Neverwinter Nights Enhanced Edition Walk Through Walls CE 7.5+

[apocalypticx]

Ultimap 1 Tutorial Walking Through Walls.
Only works for Intel processors!

1.Attach Cheat Engine 7.5 ([Link]) or latest version to your target game, the game I chose is Neverwinter Nights Enhanced Edition where you can buy a cheap CDKEY.

2.Now in Cheat Engine go to the memory viewer window, press Ctrl+J or bring up the Code Dissect tool under the tools menu.Highlight all the modules and press Start.

3.Dissect all the modules that are loaded for your game eg. nwnmain.exe etc, this step will take a few minutes depending on the speed of your CPU.Let it finish before you move onto the next step.This is standard practice with any game you are targeting always dissect code after attaching to the game.This will dissect the calls and show you where all the jumps go to.
Makes tracing code a little less boring.

4.Move your character near to a wall in whatever game you chose. NWN Enhanced Edition is what I'm using, keys can be obtained for $3.

5.Now fire up the Ultimap 1 tool, under the tools menu.Make sure your options are as follows, make sure Parse data option is ticked, my Worker threads are 16 because I'm using a 8 core Intel CPU 11th generation.
Press the Start button to begin logging all calls and jumps from code locations.
Now after around 10 seconds making sure you are near a wall but not next to it, press the Code did not get executed button, now run into the wall and leave your character standing there, press the Code has been executed.Move back from the wall and press the Code has not been executed.
Run into the wall again and press the Code has been executed.
Keep repeating these steps for around 30 seconds,
Take not of how many code locations have come up if it less than 100 move to step 6.If its more than 100 keep repeating the steps above until it moves to less than 100.

6.So you have less than 100 callers, jumps etc now highlight the whole lot (left click drag or use Shift and left click methods) right click them after you highlight the whole lot and Add section to code list.
Bring up the Code list by clicking Advanced options in the bottom left of the Cheat Engine window and now proceed to sort the Calls and Jumps by creating new groups called Callers, Jumps.
Just left click and drag Callers under the Caller group you created and the Jumps under the Jumps group you created.

7.The only one's we are interested in are the Conditional jumps eg. jne jnz jz je etc.
Start by right clicking them say 3 at a time so not cause any crashing and use the option called Replace with code that does nothing.
What this will do is replace the program code eg. the Conditional jump with the bytes 90 which means no operation performing.
Now run into the wall with your 3 Conditional jumps nopped as in you've replaced the code with code that does nothing.
If you cannot run through the wall, remove the 3 you nopped and restore the original code so you stop a crash later on delete the 3 you just tried from the Code list.
Keep repeating these steps until you find this jump which is the one that allows you to walk through the wall:
nwmain.exe+7FD80C - 83 F8 01 - cmp eax,01
nwmain.exe+7FD80F - 75 0E - jne nwmain.exe+7FD81F
Basically now you'll write an Aob injection template and change the jne (jump if not equal) to a je (jump if equal) thus reversing the jump and making it allow our character to walk through the walls.

8.To filter out more results all you have to do is use the Filter out routines not in a specific module and choose nwnmain.exe.

9.The script will look like this:
{ Game : nwmain.exe
Version:
Date : 2025-05-03
Author : Apocalypticx

This script does a no clip hack
}

[ENABLE]

aobscanmodule(noclip,nwmain.exe,83 F8 01 75 0E F2) // should be unique
alloc(newmem,$1000,noclip)

label(code)
label(return)

newmem:

code:
cmp eax,1
je nwmain.exe+7FD81F //jne changes to je simple as that
jmp return

noclip:
jmp newmem
return:
registersymbol(noclip)

[DISABLE]

noclip:
db 83 F8 01 75 0E

unregistersymbol(noclip)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: nwmain.exe+7FD80C

nwmain.exe+7FD7DB: 8B 83 C8 02 00 00 - mov eax,[rbx+000002C8]
nwmain.exe+7FD7E1: 89 45 C8 - mov [rbp-38],eax
nwmain.exe+7FD7E4: C7 44 24 30 01 00 00 00 - mov [rsp+30],00000001
nwmain.exe+7FD7EC: F3 0F 11 4C 24 28 - movss [rsp+28],xmm1
nwmain.exe+7FD7F2: F3 44 0F 11 54 24 20 - movss [rsp+20],xmm10
nwmain.exe+7FD7F9: 4C 8D 4D D0 - lea r9,[rbp-30]
nwmain.exe+7FD7FD: 4C 8D 45 C0 - lea r8,[rbp-40]
nwmain.exe+7FD801: 48 8B D3 - mov rdx,rbx
nwmain.exe+7FD804: 49 8B CE - mov rcx,r14
nwmain.exe+7FD807: E8 D4 88 FE FF - call nwmain.exe+7E60E0
// ---------- INJECTING HERE ----------
nwmain.exe+7FD80C: 83 F8 01 - cmp eax,01
// ---------- DONE INJECTING ----------
nwmain.exe+7FD80F: 75 0E - jne nwmain.exe+7FD81F
nwmain.exe+7FD811: F2 41 0F 10 37 - movsd xmm6,[r15]
nwmain.exe+7FD816: 45 8B 67 08 - mov r12d,[r15+08]
nwmain.exe+7FD81A: E9 81 08 00 00 - jmp nwmain.exe+7FE0A0
nwmain.exe+7FD81F: 41 8D 45 FF - lea eax,[r13-01]
nwmain.exe+7FD823: 3C 01 - cmp al,01
nwmain.exe+7FD825: 0F 87 4F 09 00 00 - ja nwmain.exe+7FE17A
nwmain.exe+7FD82B: BE 01 00 00 00 - mov esi,00000001
nwmain.exe+7FD830: F2 0F 10 5B 38 - movsd xmm3,[rbx+38]
nwmain.exe+7FD835: 8B 43 40 - mov eax,[rbx+40]
}

This tutorial is now finished go and try out other games etc.
Credits Darkbyte for programming Cheat Engine
Apocalypticx (me) for bothering to write this tutorial
Vikz for learning some of what I have to teach.