Far Cry New Dawn - table v: 1.0.13 CT

Upload your cheat tables here (No requests)
Post Reply
UltimatePoto42
Expert Cheater
Expert Cheater
Posts: 125
Joined: Tue May 02, 2017 6:00 am
Reputation: 15

Far Cry New Dawn - table v: 1.0.13 CT

Post by UltimatePoto42 »

RETIRED - Get Sunbeam's awesome cheat table - viewtopic.php?t=8714

Far Cry New Dawn - table v: 1.0.13 CT
Game Name: Far Cry New Dawn
Game Vendor: Steam
Game Version: 1.0.5
Game Process: FarCryNewDawn.exe
Game File Version: 1.0.0.0


Made by
SunBeam
gir489
russk
l0wb1t
Private William Hudson


Features:
Features
  • I2CETState
    Saves and loads table state (i.e.: what memory records are enabled).
    Any address with a description starting with "AUTO SET:" will have value and frozen state saved.
    Uses named states (i.e.: 'default', 'testState', or 'SuperCheated'), if no name is given then 'default' is used.
    • Save Table State: Default
    • Save Table State: Casual
    • Save Table State: Full
    • Save Table State: Test
      ---------------------------
    • Load Table State: None
    • Load Table State: Default
    • Load Table State: Casual
    • Load Table State: Full
    • Load Table State: Test
    ========================================
  • I2CETeleporter
    • Save Name
    • Save Location
    • Teleport To: Save (Save Name)
    • Teleport To: Waypoint
    • Teleport To: Waypoint (Air Drop)
    • Teleport To: Random Vehicle
    • Teleport To: Last Shot (Bullet Coordinates) { l0wb1t }
    • Teleport: Back
    • Saves
    • Helpers - I2CETeleporter
    • Debug - I2CETeleporter
  • Time
    • Sync with Real Time
    • Time Never Stops
    • Time Scale Hook
      • Multiplier
    • Time Setters
      • +30 minutes
      • +1 hour
      • +3 hour
      • +6 hour
      • +12 hour
        --------------------------------------------------
      • Set to: 12 a.m. (0000)
      • Set to: 3 a.m. (0300)
      • Set to: 6 a.m. (0600)
      • Set to: 9 a.m. (0900)
      • Set to: 12 p.m. (1200)
      • Set to: 3 p.m. (1500)
      • Set to: 6 p.m. (1800)
      • Set to: 9 p.m. (2100)
        --------------------------------------------------
    • Time Of Day (Seconds) : 00, 03, 06, 09, 12, 15, 18, 21
    --------------------------------------------------
  • Health Dec. Hook
    • Flag : Disabled, Infinite Health, Decrease Multiplier
      • Decrease Multiplier
    • No Fall Damage : Disabled, Enabled
  • Stamina Wrt. Hook
    • Decrease Flag : Disabled, Infinite Stamina, Decrease Multiplier
      • Decrease Multiplier
    • Increase Flag : Disabled, Instant Fill, Increase Multiplier
      • Increase Multiplier
  • Oxygen Dec. Hook
    • Flag : Disabled, Infinite Oxygen, Decrease Multiplier
      • Decrease Multiplier
  • Eden's Gift Dec. Hook
    • Flag : Disabled, Infinite Eden's Gift, Decrease Multiplier
      • Decrease Multiplier
    --------------------------------------------------
  • Stealth { russk }
  • Super Speed
    • Multiplier
  • Super Jump
    • Multiplier
    --------------------------------------------------
  • Combatant Health Dec. Hook
    • Flag : Disabled, One Hit Kill, Decrease Multiplier
      • Decrease Multiplier
    --------------------------------------------------
  • Infinite Resources { SunBeam }
  • Ammo Pickup & Crafting Multiplier
    • Multiplier
  • Item Cap. Multiplier
    • Multiplier
    --------------------------------------------------
  • No Reload
  • No Spread
  • No Recoil { gir489 }
  • No Sway
  • No Turret Heat
  • Infinite Melee Weapon Durability
  • Zoom Multiplier Hook
    • Multiplier
    --------------------------------------------------
  • Instant Lock Cut
  • Instant Action Hold
    • Delay
  • Respawn Bypass { SunBeam }
  • Enemy Health Bars { l0wb1t }
  • No Civilian Kill Penalty { l0wb1t }
  • Visible Icon Distance Hook { l0wb1t }
    • Max. Distance
    --------------------------------------------------
  • Vehicle Health Dec. Hook { l0wb1t }
    • Player Vehicle Flag : Disabled, Infinite Health, Damage Multiplier, One Hit Kills
      • Damage Multiplier
    • Other Vehicle Flag : Disabled, Infinite Health, Damage Multiplier, One Hit Kills
      • Damage Multiplier
  • Instant Vehicle Repair
  • Aircraft: Infinite Rockets
    --------------------------------------------------
  • Process Quest Reward Hook { SunBeam }
    • Multiplier
  • Set Pick-Up Quantity { SunBeam }
    • Unit Quantity
    • Stack Quantity
  • Free Perk Points { SunBeam }
General Helper Scripts:
  • Fill Health
  • Fill Stamina
  • Fill Oxygen
  • Fill Wrath
    --------------------------------------------------
  • Big Ups : +300
  • Big Ups : =800
Other Features:
  • Auto Table Updater
  • Auto Attach to process
  • Simple Logger (with levels)
  • Debug Section:
    • Helpers:
      • Print Game Module Info
      • Print Game Module Version
      • Enable Compact Mode
      • Disable Compact Mode
    • All hooks have their own section, check scripts for real hook names.
Versions:
Table Versions Info
  • v 1.0.1: Initial release
  • v 1.0.2:
    Added "Infinite Melee Weapon Durability".
    Fixed "I2CETeleporter" memory allocation on reattach.
  • v 1.0.3:
    Added:
    • Infinite Resources { @SunBeam }
    • Ammo Pickup & Crafting Multiplier (Based on @SunBeam 's findings.)
    • Item Cap. Multiplier (Based on @SunBeam 's findings.)
  • v 1.0.4:
    Added:
    • Instant Vehicle Repair
    Fixed:
    • Ammo Pickup & Crafting Multiplier
  • v 1.0.5:
    Added:
    • Zoom Hook
    • Respawn Bypass { @SunBeam }
    • No Fall Damage
  • v 1.0.6: Updated Table for game version "1.0.4"
  • v 1.0.7: Added: "Enemy Health Bars { @l0wb1t }"
  • v 1.0.8: Added: "Teleport To: Last Shot (Bullet Coordinates) { @l0wb1t }" in "I2CETeleporter".
    And updated Lua modules.
  • v 1.0.9: "Vehicle Health Hook" changed to "Vehicle Health Dec. Hook { @l0wb1t }" and now has flags for player vehicle only effects.
  • v 1.0.10: Updated Table for game version "1.0.5"
  • v 1.0.11:
    Added:
    • No Civilian Kill Penalty { @l0wb1t }
    • Visible Icon Distance Hook { @l0wb1t }
  • v 1.0.12:
    • Changed: Infinite Health, No Fall Damage -> Health Dec. Hook
    • Changed: Infinite Stamina -> Stamina Wrt. Hook
    • Changed: Infinite Oxygen -> Oxygen Dec. Hook
    • Changed: Infinite Wrath -> Eden's Gift Dec. Hook
    • Changed: One Hit Kills -> Combatant health Dec. Hook
  • v 1.0.13: Updated Lua modules.
Current Table:



