Metal Gear Solid V

DrWolfman

Novice Cheater
Aug 10, 2017
15
0
1
#61
ananth post_id=23880 time=1510080555 user_id=9693 said:
Hi, I have a cheat table which has only the Inf Ammo, Supressor, No Reload and Infinite health in place. I am workng on the stealth part of it. If anyone does have an answer to that please help.
Thanks so much for the update! I'm afraid I don't know about the invisibility portion, I asked Kalas through PM and he said that the invisibility was not the portion of the table he worked on.

He suggested contacting Celios or STN about invisibility if perhaps that was their work/project? I do really miss the 6+ months of it working, haha!
 
Nov 15, 2017
5
0
1
#62
ananth post_id=23880 time=1510080555 user_id=9693 said:
Hi, I have a cheat table which has only the Inf Ammo, Supressor, No Reload and Infinite health in place. I am workng on the stealth part of it. If anyone does have an answer to that please help.
would you be able to post this update? thanks!
 

Wyli

What is cheating?
Nov 17, 2017
4
0
1
#63
Using the Invisibility script from the MGSVTPP 1.10 table to compare assembly code, I believe I found the new address.

mgsvtpp.exe+41FC2DB

Unfortunately I am inexperienced with scripts and assembly language, so my attempts to update the old script have proved ineffective :/

Regardless, here it is for anyone that might be able to get us an Invisibility script working again.
 

Wyli

What is cheating?
Nov 17, 2017
4
0
1
#64
I started working on disabling NPC detection with the help of Cheat the Game's YouTube video (https://www.youtube.com/watch?v=vQaDxZCO09Y).

I believe I found the address (07B9D26A), which is a value of "1" when detected and "0" when not detected:

It is written from "mgsvtpp.exe+37190D0" with an opcode of "mov {rcx+0000135A],dl".

I still need to do the break and trace, but I'm getting tired and I'm not sure when I'll get back to this, so here it what I've got so far for whoever cares.
 

Lord Blade

Expert Cheater
Mar 9, 2017
377
1
18
#65
When I play, I use the CE trainer for pretty much everything, except that I also run the CH trainer for the invisibility. :p
 

Wyli

What is cheating?
Nov 17, 2017
4
0
1
#66
Maybe I'll get a $90 lifetime CH membership for Christmas so I can download the trainer ;)
 

Wyli

What is cheating?
Nov 17, 2017
4
0
1
#67
I got a script working that make the player visually undetectable by human NPC's. It doesn't work on animals, so I believe it won't work on enemy vehicles or bosses. I may keep working on making a player completely undetectable, but I'm pretty satisfied with this right now. If I do, I'll post here.
 

Attachments

Lord Blade

Expert Cheater
Mar 9, 2017
377
1
18
#68
Wyli post_id=25395 time=1511054907 user_id=10501 said:
Maybe I'll get a $90 lifetime CH membership for Christmas so I can download the trainer ;)
My wife had actually bought me the lifetime membership years ago. With the amount of trainers I've used, I'd say it was worth it. :p
Though now they're just being greedy and have a lifetime plus membership, that costs monthly to get even more options.
 

windgale

What is cheating?
Nov 23, 2017
3
0
1
#69
[quote="Lord Blade" post_id=25454 time=1511097725 user_id=911]
Wyli post_id=25395 time=1511054907 user_id=10501 said:
Maybe I'll get a $90 lifetime CH membership for Christmas so I can download the trainer ;)
My wife had actually bought me the lifetime membership years ago. With the amount of trainers I've used, I'd say it was worth it. :p
Though now they're just being greedy and have a lifetime plus membership, that costs monthly to get even more options.
[/quote]

Huh, really? I was under the impression the Lifetime Plus was just to get extra RC for game requests and their store. Otherwise it was supposed to be the same as Lifetime.
 

Lord Blade

Expert Cheater
Mar 9, 2017
377
1
18
#70
With the regular Lifetime you now ONLY get full access to trainers. Being able to request new options for existing trainers and the like requires the new Lifetime+ account. Which is BS.
Even the reporting trainers that need updates gets prioritized for lifetime+ members.
 

