Page 5 of 8
Re: Bannerlords M&B
Posted: Tue Mar 31, 2020 1:43 pm
by fardriel
Try putting this on the line after the [ENABLE]:
assert(System.Core.ni.dll+34F9F5, FF 15 25 C6 FE FF 48 8B C7 48 83 C4 28 5E 5F C3)
If that keeps the script from turning on, then you've got a different game version. Granted, even if you have a different version, the game shouldn't crash without that assert. The script should just never copy any address into the pointer. Thank you SODI, that was obvious and I'm kicking myself for not changing that. I normally do.
I'll have to take another look later. It's almost 7am where I am and I still haven't slept.
Re: Bannerlords M&B
Posted: Tue Mar 31, 2020 1:44 pm
by Digitalcat
SODI wrote: ↑Tue Mar 31, 2020 1:38 pm
Code: Select all
<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
<CheatEntries>
<CheatEntry>
<ID>9</ID>
<Description>"Focus/Attribute Getter (Open/close character menu, activate this, open character menu again)"</Description>
<LastState/>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>{ Game : TaleWorlds.MountAndBlade.Launcher.exe
Version:
Date : 2020-03-31
Author : chodn
This script does blah blah blah
}
[ENABLE]
aobscan(INJECTFOCUSGETTER,8B 51 40 8B CA) // should be unique
alloc(newmem,$1000,INJECTFOCUSGETTER)
label(skip)
label(return)
label(charptr)
registersymbol(charptr)
label(retptr)
registersymbol(retptr)
newmem:
mov edx,[rcx+40]
push rax
mov rax,[rsp+10]
cmp rax,[retptr]
jne skip
mov [charptr],rcx
skip:
pop rax
mov ecx,edx
jmp return
charptr:
dq 0
retptr:
dq System.Core.ni.dll+34F9FB
INJECTFOCUSGETTER:
jmp newmem
return:
registersymbol(INJECTFOCUSGETTER)
[DISABLE]
INJECTFOCUSGETTER:
db 8B 51 40 8B CA
unregistersymbol(INJECTFOCUSGETTER)
unregistersymbol(charptr)
unregistersymbol(retptr)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 7FFDA255F636
7FFDA255F611: E8 9A 49 27 5E - call clr.dll+3FB0
7FFDA255F616: 48 8D 4E 30 - lea rcx,[rsi+30]
7FFDA255F61A: 48 8B D7 - mov rdx,rdi
7FFDA255F61D: E8 8E 49 27 5E - call clr.dll+3FB0
7FFDA255F622: 48 8B 56 20 - mov rdx,[rsi+20]
7FFDA255F626: 48 85 D2 - test rdx,rdx
7FFDA255F629: 75 04 - jne 7FFDA255F62F
7FFDA255F62B: 33 C9 - xor ecx,ecx
7FFDA255F62D: EB 07 - jmp 7FFDA255F636
7FFDA255F62F: 48 8B 8A 38 01 00 00 - mov rcx,[rdx+00000138]
// ---------- INJECTING HERE ----------
7FFDA255F636: 8B 51 40 - mov edx,[rcx+40]
7FFDA255F639: 8B CA - mov ecx,edx
// ---------- DONE INJECTING ----------
7FFDA255F63B: 89 8E A0 00 00 00 - mov [rsi+000000A0],ecx
7FFDA255F641: 48 8B CE - mov rcx,rsi
7FFDA255F644: E8 47 2C 90 FF - call 7FFDA1E62290
7FFDA255F649: 48 8B 56 20 - mov rdx,[rsi+20]
7FFDA255F64D: 48 85 D2 - test rdx,rdx
7FFDA255F650: 75 04 - jne 7FFDA255F656
7FFDA255F652: 33 C9 - xor ecx,ecx
7FFDA255F654: EB 07 - jmp 7FFDA255F65D
7FFDA255F656: 48 8B 8A 38 01 00 00 - mov rcx,[rdx+00000138]
7FFDA255F65D: 8B 51 44 - mov edx,[rcx+44]
}
</AssemblerScript>
<CheatEntries>
<CheatEntry>
<ID>3</ID>
<Description>"Focus Points"</Description>
<VariableType>4 Bytes</VariableType>
<Address>charptr</Address>
<Offsets>
<Offset>40</Offset>
</Offsets>
</CheatEntry>
<CheatEntry>
<ID>4</ID>
<Description>"Attribute Points"</Description>
<VariableType>4 Bytes</VariableType>
<Address>charptr</Address>
<Offsets>
<Offset>44</Offset>
</Offsets>
</CheatEntry>
</CheatEntries>
</CheatEntry>
</CheatEntries>
</CheatTable>
There should work now. Does for me.
This one works yeah.
Re: Bannerlords M&B
Posted: Tue Mar 31, 2020 1:50 pm
by Darkcore
that one seems to work for me SODI
Re: Bannerlords M&B
Posted: Tue Mar 31, 2020 1:50 pm
by fardriel
Last thing before I disappear: The code that grabs the focus levels of each skill looks to be generic code that is called on at least a hundred different things, so it'd probably be better to see if there's more specific code that defines that memory region/struct, instead of the specific skill focus values.