Errors and Bugs:
Errors and Bugs, follow these steps
  1. [Link]
  2. Open CE and open the settings window (Edit -> Settings).
    Then check that you are allowing Lua scripts to run, you can select any one of the three shown here.
    [Link]
  3. Click Ok and then close CE.
  4. Start the game.
  5. Open the CE table file by double clicking it.
    Give the table a second to load, run the Lua scripts, and attach to the game.
    • [Link], if not auto attached.
  6. Print the game module infromation.
    [Link]
  7. Set the Logger level to "Debug".
    [Link]
  8. Activate the "Main Hooks".
    [Link]
    Activate any of the scripts/hooks that you wish to use.
    You can also load the table state "test".
  9. If error is during deactivation of scripts, then deactivate all scripts.
    You can load the table state "none".
  10. Copy all the output text of the CE's "Lua Engine" window.
    [Link]
  11. Post the output text here in side code blocks. i.e. [code][/code]
    [Link]
If you find anything you want to know more about how it works (the Lua stuff, or any of the AA scripts), just let me know.
For editing/updating
Just extract the CEA table files in to a folder named "ceaFiles" for running local files instead of the table files.
See this Lua extension with helper tools for extracting the table files into folders used by my Lua modules:
Older Table Versions:

How to use this cheat table?
  1. Install Cheat Engine
  2. Double-click the .CT file in order to open it.
  3. Click the PC icon in Cheat Engine in order to select the game process.
  4. Keep the list.
  5. Activate the trainer options by checking boxes or setting values from 0 to 1

User avatar
vosszaa
Expert Cheater
Expert Cheater
Posts: 501
Joined: Sat Jun 17, 2017 1:46 pm
Reputation: 317

Re: Far Cry New Dawn - table v: 1.0.1 CT

Post by vosszaa »

Image

swizzledizzle
Noobzor
Noobzor
Posts: 8
Joined: Sat Feb 16, 2019 9:04 am
Reputation: 0

Re: Far Cry New Dawn - table v: 1.0.1 CT

Post by swizzledizzle »

wow, incredible work.

TimFun13
Expert Cheater
Expert Cheater
Posts: 1354
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 6

Re: Far Cry New Dawn - table v: 1.0.2 CT

Post by TimFun13 »

Table Updated:
  • v 1.0.2:
    Added "Infinite Melee Weapon Durability".
    Fixed "I2CETeleporter" memory allocation on reattach.

User avatar
SunBeam
Administration
Administration
Posts: 4702
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 4285

Re: Far Cry New Dawn - table v: 1.0.2 CT

Post by SunBeam »

I can tell you need at least 1 major fix on next release ;) And can say this without looking at the actual table :) Do this for me - - enable Super Speed and: kill your ally, revive him/it - - see how the animation runs; even better, find a grappling point and E on it - - see how that goes :D Been meaning to script-fix this, pretty much like I did in Far Cry Primal, if I recall :) Lemme fetch the stuff.

No idea if the trainers out really tackle this issue; if not, it's what you've read in Cal's post - - no time == lesser quality (although he said he does focus on quality; no idea if he hinted on the "new" trainer looks, whose design is 'borrowed' from other application WE know of). Good thing the folk who like quality and have almost no time as well (we too have jobs) can provide those for free, at the expense of their egos or arrogance.

Sure, an on/off switch is always the "quick fix" to get past this nuisance, but then again, you get shit in life for not going the extra mile ;)

EDIT: This is what happens when you grapple:

Code: Select all

FC_m64.dll+E521260 - 48 8B 81 D02A0000     - mov rax,[rcx+00002AD0] // rcx == CPawn
FC_m64.dll+E521267 - 0FB6 80 83030000      - movzx eax,byte ptr [rax+00000383]
FC_m64.dll+E52126E - C3                    - ret 

- if 0x1, we're attached to grappling hook

**

FC_m64.dll+E51D4B0 - 48 8B 81 D02A0000     - mov rax,[rcx+00002AD0] // rcx == CPawn
FC_m64.dll+E51D4B7 - 0FB6 80 A9010000      - movzx eax,byte ptr [rax+000001A9]
FC_m64.dll+E51D4BE - C0 E8 02              - shr al,02 { 2 }
FC_m64.dll+E51D4C1 - 24 01                 - and al,01 { 1 }
FC_m64.dll+E51D4C3 - C3                    - ret 

- if 0x4, we're attached to grappling hook

**

FC_m64.dll+EF4D33A - 48 8D 8F E8010000     - lea rcx,[rdi+000001E8] // rdi == pCPawnPlayer
..
FC_m64.dll+EF4D3E0 - 44 88 B3 38010000     - mov [rbx+00000138],r14l

**

FC_m64.dll+EF4D15D - 4C 89 F9              - mov rcx,r15 // r15 == CPawn
FC_m64.dll+EF4D160 - E8 7B3DBBF2           - call FC_m64.dll+1B00EE0 // ->
->
FC_m64.dll+E507A70 - 48 8B 81 D02A0000     - mov rax,[rcx+00002AD0] // rcx == CPawn
FC_m64.dll+E507A77 - 48 05 A0010000        - add rax,000001A0 { 416 }
FC_m64.dll+E507A7D - C3                    - ret 
->
FC_m64.dll+EF4D168 - C6 80 E3010000 01     - mov byte ptr [rax+000001E3],01 { 1 }
Use one of the events above to disable Super Speed (or use normal 1.0 float) when attached ;) The pointer names are references to the ones I use in my table.

