Re: Crackdown 3 [Engine:UE4] - Console enabler, commands and more..
Posted: Sat Feb 23, 2019 7:49 pm
Heeeeeereee we gooooo
Community Cheat Tables of Cheat Engine
https://fearlessrevolution.com/
Code: Select all
Crackdown3.exe+223D98C - 49 8B D7 - mov rdx,r15
Crackdown3.exe+223D98F - 83 7D D7 00 - cmp dword ptr [rbp-29],00
Crackdown3.exe+223D993 - 48 0F45 55 CF - cmovne rdx,[rbp-31]
Crackdown3.exe+223D998 - 41 B8 00000009 - mov r8d,09000000
Crackdown3.exe+223D99E - FF 50 68 - call qword ptr [rax+68] <-- enter this
Code: Select all
Crackdown3.exe+22426D0 - 48 89 5C 24 10 - mov [rsp+10],rbx
Crackdown3.exe+22426D5 - 48 89 6C 24 18 - mov [rsp+18],rbp
Crackdown3.exe+22426DA - 57 - push rdi
Crackdown3.exe+22426DB - 48 83 EC 20 - sub rsp,20
Crackdown3.exe+22426DF - 48 8B EA - mov rbp,rdx
Crackdown3.exe+22426E2 - 41 8B F8 - mov edi,r8d
Crackdown3.exe+22426E5 - 41 8B D0 - mov edx,r8d
Crackdown3.exe+22426E8 - 48 8B D9 - mov rbx,rcx
Crackdown3.exe+22426EB - E8 50E9FEFF - call Crackdown3.exe+2231040
Crackdown3.exe+22426F0 - 84 C0 - test al,al
Crackdown3.exe+22426F2 - 74 3F - je Crackdown3.exe+2242733
Crackdown3.exe+22426F4 - 48 8B CD - mov rcx,rbp
Crackdown3.exe+22426F7 - 48 89 74 24 30 - mov [rsp+30],rsi
Crackdown3.exe+22426FC - FF 15 12AB3505 - call qword ptr [Crackdown3.exe+759D214]
Crackdown3.exe+2242702 - 8B D7 - mov edx,edi
Crackdown3.exe+2242704 - 48 8B CB - mov rcx,rbx
Crackdown3.exe+2242707 - 89 43 70 - mov [rbx+70],eax
Crackdown3.exe+224270A - E8 31E9FEFF - call Crackdown3.exe+2231040
Crackdown3.exe+224270F - 84 C0 - test al,al
Crackdown3.exe+2242711 - 74 1B - je Crackdown3.exe+224272E
Crackdown3.exe+2242713 - 44 8B 43 18 - mov r8d,[rbx+18]
Crackdown3.exe+2242717 - 48 8D 53 70 - lea rdx,[rbx+70]
Crackdown3.exe+224271B - 48 8B 4B 68 - mov rcx,[rbx+68]
Crackdown3.exe+224271F - E8 1C8CFEFF - call Crackdown3.exe+222B340 <-- enter this
Crackdown3.exe+2242724 - 8B D7 - mov edx,edi
Crackdown3.exe+2242726 - 48 8B CB - mov rcx,rbx
Crackdown3.exe+2242729 - E8 928EFFFF - call Crackdown3.exe+223B5C0
Crackdown3.exe+224272E - 48 8B 74 24 30 - mov rsi,[rsp+30]
Crackdown3.exe+2242733 - 48 8B 5C 24 38 - mov rbx,[rsp+38]
Crackdown3.exe+2242738 - 48 8B 6C 24 40 - mov rbp,[rsp+40]
Crackdown3.exe+224273D - 48 83 C4 20 - add rsp,20
Crackdown3.exe+2242741 - 5F - pop rdi
Crackdown3.exe+2242742 - C3 - ret
Code: Select all
Crackdown3.exe+222B340 - 48 89 5C 24 08 - mov [rsp+08],rbx
Crackdown3.exe+222B345 - 48 89 6C 24 10 - mov [rsp+10],rbp
Crackdown3.exe+222B34A - 48 89 74 24 18 - mov [rsp+18],rsi
Crackdown3.exe+222B34F - 57 - push rdi
Crackdown3.exe+222B350 - 48 83 EC 20 - sub rsp,20
