Hello everybody and thanks for taking the time to read my post, i really apreciatte it!
Disclaimer:This is my first time trying to use CE with a real game, i saw a little course on Udemy, to learn how to do injections and so on.
Also i did the tutorials and saw after i solved them a few videos of other people doing them just to see a couple different solutions,
Plus i have a moderate knowledge of assembly and have hacked small free software games as assault cube. But this is my first "Serious" project.
but as i said im a complete noob so... be patient and keep in mind i may have missed easy things or ask dumb things, im sorry. Please be kind!!!
What im trying to do is to learn how the ammo multiplier of Silent hill 3 works, in order to patch a little bug that randomly makes it impossible to get ammo, since the ammo multiplier will set to 0 so 10 (or the cuantity of bullets in a box) * 0 = 0!
So far i managed to find the direction of the ammo multiplier, it was easy, no pointers at all, the game uses just one static address, also managed to get what acces that addres and found the piece of code in the dissasembler.
As far as i understand, look at the red boxes in my screenshot, it does check that the variable is equal or biger than 1 and equal or smaller than 5, wich are the minimum and maximum values set by the developers.
if you have a value smaller or bigger than those,then it calls a corrective function that resets the ammo multiplier to 1, as seen in sh3.exe+1E58B9.
Sooooo my first hipotesis to where the bug relies was not correct, but still i wanted to test if the corrective function was working as it should, so i tried setting a breakpoint and run step by step (not forgeting to step into the call) but the trick is that it does not execute the function at all ever.
Now, im thinking i may be setting the breakpoint wrong, but is the only one that wont freeze the game and would let me start steping over or into or even run throw the code, other varieties i have tried, as in the compare [sh3.exe+1E58B9] to 05 would freeze the game.
I also tried as you see in the video setting the value of the ammo to above 5 and setting al register to 5 in order to avoid the jump that skips the function call, even tried noping the instruction cmp al, 05 and its respective jump, and yes... it will go to the cmp [sh3.exe+1E58B9] but it wont triger the function call at all.
Any suggestion, tip or help you can give me please?
im pretty much lost with it. Is there something im forgetting? missing? or am i missunderstanding the piece of code at all?
please check the video: [Link]
screenshot :
[Link]
Thank you all for your time
Oh also if you need to check here is my sh3.CT file: [Link]
Help setting break point in Silent Hill 3 ammo multiplier
- Gear2ndGandalf
- Expert Cheater
- Posts: 131
- Joined: Mon Aug 23, 2021 11:27 pm
- Reputation: 135
Re: Help setting break point in Silent Hill 3 ammo multiplier
Can you tell me what you are doing when this bug happens and what may be the cause?
Are you using a script for the Ammo Adjust setting that is causing an issue, or is this an issue the game has on its own when using this setting?
I play using [Link] patch which fixes many issues with the Silent Hill 3 PC port.
It’s just weird as I’ve never encountered this bug myself.
Are you using a script for the Ammo Adjust setting that is causing an issue, or is this an issue the game has on its own when using this setting?
I play using [Link] patch which fixes many issues with the Silent Hill 3 PC port.
It’s just weird as I’ve never encountered this bug myself.
Re: Help setting break point in Silent Hill 3 ammo multiplier
^ also: set some 'Find out what addresses...' on some of the opcodes. If these windows remain empty, the code is not accessed at that particular point.
ps: looking at the fn, there is a cmp at the start which can jump to end, so place a BP there as well (although if that fn is ignored altogether, or gets accessed in different locations, you won't get an execution either ~ iow you'll need to find out where that fn is called, and place a BP there...)
ps: looking at the fn, there is a cmp at the start which can jump to end, so place a BP there as well (although if that fn is ignored altogether, or gets accessed in different locations, you won't get an execution either ~ iow you'll need to find out where that fn is called, and place a BP there...)
Who is online
Users browsing this forum: Tigrex