So I found recoil and spread, but I'm having trouble with sway. Didn't know if you found any thing for that, yet.
Code: Select all
{
Process : Borderlands3.exe - (x64)
Module : Borderlands3.exe
Game Title : Borderlands3
Game File Version : 4.20.3.0
Game Version : 4.20.3.0
CE Version : 7.1
Script Version : 0.0.1
Date : 04/26/20
Author : ShyTwig16
Name : WeaponRecoilHook
Weapon Recoil Hook
}
{$STRICT}
define(address, Borderlands3.exe+1F4E9929)
define(bytes, F3 0F 58 8B A8 01 00 00)
////
//// ------------------------------ ENABLE ------------------------------
[ENABLE]
aobScanModule(aobWeaponRecoilHook, Borderlands3.exe, F30F100FF30F588BA8010000F30F118BA8010000)
define(injWeaponRecoilHook, aobWeaponRecoilHook+4)
assert(injWeaponRecoilHook, bytes)
registerSymbol(injWeaponRecoilHook)
alloc(memWeaponRecoilHook, 0x400, injWeaponRecoilHook)
label(ptrWeaponRecoilHook)
registerSymbol(ptrWeaponRecoilHook)
label(n_code)
label(o_code)
label(exit)
label(return)
memWeaponRecoilHook:
ptrWeaponRecoilHook:
dq 0
align 10 CC
n_code:
mov [ptrWeaponRecoilHook],rbx
xorps xmm1,xmm1
o_code:
// addss xmm1,[rbx+000001A8]
exit:
jmp return
////
//// ---------- Injection Point ----------
injWeaponRecoilHook:
jmp n_code
nop
nop
nop
return:
////
//// ------------------------------ DISABLE ------------------------------
[DISABLE]
////
//// ---------- Injection Point ----------
injWeaponRecoilHook:
db bytes
unregisterSymbol(injWeaponRecoilHook)
unregisterSymbol(ptrWeaponRecoilHook)
dealloc(memWeaponRecoilHook)
{
//// Injection Point: Borderlands3.exe+1F4E9929 - 000000015F4E9929
//// AOB address: 000000015F4E9925 - Borderlands3.exe+1F4E9925
//// Process: Borderlands3.exe - 0000000140000000
//// Module: Borderlands3.exe - 0000000140000000
//// Module Size: 0000000025AAB000
Borderlands3.exe+1F4E98CA: 0F29 74 24 30 - movaps [rsp+30],xmm6
Borderlands3.exe+1F4E98CF: 48 89 CB - mov rbx,rcx
Borderlands3.exe+1F4E98D2: 48 8B 89 18010000 - mov rcx,[rcx+00000118]
Borderlands3.exe+1F4E98D9: 0F28 F3 - movaps xmm6,xmm3
Borderlands3.exe+1F4E98DC: 0F29 7C 24 20 - movaps [rsp+20],xmm7
Borderlands3.exe+1F4E98E1: 0F28 FA - movaps xmm7,xmm2
Borderlands3.exe+1F4E98E4: 48 89 D7 - mov rdi,rdx
Borderlands3.exe+1F4E98E7: 48 85 C9 - test rcx,rcx
Borderlands3.exe+1F4E98EA: 0F84 93000000 - je 15F4E9983
Borderlands3.exe+1F4E98F0: 48 8B 01 - mov rax,[rcx]
Borderlands3.exe+1F4E98F3: FF 90 48010000 - call qword ptr [rax+00000148]
Borderlands3.exe+1F4E98F9: 48 85 C0 - test rax,rax
Borderlands3.exe+1F4E98FC: 0F84 81000000 - je 15F4E9983
Borderlands3.exe+1F4E9902: F3 0F10 44 24 70 - movss xmm0,[rsp+70]
Borderlands3.exe+1F4E9908: B2 01 - mov dl,01
Borderlands3.exe+1F4E990A: F3 0F11 83 BC010000 - movss [rbx+000001BC],xmm0
