RAGE 2 [Engine:APEX]

Csimbi

Csimbi

RCE Fanatics
Talents
Joined
Apr 29, 2017
Messages
388
Re: RAGE2 [Engine:APEX]

Here, this should be infinite items (works for Health Infusion at least):
Code:
<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>47</ID>
      <Description>"--aobInvItemCalc"</Description>
      <Options moHideChildren="1"/>
      <LastState/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>// Game   : RAGE2.exe
// Version:
// Date   :
// Author : Cs
[ENABLE]
aobscanmodule(aobInvItemCalc,RAGE2.exe,41 8B F0 4C 8B E9 4C 8B 48 30 49 8B C1)

alloc(newmemInvItemCalc,4096,aobInvItemCalc)

label(aobInvItemCalc_r)
label(aobInvItemCalc_i)
registersymbol(aobInvItemCalc_r)
registersymbol(aobInvItemCalc_i)

label(lblInvItemCalc)
label(lblInvItemCalcSkip)
label(lblInvItemCalcRet)

label(bEnableInfiniteItems)
registersymbol(bEnableInfiniteItems)

newmemInvItemCalc:
bEnableInfiniteItems:
dd 1

lblInvItemCalc:
cmp r8d,0
jge short lblInvItemCalcSkip
mov rsi,[g_Player]
lea rsi,[rsi+00000CD8]
cmp qword ptr [rsi],rcx
jne short lblInvItemCalcSkip
cmp dword ptr [bEnableInfiniteItems],1
jne short lblInvItemCalcSkip
xor r8,r8
lblInvItemCalcSkip:
//Alt: mov esi,r8d
//Alt: mov r13,rcx
//db 41 8B F0 4C 8B E9
readmem(aobInvItemCalc,6)
jmp lblInvItemCalcRet
aobInvItemCalc_i:
readmem(aobInvItemCalc,6)

//"RAGE2.exe"+73F712:
aobInvItemCalc:
aobInvItemCalc_r:
jmp lblInvItemCalc
nop
lblInvItemCalcRet:

[DISABLE]
//"RAGE2.exe"+73F712:
//Alt: mov esi,r8d
//Alt: mov r13,rcx
//db 41 8B F0 4C 8B E9
aobInvItemCalc_r:
readmem(aobInvItemCalc_i,6)

unregistersymbol(aobInvItemCalc_r)
unregistersymbol(aobInvItemCalc_i)

unregistersymbol(bEnableInfiniteItems)

dealloc(newmemInvItemCalc)

{
// ORIGINAL CODE - INJECTION POINT: "RAGE2.exe"+73F712

"RAGE2.exe"+73F6F4: 48 83 C4 48                 -  add rsp,48
"RAGE2.exe"+73F6F8: C3                          -  ret 
"RAGE2.exe"+73F6F9: FF D2                       -  call rdx
"RAGE2.exe"+73F6FB: 48 83 C4 48                 -  add rsp,48
"RAGE2.exe"+73F6FF: C3                          -  ret 
"RAGE2.exe"+73F700: 89 54 24 10                 -  mov [rsp+10],edx
"RAGE2.exe"+73F704: 56                          -  push rsi
"RAGE2.exe"+73F705: 41 55                       -  push r13
"RAGE2.exe"+73F707: 48 83 EC 58                 -  sub rsp,58
"RAGE2.exe"+73F70B: 48 8B 05 7E D3 92 02        -  mov rax,[RAGE2.exe+306CA90]
// ---------- INJECTING HERE ----------
"RAGE2.exe"+73F712: 41 8B F0                    -  mov esi,r8d
"RAGE2.exe"+73F715: 4C 8B E9                    -  mov r13,rcx
// ---------- DONE INJECTING  ----------
"RAGE2.exe"+73F718: 4C 8B 48 30                 -  mov r9,[rax+30]
"RAGE2.exe"+73F71C: 49 8B C1                    -  mov rax,r9
"RAGE2.exe"+73F71F: 4D 8B 41 08                 -  mov r8,[r9+08]
"RAGE2.exe"+73F723: 41 80 78 19 00              -  cmp byte ptr [r8+19],00
"RAGE2.exe"+73F728: 75 29                       -  jne RAGE2.exe+73F753
"RAGE2.exe"+73F72A: 66 0F 1F 44 00 00           -  nop [rax+rax+00]
"RAGE2.exe"+73F730: 41 39 50 20                 -  cmp [r8+20],edx
"RAGE2.exe"+73F734: 73 06                       -  jae RAGE2.exe+73F73C
"RAGE2.exe"+73F736: 4D 8B 40 10                 -  mov r8,[r8+10]
"RAGE2.exe"+73F73A: EB 06                       -  jmp RAGE2.exe+73F742
}

