Updated scripts in Squall8's table that require StealthEdit. Bypasses integrity check crashes by recalculating valid hashes. Should work on both CODEX and STEAM version, more importantly the former because StealthEdit is in conflict with CODEX's routines.
There may be a really small chance an integrity check triggers while activating the script before the hash has been updated. To prevent crashing due to this pause the game process using CE before activation and deactivation of any scripts.
Note to table makers:
1. To list all hashed blocks, their offsets and their size, use Lua script below:
for i = 1,#hashTable do
print("Block "..i)
print(string.format("Hash Addr: %X", hashTable[i].offset))
print(string.format("Block Start: %X", hashTable[i].blkStart))
print(string.format("Block End: %X\r\n", hashTable[i].blkStart + hashTable[i].blkSize))
end
2. rehashHelper(...) can be used for searching all affected checksums instead of manually hard coding in the rehash function, but hooks points must all be registered as symbols and must not be unregistered on deactivation. Pass all symbols into the function e.g. rehashHelper("infitemuse1","infitemuse2")
Thanks to @ShyTwig16 for the [Link] module
Doesn't works on CODEX, i just can't select any option
Doesn't works on CODEX, i just can't select any option
Did you execute the Lua script included in the table? Click Table>Show Cheat Table Lua Script>Execute script.
And attach to the game first before toggling [ENABLE].
Updated scripts in Squall8's table that require StealthEdit. Bypasses integrity check crashes by recalculating valid hashes. Should work on both CODEX and STEAM version, more importantly the former because StealthEdit is in conflict with CODEX's routines.
Working fine on CODEX here.
There may be a really small chance an integrity check triggers while activating the script before the hash has been updated. To prevent crashing due to this pause the game process using CE before activation and deactivation of any scripts.
Note to table makers:
1. To list all hashed blocks, their offsets and their size, use Lua script below:
for i = 1,#hashTable do
print("Block "..i)
print(string.format("Hash Addr: %X", hashTable[i].offset))
print(string.format("Block Start: %X", hashTable[i].blkStart))
print(string.format("Block End: %X\r\n", hashTable[i].blkStart + hashTable[i].blkSize))
end
2. rehashHelper(...) can be used for searching all affected checksums instead of manually hard coding in the rehash function, but hooks points must all be registered as symbols and must not be unregistered on deactivation. Pass all symbols into the function e.g. rehashHelper("infitemuse1","infitemuse2")
Thanks to @ShyTwig16 for the [Link] module
Doesn't works on CODEX, i just can't select any option
Updated scripts in Squall8's table that require StealthEdit. Bypasses integrity check crashes by recalculating valid hashes. Should work on both CODEX and STEAM version, more importantly the former because StealthEdit is in conflict with CODEX's routines.
There may be a really small chance an integrity check triggers while activating the script before the hash has been updated. To prevent crashing due to this pause the game process using CE before activation and deactivation of any scripts.
Note to table makers:
1. To list all hashed blocks, their offsets and their size, use Lua script below:
for i = 1,#hashTable do
print("Block "..i)
print(string.format("Hash Addr: %X", hashTable[i].offset))
print(string.format("Block Start: %X", hashTable[i].blkStart))
print(string.format("Block End: %X\r\n", hashTable[i].blkStart + hashTable[i].blkSize))
end
2. rehashHelper(...) can be used for searching all affected checksums instead of manually hard coding in the rehash function, but hooks points must all be registered as symbols and must not be unregistered on deactivation. Pass all symbols into the function e.g. rehashHelper("infitemuse1","infitemuse2")
Thanks to @ShyTwig16 for the [Link] module
Good work!
But it seems there are 2 mismatched hash entry though. Maybe there is an error in the hash computation?
[ENABLE]
{$lua}
if syntaxcheck then return end
function computeHash(hashBlock)
local initVector = 0x10AB36B6C49A6F8E
local startAddr = baseAddr + hashBlock.blkStart
local inDWord
local hash = initVector
local LSFBit
for i = 0,(hashBlock.blkSize / 4) - 1 do
inDWord = readInteger(startAddr + i * 4)
hash = ((hash | inDWord) & ~(hash & inDWord))
LSFBit = (~hash + 1) & 1
if (hash >> 63) == 0 then
hash = hash & ~1
else
hash = hash | 1
end
hash = (hash >> 1) | (hash << 63)
hash = ~(~hash | 0x8000000000000000)
hash = hash | (0x8000000000000000 * LSFBit)
end
return hash
end
baseAddr = getAddress("MonsterHunterWorld.exe")
if baseAddr == 0 then
messageDialog("Attach to game process first!", mtError, mbOK)
error()
end
hashTable = {}
local curOffset = 0x2E25690
local i = 1
fullAccess(baseAddr + curOffset, 0x1190)
while true do
local nextOffset = readQword(baseAddr+curOffset + 0x38)
local hash = readQword(baseAddr + curOffset + 0x0)
local start = readQword(baseAddr + curOffset + 0x08)
local size = readQword(baseAddr + curOffset + 0x10)
hashTable[i] = {}
hashTable[i].offset = curOffset
hashTable[i].blkStart = start
hashTable[i].blkSize = size
local trueHash = computeHash(hashTable[i])
local str = string.format("%X:\tStart=%X\tSize=%X\tHash=%X\tTrue Hash=%X",i,start,size,hash,trueHash)
if (hash ~= trueHash)then
str = str .. "\t[Hash Mismatch]"
end
print(str)
i = i + 1
if nextOffset < curOffset then break
else curOffset = nextOffset end
end
[DISABLE]
{$lua}
if syntaxcheck then return end
Updated scripts in Squall8's table that require StealthEdit. Bypasses integrity check crashes by recalculating valid hashes. Should work on both CODEX and STEAM version, more importantly the former because StealthEdit is in conflict with CODEX's routines.
