FearLess Cheat Engine

yeah, hence why i limited it to 10 pages. When reading the code it does a check for if the number of entries goes over a certain amount and based my entry count on that and didnt realize the side effects. I have an idea to fix it but im not sure if it will have other side effects.

templarum wrote: ↑

Fri Jan 17, 2020 6:24 pm

s23301955 wrote: ↑

Fri Jan 17, 2020 6:15 pm

pox911 wrote: ↑

Fri Jan 17, 2020 5:38 pm

without fully understanding what this section of memory that i bled into does, there might not be an easy way. I do apologize for the inconvenience i have caused.

edit: maybe comparing it to two different newly created characters, some stuff could be copy and pasted if the game was never shut down. Just a random thought.

This one should be a bit more stable. I reduced the pages from 23 to 10 so it doesnt come close to bleeding into the other memory areas. So far i have had no crashes in my testing with this version.

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>19053</ID>
      <Description>"Fill Shop With Many Items"</Description>
      <Options moHideChildren="1"/>
      <LastState/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>[ENABLE]

aobscanmodule(ShopOverrideAOB,MonsterHunterWorld.exe,41 8B 96 48 31 00 00) // should be unique
alloc(newmem,$1000,"MonsterHunterWorld.exe"+1F8A9674)

label(code)
label(return)
label(ShopData)
registersymbol(ShopData)

newmem:
  push rax
  push rbx
  push rcx
  mov edx,[ShopData]
  imul edx,6E

  xor rax,rax
  mov rcx,6E
  lea rbx,[r14+2948]

  _Loop:
  mov [rbx+rax*8],edx
  mov [rbx+rax*8+4],edx
  inc [rbx+rax*8]
  inc rax
  inc edx
  cmp rax,rcx
  jl _Loop
code:
  mov edx,rcx
  pop rcx
  pop rbx
  pop rax

  jmp return
  ShopData:

ShopOverrideAOB:
  jmp newmem
  nop
  nop
return:
registersymbol(ShopOverrideAOB)

[DISABLE]

ShopOverrideAOB:
  db 41 8B 96 48 31 00 00

unregistersymbol(ShopOverrideAOB)
unregistersymbol(ShopData)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "MonsterHunterWorld.exe"+1F8A9674

"MonsterHunterWorld.exe"+1F8A9652: 48 8D 14 C1              -  lea rdx,[rcx+rax*8]
"MonsterHunterWorld.exe"+1F8A9656: 48 85 C0                 -  test rax,rax
"MonsterHunterWorld.exe"+1F8A9659: 75 03                    -  jne MonsterHunterWorld.exe+1F8A965E
"MonsterHunterWorld.exe"+1F8A965B: 4C 89 EA                 -  mov rdx,r13
"MonsterHunterWorld.exe"+1F8A965E: 49 0F 44 CD              -  cmove rcx,r13
"MonsterHunterWorld.exe"+1F8A9662: 49 89 D0                 -  mov r8,rdx
"MonsterHunterWorld.exe"+1F8A9665: 49 29 C8                 -  sub r8,rcx
"MonsterHunterWorld.exe"+1F8A9668: 4D 89 F1                 -  mov r9,r14
"MonsterHunterWorld.exe"+1F8A966B: 49 C1 F8 03              -  sar r8,03
"MonsterHunterWorld.exe"+1F8A966F: E8 CC 17 3E E2           -  call MonsterHunterWorld.exe+1C8AE40
// ---------- INJECTING HERE ----------
"MonsterHunterWorld.exe"+1F8A9674: 41 8B 96 48 31 00 00     -  mov edx,[r14+00003148]
// ---------- DONE INJECTING  ----------
"MonsterHunterWorld.exe"+1F8A967B: 41 89 96 1C 29 00 00     -  mov [r14+0000291C],edx
"MonsterHunterWorld.exe"+1F8A9682: EB 06                    -  jmp MonsterHunterWorld.exe+1F8A968A
"MonsterHunterWorld.exe"+1F8A9684: 8B 91 1C 29 00 00        -  mov edx,[rcx+0000291C]
"MonsterHunterWorld.exe"+1F8A968A: 49 8B 8E F8 28 00 00     -  mov rcx,[r14+000028F8]
"MonsterHunterWorld.exe"+1F8A9691: E8 7A 07 11 E1           -  call MonsterHunterWorld.exe+9B9E10
"MonsterHunterWorld.exe"+1F8A9696: 41 8B 86 48 29 00 00     -  mov eax,[r14+00002948]
"MonsterHunterWorld.exe"+1F8A969D: 4C 8D 44 24 60           -  lea r8,[rsp+60]
"MonsterHunterWorld.exe"+1F8A96A2: 48 8B 0D 97 AE 63 E5     -  mov rcx,[MonsterHunterWorld.exe+4EE4540]
"MonsterHunterWorld.exe"+1F8A96A9: 48 8D 54 24 20           -  lea rdx,[rsp+20]
"MonsterHunterWorld.exe"+1F8A96AE: 45 31 C9                 -  xor r9d,r9d
}
</AssemblerScript>
      <CheatEntries>
        <CheatEntry>
          <ID>19055</ID>
          <Description>"Chunk Index"</Description>
          <VariableType>4 Bytes</VariableType>
          <Address>ShopData</Address>
        </CheatEntry>
      </CheatEntries>
    </CheatEntry>
  </CheatEntries>
</CheatTable>

