Metal Gear Solid V

Upload your cheat tables here (No requests)
TimFun13
Expert Cheater
Expert Cheater
Posts: 1354
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 6

Re: Metal Gear Solid V

Post by TimFun13 »

That means the script fails assembly, it may be the AOB or the assert.

What version of the game are you using?

Do an AOB scan (with the main form scanner) to see if you find the code, if so copy and paste all surrounding code here in a code block and we might be able to make a working script, if not then we my need to try some different byte scans to try and find it.

here is the byte scan for the CoordHook:

Code: Select all

0F28xxxx0F5Cxxxxxx0F59xx0F28xx0F28xx0FC6xxxx0FC6xxxx0FC6xxxx0F58xx0F58xx0F51xxF3xxxxxx0F2Fxxxxxxxxxx76xx83xxxx89xxxxxxxxxx48xxxxxx48xxxxxx48xxxxxx48xxxxxx49xxxx48xxxx48xxxxxxxx48xxxxxxxx48xxxxxxxxxxxx4Cxxxxxxxx4Cxxxxxxxx48xxxx48xxxxxxxx
Run this in the Lua Engine form to disable compact mode:

Code: Select all

disableCompactMode()


How to use this cheat table?
  1. Install Cheat Engine
  2. Double-click the .CT file in order to open it.
  3. Click the PC icon in Cheat Engine in order to select the game process.
  4. Keep the list.
  5. Activate the trainer options by checking boxes or setting values from 0 to 1

ofcourse
Noobzor
Noobzor
Posts: 5
Joined: Wed Nov 15, 2017 6:13 pm
Reputation: 0

Re: Metal Gear Solid V

Post by ofcourse »

great work on the new table for MGSV

the only annoying thing about it is the fact that the infinite health doesn't prevent you from dying to fall damage like the one in the old table did, so using the teleport function of the old table kills you most of the time

does anyone know a solution to this? you also can't jump off the top of your base towers anymore lol

ShyTwig16
Expert Cheater
Expert Cheater
Posts: 335
Joined: Thu Apr 06, 2017 7:14 pm
Reputation: 19

Re: Metal Gear Solid V

Post by ShyTwig16 »

ofcourse wrote:
Fri Jan 19, 2018 9:51 pm
great work on the new table for MGSV

the only annoying thing about it is the fact that the infinite health doesn't prevent you from dying to fall damage like the one in the old table did, so using the teleport function of the old table kills you most of the time

does anyone know a solution to this? you also can't jump off the top of your base towers anymore lol
If you are talking about MGSV TPP (haven't figured it out on MGS GZ), then this is the health write hook I came up with. I hadn't checked before, but in testing I can jump from any height and not die. And It's not effecting combatants.

Note that all I did was where you find the displayed health is written to, it is written to from a float, and the float seems to be where the real value is calculated and death is determined.

Code: Select all

{
	Process			: mgsvtpp.exe  -  (x64)
	Module			: mgsvtpp.exe
	Game Title		: Metal Gear Solid 5 Phantom Pain
	Game Version	: 1.0.12.0
	CE Version		: 6.7
	Script Version	: 0.0.1
	Date			: 01/19/18
	Author			: ShyTwig16
	Name			: HealthWrtHook

	Health Wrt Hook
	
	[RSI] = health
	[RSI+4] = Health max
	xmm8 = damage value
}

{$STRICT}

define(address, mgsvtpp.exe+411FD3A)
define(bytes, F3 0F 10 0E F3 0F 10 5E 04)

////
//// ------------------------------ ENABLE ------------------------------
[ENABLE]
aobScanModule(aobHealthWrtHook, mgsvtpp.exe, 39xx0F47xx89xx35xxxxxxxx81xxxxxxxxxx41xxxxxx41xxxxxxB8xxxxxxxx66xxxxxx0F2FxxF3xxxxxxF3xxxxxxxx0F93xxF3xxxxxxxx0F2Fxx73xx0F28xx0F28xxF3xxxxxx0F2Fxx73xx0F28xx0F2FxxF3xxxxxxF3xxxxxxxx77xxB9xxxxxxxx66xxxxxx74xx41xxxxxxxxxxxxxxxx)
define(injHealthWrtHook, aobHealthWrtHook+26)
assert(injHealthWrtHook, bytes)
registerSymbol(injHealthWrtHook)

alloc(memHealthWrtHook, 0x400, injHealthWrtHook)

label(ptrHealthWrtHook)
registerSymbol(ptrHealthWrtHook)

label(n_code)
label(o_code)
label(exit)
label(return)

memHealthWrtHook:
	dd (float)0
	ptrHealthWrtHook:
		dq 0
	n_code:
		mov [ptrHealthWrtHook],rsi
		movss xmm1,[rsi+04]
		movss xmm3,[rsi+04]
		movss xmm8,[memHealthWrtHook]
	o_code:
		// movss xmm1,[rsi]
		// movss xmm3,[rsi+04]
	exit:
		jmp return


////
//// ---------- Injection Point ----------
injHealthWrtHook:
	jmp n_code
	nop
	nop
	nop
	nop
	return:


////
//// ------------------------------ DISABLE ------------------------------
[DISABLE]
////
//// ---------- Injection Point ----------
injHealthWrtHook:
	db bytes

unregisterSymbol(injHealthWrtHook)

unregisterSymbol(ptrHealthWrtHook)

dealloc(memHealthWrtHook)

{
//// Injection Point: mgsvtpp.exe+411FD3A  -  000000014411FD3A
//// AOB address: 000000014411FD14  -  mgsvtpp.exe+411FD14
//// Process: mgsvtpp.exe  -  0000000140000000
//// Module: mgsvtpp.exe  -  0000000140000000
//// Module Size: 0000000008434000
mgsvtpp.exe+411FCE9:  0F47 C8                     -  cmova ecx,eax                      
mgsvtpp.exe+411FCEC:  89 C8                       -  mov eax,ecx                        
mgsvtpp.exe+411FCEE:  81 F1 ACD5FB94              -  xor ecx,94FBD5AC                   ["UUUU!"]
mgsvtpp.exe+411FCF4:  35 2FEA9DB4                 -  xor eax,B49DEA2F                   [000000AA]
mgsvtpp.exe+411FCF9:  41 89 4E 3C                 -  mov [r14+3C],ecx                   
mgsvtpp.exe+411FCFD:  41 8B 4E 04                 -  mov ecx,[r14+04]                   
mgsvtpp.exe+411FD01:  41 89 46 08                 -  mov [r14+08],eax                   
mgsvtpp.exe+411FD05:  41 8B 46 0C                 -  mov eax,[r14+0C]                   
mgsvtpp.exe+411FD09:  81 F1 2FEA9DB4              -  xor ecx,B49DEA2F                   [000000AA]
mgsvtpp.exe+411FD0F:  35 2FEA9DB4                 -  xor eax,B49DEA2F                   [000000AA]
mgsvtpp.exe+411FD14:  39 C8                       -  cmp eax,ecx                        <<<--- AOB Starts Here
mgsvtpp.exe+411FD16:  0F47 C8                     -  cmova ecx,eax                      
mgsvtpp.exe+411FD19:  89 C8                       -  mov eax,ecx                        
mgsvtpp.exe+411FD1B:  35 2FEA9DB4                 -  xor eax,B49DEA2F                   [000000AA]
mgsvtpp.exe+411FD20:  81 F1 ACD5FB94              -  xor ecx,94FBD5AC                   ["UUUU!"]
mgsvtpp.exe+411FD26:  41 89 4E 40                 -  mov [r14+40],ecx                   
mgsvtpp.exe+411FD2A:  41 89 46 0C                 -  mov [r14+0C],eax                   
mgsvtpp.exe+411FD2E:  B8 00100000                 -  mov eax,00001000                   
mgsvtpp.exe+411FD33:  66 09 43 22                 -  or [rbx+22],ax                     
mgsvtpp.exe+411FD37:  0F2F 36                     -  comiss xmm6,[rsi]                  
////  INJECTING START  ----------------------------------------------------------
mgsvtpp.exe+411FD3A:  F3 0F10 0E                  -  movss xmm1,[rsi]                   
mgsvtpp.exe+411FD3E:  F3 0F10 5E 04               -  movss xmm3,[rsi+04]                
////  INJECTING END  ----------------------------------------------------------
mgsvtpp.exe+411FD43:  0F93 D0                     -  setae al                           
mgsvtpp.exe+411FD46:  F3 41 0F5C C8               -  subss xmm1,xmm8                    
mgsvtpp.exe+411FD4B:  0F2F CE                     -  comiss xmm1,xmm6                   
mgsvtpp.exe+411FD4E:  73 03                       -  jae 14411FD53                      
mgsvtpp.exe+411FD50:  0F28 CE                     -  movaps xmm1,xmm6                   
mgsvtpp.exe+411FD53:  0F28 C3                     -  movaps xmm0,xmm3                   
mgsvtpp.exe+411FD56:  F3 0F5C C1                  -  subss xmm0,xmm1                    
mgsvtpp.exe+411FD5A:  0F2F C6                     -  comiss xmm0,xmm6                   
mgsvtpp.exe+411FD5D:  73 03                       -  jae 14411FD62                      
mgsvtpp.exe+411FD5F:  0F28 CB                     -  movaps xmm1,xmm3                   
mgsvtpp.exe+411FD62:  0F2F CE                     -  comiss xmm1,xmm6                   
mgsvtpp.exe+411FD65:  F3 0F11 0E                  -  movss [rsi],xmm1                   
mgsvtpp.exe+411FD69:  F3 45 0F58 D8               -  addss xmm11,xmm8                   
mgsvtpp.exe+411FD6E:  77 14                       -  ja 14411FD84                       
mgsvtpp.exe+411FD70:  B9 00200000                 -  mov ecx,00002000                   
mgsvtpp.exe+411FD75:  66 85 4B 22                 -  test [rbx+22],cx                   
mgsvtpp.exe+411FD79:  74 09                       -  je 14411FD84                       
mgsvtpp.exe+411FD7B:  41 83 8C 24 B4000000 04     -  or dword ptr [r12+000000B4],04     
mgsvtpp.exe+411FD84:  45 30 F6                    -  xor r14l,r14l                      
//// Template: I2CEA_AOBFullInjection
//// Generated with: I2 Cheat Engine Auto Assembler Script Template Generator
//// Code Happy, Code Freely, Be Awesome.
}
Here are the debug memory records.

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>59335</ID>
      <Description>"_[  Health Wrt Hook  ]_"</Description>
      <Options moHideChildren="1"/>
      <LastState Value="" Activated="1" RealAddress="00000000"/>
      <GroupHeader>1</GroupHeader>
      <CheatEntries>
        <CheatEntry>
          <ID>59336</ID>
          <Description>"injHealthWrtHook"</Description>
          <LastState Value="" RealAddress="14411FD3A"/>
          <ShowAsHex>1</ShowAsHex>
          <Color>0000FF</Color>
          <VariableType>Array of byte</VariableType>
          <ByteLength>0</ByteLength>
          <Address>injHealthWrtHook</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>59337</ID>
          <Description>"ptrHealthWrtHook"</Description>
          <LastState Value="0000000000000000" RealAddress="13FF70004"/>
          <ShowAsHex>1</ShowAsHex>
          <Color>808080</Color>
          <VariableType>8 Bytes</VariableType>
          <Address>ptrHealthWrtHook</Address>
          <CheatEntries>
            <CheatEntry>
              <ID>59338</ID>
              <Description>"+0   - Health"</Description>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>000000</Color>
              <VariableType>Float</VariableType>
              <Address>ptrHealthWrtHook</Address>
              <Offsets>
                <Offset>0</Offset>
              </Offsets>
            </CheatEntry>
            <CheatEntry>
              <ID>59339</ID>
              <Description>"+4   - Health Max."</Description>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>000000</Color>
              <VariableType>Float</VariableType>
              <Address>ptrHealthWrtHook</Address>
              <Offsets>
                <Offset>4</Offset>
              </Offsets>
            </CheatEntry>
          </CheatEntries>
        </CheatEntry>
      </CheatEntries>
    </CheatEntry>
  </CheatEntries>
</CheatTable>
I hope this gets you what you are looking for.

