theHunter™: Call of the Wild

Upload your cheat tables here (No requests)
pigeon
Cheater
Cheater
Posts: 30
Joined: Sat Mar 04, 2017 11:37 am
Reputation: 3

Re: theHunter™: Call of the Wild

Post by pigeon » Tue May 30, 2017 2:29 pm

I use 1.7, update with shooting range.
I guess we almost done with it. At least, currently i found another way how to calm down animals. So i made prediction, that with method above i probably found "flags" and maybe here will be float value, related to it. And yes, when you know when it increase/decrease (flags help with it) - there is pretty easy to find it and this instructions more easy to solve. So here is two scripts, that make every animal calm:

Code: Select all

[ENABLE]

aobscanmodule(calmAnimals1,theHunterCotW_F.exe,F3 0F 11 8C 8B 68 05 00 00) // should be unique
alloc(newmem,$1000,"theHunterCotW_F.exe"+437270)

label(code)
label(return)

newmem:

code:
  mov [rbx+rcx*4+00000568],(float)0
  //movss [rbx+rcx*4+00000568],xmm1
  jmp return

calmAnimals1:
  jmp newmem
  nop
  nop
  nop
  nop
return:
registersymbol(calmAnimals1)

[DISABLE]

calmAnimals1:
  db F3 0F 11 8C 8B 68 05 00 00

unregistersymbol(calmAnimals1)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "theHunterCotW_F.exe"+437270

"theHunterCotW_F.exe"+437248: F3 0F 59 83 B0 17 00 00     -  mulss xmm0,[rbx+000017B0]
"theHunterCotW_F.exe"+437250: F3 0F 5C C8                 -  subss xmm1,xmm0
"theHunterCotW_F.exe"+437254: 0F 2F CE                    -  comiss xmm1,xmm6
"theHunterCotW_F.exe"+437257: 73 03                       -  jae theHunterCotW_F.exe+43725C
"theHunterCotW_F.exe"+437259: 0F 28 CE                    -  movaps xmm1,xmm6
"theHunterCotW_F.exe"+43725C: 0F 2F CA                    -  comiss xmm1,xmm2
"theHunterCotW_F.exe"+43725F: 72 03                       -  jb theHunterCotW_F.exe+437264
"theHunterCotW_F.exe"+437261: 0F 28 CA                    -  movaps xmm1,xmm2
"theHunterCotW_F.exe"+437264: F3 0F 10 9C 8B 70 05 00 00  -  movss xmm3,[rbx+rcx*4+00000570]
"theHunterCotW_F.exe"+43726D: 0F 28 C7                    -  movaps xmm0,xmm7
// ---------- INJECTING HERE ----------
"theHunterCotW_F.exe"+437270: F3 0F 11 8C 8B 68 05 00 00  -  movss [rbx+rcx*4+00000568],xmm1
// ---------- DONE INJECTING  ----------
"theHunterCotW_F.exe"+437279: 0F 28 D6                    -  movaps xmm2,xmm6
"theHunterCotW_F.exe"+43727C: F3 41 0F 59 86 A8 07 00 00  -  mulss xmm0,[r14+000007A8]
"theHunterCotW_F.exe"+437285: 41 B9 05 00 00 00           -  mov r9d,00000005
"theHunterCotW_F.exe"+43728B: F3 0F 5C D8                 -  subss xmm3,xmm0
"theHunterCotW_F.exe"+43728F: 0F 2F DE                    -  comiss xmm3,xmm6
"theHunterCotW_F.exe"+437292: 77 03                       -  ja theHunterCotW_F.exe+437297
"theHunterCotW_F.exe"+437294: 0F 28 DE                    -  movaps xmm3,xmm6
"theHunterCotW_F.exe"+437297: 4C 8D 83 54 05 00 00        -  lea r8,[rbx+00000554]
"theHunterCotW_F.exe"+43729E: F3 0F 11 9C 8B 70 05 00 00  -  movss [rbx+rcx*4+00000570],xmm3
"theHunterCotW_F.exe"+4372A7: 4D 8D 04 88                 -  lea r8,[r8+rcx*4]
}

