Overkill's The Walking Dead (Weapon\Parts\Ammo etc...)

Status
Not open for further replies.
Z

zths

Noobzor
Joined
Oct 29, 2018
Messages
7
SunBeam said:
@zths: If you download the Everspace game from anywhere on the internet, you'll find the developers have also included the .pdb files. That means if you open the game in a debugger, you will see the symbols/names. From that to The Walking Dead it's just a simple transition of matching-up code and writing-up an SDK-like mapping. You can get GWorld, GNames, GEngine, GObjects; even determine where the GetFullName function is to properly iterate through the game's UObjects :) Having said that.. do you really think it's still a good idea to encode the work in this table? o_O See the screenshot I've posted earlier; how do you think I was able to enable console and get CheatManager commands working? Magic?
i well encode anyway.
ikonw how to reverse some function from ue4 sdk
ue4 is open source too .not too hard to find out just some aob scan / find string or something and make same sign func /class point to them.
and you can do almost anything with engine.
 
Memiomy

Memiomy

Expert Cheater
Joined
Apr 29, 2017
Messages
149
hey zths Thx for sharing. i love it! don't abandon on updating :D
 
SunBeam

SunBeam

Administrator
Staff member
Administrator
Joined
Feb 4, 2018
Messages
3,483
zths said:
and you can do almost anything with engine.
..but you didn't do that in your table. Self-praising too much, don't you think? :p Right.
 
L

ldsdrive

Novice Cheater
Joined
May 31, 2018
Messages
16
SunBeam said:
zths said:
and you can do almost anything with engine.
..but you didn't do that in your table. Self-praising too much, don't you think? :p Right.
His english makes my head hurt.
 
jonaaa

jonaaa

Expert Cheater
Joined
Apr 6, 2017
Messages
157
ldsdrive said:
SunBeam said:
zths said:
and you can do almost anything with engine.
..but you didn't do that in your table. Self-praising too much, don't you think? :p Right.
His english makes my head hurt.
Maybe is because he's Chinese?
 
SunBeam

SunBeam

Administrator
Staff member
Administrator
Joined
Feb 4, 2018
Messages
3,483
It's not the Chinese I am concerned about; it's his attitude, flaunting around what he can or can't do, yet hiding behind a simple encode. Well, if it's not SDK use in his table, if it's not object retrieval and hard-coding.. then it's Lua code he got from here and there and wants to hide, so the various individuals being his source of inspiration don't find him. He obviously doesn't realize that even without the original names the code is 90% naked. Sure, some label won't have the name you gave it, but who cares about labels? I can use "jmp myCode" or "jmp a0" (ASM); "local myCode = <do_stuff> or "local a0 = <do_stuff>" (Lua). To me they're the same.

Alright. Challenge accepted. Posting the decompiled code later this evening.
 
Memiomy

Memiomy

Expert Cheater
Joined
Apr 29, 2017
Messages
149
alright tested the table. it can changed all mods in to legendary tier.
but i want just epic tier because legendary isn't in game just yet.... can you make this for us please?
 
Marcus101RR

Marcus101RR

Expert Cheater
Table Maker
Joined
Mar 3, 2017
Messages
398
Oh look, the game had a "console", Overkill disabled it, not surprising.
 
Z

Zircon

Expert Cheater
Joined
Mar 28, 2017
Messages
53
thanks again for your table zths i posted it here since there were requests but no tables didn't think you would join this forum =p
 
L

ldsdrive

Novice Cheater
Joined
May 31, 2018
Messages
16
SunBeam said:
It's not the Chinese I am concerned about; it's his attitude, flaunting around what he can or can't do, yet hiding behind a simple encode. Well, if it's not SDK use in his table, if it's not object retrieval and hard-coding.. then it's Lua code he got from here and there and wants to hide, so the various individuals being his source of inspiration don't find him. He obviously doesn't realize that even without the original names the code is 90% naked. Sure, some label won't have the name you gave it, but who cares about labels? I can use "jmp myCode" or "jmp a0" (ASM); "local myCode = <do_stuff> or "local a0 = <do_stuff>" (Lua). To me they're the same.

Alright. Challenge accepted. Posting the decompiled code later this evening.
I gotta agree with you on that. For all we know, it was stolen from somebody.
 
R

rampant_uterus

Expert Cheater
Joined
Nov 28, 2017
Messages
134
ldsdrive said:
SunBeam said:
Alright. Challenge accepted. Posting the decompiled code later this evening.
I gotta agree with you on that. For all we know, it was stolen from somebody.
If you're worried, can you provide an original source prior to 3dm's table? I had to do a lot of googling to find his table with a lot of translated instruction on how to use it. I don't know what's obfuscated and that's a little concerning but I'm grateful for a working cheat. Maybe he just doesn't want someone modifying and re-releasing his work that was hard for him to do? idk.

Blep. After today's patch my game is crashing with this table attached :(

Table attached, nothing activated, join any map (camp or map as private host) - Crash when countdown reach 0.
 
O

oyyzj

Expert Cheater
Joined
Mar 13, 2017
Messages
63
Told ya the developers are very energetic and will patch asap, too much forum are probably talking about it, too much sites shared. it's leaked and now it's patched.
 
H

Hennenmann

Noobzor
Joined
Jul 3, 2018
Messages
5
Yup it's patched. Was a very nice table tho :D
 
R

rampant_uterus

Expert Cheater
Joined
Nov 28, 2017
Messages
134
I doubt they "patched" the table, they probably just changed something irrelevant that caused it not to work. They didn't/couldn't patch payday 2.
 
