Re: Far Cry New Dawn - table v: 1.0.9 CT
Posted: Sat Mar 30, 2019 4:22 pm
Community Cheat Tables of Cheat Engine
https://fearlessrevolution.com/
I bet there is but you might have to call a function with the entity, but you might get lucky and it just be a flag.
Code: Select all
FC_m64.dll+109AB2A3 - F3 41 0F10 0C 24 - movss xmm1,[r12] <------------ Icon on World Map coordinates ;)
FC_m64.dll+109AB2A9 - 48 8D 4C 24 68 - lea rcx,[rsp+68]
FC_m64.dll+109AB2AE - F3 41 0F5C 0E - subss xmm1,[r14]
FC_m64.dll+109AB2B3 - F3 41 0F10 44 24 04 - movss xmm0,[r12+04]
FC_m64.dll+109AB2BA - 45 0F57 D2 - xorps xmm10,xmm10
FC_m64.dll+109AB2BE - F3 41 0F5C 46 04 - subss xmm0,[r14+04]
FC_m64.dll+109AB2C4 - 0FB6 D8 - movzx ebx,al
FC_m64.dll+109AB2C7 - 88 44 24 42 - mov [rsp+42],al
FC_m64.dll+109AB2CB - F3 0F11 8D 90000000 - movss [rbp+00000090],xmm1
FC_m64.dll+109AB2D3 - F3 0F59 C9 - mulss xmm1,xmm1
FC_m64.dll+109AB2D7 - F3 0F11 85 94000000 - movss [rbp+00000094],xmm0
FC_m64.dll+109AB2DF - F3 0F59 C0 - mulss xmm0,xmm0
FC_m64.dll+109AB2E3 - F3 0F58 C1 - addss xmm0,xmm1
FC_m64.dll+109AB2E7 - F3 44 0F51 D0 - sqrtss xmm10,xmm0
FC_m64.dll+109AB2EC - E8 EFFBC3F0 - call FC_m64.dll+15EAEE0
FC_m64.dll+109AB2F1 - 48 8D 4C 24 68 - lea rcx,[rsp+68]
FC_m64.dll+109AB2F6 - F3 44 0F10 40 60 - movss xmm8,[rax+60] <-------------- Offset 60 is holding the Max Distance for icon Visibility
FC_m64.dll+109AB2FC - E8 DFFBC3F0 - call FC_m64.dll+15EAEE0
FC_m64.dll+109AB301 - F3 0F10 78 5C - movss xmm7,[rax+5C]
FC_m64.dll+109AB306 - 80 FB 07 - cmp bl,07 { 7 }
FC_m64.dll+109AB309 - 0F85 C9000000 - jne FC_m64.dll+109AB3D8
FC_m64.dll+109AB30F - 48 8B 0D 926851F4 - mov rcx,[FC_m64.dll+4EC1BA8] { (24EC3030) }
FC_m64.dll+109AB316 - 48 89 4D 68 - mov [rbp+68],rcx
FC_m64.dll+109AB31A - 48 85 C9 - test rcx,rcx
Code: Select all
FC_m64.dll+109AC4AF - 44 29 CA - sub edx,r9d
FC_m64.dll+109AC4B2 - 48 8D 4C 24 48 - lea rcx,[rsp+48]
FC_m64.dll+109AC4B7 - 41 89 D0 - mov r8d,edx
FC_m64.dll+109AC4BA - 4C 89 CA - mov rdx,r9
FC_m64.dll+109AC4BD - E8 6E1079EF - call FC_m64.dll+13D530
FC_m64.dll+109AC4C2 - 41 B7 01 - mov r15l,01 { 1 }
FC_m64.dll+109AC4C5 - EB 03 - jmp FC_m64.dll+109AC4CA
FC_m64.dll+109AC4C7 - 45 30 FF - xor r15l,r15l
FC_m64.dll+109AC4CA - 45 84 E4 - test r12l,r12l
FC_m64.dll+109AC4CD - 74 15 - je FC_m64.dll+109AC4E4
FC_m64.dll+109AC4CF - 80 BE A4020000 00 - cmp byte ptr [rsi+000002A4],00 { 0 } <------------ This becomes 1, when you aim on a Icon in the world, each icon that is able to show meters above their symbol is affected by this :)
FC_m64.dll+109AC4D6 - 75 0C - jne FC_m64.dll+109AC4E4
FC_m64.dll+109AC4D8 - 41 0F28 CA - movaps xmm1,xmm10
FC_m64.dll+109AC4DC - 48 89 F1 - mov rcx,rsi
FC_m64.dll+109AC4DF - E8 DCCE90F1 - call FC_m64.dll+22B93C0
FC_m64.dll+109AC4E4 - 80 7D 70 00 - cmp byte ptr [rbp+70],00 { 0 }
FC_m64.dll+109AC4E8 - 74 05 - je FC_m64.dll+109AC4EF
FC_m64.dll+109AC4EA - 45 84 E4 - test r12l,r12l
FC_m64.dll+109AC4ED - 75 08 - jne FC_m64.dll+109AC4F7
FC_m64.dll+109AC4EF - 48 89 F1 - mov rcx,rsi
FC_m64.dll+109AC4F2 - E8 39C18DF1 - call FC_m64.dll+2288630
FC_m64.dll+109AC4F7 - 80 BE CC020000 00 - cmp byte ptr [rsi+000002CC],00 { 0 }
Code: Select all
aobscanmodule(BaseIconAimedOn,FC_m64.dll,80 BE A4 02 00 00 00 75)
...
