theHunter™: Call of the Wild

pigeon

Expert Cheater
Mar 4, 2017
51
2
8
#1


In this table you will see Time base address, which is easy to find. As well as money pointer. Around the money address you will find all others like experience, level and so on.

But most interesting for me part of it is weather. I just cant find weather value or timers for changing weather. Looks like timers works here like: it starts from, for example,100 and count down for 20, after reaching that it start to count up to 100 and again. I can find ~1000 addresses that maybe control weather, but experiments with them crash the game or do not have affect.

At least accidentally i found how too turn off clouds. After enabling it - use speedhack with 100x speed and after few seconds there is will be no clouds (maybe someone can make better solution?). But rain still will happen time by time.

Updated:
Accidentally found addresses for wind, fog and image temperature. But addresses works somehow tricky and there is separate addresses for all of it. Here is comparison: http://imgur.com/a/zkOFk
And i bit scared that i can not to found this values again after game update :cry:

Also added scripts for infinite ammo (made it just for learn scripts little bit more) and heartrate value, which can be freeze and you can infinite holding shift during aiming.


"noeffects" script is just freeze chaging values from "Wind.1" to "Img.Temperature". Maybe will be usefull if someone will try to find how to control rain or with you no need to freeze existing weather effects and value will be stable.
Updated for 1.3 version
 

Attachments

Shona

What is cheating?
Mar 4, 2017
4
0
1
#2
Heartrate isn't working for me, it shows only "0" :/
NoClouds is also broken

You can also ask SunBeam for help because he made a table before, but the table is no working anymore ->

Would be cool if you can find some of these, like the Visibility or Noise because i can't figure out how he found them :(

EDIT: Credits to Sunbeam

Hello folks.

Table's been requested, liked the game, so here we go. For the moment, there's only one script (I fiddled more with findings options, rather than conceiving the scripts). You can modify more in the [Debug] section.



I'll post updates once I progress.

BR,
Sun
 

Attachments

RaDeX

Administrator
Administrator
Mar 3, 2017
42
4
8
#3
Just Copy and Paste into cheatengine

Infinite Ammo
Code:
<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>2</ID>
      <Description>"Infinite Ammo"</Description>
      <LastState Activated="1"/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>// Game   : theHunterCotW_F.exe
// Version:
// Date   :
// Author : RaDeX
[ENABLE]
aobscanmodule(aob_ammo,theHunterCotW_F.exe,41 8B 84 88 C4 04 00 00)
registersymbol(aob_ammo)
alloc(newmem_ammo,1024,theHunterCotW_F.exe)
label(return_ammo)

newmem_ammo:
  mov [r8+rcx*4+000004C4], #99
  mov eax,[r8+rcx*4+000004C4]
  jmp return_ammo

aob_ammo:
  jmp newmem_ammo
  nop
  nop
  nop
return_ammo:
[DISABLE]
aob_ammo:
  db 41 8B 84 88 C4 04 00 00

unregistersymbol(aob_ammo)
dealloc(newmem_ammo)

{
// ORIGINAL CODE - INJECTION POINT: "theHunterCotW_F.exe"+72E9EC

"theHunterCotW_F.exe"+72E9D2: 74 10                             -  je theHunterCotW_F.exe+72E9E4
"theHunterCotW_F.exe"+72E9D4: FF C0                             -  inc eax
"theHunterCotW_F.exe"+72E9D6: 48 83 C1 04                       -  add rcx,04
"theHunterCotW_F.exe"+72E9DA: 3D 80 00 00 00                    -  cmp eax,00000080
"theHunterCotW_F.exe"+72E9DF: 72 EF                             -  jb theHunterCotW_F.exe+72E9D0
"theHunterCotW_F.exe"+72E9E1: 33 C0                             -  xor eax,eax
"theHunterCotW_F.exe"+72E9E3: C3                                -  ret 
"theHunterCotW_F.exe"+72E9E4: 83 F8 FF                          -  cmp eax,-01
"theHunterCotW_F.exe"+72E9E7: 74 F8                             -  je theHunterCotW_F.exe+72E9E1
"theHunterCotW_F.exe"+72E9E9: 48 63 C8                          -  movsxd  rcx,eax
// ---------- INJECTING HERE ----------
"theHunterCotW_F.exe"+72E9EC: 41 8B 84 88 C4 04 00 00           -  mov eax,[r8+rcx*4+000004C4]
// ---------- DONE INJECTING  ----------
"theHunterCotW_F.exe"+72E9F4: C3                                -  ret 
"theHunterCotW_F.exe"+72E9F5: CC                                -  int 3 
"theHunterCotW_F.exe"+72E9F6: CC                                -  int 3 
"theHunterCotW_F.exe"+72E9F7: CC                                -  int 3 
"theHunterCotW_F.exe"+72E9F8: CC                                -  int 3 
"theHunterCotW_F.exe"+72E9F9: CC                                -  int 3 
"theHunterCotW_F.exe"+72E9FA: CC                                -  int 3 
"theHunterCotW_F.exe"+72E9FB: CC                                -  int 3 
"theHunterCotW_F.exe"+72E9FC: CC                                -  int 3 
"theHunterCotW_F.exe"+72E9FD: CC                                -  int 3 
}
</AssemblerScript>
    </CheatEntry>
  </CheatEntries>
</CheatTable>
Infinite Money
Code:
<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>4</ID>
      <Description>"Infinite Money"</Description>
      <LastState/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>// Game   : theHunterCotW_F.exe
// Version:
// Date   :
// Author : RaDeX
[ENABLE]
aobscanmodule(aob_money,theHunterCotW_F.exe,00 44 8B 86 A0 00 00 00)
registersymbol(aob_money)
alloc(newmem_money,1024,theHunterCotW_F.exe)
label(return_money)

newmem_money:
  mov [rsi+000000A0], #10000000
  mov r8d,[rsi+000000A0]
  jmp return_money

aob_money+01:
  jmp newmem_money
  nop
  nop
return_money:
[DISABLE]
aob_money+01:
  db 44 8B 86 A0 00 00 00

unregistersymbol(aob_money)
dealloc(newmem_money)