Re: Bannerlords M&B
Posted: Tue Mar 31, 2020 1:50 pm
by 4blood
SODI wrote: ↑Tue Mar 31, 2020 1:38 pm
There should work now. Does for me.
Indeed +1
Re: Bannerlords M&B
Posted: Tue Mar 31, 2020 2:08 pm
by Boxs
anyone have the skills xp?
Re: Bannerlords M&B
Posted: Tue Mar 31, 2020 2:27 pm
by Tanagord
Infinite ammo would be very useful
Re: Bannerlords M&B
Posted: Tue Mar 31, 2020 2:43 pm
by thedudeabides96
I would love something to use for skills and or smithing stamina.
Re: Bannerlords M&B
Posted: Tue Mar 31, 2020 2:58 pm
by GreenHouse
Tanagord wrote: ↑Tue Mar 31, 2020 2:27 pm
Infinite ammo would be very useful
Here's a script for infinite arrows, I'm not sure if it works with all kinds of ammo. And I'm not sure if I'm using the right version of the game, try it:
Code: Select all
<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
<CheatEntries>
<CheatEntry>
<ID>4</ID>
<Description>"Infinite Arrows"</Description>
<LastState/>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>[ENABLE]
aobscanmodule(get_Arrows,Game.dll,66 44 89 01 4C 39 99 18 01 00 00)
aobscanmodule(get_ammoDec,Game.dll,66 44 2B C3 8B D7)
alloc(newmem,$1000,Game.dll)
label(code)
label(return)
registersymbol(get_ammoDec)
newmem:
code:
mov [rcx],#90
cmp [rcx+00000118],r11
jmp return
get_Arrows:
jmp newmem
nop 6
return:
registersymbol(get_Arrows)
get_ammoDec:
db 90 90 90 90
[DISABLE]
get_Arrows:
db 66 44 89 01 4C 39 99 18 01 00 00
get_ammoDec:
db 66 44 2B C3
unregistersymbol(get_Arrows)
unregistersymbol(get_ammoDec)
dealloc(newmem)
</AssemblerScript>
</CheatEntry>
</CheatEntries>
</CheatTable>
Re: Bannerlords M&B
Posted: Tue Mar 31, 2020 3:18 pm
by dk998
SODI wrote: ↑Tue Mar 31, 2020 1:38 pm
Code: Select all
<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
<CheatEntries>
<CheatEntry>
<ID>9</ID>
<Description>"Focus/Attribute Getter (Open/close character menu, activate this, open character menu again)"</Description>
<LastState/>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>{ Game : TaleWorlds.MountAndBlade.Launcher.exe
Version:
Date : 2020-03-31
Author : chodn
This script does blah blah blah
}
[ENABLE]
aobscan(INJECTFOCUSGETTER,8B 51 40 8B CA) // should be unique
alloc(newmem,$1000,INJECTFOCUSGETTER)
label(skip)
label(return)
label(charptr)
registersymbol(charptr)
label(retptr)
registersymbol(retptr)
newmem:
mov edx,[rcx+40]
push rax
mov rax,[rsp+10]
cmp rax,[retptr]
jne skip
mov [charptr],rcx
skip:
pop rax
mov ecx,edx
jmp return
charptr:
dq 0
retptr:
dq System.Core.ni.dll+34F9FB
INJECTFOCUSGETTER:
jmp newmem
return:
registersymbol(INJECTFOCUSGETTER)
[DISABLE]
INJECTFOCUSGETTER:
db 8B 51 40 8B CA
unregistersymbol(INJECTFOCUSGETTER)
unregistersymbol(charptr)
unregistersymbol(retptr)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 7FFDA255F636
7FFDA255F611: E8 9A 49 27 5E - call clr.dll+3FB0
7FFDA255F616: 48 8D 4E 30 - lea rcx,[rsi+30]
7FFDA255F61A: 48 8B D7 - mov rdx,rdi
7FFDA255F61D: E8 8E 49 27 5E - call clr.dll+3FB0
7FFDA255F622: 48 8B 56 20 - mov rdx,[rsi+20]
7FFDA255F626: 48 85 D2 - test rdx,rdx
7FFDA255F629: 75 04 - jne 7FFDA255F62F
7FFDA255F62B: 33 C9 - xor ecx,ecx
7FFDA255F62D: EB 07 - jmp 7FFDA255F636
7FFDA255F62F: 48 8B 8A 38 01 00 00 - mov rcx,[rdx+00000138]
// ---------- INJECTING HERE ----------
7FFDA255F636: 8B 51 40 - mov edx,[rcx+40]
7FFDA255F639: 8B CA - mov ecx,edx
// ---------- DONE INJECTING ----------
7FFDA255F63B: 89 8E A0 00 00 00 - mov [rsi+000000A0],ecx
7FFDA255F641: 48 8B CE - mov rcx,rsi
7FFDA255F644: E8 47 2C 90 FF - call 7FFDA1E62290
7FFDA255F649: 48 8B 56 20 - mov rdx,[rsi+20]
7FFDA255F64D: 48 85 D2 - test rdx,rdx
7FFDA255F650: 75 04 - jne 7FFDA255F656
7FFDA255F652: 33 C9 - xor ecx,ecx
7FFDA255F654: EB 07 - jmp 7FFDA255F65D
7FFDA255F656: 48 8B 8A 38 01 00 00 - mov rcx,[rdx+00000138]
7FFDA255F65D: 8B 51 44 - mov edx,[rcx+44]
}
</AssemblerScript>
<CheatEntries>
<CheatEntry>
<ID>3</ID>
<Description>"Focus Points"</Description>
<VariableType>4 Bytes</VariableType>
<Address>charptr</Address>
<Offsets>
<Offset>40</Offset>
</Offsets>
</CheatEntry>
<CheatEntry>
<ID>4</ID>
<Description>"Attribute Points"</Description>
<VariableType>4 Bytes</VariableType>
<Address>charptr</Address>
<Offsets>
<Offset>44</Offset>
</Offsets>
</CheatEntry>
</CheatEntries>
</CheatEntry>
</CheatEntries>
</CheatTable>
There should work now. Does for me.
