[HELP] AC Valhalla: fixing a couple cheats

Anything Cheat Engine related, bugs, suggestions, helping others, etc..
Post Reply
User avatar
HK26
Expert Cheater
Expert Cheater
Posts: 138
Joined: Wed Aug 04, 2021 2:43 am
Reputation: 95

[HELP] AC Valhalla: fixing a couple cheats

Post by HK26 »

Hi, all! I hope this question is going in the right place. I need some help to fix two cheats in the AC Valhalla table. I'm familiar with cheat engine and I mostly understand why they aren't working (game updates) but am unsure on how to fix them.

Table is this one: viewtopic.php?f=4&t=14379&start=1530
The cheats not working are "Remove Horse Speed Limit" and "Open Shop Directly".

Remove Horse Speed Limit: <<Error while scanning for AOB's : scan_horse_speed_limit Error: Not all results found>>

Code: Select all

[ENABLE]
  aobScanModule( scan_horse_speed_limit, $process, 48 8D 05 ?? ?? ?? ?? 89 74 24 28 48 89 44 24 20 48 8D 97 88 01 00 00 )
  alloc( newmem_horse_speed_limit, 1000 )
  registerSymbol( scan_horse_speed_limit,newmem_horse_speed_limit )
  //TODO: add removal for climbing mountains and hills
  //TODO: try to remove alloc
  newmem_horse_speed_limit:
    readMem(scan_horse_speed_limit,7)

  scan_horse_speed_limit:
    mov rax,[rdi]
    mov rax,[rax+40]


[DISABLE]
  scan_horse_speed_limit:
    readMem(newmem_horse_speed_limit,7)

  dealloc(*)
  unregisterSymbol(*)
Open Shop Directly: <<The array of byte named UIpage_aobE could not be found>>

Code: Select all

[ENABLE]
aobScanModule( UIpage_aob1, $process, E8 CC F3 47 FF 4C 8B 0D 25 DF 18 04 48 8D 0D 66 EE B2 04 4C 8B C5 33 D2 E8 C4 3D 50 FF 48 8B D8 49 3B C6 )
aobScanModule( UIpage_aob2, $process, 4C 8B 0D ?? ?? ?? ?? 48 8D 0D ?? ?? ?? ?? 45 33 C0 48 BA B0 2E A4 47 0F 01 00 00 E8 ?? ?? ?? ?? )
aobScanModule( UIpage_aob3, $process, 4C 8D 3D ?? ?? ?? ?? BE 01 00 00 00 49 3B CF 74 08 8B C6 F0 48 0F C1 41 08 48 87 8F 88 00 00 00 E8 ?? ?? ?? ?? )
aobScanModule( UIpage_aob4, $process, E8 ?? ?? ?? ?? 48 85 C0 74 ?? 48 8B 90 F0 15 00 00 48 85 D2 74 ?? 48 8B 80 78 30 00 00 )
aobScanModule( UIpage_aob5, $process, C7 83 00 01 00 00 01 00 00 00 E8 ?? ?? ?? ?? )
aobScanModule( UIpage_aob6, $process, 48 8B 8F 88 00 00 00 48 8B D8 49 3B CF 74 06 F0 48 0F C1 71 08 48 87 48 10 )

aobScanModule( UIpage_aobE, $process, 48 8B 05 ?? ?? ?? ?? 87 A8 38 04 00 00 )
aobScanModule( UIpage_aobF, $process, FF 50 18 48 8B 03 48 8B CB C7 83 B4 00 00 00 01 00 00 00 )

aobScanModule( UIpage_call1,$process, 48 89 5C 24 10 48 89 74 24 18 57 48 83 EC 20 89 4C 24 30 48 8D 54 24 30 )
aobScanModule( UIpage_call2,$process, 48 89 5C 24 08 55 56 57 41 54 41 55 41 56 41 57 48 83 EC ?? 48 8B 42 10 )
aobScanModule( UIpage_call3,$process, 40 53 48 83 EC 20 4C 8B 41 08 48 8B D9 49 8B 40 08 48 C1 E0 20 48 C1 F8 3F 49 85 00 75 08 32 C0 48 83 C4 20 5B C3 48 89 74 24 30 )
aobScanModule( UIpage_call4,$process, 48 89 5C 24 10 48 89 6C 24 18 57 41 54 41 55 41 56 41 57 48 83 EC 50 41 83 79 08 01 )