{
// ORIGINAL CODE - INJECTION POINT: "theHunterCotW_F.exe"+7C3181

"theHunterCotW_F.exe"+7C314A: 48 8B 05 1F B9 62 01     -  mov rax,[theHunterCotW_F.exe+1DEEA70]
"theHunterCotW_F.exe"+7C3151: 48 8D 15 30 E6 D7 00     -  lea rdx,[theHunterCotW_F.exe+1541788]
"theHunterCotW_F.exe"+7C3158: 48 89 5C 24 40           -  mov [rsp+40],rbx
"theHunterCotW_F.exe"+7C315D: 48 81 C5 F0 02 00 00     -  add rbp,000002F0
"theHunterCotW_F.exe"+7C3164: 48 89 74 24 48           -  mov [rsp+48],rsi
"theHunterCotW_F.exe"+7C3169: 48 8B CD                 -  mov rcx,rbp
"theHunterCotW_F.exe"+7C316C: 48 89 7C 24 50           -  mov [rsp+50],rdi
"theHunterCotW_F.exe"+7C3171: 48 8B B0 58 02 00 00     -  mov rsi,[rax+00000258]
"theHunterCotW_F.exe"+7C3178: 44 8B 46 14              -  mov r8d,[rsi+14]
"theHunterCotW_F.exe"+7C317C: E8 8F 3D 05 00           -  call theHunterCotW_F.exe+816F10
// ---------- INJECTING HERE ----------
"theHunterCotW_F.exe"+7C3181: 44 8B 86 A0 00 00 00     -  mov r8d,[rsi+000000A0]
// ---------- DONE INJECTING  ----------
"theHunterCotW_F.exe"+7C3188: 48 8D 15 09 E6 D7 00     -  lea rdx,[theHunterCotW_F.exe+1541798]
"theHunterCotW_F.exe"+7C318F: 48 8B CD                 -  mov rcx,rbp
"theHunterCotW_F.exe"+7C3192: E8 79 3D 05 00           -  call theHunterCotW_F.exe+816F10
"theHunterCotW_F.exe"+7C3197: 44 8B 46 10              -  mov r8d,[rsi+10]
"theHunterCotW_F.exe"+7C319B: 48 8D 15 16 C2 D7 00     -  lea rdx,[theHunterCotW_F.exe+153F3B8]
"theHunterCotW_F.exe"+7C31A2: 48 8B CD                 -  mov rcx,rbp
"theHunterCotW_F.exe"+7C31A5: E8 66 3D 05 00           -  call theHunterCotW_F.exe+816F10
"theHunterCotW_F.exe"+7C31AA: 41 83 C8 FF              -  or r8d,-01
"theHunterCotW_F.exe"+7C31AE: 48 8D 15 EB E5 D7 00     -  lea rdx,[theHunterCotW_F.exe+15417A0]
"theHunterCotW_F.exe"+7C31B5: 48 8B CD                 -  mov rcx,rbp
}
</AssemblerScript>
    </CheatEntry>
  </CheatEntries>
</CheatTable>
If you want any other cheats just find this function, its pretty self-explanatory.
Code:
theHunterCotW_F.exe+7C30D0 - 48 89 6C 24 20        - mov [rsp+20],rbp
theHunterCotW_F.exe+7C30D5 - 41 56                 - push r14
theHunterCotW_F.exe+7C30D7 - 48 83 EC 30           - sub rsp,30 { 48 }
theHunterCotW_F.exe+7C30DB - 48 8B E9              - mov rbp,rcx
theHunterCotW_F.exe+7C30DE - E8 2DB30300           - call theHunterCotW_F.exe+7FE410
theHunterCotW_F.exe+7C30E3 - 4C 8B F0              - mov r14,rax
theHunterCotW_F.exe+7C30E6 - 48 85 C0              - test rax,rax
theHunterCotW_F.exe+7C30E9 - 0F84 CB010000         - je theHunterCotW_F.exe+7C32BA
theHunterCotW_F.exe+7C30EF - 8B 95 08030000        - mov edx,[rbp+00000308]
theHunterCotW_F.exe+7C30F5 - 81 E2 8F000000        - and edx,0000008F { 143 }
theHunterCotW_F.exe+7C30FB - 83 FA 01              - cmp edx,01 { 1 }
theHunterCotW_F.exe+7C30FE - 77 36                 - ja theHunterCotW_F.exe+7C3136
theHunterCotW_F.exe+7C3100 - 8B 48 18              - mov ecx,[rax+18]
theHunterCotW_F.exe+7C3103 - 4C 8D 8D F0020000     - lea r9,[rbp+000002F0]
theHunterCotW_F.exe+7C310A - 49 8B 56 20           - mov rdx,[r14+20]
theHunterCotW_F.exe+7C310E - 4C 8D 05 63E6D700     - lea r8,[theHunterCotW_F.exe+1541778] { ["m_StatusBarData"] }
theHunterCotW_F.exe+7C3115 - 81 E1 8F000000        - and ecx,0000008F { 143 }
theHunterCotW_F.exe+7C311B - 80 F9 0A              - cmp cl,0A { 10 }
theHunterCotW_F.exe+7C311E - 49 8B 4E 10           - mov rcx,[r14+10]
theHunterCotW_F.exe+7C3122 - 0F94 C0               - sete al
theHunterCotW_F.exe+7C3125 - 88 44 24 20           - mov [rsp+20],al
theHunterCotW_F.exe+7C3129 - E8 620A7E00           - call theHunterCotW_F.exe+FA3B90
theHunterCotW_F.exe+7C312E - 84 C0                 - test al,al
theHunterCotW_F.exe+7C3130 - 0F84 84010000         - je theHunterCotW_F.exe+7C32BA
theHunterCotW_F.exe+7C3136 - 8B 85 08030000        - mov eax,[rbp+00000308]
theHunterCotW_F.exe+7C313C - 25 8F000000           - and eax,0000008F { 143 }
theHunterCotW_F.exe+7C3141 - 83 F8 01              - cmp eax,01 { 1 }
theHunterCotW_F.exe+7C3144 - 0F86 70010000         - jbe theHunterCotW_F.exe+7C32BA
theHunterCotW_F.exe+7C314A - 48 8B 05 1FB96201     - mov rax,[theHunterCotW_F.exe+1DEEA70] { [26FF8019000] }
theHunterCotW_F.exe+7C3151 - 48 8D 15 30E6D700     - lea rdx,[theHunterCotW_F.exe+1541788] { ["m_Experience"] }
theHunterCotW_F.exe+7C3158 - 48 89 5C 24 40        - mov [rsp+40],rbx
theHunterCotW_F.exe+7C315D - 48 81 C5 F0020000     - add rbp,000002F0 { 752 }
theHunterCotW_F.exe+7C3164 - 48 89 74 24 48        - mov [rsp+48],rsi
theHunterCotW_F.exe+7C3169 - 48 8B CD              - mov rcx,rbp
theHunterCotW_F.exe+7C316C - 48 89 7C 24 50        - mov [rsp+50],rdi
theHunterCotW_F.exe+7C3171 - 48 8B B0 58020000     - mov rsi,[rax+00000258]
theHunterCotW_F.exe+7C3178 - 44 8B 46 14           - mov r8d,[rsi+14]
theHunterCotW_F.exe+7C317C - E8 8F3D0500           - call theHunterCotW_F.exe+816F10
theHunterCotW_F.exe+7C3181 - 44 8B 86 A0000000     - mov r8d,[rsi+000000A0]
theHunterCotW_F.exe+7C3188 - 48 8D 15 09E6D700     - lea rdx,[theHunterCotW_F.exe+1541798] { ["m_Money"] }
theHunterCotW_F.exe+7C318F - 48 8B CD              - mov rcx,rbp
theHunterCotW_F.exe+7C3192 - E8 793D0500           - call theHunterCotW_F.exe+816F10
theHunterCotW_F.exe+7C3197 - 44 8B 46 10           - mov r8d,[rsi+10]
theHunterCotW_F.exe+7C319B - 48 8D 15 16C2D700     - lea rdx,[theHunterCotW_F.exe+153F3B8] { ["m_Level"] }
theHunterCotW_F.exe+7C31A2 - 48 8B CD              - mov rcx,rbp
theHunterCotW_F.exe+7C31A5 - E8 663D0500           - call theHunterCotW_F.exe+816F10
theHunterCotW_F.exe+7C31AA - 41 83 C8 FF           - or r8d,-01 { 255 }
theHunterCotW_F.exe+7C31AE - 48 8D 15 EBE5D700     - lea rdx,[theHunterCotW_F.exe+15417A0] { ["m_Weight"] }
theHunterCotW_F.exe+7C31B5 - 48 8B CD              - mov rcx,rbp
theHunterCotW_F.exe+7C31B8 - E8 533D0500           - call theHunterCotW_F.exe+816F10
theHunterCotW_F.exe+7C31BD - 41 83 C8 FF           - or r8d,-01 { 255 }
theHunterCotW_F.exe+7C31C1 - 48 8D 15 E8E5D700     - lea rdx,[theHunterCotW_F.exe+15417B0] { ["m_MaxWeight"] }
theHunterCotW_F.exe+7C31C8 - 48 8B CD              - mov rcx,rbp
theHunterCotW_F.exe+7C31CB - E8 403D0500           - call theHunterCotW_F.exe+816F10
theHunterCotW_F.exe+7C31D0 - 48 8B 05 F92B6101     - mov rax,[theHunterCotW_F.exe+1DD5DD0] { [26FA9D94200] }
theHunterCotW_F.exe+7C31D7 - 48 8D 15 DEE5D700     - lea rdx,[theHunterCotW_F.exe+15417BC] { ["m_Hour"] }
theHunterCotW_F.exe+7C31DE - 48 8B CD              - mov rcx,rbp
theHunterCotW_F.exe+7C31E1 - F3 0F10 90 E0000000   - movss xmm2,[rax+000000E0]
theHunterCotW_F.exe+7C31E9 - F3 44 0F2C C2         - cvttss2si r8d,xmm2
theHunterCotW_F.exe+7C31EE - 66 41 0F6E C0         - movd xmm0,r8d
theHunterCotW_F.exe+7C31F3 - 0F5B C0               - cvtdq2ps xmm0,xmm0
theHunterCotW_F.exe+7C31F6 - F3 0F5C D0            - subss xmm2,xmm0
theHunterCotW_F.exe+7C31FA - F3 0F59 15 9A02C700   - mulss xmm2,[theHunterCotW_F.exe+143349C] { [60.00] }
theHunterCotW_F.exe+7C3202 - F3 0F2C FA            - cvttss2si edi,xmm2
theHunterCotW_F.exe+7C3206 - 66 0F6E C7            - movd xmm0,edi
theHunterCotW_F.exe+7C320A - 0F5B C0               - cvtdq2ps xmm0,xmm0
theHunterCotW_F.exe+7C320D - F3 0F5C D0            - subss xmm2,xmm0
theHunterCotW_F.exe+7C3211 - F3 0F59 15 8302C700   - mulss xmm2,[theHunterCotW_F.exe+143349C] { [60.00] }
theHunterCotW_F.exe+7C3219 - F3 0F2C DA            - cvttss2si ebx,xmm2
theHunterCotW_F.exe+7C321D - E8 EE3C0500           - call theHunterCotW_F.exe+816F10
theHunterCotW_F.exe+7C3222 - 44 8B C7              - mov r8d,edi
theHunterCotW_F.exe+7C3225 - 48 8D 15 CCD5D700     - lea rdx,[theHunterCotW_F.exe+15407F8] { ["m_Minutes"] }
theHunterCotW_F.exe+7C322C - 48 8B CD              - mov rcx,rbp
theHunterCotW_F.exe+7C322F - E8 DC3C0500           - call theHunterCotW_F.exe+816F10
theHunterCotW_F.exe+7C3234 - 44 8B C3              - mov r8d,ebx
theHunterCotW_F.exe+7C3237 - 48 8D 15 8AE5D700     - lea rdx,[theHunterCotW_F.exe+15417C8] { ["m_Seconds"] }
theHunterCotW_F.exe+7C323E - 48 8B CD              - mov rcx,rbp
theHunterCotW_F.exe+7C3241 - E8 CA3C0500           - call theHunterCotW_F.exe+816F10
theHunterCotW_F.exe+7C3246 - 4C 8D 05 9B48C600     - lea r8,[theHunterCotW_F.exe+1427AE8] { [00000000] }
theHunterCotW_F.exe+7C324D - 48 8B CD              - mov rcx,rbp
theHunterCotW_F.exe+7C3250 - 48 8D 15 81E5D700     - lea rdx,[theHunterCotW_F.exe+15417D8] { ["m_RegionName"] }
theHunterCotW_F.exe+7C3257 - E8 94710500           - call theHunterCotW_F.exe+81A3F0
theHunterCotW_F.exe+7C325C - 44 8B 46 18           - mov r8d,[rsi+18]
theHunterCotW_F.exe+7C3260 - 48 8D 15 81E5D700     - lea rdx,[theHunterCotW_F.exe+15417E8] { ["m_SkillPoints"] }
theHunterCotW_F.exe+7C3267 - 48 8B CD              - mov rcx,rbp
theHunterCotW_F.exe+7C326A - E8 A13C0500           - call theHunterCotW_F.exe+816F10
theHunterCotW_F.exe+7C326F - 44 8B 46 1C           - mov r8d,[rsi+1C]
theHunterCotW_F.exe+7C3273 - 48 8D 15 7EE5D700     - lea rdx,[theHunterCotW_F.exe+15417F8] { ["m_PerkPoints"] }
theHunterCotW_F.exe+7C327A - 48 8B CD              - mov rcx,rbp
theHunterCotW_F.exe+7C327D - E8 8E3C0500           - call theHunterCotW_F.exe+816F10
theHunterCotW_F.exe+7C3282 - 41 8B 46 18           - mov eax,[r14+18]
theHunterCotW_F.exe+7C3286 - 4C 8D 05 EBE4D700     - lea r8,[theHunterCotW_F.exe+1541778] { ["m_StatusBarData"] }
theHunterCotW_F.exe+7C328D - 49 8B 56 20           - mov rdx,[r14+20]
theHunterCotW_F.exe+7C3291 - 25 8F000000           - and eax,0000008F { 143 }
theHunterCotW_F.exe+7C3296 - 49 8B 4E 10           - mov rcx,[r14+10]
theHunterCotW_F.exe+7C329A - 3C 0A                 - cmp al,0A { 10 }
theHunterCotW_F.exe+7C329C - 4C 8B CD              - mov r9,rbp
theHunterCotW_F.exe+7C329F - 0F94 C0               - sete al
theHunterCotW_F.exe+7C32A2 - 88 44 24 20           - mov [rsp+20],al
theHunterCotW_F.exe+7C32A6 - E8 D5538000           - call theHunterCotW_F.exe+FC8680
theHunterCotW_F.exe+7C32AB - 48 8B 7C 24 50        - mov rdi,[rsp+50]
theHunterCotW_F.exe+7C32B0 - 48 8B 74 24 48        - mov rsi,[rsp+48]
theHunterCotW_F.exe+7C32B5 - 48 8B 5C 24 40        - mov rbx,[rsp+40]
theHunterCotW_F.exe+7C32BA - 48 8B 6C 24 58        - mov rbp,[rsp+58]
theHunterCotW_F.exe+7C32BF - 48 83 C4 30           - add rsp,30 { 48 }
theHunterCotW_F.exe+7C32C3 - 41 5E                 - pop r14
theHunterCotW_F.exe+7C32C5 - C3                    - ret
 