There may be a really small chance an integrity check triggers while activating the script before the hash has been updated. To prevent crashing due to this pause the game process using CE before activation and deactivation of any scripts.
Note to table makers:
1. To list all hashed blocks, their offsets and their size, use Lua script below:
for i = 1,#hashTable do
print("Block "..i)
print(string.format("Hash Addr: %X", hashTable[i].offset))
print(string.format("Block Start: %X", hashTable[i].blkStart))
print(string.format("Block End: %X\r\n", hashTable[i].blkStart + hashTable[i].blkSize))
end
2. rehashHelper(...) can be used for searching all affected checksums instead of manually hard coding in the rehash function, but hooks points must all be registered as symbols and must not be unregistered on deactivation. Pass all symbols into the function e.g. rehashHelper("infitemuse1","infitemuse2")
Thanks to @ShyTwig16 for the [Link] module
Good work!
But it seems there are 2 mismatched hash entry though. Maybe there is an error in the hash computation?
[ENABLE]
{$lua}
if syntaxcheck then return end
function computeHash(hashBlock)
local initVector = 0x10AB36B6C49A6F8E
local startAddr = baseAddr + hashBlock.blkStart
local inDWord
local hash = initVector
local LSFBit
for i = 0,(hashBlock.blkSize / 4) - 1 do
inDWord = readInteger(startAddr + i * 4)
hash = ((hash | inDWord) & ~(hash & inDWord))
LSFBit = (~hash + 1) & 1
if (hash >> 63) == 0 then
hash = hash & ~1
else
hash = hash | 1
end
hash = (hash >> 1) | (hash << 63)
hash = ~(~hash | 0x8000000000000000)
hash = hash | (0x8000000000000000 * LSFBit)
end
return hash
end
baseAddr = getAddress("MonsterHunterWorld.exe")
if baseAddr == 0 then
messageDialog("Attach to game process first!", mtError, mbOK)
error()
end
hashTable = {}
local curOffset = 0x2E25690
local i = 1
fullAccess(baseAddr + curOffset, 0x1190)
while true do
local nextOffset = readQword(baseAddr+curOffset + 0x38)
local hash = readQword(baseAddr + curOffset + 0x0)
local start = readQword(baseAddr + curOffset + 0x08)
local size = readQword(baseAddr + curOffset + 0x10)
hashTable[i] = {}
hashTable[i].offset = curOffset
hashTable[i].blkStart = start
hashTable[i].blkSize = size
local trueHash = computeHash(hashTable[i])
local str = string.format("%X:\tStart=%X\tSize=%X\tHash=%X\tTrue Hash=%X",i,start,size,hash,trueHash)
if (hash ~= trueHash)then
str = str .. "\t[Hash Mismatch]"
end
print(str)
i = i + 1
if nextOffset < curOffset then break
else curOffset = nextOffset end
end
[DISABLE]
{$lua}
if syntaxcheck then return end
Yeah, I know about that, and I did look into it before. If I am right, the memory block containing all the hashes is checked by hash 3, but there are some skips here and there, probably the hashes themselves are skipped. But there is also some peculiarity about the hashing algorithm in that because it is ORing the bytes read in, some values will reset the hash, forgoing any traces of previous bytes hashed, e.g. 0xFFFFFFFF or 0xCCCCCCCC. So it might be because the hashes themselves were checked and then the hash got reset. Anyway, it doesn't seemed like changing the other hashes affected hash number 3, but if you want to calculate out hash 3, use 0xD3C78A32441B92D9 as the initialization vector, 0x2E26820 as the starting offset, and 0xA933E0 as the size.
EDIT: I wouldn't exactly call them skips but the hashing routines for that entire block is split up separately, so before 0x2E26820 is somewhere and after is elsewhere. The routine after is still the same, but I didn't bother reversing the one before. I am 80% sure the block with the hashes are checked for integrity and as I said the hash probably got reset.
EDIT2: Ok, I looked into it some more, the hash metadata themselves are skipped. Block 3 still uses the initialization vector of 0x10AB36B6C49A6F8E, starts hashing from +0x2A55D30 until +2E25690 where the first hash metadata starts. Then it hashes the 0x10 bytes at +0x2E25810 "steam_api64.dll." then skips the remaining metadata. The hash at this stage will be the 0xD3C78A32441B92D9 above. It then continues hashing from +0x2E26820.
Last edited by predprey on Mon Dec 17, 2018 11:02 pm, edited 1 time in total.
So i downloaded the SE zip and extracted them in the plugins folder, do i need the files to be all together in a folder or is it fine that i just put them all in the plugins folder as is when i extracted them? I ask because it doesnt seem to work and i dont know what to right click and use the stealth edit.