Code: Select all

[ENABLE]

aobscanmodule(calmAnimals2,theHunterCotW_F.exe,F3 0F 11 84 8B 68 05 00 00) // should be unique
alloc(newmem,$1000,"theHunterCotW_F.exe"+437302)

label(code)
label(return)

newmem:

code:
  mov [rbx+rcx*4+00000568],(float)0
  //movss [rbx+rcx*4+00000568],xmm0
  jmp return

calmAnimals2:
  jmp newmem
  nop
  nop
  nop
  nop
return:
registersymbol(calmAnimals2)

[DISABLE]

calmAnimals2:
  db F3 0F 11 84 8B 68 05 00 00

unregistersymbol(calmAnimals2)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "theHunterCotW_F.exe"+437302

"theHunterCotW_F.exe"+4372D9: F3 0F 10 8B B4 17 00 00     -  movss xmm1,[rbx+000017B4]
"theHunterCotW_F.exe"+4372E1: 0F 28 C7                    -  movaps xmm0,xmm7
"theHunterCotW_F.exe"+4372E4: F3 41 0F 59 00              -  mulss xmm0,[r8]
"theHunterCotW_F.exe"+4372E9: F3 0F 58 84 8B 68 05 00 00  -  addss xmm0,[rbx+rcx*4+00000568]
"theHunterCotW_F.exe"+4372F2: 0F 2F C6                    -  comiss xmm0,xmm6
"theHunterCotW_F.exe"+4372F5: 73 03                       -  jae theHunterCotW_F.exe+4372FA
"theHunterCotW_F.exe"+4372F7: 0F 28 C6                    -  movaps xmm0,xmm6
"theHunterCotW_F.exe"+4372FA: 0F 2F C1                    -  comiss xmm0,xmm1
"theHunterCotW_F.exe"+4372FD: 72 03                       -  jb StupidAnimals2
"theHunterCotW_F.exe"+4372FF: 0F 28 C1                    -  movaps xmm0,xmm1
// ---------- INJECTING HERE ----------
"theHunterCotW_F.exe"+437302: F3 0F 11 84 8B 68 05 00 00  -  movss [rbx+rcx*4+00000568],xmm0
// ---------- DONE INJECTING  ----------
"theHunterCotW_F.exe"+43730B: F3 41 0F 10 00              -  movss xmm0,[r8]
"theHunterCotW_F.exe"+437310: 0F 2F C2                    -  comiss xmm0,xmm2
"theHunterCotW_F.exe"+437313: 76 0B                       -  jna theHunterCotW_F.exe+437320
"theHunterCotW_F.exe"+437315: 83 FA 03                    -  cmp edx,03
"theHunterCotW_F.exe"+437318: 74 06                       -  je theHunterCotW_F.exe+437320
"theHunterCotW_F.exe"+43731A: 0F 28 D0                    -  movaps xmm2,xmm0
"theHunterCotW_F.exe"+43731D: 44 8B CA                    -  mov r9d,edx
"theHunterCotW_F.exe"+437320: FF C2                       -  inc edx
"theHunterCotW_F.exe"+437322: 49 83 C0 04                 -  add r8,04
"theHunterCotW_F.exe"+437326: 83 FA 05                    -  cmp edx,05
}
But i still not really satisfied with it. Animals walking all time, sometimes they moves bit faster... I will try also to find how to make them sit or walking slowly. Probably as your l0wb1t solution, but i want try to figure out how to find it and manipulate it :)

User avatar
SunBeam
Trouble Makers
Trouble Makers
Posts: 356
Joined: Thu Mar 02, 2017 10:15 pm
Reputation: 98

Re: theHunter™: Call of the Wild

Post by SunBeam » Tue May 30, 2017 2:54 pm

Why not figure out the operations before this code:

Code: Select all

"theHunterCotW_F.exe"+437248: F3 0F 59 83 B0 17 00 00     -  mulss xmm0,[rbx+000017B0] <-- before this
"theHunterCotW_F.exe"+437250: F3 0F 5C C8                 -  subss xmm1,xmm0
"theHunterCotW_F.exe"+437254: 0F 2F CE                    -  comiss xmm1,xmm6
"theHunterCotW_F.exe"+437257: 73 03                       -  jae theHunterCotW_F.exe+43725C
"theHunterCotW_F.exe"+437259: 0F 28 CE                    -  movaps xmm1,xmm6
"theHunterCotW_F.exe"+43725C: 0F 2F CA                    -  comiss xmm1,xmm2
"theHunterCotW_F.exe"+43725F: 72 03                       -  jb theHunterCotW_F.exe+437264
"theHunterCotW_F.exe"+437261: 0F 28 CA                    -  movaps xmm1,xmm2
"theHunterCotW_F.exe"+437264: F3 0F 10 9C 8B 70 05 00 00  -  movss xmm3,[rbx+rcx*4+00000570]
"theHunterCotW_F.exe"+43726D: 0F 28 C7                    -  movaps xmm0,xmm7
// ---------- INJECTING HERE ----------
"theHunterCotW_F.exe"+437270: F3 0F 11 8C 8B 68 05 00 00  -  movss [rbx+rcx*4+00000568],xmm1
As you can see, xmm1 is obtained from either xmm6 (code at offset 0x437259) or xmm2 (code at offset 0x437261). Go back up in the code and see where xmm2/xmm6 are calculated.

pigeon
Cheater
Cheater
Posts: 30
Joined: Sat Mar 04, 2017 11:37 am
Reputation: 3

Re: theHunter™: Call of the Wild

Post by pigeon » Wed May 31, 2017 12:08 am

xmm - is still some kind of magic for me. But, honestly, this script do right what i want. Maybe later i try to learn how i can take full control under functions that access for few addresses, but currently i feel that puzzle is almost solved :)
Anyway, i found the function that control animals type of movement:

Code: Select all

[ENABLE]

aobscanmodule(animalBehavior,theHunterCotW_F.exe,44 88 A7 01 28 00 00) // should be unique
alloc(newmem,$1000,"theHunterCotW_F.exe"+3C3602)

label(code)
label(return)

newmem:

code:
  mov [rdi+00002801],0
  //mov [rdi+00002801],r12l
  jmp return

animalBehavior:
  jmp newmem
  nop
  nop
return:
registersymbol(animalBehavior)

[DISABLE]

animalBehavior:
  db 44 88 A7 01 28 00 00

unregistersymbol(animalBehavior)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "theHunterCotW_F.exe"+3C3602

"theHunterCotW_F.exe"+3C35D7: 88 87 29 29 00 00        -  mov [rdi+00002929],al
"theHunterCotW_F.exe"+3C35DD: E8 4E A5 02 00           -  call theHunterCotW_F.exe+3EDB30
"theHunterCotW_F.exe"+3C35E2: 48 8B 86 70 64 00 00     -  mov rax,[rsi+00006470]
"theHunterCotW_F.exe"+3C35E9: 48 8B 88 48 02 00 00     -  mov rcx,[rax+00000248]
"theHunterCotW_F.exe"+3C35F0: 48 85 C9                 -  test rcx,rcx
"theHunterCotW_F.exe"+3C35F3: 74 1B                    -  je theHunterCotW_F.exe+3C3610
"theHunterCotW_F.exe"+3C35F5: 48 8B 01                 -  mov rax,[rcx]
"theHunterCotW_F.exe"+3C35F8: FF 90 D0 00 00 00        -  call qword ptr [rax+000000D0]
"theHunterCotW_F.exe"+3C35FE: 84 C0                    -  test al,al
"theHunterCotW_F.exe"+3C3600: 74 0E                    -  je theHunterCotW_F.exe+3C3610
// ---------- INJECTING HERE ----------
"theHunterCotW_F.exe"+3C3602: 44 88 A7 01 28 00 00     -  mov [rdi+00002801],r12l
// ---------- DONE INJECTING  ----------
"theHunterCotW_F.exe"+3C3609: C6 87 18 28 00 00 01     -  mov byte ptr [rdi+00002818],01
"theHunterCotW_F.exe"+3C3610: 4C 8B B7 E8 27 00 00     -  mov r14,[rdi+000027E8]
"theHunterCotW_F.exe"+3C3617: 4D 85 F6                 -  test r14,r14
"theHunterCotW_F.exe"+3C361A: 74 2B                    -  je theHunterCotW_F.exe+3C3647
"theHunterCotW_F.exe"+3C361C: 49 8B 46 08              -  mov rax,[r14+08]
"theHunterCotW_F.exe"+3C3620: 48 63 48 04              -  movsxd  rcx,dword ptr [rax+04]
"theHunterCotW_F.exe"+3C3624: 4A 8B 5C 31 08           -  mov rbx,[rcx+r14+08]
"theHunterCotW_F.exe"+3C3629: E8 72 AA 03 00           -  call theHunterCotW_F.exe+3FE0A0
"theHunterCotW_F.exe"+3C362E: 48 8B D0                 -  mov rdx,rax
"theHunterCotW_F.exe"+3C3631: 49 8B 46 08              -  mov rax,[r14+08]
}
In such case, when script enabled and value is "0" - animals (all that can be hunted and small like rabbits) will stay at one place. If value will be "1" - they just walk. If "2" - semi-run. "3" - run and, i think, so on.

