25.06.2021, 20:44
So, first of all, the instruction
shows you, that your value is a 2 byte value. You can see that by the cx. ax, bx, cx, ..... are 2 bytes while eax,ebx,ecx are 4 bytes (usually, it depends on the instruction itself)
So, when you set your value type of your health address to 2 bytes you should see a much more readable health value, like 100 when at full health.
Oh, and your max health value is at <current_health_address+2> also 2 byte.
For the rest it is again more a guessing as we don't see enough to tell what you can do but in this case:
I have the same version as you so I can tell you, you could compare esi=7 for player and esi=9 for enemy.
But keep in mind that nobody can tell what you could compare, when we just see a video. In some cases it is not even
possible to just compare a register itself.
You can just copy and paste the following script. Oh and don't forget, the instruction only gets executed after you got hit,
as you selected "find out what writes to this address"
Code:
[edx+52],cx
So, when you set your value type of your health address to 2 bytes you should see a much more readable health value, like 100 when at full health.
Oh, and your max health value is at <current_health_address+2> also 2 byte.
For the rest it is again more a guessing as we don't see enough to tell what you can do but in this case:
I have the same version as you so I can tell you, you could compare esi=7 for player and esi=9 for enemy.
But keep in mind that nobody can tell what you could compare, when we just see a video. In some cases it is not even
possible to just compare a register itself.
You can just copy and paste the following script. Oh and don't forget, the instruction only gets executed after you got hit,
as you selected "find out what writes to this address"
Code:
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem:
cmp esi,7
jne originalcode
mov cx,[edx+54]
originalcode:
mov [edx+52],cx
mov eax,[ebp-04]
exit:
jmp returnhere
"EvilDead.exe"+34B259:
jmp newmem
nop 2
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"EvilDead.exe"+34B259:
mov [edx+52],cx
mov eax,[ebp-04]
//Alt: db 66 89 4A 52 8B 45 FC