Ori and the Will of the Wisps [Steam]

Ayting · Post by **Ayting** » Thu Mar 26, 2020 1:49 am

Hello first of all thanks for your sharing

I'm wondering how to do that :

As you can see, he bypass the game by having ability in trial, the game won't allow you this without a cheat

Also at put 0.25 speed, you will se that he dash two times in the air, even with unlimited jump you can't do that the limit reset only when you touch the ground

Do you know how to do that ?

Thanks in advance

How to use this cheat table?

Install Cheat Engine
Double-click the .CT file in order to open it.
Click the PC icon in Cheat Engine in order to select the game process.
Keep the list.
Activate the trainer options by checking boxes or setting values from 0 to 1

Post by **Cielos** » Thu Mar 26, 2020 2:25 am

here's the scripts I made so far. some of them have similar options as cfemen's, so I haven't posted them here, but as I'm gonna play other games for a while before getting back and finishing this game, I'll post them as is if any of you are interested.

scripts includes:

undead
- health still drop but you won't die.

ignore energy
- you can use skills regardless of your remaining energy.
- energy still decrease when you use skills.

inf. double jump.
- as title says.
- you need to obtain double jump first.

inf. air dash
- as title says.

inf. enemy air grapple
- as title says.
- works WITHOUT the need to equip the Grapple shard first.

movement mod keys
- includes walk key, jog key, sprint key, and fly key.
- lazy to type more, the scripts descriptions can be found from my previous posts on this thread, look them up if you need.

copy and paste the following codes ONto the table you're using.
have fun~

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>104022</ID>
      <Description>"undead"</Description>
      <LastState Activated="1"/>
      <Color>FF0000</Color>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscanmodule(playerHealthCReadAOB,GameAssembly.dll,C6 ** ** 00 F3 0F ** ** 2C 48 ** ** ** ** C3)
registersymbol(playerHealthCReadAOB)

label(pPlayerHealth)
registersymbol(pPlayerHealth)

alloc(newmem,2048,playerHealthCReadAOB+4) //"GameAssembly.dll"+122FC7F)
label(returnhere)
label(originalcode_playerHealthCReadAOB)
registersymbol(originalcode_playerHealthCReadAOB)
label(exit)

newmem: //this is allocated memory, you have read,write,execute access
//place your code here
push rcx
mov rcx,pPlayerHealth
mov [rcx],rbx
pop rcx

originalcode_playerHealthCReadAOB:
readmem(playerHealthCReadAOB+4,5)
//movss xmm0,[rbx+2C]

exit:
jmp returnhere

///
pPlayerHealth:
///

playerHealthCReadAOB+4: //"GameAssembly.dll"+122FC7F:
jmp newmem
returnhere:

///****************************************///
aobscanmodule(playerHealthCalOnDamageAOB,GameAssembly.dll,33 ** E8 ** ** ** ** F3 0F ** ** 89 ** ** ** 00 00 F3)
registersymbol(playerHealthCalOnDamageAOB)

label(dMinHealth)
registersymbol(dMinHealth)

alloc(newmem2,2048,playerHealthCalOnDamageAOB+7) //"GameAssembly.dll"+62D202)
label(returnhere2)
label(originalcode2_playerHealthCalOnDamageAOB)
registersymbol(originalcode2_playerHealthCalOnDamageAOB)
label(exit2)

newmem2: //this is allocated memory, you have read,write,execute access
//place your code here
movss xmm9,xmm0
readmem(playerHealthCalOnDamageAOB+11,3)
db 5C
readmem(playerHealthCalOnDamageAOB+15,2)
//subss xmm9,[rdi+20]
readmem(playerHealthCalOnDamageAOB+17,3)
db 5C
readmem(playerHealthCalOnDamageAOB+1b,2)
//subss xmm9,[rdi+1C]
mov rax,dMinHealth
comiss xmm9,[rax]
jae @f
movss xmm0,[rax]
readmem(playerHealthCalOnDamageAOB+17,1)
readmem(playerHealthCalOnDamageAOB+19,2)
db 47
readmem(playerHealthCalOnDamageAOB+16,1)
//addss xmm0,[rdi+20]
readmem(playerHealthCalOnDamageAOB+17,1)
readmem(playerHealthCalOnDamageAOB+19,2)
db 47
readmem(playerHealthCalOnDamageAOB+1c,1)
//addss xmm0,[rdi+1C]
mov rax,pPlayerHealth
mov rax,[rax]
movss [rax+2c],xmm0

originalcode2_playerHealthCalOnDamageAOB:
readmem(playerHealthCalOnDamageAOB+7,10)
//cvttss2si eax,xmm0
//mov [rsi+00000088],eax

exit2:
jmp returnhere2

///
dMinHealth:
dd (float)1
///

playerHealthCalOnDamageAOB+7: //"GameAssembly.dll"+62D202:
jmp newmem2
nop 5
returnhere2:

///****************************************///




[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
playerHealthCReadAOB+4: //"GameAssembly.dll"+122FC7F:
readmem(originalcode_playerHealthCReadAOB,5)
//db F3 0F 10 43 2C
//Alt: movss xmm0,[rbx+2C]
unregistersymbol(originalcode_playerHealthCReadAOB)

unregistersymbol(pPlayerHealth)

///****************************************///
dealloc(newmem2)
playerHealthCalOnDamageAOB+7: //"GameAssembly.dll"+62D202:
readmem(originalcode2_playerHealthCalOnDamageAOB,10)
//db F3 0F 2C C0 89 86 88 00 00 00
//Alt: cvttss2si eax,xmm0
//Alt: mov [rsi+00000088],eax
unregistersymbol(originalcode2_playerHealthCalOnDamageAOB)

unregistersymbol(dMinHealth)

///****************************************///
</AssemblerScript>
    </CheatEntry>
    <CheatEntry>
      <ID>104032</ID>
      <Description>"ignore energy"</Description>
      <LastState Activated="1"/>
      <Color>FF0000</Color>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscanmodule(setCanUseSkillOnSkillUseAOB,GameAssembly.dll,33 ** 48 ** ** E8 ** ** ** ** 0F ** ** 0F 93 C0 EB)
registersymbol(setCanUseSkillOnSkillUseAOB)

setCanUseSkillOnSkillUseAOB+d: //"GameAssembly.dll"+DEB2E2:
db 90 B0 01

///***************************************///
aobscanmodule(cJmpIfNotEnoughEnergyOnChargeSkillUseAOB,GameAssembly.dll,EB 05 F3 0F ** ** ** F3 0F ** ** 0F ** ** 77)
registersymbol(cJmpIfNotEnoughEnergyOnChargeSkillUseAOB)

alloc(originalcode2_cJmpIfNotEnoughEnergyOnChargeSkillUseAOB,16,cJmpIfNotEnoughEnergyOnChargeSkillUseAOB+e)
registersymbol(originalcode2_cJmpIfNotEnoughEnergyOnChargeSkillUseAOB)

originalcode2_cJmpIfNotEnoughEnergyOnChargeSkillUseAOB:
readmem(cJmpIfNotEnoughEnergyOnChargeSkillUseAOB+e,2)