Crackdown3.exe+222B354 - 48 8B 1D A580B804 - mov rbx,[Crackdown3.exe+6DB3400]
Crackdown3.exe+222B35B - 41 8B E8 - mov ebp,r8d
Crackdown3.exe+222B35E - 48 8B FA - mov rdi,rdx
Crackdown3.exe+222B361 - 48 8B F1 - mov rsi,rcx
Crackdown3.exe+222B364 - 48 85 DB - test rbx,rbx
Crackdown3.exe+222B367 - 75 0C - jne Crackdown3.exe+222B375
Crackdown3.exe+222B369 - E8 627F0100 - call Crackdown3.exe+22432D0
Crackdown3.exe+222B36E - 48 8B 1D 8B80B804 - mov rbx,[Crackdown3.exe+6DB3400]
Crackdown3.exe+222B375 - 80 3D C697B904 00 - cmp byte ptr [Crackdown3.exe+6DC4B42],00
Crackdown3.exe+222B37C - 74 17 - je Crackdown3.exe+222B395
Crackdown3.exe+222B37E - FF 15 481B3705 - call qword ptr [Crackdown3.exe+759CECC]
Crackdown3.exe+222B384 - 3B 05 BA97B904 - cmp eax,[Crackdown3.exe+6DC4B44]
Crackdown3.exe+222B38A - 75 2D - jne Crackdown3.exe+222B3B9
Crackdown3.exe+222B38C - 83 3D 2191B804 00 - cmp dword ptr [Crackdown3.exe+6DB44B4],00
Crackdown3.exe+222B393 - 75 24 - jne Crackdown3.exe+222B3B9
Crackdown3.exe+222B395 - 40 F6 C5 20 - test bpl,20
Crackdown3.exe+222B399 - 74 1A - je Crackdown3.exe+222B3B5
Crackdown3.exe+222B39B - 48 8B 8B 80000000 - mov rcx,[rbx+00000080]
Crackdown3.exe+222B3A2 - 48 85 C9 - test rcx,rcx
Crackdown3.exe+222B3A5 - 74 0E - je Crackdown3.exe+222B3B5
Crackdown3.exe+222B3A7 - 48 8B 01 - mov rax,[rcx]
Crackdown3.exe+222B3AA - 48 8B D6 - mov rdx,rsi
Crackdown3.exe+222B3AD - 44 8B 07 - mov r8d,[rdi]
Crackdown3.exe+222B3B0 - FF 50 18 - call qword ptr [rax+18]
Crackdown3.exe+222B3B3 - EB 04 - jmp Crackdown3.exe+222B3B9
Crackdown3.exe+222B3B5 - 8B 07 - mov eax,[rdi]
Crackdown3.exe+222B3B7 - 89 06 - mov [rsi],eax <-- this is where the CVar is set
Crackdown3.exe+222B3B9 - 48 8B 6C 24 38 - mov rbp,[rsp+38]
Crackdown3.exe+222B3BE - 48 8B 74 24 40 - mov rsi,[rsp+40]
Crackdown3.exe+222B3C3 - C6 83 8C000000 01 - mov byte ptr [rbx+0000008C],01
Crackdown3.exe+222B3CA - 48 8B 5C 24 30 - mov rbx,[rsp+30]
Crackdown3.exe+222B3CF - 48 83 C4 20 - add rsp,20
Crackdown3.exe+222B3D3 - 5F - pop rdi
Crackdown3.exe+222B3D4 - C3 - ret
Code: Select all
Crackdown3.exe+222B3B5 - 8B 07 - mov eax,[rdi]
Crackdown3.exe+222B3B7 - 89 06 - mov [rsi],eax
Code: Select all
Crackdown3.exe+223D45D - 48 0F45 55 DF - cmovne rdx,[rbp-21]
Crackdown3.exe+223D462 - 48 8B 07 - mov rax,[rdi]
Crackdown3.exe+223D465 - 48 8B CF - mov rcx,rdi
Crackdown3.exe+223D468 - FF 90 90000000 - call qword ptr [rax+00000090]
Crackdown3.exe+223D46E - 48 8B D8 - mov rbx,rax
Code: Select all
Crackdown3.exe+CCCD20 - 40 53 - push rbx
Crackdown3.exe+CCCD22 - 48 83 EC 20 - sub rsp,20
Crackdown3.exe+CCCD26 - 83 3D 1B8BC305 01 - cmp dword ptr [Crackdown3.exe+6905848],01 <-- hello!
