Re: Mortal Kombat 11 - table v: 1.0.3 CT
Posted: Sun Apr 28, 2019 11:38 pm
Will see what's going on with Souls
Community Cheat Tables of Cheat Engine
https://fearlessrevolution.com/
Code: Select all
{
Process : MK11.exe - (x64)
Module : MK11.exe
Game Title : Mortal Kombat 11
Game Version : 1.0.0.0
CE Version : 6.83
Script Version : 0.0.1
Date : 04/28/19
Author : ShyTwig16
Name : VialUseTimerHook
Vial Use Timer Hook
}
{$STRICT}
define(address, MK11.exe+820BED)
define(bytes, F3 41 0F 2C 45 10)
////
//// ------------------------------ ENABLE ------------------------------
[ENABLE]
aobScanModule(aobVialUseTimerHook, MK11.exe, EBxx48xxxxxxxxxxxxF3xxxxxxxxxx48xxxx48xxxxxxxxxxxx48xxxxxx48)
define(injVialUseTimerHook, aobVialUseTimerHook+9)
assert(injVialUseTimerHook, bytes)
registerSymbol(injVialUseTimerHook)
alloc(memVialUseTimerHook, 0x400, injVialUseTimerHook)
label(fltVialUseTimerHook)
registerSymbol(fltVialUseTimerHook)
label(ptrVialUseTimerHook)
registerSymbol(ptrVialUseTimerHook)
label(n_code)
label(o_code)
label(exit)
label(return)
memVialUseTimerHook:
fltVialUseTimerHook:
dd (float)60
align 10
ptrVialUseTimerHook:
dq 0
align 10 CC
n_code:
mov [ptrVialUseTimerHook],r13
mov eax,[fltVialUseTimerHook]
mov [r13+10],eax
o_code:
cvttss2si eax,[r13+10]
exit:
jmp return
////
//// ---------- Injection Point ----------
injVialUseTimerHook:
jmp n_code
nop
return:
////
//// ------------------------------ DISABLE ------------------------------
[DISABLE]
////
//// ---------- Injection Point ----------
injVialUseTimerHook:
db bytes
unregisterSymbol(injVialUseTimerHook)
unregisterSymbol(fltVialUseTimerHook)
unregisterSymbol(ptrVialUseTimerHook)
dealloc(memVialUseTimerHook)
{
//// Injection Point: MK11.exe+820BED - 0000000140820BED
//// AOB address: 0000000140820BE4 - MK11.exe+820BE4
//// Process: MK11.exe - 0000000140000000
//// Module: MK11.exe - 0000000140000000
//// Module Size: 0000000018215000
MK11.exe+820BA1: 4C 8B 5D 67 - mov r11,[rbp+67]
MK11.exe+820BA5: 4C 89 5D F7 - mov [rbp-09],r11
MK11.exe+820BA9: 66 C7 45 FF 0000 - mov word ptr [rbp-01],0000
MK11.exe+820BAF: 44 3B C0 - cmp r8d,eax
MK11.exe+820BB2: 0F84 1A010000 - je 140820CD2
MK11.exe+820BB8: 33 C0 - xor eax,eax
MK11.exe+820BBA: 89 45 77 - mov [rbp+77],eax
MK11.exe+820BBD: 0F1F 00 - nop [rax]
MK11.exe+820BC0: 49 63 C0 - movsxd rax,r8d
MK11.exe+820BC3: 4C 6B E8 38 - imul r13,rax,38
MK11.exe+820BC7: 4D 03 2B - add r13,[r11]
MK11.exe+820BCA: 49 8D 4D 10 - lea rcx,[r13+10]
MK11.exe+820BCE: E8 2DBB6A00 - call 140ECC700
MK11.exe+820BD3: 84 C0 - test al,al
MK11.exe+820BD5: 74 0F - je 140820BE6
MK11.exe+820BD7: 41 8B 55 08 - mov edx,[r13+08]
MK11.exe+820BDB: 48 8B 4D 67 - mov rcx,[rbp+67]
MK11.exe+820BDF: E8 3C61FCFF - call 1407E6D20
MK11.exe+820BE4: EB 40 - jmp 140820C26 <<<--- AOB Starts Here
MK11.exe+820BE6: 48 8B 1D 934F8502 - mov rbx,[143075B80] [4A0CFA60]
//// INJECTING START ----------------------------------------------------------
MK11.exe+820BED: F3 41 0F2C 45 10 - cvttss2si eax,[r13+10]
//// INJECTING END ----------------------------------------------------------
MK11.exe+820BF3: 48 63 C8 - movsxd rcx,eax
MK11.exe+820BF6: 48 69 C1 E8030000 - imul rax,rcx000003E8
MK11.exe+820BFD: 48 89 45 7F - mov [rbp+7F],rax
MK11.exe+820C01: 48 8D 55 7F - lea rdx,[rbp+7F]
MK11.exe+820C05: 48 8D 4D 07 - lea rcx,[rbp+07]
MK11.exe+820C09: E8 72843D00 - call 140BF9080
MK11.exe+820C0E: 4C 8D 45 07 - lea r8,[rbp+07]
MK11.exe+820C12: 41 8B 55 08 - mov edx,[r13+08]
MK11.exe+820C16: 48 8B 8B 000D0000 - mov rcx,[rbx+00000D00]
MK11.exe+820C1D: E8 CEA53000 - call 140B2B1F0
MK11.exe+820C22: 48 8B 5D 9F - mov rbx,[rbp-61]
MK11.exe+820C26: 41 8B C7 - mov eax,r15d
MK11.exe+820C29: F7 D0 - not eax
MK11.exe+820C2B: 44 23 F0 - and r14d,eax
MK11.exe+820C2E: 44 89 75 A7 - mov [rbp-59],r14d
MK11.exe+820C32: 48 8B 03 - mov rax,[rbx]
MK11.exe+820C35: 48 85 C0 - test rax,rax
MK11.exe+820C38: 75 04 - jne 140820C3E
MK11.exe+820C3A: 48 8D 43 10 - lea rax,[rbx+10]
MK11.exe+820C3E: 4C 8D 4D 77 - lea r9,[rbp+77]
//// Template: I2CEA_AOBFullInjectionWithValues
//// Generated with: I2 Cheat Engine Auto Assembler Script Template Generator
//// Code Happy, Code Freely, Be Awesome.