///

cJmpIfNotEnoughEnergyOnChargeSkillUseAOB+e: //"GameAssembly.dll"+5C5A91:
db 90 90

///***************************************///
aobscanmodule(cJmpIfNotEnoughEnergyOnChargeSkillChargeAOB,GameAssembly.dll,F3 0F ** ** F3 ** 0F ** ** 0F ** ** 0F 87)
registersymbol(cJmpIfNotEnoughEnergyOnChargeSkillChargeAOB)

alloc(originalcode3_cJmpIfNotEnoughEnergyOnChargeSkillChargeAOB,16,cJmpIfNotEnoughEnergyOnChargeSkillChargeAOB+c)
registersymbol(originalcode3_cJmpIfNotEnoughEnergyOnChargeSkillChargeAOB)

originalcode3_cJmpIfNotEnoughEnergyOnChargeSkillChargeAOB:
readmem(cJmpIfNotEnoughEnergyOnChargeSkillChargeAOB+c,6)

///

cJmpIfNotEnoughEnergyOnChargeSkillChargeAOB+c: //"GameAssembly.dll"+5C627A:
db 90 90 90 90 90 90

///***************************************///




[DISABLE]
//code from here till the end of the code will be used to disable the cheat
setCanUseSkillOnSkillUseAOB+d: //"GameAssembly.dll"+DEB2E2:
db 0F 93 C0
//Alt: setae al

///***************************************///
cJmpIfNotEnoughEnergyOnChargeSkillUseAOB+e: //"GameAssembly.dll"+5C5A91:
readmem(originalcode2_cJmpIfNotEnoughEnergyOnChargeSkillUseAOB,2)
//db 77 46
//Alt: ja GameAssembly.dll+5C5AD9
dealloc(originalcode2_cJmpIfNotEnoughEnergyOnChargeSkillUseAOB)
unregistersymbol(originalcode2_cJmpIfNotEnoughEnergyOnChargeSkillUseAOB)

///***************************************///
cJmpIfNotEnoughEnergyOnChargeSkillChargeAOB+c: //"GameAssembly.dll"+5C627A:
readmem(originalcode3_cJmpIfNotEnoughEnergyOnChargeSkillChargeAOB,6)
//db 0F 87 29 05 00 00
//Alt: ja GameAssembly.dll+5C67A9
dealloc(originalcode3_cJmpIfNotEnoughEnergyOnChargeSkillChargeAOB)
unregistersymbol(originalcode3_cJmpIfNotEnoughEnergyOnChargeSkillChargeAOB)

///***************************************///
</AssemblerScript>
    </CheatEntry>
    <CheatEntry>
      <ID>205</ID>
      <Description>"inf. double jump"</Description>
      <LastState Activated="1"/>
      <Color>FF0000</Color>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
//skip the conditional jmp if no remaining ait jump left
aobscanmodule(remainingAirJumpChkZeroOnAirJumpAOB,GameAssembly.dll,83 ** ** ** 00 00 00 74 12 0F ** ** 0F)
registersymbol(remainingAirJumpChkZeroOnAirJumpAOB)

remainingAirJumpChkZeroOnAirJumpAOB+7: //"GameAssembly.dll"+DE47EF:
db 90 90

///***************************///
//prevent to value from going negative, just in case
aobscanmodule(remainingAirJumpDecOnAirJumpSuccessAOB,GameAssembly.dll,F3 0F ** ** ** ** 00 00 E8 ** ** ** ** FF ** ** ** 00 00 48)
registersymbol(remainingAirJumpDecOnAirJumpSuccessAOB)

alloc(newmem2,2048,remainingAirJumpDecOnAirJumpSuccessAOB+13) //"GameAssembly.dll"+DE4F47)
label(returnhere2)
label(originalcode2_remainingAirJumpDecOnAirJumpSuccessAOB)
registersymbol(originalcode2_remainingAirJumpDecOnAirJumpSuccessAOB)
label(exit2)

newmem2: //this is allocated memory, you have read,write,execute access
//place your code here
jns @f
xor eax,eax
db 89 83
readmem(remainingAirJumpDecOnAirJumpSuccessAOB+f,4)
//mov [rbx+94],eax

originalcode2_remainingAirJumpDecOnAirJumpSuccessAOB:
readmem(remainingAirJumpDecOnAirJumpSuccessAOB+13,7)
//mov rax,[rbx+58]
//test rax,rax

exit2:
jmp returnhere2

///

remainingAirJumpDecOnAirJumpSuccessAOB+13: //"GameAssembly.dll"+DE4F47:
jmp newmem2
nop 2
returnhere2:

///***************************///
aobscanmodule(remainingKuAirJumpChkZeroOnKuAirJumpAOB,GameAssembly.dll,83 ** ** 00 0F 84 ** ** ** ** 0F ** ** ** 0F 82)
registersymbol(remainingKuAirJumpChkZeroOnKuAirJumpAOB)

alloc(newmem3,2048,remainingKuAirJumpChkZeroOnKuAirJumpAOB) //"GameAssembly.dll"+9065CF)
label(returnhere3)
label(originalcode3_remainingKuAirJumpChkZeroOnKuAirJumpAOB)
registersymbol(originalcode3_remainingKuAirJumpChkZeroOnKuAirJumpAOB)
label(exit3)

newmem3: //this is allocated memory, you have read,write,execute access
//place your code here
cmp dword ptr [rbx+64],1
jge @f
mov dword ptr [rbx+64],1

@@:
readmem(remainingKuAirJumpChkZeroOnKuAirJumpAOB,4)
reassemble(remainingKuAirJumpChkZeroOnKuAirJumpAOB+4)
jmp exit3

originalcode3_remainingKuAirJumpChkZeroOnKuAirJumpAOB:
readmem(remainingKuAirJumpChkZeroOnKuAirJumpAOB,10)
//cmp dword ptr [rbx+64],00
//je GameAssembly.dll+9063EF

exit3:
jmp returnhere3

///

remainingKuAirJumpChkZeroOnKuAirJumpAOB: //"GameAssembly.dll"+9065CF:
jmp newmem3
nop 5
returnhere3:

///***************************///




[DISABLE]
//code from here till the end of the code will be used to disable the cheat
remainingAirJumpChkZeroOnAirJumpAOB+7: //"GameAssembly.dll"+DE47EF:
db 74 12
//Alt: je GameAssembly.dll+DE4803

///***************************///
dealloc(newmem2)
remainingAirJumpDecOnAirJumpSuccessAOB+13: //"GameAssembly.dll"+DE4F47:
readmem(originalcode2_remainingAirJumpDecOnAirJumpSuccessAOB,7)
//db 48 8B 43 58 48 85 C0
//Alt: mov rax,[rbx+58]
//Alt: test rax,rax
unregistersymbol(originalcode2_remainingAirJumpDecOnAirJumpSuccessAOB)

