Sniper Elite 5 [Engine:Asura]

[Rhark]

Hello, SunBeam,

You could create a table to completely hide the HUD of the game?
You can hide only part of the HUD in the game...

Please stop asking, you've asked multiple times across many threads so far.

How to use this cheat table?

1. Install Cheat Engine
2. Double-click the .CT file in order to open it.
3. Click the PC icon in Cheat Engine in order to select the game process.
4. Keep the list.
5. Activate the trainer options by checking boxes or setting values from 0 to 1

[mixerced]

Hello, SunBeam,

You could create a table to completely hide the HUD of the game?
You can hide only part of the HUD in the game...

Please stop asking, you've asked multiple times across many threads so far.

I know but no one is able to answer me...
I see some like "SunBeam" are very good on Cheat Engine, so I would like it to answer my request
Of course in exchange I will make a donation on Patreon

[Fullcodes]

always level up, just test

[ENABLE]

aobscanmodule(EXPADDTest,sniper5_dx12.exe,48 89 46 08 48 8B 74 24 38) // should be unique
alloc(newmem,$1000,EXPADDTest)

label(code)
label(return)

newmem:
cmp [rsi+30],2
jne code
mov rax,[sniper5_dx12.exe+27CF5A8]
code:
mov [rsi+08],rax
mov rsi,[rsp+38]
jmp return

EXPADDTest:
jmp newmem
nop 4
return:
registersymbol(EXPADDTest)

[DISABLE]

EXPADDTest:
db 48 89 46 08 48 8B 74 24 38

unregistersymbol(EXPADDTest)
dealloc(newmem)

[mixerced]

always level up, just test

[ENABLE]

aobscanmodule(EXPADDTest,sniper5_dx12.exe,48 89 46 08 48 8B 74 24 38) // should be unique
alloc(newmem,$1000,EXPADDTest)

label(code)
label(return)

newmem:
cmp [rsi+30],2
jne code
mov rax,[sniper5_dx12.exe+27CF5A8]
code:
mov [rsi+08],rax
mov rsi,[rsp+38]
jmp return

EXPADDTest:
jmp newmem
nop 4
return:
registersymbol(EXPADDTest)

[DISABLE]

EXPADDTest:
db 48 89 46 08 48 8B 74 24 38

unregistersymbol(EXPADDTest)
dealloc(newmem)

What ?

[Fullcodes]

always level up, just test

[ENABLE]

aobscanmodule(EXPADDTest,sniper5_dx12.exe,48 89 46 08 48 8B 74 24 38) // should be unique
alloc(newmem,$1000,EXPADDTest)

label(code)
label(return)

newmem:
cmp [rsi+30],2
jne code
mov rax,[sniper5_dx12.exe+27CF5A8]
code:
mov [rsi+08],rax
mov rsi,[rsp+38]
jmp return

EXPADDTest:
jmp newmem
nop 4
return:
registersymbol(EXPADDTest)

[DISABLE]

EXPADDTest:
db 48 89 46 08 48 8B 74 24 38

unregistersymbol(EXPADDTest)
dealloc(newmem)

What ?

aob for ce

[ShasVa]

Update: Figured it out. Sorry to trouble you. Ignore what was typed here previously.

[Fullcodes]

Version: Steam | v1.02 | 2022.05.25.1186627
by Fullcodes


--------- 20220606 ---------

Game Speed Modify 游戏速度修改 默认3倍
Player Invincible/Ignore Damage 角色无敌状态
Infinite Player Health 角色无限生命
Player Low Heart Rate 角色心率稳定
Infinite Ammo and Items Use 无限弹药和道具使用 // UPDATE
No Reload 无需装弹
No Recoil 无后坐力
Super Accuracy 超级精准度
One Hit Kill 一击必杀
Enemy Cant Move 敌人不能移动
Player Stealth 角色潜行模式 // UPDATE
Infinite Skill Point Use 技能点数使用不减
Always Level Up（Not Recommended） 总是升级（不推荐）

[vecuccio]

Hi.

- What are MouseX1 and Mouse x2 ? Are they buttons ? (Mentioned for teleporting to cursor) I randomly pressed a couple of the unused mouse buttons on my Logitech G402 and the game crashed to desktop.

Great trainer though. Any plans to add 1 hit kill ? fearlessrevolution has it, and run that too, so it's no biggie.

[tampy]

Thanks SunBeam!

[SunBeam]

Hi.

What are MouseX1 and Mouse x2 ? Are they buttons ?

They are mouse buttons. I use a Logitech G502 Hero mouse, so they are these:



I don't know where they're placed on yours, so you'll have to figure it out. If you don't have those Mouse keys, then I recommend opening the script and changing the keys to something else (lines 39, 49, 59, 69):

Code: Select all

  mov rcx,5A // Z
..
  mov rcx,56 // V
..
  mov rcx,6 // VK_XBUTTON2
..
  mov rcx,5 // VK_XBUTTON1

The list of keys can be consulted here: [Link]. You should use the hexadecimal values you see on the Value column corresponding to the keys of your choice on the first column.