BR,
Sun

EDIT: Fix posted in my table, here: viewtopic.php?p=78717#p78717.

TimFun13
Expert Cheater
Expert Cheater
Posts: 1354
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 6

Re: Far Cry New Dawn - table v: 1.0.2 CT

Post by TimFun13 »

SunBeam wrote:
Mon Feb 18, 2019 10:31 am
I can tell you need at least 1 major fix on next release ;) And can say this without looking at the actual table :) Do this for me - - enable Super Speed and: kill your ally, revive him/it - - see how the animation runs; even better, find a grappling point and E on it - - see how that goes :D Been meaning to script-fix this, pretty much like I did in Far Cry Primal, if I recall :) Lemme fetch the stuff.

No idea if the trainers out really tackle this issue; if not, it's what you've read in Cal's post - - no time == lesser quality (although he said he does focus on quality; no idea if he hinted on the "new" trainer looks, whose design is 'borrowed' from other application WE know of). Good thing the folk who like quality and have almost no time as well (we too have jobs) can provide those for free, at the expense of their egos or arrogance.

Sure, an on/off switch is always the "quick fix" to get past this nuisance, but then again, you get shit in life for not going the extra mile ;)

EDIT: This is what happens when you grapple:

Code: Select all

FC_m64.dll+E521260 - 48 8B 81 D02A0000     - mov rax,[rcx+00002AD0] // rcx == CPawn
FC_m64.dll+E521267 - 0FB6 80 83030000      - movzx eax,byte ptr [rax+00000383]
FC_m64.dll+E52126E - C3                    - ret 

- if 0x1, we're attached to grappling hook

**

FC_m64.dll+E51D4B0 - 48 8B 81 D02A0000     - mov rax,[rcx+00002AD0] // rcx == CPawn
FC_m64.dll+E51D4B7 - 0FB6 80 A9010000      - movzx eax,byte ptr [rax+000001A9]
FC_m64.dll+E51D4BE - C0 E8 02              - shr al,02 { 2 }
FC_m64.dll+E51D4C1 - 24 01                 - and al,01 { 1 }
FC_m64.dll+E51D4C3 - C3                    - ret 

- if 0x4, we're attached to grappling hook

**

FC_m64.dll+EF4D33A - 48 8D 8F E8010000     - lea rcx,[rdi+000001E8] // rdi == pCPawnPlayer
..
FC_m64.dll+EF4D3E0 - 44 88 B3 38010000     - mov [rbx+00000138],r14l

**

FC_m64.dll+EF4D15D - 4C 89 F9              - mov rcx,r15 // r15 == CPawn
FC_m64.dll+EF4D160 - E8 7B3DBBF2           - call FC_m64.dll+1B00EE0 // ->
->
FC_m64.dll+E507A70 - 48 8B 81 D02A0000     - mov rax,[rcx+00002AD0] // rcx == CPawn
FC_m64.dll+E507A77 - 48 05 A0010000        - add rax,000001A0 { 416 }
FC_m64.dll+E507A7D - C3                    - ret 
->
FC_m64.dll+EF4D168 - C6 80 E3010000 01     - mov byte ptr [rax+000001E3],01 { 1 }
Use one of the events above to disable Super Speed (or use normal 1.0 float) when attached ;) The pointer names are references to the ones I use in my table.

BR,
Sun

EDIT: Fix posted in my table, here: viewtopic.php?p=78717#p78717.
It was that way for FC4 for me too, go to grapple and get launched across the map.
I found a random byte that seems to work, kind of a "is not grappling". But it's just a byte I scanned for the seems to always be 0 when grappling; it actually is in between the speed and jump variables (at +774). What gets me is how the speed values change, even when I don't write to the values; had to use my own "default" values to insure they aren't modified when grappling.

SunBeam are you able to break and trace the crypto functions with CE, I just get a weird and unbalanced loop of a function and it never returns properly; I'm using the VEH debugger, think I might try kernel mode.

User avatar
SunBeam
Administration
Administration
Posts: 4702
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 4285

Re: Far Cry New Dawn - table v: 1.0.2 CT

Post by SunBeam »

The tracer work properly with virtualization loops :) It's what I can tell you. It's normal for the loops to be huge, as that's how the VM works :) The returns you mention though are not supposed to always be clean code (ASM that you'd recognize). The loops exit out to VM handlers; these handlers are also spaghetti code (usually a push + jmp/ret) leading to another loop. And so on. You'd have to increase the break'n'trace instructions count so that the trace doesn't break. I suggest doing one VM branch at a time; noting down the return address; repeat into the new handler. And so on. At some point you will exit VMProtect code into regular ASM (I really hope Ubisoft didn't virtualize child functions as well).

Now.. regarding "crypto functions" - - just want to clear the air a bit, cuz everyone that I can see referencing this seems to blow shit out of proportions addressing it like that. I've seen Cal post on CH as well that the "game uses heavy crypto".. Well.. it's the default VMProtect virtualization option you can see in the last 3 pictures here: [Link]. Nothing special about it, aside from the fact that EACH VM IS UNIQUE. Having said that, I can understand why you may think it's heavy crypto or that the code changes..

The mere fact that a VM runs a pseudo-form of that function's ASM code DOESN'T MEAN 'HEAVY CRYPTO'. In general, not being able to tell what some obfuscated or virtualized function does, combined with "ah, to hell with it, why do I need to determine what it does anyway?" leads to assumptions. Were it for someone to hand them a VM interpreter, people wouldn't be so clueless and act like that.. cuz, hey, even with a pseudo representation, you'd get what's going on, right? Patching it would be something different, though.

Bottom line - - Denuvo uses VMProtect; VMProtect provides the ability to custom-mark functions for additional virtualizing/mutation: [Link].

As such, let's try not make public statements about things we either don't know or are willing to study a bit more. And am talking to Cal here. Misinforming people on the inner works of a certain functionality, just cuz you don't have the time to learn what it really does, seems to be a bad trait of yours. The user-population is so gullible and would believe almost anything pompous you throw at them, thus you get to badly educate them, while superficially gaining some praises "cuz you know stuff".

Hope this blows out all of the shallow interest people give to the subject.