///***************************///
dealloc(newmem3)
remainingKuAirJumpChkZeroOnKuAirJumpAOB: //"GameAssembly.dll"+9065CF:
readmem(originalcode3_remainingKuAirJumpChkZeroOnKuAirJumpAOB,10)
//db 83 7B 64 00 0F 84 16 FE FF FF
//Alt: cmp dword ptr [rbx+64],00
//Alt: je GameAssembly.dll+9063EF
unregistersymbol(originalcode3_remainingKuAirJumpChkZeroOnKuAirJumpAOB)

///***************************///
</AssemblerScript>
    </CheatEntry>
    <CheatEntry>
      <ID>104036</ID>
      <Description>"inf. air dash"</Description>
      <LastState Activated="1"/>
      <Color>FF0000</Color>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscanmodule(airDashCountChkOnAirDashAOB,GameAssembly.dll,80 ** ** ** 00 00 00 0F 84 ** ** ** ** 80 ** ** ** 00 00 00 0F 85 ** ** ** ** 48)
registersymbol(airDashCountChkOnAirDashAOB)

alloc(originalcode_airDashCountChkOnAirDashAOB,16,airDashCountChkOnAirDashAOB+7)
registersymbol(originalcode_airDashCountChkOnAirDashAOB)

originalcode_airDashCountChkOnAirDashAOB:
readmem(airDashCountChkOnAirDashAOB+7,6)

///

airDashCountChkOnAirDashAOB+7: //"GameAssembly.dll"+63AA37:
db 90 90 90 90 90 90


 
 
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
airDashCountChkOnAirDashAOB+7: //"GameAssembly.dll"+63AA37:
readmem(originalcode_airDashCountChkOnAirDashAOB,6)
//db 0F 84 C4 00 00 00
//Alt: je GameAssembly.dll+63AB01
dealloc(originalcode_airDashCountChkOnAirDashAOB)
unregistersymbol(originalcode_airDashCountChkOnAirDashAOB)
</AssemblerScript>
    </CheatEntry>
    <CheatEntry>
      <ID>104041</ID>
      <Description>"inf. enemy air grapple"</Description>
      <LastState Activated="1"/>
      <Color>FF0000</Color>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscanmodule(grappleShardEquippedChkOnEnemiesInRangeAOB,GameAssembly.dll,E8 ** ** ** ** 84 C0 75 06 48 ** ** ** ** C3 45 ** ** 41)
registersymbol(grappleShardEquippedChkOnEnemiesInRangeAOB)

grappleShardEquippedChkOnEnemiesInRangeAOB+7: //"GameAssembly.dll"+793BDD:
db EB

///****************************************///
aobscanmodule(enemyGrappledCountInAirChkAOB,GameAssembly.dll,39 ** ** ** 00 00 0F 9C C0 48)
registersymbol(enemyGrappledCountInAirChkAOB)

enemyGrappledCountInAirChkAOB+6: //"GameAssembly.dll"+793BFD:
db 90 B0 01


 
 
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
grappleShardEquippedChkOnEnemiesInRangeAOB+7: //"GameAssembly.dll"+793BDD:
db 75
//Alt: jne

///****************************************///
enemyGrappledCountInAirChkAOB+6: //"GameAssembly.dll"+793BFD:
db 0F 9C C0
//Alt: setl al
</AssemblerScript>
    </CheatEntry>
    <CheatEntry>
      <ID>60</ID>
      <Description>"movement mod keys"</Description>
      <Options moHideChildren="1" moDeactivateChildrenAsWell="1"/>
      <LastState Activated="1"/>
      <Color>FF0000</Color>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscanmodule(movementSpeedCRead3AOB,GameAssembly.dll,0F ** ** EB 08 F3 0F ** ** ** ** 00 00 80 ** ** ** 00 00 00 0F 84)
registersymbol(movementSpeedCRead3AOB)

label(fWalkSpeed)
registersymbol(fWalkSpeed)
label(fJogSpeed)
registersymbol(fJogSpeed)
label(fSprintSpeed)
registersymbol(fSprintSpeed)
label(fCustomSpeed)
label(fCustomSpeedCal)
registersymbol(fCustomSpeedCal)
label(fCustomSpeedInterval)
label(bWalkKeyID)
registersymbol(bWalkKeyID)
label(bWalkKeyPressed)
registersymbol(bWalkKeyPressed)
label(bJogKeyID)
registersymbol(bJogKeyID)
label(bJogKeyPressed)
registersymbol(bJogKeyPressed)
label(bSprintKeyID)
registersymbol(bSprintKeyID)
label(bSprintKeyPressed)
registersymbol(bSprintKeyPressed)
label(dFaceRightKeyID)
registersymbol(dFaceRightKeyID)
label(bFaceRightKeyPressed)
registersymbol(bFaceRightKeyPressed)
label(dFaceLeftKeyID)
registersymbol(dFaceLeftKeyID)
label(bFaceLeftKeyPressed)
registersymbol(bFaceLeftKeyPressed)

alloc(newmem,2048,movementSpeedCRead3AOB+5) //"GameAssembly.dll"+BA5EBB)
label(returnhere)
label(originalcode_movementSpeedCRead3AOB)
registersymbol(originalcode_movementSpeedCRead3AOB)
label(exit)

newmem: //this is allocated memory, you have read,write,execute access
//place your code here
push rax
sub rsp,10
movdqu dqword [rsp],xmm0

chkwalkkey:
mov rax,fWalkSpeed
movss xmm6,[rax]
cmp byte ptr [bWalkKeyPressed],1
je docustomspeedcal

chkjogkey:
mov rax,fJogSpeed
movss xmm6,[rax]
cmp byte ptr [bJogKeyPressed],1
je docustomspeedcal

chksprintkey:
mov rax,fSprintSpeed
movss xmm6,[rax]
cmp byte ptr [bSprintKeyPressed],1
je docustomspeedcal

nomodkeypressed:
mov eax,(float)1
movd xmm6,eax

docustomspeedcal:
mov rax,fCustomSpeedCal
movss xmm0,[rax]
comiss xmm6,xmm0
ja inccustspeedcal
jb deccustspeedcal
je custspeedcalend

inccustspeedcal:
addss xmm0,[rax+4]
minss xmm0,xmm6
movss [rax],xmm0
jmp custspeedcalend

deccustspeedcal:
subss xmm0,[rax+4]
maxss xmm0,xmm6
movss [rax],xmm0

custspeedcalend:
readmem(movementSpeedCRead3AOB+5,8)
//movss xmm6,[rbx+a8]
mov rax,fCustomSpeedCal
mulss xmm6,xmm0
xorps xmm0,xmm0
comiss xmm6,xmm0
jne @f
//movss [rax],xmm0
//mov dword ptr [rax],(float)1

@@:
movdqu xmm0,dqword [rsp]
add rsp,10
mov rax,bFaceRightKeyPressed
cmp byte ptr [rax],1
jne @f
mov eax,(float)1
movd xmm6,eax
movss [rbx+000000A8],xmm6
jmp end

