theHunter™: Call of the Wild

Upload your cheat tables here (No requests)
pigeon
Cheater
Cheater
Posts: 29
Joined: Sat Mar 04, 2017 11:37 am
Reputation: 3

theHunter™: Call of the Wild

Post by pigeon » Sat Mar 04, 2017 12:17 pm

Image

In this table you will see Time base address, which is easy to find. As well as money pointer. Around the money address you will find all others like experience, level and so on.

But most interesting for me part of it is weather. I just cant find weather value or timers for changing weather. Looks like timers works here like: it starts from, for example,100 and count down for 20, after reaching that it start to count up to 100 and again. I can find ~1000 addresses that maybe control weather, but experiments with them crash the game or do not have affect.

At least accidentally i found how too turn off clouds. After enabling it - use speedhack with 100x speed and after few seconds there is will be no clouds (maybe someone can make better solution?). But rain still will happen time by time.

Updated:
Accidentally found addresses for wind, fog and image temperature. But addresses works somehow tricky and there is separate addresses for all of it. Here is comparison: http://imgur.com/a/zkOFk
And i bit scared that i can not to found this values again after game update :cry:

Also added scripts for infinite ammo (made it just for learn scripts little bit more) and heartrate value, which can be freeze and you can infinite holding shift during aiming.


"noeffects" script is just freeze chaging values from "Wind.1" to "Img.Temperature". Maybe will be usefull if someone will try to find how to control rain or with you no need to freeze existing weather effects and value will be stable.
Updated for 1.3 version
Attachments
theHunterCotW_Time.Clouds.Money.Heart.Ammo.Fog.Wind (1.3).CT
(255.84 KiB) Downloaded 1045 times
Last edited by pigeon on Sat Mar 18, 2017 8:12 pm, edited 3 times in total.

Shona
What is cheating?
What is cheating?
Posts: 4
Joined: Sat Mar 04, 2017 7:54 am
Reputation: 0

Re: theHunter™: Call of the Wild

Post by Shona » Tue Mar 14, 2017 4:22 pm

Heartrate isn't working for me, it shows only "0" :/
NoClouds is also broken

You can also ask SunBeam for help because he made a table before, but the table is no working anymore ->

Would be cool if you can find some of these, like the Visibility or Noise because i can't figure out how he found them :(

EDIT: Credits to Sunbeam

Hello folks.

Table's been requested, liked the game, so here we go. For the moment, there's only one script (I fiddled more with findings options, rather than conceiving the scripts). You can modify more in the [Debug] section.

Image

I'll post updates once I progress.

BR,
Sun
Attachments
theHunterCotW_F.CT
(13.47 KiB) Downloaded 797 times

RaDeX
Administration
Administration
Posts: 32
Joined: Fri Mar 03, 2017 12:41 pm
Reputation: 7

Re: theHunter™: Call of the Wild

Post by RaDeX » Wed Mar 15, 2017 8:10 am

Just Copy and Paste into cheatengine

Infinite Ammo

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>2</ID>
      <Description>"Infinite Ammo"</Description>
      <LastState Activated="1"/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>// Game   : theHunterCotW_F.exe
// Version:
// Date   :
// Author : RaDeX
[ENABLE]
aobscanmodule(aob_ammo,theHunterCotW_F.exe,41 8B 84 88 C4 04 00 00)
registersymbol(aob_ammo)
alloc(newmem_ammo,1024,theHunterCotW_F.exe)
label(return_ammo)

newmem_ammo:
  mov [r8+rcx*4+000004C4], #99
  mov eax,[r8+rcx*4+000004C4]
  jmp return_ammo

aob_ammo:
  jmp newmem_ammo
  nop
  nop
  nop
return_ammo:
[DISABLE]
aob_ammo:
  db 41 8B 84 88 C4 04 00 00

unregistersymbol(aob_ammo)
dealloc(newmem_ammo)

{
// ORIGINAL CODE - INJECTION POINT: "theHunterCotW_F.exe"+72E9EC

"theHunterCotW_F.exe"+72E9D2: 74 10                             -  je theHunterCotW_F.exe+72E9E4
"theHunterCotW_F.exe"+72E9D4: FF C0                             -  inc eax
"theHunterCotW_F.exe"+72E9D6: 48 83 C1 04                       -  add rcx,04
"theHunterCotW_F.exe"+72E9DA: 3D 80 00 00 00                    -  cmp eax,00000080
"theHunterCotW_F.exe"+72E9DF: 72 EF                             -  jb theHunterCotW_F.exe+72E9D0
"theHunterCotW_F.exe"+72E9E1: 33 C0                             -  xor eax,eax
"theHunterCotW_F.exe"+72E9E3: C3                                -  ret 
"theHunterCotW_F.exe"+72E9E4: 83 F8 FF                          -  cmp eax,-01
"theHunterCotW_F.exe"+72E9E7: 74 F8                             -  je theHunterCotW_F.exe+72E9E1
"theHunterCotW_F.exe"+72E9E9: 48 63 C8                          -  movsxd  rcx,eax
// ---------- INJECTING HERE ----------
"theHunterCotW_F.exe"+72E9EC: 41 8B 84 88 C4 04 00 00           -  mov eax,[r8+rcx*4+000004C4]
// ---------- DONE INJECTING  ----------
"theHunterCotW_F.exe"+72E9F4: C3                                -  ret 
"theHunterCotW_F.exe"+72E9F5: CC                                -  int 3 
"theHunterCotW_F.exe"+72E9F6: CC                                -  int 3 
"theHunterCotW_F.exe"+72E9F7: CC                                -  int 3 
"theHunterCotW_F.exe"+72E9F8: CC                                -  int 3 
"theHunterCotW_F.exe"+72E9F9: CC                                -  int 3 
"theHunterCotW_F.exe"+72E9FA: CC                                -  int 3 
"theHunterCotW_F.exe"+72E9FB: CC                                -  int 3 
"theHunterCotW_F.exe"+72E9FC: CC                                -  int 3 
"theHunterCotW_F.exe"+72E9FD: CC                                -  int 3 
}
</AssemblerScript>
    </CheatEntry>
  </CheatEntries>
</CheatTable>
Infinite Money

