Middle-earth: Shadow of War (PATCH 11.10.2017)

[Megasder]

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>1938</ID>
      <Description>"Multi Skill Upgrade Toggle (Modifier Key Ctrl/L2)"</Description>
      <LastState/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>[ENABLE]
alloc(newmem_keypressCheck,1024,ShadowOfWar.exe)
label(thread_keypressCheck)
label(sleep_keypressCheck)
label(result_keypressCheck)
label(terminate_keypressCheck)
label(hasTerminated_keypressCheckd)
registersymbol(result_keypressCheck)
registersymbol(terminate_keypressCheck)
registersymbol(hasTerminated_keypressCheckd)
createthread(newmem_keypressCheck)

newmem_keypressCheck:
sub rsp,28
thread_keypressCheck:
mov rcx,11 //VK_CONTROL = 0x11
call GetAsyncKeyState
test rax,rax
jz short @f
mov dword ptr [result_keypressCheck],1
jmp short sleep_keypressCheck
@@:
mov dword ptr [result_keypressCheck],0
sleep_keypressCheck:
mov rcx,A
call Sleep
cmp dword ptr [terminate_keypressCheck],0
je thread_keypressCheck
mov dword ptr [hasTerminated_keypressCheckd],1
add rsp,28
ret
result_keypressCheck:
dd 00
terminate_keypressCheck:
dd 00
hasTerminated_keypressCheckd:
dd 00

//====================================================================================================

aobscanmodule(aob_controllerState,ShadowOfWar.exe,0F 11 87 40 01 00 00 48 8D)
registersymbol(aob_controllerState)
alloc(newmem_controllerState,1024,ShadowOfWar.exe)
alloc(ptr_controllerState,8,ShadowOfWar.exe)
label(return_controllerState)

newmem_controllerState:
  lea rbp,[rdi+00000140]
  mov [ptr_controllerState],rbp
  movups [rdi+00000140],xmm0
  jmp long return_controllerState

aob_controllerState:
  jmp newmem_controllerState
  nop
  nop
return_controllerState:

//====================================================================================================

aobscanmodule(aob_MultiSkillUpgrade,ShadowOfWar.exe,49 8B 16 45 8B C7)
alloc(newmem_MultiSkillUpgrade,1024,ShadowOfWar.exe)
label(backup_MultiSkillUpgrade)
label(return_MultiSkillUpgrade)
registersymbol(aob_MultiSkillUpgrade)
registersymbol(backup_MultiSkillUpgrade)

newmem_MultiSkillUpgrade:
  cmp dword ptr [result_keypressCheck],1
  je long return_MultiSkillUpgrade
  push rax
  mov rax,[ptr_controllerState]
  cmp byte ptr [rax+6],0
  pop rax
  jne long return_MultiSkillUpgrade
  reassemble(aob_MultiSkillUpgrade+9)
@@:
  jmp long return_MultiSkillUpgrade
backup_MultiSkillUpgrade:
  readmem(aob_MultiSkillUpgrade+9,5)

aob_MultiSkillUpgrade+9:
  jmp newmem_MultiSkillUpgrade
return_MultiSkillUpgrade:

[DISABLE]
aob_MultiSkillUpgrade+9:
  readmem(backup_MultiSkillUpgrade,5)

unregistersymbol(aob_MultiSkillUpgrade)
unregistersymbol(backup_MultiSkillUpgrade)
dealloc(newmem_MultiSkillUpgrade)

{
// ORIGINAL CODE - INJECTION POINT: ShadowOfWar.AK::StreamMgr::SetFileLocationResolver+8A184A