pigeon

Expert Cheater
Mar 4, 2017
51
2
8
#5
Shona post_id=1607 time=1489508541 user_id=622 said:
Heartrate isn't working for me, it shows only "0" :/
NoClouds is also broken

You can also ask SunBeam for help because he made a table before, but the table is no working anymore -> Cheat Engine Forum - theHunter: Call of the Wild (Google Chache)

Would be cool if you can find some of these, like the Visibility or Noise because i can't figure out how he found them :(
Visibility and Noise level interesting for me too and i can find bunch of values for it, but all of them is just display codes and animals still be aware by player. Maybe we need looking for not player noise/visibility but animal aware value... But i guess it will be required a hours just for getting something that may be close for such values (just imagine that you need to find animal, scare it few times and you still do not know if you need search for flag or float...) :/
Oh, and NoClouds works well. Probably i explain it not really good - it remove big, kind of volumetric clouds and not just after you click. So activate it and use speedhack with x100 speed. After few seconds Sun will be shining all the time (but i still can not to find how to control rain...).
I update table for 1.3 version with previous values.

And i try to search for AOB provided by RaDeX, but maybe i understand it wrong (it only second game where i use CE so deep) or maybe with new game update AOB changing.
 
May 2, 2017
12
0
1
#6
Did some things that i am interested in in 1.61 version
1) Money pointer
2) Time pointer
3) Stop time script
 

Attachments

pigeon

Expert Cheater
Mar 4, 2017
51
2
8
#8
for 1.63 hotfix


"High Clouds" can have different result if you change value in "(float)0" to 1 or 2 or anything else and it affected immediately.
"Vol Clouds" is bigger clouds and it required time for disappearing.
"off Flashlight" was made because at evening, personally for me, flashlight turned on automatically and do not turned off manually.
"noeffects" turned off all effects with blue color.

Existing hotkeys provided in "table extras".
 

