theHunter™: Call of the Wild

pigeon · Post by **pigeon** » Sat Mar 04, 2017 12:17 pm

In this table you will see Time base address, which is easy to find. As well as money pointer. Around the money address you will find all others like experience, level and so on.

But most interesting for me part of it is weather. I just cant find weather value or timers for changing weather. Looks like timers works here like: it starts from, for example,100 and count down for 20, after reaching that it start to count up to 100 and again. I can find ~1000 addresses that maybe control weather, but experiments with them crash the game or do not have affect.

At least accidentally i found how too turn off clouds. After enabling it - use speedhack with 100x speed and after few seconds there is will be no clouds (maybe someone can make better solution?). But rain still will happen time by time.

Updated:
Accidentally found addresses for wind, fog and image temperature. But addresses works somehow tricky and there is separate addresses for all of it. Here is comparison: http://imgur.com/a/zkOFk
And i bit scared that i can not to found this values again after game update

Also added scripts for infinite ammo (made it just for learn scripts little bit more) and heartrate value, which can be freeze and you can infinite holding shift during aiming.

"noeffects" script is just freeze chaging values from "Wind.1" to "Img.Temperature". Maybe will be usefull if someone will try to find how to control rain or with you no need to freeze existing weather effects and value will be stable.
Updated for 1.3 version

Shona · Post by **Shona** » Tue Mar 14, 2017 4:22 pm

Heartrate isn't working for me, it shows only "0" :/
NoClouds is also broken

You can also ask SunBeam for help because he made a table before, but the table is no working anymore ->

Would be cool if you can find some of these, like the Visibility or Noise because i can't figure out how he found them

EDIT: Credits to Sunbeam

Hello folks.

Table's been requested, liked the game, so here we go. For the moment, there's only one script (I fiddled more with findings options, rather than conceiving the scripts). You can modify more in the [Debug] section.

I'll post updates once I progress.

BR,
Sun

Post by **RaDeX** » Wed Mar 15, 2017 8:10 am

Just Copy and Paste into cheatengine

Infinite Ammo

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>2</ID>
      <Description>"Infinite Ammo"</Description>
      <LastState Activated="1"/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>// Game   : theHunterCotW_F.exe
// Version:
// Date   :
// Author : RaDeX
[ENABLE]
aobscanmodule(aob_ammo,theHunterCotW_F.exe,41 8B 84 88 C4 04 00 00)
registersymbol(aob_ammo)
alloc(newmem_ammo,1024,theHunterCotW_F.exe)
label(return_ammo)

newmem_ammo:
  mov [r8+rcx*4+000004C4], #99
  mov eax,[r8+rcx*4+000004C4]
  jmp return_ammo

aob_ammo:
  jmp newmem_ammo
  nop
  nop
  nop
return_ammo:
[DISABLE]
aob_ammo:
  db 41 8B 84 88 C4 04 00 00

unregistersymbol(aob_ammo)
dealloc(newmem_ammo)

{
// ORIGINAL CODE - INJECTION POINT: "theHunterCotW_F.exe"+72E9EC

"theHunterCotW_F.exe"+72E9D2: 74 10                             -  je theHunterCotW_F.exe+72E9E4
"theHunterCotW_F.exe"+72E9D4: FF C0                             -  inc eax
"theHunterCotW_F.exe"+72E9D6: 48 83 C1 04                       -  add rcx,04
"theHunterCotW_F.exe"+72E9DA: 3D 80 00 00 00                    -  cmp eax,00000080
"theHunterCotW_F.exe"+72E9DF: 72 EF                             -  jb theHunterCotW_F.exe+72E9D0
"theHunterCotW_F.exe"+72E9E1: 33 C0                             -  xor eax,eax
"theHunterCotW_F.exe"+72E9E3: C3                                -  ret 
"theHunterCotW_F.exe"+72E9E4: 83 F8 FF                          -  cmp eax,-01
"theHunterCotW_F.exe"+72E9E7: 74 F8                             -  je theHunterCotW_F.exe+72E9E1
"theHunterCotW_F.exe"+72E9E9: 48 63 C8                          -  movsxd  rcx,eax
// ---------- INJECTING HERE ----------
"theHunterCotW_F.exe"+72E9EC: 41 8B 84 88 C4 04 00 00           -  mov eax,[r8+rcx*4+000004C4]
// ---------- DONE INJECTING  ----------
"theHunterCotW_F.exe"+72E9F4: C3                                -  ret 
"theHunterCotW_F.exe"+72E9F5: CC                                -  int 3 
"theHunterCotW_F.exe"+72E9F6: CC                                -  int 3 
"theHunterCotW_F.exe"+72E9F7: CC                                -  int 3 
"theHunterCotW_F.exe"+72E9F8: CC                                -  int 3 
"theHunterCotW_F.exe"+72E9F9: CC                                -  int 3 
"theHunterCotW_F.exe"+72E9FA: CC                                -  int 3 
"theHunterCotW_F.exe"+72E9FB: CC                                -  int 3 
"theHunterCotW_F.exe"+72E9FC: CC                                -  int 3 
"theHunterCotW_F.exe"+72E9FD: CC                                -  int 3 
}
</AssemblerScript>
    </CheatEntry>
  </CheatEntries>
</CheatTable>

Infinite Money

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>4</ID>
      <Description>"Infinite Money"</Description>
      <LastState/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>// Game   : theHunterCotW_F.exe
// Version:
// Date   :
// Author : RaDeX
[ENABLE]
aobscanmodule(aob_money,theHunterCotW_F.exe,00 44 8B 86 A0 00 00 00)
registersymbol(aob_money)
alloc(newmem_money,1024,theHunterCotW_F.exe)
label(return_money)

newmem_money:
  mov [rsi+000000A0], #10000000
  mov r8d,[rsi+000000A0]
  jmp return_money

aob_money+01:
  jmp newmem_money
  nop
  nop
return_money:
[DISABLE]
aob_money+01:
  db 44 8B 86 A0 00 00 00

unregistersymbol(aob_money)
dealloc(newmem_money)