"ShadowOfWar.exe"+18572C5: 48 8B 8E A0 03 00 00  -  mov rcx,[rsi+000003A0]
"ShadowOfWar.exe"+18572CC: 48 85 C9              -  test rcx,rcx
"ShadowOfWar.exe"+18572CF: 74 21                 -  je ShadowOfWar.exe+18572F2
"ShadowOfWar.exe"+18572D1: 4C 39 61 40           -  cmp [rcx+40],r12
"ShadowOfWar.exe"+18572D5: 74 1B                 -  je ShadowOfWar.exe+18572F2
"ShadowOfWar.exe"+18572D7: 48 8B 0D 02 3D AD 00  -  mov rcx,[ShadowOfWar.exe+232AFE0]
"ShadowOfWar.exe"+18572DE: BA 08 00 00 00        -  mov edx,00000008
"ShadowOfWar.exe"+18572E3: 4D 8B 06              -  mov r8,[r14]
"ShadowOfWar.exe"+18572E6: 48 8B 89 18 6D 00 00  -  mov rcx,[rcx+00006D18]
"ShadowOfWar.exe"+18572ED: E8 76 86 F6 FF        -  call ShadowOfWar.exe+17BF968
// ---------- INJECTING HERE ----------
"ShadowOfWar.exe"+18572F2: 49 8B 16              -  mov rdx,[r14]
"ShadowOfWar.exe"+18572F5: 45 8B C7              -  mov r8d,r15d
// ---------- DONE INJECTING  ----------
"ShadowOfWar.exe"+18572F8: 48 8B CE              -  mov rcx,rsi
"ShadowOfWar.exe"+18572FB: E8 68 72 C7 FE        -  call ShadowOfWar.exe+4CE568
"ShadowOfWar.exe"+1857300: 49 83 C6 08           -  add r14,08
"ShadowOfWar.exe"+1857304: 48 FF C7              -  inc rdi
"ShadowOfWar.exe"+1857307: 48 3B FB              -  cmp rdi,rbx
"ShadowOfWar.exe"+185730A: 75 A7                 -  jne ShadowOfWar.exe+18572B3
"ShadowOfWar.exe"+185730C: 8B 85 90 01 00 00     -  mov eax,[rbp+00000190]
"ShadowOfWar.exe"+1857312: 48 8D 8D 98 01 00 00  -  lea rcx,[rbp+00000198]
"ShadowOfWar.exe"+1857319: 49 8B FC              -  mov rdi,r12
"ShadowOfWar.exe"+185731C: 4C 8D B5 98 01 00 00  -  lea r14,[rbp+00000198]
}

//====================================================================================================

aob_controllerState:
  db 0F 11 87 40 01 00 00

unregistersymbol(aob_controllerState)
unregistersymbol(ptr_controllerState)
dealloc(newmem_controllerState)
dealloc(ptr_controllerState)
{
// ORIGINAL CODE - INJECTION POINT: ShadowOfWar.AK::MemoryMgr::Free+8E792

"ShadowOfWar.exe"+245989: 41 56                 -  push r14
"ShadowOfWar.exe"+24598B: 41 57                 -  push r15
"ShadowOfWar.exe"+24598D: 48 83 EC 30           -  sub rsp,30
"ShadowOfWar.exe"+245991: 48 8B F9              -  mov rdi,rcx
"ShadowOfWar.exe"+245994: 48 8D 91 18 01 00 00  -  lea rdx,[rcx+00000118]
"ShadowOfWar.exe"+24599B: 48 8D 48 18           -  lea rcx,[rax+18]
"ShadowOfWar.exe"+24599F: E8 8C B5 B8 00        -  call ShadowOfWar.exe+DD0F30
"ShadowOfWar.exe"+2459A4: 0F 10 87 90 01 00 00  -  movups xmm0,[rdi+00000190]
"ShadowOfWar.exe"+2459AB: 4C 8D B7 80 01 00 00  -  lea r14,[rdi+00000180]
"ShadowOfWar.exe"+2459B2: 4C 8D 7F 08           -  lea r15,[rdi+08]
// ---------- INJECTING HERE ----------
"ShadowOfWar.exe"+2459B6: 0F 11 87 40 01 00 00  -  movups [rdi+00000140],xmm0
// ---------- DONE INJECTING  ----------
"ShadowOfWar.exe"+2459BD: 48 8D 6C 24 70        -  lea rbp,[rsp+70]
"ShadowOfWar.exe"+2459C2: 0F 10 8F A0 01 00 00  -  movups xmm1,[rdi+000001A0]
"ShadowOfWar.exe"+2459C9: 0F 11 8F 50 01 00 00  -  movups [rdi+00000150],xmm1
"ShadowOfWar.exe"+2459D0: 0F 10 87 B0 01 00 00  -  movups xmm0,[rdi+000001B0]
"ShadowOfWar.exe"+2459D7: 0F 11 87 60 01 00 00  -  movups [rdi+00000160],xmm0
"ShadowOfWar.exe"+2459DE: 0F 10 8F C0 01 00 00  -  movups xmm1,[rdi+000001C0]
"ShadowOfWar.exe"+2459E5: 0F 11 8F 70 01 00 00  -  movups [rdi+00000170],xmm1
"ShadowOfWar.exe"+2459EC: 8B 87 D0 01 00 00     -  mov eax,[rdi+000001D0]
"ShadowOfWar.exe"+2459F2: 89 44 24 70           -  mov [rsp+70],eax
"ShadowOfWar.exe"+2459F6: 33 C0                 -  xor eax,eax
}