Looks like animal behavior system is bit complex in this game. Because another conditions, that can be "drink", "rest", "eat", "migrates" - store somewhere else.

Oh, almost forget. For more easier working with animals, when i try to found any animal values during walking with them - i made another script that turn off spot and "backlight" timer. I think that may be similar for solution from l0wb1t, but why not:

Code: Select all

[ENABLE]

aobscanmodule(unlimSpot,theHunterCotW_F.exe,F3 0F 11 03 0F 2F C7) // should be unique
alloc(newmem,$1000,"theHunterCotW_F.exe"+636E0C)

label(code)
label(return)

newmem:

code:
  //movss [rbx],xmm0
  comiss xmm0,xmm7
  jmp return

unlimSpot:
  jmp newmem
  nop
  nop
return:
registersymbol(unlimSpot)

[DISABLE]

unlimSpot:
  db F3 0F 11 03 0F 2F C7

unregistersymbol(unlimSpot)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "theHunterCotW_F.exe"+636E0C

"theHunterCotW_F.exe"+636DE3: 49 8B CE                 -  mov rcx,r14
"theHunterCotW_F.exe"+636DE6: E8 35 80 FA FF           -  call theHunterCotW_F.exe+5DEE20
"theHunterCotW_F.exe"+636DEB: F3 0F 59 C6              -  mulss xmm0,xmm6
"theHunterCotW_F.exe"+636DEF: F3 0F 11 03              -  movss [rbx],xmm0
"theHunterCotW_F.exe"+636DF3: 48 8B D3                 -  mov rdx,rbx
"theHunterCotW_F.exe"+636DF6: 48 8D 4C 24 70           -  lea rcx,[rsp+70]
"theHunterCotW_F.exe"+636DFB: E8 80 45 03 00           -  call theHunterCotW_F.exe+66B380
"theHunterCotW_F.exe"+636E00: EB 6E                    -  jmp theHunterCotW_F.exe+636E70
"theHunterCotW_F.exe"+636E02: F3 0F 10 03              -  movss xmm0,[rbx]
"theHunterCotW_F.exe"+636E06: F3 41 0F 5C 04 24        -  subss xmm0,[r12]
// ---------- INJECTING HERE ----------
"theHunterCotW_F.exe"+636E0C: F3 0F 11 03              -  movss [rbx],xmm0
"theHunterCotW_F.exe"+636E10: 0F 2F C7                 -  comiss xmm0,xmm7
// ---------- DONE INJECTING  ----------
"theHunterCotW_F.exe"+636E13: 76 14                    -  jna theHunterCotW_F.exe+636E29
"theHunterCotW_F.exe"+636E15: E8 B6 9B FB FF           -  call theHunterCotW_F.exe+5F09D0
"theHunterCotW_F.exe"+636E1A: 48 8B D3                 -  mov rdx,rbx
"theHunterCotW_F.exe"+636E1D: 48 8D 4C 24 70           -  lea rcx,[rsp+70]
"theHunterCotW_F.exe"+636E22: E8 59 45 03 00           -  call theHunterCotW_F.exe+66B380
"theHunterCotW_F.exe"+636E27: EB 47                    -  jmp theHunterCotW_F.exe+636E70
"theHunterCotW_F.exe"+636E29: 41 0F 28 D8              -  movaps xmm3,xmm8
"theHunterCotW_F.exe"+636E2D: 41 0F 28 D0              -  movaps xmm2,xmm8
"theHunterCotW_F.exe"+636E31: 48 8D 55 B0              -  lea rdx,[rbp-50]
"theHunterCotW_F.exe"+636E35: E8 F6 42 FB FF           -  call theHunterCotW_F.exe+5EB130
}