SunBeam

SunBeam

Administrator
Staff member
Administrator
Joined
Feb 4, 2018
Messages
3,483
For what it's worth:
Code:
local L1_1, L2_2, L3_3, L4_4, L5_5
L0_0 = getAddressList
L0_0 = L0_0()
addressList = L0_0
function L0_0(A0_6, A1_7)
  local L2_8, L3_9
  L2_8 = type
  L3_9 = A1_7
  L2_8 = L2_8(L3_9)
  L3_9 = nil
  if L2_8 ~= "function" and L2_8 ~= "table" then
    A1_7, L2_8 = nil, nil
  end
  if L2_8 == "function" or A1_7 and A1_7.__ctype == 1 then
    L3_9 = {}
    if L2_8 == "table" then
      for _FORV_7_, _FORV_8_ in pairs(A1_7) do
        L3_9[_FORV_7_] = _FORV_8_
      end
      L3_9.__create = A1_7.__create
      L3_9.super = A1_7
    else
      L3_9.__create = A1_7
    end
    function L3_9.ctor()
      local L0_10, L1_11
    end
    L3_9.__cname = A0_6
    L3_9.__ctype = 1
    function L3_9.new(...)
      L0_12 = L3_9.__create
      L0_12 = L0_12(...)
      for _FORV_4_, _FORV_5_ in pairs(L3_9) do
        L0_12[_FORV_4_] = _FORV_5_
      end
      L0_12.class = L3_9
      L0_12:ctor(...)
      return L0_12
    end
  else
    if A1_7 then
      L3_9 = clone(A1_7)
      L3_9.super = A1_7
    else
      L3_9 = {
        ctor = function()
          local L0_13, L1_14
        end
      }
    end
    L3_9.__cname = A0_6
    L3_9.__ctype = 2
    L3_9.__index = L3_9
    function L3_9.new(...)
      setmetatable({}, L3_9).class = L3_9
      setmetatable({}, L3_9):ctor(...)
      return (setmetatable({}, L3_9))
    end
  end
  return L3_9
end
class = L0_0
L0_0 = loadstring
L0_0 = L0_0(L1_1)
L0_0 = L0_0()
HashMap = L0_0
function L0_0(A0_15, A1_16, A2_17)
  local L3_18, L4_19, L5_20, L6_21, L7_22, L8_23
  L3_18 = type
  L3_18 = L3_18(L4_19)
  if L3_18 ~= "string" then
    A2_17 = ""
  end
  L3_18 = type
  L3_18 = L3_18(L4_19)
  if L3_18 ~= "table" then
    L3_18 = print
    L3_18(L4_19)
  else
    L3_18 = print
    L3_18(L4_19)
    if A1_16 ~= 0 then
      L3_18 = A2_17
      L3_18 = L3_18 .. L4_19
      L4_19(L5_20)
      for L7_22, L8_23 in L4_19(L5_20) do
        io.stdout:write(L3_18 .. L7_22 .. " = ")
        if type(L8_23) ~= "table" or type(A1_16) == "number" and A1_16 <= 1 then
          print(L8_23)
        elseif A1_16 == nil then
          var_dump(L8_23, nil, L3_18)
        else
          var_dump(L8_23, A1_16 - 1, L3_18)
        end
      end
      L4_19(L5_20)
    end
  end
end
var_dump = L0_0
function L0_0(A0_24, A1_25)
  var_dump(A0_24, A1_25 or 5)
end
vd = L0_0
function L0_0(A0_26, A1_27)
  local L2_28
  L2_28 = readQword
  L2_28 = L2_28(getAddress(A0_26))
  for _FORV_6_ = 1, #A1_27 - 1 do
    if L2_28 ~= 0 then
      L2_28 = readQword(L2_28 + A1_27[_FORV_6_])
    else
    end
  end
  if L2_28 ~= 0 then
    L2_28 = L2_28 + A1_27[#A1_27]
  end
  return L2_28
end
GetAddrByPointer = L0_0
L0_0 = {}
FindArr = L0_0
L0_0 = {}
ReplaceArr = L0_0
function L0_0(A0_29)
  local L1_30, L2_31, L3_32, L4_33
  L1_30 = getAddress
  L2_31 = "OTWD-Win64-Shipping.exe+0"
  L1_30 = L1_30(L2_31)
  L2_31 = getAddress
  L3_32 = "OTWD-Win64-Shipping.exe+3DC4800"
  L2_31 = L2_31(L3_32)
  L3_32 = createMemScan
  L4_33 = nil
  L3_32 = L3_32(L4_33)
  L3_32.OnlyOneResult = true
  L4_33 = L3_32.firstScan
  L4_33(soExactValue, vtByteArray, rtRounded, A0_29, "", AOBScanRwstartAddressVal, L2_31, "+X-C-W", fsmNotAligned, "", true, true, false, false)
  L4_33 = L3_32.waitTillDone
  L4_33()
  L4_33 = L3_32.Result
  if L4_33 then
    printf("0x%X: getAddress(\"%s\")", L4_33, getNameFromAddress(L4_33))
  else
    print("Can't Find:" .. A0_29)
  end
  FindArr[#FindArr + 1] = string.format("AOBScanR%%(\"%s", string.gsub(A0_29, "%?", "%%?"))
  ReplaceArr[#ReplaceArr + 1] = string.format("getAddress(\"%s", getNameFromAddress(L4_33))
  print(#FindArr)
  L3_32.destroy()
  return L4_33
end
AOBScanRw = L0_0
function L0_0(A0_34)
  do return AOBScanRw(A0_34) end
  if AOBScan(A0_34, "..X-C-W", 0, "") ~= nil then
    if AOBScan(A0_34, "..X-C-W", 0, "").Count > 1 then
      print("AOBScan More Then One: " .. A0_34)
      return nil
    end
    print("0x" .. AOBScan(A0_34, "..X-C-W", 0, "")[0])
    return tonumber(AOBScan(A0_34, "..X-C-W", 0, "")[0], 16)
  end
  return nil
end
AOBScanR = L0_0
function L0_0(A0_35)
  if AOBScan(A0_35, "+W-C-X", 0, "") ~= nil then
    if AOBScan(A0_35, "+W-C-X", 0, "").Count > 1 then
      print("AOBScanRW More Then One: " .. A0_35)
      return nil
    end
    print("0x" .. AOBScan(A0_35, "+W-C-X", 0, "")[0])
    return tonumber(AOBScan(A0_35, "+W-C-X", 0, "")[0], 16)
  end
  return nil
end
AOBScanRW = L0_0
function L0_0(A0_36, A1_37, A2_38)
  addressList.createMemoryRecord().setDescription(A0_36)
  addressList.createMemoryRecord().setAddress(getAddress(A1_37))
  addressList.createMemoryRecord().Active = false
  addressList.createMemoryRecord().DontSave = true
  addressList.createMemoryRecord().appendToEntry(A2_38)
  return (addressList.createMemoryRecord())
end
