Bannerlords M&B

[fardriel]

Try putting this on the line after the [ENABLE]:

assert(System.Core.ni.dll+34F9F5, FF 15 25 C6 FE FF 48 8B C7 48 83 C4 28 5E 5F C3)

If that keeps the script from turning on, then you've got a different game version. Granted, even if you have a different version, the game shouldn't crash without that assert. The script should just never copy any address into the pointer. Thank you SODI, that was obvious and I'm kicking myself for not changing that. I normally do.

I'll have to take another look later. It's almost 7am where I am and I still haven't slept.

[Digitalcat]

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>9</ID>
      <Description>"Focus/Attribute Getter (Open/close character menu, activate this, open character menu again)"</Description>
      <LastState/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>{ Game   : TaleWorlds.MountAndBlade.Launcher.exe
  Version: 
  Date   : 2020-03-31
  Author : chodn

  This script does blah blah blah
}

[ENABLE]

aobscan(INJECTFOCUSGETTER,8B 51 40 8B CA) // should be unique
alloc(newmem,$1000,INJECTFOCUSGETTER)

label(skip)
label(return)
label(charptr)
registersymbol(charptr)
label(retptr)
registersymbol(retptr)

newmem:
  mov edx,[rcx+40]
  push rax
  mov rax,[rsp+10]
  cmp rax,[retptr]
  jne skip
  mov [charptr],rcx
skip:
  pop rax
  mov ecx,edx
  jmp return
charptr:
  dq 0
retptr:
  dq System.Core.ni.dll+34F9FB

INJECTFOCUSGETTER:
  jmp newmem
return:
registersymbol(INJECTFOCUSGETTER)

[DISABLE]

INJECTFOCUSGETTER:
  db 8B 51 40 8B CA

unregistersymbol(INJECTFOCUSGETTER)
unregistersymbol(charptr)
unregistersymbol(retptr)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: 7FFDA255F636

7FFDA255F611: E8 9A 49 27 5E                 -  call clr.dll+3FB0
7FFDA255F616: 48 8D 4E 30                    -  lea rcx,[rsi+30]
7FFDA255F61A: 48 8B D7                       -  mov rdx,rdi
7FFDA255F61D: E8 8E 49 27 5E                 -  call clr.dll+3FB0
7FFDA255F622: 48 8B 56 20                    -  mov rdx,[rsi+20]
7FFDA255F626: 48 85 D2                       -  test rdx,rdx
7FFDA255F629: 75 04                          -  jne 7FFDA255F62F
7FFDA255F62B: 33 C9                          -  xor ecx,ecx
7FFDA255F62D: EB 07                          -  jmp 7FFDA255F636
7FFDA255F62F: 48 8B 8A 38 01 00 00           -  mov rcx,[rdx+00000138]
// ---------- INJECTING HERE ----------
7FFDA255F636: 8B 51 40                       -  mov edx,[rcx+40]
7FFDA255F639: 8B CA                          -  mov ecx,edx
// ---------- DONE INJECTING  ----------
7FFDA255F63B: 89 8E A0 00 00 00              -  mov [rsi+000000A0],ecx
7FFDA255F641: 48 8B CE                       -  mov rcx,rsi
7FFDA255F644: E8 47 2C 90 FF                 -  call 7FFDA1E62290
7FFDA255F649: 48 8B 56 20                    -  mov rdx,[rsi+20]
7FFDA255F64D: 48 85 D2                       -  test rdx,rdx
7FFDA255F650: 75 04                          -  jne 7FFDA255F656
7FFDA255F652: 33 C9                          -  xor ecx,ecx
7FFDA255F654: EB 07                          -  jmp 7FFDA255F65D
7FFDA255F656: 48 8B 8A 38 01 00 00           -  mov rcx,[rdx+00000138]
7FFDA255F65D: 8B 51 44                       -  mov edx,[rcx+44]
}
</AssemblerScript>
      <CheatEntries>
        <CheatEntry>
          <ID>3</ID>
          <Description>"Focus Points"</Description>
          <VariableType>4 Bytes</VariableType>
          <Address>charptr</Address>
          <Offsets>
            <Offset>40</Offset>
          </Offsets>
        </CheatEntry>
        <CheatEntry>
          <ID>4</ID>
          <Description>"Attribute Points"</Description>
          <VariableType>4 Bytes</VariableType>
          <Address>charptr</Address>
          <Offsets>
            <Offset>44</Offset>
          </Offsets>
        </CheatEntry>
      </CheatEntries>
    </CheatEntry>
  </CheatEntries>
</CheatTable>

There should work now. Does for me.