alloc( UIpage_newmem,0x1000 )
label(          UIPage_closeAll )
registerSymbol( UIPage_closeAll,UIpage_call1 )
label(          UIpage_openBS,UIpage_openTP1,UIpage_openTP2,UIpage_openRS1,UIpage_openRS2,UIpage_openSA1,UIpage_openSA2,UIpage_openSY )
registerSymbol( UIpage_openBS,UIpage_openTP1,UIpage_openTP2,UIpage_openRS1,UIpage_openRS2,UIpage_openSA1,UIpage_openSA2,UIpage_openSY )
label(          UIpage_openFS,UIpage_openTS,UIpage_openCA,UIpage_openHH1,UIpage_openHH2,UIpage_openBA1,UIpage_openFH )
registerSymbol( UIpage_openFS,UIpage_openTS,UIpage_openCA,UIpage_openHH1,UIpage_openHH2,UIpage_openBA1,UIpage_openFH )
label(          UIpage_openRR2,UIpage_openRR3,UIpage_openOFS )
registerSymbol( UIpage_openRR2,UIpage_openRR3,UIpage_openOFS )


  createThread( UIpage_init )
//TODO: release resources in [DISABLE]
UIpage_newmem:
UIPage_getvar:
mov eax, dword ptr[rcx+rdx]
movsxd rax, eax
lea rax, qword ptr[rcx+rax]
add rax, r8d
mov qword ptr[r9], rax
ret
align 10 CC

UIpage_getvars:
sub rsp,20
mov r9, var02
mov r8, 7
mov rdx, 3
mov rcx, UIpage_aob1+C
call short UIPage_getvar
mov r9, UIpage_pcall6
mov r8, 5
mov rdx, 1
mov rcx, UIpage_aob1+18
call short UIPage_getvar
mov r9, UIpage_pcall5
mov r8, 5
mov rdx, 1
mov rcx, UIpage_aob2+1B
call short UIPage_getvar
mov r9, UIpage_pcall7
mov r8, 5
mov rdx, 1
mov rcx, UIpage_aob1
call short UIPage_getvar
mov r9, UIpage_pcall8
mov r8, 5
mov rdx, 1
mov rcx, UIpage_aob3+20
call short UIPage_getvar
mov r9, UIpage_pcallA
mov r8, 5
mov rdx, 1
mov rcx, UIpage_aob5+A
call short UIPage_getvar
mov r9, UIpage_pcall9
mov r8, 5
mov rdx, 1
mov rcx, UIpage_aob4
call short UIPage_getvar
mov r9, var04
mov r8, 7
mov rdx, 3
mov rcx, UIpage_aob3
call short UIPage_getvar
add rsp,20
ret
align 10 CC

    UIpage_wait:
      mov [rsp+08], r12
      mov [rsp+10], r13
      mov [rsp+18], r14
      mov r13, rcx
      mov r14, rdx
      sub rsp, 28
      loop_wait:
        xor r9, r9
        xor r8, r8
        mov rdx, r13
        mov rcx, [var02]
        mov rax, [UIpage_pcall6]
        call rax
        mov r12, rax
        mov rcx, rax
        mov rax, [UIpage_pcall7]
        call rax
        mov rcx, [r12+8]
        shl rcx, 20
        sar rcx, 3F
        and rcx, [r12]
        jnz @f
          mov rcx, #200
          mov rax, kernel32.sleep
          call rax
          dec r14
          cmp r14, 0
          jz @f
          jmp loop_wait
      @@:
      add rsp, 28
      mov r12, [rsp+08]
      mov r13, [rsp+10]
      mov r14, [rsp+18]
      ret