@@:
mov rax,bFaceLeftKeyPressed
cmp byte ptr [rax],1
jne @f
mov eax,(float)-1
movd xmm6,eax
movss [rbx+000000A8],xmm6

end:
pop rax
jmp exit

originalcode_movementSpeedCRead3AOB:
readmem(movementSpeedCRead3AOB+5,8)
//movss xmm6,[rbx+000000A8]

exit:
jmp returnhere

///
fWalkSpeed:
dd (float)0.25
fJogSpeed:
dd (float)0.5
fSprintSpeed:
dd (float)2.5
fCustomSpeed:
dd 0
fCustomSpeedCal:
dd 0
fCustomSpeedInterval:
dd (float)0.05
bWalkKeyID:
dd 12
bWalkKeyPressed:
db 0
bJogKeyID:
dd 05
bJogKeyPressed:
db 0
bSprintKeyID:
dd 06
bSprintKeyPressed:
db 0
dFaceRightKeyID:
dd 06
bFaceRightKeyPressed:
dd 0
dFaceLeftKeyID:
dd 05
bFaceLeftKeyPressed:
dd 0
///

movementSpeedCRead3AOB+5: //"GameAssembly.dll"+BA5EBB:
jmp newmem
nop 3
returnhere:




[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
movementSpeedCRead3AOB+5: //"GameAssembly.dll"+BA5EBB:
readmem(originalcode_movementSpeedCRead3AOB,8)
//db F3 0F 10 B3 A8 00 00 00
//Alt: movss xmm6,[rbx+000000A8]
unregistersymbol(originalcode_movementSpeedCRead3AOB)

unregistersymbol(fWalkSpeed)
unregistersymbol(fJogSpeed)
unregistersymbol(fSprintSpeed)
unregistersymbol(fCustomSpeedCal)
unregistersymbol(bWalkKeyPressed)
unregistersymbol(bWalkKeyID)
unregistersymbol(bJogKeyPressed)
unregistersymbol(bJogKeyID)
unregistersymbol(bSprintKeyPressed)
unregistersymbol(bSprintKeyID)

unregistersymbol(dFaceRightKeyID)
unregistersymbol(bFaceRightKeyPressed)
unregistersymbol(dFaceLeftKeyID)
unregistersymbol(bFaceLeftKeyPressed)
</AssemblerScript>
      <CheatEntries>
        <CheatEntry>
          <ID>61</ID>
          <Description>"walk key"</Description>
          <Options moHideChildren="1"/>
          <LastState/>
          <Color>FF0000</Color>
          <VariableType>Auto Assembler Script</VariableType>
          <AssemblerScript>[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
bWalkKeyID:
dd 11
fWalkSpeed:
dd (float)0.25

//modified from ShyTwig16's lua keylistener script
//http://fearlessrevolution.com/viewtopic.php?f=4&amp;t=6041&amp;start=60#p62657
{$lua}
local function walkKeyLuaThread(thread2)
	local addr1 = getAddressSafe('bWalkKeyPressed')
	while WalkkeyLuaThreadLoop do
        sleep(100)
		if addr1 then
            if ( isKeyPressed( readInteger('bWalkKeyID') ) ) then
			    writeBytes(addr1, 1)
            else
                writeBytes(addr1, 0)
            end
		else
			addr1 = getAddressSafe('bWalkKeyPressed')
		end
	end
	thread2.terminate()
--    while WalkkeyLuaThreadLoop do
--          if ( isKeyPressed(VK_CAPITAL) ) then
--              writeBytes("bWalkKeyPressed" ,1)
--          else
--              writeBytes("bWalkKeyPressed" ,0)
--          end
--    end
--    thread2.terminate()
end
----------------------------------
if syntaxcheck then return end
WalkkeyLuaThreadLoop = true
createThread(walkKeyLuaThread)
{$asm}




[DISABLE]
//code from here till the end of the code will be used to disable the cheat
{$lua}
if syntaxcheck then return end
WalkkeyLuaThreadLoop = false
{$asm}

</AssemblerScript>
          <CheatEntries>
            <CheatEntry>
              <ID>167</ID>
              <Description>"key"</Description>
              <DropDownList ReadOnly="1" DescriptionOnly="1" DisplayValueAsItem="1">05:X1 mouse button
06:X2 mouse button
10:SHIFT key
11:CTRL key
12:ALT key
14:CAPS LOCK key
</DropDownList>
              <LastState Value="12" RealAddress="7FEB8960149"/>
              <ShowAsHex>1</ShowAsHex>
              <Color>008000</Color>
              <VariableType>Byte</VariableType>
              <Address>bWalkKeyID</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>163</ID>
              <Description>"walk speed"</Description>
              <LastState Value="0.25" RealAddress="7FEB8960131"/>
              <Color>008000</Color>
              <VariableType>Float</VariableType>
              <Address>fWalkSpeed</Address>
            </CheatEntry>
          </CheatEntries>
        </CheatEntry>
        <CheatEntry>
          <ID>63</ID>
          <Description>"jog key"</Description>
          <Options moHideChildren="1"/>
          <LastState/>
          <Color>FF0000</Color>
          <VariableType>Auto Assembler Script</VariableType>
          <AssemblerScript>[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
bJogKeyID:
dd 12
fJogSpeed:
dd (float)0.5

//modified from ShyTwig16's lua keylistener script
//http://fearlessrevolution.com/viewtopic.php?f=4&amp;t=6041&amp;start=60#p62657
{$lua}
local function jogKeyLuaThread(thread2)
	local addr3 = getAddressSafe('bJogKeyPressed')
	while JogKeyLuaThreadLoop do
        sleep(100)
		if addr3 then
            if ( isKeyPressed( readInteger('bJogKeyID') ) ) then
			    writeBytes(addr3, 1)
            else
                writeBytes(addr3, 0)
            end
		else
			addr3 = getAddressSafe('bJogKeyPressed')
		end
	end
	thread2.terminate()
--    while JogKeyLuaThreadLoop do
--          if ( isKeyPressed(VK_CAPITAL) ) then
--              writeBytes("bJogKeyPressed" ,1)
--          else
--              writeBytes("bJogKeyPressed" ,0)
--          end
--    end
--    thread2.terminate()
end
----------------------------------
if syntaxcheck then return end
JogKeyLuaThreadLoop = true
createThread(jogKeyLuaThread)
{$asm}

///*****************************************///




[DISABLE]
//code from here till the end of the code will be used to disable the cheat
{$lua}
if syntaxcheck then return end
JogKeyLuaThreadLoop = false
{$asm}

</AssemblerScript>
          <CheatEntries>
            <CheatEntry>
              <ID>168</ID>
              <Description>"key"</Description>
              <DropDownList ReadOnly="1" DescriptionOnly="1" DisplayValueAsItem="1">05:X1 mouse button
06:X2 mouse button
10:SHIFT key
11:CTRL key
12:ALT key
14:CAPS LOCK key
</DropDownList>
              <LastState Value="05" RealAddress="7FEB896014E"/>
              <ShowAsHex>1</ShowAsHex>
              <Color>008000</Color>
              <VariableType>Byte</VariableType>
              <Address>bJogKeyID</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>169</ID>
              <Description>"jog speed"</Description>
              <LastState Value="0.5" RealAddress="7FEB8960135"/>
              <Color>008000</Color>
              <VariableType>Float</VariableType>
              <Address>fJogSpeed</Address>
            </CheatEntry>
          </CheatEntries>
        </CheatEntry>
        <CheatEntry>
          <ID>62</ID>
          <Description>"sprint key"</Description>
          <Options moHideChildren="1"/>
          <LastState/>
          <Color>FF0000</Color>
          <VariableType>Auto Assembler Script</VariableType>
          <AssemblerScript>[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
bSprintKeyID:
db 14
fSprintSpeed:
dd (float)2.5