AddMemoryRecordAppend = L0_0
function L0_0(A0_39, A1_40, A2_41, A3_42, A4_43, A5_44)
  local L6_45
  if A0_39 == nil then
    L6_45 = nil
    return L6_45
  end
  L6_45 = addressList
  L6_45 = L6_45.getMemoryRecordByDescription
  L6_45 = L6_45(A0_39)
  if L6_45 == nil then
    L6_45 = addressList.createMemoryRecord()
    L6_45.setDescription(A0_39)
    L6_45.Active = A3_42 or false
  end
  L6_45.DontSave = A2_41 or true
  if A1_40 then
    L6_45.Type = A1_40
  end
  if A4_43 then
    function L6_45.OnActivate(A0_46, A1_47, A2_48)
      if A1_47 == false then
        return true
      end
      return A4_43()
    end
  end
  if A5_44 then
    function L6_45.OnDeactivate(A0_49, A1_50, A2_51)
      if A1_50 == false then
        return true
      end
      return A5_44()
    end
  end
  if L6_45.Active then
    L6_45.Active = false
    L6_45.Active = true
  end
  return L6_45
end
AddMemoryRecordIfNotExiestAndReturn = L0_0
function L0_0(A0_52, A1_53, A2_54)
  local L3_55
  L3_55 = _G
  L3_55[A0_52] = AddMemoryRecordIfNotExiestAndReturn(A0_52, vtCustom, true, false, A1_53, A2_54)
  L3_55 = _G
  L3_55 = L3_55[A0_52]
  return L3_55
end
AddMemoryRecordCustom = L0_0
function L0_0(A0_56, A1_57, A2_58, A3_59)
  for _FORV_8_ = 0, addressList.Count - 1 do
    if addressList[_FORV_8_].Type == vtAutoAssembler then
      _FORV_8_ = _FORV_8_ + 1
    end
    if addressList[_FORV_8_].Active and addressList[_FORV_8_].Description == A1_57 then
      break
    end
    if getAddress(addressList[_FORV_8_].Address) == getAddress(A0_56) then
      return addressList[_FORV_8_]
    end
  end
  if false then
    addressList.createMemoryRecord().setDescription(A1_57)
    addressList.createMemoryRecord().setAddress(getAddress(A0_56))
    addressList.createMemoryRecord().Type = vtSingle
    addressList.createMemoryRecord().Active = false
    addressList.createMemoryRecord().DontSave = true
    if A2_58 then
      addressList.createMemoryRecord().Type = A2_58
    end
    if A3_59 then
      addressList.createMemoryRecord().appendToEntry(A3_59)
    end
    return (addressList.createMemoryRecord())
  end
end
findAndAddToList = L0_0
function L0_0(A0_60, A1_61)
  local L2_62, L3_63, L4_64, L5_65
  for L5_65 = 0, L3_63 - 1 do
    if addressList[L5_65].Type == vtAutoAssembler then
      L5_65 = L5_65 + 1
    end
    if addressList[L5_65].Description ~= A1_61 and string.find(addressList[L5_65].Description, A0_60, 1, true) ~= nil then
      if NotWithoutExecute == true then
        addressList[L5_65].Active = false
      else
        addressList[L5_65].disableWithoutExecute()
      end
    end
  end
end
DeActiveAllByName = L0_0
function L0_0(...)
  local L2_67
  L0_66 = print
  L2_67 = string
  L2_67 = L2_67.format
  L2_67 = L2_67(...)
  L0_66(L2_67, L2_67(...))
end
printf = L0_0
function L0_0(A0_68)
  local L1_69
  L1_69 = print
  L1_69(string.format("0x%x", A0_68))
end
printx = L0_0
L0_0 = getOpenedProcessID
L0_0 = L0_0()
if L0_0 ~= nil then
  L0_0 = getProcessIDFromProcessName
  L0_0 = L0_0(L1_1)
elseif L0_0 ~= L1_1 then
  L0_0 = print
  L0_0(L1_1)
  L0_0 = openProcess
  L0_0(L1_1)
end
L0_0 = debug_isDebugging
L0_0 = L0_0()
if L0_0 ~= false then
  L0_0 = debug_isBroken
  L0_0 = L0_0()
elseif L0_0 then
  L0_0 = print
  L0_0(L1_1)
  L0_0 = writeBytes
  L4_4 = 236
  L5_5 = 40
  L0_0(L1_1, L2_2, L3_3, L4_4, L5_5, 101, 72, 139, 4, 37, 96, 0, 0, 0, 128, 120, 2, 0, 117)
  L0_0 = writeBytes
  L0_0(L1_1, L2_2)
  OriOpcodeHM = nil
  L0_0 = debugProcess
  L0_0(L1_1)
end
L0_0 = debug_getBreakpointList
L0_0 = L0_0()
for L4_4, L5_5 in L1_1(L2_2) do
  debug_removeBreakpoint(L5_5)
end
L1_1(L2_2)
L1_1(L2_2)
addressAmmo = L1_1
L1_1(L2_2)
addressAmmoOnlineFix = L1_1
L1_1(L2_2)
addressHp = L1_1
L1_1(L2_2)
addressInGameRes = L1_1
L1_1(L2_2)
addressInGameRes1 = L1_1
L1_1(L2_2)
addressInGameTool = L1_1
L1_1(L2_2)
addressInGameTool1 = L1_1
L1_1(L2_2)
addressInGameTool2 = L1_1
L1_1(L2_2)
L1_1(L2_2)
L1_1(L2_2)
L1_1(L2_2)
addressGameRes = L1_1
L1_1(L2_2)
addressSurvivors = L1_1
L1_1(L2_2)
addressLevelHard = L1_1
L1_1(L2_2)
addressCharExp = L1_1
L1_1(L2_2)
addressSilencer = L1_1
L1_1(L2_2)
addressWeap = L1_1
L1_1(L2_2)
L1_1(L2_2)
addressWeapMod = L1_1
L1_1(L2_2)
L1_1(L2_2)
addressModFix = L1_1
L1_1(L2_2)
addressInGameSup = L1_1
L1_1(L2_2)
addressInGameSup1 = L1_1
addressGunStatusInGame = L1_1
L1_1(L2_2)
ToolsFix1 = L1_1
L4_4 = 192
L5_5 = 254
L1_1(L2_2, L3_3, L4_4, L5_5, 192, 144, 144, 144)
L1_1(L2_2)
ToolsFix2 = L1_1
L4_4 = 192
L5_5 = 254
L1_1(L2_2, L3_3, L4_4, L5_5, 192, 233, 50, 1, 0, 0)
L1_1(L2_2)
ToolsFix3 = L1_1
L4_4 = 144
L1_1(L2_2, L3_3, L4_4)
L1_1(L2_2)
ToolsFix4 = L1_1
L4_4 = 144
L1_1(L2_2, L3_3, L4_4)
L4_4 = 144
L5_5 = 144
L1_1(L2_2, L3_3, L4_4, L5_5, 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, 144)
debug_Safe_setBreakpoint = L1_1
genmods = L2_2
copysolt = L2_2
levelHardVal = 0
L2_2.OnValueChange = L3_3
L2_2.ctor = L3_3