</AssemblerScript>
      <CheatEntries>
        <CheatEntry>
          <ID>48</ID>
          <Description>"bEnableInfiniteItems"</Description>
          <DropDownList ReadOnly="1" DescriptionOnly="1" DisplayValueAsItem="1">0:Disabled
1:Enabled
</DropDownList>
          <Color>008000
          <VariableType>4 Bytes</VariableType>
          <Address>bEnableInfiniteItems</Address>
        </CheatEntry>
      </CheatEntries>
    </CheatEntry>
  </CheatEntries>
</CheatTable>
Note: requires SunBeam's player grabber code enabled.

And here's Max Overdrive (so you can re-enable instantly):
Code:
<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>50</ID>
      <Description>"--aobOverdriveTester"</Description>
      <Options moHideChildren="1"/>
      <LastState/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>// Game   : RAGE2.exe
// Version:
// Date   :
// Author : Cs
[ENABLE]
aobscanmodule(aobOverdriveTester,RAGE2.exe,0F 2F BF ?? ?? 00 00 77 ?? F3 0F)

alloc(newmemOverdriveTester,4096,aobOverdriveTester)

label(aobOverdriveTester_r)
label(aobOverdriveTester_i)
registersymbol(aobOverdriveTester_r)
registersymbol(aobOverdriveTester_i)

label(lblOverdriveTester)
label(lblOverdriveTesterSkip)
label(lblOverdriveTesterRet)

label(bEnableMaxOverdrive)
registersymbol(bEnableMaxOverdrive)

newmemOverdriveTester:
bEnableMaxOverdrive:
dd 1

lblOverdriveTester:
cmp dword ptr [bEnableMaxOverdrive],1
jne short lblOverdriveTesterSkip
push rax
movsxd rax,[aobOverdriveTester_i+03]
movss [rax+rdi],xmm7
pop rax
lblOverdriveTesterSkip:
//Alt: comiss xmm7,[rdi+00000D90]
//db 0F 2F BF 90 0D 00 00
readmem(aobOverdriveTester,7)
jmp lblOverdriveTesterRet
aobOverdriveTester_i:
readmem(aobOverdriveTester,7)

//"RAGE2.exe"+9B4B77:
aobOverdriveTester:
aobOverdriveTester_r:
jmp lblOverdriveTester
nop
nop
lblOverdriveTesterRet:

[DISABLE]
//"RAGE2.exe"+9B4B77:
//Alt: comiss xmm7,[rdi+00000D90]
//db 0F 2F BF 90 0D 00 00
aobOverdriveTester_r:
readmem(aobOverdriveTester_i,7)

unregistersymbol(aobOverdriveTester_r)
unregistersymbol(aobOverdriveTester_i)

unregistersymbol(bEnableMaxOverdrive)

dealloc(newmemOverdriveTester)

