HELLDIVERS 2

[emoisback]

base on gir489 and this thread thanks to them.

im learning and share PoC and Source if you want to edit or what every.

viewtopic.php?f=23&t=28015

How to use this cheat table?

1. Install Cheat Engine
2. Double-click the .CT file in order to open it.
3. Click the PC icon in Cheat Engine in order to select the game process.
4. Keep the list.
5. Activate the trainer options by checking boxes or setting values from 0 to 1

[Kekner]

base on gir489 and this thread thanks to them.

im learning and share PoC and Source if you want to edit or what every.

viewtopic.php?f=23&t=28015

Great Idea! Thank you for updating, preserving and sharing everything!

[Kekner]

What are you even doing, have you at least check the table Gir's uploaded? Get his table then simply edit the values inside the script, it works just fine, damn guys what's so complicated about it?

I do have their table. I'm not a pro at reading scripts, but it seems his only script in there for resources is to add 5 of the green sample, and nothing for the other 2. Sure I can edit green to 500, but I have no idea how to change it to include the other 2 items.

Alright, here's the script properly modified for you guys, i don't take any credit for it.

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>26</ID>
      <Description>"Max Resources"</Description>
      <LastState/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>{ Game   : helldivers2.exe
  Version:
  Date   : 2024-02-27
  Author : admin

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(samples,game.dll,4C 8B 15 ? ? ? ? 45 8B F0 0F 84 ? ? ? ? 45 8B 8A) // should be unique
alloc(newmem,$1000)

label(return)
label(resource_ptr)

(DWORD)[samples+03]+samples+07:
resource_ptr:

newmem:
 push rax
 mov rax,[resource_ptr]
 mov [rax+17EC],#500
 mov [rax+17F0],#250
 mov [rax+17F4],#100
 mov r10,rax
 pop rax
jmp return

samples:
  jmp newmem
  nop 2
return:
registersymbol(samples)

[DISABLE]

samples:
  mov r10,[resource_ptr]

unregistersymbol(samples)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: game.dll+5286BD

game.dll+52869D: CC                    - int 3
game.dll+52869E: CC                    - int 3
game.dll+52869F: CC                    - int 3
game.dll+5286A0: 45 85 C9              - test r9d,r9d
game.dll+5286A3: 0F 84 EA 00 00 00     - je game.dll+528793
game.dll+5286A9: 48 89 6C 24 20        - mov [rsp+20],rbp
game.dll+5286AE: 41 56                 - push r14
game.dll+5286B0: 48 83 EC 20           - sub rsp,20
game.dll+5286B4: 3B 15 92 0E 1E 01     - cmp edx,[game.dll+170954C]
game.dll+5286BA: 41 8B E9              - mov ebp,r9d
// ---------- INJECTING HERE ----------
game.dll+5286BD: 4C 8B 15 54 EB 14 01  - mov r10,[game.dll+1677218]
// ---------- DONE INJECTING  ----------
game.dll+5286C4: 45 8B F0              - mov r14d,r8d
game.dll+5286C7: 0F 84 7D 00 00 00     - je game.dll+52874A
game.dll+5286CD: 45 8B 8A 18 08 00 00  - mov r9d,[r10+00000818]
game.dll+5286D4: 45 33 C0              - xor r8d,r8d
game.dll+5286D7: 45 8B 9A 20 08 00 00  - mov r11d,[r10+00000820]
game.dll+5286DE: 48 89 5C 24 30        - mov [rsp+30],rbx
game.dll+5286E3: 48 89 74 24 38        - mov [rsp+38],rsi
game.dll+5286E8: 44 0F AF DA           - imul r11d,edx
game.dll+5286EC: 41 8D 71 FF           - lea esi,[r9-01]
game.dll+5286F0: 48 89 7C 24 40        - mov [rsp+40],rdi
}

</AssemblerScript>
    </CheatEntry>
  </CheatEntries>
</CheatTable>

It works just fine.

Spoiler

Tested it out of curiosity, seems there is a warning when compiling, and the script refuses to enable at all. Also the pic is using a bunch of other scripts which isnt helping but i did try more than once and i couldnt enable the cheat on its own, whether the other scripts were used or not.