Attachments

l0wb1t

Expert Cheater
Table Maker
May 29, 2017
168
57
28
#10
Hi Guys, i will also share something with you :)

Animals Stay Spotted (use Scope or binocular, just move cursur over them, they start glowing
Code:
[ENABLE]

aobscanmodule(_AnimalsStaySpotted,theHunterCotW_F.exe,F3 0F 10 03 F3 41 0F 5C 45 00) // should be unique
aobscanmodule(_AnimalsStaySpottedCheck,theHunterCotW_F.exe,74 11 41 0F 28 D8 41 0F 28 D0 48 8D 55 A8 E8 DA)
alloc(newmem,$1000,"theHunterCotW_F.exe"+63FF95)

label(code)
label(return)

_AnimalsStaySpottedCheck:
  db eb 11


newmem:
mov [rbx],(float)5
code:
  movss xmm0,[rbx]
  subss xmm0,[r13+00]
  jmp return

_AnimalsStaySpotted:
  jmp newmem
  nop
  nop
  nop
  nop
  nop
return:
registersymbol(_AnimalsStaySpotted)
registersymbol(_AnimalsStaySpottedCheck)
[DISABLE]

_AnimalsStaySpotted:
  db F3 0F 10 03 F3 41 0F 5C 45 00
_AnimalsStaySpottedCheck:
  db 74 11

unregistersymbol(_AnimalsStaySpotted)
unregistersymbol(_AnimalsStaySpottedCheck)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "theHunterCotW_F.exe"+63FF95

"theHunterCotW_F.exe"+63FF69: E8 02 9A FC FF           -  call theHunterCotW_F.exe+609970
"theHunterCotW_F.exe"+63FF6E: F3 0F 10 35 16 79 65 01  -  movss xmm6,[theHunterCotW_F.exe+1C9788C]
"theHunterCotW_F.exe"+63FF76: 49 8B CE                 -  mov rcx,r14
"theHunterCotW_F.exe"+63FF79: E8 82 7C FA FF           -  call theHunterCotW_F.exe+5E7C00
"theHunterCotW_F.exe"+63FF7E: F3 0F 59 C6              -  mulss xmm0,xmm6
"theHunterCotW_F.exe"+63FF82: F3 0F 11 03              -  movss [rbx],xmm0
"theHunterCotW_F.exe"+63FF86: 48 8B D3                 -  mov rdx,rbx
"theHunterCotW_F.exe"+63FF89: 48 8D 4C 24 60           -  lea rcx,[rsp+60]
"theHunterCotW_F.exe"+63FF8E: E8 7D D8 01 00           -  call theHunterCotW_F.exe+65D810
"theHunterCotW_F.exe"+63FF93: EB 6E                    -  jmp theHunterCotW_F.exe+640003
// ---------- INJECTING HERE ----------
"theHunterCotW_F.exe"+63FF95: F3 0F 10 03              -  movss xmm0,[rbx]
"theHunterCotW_F.exe"+63FF99: F3 41 0F 5C 45 00        -  subss xmm0,[r13+00]
// ---------- DONE INJECTING  ----------
"theHunterCotW_F.exe"+63FF9F: F3 0F 11 03              -  movss [rbx],xmm0
"theHunterCotW_F.exe"+63FFA3: 0F 2F C7                 -  comiss xmm0,xmm7
"theHunterCotW_F.exe"+63FFA6: 76 14                    -  jna theHunterCotW_F.exe+63FFBC
"theHunterCotW_F.exe"+63FFA8: E8 C3 99 FC FF           -  call theHunterCotW_F.exe+609970
"theHunterCotW_F.exe"+63FFAD: 48 8B D3                 -  mov rdx,rbx
"theHunterCotW_F.exe"+63FFB0: 48 8D 4C 24 60           -  lea rcx,[rsp+60]
"theHunterCotW_F.exe"+63FFB5: E8 56 D8 01 00           -  call theHunterCotW_F.exe+65D810
"theHunterCotW_F.exe"+63FFBA: EB 47                    -  jmp theHunterCotW_F.exe+640003
"theHunterCotW_F.exe"+63FFBC: 41 0F 28 D9              -  movaps xmm3,xmm9
"theHunterCotW_F.exe"+63FFC0: 41 0F 28 D1              -  movaps xmm2,xmm9
}
Super Jump
Code:
{ Game   : theHunterCotW_F.exe
  Version: 
  Date   : 2017-05-27
  Author : Schr4nzi

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(_SuperJump,theHunterCotW_F.exe,66 90 0F 10 00 0F 11 01 0F 10 48 10 0F 11 49 10) // should be unique
alloc(newmem,$1000,"theHunterCotW_F.exe"+4D6366)

label(code)
label(return)

newmem:
//cmp [rax+3C],(float)15
//jne code
mov [rax+3C],(float)25
code:
  movups xmm1,[rax+10]
  movups [rcx+10],xmm1
  jmp return

_SuperJump+08:
  jmp newmem
  nop
  nop
  nop
return:
registersymbol(_SuperJump)

[DISABLE]

_SuperJump+08:
  db 0F 10 48 10 0F 11 49 10

unregistersymbol(_SuperJump)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "theHunterCotW_F.exe"+4D6366

"theHunterCotW_F.exe"+4D633F: 45 0F 57 DB              -  xorps xmm11,xmm11
"theHunterCotW_F.exe"+4D6343: F3 44 0F 51 D9           -  sqrtss xmm11,xmm1
"theHunterCotW_F.exe"+4D6348: 48 8B CF                 -  mov rcx,rdi
"theHunterCotW_F.exe"+4D634B: E8 A0 5A F1 FF           -  call theHunterCotW_F.exe+3EBDF0
"theHunterCotW_F.exe"+4D6350: 48 8D 8D 00 04 00 00     -  lea rcx,[rbp+00000400]
"theHunterCotW_F.exe"+4D6357: BE 02 00 00 00           -  mov esi,00000002
"theHunterCotW_F.exe"+4D635C: 8B D6                    -  mov edx,esi
"theHunterCotW_F.exe"+4D635E: 66 90                    -  nop 
"theHunterCotW_F.exe"+4D6360: 0F 10 00                 -  movups xmm0,[rax]
"theHunterCotW_F.exe"+4D6363: 0F 11 01                 -  movups [rcx],xmm0
// ---------- INJECTING HERE ----------
"theHunterCotW_F.exe"+4D6366: 0F 10 48 10              -  movups xmm1,[rax+10]
"theHunterCotW_F.exe"+4D636A: 0F 11 49 10              -  movups [rcx+10],xmm1
// ---------- DONE INJECTING  ----------
"theHunterCotW_F.exe"+4D636E: 0F 10 40 20              -  movups xmm0,[rax+20]
"theHunterCotW_F.exe"+4D6372: 0F 11 41 20              -  movups [rcx+20],xmm0
"theHunterCotW_F.exe"+4D6376: 0F 10 48 30              -  movups xmm1,[rax+30]
"theHunterCotW_F.exe"+4D637A: 0F 11 49 30              -  movups [rcx+30],xmm1
"theHunterCotW_F.exe"+4D637E: 0F 10 40 40              -  movups xmm0,[rax+40]
"theHunterCotW_F.exe"+4D6382: 0F 11 41 40              -  movups [rcx+40],xmm0
"theHunterCotW_F.exe"+4D6386: 0F 10 48 50              -  movups xmm1,[rax+50]
"theHunterCotW_F.exe"+4D638A: 0F 11 49 50              -  movups [rcx+50],xmm1
"theHunterCotW_F.exe"+4D638E: 0F 10 40 60              -  movups xmm0,[rax+60]
"theHunterCotW_F.exe"+4D6392: 0F 11 41 60              -  movups [rcx+60],xmm0
}