{
// ORIGINAL CODE - INJECTION POINT: "RAGE2.exe"+9B4B77

"RAGE2.exe"+9B4B50: 48 8B 01                 -  mov rax,[rcx]
"RAGE2.exe"+9B4B53: 81 78 04 3C A3 B0 35     -  cmp [rax+04],35B0A33C
"RAGE2.exe"+9B4B5A: 74 70                    -  je RAGE2.exe+9B4BCC
"RAGE2.exe"+9B4B5C: 48 83 C1 30              -  add rcx,30
"RAGE2.exe"+9B4B60: 48 3B CA                 -  cmp rcx,rdx
"RAGE2.exe"+9B4B63: 75 EB                    -  jne RAGE2.exe+9B4B50
"RAGE2.exe"+9B4B65: 44 38 A7 95 0D 00 00     -  cmp [rdi+00000D95],r12l
"RAGE2.exe"+9B4B6C: 74 5E                    -  je RAGE2.exe+9B4BCC
"RAGE2.exe"+9B4B6E: 44 38 A7 94 0D 00 00     -  cmp [rdi+00000D94],r12l
"RAGE2.exe"+9B4B75: 74 55                    -  je RAGE2.exe+9B4BCC
// ---------- INJECTING HERE ----------
"RAGE2.exe"+9B4B77: 0F 2F BF 90 0D 00 00     -  comiss xmm7,[rdi+00000D90]
// ---------- DONE INJECTING  ----------
"RAGE2.exe"+9B4B7E: 77 4C                    -  ja RAGE2.exe+9B4BCC
"RAGE2.exe"+9B4B80: F3 0F 58 76 64           -  addss xmm6,dword ptr [rsi+64]
"RAGE2.exe"+9B4B85: F3 0F 11 76 64           -  movss [rsi+64],xmm6
"RAGE2.exe"+9B4B8A: 0F 2F 35 5F D9 D7 01     -  comiss xmm6,[RAGE2.exe+27324F0]
"RAGE2.exe"+9B4B91: 76 39                    -  jna RAGE2.exe+9B4BCC
"RAGE2.exe"+9B4B93: 44 89 66 64              -  mov [rsi+64],r12d
"RAGE2.exe"+9B4B97: 4C 39 25 A2 80 6B 02     -  cmp [RAGE2.exe+306CC40],r12
"RAGE2.exe"+9B4B9E: 74 2C                    -  je RAGE2.exe+9B4BCC
"RAGE2.exe"+9B4BA0: 48 8D 8F 30 2A 00 00     -  lea rcx,[rdi+00002A30]
"RAGE2.exe"+9B4BA7: 0F 57 C0                 -  xorps xmm0,xmm0
}
</AssemblerScript>
      <CheatEntries>
        <CheatEntry>
          <ID>51</ID>
          <Description>"bEnableMaxOverdrive"</Description>
          <DropDownList ReadOnly="1" DescriptionOnly="1" DisplayValueAsItem="1">0:Disabled
1:Enabled
</DropDownList>
          <Color>008000
          <VariableType>4 Bytes</VariableType>
          <Address>bEnableMaxOverdrive</Address>
        </CheatEntry>
      </CheatEntries>
    </CheatEntry>
  </CheatEntries>
</CheatTable>
PC.
The game so far seems to be a major disappointment.
I'll keep playing with it a bit more, but don't get made if I just ditch it ;-)
 
Vortox14

Vortox14

Cheater
Fearless Donors
Joined
May 21, 2017
Messages
45
Re: RAGE2 [Engine:APEX]

Thanks Csimbi, but I can't get the Unlimited Items Script to enable. Max OverDrive one work like a charm and thanks to SunBeam I do appreciate the effort you're putting into your table(s).
 
Csimbi

Csimbi

RCE Fanatics
Talents
Joined
Apr 29, 2017
Messages
388
Re: RAGE2 [Engine:APEX]

Not sure what to tell you - works here.
Has there been a patch?
 
Vortox14

Vortox14

Cheater
Fearless Donors
Joined
May 21, 2017
Messages
45
Re: RAGE2 [Engine:APEX]

Not that I know of, but then I've been offline mode since launch.
Restarting the client while steam was online didn't help. (Anyways, I got to go for awhile, hopefully can sort it when I get back.)
 
Csimbi

Csimbi

RCE Fanatics
Talents
Joined
Apr 29, 2017
Messages
388
Re: RAGE2 [Engine:APEX]

The script includes the code snippet at the bottom.
See if you can find it (alter the AOB scan here, see what's at those addresses for ye, etc.)
 
