Re: Middle-earth: Shadow of War - Goodies
Posted: Mon Oct 16, 2017 11:50 pm
Thank you for this.
Now i can get the 100% buff for "playing online".
EDIT: Im a moron.
Now i can get the 100% buff for "playing online".
EDIT: Im a moron.
Community Cheat Tables of Cheat Engine
https://fearlessrevolution.com/
Does this fix the issue with most other "infinite might" stats where you need to land a hit to use it? It's particularly annoying when using the Vengeance set since it eats my health.SunBeam wrote: ↑Tue Oct 17, 2017 12:05 amThought I'd point out there are 4 BOOLs controlling: Focus, Wrath, Elf-shots and Might, all 1 byte away from each other:
ORCode: Select all
ShadowOfWar.exe+395CE7 - 48 8D 0D A1402A02 - lea rcx,[ShadowOfWar.exe+2639D8F] <-- ShadowOfWar.exe+395CEE - E8 AD118800 - call ShadowOfWar.exe+C16EA0 ShadowOfWar.exe+395CF3 - 84 C0 - test al,al ShadowOfWar.exe+395CF5 - 74 37 - je ShadowOfWar.exe+395D2E ShadowOfWar.exe+395CF7 - 48 8B CB - mov rcx,rbx ShadowOfWar.exe+395CFA - 45 84 F6 - test r14l,r14l
So there's no freakin' need to hook that much code when you can flip 4 BOOLs to 1:Code: Select all
ShadowOfWar.exe+55AB07 - 40 38 3D 81F20D02 - cmp [ShadowOfWar.exe+2639D8F],dil <-- ShadowOfWar.exe+55AB0E - 0F84 FC308200 - je ShadowOfWar.exe+D7DC10 ShadowOfWar.exe+55AB14 - F3 0F10 8B A8000000 - movss xmm1,[rbx+000000A8] ShadowOfWar.exe+55AB1C - 48 8B CB - mov rcx,rbx ShadowOfWar.exe+55AB1F - E8 20000000 - call ShadowOfWar.exe+55AB44 ShadowOfWar.exe+55AB24 - 48 8B 5C 24 68 - mov rbx,[rsp+68] ShadowOfWar.exe+55AB29 - B0 01 - mov al,01 ShadowOfWar.exe+55AB2B - 0F28 74 24 40 - movaps xmm6,[rsp+40] ShadowOfWar.exe+55AB30 - 0F28 7C 24 30 - movaps xmm7,[rsp+30] ShadowOfWar.exe+55AB35 - 48 83 C4 50 - add rsp,50 ShadowOfWar.exe+55AB39 - 5F - pop rdi ShadowOfWar.exe+55AB3A - C3 - ret
- Focus gets auto-filled and will never get consumed
- Wrath bar gets filled to full and never gets consumed
- Elf-shots auto-get replenished and will replenish to max on each fired shot
- Might is set to full and never gets consumed
Setting them back to 0 will deplete Wrath and the others get back to normal.
BR,
Sun
i know this is old but if someone still needs:Spectre907 wrote: ↑Sun Dec 17, 2017 3:51 pmDoes anyone have a backup of what was lost from this thread when SB wiped?