is there any way to clear botanical research's box?
i think the box have some problem
make the reward screen crash


if i press sell buttom,it will deduct a lot of money

If your issue is that it will deduct a lot of money, just have it deducted and then edit your money value back to what you had previously.

No, my issue is my friend used the old script to buy the botanical research can't plant item
and he will crash after reward screen ,if he open the botanical research,game will crash

i bought items what botanical research can plant
so i won't crash after reward screen
only the items become negative

if it can clear botanical research's box, i think the broken save-data can be fixed

Infinite Items still do not seem to work on Hot Drinks

I may be blind, but I don't see the "Go To Character Edit Screen" option in the table attached to the first post.

Will there be a new script for editing the guild card? Would like to do a new playtrhough and convert my statistics to the new one

Twilurk wrote: ↑

Fri Jan 17, 2020 9:12 pm

Infinite Items still do not seem to work on Hot Drinks

It works. It won't go lower than 4.

pox911 wrote: ↑

Fri Jan 17, 2020 5:38 pm

Shadowria wrote: ↑

Fri Jan 17, 2020 5:26 pm

Do you think there is anything that can be done for those already affected or should we just start with trying to get back to where we were on an older save?

without fully understanding what this section of memory that i bled into does, there might not be an easy way. I do apologize for the inconvenience i have caused.

edit: maybe comparing it to two different newly created characters, some stuff could be copy and pasted if the game was never shut down. Just a random thought.

This one should be a bit more stable. I reduced the pages from 23 to 10 so it doesnt come close to bleeding into the other memory areas. So far i have had no crashes in my testing with this version.

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>19053</ID>
      <Description>"Fill Shop With Many Items"</Description>
      <Options moHideChildren="1"/>
      <LastState/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>[ENABLE]

aobscanmodule(ShopOverrideAOB,MonsterHunterWorld.exe,41 8B 96 48 31 00 00) // should be unique
alloc(newmem,$1000,"MonsterHunterWorld.exe"+1F8A9674)

label(code)
label(return)
label(ShopData)
registersymbol(ShopData)

newmem:
  push rax
  push rbx
  push rcx
  mov edx,[ShopData]
  imul edx,6E

  xor rax,rax
  mov rcx,6E
  lea rbx,[r14+2948]

  _Loop:
  mov [rbx+rax*8],edx
  mov [rbx+rax*8+4],edx
  inc [rbx+rax*8]
  inc rax
  inc edx
  cmp rax,rcx
  jl _Loop
code:
  mov edx,rcx
  pop rcx
  pop rbx
  pop rax

  jmp return
  ShopData:

ShopOverrideAOB:
  jmp newmem
  nop
  nop
return:
registersymbol(ShopOverrideAOB)