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>4</ID>
      <Description>"Infinite Money"</Description>
      <LastState/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>// Game   : theHunterCotW_F.exe
// Version:
// Date   :
// Author : RaDeX
[ENABLE]
aobscanmodule(aob_money,theHunterCotW_F.exe,00 44 8B 86 A0 00 00 00)
registersymbol(aob_money)
alloc(newmem_money,1024,theHunterCotW_F.exe)
label(return_money)

newmem_money:
  mov [rsi+000000A0], #10000000
  mov r8d,[rsi+000000A0]
  jmp return_money

aob_money+01:
  jmp newmem_money
  nop
  nop
return_money:
[DISABLE]
aob_money+01:
  db 44 8B 86 A0 00 00 00

unregistersymbol(aob_money)
dealloc(newmem_money)

{
// ORIGINAL CODE - INJECTION POINT: "theHunterCotW_F.exe"+7C3181

"theHunterCotW_F.exe"+7C314A: 48 8B 05 1F B9 62 01     -  mov rax,[theHunterCotW_F.exe+1DEEA70]
"theHunterCotW_F.exe"+7C3151: 48 8D 15 30 E6 D7 00     -  lea rdx,[theHunterCotW_F.exe+1541788]
"theHunterCotW_F.exe"+7C3158: 48 89 5C 24 40           -  mov [rsp+40],rbx
"theHunterCotW_F.exe"+7C315D: 48 81 C5 F0 02 00 00     -  add rbp,000002F0
"theHunterCotW_F.exe"+7C3164: 48 89 74 24 48           -  mov [rsp+48],rsi
"theHunterCotW_F.exe"+7C3169: 48 8B CD                 -  mov rcx,rbp
"theHunterCotW_F.exe"+7C316C: 48 89 7C 24 50           -  mov [rsp+50],rdi
"theHunterCotW_F.exe"+7C3171: 48 8B B0 58 02 00 00     -  mov rsi,[rax+00000258]
"theHunterCotW_F.exe"+7C3178: 44 8B 46 14              -  mov r8d,[rsi+14]
"theHunterCotW_F.exe"+7C317C: E8 8F 3D 05 00           -  call theHunterCotW_F.exe+816F10
// ---------- INJECTING HERE ----------
"theHunterCotW_F.exe"+7C3181: 44 8B 86 A0 00 00 00     -  mov r8d,[rsi+000000A0]
// ---------- DONE INJECTING  ----------
"theHunterCotW_F.exe"+7C3188: 48 8D 15 09 E6 D7 00     -  lea rdx,[theHunterCotW_F.exe+1541798]
"theHunterCotW_F.exe"+7C318F: 48 8B CD                 -  mov rcx,rbp
"theHunterCotW_F.exe"+7C3192: E8 79 3D 05 00           -  call theHunterCotW_F.exe+816F10
"theHunterCotW_F.exe"+7C3197: 44 8B 46 10              -  mov r8d,[rsi+10]
"theHunterCotW_F.exe"+7C319B: 48 8D 15 16 C2 D7 00     -  lea rdx,[theHunterCotW_F.exe+153F3B8]
"theHunterCotW_F.exe"+7C31A2: 48 8B CD                 -  mov rcx,rbp
"theHunterCotW_F.exe"+7C31A5: E8 66 3D 05 00           -  call theHunterCotW_F.exe+816F10
"theHunterCotW_F.exe"+7C31AA: 41 83 C8 FF              -  or r8d,-01
"theHunterCotW_F.exe"+7C31AE: 48 8D 15 EB E5 D7 00     -  lea rdx,[theHunterCotW_F.exe+15417A0]
"theHunterCotW_F.exe"+7C31B5: 48 8B CD                 -  mov rcx,rbp
}
</AssemblerScript>
    </CheatEntry>
  </CheatEntries>
</CheatTable>
If you want any other cheats just find this function, its pretty self-explanatory.

