We're giving away Borderlands 3 gift key. Click here!

Control +14 (table Update4.1)

Upload your cheat tables here (No requests)
pigeon
Expert Cheater
Expert Cheater
Posts: 92
Joined: Sat Mar 04, 2017 11:37 am
Reputation: 41

Re: Control +12 (table Update3)

Post by pigeon » Mon Sep 02, 2019 12:15 pm

Otis_Inf wrote:
Mon Sep 02, 2019 9:35 am
Only thing that's bugged here is the outlines on objects. I can't find that.
Maybe this could help you? Found how to disable it with changing conditional je to jmp, but i guess you could do it better :)
Show
"Control_DX12.exe"+ABA90: B0 01 - mov al,01
"Control_DX12.exe"+ABA92: 0F 57 C0 - xorps xmm0,xmm0
"Control_DX12.exe"+ABA95: 41 0F 2F 85 10 02 00 00 - comiss xmm0,[r13+00000210]
"Control_DX12.exe"+ABA9D: 0F 82 95 02 00 00 - jb Control_DX12.exe+ABD38
"Control_DX12.exe"+ABAA3: 84 C0 - test al,al
"Control_DX12.exe"+ABAA5: 0F 84 8D 02 00 00 - je Control_DX12.exe+ABD38
"Control_DX12.exe"+ABAAB: 80 7D 40 00 - cmp byte ptr [rbp+40],00
"Control_DX12.exe"+ABAAF: 0F 84 83 02 00 00 - je Control_DX12.exe+ABD38
"Control_DX12.exe"+ABAB5: 49 8B 85 70 03 00 00 - mov rax,[r13+00000370]
"Control_DX12.exe"+ABABC: 80 38 00 - cmp byte ptr [rax],00
// ---------- INJECTING HERE ----------
"Control_DX12.exe"+ABABF: 0F 84 73 02 00 00 - je Control_DX12.exe+ABD38
// ---------- DONE INJECTING ----------
"Control_DX12.exe"+ABAC5: 45 84 FF - test r15l,r15l
"Control_DX12.exe"+ABAC8: 0F 85 6A 02 00 00 - jne Control_DX12.exe+ABD38
"Control_DX12.exe"+ABACE: 49 8B 85 70 01 00 00 - mov rax,[r13+00000170]
"Control_DX12.exe"+ABAD5: 8B 90 D0 01 00 00 - mov edx,[rax+000001D0]
"Control_DX12.exe"+ABADB: 8B C2 - mov eax,edx
"Control_DX12.exe"+ABADD: C1 F8 1F - sar eax,1F
"Control_DX12.exe"+ABAE0: 83 E0 01 - and eax,01
"Control_DX12.exe"+ABAE3: FF C0 - inc eax
"Control_DX12.exe"+ABAE5: 41 BF 08 00 00 00 - mov r15d,00000008
"Control_DX12.exe"+ABAEB: 83 F8 01 - cmp eax,01
Maybe you also could be interesting in calm enemies? As far as i can see, it's doesn't disabling conditions when enemies could hit/punch player and they are only doesn't shoot at player from guns, so I'm here only at the beginning
Show
"bonsai_rmdwin10_f.dll"+58A6F: CC - int 3
"bonsai_rmdwin10_f.dll"+58A70: 48 89 5C 24 08 - mov [rsp+08],rbx
"bonsai_rmdwin10_f.dll"+58A75: 48 89 74 24 10 - mov [rsp+10],rsi
"bonsai_rmdwin10_f.dll"+58A7A: 57 - push rdi
"bonsai_rmdwin10_f.dll"+58A7B: 48 83 EC 20 - sub rsp,20
"bonsai_rmdwin10_f.dll"+58A7F: 48 8B 71 08 - mov rsi,[rcx+08]
"bonsai_rmdwin10_f.dll"+58A83: 48 8B F9 - mov rdi,rcx
"bonsai_rmdwin10_f.dll"+58A86: 0F B6 DA - movzx ebx,dl
"bonsai_rmdwin10_f.dll"+58A89: 48 8D 8E F0 00 00 00 - lea rcx,[rsi+000000F0]
"bonsai_rmdwin10_f.dll"+58A90: FF 15 EA BD 3D 00 - call qword ptr [bonsai_rmdwin10_f.dll+434880]
// ---------- INJECTING HERE ----------
"bonsai_rmdwin10_f.dll"+58A96: 84 C0 - test al,al
"bonsai_rmdwin10_f.dll"+58A98: 74 2F - je bonsai_rmdwin10_f.dll+58AC9
"bonsai_rmdwin10_f.dll"+58A9A: 48 8B 86 E8 00 00 00 - mov rax,[rsi+000000E8]
// ---------- DONE INJECTING ----------
"bonsai_rmdwin10_f.dll"+58AA1: B9 FF 3F 00 00 - mov ecx,00003FFF
"bonsai_rmdwin10_f.dll"+58AA6: 66 85 08 - test [rax],cx
"bonsai_rmdwin10_f.dll"+58AA9: 74 1E - je bonsai_rmdwin10_f.dll+58AC9
"bonsai_rmdwin10_f.dll"+58AAB: 48 B9 00 C0 FF FF FF FF FF 3F - mov rcx,3FFFFFFFFFFFC000
"bonsai_rmdwin10_f.dll"+58AB5: 48 85 08 - test [rax],rcx
"bonsai_rmdwin10_f.dll"+58AB8: 74 0F - je bonsai_rmdwin10_f.dll+58AC9
"bonsai_rmdwin10_f.dll"+58ABA: 48 8D 96 84 01 00 00 - lea rdx,[rsi+00000184]
"bonsai_rmdwin10_f.dll"+58AC1: 38 1A - cmp [rdx],bl
"bonsai_rmdwin10_f.dll"+58AC3: 74 27 - je bonsai_rmdwin10_f.dll+58AEC
"bonsai_rmdwin10_f.dll"+58AC5: 88 1A - mov [rdx],bl <<<<<< here "1" when enemies noticed player and "0" when not (required additional script to "physics_rmdwin10_f.dll"+6B31 for moving player XYZ coords that used by enenmies for noticing player far away)
Otis_Inf wrote:
Mon Sep 02, 2019 9:35 am
(@Pigeon, it's 2 bytes :) )
Yep, I'm that guy from reddit that think that everybody should read your free camera guide :)