TimFun13
Expert Cheater
Expert Cheater
Posts: 1354
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 6

Re: Metal Gear Solid V

Post by TimFun13 »

Here's one I had to share, just to funny if you enable the "One Hit Kills", this is in some consciousness decrease code so it gives you one punch kills.

EDIT:
Fixed error discussed below.

Code: Select all

{
	Process			: mgsvtpp.exe  -  (x64)
	Module			: mgsvtpp.exe
	Game Title		: Metal Gear Solid 5 Phantom Pain
	Game Version	: 1.0.12.0
	CE Version		: 6.7
	Script Version	: 0.0.1
	Date			: 01/29/18
	Author			: ShyTwig16
	Name			: CombatantConsciousnessDecHook

	Combatant Consciousness Dec Hook
}

{$STRICT}

define(address, mgsvtpp.exe+43EB241)
define(bytes, 66 39 C8 66 0F 42 C8 66 29 C8)

////
//// ------------------------------ ENABLE ------------------------------
[ENABLE]
aobScanModule(aobCombatantConsciousnessDecHook, mgsvtpp.exe, 0FB7xxxx66xxxx66xxxxxx66xxxx66xxxxxx0FB7xxxx66xxxx74xx66xxxx75xx66xxxxxxxxEBxx66xxxxxx72xx44xxxxxx0FB7xxxx66xxxxxx74xx0FB6xxxx)
define(injCombatantConsciousnessDecHook, aobCombatantConsciousnessDecHook+4)
assert(injCombatantConsciousnessDecHook, bytes)
registerSymbol(injCombatantConsciousnessDecHook)

alloc(memCombatantConsciousnessDecHook, 0x400, injCombatantConsciousnessDecHook)

label(flgCombatantConsciousnessDecHook)
registerSymbol(flgCombatantConsciousnessDecHook)
// 00:Stun Only
// 01:One Hit Kills

label(ptrCombatantConsciousnessDecHook)
registerSymbol(ptrCombatantConsciousnessDecHook)

label(n_code)
label(o_code)
label(exit)
label(return)

memCombatantConsciousnessDecHook:
	flgCombatantConsciousnessDecHook:
		db 00
	align 4
	ptrCombatantConsciousnessDecHook:
		dq 0
	align 10 CC
	n_code:
		mov [ptrCombatantConsciousnessDecHook],rbx
		mov cx,[rbx+20]
		mov ax,0
		cmp byte ptr [flgCombatantConsciousnessDecHook],01
		jne o_code
			mov word ptr [rbx+1A],0
	o_code:
		// cmp ax,cx
		// cmovb cx,ax
		// sub ax,cx
	exit:
		jmp return


////
//// ---------- Injection Point ----------
injCombatantConsciousnessDecHook:
	jmp n_code
	nop
	nop
	nop
	nop
	nop
	return:


////
//// ------------------------------ DISABLE ------------------------------
[DISABLE]
////
//// ---------- Injection Point ----------
injCombatantConsciousnessDecHook:
	db bytes

unregisterSymbol(injCombatantConsciousnessDecHook)

unregisterSymbol(flgCombatantConsciousnessDecHook)

unregisterSymbol(ptrCombatantConsciousnessDecHook)

dealloc(memCombatantConsciousnessDecHook)

{
//// Injection Point: mgsvtpp.exe+43EB241  -  00000001443EB241
//// AOB address: 00000001443EB23D  -  mgsvtpp.exe+43EB23D
//// Process: mgsvtpp.exe  -  0000000140000000
//// Module: mgsvtpp.exe  -  0000000140000000
//// Module Size: 0000000008434000
mgsvtpp.exe+43EB1EF:  0F2F C8                     -  comiss xmm1,xmm0                   
mgsvtpp.exe+43EB1F2:  77 40                       -  ja 1443EB234                       
mgsvtpp.exe+43EB1F4:  80 C9 02                    -  or cl,02                           
mgsvtpp.exe+43EB1F7:  88 8E BC000000              -  mov [rsi+000000BC],cl              
mgsvtpp.exe+43EB1FD:  E8 7EA36FFF                 -  call 143AE5580                     
mgsvtpp.exe+43EB202:  48 8D 54 24 68              -  lea rdx,[rsp+68]                   
mgsvtpp.exe+43EB207:  48 8B 88 98000000           -  mov rcx,[rax+00000098]             
mgsvtpp.exe+43EB20E:  41 B8 64000000              -  mov r8d,00000064                   
mgsvtpp.exe+43EB214:  48 8B 49 50                 -  mov rcx,[rcx+50]                   
mgsvtpp.exe+43EB218:  48 8B 01                    -  mov rax,[rcx]                      
mgsvtpp.exe+43EB21B:  FF 90 18010000              -  call qword ptr [rax+00000118]      
mgsvtpp.exe+43EB221:  EB 11                       -  jmp 1443EB234                      
mgsvtpp.exe+43EB223:  D1 25 353C0D54              -  shl [1984BEE5E],1                  
mgsvtpp.exe+43EB229:  E0 D1                       -  loopne 1443EB1FC                   
mgsvtpp.exe+43EB22B:  E7 61                       -  out 61,eax                         
mgsvtpp.exe+43EB22D:  80 A6 BC000000 FD           -  and byte ptr [rsi+000000BC],-03    
mgsvtpp.exe+43EB234:  0FB7 4B 24                  -  movzx ecx,word ptr [rbx+24]        
mgsvtpp.exe+43EB238:  66 85 C9                    -  test cx,cx                         
mgsvtpp.exe+43EB23B:  74 12                       -  je 1443EB24F                       
mgsvtpp.exe+43EB23D:  0FB7 43 20                  -  movzx eax,word ptr [rbx+20]        <<<--- AOB Starts Here
////  INJECTING START  ----------------------------------------------------------
mgsvtpp.exe+43EB241:  66 39 C8                    -  cmp ax,cx                          
mgsvtpp.exe+43EB244:  66 0F42 C8                  -  cmovb cx,ax                        
mgsvtpp.exe+43EB248:  66 29 C8                    -  sub ax,cx                          
////  INJECTING END  ----------------------------------------------------------
mgsvtpp.exe+43EB24B:  66 89 43 20                 -  mov [rbx+20],ax                    
mgsvtpp.exe+43EB24F:  0FB7 43 20                  -  movzx eax,word ptr [rbx+20]        
mgsvtpp.exe+43EB253:  66 39 C5                    -  cmp bp,ax                          
mgsvtpp.exe+43EB256:  74 16                       -  je 1443EB26E                       
mgsvtpp.exe+43EB258:  66 85 C0                    -  test ax,ax                         
mgsvtpp.exe+43EB25B:  75 07                       -  jne 1443EB264                      
mgsvtpp.exe+43EB25D:  66 44 89 7B 10              -  mov [rbx+10],r15w                  
mgsvtpp.exe+43EB262:  EB 06                       -  jmp 1443EB26A                      
mgsvtpp.exe+43EB264:  66 3B 43 22                 -  cmp ax,[rbx+22]                    
mgsvtpp.exe+43EB268:  72 04                       -  jb 1443EB26E                       
mgsvtpp.exe+43EB26A:  44 89 7B 04                 -  mov [rbx+04],r15d                  
mgsvtpp.exe+43EB26E:  0FB7 43 14                  -  movzx eax,word ptr [rbx+14]        
mgsvtpp.exe+43EB272:  66 41 85 C5                 -  test r13w,ax                       
mgsvtpp.exe+43EB276:  74 7D                       -  je 1443EB2F5                       
mgsvtpp.exe+43EB278:  0FB6 43 3C                  -  movzx eax,byte ptr [rbx+3C]        
mgsvtpp.exe+43EB27C:  4C 8B 56 30                 -  mov r10,[rsi+30]                   
mgsvtpp.exe+43EB280:  4C 8D 0C 40                 -  lea r9,[rax+rax*2]                 
mgsvtpp.exe+43EB284:  3C 20                       -  cmp al,20                          
//// Template: I2CEA_AOBFullInjection
//// Generated with: I2 Cheat Engine Auto Assembler Script Template Generator
//// Code Happy, Code Freely, Be Awesome.
}
Here are some memory records to go with it:

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>59453</ID>
      <Description>"_[  Combatant Consciousness Dec Hook  ]_"</Description>
      <Options moHideChildren="1"/>
      <LastState Value="" Activated="1" RealAddress="00000000"/>
      <GroupHeader>1</GroupHeader>
      <CheatEntries>
        <CheatEntry>
          <ID>59454</ID>
          <Description>"injCombatantConsciousnessDecHook"</Description>
          <LastState Value="" RealAddress="1443EB248"/>
          <ShowAsHex>1</ShowAsHex>
          <Color>0000FF</Color>
          <VariableType>Array of byte</VariableType>
          <ByteLength>0</ByteLength>
          <Address>injCombatantConsciousnessDecHook</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>59455</ID>
          <Description>"ptrCombatantConsciousnessDecHook"</Description>
          <LastState Value="00000000A9541EE0" RealAddress="148480001"/>
          <ShowAsHex>1</ShowAsHex>
          <Color>808080</Color>
          <VariableType>8 Bytes</VariableType>
          <Address>ptrCombatantConsciousnessDecHook</Address>
          <CheatEntries>
            <CheatEntry>
              <ID>59456</ID>
              <Description>"+1A  - Health"</Description>
              <LastState Value="0" RealAddress="A9541EFA"/>
              <Color>000000</Color>
              <VariableType>2 Bytes</VariableType>
              <Address>ptrCombatantConsciousnessDecHook</Address>
              <Offsets>
                <Offset>1A</Offset>
              </Offsets>
            </CheatEntry>
            <CheatEntry>
              <ID>59465</ID>
              <Description>"+20  - Consciousness Level"</Description>
              <LastState Value="0" RealAddress="A9541F00"/>
              <Color>000000</Color>
              <VariableType>2 Bytes</VariableType>
              <Address>ptrCombatantConsciousnessDecHook</Address>
              <Offsets>
                <Offset>20</Offset>
              </Offsets>
            </CheatEntry>
          </CheatEntries>
        </CheatEntry>
        <CheatEntry>
          <ID>59464</ID>
          <Description>"flgCombatantConsciousnessDecHook"</Description>
          <DropDownList ReadOnly="1" DescriptionOnly="1" DisplayValueAsItem="1">00:Stun Only
01:One Hit Kills
</DropDownList>
          <LastState Value="01" RealAddress="148480000"/>
          <ShowAsHex>1</ShowAsHex>
          <Color>FF00FF</Color>
          <VariableType>Byte</VariableType>
          <Address>flgCombatantConsciousnessDecHook</Address>
        </CheatEntry>
      </CheatEntries>
    </CheatEntry>
  </CheatEntries>
</CheatTable>
Last edited by TimFun13 on Tue Jan 30, 2018 4:01 am, edited 1 time in total.

User avatar
glecas
Cheater
Cheater
Posts: 33
Joined: Mon Jan 29, 2018 1:16 pm
Reputation: 2

Re: Metal Gear Solid V

Post by glecas »

ShyTwig16 wrote:
Sat Jan 20, 2018 3:40 am
Here's one I had to share, just to funny if you enable the "One Hit Kills", this is in some consciousness decrease code so it gives you one punch kills.