[DISABLE]

ShopOverrideAOB:
  db 41 8B 96 48 31 00 00

unregistersymbol(ShopOverrideAOB)
unregistersymbol(ShopData)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "MonsterHunterWorld.exe"+1F8A9674

"MonsterHunterWorld.exe"+1F8A9652: 48 8D 14 C1              -  lea rdx,[rcx+rax*8]
"MonsterHunterWorld.exe"+1F8A9656: 48 85 C0                 -  test rax,rax
"MonsterHunterWorld.exe"+1F8A9659: 75 03                    -  jne MonsterHunterWorld.exe+1F8A965E
"MonsterHunterWorld.exe"+1F8A965B: 4C 89 EA                 -  mov rdx,r13
"MonsterHunterWorld.exe"+1F8A965E: 49 0F 44 CD              -  cmove rcx,r13
"MonsterHunterWorld.exe"+1F8A9662: 49 89 D0                 -  mov r8,rdx
"MonsterHunterWorld.exe"+1F8A9665: 49 29 C8                 -  sub r8,rcx
"MonsterHunterWorld.exe"+1F8A9668: 4D 89 F1                 -  mov r9,r14
"MonsterHunterWorld.exe"+1F8A966B: 49 C1 F8 03              -  sar r8,03
"MonsterHunterWorld.exe"+1F8A966F: E8 CC 17 3E E2           -  call MonsterHunterWorld.exe+1C8AE40
// ---------- INJECTING HERE ----------
"MonsterHunterWorld.exe"+1F8A9674: 41 8B 96 48 31 00 00     -  mov edx,[r14+00003148]
// ---------- DONE INJECTING  ----------
"MonsterHunterWorld.exe"+1F8A967B: 41 89 96 1C 29 00 00     -  mov [r14+0000291C],edx
"MonsterHunterWorld.exe"+1F8A9682: EB 06                    -  jmp MonsterHunterWorld.exe+1F8A968A
"MonsterHunterWorld.exe"+1F8A9684: 8B 91 1C 29 00 00        -  mov edx,[rcx+0000291C]
"MonsterHunterWorld.exe"+1F8A968A: 49 8B 8E F8 28 00 00     -  mov rcx,[r14+000028F8]
"MonsterHunterWorld.exe"+1F8A9691: E8 7A 07 11 E1           -  call MonsterHunterWorld.exe+9B9E10
"MonsterHunterWorld.exe"+1F8A9696: 41 8B 86 48 29 00 00     -  mov eax,[r14+00002948]
"MonsterHunterWorld.exe"+1F8A969D: 4C 8D 44 24 60           -  lea r8,[rsp+60]
"MonsterHunterWorld.exe"+1F8A96A2: 48 8B 0D 97 AE 63 E5     -  mov rcx,[MonsterHunterWorld.exe+4EE4540]
"MonsterHunterWorld.exe"+1F8A96A9: 48 8D 54 24 20           -  lea rdx,[rsp+20]
"MonsterHunterWorld.exe"+1F8A96AE: 45 31 C9                 -  xor r9d,r9d
}
</AssemblerScript>
      <CheatEntries>
        <CheatEntry>
          <ID>19055</ID>
          <Description>"Chunk Index"</Description>
          <VariableType>4 Bytes</VariableType>
          <Address>ShopData</Address>
        </CheatEntry>
      </CheatEntries>
    </CheatEntry>
  </CheatEntries>
</CheatTable>

After some testing I do believe it's just the Botanists Harvest Box having things in it that it's not supposed to.
And the reason it's crashing after quest completion specifically has to do with how the game handles time passing based on quest completion.
Because you can kill Monsters on an expedition & return with no issue even though that rewards screen operates the same way.
But no "time" passes from an expedition, in regards to things like refreshing quests or the Harvest box.

