Metal Gear Solid V - ohk

Memory scanning, code injection, debugger internals and other gamemodding related discussion
Post Reply
User avatar
Kalas
Expert Cheater
Expert Cheater
Posts: 155
Joined: Fri Mar 03, 2017 9:49 am
Reputation: 11

Metal Gear Solid V - ohk

Post by Kalas » Fri Mar 03, 2017 11:38 pm

This is an AOB Injection Code for Health:

Code: Select all

[ENABLE]

aobscanmodule(aobohk,mgsvtpp.exe,F3 41 0F 11 16 * * * * C8)
alloc(newmem,$100,"mgsvtpp.exe"+4124F14)

label(code)
label(return)

newmem:
cmp [r14+28],1
jne code
movss [r14],xmm3 // Player Health Cap
jmp return

code:
  movss [r14],xmm2
  jmp return

aobohk:
  jmp newmem
return:
registersymbol(aobohk)

[DISABLE]

aobohk:
  db F3 41 0F 11 16

unregistersymbol(aobohk)
dealloc(newmem)

The issue is that the Health is not shared with Enemy therefor I can't know which Offset and Value is group different, I could just "Try" I guess:

But let's say I did find out that an Offset of 28 and Value of 0 is the Enemy, could I do that:

Code: Select all

[ENABLE]

aobscanmodule(aobohk,mgsvtpp.exe,F3 41 0F 11 16 * * * * C8)
alloc(newmem,$100,"mgsvtpp.exe"+4124F14)

label(code)
label(ohk)
label(return)

newmem:

ohk:
cmp [r14+28],0
jne code
xorps xmm2,xmm2
jmp return

code:
  movss [r14],xmm2
  jmp return

aobohk:
  jmp newmem
return:
registersymbol(aobohk)

[DISABLE]

aobohk:
  db F3 41 0F 11 16

unregistersymbol(aobohk)
dealloc(newmem)
Is that correct?, assuming someone knows and have tried ohk before on this game

User avatar
Kalas
Expert Cheater
Expert Cheater
Posts: 155
Joined: Fri Mar 03, 2017 9:49 am
Reputation: 11

Re: Metal Gear Solid V - ohk

Post by Kalas » Fri Mar 03, 2017 11:42 pm

How exactly can I do ohk without being able to find Enemy Address?

PS: I found out that Offset of 60 and Value of 1 Is me and value of 0 Is enemy so OHK And Health is working perfectly, It just wont activate both in the same time It wont work for me.
Last edited by Kalas on Fri Mar 03, 2017 11:46 pm, edited 1 time in total.

User avatar
Kalas
Expert Cheater
Expert Cheater
Posts: 155
Joined: Fri Mar 03, 2017 9:49 am
Reputation: 11

Re: Metal Gear Solid V - ohk

Post by Kalas » Fri Mar 03, 2017 11:46 pm

Why only one of the scripts Activate when the other is off, I can't activate both at the same time, Is it because of my Array of Bytes?

How exactly do I fix it, Memory Viewer Is opened on the Heath Instruction - xmm3 changed to xmm2 my bad.
Attachments

[The extension png has been deactivated and can no longer be displayed.]


User avatar
TheyCallMeTim13
Cheater
Cheater
Posts: 31
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 1

Re: Metal Gear Solid V - ohk

Post by TheyCallMeTim13 » Fri Mar 03, 2017 11:51 pm

If the offset is 0x28 and the value is 0 for the actors you wish to manipulate, then yes that should work.
but the size must be 4 bytes. And most check flags will 1 or 2 bytes (most of the time).

If not 4 bytes then use some thing like this for your compare:

Code: Select all

cmp byte ptr [r14+28],0 // 1 bytes
Or:

Code: Select all

cmp word ptr [r14+28],0 // 2 bytes
But I'm not sure what your doing with xorps on heath.
xorps will effect all of the xmm? registry. But haven't seen the code to know whats going on there.
Code Happy, Code Freely, Be Awesome.

User avatar
TheyCallMeTim13
Cheater
Cheater
Posts: 31
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 1

Re: Metal Gear Solid V - ohk

Post by TheyCallMeTim13 » Fri Mar 03, 2017 11:54 pm

You are trying to inject to the same AOB 2 times so the 2nd fails because it can't find that AOB.
You will need to write a single script that makes use of flags to enable or disable the different aspects of the hook.
i.e.: 1 flag for infinite health and another flag for OHK.
Code Happy, Code Freely, Be Awesome.