[SunBeam]

...

But then again, if it's crashing your ass, then set a breakpoint on the hook point of "Disable Sound Detection", exit the function or when it hits > Ctrl+G > [rsp] and place a 0xC3 (ret) at the function appointed by the call above it. Then you won't have the "writing to the address (0,1)" problem. That simple.

So hotfix 3 ( ) of the CH trainer now has this: Invisible Player.

Let's have a look, shall we: opened my table, opened the game process, Memory Viewer > Ctrl+G > SkipSoundDetection (it's the hook spot for "Disable Sound Detection" script):

Code: Select all

sniper5_dx12.exe+75A320 - 40 55                 - push rbp // prologue
sniper5_dx12.exe+75A322 - 48 8D AC 24 60FFFFFF  - lea rbp,[rsp-000000A0]
..
..
SkipSoundDetection - 48 8B 3E              - mov rdi,[rsi] <<
sniper5_dx12.exe+75A370- 48 85 FF              - test rdi,rdi
sniper5_dx12.exe+75A373- 0F84 150E0000         - je sniper5_dx12.exe+75B18E
sniper5_dx12.exe+75A379- 48 89 9C 24 B0010000  - mov [rsp+000001B0],rbx

Set a breakpoint at 'sniper5_dx12.exe+75A320' and let CE break. Ctrl+G > [rsp] and we're here:

Code: Select all

PlayersOnly - 48 8B C4              - mov rax,rsp
sniper5_dx12.exe+6AA343- 48 83 EC 68           - sub rsp,68 { 104 }
sniper5_dx12.exe+6AA347- 80 3D A77DFE01 00     - cmp byte ptr [sniper5_dx12.exe+26920F5],00 { (1),0 }
sniper5_dx12.exe+6AA34E- 0F84 E3040000         - je sniper5_dx12.exe+6AA837
sniper5_dx12.exe+6AA354- 48 89 58 08           - mov [rax+08],rbx
sniper5_dx12.exe+6AA358- 48 89 68 18           - mov [rax+18],rbp
sniper5_dx12.exe+6AA35C- 48 89 70 20           - mov [rax+20],rsi
sniper5_dx12.exe+6AA360- 48 89 78 F8           - mov [rax-08],rdi
sniper5_dx12.exe+6AA364- 0F29 70 E8            - movaps [rax-18],xmm6
sniper5_dx12.exe+6AA368- 0F29 78 D8            - movaps [rax-28],xmm7
sniper5_dx12.exe+6AA36C- E8 3F3C0C00           - call sniper5_dx12.exe+76DFB0 <<
sniper5_dx12.exe+6AA371- 48 8D 0D 78A0E301     - lea rcx,[sniper5_dx12.exe+24E43F0] { (140D32F80) }
sniper5_dx12.exe+6AA378- E8 A3FF0A00           - call sniper5_dx12.exe+75A320 << SkipSoundDetection function
sniper5_dx12.exe+6AA37D- 48 8D 0D 5C9FE301     - lea rcx,[sniper5_dx12.exe+24E42E0] { (140D268F8) } << exits here

You can already see you exit to another function I labeled as PlayersOnly. Used in another script in the 'Perfect Stealth' section of my table.

So what did Caliber do? Let's see:

• set a breakpoint on the hook point of "Disable Sound Detection"

• exit the function or when it hits > Ctrl+G > [rsp]

Then I said:

• place a 0xC3 (ret) at the function appointed by the call above it

The "function appointed by the call above it" is none other than:

Code: Select all

sniper5_dx12.exe+6AA36C- E8 3F3C0C00           - call sniper5_dx12.exe+76DFB0

So Aurora does this now, just so he rubs it in my face that "my code doesn't do what yours does" -or- "my code doesn't do what you said; check it!":

Code: Select all

sniper5_dx12.exe+6AA36C - E9 3F6295FF           - jmp sniper5_dx12.exe+5B0 { ->->38CE0000 }
..
..
38CE0000 - 48 31 C0              - xor rax,rax
38CE0003 - FF25 00000000 71A36A4001000000 - jmp sniper5_dx12.exe+6AA371

So no, his code doesn't do a RET, but an XOR RAX,RAX, which makes no fucking sense as the original function doesn't even have a return value. Let's take a look:

Code: Select all

sniper5_dx12.exe+76DFB0 - 48 89 5C 24 10        - mov [rsp+10],rbx
sniper5_dx12.exe+76DFB5 - 48 89 6C 24 18        - mov [rsp+18],rbp
sniper5_dx12.exe+76DFBA - 57                    - push rdi
sniper5_dx12.exe+76DFBB - 48 83 EC 20           - sub rsp,20 { 32 }
sniper5_dx12.exe+76DFBF - E8 0C040000           - call sniper5_dx12.exe+76E3D0
sniper5_dx12.exe+76DFC4 - F0 FF 05 E971D701     - lock inc [sniper5_dx12.exe+24E51B4] { (0) }
sniper5_dx12.exe+76DFCB - 44 8B 05 DA71D701     - mov r8d,[g_SkipVisualDetection] { (1) }
sniper5_dx12.exe+76DFD2 - 33 ED                 - xor ebp,ebp
sniper5_dx12.exe+76DFD4 - 45 85 C0              - test r8d,r8d
..
..
sniper5_dx12.exe+76E0FE - 89 05 E8860502        - mov [sniper5_dx12.exe+27C67EC],eax { (0) }
sniper5_dx12.exe+76E104 - FF C7                 - inc edi
sniper5_dx12.exe+76E106 - 3B F8                 - cmp edi,eax << this is a fucking iteration register, not a return value!
sniper5_dx12.exe+76E108 - 0F82 72FFFFFF         - jb sniper5_dx12.exe+76E080
sniper5_dx12.exe+76E10E - 48 8B 74 24 30        - mov rsi,[rsp+30]
sniper5_dx12.exe+76E113 - 48 8B 5C 24 38        - mov rbx,[rsp+38]
sniper5_dx12.exe+76E118 - 48 8B 6C 24 40        - mov rbp,[rsp+40]
sniper5_dx12.exe+76E11D - 48 83 C4 20           - add rsp,20 { 32 }
sniper5_dx12.exe+76E121 - 5F                    - pop rdi
sniper5_dx12.exe+76E122 - C3                    - ret 

No return value. If there would've been a return value, we'd have seen XOR AL,AL -or- MOV AL,1 + RET. And in case someone says "but that EAX at 'sniper5_dx12.exe+76E106' is the return value" they're wrong. It's an iterator used for the JB loop T_T...

Conclusions:

• didn't take long for Caliber to yet again check my work

• didn't take long for Caliber to yet again use my work

• didn't take long for Caliber to act like a complete piece of shit and fake-pretend he isn't using anything that I discovered (and just cuz it's in a table or posted freely on the internet, he's entitled to it)

I would really like to ask Caliber how he's found the enemy detection mechanism, cuz sure as shit it's not by "I searched for the visibility gauge value and debugged from there" T_T. I am 100% sure you know jack shit about Asura..

That's CH, folks. They "make money and work 10 times harder than everyone else in this business" fixing their trainers using others' work. And of course "I won't be back to discuss this further", cuz why bother give explanation to someone whose value is below zero in his eyes, YET HE USES THE WORK OF? Right. But I guess that's what you do when you don't have the time to properly fix your crap (took him 2 hotfixes to give up and start combing through my work to find a quick way to fix his once and for all): you STEAL from the "self proclaimed 'legend'" (his words). In short: "fuck you, SunBeam, I won't be back to respond.. but I will definitely use your stuff out of spite".

Cal thinks no one will bother to check all of the above, cuz the game will update and all of this will be wasted breath. Well.. great minds think alike and therefore here's the backed-up 1.02 executable of SE5. Just so you have the means to verify all of my explanations:

[Link]
[Link]

And if anyone dares report the above links, I will repost them indefinitely.

You can debug Aurora with a simple breakpoint @ WriteProcessMemory. And I don't give a single fuck if he starts spinning this into "but you too were debugging our shit". Sure I was, it's not the first time you STEAL from my work. I asked numerous times to leave my work alone, yet you can't resist, could you? It's faster to look at my table than wasting your precious time to figure it out on your own, n'est-ce pas?

QED.

"best,
Sun"

P.S.1: Please, CH acolytes, have at it. Inform him of what I posted, I know you're reading and can't resist not notifying him.

P.S.2:

'Unlimited Health' bugs the player so that they are constantly on red bloody screen and being told they need to heal
'Unlimited Satchel Charges' doesn't work

I guess he will "fix" the first one just as he fixed the Invisibility option: either bluntly using my No Stagger God Mode script -or- deriving his hook spot from mine.. Will post the outcome as soon as HF4 is live. Cuz that's what I'm force to do, track his stealing modus operandi. I'm glad google crawler will make this popular

[michaelhost]

Thank you for keep updating and adding new stuff sunbeam

[Fullcodes]

just update the code for player stealh

[sabateur12]

is it possible to set a character model for singel player would love the play the singel player campain with a german uniform kinda diguise idea managed to do it in sniper elite 4 but yet cant in sniper elite 5 any way you think you can make it that with a hitbox your char will be stuck in any mode you do?

[sabateur12]

like the console goodies from sniper elite 4 by the way the game looks, wouldnt be suprised if all the commands are still the same