first off thanks for the table.
i don't know if the "Unlimited Reserve Ammo & Throwables" is fixed by anyone or not. too lazy to check the topic.
but if it is not resolved here is my solution:
I think this is the logic: the game resets the values after death so when we fiddle with the resetting, the infinite loop is triggered.
but when we use a throwable, game subs it with 1 but after death ammo is substituted with the whole ammo amount. we can use it to filter it out.
my solution in asm:
[ENABLE]
aobscanmodule(INJECT,DaysGone.exe,41 39 C8 41 0F 4E C0) // should be unique
alloc(newmem,$1000,INJECT)
label(code)
label(return)
newmem:
code:
cmp r8d,ecx
je @f
xor r8d,r8d
@@:
cmovle eax,r8d
jmp return
INJECT:
jmp newmem
nop 2
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db 41 39 C8 41 0F 4E C0
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: DaysGone.exe+63E310
DaysGone.exe+63E2FA: 8B C2 - mov eax,edx
DaysGone.exe+63E2FC: C3 - ret
DaysGone.exe+63E2FD: 79 1F - jns DaysGone.exe+63E31E
DaysGone.exe+63E2FF: 8B 49 10 - mov ecx,[rcx+10]
DaysGone.exe+63E302: 8B C2 - mov eax,edx
DaysGone.exe+63E304: 99 - cdq
DaysGone.exe+63E305: 44 8B C0 - mov r8d,eax
DaysGone.exe+63E308: 8B C1 - mov eax,ecx
DaysGone.exe+63E30A: 44 33 C2 - xor r8d,edx
DaysGone.exe+63E30D: 44 2B C2 - sub r8d,edx
// ---------- INJECTING HERE ----------
DaysGone.exe+63E310: 41 39 C8 - cmp r8d,ecx
// ---------- DONE INJECTING ----------
DaysGone.exe+63E313: 41 0F 4E C0 - cmovle eax,r8d
DaysGone.exe+63E317: 2B C8 - sub ecx,eax
DaysGone.exe+63E319: 41 89 49 10 - mov [r9+10],ecx
DaysGone.exe+63E31D: C3 - ret
DaysGone.exe+63E31E: 33 C0 - xor eax,eax
DaysGone.exe+63E320: C3 - ret
DaysGone.exe+63E321: CC - int 3
DaysGone.exe+63E322: CC - int 3
DaysGone.exe+63E323: CC - int 3
DaysGone.exe+63E324: CC - int 3
}
and here is a
super movement speed cheat. add it to the table if you can. happy exploring xD
[ENABLE]
aobscanmodule(INJECT,DaysGone.exe,58 F3 0F 10 0D * * * * 48 85 DB 74 05 F3 0F 10 4B 78) // should be unique
alloc(newmem,$1000,INJECT)
label(code)
label(return)
newmem:
code:
mov [rbx+78], (float)5 // change to 1.0 for defualt speed
movss xmm1,[rbx+78]
jmp return
INJECT+0E:
jmp newmem
return:
registersymbol(INJECT)
[DISABLE]
INJECT+0E:
db F3 0F 10 4B 78
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: DaysGone.exe+281E325
DaysGone.exe+281E303: 48 85 DB - test rbx,rbx
DaysGone.exe+281E306: 74 68 - je DaysGone.exe+281E370
DaysGone.exe+281E308: 48 8B 03 - mov rax,[rbx]
DaysGone.exe+281E30B: 48 8B CB - mov rcx,rbx
DaysGone.exe+281E30E: FF 90 68 04 00 00 - call qword ptr [rax+00000468]
DaysGone.exe+281E314: 84 C0 - test al,al
DaysGone.exe+281E316: 74 58 - je DaysGone.exe+281E370
DaysGone.exe+281E318: F3 0F 10 0D 7C E4 FE 00 - movss xmm1,[DaysGone.exe+380C79C]
DaysGone.exe+281E320: 48 85 DB - test rbx,rbx
DaysGone.exe+281E323: 74 05 - je DaysGone.exe+281E32A
// ---------- INJECTING HERE ----------
DaysGone.exe+281E325: F3 0F 10 4B 78 - movss xmm1,[rbx+78]
// ---------- DONE INJECTING ----------
DaysGone.exe+281E32A: 80 64 24 40 FC - and byte ptr [rsp+40],-04
DaysGone.exe+281E32F: F3 0F 59 CE - mulss xmm1,xmm6
DaysGone.exe+281E333: C7 44 24 44 00 00 80 3F - mov [rsp+44],3F800000
DaysGone.exe+281E33B: 48 85 DB - test rbx,rbx
DaysGone.exe+281E33E: 74 14 - je DaysGone.exe+281E354
DaysGone.exe+281E340: 48 8B 03 - mov rax,[rbx]
DaysGone.exe+281E343: 4C 8D 44 24 40 - lea r8,[rsp+40]
DaysGone.exe+281E348: 48 8B CB - mov rcx,rbx
DaysGone.exe+281E34B: FF 90 08 04 00 00 - call qword ptr [rax+00000408]
DaysGone.exe+281E351: 0F 28 C8 - movaps xmm1,xmm0
}
with some luck and time I might be able to create a "teleport to waypoint" cheat.....