[slrrsrv]

Quick question. What's the use of "Add 5 resources"

[emoisback]

Quick question. What's the use of "Add 5 resources"

it add 5 samples ( common one )

[Kekner]

Quick question. What's the use of "Add 5 resources"

Feel free to take a look. Its a part of gir489's table which is the top of the very first page of this board and lucky for us he keeps it updated!


// Game Executable : helldivers2.exe
// Author : gir489
// Executable Version: 1.8.16570.0
// MD5 Signature : 4BBCD22B016AF1F87FE9F374EDBA78CF
// EXE Compile Date : February 16, 2024 11:03 AM
// Script Date : February 27, 2024 09:19 PM
[ENABLE]
aobscanmodule(aob_Add5Resources,game.dll,45 01 B4 8A EC 17 00 00)
registersymbol(aob_Add5Resources)
alloc(newmem_Add5Resources,1024)
label(return_Add5Resources)

newmem_Add5Resources:
add [r10+rcx*4+17EC],5
jmp return_Add5Resources

aob_Add5Resources:
jmp newmem_Add5Resources
nop 3
return_Add5Resources:

[DISABLE]
aob_Add5Resources:
db 45 01 B4 8A EC 17 00 00

unregistersymbol(aob_Add5Resources)
dealloc(newmem_Add5Resources)

{
// ORIGINAL CODE - INJECTION POINT: game.dll+52875C

game.dll+528720: 3B CF - cmp ecx,edi
game.dll+528722: 74 0E - je game.dll+528732
game.dll+528724: 3B CA - cmp ecx,edx
game.dll+528726: 74 0A - je game.dll+528732
game.dll+528728: 41 FF C0 - inc r8d
game.dll+52872B: 45 3B C1 - cmp r8d,r9d
game.dll+52872E: 72 E0 - jb game.dll+528710
game.dll+528730: 33 C0 - xor eax,eax
game.dll+528732: 48 8B 7C 24 40 - mov rdi,[rsp+40]
game.dll+528737: 48 8B 74 24 38 - mov rsi,[rsp+38]
game.dll+52873C: 48 8B 5C 24 30 - mov rbx,[rsp+30]
game.dll+528741: 39 10 - cmp [rax],edx
game.dll+528743: 75 05 - jne game.dll+52874A
game.dll+528745: 8B 40 04 - mov eax,[rax+04]
game.dll+528748: EB 05 - jmp game.dll+52874F
game.dll+52874A: B8 FF FF FF FF - mov eax,FFFFFFFF
game.dll+52874F: 8B D0 - mov edx,eax
game.dll+528751: 8D 4D FF - lea ecx,[rbp-01]
game.dll+528754: 48 8D 04 92 - lea rax,[rdx+rdx*4]
game.dll+528758: 48 8D 0C 41 - lea rcx,[rcx+rax*2]
// ---------- INJECTING HERE ----------
game.dll+52875C: 45 01 B4 8A EC 17 00 00 - add [r10+rcx*4+000017EC],r14d
// ---------- DONE INJECTING ----------
game.dll+528764: 48 8D 82 99 00 00 00 - lea rax,[rdx+00000099]
game.dll+52876B: 48 8D 04 80 - lea rax,[rax+rax*4]
game.dll+52876F: 4D 8D 04 C2 - lea r8,[r10+rax*8]
game.dll+528773: 49 8B 84 D2 28 08 00 00 - mov rax,[r10+rdx*8+00000828]
game.dll+52877B: BA 94 4C 74 92 - mov edx,92744C94
game.dll+528780: 8B 48 10 - mov ecx,[rax+10]
game.dll+528783: E8 38 EE 42 00 - call game.dll+9575C0
game.dll+528788: 48 8B 6C 24 48 - mov rbp,[rsp+48]
game.dll+52878D: 48 83 C4 20 - add rsp,20
game.dll+528791: 41 5E - pop r14
game.dll+528793: C3 - ret
game.dll+528794: CC - int 3
game.dll+528795: CC - int 3
game.dll+528796: CC - int 3
game.dll+528797: CC - int 3
game.dll+528798: CC - int 3
game.dll+528799: CC - int 3
game.dll+52879A: CC - int 3
game.dll+52879B: CC - int 3
game.dll+52879C: CC - int 3
}

[emoisback]

base on gir489 and this thread thanks to them.

im learning and share PoC and Source if you want to edit or what every.

viewtopic.php?f=23&t=28015

Great Idea! Thank you for updating, preserving and sharing everything!

sure have you test it, i want to know its work or not.