ToolboyNIN39

What is cheating?
Oct 12, 2017
3
0
1
#71
If anybody cares... I looked to fix the INF HEALTH script on the latest 1.10 ct. I ended up with a small change to the original aob scan. The aob I have is this, now: F3 41 0F 11 16 F3 44 0F 5C E6. Old one was: F3 41 0F 11 16 F3 45 0F 58 C8. What I have gives me Infinite Health at MOST times. Sometimes, more specifically with a heli, bullets can damage my character but not always. I'm sure I am missing something, as I am not very talented in these scripts. I usually just edit aobscans or direct addresses in the scripts or tables. The other one I edited was the INF CLIP script. The new aob for me was: 66 44 89 1C 48 49 8B 4A 58. Old one was: 66 44 89 1C 48 49 8B 4A 50. I hate reloading when I am cheating. LOL. Only one I am struggling with so far is the Reward Editor. I can't get it to find the right aob. If these help you, then Cheers!
 

TheGreatUnknown

What is cheating?
Jul 28, 2017
2
0
1
#72
Here's my inf health script, I believe it writes the health cap each time you get it, I prefer this than just nopping it as if you nop it while injured you'll be stuck with the visual blood effect.
Code:
[ENABLE]

aobscanmodule(aob_Health,mgsvtpp.exe,F3 0F 11 0E F3 45 0F 58 D8) // should be unique
alloc(newmem,$1000,"mgsvtpp.exe"+411FD65)

label(code)
label(return)

newmem:

code:
  movss [rsi],xmm3
  addss xmm11,xmm8
  jmp return

aob_Health:
  jmp newmem
  nop
  nop
  nop
  nop
return:
registersymbol(aob_Health)

[DISABLE]

aob_Health:
  db F3 0F 11 0E F3 45 0F 58 D8

unregistersymbol(aob_Health)
dealloc(newmem)
 

RottenAzzRonnie

What is cheating?
Dec 26, 2017
4
0
1
#73
darkallnight post_id=23614 time=1509912883 user_id=1909 said:
Anyone has a table with the Instant arm charge script? The one where the shock hand thing instantly charges?
I have a slightly older cheat engine (I think I got it back in Feb or March) that has the "Instant Stun Arm" under "character" tab.

I played this about a month or so ago and it still worked. Try it if you'd like and let me know how it works out ;)
 

Attachments

Oct 22, 2017
12
1
1
#74
Sorry for the delayed response. Yes i can share the cheat table. It has the following features available though:


1. Infinite Ammo
2. No Reload
3. Infinite Suppressor
4. Health base address & Infinite Health script
5. Infinite Stun Arm Battery
6. 5000000 GMP and GMP base address
7. Base addresses for all plants
8. 100 Headshots in main mission, (Shoot once to make the count hit 100 headshots and deactivate, if not deactivated game gets stuck) (helps with S ranking missions adds 100000 points to final mission ranking)
9. 999 Take downs (same logic to be applied as per the headshots cheat. Activate takedown and immediately deactivate. Adds 30000 points to final mission ranking)
10. Materials Processed Base Address
11. Infinite timer for count downs
12. Stealth Camo PP Unlimited usage
13. Stealth against enemies (Doesnt work when you bump into enemies and when riding a vehicle or on D-horse) (thanks to wyli for the code i just added it.)

Working on other stealth aspects and instant charge of stun arm.
 

Attachments

Oct 22, 2017
12
1
1
#76
Can you put a video on how you arrived at the address. That could help me with other games as well. If you could do a video with mgsv that would help.
 

DrWolfman

Novice Cheater
Aug 10, 2017
15
0
1
#78
ananth, |

I really hope you can get an update for that information about the address for invisibility--- I know that's something that has been broken for months (since the Play as Ocelot Update). I have been checking this thread whenever I think about it, hoping that can be updated.

Kalas told me that the invisibility was not his work and suggested contacting Celios for info on the invisibility address?

Wish I could personally help you more :-(

Best regards,
 

DeadCraft

Expert Cheater
Apr 4, 2017
57
0
6
#79
Invisibility I fixed myself from the first days. But only for personal use
At least somehow online has become brisk
 

TheyCallMeTim13

Wiki Monster
Talents
Fearless Donors
Mar 3, 2017
411
45
28
#80
I don't know where the hell I got this, but with this script:
Code:
{Game  : mgsvtpp.exe
Version: 1.09}
[ENABLE]
aobscanmodule(nd_aob,mgsvtpp.exe,89 8F 98 00 00 00 44 89 6C 24 28) // should be unique
alloc(newmem,$1000,"mgsvtpp.exe"+140E6408)
alloc(originalbytes,12)
alloc(memlocation,100)
alloc(valueadd,100)
registersymbol(originalbytes)

label(return)

memlocation:
 dd 0

valueadd:
  dd (float)1000

originalbytes:
  readmem(nd_aob,12)

newmem:
  mov [memlocation],ecx
  fld dword ptr [memlocation]
  fadd dword ptr [valueadd]
  fstp dword ptr [memlocation]
  mov ecx,[memlocation]
  mov [rdi+00000098],ecx
  jmp return

nd_aob:
  jmp newmem
  nop
return:
registersymbol(nd_aob)