Is there any way you could whip something up to wipe that box clean?
I think it would solve the issue for those of us without super recent backups.

hellow, i have a Problem with using augmentieren at weapons. when i use it it don't work or using items. it's the script "ignore Crafting requirements"
i have the same Problem with crafitng them and armor. With some of These it dont work :c

Kwharr wrote: ↑

Fri Jan 17, 2020 11:28 pm

pox911 wrote: ↑

Fri Jan 17, 2020 5:38 pm

Shadowria wrote: ↑

Fri Jan 17, 2020 5:26 pm

Do you think there is anything that can be done for those already affected or should we just start with trying to get back to where we were on an older save?

without fully understanding what this section of memory that i bled into does, there might not be an easy way. I do apologize for the inconvenience i have caused.

edit: maybe comparing it to two different newly created characters, some stuff could be copy and pasted if the game was never shut down. Just a random thought.

This one should be a bit more stable. I reduced the pages from 23 to 10 so it doesnt come close to bleeding into the other memory areas. So far i have had no crashes in my testing with this version.

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>19053</ID>
      <Description>"Fill Shop With Many Items"</Description>
      <Options moHideChildren="1"/>
      <LastState/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>[ENABLE]

aobscanmodule(ShopOverrideAOB,MonsterHunterWorld.exe,41 8B 96 48 31 00 00) // should be unique
alloc(newmem,$1000,"MonsterHunterWorld.exe"+1F8A9674)

label(code)
label(return)
label(ShopData)
registersymbol(ShopData)

newmem:
  push rax
  push rbx
  push rcx
  mov edx,[ShopData]
  imul edx,6E

  xor rax,rax
  mov rcx,6E
  lea rbx,[r14+2948]

  _Loop:
  mov [rbx+rax*8],edx
  mov [rbx+rax*8+4],edx
  inc [rbx+rax*8]
  inc rax
  inc edx
  cmp rax,rcx
  jl _Loop
code:
  mov edx,rcx
  pop rcx
  pop rbx
  pop rax

  jmp return
  ShopData:

ShopOverrideAOB:
  jmp newmem
  nop
  nop
return:
registersymbol(ShopOverrideAOB)

[DISABLE]

ShopOverrideAOB:
  db 41 8B 96 48 31 00 00

unregistersymbol(ShopOverrideAOB)
unregistersymbol(ShopData)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "MonsterHunterWorld.exe"+1F8A9674

"MonsterHunterWorld.exe"+1F8A9652: 48 8D 14 C1              -  lea rdx,[rcx+rax*8]
"MonsterHunterWorld.exe"+1F8A9656: 48 85 C0                 -  test rax,rax
"MonsterHunterWorld.exe"+1F8A9659: 75 03                    -  jne MonsterHunterWorld.exe+1F8A965E
"MonsterHunterWorld.exe"+1F8A965B: 4C 89 EA                 -  mov rdx,r13
"MonsterHunterWorld.exe"+1F8A965E: 49 0F 44 CD              -  cmove rcx,r13
"MonsterHunterWorld.exe"+1F8A9662: 49 89 D0                 -  mov r8,rdx
"MonsterHunterWorld.exe"+1F8A9665: 49 29 C8                 -  sub r8,rcx
"MonsterHunterWorld.exe"+1F8A9668: 4D 89 F1                 -  mov r9,r14
"MonsterHunterWorld.exe"+1F8A966B: 49 C1 F8 03              -  sar r8,03
"MonsterHunterWorld.exe"+1F8A966F: E8 CC 17 3E E2           -  call MonsterHunterWorld.exe+1C8AE40
// ---------- INJECTING HERE ----------
"MonsterHunterWorld.exe"+1F8A9674: 41 8B 96 48 31 00 00     -  mov edx,[r14+00003148]
// ---------- DONE INJECTING  ----------
"MonsterHunterWorld.exe"+1F8A967B: 41 89 96 1C 29 00 00     -  mov [r14+0000291C],edx
"MonsterHunterWorld.exe"+1F8A9682: EB 06                    -  jmp MonsterHunterWorld.exe+1F8A968A
"MonsterHunterWorld.exe"+1F8A9684: 8B 91 1C 29 00 00        -  mov edx,[rcx+0000291C]
"MonsterHunterWorld.exe"+1F8A968A: 49 8B 8E F8 28 00 00     -  mov rcx,[r14+000028F8]
"MonsterHunterWorld.exe"+1F8A9691: E8 7A 07 11 E1           -  call MonsterHunterWorld.exe+9B9E10
"MonsterHunterWorld.exe"+1F8A9696: 41 8B 86 48 29 00 00     -  mov eax,[r14+00002948]
"MonsterHunterWorld.exe"+1F8A969D: 4C 8D 44 24 60           -  lea r8,[rsp+60]
"MonsterHunterWorld.exe"+1F8A96A2: 48 8B 0D 97 AE 63 E5     -  mov rcx,[MonsterHunterWorld.exe+4EE4540]
"MonsterHunterWorld.exe"+1F8A96A9: 48 8D 54 24 20           -  lea rdx,[rsp+20]
"MonsterHunterWorld.exe"+1F8A96AE: 45 31 C9                 -  xor r9d,r9d
}
</AssemblerScript>
      <CheatEntries>
        <CheatEntry>
          <ID>19055</ID>
          <Description>"Chunk Index"</Description>
          <VariableType>4 Bytes</VariableType>
          <Address>ShopData</Address>
        </CheatEntry>
      </CheatEntries>
    </CheatEntry>
  </CheatEntries>
</CheatTable>

