Since the game is free for all now I grabbed it for PC so I could finally finish the game... Got it on ps4 but it was pretty meh.
Anyhow, I haven't hacked a game in decades, and never with Cheat Engine, so I started looking at the research points, and I quickly found the address and the call writing to it, but although the game said I had 50 research points it was still zero and I couldn't do anything.
I then downloaded the top script (by STN) and he used the same breakpoint as I'd found. In fact it looked pretty much the same in disassembled view although different addresses.
I updated the script with the new addresses but it doesn't work. Somehow they've changed something around userdata and so far I haven't found where things are stored?
The script below only affects the data written on screen, not the actual research points.
Here's the script from STN for unlimited research points, but with corrected inject address and "ORIGINAL CODE" section. Perhaps someone can continue and find where the actual userdata is stored in mem because this doesn't work at all.
Code: Select all
[ENABLE]
aobscanmodule(Points,Disrupt_64.dll,48 89 47 28 4C 8D 5C 24 50) // should be unique
alloc(newmem,$1000,"Disrupt_64.dll"+F8CD98) // the address in the latest revision, Uplay version.
label(code)
label(return)
newmem:
mov [rdi+28],#99
lea r11,[rsp+50]
jmp return
code:
mov [rdi+28],rax
lea r11,[rsp+50]
jmp return
Points:
jmp newmem
nop
nop
nop
nop
return:
registersymbol(Points)
[DISABLE]
Points:
db 48 89 47 28 4C 8D 5C 24 50
unregistersymbol(Points)
dealloc(newmem)
{
// ORIGINAL CODE, latest release - INJECTION POINT: "Disrupt_64.dll"+F8CD98
"Disrupt_64.dll+F8CD6F - 48 8B CB - mov rcx,rbx
"Disrupt_64.dll+F8CD72 - E8 C1E0FFFF - call Disrupt_64.dll+F8AE38
"Disrupt_64.dll+F8CD77 - 48 8B BB 60050000 - mov rdi,[rbx+00000560]
"Disrupt_64.dll+F8CD7E - 48 85 FF - test rdi,rdi
"Disrupt_64.dll+F8CD81 - 74 19 - je Disrupt_64.dll+F8CD9C
"Disrupt_64.dll+F8CD83 - 48 8B 93 30040000 - mov rdx,[rbx+00000430]
"Disrupt_64.dll+F8CD8A - 48 8B CB - mov rcx,rbx
"Disrupt_64.dll+F8CD8D - 48 8B 52 58 - mov rdx,[rdx+58]
"Disrupt_64.dll+F8CD91 - E8 0ECF0000 - call Disrupt_64.dll+F99CA4
"Disrupt_64.dll+F8CD96 - 8B C0 - mov eax,eax
// ---------- INJECTING HERE ----------
"Disrupt_64.dll+F8CD98 - 48 89 47 28 - mov [rdi+28],rax
"Disrupt_64.dll+F8CD9C - 4C 8D 5C 24 50 - lea r11,[rsp+50]
// ---------- DONE INJECTING ----------
"Disrupt_64.dll+F8CDA1 - 49 8B 5B 30 - mov rbx,[r11+30]
"Disrupt_64.dll+F8CDA5 - 49 8B 6B 38 - mov rbp,[r11+38]
"Disrupt_64.dll+F8CDA9 - 49 8B E3 - mov rsp,r11
"Disrupt_64.dll+F8CDAC - 41 5E - pop r14
"Disrupt_64.dll+F8CDAE - 5F - pop rdi
"Disrupt_64.dll+F8CDAF - 5E - pop rsi
"Disrupt_64.dll+F8CDB0 - C3 - ret
"Disrupt_64.dll+F8CDB1 - CC - int 3
"Disrupt_64.dll+F8CDB2 - CC - int 3
"Disrupt_64.dll+F8CDB3 - CC - int 3
}
If this post breaks any forum rules I'm sorry. I'm new here...
I'm continuing to debug the game and see if I can crack this, but it's been a while since I did anything properly - but Cheat Engine is a damn handy tool for sure!