The script wont activate. I opened & closed the character screen then activated it then opened the character screen again. When I go to the table to activate attributes or focus points it doesnt.
Re: Bannerlords M&B
Posted: Tue Mar 31, 2020 3:23 pm
by cocotoon
Hello,
I managed to find the 3 health values. The problem, when I modify the value of the health cap, this systematically returns to 100. Do you think it is possible to change this in order to have more than 100 in health?
Re: Bannerlords M&B
Posted: Tue Mar 31, 2020 3:43 pm
by GreenHouse
- Immortal player script:
Code: Select all
<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
<CheatEntries>
<CheatEntry>
<ID>22</ID>
<Description>"Immortal"</Description>
<LastState Activated="1"/>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>[ENABLE]
aobscanregion(get_isInvulnerable,7FF000000000,7FFFFFFFFFFF,80 BF 9A 01 00 00 00)
alloc(newmem,$1000)
label(code)
label(return)
newmem:
pushf
cmp byte ptr [rdi+00000184],2 //AgentControllerType
jne code
mov byte ptr [rdi+0000019A],01
code:
popf
cmp byte ptr [rdi+0000019A],00
jmp return
get_isInvulnerable:
jmp newmem
nop 2
return:
registersymbol(get_isInvulnerable)
[DISABLE]
get_isInvulnerable:
db 80 BF 9A 01 00 00 00
unregistersymbol(get_isInvulnerable)
dealloc(newmem)
</AssemblerScript>
</CheatEntry>
</CheatEntries>
</CheatTable>
Re: Bannerlords M&B
Posted: Tue Mar 31, 2020 3:59 pm
by lixiangyu
This is the order of the adress of focus of your skills. They are all 4Bytes,18 offset. There are four temporary value which used when you level it up. After you click done, the value will writes to these adress. The address of attribute is simply six 4Bytes in a row.
"Riding" 4 Bytes +0
"Polearm" 4 Bytes +18
"Leadership" 4 Bytes +30
"Tactics" 4 Bytes +48
"Athletics" 4 Bytes +60
"Throwing" 4 Bytes +78
"Steward" 4 Bytes +90
"Onehanded" 4 Bytes +A8
"Twohanded" 4 Bytes +C0
"Bow" 4 Bytes +D8
"Crossbow" 4 Bytes +F0
"Smithing" 4 Bytes +108
"Scouting" 4 Bytes +120
"Roguery" 4 Bytes +138
"Charm" 4 Bytes +150
"Trade" 4 Bytes +168
"Medicine" 4 Bytes +180
"Engineering" 4 Bytes +198
Re: Bannerlords M&B
Posted: Tue Mar 31, 2020 4:15 pm
by gogfox
GreenHouse wrote: ↑Tue Mar 31, 2020 3:43 pm
- Immortal player script:
Code: Select all
<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
<CheatEntries>
<CheatEntry>
<ID>22</ID>
<Description>"Immortal"</Description>
<LastState Activated="1"/>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>[ENABLE]
aobscanregion(get_isInvulnerable,7FF000000000,7FFFFFFFFFFF,80 BF 9A 01 00 00 00)
alloc(newmem,$1000)
label(code)
label(return)
newmem:
pushf
cmp byte ptr [rdi+00000184],2 //AgentControllerType
jne code
mov byte ptr [rdi+0000019A],01
code:
popf
cmp byte ptr [rdi+0000019A],00
jmp return
get_isInvulnerable:
jmp newmem
nop 2
return:
registersymbol(get_isInvulnerable)
[DISABLE]
get_isInvulnerable:
db 80 BF 9A 01 00 00 00
unregistersymbol(get_isInvulnerable)
dealloc(newmem)
</AssemblerScript>
</CheatEntry>
</CheatEntries>
</CheatTable>
Not work
but still thank you for it
Re: Bannerlords M&B
Posted: Tue Mar 31, 2020 6:03 pm
by LillyanaKabal
It doesn't crash if you get the focus points manually. So it's not a problem with having 999 focus points.