After some testing I do believe it's just the Botanical Box having things in it that it's not supposed to.
And the reason it's crashing after quest completion specifically has to do with how the game handles time passing based on quest completion.
Because you can kill Monsters on an expedition & return with no issue even though that rewards screen operates the same way.
But no "time" passes from an expedition, in regards to things like refreshing quests or the Botanists box.

Is there any way you could whip something up to wipe that box clean?
I think it would solve the issue for those of us without super recent backups.

Plus one to this, I'm having the same issue and aside from finishing quests the only thing killing my session is opening the botanist box, if anyone has a script to empty it I'd be super grateful

So far no matter what script i run nothing seems to be able to work with the MHW client and will either crash it after a few minutes or a few seconds later. I have 6 different scripts that i am using along with the MHWResetCRC script. Has there been any up to the code that script to accommodate the last update on the 16th?

plz add maxed slot

I want it very badly.

Is it possible to have a script that allows us to catch specific endemic life?

Please I would like to know if any repair is known for the loss of my character by the use of the materials store please

pox911 wrote: ↑

Fri Jan 17, 2020 5:38 pm

Shadowria wrote: ↑

Fri Jan 17, 2020 5:26 pm

Do you think there is anything that can be done for those already affected or should we just start with trying to get back to where we were on an older save?

without fully understanding what this section of memory that i bled into does, there might not be an easy way. I do apologize for the inconvenience i have caused.

edit: maybe comparing it to two different newly created characters, some stuff could be copy and pasted if the game was never shut down. Just a random thought.

This one should be a bit more stable. I reduced the pages from 23 to 10 so it doesnt come close to bleeding into the other memory areas. So far i have had no crashes in my testing with this version.

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>19053</ID>
      <Description>"Fill Shop With Many Items"</Description>
      <Options moHideChildren="1"/>
      <LastState/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>[ENABLE]

aobscanmodule(ShopOverrideAOB,MonsterHunterWorld.exe,41 8B 96 48 31 00 00) // should be unique
alloc(newmem,$1000,"MonsterHunterWorld.exe"+1F8A9674)

label(code)
label(return)
label(ShopData)
registersymbol(ShopData)

newmem:
  push rax
  push rbx
  push rcx
  mov edx,[ShopData]
  imul edx,6E

  xor rax,rax
  mov rcx,6E
  lea rbx,[r14+2948]

  _Loop:
  mov [rbx+rax*8],edx
  mov [rbx+rax*8+4],edx
  inc [rbx+rax*8]
  inc rax
  inc edx
  cmp rax,rcx
  jl _Loop
code:
  mov edx,rcx
  pop rcx
  pop rbx
  pop rax

  jmp return
  ShopData:

ShopOverrideAOB:
  jmp newmem
  nop
  nop
return:
registersymbol(ShopOverrideAOB)

[DISABLE]

