Tom Clancy's Ghost Recon: Breakpoint [Engine:AnvilNEXT64]

[SunBeam]

Please see the error and update the cheat tables, thanks very much

Thanks for your great release, works without a problem for me

So tell me again, rarhack, why should I even bother? In my days, if something didn't work, I would find the version of the game that works with my table or trainer. I'm sorry, use a trainer if the table doesn't work. Peace.

How to use this cheat table?

1. Install Cheat Engine
2. Double-click the .CT file in order to open it.
3. Click the PC icon in Cheat Engine in order to select the game process.
4. Keep the list.
5. Activate the trainer options by checking boxes or setting values from 0 to 1

[rarhack]

Table should be compatible with either executable (GRB.exe or GRB_UPP.exe). Let me if some script doesn't run or crashes you.

So tell me again, rarhack, why should I even bother? In my days, if something didn't work, I would find the version of the game that works with my table or trainer. I'm sorry, use a trainer if the table doesn't work. Peace.

I just tell you some script doesn't run or crashes my game. nothing more

Problem is solved

[Poyzion]

Would be good to know, which one exactly are working and which not, so problem could be easier to find

Did you get some error at cheatEngine? If so please tell us which.

Did you use the latest version posted by caliber to bypass / deactivate BE? Because other methods postet here are not working anymore but his works great, only start it once insider the game directory and as soon as it displays „BE Off“ click ok and start game via uplay direct, not with a launcher or something else

With that infos me and other users might can help you
Because i don‘t think its because of the table. Played today about 6 hours with most options on and it worked without any problem, all script do what they should and not one single crash of the Game or CheatEngine.

[SunBeam]

^ Which is exactly why I am reluctant to help. The "post if it crashes" statement I left behind was more on the lines of letting me know if the table works with EITHER executable. Any other issues you got due to not knowing how to use CE or tables aren't covered. He's off anyway with a trainer or something; don't see him that over-zealous to fix his problem.

[rarhack]

I am zealous to fix my problem and I am sorry maybe my bad english is bothering you;

I did the following: 1 use bypass by from Caliber@CH (latest, page 8) and see BE is OFF; 2 start breakpoint game in uplay; 3 when game is in menu (select save, not completely playing), i start CE and load Sumbeam's script and select the game process; 3.1 if i load 1.4 edition script (latest), i cannot click gather intel so no use at all; 3.2 if i load 1.1 edition (old), i can click gather intel, but i go back to game and select save, game crashes

no error is showing in CE, it is either not clicking gather intel or game crashes

I really am zealous to fix my problem and i want to use the table; please tell me if you know where i am wrong

Thank you

Add: I know how to use CE and i use CE table for many games and they are useful, your script maybe is advanced but i am not complete ignorance in CE.

Add 2: I found the mistake it is old CE edition. i update CE and now it is work for me.

[sebastianyyz]

The table is working fine, I don't know why people keep saying it doesn't work.

[Poyzion]

Add 2: I found the mistake it is old CE edition. i update CE and now it is work for me.

Thanks for your answer and great that it‘s now working for you

Next time check such things immediately so you can solve the problem, play and don‘t have to wait for answers of the dev(s)

[rarhack]

Thanks for your answer and great that it‘s now working for you

Next time check such things immediately so you can solve the problem, play and don‘t have to wait for answers of the dev(s)

Thank you for your care. i used old CE (6.5 editions) for many time and it is always work so i didnt check it for a problem. in future i will check it before i load new script.

[SunBeam]

I guess it does pay off to add a message box or something in the table that'd warn you of the version requirement.. Oh well, will add that in - or a banner - for people who still use CE 3.5 from 10 years ago.

