Hi, not really a professional with game-hacking or assembly or anything, (in fact, I hardly know anything but the basics...) but I put together two things I needed, and thought I'd share in case someone else wanted them. First is a script that finds the current amount of inventory spaces used (for materials ONLY) when you perform a variety of actions, with the simplest probably being just opening your inventory. You can set the value to whatever you want, and the game will remember it (i.e., you can have 50 items, set it to one, pick up another item, and it'll continue counting up from 1), or you can just freeze it. The second script finds the amount of time you've spent in a hunting trial (Tested it in the first hunting trial area, as that's all I've been to.) You can then either just freeze it, or set it to whatever you want so you can breeze through your trials. Hope they both work!
Code: Select all
<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
<CheatEntries>
<CheatEntry>
<ID>3</ID>
<Description>"Find Inventory"</Description>
<Options moHideChildren="1"/>
<LastState/>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>{ Game : HorizonZeroDawn.exe
Version:
Date : 2020-08-08
Author : Oridjinn
This script does blah blah blah
}
[ENABLE]
aobscanmodule(INJECT,HorizonZeroDawn.exe,41 8B 46 6C 89 44 24 3C) // should be unique
alloc(newmem,$1000,"HorizonZeroDawn.exe"+1539249)
alloc(InvPoint,8)
registersymbol(InvPoint)
label(code)
label(return)
newmem:
code:
push rax
mov rax,InvPoint
mov [rax],r14
pop rax
mov eax,[r14+6C]
mov [rsp+3C],eax
jmp return
INJECT:
jmp newmem
nop 3
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db 41 8B 46 6C 89 44 24 3C
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "HorizonZeroDawn.exe"+1539249
"HorizonZeroDawn.exe"+1539221: 41 8B 46 58 - mov eax,[r14+58]
"HorizonZeroDawn.exe"+1539225: 89 44 24 28 - mov [rsp+28],eax
"HorizonZeroDawn.exe"+1539229: 41 8B 46 5C - mov eax,[r14+5C]
"HorizonZeroDawn.exe"+153922D: 89 44 24 2C - mov [rsp+2C],eax
"HorizonZeroDawn.exe"+1539231: 41 8B 46 60 - mov eax,[r14+60]
"HorizonZeroDawn.exe"+1539235: 89 44 24 30 - mov [rsp+30],eax
"HorizonZeroDawn.exe"+1539239: 41 8B 46 64 - mov eax,[r14+64]
"HorizonZeroDawn.exe"+153923D: 89 44 24 34 - mov [rsp+34],eax
"HorizonZeroDawn.exe"+1539241: 41 8B 46 68 - mov eax,[r14+68]
"HorizonZeroDawn.exe"+1539245: 89 44 24 38 - mov [rsp+38],eax
// ---------- INJECTING HERE ----------
"HorizonZeroDawn.exe"+1539249: 41 8B 46 6C - mov eax,[r14+6C]
"HorizonZeroDawn.exe"+153924D: 89 44 24 3C - mov [rsp+3C],eax
// ---------- DONE INJECTING ----------
"HorizonZeroDawn.exe"+1539251: 41 8B 46 70 - mov eax,[r14+70]
"HorizonZeroDawn.exe"+1539255: 89 44 24 40 - mov [rsp+40],eax
"HorizonZeroDawn.exe"+1539259: 41 8B 46 74 - mov eax,[r14+74]
"HorizonZeroDawn.exe"+153925D: 89 44 24 44 - mov [rsp+44],eax
"HorizonZeroDawn.exe"+1539261: 48 85 DB - test rbx,rbx
"HorizonZeroDawn.exe"+1539264: 74 66 - je HorizonZeroDawn.exe+15392CC
"HorizonZeroDawn.exe"+1539266: 48 8B 43 30 - mov rax,[rbx+30]
"HorizonZeroDawn.exe"+153926A: 48 85 C0 - test rax,rax