//modified from ShyTwig16's lua keylistener script
//http://fearlessrevolution.com/viewtopic.php?f=4&amp;t=6041&amp;start=60#p62657
{$lua}
local function sprintKeyLuaThread(thread2)
	local addr2 = getAddressSafe('bSprintKeyPressed')
	while SprintKeyLuaThreadLoop do
        sleep(100)
		if addr2 then
            if ( isKeyPressed( readInteger('bSprintKeyID') ) ) then
			    writeBytes(addr2, 1)
            else
                writeBytes(addr2, 0)
            end
		else
			addr2 = getAddressSafe('bSprintKeyPressed')
		end
	end
	thread2.terminate()
--    while SprintKeyLuaThreadLoop do
--          if ( isKeyPressed(VK_CAPITAL) ) then
--              writeBytes("bSprintKeyPressed" ,1)
--          else
--              writeBytes("bSprintKeyPressed" ,0)
--          end
--    end
--    thread2.terminate()
end
----------------------------------
if syntaxcheck then return end
SprintKeyLuaThreadLoop = true
createThread(sprintKeyLuaThread)
{$asm}

///*****************************************///




[DISABLE]
//code from here till the end of the code will be used to disable the cheat
{$lua}
if syntaxcheck then return end
SprintKeyLuaThreadLoop = false
{$asm}

</AssemblerScript>
          <CheatEntries>
            <CheatEntry>
              <ID>170</ID>
              <Description>"key"</Description>
              <DropDownList ReadOnly="1" DescriptionOnly="1" DisplayValueAsItem="1">05:X1 mouse button
06:X2 mouse button
10:SHIFT key
11:CTRL key
12:ALT key
14:CAPS LOCK key
</DropDownList>
              <LastState Value="06" RealAddress="7FEB8960153"/>
              <ShowAsHex>1</ShowAsHex>
              <Color>008000</Color>
              <VariableType>Byte</VariableType>
              <Address>bSprintKeyID</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>171</ID>
              <Description>"sprint speed"</Description>
              <LastState Value="2.5" RealAddress="7FEB8960139"/>
              <Color>008000</Color>
              <VariableType>Float</VariableType>
              <Address>fSprintSpeed</Address>
            </CheatEntry>
          </CheatEntries>
        </CheatEntry>
        <CheatEntry>
          <ID>104013</ID>
          <Description>"fly key"</Description>
          <Options moHideChildren="1"/>
          <LastState/>
          <Color>FF0000</Color>
          <VariableType>Auto Assembler Script</VariableType>
          <AssemblerScript>[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscanmodule(someDeltaWriteAOB,GameAssembly.dll,48 ** ** E8 ** ** ** ** 48 ** ** ** ** ** ** F6 ** ** ** 00 00 02 74 ** 83 ** ** ** 00 00 00 75 05 E8 ** ** ** ** F3 0F ** ** ** ** 0F ** ** F3 0F ** ** ** ** F3 0F ** ** ** ** 0F ** ** F2 0F)
registersymbol(someDeltaWriteAOB)
///
aobscanmodule(playerDeltaWriteCallerAOB,GameAssembly.dll,48 ** ** ** ** ** ** ** E8 ** ** ** ** 48 ** ** ** ** ** ** ** 0F ** ** ** ** 0F ** ** ** ** 44)
registersymbol(playerDeltaWriteCallerAOB)
///

label(pPlayerInfo1)
registersymbol(pPlayerInfo1)
label(bHoverKeyID)
registersymbol(bHoverKeyID)
label(bHoverKeyPressed)
registersymbol(bHoverKeyPressed)
label(bUpKeyPressed)
registersymbol(bUpKeyPressed)
label(dUpSpeed)
registersymbol(dUpSpeed)
label(bDownKeyPressed)
registersymbol(bDownKeyPressed)
label(dDownSpeed)
registersymbol(dDownSpeed)
label(dVerticalSpeedCal)
registersymbol(dVerticalSpeedCal)
label(dVerticalSpeedInterval)
registersymbol(dVerticalSpeedInterval)

alloc(newmem,2048,someDeltaWriteAOB+26) //"GameAssembly.dll"+10D0437)
label(returnhere)
label(originalcode_someDeltaWriteAOB)
registersymbol(originalcode_someDeltaWriteAOB)
label(exit)

newmem: //this is allocated memory, you have read,write,execute access
//place your code here
//mov rdi,"GameAssembly.dll"+BA3D15
mov rdi,playerDeltaWriteCallerAOB
lea rdi,[rdi+d]
cmp [rsp+58],rdi
jne @f

mov rdi,pPlayerInfo1
mov [rdi],rbx

@@:
mov rdi,pPlayerInfo1
cmp [rdi],rbx
jne end

mov rdi,bHoverKeyPressed
cmp byte ptr [rdi],1
je @f
readmem(someDeltaWriteAOB+26,6)
//movss xmm1,[rsp+64]
mov rdi,dVerticalSpeedCal
movss [rdi],xmm1
jmp end

@@:
mov rdi,bDownKeyPressed
cmp byte ptr [rdi],1
//je end
movss xmm1,[rdi+4]
je @f

//xorps xmm1,xmm1
//comiss xmm1,[rsp+64]
//jbe @f
//movss [rsp+64],xmm1
//@@:

mov rdi,bUpKeyPressed
cmp byte ptr [rdi],1
movss xmm1,[rdi+4]
je @f
xorps xmm1,xmm1

@@:
mov rdi,dVerticalSpeedCal
movss xmm0,[rdi]
comiss xmm1,xmm0
ja incvspeedcal
jb decvspeedcal
je vspeedcalend

incvspeedcal:
addss xmm0,[rdi+4]
minss xmm0,xmm1
movss [rdi],xmm0
jmp vspeedcalend

decvspeedcal:
subss xmm0,[rdi+4]
maxss xmm0,xmm1
movss [rdi],xmm0

vspeedcalend:
//comiss xmm1,[rsp+64]
//jbe @f
mov rdi,fCustomSpeedCal
mulss xmm0,[rdi]
readmem(someDeltaWriteAOB+26,2)
db 5F 44
readmem(someDeltaWriteAOB+2a,2)
//maxss xmm0,[rsp+64]
readmem(someDeltaWriteAOB+26,2)
db 11 44
readmem(someDeltaWriteAOB+2a,2)
//movss [rsp+64],xmm0
@@:

end:

originalcode_someDeltaWriteAOB:
readmem(someDeltaWriteAOB+26,6)
//movss xmm1,[rsp+64]

exit:
jmp returnhere

///
pPlayerInfo1:
dq 0
bHoverKeyID:
dd 10
bHoverKeyPressed:
dd 0
bUpKeyPressed:
dd 0
dUpSpeed:
dd (float)10
bDownKeyPressed:
dd 0
dDownSpeed:
dd (float)-10
dVerticalSpeedCal:
dd 0
dVerticalSpeedInterval:
dd (float)0.1
///

someDeltaWriteAOB+26: //"GameAssembly.dll"+10D0437:
jmp newmem
nop
returnhere:

///*****************************************///
//modified from ShyTwig16's lua keylistener script
//http://fearlessrevolution.com/viewtopic.php?f=4&amp;t=6041&amp;start=60#p62657
{$lua}
local function flyKeysLuaThread(thread2)
	local addr10 = getAddressSafe('bHoverKeyPressed')
	local addr11 = getAddressSafe('bUpKeyPressed')
	local addr12 = getAddressSafe('bDownKeyPressed')
	while FlyKeysLuaThreadLoop do
        sleep(100)

		if addr10 then
            if ( isKeyPressed( readInteger('bHoverKeyID') ) ) then
			    writeBytes(addr10, 1)
            else
                writeBytes(addr10, 0)
            end
		else
			addr10 = getAddressSafe('bHoverKeyPressed')
		end

		if addr11 then
            if ( isKeyPressed(VK_W) ) then
			    writeBytes(addr11, 1)
            else
                writeBytes(addr11, 0)
            end
		else
			addr11 = getAddressSafe('bUpKeyPressed')
		end

		if addr12 then
            if ( isKeyPressed(VK_S) ) then
			    writeBytes(addr12, 1)
            else
                writeBytes(addr12, 0)
            end
		else
			addr12 = getAddressSafe('bDownKeyPressed')
		end
	end
	thread2.terminate()
--    while FlyKeysLuaThreadLoop do
--          if ( isKeyPressed(VK_CAPITAL) ) then
--              writeBytes("bHoverKeyPressed" ,1)
--          else
--              writeBytes("bHoverKeyPressed" ,0)
--          end
--    end
--    thread2.terminate()
end
----------------------------------
if syntaxcheck then return end
FlyKeysLuaThreadLoop = true
createThread(flyKeysLuaThread)
{$asm}

///*****************************************///




[DISABLE]
//code from here till the end of the code will be used to disable the cheat
{$lua}
if syntaxcheck then return end
FlyKeysLuaThreadLoop = false
{$asm}

///*****************************************///
dealloc(newmem)
someDeltaWriteAOB+26: //"GameAssembly.dll"+10D0437:
readmem(originalcode_someDeltaWriteAOB,6)
//db F3 0F 10 4C 24 64
//Alt: movss xmm1,[rsp+64]
unregistersymbol(originalcode_someDeltaWriteAOB)

unregistersymbol(pPlayerInfo1)
unregistersymbol(bHoverKeyID)
unregistersymbol(bHoverKeyPressed)
unregistersymbol(bUpKeyPressed)
unregistersymbol(dUpSpeed)
unregistersymbol(bDownKeyPressed)
unregistersymbol(dDownSpeed)
unregistersymbol(dVerticalSpeedCal)
unregistersymbol(dVerticalSpeedInterval)

///*****************************************///
</AssemblerScript>
          <CheatEntries>
            <CheatEntry>
              <ID>104015</ID>
              <Description>"key"</Description>
              <DropDownList ReadOnly="1" DescriptionOnly="1" DisplayValueAsItem="1">05:X1 mouse button
06:X2 mouse button
10:SHIFT key
11:CTRL key
12:ALT key
14:CAPS LOCK key
</DropDownList>
              <ShowAsHex>1</ShowAsHex>
              <Color>008000</Color>
              <VariableType>Byte</VariableType>
              <Address>bHoverKeyID</Address>
            </CheatEntry>
          </CheatEntries>
        </CheatEntry>
      </CheatEntries>
    </CheatEntry>
  </CheatEntries>
</CheatTable>

Ayting · Post by **Ayting** » Thu Mar 26, 2020 6:19 am

Hey thanks i see that you find the inf air dash

I'm wondering how did you find it

I'm actually trying to find the value for launch ability to use it inf but i do not find it

this is the way which i try to find it :

I don't know what's the value is so first i search with "unknow initial value"

I launch and i search 1 time "changed" value

Immediately after i spam "unchanged value" because until i touch the ground, i still can't launch again so the value should not change

When i'm on the ground, i search again 1 time "changed value" and then i spam "unchanged value"

After that i do every actions ori can do except launch and after that i spam again unchanged value

After that, i repeat step 2 to 4 until i have few values. And i try to freeze them.

Here's a video showing all of that :

As you see in video it crash because i tried to freeze too many values, but i tried few times and even when it not crash, freezing the value doesn't allow me to spam the launch, so how did you find the value please ?

Thanks in advance

Post by **Cielos** » Thu Mar 26, 2020 10:35 am

Ayting wrote: ↑
Thu Mar 26, 2020 6:19 am
[...]

was about to un-install the game for now, and saw your msg...

I wasn't using memory search method to locate the assembly.
but it still can be done with memory search method, just not as accurate. with prior knowledge of how the developer implement the first game's skill usage would be an advantage. but by examining the scripts that already made, you can still have a better guess than "unknown value" search.
e.g., the "inf. air dash" you mentioned:
- by checking the injection point, you'd find that it's skipping the conditional jmp followed by comparing a value to 0.
- by using the debugger you'd know that the byte value it's checking would be in 1 when you can dash, and 0 when you have dash once in mid-air.

so, I boot up the game, and here's how I just made an "inf. air launch" using the memory search method:
with the information mentioned above, we can start by assuming that, launching again in mid-air would be handled the same as dashing again in mid-air. that means:
1 == can launch, 0 == luanch once already and you're still in mid-air.
so, we do exactly that. search 1 byte, value 1 first.
than use launch once and when you're in mid-air, search value 0.
rinse and repeat.
after awhile you'd be left with about 30 results.
now if you absolutely want to test them out by freezing the values, first you need to make sure they are NOT part of a pointer.
it's especially important in this case, as we are searching 1 and 0 in 1 byte. there is a possibility that address is holding a pointer like this:
143004000
and the 1 we searched could be the 1 at the start of this pointer.
and this pointer would be removed normally when we launch in mid-air.
but as we're freezing the value with CE. this pointer would becomes
100000000
which is still a pointer that is most likely pointing to null, while the game COULD have skip reading this as a pointer without our interference, because it'd normally be either 000000000 or a VALID pointer.
so, just browse the address in the memory view to check.
and with the nature of a pointer, the address would most likely be *******4 or *******c. as the "1" in the pointer would most likely either on 4 or C...
but before we use the freeze testing, there are some simple tricks to have a better guess of which could more likely be the address we need.

1. if the address is in the stack, even if it seems stable, it should be the last one we test.
2. locate an address that is not residing with other addresses. e.g., when a bunch of results are all 14340xxxx, than there is one address that is 112042000. this will be the one we test first.

and that's exactly what I did with this script. within the results left there is one address that is not residing with others.
I added it to the entry list, instead of freezing it, use the debugger to find out what opcodes are accessing it and when.
it's because freezing test isn't that accurate as sometimes the value we want to manipulate is being written constantly, freezing the value won't do anything at all.
so, turns out this value is being written constantly when in-game, and would be checked and written a few times when you try to use the launch. which would be the exact thing we'd think this value should be handled.
than I chose the opcode that would check if the value is 0 when I use launch, and wrote a script to skip the conditional jmp after that.
back to the game and test...
and everything works. so, I made the aobscan for it, and..... saved my table.