This one works yeah.

[Darkcore]

that one seems to work for me SODI

[fardriel]

Last thing before I disappear: The code that grabs the focus levels of each skill looks to be generic code that is called on at least a hundred different things, so it'd probably be better to see if there's more specific code that defines that memory region/struct, instead of the specific skill focus values.

[4blood]

There should work now. Does for me.

Indeed +1

[Boxs]

anyone have the skills xp?

[Tanagord]

Infinite ammo would be very useful

[thedudeabides96]

I would love something to use for skills and or smithing stamina.

[GreenHouse]

Infinite ammo would be very useful

Here's a script for infinite arrows, I'm not sure if it works with all kinds of ammo. And I'm not sure if I'm using the right version of the game, try it:

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>4</ID>
      <Description>"Infinite Arrows"</Description>
      <LastState/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>[ENABLE]
aobscanmodule(get_Arrows,Game.dll,66 44 89 01 4C 39 99 18 01 00 00)
aobscanmodule(get_ammoDec,Game.dll,66 44 2B C3 8B D7)
alloc(newmem,$1000,Game.dll)
label(code)
label(return)
registersymbol(get_ammoDec)

newmem:

code:
  mov [rcx],#90
  cmp [rcx+00000118],r11
  jmp return

get_Arrows:
  jmp newmem
  nop 6
return:
registersymbol(get_Arrows)

get_ammoDec:
  db 90 90 90 90

[DISABLE]
get_Arrows:
  db 66 44 89 01 4C 39 99 18 01 00 00

get_ammoDec:
  db 66 44 2B C3

unregistersymbol(get_Arrows)
unregistersymbol(get_ammoDec)
dealloc(newmem)
</AssemblerScript>
    </CheatEntry>
  </CheatEntries>
</CheatTable>

[dk998]

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>9</ID>
      <Description>"Focus/Attribute Getter (Open/close character menu, activate this, open character menu again)"</Description>
      <LastState/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>{ Game   : TaleWorlds.MountAndBlade.Launcher.exe
  Version: 
  Date   : 2020-03-31
  Author : chodn

  This script does blah blah blah
}

[ENABLE]

aobscan(INJECTFOCUSGETTER,8B 51 40 8B CA) // should be unique
alloc(newmem,$1000,INJECTFOCUSGETTER)

label(skip)
label(return)
label(charptr)
registersymbol(charptr)
label(retptr)
registersymbol(retptr)

newmem:
  mov edx,[rcx+40]
  push rax
  mov rax,[rsp+10]
  cmp rax,[retptr]
  jne skip
  mov [charptr],rcx
skip:
  pop rax
  mov ecx,edx
  jmp return
charptr:
  dq 0
retptr:
  dq System.Core.ni.dll+34F9FB

INJECTFOCUSGETTER:
  jmp newmem
return:
registersymbol(INJECTFOCUSGETTER)

[DISABLE]

INJECTFOCUSGETTER:
  db 8B 51 40 8B CA

unregistersymbol(INJECTFOCUSGETTER)
unregistersymbol(charptr)
unregistersymbol(retptr)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: 7FFDA255F636

7FFDA255F611: E8 9A 49 27 5E                 -  call clr.dll+3FB0
7FFDA255F616: 48 8D 4E 30                    -  lea rcx,[rsi+30]
7FFDA255F61A: 48 8B D7                       -  mov rdx,rdi
7FFDA255F61D: E8 8E 49 27 5E                 -  call clr.dll+3FB0
7FFDA255F622: 48 8B 56 20                    -  mov rdx,[rsi+20]
7FFDA255F626: 48 85 D2                       -  test rdx,rdx
7FFDA255F629: 75 04                          -  jne 7FFDA255F62F
7FFDA255F62B: 33 C9                          -  xor ecx,ecx
7FFDA255F62D: EB 07                          -  jmp 7FFDA255F636
7FFDA255F62F: 48 8B 8A 38 01 00 00           -  mov rcx,[rdx+00000138]
// ---------- INJECTING HERE ----------
7FFDA255F636: 8B 51 40                       -  mov edx,[rcx+40]
7FFDA255F639: 8B CA                          -  mov ecx,edx
// ---------- DONE INJECTING  ----------
7FFDA255F63B: 89 8E A0 00 00 00              -  mov [rsi+000000A0],ecx
7FFDA255F641: 48 8B CE                       -  mov rcx,rsi
7FFDA255F644: E8 47 2C 90 FF                 -  call 7FFDA1E62290
7FFDA255F649: 48 8B 56 20                    -  mov rdx,[rsi+20]
7FFDA255F64D: 48 85 D2                       -  test rdx,rdx
7FFDA255F650: 75 04                          -  jne 7FFDA255F656
7FFDA255F652: 33 C9                          -  xor ecx,ecx
7FFDA255F654: EB 07                          -  jmp 7FFDA255F65D
7FFDA255F656: 48 8B 8A 38 01 00 00           -  mov rcx,[rdx+00000138]
7FFDA255F65D: 8B 51 44                       -  mov edx,[rcx+44]
}
</AssemblerScript>
      <CheatEntries>
        <CheatEntry>
          <ID>3</ID>
          <Description>"Focus Points"</Description>
          <VariableType>4 Bytes</VariableType>
          <Address>charptr</Address>
          <Offsets>
            <Offset>40</Offset>
          </Offsets>
        </CheatEntry>
        <CheatEntry>
          <ID>4</ID>
          <Description>"Attribute Points"</Description>
          <VariableType>4 Bytes</VariableType>
          <Address>charptr</Address>
          <Offsets>
            <Offset>44</Offset>
          </Offsets>
        </CheatEntry>
      </CheatEntries>
    </CheatEntry>
  </CheatEntries>
</CheatTable>