[Kekner]

base on gir489 and this thread thanks to them.

im learning and share PoC and Source if you want to edit or what every.

viewtopic.php?f=23&t=28015

Great Idea! Thank you for updating, preserving and sharing everything!

sure have you test it, i want to know its work or not.

How is this used? Can anyone verify this isnt going to RAT me?

[emoisback]

Great Idea! Thank you for updating, preserving and sharing everything!

sure have you test it, i want to know its work or not.

How is this used? Can anyone verify this isnt going to RAT me?

i put a github and source there you can try to rebuild it you self..

[gir489]

Alright, here's the script properly modified for you guys, i don't take any credit for it.

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>26</ID>
      <Description>"Max Resources"</Description>
      <LastState/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>{ Game   : helldivers2.exe
  Version:
  Date   : 2024-02-27
  Author : admin

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(samples,game.dll,4C 8B 15 ? ? ? ? 45 8B F0 0F 84 ? ? ? ? 45 8B 8A) // should be unique
alloc(newmem,$1000)

label(return)
label(resource_ptr)

(DWORD)[samples+03]+samples+07:
resource_ptr:

newmem:
 push rax
 mov rax,[resource_ptr]
 mov [rax+17EC],#500
 mov [rax+17F0],#250
 mov [rax+17F4],#100
 mov r10,rax
 pop rax
jmp return

samples:
  jmp newmem
  nop 2
return:
registersymbol(samples)

[DISABLE]

samples:
  mov r10,[resource_ptr]

unregistersymbol(samples)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: game.dll+5286BD

game.dll+52869D: CC                    - int 3
game.dll+52869E: CC                    - int 3
game.dll+52869F: CC                    - int 3
game.dll+5286A0: 45 85 C9              - test r9d,r9d
game.dll+5286A3: 0F 84 EA 00 00 00     - je game.dll+528793
game.dll+5286A9: 48 89 6C 24 20        - mov [rsp+20],rbp
game.dll+5286AE: 41 56                 - push r14
game.dll+5286B0: 48 83 EC 20           - sub rsp,20
game.dll+5286B4: 3B 15 92 0E 1E 01     - cmp edx,[game.dll+170954C]
game.dll+5286BA: 41 8B E9              - mov ebp,r9d
// ---------- INJECTING HERE ----------
game.dll+5286BD: 4C 8B 15 54 EB 14 01  - mov r10,[game.dll+1677218]
// ---------- DONE INJECTING  ----------
game.dll+5286C4: 45 8B F0              - mov r14d,r8d
game.dll+5286C7: 0F 84 7D 00 00 00     - je game.dll+52874A
game.dll+5286CD: 45 8B 8A 18 08 00 00  - mov r9d,[r10+00000818]
game.dll+5286D4: 45 33 C0              - xor r8d,r8d
game.dll+5286D7: 45 8B 9A 20 08 00 00  - mov r11d,[r10+00000820]
game.dll+5286DE: 48 89 5C 24 30        - mov [rsp+30],rbx
game.dll+5286E3: 48 89 74 24 38        - mov [rsp+38],rsi
game.dll+5286E8: 44 0F AF DA           - imul r11d,edx
game.dll+5286EC: 41 8D 71 FF           - lea esi,[r9-01]
game.dll+5286F0: 48 89 7C 24 40        - mov [rsp+40],rdi
}

</AssemblerScript>
    </CheatEntry>
  </CheatEntries>
</CheatTable>

It works just fine.

Spoiler

I removed that script because it doesn't work in MP. It writes to the 0th player's (host's) slot. I instead chose to hijack the code later down the chain when it adds the elements to your inventory. This ensures that only you are adding X number of elements to your inventory and not corrupting the host's (although it doesn't really matter, since the host is the one who submits the end round data to the master server).

[Kekner]

sure have you test it, i want to know its work or not.

How is this used? Can anyone verify this isnt going to RAT me?

i put a github and source there you can try to rebuild it you self..

My pc doesnt like it, even made an exception folder and tried accepting it but its throwing a paddy at the sight of it for some reason, i ran it through Virus Total and it came back clean...

