Metal Gear Solid V

Razer1991

What is cheating?
Nov 25, 2017
2
0
1
#81
Anyone knows how to find the base address for the enemy preparadness? (the icons you see of the map, soldiers using helmets, etc) i tried with the pointer scan method but didn't work i also tried to "extract" the base address using the globalalloc in my auto assembler script but that didn't work either. The problem is that the address change everytime i open the game again i know the values goes from 0 to 3 so is kinda "easy" to find it and the address i find always end with 90/91/92/93/94/95 but still i can't find any method to get the base address from it if anyone knows and can tell me it would be great :p
 

ToolboyNIN39

What is cheating?
Oct 12, 2017
3
0
1
#82
Another thing I was able to update on my own was the AOBscan for the reward editor. Old one was: 80 B8 30 30 00 00 00. The updated version I found was just one byte off: 80 B8 31 30 00 00 00. Only problem is I don't know how they handle quantities in it, now. Not sure if there are new offsets in the last updates or if the offset for quantity has changed since then. Most of the offsets are correct and true. Just "quantity" is the only one, so far, that does not seem to work. If this itty bitty update helps you, then Happy Gaming. If someone can point out how to tweak the quantity in rewards, that'd be awsum and appreciated. I know we can just edit our roster and edit our current resources, but I just thought that updating this bit would be nice for whatever reason folks might have for wanting to use this particular method. :D
 

DrWolfman

Novice Cheater
Aug 10, 2017
15
0
1
#83
TheyCallMeTim13 post_id=29798 time=1515582093 user_id=91 said:
I don't know where the hell I got this, but with this script:
Code:
{Game  : mgsvtpp.exe
Version: 1.09}
[ENABLE]
aobscanmodule(nd_aob,mgsvtpp.exe,89 8F 98 00 00 00 44 89 6C 24 28) // should be unique
alloc(newmem,$1000,"mgsvtpp.exe"+140E6408)
alloc(originalbytes,12)
alloc(memlocation,100)
alloc(valueadd,100)
registersymbol(originalbytes)

label(return)

memlocation:
 dd 0

valueadd:
  dd (float)1000

originalbytes:
  readmem(nd_aob,12)

newmem:
  mov [memlocation],ecx
  fld dword ptr [memlocation]
  fadd dword ptr [valueadd]
  fstp dword ptr [memlocation]
  mov ecx,[memlocation]
  mov [rdi+00000098],ecx
  jmp return

nd_aob:
  jmp newmem
  nop
return:
registersymbol(nd_aob)

[DISABLE]
nd_aob:
  readmem(originalbytes,12)

unregistersymbol(nd_aob)
unregistersymbol(originalbytes)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "mgsvtpp.exe"+40E6408

"mgsvtpp.exe"+40E63DD: 48 8B 86 C8 00 00 00        -  mov rax,[rsi+000000C8]
"mgsvtpp.exe"+40E63E4: 4C 8B 01                    -  mov r8,[rcx]
"mgsvtpp.exe"+40E63E7: F3 0F 10 14 98              -  movss xmm2,[rax+rbx*4]
"mgsvtpp.exe"+40E63EC: 41 FF 50 08                 -  call qword ptr [r8+08]
"mgsvtpp.exe"+40E63F0: 48 8B 86 D0 00 00 00        -  mov rax,[rsi+000000D0]
"mgsvtpp.exe"+40E63F7: 44 8B 7C 24 40              -  mov r15d,[rsp+40]
"mgsvtpp.exe"+40E63FC: 8B 0C 98                    -  mov ecx,[rax+rbx*4]
"mgsvtpp.exe"+40E63FF: 41 FF C5                    -  inc r13d
"mgsvtpp.exe"+40E6402: 41 D1 C7                    -  rol r15d,1
"mgsvtpp.exe"+40E6405: 48 FF C3                    -  inc rbx
// ---------- INJECTING HERE ----------
"mgsvtpp.exe"+40E6408: 89 8F 98 00 00 00           -  mov [rdi+00000098],ecx
// ---------- DONE INJECTING  ----------
"mgsvtpp.exe"+40E640E: 44 89 6C 24 28              -  mov [rsp+28],r13d
"mgsvtpp.exe"+40E6413: 44 89 7C 24 40              -  mov [rsp+40],r15d
"mgsvtpp.exe"+40E6418: 48 89 5C 24 50              -  mov [rsp+50],rbx
"mgsvtpp.exe"+40E641D: 44 3B 6C 24 60              -  cmp r13d,[rsp+60]
"mgsvtpp.exe"+40E6422: 0F 82 3C E9 FF FF           -  jb mgsvtpp.exe+40E4D64
"mgsvtpp.exe"+40E6428: 31 C0                       -  xor eax,eax
"mgsvtpp.exe"+40E642A: 44 8D 40 01                 -  lea r8d,[rax+01]
"mgsvtpp.exe"+40E642E: 83 7C 24 60 00              -  cmp dword ptr [rsp+60],00
"mgsvtpp.exe"+40E6433: 0F 28 05 C6 07 F3 FD        -  movaps xmm0,[mgsvtpp.exe+2016C00]
"mgsvtpp.exe"+40E643A: 89 C7                       -  mov edi,eax
}
And after many tries, I was able to come up with this byte scan pattern (At the very bottom):
Code:
31xx44xxxxxx83xxxxxxxx0Fxxxxxxxxxxxx
And found the code that had shifted.

Here is my working script:
Code:
{
	Process			: mgsvtpp.exe  -  (x64)
	Module			: vstdlib_s64.dll  -  000000000006B000
	Game Title		: Metal Gear Solid 5 Phantom Pain
	Game Version	: 1.0.12.0
	CE Version		: 6.7
	Script Version	: 0.0.1
	Date			: 01/10/18
	Author			: TheyCallMeTim13
	Name			: VisiblityHook

	Visiblity Hook
}


define(address, mgsvtpp.exe+41FC2DB)
define(bytes, 89 8F 98 00 00 00)

////
//// ------------------------------ ENABLE ------------------------------
[ENABLE]
aobScanModule(aobVisiblityHook, mgsvtpp.exe, 89xxxxxxxxxx89xxxxxx44xxxxxxxx48xxxxxxxx3Bxxxxxx0F82xxxxxxxx31xx44xxxxxx83xxxxxxxx0F28xxxxxxxxxx41xxxx48xxxx44xxxxC6xxxxxxxx0F29xxxx89xxxxxx0F86xxxxxxxxF3xxxxxxxxxxF3xxxxxxxxxxF3xxxxxxxxxxF3xxxxxxxxxxxxxxxx)
define(injVisiblityHook, aobVisiblityHook)
assert(injVisiblityHook, bytes)
registerSymbol(injVisiblityHook)

alloc(memVisiblityHook, 0x400, injVisiblityHook)

label(ptrVisiblityHook)
registerSymbol(ptrVisiblityHook)

label(n_code)
label(o_code)
label(exit)
label(return)

memVisiblityHook:
	ptrVisiblityHook:
		dq 0
	n_code:
		mov [ptrVisiblityHook],rdi
		mov ecx,(float)10000
	o_code:
		mov [rdi+00000098],ecx
	exit:
		jmp return