Borderlands3.exe+1F4E9912: 48 89 D9 - mov rcx,rbx
Borderlands3.exe+1F4E9915: F3 0F11 BB B4010000 - movss [rbx+000001B4],xmm7
Borderlands3.exe+1F4E991D: F3 0F11 B3 B8010000 - movss [rbx+000001B8],xmm6
Borderlands3.exe+1F4E9925: F3 0F10 0F - movss xmm1,[rdi] <<<--- AOB Starts Here
//// INJECTING START ----------------------------------------------------------
Borderlands3.exe+1F4E9929: F3 0F58 8B A8010000 - addss xmm1,[rbx+000001A8]
//// INJECTING END ----------------------------------------------------------
Borderlands3.exe+1F4E9931: F3 0F11 8B A8010000 - movss [rbx+000001A8],xmm1
Borderlands3.exe+1F4E9939: F3 0F10 47 04 - movss xmm0,[rdi+04]
Borderlands3.exe+1F4E993E: F3 0F58 83 AC010000 - addss xmm0,[rbx+000001AC]
Borderlands3.exe+1F4E9946: F3 0F11 83 AC010000 - movss [rbx+000001AC],xmm0
Borderlands3.exe+1F4E994E: F3 0F10 4F 08 - movss xmm1,[rdi+08]
Borderlands3.exe+1F4E9953: F3 0F58 8B B0010000 - addss xmm1,[rbx+000001B0]
Borderlands3.exe+1F4E995B: F3 0F11 8B B0010000 - movss [rbx+000001B0],xmm1
Borderlands3.exe+1F4E9963: 8B 80 90070000 - mov eax,[rax+00000790]
Borderlands3.exe+1F4E9969: 89 83 C0010000 - mov [rbx+000001C0],eax
Borderlands3.exe+1F4E996F: 0FB6 44 24 78 - movzx eax,byte ptr [rsp+78]
Borderlands3.exe+1F4E9974: 88 83 C4010000 - mov [rbx+000001C4],al
Borderlands3.exe+1F4E997A: 48 8B 03 - mov rax,[rbx]
Borderlands3.exe+1F4E997D: FF 90 58030000 - call qword ptr [rax+00000358]
Borderlands3.exe+1F4E9983: 48 8B 5C 24 50 - mov rbx,[rsp+50]
Borderlands3.exe+1F4E9988: 0F28 74 24 30 - movaps xmm6,[rsp+30]
Borderlands3.exe+1F4E998D: 0F28 7C 24 20 - movaps xmm7,[rsp+20]
Borderlands3.exe+1F4E9992: 48 83 C4 40 - add rsp,40
Borderlands3.exe+1F4E9996: 5F - pop rdi
Borderlands3.exe+1F4E9997: C3 - ret
Borderlands3.exe+1F4E9998: CC - int 3
//// Template: I2CEA_AOBFullInjection
//// Generated with: I2 Cheat Engine Auto Assembler Script Template Generator
//// Code Happy, Code Freely, Be Awesome.
}
Code: Select all
{
Process : Borderlands3.exe - (x64)
Module : Borderlands3.exe
Game Title : Borderlands3
Game File Version : 4.20.3.0
Game Version : 4.20.3.0
CE Version : 7.1
Script Version : 0.0.1
Date : 04/26/20
Author : ShyTwig16
Name : WeaponSpreadHook
Weapon Spread Hook
}
{$STRICT}
define(address, Borderlands3.exe+1E7298C2)
define(bytes, F3 0F 10 BB A0 00 00 00)
////
//// ------------------------------ ENABLE ------------------------------
[ENABLE]
aobScanModule(aobWeaponSpreadHook, Borderlands3.exe, E8xxxxxxxxF3xxxxxxxxxxF3xxxxxxxxxxxxxxF3xxxxxxxxxx45xxxxxx74)
define(injWeaponSpreadHook, aobWeaponSpreadHook+B)
assert(injWeaponSpreadHook, bytes)
registerSymbol(injWeaponSpreadHook)
alloc(memWeaponSpreadHook, 0x400, injWeaponSpreadHook)
label(ptrWeaponSpreadHook)