{
// ORIGINAL CODE - INJECTION POINT: "theHunterCotW_F.exe"+7C3181

"theHunterCotW_F.exe"+7C314A: 48 8B 05 1F B9 62 01     -  mov rax,[theHunterCotW_F.exe+1DEEA70]
"theHunterCotW_F.exe"+7C3151: 48 8D 15 30 E6 D7 00     -  lea rdx,[theHunterCotW_F.exe+1541788]
"theHunterCotW_F.exe"+7C3158: 48 89 5C 24 40           -  mov [rsp+40],rbx
"theHunterCotW_F.exe"+7C315D: 48 81 C5 F0 02 00 00     -  add rbp,000002F0
"theHunterCotW_F.exe"+7C3164: 48 89 74 24 48           -  mov [rsp+48],rsi
"theHunterCotW_F.exe"+7C3169: 48 8B CD                 -  mov rcx,rbp
"theHunterCotW_F.exe"+7C316C: 48 89 7C 24 50           -  mov [rsp+50],rdi
"theHunterCotW_F.exe"+7C3171: 48 8B B0 58 02 00 00     -  mov rsi,[rax+00000258]
"theHunterCotW_F.exe"+7C3178: 44 8B 46 14              -  mov r8d,[rsi+14]
"theHunterCotW_F.exe"+7C317C: E8 8F 3D 05 00           -  call theHunterCotW_F.exe+816F10
// ---------- INJECTING HERE ----------
"theHunterCotW_F.exe"+7C3181: 44 8B 86 A0 00 00 00     -  mov r8d,[rsi+000000A0]
// ---------- DONE INJECTING  ----------
"theHunterCotW_F.exe"+7C3188: 48 8D 15 09 E6 D7 00     -  lea rdx,[theHunterCotW_F.exe+1541798]
"theHunterCotW_F.exe"+7C318F: 48 8B CD                 -  mov rcx,rbp
"theHunterCotW_F.exe"+7C3192: E8 79 3D 05 00           -  call theHunterCotW_F.exe+816F10
"theHunterCotW_F.exe"+7C3197: 44 8B 46 10              -  mov r8d,[rsi+10]
"theHunterCotW_F.exe"+7C319B: 48 8D 15 16 C2 D7 00     -  lea rdx,[theHunterCotW_F.exe+153F3B8]
"theHunterCotW_F.exe"+7C31A2: 48 8B CD                 -  mov rcx,rbp
"theHunterCotW_F.exe"+7C31A5: E8 66 3D 05 00           -  call theHunterCotW_F.exe+816F10
"theHunterCotW_F.exe"+7C31AA: 41 83 C8 FF              -  or r8d,-01
"theHunterCotW_F.exe"+7C31AE: 48 8D 15 EB E5 D7 00     -  lea rdx,[theHunterCotW_F.exe+15417A0]
"theHunterCotW_F.exe"+7C31B5: 48 8B CD                 -  mov rcx,rbp
}
</AssemblerScript>
    </CheatEntry>
  </CheatEntries>
</CheatTable>

If you want any other cheats just find this function, its pretty self-explanatory.