    UIPage_closeAll:
      sub rsp, 28
      mov rax, [UIpage_pcallA]
      call rax
      add rsp,28
      ret
      align 10 CC

    UIpage_showPage:
      mov [rsp+08], r12
      mov [rsp+10], r13
      mov [rsp+18], r14
      mov [rsp+20], r15
      mov r15, rcx
      mov r14, rdx
      sub rsp, 58
        mov rax, [UIpage_pcall9]
        call rax
        test rax, rax
      jz short exit_a
        add rax, 3078
        mov rax, [rax]
        mov [var03], rax
      xor r9, r9
      xor r8, r8
      mov rdx, r14
      mov rcx, [var02]
      mov rax, [UIpage_pcall6]
      call rax
      mov r12,rax
      mov [var01+10], r12
      mov rcx, [r12+8]
      shl rcx, 20
      sar rcx, 3F
      and rcx, [r12]
      jnz short @f
        xor r9, r9
        xor r8, r8
        mov rdx, r15
        mov rcx, [var02]
        mov rax, [UIpage_pcall5]
        call rax
        xor rax,rax
        mov [rsp+30],rax
        mov [rsp+28],rax
        mov [rsp+20],rax
          mov [rsp+48],rax
          mov [rsp+40],rax
          lea r9,[rsp+40]
        mov r8, var04
        mov rdx, r15
        mov ecx, 9
        mov rax, UIpage_call4
        call rax
        mov rdx, A
        mov rcx, r14
        call short UIpage_wait
      @@:
      mov ecx, 9336EDA4
      mov rax, UIpage_call1
      call rax
      mov r13, rax
      xchg [r13+88],r12
        mov rdx, var03
        lea rcx, [r13+80]
        mov rax, UIpage_call3
        call rax
        mov rdx, var01
        mov rax, UIpage_call2
        call rax
      exit_a:
      add rsp,58
      mov r12, [rsp+08]
      mov r13, [rsp+10]
      mov r14, [rsp+18]
      mov r15, [rsp+20]
      ret
      align 10 CC

    UIpage_init:
      sub rsp, 20
      call short UIpage_getvars
        mov [var01+08],rax
        mov [var01+18],rax
      add rsp, 20
      ret
      align 10 CC

    UIpage_tcreate:
      sub rsp, 20
      reassemble(UIpage_aobE)
      mov rax, [rax]
      call [rax+18]
      add rsp, 20
      ret
      align 10 CC
    UIpage_tdestroy:
      sub rsp, 20
      reassemble(UIpage_aobE)
      mov rax, [rax]
      call [rax+20]
      add rsp, 20
      ret
      align 10 CC