BR,
Sun

User avatar
SunBeam
Administration
Administration
Posts: 4702
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 4285

Re: Far Cry New Dawn - table v: 1.0.2 CT

Post by SunBeam »

@ShyTwig16: Just got past the middle of the map, on my way to J. Joseph, not Jesus :D Stopped for a bit on that bridge after igniting the first flame. And decided to take a look at what you said. Placed two well-known breakpoints for me:

Code: Select all

FC_m64.dll+F853A5F - 48 89 C1              - mov rcx,rax // check EDX for the amount
FC_m64.dll+F853A62 - 41 FF 90 48010000     - call qword ptr [r8+00000148]
and

Code: Select all

FC_m64.dll+F8F315D - 89 CB                 - mov ebx,ecx // check ECX for the amount
FC_m64.dll+F8F315F - 4C 8D 4D 38           - lea r9,[rbp+38]
FC_m64.dll+F8F3163 - 89 5D 38              - mov [rbp+38],ebx
FC_m64.dll+F8F3166 - 4C 8D 05 73230AF2     - lea r8,[FC_m64.dll+19954E0]
FC_m64.dll+F8F316D - 48 89 F9              - mov rcx,rdi
FC_m64.dll+F8F3170 - 48 8D 55 30           - lea rdx,[rbp+30]
FC_m64.dll+F8F3174 - E8 570076F4           - call FC_m64.dll+40531D0
Well.. when you craft incendiary throwables (like the Molotov, for example), those two spots break. What's nice though is back-tracing 2-3 CALLs out you get to this spot:

Code: Select all

00007FFE91EED992 | 48:8B07             | MOV RAX,QWORD PTR DS:[RDI]          |
00007FFE91EED995 | 41:B9 0C000000      | MOV R9D,C                           |
00007FFE91EED99B | 48:8B55 58          | MOV RDX,QWORD PTR SS:[RBP+58]       | <-- hash (0x0020073983021337 for Molotov)
00007FFE91EED99F | 48:89F9             | MOV RCX,RDI                         |
00007FFE91EED9A2 | 45:8D41 F5          | LEA R8D,QWORD PTR DS:[R9-B]         | <-- amount; always 0x1
00007FFE91EED9A6 | FF90 50010000       | CALL QWORD PTR DS:[RAX+150]         | <-- write
00007FFE91EED9AC | 48:8B47 08          | MOV RAX,QWORD PTR DS:[RDI+8]        |
00007FFE91EED9B0 | 48:8B70 10          | MOV RSI,QWORD PTR DS:[RAX+10]       |
00007FFE91EED9B4 | 4C:8BB6 C8000000    | MOV R14,QWORD PTR DS:[RSI+C8]       |
00007FFE91EED9BB | E8 60AD33F1         | CALL fc_m64.7FFE83228720            |
00007FFE91EED9C0 | 8B50 18             | MOV EDX,DWORD PTR DS:[RAX+18]       |
00007FFE91EED9C3 | 4D:85F6             | TEST R14,R14                        |
00007FFE91EED9C6 | 74 20               | JE fc_m64.7FFE91EED9E8              |
00007FFE91EED9C8 | 899424 80000000     | MOV DWORD PTR SS:[RSP+80],EDX       |
00007FFE91EED9CF | 4C:8D86 A8000000    | LEA R8,QWORD PTR DS:[RSI+A8]        |
00007FFE91EED9D6 | 48:8D9424 80000000  | LEA RDX,QWORD PTR SS:[RSP+80]       |
00007FFE91EED9DE | 4C:89F1             | MOV RCX,R14                         |
00007FFE91EED9E1 | E8 1A723DF1         | CALL fc_m64.7FFE832C4C00            |
00007FFE91EED9E6 | EB 17               | JMP fc_m64.7FFE91EED9FF             |
00007FFE91EED9E8 | 899424 90000000     | MOV DWORD PTR SS:[RSP+90],EDX       |
00007FFE91EED9EF | 48:89F1             | MOV RCX,RSI                         |
00007FFE91EED9F2 | 48:8D9424 90000000  | LEA RDX,QWORD PTR SS:[RSP+90]       |
00007FFE91EED9FA | E8 61743DF1         | CALL fc_m64.7FFE832C4E60            |
00007FFE91EED9FF | 31F6                | XOR ESI,ESI                         |
00007FFE91EEDA01 | 49:89C6             | MOV R14,RAX                         |
00007FFE91EEDA04 | 48:85C0             | TEST RAX,RAX                        |
00007FFE91EEDA07 | 0F84 B5000000       | JE fc_m64.7FFE91EEDAC2              |
00007FFE91EEDA0D | 48:8D05 2CAA90F4    | LEA RAX,QWORD PTR DS:[7FFE867F8440] |
00007FFE91EEDA14 | 4C:896424 60        | MOV QWORD PTR SS:[RSP+60],R12       |
00007FFE91EEDA19 | 48:894424 20        | MOV QWORD PTR SS:[RSP+20],RAX       |
00007FFE91EEDA1E | 48:8D15 43C6C5F4    | LEA RDX,QWORD PTR DS:[7FFE86B4A068] | 00007FFE86B4A068:"DominoEvent_CraftRecipe"
See that string? :) Spot with module base and offset is "FC_m64.dll+F86D992" in case you wanna study it :)

TimFun13
Expert Cheater
Expert Cheater
Posts: 1354
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 6

Re: Far Cry New Dawn - table v: 1.0.2 CT

Post by TimFun13 »

SunBeam wrote:
Tue Feb 19, 2019 1:28 am
...
Thanks; out of rep to give at the monument, I'll have to get you later.

I did get a working "ammo pickup multiplier" from what you gave me, I think I'm going to do some more digging to see if I can get a "cap. multiplier" working as well.

EDIT: So this seems to cause some issues, see below.
SCRIPT REMOVED
And just a reminder: BACKUP YOUR SAVES!
i.e.: "<drive>:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\savegames\<userid>\5211\"


EDIT2:
Here's the fixed script.

