Metal Slug Attack Reloaded Table

[ign1z]

lets say, the ap current value is 1648 ...

it seems we cannot just easily search for 1648 in any form ( byte, int, float, double, etc ...)
how is the 1648 is being encoded ?

How to use this cheat table?

1. Install Cheat Engine
2. Double-click the .CT file in order to open it.
3. Click the PC icon in Cheat Engine in order to select the game process.
4. Keep the list.
5. Activate the trainer options by checking boxes or setting values from 0 to 1

[magakiz]

thx for making table! need exp multi and item drop rate if possible

[TioEdu]

270355572 also works


but it always remains zero - giving the impression that it didn't work

[SilverRabbit90]

Spoiler

[Link].


Did you need to study this to be able to write this code?

for example, I don't understand why you used cmp [rsp+10] in infinite AP cheat

I wanted to understand how you created the code, I had found the address, but none of the scripts I created worked, but you made it look easy.

This is the method I used for the compare list:


This is the compare list:

Spoiler

Spoiler

Spoiler

Spoiler

Spoiler

Blue = First thing that appears
Red = While using the AP - clicking on the girl


2735923611
How did you find this value? or others that would work?

To find the value of "AP", you need to follow several steps (since the values are encrypted, making it more complex than in other games).
First, set the search to 4 bytes (Value Type 4 Bytes). Then, perform "Unknown Initial Value" and "First Scan" (preferably do this with the game paused). Now, remove the pause (if the game was paused) and perform "Increased Value" until the AP reach the maximum limit (but do not click on the girl with the backpack yet). Obviously, when the AP reach the maximum limit, do not perform "Increased Value" anymore but instead perform "Changed Value" and then "Unchanged Value" several times (I refer to unchanged value). Now, click on the girl and perform "Changed Value" followed by "Increased Value". At this point, there should be only one value left (sometimes there are also a dozen values, in which case try to freeze the header or modify one of these to see which one changes the AP value).

When performing a compare, do not mark as group 2. This is useful if multiple values enter the same address. You can mark the value you want to separate (in this case, AP) and perform "scan for commonalities". You do not have to use the RSP register for the compare; try using other registers, such as R8. Do not check "Only find matching groups" as it is specific for grouping values in both blue and red (useful for separating values like HP for your characters and HP for enemies).
The compare function works as follows:

cmp [rsp+10],(int)88
jne code

Here, (int)88 is a static value that does not change even after restarting the game. RSP is the register where you look for a value that does not change (even after restarting the game). The +10 is the offset, which is the line where the static value is found. This offset is usually a multiple of 4 and is seen in hexadecimal (Hex) as 0, 4, 8, 0C, 10, 14... which would be 0, 4, 8, 12, 16, 20...
The script checks if the value at the offset 10 (line 16) in the RSP register is (int)88. If it is, it executes the code. If not, it does not execute the code. In this case, it executes:

mov [r8],(int)2735923611
movzx edx,byte ptr [r8]
movzx eax,cx
jmp return).

If everything works (which is not guaranteed), the script will overwrite the AP value with (int)2735923611, which is 98976 AP.

[SilverRabbit90]

270355572 also works


but it always remains zero - giving the impression that it didn't work

The value (int)2735923611 was found randomly, I shot random numbers until a high number came out, in fact it should be equal to 98976 Ap (2735923611 = 97976). The value is encrypted so don't expect that if you enter (int)1000 as the result, 1000 Ap will come out (I did some tests and it seems to give 0 Ap) for example 2735913611 = 600 Ap 2786245530 = 3300 Ap.

[SilverRabbit90]

When making a comparison in a specific registry, it is recommended to take screenshots of the list, then restart the game and redo everything necessary to find the value you want to separate from the rest of the values and compare it initially to see which values have not changed. This way, you can find your static value. Of course, you must search in the same registry (if the first time in the commonality scanner you choose RSP, you must also choose the RSP registry the second time)

[TioEdu]

2711111111, 1111111111 also works

I think I understand how to do it.