if L3_3 == nil then
  OriOpcodeHM = L3_3
end
autoAssembleLua = L3_3
L4_4 = "AOBScanRDone"
L3_3(L4_4)
L4_4 = "Mods"
L3_3()
L4_4 = "Weapons"
L3_3()
L4_4 = "Characters"
L3_3()
L4_4 = "PartTypes"
L3_3()
L4_4 = "InGameCheat"
InGameCheat = L3_3
L4_4 = "Finders"
Finders = L3_3
L4_4 = "AutoFixs"
AutoFixs = L3_3
L4_4 = "Others"
Others = L3_3
L4_4 = "Hint \232\175\180\230\152\142"
function L5_5(A0_70, A1_71, A2_72)
  showMessage("\230\179\168\230\132\143\229\164\135\228\187\189\229\173\152\230\161\163\239\188\129\239\188\129\239\188\129\239\188\129\239\188\129\nInGameCheat: \n    HpFinder:\n        \239\188\136\232\142\183\229\143\150\230\137\128\230\156\137\229\141\149\228\189\141\231\154\132\232\161\128\233\135\143\239\188\137\230\154\130\230\151\160\231\148\168\n    CraftResFix:\n        \230\184\184\230\136\143\229\134\133\229\136\182\228\189\156\232\181\132\230\186\144\230\151\160\233\153\144\n    Ammo: \n        \230\151\160\233\153\144\229\173\144\229\188\185\227\128\129\230\151\160\229\144\142\229\186\167\227\128\129\230\151\160\233\153\144\229\176\132\233\128\159\n    Silencer: \n        \230\151\160\233\153\144\230\182\136\233\159\179\229\153\168(\228\184\187\230\156\186\230\151\182\229\175\185\229\133\182\229\174\131\231\142\169\229\174\182\230\156\137\230\149\136)\n    NoNoise: \n        \230\151\160\229\152\136\230\157\130\229\186\166(\228\184\187\230\156\186\230\151\182\230\156\137\230\149\136)\nFinders: \n    ModFinder: \n        \230\184\184\230\136\143\229\134\133\233\128\137\230\139\169\233\133\141\228\187\182\230\140\1371\230\148\182\232\151\143\229\144\142\229\143\175\228\191\174\230\148\185\233\133\141\228\187\182\231\173\137\231\186\167\229\146\140\231\177\187\229\158\139\n    WeaponFinder: \n        \230\184\184\230\136\143\229\134\133\233\128\137\230\139\169\230\173\166\229\153\168\230\140\1371\230\148\182\232\151\143\229\144\142\229\143\175\228\191\174\230\148\185\230\173\166\229\153\168\231\173\137\231\186\167\\\\\231\177\187\229\158\139\\\\\229\146\140\233\133\141\228\187\182\\\\\232\131\189\229\138\155\229\128\188 \228\184\142\233\133\141\228\187\182\230\167\189 \233\133\141\228\187\182\230\167\189\228\191\174\230\148\185\232\190\131\229\164\141\230\157\130\232\175\183\232\135\170\232\161\140\231\140\156\230\181\139(\230\156\137\229\135\160\231\142\135\229\180\169\230\186\131\229\157\143\230\161\163)\n    CharactersStatusFinder: \n        \229\136\135\230\141\162\232\135\179\232\167\146\232\137\178\233\161\181\230\136\150\229\156\168\232\167\146\232\137\178\233\161\181\229\136\135\230\141\162\232\167\146\232\137\178\229\143\175\232\142\183\229\190\151\229\189\147\229\137\141\232\167\146\232\137\178\231\154\132\229\156\176\229\157\128\nAutoFixs:\n    ModFix: \n        \229\139\190\233\128\137\229\144\142\229\136\135\230\141\162\232\135\179\233\133\141\228\187\182\233\161\181\233\157\162 \232\174\190\231\189\174\230\137\128\230\156\137\233\133\141\228\187\182\229\136\176\228\188\160\229\165\135\n    SurvivorsFix:\n        \229\139\190\233\128\137\229\144\142\229\136\135\230\141\162\232\135\179\229\185\184\229\173\152\232\128\133\233\161\181\233\157\162 \232\174\190\231\189\174\230\137\128\230\156\137\229\185\184\229\173\152\232\128\133\228\184\18610\231\186\167\229\184\166\230\152\159\nOthers:\n    GameResFix: \n        \229\139\190\233\128\137\229\144\142\229\136\135\230\141\162\232\135\179\229\159\186\229\156\176\229\141\135\231\186\167\233\161\181\233\157\162 \232\174\190\231\189\174\230\137\128\230\156\137\232\181\132\230\186\144\231\136\134\232\161\168\n    LevelHardLocker: \n        \229\139\190\233\128\137\229\144\142\229\136\135\230\141\162\232\135\179\233\154\190\229\186\166\233\128\137\230\139\169 \229\143\175\232\142\183\229\190\151\233\154\190\229\186\166\229\156\176\229\157\128\239\188\136\231\148\168\228\186\142\229\155\186\229\174\154\233\154\190\229\186\166\239\188\137\239\188\136\231\150\145\228\188\188\229\157\143\230\161\163\239\188\137\n\t\t")
  return false
end
L3_3(L4_4, L5_5, function(A0_73, A1_74, A2_75)
  local L3_76
  L3_76 = false
  return L3_76
end)
L4_4 = "ModFix"
function L5_5(A0_77, A1_78, A2_79)
  debug_Safe_setBreakpoint(addressModFix, 1, bptExecute, bpmInt3, function()
    writeBytes(RDI + 24, 5)
    debug_continueFromBreakpoint(co_run)
  end)
  return true
end
L4_4 = AutoFixs
L3_3(L4_4)
L4_4 = AddMemoryRecordCustom
L5_5 = "ModFinder"
L4_4 = L4_4(L5_5, function(A0_80, A1_81, A2_82)
  debug_Safe_setBreakpoint(addressWeapMod, 1, bptExecute, bpmInt3, function()
    local L0_83, L1_84, L2_85
    L0_83 = RAX
    L1_84 = findAndAddToList
    L2_85 = L0_83
    L1_84 = L1_84(L2_85, "ScriptMod", vtQword)
    L2_85 = L1_84.appendToEntry
    L2_85(AddMemoryRecordCustom("Mods"))
    L2_85 = findAndAddToList
    L2_85 = L2_85(L0_83 + 16, "Type", vtQword, L1_84)
    L2_85.ShowAsHex = true
    AddMemoryRecordCustom(string.format("ModCopy: 0x%x", L0_83 + 16)).appendToEntry(L1_84)