Code: Select all

theHunterCotW_F.exe+7C30D0 - 48 89 6C 24 20        - mov [rsp+20],rbp
theHunterCotW_F.exe+7C30D5 - 41 56                 - push r14
theHunterCotW_F.exe+7C30D7 - 48 83 EC 30           - sub rsp,30 { 48 }
theHunterCotW_F.exe+7C30DB - 48 8B E9              - mov rbp,rcx
theHunterCotW_F.exe+7C30DE - E8 2DB30300           - call theHunterCotW_F.exe+7FE410
theHunterCotW_F.exe+7C30E3 - 4C 8B F0              - mov r14,rax
theHunterCotW_F.exe+7C30E6 - 48 85 C0              - test rax,rax
theHunterCotW_F.exe+7C30E9 - 0F84 CB010000         - je theHunterCotW_F.exe+7C32BA
theHunterCotW_F.exe+7C30EF - 8B 95 08030000        - mov edx,[rbp+00000308]
theHunterCotW_F.exe+7C30F5 - 81 E2 8F000000        - and edx,0000008F { 143 }
theHunterCotW_F.exe+7C30FB - 83 FA 01              - cmp edx,01 { 1 }
theHunterCotW_F.exe+7C30FE - 77 36                 - ja theHunterCotW_F.exe+7C3136
theHunterCotW_F.exe+7C3100 - 8B 48 18              - mov ecx,[rax+18]
theHunterCotW_F.exe+7C3103 - 4C 8D 8D F0020000     - lea r9,[rbp+000002F0]
theHunterCotW_F.exe+7C310A - 49 8B 56 20           - mov rdx,[r14+20]
theHunterCotW_F.exe+7C310E - 4C 8D 05 63E6D700     - lea r8,[theHunterCotW_F.exe+1541778] { ["m_StatusBarData"] }
theHunterCotW_F.exe+7C3115 - 81 E1 8F000000        - and ecx,0000008F { 143 }
theHunterCotW_F.exe+7C311B - 80 F9 0A              - cmp cl,0A { 10 }
theHunterCotW_F.exe+7C311E - 49 8B 4E 10           - mov rcx,[r14+10]
theHunterCotW_F.exe+7C3122 - 0F94 C0               - sete al
theHunterCotW_F.exe+7C3125 - 88 44 24 20           - mov [rsp+20],al
theHunterCotW_F.exe+7C3129 - E8 620A7E00           - call theHunterCotW_F.exe+FA3B90
theHunterCotW_F.exe+7C312E - 84 C0                 - test al,al
theHunterCotW_F.exe+7C3130 - 0F84 84010000         - je theHunterCotW_F.exe+7C32BA
theHunterCotW_F.exe+7C3136 - 8B 85 08030000        - mov eax,[rbp+00000308]
theHunterCotW_F.exe+7C313C - 25 8F000000           - and eax,0000008F { 143 }
theHunterCotW_F.exe+7C3141 - 83 F8 01              - cmp eax,01 { 1 }
theHunterCotW_F.exe+7C3144 - 0F86 70010000         - jbe theHunterCotW_F.exe+7C32BA
theHunterCotW_F.exe+7C314A - 48 8B 05 1FB96201     - mov rax,[theHunterCotW_F.exe+1DEEA70] { [26FF8019000] }
theHunterCotW_F.exe+7C3151 - 48 8D 15 30E6D700     - lea rdx,[theHunterCotW_F.exe+1541788] { ["m_Experience"] }
theHunterCotW_F.exe+7C3158 - 48 89 5C 24 40        - mov [rsp+40],rbx
theHunterCotW_F.exe+7C315D - 48 81 C5 F0020000     - add rbp,000002F0 { 752 }
theHunterCotW_F.exe+7C3164 - 48 89 74 24 48        - mov [rsp+48],rsi
theHunterCotW_F.exe+7C3169 - 48 8B CD              - mov rcx,rbp
theHunterCotW_F.exe+7C316C - 48 89 7C 24 50        - mov [rsp+50],rdi
theHunterCotW_F.exe+7C3171 - 48 8B B0 58020000     - mov rsi,[rax+00000258]
theHunterCotW_F.exe+7C3178 - 44 8B 46 14           - mov r8d,[rsi+14]
theHunterCotW_F.exe+7C317C - E8 8F3D0500           - call theHunterCotW_F.exe+816F10
theHunterCotW_F.exe+7C3181 - 44 8B 86 A0000000     - mov r8d,[rsi+000000A0]
theHunterCotW_F.exe+7C3188 - 48 8D 15 09E6D700     - lea rdx,[theHunterCotW_F.exe+1541798] { ["m_Money"] }
theHunterCotW_F.exe+7C318F - 48 8B CD              - mov rcx,rbp
theHunterCotW_F.exe+7C3192 - E8 793D0500           - call theHunterCotW_F.exe+816F10
theHunterCotW_F.exe+7C3197 - 44 8B 46 10           - mov r8d,[rsi+10]
theHunterCotW_F.exe+7C319B - 48 8D 15 16C2D700     - lea rdx,[theHunterCotW_F.exe+153F3B8] { ["m_Level"] }
theHunterCotW_F.exe+7C31A2 - 48 8B CD              - mov rcx,rbp
theHunterCotW_F.exe+7C31A5 - E8 663D0500           - call theHunterCotW_F.exe+816F10
theHunterCotW_F.exe+7C31AA - 41 83 C8 FF           - or r8d,-01 { 255 }
theHunterCotW_F.exe+7C31AE - 48 8D 15 EBE5D700     - lea rdx,[theHunterCotW_F.exe+15417A0] { ["m_Weight"] }
theHunterCotW_F.exe+7C31B5 - 48 8B CD              - mov rcx,rbp
theHunterCotW_F.exe+7C31B8 - E8 533D0500           - call theHunterCotW_F.exe+816F10
theHunterCotW_F.exe+7C31BD - 41 83 C8 FF           - or r8d,-01 { 255 }
theHunterCotW_F.exe+7C31C1 - 48 8D 15 E8E5D700     - lea rdx,[theHunterCotW_F.exe+15417B0] { ["m_MaxWeight"] }
theHunterCotW_F.exe+7C31C8 - 48 8B CD              - mov rcx,rbp
theHunterCotW_F.exe+7C31CB - E8 403D0500           - call theHunterCotW_F.exe+816F10
theHunterCotW_F.exe+7C31D0 - 48 8B 05 F92B6101     - mov rax,[theHunterCotW_F.exe+1DD5DD0] { [26FA9D94200] }
theHunterCotW_F.exe+7C31D7 - 48 8D 15 DEE5D700     - lea rdx,[theHunterCotW_F.exe+15417BC] { ["m_Hour"] }
theHunterCotW_F.exe+7C31DE - 48 8B CD              - mov rcx,rbp
theHunterCotW_F.exe+7C31E1 - F3 0F10 90 E0000000   - movss xmm2,[rax+000000E0]
theHunterCotW_F.exe+7C31E9 - F3 44 0F2C C2         - cvttss2si r8d,xmm2
theHunterCotW_F.exe+7C31EE - 66 41 0F6E C0         - movd xmm0,r8d
theHunterCotW_F.exe+7C31F3 - 0F5B C0               - cvtdq2ps xmm0,xmm0
theHunterCotW_F.exe+7C31F6 - F3 0F5C D0            - subss xmm2,xmm0
theHunterCotW_F.exe+7C31FA - F3 0F59 15 9A02C700   - mulss xmm2,[theHunterCotW_F.exe+143349C] { [60.00] }
theHunterCotW_F.exe+7C3202 - F3 0F2C FA            - cvttss2si edi,xmm2
theHunterCotW_F.exe+7C3206 - 66 0F6E C7            - movd xmm0,edi
theHunterCotW_F.exe+7C320A - 0F5B C0               - cvtdq2ps xmm0,xmm0
theHunterCotW_F.exe+7C320D - F3 0F5C D0            - subss xmm2,xmm0
theHunterCotW_F.exe+7C3211 - F3 0F59 15 8302C700   - mulss xmm2,[theHunterCotW_F.exe+143349C] { [60.00] }
theHunterCotW_F.exe+7C3219 - F3 0F2C DA            - cvttss2si ebx,xmm2
theHunterCotW_F.exe+7C321D - E8 EE3C0500           - call theHunterCotW_F.exe+816F10
theHunterCotW_F.exe+7C3222 - 44 8B C7              - mov r8d,edi
theHunterCotW_F.exe+7C3225 - 48 8D 15 CCD5D700     - lea rdx,[theHunterCotW_F.exe+15407F8] { ["m_Minutes"] }
theHunterCotW_F.exe+7C322C - 48 8B CD              - mov rcx,rbp
theHunterCotW_F.exe+7C322F - E8 DC3C0500           - call theHunterCotW_F.exe+816F10
theHunterCotW_F.exe+7C3234 - 44 8B C3              - mov r8d,ebx
theHunterCotW_F.exe+7C3237 - 48 8D 15 8AE5D700     - lea rdx,[theHunterCotW_F.exe+15417C8] { ["m_Seconds"] }
theHunterCotW_F.exe+7C323E - 48 8B CD              - mov rcx,rbp
theHunterCotW_F.exe+7C3241 - E8 CA3C0500           - call theHunterCotW_F.exe+816F10
theHunterCotW_F.exe+7C3246 - 4C 8D 05 9B48C600     - lea r8,[theHunterCotW_F.exe+1427AE8] { [00000000] }
theHunterCotW_F.exe+7C324D - 48 8B CD              - mov rcx,rbp
theHunterCotW_F.exe+7C3250 - 48 8D 15 81E5D700     - lea rdx,[theHunterCotW_F.exe+15417D8] { ["m_RegionName"] }
theHunterCotW_F.exe+7C3257 - E8 94710500           - call theHunterCotW_F.exe+81A3F0
theHunterCotW_F.exe+7C325C - 44 8B 46 18           - mov r8d,[rsi+18]
theHunterCotW_F.exe+7C3260 - 48 8D 15 81E5D700     - lea rdx,[theHunterCotW_F.exe+15417E8] { ["m_SkillPoints"] }
theHunterCotW_F.exe+7C3267 - 48 8B CD              - mov rcx,rbp
theHunterCotW_F.exe+7C326A - E8 A13C0500           - call theHunterCotW_F.exe+816F10
theHunterCotW_F.exe+7C326F - 44 8B 46 1C           - mov r8d,[rsi+1C]
theHunterCotW_F.exe+7C3273 - 48 8D 15 7EE5D700     - lea rdx,[theHunterCotW_F.exe+15417F8] { ["m_PerkPoints"] }
theHunterCotW_F.exe+7C327A - 48 8B CD              - mov rcx,rbp
theHunterCotW_F.exe+7C327D - E8 8E3C0500           - call theHunterCotW_F.exe+816F10
theHunterCotW_F.exe+7C3282 - 41 8B 46 18           - mov eax,[r14+18]
theHunterCotW_F.exe+7C3286 - 4C 8D 05 EBE4D700     - lea r8,[theHunterCotW_F.exe+1541778] { ["m_StatusBarData"] }
theHunterCotW_F.exe+7C328D - 49 8B 56 20           - mov rdx,[r14+20]
theHunterCotW_F.exe+7C3291 - 25 8F000000           - and eax,0000008F { 143 }
theHunterCotW_F.exe+7C3296 - 49 8B 4E 10           - mov rcx,[r14+10]
theHunterCotW_F.exe+7C329A - 3C 0A                 - cmp al,0A { 10 }
theHunterCotW_F.exe+7C329C - 4C 8B CD              - mov r9,rbp
theHunterCotW_F.exe+7C329F - 0F94 C0               - sete al
theHunterCotW_F.exe+7C32A2 - 88 44 24 20           - mov [rsp+20],al
theHunterCotW_F.exe+7C32A6 - E8 D5538000           - call theHunterCotW_F.exe+FC8680
theHunterCotW_F.exe+7C32AB - 48 8B 7C 24 50        - mov rdi,[rsp+50]
theHunterCotW_F.exe+7C32B0 - 48 8B 74 24 48        - mov rsi,[rsp+48]
theHunterCotW_F.exe+7C32B5 - 48 8B 5C 24 40        - mov rbx,[rsp+40]
theHunterCotW_F.exe+7C32BA - 48 8B 6C 24 58        - mov rbp,[rsp+58]
theHunterCotW_F.exe+7C32BF - 48 83 C4 30           - add rsp,30 { 48 }
theHunterCotW_F.exe+7C32C3 - 41 5E                 - pop r14
theHunterCotW_F.exe+7C32C5 - C3                    - ret