Otis_Inf
Cheater
Cheater
Posts: 35
Joined: Sat May 06, 2017 8:04 am
Reputation: 27

Re: Control +12 (table Update3)

Post by Otis_Inf » Mon Sep 02, 2019 12:51 pm

@Pigeon excellent! Will try the outline hide right away :)
Yep, I'm that guy from reddit that think that everybody should read your free camera guide :)
Ah! :D Glad you like it. :)

Timestop/pause is a pain in this game. The functions in there, when called (even though they're functions without arguments, so I only pass in the this pointer in rcx) always crash... :/ The timestop I use now is the global timer, which works but in cutscenes there's a nice overlay which breaks when enabling the timestop as the shader stops working, so you get harsh lighting all of a sudden. Probably a threading issue, but alas... it is what it is.

Edit:
@Pigeon: that worked like a charm! I added it to the enable freecam script so they're automatically removed. Updated the tables and credited you:) Thanks!

pigeon
Expert Cheater
Expert Cheater
Posts: 92
Joined: Sat Mar 04, 2017 11:37 am
Reputation: 41

Re: Control +12 (table Update3)

Post by pigeon » Mon Sep 02, 2019 7:00 pm

Otis_Inf you mean Timestop/pause as a... float? I believe I'm saw few times after unfreezing game in CE and for a very short amount of second ambient effects (as smoke for example) moved pretty fast (same as in games Generation Zero, theHunter:Call of the Wild, both used another game engine though) and then back to normal "speed". Tried to find float value but only one that looks close was static address renderer_rmdwin10_f.dll+7C5AAC which doesn't do anything or idk how to deal with it.
I also tried to run the game in 4k resolution for naturally make lower framerate, which probably should cause that internal float "game speed" value to increase or decrease, but also end up with empty search :)
Well, yeah, i guess slow-mo mode would be cool feature, but we need luck or big patience :D