S

samuelhanson

Noobzor
Joined
Dec 17, 2017
Messages
10
Re: RAGE2 [Engine:APEX]

Compared to the first Rage game, it's a massive improvement. Compared to other games released in 2018/2019? It's average-ok, however with the roadmap and over the next three months the game should improve and be worthwhile. (At least that is my opinion)
 
SunBeam

SunBeam

Administrator
Staff member
Administrator
Joined
Feb 4, 2018
Messages
3,483
Re: RAGE2 [Engine:APEX]

I take back what I said about APEX :) I found the core hash function (e.g.: "IngredientFeltriteBlue"->hash->FindPtr(hash)->GetCount()) :D Finding the item uses Player and PlayerInventory (Player+0xA38).
 
SunBeam

SunBeam

Administrator
Staff member
Administrator
Joined
Feb 4, 2018
Messages
3,483
Re: RAGE2 [Engine:APEX]

Meanwhile ;)



I'll see what else I can collect by hash :p
 
sebastianyyz

sebastianyyz

Expert Cheater
Joined
Jul 9, 2017
Messages
174
Re: RAGE2 [Engine:APEX]

Nice, thank you SunBeam
 
Y

yeriano

Novice Cheater
Joined
Apr 19, 2017
Messages
18
Re: RAGE2 [Engine:APEX]

please add exp multiple too

thanks :D :D :D
 
S

skywolf23

Expert Cheater
Joined
Nov 13, 2017
Messages
81
Re: RAGE2 [Engine:APEX]

ohh that double jump vault made me rage quit....i just wanted a relaxing fun session then i entered the vault and nearly tore my hair out made the jump ONCE could not replicate it and my patience exhausted. and imagined it would want me to repeat the exercise no.

and i locked in the vault till i complete it excuse me with i go kick something.
 
l0wb1t

l0wb1t

Expert Cheater
Talents
Table Maker
Joined
May 29, 2017
Messages
524
Re: RAGE2 [Engine:APEX]

Coords:
Code:
44 0F 59 59 40
RCX + 00 = X
RCX + 04 = Y
RCX + 08 = Z

Player Base + 28 + 88 = Pointer i use for compare at this loaction.

R12 is holding the Adress.
Code:
HealthBaseMem:
push rdx
mov rdx,[rcx+28]
mov rdx,[rdx+88]
mov [_pTeleport],rdx
pop rdx
...

Code:
TeleportMem:
cmp r12,[_pTeleport]
jne codeTeleport
mov [_pCoords],rcx
....
 

Attachments

SunBeam

SunBeam

Administrator
Staff member
Administrator
Joined
Feb 4, 2018
Messages
3,483
Re: RAGE2 [Engine:APEX]

yeriano said:
please add exp multiple too

thanks :D :D :D
This is the exact reason I'm just hacking what I like in games. Sorry, if you want that, start learning ASM, some reversing and how to use CE for more than just enabling scripts. That way you will be sure you DO ONLY WHAT YOU WANT ;) And won't have to rely on others, like possibly me, to do it for you.
 
TheyCallMeTim13

TheyCallMeTim13

Enchanter
Staff member
Administrator
Fearless Donors
Talents
Joined
Mar 3, 2017
Messages
1,794
Re: RAGE2 [Engine:APEX]

SunBeam said:
...
This is the exact reason I'm just hacking what I like in games. Sorry, if you want that, start learning ASM, some reversing and how to use CE for more than just enabling scripts. That way you will be sure you DO ONLY WHAT YOU WANT ;) And won't have to rely on others, like possibly me, to do it for you.
I'm with you on this, and when there is a full page of the same request all in a row just quite responding to it all together.
 
Larqus

Larqus

Noobzor
Joined
Apr 2, 2018
Messages
9
Re: RAGE2 [Engine:APEX]

SunBeam said:
...
EDIT: APEX is nothing new. It's the same idTech5 Engine I've spoken about in this post ;) --> http://fearlessrevolution.com/viewtopic.php?f=10&t=6790
I understand that I can not do anything there if I do not have the skills of a programmer? ^_^
 
J

jonasbeckman

Expert Cheater
Joined
May 6, 2017
Messages
299
Re: RAGE2 [Engine:APEX]

Looks like the Steam version got patched, Denuvo seems to have been removed as well from what I'm seeing.
(From 480 to 48 MB for the game exe.)