Code: Select all
[ENABLE]
alloc( CheatHandlerThread, 0x1000, ShadowOfWar.exe )
registersymbol( CheatHandlerThread )
CreateThread( CheatHandlerThread )
label( CheatHandlerOff )
registersymbol( CheatHandlerOff )
label( l_CheatHandlerThread )
label( ShowHideDebugMenu )
CheatHandlerThread:
sub rsp,28
l_CheatHandlerThread:
mov rcx,A
call Sleep
cmp [CheatHandlerOff],1
jne short @f
add rsp,28
mov [CheatHandlerOff],2
ret
@@:
mov rcx,60 //VK_NUMPAD0
call GetAsyncKeyState
test ax,ax
jne short ShowHideDebugMenu
jmp short l_CheatHandlerThread
ShowHideDebugMenu:
mov rax,[ShadowOfWar.exe+232B040]
mov rcx,[rax+88]
test rcx,rcx
je short @f
mov dl,[bToggle]
//call ShadowOfWar.exe+7C3658
call ShadowOfWar.exe+7C3678
xor [bToggle],1
@@:
mov rcx,C8
call Sleep
jmp l_CheatHandlerThread
CheatHandlerOff:
dd 0
bToggle:
db 1
[DISABLE]
{$lua}
if( syntaxcheck == false ) then --actual execution
local starttime = getTickCount()
if readInteger( "CheatHandlerOff" ) == 0 then --could be 2 already
writeInteger( "CheatHandlerOff", 1 ) --tell the thread to kill itself
end
while( getTickCount() < starttime + 1000 ) and ( readInteger( "CheatHandlerOff" ) ~= 2 ) do --wait till it has finished
sleep( 20 )
end
if( getTickCount() > starttime + 1000 ) then --could happen when the window is shown
showMessage( 'Disabling the thread failed!' )
error( 'Thread disabling failed!' )
end
sleep( 1 )
end
{$asm}
unregistersymbol( CheatHandlerOff )
unregistersymbol( CheatHandlerThread )
dealloc( CheatHandlerThread )
/*
ShadowOfWar.exe+183DD98 - 40 53 - push rbx
ShadowOfWar.exe+183DD9A - 48 83 EC 40 - sub rsp,40 { 64 }
ShadowOfWar.exe+183DD9E - 45 33 C9 - xor r9d,r9d
ShadowOfWar.exe+183DDA1 - 48 8D 05 40D77300 - lea rax,[ShadowOfWar.exe+1F7B4E8] { ["ShowDebugMenu"] }
ShadowOfWar.exe+183DDA8 - 48 89 44 24 28 - mov [rsp+28],rax
ShadowOfWar.exe+183DDAD - 48 8B D9 - mov rbx,rcx
ShadowOfWar.exe+183DDB0 - 48 8D 05 45032100 - lea rax,[ShadowOfWar.exe+1A4E0FC] { ["System"] }
ShadowOfWar.exe+183DDB7 - 48 8B D1 - mov rdx,rcx
ShadowOfWar.exe+183DDBA - 48 8D 4C 24 30 - lea rcx,[rsp+30]
ShadowOfWar.exe+183DDBF - 48 89 44 24 20 - mov [rsp+20],rax
ShadowOfWar.exe+183DDC4 - 45 8D 41 02 - lea r8d,[r9+02]
ShadowOfWar.exe+183DDC8 - E8 BB29A9FE - call ShadowOfWar.exe+2D0788
ShadowOfWar.exe+183DDCD - 48 8B CB - mov rcx,rbx
ShadowOfWar.exe+183DDD0 - E8 EB17CFFE - call ShadowOfWar.exe+52F5C0
ShadowOfWar.exe+183DDD5 - BA 01000000 - mov edx,00000001 { 1 }
ShadowOfWar.exe+183DDDA - 48 8B CB - mov rcx,rbx
ShadowOfWar.exe+183DDDD - 44 8A D0 - mov r10l,al
ShadowOfWar.exe+183DDE0 - E8 8BAFAFFE - call ShadowOfWar.exe+338D70
ShadowOfWar.exe+183DDE5 - 45 84 D2 - test r10l,r10l
ShadowOfWar.exe+183DDE8 - 74 1C - je ShadowOfWar.exe+183DE06