I made a video explaining how I did it:

[TioEdu]

trying to create a cheat to always leave support at maximum, I ended up creating one that leaves all statuses increasing forever
and no one ever dies... I have no idea what happened. ahahahahah

Code: Select all

{ Game   : MSAR-Win64-Shipping.exe
  Version: 
  Date   : 2024-06-23
  Author : edtv_

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(INJECT,MSAR-Win64-Shipping.exe,00 48 63 C8 42 0F B6 04 11) // should be unique
alloc(newmem,$1000,INJECT)

label(code)
label(return)



newmem:
cmp [rsp+0], (int)0
jnp code

mov [rcx+r10], (int)1

code:

  movzx eax,byte ptr [rcx+r10]
  jmp return

INJECT+04:
  jmp newmem
return:
registersymbol(INJECT)

[DISABLE]

INJECT+04:
  db 42 0F B6 04 11

unregistersymbol(INJECT)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: MSAR-Win64-Shipping.exe+10C8767

MSAR-Win64-Shipping.exe+10C8738: 44 89 44 24 18           - mov [rsp+18],r8d
MSAR-Win64-Shipping.exe+10C873D: 4C 8D 49 05              - lea r9,[rcx+05]
MSAR-Win64-Shipping.exe+10C8741: 4C 8B D1                 - mov r10,rcx
MSAR-Win64-Shipping.exe+10C8744: BB 20 20 00 00           - mov ebx,00002020
MSAR-Win64-Shipping.exe+10C8749: BF 10 10 00 00           - mov edi,00001010
MSAR-Win64-Shipping.exe+10C874E: BE 04 04 00 00           - mov esi,00000404
MSAR-Win64-Shipping.exe+10C8753: BD 01 01 00 00           - mov ebp,00000101
MSAR-Win64-Shipping.exe+10C8758: 0F 1F 84 00 00 00 00 00  - nop dword ptr [rax+rax+00000000]
MSAR-Win64-Shipping.exe+10C8760: 43 8D 04 00              - lea eax,[r8+r8]
MSAR-Win64-Shipping.exe+10C8764: 48 63 C8                 - movsxd  rcx,eax
// ---------- INJECTING HERE ----------
MSAR-Win64-Shipping.exe+10C8767: 42 0F B6 04 11           - movzx eax,byte ptr [rcx+r10]
// ---------- DONE INJECTING  ----------
MSAR-Win64-Shipping.exe+10C876C: 42 0F B6 54 11 01        - movzx edx,byte ptr [rcx+r10+01]
MSAR-Win64-Shipping.exe+10C8772: 66 C1 E2 08              - shl dx,08
MSAR-Win64-Shipping.exe+10C8776: 66 0B D0                 - or dx,ax
MSAR-Win64-Shipping.exe+10C8779: 0F B7 C2                 - movzx eax,dx
MSAR-Win64-Shipping.exe+10C877C: 0F B7 CA                 - movzx ecx,dx
MSAR-Win64-Shipping.exe+10C877F: 66 D1 E9                 - shr cx,1
MSAR-Win64-Shipping.exe+10C8782: 66 23 C7                 - and ax,di
MSAR-Win64-Shipping.exe+10C8785: 66 23 CB                 - and cx,bx
MSAR-Win64-Shipping.exe+10C8788: 66 0B C8                 - or cx,ax
MSAR-Win64-Shipping.exe+10C878B: 0F B7 C2                 - movzx eax,dx
}

[SilverRabbit90]

trying to create a cheat to always leave support at maximum, I ended up creating one that leaves all statuses increasing forever
and no one ever dies... I have no idea what happened. ahahahahah

Code: Select all

{ Game   : MSAR-Win64-Shipping.exe
  Version: 
  Date   : 2024-06-23
  Author : edtv_

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(INJECT,MSAR-Win64-Shipping.exe,00 48 63 C8 42 0F B6 04 11) // should be unique
alloc(newmem,$1000,INJECT)

label(code)
label(return)



newmem:
cmp [rsp+0], (int)0
jnp code

mov [rcx+r10], (int)1

code:

  movzx eax,byte ptr [rcx+r10]
  jmp return

INJECT+04:
  jmp newmem
return:
registersymbol(INJECT)

[DISABLE]

INJECT+04:
  db 42 0F B6 04 11

unregistersymbol(INJECT)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: MSAR-Win64-Shipping.exe+10C8767