There should work now. Does for me.

The script wont activate. I opened & closed the character screen then activated it then opened the character screen again. When I go to the table to activate attributes or focus points it doesnt.

[cocotoon]

Hello,

I managed to find the 3 health values. The problem, when I modify the value of the health cap, this systematically returns to 100. Do you think it is possible to change this in order to have more than 100 in health?

[GreenHouse]

- Immortal player script:

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>22</ID>
      <Description>"Immortal"</Description>
      <LastState Activated="1"/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>[ENABLE]
aobscanregion(get_isInvulnerable,7FF000000000,7FFFFFFFFFFF,80 BF 9A 01 00 00 00)
alloc(newmem,$1000)
label(code)
label(return)

newmem:
  pushf
  cmp byte ptr [rdi+00000184],2 //AgentControllerType
  jne code
  mov byte ptr [rdi+0000019A],01

code:
  popf
  cmp byte ptr [rdi+0000019A],00
  jmp return

get_isInvulnerable:
  jmp newmem
  nop 2
return:
registersymbol(get_isInvulnerable)

[DISABLE]
get_isInvulnerable:
  db 80 BF 9A 01 00 00 00

unregistersymbol(get_isInvulnerable)
dealloc(newmem)
</AssemblerScript>
    </CheatEntry>
  </CheatEntries>
</CheatTable>

[lixiangyu]

This is the order of the adress of focus of your skills. They are all 4Bytes,18 offset. There are four temporary value which used when you level it up. After you click done, the value will writes to these adress. The address of attribute is simply six 4Bytes in a row.

"Riding" 4 Bytes +0
"Polearm" 4 Bytes +18
"Leadership" 4 Bytes +30
"Tactics" 4 Bytes +48
"Athletics" 4 Bytes +60
"Throwing" 4 Bytes +78
"Steward" 4 Bytes +90
"Onehanded" 4 Bytes +A8
"Twohanded" 4 Bytes +C0
"Bow" 4 Bytes +D8
"Crossbow" 4 Bytes +F0
"Smithing" 4 Bytes +108
"Scouting" 4 Bytes +120
"Roguery" 4 Bytes +138
"Charm" 4 Bytes +150
"Trade" 4 Bytes +168
"Medicine" 4 Bytes +180
"Engineering" 4 Bytes +198

[gogfox]

- Immortal player script:

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>22</ID>
      <Description>"Immortal"</Description>
      <LastState Activated="1"/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>[ENABLE]
aobscanregion(get_isInvulnerable,7FF000000000,7FFFFFFFFFFF,80 BF 9A 01 00 00 00)
alloc(newmem,$1000)
label(code)
label(return)

newmem:
  pushf
  cmp byte ptr [rdi+00000184],2 //AgentControllerType
  jne code
  mov byte ptr [rdi+0000019A],01

code:
  popf
  cmp byte ptr [rdi+0000019A],00
  jmp return

get_isInvulnerable:
  jmp newmem
  nop 2
return:
registersymbol(get_isInvulnerable)

[DISABLE]
get_isInvulnerable:
  db 80 BF 9A 01 00 00 00

unregistersymbol(get_isInvulnerable)
dealloc(newmem)
</AssemblerScript>
    </CheatEntry>
  </CheatEntries>
</CheatTable>

Not work

but still thank you for it

[LillyanaKabal]

It doesn't crash if you get the focus points manually. So it's not a problem with having 999 focus points.