Code: Select all

{
	Process			: FarCryNewDawn.exe  -  (x64)
	Module			: FC_m64.dll
	Game Title		: Far Cry: New Dawn
	Game Version	: 1.0.0.0
	CE Version		: 6.83
	Script Version	: 0.0.1
	Date			: 02/18/19
	Author			: ShyTwig16
	Name			: AmmoIncHook

	Ammo Inc Hook
}

{$STRICT}

define(address, FC_m64.dll+F8F3963)
define(bytes, 89 5D 38 4C 8D 05 73 1B 0A F2)

////
//// ------------------------------ ENABLE ------------------------------
[ENABLE]
aobScanModule(aobAmmoIncHook, FC_m64.dll, 2Bxxxx39xx73xxEBxx31xx89xx4Cxxxxxx89xxxx4Cxxxxxxxxxxxx48)
define(injAmmoIncHook, aobAmmoIncHook+11)
assert(injAmmoIncHook, bytes)
registerSymbol(injAmmoIncHook)

alloc(memAmmoIncHook, 0x400, injAmmoIncHook)

label(intAmmoIncHook)
registerSymbol(intAmmoIncHook)

label(ptrAmmoIncHook)
registerSymbol(ptrAmmoIncHook)

label(n_code)
label(o_code)
label(exit)
label(return)

memAmmoIncHook:
	intAmmoIncHook:
		dd (int)3
	align 10
	ptrAmmoIncHook:
		dq 0
	align 10 CC
	n_code:
		mov [ptrAmmoIncHook],rdi
		pushfq
		cmp esi,-1
		je @f
			imul ebx,[intAmmoIncHook]
		@@:
		popfq
	o_code:
		mov [rbp+38],ebx
		reassemble(injAmmoIncHook+3) // lea r8,[7FEA01654E0] // lea r8,[FC_m64.dll+19954E0]
	exit:
		jmp return


////
//// ---------- Injection Point ----------
injAmmoIncHook:
	jmp n_code
	nop
	nop
	nop
	nop
	nop
	return:


////
//// ------------------------------ DISABLE ------------------------------
[DISABLE]
////
//// ---------- Injection Point ----------
injAmmoIncHook:
	db bytes

unregisterSymbol(injAmmoIncHook)

unregisterSymbol(intAmmoIncHook)

unregisterSymbol(ptrAmmoIncHook)

dealloc(memAmmoIncHook)

{
//// Injection Point: FC_m64.dll+F8F3963  -  000007FEAE0C3963
//// AOB address: 000007FEAE0C3952  -  FC_m64.dll+F8F3952
//// Process: FarCryNewDawn.exe  -  000000013F550000
//// Module: FC_m64.dll  -  000007FE9E7D0000
//// Module Size: 000000001AD0E000
FC_m64.dll+F8F3926:  49 8B 46 40                 -  mov rax,[r14+40]                   
FC_m64.dll+F8F392A:  49 8D 4E 40                 -  lea rcx,[r14+40]                   
FC_m64.dll+F8F392E:  FF 50 18                    -  call qword ptr [rax+18]            
FC_m64.dll+F8F3931:  48 8D 55 38                 -  lea rdx,[rbp+38]                   
FC_m64.dll+F8F3935:  48 89 F9                    -  mov rcx,rdi                        
FC_m64.dll+F8F3938:  89 C6                       -  mov esi,eax                        
FC_m64.dll+F8F393A:  E8 51F775F4                 -  call 7FEA2823090                   
FC_m64.dll+F8F393F:  39 75 38                    -  cmp [rbp+38],esi                   
FC_m64.dll+F8F3942:  77 17                       -  ja 7FEAE0C395B                     
FC_m64.dll+F8F3944:  48 8D 55 38                 -  lea rdx,[rbp+38]                   
FC_m64.dll+F8F3948:  48 89 F9                    -  mov rcx,rdi                        
FC_m64.dll+F8F394B:  E8 40F775F4                 -  call 7FEA2823090                   
FC_m64.dll+F8F3950:  89 F1                       -  mov ecx,esi                        
FC_m64.dll+F8F3952:  2B 4D 38                    -  sub ecx,[rbp+38]                   <<<--- AOB Starts Here
FC_m64.dll+F8F3955:  39 CB                       -  cmp ebx,ecx                        
FC_m64.dll+F8F3957:  73 04                       -  jae 7FEAE0C395D                    
FC_m64.dll+F8F3959:  EB 04                       -  jmp 7FEAE0C395F                    
FC_m64.dll+F8F395B:  31 C9                       -  xor ecx,ecx                        
FC_m64.dll+F8F395D:  89 CB                       -  mov ebx,ecx                        
FC_m64.dll+F8F395F:  4C 8D 4D 38                 -  lea r9,[rbp+38]                    
////  INJECTING START  ----------------------------------------------------------
FC_m64.dll+F8F3963:  89 5D 38                    -  mov [rbp+38],ebx                   
FC_m64.dll+F8F3966:  4C 8D 05 731B0AF2           -  lea r8,[7FEA01654E0]               [49060BE9]
////  INJECTING END  ----------------------------------------------------------
FC_m64.dll+F8F396D:  48 89 F9                    -  mov rcx,rdi                        
FC_m64.dll+F8F3970:  48 8D 55 30                 -  lea rdx,[rbp+30]                   
FC_m64.dll+F8F3974:  E8 57F875F4                 -  call 7FEA28231D0                   
FC_m64.dll+F8F3979:  48 8D 55 38                 -  lea rdx,[rbp+38]                   
FC_m64.dll+F8F397D:  48 89 F9                    -  mov rcx,rdi                        
FC_m64.dll+F8F3980:  E8 0BF775F4                 -  call 7FEA2823090                   
FC_m64.dll+F8F3985:  39 75 38                    -  cmp [rbp+38],esi                   
FC_m64.dll+F8F3988:  48 8D 4D F8                 -  lea rcx,[rbp-08]                   
FC_m64.dll+F8F398C:  B2 04                       -  mov dl,04                          
FC_m64.dll+F8F398E:  0F42 75 38                  -  cmovb esi,[rbp+38]                 
FC_m64.dll+F8F3992:  E8 69F475F4                 -  call 7FEA2822E00                   
FC_m64.dll+F8F3997:  48 8D 55 38                 -  lea rdx,[rbp+38]                   
FC_m64.dll+F8F399B:  C7 45 38 00000000           -  mov [rbp+38],00000000              
FC_m64.dll+F8F39A2:  48 8D 4D F8                 -  lea rcx,[rbp-08]                   
FC_m64.dll+F8F39A6:  E8 85F775F4                 -  call 7FEA2823130                   
FC_m64.dll+F8F39AB:  48 8D 05 2E6D87F4           -  lea rax,[7FEA293A6E0]              [9E941980]
FC_m64.dll+F8F39B2:  89 75 38                    -  mov [rbp+38],esi                   
FC_m64.dll+F8F39B5:  48 8D 55 38                 -  lea rdx,[rbp+38]                   
FC_m64.dll+F8F39B9:  48 89 45 F0                 -  mov [rbp-10],rax                   
//// Template: I2CEA_AOBFullInjectionWithValues
//// Generated with: I2 Cheat Engine Auto Assembler Script Template Generator
//// Code Happy, Code Freely, Be Awesome.
}

Last edited by TimFun13 on Tue Feb 19, 2019 6:25 am, edited 2 times in total.
Reason: Added fixed script.