Code: Select all

{
	Process			: mgsvtpp.exe  -  (x64)
	Module			: mgsvtpp.exe
	Game Title		: Metal Gear Solid 5 Phantom Pain
	Game Version	: 1.0.12.0
	CE Version		: 6.7
	Script Version	: 0.0.1
	Date			: 01/19/18
	Author			: ShyTwig16
	Name			: CombatantConsciousnessDecHook

	Combatant Consciousness Dec Hook
}

{$STRICT}

define(address, mgsvtpp.exe+43EB248)
define(bytes, 66 29 C8 66 89 43 20)

////
//// ------------------------------ ENABLE ------------------------------
[ENABLE]
aobScanModule(aobCombatantConsciousnessDecHook, mgsvtpp.exe, FFxxxxxxxxxxEBxxD1xxxxxxxxxxE0xxE7xx80xxxxxxxxxxxx0FB7xxxx66xxxx74xx0FB7xxxx66xxxx66xxxxxx66xxxx66xxxxxx0FB7xxxx66xxxx)
define(injCombatantConsciousnessDecHook, aobCombatantConsciousnessDecHook+2D)
assert(injCombatantConsciousnessDecHook, bytes)
registerSymbol(injCombatantConsciousnessDecHook)

alloc(memCombatantConsciousnessDecHook, 0x400, injCombatantConsciousnessDecHook)

label(flgCombatantConsciousnessDecHook)
registerSymbol(flgCombatantConsciousnessDecHook)
// 00:Stun Only
// 01:One Hit Kills

label(ptrCombatantConsciousnessDecHook)
registerSymbol(ptrCombatantConsciousnessDecHook)

label(n_code)
label(o_code)
label(exit)
label(return)

memCombatantConsciousnessDecHook:
	flgCombatantConsciousnessDecHook:
		db 00
	ptrCombatantConsciousnessDecHook:
		dq 0
	n_code:
		mov [ptrCombatantConsciousnessDecHook],rbx
		mov cx,[rbx+20]
		mov ax,0
		cmp byte ptr [flgCombatantConsciousnessDecHook],01
		jne o_code
			mov word ptr [rbx+1A],0
	o_code:
		// sub ax,cx
		mov [rbx+20],ax
	exit:
		jmp return


////
//// ---------- Injection Point ----------
injCombatantConsciousnessDecHook:
	jmp n_code
	nop
	nop
	return:


////
//// ------------------------------ DISABLE ------------------------------
[DISABLE]
////
//// ---------- Injection Point ----------
injCombatantConsciousnessDecHook:
	db bytes

unregisterSymbol(injCombatantConsciousnessDecHook)

unregisterSymbol(ptrCombatantConsciousnessDecHook)

unregisterSymbol(ptrCombatantConsciousnessDecHook)

dealloc(memCombatantConsciousnessDecHook)

{
//// Injection Point: mgsvtpp.exe+43EB248  -  00000001443EB248
//// AOB address: 00000001443EB21B  -  mgsvtpp.exe+43EB21B
//// Process: mgsvtpp.exe  -  0000000140000000
//// Module: mgsvtpp.exe  -  0000000140000000
//// Module Size: 0000000008434000
mgsvtpp.exe+43EB1F4:  80 C9 02                    -  or cl,02                           
mgsvtpp.exe+43EB1F7:  88 8E BC000000              -  mov [rsi+000000BC],cl              
mgsvtpp.exe+43EB1FD:  E8 7EA36FFF                 -  call 143AE5580                     
mgsvtpp.exe+43EB202:  48 8D 54 24 68              -  lea rdx,[rsp+68]                   
mgsvtpp.exe+43EB207:  48 8B 88 98000000           -  mov rcx,[rax+00000098]             
mgsvtpp.exe+43EB20E:  41 B8 64000000              -  mov r8d,00000064                   
mgsvtpp.exe+43EB214:  48 8B 49 50                 -  mov rcx,[rcx+50]                   
mgsvtpp.exe+43EB218:  48 8B 01                    -  mov rax,[rcx]                      
mgsvtpp.exe+43EB21B:  FF 90 18010000              -  call qword ptr [rax+00000118]      <<<--- AOB Starts Here
mgsvtpp.exe+43EB221:  EB 11                       -  jmp 1443EB234                      
mgsvtpp.exe+43EB223:  D1 25 353C0D54              -  shl [1984BEE5E],1                  
mgsvtpp.exe+43EB229:  E0 D1                       -  loopne 1443EB1FC                   
mgsvtpp.exe+43EB22B:  E7 61                       -  out 61,eax                         
mgsvtpp.exe+43EB22D:  80 A6 BC000000 FD           -  and byte ptr [rsi+000000BC],-03    
mgsvtpp.exe+43EB234:  0FB7 4B 24                  -  movzx ecx,word ptr [rbx+24]        
mgsvtpp.exe+43EB238:  66 85 C9                    -  test cx,cx                         
mgsvtpp.exe+43EB23B:  74 12                       -  je 1443EB24F                       
mgsvtpp.exe+43EB23D:  0FB7 43 20                  -  movzx eax,word ptr [rbx+20]        
mgsvtpp.exe+43EB241:  66 39 C8                    -  cmp ax,cx                          
mgsvtpp.exe+43EB244:  66 0F42 C8                  -  cmovb cx,ax                        
////  INJECTING START  ----------------------------------------------------------
mgsvtpp.exe+43EB248:  66 29 C8                    -  sub ax,cx                          
mgsvtpp.exe+43EB24B:  66 89 43 20                 -  mov [rbx+20],ax                    
////  INJECTING END  ----------------------------------------------------------
mgsvtpp.exe+43EB24F:  0FB7 43 20                  -  movzx eax,word ptr [rbx+20]        
mgsvtpp.exe+43EB253:  66 39 C5                    -  cmp bp,ax                          
mgsvtpp.exe+43EB256:  74 16                       -  je 1443EB26E                       
mgsvtpp.exe+43EB258:  66 85 C0                    -  test ax,ax                         
mgsvtpp.exe+43EB25B:  75 07                       -  jne 1443EB264                      
mgsvtpp.exe+43EB25D:  66 44 89 7B 10              -  mov [rbx+10],r15w                  
mgsvtpp.exe+43EB262:  EB 06                       -  jmp 1443EB26A                      
mgsvtpp.exe+43EB264:  66 3B 43 22                 -  cmp ax,[rbx+22]                    
mgsvtpp.exe+43EB268:  72 04                       -  jb 1443EB26E                       
mgsvtpp.exe+43EB26A:  44 89 7B 04                 -  mov [rbx+04],r15d                  
mgsvtpp.exe+43EB26E:  0FB7 43 14                  -  movzx eax,word ptr [rbx+14]        
mgsvtpp.exe+43EB272:  66 41 85 C5                 -  test r13w,ax                       
mgsvtpp.exe+43EB276:  74 7D                       -  je 1443EB2F5                       
mgsvtpp.exe+43EB278:  0FB6 43 3C                  -  movzx eax,byte ptr [rbx+3C]        
mgsvtpp.exe+43EB27C:  4C 8B 56 30                 -  mov r10,[rsi+30]                   
mgsvtpp.exe+43EB280:  4C 8D 0C 40                 -  lea r9,[rax+rax*2]                 
mgsvtpp.exe+43EB284:  3C 20                       -  cmp al,20                          
mgsvtpp.exe+43EB286:  0F83 A0000000               -  jae 1443EB32C                      
mgsvtpp.exe+43EB28C:  4C 89 F3                    -  mov rbx,r14                        
//// Template: I2CEA_AOBFullInjection
//// Generated with: I2 Cheat Engine Auto Assembler Script Template Generator
//// Code Happy, Code Freely, Be Awesome.
}
Here are some memory records to go with it:

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>59453</ID>
      <Description>"_[  Combatant Consciousness Dec Hook  ]_"</Description>
      <Options moHideChildren="1"/>
      <LastState Value="" Activated="1" RealAddress="00000000"/>
      <GroupHeader>1</GroupHeader>
      <CheatEntries>
        <CheatEntry>
          <ID>59454</ID>
          <Description>"injCombatantConsciousnessDecHook"</Description>
          <LastState Value="" RealAddress="1443EB248"/>
          <ShowAsHex>1</ShowAsHex>
          <Color>0000FF</Color>
          <VariableType>Array of byte</VariableType>
          <ByteLength>0</ByteLength>
          <Address>injCombatantConsciousnessDecHook</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>59455</ID>
          <Description>"ptrCombatantConsciousnessDecHook"</Description>
          <LastState Value="00000000A9541EE0" RealAddress="148480001"/>
          <ShowAsHex>1</ShowAsHex>
          <Color>808080</Color>
          <VariableType>8 Bytes</VariableType>
          <Address>ptrCombatantConsciousnessDecHook</Address>
          <CheatEntries>
            <CheatEntry>
              <ID>59456</ID>
              <Description>"+1A  - Health"</Description>
              <LastState Value="0" RealAddress="A9541EFA"/>
              <Color>000000</Color>
              <VariableType>2 Bytes</VariableType>
              <Address>ptrCombatantConsciousnessDecHook</Address>
              <Offsets>
                <Offset>1A</Offset>
              </Offsets>
            </CheatEntry>
            <CheatEntry>
              <ID>59465</ID>
              <Description>"+20  - Consciousness Level"</Description>
              <LastState Value="0" RealAddress="A9541F00"/>
              <Color>000000</Color>
              <VariableType>2 Bytes</VariableType>
              <Address>ptrCombatantConsciousnessDecHook</Address>
              <Offsets>
                <Offset>20</Offset>
              </Offsets>
            </CheatEntry>
          </CheatEntries>
        </CheatEntry>
        <CheatEntry>
          <ID>59464</ID>
          <Description>"flgCombatantConsciousnessDecHook"</Description>
          <DropDownList ReadOnly="1" DescriptionOnly="1" DisplayValueAsItem="1">00:Stun Only
01:One Hit Kills
</DropDownList>
          <LastState Value="01" RealAddress="148480000"/>
          <ShowAsHex>1</ShowAsHex>
          <Color>FF00FF</Color>
          <VariableType>Byte</VariableType>
          <Address>flgCombatantConsciousnessDecHook</Address>
        </CheatEntry>
      </CheatEntries>
    </CheatEntry>
  </CheatEntries>
</CheatTable>
This one causes the game to crash for me (Game version 1.12, Cheat Engine version 6.5.1).

TimFun13
Expert Cheater
Expert Cheater
Posts: 1354
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 6

Re: Metal Gear Solid V

Post by TimFun13 »

glecas wrote:
Mon Jan 29, 2018 1:18 pm
...
This one causes the game to crash for me (Game version 1.12, Cheat Engine version 6.5.1).
Kinda hard to say with just "crash", but if you mean game version "1.0.12.0" then may be some thing in the AA is different in CE 6.7. Or the AOBscan is finding a different spot, either that or a name collision, but a name collision is unlikely. And with the assert it really should fail to inject if the code is different. But it works on game version "1.0.12.0" in CE "6.7" and CE "6.6" for me.

User avatar
glecas
Cheater
Cheater
Posts: 33
Joined: Mon Jan 29, 2018 1:16 pm
Reputation: 2

Re: Metal Gear Solid V

Post by glecas »

ShyTwig16 wrote:
Tue Jan 30, 2018 12:46 am
glecas wrote:
Mon Jan 29, 2018 1:18 pm
...
This one causes the game to crash for me (Game version 1.12, Cheat Engine version 6.5.1).
Kinda hard to say with just "crash", but if you mean game version "1.0.12.0" then may be some thing in the AA is different in CE 6.7. Or the AOBscan is finding a different spot, either that or a name collision, but a name collision is unlikely. And with the assert it really should fail to inject if the code is different. But it works on game version "1.0.12.0" in CE "6.7" and CE "6.6" for me.
The game crashes crashes to Windows (APPCRASH).

Also tried it with CE 6.7, but that also crashes.

OS: Windows 7 x64.
Game version: 1.12 (.exe version 1.0.12.0).
CE version: 6.5.1 and 6.7 (tested with both).