ShadowOfWar.exe+183DDEA - 48 8B 05 4FD2AE00 - mov rax,[ShadowOfWar.exe+232B040] { [291C8F00] }
ShadowOfWar.exe+183DDF1 - 48 8B 88 88000000 - mov rcx,[rax+00000088]
ShadowOfWar.exe+183DDF8 - 48 85 C9 - test rcx,rcx
ShadowOfWar.exe+183DDFB - 74 0E - je ShadowOfWar.exe+183DE0B
ShadowOfWar.exe+183DDFD - B2 01 - mov dl,01 { 1 }
ShadowOfWar.exe+183DDFF - E8 7458F8FE - call ShadowOfWar.exe+7C3678
ShadowOfWar.exe+183DE04 - EB 05 - jmp ShadowOfWar.exe+183DE0B
ShadowOfWar.exe+183DE06 - E8 35EBCDFF - call ShadowOfWar.exe+151C940
ShadowOfWar.exe+183DE0B - 48 8D 4C 24 30 - lea rcx,[rsp+30]
ShadowOfWar.exe+183DE10 - E8 1B34B5FE - call ShadowOfWar.exe+391230
ShadowOfWar.exe+183DE15 - 33 C0 - xor eax,eax
ShadowOfWar.exe+183DE17 - 48 83 C4 40 - add rsp,40 { 64 }
ShadowOfWar.exe+183DE1B - 5B - pop rbx
ShadowOfWar.exe+183DE1C - C3 - ret
*/
Code: Select all
[ENABLE]
alloc( CheatHandlerThread, 0x1000, ShadowOfWar.exe )
registersymbol( CheatHandlerThread )
CreateThread( CheatHandlerThread )
label( CheatHandlerOff )
registersymbol( CheatHandlerOff )
label( l_CheatHandlerThread )
label( Replenish )
CheatHandlerThread:
sub rsp,28
l_CheatHandlerThread:
mov rcx,A
call Sleep
cmp [CheatHandlerOff],1
jne short @f
add rsp,28
mov [CheatHandlerOff],2
ret
@@:
mov rcx,60 //VK_NUMPAD0
call GetAsyncKeyState
test ax,ax
jne short Replenish
jmp short l_CheatHandlerThread
Replenish:
mov rax,[ShadowOfWar.exe+232AFD0]
mov rdi,[rax+888]
test rdi,rdi
je @f
mov rcx,[rdi+24B0]
test rcx,rcx
je @f
mov rcx,[rcx+2B0]
test rcx,rcx
je @f
mov r8d,14 //20 Elf-shots I think is the maximum for a pool stuck in a wall
mov edi,r8d
mov r8d,[rcx+98]
add r8d,edi
mov edx,r8d
shr edx,1F
shr edx,1
sbb edx,edx
not edx
and edx,r8d
call ShadowOfWar.exe+5D0C04
@@:
mov rcx,C8
call Sleep
jmp l_CheatHandlerThread
CheatHandlerOff:
dd 0
bToggle:
db 1
[DISABLE]
{$lua}
if( syntaxcheck == false ) then --actual execution
local starttime = getTickCount()
if readInteger( "CheatHandlerOff" ) == 0 then --could be 2 already
writeInteger( "CheatHandlerOff", 1 ) --tell the thread to kill itself
end
while( getTickCount() < starttime + 1000 ) and ( readInteger( "CheatHandlerOff" ) ~= 2 ) do --wait till it has finished
sleep( 20 )
end
if( getTickCount() > starttime + 1000 ) then --could happen when the window is shown
showMessage( 'Disabling the thread failed!' )
error( 'Thread disabling failed!' )
end
sleep( 1 )
end
{$asm}
unregistersymbol( CheatHandlerOff )
unregistersymbol( CheatHandlerThread )
dealloc( CheatHandlerThread )
Code: Select all
ShadowOfWar.exe+4E5C65 - 48 8B 0F - mov rcx,[rdi]
ShadowOfWar.exe+4E5C68 - E8 DB673D01 - call ShadowOfWar.exe+18BC448
ShadowOfWar.exe+4E5C6D - 48 85 C0 - test rax,rax
ShadowOfWar.exe+4E5C70 - 74 1C - je ShadowOfWar.exe+4E5C8E