MSAR-Win64-Shipping.exe+10C8738: 44 89 44 24 18           - mov [rsp+18],r8d
MSAR-Win64-Shipping.exe+10C873D: 4C 8D 49 05              - lea r9,[rcx+05]
MSAR-Win64-Shipping.exe+10C8741: 4C 8B D1                 - mov r10,rcx
MSAR-Win64-Shipping.exe+10C8744: BB 20 20 00 00           - mov ebx,00002020
MSAR-Win64-Shipping.exe+10C8749: BF 10 10 00 00           - mov edi,00001010
MSAR-Win64-Shipping.exe+10C874E: BE 04 04 00 00           - mov esi,00000404
MSAR-Win64-Shipping.exe+10C8753: BD 01 01 00 00           - mov ebp,00000101
MSAR-Win64-Shipping.exe+10C8758: 0F 1F 84 00 00 00 00 00  - nop dword ptr [rax+rax+00000000]
MSAR-Win64-Shipping.exe+10C8760: 43 8D 04 00              - lea eax,[r8+r8]
MSAR-Win64-Shipping.exe+10C8764: 48 63 C8                 - movsxd  rcx,eax
// ---------- INJECTING HERE ----------
MSAR-Win64-Shipping.exe+10C8767: 42 0F B6 04 11           - movzx eax,byte ptr [rcx+r10]
// ---------- DONE INJECTING  ----------
MSAR-Win64-Shipping.exe+10C876C: 42 0F B6 54 11 01        - movzx edx,byte ptr [rcx+r10+01]
MSAR-Win64-Shipping.exe+10C8772: 66 C1 E2 08              - shl dx,08
MSAR-Win64-Shipping.exe+10C8776: 66 0B D0                 - or dx,ax
MSAR-Win64-Shipping.exe+10C8779: 0F B7 C2                 - movzx eax,dx
MSAR-Win64-Shipping.exe+10C877C: 0F B7 CA                 - movzx ecx,dx
MSAR-Win64-Shipping.exe+10C877F: 66 D1 E9                 - shr cx,1
MSAR-Win64-Shipping.exe+10C8782: 66 23 C7                 - and ax,di
MSAR-Win64-Shipping.exe+10C8785: 66 23 CB                 - and cx,bx
MSAR-Win64-Shipping.exe+10C8788: 66 0B C8                 - or cx,ax
MSAR-Win64-Shipping.exe+10C878B: 0F B7 C2                 - movzx eax,dx
}

I believe I understand what happened. The code you originally provided was:
cmp [rsp+0], (int)0
jnp code

Normally, the correct way to write this would be:
cmp [rsp+0], (int)0
jne code

Here's the explanation:
cmp [rsp+0], (int)0 compares the value at memory address [rsp+0] with the integer value 0.
jne code is the correct jump instruction, which stands for "jump if not equal". This will jump to the code label if the comparison result is not equal to 0.
The original jnp instruction you had used stands for "jump if not parity", which is not the correct condition to check for the comparison you're performing.
Additionally, you mentioned that in the case of using "red values" in the "Structure Compare", the correct instruction would be:
cmp [rsp+0], (int)0
je code

Here, je stands for "jump if equal", which will jump to the code label if the comparison result is equal to 0.
However, you noted that none of these cases apply in the game you're working on. I hope this explanation helps clarify the correct usage of the comparison and jump instructions in your code.

Another thing that likely happened is that when you right-clicked on your value and then selected "Find commonalities between addresses", you then also selected "Mark section as group 1" (which highlighted your value in blue). Probably, you also selected "Mark section as group 2" on some other value (which highlighted the other values in red).
This additional step is not necessary. It is sufficient to just highlight your value in blue and leave the others in white (highlighting the other values in red is something that is only done if you have over 1000 values, because Cheat Engine cannot effectively compare too many values at once).

[SilverRabbit90]

2711111111, 1111111111 also works

I think I understand how to do it.

I made a video explaining how I did it:

Here is my video for how to find AP, create a script in AoB and compare:

[TioEdu]

love u!!



Now I understand perfectly, thanks to your video. I'll try to make other codes later.