    UIpage_openBS:
      sub rsp,28
      call short UIpage_tcreate
      mov rdx, 000001A87423E0B6
      mov rcx, 000001A87423E0B6
      mov rax, UIpage_showPage
      call rax
      call short UIpage_tdestroy
      add rsp,28
      ret
      align 10 CC
    UIpage_openTP1:
      sub rsp,28
      call short UIpage_tcreate
      mov rdx, 000001BD4C8AE868
      mov rcx, 000001BE02D14B5F
      mov rax, UIpage_showPage
      call rax
      call short UIpage_tdestroy
      add rsp,28
      ret
      align 10 CC
    UIpage_openTP2:
      sub rsp,28
      call short UIpage_tcreate
      mov rdx, 000001C2F2F05F5C
      mov rcx, 000001CAC79129ED
      mov rax, UIpage_showPage
      call rax
      call short UIpage_tdestroy
      add rsp,28
      ret
      align 10 CC
    UIpage_openRS1:
      sub rsp,28
      call short UIpage_tcreate
      mov rdx, 000001BA89481FB9
      mov rcx, 000001BC1F92A7DC
      mov rax, UIpage_showPage
      call rax
      call short UIpage_tdestroy
      add rsp,28
      ret
      align 10 CC
    UIpage_openRS2:
      sub rsp,28
      call short UIpage_tcreate
      mov rdx, 000001CD4E18615B
      mov rcx, 000001CD4E18615B
      mov rax, UIpage_showPage
      call rax
      call short UIpage_tdestroy
      add rsp,28
      ret
      align 10 CC
    UIpage_openSA1:
      sub rsp,28
      call short UIpage_tcreate
      mov rdx, 000001BD4C8AE87E
      mov rcx, 000001CAC791060E
      mov rax, UIpage_showPage
      call rax
      call short UIpage_tdestroy
      add rsp,28
      ret
      align 10 CC
    UIpage_openSA2:
      sub rsp,28
      call short UIpage_tcreate
      mov rdx, 000001C5E1B6F303
      mov rcx, 000001C5E1B6F303
      mov rax, UIpage_showPage
      call rax
      call short UIpage_tdestroy
      add rsp,28
      ret
      align 10 CC
    UIpage_openSY:
      sub rsp,28
      call short UIpage_tcreate
      mov rdx, 000001BB560DCFAD
      mov rcx, 000001BE02D17472
      mov rax, UIpage_showPage
      call rax
      call short UIpage_tdestroy
      add rsp,28
      ret
      align 10 CC
    UIpage_openRR2:
      sub rsp,28
      call short UIpage_tcreate
      mov rdx, 000001DE9049D290
      mov rcx, 000001DE9049D290
      mov rax, UIpage_showPage
      call rax
      call short UIpage_tdestroy
      add rsp,28
      ret
      align 10 CC
    UIpage_openRR3:
      sub rsp,28
      call short UIpage_tcreate
      mov rdx, 000001D888A311A4
      mov rcx, 000001D888A311A4
      mov rax, UIpage_showPage
      call rax
      call short UIpage_tdestroy
      add rsp,28
      ret
      align 10 CC
    UIpage_openFS:
      sub rsp,28
      call short UIpage_tcreate
      mov rdx, 000001C180F996C1
      mov rcx, 000001D3C92D0F84
      mov rax, UIpage_showPage
      call rax
      call short UIpage_tdestroy
      add rsp,28
      ret
      align 10 CC
    UIpage_openOFS:
      sub rsp,28
      call short UIpage_tcreate
      mov rdx, 000001E08F786657
      mov rcx, 000001D93EA3FB23
      mov rax, UIpage_showPage
      call rax
      call short UIpage_tdestroy
      add rsp,28
      ret
      align 10 CC
    UIpage_openTS:
      sub rsp,28
      call short UIpage_tcreate
      mov rdx, 000001C202845507
      mov rcx, 000001C202845507
      mov rax, UIpage_showPage
      call rax
      call short UIpage_tdestroy
      add rsp,28
      ret
      align 10 CC
    UIpage_openCA:
      sub rsp,28
      call short UIpage_tcreate
      mov rdx, 000001C5E1B78B62
      mov rcx, 000001C5E1B78B62
      mov rax, UIpage_showPage
      call rax
      call short UIpage_tdestroy
      add rsp,28
      ret
      align 10 CC
    UIpage_openHH1:
      sub rsp,28
      call short UIpage_tcreate
      mov rdx, 0000017E0E691300
      mov rcx, 0000017E0E691300
      mov rax, UIpage_showPage
      call rax
      call short UIpage_tdestroy
      add rsp,28
      ret
      align 10 CC
    UIpage_openHH2:
      sub rsp,28
      call short UIpage_tcreate
      mov rdx, 0000017E0E6912F9
      mov rcx, 000001BE02D18C3A
      mov rax, UIpage_showPage
      call rax
      call short UIpage_tdestroy
      add rsp,28
      ret
      align 10 CC
    UIpage_openBA1:
      sub rsp,28
      call short UIpage_tcreate
      mov rdx, 000001C20282E8B7
      mov rcx, 000001C286D588AC
      mov rax, UIpage_showPage
      call rax
      call short UIpage_tdestroy
      add rsp,28
      ret
      align 10 CC
    UIpage_openFH:
      sub rsp,28
      call short UIpage_tcreate
      mov rdx, 000001C548B27C2B
      mov rcx, 000001C548B27C2B
      mov rax, UIpage_showPage
      call rax
      call short UIpage_tdestroy
      add rsp,28
      ret
      align 10 CC

    var01:
      dq 0, 0, 0 , 0
      align 10 CC
    var02:
      dq 0
      align 10 CC
    var03:
      dq 0
      align 10 CC
    var04:
      dq 0
      align 10 CC

