FearLess Cheat Engine

Posted: **Sun Feb 25, 2018 9:40 am**

leseho wrote: ↑
Sat Feb 24, 2018 3:00 pm

budabum wrote: ↑
Thu Feb 22, 2018 10:53 am
you may try a CE table codes I compiled. attached.
The most of the codes are reusable, rest are for reference.

I posted earlier connected list of items with "Celestial Raiment" (offset for each item is 18h).
However as reported earlier my list with "Celestial Raiment" is not reusable for others.

More reversing is required to find iterator instead on blind walking through bytes.
v1.2.1 / v1.3
F0 84 ** 75 / C8 D3 D1 6A 01 Ippei Blade
08 85 ** 75 / E0 D3 D1 6A 01 Tempest Blade
20 85 ** 75 / F8 D3 D1 6A 01 Imelda Shield
38 85 ** 75 / 10 D4 D1 6A 01 Sahalin Axe
50 85 ** 75 / 28 D4 D1 6A 01 Sword of Goujian
68 85 ** 75 / 40 D4 D1 6A 01 Courage and Justice
80 85 ** 75 / 58 D4 D1 6A 01 Guardian Lion
98 85 ** 75 / 70 D4 D1 6A 01 Hou Yi's Bow
B0 85 ** 75 / 88 D4 D1 6A 01 Celestial Raiment

for reference:
Cielos cheat table: viewtopic.php?p=23057#p23057
Gear cheat instructions: viewtopic.php?f=4&t=5267&start=270#p33190
Compiled file with codes: this post

Posted: **Sun Feb 25, 2018 11:06 am**

^ Still.. no one wants to debug that crap and figure out the iterator? Hardware breakpoint, on access. Open/close inventory menu; it should hit.

Posted: **Mon Feb 26, 2018 4:43 am**

leseho wrote: ↑
Sun Feb 25, 2018 4:52 am

ryudan888 wrote: ↑
Sat Feb 24, 2018 3:53 pm

leseho wrote: ↑
Sat Feb 24, 2018 3:51 am

It's not lazy.
I don't understand, so I ask for help.
You get help sometimes.
Be kind.
THEY ARE STEP BY STEP , how much help do you need ? LOL

I am not good at English like you.
That's why we need help.
Someday you'll get what you did.
LOL

No , I'm not stupid I don't get it.
There is something called TRANSLATOR , learn to use google.

Posted: **Mon Feb 26, 2018 5:31 am**

Posted: **Mon Feb 26, 2018 6:30 am**

leseho wrote: ↑
Sun Feb 25, 2018 4:52 am
I am not good at English like you.
That's why we need help.
Someday you'll get what you did.

Regardless if you know English or not, we're not here to hold your hand. Tables authors do not speak your native language; it's you who has to ADAPT, not us. Get your facts straight. Also, stop bullshitting; not speaking English has nothing to do with you not being able to understand assembly or how Cheat Engine works. You just want a quick hack to satisfy your OCD (which is getting all outfits/weapons/crap in the game).

P.S.: OCD = [Link]

Posted: **Mon Feb 26, 2018 8:42 am**

for inventory iterator. kind of iterator has been shared by Cielos yet. appreciate this.
pInventory is a list of slots with 20h bytes size each, the slot is pretty straightforward:
- 4b an inventory item quantity
- 4b <?>
- 8b pointer to inventory item; let it be pItem
- 4b item level, e.g. 45
- 8b <?>
- 4b item list number, e.g. 1B

Watching pInventory memory access is not something what can reveal items which are not part of the inventory.
Seems AOC on loading saved game allocates memory for all gear items and fills in inventory by certain elements.
what interesting is to watch how that allocation happens stealing a pack of loaded pItem elements.

SunBean, wanna try? that is your finest hour to find iterator.

Posted: **Mon Feb 26, 2018 11:25 am**

Sorry, I've been busy with this lately:

BR,
Sun

Posted: **Mon Feb 26, 2018 11:28 am**

SunBeam wrote: ↑
Mon Feb 26, 2018 6:30 am

leseho wrote: ↑
Sun Feb 25, 2018 4:52 am
I am not good at English like you.
That's why we need help.
Someday you'll get what you did.
Regardless if you know English or not, we're not here to hold your hand. Tables authors do not speak your native language; it's you who has to ADAPT, not us. Get your facts straight. Also, stop bullshitting; not speaking English has nothing to do with you not being able to understand assembly or how Cheat Engine works. You just want a quick hack to satisfy your OCD (which is getting all outfits/weapons/crap in the game).