[MBRKiNG]

METAL SLUG ATTACK RELOADED Ver.0611123117

Copy Paste Code Into CE

Inf AP

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>21841</ID>
      <Description>"Inf AP"</Description>
      <LastState/>
      <Color>4080FF</Color>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>[ENABLE]
aobscanmodule(InfAP,MSAR-Win64-Shipping.exe,76 ?? 48 8D ?? ?? ?? F3 ?? ?? ?? ?? ?? 48 8D)
InfAP:
  db 90 90
registersymbol(InfAP)
[DISABLE]
InfAP:
  db 76 17
unregistersymbol(*)
</AssemblerScript>
    </CheatEntry>
  </CheatEntries>
</CheatTable>

Inf Special Sup.

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>21842</ID>
      <Description>"Inf Special"</Description>
      <LastState/>
      <Color>4080FF</Color>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>[ENABLE]
aobscanmodule(SpecialMax,MSAR-Win64-Shipping.exe,0F 8C ?? ?? ?? ?? 4C ?? ?? ?? ?? 8B ?? 4C ?? ?? ?? ?? E8)
SpecialMax+1:
  db 8D
registersymbol(SpecialMax)
[DISABLE]
SpecialMax+1:
  db 8C
unregistersymbol(*)

</AssemblerScript>
    </CheatEntry>
  </CheatEntries>
</CheatTable>

No Unit CD

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>21843</ID>
      <Description>"No Unit CD"</Description>
      <LastState/>
      <Color>4080FF</Color>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>[ENABLE]
aobscanmodule(NoUnitCD,MSAR-Win64-Shipping.exe,74 ?? 49 8B ?? E8 ?? ?? ?? ?? 40 84 ?? 74 ?? 48 8D)
NoUnitCD:
  db 75
registersymbol(NoUnitCD)
[DISABLE]
NoUnitCD:
  db 74
unregistersymbol(*)

</AssemblerScript>
    </CheatEntry>
  </CheatEntries>
</CheatTable>

Add 66 Million Currency ( Enable & Disable in Mode Select Screen)

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>21844</ID>
      <Description>"Add 66 Million Currency ( Enable & Disable in Mode Select Screen )"</Description>
      <LastState/>
      <Color>4080FF</Color>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>[ENABLE]
aobscanmodule(Currency,MSAR-Win64-Shipping.exe,42 0F ?? ?? ?? 42 0F ?? ?? ?? ?? 66 ?? ?? ?? 66 ?? ?? 0F B7 ?? 0F B7 ?? 66 ?? ?? 66 ?? ?? 66 ?? ?? 66 ?? ?? 0F B7 ?? 66 ?? ?? 66 ?? ?? 66 ?? ?? 66 ?? ?? 66 ?? ?? 66 ?? ?? 41 0F ?? ?? ?? 0F B7 ?? 66 ?? ?? ?? 66 ?? ?? ?? 0A ?? 41 88 ?? ?? 41 0F ?? ?? ?? 66 ?? ?? 0F B7 ?? 0F B7 ?? 66 ?? ?? 66 ?? ?? 66 ?? ?? 66 ?? ?? 0F B7 ?? 66 ?? ?? 66 ?? ?? 66 ?? ?? 66 ?? ?? 66 ?? ?? 66 ?? ?? 0F B7 ?? 66 ?? ?? ?? 0A ?? 41 0F) // should be unique
alloc(newmem,$1000,Currency)
label(code)
label(return)
newmem:
  mov [r10],FFFFFF9C
  mov [r10+4],808F5558
  mov [r10+8],80A0A828
  mov [r10+c],20208808
code:
  movzx eax,byte ptr [rcx+r10]
  jmp return
Currency:
  jmp newmem
return:
registersymbol(Currency)
[DISABLE]
Currency:
  db 42 0F B6 04 11
unregistersymbol(*)
dealloc(*)
</AssemblerScript>
    </CheatEntry>
  </CheatEntries>
</CheatTable>

