A liitle bit more advanced code cave

Discussion in 'Trainer Creation' started by trainee 2, Jun 24, 2015.

  1. tr

    trainee 2 Newbie
    0/47

    Ok this is for people who are trying to learn to code cave but theyre patches / caves are failling
    if you get a bp and it looks like this
    //822E7C28 C1A10058 lfs fr13,58h(r1)
    //822E7C2C FF006800 fcmpu cr6,fr0,fr13
    //822E7C30 40980014 bge cr6,822E7C44
    //822E7C34 D01F0000 stfs fr0,0(r31)

    and do a patch normally it will always fail here is an example of a bad cave :
    ASM void GOD_IKILL () {
    //822E7C28 C1A10058 lfs fr13,58h(r1)
    //822E7C2C FF006800 fcmpu cr6,fr0,fr13
    //822E7C30 40980014 bge cr6,822E7C44
    //822E7C34 D01F0000 stfs fr0,0(r31)
    DWORD p1,ret; float f1;
    __asm lfs fr13,58h(r1)
    __asm fcmpu cr6,fr0,fr13
    __asm bge cr6,822E7C44
    __asm lwz p1,68h(r31)
    __asm stfs fr0,f1
    if (MyTrainer.Cheat[1] && p1 == 0xF )f1 = 200.0;
    if (MyTrainer.Cheat[2] && p1 == 0x0 )f1 = 0.0;
    __asm lfs fr0,f1
    __asm stfs fr0,0(r31)
    ret = 0x822E7C38;
    __asm mtctr ret
    __asm bctr
    }
    This will never work and probably crash there is no ifs or buts it will fail

    //822E7C28 C1A10058 lfs fr13,58h(r1)
    //822E7C2C FF006800 fcmpu cr6,fr0,fr13
    //822E7C30 40980014 bge cr6,822E7C44 // this small piece of code must be dealt with
    //822E7C34 D01F0000 stfs fr0,0(r31)
    because you have bge cr6,822E7C44 you have to deal with this alone as its pointing to some were out side the cave / patch so you would do this

    ASM void GOD_IKILL () {
    //822E7C28 C1A10058 lfs fr13,58h(r1)
    //822E7C2C FF006800 fcmpu cr6,fr0,fr13
    //822E7C30 40980014 bge cr6,822E7C44
    //822E7C34 D01F0000 stfs fr0,0(r31)
    DWORD p1,ret; float f1;
    __asm lfs fr13,58h(r1)
    __asm fcmpu cr6,fr0,fr13
    __asm bge cr6,branch
    __asm lwz p1,68h(r31)
    __asm stfs fr0,f1
    if (MyTrainer.Cheat[1] && p1 == 0xF )f1 = 200.0;
    if (MyTrainer.Cheat[2] && p1 == 0x0 )f1 = 0.0;
    __asm lfs fr0,f1
    __asm stfs fr0,0(r31)
    ret = 0x822E7C38;
    __asm mtctr ret
    __asm bctr
    __asm branch:;
    ret = 0x822E7C44;
    __asm mtctr ret
    __asm bctr
    }
    __asm branch:;
    ret = 0x822E7C44;
    __asm mtctr ret
    __asm bctr // this takes into affect that its there and deals with it ,its very affective as the patch cave will now work , But if the offset ever points to any thing in youre patch you will not be able to use it at all and will need to find some were else to do youre patch
     
    trainee 2, Jun 24, 2015
    #1

Share This Page