pigeon
Cheater
Cheater
Posts: 30
Joined: Sat Mar 04, 2017 11:37 am
Reputation: 3

Re: theHunter™: Call of the Wild

Post by pigeon » Thu Jun 01, 2017 7:16 pm

table for game ver.1.7hotfix
Image

The only thing i can't found is how to make animals sit/sleep/eat/drink/... But anyway this result much more better than taking control just under hunter visible/noise values. And there is may be issues, because i'm noob with scripts.

- "off High Clouds" do what that say, but you can change value in script to 1,2,3... and "high" clouds will be different.
- "Calm Animals" script make every animal do not care if hunter stay right near by them. It affected animals that can be hunted and small, like rabbits as well. You can change value using by script from "0" to 1,2,3...7. This all different animal aware conditions.
- "Stop Animals" make every animal stay where they are. You can change it for "1" if you want that they only walk, "2" for some kind of run. With "3" they will run like if you scare them.
- "Unlim Spot Timer" when you spot animal and information about it roll out on your screen - it will not disappear.
- "HUD" group. This will be useful for those how use ReShade. So if you made "HUD" value "0", enable "noSpotHighlight" script and make "Tracers" 0 - than your screen will be very clear and you can take clear screenshot with Steam Overlay hotkey or ReShade hotkey. But it is not really turns HUD off. HUD "0" value make game think that you press "Esc" and that you are in menu. That's means that you will see mouse cursor and if you have 2 monitors - you can move mouse out of game window. Because of that it is useful only when you ready to take screenshot. But with hotkey for switching all or part of this - it will not to be real problem.

Also i found instruction that access for a lot of addresses that affected game graphic, like power/RGBcolor of moon light, RGBcolor of clouds, water brightness and so on. But i do not insert in cheat table anything from it because i think it required time to figure out what from all of that really may be useful. If anyone want to play with graphic, just search for AOB "89 04 91 41 FF C3" and "Find out what addresses this instruction accesses".
Attachments
theHunterCotW_Photo_1.7hotfix.CT
(38.75 KiB) Downloaded 168 times

pigeon
Cheater
Cheater
Posts: 30
Joined: Sat Mar 04, 2017 11:37 am
Reputation: 3

Re: theHunter™: Call of the Wild

Post by pigeon » Fri Jun 02, 2017 7:03 pm

All from previous post, plus:
- "noSpotHighlightHorns" script. I found that "noSpotHighlight" script do not affected horns, so this one will fix it.
- Environment 248 parameters (but i do not understand all of them). Here is album with all of that: http://imgur.com/a/HjulU
Addresses with "-" in name means that i do not see changes while testing it at night and day, but i make test at clear weather conditions. So i think some of that may affected rain, water or anything else. Addresses that have "?" in name means that i do not sure that i understand it correct.
For working with it you should enable "No Wind", "Freeze Weather Effects" and "Enviro1" scripts. If during it you get almost black screen - just disable "No Wind" script. All of that working together so it may be tricky to deal with it.
Attachments
theHunterCotW_Photo_Enviro_1.7hotfix.CT
(145.49 KiB) Downloaded 58 times

pigeon
Cheater
Cheater
Posts: 30
Joined: Sat Mar 04, 2017 11:37 am
Reputation: 3

Re: theHunter™: Call of the Wild

Post by pigeon » Mon Jun 05, 2017 11:46 am

added stars intensity, moon surface color, wet effect, two more clouds controls and some changes of environment group: http://imgur.com/a/jBJMf
Attachments
theHunterCotW_Photo_Enviro_(2)_1.7hotfix.CT
(187.42 KiB) Downloaded 90 times

pigeon
Cheater
Cheater
Posts: 30
Joined: Sat Mar 04, 2017 11:37 am
Reputation: 3

Re: theHunter™: Call of the Wild

Post by pigeon » Tue Jun 06, 2017 7:37 pm

So i found how to control animals animations. It even better than i think before because with that there is possible to switch a lot of animations like jump, lay down, eating, looking around and so on... Problem is that this instruction affect everything at map, or at least human camera/hands and hunted/small animals. I try to do compare, but i do something wrong and it anyway affect to player hands and send to animals wrong value. I anyway will try to figure out how to deal with it, but maybe also figuring it out will be interesting for someone who more experienced than me?