Shona · Post by **Shona** » Thu Mar 16, 2017 2:21 pm

Table isn't working anymore because of 1.3 Update.

pigeon · Post by **pigeon** » Sat Mar 18, 2017 8:05 pm

Shona wrote: ↑
Tue Mar 14, 2017 4:22 pm
Heartrate isn't working for me, it shows only "0" :/
NoClouds is also broken

You can also ask SunBeam for help because he made a table before, but the table is no working anymore -> Cheat Engine Forum - theHunter: Call of the Wild (Google Chache)

Would be cool if you can find some of these, like the Visibility or Noise because i can't figure out how he found them

Visibility and Noise level interesting for me too and i can find bunch of values for it, but all of them is just display codes and animals still be aware by player. Maybe we need looking for not player noise/visibility but animal aware value... But i guess it will be required a hours just for getting something that may be close for such values (just imagine that you need to find animal, scare it few times and you still do not know if you need search for flag or float...) :/
Oh, and NoClouds works well. Probably i explain it not really good - it remove big, kind of volumetric clouds and not just after you click. So activate it and use speedhack with x100 speed. After few seconds Sun will be shining all the time (but i still can not to find how to control rain...).
I update table for 1.3 version with previous values.

And i try to search for AOB provided by RaDeX, but maybe i understand it wrong (it only second game where i use CE so deep) or maybe with new game update AOB changing.

Ze6rah · Post by **Ze6rah** » Tue May 02, 2017 7:21 pm

Did some things that i am interested in in 1.61 version
1) Money pointer
2) Time pointer
3) Stop time script

theHunterCotW_F.CT: (4.83 KiB) Downloaded 241 times

Ze6rah · Post by **Ze6rah** » Wed May 10, 2017 3:51 pm

Some more things for 1.61 (could work for older versions)

pigeon · Post by **pigeon** » Sat May 27, 2017 3:58 pm

for 1.63 hotfix

"High Clouds" can have different result if you change value in "(float)0" to 1 or 2 or anything else and it affected immediately.
"Vol Clouds" is bigger clouds and it required time for disappearing.
"off Flashlight" was made because at evening, personally for me, flashlight turned on automatically and do not turned off manually.
"noeffects" turned off all effects with blue color.

Existing hotkeys provided in "table extras".

pigeon · Post by **pigeon** » Mon May 29, 2017 1:05 pm

all from previous post, but for game ver.1.7

l0wb1t · Post by **l0wb1t** » Mon May 29, 2017 4:31 pm

Hi Guys, i will also share something with you

Animals Stay Spotted (use Scope or binocular, just move cursur over them, they start glowing

Code: Select all

[ENABLE]

aobscanmodule(_AnimalsStaySpotted,theHunterCotW_F.exe,F3 0F 10 03 F3 41 0F 5C 45 00) // should be unique
aobscanmodule(_AnimalsStaySpottedCheck,theHunterCotW_F.exe,74 11 41 0F 28 D8 41 0F 28 D0 48 8D 55 A8 E8 DA)
alloc(newmem,$1000,"theHunterCotW_F.exe"+63FF95)

label(code)
label(return)

_AnimalsStaySpottedCheck:
  db eb 11


newmem:
mov [rbx],(float)5
code:
  movss xmm0,[rbx]
  subss xmm0,[r13+00]
  jmp return

_AnimalsStaySpotted:
  jmp newmem
  nop
  nop
  nop
  nop
  nop
return:
registersymbol(_AnimalsStaySpotted)
registersymbol(_AnimalsStaySpottedCheck)
[DISABLE]

_AnimalsStaySpotted:
  db F3 0F 10 03 F3 41 0F 5C 45 00
_AnimalsStaySpottedCheck:
  db 74 11

unregistersymbol(_AnimalsStaySpotted)
unregistersymbol(_AnimalsStaySpottedCheck)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "theHunterCotW_F.exe"+63FF95