[DISABLE]
nd_aob:
  readmem(originalbytes,12)

unregistersymbol(nd_aob)
unregistersymbol(originalbytes)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "mgsvtpp.exe"+40E6408

"mgsvtpp.exe"+40E63DD: 48 8B 86 C8 00 00 00        -  mov rax,[rsi+000000C8]
"mgsvtpp.exe"+40E63E4: 4C 8B 01                    -  mov r8,[rcx]
"mgsvtpp.exe"+40E63E7: F3 0F 10 14 98              -  movss xmm2,[rax+rbx*4]
"mgsvtpp.exe"+40E63EC: 41 FF 50 08                 -  call qword ptr [r8+08]
"mgsvtpp.exe"+40E63F0: 48 8B 86 D0 00 00 00        -  mov rax,[rsi+000000D0]
"mgsvtpp.exe"+40E63F7: 44 8B 7C 24 40              -  mov r15d,[rsp+40]
"mgsvtpp.exe"+40E63FC: 8B 0C 98                    -  mov ecx,[rax+rbx*4]
"mgsvtpp.exe"+40E63FF: 41 FF C5                    -  inc r13d
"mgsvtpp.exe"+40E6402: 41 D1 C7                    -  rol r15d,1
"mgsvtpp.exe"+40E6405: 48 FF C3                    -  inc rbx
// ---------- INJECTING HERE ----------
"mgsvtpp.exe"+40E6408: 89 8F 98 00 00 00           -  mov [rdi+00000098],ecx
// ---------- DONE INJECTING  ----------
"mgsvtpp.exe"+40E640E: 44 89 6C 24 28              -  mov [rsp+28],r13d
"mgsvtpp.exe"+40E6413: 44 89 7C 24 40              -  mov [rsp+40],r15d
"mgsvtpp.exe"+40E6418: 48 89 5C 24 50              -  mov [rsp+50],rbx
"mgsvtpp.exe"+40E641D: 44 3B 6C 24 60              -  cmp r13d,[rsp+60]
"mgsvtpp.exe"+40E6422: 0F 82 3C E9 FF FF           -  jb mgsvtpp.exe+40E4D64
"mgsvtpp.exe"+40E6428: 31 C0                       -  xor eax,eax
"mgsvtpp.exe"+40E642A: 44 8D 40 01                 -  lea r8d,[rax+01]
"mgsvtpp.exe"+40E642E: 83 7C 24 60 00              -  cmp dword ptr [rsp+60],00
"mgsvtpp.exe"+40E6433: 0F 28 05 C6 07 F3 FD        -  movaps xmm0,[mgsvtpp.exe+2016C00]
"mgsvtpp.exe"+40E643A: 89 C7                       -  mov edi,eax
}
And after many tries, I was able to come up with this byte scan pattern (At the very bottom):
Code:
31xx44xxxxxx83xxxxxxxx0Fxxxxxxxxxxxx
And found the code that had shifted.

Here is my working script:
Code:
{
	Process			: mgsvtpp.exe  -  (x64)
	Module			: vstdlib_s64.dll  -  000000000006B000
	Game Title		: Metal Gear Solid 5 Phantom Pain
	Game Version	: 1.0.12.0
	CE Version		: 6.7
	Script Version	: 0.0.1
	Date			: 01/10/18
	Author			: TheyCallMeTim13
	Name			: VisiblityHook

	Visiblity Hook
}


define(address, mgsvtpp.exe+41FC2DB)
define(bytes, 89 8F 98 00 00 00)

////
//// ------------------------------ ENABLE ------------------------------
[ENABLE]
aobScanModule(aobVisiblityHook, mgsvtpp.exe, 89xxxxxxxxxx89xxxxxx44xxxxxxxx48xxxxxxxx3Bxxxxxx0F82xxxxxxxx31xx44xxxxxx83xxxxxxxx0F28xxxxxxxxxx41xxxx48xxxx44xxxxC6xxxxxxxx0F29xxxx89xxxxxx0F86xxxxxxxxF3xxxxxxxxxxF3xxxxxxxxxxF3xxxxxxxxxxF3xxxxxxxxxxxxxxxx)
define(injVisiblityHook, aobVisiblityHook)
assert(injVisiblityHook, bytes)
registerSymbol(injVisiblityHook)

alloc(memVisiblityHook, 0x400, injVisiblityHook)

label(ptrVisiblityHook)
registerSymbol(ptrVisiblityHook)

label(n_code)
label(o_code)
label(exit)
label(return)

memVisiblityHook:
	ptrVisiblityHook:
		dq 0
	n_code:
		mov [ptrVisiblityHook],rdi
		mov ecx,(float)10000
	o_code:
		mov [rdi+00000098],ecx
	exit:
		jmp return