P.S.: OCD = [Link]

Thank you.
I found something I didn't know,
I managed to fix the problem on my own.
Thanks for the advice, and the information.

Posted: **Mon Feb 26, 2018 12:07 pm**

..and this:

Posted: **Mon Feb 26, 2018 3:47 pm**

As for inventory collected items:

Code: Select all

rsi == 0000000207B20980 == Inventory

Size of Inventory:

ACOrigins.exe+1BE4319 - 8B 56 34              - mov edx,[rsi+34]
ACOrigins.exe+1BE431C - 48 8B 4E 2C           - mov rcx,[rsi+2C]
ACOrigins.exe+1BE4320 - C1 EA 11              - shr edx,11
ACOrigins.exe+1BE4323 - C1 E2 05              - shl edx,5
ACOrigins.exe+1BE4326 - 48 03 D1              - add rdx,rcx
ACOrigins.exe+1BE4329 - 48 3B CA              - cmp rcx,rdx

get_Inventory:

ACOrigins.exe+19CA950 - 48 89 74 24 10        - mov [rsp+10],rsi
ACOrigins.exe+19CA955 - 57                    - push rdi
ACOrigins.exe+19CA956 - 48 83 EC 20           - sub rsp,20 { 32 }
ACOrigins.exe+19CA95A - 48 8B 09              - mov rcx,[rcx]
ACOrigins.exe+19CA95D - 49 8B F8              - mov rdi,r8 <-- rcx = CharacterAI
ACOrigins.exe+19CA960 - 48 8B F2              - mov rsi,rdx
ACOrigins.exe+19CA963 - 48 85 C9              - test rcx,rcx
ACOrigins.exe+19CA966 - 74 45                 - je ACOrigins.exe+19CA9AD
ACOrigins.exe+19CA968 - 48 8B 49 40           - mov rcx,[rcx+40]
ACOrigins.exe+19CA96C - 48 89 5C 24 30        - mov [rsp+30],rbx
ACOrigins.exe+19CA971 - 48 8B 1D 48CF1803     - mov rbx,[ACOrigins.exe+4B578C0] { [1443C8170] }
ACOrigins.exe+19CA978 - 48 8B 01              - mov rax,[rcx]
ACOrigins.exe+19CA97B - FF 90 98000000        - call qword ptr [rax+00000098]
ACOrigins.exe+19CA981 - 0FB6 4B 49            - movzx ecx,byte ptr [rbx+49]
ACOrigins.exe+19CA985 - 48 8B 5C 24 30        - mov rbx,[rsp+30]
ACOrigins.exe+19CA98A - 48 8B 00              - mov rax,[rax]
ACOrigins.exe+19CA98D - 48 8B 0C C8           - mov rcx,[rax+rcx*8] <-- get it here
ACOrigins.exe+19CA991 - 48 85 C9              - test rcx,rcx
ACOrigins.exe+19CA994 - 74 17                 - je ACOrigins.exe+19CA9AD
ACOrigins.exe+19CA996 - 48 8B 01              - mov rax,[rcx]
ACOrigins.exe+19CA999 - 4C 8B C7              - mov r8,rdi
ACOrigins.exe+19CA99C - 48 8B D6              - mov rdx,rsi
ACOrigins.exe+19CA99F - 48 8B 74 24 38        - mov rsi,[rsp+38]
ACOrigins.exe+19CA9A4 - 48 83 C4 20           - add rsp,20 { 32 }
ACOrigins.exe+19CA9A8 - 5F                    - pop rdi
ACOrigins.exe+19CA9A9 - 48 FF 60 78           - jmp qword ptr [rax+78]
ACOrigins.exe+19CA9AD - B8 03000000           - mov eax,00000003 { 3 }
ACOrigins.exe+19CA9B2 - 48 8B 74 24 38        - mov rsi,[rsp+38]
ACOrigins.exe+19CA9B7 - 48 83 C4 20           - add rsp,20 { 32 }
ACOrigins.exe+19CA9BB - 5F                    - pop rdi
ACOrigins.exe+19CA9BC - C3                    - ret

IStruct:  0x207B581C0 
IName:    0x1443CE6D0 
ObjStr:   CharacterAI 
ObjHash:  0x516CC959 

adjust by:

ACOrigins.exe+8857330 - 53                    - push rbx
ACOrigins.exe+8857331 - 48 83 EC 20           - sub rsp,20 { 32 }
ACOrigins.exe+8857335 - 48 83 C1 B0           - add rcx,-50 { 176 } <-- here
ACOrigins.exe+8857339 - 4C 89 C3              - mov rbx,r8
ACOrigins.exe+885733C - E8 8FCF38F9           - call ACOrigins.exe+1BE42D0
ACOrigins.exe+8857341 - 89 03                 - mov [rbx],eax
ACOrigins.exe+8857343 - 31 C0                 - xor eax,eax
ACOrigins.exe+8857345 - 48 83 C4 20           - add rsp,20 { 32 }
ACOrigins.exe+8857349 - 5B                    - pop rbx
ACOrigins.exe+885734A - C3                    - ret 

iterate all inventory items:

ACOrigins.exe+1BE4329 - 48 3B CA              - cmp rcx,rdx <-- start vs. end
ACOrigins.exe+1BE432C - 74 1A                 - je ACOrigins.exe+1BE4348
ACOrigins.exe+1BE432E - 4C 8B 07              - mov r8,[rdi]
ACOrigins.exe+1BE4331 - 4C 3B 41 08           - cmp r8,[rcx+08]
ACOrigins.exe+1BE4335 - 75 08                 - jne ACOrigins.exe+1BE433F
ACOrigins.exe+1BE4337 - 8B 47 08              - mov eax,[rdi+08]
ACOrigins.exe+1BE433A - 39 41 10              - cmp [rcx+10],eax
ACOrigins.exe+1BE433D - 74 38                 - je ACOrigins.exe+1BE4377
ACOrigins.exe+1BE433F - 48 83 C1 20           - add rcx,20 { 32 } <-- size of item block
ACOrigins.exe+1BE4343 - 48 3B CA              - cmp rcx,rdx
ACOrigins.exe+1BE4346 - 75 E9                 - jne ACOrigins.exe+1BE4331
ACOrigins.exe+1BE4348 - 33 C0                 - xor eax,eax

And here's some hashes:

Cedarwood: 2A80A8B0
Bronze: 2A80A8B1
Soft Leather: 2A80A8AF
Hard Leather: 12FA86C4
Pelt: 12FA86C6
Iron: 2A80A8B2
Carbon Crystal: 12FA86C7
Silica: 58DAAAAD

I used the last 4 bytes of the hash for checking, but the game actually verifies all 8 (a quad). You can use the same logic to build up a list of weapons/outfits/etc. hashes

Here's an example:

So Sunslayer's hash is 0x0000010BDB8ED19.

Posted: **Mon Feb 26, 2018 4:20 pm**

good catch, now try to iterate let's say "Loincloth" (always presented as 0x????8158/0x????81A0 pointer) outfit which never appears in pIinventory but pre-loaded into list of all pItems. seems you are hashing known items, hell on wheels is to iterate unknown items, items which are not yet discovered through gameplay

Posted: **Mon Feb 26, 2018 4:26 pm**

I am cycling the current player inventory, figuring a method to get the hashes. How about you search a known hash in memory and find where all are stored? Also, why do you guys randomly work with pointers, when you clearly know those addresses are different for each and every one of you? WTF is "0x????8158 pointer"?

Posted: **Mon Feb 26, 2018 4:36 pm**

"wft" is 4bytes static part of pointer which is consistent per each load, rest 4 bytes are floating. that is like ECX 0x0C328158, where CX is constant and high part is changing. scanning all memory for ECX produces hundreds of multilevel pointers.
i do not say it's impossible, rather annoying and time consuming.

Posted: **Mon Feb 26, 2018 4:44 pm**

^ How about this: get a regular item, find its hash as I showed. Sell any in your inventory. Close game. Re-open. Scan memory for that hash. Subtract 8 and find a proper pointer to it. Then buy some random item, use Cielos' script to catch it when equipped; swap its pointer with the one you found. Simple. I found no connection so far between that spot where Cielos picks items up and a hash, item name, etc. Will keep digging.

Posted: **Mon Feb 26, 2018 4:45 pm**

scan for hash (not pointer) is good to try, let me see.

by the way, your screen, Sunslayer is consiten for you also, it is still "0x????9E20" which is shared in xls shitty table

FearLess Cheat Engine

Assassin's Creed: Origins

Re: Assassin's Creed: Origins

Re: Assassin's Creed: Origins

Re: Assassin's Creed: Origins

Re: Assassin's Creed: Origins

Re: Assassin's Creed: Origins

Re: Assassin's Creed: Origins

Re: Assassin's Creed: Origins

Re: Assassin's Creed: Origins

Re: Assassin's Creed: Origins

Re: Assassin's Creed: Origins

Re: Assassin's Creed: Origins

Re: Assassin's Creed: Origins

Re: Assassin's Creed: Origins

Re: Assassin's Creed: Origins

Re: Assassin's Creed: Origins