////
//// ---------- Injection Point ----------
injVisiblityHook:
	jmp n_code
	nop
	return:


////
//// ------------------------------ DISABLE ------------------------------
[DISABLE]
////
//// ---------- Injection Point ----------
injVisiblityHook:
	db bytes

unregisterSymbol(injVisiblityHook)
unregisterSymbol(ptrVisiblityHook)

dealloc(memVisiblityHook)

{
//// Injection Point: mgsvtpp.exe+41FC2DB  -  00000001441FC2DB
//// Process: mgsvtpp.exe  -  0000000140000000
//// Module: vstdlib_s64.dll  -  0000000073690000
mgsvtpp.exe+41FC27D:  66 89 8F 8C000000           -  mov [rdi+0000008C],cx              
mgsvtpp.exe+41FC284:  49 8B 85 90000000           -  mov rax,[r13+00000090]             
mgsvtpp.exe+41FC28B:  8B 14 B0                    -  mov edx,[rax+rsi*4]                
mgsvtpp.exe+41FC28E:  49 8B 85 88000000           -  mov rax,[r13+00000088]             
mgsvtpp.exe+41FC295:  8B 0C B0                    -  mov ecx,[rax+rsi*4]                
mgsvtpp.exe+41FC298:  89 97 94000000              -  mov [rdi+00000094],edx             
mgsvtpp.exe+41FC29E:  89 DA                       -  mov edx,ebx                        
mgsvtpp.exe+41FC2A0:  89 8F 90000000              -  mov [rdi+00000090],ecx             
mgsvtpp.exe+41FC2A6:  49 8B 46 50                 -  mov rax,[r14+50]                   
mgsvtpp.exe+41FC2AA:  48 8B 88 30010000           -  mov rcx,[rax+00000130]             
mgsvtpp.exe+41FC2B1:  49 8B 85 C8000000           -  mov rax,[r13+000000C8]             
mgsvtpp.exe+41FC2B8:  4C 8B 01                    -  mov r8,[rcx]                       
mgsvtpp.exe+41FC2BB:  F3 0F10 14 B0               -  movss xmm2,[rax+rsi*4]             
mgsvtpp.exe+41FC2C0:  41 FF 50 08                 -  call qword ptr [r8+08]             
mgsvtpp.exe+41FC2C4:  49 8B 85 D0000000           -  mov rax,[r13+000000D0]             
mgsvtpp.exe+41FC2CB:  44 8B 7C 24 40              -  mov r15d,[rsp+40]                  
mgsvtpp.exe+41FC2D0:  8B 0C B0                    -  mov ecx,[rax+rsi*4]                
mgsvtpp.exe+41FC2D3:  FF C3                       -  inc ebx                            
mgsvtpp.exe+41FC2D5:  41 D1 C7                    -  rol r15d,1                         
mgsvtpp.exe+41FC2D8:  48 FF C6                    -  inc rsi                            
////  INJECTING START  ----------------------------------------------------------
mgsvtpp.exe+41FC2DB:  89 8F 98000000              -  mov [rdi+00000098],ecx             
////  INJECTING END  ----------------------------------------------------------
mgsvtpp.exe+41FC2E1:  89 5C 24 2C                 -  mov [rsp+2C],ebx                   
mgsvtpp.exe+41FC2E5:  44 89 7C 24 40              -  mov [rsp+40],r15d                  
mgsvtpp.exe+41FC2EA:  48 89 74 24 50              -  mov [rsp+50],rsi                   
mgsvtpp.exe+41FC2EF:  3B 5C 24 60                 -  cmp ebx,[rsp+60]                   
mgsvtpp.exe+41FC2F3:  0F82 3BE9FFFF               -  jb 1441FAC34                       
mgsvtpp.exe+41FC2F9:  31 C0                       -  xor eax,eax                        
mgsvtpp.exe+41FC2FB:  44 8D 40 01                 -  lea r8d,[rax+01]                   
mgsvtpp.exe+41FC2FF:  83 7C 24 60 00              -  cmp dword ptr [rsp+60],00          
mgsvtpp.exe+41FC304:  0F28 05 55BEE9FD            -  movaps xmm0,[142098160]            [(float)1.0000]
mgsvtpp.exe+41FC30B:  41 89 C7                    -  mov r15d,eax                       
mgsvtpp.exe+41FC30E:  48 89 C7                    -  mov rdi,rax                        
mgsvtpp.exe+41FC311:  44 89 C0                    -  mov eax,r8d                        
mgsvtpp.exe+41FC314:  C6 44 24 20 01              -  mov byte ptr [rsp+20],01           
mgsvtpp.exe+41FC319:  0F29 45 80                  -  movaps [rbp-80],xmm0               
mgsvtpp.exe+41FC31D:  89 44 24 3C                 -  mov [rsp+3C],eax                   
mgsvtpp.exe+41FC321:  0F86 D1090000               -  jbe 1441FCCF8                      
mgsvtpp.exe+41FC327:  F3 44 0F10 6D 88            -  movss xmm13,[rbp-78]               
mgsvtpp.exe+41FC32D:  F3 44 0F10 75 84            -  movss xmm14,[rbp-7C]               
mgsvtpp.exe+41FC333:  F3 44 0F10 7D 80            -  movss xmm15,[rbp-80]               
mgsvtpp.exe+41FC339:  F3 44 0F10 25 865EF1FD      -  movss xmm12,[1421121C8]            [(float)-0.1000]
//// Template: I2CEA_AOBFullInjectionWithValues
//// Generated with: I2 Cheat Engine Auto Assembler Script Template Generator
//// Code Happy, Code Freely, Be Awesome.
}

{// 31xx44xxxxxx83xxxxxxxx0Fxxxxxxxxxxxx
// ORIGINAL CODE - INJECTION POINT: "mgsvtpp.exe"+40E6408

