Re: Bannerlords M&B
Posted: Tue Mar 31, 2020 9:00 pm
The max of learning rate is 1024. I tried with console mode
Community Cheat Tables of Cheat Engine
https://fearlessrevolution.com/
I can't get "Character Found" to auto set to yes, did the hotfix released today break the table?SODI wrote: ↑Tue Mar 31, 2020 6:56 pmMade a table.
Let's you select character, who's stats you want to edit.
open close character menu,
activate the script
Set character Number. 0 should be the player, 1 is the one you recruited next, 2 one after that etc.
open character menu again
Character Found should be set to Yes if it was found
To choose another character set Character Found to No, change character number and open character menu again.
As for character data. TW have it labelled pretty well, I only got few things after digging around. Like gold, level, name, attributes and focus points. Couldn't find values for skill points though. Found something labelled birthday and deathday, but what the values stand for or what type they are is beyond me, feel free to experiment as I included those as well.
First time working with opcode writing several addresses, hope it came out ok and code is not too hard to look at : D
Yeah I edited the weight value manually and pasted it into the game, doesn't seem to do anything. In fact, weight, build, and age all resets after clicking on "Done". The look does change, however.Darkcore wrote: ↑Tue Mar 31, 2020 6:26 pmman, I knew there was a body weight slider we didn't seem to have access to, since some npcs seem thinner or heavier than the player character, can't seem to do much about that either, like age it doesn't seem to be able to be edited, pretty sure age starts at 30 by the by.
Yep, I was playing the game with this table just fine till I downloaded the hotfix, got the hotfix and now it doesn't work, so the table doesn't work with the newest game version.FrostbitBait wrote: ↑Wed Apr 01, 2020 12:57 amI can't get "Character Found" to auto set to yes, did the hotfix released today break the table?SODI wrote: ↑Tue Mar 31, 2020 6:56 pmMade a table.
Let's you select character, who's stats you want to edit.
open close character menu,
activate the script
Set character Number. 0 should be the player, 1 is the one you recruited next, 2 one after that etc.
open character menu again
Character Found should be set to Yes if it was found
To choose another character set Character Found to No, change character number and open character menu again.
As for character data. TW have it labelled pretty well, I only got few things after digging around. Like gold, level, name, attributes and focus points. Couldn't find values for skill points though. Found something labelled birthday and deathday, but what the values stand for or what type they are is beyond me, feel free to experiment as I included those as well.
First time working with opcode writing several addresses, hope it came out ok and code is not too hard to look at : D
Code: Select all
<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
<CheatEntries>
<CheatEntry>
<ID>51</ID>
<Description>"Load mainAgent Pointer"</Description>
<LastState Activated="1"/>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>{ Game : TaleWorlds.MountAndBlade.Launcher.exe
Version:
Date : 2020-03-31
Author : chodn
This script does blah blah blah
}
[ENABLE]
aobscan(INJECTTEAMHP,C4 E1 78 2E C8 73) // should be unique
alloc(newmem,$1000,INJECTTEAMHP)
//assert(TaleWorlds.MountAndBlade.Agent::set_Health+7F,C4 E1 78 2E C8 73)
//alloc(newmem,$47,TaleWorlds.MountAndBlade.Agent::set_Health+7F)
// assembly symbols don't always get loaded, it seems?
label(code)