registerSymbol(ptrWeaponSpreadHook)
label(n_code)
label(o_code)
label(exit)
label(return)
memWeaponSpreadHook:
ptrWeaponSpreadHook:
dq 0
align 10 CC
n_code:
pushfq
push rax
mov rax,[ptrPlayerHook]
test rax,rax
jz o_code
mov rax,[rax+678]
test rax,rax
jz o_code
mov rax,[rax+68]
test rax,rax
jz o_code
mov rax,[rax+180]
test rax,rax
jz o_code
lea rax,[rax+9B0]
cmp rax,rbx
jne o_code
mov [ptrWeaponSpreadHook],rbx
xorps xmm7,xmm7
movss [rbx+A0],xmm7
jmp exit
o_code:
movss xmm7,[rbx+000000A0]
exit:
pop rax
popfq
jmp return
////
//// ---------- Injection Point ----------
injWeaponSpreadHook:
jmp n_code
nop
nop
nop
return:
////
//// ------------------------------ DISABLE ------------------------------
[DISABLE]
////
//// ---------- Injection Point ----------
injWeaponSpreadHook:
db bytes
unregisterSymbol(injWeaponSpreadHook)
unregisterSymbol(ptrWeaponSpreadHook)
dealloc(memWeaponSpreadHook)
{
//// Injection Point: Borderlands3.exe+1E7298C2 - 000000015E7298C2
//// AOB address: 000000015E7298B7 - Borderlands3.exe+1E7298B7
//// Process: Borderlands3.exe - 0000000140000000
//// Module: Borderlands3.exe - 0000000140000000
//// Module Size: 0000000025AAB000
Borderlands3.exe+1E72985D: 0F29 BC 24 80000000 - movaps [rsp+00000080],xmm7
Borderlands3.exe+1E729865: 48 89 D9 - mov rcx,rbx
Borderlands3.exe+1E729868: 44 0F29 44 24 70 - movaps [rsp+70],xmm8
Borderlands3.exe+1E72986E: 44 0F29 4C 24 60 - movaps [rsp+60],xmm9
Borderlands3.exe+1E729874: 44 0F29 5C 24 40 - movaps [rsp+40],xmm11
Borderlands3.exe+1E72987A: 44 0F29 64 24 30 - movaps [rsp+30],xmm12
Borderlands3.exe+1E729880: E8 BB6A33E4 - call 142A60340
Borderlands3.exe+1E729885: F3 0F10 BB A0000000 - movss xmm7,[rbx+000000A0]
Borderlands3.exe+1E72988D: 44 0F28 E0 - movaps xmm12,xmm0
Borderlands3.exe+1E729891: 0F2E BB E0000000 - ucomiss xmm7,[rbx+000000E0]
Borderlands3.exe+1E729898: F3 44 0F10 43 38 - movss xmm8,[rbx+38]
Borderlands3.exe+1E72989E: 45 0F57 C9 - xorps xmm9,xmm9
Borderlands3.exe+1E7298A2: F3 0F10 73 44 - movss xmm6,[rbx+44]
Borderlands3.exe+1E7298A7: F3 41 0F5C F0 - subss xmm6,xmm8
Borderlands3.exe+1E7298AC: 75 06 - jne 15E7298B4
Borderlands3.exe+1E7298AE: 41 0F2E F1 - ucomiss xmm6,xmm9
Borderlands3.exe+1E7298B2: 74 16 - je 15E7298CA
Borderlands3.exe+1E7298B4: 48 89 D9 - mov rcx,rbx
Borderlands3.exe+1E7298B7: E8 940934E4 - call 142A6A250 <<<--- AOB Starts Here
Borderlands3.exe+1E7298BC: F3 44 0F10 43 38 - movss xmm8,[rbx+38]
//// INJECTING START ----------------------------------------------------------
Borderlands3.exe+1E7298C2: F3 0F10 BB A0000000 - movss xmm7,[rbx+000000A0]
//// INJECTING END ----------------------------------------------------------
Borderlands3.exe+1E7298CA: F3 44 0F10 5B 50 - movss xmm11,[rbx+50]