"mgsvtpp.exe"+40E63DD: 48 8B 86 C8 00 00 00        -  mov rax,[rsi+000000C8]
"mgsvtpp.exe"+40E63E4: 4C 8B 01                    -  mov r8,[rcx]
"mgsvtpp.exe"+40E63E7: F3 0F 10 14 98              -  movss xmm2,[rax+rbx*4]
"mgsvtpp.exe"+40E63EC: 41 FF 50 08                 -  call qword ptr [r8+08]
"mgsvtpp.exe"+40E63F0: 48 8B 86 D0 00 00 00        -  mov rax,[rsi+000000D0]
"mgsvtpp.exe"+40E63F7: 44 8B 7C 24 40              -  mov r15d,[rsp+40]
"mgsvtpp.exe"+40E63FC: 8B 0C 98                    -  mov ecx,[rax+rbx*4]
"mgsvtpp.exe"+40E63FF: 41 FF C5                    -  inc r13d
"mgsvtpp.exe"+40E6402: 41 D1 C7                    -  rol r15d,1
"mgsvtpp.exe"+40E6405: 48 FF C3                    -  inc rbx
// ---------- INJECTING HERE ----------
"mgsvtpp.exe"+40E6408: 89 8F 98 00 00 00           -  mov [rdi+00000098],ecx
// ---------- DONE INJECTING  ----------
"mgsvtpp.exe"+40E640E: 44 89 6C 24 28              -  mov [rsp+28],r13d
"mgsvtpp.exe"+40E6413: 44 89 7C 24 40              -  mov [rsp+40],r15d
"mgsvtpp.exe"+40E6418: 48 89 5C 24 50              -  mov [rsp+50],rbx
"mgsvtpp.exe"+40E641D: 44 3B 6C 24 60              -  cmp r13d,[rsp+60]
"mgsvtpp.exe"+40E6422: 0F 82 3C E9 FF FF           -  jb mgsvtpp.exe+40E4D64
"mgsvtpp.exe"+40E6428: 31 C0                       -  xor eax,eax
"mgsvtpp.exe"+40E642A: 44 8D 40 01                 -  lea r8d,[rax+01]
"mgsvtpp.exe"+40E642E: 83 7C 24 60 00              -  cmp dword ptr [rsp+60],00
"mgsvtpp.exe"+40E6433: 0F 28 05 C6 07 F3 FD        -  movaps xmm0,[mgsvtpp.exe+2016C00]
"mgsvtpp.exe"+40E643A: 89 C7                       -  mov edi,eax
}
So who ever's script the first one was, thank you for having the original code in the script.

Because I was not finding that value for some reason!

Again thank you!
That did the trick! Thank you tremendously for sharing that! So it is likely that if it stops working again in the near future that the code shifted? I remember back with MGSVTPP updates were regular it would end up broken/shifted every month or two, then a long stretch of almost a year when it didn't.

At any rate, you rock! Hope you're having an awesome night!
 

TheyCallMeTim13

Wiki Monster
Talents
Fearless Donors
Mar 3, 2017
418
46
28
#85
If you don't mind helping in testing, then here is a starter table I am still working on. The teleporter is new so not 100% on it, and in my game I'm having to subtract 1000 from the way point y coordinate, so that my not work on yours (it's a setting that can be changed).



If you have any questions let me know.

EDIT:
Updated


If you have any saves for the teleporter just save the "I2CETeleporterSaves.txt" to disk then delete it from the new table files and add your file to the table files of the new table and reload the table, though this will strip the signature.
 

Attachments

TheyCallMeTim13

Wiki Monster
Talents
Fearless Donors
Mar 3, 2017
418
46
28
#87
No worries, edited my last post with an update. It has some directions for the teleporter, plus an improved "Weapon Accuracy Hook".

Do let me know if the table is working or not, please.
 

pk5547

What is cheating?
Mar 4, 2017
3
0
1
#88
TheyCallMeTim13 post_id=30102 time=1516070892 user_id=91 said:
No worries, edited my last post with an update. It has some directions for the teleporter, plus an improved "Weapon Accuracy Hook".

Do let me know if the table is working or not, please.
Thanks for table. But I got error when loading table.

I have steam version of MGSV GZ (JAP VOICE).

Error:[string "--[==========================================..."]:461: attempt to index a nil value (global 'MainForm')
Error:[string "--[==========================================..."]:491: attempt to call a nil value (global 'getAddressSafe')
 
Sep 24, 2017
9
0
1
#89
to metal gear ground zeroes v1.0.0.5 with cheat table is possible freeze mission timer to 0:00
 

TheyCallMeTim13

Wiki Monster
Talents
Fearless Donors
Mar 3, 2017
418
46
28
#90
pk5547 post_id=30110 time=1516086618 user_id=638 said:
Thanks for table. But I got error when loading table.

I have steam version of MGSV GZ (JAP VOICE).

Error:[string "--[==========================================..."]:461: attempt to index a nil value (global 'MainForm')
Error:[string "--[==========================================..."]:491: attempt to call a nil value (global 'getAddressSafe')
"MainForm" and "getAddressSafe" are new to Cheat Engine, I don't remember what version, but mine requires 6.7 for "autoAssembleCheck", I forgot to put in the version check.

So you will have to down load the new version of Cheat Engine.
 

TheyCallMeTim13

Wiki Monster
Talents
Fearless Donors
Mar 3, 2017
418
46
28
#91
snake.0 post_id=30122 time=1516099262 user_id=8766 said:
to metal gear ground zeroes v1.0.0.5 with cheat table is possible freeze mission timer to 0:00
I see if I can find it.
 

pk5547

What is cheating?
Mar 4, 2017
3
0
1
#92
TheyCallMeTim13 post_id=30123 time=1516099283 user_id=91 said:
pk5547 post_id=30110 time=1516086618 user_id=638 said:
Thanks for table. But I got error when loading table.

I have steam version of MGSV GZ (JAP VOICE).

Error:[string "--[==========================================..."]:461: attempt to index a nil value (global 'MainForm')
Error:[string "--[==========================================..."]:491: attempt to call a nil value (global 'getAddressSafe')
"MainForm" and "getAddressSafe" are new to Cheat Engine, I don't remember what version, but mine requires 6.7 for "autoAssembleCheck", I forgot to put in the version check.

So you will have to down load the new version of Cheat Engine.
Sorry for annoying you. i install CE 6.7 and got a another error....

I2Logger.I2CETC: autoAssembleFile: Error assembling file: "CoordHook.CEA"
 

TheyCallMeTim13

Wiki Monster
Talents
Fearless Donors
Mar 3, 2017
418
46
28
#93
That means the script fails assembly, it may be the AOB or the assert.

What version of the game are you using?

Do an AOB scan (with the main form scanner) to see if you find the code, if so copy and paste all surrounding code here in a code block and we might be able to make a working script, if not then we my need to try some different byte scans to try and find it.

here is the byte scan for the CoordHook:
Code:
0F28xxxx0F5Cxxxxxx0F59xx0F28xx0F28xx0FC6xxxx0FC6xxxx0FC6xxxx0F58xx0F58xx0F51xxF3xxxxxx0F2Fxxxxxxxxxx76xx83xxxx89xxxxxxxxxx48xxxxxx48xxxxxx48xxxxxx48xxxxxx49xxxx48xxxx48xxxxxxxx48xxxxxxxx48xxxxxxxxxxxx4Cxxxxxxxx4Cxxxxxxxx48xxxx48xxxxxxxx
Run this in the Lua Engine form to disable compact mode:
Code:
disableCompactMode()
 
Nov 15, 2017
5
0
1
#94
great work on the new table for MGSV

the only annoying thing about it is the fact that the infinite health doesn't prevent you from dying to fall damage like the one in the old table did, so using the teleport function of the old table kills you most of the time

does anyone know a solution to this? you also can't jump off the top of your base towers anymore lol
 

TheyCallMeTim13

Wiki Monster
Talents
Fearless Donors
Mar 3, 2017
418
46
28
#95
ofcourse post_id=30302 time=1516398695 user_id=10463 said:
great work on the new table for MGSV

the only annoying thing about it is the fact that the infinite health doesn't prevent you from dying to fall damage like the one in the old table did, so using the teleport function of the old table kills you most of the time

does anyone know a solution to this? you also can't jump off the top of your base towers anymore lol
If you are talking about MGSV TPP (haven't figured it out on MGS GZ), then this is the health write hook I came up with. I hadn't checked before, but in testing I can jump from any height and not die. And It's not effecting combatants.