////
//// ---------- Injection Point ----------
injVisiblityHook:
	jmp n_code
	nop
	return:


////
//// ------------------------------ DISABLE ------------------------------
[DISABLE]
////
//// ---------- Injection Point ----------
injVisiblityHook:
	db bytes

unregisterSymbol(injVisiblityHook)
unregisterSymbol(ptrVisiblityHook)

dealloc(memVisiblityHook)

{
//// Injection Point: mgsvtpp.exe+41FC2DB  -  00000001441FC2DB
//// Process: mgsvtpp.exe  -  0000000140000000
//// Module: vstdlib_s64.dll  -  0000000073690000
mgsvtpp.exe+41FC27D:  66 89 8F 8C000000           -  mov [rdi+0000008C],cx              
mgsvtpp.exe+41FC284:  49 8B 85 90000000           -  mov rax,[r13+00000090]             
mgsvtpp.exe+41FC28B:  8B 14 B0                    -  mov edx,[rax+rsi*4]                
mgsvtpp.exe+41FC28E:  49 8B 85 88000000           -  mov rax,[r13+00000088]             
mgsvtpp.exe+41FC295:  8B 0C B0                    -  mov ecx,[rax+rsi*4]                
mgsvtpp.exe+41FC298:  89 97 94000000              -  mov [rdi+00000094],edx             
mgsvtpp.exe+41FC29E:  89 DA                       -  mov edx,ebx                        
mgsvtpp.exe+41FC2A0:  89 8F 90000000              -  mov [rdi+00000090],ecx             
mgsvtpp.exe+41FC2A6:  49 8B 46 50                 -  mov rax,[r14+50]                   
mgsvtpp.exe+41FC2AA:  48 8B 88 30010000           -  mov rcx,[rax+00000130]             
mgsvtpp.exe+41FC2B1:  49 8B 85 C8000000           -  mov rax,[r13+000000C8]             
mgsvtpp.exe+41FC2B8:  4C 8B 01                    -  mov r8,[rcx]                       
mgsvtpp.exe+41FC2BB:  F3 0F10 14 B0               -  movss xmm2,[rax+rsi*4]             
mgsvtpp.exe+41FC2C0:  41 FF 50 08                 -  call qword ptr [r8+08]             
mgsvtpp.exe+41FC2C4:  49 8B 85 D0000000           -  mov rax,[r13+000000D0]             
mgsvtpp.exe+41FC2CB:  44 8B 7C 24 40              -  mov r15d,[rsp+40]                  
mgsvtpp.exe+41FC2D0:  8B 0C B0                    -  mov ecx,[rax+rsi*4]                
mgsvtpp.exe+41FC2D3:  FF C3                       -  inc ebx                            
mgsvtpp.exe+41FC2D5:  41 D1 C7                    -  rol r15d,1                         
mgsvtpp.exe+41FC2D8:  48 FF C6                    -  inc rsi                            
////  INJECTING START  ----------------------------------------------------------
mgsvtpp.exe+41FC2DB:  89 8F 98000000              -  mov [rdi+00000098],ecx             
////  INJECTING END  ----------------------------------------------------------
mgsvtpp.exe+41FC2E1:  89 5C 24 2C                 -  mov [rsp+2C],ebx                   
mgsvtpp.exe+41FC2E5:  44 89 7C 24 40              -  mov [rsp+40],r15d                  
mgsvtpp.exe+41FC2EA:  48 89 74 24 50              -  mov [rsp+50],rsi                   
mgsvtpp.exe+41FC2EF:  3B 5C 24 60                 -  cmp ebx,[rsp+60]                   
mgsvtpp.exe+41FC2F3:  0F82 3BE9FFFF               -  jb 1441FAC34                       
mgsvtpp.exe+41FC2F9:  31 C0                       -  xor eax,eax                        
mgsvtpp.exe+41FC2FB:  44 8D 40 01                 -  lea r8d,[rax+01]                   
mgsvtpp.exe+41FC2FF:  83 7C 24 60 00              -  cmp dword ptr [rsp+60],00          
mgsvtpp.exe+41FC304:  0F28 05 55BEE9FD            -  movaps xmm0,[142098160]            [(float)1.0000]
mgsvtpp.exe+41FC30B:  41 89 C7                    -  mov r15d,eax                       
mgsvtpp.exe+41FC30E:  48 89 C7                    -  mov rdi,rax                        
mgsvtpp.exe+41FC311:  44 89 C0                    -  mov eax,r8d                        
mgsvtpp.exe+41FC314:  C6 44 24 20 01              -  mov byte ptr [rsp+20],01           
mgsvtpp.exe+41FC319:  0F29 45 80                  -  movaps [rbp-80],xmm0               
mgsvtpp.exe+41FC31D:  89 44 24 3C                 -  mov [rsp+3C],eax                   
mgsvtpp.exe+41FC321:  0F86 D1090000               -  jbe 1441FCCF8                      
mgsvtpp.exe+41FC327:  F3 44 0F10 6D 88            -  movss xmm13,[rbp-78]               
mgsvtpp.exe+41FC32D:  F3 44 0F10 75 84            -  movss xmm14,[rbp-7C]               
mgsvtpp.exe+41FC333:  F3 44 0F10 7D 80            -  movss xmm15,[rbp-80]               
mgsvtpp.exe+41FC339:  F3 44 0F10 25 865EF1FD      -  movss xmm12,[1421121C8]            [(float)-0.1000]
//// Template: I2CEA_AOBFullInjectionWithValues
//// Generated with: I2 Cheat Engine Auto Assembler Script Template Generator
//// Code Happy, Code Freely, Be Awesome.
}