Borderlands3.exe+1E7298D0: 45 0F2E D9 - ucomiss xmm11,xmm9
Borderlands3.exe+1E7298D4: 74 54 - je 15E72992A
Borderlands3.exe+1E7298D6: 44 0F29 54 24 50 - movaps [rsp+50],xmm10
Borderlands3.exe+1E7298DC: 31 D2 - xor edx,edx
Borderlands3.exe+1E7298DE: F3 44 0F10 53 5C - movss xmm10,[rbx+5C]
Borderlands3.exe+1E7298E4: 48 89 D9 - mov rcx,rbx
Borderlands3.exe+1E7298E7: E8 147D33E4 - call 142A61600
Borderlands3.exe+1E7298EC: 84 C0 - test al,al
Borderlands3.exe+1E7298EE: 74 06 - je 15E7298F6
Borderlands3.exe+1E7298F0: F3 44 0F58 53 68 - addss xmm10,[rbx+68]
Borderlands3.exe+1E7298F6: F3 0F10 83 E4000000 - movss xmm0,[rbx+000000E4]
Borderlands3.exe+1E7298FE: 0F28 CF - movaps xmm1,xmm7
Borderlands3.exe+1E729901: 41 0F2F C1 - comiss xmm0,xmm9
Borderlands3.exe+1E729905: 76 0B - jna 15E729912
Borderlands3.exe+1E729907: F3 41 0F58 C2 - addss xmm0,xmm10
Borderlands3.exe+1E72990C: 44 0F2F E0 - comiss xmm12,xmm0
Borderlands3.exe+1E729910: 72 12 - jb 15E729924
Borderlands3.exe+1E729912: C7 83 E4000000 00000000 - mov [rbx+000000E4],00000000
Borderlands3.exe+1E72991C: F3 41 0F58 F3 - addss xmm6,xmm11
//// Template: I2CEA_AOBFullInjection
//// Generated with: I2 Cheat Engine Auto Assembler Script Template Generator
//// Code Happy, Code Freely, Be Awesome.
}
The spread cheat is using my player hook to filter, not sure if there is another way to do it.
Code: Select all
{
Process : Borderlands3.exe - (x64)
Module : Borderlands3.exe
Game Title : Borderlands3
Game File Version : 4.20.3.0
Game Version : 4.20.3.0
CE Version : 7.1
Script Version : 0.0.1
Date : 04/26/20
Author : ShyTwig16
Name : PlayerHook
Player Hook
}
{$STRICT}
define(address, Borderlands3.exe+A98E5E)
define(bytes, 48 85 C0 0F 84 2F 01 00 00)
////
//// ------------------------------ ENABLE ------------------------------
[ENABLE]
aobScanModule(aobPlayerHook, Borderlands3.exe, F3xxxxxxxxxxxxxx48xxxx0F84xxxxxxxx48xxxxE8xxxxxxxx48xxxxxx44)
define(injPlayerHook, aobPlayerHook+8)
assert(injPlayerHook, bytes)
registerSymbol(injPlayerHook)
alloc(memPlayerHook, 0x400, injPlayerHook)
label(ptrPlayerHook)
registerSymbol(ptrPlayerHook)
label(n_code)
label(o_code)
label(exit)
label(return)
memPlayerHook:
ptrPlayerHook:
dq 0
align 10 CC
n_code:
mov [ptrPlayerHook],rax
o_code:
test rax,rax
reassemble(injPlayerHook+3) // je 140A98F96
exit:
jmp return
////
//// ---------- Injection Point ----------
injPlayerHook:
jmp n_code
nop
nop
nop
nop
return:
////
//// ------------------------------ DISABLE ------------------------------
[DISABLE]
////
//// ---------- Injection Point ----------
injPlayerHook:
db bytes
unregisterSymbol(injPlayerHook)
unregisterSymbol(ptrPlayerHook)
dealloc(memPlayerHook)
{
//// Injection Point: Borderlands3.exe+A98E5E - 0000000140A98E5E