label(return)
alloc(mainAgent,8)
registersymbol(mainAgent)
newmem:
cmp [mainAgent],#0
jne code
push r11
push r12
mov r11,[rsi+000000A8] //"Team"
mov r12,[r11+A8] //"MBTeam"
mov r11,[r12+C8] //"_mainAgent" - always player
mov [mainAgent],r11
pop r12
pop r11
code:
vucomiss xmm1,xmm0
jmp return
mainAgent:
dq 0
//TaleWorlds.MountAndBlade.Agent::set_Health+7F:
INJECTTEAMHP:
jmp newmem
return:
registersymbol(INJECTTEAMHP)
[DISABLE]
//TaleWorlds.MountAndBlade.Agent::set_Health+7F:
INJECTTEAMHP:
db C4 E1 78 2E C8
unregistersymbol(INJECTTEAMHP)
unregistersymbol(mainAgent)
dealloc(newmem)
dealloc(mainAgent)
{
// ORIGINAL CODE - INJECTION POINT: 7FFDA25EAF9F
7FFDA25EAF67: EB 02 - jmp 7FFDA25EAF6B
7FFDA25EAF69: 33 C9 - xor ecx,ecx
7FFDA25EAF6B: C4 E1 60 57 DB - vxorps xmm3,xmm3,xmm3
7FFDA25EAF70: C4 E1 62 2A D9 - vcvtsi2ss xmm3,ebx,ecx
7FFDA25EAF75: C4 E1 78 28 D3 - vmovaps xmm2,xmm3
7FFDA25EAF7A: C4 E1 7A 10 86 68 01 00 00 - vmovss xmm0,[rsi+00000168]
7FFDA25EAF83: C4 E1 7A 5C C2 - vsubss xmm0,xmm0,xmm2
7FFDA25EAF88: C4 E1 7A 10 0D 5F 00 00 00 - vmovss xmm1,[7FFDA25EAFF0]
7FFDA25EAF91: C4 E1 78 54 C1 - vandps xmm0,xmm0,xmm1
7FFDA25EAF96: C4 E1 7A 10 0D 59 00 00 00 - vmovss xmm1,[7FFDA25EAFF8]
// ---------- INJECTING HERE ----------
7FFDA25EAF9F: C4 E1 78 2E C8 - vucomiss xmm1,xmm0
// ---------- DONE INJECTING ----------
7FFDA25EAFA4: 73 3D - jae 7FFDA25EAFE3
7FFDA25EAFA6: C4 E1 7A 10 86 68 01 00 00 - vmovss xmm0,[rsi+00000168]
7FFDA25EAFAF: C4 E1 7A 11 96 68 01 00 00 - vmovss [rsi+00000168],xmm2
7FFDA25EAFB8: 48 8B 4E 10 - mov rcx,[rsi+10]
7FFDA25EAFBC: 48 85 C9 - test rcx,rcx
7FFDA25EAFBF: 75 06 - jne 7FFDA25EAFC7
7FFDA25EAFC1: 48 83 C4 30 - add rsp,30
7FFDA25EAFC5: 5E - pop rsi
7FFDA25EAFC6: C3 - ret
7FFDA25EAFC7: 48 89 4C 24 28 - mov [rsp+28],rcx
}
</AssemblerScript>
<CheatEntries>
<CheatEntry>
<ID>50</ID>
<Description>"Player HP"</Description>
<LastState Value="100" Activated="1" RealAddress="15AD01EABC8"/>
<VariableType>Float</VariableType>
<Address>mainAgent</Address>
<Offsets>
<Offset>168</Offset>
</Offsets>
</CheatEntry>
</CheatEntries>
</CheatEntry>
</CheatEntries>
</CheatTable>
Code: Select all
<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
<CheatEntries>
<CheatEntry>
<ID>47</ID>
<Description>"Inf HP Player"</Description>
<LastState/>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>{ Game : TaleWorlds.MountAndBlade.Launcher.exe
Version:
Date : 2020-03-31
Author : chodn
This script does blah blah blah
}
[ENABLE]
//aobscan(INJECTTEAMHP,C4 E1 78 2E C8) // should be unique
//alloc(newmem,$1000,INJECTTEAMHP)
assert(TaleWorlds.MountAndBlade.Agent::set_Health+7F,C4 E1 78 2E C8)
alloc(newmem,$100,TaleWorlds.MountAndBlade.Agent::set_Health+7F)
// assembly symbols don't always get loaded, it seems?
label(code)
label(return)
newmem:
push rax
mov rax,[rsi+000000A8] //"Team"
cmp rax,#0
je code
mov rax,[rax+A8] //"MBTeam"
cmp rax,#0
je code
mov rax,[rax+C8] //"_mainAgent"
cmp rsi,rax //check if leader
jne code
vmovss xmm0,[rsi+00000168]
vmovss xmm2,[rsi+00000168]
vmovss xmm3,[rsi+00000168]
code:
pop rax
vucomiss xmm1,xmm0
jmp return
TaleWorlds.MountAndBlade.Agent::set_Health+7F:
//INJECTTEAMHP:
jmp newmem
return:
//registersymbol(INJECTTEAMHP)
[DISABLE]
TaleWorlds.MountAndBlade.Agent::set_Health+7F:
//INJECTTEAMHP:
db C4 E1 78 2E C8
//unregistersymbol(INJECTTEAMHP)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 7FFDA261618F
7FFDA2616150: C4 E1 62 2A D9 - vcvtsi2ss xmm3,ebx,ecx
7FFDA2616155: C4 E1 78 28 D3 - vmovaps xmm2,xmm3
7FFDA261615A: C4 E1 7A 10 86 68 01 00 00 - vmovss xmm0,[rsi+00000168]
7FFDA2616163: C4 E1 7A 5C C2 - vsubss xmm0,xmm0,xmm2
7FFDA2616168: C4 E1 7A 10 0D 5F 00 00 00 - vmovss xmm1,[7FFDA26161D0]