User avatar
Kalas
Expert Cheater
Expert Cheater
Posts: 155
Joined: Fri Mar 03, 2017 9:49 am
Reputation: 11

Re: Metal Gear Solid V - ohk

Post by Kalas » Fri Mar 03, 2017 11:56 pm

TheyCallMeTim13 wrote:
Fri Mar 03, 2017 11:54 pm
You are trying to inject to the same AOB 2 times so the 2nd fails because it can't find that AOB.
You will need to write a single script that makes use of flags to enable or disable the different aspects of the hook.
i.e.: 1 flag for infinite health and another flag for OHK.
Oh that's what I was trying to get away from, thank you though

User avatar
TheyCallMeTim13
Cheater
Cheater
Posts: 31
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 1

Re: Metal Gear Solid V - ohk

Post by TheyCallMeTim13 » Sat Mar 04, 2017 12:01 am

It depends on the specifics but you may be able to move HOK or Health hook up or down an instruction and have both one instruction off from each other (if there is the room for it), but the AOBs and the location of the code that needs to be hooked can prevent this. Shifting the AOBs and using offsets can help.

But I would go with flags.
Code Happy, Code Freely, Be Awesome.

User avatar
Kalas
Expert Cheater
Expert Cheater
Posts: 155
Joined: Fri Mar 03, 2017 9:49 am
Reputation: 11

Re: Metal Gear Solid V - ohk

Post by Kalas » Sat Mar 04, 2017 12:09 am

TheyCallMeTim13 wrote:
Sat Mar 04, 2017 12:01 am
It depends on the specifics but you may be able to move HOK or Health hook up or down an instruction and have both one instruction off from each other (if there is the room for it), but the AOBs and the location of the code that needs to be hooked can prevent this. Shifting the AOBs and using offsets can help.

But I would go with flags.
Even if I want to, It's not possible because It's not shared and I can't find Address of Enemy and cmp, because Offset 28 Is not the right one and if I would have to guess It could take weeks with the amount of values there are in dissect, how exactly Is that possible to do? I mean find Enemy Health is not simple he dies after 2-3 shots and I can't find it via unknown value etc..

User avatar
Kalas
Expert Cheater
Expert Cheater
Posts: 155
Joined: Fri Mar 03, 2017 9:49 am
Reputation: 11

Re: Metal Gear Solid V - ohk

Post by Kalas » Sat Mar 04, 2017 12:09 am

This is the one with the flags:

Code: Select all

[ENABLE]

aobscanmodule(aobHealth,mgsvtpp.exe,F3 41 0F 11 16 * * * * C8)
alloc(newmem,$100,"mgsvtpp.exe"+4124F14)

label(code)
label(instakill)
label(return)
label(ohk)
registersymbol(ohk)

newmem:
  cmp [r14+28],1
  jne code
  movss [r14],xmm3
  jmp return

instakill:
  cmp [r14+28],0
  jne code
  mov [r14],(float)0
  jmp return

ohk:
  dd 0

code:
  cmp [ohk],1
  je instakill
  movss [r14],xmm2 // XMM3 Stores Player Cap.
  jmp return

aobHealth:
  jmp newmem
return:
registersymbol(aobHealth)

[DISABLE]

aobHealth:
  db F3 41 0F 11 16

unregistersymbol(aobHealth)
unregistersymbol(ohk)
dealloc(newmem)
But again the offset and values are not right, but that's pretty much how you would write it with flag?

User avatar
TheyCallMeTim13
Cheater
Cheater
Posts: 31
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 1

Re: Metal Gear Solid V - ohk

Post by TheyCallMeTim13 » Sat Mar 04, 2017 12:35 am

I would keep digging, ether at some base point or before or after that code my be where the combatants health is manipulated.
If at a base point then find the player health base address and see what accesses that or it's base. but there is usually some shared part of the function before it knows who the actor is, but it can be in a separate function as well.

You could look in to Ultimap (memory view >> tools >> Ultimap) but i have not had much luck with this my self, but those that do tend to swear by it. But it requires DBVM, there is Ultimap 2 but it requires some instruction set that older processor don't tend to have (so I've never even tried this one but it's supposed to work better then the first).
Code Happy, Code Freely, Be Awesome.

User avatar
Kalas
Expert Cheater
Expert Cheater
Posts: 155
Joined: Fri Mar 03, 2017 9:49 am
Reputation: 11

Re: Metal Gear Solid V - ohk

Post by Kalas » Sat Mar 04, 2017 12:15 pm

TheyCallMeTim13 wrote:
Sat Mar 04, 2017 12:35 am
I would keep digging, ether at some base point or before or after that code my be where the combatants health is manipulated.
If at a base point then find the player health base address and see what accesses that or it's base. but there is usually some shared part of the function before it knows who the actor is, but it can be in a separate function as well.

You could look in to Ultimap (memory view >> tools >> Ultimap) but i have not had much luck with this my self, but those that do tend to swear by it. But it requires DBVM, there is Ultimap 2 but it requires some instruction set that older processor don't tend to have (so I've never even tried this one but it's supposed to work better then the first).
Oh ok thank you :)

Post Reply

Who is online

Users browsing this forum: No registered users