Upd:
Just, just decided to check around your Pause addresses and found what i was looking for:
[Control_DX12.exe+1167088]+1DB
Game read 1b value at this address so when it "00", game makes pause, when "01", game wont pause. It's VERY useful for me because right now I'm working with visual settings (that I found before, fog amount, anything else that will be "here"...) and it's good when i can see the results immediately, without switching between CE and the game :)

infogram
Noobzor
Noobzor
Posts: 7
Joined: Sun Sep 01, 2019 1:19 pm
Reputation: 12

Re: Control +12 (table Update3)

Post by infogram » Tue Sep 03, 2019 7:07 am

Found a way to unlock all outfits, even works on the unreleased Expedition Gear outfit :)

Image
More details on backside: https://i.imgur.com/xg8AIJx.jpg

Here's the EXE patch I made for it (edit: nonworking, see my next post):
0x1919EF / 0x1401925EF: 8B 4B -> EB 16
If someone wants to add it to their table, I think in CE parlance that should be Control_DX11.exe+0x1925EF? (not sure - I use a patch to keep it at 0x14000.. myself)
Last edited by infogram on Tue Sep 03, 2019 9:35 am, edited 1 time in total.

User avatar
Cielos
RCE Fanatics
RCE Fanatics
Posts: 738
Joined: Fri Mar 03, 2017 4:35 am
Reputation: 1035
Contact:

Re: Control +12 (table Update3)

Post by Cielos » Tue Sep 03, 2019 8:56 am

infogram wrote:
Tue Sep 03, 2019 7:07 am
[...]
thanks~
now I have a good reason to play some more~

EDIT:
just tested.
you need to actually force set the flags instead of just bypass the flag check on the outfit menu load. as there are other places would check the outfit flags as well.
or maybe starting the patched the EXE directly would help set the flags?
anyway, just injected to the address you provided to set the flags did the trick.
thanks a lot!

infogram
Noobzor
Noobzor
Posts: 7
Joined: Sun Sep 01, 2019 1:19 pm
Reputation: 12

Re: Control +12 (table Update3)

Post by infogram » Tue Sep 03, 2019 9:32 am

Cielos wrote:
Tue Sep 03, 2019 8:56 am
thanks~
now I have a good reason to play some more~

EDIT:
just tested.
you need to actually force set the flags instead of just bypass the flag check on the outfit menu load. as there are other places would check the outfit flags as well.
or maybe starting the patched the EXE directly would help set the flags?
anyway, just injected to the address you provided to set the flags did the trick.
thanks a lot!
Ah yeah does seem that the flag needs to be set - I'd set that flag before finding a way to patch it, which is probably why it let me select the outfit and I thought the patch worked, like you said there must be other places that are checking it though...

Put together a different patch which should set that flag for all the outfits when opening the menu, should hopefully work fine with this:
0x1919EF / 0x1401925EF (Control_DX11.exe+0x1925EF):
8B 4B 04 8D 41 01 83 F8 03 0F ->
B8 01 00 00 00 89 43 04 EB 0E

User avatar
Cielos
RCE Fanatics
RCE Fanatics
Posts: 738
Joined: Fri Mar 03, 2017 4:35 am
Reputation: 1035
Contact:

Re: Control +12 (table Update3)

Post by Cielos » Tue Sep 03, 2019 10:15 am

infogram wrote:
Tue Sep 03, 2019 9:32 am
[...]

Ah yeah does seem that the flag needs to be set - I'd set that flag before finding a way to patch it, which is probably why it let me select the outfit and I thought the patch worked, like you said there must be other places that are checking it though...

Put together a different patch which should set that flag for all the outfits when opening the menu, should hopefully work fine with this:
0x1919EF / 0x1401925EF (Control_DX11.exe+0x1925EF):
8B 4B 04 8D 41 01 83 F8 03 0F ->
B8 01 00 00 00 89 43 04 EB 0E
I picked another 2 injection points that would read the flags when accessing the control point at the base.
one used for building the pointers for the outfits' flags, and add them to the address list. one used for a simple script to set all the outfits flag.