"theHunterCotW_F.exe"+63FF69: E8 02 9A FC FF           -  call theHunterCotW_F.exe+609970
"theHunterCotW_F.exe"+63FF6E: F3 0F 10 35 16 79 65 01  -  movss xmm6,[theHunterCotW_F.exe+1C9788C]
"theHunterCotW_F.exe"+63FF76: 49 8B CE                 -  mov rcx,r14
"theHunterCotW_F.exe"+63FF79: E8 82 7C FA FF           -  call theHunterCotW_F.exe+5E7C00
"theHunterCotW_F.exe"+63FF7E: F3 0F 59 C6              -  mulss xmm0,xmm6
"theHunterCotW_F.exe"+63FF82: F3 0F 11 03              -  movss [rbx],xmm0
"theHunterCotW_F.exe"+63FF86: 48 8B D3                 -  mov rdx,rbx
"theHunterCotW_F.exe"+63FF89: 48 8D 4C 24 60           -  lea rcx,[rsp+60]
"theHunterCotW_F.exe"+63FF8E: E8 7D D8 01 00           -  call theHunterCotW_F.exe+65D810
"theHunterCotW_F.exe"+63FF93: EB 6E                    -  jmp theHunterCotW_F.exe+640003
// ---------- INJECTING HERE ----------
"theHunterCotW_F.exe"+63FF95: F3 0F 10 03              -  movss xmm0,[rbx]
"theHunterCotW_F.exe"+63FF99: F3 41 0F 5C 45 00        -  subss xmm0,[r13+00]
// ---------- DONE INJECTING  ----------
"theHunterCotW_F.exe"+63FF9F: F3 0F 11 03              -  movss [rbx],xmm0
"theHunterCotW_F.exe"+63FFA3: 0F 2F C7                 -  comiss xmm0,xmm7
"theHunterCotW_F.exe"+63FFA6: 76 14                    -  jna theHunterCotW_F.exe+63FFBC
"theHunterCotW_F.exe"+63FFA8: E8 C3 99 FC FF           -  call theHunterCotW_F.exe+609970
"theHunterCotW_F.exe"+63FFAD: 48 8B D3                 -  mov rdx,rbx
"theHunterCotW_F.exe"+63FFB0: 48 8D 4C 24 60           -  lea rcx,[rsp+60]
"theHunterCotW_F.exe"+63FFB5: E8 56 D8 01 00           -  call theHunterCotW_F.exe+65D810
"theHunterCotW_F.exe"+63FFBA: EB 47                    -  jmp theHunterCotW_F.exe+640003
"theHunterCotW_F.exe"+63FFBC: 41 0F 28 D9              -  movaps xmm3,xmm9
"theHunterCotW_F.exe"+63FFC0: 41 0F 28 D1              -  movaps xmm2,xmm9
}

Super Jump

Code: Select all

{ Game   : theHunterCotW_F.exe
  Version: 
  Date   : 2017-05-27
  Author : Schr4nzi

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(_SuperJump,theHunterCotW_F.exe,66 90 0F 10 00 0F 11 01 0F 10 48 10 0F 11 49 10) // should be unique
alloc(newmem,$1000,"theHunterCotW_F.exe"+4D6366)

label(code)
label(return)

newmem:
//cmp [rax+3C],(float)15
//jne code
mov [rax+3C],(float)25
code:
  movups xmm1,[rax+10]
  movups [rcx+10],xmm1
  jmp return

_SuperJump+08:
  jmp newmem
  nop
  nop
  nop
return:
registersymbol(_SuperJump)

[DISABLE]

_SuperJump+08:
  db 0F 10 48 10 0F 11 49 10

unregistersymbol(_SuperJump)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "theHunterCotW_F.exe"+4D6366

"theHunterCotW_F.exe"+4D633F: 45 0F 57 DB              -  xorps xmm11,xmm11
"theHunterCotW_F.exe"+4D6343: F3 44 0F 51 D9           -  sqrtss xmm11,xmm1
"theHunterCotW_F.exe"+4D6348: 48 8B CF                 -  mov rcx,rdi
"theHunterCotW_F.exe"+4D634B: E8 A0 5A F1 FF           -  call theHunterCotW_F.exe+3EBDF0
"theHunterCotW_F.exe"+4D6350: 48 8D 8D 00 04 00 00     -  lea rcx,[rbp+00000400]
"theHunterCotW_F.exe"+4D6357: BE 02 00 00 00           -  mov esi,00000002
"theHunterCotW_F.exe"+4D635C: 8B D6                    -  mov edx,esi
"theHunterCotW_F.exe"+4D635E: 66 90                    -  nop 
"theHunterCotW_F.exe"+4D6360: 0F 10 00                 -  movups xmm0,[rax]
"theHunterCotW_F.exe"+4D6363: 0F 11 01                 -  movups [rcx],xmm0
// ---------- INJECTING HERE ----------
"theHunterCotW_F.exe"+4D6366: 0F 10 48 10              -  movups xmm1,[rax+10]
"theHunterCotW_F.exe"+4D636A: 0F 11 49 10              -  movups [rcx+10],xmm1
// ---------- DONE INJECTING  ----------
"theHunterCotW_F.exe"+4D636E: 0F 10 40 20              -  movups xmm0,[rax+20]
"theHunterCotW_F.exe"+4D6372: 0F 11 41 20              -  movups [rcx+20],xmm0
"theHunterCotW_F.exe"+4D6376: 0F 10 48 30              -  movups xmm1,[rax+30]
"theHunterCotW_F.exe"+4D637A: 0F 11 49 30              -  movups [rcx+30],xmm1
"theHunterCotW_F.exe"+4D637E: 0F 10 40 40              -  movups xmm0,[rax+40]
"theHunterCotW_F.exe"+4D6382: 0F 11 41 40              -  movups [rcx+40],xmm0
"theHunterCotW_F.exe"+4D6386: 0F 10 48 50              -  movups xmm1,[rax+50]
"theHunterCotW_F.exe"+4D638A: 0F 11 49 50              -  movups [rcx+50],xmm1
"theHunterCotW_F.exe"+4D638E: 0F 10 40 60              -  movups xmm0,[rax+60]
"theHunterCotW_F.exe"+4D6392: 0F 11 41 60              -  movups [rcx+60],xmm0
}

Super Speed

Code: Select all

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat

 
 
aobscanmodule(_SuperSpeed,theHunterCotW_F.exe,66 90 0F 10 00 0F 11 01 ** ** ** ** ** ** ** ** 0F 10 40 20 0F 11 41 20) // should be unique
alloc(newmem,$1000,"theHunterCotW_F.exe"+4D636E)

label(code)
label(return)

newmem:
cmp [rax+20],(float)2
jne code
mov [rax+20],(float)25
code:
  movups xmm0,[rax+20]
  movups [rcx+20],xmm0
  jmp return

_SuperSpeed+10:
  jmp newmem
  nop
  nop
  nop
return:
registersymbol(_SuperSpeed)

[DISABLE]
//code from here till the end of the code will be used to disable the cheat
_SuperSpeed+10:
  db 0F 10 40 20 0F 11 41 20

unregistersymbol(_SuperSpeed)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "theHunterCotW_F.exe"+4D636E