[Poyzion]

That game drives me crazy atm^^ Tried for 5h now to create a script for infinite Ammo (not unlimited clip ammo, reloading should be needed with it active) but i only find 4 Adresses but non of them changes the value displayed ingame and if i try to lock them game tries every second to override it back to real value, tried different methods, datatypes etc. but can‘t get it to work
Are the values encrypted in any way so i can‘t find it via searching for the value thats displayed ingame?
Looked at the Infinite Clipammo script but that also dosn‘t help

Can you give me a hint or help me to create it @SunBeam? Because wanted to do it on my own, on a few other games i worked on i got it working but not for Breakpoint
Battleeye is disabled/bypassed for sure (otherwise debugging wouldn‘t work).
Would really appreciate if you would help me with that if you have some time

[SunBeam]

The values are encrypted/encoded. What you see on-screen isn't what to look for. Too much to detail, I suggest using unknown/has changed while firing/reloading. As far as understanding the encoding, that I'm afraid I can't detail here. Maybe ask Caliber about it, I remember he mentioned some clear snippets. Just PM him (caliber1942).

[Poyzion]

The values are encrypted/encoded. What you see on-screen isn't what to look for. Too much to detail, I suggest using unknown/has changed while firing/reloading. As far as understanding the encoding, that I'm afraid I can't detail here. Maybe ask Caliber about it, I remember he mentioned some clear snippets. Just PM him (caliber1942).

Ok great thanks for your info, so i know it‘s not me beeing to silly to do it i just have to use another way
Will try what you suggested (scanning for unknown value), maybe i‘m able to do it, otherwise i will write Caliber a message.
If i‘m successful i will post the table (or just that one script) here so anyone can profit out of it

[caliber1942]

That game drives me crazy atm^^ Tried for 5h now to create a script for infinite Ammo (not unlimited clip ammo, reloading should be needed with it active) but i only find 4 Adresses but non of them changes the value displayed ingame and if i try to lock them game tries every second to override it back to real value, tried different methods, datatypes etc. but can‘t get it to work
Are the values encrypted in any way so i can‘t find it via searching for the value thats displayed ingame?
Looked at the Infinite Clipammo script but that also dosn‘t help

Can you give me a hint or help me to create it @SunBeam? Because wanted to do it on my own, on a few other games i worked on i got it working but not for Breakpoint
Battleeye is disabled/bypassed for sure (otherwise debugging wouldn‘t work).
Would really appreciate if you would help me with that if you have some time

here is an example from my notes. No idea if the code is same addresses, probably not, but you can re-search using AOB.

AMMO
=========

GRB_UPP.exe+1A4F1C08 - 66 01 F0 - add ax,si
GRB_UPP.exe+1A4F1C0B - 0FB7 D0 - movzx edx,ax

to:

GRB_UPP.exe+1A4F1C08 - BA E7030000 - mov edx,000003E7 { 999 }
GRB_UPP.exe+1A4F1C0D - 90 - nop

AOB
66 01 F0 0F B7 D0 E8


if I remember the call here:

GRB_UPP.exe+1A4F1BDC - E8 6FF99DE7 - call GRB_UPP.exe+1ED1550

returns EAX which is unencrypted value. You can follow the addresses there to see how things are unencrypted.

one of the calls later re-encrypts and writes, maybe this one..

GRB_UPP.exe+1A4F1C0E - E8 3DACA2E7 - call GRB_UPP.exe+1F1C850

or one of the ones after it (you'll just have to play with it and see):