    AddMemoryRecordCustom(string.format("ModCopy: 0x%x", L0_83 + 16)).OnActivate = function(A0_86, A1_87, A2_88)
      DeActiveAllByName("ModCopy", A0_86.Description)
      L3_3 = L2_85
      function L3_3.OnDestroy()
        local L1_89
        L1_89 = nil
        L3_3 = L1_89
      end
      return true
    end
    AddMemoryRecordCustom(string.format("ModPaste: 0x%x", L0_83 + 16)).appendToEntry(L1_84)
    AddMemoryRecordCustom(string.format("ModPaste: 0x%x", L0_83 + 16)).OnActivate = function(A0_90, A1_91, A2_92)
      local L3_93
      L3_93 = writeQword
      L3_93(L0_83 + 16, readQword(L3_3.CurrentAddress))
      L3_93 = false
      return L3_93
    end
    debug_continueFromBreakpoint(co_run)
  end)
  return true
end, function(A0_94, A1_95, A2_96)
  debug_removeBreakpoint(addressWeapMod)
  return true
end)
L4_4 = L4_4.appendToEntry
L5_5 = Finders
L4_4(L5_5)
L4_4 = AddMemoryRecordCustom
L5_5 = "WeaponFinder"
L4_4 = L4_4(L5_5, function(A0_97, A1_98, A2_99)
  debug_Safe_setBreakpoint(addressWeap, 1, bptExecute, bpmInt3, function()
    local L0_100, L1_101, L2_102, L3_103, L4_104, L5_105
    L0_100 = RAX
    L1_101 = AddMemoryRecordIfNotExiestAndReturn
    L2_102 = string
    L2_102 = L2_102.format
    L3_103 = "ScriptWaep 0x%X: "
    L4_104 = L0_100
    L2_102 = L2_102(L3_103, L4_104)
    L3_103 = vtByteArray
    L4_104 = true
    L5_105 = false
    L1_101 = L1_101(L2_102, L3_103, L4_104, L5_105, nil, nil)
    L2_102 = L1_101.appendToEntry
    L3_103 = AddMemoryRecordCustom
    L4_104 = "Weapons"
    L5_105 = L3_103(L4_104)
    L2_102(L3_103, L4_104, L5_105, L3_103(L4_104))
    L2_102 = getAddress
    L3_103 = L0_100
    L2_102 = L2_102(L3_103)
    L1_101.Address = L2_102
    L2_102 = L1_101.Aob
    L2_102.Size = 384
    L2_102 = findAndAddToList
    L3_103 = L0_100 + 8
    L4_104 = "WeaponData"
    L5_105 = vtByteArray
    L2_102 = L2_102(L3_103, L4_104, L5_105, L1_101)
    L3_103 = L2_102.Aob
    L3_103.Size = 16
    L3_103 = findAndAddToList
    L4_104 = L0_100 + 24
    L5_105 = "WeaponType"
    L3_103 = L3_103(L4_104, L5_105, vtQword, L1_101)
    L3_103.ShowAsHex = true
    L4_104 = findAndAddToList
    L5_105 = L0_100 + 56
    L4_104 = L4_104(L5_105, "ModAbleParts", vtByte, L1_101)
    L5_105 = findAndAddToList
    L5_105(L0_100 + 96, "Rate 0-6", vtByte, L1_101)
    L5_105 = findAndAddToList
    L5_105(L0_100 + 97, "Repair 0-3", vtByte, L1_101)
    L5_105 = findAndAddToList
    L5_105(L0_100 + 100, "CombatRate", vtDword, L1_101)
    L5_105 = findAndAddToList
    L5_105(L0_100 + 107, "durable", vtByte, L1_101)
    L5_105 = findAndAddToList
    L5_105(L0_100 + 108, "Favorite", vtByte, L1_101)
    L5_105 = findAndAddToList
    L5_105(L0_100 + 109, "isNew", vtByte, L1_101)
    L5_105 = AddMemoryRecordCustom
    L5_105 = L5_105(string.format("Mods 0x%X: ", L0_100), nil, function(A0_106, A1_107, A2_108)
      local L3_109
      L3_109 = false
      return L3_109
    end)
    L5_105.setAddress(getAddress(L0_100 + 48))
    L5_105.ShowAsHex = true
    L5_105.Type = vtByteArray
    L5_105.setOffsetCount(1)
    L5_105.Aob.Size = 384
    L5_105.appendToEntry(L1_101)
    genmods(L0_100, L5_105, L1_101, readInteger(L0_100 + 56))
    debug_continueFromBreakpoint(co_run)
  end)
  return true
end, function(A0_110, A1_111, A2_112)
  debug_removeBreakpoint(addressWeap)
  return true
end)
L4_4 = L4_4.appendToEntry
L5_5 = Finders
L4_4(L5_5)
L4_4 = AddMemoryRecordCustom
L5_5 = "CharactersStatusFinder"
L4_4 = L4_4(L5_5, function(A0_113, A1_114, A2_115)
  debug_Safe_setBreakpoint(addressCharExp, 1, bptExecute, bpmInt3, function()
    local L0_116, L1_117, L2_118
    L0_116 = RDI
    L0_116 = L0_116 + 96
    L1_117 = L0_116 - 8
    L2_118 = findAndAddToList
    L2_118 = L2_118(RDI, "Character", vtByteArray)
    L2_118.appendToEntry(AddMemoryRecordCustom("Characters"))
    L2_118.ShowAsHex = true
    L2_118.Aob.Size = 104
    findAndAddToList(L1_117, "ScriptLevel", vtByte).appendToEntry(L2_118)
    findAndAddToList(L1_117 + 4, "ScriptSkillPoint", vtByte).appendToEntry(L2_118)
    findAndAddToList(L0_116, "ScriptExp", vtDword).appendToEntry(L2_118)
    debug_continueFromBreakpoint(co_run)
  end)
  return true
end, function(A0_119, A1_120, A2_121)
  debug_removeBreakpoint(addressCharExp)
  return true
end)
L4_4 = L4_4.appendToEntry
L5_5 = Finders
L4_4(L5_5)
function L4_4(A0_122, A1_123, A2_124, A3_125, A4_126)
  A0_122 = "????????"
  return string.format("???????????????? 0b002800 %s ???????????????? %s 00000000 ???????????????? ???????? 00000000 %s 00000000 FFFFFFFF 00000000 ???????? 00000000 %s 00000000 00000000 00000000 00000000 00000000 FFFFFFFF 00000000 ???????? 00000000 %s 00000000", A0_122, A1_123, A2_124, A3_125, A4_126)
end
GenPartAobStr = L4_4
AOBScanRWPStartAddressVal = 0
AOBScanRWPEndAddressVal = 140737488355327
function L4_4(A0_127)