//====================================================================================================
{$lua}
writeInteger("terminate_keypressCheck",1)
while readInteger("hasTerminated_keypressCheckd")==0 do
  sleep(100)
end
sleep(10) --just to be sure the last ret gets executed as well
{$asm}

unregistersymbol(result_keypressCheck)
unregistersymbol(terminate_keypressCheck)
unregistersymbol(hasTerminated_keypressCheckd)
dealloc(newmem_keypressCheck)
</AssemblerScript>
    </CheatEntry>
  </CheatEntries>
</CheatTable>

Multi Skill Upgrade Toggle (Modifier Key Ctrl/L2) - Self-explanatory. Retains normal game behavior if modifier key is not pressed.

I want to try it but its crashing my game...

How to use this cheat table?

1. Install Cheat Engine
2. Double-click the .CT file in order to open it.
3. Click the PC icon in Cheat Engine in order to select the game process.
4. Keep the list.
5. Activate the trainer options by checking boxes or setting values from 0 to 1

[predprey]

haha my original plan was to do everything without threads but within the code cave.....but somehow GetAsyncKeyState doesn't seem to work if i write it within the hook.

Check my post again The answer to your question is in the first script: viewtopic.php?f=19&t=5146.

mov rcx,60 //VK_NUMPAD0
call GetAsyncKeyState
test ax,ax (not "test rax,rax")

If you want, you can use the whole code template, I don't mind.

Cheers,
Sun

the problem is GetAsyncKeyState when called from within the hook returns 0 no matter what so referencing the lower 16 bits does not matter. i have no idea why it always returns 0

P.S. read through the MSDN documentation again. seems like my eyes missed the return type of short. ax is the technically correct referencing for the return value. though the problem is not with it.

[predprey]

I want to try it but its crashing my game...

hmm....i'm guessing you have no controllers? my guess is i left out a valid pointer check causing it to crash for people with no controllers. updating the script now.

EDIT: nope....doesn't seem like that's the case. game still finds the pointer even if no controllers are installed so the crash isn't due to a bad pointer. are you able to enable and disable the script fine or it crashes immediately after enabling?

[predprey]

Am currently at work, can't test. Will test later on this evening. In the meantime, try this: sub rsp,28 (not sub rsp,8). That's the default setting for x64.

thanks for helping me with testing and figuring this out.

read up more on the reserving stack space, seems like i had a misconception of the intricacies and workings of the x64 calling convention. thanks for pointing it out.

I was referring to your CEF post There's no 'sub rsp,28' in there: [Link].

yep. i know you were referring to that. i misunderstood the statement "The caller is responsible for allocating space for parameters to the callee" on the MSDN document as referring to the entire allocated stack space instead of pushing the stack. and since i was calling from within the game code, then i should have enough stack space allocated by the game's code to not cause it to crash. apparently it did not crash because GetAsyncKeyState does not use the reserved stack space, but other functions like Sleep would use the reserved stack space and eat into the return address if not enough stack space was reserved. so i was "lucky" i only used GetAsyncKeyState in that script and it did not crash, but it perpetuated my misconception.

[predprey]

cancel last. mixed up my results. using "sub rsp,28" and "test ax,ax" still doesn't solve it.

EDIT: Ok figured it out, dumb me. the add rsp,28 instruction was clearing out my flags. shifted the position and it now works. thanks!

EDIT2: Updated the script and removed the use of a separate thread. Great thanks goes to SunBeam for helping me out with debugging.

[SexualTyrannosaurus]

EDIT2: Updated the script

Where can I find said script? I hate having to choose, I'd like to unlock and use all the upgrades.

[Megasder]

cancel last. mixed up my results. using "sub rsp,28" and "test ax,ax" still doesn't solve it.

EDIT: Ok figured it out, dumb me. the add rsp,28 instruction was clearing out my flags. shifted the position and it now works. thanks!

EDIT2: Updated the script and removed the use of a separate thread. Great thanks goes to SunBeam for helping me out with debugging.

Now it works! but the Shadow Strike upgrades cant be used together (if you have the 3, Shadow Dominate doesnt work, the button appears but if you press it, it does nothing, Chain of Shadows and Shadow Strike Pull work normally if the 3 upgrades are selected, i dont know why they cant be used together...)