Code: Select all

theHunterCotW_F.exe+7C30D0 - 48 89 6C 24 20        - mov [rsp+20],rbp
theHunterCotW_F.exe+7C30D5 - 41 56                 - push r14
theHunterCotW_F.exe+7C30D7 - 48 83 EC 30           - sub rsp,30 { 48 }
theHunterCotW_F.exe+7C30DB - 48 8B E9              - mov rbp,rcx
theHunterCotW_F.exe+7C30DE - E8 2DB30300           - call theHunterCotW_F.exe+7FE410
theHunterCotW_F.exe+7C30E3 - 4C 8B F0              - mov r14,rax
theHunterCotW_F.exe+7C30E6 - 48 85 C0              - test rax,rax
theHunterCotW_F.exe+7C30E9 - 0F84 CB010000         - je theHunterCotW_F.exe+7C32BA
theHunterCotW_F.exe+7C30EF - 8B 95 08030000        - mov edx,[rbp+00000308]
theHunterCotW_F.exe+7C30F5 - 81 E2 8F000000        - and edx,0000008F { 143 }
theHunterCotW_F.exe+7C30FB - 83 FA 01              - cmp edx,01 { 1 }
theHunterCotW_F.exe+7C30FE - 77 36                 - ja theHunterCotW_F.exe+7C3136
theHunterCotW_F.exe+7C3100 - 8B 48 18              - mov ecx,[rax+18]
theHunterCotW_F.exe+7C3103 - 4C 8D 8D F0020000     - lea r9,[rbp+000002F0]
theHunterCotW_F.exe+7C310A - 49 8B 56 20           - mov rdx,[r14+20]
theHunterCotW_F.exe+7C310E - 4C 8D 05 63E6D700     - lea r8,[theHunterCotW_F.exe+1541778] { ["m_StatusBarData"] }
theHunterCotW_F.exe+7C3115 - 81 E1 8F000000        - and ecx,0000008F { 143 }
theHunterCotW_F.exe+7C311B - 80 F9 0A              - cmp cl,0A { 10 }
theHunterCotW_F.exe+7C311E - 49 8B 4E 10           - mov rcx,[r14+10]
theHunterCotW_F.exe+7C3122 - 0F94 C0               - sete al
theHunterCotW_F.exe+7C3125 - 88 44 24 20           - mov [rsp+20],al
theHunterCotW_F.exe+7C3129 - E8 620A7E00           - call theHunterCotW_F.exe+FA3B90
theHunterCotW_F.exe+7C312E - 84 C0                 - test al,al
theHunterCotW_F.exe+7C3130 - 0F84 84010000         - je theHunterCotW_F.exe+7C32BA
theHunterCotW_F.exe+7C3136 - 8B 85 08030000        - mov eax,[rbp+00000308]
theHunterCotW_F.exe+7C313C - 25 8F000000           - and eax,0000008F { 143 }
theHunterCotW_F.exe+7C3141 - 83 F8 01              - cmp eax,01 { 1 }
theHunterCotW_F.exe+7C3144 - 0F86 70010000         - jbe theHunterCotW_F.exe+7C32BA
theHunterCotW_F.exe+7C314A - 48 8B 05 1FB96201     - mov rax,[theHunterCotW_F.exe+1DEEA70] { [26FF8019000] }
theHunterCotW_F.exe+7C3151 - 48 8D 15 30E6D700     - lea rdx,[theHunterCotW_F.exe+1541788] { ["m_Experience"] }
theHunterCotW_F.exe+7C3158 - 48 89 5C 24 40        - mov [rsp+40],rbx
theHunterCotW_F.exe+7C315D - 48 81 C5 F0020000     - add rbp,000002F0 { 752 }
theHunterCotW_F.exe+7C3164 - 48 89 74 24 48        - mov [rsp+48],rsi
theHunterCotW_F.exe+7C3169 - 48 8B CD              - mov rcx,rbp
theHunterCotW_F.exe+7C316C - 48 89 7C 24 50        - mov [rsp+50],rdi
theHunterCotW_F.exe+7C3171 - 48 8B B0 58020000     - mov rsi,[rax+00000258]
theHunterCotW_F.exe+7C3178 - 44 8B 46 14           - mov r8d,[rsi+14]
theHunterCotW_F.exe+7C317C - E8 8F3D0500           - call theHunterCotW_F.exe+816F10
theHunterCotW_F.exe+7C3181 - 44 8B 86 A0000000     - mov r8d,[rsi+000000A0]
theHunterCotW_F.exe+7C3188 - 48 8D 15 09E6D700     - lea rdx,[theHunterCotW_F.exe+1541798] { ["m_Money"] }
theHunterCotW_F.exe+7C318F - 48 8B CD              - mov rcx,rbp
theHunterCotW_F.exe+7C3192 - E8 793D0500           - call theHunterCotW_F.exe+816F10
theHunterCotW_F.exe+7C3197 - 44 8B 46 10           - mov r8d,[rsi+10]
theHunterCotW_F.exe+7C319B - 48 8D 15 16C2D700     - lea rdx,[theHunterCotW_F.exe+153F3B8] { ["m_Level"] }
theHunterCotW_F.exe+7C31A2 - 48 8B CD              - mov rcx,rbp
theHunterCotW_F.exe+7C31A5 - E8 663D0500           - call theHunterCotW_F.exe+816F10
theHunterCotW_F.exe+7C31AA - 41 83 C8 FF           - or r8d,-01 { 255 }
theHunterCotW_F.exe+7C31AE - 48 8D 15 EBE5D700     - lea rdx,[theHunterCotW_F.exe+15417A0] { ["m_Weight"] }
theHunterCotW_F.exe+7C31B5 - 48 8B CD              - mov rcx,rbp
theHunterCotW_F.exe+7C31B8 - E8 533D0500           - call theHunterCotW_F.exe+816F10
theHunterCotW_F.exe+7C31BD - 41 83 C8 FF           - or r8d,-01 { 255 }
theHunterCotW_F.exe+7C31C1 - 48 8D 15 E8E5D700     - lea rdx,[theHunterCotW_F.exe+15417B0] { ["m_MaxWeight"] }
theHunterCotW_F.exe+7C31C8 - 48 8B CD              - mov rcx,rbp
theHunterCotW_F.exe+7C31CB - E8 403D0500           - call theHunterCotW_F.exe+816F10
theHunterCotW_F.exe+7C31D0 - 48 8B 05 F92B6101     - mov rax,[theHunterCotW_F.exe+1DD5DD0] { [26FA9D94200] }
theHunterCotW_F.exe+7C31D7 - 48 8D 15 DEE5D700     - lea rdx,[theHunterCotW_F.exe+15417BC] { ["m_Hour"] }
theHunterCotW_F.exe+7C31DE - 48 8B CD              - mov rcx,rbp
theHunterCotW_F.exe+7C31E1 - F3 0F10 90 E0000000   - movss xmm2,[rax+000000E0]
theHunterCotW_F.exe+7C31E9 - F3 44 0F2C C2         - cvttss2si r8d,xmm2
theHunterCotW_F.exe+7C31EE - 66 41 0F6E C0         - movd xmm0,r8d
theHunterCotW_F.exe+7C31F3 - 0F5B C0               - cvtdq2ps xmm0,xmm0
theHunterCotW_F.exe+7C31F6 - F3 0F5C D0            - subss xmm2,xmm0
theHunterCotW_F.exe+7C31FA - F3 0F59 15 9A02C700   - mulss xmm2,[theHunterCotW_F.exe+143349C] { [60.00] }
theHunterCotW_F.exe+7C3202 - F3 0F2C FA            - cvttss2si edi,xmm2
theHunterCotW_F.exe+7C3206 - 66 0F6E C7            - movd xmm0,edi
theHunterCotW_F.exe+7C320A - 0F5B C0               - cvtdq2ps xmm0,xmm0
theHunterCotW_F.exe+7C320D - F3 0F5C D0            - subss xmm2,xmm0
theHunterCotW_F.exe+7C3211 - F3 0F59 15 8302C700   - mulss xmm2,[theHunterCotW_F.exe+143349C] { [60.00] }
theHunterCotW_F.exe+7C3219 - F3 0F2C DA            - cvttss2si ebx,xmm2
theHunterCotW_F.exe+7C321D - E8 EE3C0500           - call theHunterCotW_F.exe+816F10
theHunterCotW_F.exe+7C3222 - 44 8B C7              - mov r8d,edi
theHunterCotW_F.exe+7C3225 - 48 8D 15 CCD5D700     - lea rdx,[theHunterCotW_F.exe+15407F8] { ["m_Minutes"] }
theHunterCotW_F.exe+7C322C - 48 8B CD              - mov rcx,rbp
theHunterCotW_F.exe+7C322F - E8 DC3C0500           - call theHunterCotW_F.exe+816F10
theHunterCotW_F.exe+7C3234 - 44 8B C3              - mov r8d,ebx
theHunterCotW_F.exe+7C3237 - 48 8D 15 8AE5D700     - lea rdx,[theHunterCotW_F.exe+15417C8] { ["m_Seconds"] }
theHunterCotW_F.exe+7C323E - 48 8B CD              - mov rcx,rbp
theHunterCotW_F.exe+7C3241 - E8 CA3C0500           - call theHunterCotW_F.exe+816F10
theHunterCotW_F.exe+7C3246 - 4C 8D 05 9B48C600     - lea r8,[theHunterCotW_F.exe+1427AE8] { [00000000] }
theHunterCotW_F.exe+7C324D - 48 8B CD              - mov rcx,rbp
theHunterCotW_F.exe+7C3250 - 48 8D 15 81E5D700     - lea rdx,[theHunterCotW_F.exe+15417D8] { ["m_RegionName"] }
theHunterCotW_F.exe+7C3257 - E8 94710500           - call theHunterCotW_F.exe+81A3F0
theHunterCotW_F.exe+7C325C - 44 8B 46 18           - mov r8d,[rsi+18]
theHunterCotW_F.exe+7C3260 - 48 8D 15 81E5D700     - lea rdx,[theHunterCotW_F.exe+15417E8] { ["m_SkillPoints"] }
theHunterCotW_F.exe+7C3267 - 48 8B CD              - mov rcx,rbp
theHunterCotW_F.exe+7C326A - E8 A13C0500           - call theHunterCotW_F.exe+816F10
theHunterCotW_F.exe+7C326F - 44 8B 46 1C           - mov r8d,[rsi+1C]
theHunterCotW_F.exe+7C3273 - 48 8D 15 7EE5D700     - lea rdx,[theHunterCotW_F.exe+15417F8] { ["m_PerkPoints"] }
theHunterCotW_F.exe+7C327A - 48 8B CD              - mov rcx,rbp
theHunterCotW_F.exe+7C327D - E8 8E3C0500           - call theHunterCotW_F.exe+816F10
theHunterCotW_F.exe+7C3282 - 41 8B 46 18           - mov eax,[r14+18]
theHunterCotW_F.exe+7C3286 - 4C 8D 05 EBE4D700     - lea r8,[theHunterCotW_F.exe+1541778] { ["m_StatusBarData"] }
theHunterCotW_F.exe+7C328D - 49 8B 56 20           - mov rdx,[r14+20]
theHunterCotW_F.exe+7C3291 - 25 8F000000           - and eax,0000008F { 143 }
theHunterCotW_F.exe+7C3296 - 49 8B 4E 10           - mov rcx,[r14+10]
theHunterCotW_F.exe+7C329A - 3C 0A                 - cmp al,0A { 10 }
theHunterCotW_F.exe+7C329C - 4C 8B CD              - mov r9,rbp
theHunterCotW_F.exe+7C329F - 0F94 C0               - sete al
theHunterCotW_F.exe+7C32A2 - 88 44 24 20           - mov [rsp+20],al
theHunterCotW_F.exe+7C32A6 - E8 D5538000           - call theHunterCotW_F.exe+FC8680
theHunterCotW_F.exe+7C32AB - 48 8B 7C 24 50        - mov rdi,[rsp+50]
theHunterCotW_F.exe+7C32B0 - 48 8B 74 24 48        - mov rsi,[rsp+48]
theHunterCotW_F.exe+7C32B5 - 48 8B 5C 24 40        - mov rbx,[rsp+40]
theHunterCotW_F.exe+7C32BA - 48 8B 6C 24 58        - mov rbp,[rsp+58]
theHunterCotW_F.exe+7C32BF - 48 83 C4 30           - add rsp,30 { 48 }
theHunterCotW_F.exe+7C32C3 - 41 5E                 - pop r14
theHunterCotW_F.exe+7C32C5 - C3                    - ret 