  local L1_128, L2_129
  L1_128 = createMemScan
  L2_129 = nil
  L1_128 = L1_128(L2_129)
  L1_128.OnlyOneResult = true
  L2_129 = L1_128.firstScan
  L2_129(soExactValue, vtByteArray, rtRounded, A0_127, "", AOBScanRWPStartAddressVal, AOBScanRWPEndAddressVal, "+W-C-X", fsmNotAligned, "", true, true, false, false)
  L2_129 = L1_128.waitTillDone
  L2_129()
  L2_129 = L1_128.Result
  if L2_129 then
    if AOBScanRWPStartAddressVal == 0 and AOBScanRWPEndAddressVal == 140737488355327 then
      AOBScanRWPStartAddressVal = getAddress(L2_129) - 33554432
      AOBScanRWPEndAddressVal = getAddress(L2_129) + 33554432
      if AOBScanRWPStartAddressVal < 0 then
        AOBScanRWPStartAddressVal = 0
      end
      if AOBScanRWPStartAddressVal > 140737488355327 then
        AOBScanRWPEndAddressVal = 140737488355327
      end
    end
  else
    print("AOBScanRWP Can't Find:" .. A0_127)
  end
  L1_128.destroy()
  return L2_129
end
AOBScanRWP = L4_4
function L4_4(A0_130, A1_131, A2_132, A3_133, A4_134, A5_135)
  local L6_136
  L6_136 = AOBScanRWP
  L6_136 = L6_136(GenPartAobStr(A1_131, A2_132, A3_133, A4_134, A5_135))
  findAndAddToList(L6_136, A0_130).appendToEntry(AddMemoryRecordCustom("PartTypes"))
  findAndAddToList(L6_136, A0_130).Type = vtByteArray
  findAndAddToList(L6_136, A0_130).Aob.Size = 0
  findAndAddToList(L6_136, A0_130).ShowAsHex = true
end
AddPartTypeToList = L4_4
L4_4 = AddMemoryRecordCustom
L5_5 = "HpFinder"
L4_4 = L4_4(L5_5, function(A0_137, A1_138, A2_139)
  debug_Safe_setBreakpoint(addressHp, 1, bptExecute, bpmInt3, function()
    local L0_140, L1_141
    L0_140 = RAX
    L0_140 = L0_140 + 244
    L1_141 = readFloat
    L1_141 = L1_141(L0_140)
    if L1_141 > 149.0 then
      L1_141 = findAndAddToList
      L1_141 = L1_141(RAX, "Unit")
      L1_141.appendToEntry(AddMemoryRecordCustom("Units"))
      findAndAddToList(L0_140, "ScriptHp").appendToEntry(L1_141)
    end
    L1_141 = debug_continueFromBreakpoint
    L1_141(co_run)
  end)
  return true
end, function(A0_142, A1_143, A2_144)
  debug_removeBreakpoint(addressHp)
  return true
end)
L4_4 = L4_4.appendToEntry
L5_5 = InGameCheat
L4_4(L5_5)
L4_4 = AddMemoryRecordCustom
L5_5 = "SurvivorsFix"
L4_4 = L4_4(L5_5, function(A0_145, A1_146, A2_147)
  debug_Safe_setBreakpoint(addressSurvivors, 1, bptExecute, bpmInt3, function()
    local L0_148
    L0_148 = RCX
    L0_148 = L0_148 + 328
    writeBytes(L0_148, 0, 0, 0, 0, 10)
    writeBytes(L0_148 + 6, 1)
    debug_continueFromBreakpoint(co_run)
  end)
  return true
end, function(A0_149, A1_150, A2_151)
  debug_removeBreakpoint(addressSurvivors)
  return true
end)
L4_4 = L4_4.appendToEntry
L5_5 = AutoFixs
L4_4(L5_5)
L4_4 = AddMemoryRecordCustom
L5_5 = "GameResFix"
L4_4 = L4_4(L5_5, function(A0_152, A1_153, A2_154)
  debug_Safe_setBreakpoint(addressGameRes, 1, bptExecute, bpmInt3, function()
    local L0_155
    L0_155 = RCX
    L0_155 = L0_155 + 760
    writeBytes(L0_155, 255, 255, 0, 0, 255, 255, 0, 0, 255, 255, 0, 0, 255, 255, 0, 0, 255, 255, 0, 0)
    AddMemoryRecordIfNotExiestAndReturn("addressGameRes", nil, true, false, nil, nil).Type = vtByteArray
    AddMemoryRecordIfNotExiestAndReturn("addressGameRes", nil, true, false, nil, nil).ShowAsHex = true
    AddMemoryRecordIfNotExiestAndReturn("addressGameRes", nil, true, false, nil, nil).Aob.Size = 20
    AddMemoryRecordIfNotExiestAndReturn("addressGameRes", nil, true, false, nil, nil).setAddress(getAddress(L0_155))
    debug_continueFromBreakpoint(co_run)
  end)
  return true
end, function(A0_156, A1_157, A2_158)
  debug_removeBreakpoint(addressGameRes)
  return true
end)
L4_4 = L4_4.appendToEntry
L5_5 = Others
L4_4(L5_5)
L4_4 = AddMemoryRecordCustom
L5_5 = "CraftResFix"
L4_4 = L4_4(L5_5, function(A0_159, A1_160, A2_161)
  debug_Safe_setBreakpoint(addressInGameRes, 1, bptExecute, bpmInt3, function()
    local L0_162
    L0_162 = RDI
    L0_162 = L0_162 + 140
    L0_162 = L0_162 - 4
    writeBytes(L0_162, 0, 0, 198, 66, 0, 0, 198, 66, 0, 0, 198, 66, 0, 0, 198, 66, 0, 0, 198, 66, 0, 0, 198, 66, 0, 0, 198, 66, 0, 0, 198, 66)
    debug_continueFromBreakpoint(co_run)
  end)
  debug_Safe_setBreakpoint(addressInGameRes1, 1, bptExecute, bpmInt3, function()
    local L0_163
    L0_163 = RBX
    L0_163 = L0_163 + 140
    L0_163 = L0_163 - 4
    writeBytes(L0_163, 0, 0, 198, 66, 0, 0, 198, 66, 0, 0, 198, 66, 0, 0, 198, 66, 0, 0, 198, 66, 0, 0, 198, 66, 0, 0, 198, 66, 0, 0, 198, 66)
  end)
  return true
end, function(A0_164, A1_165, A2_166)
  debug_removeBreakpoint(addressInGameRes)
  debug_removeBreakpoint(addressInGameRes1)
  return true
end)
L4_4 = L4_4.appendToEntry
L5_5 = InGameCheat
L4_4(L5_5)
L4_4 = AddMemoryRecordCustom
L5_5 = "Ammo"
L4_4 = L4_4(L5_5, function(A0_167, A1_168, A2_169)