[MasterVegito]

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>1951</ID>
      <Description>"Multi Skill Upgrade Toggle (Modifier Key Ctrl/L2)"</Description>
      <LastState/>
      <Color>FF8000</Color>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>[ENABLE]
aobscanmodule(aob_controllerState,ShadowOfWar.exe,0F 11 87 40 01 00 00 48 8D)
registersymbol(aob_controllerState)
alloc(newmem_controllerState,1024,ShadowOfWar.exe)
alloc(ptr_controllerState,8,ShadowOfWar.exe)
label(return_controllerState)

newmem_controllerState:
  lea rbp,[rdi+00000140]
  mov [ptr_controllerState],rbp
  movups [rdi+00000140],xmm0
  jmp long return_controllerState

aob_controllerState:
  jmp newmem_controllerState
  nop
  nop
return_controllerState:

//====================================================================================================

aobscanmodule(aob_MultiSkillUpgrade,ShadowOfWar.exe,49 8B 16 45 8B C7)
alloc(newmem_MultiSkillUpgrade,1024,ShadowOfWar.exe)
label(backup_MultiSkillUpgrade)
label(return_MultiSkillUpgrade)
registersymbol(aob_MultiSkillUpgrade)
registersymbol(backup_MultiSkillUpgrade)

newmem_MultiSkillUpgrade:
  sub rsp,28
//Keyboard Modifier
  push rax
  push rcx
  push rdx
  push r8
  push r9
  push r10
  push r11
  mov rcx,11 //VK_CONTROL = 0x11
  call GetAsyncKeyState
  test ax,ax
  pop r11
  pop r10
  pop r9
  pop r8
  pop rdx
  pop rcx
  pop rax
  js short @f
//Gamepad Modifier
  push rax
  mov rax,[ptr_controllerState]
  cmp byte ptr [rax+6],0
  pop rax
  jne short @f
  add rsp,28
//Original Code
  reassemble(aob_MultiSkillUpgrade+9)
  jmp long return_MultiSkillUpgrade
@@:
  add rsp,28
  jmp long return_MultiSkillUpgrade
backup_MultiSkillUpgrade:
  readmem(aob_MultiSkillUpgrade+9,5)

aob_MultiSkillUpgrade+9:
  jmp newmem_MultiSkillUpgrade
return_MultiSkillUpgrade:

[DISABLE]
aob_MultiSkillUpgrade+9:
  readmem(backup_MultiSkillUpgrade,5)

unregistersymbol(aob_MultiSkillUpgrade)
unregistersymbol(backup_MultiSkillUpgrade)
dealloc(newmem_MultiSkillUpgrade)

{
// ORIGINAL CODE - INJECTION POINT: ShadowOfWar.AK::StreamMgr::SetFileLocationResolver+8A184A

"ShadowOfWar.exe"+18572C5: 48 8B 8E A0 03 00 00  -  mov rcx,[rsi+000003A0]
"ShadowOfWar.exe"+18572CC: 48 85 C9              -  test rcx,rcx
"ShadowOfWar.exe"+18572CF: 74 21                 -  je ShadowOfWar.exe+18572F2
"ShadowOfWar.exe"+18572D1: 4C 39 61 40           -  cmp [rcx+40],r12
"ShadowOfWar.exe"+18572D5: 74 1B                 -  je ShadowOfWar.exe+18572F2
"ShadowOfWar.exe"+18572D7: 48 8B 0D 02 3D AD 00  -  mov rcx,[ShadowOfWar.exe+232AFE0]
"ShadowOfWar.exe"+18572DE: BA 08 00 00 00        -  mov edx,00000008
"ShadowOfWar.exe"+18572E3: 4D 8B 06              -  mov r8,[r14]
"ShadowOfWar.exe"+18572E6: 48 8B 89 18 6D 00 00  -  mov rcx,[rcx+00006D18]
"ShadowOfWar.exe"+18572ED: E8 76 86 F6 FF        -  call ShadowOfWar.exe+17BF968
// ---------- INJECTING HERE ----------
"ShadowOfWar.exe"+18572F2: 49 8B 16              -  mov rdx,[r14]
"ShadowOfWar.exe"+18572F5: 45 8B C7              -  mov r8d,r15d
// ---------- DONE INJECTING  ----------
"ShadowOfWar.exe"+18572F8: 48 8B CE              -  mov rcx,rsi
"ShadowOfWar.exe"+18572FB: E8 68 72 C7 FE        -  call ShadowOfWar.exe+4CE568
"ShadowOfWar.exe"+1857300: 49 83 C6 08           -  add r14,08
"ShadowOfWar.exe"+1857304: 48 FF C7              -  inc rdi
"ShadowOfWar.exe"+1857307: 48 3B FB              -  cmp rdi,rbx
"ShadowOfWar.exe"+185730A: 75 A7                 -  jne ShadowOfWar.exe+18572B3
"ShadowOfWar.exe"+185730C: 8B 85 90 01 00 00     -  mov eax,[rbp+00000190]
"ShadowOfWar.exe"+1857312: 48 8D 8D 98 01 00 00  -  lea rcx,[rbp+00000198]
"ShadowOfWar.exe"+1857319: 49 8B FC              -  mov rdi,r12
"ShadowOfWar.exe"+185731C: 4C 8D B5 98 01 00 00  -  lea r14,[rbp+00000198]
}

