Helldivers (1)

[KarlCocks]

Hi there guys,

I noticed that the cheat table in this topic is no longer updated here: viewtopic.php?f=4&t=2005
That's why I'm trying to create one myself for single player only, but I'm failing miserably.

By and large, I understand the process behind Cheat Engine, the basics are clear to me. I can also find the right places to adjust the values for a game session, but I have massive problems finding the pointers to make it work across sessions.

Let's take the current magazine of the primary weapon, for example. There it is quite easy to find the appropriate addresses, there are usually 4 doubles, but one only changes the actual value during game play, the others seem to be pure displays, and one displays the ammo for the currently selected weapon.
Then I use the function to see what is writing to this address, and only find a single, incrementing entry when a shot is fired.
This is the code that gets executed when firing a shot:

Code: Select all

helldivers.exe+1B42E9 - 48 89 29              - mov [rcx],rbp

If I understand it correctly, this command means that the value from register rbp is written to the memory whose address is stored in register rcx. The rcx register points to a specific address to which a value is written that originates from a memory operation in rbp.

This here is the line before and it writes to rpb, but I have no clue what it really means, other than rbp now contains a value from presumably a pointer operation or a pointer to data.

Code: Select all

helldivers.exe+1B42E5 - 48 8B 2C C2           - mov rbp,[rdx+rax*8]

I tried the use the auto assembly function of cheat engine, but I am not sure how to alter the original code to make it work.
Every change to the original code seems to crash the game instantly.

That's the surrounding code:

Code: Select all

helldivers.exe+1B42D5 - 74 26                 - je helldivers.exe+1B42FD
helldivers.exe+1B42D7 - F6 45 04 04           - test byte ptr [rbp+04],04
helldivers.exe+1B42DB - 0F85 88000000         - jne helldivers.exe+1B4369
helldivers.exe+1B42E1 - 0FB6 46 FD            - movzx eax,byte ptr [rsi-03]
helldivers.exe+1B42E5 - 48 8B 2C C2           - mov rbp,[rdx+rax*8]
helldivers.exe+1B42E9 - 48 89 29              - mov [rcx],rbp
helldivers.exe+1B42EC - 8B 06                 - mov eax,[rsi]
helldivers.exe+1B42EE - 0FB6 CC               - movzx ecx,ah
helldivers.exe+1B42F1 - 0FB6 E8               - movzx ebp,al
helldivers.exe+1B42F4 - 83 C6 04              - add esi,04
helldivers.exe+1B42F7 - C1 E8 10              - shr eax,10
helldivers.exe+1B42FA - FF 24 EB              - jmp qword ptr [rbx+rbp*8]
helldivers.exe+1B42FD - 83 7D 10 00           - cmp dword ptr [rbp+10],00
helldivers.exe+1B4301 - 74 D4                 - je helldivers.exe+1B42D7

I'm not sure, but I suspect that the game works internally with one or more entity lists. But I have no idea what to look for or where to start.
The strange thing is that some addresses even become invalid during the game. As if they are only temporarily on the stack and then fall victim to the garbage collection again (tell me if I am wrong).
In the beginning the addresses are colored "green" in the disassembler, but over time they end up in the "white" part, that's what I mean...

I've already watched tutorials and read up a bit on assembly language, but in the games from the examples or tutorials it seems to be very different from Helldivers. In games like Assault Cube, Nioh, games based on the Source Engine, GTA it all looks logical and understandable.
However, I can't seem to apply this knowledge here.

Maybe someone here can point me in the right direction or give me a tip, I would really appreciate it.

Thanks and cheers,
Karl