  autoAssembleLua(addressAmmo, "\t\tmov [rbx+00000D48],270f//\229\173\144\229\188\185\n\t\t//mov [rbx+00000080],461C4000//\229\176\132\233\128\159\n\t\tpush rbx\n\t\tmov rbx,[rbx+00000D10]\n\t\tmov [rbx+44],0//\229\185\179\229\176\132\230\149\163\229\176\132\n\t\tmov [rbx+58],0//\229\188\128\233\149\156\230\149\163\229\176\132\n\t\tmov [rbx+70],461C4000 //\229\144\142\229\186\167\230\138\145\229\136\182\n\t\tmov [rbx+38],3D4CCCCD//\229\188\128\233\149\156\233\128\159\229\186\166\n\t\tmov [rbx+50],40A00000//\232\133\176\229\176\132\230\149\163\229\176\132\230\138\145\229\136\182\n\t\tmov [rbx+60],40A00000//\229\188\128\233\149\156\230\149\163\229\176\132\230\138\145\229\136\182\n\t\tmov [rbx+a0],461C3C00//\229\136\157\229\167\139\229\164\135\229\188\185\230\149\176\239\188\159\n\t\tmov [rbx+a4],461C3C00//\229\164\135\229\188\185\230\149\176\n\t\tmov [rbx+a8],461C3C00//\229\136\157\229\167\139\229\188\185\229\164\185\230\156\128\233\171\152\239\188\159\239\188\159\n\t\tmov [rbx+ac],461C3C00//\229\188\185\229\164\185\230\156\128\233\171\152\n\t\tmov [rbx+b8],40A00000//\230\141\162\229\188\185\229\128\141\233\128\159\n\t\tmov [rbx+10c],453B8000//\230\175\143\229\136\134\233\146\159\229\176\132\233\128\159\n\t\tpop rbx\n\t\t", true)
  autoAssembleLua(addressAmmoOnlineFix, [[
			mov ax,270f
			mov [rbx+d4a],270f
			mov [rbx+d4c],270f
			mov [rbx+d48],270f
		]], true)
  return true
end, function(A0_170, A1_171, A2_172)
  autoAssembleLua(addressAmmo, "", false)
  autoAssembleLua(addressAmmoOnlineFix, "", false)
  return true
end)
L4_4 = L4_4.appendToEntry
L5_5 = InGameCheat
L4_4(L5_5)
L4_4 = print
L5_5 = "NoNoise"
L4_4(L5_5)
L4_4 = getAddress
L5_5 = "OTWD-Win64-Shipping.exe+2671AE"
L4_4 = L4_4(L5_5)
L4_4 = L4_4 + 16
addressNoNoise = L4_4
L4_4 = AddMemoryRecordCustom
L5_5 = "NoNoise"
L4_4 = L4_4(L5_5, function(A0_173, A1_174, A2_175)
  autoAssembleLua(addressNoNoise, [[
			mov [rbx+000498],0
			XORPD xmm3,xmm3
		]], true)
  return true
end, function(A0_176, A1_177, A2_178)
  autoAssembleLua(addressNoNoise, "", false)
  debug_removeBreakpoint(addressAmmoOnlineFix)
  return true
end)
L4_4 = L4_4.appendToEntry
L5_5 = InGameCheat
L4_4(L5_5)
L4_4 = AddMemoryRecordCustom
L5_5 = "Tool"
L4_4 = L4_4(L5_5, function(A0_179, A1_180, A2_181)
  local L3_182
  function L3_182()
    AddMemoryRecordIfNotExiestAndReturn("addressInGameToolScriptGen", vtByteArray, true, false, nil, nil).setAddress(getAddress(RDI + 56))
    AddMemoryRecordIfNotExiestAndReturn("addressInGameToolScriptGen", vtByteArray, true, false, nil, nil).ShowAsHex = true
    AddMemoryRecordIfNotExiestAndReturn("addressInGameToolScriptGen", vtByteArray, true, false, nil, nil).Value = "00 00 C6 42 00 00 C6 42 00 00 C6 42 00 00 C6 42 00 00 C6 42 00 00 C6 42"
    debug_continueFromBreakpoint(co_run)
  end
  debug_Safe_setBreakpoint(addressInGameTool, 1, bptExecute, bpmInt3, L3_182)
  debug_Safe_setBreakpoint(addressInGameTool1, 1, bptExecute, bpmInt3, L3_182)
  debug_Safe_setBreakpoint(addressInGameTool2, 1, bptExecute, bpmInt3, L3_182)
  return true
end, function(A0_183, A1_184, A2_185)
  debug_removeBreakpoint(addressInGameTool)
  debug_removeBreakpoint(addressInGameTool1)
  debug_removeBreakpoint(addressInGameTool2)
  return true
end)
L4_4 = L4_4.appendToEntry
L5_5 = InGameCheat
L4_4(L5_5)
L4_4 = AddMemoryRecordCustom
L5_5 = "Silencer"
L4_4 = L4_4(L5_5, function(A0_186, A1_187, A2_188)
  writeBytes(addressSilencer, 199, 131, 8, 15, 0, 0, 0, 0, 0, 0)
  return true
end, function(A0_189, A1_190, A2_191)
  writeBytes(addressSilencer, 132, 192, 116, 6, 255, 131, 8, 15, 0, 0)
  return true
end)
L4_4 = L4_4.appendToEntry
L5_5 = InGameCheat
L4_4(L5_5)
L4_4 = AddMemoryRecordCustom
L5_5 = "LevelHardLocker"
L4_4 = L4_4(L5_5, function(A0_192, A1_193, A2_194)
  debug_Safe_setBreakpoint(addressLevelHard, 2, bptExecute, bpmInt3, function()
    local L0_195
    L0_195 = _G
    L0_195 = L0_195.prveHardAddr
    if L0_195 == nil then
      prveHardAddr = 0
    end
    L0_195 = RDI
    L0_195 = L0_195 + 768
    AddMemoryRecordIfNotExiestAndReturn("addressLevelHardScriptGen", nil, true, false, nil, nil).setAddress(getAddress(L0_195))
    debug_removeBreakpoint(prveHardAddr)
    prveHardAddr = L0_195
    debug_Safe_setBreakpoint(prveHardAddr, 2, bptAccess, bpmInt3, function()
      if addressList.getMemoryRecordByDescription("addressLevelHardScriptGen").Active then
        writeBytes(prveHardAddr, levelHardVal)
      end
      debug_continueFromBreakpoint(co_run)
    end)
    debug_continueFromBreakpoint(co_run)
  end)
  return true
end, function(A0_196, A1_197, A2_198)
  debug_removeBreakpoint(addressLevelHard)
  return true
end)
L4_4 = L4_4.appendToEntry
L5_5 = Others
L4_4(L5_5)
function L4_4()
  local L0_199, L1_200
end
debugger_onBreakpoint = L4_4
L4_4 = print
L5_5 = "ScriptInitDone"
L4_4(L5_5)
Code:
\230\179\168\230\132\143\229\164\135\228\187
==
Code:
E6 B3 A8 E6 84 8F E5 A4 87 E4 BB BD E5 AD 98 E6 A1 A3 EF BC 81 EF BC 81 EF BC 81 EF BC 81 EF BC 81
What can we learn from his code:

- "OTWD-Win64-Shipping.exe+3DC4800" is a pointer; find references to it and you'll land on the class constructor function:
Code:
00007FF7D022242B | 4C:8945 70                      | MOV QWORD PTR SS:[RBP+70],R8                                                    |
00007FF7D022242F | 48:8945 60                      | MOV QWORD PTR SS:[RBP+60],RAX                                                   |
00007FF7D0222433 | 4D:85C0                         | TEST R8,R8                                                                      |
00007FF7D0222436 | 0F84 15010000                   | JE otwd-win64-shipping.7FF7D0222551                                             |
00007FF7D022243C | 0F1F40 00                       | NOP DWORD PTR DS:[RAX],EAX                                                      |
00007FF7D0222440 | 48:8B00                         | MOV RAX,QWORD PTR DS:[RAX]                                                      |
00007FF7D0222443 | FFD0                            | CALL RAX                                                                        | <-- enter
00007FF7D0222445 | 48:8BD8                         | MOV RBX,RAX                                                                     |
00007FF7D0222448 | 4C:8BC0                         | MOV R8,RAX                                                                      |
..
00007FF7D1703F40 | 48:83EC 28                      | SUB RSP,28                                                                      |
00007FF7D1703F44 | 48:8B05 B5083302                | MOV RAX,QWORD PTR DS:[7FF7D3A34800]                                             |
00007FF7D1703F4B | 48:85C0                         | TEST RAX,RAX                                                                    |
00007FF7D1703F4E | 75 1A                           | JNE otwd-win64-shipping.7FF7D1703F6A                                            |
00007FF7D1703F50 | 48:8D15 A9623B01                | LEA RDX,QWORD PTR DS:[7FF7D2ABA200]                                             |
00007FF7D1703F57 | 48:8D0D A2083302                | LEA RCX,QWORD PTR DS:[7FF7D3A34800]                                             |
00007FF7D1703F5E | E8 6D6BB0FE                     | CALL otwd-win64-shipping.7FF7D020AAD0                                           |
00007FF7D1703F63 | 48:8B05 96083302                | MOV RAX,QWORD PTR DS:[7FF7D3A34800]                                             | <-- this is his pointer
00007FF7D1703F6A | 48:83C4 28                      | ADD RSP,28                                                                      |
00007FF7D1703F6E | C3                              | RET                                                                             |
How many UObjects are there? Check [RBP+0x70] :)

I was using the first released CODEX version, but I got the latest version now ;) Just for fun. Let's see..



Also letting you know the script won't work on any updates, unless he uses AOBs to find the hardcoded locations he's using.
 
R

rampant_uterus

Expert Cheater
Joined
Nov 28, 2017
Messages
134
I do not know how to apply this to cheat engine.
 
SunBeam

SunBeam

Administrator
Staff member
Administrator
Joined
Feb 4, 2018
Messages
3,483
It's not working anymore.. till and if the author updates it :)
 
rootkit

rootkit

What is cheating?
Joined
Nov 12, 2018
Messages
4
He updated it on 3dm's forum, posting that it will not be updated here because of "Fearlessrevolution is not friendly".
Link
 
SunBeam

SunBeam

Administrator
Staff member
Administrator
Joined
Feb 4, 2018
Messages
3,483
Figured as much ;) Gathering followers for the 3DM forum :p Will post my shit in a bit; fun times :p
 
djdomi1100

djdomi1100

What is cheating?
Joined
Nov 13, 2018
Messages
4
Did someone get the new Version from this 3dm site?
 
Status
Not open for further replies.
Top