Crackdown3.exe+CCCD2D - 48 8B D9 - mov rbx,rcx
Crackdown3.exe+CCCD30 - 0F84 8D000000 - je Crackdown3.exe+CCCDC3
Crackdown3.exe+CCCD36 - 48 8B 89 58330000 - mov rcx,[rcx+00003358]
Crackdown3.exe+CCCD3D - 48 85 C9 - test rcx,rcx
Crackdown3.exe+CCCD40 - 74 09 - je Crackdown3.exe+CCCD4B
Crackdown3.exe+CCCD42 - F6 81 82000000 40 - test byte ptr [rcx+00000082],40 <-- set by "god" command
Crackdown3.exe+CCCD49 - 74 78 - je Crackdown3.exe+CCCDC3
Crackdown3.exe+CCCD4B - 48 63 83 D0150000 - movsxd rax,dword ptr [rbx+000015D0]
Crackdown3.exe+CCCD52 - 48 8B 94 C3 C0130000 - mov rdx,[rbx+rax*8+000013C0]
Crackdown3.exe+CCCD5A - 48 85 D2 - test rdx,rdx
Crackdown3.exe+CCCD5D - 74 2C - je Crackdown3.exe+CCCD8B
Crackdown3.exe+CCCD5F - F7 42 3C 00010000 - test [rdx+3C],0100
Crackdown3.exe+CCCD66 - 74 0D - je Crackdown3.exe+CCCD75
Crackdown3.exe+CCCD68 - 8B 83 58110000 - mov eax,[rbx+00001158]
Crackdown3.exe+CCCD6E - C1 E8 0B - shr eax,0B
Crackdown3.exe+CCCD71 - A8 01 - test al,01
Crackdown3.exe+CCCD73 - 74 4E - je Crackdown3.exe+CCCDC3
Crackdown3.exe+CCCD75 - F7 42 40 00020000 - test [rdx+40],0200
Crackdown3.exe+CCCD7C - 74 0D - je Crackdown3.exe+CCCD8B
Crackdown3.exe+CCCD7E - 8B 83 58110000 - mov eax,[rbx+00001158]
Crackdown3.exe+CCCD84 - C1 E8 0B - shr eax,0B
Crackdown3.exe+CCCD87 - A8 01 - test al,01
Crackdown3.exe+CCCD89 - 74 38 - je Crackdown3.exe+CCCDC3
Crackdown3.exe+CCCD8B - 48 85 C9 - test rcx,rcx
Crackdown3.exe+CCCD8E - 74 22 - je Crackdown3.exe+CCCDB2
Crackdown3.exe+CCCD90 - 48 8B 89 58040000 - mov rcx,[rcx+00000458]
Crackdown3.exe+CCCD97 - 48 85 C9 - test rcx,rcx
Crackdown3.exe+CCCD9A - 74 16 - je Crackdown3.exe+CCCDB2
Crackdown3.exe+CCCD9C - E8 DF6B5B00 - call Crackdown3.exe+1283980
Crackdown3.exe+CCCDA1 - 84 C0 - test al,al
Crackdown3.exe+CCCDA3 - 74 0D - je Crackdown3.exe+CCCDB2
Crackdown3.exe+CCCDA5 - 8B 83 58110000 - mov eax,[rbx+00001158]
Crackdown3.exe+CCCDAB - C1 E8 0B - shr eax,0B
Crackdown3.exe+CCCDAE - A8 01 - test al,01
Crackdown3.exe+CCCDB0 - 74 11 - je Crackdown3.exe+CCCDC3
Crackdown3.exe+CCCDB2 - 80 BB AC460000 00 - cmp byte ptr [rbx+000046AC],00
Crackdown3.exe+CCCDB9 - 75 08 - jne Crackdown3.exe+CCCDC3
Crackdown3.exe+CCCDBB - B0 01 - mov al,01
Crackdown3.exe+CCCDBD - 48 83 C4 20 - add rsp,20
Crackdown3.exe+CCCDC1 - 5B - pop rbx
Crackdown3.exe+CCCDC2 - C3 - ret
Crackdown3.exe+CCCDC3 - 32 C0 - xor al,al
Crackdown3.exe+CCCDC5 - 48 83 C4 20 - add rsp,20
Crackdown3.exe+CCCDC9 - 5B - pop rbx
Crackdown3.exe+CCCDCA - C3 - ret
Code: Select all
Crackdown3.exe+1716CE0 - 48 89 5C 24 08 - mov [rsp+08],rbx
Crackdown3.exe+1716CE5 - 57 - push rdi
Crackdown3.exe+1716CE6 - 48 83 EC 20 - sub rsp,20
Crackdown3.exe+1716CEA - 80 B9 41020000 00 - cmp byte ptr [rcx+00000241],00 <-- flip bool ;)
Crackdown3.exe+1716CF1 - 48 8B D9 - mov rbx,rcx
Crackdown3.exe+1716CF4 - 48 63 81 24010000 - movsxd rax,dword ptr [rcx+00000124]
Crackdown3.exe+1716CFB - 48 8B BC C1 08010000 - mov rdi,[rcx+rax*8+00000108]