Super Speed

Code:
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat

 
 
aobscanmodule(_SuperSpeed,theHunterCotW_F.exe,66 90 0F 10 00 0F 11 01 ** ** ** ** ** ** ** ** 0F 10 40 20 0F 11 41 20) // should be unique
alloc(newmem,$1000,"theHunterCotW_F.exe"+4D636E)

label(code)
label(return)

newmem:
cmp [rax+20],(float)2
jne code
mov [rax+20],(float)25
code:
  movups xmm0,[rax+20]
  movups [rcx+20],xmm0
  jmp return

_SuperSpeed+10:
  jmp newmem
  nop
  nop
  nop
return:
registersymbol(_SuperSpeed)

[DISABLE]
//code from here till the end of the code will be used to disable the cheat
_SuperSpeed+10:
  db 0F 10 40 20 0F 11 41 20

unregistersymbol(_SuperSpeed)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "theHunterCotW_F.exe"+4D636E

"theHunterCotW_F.exe"+4D6350: 48 8D 8D 00 04 00 00     -  lea rcx,[rbp+00000400]
"theHunterCotW_F.exe"+4D6357: BE 02 00 00 00           -  mov esi,00000002
"theHunterCotW_F.exe"+4D635C: 8B D6                    -  mov edx,esi
"theHunterCotW_F.exe"+4D635E: 66 90                    -  nop 
"theHunterCotW_F.exe"+4D6360: 0F 10 00                 -  movups xmm0,[rax]
"theHunterCotW_F.exe"+4D6363: 0F 11 01                 -  movups [rcx],xmm0
"theHunterCotW_F.exe"+4D6366: E9 95 9C AF FF           -  jmp 7FF789FB0000
"theHunterCotW_F.exe"+4D636B: 90                       -  nop 
"theHunterCotW_F.exe"+4D636C: 90                       -  nop 
"theHunterCotW_F.exe"+4D636D: 90                       -  nop 
// ---------- INJECTING HERE ----------
"theHunterCotW_F.exe"+4D636E: 0F 10 40 20              -  movups xmm0,[rax+20]
"theHunterCotW_F.exe"+4D6372: 0F 11 41 20              -  movups [rcx+20],xmm0
// ---------- DONE INJECTING  ----------
"theHunterCotW_F.exe"+4D6376: 0F 10 48 30              -  movups xmm1,[rax+30]
"theHunterCotW_F.exe"+4D637A: 0F 11 49 30              -  movups [rcx+30],xmm1
"theHunterCotW_F.exe"+4D637E: 0F 10 40 40              -  movups xmm0,[rax+40]
"theHunterCotW_F.exe"+4D6382: 0F 11 41 40              -  movups [rcx+40],xmm0
"theHunterCotW_F.exe"+4D6386: 0F 10 48 50              -  movups xmm1,[rax+50]
"theHunterCotW_F.exe"+4D638A: 0F 11 49 50              -  movups [rcx+50],xmm1
"theHunterCotW_F.exe"+4D638E: 0F 10 40 60              -  movups xmm0,[rax+60]
"theHunterCotW_F.exe"+4D6392: 0F 11 41 60              -  movups [rcx+60],xmm0
"theHunterCotW_F.exe"+4D6396: 48 8D 89 80 00 00 00     -  lea rcx,[rcx+00000080]
"theHunterCotW_F.exe"+4D639D: 0F 10 48 70              -  movups xmm1,[rax+70]
}
Slow Animals
Code:
[ENABLE]

aobscanmodule(_SlowAnimals,theHunterCotW_F.exe,CC 48 8B 91 08 01 00 00 48 85 D2 74 20) // should be unique
registersymbol(_SlowAnimals)

_SlowAnimals+08:
  db 90 90 90

[DISABLE]

_SlowAnimals+08:
  db 48 85 D2

unregistersymbol(_SlowAnimals)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "theHunterCotW_F.exe"+481377

"theHunterCotW_F.exe"+481367: CC                             -  int 3
"theHunterCotW_F.exe"+481368: CC                             -  int 3
"theHunterCotW_F.exe"+481369: CC                             -  int 3
"theHunterCotW_F.exe"+48136A: CC                             -  int 3
"theHunterCotW_F.exe"+48136B: CC                             -  int 3
"theHunterCotW_F.exe"+48136C: CC                             -  int 3
"theHunterCotW_F.exe"+48136D: CC                             -  int 3
"theHunterCotW_F.exe"+48136E: CC                             -  int 3
"theHunterCotW_F.exe"+48136F: CC                             -  int 3
"theHunterCotW_F.exe"+481370: 48 8B 91 08 01 00 00           -  mov rdx,[rcx+00000108]
// ---------- INJECTING HERE ----------
"theHunterCotW_F.exe"+481377: 48 85 D2                       -  test rdx,rdx
"theHunterCotW_F.exe"+48137A: 74 20                          -  je theHunterCotW_F.exe+48139C
// ---------- DONE INJECTING  ----------
"theHunterCotW_F.exe"+48137C: 48 8B 05 15 C4 99 01           -  mov rax,[theHunterCotW_F.exe+1E1D798]
"theHunterCotW_F.exe"+481383: 48 8B 48 20                    -  mov rcx,[rax+20]
"theHunterCotW_F.exe"+481387: 48 85 C9                       -  test rcx,rcx
"theHunterCotW_F.exe"+48138A: 74 06                          -  je theHunterCotW_F.exe+481392
"theHunterCotW_F.exe"+48138C: 0F B6 41 01                    -  movzx eax,byte ptr [rcx+01]
"theHunterCotW_F.exe"+481390: EB 02                          -  jmp theHunterCotW_F.exe+481394
"theHunterCotW_F.exe"+481392: 33 C0                          -  xor eax,eax
"theHunterCotW_F.exe"+481394: 38 42 1B                       -  cmp [rdx+1B],al
"theHunterCotW_F.exe"+481397: 75 03                          -  jne theHunterCotW_F.exe+48139C
"theHunterCotW_F.exe"+481399: B0 01                          -  mov al,01
}
Icon ESP (it's buggy, icons will displayed twice behind your location)
Code:
[ENABLE]

aobscanmodule(_Code,theHunterCotW_F.exe,3A 9F 90 00 00 00) // should be unique
alloc(newmem,$1000,"theHunterCotW_F.exe"+830E1B)

label(code)
label(return)

newmem:

code:
  mov bl,1
  jmp return

_Code:
  jmp newmem
  nop
return:
registersymbol(_Code)

_Code+08:
db 80 BE 84 00 00 00 01

[DISABLE]

_Code:
  db 3A 9F 90 00 00 00
_Code+08:
  db 80 BE 84 00 00 00 00
unregistersymbol(_Code)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "theHunterCotW_F.exe"+830E1B

"theHunterCotW_F.exe"+830DFF: 22 D8                 -  and bl,al
"theHunterCotW_F.exe"+830E01: 45 84 E4              -  test r12l,r12l
"theHunterCotW_F.exe"+830E04: 74 09                 -  je theHunterCotW_F.exe+830E0F
"theHunterCotW_F.exe"+830E06: 45 84 ED              -  test r13l,r13l
"theHunterCotW_F.exe"+830E09: 74 04                 -  je theHunterCotW_F.exe+830E0F
"theHunterCotW_F.exe"+830E0B: 33 C0                 -  xor eax,eax
"theHunterCotW_F.exe"+830E0D: EB 05                 -  jmp theHunterCotW_F.exe+830E14
"theHunterCotW_F.exe"+830E0F: B8 01 00 00 00        -  mov eax,00000001
"theHunterCotW_F.exe"+830E14: 22 D8                 -  and bl,al
"theHunterCotW_F.exe"+830E16: 48 8B 74 24 68        -  mov rsi,[rsp+68]
// ---------- INJECTING HERE ----------
"theHunterCotW_F.exe"+830E1B: 3A 9F 90 00 00 00     -  cmp bl,[rdi+00000090]
// ---------- DONE INJECTING  ----------
"theHunterCotW_F.exe"+830E21: 75 0D                 -  jne theHunterCotW_F.exe+830E30
"theHunterCotW_F.exe"+830E23: 80 BE 84 00 00 00 00  -  cmp byte ptr [rsi+00000084],00
"theHunterCotW_F.exe"+830E2A: 0F 84 9F 00 00 00     -  je theHunterCotW_F.exe+830ECF
"theHunterCotW_F.exe"+830E30: 80 BE 90 04 00 00 00  -  cmp byte ptr [rsi+00000490],00
"theHunterCotW_F.exe"+830E37: 74 52                 -  je theHunterCotW_F.exe+830E8B
"theHunterCotW_F.exe"+830E39: 84 DB                 -  test bl,bl
"theHunterCotW_F.exe"+830E3B: 74 4E                 -  je theHunterCotW_F.exe+830E8B
"theHunterCotW_F.exe"+830E3D: 48 8B 86 60 04 00 00  -  mov rax,[rsi+00000460]
"theHunterCotW_F.exe"+830E44: 48 89 85 10 03 00 00  -  mov [rbp+00000310],rax
"theHunterCotW_F.exe"+830E4B: 48 8B 08              -  mov rcx,[rax]
}
 