...
BaseIconAimedOnMem:
mov [_pAimedOnIcon],rsi = Getting Pointer for current aimed Icon
codeBaseIconAimedOn:
cmp byte ptr [rsi+000002A4],00
jmp returnBaseIconAimedOn
Code: Select all
aobscanmodule(_RandomMapIconLocation,FC_m64.dll,F3 41 0F 10 0C 24 48)
...
...
...
TeleToAimedAtIcon:
cmp rsi,[_pAimedOnIcon]
jne codeRandomMapIcon
push rbx
mov rbx,[r12]
mov [_MapIconX],rbx
mov rbx,[r12+04]
mov [_MapIconY],rbx
mov rbx,[r12+08]
mov [_MapIconZ],rbx
pop rbx
codeRandomMapIcon:
movss xmm1,[r12]
jmp returnRandomMapIcon
Code: Select all
FC_m64.dll+ED07185 - 4C 8D 45 B8 - lea r8,[rbp-48]
FC_m64.dll+ED07189 - 31 D2 - xor edx,edx
FC_m64.dll+ED0718B - E8 9081E4F2 - call FC_m64.dll+1B4F320
FC_m64.dll+ED07190 - 45 31 C0 - xor r8d,r8d
FC_m64.dll+ED07193 - 48 8D 4D A0 - lea rcx,[rbp-60]
FC_m64.dll+ED07197 - 41 8D 50 23 - lea edx,[r8+23]
FC_m64.dll+ED0719B - E8 40009BF1 - call FC_m64.dll+6B71E0
FC_m64.dll+ED071A0 - 48 8B 4E 50 - mov rcx,[rsi+50]
FC_m64.dll+ED071A4 - 45 31 C9 - xor r9d,r9d
FC_m64.dll+ED071A7 - 48 89 5C 24 68 - mov [rsp+68],rbx
FC_m64.dll+ED071AC - 48 89 5C 24 70 - mov [rsp+70],rbx
FC_m64.dll+ED071B1 - F3 0F10 91 D4070000 - movss xmm2,[rcx+000007D4] <------------- 7D4 = Welding Torch Range
FC_m64.dll+ED071B9 - 41 8D 51 17 - lea edx,[r9+17]
FC_m64.dll+ED071BD - E8 0EAFD3F2 - call FC_m64.dll+1A420D0
FC_m64.dll+ED071C2 - F3 0F10 5D B8 - movss xmm3,[rbp-48]
FC_m64.dll+ED071C7 - 4C 8D 4C 24 68 - lea r9,[rsp+68]
FC_m64.dll+ED071CC - F3 0F10 4D C0 - movss xmm1,[rbp-40]
FC_m64.dll+ED071D1 - 4C 8D 45 D8 - lea r8,[rbp-28]
FC_m64.dll+ED071D5 - F3 0F10 55 BC - movss xmm2,[rbp-44]
FC_m64.dll+ED071DA - 48 8D 55 E8 - lea rdx,[rbp-18]
FC_m64.dll+ED071DE - F3 0F59 C8 - mulss xmm1,xmm0
FC_m64.dll+ED071E2 - 4C 89 E9 - mov rcx,r13
FC_m64.dll+ED071E5 - C7 44 24 30 0B000000 - mov [rsp+30],0000000B { 11 }
FC_m64.dll+ED071ED - F3 0F59 D8 - mulss xmm3,xmm0
FC_m64.dll+ED071F1 - 4C 89 64 24 28 - mov [rsp+28],r12
FC_m64.dll+ED071F6 - F3 0F59 D0 - mulss xmm2,xmm0
FC_m64.dll+ED071FA - F3 0F11 4D D0 - movss [rbp-30],xmm1
Code: Select all
FC_m64.dll+ED0C281 - FF 90 90000000 - call qword ptr [rax+00000090]
FC_m64.dll+ED0C287 - F3 41 0F10 B7 A4000000 - movss xmm6,[r15+000000A4]
FC_m64.dll+ED0C290 - 0F57 FF - xorps xmm7,xmm7
FC_m64.dll+ED0C293 - 48 8B 4B 50 - mov rcx,[rbx+50]
FC_m64.dll+ED0C297 - F3 41 0F5C B7 A0000000 - subss xmm6,[r15+000000A0] <------------- Here it accessses Weapon Damage Values
FC_m64.dll+ED0C2A0 - E8 5B8A8BF2 - call FC_m64.dll+15C4D00