I can just post the script if you want, but practice makes perfect they say...

so....
good luck! and have fun cheating~

Ayting · Post by **Ayting** » Thu Mar 26, 2020 5:55 pm

Hey thanks for your answer !

First yes, i don't want to just have the script and use infinite launch, what i really want is to do it myself

So by following your instructions, i found the value !

As you said there were lots of values called almost the same a lot "with BB" and just one with "DDDD"
I saw that this value was certainly the launch value , so.. i freeze it. I know you said it's not accurate but i haven't find the "pointer adress" it was my only way and... it works !

But it's just the first step, first my script :

Spoiler

Screenshot Cheat Engine

Spoiler

I tried to write a script using "AOB injection" by copying your script for inf air dash, but it does not work :

here when i press "aob injection" :

Code: Select all

{ Game   : oriandthewillofthewisps-pc.exe
  Version: 
  Date   : 2020-03-26
  Author : Ayting

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(Launch,GameAssembly.dll,CC 88 91 90 00 00 00) // should be unique
alloc(newmem,$1000,"GameAssembly.dll"+7B05F0)

label(code)
label(return)

newmem:

code:
  mov [rcx+00000090],dl
  jmp return

Launch+01:
  jmp newmem
  nop
return:
registersymbol(Launch)

[DISABLE]

Launch+01:
  db 88 91 90 00 00 00

unregistersymbol(Launch)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "GameAssembly.dll"+7B05F0

"GameAssembly.dll"+7B05E0: 0F B6 81 90 00 00 00        -  movzx eax,byte ptr [rcx+00000090]
"GameAssembly.dll"+7B05E7: C3                          -  ret 
"GameAssembly.dll"+7B05E8: CC                          -  int 3 
"GameAssembly.dll"+7B05E9: CC                          -  int 3 
"GameAssembly.dll"+7B05EA: CC                          -  int 3 
"GameAssembly.dll"+7B05EB: CC                          -  int 3 
"GameAssembly.dll"+7B05EC: CC                          -  int 3 
"GameAssembly.dll"+7B05ED: CC                          -  int 3 
"GameAssembly.dll"+7B05EE: CC                          -  int 3 
"GameAssembly.dll"+7B05EF: CC                          -  int 3 
// ---------- INJECTING HERE ----------
"GameAssembly.dll"+7B05F0: 88 91 90 00 00 00           -  mov [rcx+00000090],dl
// ---------- DONE INJECTING  ----------
"GameAssembly.dll"+7B05F6: C3                          -  ret 
"GameAssembly.dll"+7B05F7: CC                          -  int 3 
"GameAssembly.dll"+7B05F8: CC                          -  int 3 
"GameAssembly.dll"+7B05F9: CC                          -  int 3 
"GameAssembly.dll"+7B05FA: CC                          -  int 3 
"GameAssembly.dll"+7B05FB: CC                          -  int 3 
"GameAssembly.dll"+7B05FC: CC                          -  int 3 
"GameAssembly.dll"+7B05FD: CC                          -  int 3 
"GameAssembly.dll"+7B05FE: CC                          -  int 3 
"GameAssembly.dll"+7B05FF: CC                          -  int 3 
}

and this is my edit :

Code: Select all

{ Game   : oriandthewillofthewisps-pc.exe
  Version: 
  Date   : 2020-03-26
  Author : Ayting

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(LaunchCountChkOnAirAOB,GameAssembly.dll,CC 88 91 90 00 00 00) // should be unique
registersymbol(LaunchCountChkOnAirAOB)

alloc(originalcode_LaunchCountChkOnAirAOB,16,LaunchCountChkOnAirAOB+01)
registersymbol(originalcode_LaunchCountChkOnAirAOB)

originalcode_LaunchCountChkOnAirAOB:
readmem(LaunchCountChkOnAirAOB+01,6)

///

launchcountchkonairAOB+01: //"GameAssembly.dll"+7B05F0
  db 88 91 90 00 00 00


[DISABLE]
launchcountchkonairAOB+01: //"GameAssembly.dll"+7B05F0

//db

Alt
launchcountchkonairAOB+01:
  db 88 91 90 00 00 00

unregistersymbol(launchcountchkonairAOB)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "GameAssembly.dll"+7B05F0

"GameAssembly.dll"+7B05E0: 0F B6 81 90 00 00 00        -  movzx eax,byte ptr [rcx+00000090]
"GameAssembly.dll"+7B05E7: C3                          -  ret 
"GameAssembly.dll"+7B05E8: CC                          -  int 3 
"GameAssembly.dll"+7B05E9: CC                          -  int 3 
"GameAssembly.dll"+7B05EA: CC                          -  int 3 
"GameAssembly.dll"+7B05EB: CC                          -  int 3 
"GameAssembly.dll"+7B05EC: CC                          -  int 3 
"GameAssembly.dll"+7B05ED: CC                          -  int 3 
"GameAssembly.dll"+7B05EE: CC                          -  int 3 
"GameAssembly.dll"+7B05EF: CC                          -  int 3 
// ---------- INJECTING HERE ----------
"GameAssembly.dll"+7B05F0: 88 91 90 00 00 00           -  mov [rcx+00000090],dl
// ---------- DONE INJECTING  ----------
"GameAssembly.dll"+7B05F6: C3                          -  ret 
"GameAssembly.dll"+7B05F7: CC                          -  int 3 
"GameAssembly.dll"+7B05F8: CC                          -  int 3 
"GameAssembly.dll"+7B05F9: CC                          -  int 3 
"GameAssembly.dll"+7B05FA: CC                          -  int 3 
"GameAssembly.dll"+7B05FB: CC                          -  int 3 
"GameAssembly.dll"+7B05FC: CC                          -  int 3 
"GameAssembly.dll"+7B05FD: CC                          -  int 3 
"GameAssembly.dll"+7B05FE: CC                          -  int 3 
"GameAssembly.dll"+7B05FF: CC                          -  int 3 
}

I think i miss a lot of things, also the end below disable is not finished.
In your script you put that :

Code: Select all

alloc(originalcode_airDashCountChkOnAirDashAOB,16,airDashCountChkOnAirDashAOB+7)

I don't know what is the "16" 16 bytes maybe ? And then, what is the "7" ?

In my """script"""" i put "01" because i saw that it was here when i create the "AOB Injection" as you can see here :

Code: Select all

Launch+01:
  jmp newmem
  nop
return:
registersymbol(Launch)

[DISABLE]

Launch+01:
  db 88 91 90 00 00 00

Comparaison with your script

Spoiler

Code: Select all

airDashCountChkOnAirDashAOB+7: //"GameAssembly.dll"+63AA37:
db 90 90 90 90 90 90


 
 
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
airDashCountChkOnAirDashAOB+7: //"GameAssembly.dll"+63AA37:
readmem(originalcode_airDashCountChkOnAirDashAOB,6)
//db 0F 84 C4 00 00 00

I don't understand the

Code: Select all

"db 90 90 90 90 90 90"

On my script i have automaticly below [DISABLE] :

Code: Select all

[DISABLE]

Launch+01:
  db 88 91 90 00 00 00

But i don't have a

Code: Select all

 "db xx xx xx xx xx"

above [DISABLE] and it seems i have to find it but i don't know how.