"HorizonZeroDawn.exe"+153926D: 74 5D - je HorizonZeroDawn.exe+15392CC
"HorizonZeroDawn.exe"+153926F: 48 8B 70 30 - mov rsi,[rax+30]
}
</AssemblerScript>
<CheatEntries>
<CheatEntry>
<ID>4</ID>
<Description>"Inventory Space"</Description>
<LastState Value="49" RealAddress="153A2D8B4FC"/>
<VariableType>4 Bytes</VariableType>
<Address>InvPoint</Address>
<Offsets>
<Offset>6C</Offset>
</Offsets>
</CheatEntry>
</CheatEntries>
</CheatEntry>
<CheatEntry>
<ID>10</ID>
<Description>"Find Hunting Timer"</Description>
<Options moHideChildren="1"/>
<LastState/>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>{ Game : HorizonZeroDawn.exe
Version:
Date : 2020-08-08
Author : Oridjinn
This script does blah blah blah
}
[ENABLE]
aobscanmodule(HuntingTimer,HorizonZeroDawn.exe,C5 FA 11 41 1C 84 C0 75 72) // should be unique
alloc(newmem,$1000,"HorizonZeroDawn.exe"+B78502)
alloc(HuntTime,8)
registersymbol(HuntTime)
label(code)
label(return)
newmem:
code:
push rax
mov rax,HuntTime
mov [rax],rcx
pop rax
vmovss [rcx+1C],xmm0
jmp return
HuntingTimer:
jmp newmem
return:
registersymbol(HuntingTimer)
[DISABLE]
HuntingTimer:
db C5 FA 11 41 1C
unregistersymbol(HuntingTimer)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "HorizonZeroDawn.exe"+B78502
"HorizonZeroDawn.exe"+B784D5: 4C 8D 35 3C 9A 1A 01 - lea r14,[HorizonZeroDawn.exe+1D21F18]
"HorizonZeroDawn.exe"+B784DC: 0F 1F 40 00 - nop dword ptr [rax+00]
"HorizonZeroDawn.exe"+B784E0: 48 8B 3E - mov rdi,[rsi]
"HorizonZeroDawn.exe"+B784E3: 48 8B 4F 20 - mov rcx,[rdi+20]
"HorizonZeroDawn.exe"+B784E7: 80 79 10 00 - cmp byte ptr [rcx+10],00
"HorizonZeroDawn.exe"+B784EB: 0F 84 8C 00 00 00 - je HorizonZeroDawn.exe+B7857D
"HorizonZeroDawn.exe"+B784F1: C5 FA 10 41 1C - vmovss xmm0,[rcx+1C]
"HorizonZeroDawn.exe"+B784F6: C5 F8 2F 41 14 - vcomiss xmm0,xmm0,[rcx+14]
"HorizonZeroDawn.exe"+B784FB: C5 FA 58 C6 - vaddss xmm0,xmm0,xmm6
"HorizonZeroDawn.exe"+B784FF: 0F 93 C0 - setae al
// ---------- INJECTING HERE ----------
"HorizonZeroDawn.exe"+B78502: C5 FA 11 41 1C - vmovss [rcx+1C],xmm0
// ---------- DONE INJECTING ----------
"HorizonZeroDawn.exe"+B78507: 84 C0 - test al,al
"HorizonZeroDawn.exe"+B78509: 75 72 - jne HorizonZeroDawn.exe+B7857D
"HorizonZeroDawn.exe"+B7850B: 48 8B 47 20 - mov rax,[rdi+20]
"HorizonZeroDawn.exe"+B7850F: C5 FA 10 40 1C - vmovss xmm0,[rax+1C]
"HorizonZeroDawn.exe"+B78514: C5 F8 2F 40 14 - vcomiss xmm0,xmm0,[rax+14]
"HorizonZeroDawn.exe"+B78519: 72 62 - jb HorizonZeroDawn.exe+B7857D
"HorizonZeroDawn.exe"+B7851B: 80 7F 34 00 - cmp byte ptr [rdi+34],00
"HorizonZeroDawn.exe"+B7851F: 74 06 - je HorizonZeroDawn.exe+B78527
"HorizonZeroDawn.exe"+B78521: 80 7F 35 00 - cmp byte ptr [rdi+35],00
"HorizonZeroDawn.exe"+B78525: 75 0E - jne HorizonZeroDawn.exe+B78535
}
</AssemblerScript>
<CheatEntries>
<CheatEntry>
<ID>11</ID>
<Description>"No description"</Description>
<LastState Value="10.71066475" RealAddress="14E1508569C"/>
<VariableType>Float</VariableType>
<Address>HuntTime</Address>
<Offsets>
<Offset>1C</Offset>
</Offsets>
</CheatEntry>
</CheatEntries>
</CheatEntry>
</CheatEntries>
</CheatTable>