FC_m64.dll+ED0C2A5 - 48 8D 70 18 - lea rsi,[rax+18]
FC_m64.dll+ED0C2A9 - 48 85 C0 - test rax,rax
Code: Select all
"FC_m64.dll"+EFCC140: 48 8B 57 50 - mov rdx,[rdi+50]
"FC_m64.dll"+EFCC144: 48 8D 8D B0 00 00 00 - lea rcx,[rbp+000000B0]
"FC_m64.dll"+EFCC14B: 48 83 C2 08 - add rdx,08
"FC_m64.dll"+EFCC14F: E8 BC EC B4 F1 - call FC_m64.dll+B1AE10
"FC_m64.dll"+EFCC154: 48 8B 87 E8 00 00 00 - mov rax,[rdi+000000E8]
"FC_m64.dll"+EFCC15B: 48 8D 8D B0 00 00 00 - lea rcx,[rbp+000000B0]
"FC_m64.dll"+EFCC162: 45 31 C0 - xor r8d,r8d
// ---------- INJECTING HERE ----------
"FC_m64.dll"+EFCC165: F3 0F 10 88 18 01 00 00 - movss xmm1,[rax+00000118] <-------------- THIS
// ---------- DONE INJECTING ----------
"FC_m64.dll"+EFCC16D: E8 9E 3F C9 F1 - call FC_m64.dll+C60110
"FC_m64.dll"+EFCC172: F3 41 0F 10 06 - movss xmm0,[r14]
"FC_m64.dll"+EFCC177: 48 8D 8D B0 00 00 00 - lea rcx,[rbp+000000B0]
"FC_m64.dll"+EFCC17E: F3 41 0F 10 4E 04 - movss xmm1,[r14+04]
"FC_m64.dll"+EFCC184: 4C 89 F2 - mov rdx,r14
"FC_m64.dll"+EFCC187: F3 0F 11 85 E0 00 00 00 - movss [rbp+000000E0],xmm0
"FC_m64.dll"+EFCC18F: F3 41 0F 10 46 08 - movss xmm0,[r14+08]
Code: Select all
[ENABLE]
aobscanmodule(_Ethanol,FC_m64.dll,14 4C 8B 00 44 89 EA) // should be unique
alloc(newmem,$1000,FC_m64.dll)
newmem:
code:
mov r8,[rax]
mov edx,r13d
cmp r13d,270f
je ReturnCode
cmp r9,D // Ethanol
jne ReturnCode
mov edx,#9999999
jmp return
ReturnCode:
jmp return
_Ethanol+01:
jmp newmem
nop
return:
registersymbol(_Ethanol)
[DISABLE]
_Ethanol+01:
db 4C 8B 00 44 89 EA
unregistersymbol(_Ethanol)
dealloc(newmem)
Code: Select all
"FC_m64.dll"+BC965D4: 4C 89 F2 - mov rdx,r14
"FC_m64.dll"+BC965D7: 48 89 F1 - mov rcx,rsi
// ---------- INJECTING HERE ----------
"FC_m64.dll"+BC965DA: F3 0F 10 B8 D8 00 00 00 - movss xmm7,[rax+000000D8]
// ---------- DONE INJECTING ----------
"FC_m64.dll"+BC965E2: 0F 28 D7 - movaps xmm2,xmm7
"FC_m64.dll"+BC965E5: F3 0F 59 15 CB A0 4D F8 - mulss xmm2,[FC_m64.dll+41706B8]
I'm really going to have to try this one, it just sounds like good fun to me.xorps wrote: ↑Mon Apr 08, 2019 12:21 amso increase the power of fire and the whole map will burnCode: Select all
"FC_m64.dll"+BC965D4: 4C 89 F2 - mov rdx,r14 "FC_m64.dll"+BC965D7: 48 89 F1 - mov rcx,rsi // ---------- INJECTING HERE ---------- "FC_m64.dll"+BC965DA: F3 0F 10 B8 D8 00 00 00 - movss xmm7,[rax+000000D8] // ---------- DONE INJECTING ---------- "FC_m64.dll"+BC965E2: 0F 28 D7 - movaps xmm2,xmm7 "FC_m64.dll"+BC965E5: F3 0F 59 15 CB A0 4D F8 - mulss xmm2,[FC_m64.dll+41706B8]