I'm writing a script to manipulate the evade/dash distance now. I'll include the outfits' stuff on next table update if you don't mind..

infogram
Noobzor
Noobzor
Posts: 7
Joined: Sun Sep 01, 2019 1:19 pm
Reputation: 12

Re: Control +12 (table Update3)

Post by infogram » Tue Sep 03, 2019 10:35 am

Cielos wrote:
Tue Sep 03, 2019 10:15 am
I picked another 2 injection points that would read the flags when accessing the control point at the base.
one used for building the pointers for the outfits' flags, and add them to the address list. one used for a simple script to set all the outfits flag.

I'm writing a script to manipulate the evade/dash distance now. I'll include the outfits' stuff on next table update if you don't mind..
Ah cool, yeah for sure feel free to add stuff for outfits.

Do you think with your method it'd be possible to choose which outfits to unlock? I know there's probably people that would like to only unlock the ones that can't be found normally (Astral Suit, Expedition Gear), and leave the rest alone to unlock through gameplay.

Not sure how hard adding something like that would be though, IIRC sometimes the game identifies stuff using numbers/hashes instead of using strings... I did see some stuff like OUTFIT_CIVILIAN/OUTFIT_ASSISTANT/etc being written by the function I patched, but I'm not sure where it got those names from.

User avatar
Cielos
RCE Fanatics
RCE Fanatics
Posts: 738
Joined: Fri Mar 03, 2017 4:35 am
Reputation: 1035
Contact:

Re: Control +12 (table Update3)

Post by Cielos » Tue Sep 03, 2019 10:58 am

infogram wrote:
Tue Sep 03, 2019 10:35 am
[...]
Ah cool, yeah for sure feel free to add stuff for outfits.

Do you think with your method it'd be possible to choose which outfits to unlock? I know there's probably people that would like to only unlock the ones that can't be found normally (Astral Suit, Expedition Gear), and leave the rest alone to unlock through gameplay.

Not sure how hard adding something like that would be though, IIRC sometimes the game identifies stuff using numbers/hashes instead of using strings... I did see some stuff like OUTFIT_CIVILIAN/OUTFIT_ASSISTANT/etc being written by the function I patched, but I'm not sure where it got those names from.
the opcodes you altered is in a loop that would read all outfits unlock flag (mov ecx,[rbx+4]).

"Control_DX11.exe"+1925B9: mov rbx,[rcx+50] fetch the the first outfit pointer to rbx.

2 lines below thatL mov eax,[rcx+58] fetch the # of outfits your game have.

then lea rsi,[rbx+rax*8] fetch the last outfit pointer to rsi.

the loop is adding 0x8 bytes to rbx when the loop end until it reaches rsi.

Code: Select all

Control_DX11.exe+1926E1 - add rbx,r13                      //r13: 0x8
Control_DX11.exe+1926E4 - cmp rbx,rsi
Control_DX11.exe+1926E7 - jne Control_DX11.exe+1925EF
so, in short, yes, we can unlock the outfit individually. the simplest way is just adding the pointers to the address list then we can choose which outfit to unlock manually. or writing a script to automate the process. I choose the 1st option~

anyway, the update is finished. going to update the first post now....

EDIT:
done.
Update4
- added evade/dash distance multiplier key.
- added unlock all outfits and the pointers for the outfit unlock flags, based on the findings shared by infogram. so, if you're after outfit cheat, go rep infogram now~
thanks again!

infogram
Noobzor
Noobzor
Posts: 7
Joined: Sun Sep 01, 2019 1:19 pm
Reputation: 12

Re: Control +14 (table Update4)

Post by infogram » Tue Sep 03, 2019 3:26 pm

BTW have you looked at things using d::BaseTweakable? Seems they're like console variables in a way.

There's ones like "Camera:Debug" which don't seem to be used, but then there's ones like "Camera:FPS Camera" which actually do turn it first-person :o

First person is at 0x14118E420 (Control_DX12.exe+0x118E420), 2 bytes, change to 257, too bad the character model is in the way...

There's a ton of these variables too.. over 1500, most actually do seem used, except debug ones which seem to have the code that actually uses them removed...

Maybe some nice things to add to your table there? I dunno, a lot of them do seem pretty boring, maybe worth looking into though.