//// AOB address: 0000000140A98E56 - Borderlands3.exe+A98E56
//// Process: Borderlands3.exe - 0000000140000000
//// Module: Borderlands3.exe - 0000000140000000
//// Module Size: 0000000025AAB000
Borderlands3.exe+A98E13: 41 0F28 F0 - movaps xmm6,xmm8
Borderlands3.exe+A98E17: EB 08 - jmp 140A98E21
Borderlands3.exe+A98E19: 0F2F F7 - comiss xmm6,xmm7
Borderlands3.exe+A98E1C: 72 03 - jb 140A98E21
Borderlands3.exe+A98E1E: 0F28 F7 - movaps xmm6,xmm7
Borderlands3.exe+A98E21: 66 41 0F6E C6 - movd xmm0,r14d
Borderlands3.exe+A98E26: 0F28 CF - movaps xmm1,xmm7
Borderlands3.exe+A98E29: 0F5B C0 - cvtdq2ps xmm0,xmm0
Borderlands3.exe+A98E2C: F3 0F5C CE - subss xmm1,xmm6
Borderlands3.exe+A98E30: F3 0F59 C8 - mulss xmm1,xmm0
Borderlands3.exe+A98E34: F3 44 0F2C F1 - cvttss2si r14d,xmm1
Borderlands3.exe+A98E39: 45 85 F6 - test r14d,r14d
Borderlands3.exe+A98E3C: 7F 05 - jg 140A98E43
Borderlands3.exe+A98E3E: 45 33 F6 - xor r14d,r14d
Borderlands3.exe+A98E41: EB 0F - jmp 140A98E52
Borderlands3.exe+A98E43: 41 81 FE FF000000 - cmp r14d,000000FF
Borderlands3.exe+A98E4A: 7C 06 - jl 140A98E52
Borderlands3.exe+A98E4C: 41 BE FF000000 - mov r14d,000000FF
Borderlands3.exe+A98E52: 48 8B 45 88 - mov rax,[rbp-78]
Borderlands3.exe+A98E56: F3 0F10 35 162D6903 - movss xmm6,[14412BB74] [(float)0.0833]<<<--- AOB Starts Here
//// INJECTING START ----------------------------------------------------------
Borderlands3.exe+A98E5E: 48 85 C0 - test rax,rax
Borderlands3.exe+A98E61: 0F84 2F010000 - je 140A98F96
//// INJECTING END ----------------------------------------------------------
Borderlands3.exe+A98E67: 48 8B C8 - mov rcx,rax
Borderlands3.exe+A98E6A: E8 F134FA01 - call 142A3C360
Borderlands3.exe+A98E6F: 48 8D 4D 98 - lea rcx,[rbp-68]
Borderlands3.exe+A98E73: 44 0F28 C8 - movaps xmm9,xmm0
Borderlands3.exe+A98E77: 48 89 4C 24 70 - mov [rsp+70],rcx
Borderlands3.exe+A98E7C: 45 33 ED - xor r13d,r13d
Borderlands3.exe+A98E7F: 90 - nop
Borderlands3.exe+A98E80: 66 41 0F6E CD - movd xmm1,r13d
Borderlands3.exe+A98E85: 0F5B C9 - cvtdq2ps xmm1,xmm1
Borderlands3.exe+A98E88: F3 0F59 CE - mulss xmm1,xmm6
Borderlands3.exe+A98E8C: 41 0F2F C9 - comiss xmm1,xmm9
Borderlands3.exe+A98E90: 73 7A - jae 140A98F0C
Borderlands3.exe+A98E92: 4C 63 21 - movsxd r12,dword ptr [rcx]
Borderlands3.exe+A98E95: 41 8B C4 - mov eax,r12d
Borderlands3.exe+A98E98: 25 03000080 - and eax,80000003 [000000E3]
Borderlands3.exe+A98E9D: 7D 07 - jnl 140A98EA6
Borderlands3.exe+A98E9F: FF C8 - dec eax
Borderlands3.exe+A98EA1: 83 C8 FC - or eax,-04
Borderlands3.exe+A98EA4: FF C0 - inc eax
//// Template: I2CEA_AOBFullInjection
//// Generated with: I2 Cheat Engine Auto Assembler Script Template Generator
//// Code Happy, Code Freely, Be Awesome.
}