Note that all I did was where you find the displayed health is written to, it is written to from a float, and the float seems to be where the real value is calculated and death is determined.
Code:
{
	Process			: mgsvtpp.exe  -  (x64)
	Module			: mgsvtpp.exe
	Game Title		: Metal Gear Solid 5 Phantom Pain
	Game Version	: 1.0.12.0
	CE Version		: 6.7
	Script Version	: 0.0.1
	Date			: 01/19/18
	Author			: TheyCallMeTim13
	Name			: HealthWrtHook

	Health Wrt Hook
	
	[RSI] = health
	[RSI+4] = Health max
	xmm8 = damage value
}

{$STRICT}

define(address, mgsvtpp.exe+411FD3A)
define(bytes, F3 0F 10 0E F3 0F 10 5E 04)

////
//// ------------------------------ ENABLE ------------------------------
[ENABLE]
aobScanModule(aobHealthWrtHook, mgsvtpp.exe, 39xx0F47xx89xx35xxxxxxxx81xxxxxxxxxx41xxxxxx41xxxxxxB8xxxxxxxx66xxxxxx0F2FxxF3xxxxxxF3xxxxxxxx0F93xxF3xxxxxxxx0F2Fxx73xx0F28xx0F28xxF3xxxxxx0F2Fxx73xx0F28xx0F2FxxF3xxxxxxF3xxxxxxxx77xxB9xxxxxxxx66xxxxxx74xx41xxxxxxxxxxxxxxxx)
define(injHealthWrtHook, aobHealthWrtHook+26)
assert(injHealthWrtHook, bytes)
registerSymbol(injHealthWrtHook)

alloc(memHealthWrtHook, 0x400, injHealthWrtHook)

label(ptrHealthWrtHook)
registerSymbol(ptrHealthWrtHook)

label(n_code)
label(o_code)
label(exit)
label(return)

memHealthWrtHook:
	dd (float)0
	ptrHealthWrtHook:
		dq 0
	n_code:
		mov [ptrHealthWrtHook],rsi
		movss xmm1,[rsi+04]
		movss xmm3,[rsi+04]
		movss xmm8,[memHealthWrtHook]
	o_code:
		// movss xmm1,[rsi]
		// movss xmm3,[rsi+04]
	exit:
		jmp return


////
//// ---------- Injection Point ----------
injHealthWrtHook:
	jmp n_code
	nop
	nop
	nop
	nop
	return:


////
//// ------------------------------ DISABLE ------------------------------
[DISABLE]
////
//// ---------- Injection Point ----------
injHealthWrtHook:
	db bytes

unregisterSymbol(injHealthWrtHook)

unregisterSymbol(ptrHealthWrtHook)

dealloc(memHealthWrtHook)