pigeon

Expert Cheater
Mar 4, 2017
51
2
8
#11
l0wb1t, can i ask you to give a hint of how did you find animals speed value? I'm just currently trying to find something related to animal awareness (and i think it may be stay close to speed value), so they do not care if player stay right near by them. But i'm such noob... I even didn't understand how to find value from your AOB, it just give me a bunch of values that looks like no have sense :?
 

l0wb1t

Expert Cheater
Table Maker
May 29, 2017
168
57
28
#12
pigeon post_id=9903 time=1496082091 user_id=636 said:
l0wb1t, can i ask you to give a hint of how did you find animals speed value? I'm just currently trying to find something related to animal awareness (and i think it may be stay close to speed value), so they do not care if player stay right near by them. But i'm such noob... I even didn't understand how to find value from your AOB, it just give me a bunch of values that looks like no have sense :?
I didn't really found animals speed. i just messed up some code while i was searching for a proper way to do stealth mode(found this near to the Health function).
Code:
theHunterCotW_F.exe+481370 - 48 8B 91 08010000     - mov rdx,[rcx+00000108]
theHunterCotW_F.exe+481377 - 48 85 D2              - test rdx,rdx -- The Check I'm killing to do slow animals (nop it)
theHunterCotW_F.exe+48137A - 74 20                 - je theHunterCotW_F.exe+48139C
theHunterCotW_F.exe+48137C - 48 8B 05 15C49901     - mov rax,[theHunterCotW_F.exe+1E1D798] { [19AD3F37C80] }
theHunterCotW_F.exe+481383 - 48 8B 48 20           - mov rcx,[rax+20]
theHunterCotW_F.exe+481387 - 48 85 C9              - test rcx,rcx
theHunterCotW_F.exe+48138A - 74 06                 - je theHunterCotW_F.exe+481392
theHunterCotW_F.exe+48138C - 0FB6 41 01            - movzx eax,byte ptr [rcx+01]
theHunterCotW_F.exe+481390 - EB 02                 - jmp theHunterCotW_F.exe+481394
theHunterCotW_F.exe+481392 - 33 C0                 - xor eax,eax
theHunterCotW_F.exe+481394 - 38 42 1B              - cmp [rdx+1B],al
theHunterCotW_F.exe+481397 - 75 03                 - jne theHunterCotW_F.exe+48139C
theHunterCotW_F.exe+481399 - B0 01                 - mov al,01 { 1 }
theHunterCotW_F.exe+48139B - C3                    - ret 
theHunterCotW_F.exe+48139C - 32 C0                 - xor al,al
theHunterCotW_F.exe+48139E - C3                    - ret 
theHunterCotW_F.exe+48139F - CC                    - int 3 
theHunterCotW_F.exe+4813A0 - 33 C0                 - xor eax,eax
theHunterCotW_F.exe+4813A2 - 66 39 81 14020000     - cmp [rcx+00000214],ax --- some Health code
theHunterCotW_F.exe+4813A9 - 0F9E C0               - setle al
theHunterCotW_F.exe+4813AC - C3                    - ret
i tought forcing PlayerNoise, PlayerbackgroundNoise, Visbility Values to 100,100,0 is the goal to do Stealth mode. but it isn't :D
Maybe SunBeam can help us herem he's a genius at this point.
i still have no proper working stealth mode for the game yet :D This drives me crazy spent alot of ours already to research. Maybe forcing animals Health to 0 is working !? xD
 

Attachments

pigeon

Expert Cheater
Mar 4, 2017
51
2
8
#13
Oh, so this is like when i'm found Wind value. Accidentally. I was looking for something another and after ~10 minutes of increase/decrease search - i see that one of founded value was wind... Kind of luck xD
So we are working on the same thing. I spend a lot of hours with player conditions and no have luck too. Because of that, later i think that maybe we can make all animals "stupid"? Currently, i found Byte value for animal aware (meaning may be wrong because i translate it to English from another language):
Code:
Calm - 0
Careful - 1
Alert - 2
Dismayed - 3
Tense - 4
Aggressive - 5
Run - 6
Nervous - 7
But function that "write to this address" also write for a lot of another addresses, bytes and float... So i need to learn how to deal with that and looks like after that animals probably will not care if player somewhere near by them. But it required tests.
 

pigeon

Expert Cheater
Mar 4, 2017
51
2
8
#14
founded unique AOB for the animals aware:
00 00 00 00 01 00 00 04 3C AB 65 C1
So the first "00" is actual value (from 0 to 7). Amount of addresses changing, of course, during game, but it help at least do not waist time with scans. So it is useful when you spot animal, make search of this AOB and change first byte for every founded address one-by-one and by watching for animal - you will see when it change it behavior or condition if animal have been spotted in binocular.
It is useless for normal game. It still required to figure out how to deal with this function. Just help to safe time for "investigations".
 

l0wb1t

Expert Cheater
Table Maker
May 29, 2017
168
57
28
#15
Back from sleep, lemme see i'll check that,
What game Version are you using? I'm on 1.63
Do you have Skype? would be better to talk.
Br, l0wb1t

Super Speed update
mov [rax+0C],(float)25 // 0C Is for Gamepad if you play with
mov [rax+20],(float)25 // 20 is Movement Speed
mov [rax+28],(float)25 // 28 Is Sneak speed
mov [rax+30],(float)25 // 30 is Speed when lying on the ground
 

pigeon

Expert Cheater
Mar 4, 2017
51
2
8
#16
I use 1.7, update with shooting range.
I guess we almost done with it. At least, currently i found another way how to calm down animals. So i made prediction, that with method above i probably found "flags" and maybe here will be float value, related to it. And yes, when you know when it increase/decrease (flags help with it) - there is pretty easy to find it and this instructions more easy to solve. So here is two scripts, that make every animal calm:
Code:
[ENABLE]

aobscanmodule(calmAnimals1,theHunterCotW_F.exe,F3 0F 11 8C 8B 68 05 00 00) // should be unique
alloc(newmem,$1000,"theHunterCotW_F.exe"+437270)

label(code)
label(return)

newmem:

code:
  mov [rbx+rcx*4+00000568],(float)0
  //movss [rbx+rcx*4+00000568],xmm1
  jmp return

calmAnimals1:
  jmp newmem
  nop
  nop
  nop
  nop
return:
registersymbol(calmAnimals1)

[DISABLE]

calmAnimals1:
  db F3 0F 11 8C 8B 68 05 00 00

unregistersymbol(calmAnimals1)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "theHunterCotW_F.exe"+437270