ShadowOfWar.exe+4E5C72 - F3 0F10 57 08 - movss xmm2,[rdi+08] <-- break here and execute with F7
ShadowOfWar.exe+4E5C77 - 48 8B D0 - mov rdx,rax
ShadowOfWar.exe+4E5C7A - 48 8B CE - mov rcx,rsi
ShadowOfWar.exe+4E5C7D - 40 84 ED - test bpl,bpl
Code: Select all
ShadowOfWar.exe+188A82C - 48 89 5C 24 08 - mov [rsp+08],rbx
ShadowOfWar.exe+188A831 - 48 89 74 24 10 - mov [rsp+10],rsi
ShadowOfWar.exe+188A836 - 48 89 7C 24 18 - mov [rsp+18],rdi
ShadowOfWar.exe+188A83B - 55 - push rbp
ShadowOfWar.exe+188A83C - 41 56 - push r14
ShadowOfWar.exe+188A83E - 41 57 - push r15
ShadowOfWar.exe+188A840 - 48 8B EC - mov rbp,rsp
ShadowOfWar.exe+188A843 - 48 83 EC 60 - sub rsp,60 { 96 }
ShadowOfWar.exe+188A847 - 48 8B DA - mov rbx,rdx
ShadowOfWar.exe+188A84A - 49 8B F0 - mov rsi,r8
ShadowOfWar.exe+188A84D - 49 8B D0 - mov rdx,r8
ShadowOfWar.exe+188A850 - 48 8B F9 - mov rdi,rcx
ShadowOfWar.exe+188A853 - E8 B4FEFFFF - call ShadowOfWar.exe+188A70C
ShadowOfWar.exe+188A858 - 48 8B CB - mov rcx,rbx
ShadowOfWar.exe+188A85B - E8 9CF699FE - call ShadowOfWar.exe+229EFC
ShadowOfWar.exe+188A860 - 4C 8B F0 - mov r14,rax
ShadowOfWar.exe+188A863 - 48 85 C0 - test rax,rax
ShadowOfWar.exe+188A866 - 0F84 E3000000 - je ShadowOfWar.exe+188A94F
ShadowOfWar.exe+188A86C - 48 8B CB - mov rcx,rbx
ShadowOfWar.exe+188A86F - 48 89 5F 18 - mov [rdi+18],rbx
ShadowOfWar.exe+188A873 - E8 48ECBDFF - call ShadowOfWar.exe+14694C0
ShadowOfWar.exe+188A878 - 49 8B D6 - mov rdx,r14
ShadowOfWar.exe+188A87B - 89 45 38 - mov [rbp+38],eax
ShadowOfWar.exe+188A87E - 48 8D 4D D0 - lea rcx,[rbp-30]
ShadowOfWar.exe+188A882 - 44 8B F8 - mov r15d,eax
ShadowOfWar.exe+188A885 - E8 9A6FD9FF - call ShadowOfWar.exe+1621824
ShadowOfWar.exe+188A88A - 48 8D 4D D0 - lea rcx,[rbp-30]
ShadowOfWar.exe+188A88E - E8 35B594FE - call ShadowOfWar.exe+1D5DC8
ShadowOfWar.exe+188A893 - 84 C0 - test al,al
ShadowOfWar.exe+188A895 - 0F85 9D000000 - jne ShadowOfWar.exe+188A938
ShadowOfWar.exe+188A89B - 8B 5D F8 - mov ebx,[rbp-08]
ShadowOfWar.exe+188A89E - 48 8D 4D D0 - lea rcx,[rbp-30]
ShadowOfWar.exe+188A8A2 - E8 E174D9FF - call ShadowOfWar.exe+1621D88
ShadowOfWar.exe+188A8A7 - 48 8B C8 - mov rcx,rax
ShadowOfWar.exe+188A8AA - 4C 8B F0 - mov r14,rax
ShadowOfWar.exe+188A8AD - E8 6AAFD9FF - call ShadowOfWar.exe+162581C
ShadowOfWar.exe+188A8B2 - 48 85 C0 - test rax,rax
ShadowOfWar.exe+188A8B5 - 74 1A - je ShadowOfWar.exe+188A8D1
ShadowOfWar.exe+188A8B7 - 48 3B 47 20 - cmp rax,[rdi+20]
ShadowOfWar.exe+188A8BB - 74 14 - je ShadowOfWar.exe+188A8D1
ShadowOfWar.exe+188A8BD - FF C3 - inc ebx
ShadowOfWar.exe+188A8BF - 48 8D 4D D0 - lea rcx,[rbp-30]
ShadowOfWar.exe+188A8C3 - 89 5D F8 - mov [rbp-08],ebx