{// 31xx44xxxxxx83xxxxxxxx0Fxxxxxxxxxxxx
// ORIGINAL CODE - INJECTION POINT: "mgsvtpp.exe"+40E6408

"mgsvtpp.exe"+40E63DD: 48 8B 86 C8 00 00 00        -  mov rax,[rsi+000000C8]
"mgsvtpp.exe"+40E63E4: 4C 8B 01                    -  mov r8,[rcx]
"mgsvtpp.exe"+40E63E7: F3 0F 10 14 98              -  movss xmm2,[rax+rbx*4]
"mgsvtpp.exe"+40E63EC: 41 FF 50 08                 -  call qword ptr [r8+08]
"mgsvtpp.exe"+40E63F0: 48 8B 86 D0 00 00 00        -  mov rax,[rsi+000000D0]
"mgsvtpp.exe"+40E63F7: 44 8B 7C 24 40              -  mov r15d,[rsp+40]
"mgsvtpp.exe"+40E63FC: 8B 0C 98                    -  mov ecx,[rax+rbx*4]
"mgsvtpp.exe"+40E63FF: 41 FF C5                    -  inc r13d
"mgsvtpp.exe"+40E6402: 41 D1 C7                    -  rol r15d,1
"mgsvtpp.exe"+40E6405: 48 FF C3                    -  inc rbx
// ---------- INJECTING HERE ----------
"mgsvtpp.exe"+40E6408: 89 8F 98 00 00 00           -  mov [rdi+00000098],ecx
// ---------- DONE INJECTING  ----------
"mgsvtpp.exe"+40E640E: 44 89 6C 24 28              -  mov [rsp+28],r13d
"mgsvtpp.exe"+40E6413: 44 89 7C 24 40              -  mov [rsp+40],r15d
"mgsvtpp.exe"+40E6418: 48 89 5C 24 50              -  mov [rsp+50],rbx
"mgsvtpp.exe"+40E641D: 44 3B 6C 24 60              -  cmp r13d,[rsp+60]
"mgsvtpp.exe"+40E6422: 0F 82 3C E9 FF FF           -  jb mgsvtpp.exe+40E4D64
"mgsvtpp.exe"+40E6428: 31 C0                       -  xor eax,eax
"mgsvtpp.exe"+40E642A: 44 8D 40 01                 -  lea r8d,[rax+01]
"mgsvtpp.exe"+40E642E: 83 7C 24 60 00              -  cmp dword ptr [rsp+60],00
"mgsvtpp.exe"+40E6433: 0F 28 05 C6 07 F3 FD        -  movaps xmm0,[mgsvtpp.exe+2016C00]
"mgsvtpp.exe"+40E643A: 89 C7                       -  mov edi,eax
}
So who ever's script the first one was, thank you for having the original code in the script.

Because I was not finding that value for some reason!

Again thank you!
 
Top Bottom