User avatar
ReActif
Novice Cheater
Novice Cheater
Posts: 18
Joined: Wed Apr 12, 2017 5:58 am
Reputation: 5
Contact:

Re: Control +9 (table Update2)

Post by ReActif » Tue Sep 03, 2019 7:57 pm

Cielos wrote:
Sun Sep 01, 2019 6:37 am
sage3k wrote:
Sun Sep 01, 2019 4:18 am
[...]
I've tried all the button combinations and have not been able to get it working as intended. One thing I did notice, even when the button key for the controller is active, the key bind for the keyboard (shift) still works even when disabled. Thank you so much for your efforts here. Hopefully we can test a bit more and try again?
first, about the shift key, it should work no matter what, as the script was meant to be used for both k+m and controllers.
that said. please try this:
- hook the table to the game as usual, then activate enable script.
- copy and paste the code at the bottom of this post ONTO the table. i.e., highlight an entry in your table, press Ctrl-V. you should see 1 blank entry and 10 named child-entries with 0x00000000 as value.
- now, try pressing and holding different buttons, see if any of them change from zero at all. if so, which entry represent which button.

this is to determine whether the problem lies at the lua keylistener part, or the asm manipulation part.
thanks~

also, do anyone else using xbox controller can confirm if this script works on xbox controller at all?

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>16354</ID>
      <Description>""</Description>
      <LastState Value="" RealAddress="13FBC001D"/>
      <VariableType>Array of byte</VariableType>
      <ByteLength>0</ByteLength>
      <Address>aControllerHotkeyPressed</Address>
      <CheatEntries>
        <CheatEntry>
          <ID>16355</ID>
          <Description>"A Button"</Description>
          <LastState Value="00000000" RealAddress="13FBC001D"/>
          <ShowAsHex>1</ShowAsHex>
          <VariableType>4 Bytes</VariableType>
          <Address>+0*4</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>16356</ID>
          <Description>"B Button"</Description>
          <LastState Value="00000000" RealAddress="13FBC0021"/>
          <ShowAsHex>1</ShowAsHex>
          <VariableType>4 Bytes</VariableType>
          <Address>+1*4</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>16357</ID>
          <Description>"X Button"</Description>
          <LastState Value="00000000" RealAddress="13FBC0025"/>
          <ShowAsHex>1</ShowAsHex>
          <VariableType>4 Bytes</VariableType>
          <Address>+2*4</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>16358</ID>
          <Description>"Y Button"</Description>
          <LastState Value="00000000" RealAddress="13FBC0029"/>
          <ShowAsHex>1</ShowAsHex>
          <VariableType>4 Bytes</VariableType>
          <Address>+3*4</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>16364</ID>
          <Description>"Left shoulder button"</Description>
          <LastState Value="00000000" RealAddress="13FBC002D"/>
          <ShowAsHex>1</ShowAsHex>
          <VariableType>4 Bytes</VariableType>
          <Address>+4*4</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>16363</ID>
          <Description>"Right shoulder button"</Description>
          <LastState Value="00000000" RealAddress="13FBC0031"/>
          <ShowAsHex>1</ShowAsHex>
          <VariableType>4 Bytes</VariableType>
          <Address>+5*4</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>16362</ID>
          <Description>"Left trigger"</Description>
          <LastState Value="00000000" RealAddress="13FBC0035"/>
          <ShowAsHex>1</ShowAsHex>
          <VariableType>4 Bytes</VariableType>
          <Address>+6*4</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>16361</ID>
          <Description>"Right trigger"</Description>
          <LastState Value="00000000" RealAddress="13FBC0039"/>
          <ShowAsHex>1</ShowAsHex>
          <VariableType>4 Bytes</VariableType>
          <Address>+7*4</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>16360</ID>
          <Description>"Left thumb stick down"</Description>
          <LastState Value="00000000" RealAddress="13FBC003D"/>
          <ShowAsHex>1</ShowAsHex>
          <VariableType>4 Bytes</VariableType>
          <Address>+8*4</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>16359</ID>
          <Description>"Right thumb stick down"</Description>
          <LastState Value="00000000" RealAddress="13FBC0041"/>
          <ShowAsHex>1</ShowAsHex>
          <VariableType>4 Bytes</VariableType>
          <Address>+9*4</Address>
        </CheatEntry>
      </CheatEntries>
    </CheatEntry>
  </CheatEntries>
</CheatTable>
Not work for all button for me, with XBox One Controler.