}
Code: Select all
MK11.exe+C300670 - 48 89 5C 24 08 - mov [rsp+08],rbx <-- RET this
MK11.exe+C300675 - 57 - push rdi
MK11.exe+C300676 - 48 83 EC 20 - sub rsp,20 { 32 }
MK11.exe+C30067A - 48 8B 1D FF54D7F6 - mov rbx,[MK11.exe+3075B80] { (5FAF0CE0) }
MK11.exe+C300681 - 48 89 CF - mov rdi,rcx
MK11.exe+C300684 - 48 85 DB - test rbx,rbx
MK11.exe+C300687 - 74 0A - je MK11.exe+C300693
MK11.exe+C300689 - 31 D2 - xor edx,edx
MK11.exe+C30068B - 48 89 D9 - mov rcx,rbx
MK11.exe+C30068E - E8 AD4C51F4 - call MK11.exe+815340
MK11.exe+C300693 - 31 C0 - xor eax,eax
MK11.exe+C300695 - 89 47 04 - mov [rdi+04],eax
MK11.exe+C300698 - 39 47 08 - cmp [rdi+08],eax
MK11.exe+C30069B - 74 44 - je MK11.exe+C3006E1
MK11.exe+C30069D - 89 47 08 - mov [rdi+08],eax
MK11.exe+C3006A0 - 48 8B 05 D954D7F6 - mov rax,[MK11.exe+3075B80] { (5FAF0CE0) }
MK11.exe+C3006A7 - 48 85 C0 - test rax,rax
MK11.exe+C3006AA - 74 35 - je MK11.exe+C3006E1
MK11.exe+C3006AC - 48 83 B8 700C0000 00 - cmp qword ptr [rax+00000C70],00 { 0 }
MK11.exe+C3006B4 - 74 2B - je MK11.exe+C3006E1
MK11.exe+C3006B6 - 8B 88 780C0000 - mov ecx,[rax+00000C78]
MK11.exe+C3006BC - 81 F9 70170000 - cmp ecx,00001770 { 6000 }
MK11.exe+C3006C2 - 73 1D - jae MK11.exe+C3006E1
MK11.exe+C3006C4 - 8B 80 7C0C0000 - mov eax,[rax+00000C7C]
MK11.exe+C3006CA - 89 CA - mov edx,ecx
MK11.exe+C3006CC - 48 8D 0D B5F5E7F6 - lea rcx,[MK11.exe+317FC88] { (65602) }
MK11.exe+C3006D3 - 39 04 91 - cmp [rcx+rdx*4],eax
MK11.exe+C3006D6 - 75 09 - jne MK11.exe+C3006E1
MK11.exe+C3006D8 - 48 8D 4F 10 - lea rcx,[rdi+10]
MK11.exe+C3006DC - E8 CFB6BCF4 - call MK11.exe+ECBDB0
MK11.exe+C3006E1 - 48 85 DB - test rbx,rbx
MK11.exe+C3006E4 - 74 08 - je MK11.exe+C3006EE
MK11.exe+C3006E6 - 48 89 D9 - mov rcx,rbx
MK11.exe+C3006E9 - E8 32204EF4 - call MK11.exe+7E2720
MK11.exe+C3006EE - 48 8B 5C 24 30 - mov rbx,[rsp+30]
MK11.exe+C3006F3 - 48 83 C4 20 - add rsp,20 { 32 }
MK11.exe+C3006F7 - 5F - pop rdi
MK11.exe+C3006F8 - C3 - ret
This doesn't work on the Orbs either.SunBeam wrote: ↑Sun Apr 28, 2019 11:12 pmOh LOL. The base for that 0xE14 bool is a pointer to a table of "MK11KryptStaticActor" UObject pointers Wonder if I can iterate through it and if it contains all spawned Actors in the Krypt.