Or am I doing something wrong?
Here's what I do:

1. Open CE.
2. Open Auto Assembler window (CTRL-ALT-A).
3. Paste your code.
4. Select Table --> Cheat Table framework code (CTRL-ALT-T).
5. Select File --> Assign to current cheat table.
6. Close Auto Assembler window.
7. Start the game, and load mgsvtpp.exe into CE.
8. Go into a mission in-game, and activate the cheat (tick the box for the table record).

I activate the cheat and run up to an enemy. Punching him ONE time causes an insta-stun (so far so good, I like it) - but when I go forward to kick or shoot him = the game crashes (APPCRASH) to windows.

EDIT: SOLVED!
Last edited by glecas on Tue Jan 30, 2018 4:13 am, edited 1 time in total.

TimFun13
Expert Cheater
Expert Cheater
Posts: 1354
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 6

Re: Metal Gear Solid V

Post by TimFun13 »

I guess I have never done it that way, But I get a crash too. This gives me some thing to work with, I will post fix as soon as I figure it out, Thank you for the detailed explanation.

ofcourse
Noobzor
Noobzor
Posts: 5
Joined: Wed Nov 15, 2017 6:13 pm
Reputation: 0

Re: Metal Gear Solid V

Post by ofcourse »

If you are talking about MGSV TPP (haven't figured it out on MGS GZ), then this is the health write hook I came up with. I hadn't checked before, but in testing I can jump from any height and not die. And It's not effecting combatants.

Note that all I did was where you find the displayed health is written to, it is written to from a float, and the float seems to be where the real value is calculated and death is determined.

Code: Select all

{
	Process			: mgsvtpp.exe  -  (x64)
	Module			: mgsvtpp.exe
	Game Title		: Metal Gear Solid 5 Phantom Pain
	Game Version	: 1.0.12.0
	CE Version		: 6.7
	Script Version	: 0.0.1
	Date			: 01/19/18
	Author			: ShyTwig16
	Name			: HealthWrtHook

	Health Wrt Hook
	
	[RSI] = health
	[RSI+4] = Health max
	xmm8 = damage value
}

{$STRICT}

define(address, mgsvtpp.exe+411FD3A)
define(bytes, F3 0F 10 0E F3 0F 10 5E 04)

////
//// ------------------------------ ENABLE ------------------------------
[ENABLE]
aobScanModule(aobHealthWrtHook, mgsvtpp.exe, 39xx0F47xx89xx35xxxxxxxx81xxxxxxxxxx41xxxxxx41xxxxxxB8xxxxxxxx66xxxxxx0F2FxxF3xxxxxxF3xxxxxxxx0F93xxF3xxxxxxxx0F2Fxx73xx0F28xx0F28xxF3xxxxxx0F2Fxx73xx0F28xx0F2FxxF3xxxxxxF3xxxxxxxx77xxB9xxxxxxxx66xxxxxx74xx41xxxxxxxxxxxxxxxx)
define(injHealthWrtHook, aobHealthWrtHook+26)
assert(injHealthWrtHook, bytes)
registerSymbol(injHealthWrtHook)

alloc(memHealthWrtHook, 0x400, injHealthWrtHook)

label(ptrHealthWrtHook)
registerSymbol(ptrHealthWrtHook)

label(n_code)
label(o_code)
label(exit)
label(return)

memHealthWrtHook:
	dd (float)0
	ptrHealthWrtHook:
		dq 0
	n_code:
		mov [ptrHealthWrtHook],rsi
		movss xmm1,[rsi+04]
		movss xmm3,[rsi+04]
		movss xmm8,[memHealthWrtHook]
	o_code:
		// movss xmm1,[rsi]
		// movss xmm3,[rsi+04]
	exit:
		jmp return


////
//// ---------- Injection Point ----------
injHealthWrtHook:
	jmp n_code
	nop
	nop
	nop
	nop
	return:


////
//// ------------------------------ DISABLE ------------------------------
[DISABLE]
////
//// ---------- Injection Point ----------
injHealthWrtHook:
	db bytes

unregisterSymbol(injHealthWrtHook)

unregisterSymbol(ptrHealthWrtHook)

dealloc(memHealthWrtHook)

{
//// Injection Point: mgsvtpp.exe+411FD3A  -  000000014411FD3A
//// AOB address: 000000014411FD14  -  mgsvtpp.exe+411FD14
//// Process: mgsvtpp.exe  -  0000000140000000
//// Module: mgsvtpp.exe  -  0000000140000000
//// Module Size: 0000000008434000
mgsvtpp.exe+411FCE9:  0F47 C8                     -  cmova ecx,eax                      
mgsvtpp.exe+411FCEC:  89 C8                       -  mov eax,ecx                        
mgsvtpp.exe+411FCEE:  81 F1 ACD5FB94              -  xor ecx,94FBD5AC                   ["UUUU!"]
mgsvtpp.exe+411FCF4:  35 2FEA9DB4                 -  xor eax,B49DEA2F                   [000000AA]
mgsvtpp.exe+411FCF9:  41 89 4E 3C                 -  mov [r14+3C],ecx                   
mgsvtpp.exe+411FCFD:  41 8B 4E 04                 -  mov ecx,[r14+04]                   
mgsvtpp.exe+411FD01:  41 89 46 08                 -  mov [r14+08],eax                   
mgsvtpp.exe+411FD05:  41 8B 46 0C                 -  mov eax,[r14+0C]                   
mgsvtpp.exe+411FD09:  81 F1 2FEA9DB4              -  xor ecx,B49DEA2F                   [000000AA]
mgsvtpp.exe+411FD0F:  35 2FEA9DB4                 -  xor eax,B49DEA2F                   [000000AA]
mgsvtpp.exe+411FD14:  39 C8                       -  cmp eax,ecx                        <<<--- AOB Starts Here
mgsvtpp.exe+411FD16:  0F47 C8                     -  cmova ecx,eax                      
mgsvtpp.exe+411FD19:  89 C8                       -  mov eax,ecx                        
mgsvtpp.exe+411FD1B:  35 2FEA9DB4                 -  xor eax,B49DEA2F                   [000000AA]
mgsvtpp.exe+411FD20:  81 F1 ACD5FB94              -  xor ecx,94FBD5AC                   ["UUUU!"]
mgsvtpp.exe+411FD26:  41 89 4E 40                 -  mov [r14+40],ecx                   
mgsvtpp.exe+411FD2A:  41 89 46 0C                 -  mov [r14+0C],eax                   
mgsvtpp.exe+411FD2E:  B8 00100000                 -  mov eax,00001000                   
mgsvtpp.exe+411FD33:  66 09 43 22                 -  or [rbx+22],ax                     
mgsvtpp.exe+411FD37:  0F2F 36                     -  comiss xmm6,[rsi]                  
////  INJECTING START  ----------------------------------------------------------
mgsvtpp.exe+411FD3A:  F3 0F10 0E                  -  movss xmm1,[rsi]                   
mgsvtpp.exe+411FD3E:  F3 0F10 5E 04               -  movss xmm3,[rsi+04]                
////  INJECTING END  ----------------------------------------------------------
mgsvtpp.exe+411FD43:  0F93 D0                     -  setae al                           
mgsvtpp.exe+411FD46:  F3 41 0F5C C8               -  subss xmm1,xmm8                    
mgsvtpp.exe+411FD4B:  0F2F CE                     -  comiss xmm1,xmm6                   
mgsvtpp.exe+411FD4E:  73 03                       -  jae 14411FD53                      
mgsvtpp.exe+411FD50:  0F28 CE                     -  movaps xmm1,xmm6                   
mgsvtpp.exe+411FD53:  0F28 C3                     -  movaps xmm0,xmm3                   
mgsvtpp.exe+411FD56:  F3 0F5C C1                  -  subss xmm0,xmm1                    
mgsvtpp.exe+411FD5A:  0F2F C6                     -  comiss xmm0,xmm6                   
mgsvtpp.exe+411FD5D:  73 03                       -  jae 14411FD62                      
mgsvtpp.exe+411FD5F:  0F28 CB                     -  movaps xmm1,xmm3                   
mgsvtpp.exe+411FD62:  0F2F CE                     -  comiss xmm1,xmm6                   
mgsvtpp.exe+411FD65:  F3 0F11 0E                  -  movss [rsi],xmm1                   
mgsvtpp.exe+411FD69:  F3 45 0F58 D8               -  addss xmm11,xmm8                   
mgsvtpp.exe+411FD6E:  77 14                       -  ja 14411FD84                       
mgsvtpp.exe+411FD70:  B9 00200000                 -  mov ecx,00002000                   
mgsvtpp.exe+411FD75:  66 85 4B 22                 -  test [rbx+22],cx                   
mgsvtpp.exe+411FD79:  74 09                       -  je 14411FD84                       
mgsvtpp.exe+411FD7B:  41 83 8C 24 B4000000 04     -  or dword ptr [r12+000000B4],04     
mgsvtpp.exe+411FD84:  45 30 F6                    -  xor r14l,r14l                      
//// Template: I2CEA_AOBFullInjection
//// Generated with: I2 Cheat Engine Auto Assembler Script Template Generator
//// Code Happy, Code Freely, Be Awesome.
}
this worked perfectly, thank you so much!

TimFun13
Expert Cheater
Expert Cheater
Posts: 1354
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 6

Re: Metal Gear Solid V

Post by TimFun13 »

glecas wrote:
Tue Jan 30, 2018 2:22 am
...
Ok so I never proved it but I think that in hitting the combatant while knocked out had it jumping part way in the hooks jump, but after moving things a bit this seems to work, but hitting them now causes them to wake up.

Code: Select all

{
	Process			: mgsvtpp.exe  -  (x64)
	Module			: mgsvtpp.exe
	Game Title		: Metal Gear Solid 5 Phantom Pain
	Game Version	: 1.0.12.0
	CE Version		: 6.7
	Script Version	: 0.0.1
	Date			: 01/29/18
	Author			: ShyTwig16
	Name			: CombatantConsciousnessDecHook

	Combatant Consciousness Dec Hook
}

{$STRICT}

define(address, mgsvtpp.exe+43EB241)
define(bytes, 66 39 C8 66 0F 42 C8 66 29 C8)

////
//// ------------------------------ ENABLE ------------------------------
[ENABLE]
aobScanModule(aobCombatantConsciousnessDecHook, mgsvtpp.exe, 0FB7xxxx66xxxx66xxxxxx66xxxx66xxxxxx0FB7xxxx66xxxx74xx66xxxx75xx66xxxxxxxxEBxx66xxxxxx72xx44xxxxxx0FB7xxxx66xxxxxx74xx0FB6xxxx)
define(injCombatantConsciousnessDecHook, aobCombatantConsciousnessDecHook+4)
assert(injCombatantConsciousnessDecHook, bytes)
registerSymbol(injCombatantConsciousnessDecHook)

alloc(memCombatantConsciousnessDecHook, 0x400, injCombatantConsciousnessDecHook)

label(flgCombatantConsciousnessDecHook)
registerSymbol(flgCombatantConsciousnessDecHook)
// 00:Stun Only
// 01:One Hit Kills

label(ptrCombatantConsciousnessDecHook)
registerSymbol(ptrCombatantConsciousnessDecHook)

label(n_code)
label(o_code)
label(exit)
label(return)

memCombatantConsciousnessDecHook:
	flgCombatantConsciousnessDecHook:
		db 00
	align 4
	ptrCombatantConsciousnessDecHook:
		dq 0
	align 10 CC
	n_code:
		mov [ptrCombatantConsciousnessDecHook],rbx
		mov cx,[rbx+20]
		mov ax,0
		cmp byte ptr [flgCombatantConsciousnessDecHook],01
		jne o_code
			mov word ptr [rbx+1A],0
	o_code:
		// cmp ax,cx
		// cmovb cx,ax
		// sub ax,cx
	exit:
		jmp return


////
//// ---------- Injection Point ----------
injCombatantConsciousnessDecHook:
	jmp n_code
	nop
	nop
	nop
	nop
	nop
	return:


////
//// ------------------------------ DISABLE ------------------------------
[DISABLE]
////
//// ---------- Injection Point ----------
injCombatantConsciousnessDecHook:
	db bytes

unregisterSymbol(injCombatantConsciousnessDecHook)

unregisterSymbol(flgCombatantConsciousnessDecHook)

unregisterSymbol(ptrCombatantConsciousnessDecHook)

dealloc(memCombatantConsciousnessDecHook)

{
//// Injection Point: mgsvtpp.exe+43EB241  -  00000001443EB241
//// AOB address: 00000001443EB23D  -  mgsvtpp.exe+43EB23D
//// Process: mgsvtpp.exe  -  0000000140000000
//// Module: mgsvtpp.exe  -  0000000140000000
//// Module Size: 0000000008434000
mgsvtpp.exe+43EB1EF:  0F2F C8                     -  comiss xmm1,xmm0                   
mgsvtpp.exe+43EB1F2:  77 40                       -  ja 1443EB234                       
mgsvtpp.exe+43EB1F4:  80 C9 02                    -  or cl,02                           
mgsvtpp.exe+43EB1F7:  88 8E BC000000              -  mov [rsi+000000BC],cl              
mgsvtpp.exe+43EB1FD:  E8 7EA36FFF                 -  call 143AE5580                     
mgsvtpp.exe+43EB202:  48 8D 54 24 68              -  lea rdx,[rsp+68]                   
mgsvtpp.exe+43EB207:  48 8B 88 98000000           -  mov rcx,[rax+00000098]             
mgsvtpp.exe+43EB20E:  41 B8 64000000              -  mov r8d,00000064                   
mgsvtpp.exe+43EB214:  48 8B 49 50                 -  mov rcx,[rcx+50]                   
mgsvtpp.exe+43EB218:  48 8B 01                    -  mov rax,[rcx]                      
mgsvtpp.exe+43EB21B:  FF 90 18010000              -  call qword ptr [rax+00000118]      
mgsvtpp.exe+43EB221:  EB 11                       -  jmp 1443EB234                      
mgsvtpp.exe+43EB223:  D1 25 353C0D54              -  shl [1984BEE5E],1                  
mgsvtpp.exe+43EB229:  E0 D1                       -  loopne 1443EB1FC                   
mgsvtpp.exe+43EB22B:  E7 61                       -  out 61,eax                         
mgsvtpp.exe+43EB22D:  80 A6 BC000000 FD           -  and byte ptr [rsi+000000BC],-03    
mgsvtpp.exe+43EB234:  0FB7 4B 24                  -  movzx ecx,word ptr [rbx+24]        
mgsvtpp.exe+43EB238:  66 85 C9                    -  test cx,cx                         
mgsvtpp.exe+43EB23B:  74 12                       -  je 1443EB24F                       
mgsvtpp.exe+43EB23D:  0FB7 43 20                  -  movzx eax,word ptr [rbx+20]        <<<--- AOB Starts Here
////  INJECTING START  ----------------------------------------------------------
mgsvtpp.exe+43EB241:  66 39 C8                    -  cmp ax,cx                          
mgsvtpp.exe+43EB244:  66 0F42 C8                  -  cmovb cx,ax                        
mgsvtpp.exe+43EB248:  66 29 C8                    -  sub ax,cx                          
////  INJECTING END  ----------------------------------------------------------
mgsvtpp.exe+43EB24B:  66 89 43 20                 -  mov [rbx+20],ax                    
mgsvtpp.exe+43EB24F:  0FB7 43 20                  -  movzx eax,word ptr [rbx+20]        
mgsvtpp.exe+43EB253:  66 39 C5                    -  cmp bp,ax                          
mgsvtpp.exe+43EB256:  74 16                       -  je 1443EB26E                       
mgsvtpp.exe+43EB258:  66 85 C0                    -  test ax,ax                         
mgsvtpp.exe+43EB25B:  75 07                       -  jne 1443EB264                      
mgsvtpp.exe+43EB25D:  66 44 89 7B 10              -  mov [rbx+10],r15w                  
mgsvtpp.exe+43EB262:  EB 06                       -  jmp 1443EB26A                      
mgsvtpp.exe+43EB264:  66 3B 43 22                 -  cmp ax,[rbx+22]                    
mgsvtpp.exe+43EB268:  72 04                       -  jb 1443EB26E                       
mgsvtpp.exe+43EB26A:  44 89 7B 04                 -  mov [rbx+04],r15d                  
mgsvtpp.exe+43EB26E:  0FB7 43 14                  -  movzx eax,word ptr [rbx+14]        
mgsvtpp.exe+43EB272:  66 41 85 C5                 -  test r13w,ax                       
mgsvtpp.exe+43EB276:  74 7D                       -  je 1443EB2F5                       
mgsvtpp.exe+43EB278:  0FB6 43 3C                  -  movzx eax,byte ptr [rbx+3C]        
mgsvtpp.exe+43EB27C:  4C 8B 56 30                 -  mov r10,[rsi+30]                   
mgsvtpp.exe+43EB280:  4C 8D 0C 40                 -  lea r9,[rax+rax*2]                 
mgsvtpp.exe+43EB284:  3C 20                       -  cmp al,20                          
//// Template: I2CEA_AOBFullInjection
//// Generated with: I2 Cheat Engine Auto Assembler Script Template Generator
//// Code Happy, Code Freely, Be Awesome.
}
And for the detailed explanation here is a bonus Tape Unlocker, it's not the most robust thing but it seems to work, this will unlock all cassette tapes, I only have one game that I have completed after using this so use at your own risk but, I know, I gotta have my tapes. But know that I just slam a byte value of 3 in to every byte between +0x8 and +0x200 of the base.

EDIT:
And this saves with the game.

Code: Select all

{
	Process			: mgsvtpp.exe  -  (x64)
	Module			: mgsvtpp.exe
	Game Title		: Metal Gear Solid 5 Phantom Pain
	Game Version	: 1.0.12.0
	CE Version		: 6.7
	Script Version	: 0.0.1
	Date			: 01/21/18
	Author			: ShyTwig16
	Name			: CassetteTapeUnlockerHook

	Cassette Tape Unlocker Hook
}

{$STRICT}

define(address, mgsvtpp.exe+3E0164B)
define(bytes, 48 8B 82 40 07 00 00)

////
//// ------------------------------ ENABLE ------------------------------
[ENABLE]
aobScanModule(aobCassetteTapeUnlockerHook, mgsvtpp.exe, 8Dxxxxxxxxxx66xxxx74xx48xxxxxxxxxxxx48xxxxxxxxxxxx0FB7xx48xxxxxxxxxxxx0FB6xxxxD0xx80xxxx75xx0FB7xxFFxx39xx72xxEBxx44xxxx73xx48xxxxxx49xxxxxxxxFFxx31xx41xxxx48xxxxxx45xxxx73xx8BxxxxxxE9xxxxxxxxB6xx79xx48xxxxxxxx48xxxxxxxx89xx48xxxxxxxx48xxxxxx41xx41xx41xx41xxxxxx)
define(injCassetteTapeUnlockerHook, aobCassetteTapeUnlockerHook+1C)
assert(injCassetteTapeUnlockerHook, bytes)
registerSymbol(injCassetteTapeUnlockerHook)

alloc(memCassetteTapeUnlockerHook, 0x400, injCassetteTapeUnlockerHook)

label(ptrCassetteTapeUnlockerHook)
registerSymbol(ptrCassetteTapeUnlockerHook)

label(n_code)
label(l_code)
label(o_code)
label(exit)
label(return)

memCassetteTapeUnlockerHook:
	ptrCassetteTapeUnlockerHook:
		dq 0
	n_code:
		pushfq

		mov [ptrCassetteTapeUnlockerHook],rdx
		mov rax,[rdx+00000740]
		
		push rbx
		push rdx
		mov rdx,rcx
		mov rcx,200

		l_code:
			movzx rbx,byte ptr [rdx+rax]
			shr bl,1
			cmp bl,0
			jg @f
				mov byte ptr [rcx+rax],03
			@@:
			cmp ecx,8
			jg @f
				mov rcx,1
			@@:
		loop l_code

		pop rdx
		pop rbx
		popfq
	o_code:
		// mov rax,[rdx+00000740]
	exit:
		jmp return


////
//// ---------- Injection Point ----------
injCassetteTapeUnlockerHook:
	jmp n_code
	nop
	nop
	return:


////
//// ------------------------------ DISABLE ------------------------------
[DISABLE]
////
//// ---------- Injection Point ----------
injCassetteTapeUnlockerHook:
	db bytes

unregisterSymbol(injCassetteTapeUnlockerHook)

unregisterSymbol(ptrCassetteTapeUnlockerHook)

dealloc(memCassetteTapeUnlockerHook)

{
//// Injection Point: mgsvtpp.exe+3E0164B  -  0000000143E0164B
//// AOB address: 0000000143E0162F  -  mgsvtpp.exe+3E0162F
//// Process: mgsvtpp.exe  -  0000000140000000
//// Module: mgsvtpp.exe  -  0000000140000000
//// Module Size: 0000000008434000
mgsvtpp.exe+3E015F7:  66 3B 0F                    -  cmp cx,[rdi]                       
mgsvtpp.exe+3E015FA:  73 7E                       -  jae 143E0167A                      
mgsvtpp.exe+3E015FC:  48 8B 8D D8000000           -  mov rcx,[rbp+000000D8]             
mgsvtpp.exe+3E01603:  48 8B 57 F0                 -  mov rdx,[rdi-10]                   
mgsvtpp.exe+3E01607:  41 89 D8                    -  mov r8d,ebx                        
mgsvtpp.exe+3E0160A:  48 8B 01                    -  mov rax,[rcx]                      
mgsvtpp.exe+3E0160D:  FF 90 88010000              -  call qword ptr [rax+00000188]      
mgsvtpp.exe+3E01613:  0FB7 40 1C                  -  movzx eax,word ptr [rax+1C]        
mgsvtpp.exe+3E01617:  66 85 C0                    -  test ax,ax                         
mgsvtpp.exe+3E0161A:  78 41                       -  js 143E0165D                       
mgsvtpp.exe+3E0161C:  B9 0FA2FFE6                 -  mov ecx,E6FFA20F                   [00000000]
mgsvtpp.exe+3E01621:  8D 89 A85E0019              -  lea ecx,[rcx+19005EA8]             
mgsvtpp.exe+3E01627:  66 01 C8                    -  add ax,cx                          
mgsvtpp.exe+3E0162A:  B9 0F05C390                 -  mov ecx,90C3050F                   [00328083]
mgsvtpp.exe+3E0162F:  8D 89 F0FA3D6F              -  lea ecx,[rcx+6F3DFAF0]             <<<--- AOB Starts Here
mgsvtpp.exe+3E01635:  66 39 C8                    -  cmp ax,cx                          
mgsvtpp.exe+3E01638:  74 23                       -  je 143E0165D                       
mgsvtpp.exe+3E0163A:  48 8B 8D B0000000           -  mov rcx,[rbp+000000B0]             
mgsvtpp.exe+3E01641:  48 8B 91 E80A0000           -  mov rdx,[rcx+00000AE8]             
mgsvtpp.exe+3E01648:  0FB7 C8                     -  movzx ecx,ax                       
////  INJECTING START  ----------------------------------------------------------
mgsvtpp.exe+3E0164B:  48 8B 82 40070000           -  mov rax,[rdx+00000740]             
////  INJECTING END  ----------------------------------------------------------
mgsvtpp.exe+3E01652:  0FB6 14 01                  -  movzx edx,byte ptr [rcx+rax]       
mgsvtpp.exe+3E01656:  D0 EA                       -  shr dl,1                           
mgsvtpp.exe+3E01658:  80 E2 01                    -  and dl,01                          
mgsvtpp.exe+3E0165B:  75 0B                       -  jne 143E01668                      
mgsvtpp.exe+3E0165D:  0FB7 07                     -  movzx eax,word ptr [rdi]           
mgsvtpp.exe+3E01660:  FF C3                       -  inc ebx                            
mgsvtpp.exe+3E01662:  39 C3                       -  cmp ebx,eax                        
mgsvtpp.exe+3E01664:  72 96                       -  jb 143E015FC                       
mgsvtpp.exe+3E01666:  EB 10                       -  jmp 143E01678                      
mgsvtpp.exe+3E01668:  44 39 E6                    -  cmp esi,r12d                       
mgsvtpp.exe+3E0166B:  73 26                       -  jae 143E01693                      
mgsvtpp.exe+3E0166D:  48 8B 47 F0                 -  mov rax,[rdi-10]                   
mgsvtpp.exe+3E01671:  49 89 44 F5 00              -  mov [r13+rsi*8+00],rax             
mgsvtpp.exe+3E01676:  FF C6                       -  inc esi                            
mgsvtpp.exe+3E01678:  31 C9                       -  xor ecx,ecx                        
mgsvtpp.exe+3E0167A:  41 FF C6                    -  inc r14d                           
mgsvtpp.exe+3E0167D:  48 83 C7 18                 -  add rdi,18                         
mgsvtpp.exe+3E01681:  45 39 FE                    -  cmp r14d,r15d                      
mgsvtpp.exe+3E01684:  73 0D                       -  jae 143E01693                      
mgsvtpp.exe+3E01686:  8B 5C 24 50                 -  mov ebx,[rsp+50]                   
//// Template: I2CEA_AOBFullInjectionWithValues
//// Generated with: I2 Cheat Engine Auto Assembler Script Template Generator
//// Code Happy, Code Freely, Be Awesome.
}