Shona
What is cheating?
What is cheating?
Posts: 4
Joined: Sat Mar 04, 2017 7:54 am
Reputation: 0

Re: theHunter™: Call of the Wild

Post by Shona » Thu Mar 16, 2017 2:21 pm

Table isn't working anymore because of 1.3 Update.

User avatar
SunBeam
Trouble Makers
Trouble Makers
Posts: 354
Joined: Thu Mar 02, 2017 10:15 pm
Reputation: 95

Re: theHunter™: Call of the Wild

Post by SunBeam » Fri Mar 17, 2017 3:42 pm

@RaDeX: Problem here is people don't really know what to do with that code, sadly. Even if it's that easy to get the stuff..

pigeon
Cheater
Cheater
Posts: 29
Joined: Sat Mar 04, 2017 11:37 am
Reputation: 3

Re: theHunter™: Call of the Wild

Post by pigeon » Sat Mar 18, 2017 8:05 pm

Shona wrote:
Tue Mar 14, 2017 4:22 pm
Heartrate isn't working for me, it shows only "0" :/
NoClouds is also broken

You can also ask SunBeam for help because he made a table before, but the table is no working anymore -> Cheat Engine Forum - theHunter: Call of the Wild (Google Chache)

Would be cool if you can find some of these, like the Visibility or Noise because i can't figure out how he found them :(
Visibility and Noise level interesting for me too and i can find bunch of values for it, but all of them is just display codes and animals still be aware by player. Maybe we need looking for not player noise/visibility but animal aware value... But i guess it will be required a hours just for getting something that may be close for such values (just imagine that you need to find animal, scare it few times and you still do not know if you need search for flag or float...) :/
Oh, and NoClouds works well. Probably i explain it not really good - it remove big, kind of volumetric clouds and not just after you click. So activate it and use speedhack with x100 speed. After few seconds Sun will be shining all the time (but i still can not to find how to control rain...).
I update table for 1.3 version with previous values.