"theHunterCotW_F.exe"+4D6350: 48 8D 8D 00 04 00 00     -  lea rcx,[rbp+00000400]
"theHunterCotW_F.exe"+4D6357: BE 02 00 00 00           -  mov esi,00000002
"theHunterCotW_F.exe"+4D635C: 8B D6                    -  mov edx,esi
"theHunterCotW_F.exe"+4D635E: 66 90                    -  nop 
"theHunterCotW_F.exe"+4D6360: 0F 10 00                 -  movups xmm0,[rax]
"theHunterCotW_F.exe"+4D6363: 0F 11 01                 -  movups [rcx],xmm0
"theHunterCotW_F.exe"+4D6366: E9 95 9C AF FF           -  jmp 7FF789FB0000
"theHunterCotW_F.exe"+4D636B: 90                       -  nop 
"theHunterCotW_F.exe"+4D636C: 90                       -  nop 
"theHunterCotW_F.exe"+4D636D: 90                       -  nop 
// ---------- INJECTING HERE ----------
"theHunterCotW_F.exe"+4D636E: 0F 10 40 20              -  movups xmm0,[rax+20]
"theHunterCotW_F.exe"+4D6372: 0F 11 41 20              -  movups [rcx+20],xmm0
// ---------- DONE INJECTING  ----------
"theHunterCotW_F.exe"+4D6376: 0F 10 48 30              -  movups xmm1,[rax+30]
"theHunterCotW_F.exe"+4D637A: 0F 11 49 30              -  movups [rcx+30],xmm1
"theHunterCotW_F.exe"+4D637E: 0F 10 40 40              -  movups xmm0,[rax+40]
"theHunterCotW_F.exe"+4D6382: 0F 11 41 40              -  movups [rcx+40],xmm0
"theHunterCotW_F.exe"+4D6386: 0F 10 48 50              -  movups xmm1,[rax+50]
"theHunterCotW_F.exe"+4D638A: 0F 11 49 50              -  movups [rcx+50],xmm1
"theHunterCotW_F.exe"+4D638E: 0F 10 40 60              -  movups xmm0,[rax+60]
"theHunterCotW_F.exe"+4D6392: 0F 11 41 60              -  movups [rcx+60],xmm0
"theHunterCotW_F.exe"+4D6396: 48 8D 89 80 00 00 00     -  lea rcx,[rcx+00000080]
"theHunterCotW_F.exe"+4D639D: 0F 10 48 70              -  movups xmm1,[rax+70]
}

Slow Animals

Code: Select all

[ENABLE]

aobscanmodule(_SlowAnimals,theHunterCotW_F.exe,CC 48 8B 91 08 01 00 00 48 85 D2 74 20) // should be unique
registersymbol(_SlowAnimals)

_SlowAnimals+08:
  db 90 90 90

[DISABLE]

_SlowAnimals+08:
  db 48 85 D2

unregistersymbol(_SlowAnimals)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "theHunterCotW_F.exe"+481377

"theHunterCotW_F.exe"+481367: CC                             -  int 3
"theHunterCotW_F.exe"+481368: CC                             -  int 3
"theHunterCotW_F.exe"+481369: CC                             -  int 3
"theHunterCotW_F.exe"+48136A: CC                             -  int 3
"theHunterCotW_F.exe"+48136B: CC                             -  int 3
"theHunterCotW_F.exe"+48136C: CC                             -  int 3
"theHunterCotW_F.exe"+48136D: CC                             -  int 3
"theHunterCotW_F.exe"+48136E: CC                             -  int 3
"theHunterCotW_F.exe"+48136F: CC                             -  int 3
"theHunterCotW_F.exe"+481370: 48 8B 91 08 01 00 00           -  mov rdx,[rcx+00000108]
// ---------- INJECTING HERE ----------
"theHunterCotW_F.exe"+481377: 48 85 D2                       -  test rdx,rdx
"theHunterCotW_F.exe"+48137A: 74 20                          -  je theHunterCotW_F.exe+48139C
// ---------- DONE INJECTING  ----------
"theHunterCotW_F.exe"+48137C: 48 8B 05 15 C4 99 01           -  mov rax,[theHunterCotW_F.exe+1E1D798]
"theHunterCotW_F.exe"+481383: 48 8B 48 20                    -  mov rcx,[rax+20]
"theHunterCotW_F.exe"+481387: 48 85 C9                       -  test rcx,rcx
"theHunterCotW_F.exe"+48138A: 74 06                          -  je theHunterCotW_F.exe+481392
"theHunterCotW_F.exe"+48138C: 0F B6 41 01                    -  movzx eax,byte ptr [rcx+01]
"theHunterCotW_F.exe"+481390: EB 02                          -  jmp theHunterCotW_F.exe+481394
"theHunterCotW_F.exe"+481392: 33 C0                          -  xor eax,eax
"theHunterCotW_F.exe"+481394: 38 42 1B                       -  cmp [rdx+1B],al
"theHunterCotW_F.exe"+481397: 75 03                          -  jne theHunterCotW_F.exe+48139C
"theHunterCotW_F.exe"+481399: B0 01                          -  mov al,01
}

Icon ESP (it's buggy, icons will displayed twice behind your location)

Code: Select all

[ENABLE]

aobscanmodule(_Code,theHunterCotW_F.exe,3A 9F 90 00 00 00) // should be unique
alloc(newmem,$1000,"theHunterCotW_F.exe"+830E1B)

label(code)
label(return)

newmem:

code:
  mov bl,1
  jmp return

_Code:
  jmp newmem
  nop
return:
registersymbol(_Code)

_Code+08:
db 80 BE 84 00 00 00 01

[DISABLE]

_Code:
  db 3A 9F 90 00 00 00
_Code+08:
  db 80 BE 84 00 00 00 00
unregistersymbol(_Code)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "theHunterCotW_F.exe"+830E1B

"theHunterCotW_F.exe"+830DFF: 22 D8                 -  and bl,al
"theHunterCotW_F.exe"+830E01: 45 84 E4              -  test r12l,r12l
"theHunterCotW_F.exe"+830E04: 74 09                 -  je theHunterCotW_F.exe+830E0F
"theHunterCotW_F.exe"+830E06: 45 84 ED              -  test r13l,r13l
"theHunterCotW_F.exe"+830E09: 74 04                 -  je theHunterCotW_F.exe+830E0F
"theHunterCotW_F.exe"+830E0B: 33 C0                 -  xor eax,eax
"theHunterCotW_F.exe"+830E0D: EB 05                 -  jmp theHunterCotW_F.exe+830E14
"theHunterCotW_F.exe"+830E0F: B8 01 00 00 00        -  mov eax,00000001
"theHunterCotW_F.exe"+830E14: 22 D8                 -  and bl,al
"theHunterCotW_F.exe"+830E16: 48 8B 74 24 68        -  mov rsi,[rsp+68]
// ---------- INJECTING HERE ----------
"theHunterCotW_F.exe"+830E1B: 3A 9F 90 00 00 00     -  cmp bl,[rdi+00000090]
// ---------- DONE INJECTING  ----------
"theHunterCotW_F.exe"+830E21: 75 0D                 -  jne theHunterCotW_F.exe+830E30
"theHunterCotW_F.exe"+830E23: 80 BE 84 00 00 00 00  -  cmp byte ptr [rsi+00000084],00
"theHunterCotW_F.exe"+830E2A: 0F 84 9F 00 00 00     -  je theHunterCotW_F.exe+830ECF
"theHunterCotW_F.exe"+830E30: 80 BE 90 04 00 00 00  -  cmp byte ptr [rsi+00000490],00
"theHunterCotW_F.exe"+830E37: 74 52                 -  je theHunterCotW_F.exe+830E8B
"theHunterCotW_F.exe"+830E39: 84 DB                 -  test bl,bl
"theHunterCotW_F.exe"+830E3B: 74 4E                 -  je theHunterCotW_F.exe+830E8B
"theHunterCotW_F.exe"+830E3D: 48 8B 86 60 04 00 00  -  mov rax,[rsi+00000460]
"theHunterCotW_F.exe"+830E44: 48 89 85 10 03 00 00  -  mov [rbp+00000310],rax
"theHunterCotW_F.exe"+830E4B: 48 8B 08              -  mov rcx,[rax]
}