User avatar
glecas
Cheater
Cheater
Posts: 33
Joined: Mon Jan 29, 2018 1:16 pm
Reputation: 2

Re: Metal Gear Solid V

Post by glecas »

ShyTwig16 wrote:
Tue Jan 30, 2018 3:51 am
glecas wrote:
Tue Jan 30, 2018 2:22 am
...
Ok so I never proved it but I think that in hitting the combatant while knocked out had it jumping part way in the hooks jump, but after moving things a bit this seems to work, but hitting them now causes them to wake up.

Code: Select all

{
	Process			: mgsvtpp.exe  -  (x64)
	Module			: mgsvtpp.exe
	Game Title		: Metal Gear Solid 5 Phantom Pain
	Game Version	: 1.0.12.0
	CE Version		: 6.7
	Script Version	: 0.0.1
	Date			: 01/29/18
	Author			: ShyTwig16
	Name			: CombatantConsciousnessDecHook

	Combatant Consciousness Dec Hook
}

{$STRICT}

define(address, mgsvtpp.exe+43EB241)
define(bytes, 66 39 C8 66 0F 42 C8 66 29 C8)

////
//// ------------------------------ ENABLE ------------------------------
[ENABLE]
aobScanModule(aobCombatantConsciousnessDecHook, mgsvtpp.exe, 0FB7xxxx66xxxx66xxxxxx66xxxx66xxxxxx0FB7xxxx66xxxx74xx66xxxx75xx66xxxxxxxxEBxx66xxxxxx72xx44xxxxxx0FB7xxxx66xxxxxx74xx0FB6xxxx)
define(injCombatantConsciousnessDecHook, aobCombatantConsciousnessDecHook+4)
assert(injCombatantConsciousnessDecHook, bytes)
registerSymbol(injCombatantConsciousnessDecHook)

alloc(memCombatantConsciousnessDecHook, 0x400, injCombatantConsciousnessDecHook)

label(flgCombatantConsciousnessDecHook)
registerSymbol(flgCombatantConsciousnessDecHook)
// 00:Stun Only
// 01:One Hit Kills

label(ptrCombatantConsciousnessDecHook)
registerSymbol(ptrCombatantConsciousnessDecHook)

label(n_code)
label(o_code)
label(exit)
label(return)

memCombatantConsciousnessDecHook:
	flgCombatantConsciousnessDecHook:
		db 00
	align 4
	ptrCombatantConsciousnessDecHook:
		dq 0
	align 10 CC
	n_code:
		mov [ptrCombatantConsciousnessDecHook],rbx
		mov cx,[rbx+20]
		mov ax,0
		cmp byte ptr [flgCombatantConsciousnessDecHook],01
		jne o_code
			mov word ptr [rbx+1A],0
	o_code:
		// cmp ax,cx
		// cmovb cx,ax
		// sub ax,cx
	exit:
		jmp return


////
//// ---------- Injection Point ----------
injCombatantConsciousnessDecHook:
	jmp n_code
	nop
	nop
	nop
	nop
	nop
	return:


////
//// ------------------------------ DISABLE ------------------------------
[DISABLE]
////
//// ---------- Injection Point ----------
injCombatantConsciousnessDecHook:
	db bytes

unregisterSymbol(injCombatantConsciousnessDecHook)

unregisterSymbol(flgCombatantConsciousnessDecHook)

unregisterSymbol(ptrCombatantConsciousnessDecHook)

dealloc(memCombatantConsciousnessDecHook)

{
//// Injection Point: mgsvtpp.exe+43EB241  -  00000001443EB241
//// AOB address: 00000001443EB23D  -  mgsvtpp.exe+43EB23D
//// Process: mgsvtpp.exe  -  0000000140000000
//// Module: mgsvtpp.exe  -  0000000140000000
//// Module Size: 0000000008434000
mgsvtpp.exe+43EB1EF:  0F2F C8                     -  comiss xmm1,xmm0                   
mgsvtpp.exe+43EB1F2:  77 40                       -  ja 1443EB234                       
mgsvtpp.exe+43EB1F4:  80 C9 02                    -  or cl,02                           
mgsvtpp.exe+43EB1F7:  88 8E BC000000              -  mov [rsi+000000BC],cl              
mgsvtpp.exe+43EB1FD:  E8 7EA36FFF                 -  call 143AE5580                     
mgsvtpp.exe+43EB202:  48 8D 54 24 68              -  lea rdx,[rsp+68]                   
mgsvtpp.exe+43EB207:  48 8B 88 98000000           -  mov rcx,[rax+00000098]             
mgsvtpp.exe+43EB20E:  41 B8 64000000              -  mov r8d,00000064                   
mgsvtpp.exe+43EB214:  48 8B 49 50                 -  mov rcx,[rcx+50]                   
mgsvtpp.exe+43EB218:  48 8B 01                    -  mov rax,[rcx]                      
mgsvtpp.exe+43EB21B:  FF 90 18010000              -  call qword ptr [rax+00000118]      
mgsvtpp.exe+43EB221:  EB 11                       -  jmp 1443EB234                      
mgsvtpp.exe+43EB223:  D1 25 353C0D54              -  shl [1984BEE5E],1                  
mgsvtpp.exe+43EB229:  E0 D1                       -  loopne 1443EB1FC                   
mgsvtpp.exe+43EB22B:  E7 61                       -  out 61,eax                         
mgsvtpp.exe+43EB22D:  80 A6 BC000000 FD           -  and byte ptr [rsi+000000BC],-03    
mgsvtpp.exe+43EB234:  0FB7 4B 24                  -  movzx ecx,word ptr [rbx+24]        
mgsvtpp.exe+43EB238:  66 85 C9                    -  test cx,cx                         
mgsvtpp.exe+43EB23B:  74 12                       -  je 1443EB24F                       
mgsvtpp.exe+43EB23D:  0FB7 43 20                  -  movzx eax,word ptr [rbx+20]        <<<--- AOB Starts Here
////  INJECTING START  ----------------------------------------------------------
mgsvtpp.exe+43EB241:  66 39 C8                    -  cmp ax,cx                          
mgsvtpp.exe+43EB244:  66 0F42 C8                  -  cmovb cx,ax                        
mgsvtpp.exe+43EB248:  66 29 C8                    -  sub ax,cx                          
////  INJECTING END  ----------------------------------------------------------
mgsvtpp.exe+43EB24B:  66 89 43 20                 -  mov [rbx+20],ax                    
mgsvtpp.exe+43EB24F:  0FB7 43 20                  -  movzx eax,word ptr [rbx+20]        
mgsvtpp.exe+43EB253:  66 39 C5                    -  cmp bp,ax                          
mgsvtpp.exe+43EB256:  74 16                       -  je 1443EB26E                       
mgsvtpp.exe+43EB258:  66 85 C0                    -  test ax,ax                         
mgsvtpp.exe+43EB25B:  75 07                       -  jne 1443EB264                      
mgsvtpp.exe+43EB25D:  66 44 89 7B 10              -  mov [rbx+10],r15w                  
mgsvtpp.exe+43EB262:  EB 06                       -  jmp 1443EB26A                      
mgsvtpp.exe+43EB264:  66 3B 43 22                 -  cmp ax,[rbx+22]                    
mgsvtpp.exe+43EB268:  72 04                       -  jb 1443EB26E                       
mgsvtpp.exe+43EB26A:  44 89 7B 04                 -  mov [rbx+04],r15d                  
mgsvtpp.exe+43EB26E:  0FB7 43 14                  -  movzx eax,word ptr [rbx+14]        
mgsvtpp.exe+43EB272:  66 41 85 C5                 -  test r13w,ax                       
mgsvtpp.exe+43EB276:  74 7D                       -  je 1443EB2F5                       
mgsvtpp.exe+43EB278:  0FB6 43 3C                  -  movzx eax,byte ptr [rbx+3C]        
mgsvtpp.exe+43EB27C:  4C 8B 56 30                 -  mov r10,[rsi+30]                   
mgsvtpp.exe+43EB280:  4C 8D 0C 40                 -  lea r9,[rax+rax*2]                 
mgsvtpp.exe+43EB284:  3C 20                       -  cmp al,20                          
//// Template: I2CEA_AOBFullInjection
//// Generated with: I2 Cheat Engine Auto Assembler Script Template Generator
//// Code Happy, Code Freely, Be Awesome.
}
And for the detailed explanation here is a bonus Tape Unlocker, it's not the most robust thing but it seems to work, this will unlock all cassette tapes, I only have one game that I have completed after using this so use at your own risk but, I know, I gotta have my tapes. But know that I just slam a byte value of 3 in to every byte between +0x8 and +0x200 of the base.