Code: Select all
F3 0F 10 * * * * * F3 0F 59 B0 84 05 00 00 41 0F 2F
Code: Select all
"FC_m64.dll"+C74FAD0: 48 85 C0 - test rax,rax
"FC_m64.dll"+C74FAD3: 74 08 - je FC_m64.dll+C74FADD
// ---------- INJECTING HERE ----------
"FC_m64.dll"+C74FAD5: F3 0F 59 B0 E8 02 00 00 - mulss xmm6,[rax+000002E8]
// ---------- DONE INJECTING ----------
"FC_m64.dll"+C74FADD: 48 8B 06 - mov rax,[rsi]
Code: Select all
F3 0F 10 * * * * F3 0F 10 * * 0F 57 C0 0F 2F F0 * * 0F 2F * * * F3 0F 10
Code: Select all
F3 0F 10 91 48 02 00 00 48 89 * 48 89 * 41
Code: Select all
48 * * * * * * * F3 0F * * * * * 48 * * * * * * * * * * 48 8B * * * * * * * * 0F 2F * F3 0F 10 * * * * * * * 48 8B
Code: Select all
8B 80 BC 01 00 00 89 87 * * * * 8B 86 * * * * 89 87
Just bypass Civilian Kill Penalty. I already posted it here.
Howdid you made, that all Enemys become their arrow above the head, like you aimed on them. The One i have made, works for some enemys, but not all. They will be shown on the compass Would be cool if you can give some infos.
Code: Select all
48 8B 51 10 F3 0F 10 82 60 09 00 00
Code: Select all
48 8B 41 10 F3 0F 10 80 70 09 00 * C3
Code: Select all
define(address,"FC_m64.dll"+116407F1)
define(bytes,E8 2A AC C8 F0)
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000,"FC_m64.dll"+116407F1)
label(code)
label(return)
newmem:
code:
call FC_m64.dll+22CB420
jmp return
address:
jmp newmem
return:
[DISABLE]
address:
db bytes
// call FC_m64.dll+22CB420
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "FC_m64.dll"+116407F1
"FC_m64.dll"+116407CD: 48 89 F1 - mov rcx,rsi
"FC_m64.dll"+116407D0: E8 DB B9 C8 F0 - call FC_m64.dll+22CC1B0
"FC_m64.dll"+116407D5: 4D 89 F0 - mov r8,r14
"FC_m64.dll"+116407D8: 0F 28 CE - movaps xmm1,xmm6
"FC_m64.dll"+116407DB: 48 89 F1 - mov rcx,rsi
"FC_m64.dll"+116407DE: E8 3D 1C C9 F0 - call FC_m64.dll+22D2420
"FC_m64.dll"+116407E3: 48 89 F1 - mov rcx,rsi
"FC_m64.dll"+116407E6: E8 C5 B8 C8 F0 - call FC_m64.dll+22CC0B0
"FC_m64.dll"+116407EB: 0F 28 CE - movaps xmm1,xmm6
"FC_m64.dll"+116407EE: 48 89 F1 - mov rcx,rsi
// ---------- INJECTING HERE ----------
"FC_m64.dll"+116407F1: E8 2A AC C8 F0 - call FC_m64.dll+22CB420
// ---------- DONE INJECTING ----------
"FC_m64.dll"+116407F6: E9 46 FF FF FF - jmp FC_m64.dll+11640741
"FC_m64.dll"+116407FB: 48 8B 4E 18 - mov rcx,[rsi+18]
"FC_m64.dll"+116407FF: 31 D2 - xor edx,edx
"FC_m64.dll"+11640801: 48 8B 01 - mov rax,[rcx]