User avatar
SunBeam
Administration
Administration
Posts: 4702
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 4285

Re: Far Cry New Dawn - table v: 1.0.2 CT

Post by SunBeam »

Adding more to it: what I do know about Far Cry games is I think starting with FC3 the inventory items are individual objects. Whenever you pick-up something, be it ammo or flowers (anything you can actually pick-up), the game engine will store that picked-up item's id in a table. It then iterates the table for all ids and generates a count. That's the value you see when you open up the inventory. When you consume ammo or flowers or whatever, it's not just a counter being decremented. No, it's the game engine destroying the last sorted offset in your inventory that points to that consumed item. It then does the reiteration and outputs the new count.

So.. all in all for New Dawn, these are the functions for read and write which Ubisoft used "Virtualization/Mutation/Ultra" compilation-typed markers on (see the VMProtect documentation from 2 posts ago):

read:

Code: Select all

FC_m64.dll+4053090 - E9 2B5D5414           - jmp FC_m64.dll+18598DC0
..
FC_m64.dll+18598DC0 - E9 D1D9EC01           - jmp FC_m64.dll+1A466796
..
FC_m64.dll+1A466796 - 68 CFD5F5F6           - push F6F5D5CF
FC_m64.dll+1A46679B - E8 C78CEFFF           - call FC_m64.dll+1A35F467
write:

Code: Select all

FC_m64.dll+40531D0 - E9 2B655414           - jmp FC_m64.dll+18599700
..
FC_m64.dll+18599700 - E9 0FD1EC01           - jmp FC_m64.dll+1A466814
..
FC_m64.dll+1A466814 - 68 E5D1759D           - push 9D75D1E5
FC_m64.dll+1A466819 - E8 4CA8F1FF           - call FC_m64.dll+1A38106A
The PUSH+CALL you see past the JMPs are the VM handlers leading into the VMProtect virtual machine(s). That's where you found those big ass loops.

Let's now take the Molotov as an example. You can find the visual display value by doing normal scans. Which will lead you to these two locations:

Code: Select all

FC_m64.dll+D0C873F - 48 8B 06              - mov rax,[rsi]
FC_m64.dll+D0C8742 - 48 89 F1              - mov rcx,rsi
FC_m64.dll+D0C8745 - 48 8B 55 38           - mov rdx,[rbp+38]
FC_m64.dll+D0C8749 - FF 90 B0010000        - call qword ptr [rax+000001B0] // :O what does this do? :P
FC_m64.dll+D0C874F - 3B 87 D0000000        - cmp eax,[rdi+000000D0] // or this?
FC_m64.dll+D0C8755 - 74 6C                 - je FC_m64.dll+D0C87C3
FC_m64.dll+D0C8757 - 89 87 D0000000        - mov [rdi+000000D0],eax // writes the on-screen value
FC_m64.dll+D0C875D - 30 DB                 - xor bl,bl
FC_m64.dll+D0C875F - 48 8B 0D F224D2F7     - mov rcx,[FC_m64.dll+4DEAC58]
FC_m64.dll+D0C8766 - 48 8B 2D 6BF6DFF7     - mov rbp,[FC_m64.dll+4EC7DD8]
FC_m64.dll+D0C876D - 48 8B 35 74F6DFF7     - mov rsi,[FC_m64.dll+4EC7DE8]
FC_m64.dll+D0C8774 - 48 85 C9              - test rcx,rcx
FC_m64.dll+D0C8777 - 74 11                 - je FC_m64.dll+D0C878A
FC_m64.dll+D0C8779 - 48 89 F2              - mov rdx,rsi
FC_m64.dll+D0C877C - E8 2F5B7CF3           - call FC_m64.dll+88E2B0
FC_m64.dll+D0C8781 - 48 8B 0D D024D2F7     - mov rcx,[FC_m64.dll+4DEAC58]
FC_m64.dll+D0C8788 - B3 01                 - mov bl,01
FC_m64.dll+D0C878A - 48 89 F2              - mov rdx,rsi
FC_m64.dll+D0C878D - E8 7EE07CF3           - call FC_m64.dll+896810
FC_m64.dll+D0C8792 - 8B 8F D0000000        - mov ecx,[rdi+000000D0] // reads the on-screen value
FC_m64.dll+D0C8798 - 89 08                 - mov [rax],ecx // writes it to a temp buffer
If you set a break at that CMP and check EAX, you will see it shows the amount of Molotovs you have. In my case, 12. So.. the CALL above it (call qword ptr [rax+000001B0]) is responsible for acquiring the value. If you trace it, it leads you to this location:

Code: Select all

FC_m64.dll+1F4232A - 48 8D 48 40           - lea rcx,[rax+40]
FC_m64.dll+1F4232E - 48 8B 40 40           - mov rax,[rax+40]
FC_m64.dll+1F42332 - FF 50 10              - call qword ptr [rax+10]
Which then takes you here:

Code: Select all

FC_m64.dll+1F423C0 - 48 83 EC 28           - sub rsp,28
FC_m64.dll+1F423C4 - 83 79 1C 01           - cmp dword ptr [rcx+1C],01
FC_m64.dll+1F423C8 - 75 0B                 - jne FC_m64.dll+1F423D5
FC_m64.dll+1F423CA - 48 8B 01              - mov rax,[rcx]
FC_m64.dll+1F423CD - 48 83 C4 28           - add rsp,28
FC_m64.dll+1F423D1 - 48 FF 60 18           - jmp qword ptr [rax+18]
FC_m64.dll+1F423D5 - 48 83 C1 10           - add rcx,10
FC_m64.dll+1F423D9 - 48 8D 54 24 30        - lea rdx,[rsp+30]
FC_m64.dll+1F423DE - E8 AD0C1102           - call FC_m64.dll+4053090 // remember this? it's the read
FC_m64.dll+1F423E3 - 8B 44 24 30           - mov eax,[rsp+30]
FC_m64.dll+1F423E7 - 48 83 C4 28           - add rsp,28
FC_m64.dll+1F423EB - C3                    - ret 
That's for the read part.