{
//// Injection Point: mgsvtpp.exe+411FD3A  -  000000014411FD3A
//// AOB address: 000000014411FD14  -  mgsvtpp.exe+411FD14
//// Process: mgsvtpp.exe  -  0000000140000000
//// Module: mgsvtpp.exe  -  0000000140000000
//// Module Size: 0000000008434000
mgsvtpp.exe+411FCE9:  0F47 C8                     -  cmova ecx,eax                      
mgsvtpp.exe+411FCEC:  89 C8                       -  mov eax,ecx                        
mgsvtpp.exe+411FCEE:  81 F1 ACD5FB94              -  xor ecx,94FBD5AC                   ["UUUU!"]
mgsvtpp.exe+411FCF4:  35 2FEA9DB4                 -  xor eax,B49DEA2F                   [000000AA]
mgsvtpp.exe+411FCF9:  41 89 4E 3C                 -  mov [r14+3C],ecx                   
mgsvtpp.exe+411FCFD:  41 8B 4E 04                 -  mov ecx,[r14+04]                   
mgsvtpp.exe+411FD01:  41 89 46 08                 -  mov [r14+08],eax                   
mgsvtpp.exe+411FD05:  41 8B 46 0C                 -  mov eax,[r14+0C]                   
mgsvtpp.exe+411FD09:  81 F1 2FEA9DB4              -  xor ecx,B49DEA2F                   [000000AA]
mgsvtpp.exe+411FD0F:  35 2FEA9DB4                 -  xor eax,B49DEA2F                   [000000AA]
mgsvtpp.exe+411FD14:  39 C8                       -  cmp eax,ecx                        <<<--- AOB Starts Here
mgsvtpp.exe+411FD16:  0F47 C8                     -  cmova ecx,eax                      
mgsvtpp.exe+411FD19:  89 C8                       -  mov eax,ecx                        
mgsvtpp.exe+411FD1B:  35 2FEA9DB4                 -  xor eax,B49DEA2F                   [000000AA]
mgsvtpp.exe+411FD20:  81 F1 ACD5FB94              -  xor ecx,94FBD5AC                   ["UUUU!"]
mgsvtpp.exe+411FD26:  41 89 4E 40                 -  mov [r14+40],ecx                   
mgsvtpp.exe+411FD2A:  41 89 46 0C                 -  mov [r14+0C],eax                   
mgsvtpp.exe+411FD2E:  B8 00100000                 -  mov eax,00001000                   
mgsvtpp.exe+411FD33:  66 09 43 22                 -  or [rbx+22],ax                     
mgsvtpp.exe+411FD37:  0F2F 36                     -  comiss xmm6,[rsi]                  
////  INJECTING START  ----------------------------------------------------------
mgsvtpp.exe+411FD3A:  F3 0F10 0E                  -  movss xmm1,[rsi]                   
mgsvtpp.exe+411FD3E:  F3 0F10 5E 04               -  movss xmm3,[rsi+04]                
////  INJECTING END  ----------------------------------------------------------
mgsvtpp.exe+411FD43:  0F93 D0                     -  setae al                           
mgsvtpp.exe+411FD46:  F3 41 0F5C C8               -  subss xmm1,xmm8                    
mgsvtpp.exe+411FD4B:  0F2F CE                     -  comiss xmm1,xmm6                   
mgsvtpp.exe+411FD4E:  73 03                       -  jae 14411FD53                      
mgsvtpp.exe+411FD50:  0F28 CE                     -  movaps xmm1,xmm6                   
mgsvtpp.exe+411FD53:  0F28 C3                     -  movaps xmm0,xmm3                   
mgsvtpp.exe+411FD56:  F3 0F5C C1                  -  subss xmm0,xmm1                    
mgsvtpp.exe+411FD5A:  0F2F C6                     -  comiss xmm0,xmm6                   
mgsvtpp.exe+411FD5D:  73 03                       -  jae 14411FD62                      
mgsvtpp.exe+411FD5F:  0F28 CB                     -  movaps xmm1,xmm3                   
mgsvtpp.exe+411FD62:  0F2F CE                     -  comiss xmm1,xmm6                   
mgsvtpp.exe+411FD65:  F3 0F11 0E                  -  movss [rsi],xmm1                   
mgsvtpp.exe+411FD69:  F3 45 0F58 D8               -  addss xmm11,xmm8                   
mgsvtpp.exe+411FD6E:  77 14                       -  ja 14411FD84                       
mgsvtpp.exe+411FD70:  B9 00200000                 -  mov ecx,00002000                   
mgsvtpp.exe+411FD75:  66 85 4B 22                 -  test [rbx+22],cx                   
mgsvtpp.exe+411FD79:  74 09                       -  je 14411FD84                       
mgsvtpp.exe+411FD7B:  41 83 8C 24 B4000000 04     -  or dword ptr [r12+000000B4],04     
mgsvtpp.exe+411FD84:  45 30 F6                    -  xor r14l,r14l                      
//// Template: I2CEA_AOBFullInjection
//// Generated with: I2 Cheat Engine Auto Assembler Script Template Generator
//// Code Happy, Code Freely, Be Awesome.
}
Here are the debug memory records.
Code:
<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>59335</ID>
      <Description>"_[  Health Wrt Hook  ]_"</Description>
      <Options moHideChildren="1"/>
      <LastState Value="" Activated="1" RealAddress="00000000"/>
      <GroupHeader>1</GroupHeader>
      <CheatEntries>
        <CheatEntry>
          <ID>59336</ID>
          <Description>"injHealthWrtHook"</Description>
          <LastState Value="" RealAddress="14411FD3A"/>
          <ShowAsHex>1</ShowAsHex>
          <Color>0000FF</Color>
          <VariableType>Array of byte</VariableType>
          <ByteLength>0</ByteLength>
          <Address>injHealthWrtHook</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>59337</ID>
          <Description>"ptrHealthWrtHook"</Description>
          <LastState Value="0000000000000000" RealAddress="13FF70004"/>
          <ShowAsHex>1</ShowAsHex>
          <Color>808080</Color>
          <VariableType>8 Bytes</VariableType>
          <Address>ptrHealthWrtHook</Address>
          <CheatEntries>
            <CheatEntry>
              <ID>59338</ID>
              <Description>"+0   - Health"</Description>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>000000</Color>
              <VariableType>Float</VariableType>
              <Address>ptrHealthWrtHook</Address>
              <Offsets>
                <Offset>0</Offset>
              </Offsets>
            </CheatEntry>
            <CheatEntry>
              <ID>59339</ID>
              <Description>"+4   - Health Max."</Description>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>000000</Color>
              <VariableType>Float</VariableType>
              <Address>ptrHealthWrtHook</Address>
              <Offsets>
                <Offset>4</Offset>
              </Offsets>
            </CheatEntry>
          </CheatEntries>
        </CheatEntry>
      </CheatEntries>
    </CheatEntry>
  </CheatEntries>
</CheatTable>
I hope this gets you what you are looking for.
 

TheyCallMeTim13

Wiki Monster
Talents
Fearless Donors
Mar 3, 2017
418
46
28
#96
Here's one I had to share, just to funny if you enable the "One Hit Kills", this is in some consciousness decrease code so it gives you one punch kills.

EDIT:
Fixed error discussed below.
Code:
{
	Process			: mgsvtpp.exe  -  (x64)
	Module			: mgsvtpp.exe
	Game Title		: Metal Gear Solid 5 Phantom Pain
	Game Version	: 1.0.12.0
	CE Version		: 6.7
	Script Version	: 0.0.1
	Date			: 01/29/18
	Author			: TheyCallMeTim13
	Name			: CombatantConsciousnessDecHook

	Combatant Consciousness Dec Hook
}

{$STRICT}

define(address, mgsvtpp.exe+43EB241)
define(bytes, 66 39 C8 66 0F 42 C8 66 29 C8)

////
//// ------------------------------ ENABLE ------------------------------
[ENABLE]
aobScanModule(aobCombatantConsciousnessDecHook, mgsvtpp.exe, 0FB7xxxx66xxxx66xxxxxx66xxxx66xxxxxx0FB7xxxx66xxxx74xx66xxxx75xx66xxxxxxxxEBxx66xxxxxx72xx44xxxxxx0FB7xxxx66xxxxxx74xx0FB6xxxx)
define(injCombatantConsciousnessDecHook, aobCombatantConsciousnessDecHook+4)
assert(injCombatantConsciousnessDecHook, bytes)
registerSymbol(injCombatantConsciousnessDecHook)

alloc(memCombatantConsciousnessDecHook, 0x400, injCombatantConsciousnessDecHook)

label(flgCombatantConsciousnessDecHook)
registerSymbol(flgCombatantConsciousnessDecHook)
// 00:Stun Only
// 01:One Hit Kills

label(ptrCombatantConsciousnessDecHook)
registerSymbol(ptrCombatantConsciousnessDecHook)

label(n_code)
label(o_code)
label(exit)
label(return)

memCombatantConsciousnessDecHook:
	flgCombatantConsciousnessDecHook:
		db 00
	align 4
	ptrCombatantConsciousnessDecHook:
		dq 0
	align 10 CC
	n_code:
		mov [ptrCombatantConsciousnessDecHook],rbx
		mov cx,[rbx+20]
		mov ax,0
		cmp byte ptr [flgCombatantConsciousnessDecHook],01
		jne o_code
			mov word ptr [rbx+1A],0
	o_code:
		// cmp ax,cx
		// cmovb cx,ax
		// sub ax,cx
	exit:
		jmp return


////
//// ---------- Injection Point ----------
injCombatantConsciousnessDecHook:
	jmp n_code
	nop
	nop
	nop
	nop
	nop
	return:


////
//// ------------------------------ DISABLE ------------------------------
[DISABLE]
////
//// ---------- Injection Point ----------
injCombatantConsciousnessDecHook:
	db bytes

unregisterSymbol(injCombatantConsciousnessDecHook)

unregisterSymbol(flgCombatantConsciousnessDecHook)

unregisterSymbol(ptrCombatantConsciousnessDecHook)

dealloc(memCombatantConsciousnessDecHook)