pigeon · Post by **pigeon** » Mon May 29, 2017 6:21 pm

l0wb1t, can i ask you to give a hint of how did you find animals speed value? I'm just currently trying to find something related to animal awareness (and i think it may be stay close to speed value), so they do not care if player stay right near by them. But i'm such noob... I even didn't understand how to find value from your AOB, it just give me a bunch of values that looks like no have sense

l0wb1t · Post by **l0wb1t** » Mon May 29, 2017 7:28 pm

pigeon wrote: ↑
Mon May 29, 2017 6:21 pm
l0wb1t, can i ask you to give a hint of how did you find animals speed value? I'm just currently trying to find something related to animal awareness (and i think it may be stay close to speed value), so they do not care if player stay right near by them. But i'm such noob... I even didn't understand how to find value from your AOB, it just give me a bunch of values that looks like no have sense

I didn't really found animals speed. i just messed up some code while i was searching for a proper way to do stealth mode(found this near to the Health function).

Code: Select all

theHunterCotW_F.exe+481370 - 48 8B 91 08010000     - mov rdx,[rcx+00000108]
theHunterCotW_F.exe+481377 - 48 85 D2              - test rdx,rdx -- The Check I'm killing to do slow animals (nop it)
theHunterCotW_F.exe+48137A - 74 20                 - je theHunterCotW_F.exe+48139C
theHunterCotW_F.exe+48137C - 48 8B 05 15C49901     - mov rax,[theHunterCotW_F.exe+1E1D798] { [19AD3F37C80] }
theHunterCotW_F.exe+481383 - 48 8B 48 20           - mov rcx,[rax+20]
theHunterCotW_F.exe+481387 - 48 85 C9              - test rcx,rcx
theHunterCotW_F.exe+48138A - 74 06                 - je theHunterCotW_F.exe+481392
theHunterCotW_F.exe+48138C - 0FB6 41 01            - movzx eax,byte ptr [rcx+01]
theHunterCotW_F.exe+481390 - EB 02                 - jmp theHunterCotW_F.exe+481394
theHunterCotW_F.exe+481392 - 33 C0                 - xor eax,eax
theHunterCotW_F.exe+481394 - 38 42 1B              - cmp [rdx+1B],al
theHunterCotW_F.exe+481397 - 75 03                 - jne theHunterCotW_F.exe+48139C
theHunterCotW_F.exe+481399 - B0 01                 - mov al,01 { 1 }
theHunterCotW_F.exe+48139B - C3                    - ret 
theHunterCotW_F.exe+48139C - 32 C0                 - xor al,al
theHunterCotW_F.exe+48139E - C3                    - ret 
theHunterCotW_F.exe+48139F - CC                    - int 3 
theHunterCotW_F.exe+4813A0 - 33 C0                 - xor eax,eax
theHunterCotW_F.exe+4813A2 - 66 39 81 14020000     - cmp [rcx+00000214],ax --- some Health code
theHunterCotW_F.exe+4813A9 - 0F9E C0               - setle al
theHunterCotW_F.exe+4813AC - C3                    - ret

i tought forcing PlayerNoise, PlayerbackgroundNoise, Visbility Values to 100,100,0 is the goal to do Stealth mode. but it isn't

Maybe SunBeam can help us herem he's a genius at this point.
i still have no proper working stealth mode for the game yet

This drives me crazy spent alot of ours already to research. Maybe forcing animals Health to 0 is working !? xD

theHunterCotW_F.CT: Stealth Debug; (922.31 KiB) Downloaded 161 times

pigeon · Post by **pigeon** » Tue May 30, 2017 3:06 am

founded unique AOB for the animals aware:
00 00 00 00 01 00 00 04 3C AB 65 C1
So the first "00" is actual value (from 0 to 7). Amount of addresses changing, of course, during game, but it help at least do not waist time with scans. So it is useful when you spot animal, make search of this AOB and change first byte for every founded address one-by-one and by watching for animal - you will see when it change it behavior or condition if animal have been spotted in binocular.
It is useless for normal game. It still required to figure out how to deal with this function. Just help to safe time for "investigations".

l0wb1t · Post by **l0wb1t** » Tue May 30, 2017 5:10 am

Back from sleep, lemme see i'll check that,
What game Version are you using? I'm on 1.63
Do you have Skype? would be better to talk.
Br, l0wb1t

Super Speed update
mov [rax+0C],(float)25 // 0C Is for Gamepad if you play with
mov [rax+20],(float)25 // 20 is Movement Speed
mov [rax+28],(float)25 // 28 Is Sneak speed
mov [rax+30],(float)25 // 30 is Speed when lying on the ground

pigeon · Post by **pigeon** » Tue May 30, 2017 2:29 pm

I use 1.7, update with shooting range.
I guess we almost done with it. At least, currently i found another way how to calm down animals. So i made prediction, that with method above i probably found "flags" and maybe here will be float value, related to it. And yes, when you know when it increase/decrease (flags help with it) - there is pretty easy to find it and this instructions more easy to solve. So here is two scripts, that make every animal calm:

Code: Select all

[ENABLE]

aobscanmodule(calmAnimals1,theHunterCotW_F.exe,F3 0F 11 8C 8B 68 05 00 00) // should be unique
alloc(newmem,$1000,"theHunterCotW_F.exe"+437270)

label(code)
label(return)

newmem:

code:
  mov [rbx+rcx*4+00000568],(float)0
  //movss [rbx+rcx*4+00000568],xmm1
  jmp return

calmAnimals1:
  jmp newmem
  nop
  nop
  nop
  nop
return:
registersymbol(calmAnimals1)

[DISABLE]

calmAnimals1:
  db F3 0F 11 8C 8B 68 05 00 00

unregistersymbol(calmAnimals1)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "theHunterCotW_F.exe"+437270