So i tried to launch your script and as you said check the debugger to see if i can understand the logic with it, but i can't find the value with the script.

I tried to search "

Code: Select all

GameAssembly.dll"+63AA37

" in "Memory viewer", then find his adress, search this adress with "AOB SEARCH" and then open the debugger but... :

Spoiler

Doesn't work..

So... i'm lost

Tried 4 hours to make it works but seems my knowledge in programmation are too weak for that

skyblack · Post by **skyblack** » Thu Mar 26, 2020 7:19 pm

Hello Cielos
If you can do inf. air dash, can you please make inf. lauch. It would be awsome.
thank you and you're awesome too

))

Post by **cfemen** » Fri Mar 27, 2020 5:08 am

Ayting wrote: ↑
Thu Mar 26, 2020 5:55 pm
~
So... i'm lost Tried 4 hours to make it works but seems my knowledge in programmation are too weak for that

hey,
you found the Set-Property WasGroundedSinceLastExecution.
follow the bool to find the if check:

Code: Select all

[ENABLE]

aobscanmodule(aobCanCharge,GameAssembly.dll,74 ** 80 BB 90 00 00 00 00 74 ** 48 8B 0D ** ** ** ** F6 81) // should be unique
alloc(origCanCharge,2)
registersymbol(origCanCharge)

origCanCharge:
readmem(aobCanCharge+9,2)

aobCanCharge+9:
db 90 90

registersymbol(aobCanCharge)

[DISABLE]

aobCanCharge+9:
  readmem(origCanCharge,2)

unregistersymbol(aobCanCharge)

inf. launches

xshiex · Post by **xshiex** » Fri Mar 27, 2020 5:29 am

thanks...when can "reset death counter" works?

skyblack · Post by **skyblack** » Fri Mar 27, 2020 6:44 am

thank you cfemen i love you

))))

Ayting · Post by **Ayting** » Fri Mar 27, 2020 2:07 pm

cfemen wrote: ↑
Fri Mar 27, 2020 5:08 am

Ayting wrote: ↑
Thu Mar 26, 2020 5:55 pm
~
So... i'm lost Tried 4 hours to make it works but seems my knowledge in programmation are too weak for that
hey,
you found the Set-Property WasGroundedSinceLastExecution.
follow the bool to find the if check:
Code: Select all
[ENABLE]

aobscanmodule(aobCanCharge,GameAssembly.dll,74 ** 80 BB 90 00 00 00 00 74 ** 48 8B 0D ** ** ** ** F6 81) // should be unique
alloc(origCanCharge,2)
registersymbol(origCanCharge)

origCanCharge:
readmem(aobCanCharge+9,2)

aobCanCharge+9:
db 90 90

registersymbol(aobCanCharge)

[DISABLE]

aobCanCharge+9:
  readmem(origCanCharge,2)

unregistersymbol(aobCanCharge)
inf. launches

Thanks but.. even with your script i can't understand

Why you put "+9" and why you put "2"

How do you know you have to put "+9" and no "+7" or something else, same for the 2

Post by **cfemen** » Sat Mar 28, 2020 11:50 am

Ayting wrote: ↑
Fri Mar 27, 2020 2:07 pm
Why you put "+9" and why you put "2"

How do you know you have to put "+9" and no "+7" or something else, same for the 2

thats the if check:

Code: Select all

GameAssembly.dll+7AFB52 - 80 BB 90000000 00     - cmp byte ptr [rbx+00000090],00  // WasGroundedSinceLastExecution
GameAssembly.dll+7AFB59 - 74 38                 - je GameAssembly.dll+7AFB93 //  --> badboy coz if zero-flag is zero = return 0 = no launch

in C style:
GameAssembly.dll+7AFB52(CanCharge):

Code: Select all

if (WasGroundedSinceLastExecution) 
{
return 1;
}
return 0; // -> badboy

//

"+9"
"2"

its for the readmem to save the original bytes at GameAssembly.dll+7AFB59(74 38)
but if you never did any scripts then you should start with basic ASM / read about Hooks/Detour-Functions.
then you learn about "badboy" jumps and how to patch them.
coz thats what my script is doing, patch the if check.

Kyle_ · Post by **Kyle_** » Mon Mar 30, 2020 6:21 pm

cfemen wrote: ↑
Tue Mar 10, 2020 11:35 pm

Debug Mode[/u][/b]
Activate Cheats Handler
now you can toggle with F1 or the Toggle Menu script the Debug UI.
ESC = close
Q/E = inc/dec values

Thank you very much, I managed to solve a softlock thanks to your table.

Kamse · Post by **Kamse** » Mon Mar 30, 2020 6:57 pm

Yep, i did too. I used the menu to enable 'teleport' and then with the right stick you select where you wanna go. Impressive.
By the way, is there any way we can activate such debug menu for the BlindForest edition ?

Post by **cfemen** » Mon Mar 30, 2020 7:07 pm

Kyle_ wrote: ↑
Mon Mar 30, 2020 6:21 pm

Thank you very much, I managed to solve a softlock thanks to your table.

you are welcome

Kamse wrote: ↑
Mon Mar 30, 2020 6:57 pm
Yep, i did too. I used the menu to enable 'teleport' and then with the right stick you select where you wanna go. Impressive.
By the way, is there any way we can activate such debug menu for the BlindForest edition ?

viewtopic.php?f=4&t=11817&start=30#p126092
didn't test it, but im sure it will work.

Kamse · Post by **Kamse** » Tue Mar 31, 2020 8:13 am

Thanks, i've searched and found mods or scripts to achieve it but it disables steam achievements and that annoys me.
I've used Cielos table, which includes a debugmenu switcher but it doesn't trigger.
I've checked what the debugmenu does and decided to go without it. Thanks anyway.

FearLess Cheat Engine

Ori and the Will of the Wisps [Steam]

Re: Ori and the Will of the Wisps [Steam]

Re: Ori and the Will of the Wisps [Steam]

Re: Ori and the Will of the Wisps [Steam]

Re: Ori and the Will of the Wisps [Steam]

Re: Ori and the Will of the Wisps [Steam]

Re: Ori and the Will of the Wisps [Steam]

Re: Ori and the Will of the Wisps [Steam]

Re: Ori and the Will of the Wisps [Steam]

Re: Ori and the Will of the Wisps [Steam]

Re: Ori and the Will of the Wisps [Steam]

Re: Ori and the Will of the Wisps [Steam]

Re: Ori and the Will of the Wisps [Steam]

Re: Ori and the Will of the Wisps [Steam]

Re: Ori and the Will of the Wisps [Steam]

Re: Ori and the Will of the Wisps [Steam]

Who is online