"theHunterCotW_F.exe"+437248: F3 0F 59 83 B0 17 00 00     -  mulss xmm0,[rbx+000017B0]
"theHunterCotW_F.exe"+437250: F3 0F 5C C8                 -  subss xmm1,xmm0
"theHunterCotW_F.exe"+437254: 0F 2F CE                    -  comiss xmm1,xmm6
"theHunterCotW_F.exe"+437257: 73 03                       -  jae theHunterCotW_F.exe+43725C
"theHunterCotW_F.exe"+437259: 0F 28 CE                    -  movaps xmm1,xmm6
"theHunterCotW_F.exe"+43725C: 0F 2F CA                    -  comiss xmm1,xmm2
"theHunterCotW_F.exe"+43725F: 72 03                       -  jb theHunterCotW_F.exe+437264
"theHunterCotW_F.exe"+437261: 0F 28 CA                    -  movaps xmm1,xmm2
"theHunterCotW_F.exe"+437264: F3 0F 10 9C 8B 70 05 00 00  -  movss xmm3,[rbx+rcx*4+00000570]
"theHunterCotW_F.exe"+43726D: 0F 28 C7                    -  movaps xmm0,xmm7
// ---------- INJECTING HERE ----------
"theHunterCotW_F.exe"+437270: F3 0F 11 8C 8B 68 05 00 00  -  movss [rbx+rcx*4+00000568],xmm1
// ---------- DONE INJECTING  ----------
"theHunterCotW_F.exe"+437279: 0F 28 D6                    -  movaps xmm2,xmm6
"theHunterCotW_F.exe"+43727C: F3 41 0F 59 86 A8 07 00 00  -  mulss xmm0,[r14+000007A8]
"theHunterCotW_F.exe"+437285: 41 B9 05 00 00 00           -  mov r9d,00000005
"theHunterCotW_F.exe"+43728B: F3 0F 5C D8                 -  subss xmm3,xmm0
"theHunterCotW_F.exe"+43728F: 0F 2F DE                    -  comiss xmm3,xmm6
"theHunterCotW_F.exe"+437292: 77 03                       -  ja theHunterCotW_F.exe+437297
"theHunterCotW_F.exe"+437294: 0F 28 DE                    -  movaps xmm3,xmm6
"theHunterCotW_F.exe"+437297: 4C 8D 83 54 05 00 00        -  lea r8,[rbx+00000554]
"theHunterCotW_F.exe"+43729E: F3 0F 11 9C 8B 70 05 00 00  -  movss [rbx+rcx*4+00000570],xmm3
"theHunterCotW_F.exe"+4372A7: 4D 8D 04 88                 -  lea r8,[r8+rcx*4]
}
Code:
[ENABLE]

aobscanmodule(calmAnimals2,theHunterCotW_F.exe,F3 0F 11 84 8B 68 05 00 00) // should be unique
alloc(newmem,$1000,"theHunterCotW_F.exe"+437302)

label(code)
label(return)

newmem:

code:
  mov [rbx+rcx*4+00000568],(float)0
  //movss [rbx+rcx*4+00000568],xmm0
  jmp return

calmAnimals2:
  jmp newmem
  nop
  nop
  nop
  nop
return:
registersymbol(calmAnimals2)

[DISABLE]

calmAnimals2:
  db F3 0F 11 84 8B 68 05 00 00

unregistersymbol(calmAnimals2)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "theHunterCotW_F.exe"+437302

"theHunterCotW_F.exe"+4372D9: F3 0F 10 8B B4 17 00 00     -  movss xmm1,[rbx+000017B4]
"theHunterCotW_F.exe"+4372E1: 0F 28 C7                    -  movaps xmm0,xmm7
"theHunterCotW_F.exe"+4372E4: F3 41 0F 59 00              -  mulss xmm0,[r8]
"theHunterCotW_F.exe"+4372E9: F3 0F 58 84 8B 68 05 00 00  -  addss xmm0,[rbx+rcx*4+00000568]
"theHunterCotW_F.exe"+4372F2: 0F 2F C6                    -  comiss xmm0,xmm6
"theHunterCotW_F.exe"+4372F5: 73 03                       -  jae theHunterCotW_F.exe+4372FA
"theHunterCotW_F.exe"+4372F7: 0F 28 C6                    -  movaps xmm0,xmm6
"theHunterCotW_F.exe"+4372FA: 0F 2F C1                    -  comiss xmm0,xmm1
"theHunterCotW_F.exe"+4372FD: 72 03                       -  jb StupidAnimals2
"theHunterCotW_F.exe"+4372FF: 0F 28 C1                    -  movaps xmm0,xmm1
// ---------- INJECTING HERE ----------
"theHunterCotW_F.exe"+437302: F3 0F 11 84 8B 68 05 00 00  -  movss [rbx+rcx*4+00000568],xmm0
// ---------- DONE INJECTING  ----------
"theHunterCotW_F.exe"+43730B: F3 41 0F 10 00              -  movss xmm0,[r8]
"theHunterCotW_F.exe"+437310: 0F 2F C2                    -  comiss xmm0,xmm2
"theHunterCotW_F.exe"+437313: 76 0B                       -  jna theHunterCotW_F.exe+437320
"theHunterCotW_F.exe"+437315: 83 FA 03                    -  cmp edx,03
"theHunterCotW_F.exe"+437318: 74 06                       -  je theHunterCotW_F.exe+437320
"theHunterCotW_F.exe"+43731A: 0F 28 D0                    -  movaps xmm2,xmm0
"theHunterCotW_F.exe"+43731D: 44 8B CA                    -  mov r9d,edx
"theHunterCotW_F.exe"+437320: FF C2                       -  inc edx
"theHunterCotW_F.exe"+437322: 49 83 C0 04                 -  add r8,04
"theHunterCotW_F.exe"+437326: 83 FA 05                    -  cmp edx,05
}
But i still not really satisfied with it. Animals walking all time, sometimes they moves bit faster... I will try also to find how to make them sit or walking slowly. Probably as your l0wb1t solution, but i want try to figure out how to find it and manipulate it :)
 

pigeon

Expert Cheater
Mar 4, 2017
51
2
8
#17
xmm - is still some kind of magic for me. But, honestly, this script do right what i want. Maybe later i try to learn how i can take full control under functions that access for few addresses, but currently i feel that puzzle is almost solved :)
Anyway, i found the function that control animals type of movement:
Code:
[ENABLE]

aobscanmodule(animalBehavior,theHunterCotW_F.exe,44 88 A7 01 28 00 00) // should be unique
alloc(newmem,$1000,"theHunterCotW_F.exe"+3C3602)

label(code)
label(return)

newmem:

code:
  mov [rdi+00002801],0
  //mov [rdi+00002801],r12l
  jmp return

animalBehavior:
  jmp newmem
  nop
  nop
return:
registersymbol(animalBehavior)

[DISABLE]

animalBehavior:
  db 44 88 A7 01 28 00 00

unregistersymbol(animalBehavior)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "theHunterCotW_F.exe"+3C3602

