Anyway, i found the function that control animals type of movement:
Code: Select all
[ENABLE]
aobscanmodule(animalBehavior,theHunterCotW_F.exe,44 88 A7 01 28 00 00) // should be unique
alloc(newmem,$1000,"theHunterCotW_F.exe"+3C3602)
label(code)
label(return)
newmem:
code:
mov [rdi+00002801],0
//mov [rdi+00002801],r12l
jmp return
animalBehavior:
jmp newmem
nop
nop
return:
registersymbol(animalBehavior)
[DISABLE]
animalBehavior:
db 44 88 A7 01 28 00 00
unregistersymbol(animalBehavior)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "theHunterCotW_F.exe"+3C3602
"theHunterCotW_F.exe"+3C35D7: 88 87 29 29 00 00 - mov [rdi+00002929],al
"theHunterCotW_F.exe"+3C35DD: E8 4E A5 02 00 - call theHunterCotW_F.exe+3EDB30
"theHunterCotW_F.exe"+3C35E2: 48 8B 86 70 64 00 00 - mov rax,[rsi+00006470]
"theHunterCotW_F.exe"+3C35E9: 48 8B 88 48 02 00 00 - mov rcx,[rax+00000248]
"theHunterCotW_F.exe"+3C35F0: 48 85 C9 - test rcx,rcx
"theHunterCotW_F.exe"+3C35F3: 74 1B - je theHunterCotW_F.exe+3C3610
"theHunterCotW_F.exe"+3C35F5: 48 8B 01 - mov rax,[rcx]
"theHunterCotW_F.exe"+3C35F8: FF 90 D0 00 00 00 - call qword ptr [rax+000000D0]
"theHunterCotW_F.exe"+3C35FE: 84 C0 - test al,al
"theHunterCotW_F.exe"+3C3600: 74 0E - je theHunterCotW_F.exe+3C3610
// ---------- INJECTING HERE ----------
"theHunterCotW_F.exe"+3C3602: 44 88 A7 01 28 00 00 - mov [rdi+00002801],r12l
// ---------- DONE INJECTING ----------
"theHunterCotW_F.exe"+3C3609: C6 87 18 28 00 00 01 - mov byte ptr [rdi+00002818],01
"theHunterCotW_F.exe"+3C3610: 4C 8B B7 E8 27 00 00 - mov r14,[rdi+000027E8]
"theHunterCotW_F.exe"+3C3617: 4D 85 F6 - test r14,r14
"theHunterCotW_F.exe"+3C361A: 74 2B - je theHunterCotW_F.exe+3C3647
"theHunterCotW_F.exe"+3C361C: 49 8B 46 08 - mov rax,[r14+08]
"theHunterCotW_F.exe"+3C3620: 48 63 48 04 - movsxd rcx,dword ptr [rax+04]
"theHunterCotW_F.exe"+3C3624: 4A 8B 5C 31 08 - mov rbx,[rcx+r14+08]
"theHunterCotW_F.exe"+3C3629: E8 72 AA 03 00 - call theHunterCotW_F.exe+3FE0A0
"theHunterCotW_F.exe"+3C362E: 48 8B D0 - mov rdx,rax
"theHunterCotW_F.exe"+3C3631: 49 8B 46 08 - mov rax,[r14+08]
}
Looks like animal behavior system is bit complex in this game. Because another conditions, that can be "drink", "rest", "eat", "migrates" - store somewhere else.
Oh, almost forget. For more easier working with animals, when i try to found any animal values during walking with them - i made another script that turn off spot and "backlight" timer. I think that may be similar for solution from l0wb1t, but why not:
Code: Select all
[ENABLE]
aobscanmodule(unlimSpot,theHunterCotW_F.exe,F3 0F 11 03 0F 2F C7) // should be unique
alloc(newmem,$1000,"theHunterCotW_F.exe"+636E0C)
label(code)
label(return)
newmem:
code:
//movss [rbx],xmm0
comiss xmm0,xmm7
jmp return
unlimSpot:
jmp newmem
nop
nop
return:
registersymbol(unlimSpot)
[DISABLE]
unlimSpot:
db F3 0F 11 03 0F 2F C7
unregistersymbol(unlimSpot)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "theHunterCotW_F.exe"+636E0C
"theHunterCotW_F.exe"+636DE3: 49 8B CE - mov rcx,r14
"theHunterCotW_F.exe"+636DE6: E8 35 80 FA FF - call theHunterCotW_F.exe+5DEE20
"theHunterCotW_F.exe"+636DEB: F3 0F 59 C6 - mulss xmm0,xmm6
"theHunterCotW_F.exe"+636DEF: F3 0F 11 03 - movss [rbx],xmm0
"theHunterCotW_F.exe"+636DF3: 48 8B D3 - mov rdx,rbx
"theHunterCotW_F.exe"+636DF6: 48 8D 4C 24 70 - lea rcx,[rsp+70]
"theHunterCotW_F.exe"+636DFB: E8 80 45 03 00 - call theHunterCotW_F.exe+66B380
"theHunterCotW_F.exe"+636E00: EB 6E - jmp theHunterCotW_F.exe+636E70
"theHunterCotW_F.exe"+636E02: F3 0F 10 03 - movss xmm0,[rbx]
"theHunterCotW_F.exe"+636E06: F3 41 0F 5C 04 24 - subss xmm0,[r12]
// ---------- INJECTING HERE ----------
"theHunterCotW_F.exe"+636E0C: F3 0F 11 03 - movss [rbx],xmm0
"theHunterCotW_F.exe"+636E10: 0F 2F C7 - comiss xmm0,xmm7
// ---------- DONE INJECTING ----------
"theHunterCotW_F.exe"+636E13: 76 14 - jna theHunterCotW_F.exe+636E29
"theHunterCotW_F.exe"+636E15: E8 B6 9B FB FF - call theHunterCotW_F.exe+5F09D0
"theHunterCotW_F.exe"+636E1A: 48 8B D3 - mov rdx,rbx
"theHunterCotW_F.exe"+636E1D: 48 8D 4C 24 70 - lea rcx,[rsp+70]
"theHunterCotW_F.exe"+636E22: E8 59 45 03 00 - call theHunterCotW_F.exe+66B380
"theHunterCotW_F.exe"+636E27: EB 47 - jmp theHunterCotW_F.exe+636E70
"theHunterCotW_F.exe"+636E29: 41 0F 28 D8 - movaps xmm3,xmm8
"theHunterCotW_F.exe"+636E2D: 41 0F 28 D0 - movaps xmm2,xmm8
"theHunterCotW_F.exe"+636E31: 48 8D 55 B0 - lea rdx,[rbp-50]
"theHunterCotW_F.exe"+636E35: E8 F6 42 FB FF - call theHunterCotW_F.exe+5EB130
}
How to use this cheat table?
- Install Cheat Engine
- Double-click the .CT file in order to open it.
- Click the PC icon in Cheat Engine in order to select the game process.
- Keep the list.
- Activate the trainer options by checking boxes or setting values from 0 to 1