ShopOverrideAOB:
  db 41 8B 96 48 31 00 00

unregistersymbol(ShopOverrideAOB)
unregistersymbol(ShopData)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "MonsterHunterWorld.exe"+1F8A9674

"MonsterHunterWorld.exe"+1F8A9652: 48 8D 14 C1              -  lea rdx,[rcx+rax*8]
"MonsterHunterWorld.exe"+1F8A9656: 48 85 C0                 -  test rax,rax
"MonsterHunterWorld.exe"+1F8A9659: 75 03                    -  jne MonsterHunterWorld.exe+1F8A965E
"MonsterHunterWorld.exe"+1F8A965B: 4C 89 EA                 -  mov rdx,r13
"MonsterHunterWorld.exe"+1F8A965E: 49 0F 44 CD              -  cmove rcx,r13
"MonsterHunterWorld.exe"+1F8A9662: 49 89 D0                 -  mov r8,rdx
"MonsterHunterWorld.exe"+1F8A9665: 49 29 C8                 -  sub r8,rcx
"MonsterHunterWorld.exe"+1F8A9668: 4D 89 F1                 -  mov r9,r14
"MonsterHunterWorld.exe"+1F8A966B: 49 C1 F8 03              -  sar r8,03
"MonsterHunterWorld.exe"+1F8A966F: E8 CC 17 3E E2           -  call MonsterHunterWorld.exe+1C8AE40
// ---------- INJECTING HERE ----------
"MonsterHunterWorld.exe"+1F8A9674: 41 8B 96 48 31 00 00     -  mov edx,[r14+00003148]
// ---------- DONE INJECTING  ----------
"MonsterHunterWorld.exe"+1F8A967B: 41 89 96 1C 29 00 00     -  mov [r14+0000291C],edx
"MonsterHunterWorld.exe"+1F8A9682: EB 06                    -  jmp MonsterHunterWorld.exe+1F8A968A
"MonsterHunterWorld.exe"+1F8A9684: 8B 91 1C 29 00 00        -  mov edx,[rcx+0000291C]
"MonsterHunterWorld.exe"+1F8A968A: 49 8B 8E F8 28 00 00     -  mov rcx,[r14+000028F8]
"MonsterHunterWorld.exe"+1F8A9691: E8 7A 07 11 E1           -  call MonsterHunterWorld.exe+9B9E10
"MonsterHunterWorld.exe"+1F8A9696: 41 8B 86 48 29 00 00     -  mov eax,[r14+00002948]
"MonsterHunterWorld.exe"+1F8A969D: 4C 8D 44 24 60           -  lea r8,[rsp+60]
"MonsterHunterWorld.exe"+1F8A96A2: 48 8B 0D 97 AE 63 E5     -  mov rcx,[MonsterHunterWorld.exe+4EE4540]
"MonsterHunterWorld.exe"+1F8A96A9: 48 8D 54 24 20           -  lea rdx,[rsp+20]
"MonsterHunterWorld.exe"+1F8A96AE: 45 31 C9                 -  xor r9d,r9d
}
</AssemblerScript>
      <CheatEntries>
        <CheatEntry>
          <ID>19055</ID>
          <Description>"Chunk Index"</Description>
          <VariableType>4 Bytes</VariableType>
          <Address>ShopData</Address>
        </CheatEntry>
      </CheatEntries>
    </CheatEntry>
  </CheatEntries>
</CheatTable>

It's still interacting with the Harvest Box in one way or another. From what I've tested, what seems to be tripping it is "discovering" items you otherwise shouldn't be able to obtain, even if you don't buy them. For instance, if I buy things from chunk 1 or 2, it's fine since the items in there don't trip it up, but if I navigate to chunk 6 to browse the decorations, there's many items that seem to cause the issue. Scrolling through the pages and immediately talking to any NPC with access to the Botanical Research Facility would cause the game to crash.

i try the shop item list script, browse all the page from chunk 1 to 10 and interacting only with provisions stockpile, save and close game..start over and went to botanical npc and it just ctd....even only browsing im sure it will crash the game when u interact with botanical, or maybe other npcs