EDIT: Ka-ching!
[[MK11.exe+3075B80]+E14] == 1 Global 0 Koins cost for any chestCode: Select all
MK11.exe+7FB725 - 48 8B 15 54A48702 - mov rdx,[MK11.exe+3075B80] { (A640FE00) } MK11.exe+7FB72C - 48 89 55 8F - mov [rbp-71],rdx
It's in the lower pit.SunBeam wrote: ↑Mon Apr 29, 2019 1:13 amNoticed it doesn't work on Kronika Vaults. I'm off to find Ermac's Amulet. Tired of the Locked Soul Vaults Will then see how to make it work for Souls as well. Meanwhile, note that if you go from one big map to another, you need to do an R at least once. Engine doesn't unhide all hidden chests from a map that just got loaded (e.g.: when moving from main to Goro's Lair).
Code: Select all
Lower Pit
X -73.053924560547
Z -44.100292205811
Y -21.612953186035
Code: Select all
MK11.exe+807967 - 41 80 BC 24 140E0000 00 - cmp byte ptr [r12+00000E14],00 { 0 }
MK11.exe+807970 - 0F84 7C010000 - je MK11.exe+807AF2
MK11.exe+807976 - 83 F8 0A - cmp eax,0A { 10 }
MK11.exe+807979 - 0F85 73010000 - jne MK11.exe+807AF2 <-- NOP this if you use 0xE14; else change CMP to JMP_to_xor_below_this_line
MK11.exe+80797F - 45 33 F6 - xor r14d,r14d
Code: Select all
MK11.exe+7FB854 - 80 B8 140E0000 00 - cmp byte ptr [rax+00000E14],00 { 0 }
MK11.exe+7FB85B - 74 2E - je MK11.exe+7FB88B
MK11.exe+7FB85D - 41 83 FF 0A - cmp r15d,0A { 10 }
MK11.exe+7FB861 - 75 28 - jne MK11.exe+7FB88B <-- NOP :)
MK11.exe+7FB863 - 45 33 E4 - xor r12d,r12d
MK11.exe+7FB866 - EB 56 - jmp MK11.exe+7FB8BE
Code: Select all
MK11.exe+807967 - EB 16 - jmp MK11.exe+80797F
MK11.exe+807969 - 90 - nop
MK11.exe+80796A - 90 - nop
MK11.exe+80796B - 90 - nop
MK11.exe+80796C - 90 - nop
MK11.exe+80796D - 90 - nop
MK11.exe+80796E - 90 - nop
MK11.exe+80796F - 90 - nop
MK11.exe+807970 - 0F84 7C010000 - je MK11.exe+807AF2
MK11.exe+807976 - 83 F8 0A - cmp eax,0A { 10 }
MK11.exe+807979 - 0F85 73010000 - jne MK11.exe+807AF2
MK11.exe+80797F - 45 33 F6 - xor r14d,r14d
Code: Select all
MK11.exe+7FB854 - EB 0D - jmp MK11.exe+7FB863
MK11.exe+7FB856 - 90 - nop
MK11.exe+7FB857 - 90 - nop
MK11.exe+7FB858 - 90 - nop
MK11.exe+7FB859 - 90 - nop
MK11.exe+7FB85A - 90 - nop
MK11.exe+7FB85B - 74 2E - je MK11.exe+7FB88B
MK11.exe+7FB85D - 41 83 FF 0A - cmp r15d,0A { 10 }
MK11.exe+7FB861 - 75 28 - jne MK11.exe+7FB88B
MK11.exe+7FB863 - 45 31 E4 - xor r12d,r12d
I had this active and had the blindfold on and was killed and now the chests show and so do the prompts to open them.SunBeam wrote: ↑Mon Apr 29, 2019 12:16 am...
I can't be arsed to also enable the E action when they are visible. So.. enable any script that comes out of the above code, head to your white-ish-hidden-now-visible chest, press R, loot it. Press R again to return to normal world. And so on
P.S.: Yes, you will see R - REMOVE BLINDFOLD in mid-screen; doesn't bother me
Yeah. I'm in Kytinn Hive right now, near the Carcass. So.. if you get killed with Blindfold on, once you reset, the actions will be swapped. As in you will see normally, though move slow (like with Blindfold on) and Souls will decrease as well (just noticed now that while in the Spirits world, Souls decrease) So.. get yourself killed somehow if that happens to get back to normalShyTwig16 wrote: ↑Mon Apr 29, 2019 1:56 amI had this active and had the blindfold on and was killed and now the chests show and so do the prompts to open them.SunBeam wrote: ↑Mon Apr 29, 2019 12:16 am...
I can't be arsed to also enable the E action when they are visible. So.. enable any script that comes out of the above code, head to your white-ish-hidden-now-visible chest, press R, loot it. Press R again to return to normal world. And so on
P.S.: Yes, you will see R - REMOVE BLINDFOLD in mid-screen; doesn't bother me
Thanks for the update, but I wonder if you guys can put a teleport save to Shang Tsung´s treasure cache. Good job by the way