And i try to search for AOB provided by RaDeX, but maybe i understand it wrong (it only second game where i use CE so deep) or maybe with new game update AOB changing.

Ze6rah
Noobzor
Noobzor
Posts: 5
Joined: Tue May 02, 2017 7:15 pm
Reputation: 0

Re: theHunter™: Call of the Wild

Post by Ze6rah » Tue May 02, 2017 7:21 pm

Did some things that i am interested in in 1.61 version
1) Money pointer
2) Time pointer
3) Stop time script
theHunterCotW_F.CT
(4.83 KiB) Downloaded 191 times

Ze6rah
Noobzor
Noobzor
Posts: 5
Joined: Tue May 02, 2017 7:15 pm
Reputation: 0

Re: theHunter™: Call of the Wild

Post by Ze6rah » Wed May 10, 2017 3:51 pm

Some more things for 1.61 (could work for older versions)
Attachments
theHunterCotW_F.CT
(397.38 KiB) Downloaded 195 times

pigeon
Cheater
Cheater
Posts: 29
Joined: Sat Mar 04, 2017 11:37 am
Reputation: 3

Re: theHunter™: Call of the Wild

Post by pigeon » Sat May 27, 2017 3:58 pm

for 1.63 hotfix
Image

"High Clouds" can have different result if you change value in "(float)0" to 1 or 2 or anything else and it affected immediately.
"Vol Clouds" is bigger clouds and it required time for disappearing.
"off Flashlight" was made because at evening, personally for me, flashlight turned on automatically and do not turned off manually.
"noeffects" turned off all effects with blue color.

Existing hotkeys provided in "table extras".
Attachments
theHunterCotW_1.63hotfix.CT
(32.39 KiB) Downloaded 174 times

pigeon
Cheater
Cheater
Posts: 29
Joined: Sat Mar 04, 2017 11:37 am
Reputation: 3

Re: theHunter™: Call of the Wild

Post by pigeon » Mon May 29, 2017 1:05 pm

all from previous post, but for game ver.1.7
Attachments
theHunterCotW_v.1.7.CT
(29.83 KiB) Downloaded 201 times

l0wb1t
What is cheating?
What is cheating?
Posts: 3
Joined: Mon May 29, 2017 4:16 pm
Reputation: 0

Re: theHunter™: Call of the Wild

Post by l0wb1t » Mon May 29, 2017 4:31 pm

Hi Guys, i will also share something with you :)

Animals Stay Spotted (use Scope or binocular, just move cursur over them, they start glowing

Code: Select all

[ENABLE]

aobscanmodule(_AnimalsStaySpotted,theHunterCotW_F.exe,F3 0F 10 03 F3 41 0F 5C 45 00) // should be unique
aobscanmodule(_AnimalsStaySpottedCheck,theHunterCotW_F.exe,74 11 41 0F 28 D8 41 0F 28 D0 48 8D 55 A8 E8 DA)
alloc(newmem,$1000,"theHunterCotW_F.exe"+63FF95)

label(code)
label(return)

_AnimalsStaySpottedCheck:
  db eb 11


newmem:
mov [rbx],(float)5
code:
  movss xmm0,[rbx]
  subss xmm0,[r13+00]
  jmp return

_AnimalsStaySpotted:
  jmp newmem
  nop
  nop
  nop
  nop
  nop
return:
registersymbol(_AnimalsStaySpotted)
registersymbol(_AnimalsStaySpottedCheck)
[DISABLE]

_AnimalsStaySpotted:
  db F3 0F 10 03 F3 41 0F 5C 45 00
_AnimalsStaySpottedCheck:
  db 74 11

unregistersymbol(_AnimalsStaySpotted)
unregistersymbol(_AnimalsStaySpottedCheck)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "theHunterCotW_F.exe"+63FF95

"theHunterCotW_F.exe"+63FF69: E8 02 9A FC FF           -  call theHunterCotW_F.exe+609970
"theHunterCotW_F.exe"+63FF6E: F3 0F 10 35 16 79 65 01  -  movss xmm6,[theHunterCotW_F.exe+1C9788C]
"theHunterCotW_F.exe"+63FF76: 49 8B CE                 -  mov rcx,r14
"theHunterCotW_F.exe"+63FF79: E8 82 7C FA FF           -  call theHunterCotW_F.exe+5E7C00
"theHunterCotW_F.exe"+63FF7E: F3 0F 59 C6              -  mulss xmm0,xmm6
"theHunterCotW_F.exe"+63FF82: F3 0F 11 03              -  movss [rbx],xmm0
"theHunterCotW_F.exe"+63FF86: 48 8B D3                 -  mov rdx,rbx
"theHunterCotW_F.exe"+63FF89: 48 8D 4C 24 60           -  lea rcx,[rsp+60]
"theHunterCotW_F.exe"+63FF8E: E8 7D D8 01 00           -  call theHunterCotW_F.exe+65D810
"theHunterCotW_F.exe"+63FF93: EB 6E                    -  jmp theHunterCotW_F.exe+640003
// ---------- INJECTING HERE ----------
"theHunterCotW_F.exe"+63FF95: F3 0F 10 03              -  movss xmm0,[rbx]
"theHunterCotW_F.exe"+63FF99: F3 41 0F 5C 45 00        -  subss xmm0,[r13+00]
// ---------- DONE INJECTING  ----------
"theHunterCotW_F.exe"+63FF9F: F3 0F 11 03              -  movss [rbx],xmm0
"theHunterCotW_F.exe"+63FFA3: 0F 2F C7                 -  comiss xmm0,xmm7
"theHunterCotW_F.exe"+63FFA6: 76 14                    -  jna theHunterCotW_F.exe+63FFBC
"theHunterCotW_F.exe"+63FFA8: E8 C3 99 FC FF           -  call theHunterCotW_F.exe+609970
"theHunterCotW_F.exe"+63FFAD: 48 8B D3                 -  mov rdx,rbx
"theHunterCotW_F.exe"+63FFB0: 48 8D 4C 24 60           -  lea rcx,[rsp+60]
"theHunterCotW_F.exe"+63FFB5: E8 56 D8 01 00           -  call theHunterCotW_F.exe+65D810
"theHunterCotW_F.exe"+63FFBA: EB 47                    -  jmp theHunterCotW_F.exe+640003
"theHunterCotW_F.exe"+63FFBC: 41 0F 28 D9              -  movaps xmm3,xmm9
"theHunterCotW_F.exe"+63FFC0: 41 0F 28 D1              -  movaps xmm2,xmm9
}
Super Jump