Crackdown3.exe+1716D03 - 75 0C - jne Crackdown3.exe+1716D11
Crackdown3.exe+1716D05 - 29 91 98000000 - sub [rcx+00000098],edx
Crackdown3.exe+1716D0B - 29 91 90000000 - sub [rcx+00000090],edx <-- ammo sub
Crackdown3.exe+1716D11 - B2 01 - mov dl,01
Crackdown3.exe+1716D13 - E8 5838FFFF - call Crackdown3.exe+170A570
Crackdown3.exe+1716D18 - 83 BB 90000000 00 - cmp dword ptr [rbx+00000090],00
Crackdown3.exe+1716D1F - 7F 58 - jg Crackdown3.exe+1716D79
Crackdown3.exe+1716D21 - 83 BB 98000000 00 - cmp dword ptr [rbx+00000098],00
Crackdown3.exe+1716D28 - 7E 4F - jle Crackdown3.exe+1716D79
Crackdown3.exe+1716D2A - 83 BB 9C000000 04 - cmp dword ptr [rbx+0000009C],04
Crackdown3.exe+1716D31 - 74 46 - je Crackdown3.exe+1716D79
Crackdown3.exe+1716D33 - 48 8B 47 10 - mov rax,[rdi+10]
Crackdown3.exe+1716D37 - 48 85 C0 - test rax,rax
Crackdown3.exe+1716D3A - 74 2C - je Crackdown3.exe+1716D68
Crackdown3.exe+1716D3C - 80 78 28 00 - cmp byte ptr [rax+28],00
Crackdown3.exe+1716D40 - 74 26 - je Crackdown3.exe+1716D68
Crackdown3.exe+1716D42 - 48 8B 03 - mov rax,[rbx]
Crackdown3.exe+1716D45 - 45 33 C9 - xor r9d,r9d
Crackdown3.exe+1716D48 - 0F57 D2 - xorps xmm2,xmm2
Crackdown3.exe+1716D4B - 33 D2 - xor edx,edx
Crackdown3.exe+1716D4D - 48 8B CB - mov rcx,rbx
Crackdown3.exe+1716D50 - FF 90 08020000 - call qword ptr [rax+00000208]
Crackdown3.exe+1716D56 - C6 83 30020000 01 - mov byte ptr [rbx+00000230],01
Crackdown3.exe+1716D5D - 48 8B 5C 24 30 - mov rbx,[rsp+30]
Crackdown3.exe+1716D62 - 48 83 C4 20 - add rsp,20
Crackdown3.exe+1716D66 - 5F - pop rdi
Crackdown3.exe+1716D67 - C3 - ret
Crackdown3.exe+1716D68 - 33 D2 - xor edx,edx
Crackdown3.exe+1716D6A - 48 8B CB - mov rcx,rbx
Crackdown3.exe+1716D6D - E8 DED9FFFF - call Crackdown3.exe+1714750
Crackdown3.exe+1716D72 - C6 83 30020000 01 - mov byte ptr [rbx+00000230],01
Crackdown3.exe+1716D79 - 48 8B 5C 24 30 - mov rbx,[rsp+30]
Crackdown3.exe+1716D7E - 48 83 C4 20 - add rsp,20
Crackdown3.exe+1716D82 - 5F - pop rdi
Crackdown3.exe+1716D83 - C3 - ret
Code: Select all
Crackdown3.exe+170B2C7 - 66 C7 81 36020000 0000 - mov word ptr [rcx+00000236],0000
Crackdown3.exe+170B2D0 - 0F94 C0 - sete al
Crackdown3.exe+170B2D3 - C6 81 41020000 00 - mov byte ptr [rcx+00000241],00 <-- here
Crackdown3.exe+170B2DA - 88 81 50010000 - mov [rcx+00000150],al
Crackdown3.exe+170B2E0 - 48 63 81 24010000 - movsxd rax,dword ptr [rcx+00000124]
Yep, take a good 10-15 minutes for the scanners to hit.SunBeam wrote: ↑Sun Feb 24, 2019 4:29 amApart from that, I haven't encountered a single crash due to change of executable code. No idea if those scanners are set across whole memory map or just some hunted regions Setting that byte to 0x1 @ Crackdown3.exe+170B2D3+6 gives you unlimited clip ammo; and no crash Official game, not CODEX.
EDIT: Oh, spoke too soon
And the first two menu options get grayed out. Like Caliber said in another post (viewtopic.php?p=79381#p79381), there are several integrity checks that can be patched out.