"theHunterCotW_F.exe"+437248: F3 0F 59 83 B0 17 00 00     -  mulss xmm0,[rbx+000017B0]
"theHunterCotW_F.exe"+437250: F3 0F 5C C8                 -  subss xmm1,xmm0
"theHunterCotW_F.exe"+437254: 0F 2F CE                    -  comiss xmm1,xmm6
"theHunterCotW_F.exe"+437257: 73 03                       -  jae theHunterCotW_F.exe+43725C
"theHunterCotW_F.exe"+437259: 0F 28 CE                    -  movaps xmm1,xmm6
"theHunterCotW_F.exe"+43725C: 0F 2F CA                    -  comiss xmm1,xmm2
"theHunterCotW_F.exe"+43725F: 72 03                       -  jb theHunterCotW_F.exe+437264
"theHunterCotW_F.exe"+437261: 0F 28 CA                    -  movaps xmm1,xmm2
"theHunterCotW_F.exe"+437264: F3 0F 10 9C 8B 70 05 00 00  -  movss xmm3,[rbx+rcx*4+00000570]
"theHunterCotW_F.exe"+43726D: 0F 28 C7                    -  movaps xmm0,xmm7
// ---------- INJECTING HERE ----------
"theHunterCotW_F.exe"+437270: F3 0F 11 8C 8B 68 05 00 00  -  movss [rbx+rcx*4+00000568],xmm1
// ---------- DONE INJECTING  ----------
"theHunterCotW_F.exe"+437279: 0F 28 D6                    -  movaps xmm2,xmm6
"theHunterCotW_F.exe"+43727C: F3 41 0F 59 86 A8 07 00 00  -  mulss xmm0,[r14+000007A8]
"theHunterCotW_F.exe"+437285: 41 B9 05 00 00 00           -  mov r9d,00000005
"theHunterCotW_F.exe"+43728B: F3 0F 5C D8                 -  subss xmm3,xmm0
"theHunterCotW_F.exe"+43728F: 0F 2F DE                    -  comiss xmm3,xmm6
"theHunterCotW_F.exe"+437292: 77 03                       -  ja theHunterCotW_F.exe+437297
"theHunterCotW_F.exe"+437294: 0F 28 DE                    -  movaps xmm3,xmm6
"theHunterCotW_F.exe"+437297: 4C 8D 83 54 05 00 00        -  lea r8,[rbx+00000554]
"theHunterCotW_F.exe"+43729E: F3 0F 11 9C 8B 70 05 00 00  -  movss [rbx+rcx*4+00000570],xmm3
"theHunterCotW_F.exe"+4372A7: 4D 8D 04 88                 -  lea r8,[r8+rcx*4]
}

Code: Select all

[ENABLE]

aobscanmodule(calmAnimals2,theHunterCotW_F.exe,F3 0F 11 84 8B 68 05 00 00) // should be unique
alloc(newmem,$1000,"theHunterCotW_F.exe"+437302)

label(code)
label(return)

newmem:

code:
  mov [rbx+rcx*4+00000568],(float)0
  //movss [rbx+rcx*4+00000568],xmm0
  jmp return

calmAnimals2:
  jmp newmem
  nop
  nop
  nop
  nop
return:
registersymbol(calmAnimals2)

[DISABLE]

calmAnimals2:
  db F3 0F 11 84 8B 68 05 00 00

unregistersymbol(calmAnimals2)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "theHunterCotW_F.exe"+437302

"theHunterCotW_F.exe"+4372D9: F3 0F 10 8B B4 17 00 00     -  movss xmm1,[rbx+000017B4]
"theHunterCotW_F.exe"+4372E1: 0F 28 C7                    -  movaps xmm0,xmm7
"theHunterCotW_F.exe"+4372E4: F3 41 0F 59 00              -  mulss xmm0,[r8]
"theHunterCotW_F.exe"+4372E9: F3 0F 58 84 8B 68 05 00 00  -  addss xmm0,[rbx+rcx*4+00000568]
"theHunterCotW_F.exe"+4372F2: 0F 2F C6                    -  comiss xmm0,xmm6
"theHunterCotW_F.exe"+4372F5: 73 03                       -  jae theHunterCotW_F.exe+4372FA
"theHunterCotW_F.exe"+4372F7: 0F 28 C6                    -  movaps xmm0,xmm6
"theHunterCotW_F.exe"+4372FA: 0F 2F C1                    -  comiss xmm0,xmm1
"theHunterCotW_F.exe"+4372FD: 72 03                       -  jb StupidAnimals2
"theHunterCotW_F.exe"+4372FF: 0F 28 C1                    -  movaps xmm0,xmm1
// ---------- INJECTING HERE ----------
"theHunterCotW_F.exe"+437302: F3 0F 11 84 8B 68 05 00 00  -  movss [rbx+rcx*4+00000568],xmm0
// ---------- DONE INJECTING  ----------
"theHunterCotW_F.exe"+43730B: F3 41 0F 10 00              -  movss xmm0,[r8]
"theHunterCotW_F.exe"+437310: 0F 2F C2                    -  comiss xmm0,xmm2
"theHunterCotW_F.exe"+437313: 76 0B                       -  jna theHunterCotW_F.exe+437320
"theHunterCotW_F.exe"+437315: 83 FA 03                    -  cmp edx,03
"theHunterCotW_F.exe"+437318: 74 06                       -  je theHunterCotW_F.exe+437320
"theHunterCotW_F.exe"+43731A: 0F 28 D0                    -  movaps xmm2,xmm0
"theHunterCotW_F.exe"+43731D: 44 8B CA                    -  mov r9d,edx
"theHunterCotW_F.exe"+437320: FF C2                       -  inc edx
"theHunterCotW_F.exe"+437322: 49 83 C0 04                 -  add r8,04
"theHunterCotW_F.exe"+437326: 83 FA 05                    -  cmp edx,05
}

But i still not really satisfied with it. Animals walking all time, sometimes they moves bit faster... I will try also to find how to make them sit or walking slowly. Probably as your l0wb1t solution, but i want try to figure out how to find it and manipulate it

FearLess Cheat Engine

theHunter™: Call of the Wild

theHunter™: Call of the Wild

Re: theHunter™: Call of the Wild

Re: theHunter™: Call of the Wild

Re: theHunter™: Call of the Wild

Re: theHunter™: Call of the Wild

Re: theHunter™: Call of the Wild

Re: theHunter™: Call of the Wild

Re: theHunter™: Call of the Wild

Re: theHunter™: Call of the Wild

Re: theHunter™: Call of the Wild

Re: theHunter™: Call of the Wild

Re: theHunter™: Call of the Wild

Re: theHunter™: Call of the Wild

Re: theHunter™: Call of the Wild

Re: theHunter™: Call of the Wild

Who is online