Code: Select all

{
	Process			: mgsvtpp.exe  -  (x64)
	Module			: mgsvtpp.exe
	Game Title		: Metal Gear Solid 5 Phantom Pain
	Game Version	: 1.0.12.0
	CE Version		: 6.7
	Script Version	: 0.0.1
	Date			: 01/21/18
	Author			: ShyTwig16
	Name			: CassetteTapeUnlockerHook

	Cassette Tape Unlocker Hook
}

{$STRICT}

define(address, mgsvtpp.exe+3E0164B)
define(bytes, 48 8B 82 40 07 00 00)

////
//// ------------------------------ ENABLE ------------------------------
[ENABLE]
aobScanModule(aobCassetteTapeUnlockerHook, mgsvtpp.exe, 8Dxxxxxxxxxx66xxxx74xx48xxxxxxxxxxxx48xxxxxxxxxxxx0FB7xx48xxxxxxxxxxxx0FB6xxxxD0xx80xxxx75xx0FB7xxFFxx39xx72xxEBxx44xxxx73xx48xxxxxx49xxxxxxxxFFxx31xx41xxxx48xxxxxx45xxxx73xx8BxxxxxxE9xxxxxxxxB6xx79xx48xxxxxxxx48xxxxxxxx89xx48xxxxxxxx48xxxxxx41xx41xx41xx41xxxxxx)
define(injCassetteTapeUnlockerHook, aobCassetteTapeUnlockerHook+1C)
assert(injCassetteTapeUnlockerHook, bytes)
registerSymbol(injCassetteTapeUnlockerHook)

alloc(memCassetteTapeUnlockerHook, 0x400, injCassetteTapeUnlockerHook)

label(ptrCassetteTapeUnlockerHook)
registerSymbol(ptrCassetteTapeUnlockerHook)

label(n_code)
label(l_code)
label(o_code)
label(exit)
label(return)

memCassetteTapeUnlockerHook:
	ptrCassetteTapeUnlockerHook:
		dq 0
	n_code:
		pushfq

		mov [ptrCassetteTapeUnlockerHook],rdx
		mov rax,[rdx+00000740]
		
		push rbx
		push rdx
		mov rdx,rcx
		mov rcx,200

		l_code:
			movzx rbx,byte ptr [rdx+rax]
			shr bl,1
			cmp bl,0
			jg @f
				mov byte ptr [rcx+rax],03
			@@:
			cmp ecx,8
			jg @f
				mov rcx,1
			@@:
		loop l_code

		pop rdx
		pop rbx
		popfq
	o_code:
		// mov rax,[rdx+00000740]
	exit:
		jmp return


////
//// ---------- Injection Point ----------
injCassetteTapeUnlockerHook:
	jmp n_code
	nop
	nop
	return:


////
//// ------------------------------ DISABLE ------------------------------
[DISABLE]
////
//// ---------- Injection Point ----------
injCassetteTapeUnlockerHook:
	db bytes

unregisterSymbol(injCassetteTapeUnlockerHook)

unregisterSymbol(ptrCassetteTapeUnlockerHook)

dealloc(memCassetteTapeUnlockerHook)

{
//// Injection Point: mgsvtpp.exe+3E0164B  -  0000000143E0164B
//// AOB address: 0000000143E0162F  -  mgsvtpp.exe+3E0162F
//// Process: mgsvtpp.exe  -  0000000140000000
//// Module: mgsvtpp.exe  -  0000000140000000
//// Module Size: 0000000008434000
mgsvtpp.exe+3E015F7:  66 3B 0F                    -  cmp cx,[rdi]                       
mgsvtpp.exe+3E015FA:  73 7E                       -  jae 143E0167A                      
mgsvtpp.exe+3E015FC:  48 8B 8D D8000000           -  mov rcx,[rbp+000000D8]             
mgsvtpp.exe+3E01603:  48 8B 57 F0                 -  mov rdx,[rdi-10]                   
mgsvtpp.exe+3E01607:  41 89 D8                    -  mov r8d,ebx                        
mgsvtpp.exe+3E0160A:  48 8B 01                    -  mov rax,[rcx]                      
mgsvtpp.exe+3E0160D:  FF 90 88010000              -  call qword ptr [rax+00000188]      
mgsvtpp.exe+3E01613:  0FB7 40 1C                  -  movzx eax,word ptr [rax+1C]        
mgsvtpp.exe+3E01617:  66 85 C0                    -  test ax,ax                         
mgsvtpp.exe+3E0161A:  78 41                       -  js 143E0165D                       
mgsvtpp.exe+3E0161C:  B9 0FA2FFE6                 -  mov ecx,E6FFA20F                   [00000000]
mgsvtpp.exe+3E01621:  8D 89 A85E0019              -  lea ecx,[rcx+19005EA8]             
mgsvtpp.exe+3E01627:  66 01 C8                    -  add ax,cx                          
mgsvtpp.exe+3E0162A:  B9 0F05C390                 -  mov ecx,90C3050F                   [00328083]
mgsvtpp.exe+3E0162F:  8D 89 F0FA3D6F              -  lea ecx,[rcx+6F3DFAF0]             <<<--- AOB Starts Here
mgsvtpp.exe+3E01635:  66 39 C8                    -  cmp ax,cx                          
mgsvtpp.exe+3E01638:  74 23                       -  je 143E0165D                       
mgsvtpp.exe+3E0163A:  48 8B 8D B0000000           -  mov rcx,[rbp+000000B0]             
mgsvtpp.exe+3E01641:  48 8B 91 E80A0000           -  mov rdx,[rcx+00000AE8]             
mgsvtpp.exe+3E01648:  0FB7 C8                     -  movzx ecx,ax                       
////  INJECTING START  ----------------------------------------------------------
mgsvtpp.exe+3E0164B:  48 8B 82 40070000           -  mov rax,[rdx+00000740]             
////  INJECTING END  ----------------------------------------------------------
mgsvtpp.exe+3E01652:  0FB6 14 01                  -  movzx edx,byte ptr [rcx+rax]       
mgsvtpp.exe+3E01656:  D0 EA                       -  shr dl,1                           
mgsvtpp.exe+3E01658:  80 E2 01                    -  and dl,01                          
mgsvtpp.exe+3E0165B:  75 0B                       -  jne 143E01668                      
mgsvtpp.exe+3E0165D:  0FB7 07                     -  movzx eax,word ptr [rdi]           
mgsvtpp.exe+3E01660:  FF C3                       -  inc ebx                            
mgsvtpp.exe+3E01662:  39 C3                       -  cmp ebx,eax                        
mgsvtpp.exe+3E01664:  72 96                       -  jb 143E015FC                       
mgsvtpp.exe+3E01666:  EB 10                       -  jmp 143E01678                      
mgsvtpp.exe+3E01668:  44 39 E6                    -  cmp esi,r12d                       
mgsvtpp.exe+3E0166B:  73 26                       -  jae 143E01693                      
mgsvtpp.exe+3E0166D:  48 8B 47 F0                 -  mov rax,[rdi-10]                   
mgsvtpp.exe+3E01671:  49 89 44 F5 00              -  mov [r13+rsi*8+00],rax             
mgsvtpp.exe+3E01676:  FF C6                       -  inc esi                            
mgsvtpp.exe+3E01678:  31 C9                       -  xor ecx,ecx                        
mgsvtpp.exe+3E0167A:  41 FF C6                    -  inc r14d                           
mgsvtpp.exe+3E0167D:  48 83 C7 18                 -  add rdi,18                         
mgsvtpp.exe+3E01681:  45 39 FE                    -  cmp r14d,r15d                      
mgsvtpp.exe+3E01684:  73 0D                       -  jae 143E01693                      
mgsvtpp.exe+3E01686:  8B 5C 24 50                 -  mov ebx,[rsp+50]                   
//// Template: I2CEA_AOBFullInjectionWithValues
//// Generated with: I2 Cheat Engine Auto Assembler Script Template Generator
//// Code Happy, Code Freely, Be Awesome.
}
Wow that did it!

One hit kills works now, and they also get insta-stunned with ONE punch. Kicking them while stunned will wake them up, but they will be severely injured :) I like it! Even one-shot to the foot will kill them (or stun them if using stun ammo).

Tested with CE 6.7 using the exact same steps I described in my previous post.

Thank you so much for this! Super friendly and super fast response! Boss! *pointing* :D

Also, thanks for the cassette bonus... haven't tested it since I already have all the cassettes, but I will save your code anyway in case I need it in the future.

TimFun13
Expert Cheater
Expert Cheater
Posts: 1354
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 6

Re: Metal Gear Solid V

Post by TimFun13 »

glecas wrote:
Tue Jan 30, 2018 4:11 am
...
Thank you so much for this! Super friendly and super fast response! Boss! *pointing* :D
...
I have to admit, that was a bit of luck on your part. I just happened to be working on one for the skulls, plus I do really like playing this game. But glad I could help.

Code: Select all

{
	Process			: mgsvtpp.exe  -  (x64)
	Module			: mgsvtpp.exe
	Game Title		: Metal Gear Solid 5 Phantom Pain
	Game Version	: 1.0.12.0
	CE Version		: 6.7
	Script Version	: 0.0.1
	Date			: 01/29/18
	Author			: ShyTwig16
	Name			: CombatantSkullsHealthWrtHook

	Combatant Skulls Health Wrt Hook
}

{$STRICT}

define(address, mgsvtpp.exe+48116D0)
define(bytes, F3 0F 10 04 08)

////
//// ------------------------------ ENABLE ------------------------------
[ENABLE]
aobScanModule(aobCombatantSkullsHealthWrtHook, mgsvtpp.exe, F3xxxxxxxx0F2Fxx76xx89xxxxEBxx00xx0F5CxxF3xxxxxxxxF3xxxxxxxxxx0F2Fxx76xx89xxxxxxEBxx36xxF3xxxxxxF3xxxxxxxxxx)
define(injCombatantSkullsHealthWrtHook, aobCombatantSkullsHealthWrtHook)
assert(injCombatantSkullsHealthWrtHook, bytes)
registerSymbol(injCombatantSkullsHealthWrtHook)

alloc(memCombatantSkullsHealthWrtHook, 0x400, injCombatantSkullsHealthWrtHook)

label(ptrCombatantSkullsHealthWrtHook)
registerSymbol(ptrCombatantSkullsHealthWrtHook)

label(n_code)
label(o_code)
label(exit)
label(return)

memCombatantSkullsHealthWrtHook:
	ptrCombatantSkullsHealthWrtHook:
		dq 0
	align 10 CC
	n_code:
		mov [ptrCombatantSkullsHealthWrtHook],rax
		add [ptrCombatantSkullsHealthWrtHook],rcx
		mov dword ptr [rax+rcx],0
		mov dword ptr [rax+rcx+14],0
		mov byte ptr [rax+rcx+24],1
	o_code:
		movss xmm0,[rax+rcx]
	exit:
		jmp return


////
//// ---------- Injection Point ----------
injCombatantSkullsHealthWrtHook:
	jmp n_code
	return:


////
//// ------------------------------ DISABLE ------------------------------
[DISABLE]
////
//// ---------- Injection Point ----------
injCombatantSkullsHealthWrtHook:
	db bytes

unregisterSymbol(injCombatantSkullsHealthWrtHook)

unregisterSymbol(ptrCombatantSkullsHealthWrtHook)

dealloc(memCombatantSkullsHealthWrtHook)