I only have value change for Left and Right Shoulder Button 000000 to 0000FF on use.
All others dont change on use.

So i have select Shoulder button and it work on Xbox One controler, but just this two buttons.

For user dont know how use :
Select so one of two Shoulder
In game, jump and let pressed A, you levitate and go up.
Press the shoulder button dont release it
Spam A (sometime if i dont spam, i go down too quickly)
And when you see go up, release A
You can release Shoulder button when you are where you want.

avunaos
What is cheating?
What is cheating?
Posts: 1
Joined: Tue Sep 03, 2019 9:02 pm
Reputation: 0

Re: Control +14 (table Update4)

Post by avunaos » Tue Sep 03, 2019 9:04 pm

Hi dude, the "Ignore materials" work for crafting mods but don't work for upgrading weapons.
Check out this screenshot, It appears as 5000/25000 source, even if I have over 150k... how to solve this? can I edit the script?
Image

infogram
Noobzor
Noobzor
Posts: 7
Joined: Sun Sep 01, 2019 1:19 pm
Reputation: 12

Re: Control +14 (table Update4)

Post by infogram » Tue Sep 03, 2019 9:40 pm

infogram wrote:
Tue Sep 03, 2019 3:26 pm
First person is at 0x14118E420 (Control_DX12.exe+0x118E420), 2 bytes, change to 257, too bad the character model is in the way...
Aha, figured out how to hide the player model, now the FPS mode works pretty nicely! (er, besides some small things like floating gun model, invisible char during conversations, etc...)

Here's a table for it, you'll have to toggle the "Enable FPS camera" entry before loading a save (on the main menu), so our hook can get run when the game creates the meshes (this also means you won't be able to disable the model-hiding unless you back out to the main menu first)
Maybe there's a way to store the pointer for the model & run the SetVisible function in another thread or something instead, don't really know enough about CE for that though...

If you try it out let me know how it goes, haven't tested it much yet so there'll probably be issues in some places... also if the camera feels too low for you, try adjusting the height to 1.65, feels a lot better with that IMO.

EDIT: Added some FOV options to the table, check the "Enable FOV override" entry and then you can set the FOV override below it.

EDIT2: Ported it to DX11, enjoy!
Attachments
Control_DX11_FPS.CT
(4.36 KiB) Downloaded 35 times
Control_DX12_FPS.CT
(4.37 KiB) Downloaded 69 times

ehdrmfka
What is cheating?
What is cheating?
Posts: 2
Joined: Thu Feb 14, 2019 6:57 am
Reputation: 0

Re: Control +14 (table Update4)

Post by ehdrmfka » Wed Sep 04, 2019 9:32 am


EDIT: Added some FOV options to the table, check the "Enable FOV override" entry and then you can set the FOV override below it.

EDIT2: Ported it to DX11, enjoy!
Good job, Can you include height option to Fov category as well?

User avatar
Uhuru N'Uru
Novice Cheater
Novice Cheater
Posts: 21
Joined: Tue Jan 30, 2018 2:44 pm
Reputation: 4

Re: Control +14 (table Update4)

Post by Uhuru N'Uru » Wed Sep 04, 2019 9:45 am

avunaos wrote:
Tue Sep 03, 2019 9:04 pm
Hi dude, the "Ignore materials" work for crafting mods but don't work for upgrading weapons.
Check out this screenshot, It appears as 5000/25000 source, even if I have over 150k... how to solve this? can I edit the script?
Image
Well I used it to upgrade my weapons, I got what you describe, but that just meant I had to exit the menu (entire CP - Control Point If I remember correctly), them reentering the CP got it working.

Post Reply

Who is online

Users browsing this forum: Agasio, alset85, bigbang20061, eyesblue1988, glyth, Google Adsense [Bot], HEROES, joystick0406, Raijaa, SunBeam