//====================================================================================================

aob_controllerState:
  db 0F 11 87 40 01 00 00

unregistersymbol(aob_controllerState)
unregistersymbol(ptr_controllerState)
dealloc(newmem_controllerState)
dealloc(ptr_controllerState)
{
// ORIGINAL CODE - INJECTION POINT: ShadowOfWar.AK::MemoryMgr::Free+8E792

"ShadowOfWar.exe"+245989: 41 56                 -  push r14
"ShadowOfWar.exe"+24598B: 41 57                 -  push r15
"ShadowOfWar.exe"+24598D: 48 83 EC 30           -  sub rsp,30
"ShadowOfWar.exe"+245991: 48 8B F9              -  mov rdi,rcx
"ShadowOfWar.exe"+245994: 48 8D 91 18 01 00 00  -  lea rdx,[rcx+00000118]
"ShadowOfWar.exe"+24599B: 48 8D 48 18           -  lea rcx,[rax+18]
"ShadowOfWar.exe"+24599F: E8 8C B5 B8 00        -  call ShadowOfWar.exe+DD0F30
"ShadowOfWar.exe"+2459A4: 0F 10 87 90 01 00 00  -  movups xmm0,[rdi+00000190]
"ShadowOfWar.exe"+2459AB: 4C 8D B7 80 01 00 00  -  lea r14,[rdi+00000180]
"ShadowOfWar.exe"+2459B2: 4C 8D 7F 08           -  lea r15,[rdi+08]
// ---------- INJECTING HERE ----------
"ShadowOfWar.exe"+2459B6: 0F 11 87 40 01 00 00  -  movups [rdi+00000140],xmm0
// ---------- DONE INJECTING  ----------
"ShadowOfWar.exe"+2459BD: 48 8D 6C 24 70        -  lea rbp,[rsp+70]
"ShadowOfWar.exe"+2459C2: 0F 10 8F A0 01 00 00  -  movups xmm1,[rdi+000001A0]
"ShadowOfWar.exe"+2459C9: 0F 11 8F 50 01 00 00  -  movups [rdi+00000150],xmm1
"ShadowOfWar.exe"+2459D0: 0F 10 87 B0 01 00 00  -  movups xmm0,[rdi+000001B0]
"ShadowOfWar.exe"+2459D7: 0F 11 87 60 01 00 00  -  movups [rdi+00000160],xmm0
"ShadowOfWar.exe"+2459DE: 0F 10 8F C0 01 00 00  -  movups xmm1,[rdi+000001C0]
"ShadowOfWar.exe"+2459E5: 0F 11 8F 70 01 00 00  -  movups [rdi+00000170],xmm1
"ShadowOfWar.exe"+2459EC: 8B 87 D0 01 00 00     -  mov eax,[rdi+000001D0]
"ShadowOfWar.exe"+2459F2: 89 44 24 70           -  mov [rsp+70],eax
"ShadowOfWar.exe"+2459F6: 33 C0                 -  xor eax,eax
}
</AssemblerScript>
    </CheatEntry>
  </CheatEntries>
</CheatTable>

Multi Skill Upgrade Toggle (Modifier Key Ctrl/L2) - Self-explanatory. Retains normal game behavior if modifier key is not pressed.

Is this an updated version or smth?

[vitaeexmorte]

Now it works! but the Shadow Strike upgrades cant be used together (if you have the 3, Shadow Dominate doesnt work, the button appears but if you press it, it does nothing, Chain of Shadows and Shadow Strike Pull work normally if the 3 upgrades are selected, i dont know why they cant be used together...)

Not tested it with the updated version, but with the previous one Shadow Dominate works .. kinda. It only works while using Bird of Prey. But you still can not chain them, so I think it was never intended to do so by the devs.