7FFDA2616171: C4 E1 78 54 C1 - vandps xmm0,xmm0,xmm1
7FFDA2616176: C4 E1 7A 10 0D 59 00 00 00 - vmovss xmm1,[7FFDA26161D8]
// ---------- INJECTING HERE ----------
7FFDA261617F: C4 E1 78 2E C8 - vucomiss xmm1,xmm0
// ---------- DONE INJECTING ----------
7FFDA2616184: 73 3D - jae 7FFDA26161C3
7FFDA2616186: C4 E1 7A 10 86 68 01 00 00 - vmovss xmm0,[rsi+00000168]
7FFDA261618F: C4 E1 7A 11 96 68 01 00 00 - vmovss [rsi+00000168],xmm2
7FFDA2616198: 48 8B 4E 10 - mov rcx,[rsi+10]
7FFDA261619C: 48 85 C9 - test rcx,rcx
7FFDA261619F: 75 06 - jne 7FFDA26161A7
7FFDA26161A1: 48 83 C4 30 - add rsp,30
7FFDA26161A5: 5E - pop rsi
7FFDA26161A6: C3 - ret
7FFDA26161A7: 48 89 4C 24 28 - mov [rsp+28],rcx
7FFDA26161AC: 48 8D 51 08 - lea rdx,[rcx+08]
7FFDA26161B0: 48 8B 0A - mov rcx,[rdx]
7FFDA26161B3: 48 8B D6 - mov rdx,rsi
}
</AssemblerScript>
</CheatEntry>
<CheatEntry>
<ID>44</ID>
<Description>"Inf HP Player Team"</Description>
<LastState Activated="1"/>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>{ Game : TaleWorlds.MountAndBlade.Launcher.exe
Version:
Date : 2020-03-31
Author : chodn
This script does blah blah blah
}
[ENABLE]
//aobscan(INJECTTEAMHP,C4 E1 78 2E C8) // should be unique
//registersymbol(INJECTTEAMHP)
//alloc(newmem,$1000,INJECTTEAMHP)
assert(TaleWorlds.MountAndBlade.Agent::set_Health+7F,C4 E1 78 2E C8)
alloc(newmem,$1000,TaleWorlds.MountAndBlade.Agent::set_Health+7F)
// assembly symbols don't always get loaded, it seems?
label(code)
label(return)
alloc(leaderteam,8)
registersymbol(leaderteam)
newmem:
push rax
mov rax,[rsi+000000A8] //"Team"
cmp rax,#0
je code
mov rax,[rax+A8] //"MBTeam"
cmp rax,#0
je code
mov rax,[rax+C8] //"_mainAgent"
mov rax,[rax+A8] //"Team"
mov rax,[rax+90] //"Side"
mov [leaderteam],rax //load leader's team
//we want to do this step every time so the player doesn't need to
//reactivate the script every single battle. takes a lot longer tho
mov rax,[rsi+000000A8] //"Team"
mov rax,[rax+90] //"Side"
cmp [leaderteam],rax //check if leader's team
jne code
vmovss xmm0,[rsi+00000168]
vmovss xmm2,[rsi+00000168]
vmovss xmm3,[rsi+00000168]
code:
pop rax
vucomiss xmm1,xmm0
jmp return
leaderteam:
dq 0
TaleWorlds.MountAndBlade.Agent::set_Health+7F:
//INJECTTEAMHP:
jmp newmem
return:
[DISABLE]
TaleWorlds.MountAndBlade.Agent::set_Health+7F:
//INJECTTEAMHP:
db C4 E1 78 2E C8
unregistersymbol(INJECTTEAMHP)
unregistersymbol(leaderteam)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 7FFDA261618F
7FFDA2616150: C4 E1 62 2A D9 - vcvtsi2ss xmm3,ebx,ecx
7FFDA2616155: C4 E1 78 28 D3 - vmovaps xmm2,xmm3
7FFDA261615A: C4 E1 7A 10 86 68 01 00 00 - vmovss xmm0,[rsi+00000168]
7FFDA2616163: C4 E1 7A 5C C2 - vsubss xmm0,xmm0,xmm2
7FFDA2616168: C4 E1 7A 10 0D 5F 00 00 00 - vmovss xmm1,[7FFDA26161D0]
7FFDA2616171: C4 E1 78 54 C1 - vandps xmm0,xmm0,xmm1
7FFDA2616176: C4 E1 7A 10 0D 59 00 00 00 - vmovss xmm1,[7FFDA26161D8]
// ---------- INJECTING HERE ----------
7FFDA261617F: C4 E1 78 2E C8 - vucomiss xmm1,xmm0
// ---------- DONE INJECTING ----------
7FFDA2616184: 73 3D - jae 7FFDA26161C3
7FFDA2616186: C4 E1 7A 10 86 68 01 00 00 - vmovss xmm0,[rsi+00000168]
7FFDA261618F: C4 E1 7A 11 96 68 01 00 00 - vmovss [rsi+00000168],xmm2
7FFDA2616198: 48 8B 4E 10 - mov rcx,[rsi+10]
7FFDA261619C: 48 85 C9 - test rcx,rcx
7FFDA261619F: 75 06 - jne 7FFDA26161A7
7FFDA26161A1: 48 83 C4 30 - add rsp,30
7FFDA26161A5: 5E - pop rsi
7FFDA26161A6: C3 - ret
7FFDA26161A7: 48 89 4C 24 28 - mov [rsp+28],rcx
7FFDA26161AC: 48 8D 51 08 - lea rdx,[rcx+08]
7FFDA26161B0: 48 8B 0A - mov rcx,[rdx]
7FFDA26161B3: 48 8B D6 - mov rdx,rsi
}
</AssemblerScript>
</CheatEntry>
</CheatEntries>
</CheatTable>