ShadowOfWar.exe+188A8C6 - E8 FDB494FE - call ShadowOfWar.exe+1D5DC8
ShadowOfWar.exe+188A8CB - 84 C0 - test al,al
ShadowOfWar.exe+188A8CD - 74 CF - je ShadowOfWar.exe+188A89E
ShadowOfWar.exe+188A8CF - EB 67 - jmp ShadowOfWar.exe+188A938
ShadowOfWar.exe+188A8D1 - 49 8B D6 - mov rdx,r14
ShadowOfWar.exe+188A8D4 - 48 8D 4D D0 - lea rcx,[rbp-30]
ShadowOfWar.exe+188A8D8 - E8 8B66D9FF - call ShadowOfWar.exe+1620F68
ShadowOfWar.exe+188A8DD - 48 8D 4D D0 - lea rcx,[rbp-30]
ShadowOfWar.exe+188A8E1 - E8 E2B494FE - call ShadowOfWar.exe+1D5DC8
ShadowOfWar.exe+188A8E6 - 84 C0 - test al,al
ShadowOfWar.exe+188A8E8 - 75 4E - jne ShadowOfWar.exe+188A938
ShadowOfWar.exe+188A8EA - 8B 5D F8 - mov ebx,[rbp-08]
ShadowOfWar.exe+188A8ED - 48 8D 4D D0 - lea rcx,[rbp-30]
ShadowOfWar.exe+188A8F1 - E8 B273D9FF - call ShadowOfWar.exe+1621CA8
ShadowOfWar.exe+188A8F6 - 48 89 45 C8 - mov [rbp-38],rax
ShadowOfWar.exe+188A8FA - 48 85 C0 - test rax,rax
ShadowOfWar.exe+188A8FD - 74 27 - je ShadowOfWar.exe+188A926
ShadowOfWar.exe+188A8FF - 4C 8D 4D 38 - lea r9,[rbp+38]
ShadowOfWar.exe+188A903 - 4C 8D 45 C8 - lea r8,[rbp-38]
ShadowOfWar.exe+188A907 - 48 8D 4D C0 - lea rcx,[rbp-40]
ShadowOfWar.exe+188A90B - E8 30FAFFFF - call ShadowOfWar.exe+188A340
ShadowOfWar.exe+188A910 - 48 8D 4F 28 - lea rcx,[rdi+28]
ShadowOfWar.exe+188A914 - 48 8D 55 C0 - lea rdx,[rbp-40]
ShadowOfWar.exe+188A918 - E8 37B7DCFE - call ShadowOfWar.exe+656054
ShadowOfWar.exe+188A91D - 48 8D 4D C0 - lea rcx,[rbp-40]
ShadowOfWar.exe+188A921 - E8 12B7DCFE - call ShadowOfWar.exe+656038
ShadowOfWar.exe+188A926 - FF C3 - inc ebx
ShadowOfWar.exe+188A928 - 48 8D 4D D0 - lea rcx,[rbp-30]
ShadowOfWar.exe+188A92C - 89 5D F8 - mov [rbp-08],ebx
ShadowOfWar.exe+188A92F - E8 94B494FE - call ShadowOfWar.exe+1D5DC8
ShadowOfWar.exe+188A934 - 84 C0 - test al,al
ShadowOfWar.exe+188A936 - 74 B5 - je ShadowOfWar.exe+188A8ED
ShadowOfWar.exe+188A938 - 48 85 F6 - test rsi,rsi
ShadowOfWar.exe+188A93B - 74 10 - je ShadowOfWar.exe+188A94D
ShadowOfWar.exe+188A93D - 45 8B CF - mov r9d,r15d
ShadowOfWar.exe+188A940 - 4C 8B C6 - mov r8,rsi
ShadowOfWar.exe+188A943 - B2 01 - mov dl,01 { 1 }
ShadowOfWar.exe+188A945 - 48 8B CF - mov rcx,rdi
ShadowOfWar.exe+188A948 - E8 7BFEFFFF - call ShadowOfWar.exe+188A7C8
ShadowOfWar.exe+188A94D - B0 01 - mov al,01 { 1 }
ShadowOfWar.exe+188A94F - 4C 8D 5C 24 60 - lea r11,[rsp+60]
ShadowOfWar.exe+188A954 - 49 8B 5B 20 - mov rbx,[r11+20]
ShadowOfWar.exe+188A958 - 49 8B 73 28 - mov rsi,[r11+28]
ShadowOfWar.exe+188A95C - 49 8B 7B 30 - mov rdi,[r11+30]
ShadowOfWar.exe+188A960 - 49 8B E3 - mov rsp,r11
ShadowOfWar.exe+188A963 - 41 5F - pop r15
ShadowOfWar.exe+188A965 - 41 5E - pop r14
ShadowOfWar.exe+188A967 - 5D - pop rbp
ShadowOfWar.exe+188A968 - C3 - ret