Code: Select all

{ Game   : theHunterCotW_F.exe
  Version: 
  Date   : 2017-05-27
  Author : Schr4nzi

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(_SuperJump,theHunterCotW_F.exe,66 90 0F 10 00 0F 11 01 0F 10 48 10 0F 11 49 10) // should be unique
alloc(newmem,$1000,"theHunterCotW_F.exe"+4D6366)

label(code)
label(return)

newmem:
//cmp [rax+3C],(float)15
//jne code
mov [rax+3C],(float)25
code:
  movups xmm1,[rax+10]
  movups [rcx+10],xmm1
  jmp return

_SuperJump+08:
  jmp newmem
  nop
  nop
  nop
return:
registersymbol(_SuperJump)

[DISABLE]

_SuperJump+08:
  db 0F 10 48 10 0F 11 49 10

unregistersymbol(_SuperJump)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "theHunterCotW_F.exe"+4D6366

"theHunterCotW_F.exe"+4D633F: 45 0F 57 DB              -  xorps xmm11,xmm11
"theHunterCotW_F.exe"+4D6343: F3 44 0F 51 D9           -  sqrtss xmm11,xmm1
"theHunterCotW_F.exe"+4D6348: 48 8B CF                 -  mov rcx,rdi
"theHunterCotW_F.exe"+4D634B: E8 A0 5A F1 FF           -  call theHunterCotW_F.exe+3EBDF0
"theHunterCotW_F.exe"+4D6350: 48 8D 8D 00 04 00 00     -  lea rcx,[rbp+00000400]
"theHunterCotW_F.exe"+4D6357: BE 02 00 00 00           -  mov esi,00000002
"theHunterCotW_F.exe"+4D635C: 8B D6                    -  mov edx,esi
"theHunterCotW_F.exe"+4D635E: 66 90                    -  nop 
"theHunterCotW_F.exe"+4D6360: 0F 10 00                 -  movups xmm0,[rax]
"theHunterCotW_F.exe"+4D6363: 0F 11 01                 -  movups [rcx],xmm0
// ---------- INJECTING HERE ----------
"theHunterCotW_F.exe"+4D6366: 0F 10 48 10              -  movups xmm1,[rax+10]
"theHunterCotW_F.exe"+4D636A: 0F 11 49 10              -  movups [rcx+10],xmm1
// ---------- DONE INJECTING  ----------
"theHunterCotW_F.exe"+4D636E: 0F 10 40 20              -  movups xmm0,[rax+20]
"theHunterCotW_F.exe"+4D6372: 0F 11 41 20              -  movups [rcx+20],xmm0
"theHunterCotW_F.exe"+4D6376: 0F 10 48 30              -  movups xmm1,[rax+30]
"theHunterCotW_F.exe"+4D637A: 0F 11 49 30              -  movups [rcx+30],xmm1
"theHunterCotW_F.exe"+4D637E: 0F 10 40 40              -  movups xmm0,[rax+40]
"theHunterCotW_F.exe"+4D6382: 0F 11 41 40              -  movups [rcx+40],xmm0
"theHunterCotW_F.exe"+4D6386: 0F 10 48 50              -  movups xmm1,[rax+50]
"theHunterCotW_F.exe"+4D638A: 0F 11 49 50              -  movups [rcx+50],xmm1
"theHunterCotW_F.exe"+4D638E: 0F 10 40 60              -  movups xmm0,[rax+60]
"theHunterCotW_F.exe"+4D6392: 0F 11 41 60              -  movups [rcx+60],xmm0
}

Super Speed

Code: Select all

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat

 
 
aobscanmodule(_SuperSpeed,theHunterCotW_F.exe,66 90 0F 10 00 0F 11 01 ** ** ** ** ** ** ** ** 0F 10 40 20 0F 11 41 20) // should be unique
alloc(newmem,$1000,"theHunterCotW_F.exe"+4D636E)

label(code)
label(return)

newmem:
cmp [rax+20],(float)2
jne code
mov [rax+20],(float)25
code:
  movups xmm0,[rax+20]
  movups [rcx+20],xmm0
  jmp return

_SuperSpeed+10:
  jmp newmem
  nop
  nop
  nop
return:
registersymbol(_SuperSpeed)

[DISABLE]
//code from here till the end of the code will be used to disable the cheat
_SuperSpeed+10:
  db 0F 10 40 20 0F 11 41 20

unregistersymbol(_SuperSpeed)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "theHunterCotW_F.exe"+4D636E

"theHunterCotW_F.exe"+4D6350: 48 8D 8D 00 04 00 00     -  lea rcx,[rbp+00000400]
"theHunterCotW_F.exe"+4D6357: BE 02 00 00 00           -  mov esi,00000002
"theHunterCotW_F.exe"+4D635C: 8B D6                    -  mov edx,esi
"theHunterCotW_F.exe"+4D635E: 66 90                    -  nop 
"theHunterCotW_F.exe"+4D6360: 0F 10 00                 -  movups xmm0,[rax]
"theHunterCotW_F.exe"+4D6363: 0F 11 01                 -  movups [rcx],xmm0
"theHunterCotW_F.exe"+4D6366: E9 95 9C AF FF           -  jmp 7FF789FB0000
"theHunterCotW_F.exe"+4D636B: 90                       -  nop 
"theHunterCotW_F.exe"+4D636C: 90                       -  nop 
"theHunterCotW_F.exe"+4D636D: 90                       -  nop 
// ---------- INJECTING HERE ----------
"theHunterCotW_F.exe"+4D636E: 0F 10 40 20              -  movups xmm0,[rax+20]
"theHunterCotW_F.exe"+4D6372: 0F 11 41 20              -  movups [rcx+20],xmm0
// ---------- DONE INJECTING  ----------
"theHunterCotW_F.exe"+4D6376: 0F 10 48 30              -  movups xmm1,[rax+30]
"theHunterCotW_F.exe"+4D637A: 0F 11 49 30              -  movups [rcx+30],xmm1
"theHunterCotW_F.exe"+4D637E: 0F 10 40 40              -  movups xmm0,[rax+40]
"theHunterCotW_F.exe"+4D6382: 0F 11 41 40              -  movups [rcx+40],xmm0
"theHunterCotW_F.exe"+4D6386: 0F 10 48 50              -  movups xmm1,[rax+50]
"theHunterCotW_F.exe"+4D638A: 0F 11 49 50              -  movups [rcx+50],xmm1
"theHunterCotW_F.exe"+4D638E: 0F 10 40 60              -  movups xmm0,[rax+60]
"theHunterCotW_F.exe"+4D6392: 0F 11 41 60              -  movups [rcx+60],xmm0
"theHunterCotW_F.exe"+4D6396: 48 8D 89 80 00 00 00     -  lea rcx,[rcx+00000080]
"theHunterCotW_F.exe"+4D639D: 0F 10 48 70              -  movups xmm1,[rax+70]
}
Slow Animals