Now.. if you want to know where your Molotovs are being subtracted (or how) when you throw one out, just set a break on the "write" function. Throw one and check [RSP]. It will point to here:

Code: Select all

FC_m64.dll+F986860 - 40 53                 - push rbx
FC_m64.dll+F986862 - 56                    - push rsi
FC_m64.dll+F986863 - 41 56                 - push r14
FC_m64.dll+F986865 - 48 83 EC 20           - sub rsp,20
FC_m64.dll+F986869 - 48 8B 41 40           - mov rax,[rcx+40]
FC_m64.dll+F98686D - 49 89 CE              - mov r14,rcx
FC_m64.dll+F986870 - 48 83 C1 40           - add rcx,40
FC_m64.dll+F986874 - 89 D6                 - mov esi,edx
FC_m64.dll+F986876 - FF 50 20              - call qword ptr [rax+20]
FC_m64.dll+F986879 - 84 C0                 - test al,al
FC_m64.dll+F98687B - 75 37                 - jne FC_m64.dll+F9868B4 // guess what happens if you do 75->EB
FC_m64.dll+F98687D - 48 8D 54 24 48        - lea rdx,[rsp+48]
FC_m64.dll+F986882 - 49 8D 4E 50           - lea rcx,[r14+50]
FC_m64.dll+F986886 - E8 05C86CF4           - call FC_m64.dll+4053090
FC_m64.dll+F98688B - 8B 44 24 48           - mov eax,[rsp+48]
FC_m64.dll+F98688F - 4C 8D 4C 24 48        - lea r9,[rsp+48]
FC_m64.dll+F986894 - 39 C6                 - cmp esi,eax
FC_m64.dll+F986896 - 4C 8D 05 53EC00F2     - lea r8,[FC_m64.dll+19954F0]
FC_m64.dll+F98689D - 48 8D 54 24 40        - lea rdx,[rsp+40]
FC_m64.dll+F9868A2 - 0F42 C6               - cmovb eax,esi
FC_m64.dll+F9868A5 - 49 8D 4E 50           - lea rcx,[r14+50]
FC_m64.dll+F9868A9 - 89 C6                 - mov esi,eax
FC_m64.dll+F9868AB - 89 44 24 48           - mov [rsp+48],eax
FC_m64.dll+F9868AF - E8 1CC96CF4           - call FC_m64.dll+40531D0 // write
FC_m64.dll+F9868B4 - 85 F6                 - test esi,esi <-- [RSP] takes you here
Try that patch, 0x75 to 0xEB, then throw a Molotov. You'll also see resources aren't consumed on crafting :)

Et voila.

BR,
Sun

TimFun13
Expert Cheater
Expert Cheater
Posts: 1354
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 6

Re: Far Cry New Dawn - table v: 1.0.2 CT

Post by TimFun13 »

SunBeam wrote:
Tue Feb 19, 2019 2:33 am
...
I started thinking it was a list. So like you said, even to most rigorous scanning will only lead to display values because they're the only addresses that consistently change with the total amount.

But even upto FC5 ammo was just a single address that you could write to and change the value. But there was the IDs and even pointers for the names of the objects; my FC5 ammo script uses the names to tell the different types of ammo apart, I think my FC3 and 4 ammo scripts work this why too. But you could tell everything was in a list like you said, hence the use of the names.


And, thanks to you; here is an "item cap. multiplier" hook. This and the other still need more testing for crashes and whatnot though, but seem to be working well at this point.

Code: Select all

{
	Process			: FarCryNewDawn.exe  -  (x64)
	Module			: FC_m64.dll
	Game Title		: Far Cry: New Dawn
	Game Version	: 1.0.0.0
	CE Version		: 6.83
	Script Version	: 0.0.1
	Date			: 02/18/19
	Author			: ShyTwig16
	Name			: ItemCapMulHook

	Item Cap Mul Hook
}

{$STRICT}

define(address, FC_m64.dll+F8C914C)
define(bytes, F3 0F 59 84 8B 80 00 00 00)

////
//// ------------------------------ ENABLE ------------------------------
[ENABLE]
aobScanModule(aobItemCapMulHook, FC_m64.dll, 0F57xx89xxF3xxxxxxxxF3xxxxxxxxxxxxxxxxF3xxxxxxxx48)
define(injItemCapMulHook, aobItemCapMulHook+A)
assert(injItemCapMulHook, bytes)
registerSymbol(injItemCapMulHook)

alloc(memItemCapMulHook, 0x400, injItemCapMulHook)

label(fltItemCapMulHook)
registerSymbol(fltItemCapMulHook)

label(ptrItemCapMulHook)
registerSymbol(ptrItemCapMulHook)

label(n_code)
label(o_code)
label(exit)
label(return)

memItemCapMulHook:
	fltItemCapMulHook:
		dd (float)3
	align 10
	ptrItemCapMulHook:
		dq 0
	align 10 CC
	n_code:
		mov [ptrItemCapMulHook],rbx
		mulss xmm0,[rbx+rcx*4+00000080]
		mulss xmm0,[fltItemCapMulHook]
	o_code:
		// mulss xmm0,[rbx+rcx*4+00000080]
	exit:
		jmp return


////
//// ---------- Injection Point ----------
injItemCapMulHook:
	jmp n_code
	nop
	nop
	nop
	nop
	return:


////
//// ------------------------------ DISABLE ------------------------------
[DISABLE]
////
//// ---------- Injection Point ----------
injItemCapMulHook:
	db bytes

unregisterSymbol(injItemCapMulHook)

unregisterSymbol(fltItemCapMulHook)

unregisterSymbol(ptrItemCapMulHook)

dealloc(memItemCapMulHook)