{
//// Injection Point: mgsvtpp.exe+48116D0  -  00000001448116D0
//// AOB address: 00000001448116D0  -  mgsvtpp.exe+48116D0
//// Process: mgsvtpp.exe  -  0000000140000000
//// Module: mgsvtpp.exe  -  0000000140000000
//// Module Size: 0000000008434000
mgsvtpp.exe+4811678:  48 8B 54 24 60              -  mov rdx,[rsp+60]                   
mgsvtpp.exe+481167D:  48 8B 42 08                 -  mov rax,[rdx+08]                   
mgsvtpp.exe+4811681:  4D 69 E4 B4000000           -  imul r12,r12,000000B4              
mgsvtpp.exe+4811688:  F3 41 0F10 44 04 28         -  movss xmm0,[r12+rax+28]            
mgsvtpp.exe+481168F:  0F2F F0                     -  comiss xmm6,xmm0                   
mgsvtpp.exe+4811692:  76 0E                       -  jna 1448116A2                      
mgsvtpp.exe+4811694:  41 C7 44 04 28 00000000     -  mov [r12+rax+28],00000000          
mgsvtpp.exe+481169D:  E9 22010000                 -  jmp 1448117C4                      
mgsvtpp.exe+48116A2:  F3 0F5C C6                  -  subss xmm0,xmm6                    
mgsvtpp.exe+48116A6:  F3 41 0F11 44 04 28         -  movss [r12+rax+28],xmm0            
mgsvtpp.exe+48116AD:  E9 12010000                 -  jmp 1448117C4                      
mgsvtpp.exe+48116B2:  19 6E FB                    -  sbb [rsi-05],ebp                   
mgsvtpp.exe+48116B5:  86 C8                       -  xchg al,cl                         
mgsvtpp.exe+48116B7:  90                          -  nop                                
mgsvtpp.exe+48116B8:  49 81 00 488B7424           -  add qword ptr [r8],24748B48        [(double)0.0000]
mgsvtpp.exe+48116BF:  60                          -  pushad (invalid)                   
mgsvtpp.exe+48116C0:  4C 89 E0                    -  mov rax,r12                        
mgsvtpp.exe+48116C3:  31 D2                       -  xor edx,edx                        
mgsvtpp.exe+48116C5:  48 8B 4E 08                 -  mov rcx,[rsi+08]                   
mgsvtpp.exe+48116C9:  48 69 C0 B4000000           -  imul rax,rax,000000B4              
////  INJECTING START  ----------------------------------------------------------
mgsvtpp.exe+48116D0:  F3 0F10 04 08               -  movss xmm0,[rax+rcx]               <<<--- AOB Starts Here
////  INJECTING END  ----------------------------------------------------------
mgsvtpp.exe+48116D5:  0F2F F0                     -  comiss xmm6,xmm0                   
mgsvtpp.exe+48116D8:  76 06                       -  jna 1448116E0                      
mgsvtpp.exe+48116DA:  89 14 08                    -  mov [rax+rcx],edx                  
mgsvtpp.exe+48116DD:  EB 0A                       -  jmp 1448116E9                      
mgsvtpp.exe+48116DF:  00 F3                       -  add bl,dh                          
mgsvtpp.exe+48116E1:  0F5C C6                     -  subps xmm0,xmm6                    
mgsvtpp.exe+48116E4:  F3 0F11 04 08               -  movss [rax+rcx],xmm0               
mgsvtpp.exe+48116E9:  F3 0F10 44 08 14            -  movss xmm0,[rax+rcx+14]            
mgsvtpp.exe+48116EF:  0F2F C8                     -  comiss xmm1,xmm0                   
mgsvtpp.exe+48116F2:  76 08                       -  jna 1448116FC                      
mgsvtpp.exe+48116F4:  89 54 08 14                 -  mov [rax+rcx+14],edx               
mgsvtpp.exe+48116F8:  EB 0C                       -  jmp 144811706                      
mgsvtpp.exe+48116FA:  36 1F                       -  pop ds                             
mgsvtpp.exe+48116FC:  F3 0F5C C1                  -  subss xmm0,xmm1                    
mgsvtpp.exe+4811700:  F3 0F11 44 08 14            -  movss [rax+rcx+14],xmm0            
mgsvtpp.exe+4811706:  41 83 FD 06                 -  cmp r13d,06                        
mgsvtpp.exe+481170A:  0F8D C4000000               -  jnl 1448117D4                      
mgsvtpp.exe+4811710:  B8 01000000                 -  mov eax,00000001                   
mgsvtpp.exe+4811715:  89 95 90000000              -  mov [rbp+00000090],edx             
mgsvtpp.exe+481171B:  48 89 D9                    -  mov rcx,rbx                        
//// Template: I2CEA_AOBFullInjection
//// Generated with: I2 Cheat Engine Auto Assembler Script Template Generator
//// Code Happy, Code Freely, Be Awesome.
}

User avatar
glecas
Cheater
Cheater
Posts: 33
Joined: Mon Jan 29, 2018 1:16 pm
Reputation: 2

Re: Metal Gear Solid V

Post by glecas »

ShyTwig16 wrote:
Tue Jan 30, 2018 5:08 am
glecas wrote:
Tue Jan 30, 2018 4:11 am
...
Thank you so much for this! Super friendly and super fast response! Boss! *pointing* :D
...
I have to admit, that was a bit of luck on your part. I just happened to be working on one for the skulls, plus I do really like playing this game. But glad I could help.

Code: Select all

{
	Process			: mgsvtpp.exe  -  (x64)
	Module			: mgsvtpp.exe
	Game Title		: Metal Gear Solid 5 Phantom Pain
	Game Version	: 1.0.12.0
	CE Version		: 6.7
	Script Version	: 0.0.1
	Date			: 01/29/18
	Author			: ShyTwig16
	Name			: CombatantSkullsHealthWrtHook

	Combatant Skulls Health Wrt Hook
}

{$STRICT}

define(address, mgsvtpp.exe+48116D0)
define(bytes, F3 0F 10 04 08)

////
//// ------------------------------ ENABLE ------------------------------
[ENABLE]
aobScanModule(aobCombatantSkullsHealthWrtHook, mgsvtpp.exe, F3xxxxxxxx0F2Fxx76xx89xxxxEBxx00xx0F5CxxF3xxxxxxxxF3xxxxxxxxxx0F2Fxx76xx89xxxxxxEBxx36xxF3xxxxxxF3xxxxxxxxxx)
define(injCombatantSkullsHealthWrtHook, aobCombatantSkullsHealthWrtHook)
assert(injCombatantSkullsHealthWrtHook, bytes)
registerSymbol(injCombatantSkullsHealthWrtHook)

alloc(memCombatantSkullsHealthWrtHook, 0x400, injCombatantSkullsHealthWrtHook)

label(ptrCombatantSkullsHealthWrtHook)
registerSymbol(ptrCombatantSkullsHealthWrtHook)

label(n_code)
label(o_code)
label(exit)
label(return)

memCombatantSkullsHealthWrtHook:
	ptrCombatantSkullsHealthWrtHook:
		dq 0
	align 10 CC
	n_code:
		mov [ptrCombatantSkullsHealthWrtHook],rax
		add [ptrCombatantSkullsHealthWrtHook],rcx
		mov dword ptr [rax+rcx],0
		mov dword ptr [rax+rcx+14],0
		mov byte ptr [rax+rcx+24],1
	o_code:
		movss xmm0,[rax+rcx]
	exit:
		jmp return


////
//// ---------- Injection Point ----------
injCombatantSkullsHealthWrtHook:
	jmp n_code
	return:


////
//// ------------------------------ DISABLE ------------------------------
[DISABLE]
////
//// ---------- Injection Point ----------
injCombatantSkullsHealthWrtHook:
	db bytes

unregisterSymbol(injCombatantSkullsHealthWrtHook)

unregisterSymbol(ptrCombatantSkullsHealthWrtHook)

dealloc(memCombatantSkullsHealthWrtHook)

{
//// Injection Point: mgsvtpp.exe+48116D0  -  00000001448116D0
//// AOB address: 00000001448116D0  -  mgsvtpp.exe+48116D0
//// Process: mgsvtpp.exe  -  0000000140000000
//// Module: mgsvtpp.exe  -  0000000140000000
//// Module Size: 0000000008434000
mgsvtpp.exe+4811678:  48 8B 54 24 60              -  mov rdx,[rsp+60]                   
mgsvtpp.exe+481167D:  48 8B 42 08                 -  mov rax,[rdx+08]                   
mgsvtpp.exe+4811681:  4D 69 E4 B4000000           -  imul r12,r12,000000B4              
mgsvtpp.exe+4811688:  F3 41 0F10 44 04 28         -  movss xmm0,[r12+rax+28]            
mgsvtpp.exe+481168F:  0F2F F0                     -  comiss xmm6,xmm0                   
mgsvtpp.exe+4811692:  76 0E                       -  jna 1448116A2                      
mgsvtpp.exe+4811694:  41 C7 44 04 28 00000000     -  mov [r12+rax+28],00000000          
mgsvtpp.exe+481169D:  E9 22010000                 -  jmp 1448117C4                      
mgsvtpp.exe+48116A2:  F3 0F5C C6                  -  subss xmm0,xmm6                    
mgsvtpp.exe+48116A6:  F3 41 0F11 44 04 28         -  movss [r12+rax+28],xmm0            
mgsvtpp.exe+48116AD:  E9 12010000                 -  jmp 1448117C4                      
mgsvtpp.exe+48116B2:  19 6E FB                    -  sbb [rsi-05],ebp                   
mgsvtpp.exe+48116B5:  86 C8                       -  xchg al,cl                         
mgsvtpp.exe+48116B7:  90                          -  nop                                
mgsvtpp.exe+48116B8:  49 81 00 488B7424           -  add qword ptr [r8],24748B48        [(double)0.0000]
mgsvtpp.exe+48116BF:  60                          -  pushad (invalid)                   
mgsvtpp.exe+48116C0:  4C 89 E0                    -  mov rax,r12                        
mgsvtpp.exe+48116C3:  31 D2                       -  xor edx,edx                        
mgsvtpp.exe+48116C5:  48 8B 4E 08                 -  mov rcx,[rsi+08]                   
mgsvtpp.exe+48116C9:  48 69 C0 B4000000           -  imul rax,rax,000000B4              
////  INJECTING START  ----------------------------------------------------------
mgsvtpp.exe+48116D0:  F3 0F10 04 08               -  movss xmm0,[rax+rcx]               <<<--- AOB Starts Here
////  INJECTING END  ----------------------------------------------------------
mgsvtpp.exe+48116D5:  0F2F F0                     -  comiss xmm6,xmm0                   
mgsvtpp.exe+48116D8:  76 06                       -  jna 1448116E0                      
mgsvtpp.exe+48116DA:  89 14 08                    -  mov [rax+rcx],edx                  
mgsvtpp.exe+48116DD:  EB 0A                       -  jmp 1448116E9                      
mgsvtpp.exe+48116DF:  00 F3                       -  add bl,dh                          
mgsvtpp.exe+48116E1:  0F5C C6                     -  subps xmm0,xmm6                    
mgsvtpp.exe+48116E4:  F3 0F11 04 08               -  movss [rax+rcx],xmm0               
mgsvtpp.exe+48116E9:  F3 0F10 44 08 14            -  movss xmm0,[rax+rcx+14]            
mgsvtpp.exe+48116EF:  0F2F C8                     -  comiss xmm1,xmm0                   
mgsvtpp.exe+48116F2:  76 08                       -  jna 1448116FC                      
mgsvtpp.exe+48116F4:  89 54 08 14                 -  mov [rax+rcx+14],edx               
mgsvtpp.exe+48116F8:  EB 0C                       -  jmp 144811706                      
mgsvtpp.exe+48116FA:  36 1F                       -  pop ds                             
mgsvtpp.exe+48116FC:  F3 0F5C C1                  -  subss xmm0,xmm1                    
mgsvtpp.exe+4811700:  F3 0F11 44 08 14            -  movss [rax+rcx+14],xmm0            
mgsvtpp.exe+4811706:  41 83 FD 06                 -  cmp r13d,06                        
mgsvtpp.exe+481170A:  0F8D C4000000               -  jnl 1448117D4                      
mgsvtpp.exe+4811710:  B8 01000000                 -  mov eax,00000001                   
mgsvtpp.exe+4811715:  89 95 90000000              -  mov [rbp+00000090],edx             
mgsvtpp.exe+481171B:  48 89 D9                    -  mov rcx,rbx                        
//// Template: I2CEA_AOBFullInjection
//// Generated with: I2 Cheat Engine Auto Assembler Script Template Generator
//// Code Happy, Code Freely, Be Awesome.
}
I got eager and wanted to test that skulls code... :oops:

Just wanted you to know:

Image

TimFun13
Expert Cheater
Expert Cheater
Posts: 1354
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 6

Re: Metal Gear Solid V

Post by TimFun13 »

Not really sure why it's saying that, I'll check it out after work. But for now maybe try and remove all white space around the line to see if in posting some thing got added. That or comment out the 2 lines above it they are mostly for debugging.

User avatar
glecas
Cheater
Cheater
Posts: 33
Joined: Mon Jan 29, 2018 1:16 pm
Reputation: 2

Re: Metal Gear Solid V

Post by glecas »

ShyTwig16 wrote:
Tue Jan 30, 2018 2:13 pm
Not really sure why it's saying that, I'll check it out after work. But for now maybe try and remove all white space around the line to see if in posting some thing got added. That or comment out the 2 lines above it they are mostly for debugging.
Removing all the empty spaces also removed the error. ;) Although the code does not seem to work on the Camouflage skulls... but it did work on the mist skulls. :D Have not tried it against the armor skulls yet.

Post Reply

Who is online

Users browsing this forum: a15mni, admantx, ajw0710, AmazonBot, antione803, Bing [Bot], bluemoon27112, DotBot, fljt, FroRaut, Google Adsense [Bot], jioknbghyh, lemaun, thedevilshearts, Vishous, Wraithspectr3, zore