[killerkrok555]

for the guys waiting patiently, and for me I present to you no reload for special ammo, I discovered a hidden animation for weapon jamming while playing in the code but that's another story, enjoy brothers and keep helping to spread controlled democracy.

Code: Select all

[ENABLE]
aobscanmodule(specialammo, game.dll,48 89 4C 24 ?? 53 55 56 57 41 57 48 83 EC 40 48 8B 05 ?? ?? ?? ?? 45 33 FF)
registersymbol(specialammo)

specialammo:
 db C3 90 90 90 90

[DISABLE]
specialammo:
 db 48 89 4C 24 08

{
// ORIGINAL CODE - INJECTION POINT: game.dll+3903EE

game.dll+3903CB: 48 C1 E0 04              - shl rax,04
game.dll+3903CF: 44 8B F1                 - mov r14d,ecx
game.dll+3903D2: 48 03 F8                 - add rdi,rax
game.dll+3903D5: 49 8B CD                 - mov rcx,r13
game.dll+3903D8: E8 F3 CE FB FF           - call game.dll+34D2D0
game.dll+3903DD: 48 8B C8                 - mov rcx,rax
game.dll+3903E0: 45 38 BC 24 9C 00 00 00  - cmp [r12+0000009C],r15l
game.dll+3903E8: 74 25                    - je game.dll+39040F
game.dll+3903EA: 8B 07                    - mov eax,[rdi]
game.dll+3903EC: 85 C0                    - test eax,eax
// ---------- INJECTING HERE ----------
game.dll+3903EE: 74 1F                    - je game.dll+39040F
// ---------- DONE INJECTING  ----------
game.dll+3903F0: 44 39 7F 04              - cmp [rdi+04],r15d
game.dll+3903F4: 75 07                    - jne game.dll+3903FD
game.dll+3903F6: 44 8B 39                 - mov r15d,[rcx]
game.dll+3903F9: 32 C9                    - xor cl,cl
game.dll+3903FB: EB 14                    - jmp game.dll+390411
game.dll+3903FD: FF C8                    - dec eax
game.dll+3903FF: 99                       - cdq
game.dll+390400: F7 7F 0C                 - idiv [rdi+0C]
game.dll+390403: 32 C9                    - xor cl,cl
game.dll+390405: 48 63 C2                 - movsxd  rax,edx
}

{
// ORIGINAL CODE - INJECTION POINT: game.dll+390270

game.dll+390266: CC                    - int 3
game.dll+390267: CC                    - int 3
game.dll+390268: CC                    - int 3
game.dll+390269: CC                    - int 3
game.dll+39026A: CC                    - int 3
game.dll+39026B: CC                    - int 3
game.dll+39026C: CC                    - int 3
game.dll+39026D: CC                    - int 3
game.dll+39026E: CC                    - int 3
game.dll+39026F: CC                    - int 3
// ---------- INJECTING HERE ----------
game.dll+390270: 48 89 4C 24 08        - mov [rsp+08],rcx
// ---------- DONE INJECTING  ----------
game.dll+390275: 53                    - push rbx
game.dll+390276: 55                    - push rbp
game.dll+390277: 56                    - push rsi
game.dll+390278: 57                    - push rdi
game.dll+390279: 41 57                 - push r15
game.dll+39027B: 48 83 EC 40           - sub rsp,40
game.dll+39027F: 48 8B 05 6A 6C 2E 01  - mov rax,[game.dll+1676EF0]
game.dll+390286: 45 33 FF              - xor r15d,r15d
game.dll+390289: 8B 3D 85 92 37 01     - mov edi,[game.dll+1709514]
game.dll+39028F: 8B DA                 - mov ebx,edx
}

[emoisback]

How is this used? Can anyone verify this isnt going to RAT me?

i put a github and source there you can try to rebuild it you self..

My pc doesnt like it, even made an exception folder and tried accepting it but its throwing a paddy at the sight of it for some reason, i ran it through Virus Total and it came back clean...

wierd lets wait another try it hahaha

[Kekner]

Antivirus was being a bitch but its clean, nothing malicious that i have found anyway.

[emoisback]

Antivirus was being a bitch but its clean, nothing malicious that i have found anyway.

yeah its totally clean, dont mean harm anyone, just share what i learn, so its work?