{
//// Injection Point: mgsvtpp.exe+43EB241  -  00000001443EB241
//// AOB address: 00000001443EB23D  -  mgsvtpp.exe+43EB23D
//// Process: mgsvtpp.exe  -  0000000140000000
//// Module: mgsvtpp.exe  -  0000000140000000
//// Module Size: 0000000008434000
mgsvtpp.exe+43EB1EF:  0F2F C8                     -  comiss xmm1,xmm0                   
mgsvtpp.exe+43EB1F2:  77 40                       -  ja 1443EB234                       
mgsvtpp.exe+43EB1F4:  80 C9 02                    -  or cl,02                           
mgsvtpp.exe+43EB1F7:  88 8E BC000000              -  mov [rsi+000000BC],cl              
mgsvtpp.exe+43EB1FD:  E8 7EA36FFF                 -  call 143AE5580                     
mgsvtpp.exe+43EB202:  48 8D 54 24 68              -  lea rdx,[rsp+68]                   
mgsvtpp.exe+43EB207:  48 8B 88 98000000           -  mov rcx,[rax+00000098]             
mgsvtpp.exe+43EB20E:  41 B8 64000000              -  mov r8d,00000064                   
mgsvtpp.exe+43EB214:  48 8B 49 50                 -  mov rcx,[rcx+50]                   
mgsvtpp.exe+43EB218:  48 8B 01                    -  mov rax,[rcx]                      
mgsvtpp.exe+43EB21B:  FF 90 18010000              -  call qword ptr [rax+00000118]      
mgsvtpp.exe+43EB221:  EB 11                       -  jmp 1443EB234                      
mgsvtpp.exe+43EB223:  D1 25 353C0D54              -  shl [1984BEE5E],1                  
mgsvtpp.exe+43EB229:  E0 D1                       -  loopne 1443EB1FC                   
mgsvtpp.exe+43EB22B:  E7 61                       -  out 61,eax                         
mgsvtpp.exe+43EB22D:  80 A6 BC000000 FD           -  and byte ptr [rsi+000000BC],-03    
mgsvtpp.exe+43EB234:  0FB7 4B 24                  -  movzx ecx,word ptr [rbx+24]        
mgsvtpp.exe+43EB238:  66 85 C9                    -  test cx,cx                         
mgsvtpp.exe+43EB23B:  74 12                       -  je 1443EB24F                       
mgsvtpp.exe+43EB23D:  0FB7 43 20                  -  movzx eax,word ptr [rbx+20]        <<<--- AOB Starts Here
////  INJECTING START  ----------------------------------------------------------
mgsvtpp.exe+43EB241:  66 39 C8                    -  cmp ax,cx                          
mgsvtpp.exe+43EB244:  66 0F42 C8                  -  cmovb cx,ax                        
mgsvtpp.exe+43EB248:  66 29 C8                    -  sub ax,cx                          
////  INJECTING END  ----------------------------------------------------------
mgsvtpp.exe+43EB24B:  66 89 43 20                 -  mov [rbx+20],ax                    
mgsvtpp.exe+43EB24F:  0FB7 43 20                  -  movzx eax,word ptr [rbx+20]        
mgsvtpp.exe+43EB253:  66 39 C5                    -  cmp bp,ax                          
mgsvtpp.exe+43EB256:  74 16                       -  je 1443EB26E                       
mgsvtpp.exe+43EB258:  66 85 C0                    -  test ax,ax                         
mgsvtpp.exe+43EB25B:  75 07                       -  jne 1443EB264                      
mgsvtpp.exe+43EB25D:  66 44 89 7B 10              -  mov [rbx+10],r15w                  
mgsvtpp.exe+43EB262:  EB 06                       -  jmp 1443EB26A                      
mgsvtpp.exe+43EB264:  66 3B 43 22                 -  cmp ax,[rbx+22]                    
mgsvtpp.exe+43EB268:  72 04                       -  jb 1443EB26E                       
mgsvtpp.exe+43EB26A:  44 89 7B 04                 -  mov [rbx+04],r15d                  
mgsvtpp.exe+43EB26E:  0FB7 43 14                  -  movzx eax,word ptr [rbx+14]        
mgsvtpp.exe+43EB272:  66 41 85 C5                 -  test r13w,ax                       
mgsvtpp.exe+43EB276:  74 7D                       -  je 1443EB2F5                       
mgsvtpp.exe+43EB278:  0FB6 43 3C                  -  movzx eax,byte ptr [rbx+3C]        
mgsvtpp.exe+43EB27C:  4C 8B 56 30                 -  mov r10,[rsi+30]                   
mgsvtpp.exe+43EB280:  4C 8D 0C 40                 -  lea r9,[rax+rax*2]                 
mgsvtpp.exe+43EB284:  3C 20                       -  cmp al,20                          
//// Template: I2CEA_AOBFullInjection
//// Generated with: I2 Cheat Engine Auto Assembler Script Template Generator
//// Code Happy, Code Freely, Be Awesome.
}
Here are some memory records to go with it:
Code:
<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>59453</ID>
      <Description>"_[  Combatant Consciousness Dec Hook  ]_"</Description>
      <Options moHideChildren="1"/>
      <LastState Value="" Activated="1" RealAddress="00000000"/>
      <GroupHeader>1</GroupHeader>
      <CheatEntries>
        <CheatEntry>
          <ID>59454</ID>
          <Description>"injCombatantConsciousnessDecHook"</Description>
          <LastState Value="" RealAddress="1443EB248"/>
          <ShowAsHex>1</ShowAsHex>
          <Color>0000FF</Color>
          <VariableType>Array of byte</VariableType>
          <ByteLength>0</ByteLength>
          <Address>injCombatantConsciousnessDecHook</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>59455</ID>
          <Description>"ptrCombatantConsciousnessDecHook"</Description>
          <LastState Value="00000000A9541EE0" RealAddress="148480001"/>
          <ShowAsHex>1</ShowAsHex>
          <Color>808080</Color>
          <VariableType>8 Bytes</VariableType>
          <Address>ptrCombatantConsciousnessDecHook</Address>
          <CheatEntries>
            <CheatEntry>
              <ID>59456</ID>
              <Description>"+1A  - Health"</Description>
              <LastState Value="0" RealAddress="A9541EFA"/>
              <Color>000000</Color>
              <VariableType>2 Bytes</VariableType>
              <Address>ptrCombatantConsciousnessDecHook</Address>
              <Offsets>
                <Offset>1A</Offset>
              </Offsets>
            </CheatEntry>
            <CheatEntry>
              <ID>59465</ID>
              <Description>"+20  - Consciousness Level"</Description>
              <LastState Value="0" RealAddress="A9541F00"/>
              <Color>000000</Color>
              <VariableType>2 Bytes</VariableType>
              <Address>ptrCombatantConsciousnessDecHook</Address>
              <Offsets>
                <Offset>20</Offset>
              </Offsets>
            </CheatEntry>
          </CheatEntries>
        </CheatEntry>
        <CheatEntry>
          <ID>59464</ID>
          <Description>"flgCombatantConsciousnessDecHook"</Description>
          <DropDownList ReadOnly="1" DescriptionOnly="1" DisplayValueAsItem="1">00:Stun Only
01:One Hit Kills
</DropDownList>
          <LastState Value="01" RealAddress="148480000"/>
          <ShowAsHex>1</ShowAsHex>
          <Color>FF00FF</Color>
          <VariableType>Byte</VariableType>
          <Address>flgCombatantConsciousnessDecHook</Address>
        </CheatEntry>
      </CheatEntries>
    </CheatEntry>
  </CheatEntries>
</CheatTable>
 