Code: Select all

[ENABLE]

aobscanmodule(_SlowAnimals,theHunterCotW_F.exe,CC 48 8B 91 08 01 00 00 48 85 D2 74 20) // should be unique
registersymbol(_SlowAnimals)

_SlowAnimals+08:
  db 90 90 90

[DISABLE]

_SlowAnimals+08:
  db 48 85 D2

unregistersymbol(_SlowAnimals)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "theHunterCotW_F.exe"+481377

"theHunterCotW_F.exe"+481367: CC                             -  int 3
"theHunterCotW_F.exe"+481368: CC                             -  int 3
"theHunterCotW_F.exe"+481369: CC                             -  int 3
"theHunterCotW_F.exe"+48136A: CC                             -  int 3
"theHunterCotW_F.exe"+48136B: CC                             -  int 3
"theHunterCotW_F.exe"+48136C: CC                             -  int 3
"theHunterCotW_F.exe"+48136D: CC                             -  int 3
"theHunterCotW_F.exe"+48136E: CC                             -  int 3
"theHunterCotW_F.exe"+48136F: CC                             -  int 3
"theHunterCotW_F.exe"+481370: 48 8B 91 08 01 00 00           -  mov rdx,[rcx+00000108]
// ---------- INJECTING HERE ----------
"theHunterCotW_F.exe"+481377: 48 85 D2                       -  test rdx,rdx
"theHunterCotW_F.exe"+48137A: 74 20                          -  je theHunterCotW_F.exe+48139C
// ---------- DONE INJECTING  ----------
"theHunterCotW_F.exe"+48137C: 48 8B 05 15 C4 99 01           -  mov rax,[theHunterCotW_F.exe+1E1D798]
"theHunterCotW_F.exe"+481383: 48 8B 48 20                    -  mov rcx,[rax+20]
"theHunterCotW_F.exe"+481387: 48 85 C9                       -  test rcx,rcx
"theHunterCotW_F.exe"+48138A: 74 06                          -  je theHunterCotW_F.exe+481392
"theHunterCotW_F.exe"+48138C: 0F B6 41 01                    -  movzx eax,byte ptr [rcx+01]
"theHunterCotW_F.exe"+481390: EB 02                          -  jmp theHunterCotW_F.exe+481394
"theHunterCotW_F.exe"+481392: 33 C0                          -  xor eax,eax
"theHunterCotW_F.exe"+481394: 38 42 1B                       -  cmp [rdx+1B],al
"theHunterCotW_F.exe"+481397: 75 03                          -  jne theHunterCotW_F.exe+48139C
"theHunterCotW_F.exe"+481399: B0 01                          -  mov al,01
}
Icon ESP (it's buggy, icons will displayed twice behind your location)

Code: Select all

[ENABLE]

aobscanmodule(_Code,theHunterCotW_F.exe,3A 9F 90 00 00 00) // should be unique
alloc(newmem,$1000,"theHunterCotW_F.exe"+830E1B)

label(code)
label(return)

newmem:

code:
  mov bl,1
  jmp return

_Code:
  jmp newmem
  nop
return:
registersymbol(_Code)

_Code+08:
db 80 BE 84 00 00 00 01

[DISABLE]

_Code:
  db 3A 9F 90 00 00 00
_Code+08:
  db 80 BE 84 00 00 00 00
unregistersymbol(_Code)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "theHunterCotW_F.exe"+830E1B

"theHunterCotW_F.exe"+830DFF: 22 D8                 -  and bl,al
"theHunterCotW_F.exe"+830E01: 45 84 E4              -  test r12l,r12l
"theHunterCotW_F.exe"+830E04: 74 09                 -  je theHunterCotW_F.exe+830E0F
"theHunterCotW_F.exe"+830E06: 45 84 ED              -  test r13l,r13l
"theHunterCotW_F.exe"+830E09: 74 04                 -  je theHunterCotW_F.exe+830E0F
"theHunterCotW_F.exe"+830E0B: 33 C0                 -  xor eax,eax
"theHunterCotW_F.exe"+830E0D: EB 05                 -  jmp theHunterCotW_F.exe+830E14
"theHunterCotW_F.exe"+830E0F: B8 01 00 00 00        -  mov eax,00000001
"theHunterCotW_F.exe"+830E14: 22 D8                 -  and bl,al
"theHunterCotW_F.exe"+830E16: 48 8B 74 24 68        -  mov rsi,[rsp+68]
// ---------- INJECTING HERE ----------
"theHunterCotW_F.exe"+830E1B: 3A 9F 90 00 00 00     -  cmp bl,[rdi+00000090]
// ---------- DONE INJECTING  ----------
"theHunterCotW_F.exe"+830E21: 75 0D                 -  jne theHunterCotW_F.exe+830E30
"theHunterCotW_F.exe"+830E23: 80 BE 84 00 00 00 00  -  cmp byte ptr [rsi+00000084],00
"theHunterCotW_F.exe"+830E2A: 0F 84 9F 00 00 00     -  je theHunterCotW_F.exe+830ECF
"theHunterCotW_F.exe"+830E30: 80 BE 90 04 00 00 00  -  cmp byte ptr [rsi+00000490],00
"theHunterCotW_F.exe"+830E37: 74 52                 -  je theHunterCotW_F.exe+830E8B
"theHunterCotW_F.exe"+830E39: 84 DB                 -  test bl,bl
"theHunterCotW_F.exe"+830E3B: 74 4E                 -  je theHunterCotW_F.exe+830E8B
"theHunterCotW_F.exe"+830E3D: 48 8B 86 60 04 00 00  -  mov rax,[rsi+00000460]
"theHunterCotW_F.exe"+830E44: 48 89 85 10 03 00 00  -  mov [rbp+00000310],rax
"theHunterCotW_F.exe"+830E4B: 48 8B 08              -  mov rcx,[rax]
}