"FC_m64.dll"+11640804: FF 90 B8 00 00 00 - call qword ptr [rax+000000B8]
"FC_m64.dll"+1164080A: E9 37 FF FF FF - jmp FC_m64.dll+11640746
"FC_m64.dll"+1164080F: CC - int 3
"FC_m64.dll"+11640810: 4C 8B 3C 24 - mov r15,[rsp]
"FC_m64.dll"+11640814: 48 83 C4 08 - add rsp,08
"FC_m64.dll"+11640818: 48 8B 34 24 - mov rsi,[rsp]
}
Code: Select all
movzx eax,byte ptr [rcx+000002B0]
Code: Select all
[ENABLE]
aobscanmodule(Hook,FC_m64.dll,48 83 EC * 0F B6 81 B0 02 00 00 * * * * * * * * * * * F3 0F 10)
Hook+04:
db 31 C0 90 90 90 90 90
registersymbol(Hook)
[DISABLE]
Hook+04:
db 0F B6 81 B0 02 00 00
unregistersymbol(Hook)
Code: Select all
[ENABLE]
aobscanmodule(Hook,FC_m64.dll,48 83 EC * 0F B6 81 B0 02 00 00 * * * * * * * * * * * F3 0F 10)
Hook+04:
db 31 C0 90 90 90 90 90
registersymbol(Hook)
[DISABLE]
Hook+04:
db 0F B6 81 B0 02 00 00
unregistersymbol(Hook)
Code: Select all
[ENABLE]
aobscanmodule(_Hack_,FC_m64.dll,48 8B 41 10 F3 0F 10 80 70 09 00 00 C3)
alloc(_Hackmem_,$1000,_Hack_)
label(_Hack_back)
_Hackmem_:
mov [rax+00000970],(float)1
movss xmm0,[rax+00000970]
jmp _Hack_back
_Hack_+04:
jmp _Hackmem_
db 90 90 90
_Hack_back:
registersymbol(_Hack_)
[DISABLE]
_Hack_+04:
db F3 0F 10 80 70 09 00 00
unregistersymbol(_Hack_)
dealloc(_Hackmem_)
Code: Select all
[ENABLE]
aobscanmodule(_Hacke_,FC_m64.dll,F3 0F 10 86 60 03 00 00)
alloc(_Hacke_mem,$1000,_Hacke_)
label(_Hacke_back)
_Hacke_mem:
mov [rsi+00000360],(float)50
movss xmm0,[rsi+00000360]
jmp _Hacke_back
_Hacke_:
jmp _Hacke_mem
db 90 90 90
_Hacke_back:
registersymbol(_Hacke_)
[DISABLE]
_Hacke_:
db F3 0F 10 86 60 03 00 00
unregistersymbol(_Hacke_)
dealloc(_Hacke_mem)
Code: Select all
aobscanmodule(_ShowEnemyOnCompass,FC_m64.dll,0F B6 80 5B 01 00 00)
aobscanmodule(_ShowEnemysOnCompass2,FC_m64.dll,44 0F B6 B8 59 01 00 00)
Code: Select all
CompassMem:
cmp byte ptr [_enableShowEnemysOnCompass],1
jne codeCompass
//mov byte ptr [rax+00000280],#1
mov byte ptr [rax+00000169],#1
mov byte ptr [rax+00000159],#1
mov byte ptr [rax+0000030b],#0
mov [rax+0000035C],(float)0.05
mov [rax+00000360],(float)0.05
codeCompass:
movzx eax,byte ptr [rax+0000015B]
jmp returnCompass
ShowEnemysOnCompass2Mem:
cmp [_enableShowEnemysOnCompass],1
jne codeShowEnemysOnCompass2
mov byte ptr [rax+00000169],#1
mov byte ptr [rax+00000159],#1
mov byte ptr [rax+0000030b],#0
mov [rax+0000035C],(float)0.05
mov [rax+00000360],(float)0.05
codeShowEnemysOnCompass2:
movzx r15d,byte ptr [rax+00000159]
jmp returnShowEnemysOnCompass2