In attached table in the end will be two scripts: "Animations 1 AOB" and "Animations 2 (Instant Change) AOB", the same "links" you will find in "advanced options". Second script should be just enabled. If it's not - animations can took time for changing. "Cmp Animals and Human 1" and "Cmp Animals and Human 2" scripts doing by me, but as i said, it is not working as it should.

This is structure dissect (with -1C offset) that i was use for compare, in case if anyone need it: https://pastebin.com/z0ibBW4x
I was pretty lucky when i was able found place where was few different animals at first game loading. First group in this structure is human camera, second - human hands, 3 - White Deer, 4 - Bear, 5 - Squirrel 1, 6 - Squirrel 2.

If someone will need to take value for specific animal, see where instruction from "Animations 2 (Instant Change) AOB" access. As i understand, it is "listening" all animals activity status. Animation value should be in 4bytes. And here is list of some of them for White Deer and Bear:
Walk - 4753
Semi-Run - 4832
Lay Down - 4906
Call - 4725

Also i found how to deal with a lot of graphic settings by using LUA solution from Gniarf. In the end it is yellow "For Graphic Presets" script. It is changing just few values because it was done just to figure it out.

Ok, that was noobish problem with the script :/ Here is both scripts in one, that works almost perfect (only what taken in human hands is bit rotated, but who care?):

updated with proper script that compare animal and human, but values actually change every new game.

Code: Select all

[ENABLE]
aobscanmodule(AnimalActivityDisableIt,theHunterCotW_F.exe,8B 47 1C 39 06) // should be unique
alloc(newmem2,$1000,"theHunterCotW_F.exe"+2EDCC3)

label(code2)
label(return2)

newmem2:

code2:
  mov eax,#0
  //mov eax,[rdi+1C]
  cmp [rsi],eax
  jmp return2

AnimalActivityDisableIt:
  jmp newmem2
return2:
registersymbol(AnimalActivityDisableIt)


aobscanmodule(INJECT,theHunterCotW_F.exe,89 47 1C 8B 44 24 48 89 47 20) // should be unique
alloc(newmem,$1000,"theHunterCotW_F.exe"+2F7835)

label(cheat)
label(code)
label(return)

newmem:

cheat:
  cmp [rdi+8C],#1036831949
  jne code
  mov [rdi+1C],#4667
  mov eax,[rsp+48]
  jmp return

code:
  mov [rdi+1C],eax
  mov eax,[rsp+48]
  jmp return

INJECT:
  jmp cheat
  nop
  nop
return:
registersymbol(INJECT)

[DISABLE]
AnimalActivityDisableIt:
  db 8B 47 1C 39 06

unregistersymbol(AnimalActivityDisableIt)
dealloc(newmem2)

INJECT:
  db 89 47 1C 8B 44 24 48

unregistersymbol(INJECT)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "theHunterCotW_F.exe"+2EDCC3