"theHunterCotW_F.exe"+3C35D7: 88 87 29 29 00 00        -  mov [rdi+00002929],al
"theHunterCotW_F.exe"+3C35DD: E8 4E A5 02 00           -  call theHunterCotW_F.exe+3EDB30
"theHunterCotW_F.exe"+3C35E2: 48 8B 86 70 64 00 00     -  mov rax,[rsi+00006470]
"theHunterCotW_F.exe"+3C35E9: 48 8B 88 48 02 00 00     -  mov rcx,[rax+00000248]
"theHunterCotW_F.exe"+3C35F0: 48 85 C9                 -  test rcx,rcx
"theHunterCotW_F.exe"+3C35F3: 74 1B                    -  je theHunterCotW_F.exe+3C3610
"theHunterCotW_F.exe"+3C35F5: 48 8B 01                 -  mov rax,[rcx]
"theHunterCotW_F.exe"+3C35F8: FF 90 D0 00 00 00        -  call qword ptr [rax+000000D0]
"theHunterCotW_F.exe"+3C35FE: 84 C0                    -  test al,al
"theHunterCotW_F.exe"+3C3600: 74 0E                    -  je theHunterCotW_F.exe+3C3610
// ---------- INJECTING HERE ----------
"theHunterCotW_F.exe"+3C3602: 44 88 A7 01 28 00 00     -  mov [rdi+00002801],r12l
// ---------- DONE INJECTING  ----------
"theHunterCotW_F.exe"+3C3609: C6 87 18 28 00 00 01     -  mov byte ptr [rdi+00002818],01
"theHunterCotW_F.exe"+3C3610: 4C 8B B7 E8 27 00 00     -  mov r14,[rdi+000027E8]
"theHunterCotW_F.exe"+3C3617: 4D 85 F6                 -  test r14,r14
"theHunterCotW_F.exe"+3C361A: 74 2B                    -  je theHunterCotW_F.exe+3C3647
"theHunterCotW_F.exe"+3C361C: 49 8B 46 08              -  mov rax,[r14+08]
"theHunterCotW_F.exe"+3C3620: 48 63 48 04              -  movsxd  rcx,dword ptr [rax+04]
"theHunterCotW_F.exe"+3C3624: 4A 8B 5C 31 08           -  mov rbx,[rcx+r14+08]
"theHunterCotW_F.exe"+3C3629: E8 72 AA 03 00           -  call theHunterCotW_F.exe+3FE0A0
"theHunterCotW_F.exe"+3C362E: 48 8B D0                 -  mov rdx,rax
"theHunterCotW_F.exe"+3C3631: 49 8B 46 08              -  mov rax,[r14+08]
}
In such case, when script enabled and value is "0" - animals (all that can be hunted and small like rabbits) will stay at one place. If value will be "1" - they just walk. If "2" - semi-run. "3" - run and, i think, so on.

Looks like animal behavior system is bit complex in this game. Because another conditions, that can be "drink", "rest", "eat", "migrates" - store somewhere else.

Oh, almost forget. For more easier working with animals, when i try to found any animal values during walking with them - i made another script that turn off spot and "backlight" timer. I think that may be similar for solution from l0wb1t, but why not:
Code:
[ENABLE]

aobscanmodule(unlimSpot,theHunterCotW_F.exe,F3 0F 11 03 0F 2F C7) // should be unique
alloc(newmem,$1000,"theHunterCotW_F.exe"+636E0C)

label(code)
label(return)

newmem:

code:
  //movss [rbx],xmm0
  comiss xmm0,xmm7
  jmp return

unlimSpot:
  jmp newmem
  nop
  nop
return:
registersymbol(unlimSpot)

[DISABLE]

unlimSpot:
  db F3 0F 11 03 0F 2F C7

unregistersymbol(unlimSpot)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "theHunterCotW_F.exe"+636E0C

"theHunterCotW_F.exe"+636DE3: 49 8B CE                 -  mov rcx,r14
"theHunterCotW_F.exe"+636DE6: E8 35 80 FA FF           -  call theHunterCotW_F.exe+5DEE20
"theHunterCotW_F.exe"+636DEB: F3 0F 59 C6              -  mulss xmm0,xmm6
"theHunterCotW_F.exe"+636DEF: F3 0F 11 03              -  movss [rbx],xmm0
"theHunterCotW_F.exe"+636DF3: 48 8B D3                 -  mov rdx,rbx
"theHunterCotW_F.exe"+636DF6: 48 8D 4C 24 70           -  lea rcx,[rsp+70]
"theHunterCotW_F.exe"+636DFB: E8 80 45 03 00           -  call theHunterCotW_F.exe+66B380
"theHunterCotW_F.exe"+636E00: EB 6E                    -  jmp theHunterCotW_F.exe+636E70
"theHunterCotW_F.exe"+636E02: F3 0F 10 03              -  movss xmm0,[rbx]
"theHunterCotW_F.exe"+636E06: F3 41 0F 5C 04 24        -  subss xmm0,[r12]
// ---------- INJECTING HERE ----------
"theHunterCotW_F.exe"+636E0C: F3 0F 11 03              -  movss [rbx],xmm0
"theHunterCotW_F.exe"+636E10: 0F 2F C7                 -  comiss xmm0,xmm7
// ---------- DONE INJECTING  ----------
"theHunterCotW_F.exe"+636E13: 76 14                    -  jna theHunterCotW_F.exe+636E29
"theHunterCotW_F.exe"+636E15: E8 B6 9B FB FF           -  call theHunterCotW_F.exe+5F09D0
"theHunterCotW_F.exe"+636E1A: 48 8B D3                 -  mov rdx,rbx
"theHunterCotW_F.exe"+636E1D: 48 8D 4C 24 70           -  lea rcx,[rsp+70]
"theHunterCotW_F.exe"+636E22: E8 59 45 03 00           -  call theHunterCotW_F.exe+66B380
"theHunterCotW_F.exe"+636E27: EB 47                    -  jmp theHunterCotW_F.exe+636E70
"theHunterCotW_F.exe"+636E29: 41 0F 28 D8              -  movaps xmm3,xmm8
"theHunterCotW_F.exe"+636E2D: 41 0F 28 D0              -  movaps xmm2,xmm8
"theHunterCotW_F.exe"+636E31: 48 8D 55 B0              -  lea rdx,[rbp-50]
"theHunterCotW_F.exe"+636E35: E8 F6 42 FB FF           -  call theHunterCotW_F.exe+5EB130
}
 

pigeon

Expert Cheater
Mar 4, 2017
51
2
8
#18
table for game ver.1.7hotfix


The only thing i can't found is how to make animals sit/sleep/eat/drink/... But anyway this result much more better than taking control just under hunter visible/noise values. And there is may be issues, because i'm noob with scripts.

- "off High Clouds" do what that say, but you can change value in script to 1,2,3... and "high" clouds will be different.
- "Calm Animals" script make every animal do not care if hunter stay right near by them. It affected animals that can be hunted and small, like rabbits as well. You can change value using by script from "0" to 1,2,3...7. This all different animal aware conditions.
- "Stop Animals" make every animal stay where they are. You can change it for "1" if you want that they only walk, "2" for some kind of run. With "3" they will run like if you scare them.
- "Unlim Spot Timer" when you spot animal and information about it roll out on your screen - it will not disappear.
- "HUD" group. This will be useful for those how use ReShade. So if you made "HUD" value "0", enable "noSpotHighlight" script and make "Tracers" 0 - than your screen will be very clear and you can take clear screenshot with Steam Overlay hotkey or ReShade hotkey. But it is not really turns HUD off. HUD "0" value make game think that you press "Esc" and that you are in menu. That's means that you will see mouse cursor and if you have 2 monitors - you can move mouse out of game window. Because of that it is useful only when you ready to take screenshot. But with hotkey for switching all or part of this - it will not to be real problem.

Also i found instruction that access for a lot of addresses that affected game graphic, like power/RGBcolor of moon light, RGBcolor of clouds, water brightness and so on. But i do not insert in cheat table anything from it because i think it required time to figure out what from all of that really may be useful. If anyone want to play with graphic, just search for AOB "89 04 91 41 FF C3" and "Find out what addresses this instruction accesses".
 

Attachments

pigeon

Expert Cheater
Mar 4, 2017
51
2
8
#19
All from previous post, plus:
- "noSpotHighlightHorns" script. I found that "noSpotHighlight" script do not affected horns, so this one will fix it.
- Environment 248 parameters (but i do not understand all of them). Here is album with all of that: http://imgur.com/a/HjulU
Addresses with "-" in name means that i do not see changes while testing it at night and day, but i make test at clear weather conditions. So i think some of that may affected rain, water or anything else. Addresses that have "?" in name means that i do not sure that i understand it correct.
For working with it you should enable "No Wind", "Freeze Weather Effects" and "Enviro1" scripts. If during it you get almost black screen - just disable "No Wind" script. All of that working together so it may be tricky to deal with it.
 

Attachments

Top Bottom