    UIpage_pcall5:
      dq 0
      align 10 CC
    UIpage_pcall6:
      dq 0
      align 10 CC
    UIpage_pcall7:
      dq 0
      align 10 CC
    UIpage_pcall8:
      dq 0
      align 10 CC
    UIpage_pcall9:
      dq 0
      align 10 CC
    UIpage_pcallA:
      dq 0
      align 10 CC

[DISABLE]
  dealloc(*)
  unregisterSymbol(*)
I did not create these scripts and am not versed in writing them, so any help would be greatly appreciated. Thanks!
Top
ShyTwig16
Expert Cheater
Expert Cheater
Posts: 335
Joined: Thu Apr 06, 2017 7:14 pm
Reputation: 20

Re: [HELP] AC Valhalla: fixing a couple cheats

Post by ShyTwig16 »

HK26 wrote:
Wed Jan 12, 2022 2:20 am
 ...
It's saying the AOBs can't be found, so the bytes have likely changed. But with the error messages differing in their formats makes me wound if they use some lua code to override the CE AA commands. But I'm still using CE 7.2, so I'm not sure if the new version has changed the error messages. And with no original code to work with these will be hard to update. I know you said you didn't make them, but the lesson is to always include some original code in the script. This is why CE templates have the commented out code at the bottom. Best you can do is start trimming down the AOB tell you get some hits and hope one of them is the right code. You might get lucky with different parts of the old AOB. But with the second one, it's already pretty short so it might prove to be difficult. If that doesn't work you'll have to start from square one and re-find the values and then the code. These were not written to be update friendly, there doesn't seem to be any original code in any of it. So you really have no idea what code to even look for. I'd be starting over with these, or try and contact the original creator and hope they at least explain how they found the code the first time.
Top
User avatar
HK26
Expert Cheater
Expert Cheater
Posts: 138
Joined: Wed Aug 04, 2021 2:43 am
Reputation: 95

Re: [HELP] AC Valhalla: fixing a couple cheats

Post by HK26 »

ShyTwig16 wrote:
Wed Jan 12, 2022 3:00 am
HK26 wrote:
Wed Jan 12, 2022 2:20 am
 ...
It's saying the AOBs can't be found, so the bytes have likely changed. But with the error messages differing in their formats makes me wound if they use some lua code to override the CE AA commands. But I'm still using CE 7.2, so I'm not sure if the new version has changed the error messages. And with no original code to work with these will be hard to update. I know you said you didn't make them, but the lesson is to always include some original code in the script. This is why CE templates have the commented out code at the bottom. Best you can do is start trimming down the AOB tell you get some hits and hope one of them is the right code. You might get lucky with different parts of the old AOB. But with the second one, it's already pretty short so it might prove to be difficult. If that doesn't work you'll have to start from square one and re-find the values and then the code.
Thank you for responding. I have been searching through AOBs & values for the horse one and I've got it narrowed down. I thought I'd ask here in case there was a simpler or better solution. Appreciate it :)
Top
tampy
Expert Cheater
Expert Cheater
Posts: 55
Joined: Sat Mar 25, 2017 7:43 am
Reputation: 4

Re: [HELP] AC Valhalla: fixing a couple cheats

Post by tampy »

Mind fixing it for 1.7??
Top
Luke76bg
Expert Cheater
Expert Cheater
Posts: 276
Joined: Fri Mar 03, 2017 1:54 pm
Reputation: 12

Re: [HELP] AC Valhalla: fixing a couple cheats

Post by Luke76bg »

yes please someone can fix it for 1.7 ? Please!
Top
Post Reply

Return to “Cheat Engine”

Who is online

Users browsing this forum: No registered users