got used to labeling them wrong like that out of habit Thanks.
Who is online
Users browsing this forum: No registered users