Re: Assassin's Creed: Origins
Posted: Sun Feb 11, 2018 8:10 am
If allowed, I may fiddle with your scripts Just let me know you agree to this (am asking everyone who's posted a script in this topic, including Cielos).
Community Cheat Tables of Cheat Engine
https://fearlessrevolution.com/
Code: Select all
ACOrigins.exe+974C170 - 48 83 EC 28 - sub rsp,28
ACOrigins.exe+974C174 - E8 174388F8 - call ACOrigins.exe+1FD0490
ACOrigins.exe+974C179 - 80 B8 A9020000 00 - cmp byte ptr [rax+000002A9],00
ACOrigins.exe+974C180 - 74 28 - je ACOrigins.exe+974C1AA
ACOrigins.exe+974C182 - 80 B8 6F050000 00 - cmp byte ptr [rax+0000056F],00
ACOrigins.exe+974C189 - 75 1F - jne ACOrigins.exe+974C1AA
ACOrigins.exe+974C18B - B0 01 - mov al,01
ACOrigins.exe+974C18D - 48 83 C4 28 - add rsp,28
ACOrigins.exe+974C191 - C3 - ret
Code: Select all
"ACOrigins.exe"+895838: 0F 28 C1 - movaps xmm0,xmm1
"ACOrigins.exe"+89583B: 0F 54 C2 - andps xmm0,xmm2
"ACOrigins.exe"+89583E: 0F 2F C3 - comiss xmm0,xmm3
"ACOrigins.exe"+895841: 76 05 - jna ACOrigins.exe+895848
"ACOrigins.exe"+895843: F3 0F 11 49 20 - movss [rcx+20],xmm1
"ACOrigins.exe"+895848: 8B 49 38 - mov ecx,[rcx+38]
"ACOrigins.exe"+89584B: 8B 57 40 - mov edx,[rdi+40]
"ACOrigins.exe"+89584E: 03 D1 - add edx,ecx
"ACOrigins.exe"+895850: 89 4F 3C - mov [rdi+3C],ecx
"ACOrigins.exe"+895853: 33 C9 - xor ecx,ecx
// ---------- INJECTING HERE ----------
"ACOrigins.exe"+895855: 89 57 38 - mov [rdi+38],edx
"ACOrigins.exe"+895858: 89 4F 40 - mov [rdi+40],ecx
// ---------- DONE INJECTING ----------
"ACOrigins.exe"+89585B: 85 D2 - test edx,edx
"ACOrigins.exe"+89585D: 7E 05 - jle ACOrigins.exe+895864
"ACOrigins.exe"+89585F: 0F 57 F6 - xorps xmm6,xmm6
"ACOrigins.exe"+895862: EB 30 - jmp ACOrigins.exe+895894
"ACOrigins.exe"+895864: 38 4F 44 - cmp [rdi+44],cl
"ACOrigins.exe"+895867: 74 21 - je ACOrigins.exe+89588A
"ACOrigins.exe"+895869: F3 0F 59 77 24 - mulss xmm6,[rdi+24]
"ACOrigins.exe"+89586E: 38 4F 45 - cmp [rdi+45],cl
"ACOrigins.exe"+895871: 74 21 - je ACOrigins.exe+895894
"ACOrigins.exe"+895873: F3 0F 59 77 28 - mulss xmm6,[rdi+28]
Code: Select all
"ACOrigins.exe"+1FFB1C8: 48 8B 8B 18 04 00 00 - mov rcx,[rbx+00000418]
"ACOrigins.exe"+1FFB1CF: 48 85 C9 - test rcx,rcx
"ACOrigins.exe"+1FFB1D2: 74 79 - je ACOrigins.exe+1FFB24D
"ACOrigins.exe"+1FFB1D4: 80 BB 20 04 00 00 00 - cmp byte ptr [rbx+00000420],00
"ACOrigins.exe"+1FFB1DB: 75 70 - jne ACOrigins.exe+1FFB24D
"ACOrigins.exe"+1FFB1DD: E8 8E DC 36 FF - call ACOrigins.exe+1368E70
"ACOrigins.exe"+1FFB1E2: 48 8D 8B B0 02 00 00 - lea rcx,[rbx+000002B0]
"ACOrigins.exe"+1FFB1E9: BA 04 00 00 00 - mov edx,00000004
"ACOrigins.exe"+1FFB1EE: E8 4D 30 44 FF - call ACOrigins.exe+143E240
"ACOrigins.exe"+1FFB1F3: C6 83 6F 05 00 00 01 - mov byte ptr [rbx+0000056F],01
// ---------- INJECTING HERE ----------