pigeon
Cheater
Cheater
Posts: 29
Joined: Sat Mar 04, 2017 11:37 am
Reputation: 3

Re: theHunter™: Call of the Wild

Post by pigeon » Mon May 29, 2017 6:21 pm

l0wb1t, can i ask you to give a hint of how did you find animals speed value? I'm just currently trying to find something related to animal awareness (and i think it may be stay close to speed value), so they do not care if player stay right near by them. But i'm such noob... I even didn't understand how to find value from your AOB, it just give me a bunch of values that looks like no have sense :?

l0wb1t
What is cheating?
What is cheating?
Posts: 3
Joined: Mon May 29, 2017 4:16 pm
Reputation: 0

Re: theHunter™: Call of the Wild

Post by l0wb1t » Mon May 29, 2017 7:28 pm

pigeon wrote:
Mon May 29, 2017 6:21 pm
l0wb1t, can i ask you to give a hint of how did you find animals speed value? I'm just currently trying to find something related to animal awareness (and i think it may be stay close to speed value), so they do not care if player stay right near by them. But i'm such noob... I even didn't understand how to find value from your AOB, it just give me a bunch of values that looks like no have sense :?
I didn't really found animals speed. i just messed up some code while i was searching for a proper way to do stealth mode(found this near to the Health function).

Code: Select all

theHunterCotW_F.exe+481370 - 48 8B 91 08010000     - mov rdx,[rcx+00000108]
theHunterCotW_F.exe+481377 - 48 85 D2              - test rdx,rdx -- The Check I'm killing to do slow animals (nop it)
theHunterCotW_F.exe+48137A - 74 20                 - je theHunterCotW_F.exe+48139C
theHunterCotW_F.exe+48137C - 48 8B 05 15C49901     - mov rax,[theHunterCotW_F.exe+1E1D798] { [19AD3F37C80] }
theHunterCotW_F.exe+481383 - 48 8B 48 20           - mov rcx,[rax+20]
theHunterCotW_F.exe+481387 - 48 85 C9              - test rcx,rcx
theHunterCotW_F.exe+48138A - 74 06                 - je theHunterCotW_F.exe+481392
theHunterCotW_F.exe+48138C - 0FB6 41 01            - movzx eax,byte ptr [rcx+01]
theHunterCotW_F.exe+481390 - EB 02                 - jmp theHunterCotW_F.exe+481394
theHunterCotW_F.exe+481392 - 33 C0                 - xor eax,eax
theHunterCotW_F.exe+481394 - 38 42 1B              - cmp [rdx+1B],al
theHunterCotW_F.exe+481397 - 75 03                 - jne theHunterCotW_F.exe+48139C
theHunterCotW_F.exe+481399 - B0 01                 - mov al,01 { 1 }
theHunterCotW_F.exe+48139B - C3                    - ret 
theHunterCotW_F.exe+48139C - 32 C0                 - xor al,al
theHunterCotW_F.exe+48139E - C3                    - ret 
theHunterCotW_F.exe+48139F - CC                    - int 3 
theHunterCotW_F.exe+4813A0 - 33 C0                 - xor eax,eax
theHunterCotW_F.exe+4813A2 - 66 39 81 14020000     - cmp [rcx+00000214],ax --- some Health code
theHunterCotW_F.exe+4813A9 - 0F9E C0               - setle al
theHunterCotW_F.exe+4813AC - C3                    - ret 
i tought forcing PlayerNoise, PlayerbackgroundNoise, Visbility Values to 100,100,0 is the goal to do Stealth mode. but it isn't :D
Maybe SunBeam can help us herem he's a genius at this point.
i still have no proper working stealth mode for the game yet :D This drives me crazy spent alot of ours already to research. Maybe forcing animals Health to 0 is working !? xD
theHunterCotW_F.CT
Stealth Debug
(922.31 KiB) Downloaded 108 times
Attachments
theHunterCotW_Full.CT
everything i've got so far for this game
(116.03 KiB) Downloaded 235 times

pigeon
Cheater
Cheater
Posts: 29
Joined: Sat Mar 04, 2017 11:37 am
Reputation: 3

Re: theHunter™: Call of the Wild

Post by pigeon » Tue May 30, 2017 3:06 am

founded unique AOB for the animals aware:
00 00 00 00 01 00 00 04 3C AB 65 C1
So the first "00" is actual value (from 0 to 7). Amount of addresses changing, of course, during game, but it help at least do not waist time with scans. So it is useful when you spot animal, make search of this AOB and change first byte for every founded address one-by-one and by watching for animal - you will see when it change it behavior or condition if animal have been spotted in binocular.
It is useless for normal game. It still required to figure out how to deal with this function. Just help to safe time for "investigations".

l0wb1t
What is cheating?
What is cheating?
Posts: 3
Joined: Mon May 29, 2017 4:16 pm
Reputation: 0

Re: theHunter™: Call of the Wild

Post by l0wb1t » Tue May 30, 2017 5:10 am

Back from sleep, lemme see i'll check that,
What game Version are you using? I'm on 1.63
Do you have Skype? would be better to talk.
Br, l0wb1t

Super Speed update
mov [rax+0C],(float)25 // 0C Is for Gamepad if you play with
mov [rax+20],(float)25 // 20 is Movement Speed
mov [rax+28],(float)25 // 28 Is Sneak speed
mov [rax+30],(float)25 // 30 is Speed when lying on the ground

Post Reply

Who is online

Users browsing this forum: dickfacemccunt, floppy, gameplayer, JBClark, MaceWindow