Jan 29, 2018
38
0
6
#97
TheyCallMeTim13 post_id=30313 time=1516419601 user_id=91 said:
Here's one I had to share, just to funny if you enable the "One Hit Kills", this is in some consciousness decrease code so it gives you one punch kills.
Code:
{
	Process			: mgsvtpp.exe  -  (x64)
	Module			: mgsvtpp.exe
	Game Title		: Metal Gear Solid 5 Phantom Pain
	Game Version	: 1.0.12.0
	CE Version		: 6.7
	Script Version	: 0.0.1
	Date			: 01/19/18
	Author			: TheyCallMeTim13
	Name			: CombatantConsciousnessDecHook

	Combatant Consciousness Dec Hook
}

{$STRICT}

define(address, mgsvtpp.exe+43EB248)
define(bytes, 66 29 C8 66 89 43 20)

////
//// ------------------------------ ENABLE ------------------------------
[ENABLE]
aobScanModule(aobCombatantConsciousnessDecHook, mgsvtpp.exe, FFxxxxxxxxxxEBxxD1xxxxxxxxxxE0xxE7xx80xxxxxxxxxxxx0FB7xxxx66xxxx74xx0FB7xxxx66xxxx66xxxxxx66xxxx66xxxxxx0FB7xxxx66xxxx)
define(injCombatantConsciousnessDecHook, aobCombatantConsciousnessDecHook+2D)
assert(injCombatantConsciousnessDecHook, bytes)
registerSymbol(injCombatantConsciousnessDecHook)

alloc(memCombatantConsciousnessDecHook, 0x400, injCombatantConsciousnessDecHook)

label(flgCombatantConsciousnessDecHook)
registerSymbol(flgCombatantConsciousnessDecHook)
// 00:Stun Only
// 01:One Hit Kills

label(ptrCombatantConsciousnessDecHook)
registerSymbol(ptrCombatantConsciousnessDecHook)

label(n_code)
label(o_code)
label(exit)
label(return)

memCombatantConsciousnessDecHook:
	flgCombatantConsciousnessDecHook:
		db 00
	ptrCombatantConsciousnessDecHook:
		dq 0
	n_code:
		mov [ptrCombatantConsciousnessDecHook],rbx
		mov cx,[rbx+20]
		mov ax,0
		cmp byte ptr [flgCombatantConsciousnessDecHook],01
		jne o_code
			mov word ptr [rbx+1A],0
	o_code:
		// sub ax,cx
		mov [rbx+20],ax
	exit:
		jmp return


////
//// ---------- Injection Point ----------
injCombatantConsciousnessDecHook:
	jmp n_code
	nop
	nop
	return:


////
//// ------------------------------ DISABLE ------------------------------
[DISABLE]
////
//// ---------- Injection Point ----------
injCombatantConsciousnessDecHook:
	db bytes

unregisterSymbol(injCombatantConsciousnessDecHook)

unregisterSymbol(ptrCombatantConsciousnessDecHook)

unregisterSymbol(ptrCombatantConsciousnessDecHook)

dealloc(memCombatantConsciousnessDecHook)