"ACOrigins.exe"+1FFB1FA: C6 83 A9 02 00 00 01 - mov byte ptr [rbx+000002A9],01
// ---------- DONE INJECTING ----------
"ACOrigins.exe"+1FFB201: EB 11 - jmp ACOrigins.exe+1FFB214
"ACOrigins.exe"+1FFB203: 33 D2 - xor edx,edx
"ACOrigins.exe"+1FFB205: C6 83 18 06 00 00 01 - mov byte ptr [rbx+00000618],01
"ACOrigins.exe"+1FFB20C: 48 8B CB - mov rcx,rbx
"ACOrigins.exe"+1FFB20F: E8 2C 02 00 00 - call ACOrigins.exe+1FFB440
"ACOrigins.exe"+1FFB214: 48 8B 0D 65 33 73 02 - mov rcx,[ACOrigins.exe+472E580]
"ACOrigins.exe"+1FFB21B: 8B 91 B8 00 00 00 - mov edx,[rcx+000000B8]
"ACOrigins.exe"+1FFB221: E8 AA E5 81 FE - call ACOrigins.exe+8197D0
"ACOrigins.exe"+1FFB226: 48 8B D8 - mov rbx,rax
"ACOrigins.exe"+1FFB229: 48 85 C0 - test rax,rax
Code: Select all
"ACOrigins.exe"+14697CF: 48 8B 79 08 - mov rdi,[rcx+08]
"ACOrigins.exe"+14697D3: 48 C1 E7 20 - shl rdi,20
"ACOrigins.exe"+14697D7: 48 C1 FF 3F - sar rdi,3F
"ACOrigins.exe"+14697DB: 48 23 39 - and rdi,[rcx]
"ACOrigins.exe"+14697DE: 48 85 FF - test rdi,rdi
"ACOrigins.exe"+14697E1: 74 4A - je ACOrigins.exe+146982D
"ACOrigins.exe"+14697E3: 48 8D 54 24 20 - lea rdx,[rsp+20]
"ACOrigins.exe"+14697E8: 48 8B CF - mov rcx,rdi
"ACOrigins.exe"+14697EB: E8 C0 6E EE FF - call ACOrigins.exe+13506B0
"ACOrigins.exe"+14697F0: 0F 28 00 - movaps xmm0,[rax]
// ---------- INJECTING HERE ----------
"ACOrigins.exe"+14697F3: 0F 29 83 00 02 00 00 - movaps [rbx+00000200],xmm0
// ---------- DONE INJECTING ----------
"ACOrigins.exe"+14697FA: 48 8B 4F 18 - mov rcx,[rdi+18]
"ACOrigins.exe"+14697FE: 48 85 C9 - test rcx,rcx
"ACOrigins.exe"+1469801: 74 19 - je ACOrigins.exe+146981C
"ACOrigins.exe"+1469803: 48 83 C7 70 - add rdi,70
"ACOrigins.exe"+1469807: 48 8B D7 - mov rdx,rdi
"ACOrigins.exe"+146980A: E8 61 9A 43 FF - call ACOrigins.exe+8A3270
"ACOrigins.exe"+146980F: 0F 28 47 10 - movaps xmm0,[rdi+10]
"ACOrigins.exe"+1469813: 0F 29 83 20 02 00 00 - movaps [rbx+00000220],xmm0
"ACOrigins.exe"+146981A: EB 2D - jmp ACOrigins.exe+1469849
"ACOrigins.exe"+146981C: 0F 28 47 30 - movaps xmm0,[rdi+30]
Code: Select all
globalalloc(speedmult,8)
speedmult:
db CD CC CC 3D
{$lua}
[ENABLE]
function checkKeys(timer)
local camx = readFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+90") -- Camera X
local camy = readFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+98") -- Camera Y
local camz = readFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+94") -- Camera Z
local radh = readFloat("[[[[ACOrigins.exe+4B139F0]+A8]+0]+340]+C4") -- Horizontal rotation in Rad
local mult = readFloat("speedmult") -- speed multiplier
local sinh = math.sin(radh)
local cosh = math.cos(radh)
if isKeyPressed(VK_W) then -- move Forward
writeFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+90", camx - (sinh * mult))
writeFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+94", camz - (cosh * mult))
end
if isKeyPressed(VK_S) then -- move Back
writeFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+90", camx + (sinh * mult))
writeFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+94", camz + (cosh * mult))
end
if isKeyPressed(VK_A) then -- Move Right
writeFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+90", camx + (cosh * mult))
writeFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+94", camz - (sinh * mult))
end
if isKeyPressed(VK_D) then -- Move Left
writeFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+90", camx - (cosh * mult))
writeFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+94", camz + (sinh * mult))
end
-- from here new part for semi-side moves
if isKeyPressed(VK_W) and isKeyPressed(VK_D) then -- move Forward-Right
writeFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+90", camx - ((sinh + cosh) * mult))
writeFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+94", camz - ((cosh - sinh) * mult))
end
if isKeyPressed(VK_W) and isKeyPressed(VK_A) then -- move Forward-Left
writeFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+90", camx - ((sinh - cosh) * mult))
writeFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+94", camz - ((cosh + sinh) * mult))
end
if isKeyPressed(VK_S) and isKeyPressed(VK_D) then -- move Back-Right
writeFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+90", camx + ((sinh - cosh) * mult))
writeFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+94", camz + ((cosh + sinh) * mult))
end
if isKeyPressed(VK_S) and isKeyPressed(VK_A) then -- move Back-Left
writeFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+90", camx + ((sinh + cosh) * mult))
writeFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+94", camz + ((cosh - sinh) * mult))
end
-- from here all the same
if isKeyPressed(VK_R) then -- Move Up
writeFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+98", camy + (mult * 0.5))
end
if isKeyPressed(VK_F) then -- Move Down
writeFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+98", camy - (mult * 0.5))
end
if isKeyPressed(VK_SHIFT) then
writeFloat("speedmult", readFloat("speedmult") + 0.01) -- Hold Shift for keep incresing speed
elseif isKeyPressed(VK_CONTROL) then
writeFloat("speedmult", 0.01) -- Hold Ctrl for decrease speed
else
writeFloat("speedmult", 0.15) -- When no Ctrl or Shift pressed, normal speed
end
end
t=createTimer(nil)
timer_setInterval(t, 10)
timer_onTimer(t, checkKeys)
timer_setEnabled(t, true)
[DISABLE]
timer_setEnabled(t, false)
Code: Select all
ACOrigins.exe+14697E8 - mov rcx,rdi <-- rdi here is pEntity (Bayek's)
ACOrigins.exe+14697EB - call ACOrigins.exe+13506B0 <-- this call returns Bayek's pEntity XYZ in [rax]
ACOrigins.exe+14697F0 - movaps xmm0,[rax] <-- xmm0 is updated with Bayek's XYZ
ACOrigins.exe+14697F3 - movaps [rbx+00000200],xmm0 <-- render points updated as well