GRB_UPP.exe+1A4F1B63 - E8 48A699E7 - call GRB_UPP.exe+1E8C1B0
GRB_UPP.exe+1A4F1B68 - 31 D2 - xor edx,edx
GRB_UPP.exe+1A4F1B6A - 48 8D 4C 24 50 - lea rcx,[rsp+50]
GRB_UPP.exe+1A4F1B6F - E8 3CA699E7 - call GRB_UPP.exe+1E8C1B0
GRB_UPP.exe+1A4F1B74 - 31 D2 - xor edx,edx
GRB_UPP.exe+1A4F1B76 - 89 6C 24 20 - mov [rsp+20],ebp
GRB_UPP.exe+1A4F1B7A - 48 8D 4C 24 28 - lea rcx,[rsp+28]
GRB_UPP.exe+1A4F1B7F - E8 CCACA2E7 - call GRB_UPP.exe+1F1C850
GRB_UPP.exe+1A4F1B84 - 31 D2 - xor edx,edx
GRB_UPP.exe+1A4F1B86 - 48 8D 4C 24 50 - lea rcx,[rsp+50]
GRB_UPP.exe+1A4F1B8B - E8 C0ACA2E7 - call GRB_UPP.exe+1F1C850
GRB_UPP.exe+1A4F1B90 - 48 8B 8B 00040000 - mov rcx,[rbx+00000400]
GRB_UPP.exe+1A4F1B97 - 45 89 F0 - mov r8d,r14d
GRB_UPP.exe+1A4F1B9A - 48 89 FA - mov rdx,rdi
GRB_UPP.exe+1A4F1B9D - 48 8B 01 - mov rax,[rcx]
GRB_UPP.exe+1A4F1BA0 - FF 50 30 - call qword ptr [rax+30]
GRB_UPP.exe+1A4F1BA3 - 48 89 C6 - mov rsi,rax
GRB_UPP.exe+1A4F1BA6 - 48 85 C0 - test rax,rax
GRB_UPP.exe+1A4F1BA9 - 74 7F - je GRB_UPP.exe+1A4F1C2A
GRB_UPP.exe+1A4F1BAB - 48 8D 48 08 - lea rcx,[rax+08]
GRB_UPP.exe+1A4F1BAF - E8 9CF99DE7 - call GRB_UPP.exe+1ED1550
GRB_UPP.exe+1A4F1BB4 - 0FB7 D0 - movzx edx,ax
GRB_UPP.exe+1A4F1BB7 - 48 8D 4C 24 28 - lea rcx,[rsp+28]
GRB_UPP.exe+1A4F1BBC - E8 8FACA2E7 - call GRB_UPP.exe+1F1C850
GRB_UPP.exe+1A4F1BC1 - 48 8D 4E 30 - lea rcx,[rsi+30]
GRB_UPP.exe+1A4F1BC5 - E8 86F99DE7 - call GRB_UPP.exe+1ED1550
GRB_UPP.exe+1A4F1BCA - 0FB7 D0 - movzx edx,ax
GRB_UPP.exe+1A4F1BCD - 48 8D 4C 24 50 - lea rcx,[rsp+50]
GRB_UPP.exe+1A4F1BD2 - E8 79ACA2E7 - call GRB_UPP.exe+1F1C850
GRB_UPP.exe+1A4F1BD7 - 48 8D 4C 24 28 - lea rcx,[rsp+28]
GRB_UPP.exe+1A4F1BDC - E8 6FF99DE7 - call GRB_UPP.exe+1ED1550
GRB_UPP.exe+1A4F1BE1 - 89 C6 - mov esi,eax
GRB_UPP.exe+1A4F1BE3 - 0FB7 EE - movzx ebp,si
GRB_UPP.exe+1A4F1BE6 - 66 45 85 FF - test r15w,r15w
GRB_UPP.exe+1A4F1BEA - 74 09 - je GRB_UPP.exe+1A4F1BF5
GRB_UPP.exe+1A4F1BEC - 66 41 39 F7 - cmp r15w,si
GRB_UPP.exe+1A4F1BF0 - 66 41 0F46 EF - cmovbe bp,r15w
GRB_UPP.exe+1A4F1BF5 - 0FB7 D5 - movzx edx,bp
GRB_UPP.exe+1A4F1BF8 - 48 89 F9 - mov rcx,rdi
GRB_UPP.exe+1A4F1BFB - E8 A0E1A1E7 - call GRB_UPP.exe+1F0FDA0
GRB_UPP.exe+1A4F1C00 - 66 29 EE - sub si,bp
GRB_UPP.exe+1A4F1C03 - 48 8D 4C 24 28 - lea rcx,[rsp+28]

orig:
GRB_UPP.exe+1A4F1C08 - 66 01 F0 - add ax,si
GRB_UPP.exe+1A4F1C0B - 0FB7 D0 - movzx edx,ax
new:
GRB_UPP.exe+1A4F1C08 - BA E7030000 - mov edx,000003E7 { 999 } <-------------------
GRB_UPP.exe+1A4F1C0D - 90 - nop