EDIT: https://steamcommunity.com/games/548570/announcements/detail/2565275416672419265

Removes Denuvo DRM (We saw a few requests.)
Enables Crash Reporter for error reporting
Fixes occasional crash related to Scaleform
Fixes occasional crash on startup
Fixes issue where Bethesda.net users would always default to English
Razer Chroma effects enabled by default
 
l0wb1t

l0wb1t

Expert Cheater
Talents
Table Maker
Joined
May 29, 2017
Messages
524
Re: RAGE2 [Engine:APEX]

Rapid Fire
Code:
[ENABLE]

aobscanmodule(_RapidFire,RAGE2.exe,F3 41 0F 10 84 24 58 03 00 00) // should be unique
alloc(newmem,$1000,"RAGE2.exe"+5EADA3)

label(code)
label(return)

newmem:
mov [r12+00000358],(float)10
code:
  movss xmm0,[r12+00000358]
  jmp return

_RapidFire:
  jmp newmem
  nop
  nop
  nop
  nop
  nop
return:
registersymbol(_RapidFire)

[DISABLE]

_RapidFire:
  db F3 41 0F 10 84 24 58 03 00 00

unregistersymbol(_RapidFire)
dealloc(newmem)

Rate Of Fire Multiplier (shared)
Code:
RAGE2.exe+7E3107 - F3 0F59 F4            - mulss xmm6,xmm4
RAGE2.exe+7E310B - F3 0F59 F0            - mulss xmm6,xmm0
RAGE2.exe+7E310F - F3 0F59 B3 6C030000   - mulss xmm6,[rbx+0000036C] <------ Default is 1.0f, lower = Faster
RAGE2.exe+7E3117 - 4D 85 C0              - test r8,r8
 
TheyCallMeTim13

TheyCallMeTim13

Enchanter
Staff member
Administrator
Fearless Donors
Talents
Joined
Mar 3, 2017
Messages
1,794
Re: RAGE2 [Engine:APEX]

Denuvo removed, time to buy a new game. Downloading it now.
 
S

skywolf23

Expert Cheater
Joined
Nov 13, 2017
Messages
81
Re: RAGE2 [Engine:APEX]

LAWL what was the point of denuvo when the bethesda store had NO drm? i am pretty sure codex ripped the beth store game or exe to "crack" the game.

Nm that denuvo has been cracked for months and nothing denuvo has done has changed that most it delays cracking a game a few days.

Now they got the videos showing the denuvo slows the load times down to a stupid degree. because they had one version with it and one version wo on launch day. still think they should have tested on bare min CPUs to see if it tanked fps when you did not have some 12 core 4.8 ghz monster processor to handle that denuvo. vs a 4 core 3.2 ghz or w/e the minimuim was listed for rage.
 
l0wb1t

l0wb1t

Expert Cheater
Talents
Table Maker
Joined
May 29, 2017
Messages
524
Re: RAGE2 [Engine:APEX]

No Spread
Code:
[ENABLE]

aobscanmodule(_NoSpread,RAGE2.exe,F3 0F 10 81 38 04 00 00) // should be unique
alloc(newmem,$1000,"RAGE2.exe"+7E0DAF)

label(code)
label(return)

newmem:

code:
  mov [rcx+00000438],(float)0
  jmp return

_NoSpread:
  jmp newmem
  nop
  nop
  nop
return:
registersymbol(_NoSpread)

[DISABLE]

_NoSpread:
  db F3 0F 10 81 38 04 00 00

unregistersymbol(_NoSpread)
dealloc(newmem)

No Recoil
Code:
[ENABLE]

aobscanmodule(_NoRecoil,RAGE2.exe,F2 0F 11 43 24 89 43 2C F3 41) // should be unique
alloc(newmem,$1000,"RAGE2.exe"+5EAD9B)

label(code)
label(return)

newmem:

code:
  mov [rbx+24],0
    mov [rbx+28],0
      mov [rbx+2C],0
  jmp return

_NoRecoil:
  jmp newmem
return:
registersymbol(_NoRecoil)

[DISABLE]

_NoRecoil:
  db F2 0F 11 43 24

unregistersymbol(_NoRecoil)
dealloc(newmem)
 
Top