{
//// Injection Point: FC_m64.dll+F8C914C  -  000007FEAE09914C
//// AOB address: 000007FEAE099142  -  FC_m64.dll+F8C9142
//// Process: FarCryNewDawn.exe  -  000000013F550000
//// Module: FC_m64.dll  -  000007FE9E7D0000
//// Module Size: 000000001AD0E000
FC_m64.dll+F8C9100:  48 89 F9                    -  mov rcx,rdi                        
FC_m64.dll+F8C9103:  E8 28C859F1                 -  call 7FE9F635930                   
FC_m64.dll+F8C9108:  48 85 C0                    -  test rax,rax                       
FC_m64.dll+F8C910B:  74 1C                       -  je 7FEAE099129                     
FC_m64.dll+F8C910D:  8B 53 7C                    -  mov edx,[rbx+7C]                   
FC_m64.dll+F8C9110:  48 8D 48 18                 -  lea rcx,[rax+18]                   
FC_m64.dll+F8C9114:  0F57 D2                     -  xorps xmm2,xmm2                    
FC_m64.dll+F8C9117:  45 31 C9                    -  xor r9d,r9d                        
FC_m64.dll+F8C911A:  F3 48 0F2A D6               -  cvtsi2ss xmm2,rsi                  
FC_m64.dll+F8C911F:  E8 2CE3AEF1                 -  call 7FE9FB87450                   
FC_m64.dll+F8C9124:  F3 48 0F2C F0               -  cvttss2si rsi,xmm0                 
FC_m64.dll+F8C9129:  48 8B 0D E80A57F5           -  mov rcx,[7FEA3609C18]              [F95CAB00]
FC_m64.dll+F8C9130:  48 89 4C 24 30              -  mov [rsp+30],rcx                   
FC_m64.dll+F8C9135:  48 85 C9                    -  test rcx,rcx                       
FC_m64.dll+F8C9138:  74 20                       -  je 7FEAE09915A                     
FC_m64.dll+F8C913A:  E8 71B5BCF1                 -  call 7FE9FC646B0                   
FC_m64.dll+F8C913F:  48 63 C8                    -  movsxd  rcx,eax                    
FC_m64.dll+F8C9142:  0F57 C0                     -  xorps xmm0,xmm0                    <<<--- AOB Starts Here
FC_m64.dll+F8C9145:  89 F0                       -  mov eax,esi                        
FC_m64.dll+F8C9147:  F3 48 0F2A C0               -  cvtsi2ss xmm0,rax                  
////  INJECTING START  ----------------------------------------------------------
FC_m64.dll+F8C914C:  F3 0F59 84 8B 80000000      -  mulss xmm0,[rbx+rcx*4+00000080]    
////  INJECTING END  ----------------------------------------------------------
FC_m64.dll+F8C9155:  F3 48 0F2C F0               -  cvttss2si rsi,xmm0                 
FC_m64.dll+F8C915A:  48 8B 0F                    -  mov rcx,[rdi]                      
FC_m64.dll+F8C915D:  48 8D 05 142C3AF5           -  lea rax,[7FEA343BD78]              [FFFFFFFF]
FC_m64.dll+F8C9164:  48 39 C1                    -  cmp rcx,rax                        
FC_m64.dll+F8C9167:  74 12                       -  je 7FEAE09917B                     
FC_m64.dll+F8C9169:  83 C8 FF                    -  or eax,-01                         
FC_m64.dll+F8C916C:  F0 0FC1 41 08               -  lock xadd [rcx+08],eax             
FC_m64.dll+F8C9171:  83 F8 01                    -  cmp eax,01                         
FC_m64.dll+F8C9174:  75 05                       -  jne 7FEAE09917B                    
FC_m64.dll+F8C9176:  E8 75AB94F0                 -  call 7FE9E9E3CF0                   
FC_m64.dll+F8C917B:  48 8B 5C 24 40              -  mov rbx,[rsp+40]                   
FC_m64.dll+F8C9180:  89 F0                       -  mov eax,esi                        
FC_m64.dll+F8C9182:  48 8B 74 24 38              -  mov rsi,[rsp+38]                   
FC_m64.dll+F8C9187:  48 83 C4 20                 -  add rsp,20                         
FC_m64.dll+F8C918B:  5F                          -  pop rdi                            
FC_m64.dll+F8C918C:  C3                          -  ret                                
FC_m64.dll+F8C918D:  CC                          -  int 3                              
FC_m64.dll+F8C918E:  48 31 FF                    -  xor rdi,rdi                        
FC_m64.dll+F8C9191:  4C 8B 2C 24                 -  mov r13,[rsp]                      
FC_m64.dll+F8C9195:  48 8D 64 24 08              -  lea rsp,[rsp+08]                   
//// Template: I2CEA_AOBFullInjectionWithValues
//// Generated with: I2 Cheat Engine Auto Assembler Script Template Generator
//// Code Happy, Code Freely, Be Awesome.
}


TimFun13
Expert Cheater
Expert Cheater
Posts: 1354
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 6

Re: Far Cry New Dawn - table v: 1.0.2 CT

Post by TimFun13 »

Don't know which one yet, but one of the scripts I just posted didn't work as intended.
[Link]
Two of them are just dashes. :?

EDIT: It's the "ammo pickup multiplier", I was leaning towards that one.

bigbang20061
Novice Cheater
Novice Cheater
Posts: 18
Joined: Mon Sep 25, 2017 1:43 am
Reputation: 0

Re: Far Cry New Dawn - table v: 1.0.2 CT

Post by bigbang20061 »

good job,Thank you guys.

TimFun13
Expert Cheater
Expert Cheater
Posts: 1354
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 6

Re: Far Cry New Dawn - table v: 1.0.3 CT

Post by TimFun13 »

Table Updated:
  • v 1.0.3:
    Added:
    • Infinite Resources { SunBeam }
    • Ammo Pickup & Crafting Multiplier (Based on SunBeam's findings.)
    • Item Cap. Multiplier (Based on SunBeam's findings.)

User avatar
SunBeam
Administration
Administration
Posts: 4702
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 4285

Re: Far Cry New Dawn - table v: 1.0.3 CT

Post by SunBeam »

Really don't get ya, Tim:

Code: Select all

FC_m64.dll+F8F395F:  4C 8D 4D 38                 -  lea r9,[rbp+38]                    
////  INJECTING START  ----------------------------------------------------------
FC_m64.dll+F8F3963:  89 5D 38                    -  mov [rbp+38],ebx                   
FC_m64.dll+F8F3966:  4C 8D 05 731B0AF2           -  lea r8,[7FEA01654E0]
////  INJECTING END  ----------------------------------------------------------
So you prefer adding in a 'reassemble', when you could've just used the instruction above the INJECTING START area :D You must be tired, I guess...

Code: Select all

FC_m64.dll+F8F395F:  4C 8D 4D 38                 -  lea r9,[rbp+38]
FC_m64.dll+F8F3963:  89 5D 38                    -  mov [rbp+38],ebx
That doesn't need reassemble. You got 5 bytes for the JMP + 2 'db 90' :)

Happy coderizin'.

Post Reply

Who is online

Users browsing this forum: asderasder444, Bing [Bot], DrKrank, Google Adsense [Bot], jacko075, JMC23, Roland410, Tirulu, wewewesaswe, YandexBot, ZoDDeL