"theHunterCotW_F.exe"+2EDC9A: 48 C7 44 24 20 FE FF FF FF  -  mov [rsp+20],FFFFFFFE
"theHunterCotW_F.exe"+2EDCA3: 48 89 5C 24 50              -  mov [rsp+50],rbx
"theHunterCotW_F.exe"+2EDCA8: 48 89 74 24 58              -  mov [rsp+58],rsi
"theHunterCotW_F.exe"+2EDCAD: 48 8B F2                    -  mov rsi,rdx
"theHunterCotW_F.exe"+2EDCB0: 48 8B F9                    -  mov rdi,rcx
"theHunterCotW_F.exe"+2EDCB3: 32 DB                       -  xor bl,bl
"theHunterCotW_F.exe"+2EDCB5: E8 D6 74 FF FF              -  call theHunterCotW_F.exe+2E5190
"theHunterCotW_F.exe"+2EDCBA: 44 8B 00                    -  mov r8d,[rax]
"theHunterCotW_F.exe"+2EDCBD: 44 39 47 20                 -  cmp [rdi+20],r8d
"theHunterCotW_F.exe"+2EDCC1: 74 4C                       -  je theHunterCotW_F.exe+2EDD0F
// ---------- INJECTING HERE ----------
"theHunterCotW_F.exe"+2EDCC3: 8B 47 1C                    -  mov eax,[rdi+1C]
"theHunterCotW_F.exe"+2EDCC6: 39 06                       -  cmp [rsi],eax
// ---------- DONE INJECTING  ----------
"theHunterCotW_F.exe"+2EDCC8: 74 04                       -  je theHunterCotW_F.exe+2EDCCE
"theHunterCotW_F.exe"+2EDCCA: B3 01                       -  mov bl,01
"theHunterCotW_F.exe"+2EDCCC: EB 41                       -  jmp theHunterCotW_F.exe+2EDD0F
"theHunterCotW_F.exe"+2EDCCE: 48 8B 47 30                 -  mov rax,[rdi+30]
"theHunterCotW_F.exe"+2EDCD2: 80 78 20 00                 -  cmp byte ptr [rax+20],00
"theHunterCotW_F.exe"+2EDCD6: 74 37                       -  je theHunterCotW_F.exe+2EDD0F
"theHunterCotW_F.exe"+2EDCD8: 48 8B 87 90 00 00 00        -  mov rax,[rdi+00000090]
"theHunterCotW_F.exe"+2EDCDF: 4C 8B 40 10                 -  mov r8,[rax+10]
"theHunterCotW_F.exe"+2EDCE3: 33 C9                       -  xor ecx,ecx
"theHunterCotW_F.exe"+2EDCE5: 4D 85 C0                    -  test r8,r8
}

{
// ORIGINAL CODE - INJECTION POINT: "theHunterCotW_F.exe"+2F7835

"theHunterCotW_F.exe"+2F7812: 48 8D 55 60              -  lea rdx,[rbp+60]
"theHunterCotW_F.exe"+2F7816: 48 8B CF                 -  mov rcx,rdi
"theHunterCotW_F.exe"+2F7819: E8 72 64 FF FF           -  call theHunterCotW_F.exe+2EDC90
"theHunterCotW_F.exe"+2F781E: 84 C0                    -  test al,al
"theHunterCotW_F.exe"+2F7820: 0F 84 26 06 00 00        -  je theHunterCotW_F.exe+2F7E4C
"theHunterCotW_F.exe"+2F7826: 8B 47 1C                 -  mov eax,[rdi+1C]
"theHunterCotW_F.exe"+2F7829: 89 47 24                 -  mov [rdi+24],eax
"theHunterCotW_F.exe"+2F782C: 8B 47 20                 -  mov eax,[rdi+20]
"theHunterCotW_F.exe"+2F782F: 89 47 28                 -  mov [rdi+28],eax
"theHunterCotW_F.exe"+2F7832: 8B 45 50                 -  mov eax,[rbp+50]
// ---------- INJECTING HERE ----------
"theHunterCotW_F.exe"+2F7835: 89 47 1C                 -  mov [rdi+1C],eax
"theHunterCotW_F.exe"+2F7838: 8B 44 24 48              -  mov eax,[rsp+48]
// ---------- DONE INJECTING  ----------
"theHunterCotW_F.exe"+2F783C: 89 47 20                 -  mov [rdi+20],eax
"theHunterCotW_F.exe"+2F783F: 4C 8D BF D0 00 00 00     -  lea r15,[rdi+000000D0]
"theHunterCotW_F.exe"+2F7846: 48 8D 9F C8 00 00 00     -  lea rbx,[rdi+000000C8]
"theHunterCotW_F.exe"+2F784D: 49 3B DF                 -  cmp rbx,r15
"theHunterCotW_F.exe"+2F7850: 74 26                    -  je theHunterCotW_F.exe+2F7878
"theHunterCotW_F.exe"+2F7852: 4D 8B 3F                 -  mov r15,[r15]
"theHunterCotW_F.exe"+2F7855: 48 8B 0B                 -  mov rcx,[rbx]
"theHunterCotW_F.exe"+2F7858: 48 85 C9                 -  test rcx,rcx
"theHunterCotW_F.exe"+2F785B: 74 05                    -  je theHunterCotW_F.exe+2F7862
"theHunterCotW_F.exe"+2F785D: E8 4E E0 5C 00           -  call theHunterCotW_F.exe+8C58B0
}
Attachments
theHunterCotW_Experiment.CT
(528.78 KiB) Downloaded 79 times