{
//// Injection Point: mgsvtpp.exe+43EB248  -  00000001443EB248
//// AOB address: 00000001443EB21B  -  mgsvtpp.exe+43EB21B
//// Process: mgsvtpp.exe  -  0000000140000000
//// Module: mgsvtpp.exe  -  0000000140000000
//// Module Size: 0000000008434000
mgsvtpp.exe+43EB1F4:  80 C9 02                    -  or cl,02                           
mgsvtpp.exe+43EB1F7:  88 8E BC000000              -  mov [rsi+000000BC],cl              
mgsvtpp.exe+43EB1FD:  E8 7EA36FFF                 -  call 143AE5580                     
mgsvtpp.exe+43EB202:  48 8D 54 24 68              -  lea rdx,[rsp+68]                   
mgsvtpp.exe+43EB207:  48 8B 88 98000000           -  mov rcx,[rax+00000098]             
mgsvtpp.exe+43EB20E:  41 B8 64000000              -  mov r8d,00000064                   
mgsvtpp.exe+43EB214:  48 8B 49 50                 -  mov rcx,[rcx+50]                   
mgsvtpp.exe+43EB218:  48 8B 01                    -  mov rax,[rcx]                      
mgsvtpp.exe+43EB21B:  FF 90 18010000              -  call qword ptr [rax+00000118]      <<<--- AOB Starts Here
mgsvtpp.exe+43EB221:  EB 11                       -  jmp 1443EB234                      
mgsvtpp.exe+43EB223:  D1 25 353C0D54              -  shl [1984BEE5E],1                  
mgsvtpp.exe+43EB229:  E0 D1                       -  loopne 1443EB1FC                   
mgsvtpp.exe+43EB22B:  E7 61                       -  out 61,eax                         
mgsvtpp.exe+43EB22D:  80 A6 BC000000 FD           -  and byte ptr [rsi+000000BC],-03    
mgsvtpp.exe+43EB234:  0FB7 4B 24                  -  movzx ecx,word ptr [rbx+24]        
mgsvtpp.exe+43EB238:  66 85 C9                    -  test cx,cx                         
mgsvtpp.exe+43EB23B:  74 12                       -  je 1443EB24F                       
mgsvtpp.exe+43EB23D:  0FB7 43 20                  -  movzx eax,word ptr [rbx+20]        
mgsvtpp.exe+43EB241:  66 39 C8                    -  cmp ax,cx                          
mgsvtpp.exe+43EB244:  66 0F42 C8                  -  cmovb cx,ax                        
////  INJECTING START  ----------------------------------------------------------
mgsvtpp.exe+43EB248:  66 29 C8                    -  sub ax,cx                          
mgsvtpp.exe+43EB24B:  66 89 43 20                 -  mov [rbx+20],ax                    
////  INJECTING END  ----------------------------------------------------------
mgsvtpp.exe+43EB24F:  0FB7 43 20                  -  movzx eax,word ptr [rbx+20]        
mgsvtpp.exe+43EB253:  66 39 C5                    -  cmp bp,ax                          
mgsvtpp.exe+43EB256:  74 16                       -  je 1443EB26E                       
mgsvtpp.exe+43EB258:  66 85 C0                    -  test ax,ax                         
mgsvtpp.exe+43EB25B:  75 07                       -  jne 1443EB264                      
mgsvtpp.exe+43EB25D:  66 44 89 7B 10              -  mov [rbx+10],r15w                  
mgsvtpp.exe+43EB262:  EB 06                       -  jmp 1443EB26A                      
mgsvtpp.exe+43EB264:  66 3B 43 22                 -  cmp ax,[rbx+22]                    
mgsvtpp.exe+43EB268:  72 04                       -  jb 1443EB26E                       
mgsvtpp.exe+43EB26A:  44 89 7B 04                 -  mov [rbx+04],r15d                  
mgsvtpp.exe+43EB26E:  0FB7 43 14                  -  movzx eax,word ptr [rbx+14]        
mgsvtpp.exe+43EB272:  66 41 85 C5                 -  test r13w,ax                       
mgsvtpp.exe+43EB276:  74 7D                       -  je 1443EB2F5                       
mgsvtpp.exe+43EB278:  0FB6 43 3C                  -  movzx eax,byte ptr [rbx+3C]        
mgsvtpp.exe+43EB27C:  4C 8B 56 30                 -  mov r10,[rsi+30]                   
mgsvtpp.exe+43EB280:  4C 8D 0C 40                 -  lea r9,[rax+rax*2]                 
mgsvtpp.exe+43EB284:  3C 20                       -  cmp al,20                          
mgsvtpp.exe+43EB286:  0F83 A0000000               -  jae 1443EB32C                      
mgsvtpp.exe+43EB28C:  4C 89 F3                    -  mov rbx,r14                        
//// Template: I2CEA_AOBFullInjection
//// Generated with: I2 Cheat Engine Auto Assembler Script Template Generator
//// Code Happy, Code Freely, Be Awesome.
}
Here are some memory records to go with it:
Code:
<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>59453</ID>
      <Description>"_[  Combatant Consciousness Dec Hook  ]_"</Description>
      <Options moHideChildren="1"/>
      <LastState Value="" Activated="1" RealAddress="00000000"/>
      <GroupHeader>1</GroupHeader>
      <CheatEntries>
        <CheatEntry>
          <ID>59454</ID>
          <Description>"injCombatantConsciousnessDecHook"</Description>
          <LastState Value="" RealAddress="1443EB248"/>
          <ShowAsHex>1</ShowAsHex>
          <Color>0000FF</Color>
          <VariableType>Array of byte</VariableType>
          <ByteLength>0</ByteLength>
          <Address>injCombatantConsciousnessDecHook</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>59455</ID>
          <Description>"ptrCombatantConsciousnessDecHook"</Description>
          <LastState Value="00000000A9541EE0" RealAddress="148480001"/>
          <ShowAsHex>1</ShowAsHex>
          <Color>808080</Color>
          <VariableType>8 Bytes</VariableType>
          <Address>ptrCombatantConsciousnessDecHook</Address>
          <CheatEntries>
            <CheatEntry>
              <ID>59456</ID>
              <Description>"+1A  - Health"</Description>
              <LastState Value="0" RealAddress="A9541EFA"/>
              <Color>000000</Color>
              <VariableType>2 Bytes</VariableType>
              <Address>ptrCombatantConsciousnessDecHook</Address>
              <Offsets>
                <Offset>1A</Offset>
              </Offsets>
            </CheatEntry>
            <CheatEntry>
              <ID>59465</ID>
              <Description>"+20  - Consciousness Level"</Description>
              <LastState Value="0" RealAddress="A9541F00"/>
              <Color>000000</Color>
              <VariableType>2 Bytes</VariableType>
              <Address>ptrCombatantConsciousnessDecHook</Address>
              <Offsets>
                <Offset>20</Offset>
              </Offsets>
            </CheatEntry>
          </CheatEntries>
        </CheatEntry>
        <CheatEntry>
          <ID>59464</ID>
          <Description>"flgCombatantConsciousnessDecHook"</Description>
          <DropDownList ReadOnly="1" DescriptionOnly="1" DisplayValueAsItem="1">00:Stun Only
01:One Hit Kills
</DropDownList>
          <LastState Value="01" RealAddress="148480000"/>
          <ShowAsHex>1</ShowAsHex>
          <Color>FF00FF</Color>
          <VariableType>Byte</VariableType>
          <Address>flgCombatantConsciousnessDecHook</Address>
        </CheatEntry>
      </CheatEntries>
    </CheatEntry>
  </CheatEntries>
</CheatTable>
This one causes the game to crash for me (Game version 1.12, Cheat Engine version 6.5.1).
 

TheyCallMeTim13

Wiki Monster
Talents
Fearless Donors
Mar 3, 2017
418
46
28
#98
glecas post_id=30932 time=1517231902 user_id=12419 said:
...
This one causes the game to crash for me (Game version 1.12, Cheat Engine version 6.5.1).
Kinda hard to say with just "crash", but if you mean game version "1.0.12.0" then may be some thing in the AA is different in CE 6.7. Or the AOBscan is finding a different spot, either that or a name collision, but a name collision is unlikely. And with the assert it really should fail to inject if the code is different. But it works on game version "1.0.12.0" in CE "6.7" and CE "6.6" for me.
 
Jan 29, 2018
38
0
6
#99
TheyCallMeTim13 post_id=30982 time=1517273201 user_id=91 said:
glecas post_id=30932 time=1517231902 user_id=12419 said:
...
This one causes the game to crash for me (Game version 1.12, Cheat Engine version 6.5.1).
Kinda hard to say with just "crash", but if you mean game version "1.0.12.0" then may be some thing in the AA is different in CE 6.7. Or the AOBscan is finding a different spot, either that or a name collision, but a name collision is unlikely. And with the assert it really should fail to inject if the code is different. But it works on game version "1.0.12.0" in CE "6.7" and CE "6.6" for me.
The game crashes crashes to Windows (APPCRASH).

Also tried it with CE 6.7, but that also crashes.

OS: Windows 7 x64.
Game version: 1.12 (.exe version 1.0.12.0).
CE version: 6.5.1 and 6.7 (tested with both).

Or am I doing something wrong?
Here's what I do:

1. Open CE.
2. Open Auto Assembler window (CTRL-ALT-A).
3. Paste your code.
4. Select Table --> Cheat Table framework code (CTRL-ALT-T).
5. Select File --> Assign to current cheat table.
6. Close Auto Assembler window.
7. Start the game, and load mgsvtpp.exe into CE.
8. Go into a mission in-game, and activate the cheat (tick the box for the table record).

I activate the cheat and run up to an enemy. Punching him ONE time causes an insta-stun (so far so good, I like it) - but when I go forward to kick or shoot him = the game crashes (APPCRASH) to windows.

EDIT: SOLVED!
 

TheyCallMeTim13

Wiki Monster
Talents
Fearless Donors
Mar 3, 2017
418
46
28
I guess I have never done it that way, But I get a crash too. This gives me some thing to work with, I will post fix as soon as I figure it out, Thank you for the detailed explanation.
 
Top Bottom