Disable Unit Skill CD

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>21845</ID>
      <Description>"Disable Unit Skill CD"</Description>
      <LastState/>
      <Color>0080FF</Color>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>[ENABLE]
aobscanmodule(DisableUnitSkillCD,MSAR-Win64-Shipping.exe,0F 8C ?? ?? ?? ?? E8 ?? ?? ?? ?? 84 ?? 0F 85 ?? ?? ?? ?? 48 8D ?? ?? ?? ?? ?? E8) // should be unique
DisableUnitSkillCD:
  db 90 E9
registersymbol(DisableUnitSkillCD)
[DISABLE]
DisableUnitSkillCD:
  db 0F 8C
unregistersymbol(*)

</AssemblerScript>
    </CheatEntry>
  </CheatEntries>
</CheatTable>

MSAR FPS UNLOCKER

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>1337111196</ID>
      <Description>"MSAR FPS UNLOCKER"</Description>
      <Options moHideChildren="1"/>
      <LastState/>
      <Color>4080FF</Color>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>[ENABLE]
aobscanmodule(FPS_UNLOCKER,MSAR-Win64-Shipping.exe,F3 ?? ?? ?? ?? ?? ?? ?? ?? 45 0F ?? ?? 45 0F ?? ?? 76)
alloc(FPS_MEM,$1000,FPS_UNLOCKER)
alloc(restoreBYTES,9)
label(return)
label(FPS_VAL)
FPS_MEM:
  movss xmm11,[FPS_VAL]
  jmp return
FPS_VAL:
  dq (float)120
FPS_UNLOCKER:
  jmp FPS_MEM
  nop 4
return:
restoreBYTES:
readmem(FPS_UNLOCKER,9)
registersymbol(FPS_UNLOCKER,restoreBYTES,FPS_VAL)
[DISABLE]
FPS_UNLOCKER:
readmem(restoreBYTES,9)
unregistersymbol(*)
dealloc(*)

</AssemblerScript>
      <CheatEntries>
        <CheatEntry>
          <ID>1337111197</ID>
          <Description>"CURRENT FPS"</Description>
          <ShowAsSigned>0</ShowAsSigned>
          <Color>00FF00</Color>
          <VariableType>Float</VariableType>
          <Address>FPS_VAL</Address>
        </CheatEntry>
      </CheatEntries>
    </CheatEntry>
  </CheatEntries>
</CheatTable>

[TioEdu]

I completely forgot that you can do it using "db" and knowing the address of the aob by putting '??' where it changes with reset


I even have a program they made years and years ago that compares previous values ​​and automatically puts '??'


I'll leave it here for anyone who wants it

ps: I wouldn't know how to find these hex in this game


I tried to find this

76 ?? 48 8D ?? ?? ?? F3 ?? ?? ?? ?? ?? 48 8D

and I couldn't find it anywhere

[SilverRabbit90]

I completely forgot that you can do it using "db" and knowing the address of the aob by putting '??' where it changes with reset


I even have a program they made years and years ago that compares previous values ​​and automatically puts '??'


I'll leave it here for anyone who wants it

ps: I wouldn't know how to find these hex in this game


I tried to find this

76 ?? 48 8D ?? ?? ?? F3 ?? ?? ?? ?? ?? 48 8D

and I couldn't find it anywhere

If AoBTool is an excellent tool for updating cheats, it saves a lot of time.
76 ?? 48 8D ?? ?? ?? F3 ?? ?? ?? ?? ?? 48 8D
To find this value, you need to use "BrakeAndTrace", which is very useful and if you succeed, it will save you a lot of time, but it is something for very experienced cheaters. I've been trying to figure out how to do it for more than a year, but with poor results, especially if you're like me and have learned to use Cheat Engine on your own, watching YouTube videos and asking for help from more experienced people. However, this is something truly difficult to accomplish, and it would be better if you studied assembly (which is not easy in itself), but if you succeed, you might no longer need to do "compare", which is very useful when the "accessed addresses" list has thousands of results, and you could also find where the original, unencrypted value is located.
Here are some videos where you could learn how to do this:

Spoiler

[TioEdu]

I had watched these videos before, but for each game it is a different way of reasoning the structure.
I wish there was always someone making these videos for new games.


Could MBRKiNG make a video showing how he found this array? because I don't know how to use "trace instructions" in these new versions of CE.

Spoiler

I mean, I can find the value that db 90 90 is changing, but I don't understand how you find it (the array).

Spoiler