GRB_UPP.exe+1A4F1C0E - E8 3DACA2E7 - call GRB_UPP.exe+1F1C850
GRB_UPP.exe+1A4F1C13 - 4C 8D 4C 24 20 - lea r9,[rsp+20]
GRB_UPP.exe+1A4F1C18 - 45 89 F0 - mov r8d,r14d
GRB_UPP.exe+1A4F1C1B - 48 89 FA - mov rdx,rdi
GRB_UPP.exe+1A4F1C1E - 48 8D 8B F8030000 - lea rcx,[rbx+000003F8]
GRB_UPP.exe+1A4F1C25 - E8 66FFA3E7 - call GRB_UPP.exe+1F31B90
GRB_UPP.exe+1A4F1C2A - 48 8D 4C 24 50 - lea rcx,[rsp+50]
GRB_UPP.exe+1A4F1C2F - E8 DCBB99E7 - call GRB_UPP.exe+1E8D810
GRB_UPP.exe+1A4F1C34 - 48 8D 4C 24 28 - lea rcx,[rsp+28]
GRB_UPP.exe+1A4F1C39 - E8 D2BB99E7 - call GRB_UPP.exe+1E8D810
GRB_UPP.exe+1A4F1C3E - 45 31 C9 - xor r9d,r9d
GRB_UPP.exe+1A4F1C41 - 48 8D 4B 48 - lea rcx,[rbx+48]
GRB_UPP.exe+1A4F1C45 - 45 31 C0 - xor r8d,r8d
GRB_UPP.exe+1A4F1C48 - 41 8D 51 67 - lea edx,[r9+67]
GRB_UPP.exe+1A4F1C4C - E8 6F23CAE6 - call GRB_UPP.exe+1193FC0
GRB_UPP.exe+1A4F1C51 - 4C 8B B4 24 B0000000 - mov r14,[rsp+000000B0]
GRB_UPP.exe+1A4F1C59 - 4C 8B AC 24 A8000000 - mov r13,[rsp+000000A8]
GRB_UPP.exe+1A4F1C61 - 48 8B B4 24 A0000000 - mov rsi,[rsp+000000A0]
GRB_UPP.exe+1A4F1C69 - 48 8B 9C 24 B8000000 - mov rbx,[rsp+000000B8]
GRB_UPP.exe+1A4F1C71 - 48 81 C4 80000000 - add rsp,00000080 { 128 }
GRB_UPP.exe+1A4F1C78 - 41 5F - pop r15
GRB_UPP.exe+1A4F1C7A - 5F - pop rdi
GRB_UPP.exe+1A4F1C7B - 5D - pop rbp
GRB_UPP.exe+1A4F1C7C - C3 - ret


Here's one of the encryption functions for you to evaluate:

ENCRYPTION INTEGER
=====================

GRB_UPP.exe+1A4FA6BC - 31 D0 - xor eax,edx

GRB_UPP.exe+1A4FA640 - 48 89 5C 24 08 - mov [rsp+08],rbx
GRB_UPP.exe+1A4FA645 - 48 8B 01 - mov rax,[rcx]
GRB_UPP.exe+1A4FA648 - 31 D2 - xor edx,edx
GRB_UPP.exe+1A4FA64A - 49 89 C8 - mov r8,rcx
GRB_UPP.exe+1A4FA64D - 44 0FB6 08 - movzx r9d,byte ptr [rax]
GRB_UPP.exe+1A4FA651 - 48 8B 41 08 - mov rax,[rcx+08]
GRB_UPP.exe+1A4FA655 - 44 0FB6 10 - movzx r10d,byte ptr [rax]
GRB_UPP.exe+1A4FA659 - 48 8B 41 10 - mov rax,[rcx+10]
GRB_UPP.exe+1A4FA65D - 44 0FB6 18 - movzx r11d,byte ptr [rax]
GRB_UPP.exe+1A4FA661 - 48 8B 41 18 - mov rax,[rcx+18]
GRB_UPP.exe+1A4FA665 - 89 D1 - mov ecx,edx
GRB_UPP.exe+1A4FA667 - 0FB6 18 - movzx ebx,byte ptr [rax]
GRB_UPP.exe+1A4FA66A - 66 0F1F 44 00 00 - nop [rax+rax+00]
GRB_UPP.exe+1A4FA670 - 41 0FB6 C1 - movzx eax,r9l
GRB_UPP.exe+1A4FA674 - 83 E0 01 - and eax,01 { 1 }
GRB_UPP.exe+1A4FA677 - 41 D0 E9 - shr r9l,1
GRB_UPP.exe+1A4FA67A - D3 E0 - shl eax,cl
GRB_UPP.exe+1A4FA67C - FF C1 - inc ecx
GRB_UPP.exe+1A4FA67E - 09 C2 - or edx,eax
GRB_UPP.exe+1A4FA680 - 41 0FB6 C2 - movzx eax,r10l
GRB_UPP.exe+1A4FA684 - 83 E0 01 - and eax,01 { 1 }
GRB_UPP.exe+1A4FA687 - 41 D0 EA - shr r10l,1
GRB_UPP.exe+1A4FA68A - D3 E0 - shl eax,cl
GRB_UPP.exe+1A4FA68C - FF C1 - inc ecx
GRB_UPP.exe+1A4FA68E - 09 C2 - or edx,eax
GRB_UPP.exe+1A4FA690 - 41 0FB6 C3 - movzx eax,r11l
GRB_UPP.exe+1A4FA694 - 83 E0 01 - and eax,01 { 1 }
GRB_UPP.exe+1A4FA697 - 41 D0 EB - shr r11l,1
GRB_UPP.exe+1A4FA69A - D3 E0 - shl eax,cl
GRB_UPP.exe+1A4FA69C - FF C1 - inc ecx
GRB_UPP.exe+1A4FA69E - 09 C2 - or edx,eax
GRB_UPP.exe+1A4FA6A0 - 0FB6 C3 - movzx eax,bl
GRB_UPP.exe+1A4FA6A3 - 83 E0 01 - and eax,01 { 1 }
GRB_UPP.exe+1A4FA6A6 - D0 EB - shr bl,1
GRB_UPP.exe+1A4FA6A8 - D3 E0 - shl eax,cl
GRB_UPP.exe+1A4FA6AA - FF C1 - inc ecx
GRB_UPP.exe+1A4FA6AC - 09 C2 - or edx,eax
GRB_UPP.exe+1A4FA6AE - 83 F9 20 - cmp ecx,20 { 32 }
GRB_UPP.exe+1A4FA6B1 - 7C BD - jl GRB_UPP.exe+1A4FA670
GRB_UPP.exe+1A4FA6B3 - 41 8B 40 20 - mov eax,[r8+20] <----------- area you can read after function, as r8 does not get set at end of this function.
GRB_UPP.exe+1A4FA6B7 - 48 8B 5C 24 08 - mov rbx,[rsp+08]
GRB_UPP.exe+1A4FA6BC - 31 D0 - xor eax,edx
GRB_UPP.exe+1A4FA6BE - C3 - ret


Sunbeam is correct that deciphering this and making an option for it to directly 'edit' the ammo or what not isn't so easy. Same for XP, Credits, and most other things in the game.

This method simply modifies the value once it's already decrypted in the 'ReduceAmmo' function, and instead of reducing, just sets it to 500 before it's encrypted again.

Hope this helps.

I don't have time to go into a bunch of breakdown of how to address the encryption totally. Maybe me posting this here helps. I mean, here is an example of my code collecting the info:

codecave:

cmp r8, 0x10000
jle code
mov rbx, CreditsVisualAddress
cmp rbx, 0x10000
jle code

mov [CreditsAddress], r8
mov [CreditsXOR], edx
push rbx
push rcx
mov ebx, [r8+20]
xor ebx, edx
mov [CreditsVisual], ebx
mov rbx, CreditsVisualAddress
mov rcx, CreditsVisual
mov [rbx], rcx
pop rcx
pop rbx


code:

mov ecx,[rsp+28]
shr ecx,0F



and the code writing it LUA:

{$lua}
local hpAddi = getAddress("[CreditsAddress]+0x20")
writeInteger(hpAddi, readInteger("CreditsXOR")~readInteger("CreditsValue"))
{$asm}

So, there's a lot to address..

best,
Cal

[Poyzion]

...

Hey thank you very much for your answer and the explanation Will definitely go deeper into that whole topic and see what i can build

[Waldo2211]

In the next Table update you should added unlimited Equipment(grenades, C4 etc...)