Help with doing something xmm registers related cheats

[squall0833]

Hello, everyone, I'm still a newbie in CE,



here's something in game, it's a gauge in float value, with instruction : always writes to the address all the time



[quote]04D6AC36: F3 41 0F 11 AF B0 00 00 00 - movss [r15+000000B0],xmm5[/quote]



In the game,you need to do something so the gauge goes up slowly, if you stop doing anything, that gauge value reduce over time, so...



for some reason I don't want to make it instant full by doing like [B]mov [r15+000000B0],(float)100.0[/B]



I want to make a cheat that speeds up the value increase, like double or more by multiplier



normally i know how to do multiplier cheats but I don't know how when there's xmm register and it's Float value



have any idea how to do that?



I was trying to find a way to get latest value from xmm5 to a register, then sub the value with current value, multiply it, add it to the current value, and put the final value back to xmm5.



is it possible to do that?







Thanks

[Squall8]

Its basically like the same way I taught you before, except now the commands change slightly.



ADD>ADDSS

SUB>SUBSS

MUL>MULSS



You can also look a couple lines up from the MOVSS to see if there is something like [B]addss[/B] [B]xmm5,xmm(x)[/B]. Then you can inject there and simply add this before anything:

[B]mulss xmm(x)[/B],[B][yourmultiplier][/B]

[TimFun13]

[QUOTE="squall0833, post: 44925, member: 639"]...get latest value from xmm5 to a register...[/QUOTE]

[CODE=nasm]cvtss2si eax,xmm5

//..

cvtsi2ss xmm5,eax[/CODE]

[U][URL]https://wiki.cheatengine.org/index.php?title=Assembler:Commands:CVTSI2SD[/URL]

[URL]https://wiki.cheatengine.org/index.php?title=Assembler:Commands:CVTSI2SS[/URL][/U]



But like [USER=240]@Squall8[/USER] said, look to see if it has a multiplier it most likely does and you can just hijack that.



[U][URL]https://wiki.cheatengine.org/index.php?title=Assembler:Commands:MOVSS[/URL]

[URL]https://wiki.cheatengine.org/index.php?title=Assembler:Commands:SUBSS[/URL]

[URL]https://wiki.cheatengine.org/index.php?title=Assembler:Commands:ADDSS[/URL][/U]

[squall0833]

[QUOTE="Squall8, post: 44927, member: 240"]Its basically like the same way I taught you before, except now the commands change slightly.



ADD>ADDSS

SUB>SUBSS

MUL>MULSS



You can also look a couple lines up from the MOVSS to see if there is something like [B]addss[/B] [B]xmm5,xmm(x)[/B]. Then you can inject there and simply add this before anything:

[B]mulss xmm(x)[/B],[B][yourmultiplier][/B][/QUOTE]

[QUOTE="ShyTwig16, post: 44929, member: 91"][CODE=nasm]cvtss2si eax,xmm5

//..

cvtsi2ss xmm5,eax[/CODE]

[U][URL]https://wiki.cheatengine.org/index.php?title=Assembler:Commands:CVTSI2SD[/URL]

[URL]https://wiki.cheatengine.org/index.php?title=Assembler:Commands:CVTSI2SS[/URL][/U]



But like [USER=240]@Squall8[/USER] said, look to see if it has a multiplier it most likely does and you can just hijack that.



[U][URL]https://wiki.cheatengine.org/index.php?title=Assembler:Commands:MOVSS[/URL]

[URL]https://wiki.cheatengine.org/index.php?title=Assembler:Commands:SUBSS[/URL]

[URL]https://wiki.cheatengine.org/index.php?title=Assembler:Commands:ADDSS[/URL][/U][/QUOTE]





What I see are these

[quote]

""+2B6E7672: 41 83 3E 00 - cmp dword ptr [r14],00

""+2B6E7676: 49 BB 20 97 6F 2B 00 00 00 00 - mov r11,000000002B6F9720

""+2B6E7680: 41 FF D3 - call r11

""+2B6E7683: 48 83 C4 20 - add rsp,20

""+2B6E7687: F3 41 0F 10 87 B0 00 00 00 - movss xmm0,[r15+000000B0]

""+2B6E7690: F3 0F 5A C0 - cvtss2sd xmm0,xmm0

""+2B6E7694: F3 0F 10 4D C8 - movss xmm1,[rbp-38]

""+2B6E7699: F3 0F 5A C9 - cvtss2sd xmm1,xmm1

""+2B6E769D: F3 41 0F 10 97 E4 00 00 00 - movss xmm2,[r15+000000E4]

""+2B6E76A6: F3 0F 5A D2 - cvtss2sd xmm2,xmm2

// ---------- INJECTING HERE ----------

""+2B6E76AA: F2 0F 59 CA - mulsd xmm1,xmm2

""+2B6E76AE: F2 0F 58 C1 - addsd xmm0,xmm1 /// I tried add a line before this mulsd xmm1,[multiplier] but the gauge freezed

// ---------- DONE INJECTING ----------

""+2B6E76B2: F2 0F 5A E8 - cvtsd2ss xmm5,xmm0 ///the only line has xmm5,what does it do?

""+2B6E76B6: F3 41 0F 11 AF B0 00 00 00 - movss [r15+000000B0],xmm5 /// The Current Gauge Value

""+2B6E76BF: F3 41 0F 10 87 B0 00 00 00 - movss xmm0,[r15+000000B0]

""+2B6E76C8: F3 0F 5A C0 - cvtss2sd xmm0,xmm0[/quote]



did i do wrong ?

[TimFun13]

[USER=639]@squall0833[/USER]

Did you use MULSD with a double or MULSS with a single? Those are doubles so the instructions I gave before won't work, but most will if you use a double and change the [B]SS[/B] to [B]SD[/B], i.e.: [B]ADDSS[/B] to [B]ADDSD[/B].

[CODE=cea]//...

alloc(someMem, ...

label(someValue)

//...

someMem:

//...

mulsd xmm1,[someValue]

addsd xmm0,xmm1

//...

jmp return

someValue:

dq (double)2.5 //// Data quad / 8 bytes; (double precision floating point)

//...[/CODE]

[squall0833]

[QUOTE="ShyTwig16, post: 44960, member: 91"][USER=639]@squall0833[/USER]

Did you use MULSD with a double or MULSS with a single? Those are doubles so the instructions I gave before won't work, but most will if you use a double and change the [B]SS[/B] to [B]SD[/B], i.e.: [B]ADDSS[/B] to [B]ADDSD[/B].

[CODE=cea]//...

alloc(someMem, ...

label(someValue)

//...

someMem:

//...

mulsd xmm1,[someValue]

addsd xmm0,xmm1

//...

jmp return

someValue:

dq (double)2.5 //// Data quad / 8 bytes; (double precision floating point)

//...[/CODE][/QUOTE]





OOOoohh, it works :D



by changing that multiplier [somevalue] to double value, it works!



thanks, learnt something new about how to deal with xmm registers, and single, double float :)

[TimFun13]

Good to hear.



I have a tutorial here and on the wiki that goes over [URL='https://fearlessrevolution.com/threads/value-types.6506/'][U]value types[/U][/URL], you may find it helpful.

That and I just posted a new one on integers and one on [URL='https://fearlessrevolution.com/threads/code-injection-working-with-floats.6715/'][U]floats[/U][/URL], it lightly goes over singles and doubles.