Cryptor
What is cheating?
What is cheating?
Posts: 4
Joined: Thu Jun 08, 2017 8:15 am
Reputation: 0

Re: theHunter™: Call of the Wild

Post by Cryptor » Thu Jun 08, 2017 8:18 am

How to add skill points?

pigeon
Cheater
Cheater
Posts: 30
Joined: Sat Mar 04, 2017 11:37 am
Reputation: 3

Re: theHunter™: Call of the Wild

Post by pigeon » Thu Jun 08, 2017 12:01 pm

Cryptor wrote:
Thu Jun 08, 2017 8:18 am
How to add skill points?
Search for money, 4 bytes, and then add "-88" offset to it. For example your money address "17D1F5540A0", than just change it address to "17D1F5540A0-88" and that will be your skill points address. Or, if this offset will be wrong in your case, "browse memory region" where money is. Make sure you change "Display type" for "4 Byte decimal". Around of money address you will find skill points value and others.

Cryptor
What is cheating?
What is cheating?
Posts: 4
Joined: Thu Jun 08, 2017 8:15 am
Reputation: 0

Re: theHunter™: Call of the Wild

Post by Cryptor » Thu Jun 08, 2017 12:36 pm

Maybe you add in your cheat table?

Cryptor
What is cheating?
What is cheating?
Posts: 4
Joined: Thu Jun 08, 2017 8:15 am
Reputation: 0

Re: theHunter™: Call of the Wild

Post by Cryptor » Thu Jun 08, 2017 2:17 pm

Hm... I set rain control = 5, and i become invisible... :D

pigeon
Cheater
Cheater
Posts: 30
Joined: Sat Mar 04, 2017 11:37 am
Reputation: 3

Re: theHunter™: Call of the Wild

Post by pigeon » Thu Jun 08, 2017 3:10 pm

I think if i add skill points and moneys - then i should add all another. But for me it is not really interesting. Maybe you will be interesting to do it by yourself?
Rain 5 and invisible - it is Ok. You can see in perks something like "Rain man", which made you less visible in rain and if you make rain value more higher than it should be - it is still affect visibility like multiplier :) You can also see how your visibility will change if you turn on and off Fog.
Moreover, i think if you made Rain value negative, something like "-5", you should become even more visible :)

pino44io
What is cheating?
What is cheating?
Posts: 1
Joined: Thu May 25, 2017 9:59 am
Reputation: 0

Re: theHunter™: Call of the Wild

Post by pino44io » Fri Jun 09, 2017 4:11 am

pigeon wrote:
Mon May 29, 2017 8:19 pm

Just check it on single animal. After freezing value it is possible to make it calm or aggressive and animal react like it should. So it is right way (yay!).
This "123.ct" is a freecamera table,it's buggy but works! The only problem is how to disable it? )

Cryptor
What is cheating?
What is cheating?
Posts: 4
Joined: Thu Jun 08, 2017 8:15 am
Reputation: 0

Re: theHunter™: Call of the Wild

Post by Cryptor » Fri Jun 09, 2017 11:45 am

Ok. I found perk points. (-88 offset to it). How to add skill points?

pigeon
Cheater
Cheater
Posts: 30
Joined: Sat Mar 04, 2017 11:37 am
Reputation: 3

Re: theHunter™: Call of the Wild

Post by pigeon » Fri Jun 09, 2017 12:27 pm

pino44io wrote:
Fri Jun 09, 2017 4:11 am
This "123.ct" is a freecamera table,it's buggy but works! The only problem is how to disable it? )
I actually no have idea how ti fix that problem. It was made just for faster finding animals values :)
Cryptor wrote:
Fri Jun 09, 2017 11:45 am
Ok. I found perk points. (-88 offset to it). How to add skill points?
Sorry, i translate it to English wrong. As i said, browse memory region of that value. Somewhere around of it you will find level value, experience and others, and skill as well.

Post Reply

Who is online

Users browsing this forum: EnderWiggin