Since most of the general ideas for cheats are already implemented, may i interest you some new ones?
How about being able to dominate unbroken enemies or getting full armor set bonus with only one piece. Being able to force Deranged or Maniac on using Shame would be neat too. (not sure if this is already possible with the uruk editor.)

[MasterVegito]

I have a cheat idea as well, don't know how hard, but still, something new if you guys would like to look into. How about making 1 set piece count as 4? So you can have all legendary set bonuses?

[Megasder]

Now it works! but the Shadow Strike upgrades cant be used together (if you have the 3, Shadow Dominate doesnt work, the button appears but if you press it, it does nothing, Chain of Shadows and Shadow Strike Pull work normally if the 3 upgrades are selected, i dont know why they cant be used together...)

Not tested it with the updated version, but with the previous one Shadow Dominate works .. kinda. It only works while using Bird of Prey. But you still can not chain them, so I think it was never intended to do so by the devs.

Since most of the general ideas for cheats are already implemented, may i interest you some new ones?
How about being able to dominate unbroken enemies or getting full armor set bonus with only one piece. Being able to force Deranged or Maniac on using Shame would be neat too. (not sure if this is already possible with the uruk editor.)

maybe a gem that has all the effects? or changin the % of a gem? being able to dominate even if they have the skill to not dominate them, or dominate them at full health... idk a lot of posibilities XD

Is there a way to change the % of chance of appearing epic and legendary orcs?

[vitaeexmorte]

maybe a gem that has all the effects? or changin the % of a gem? being able to dominate even if they have the skill to not dominate them, or dominate them at full health... idk a lot of posibilities XD

Pretty sure making gems do stuff they weren't intended to is harder than "simply" make the game believe you have more than one set piece equipped.
But I would be happy to be proven wrong on that one.

Is there a way to change the % of chance of appearing epic and legendary orcs?

SeiKurO is working on that.
viewtopic.php?t=5132

[seikur0]

Pretty sure making gems do stuff they weren't intended to is harder than "simply" make the game believe you have more than one set piece equipped.
But I would be happy to be proven wrong on that one.

Actually the gem stuff is pretty easy, because of the equipment behavior (using the current value plus difference between new and old equipment, instead of base+new equipment bonus). So it's possible to get the rune effects without having even a single rune equipped.

And uruk spawn rarities are already in my table, I'll add it in script format like "All Uruks spawn legendary", so it's even easier to use in the future.

[Liorash7]

1) The issue with wrath energy is that If I move a float of 100 which is currently the max value for me and possibly for the rest of the game It just won't trigger the flag that allows you to freeze time (Pressing 5 in short), the option works great after you gain your wrath energy manually and just use the option to freeze the wrath from decreasing, I'll check for a flag that may be a nice way to activate the wrath power without gaining any.

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>1881</ID>
      <Description>"Instant Wrath Energy Charge"</Description>
      <LastState/>
      <Color>FF8000</Color>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>[ENABLE]
aobscanmodule(aob_TalionWrathEnergy,ShadowOfWar.exe,F3 0F 10 B9 10 03 00 00 45)
registersymbol(aob_TalionWrathEnergy)
alloc(newmem_TalionWrathEnergy,1024,ShadowOfWar.exe)
label(return_TalionWrathEnergy)

newmem_TalionWrathEnergy:
  comiss xmm4,xmm15 //xmm15 = 0
  jg @f
  cmp [rcx+00000310],(float)100
  jae @f
  mov [rcx+00000310],(float)99
@@:
  movss xmm7,[rcx+00000310]
  jmp return_TalionWrathEnergy

aob_TalionWrathEnergy:
  jmp newmem_TalionWrathEnergy
  nop
  nop
  nop
return_TalionWrathEnergy:

[DISABLE]
aob_TalionWrathEnergy:
  db F3 0F 10 B9 10 03 00 00

unregistersymbol(aob_TalionWrathEnergy)
dealloc(newmem_TalionWrathEnergy)

{
// ORIGINAL CODE - INJECTION POINT: ShadowOfWar.AK::SoundEngine::RegisterGlobalCallback+9DBB9

"ShadowOfWar.exe"+4E8A3F: 48 8B 51 38                    -  mov rdx,[rcx+38]
"ShadowOfWar.exe"+4E8A43: 0F 57 C0                       -  xorps xmm0,xmm0
"ShadowOfWar.exe"+4E8A46: 48 2B 51 30                    -  sub rdx,[rcx+30]
"ShadowOfWar.exe"+4E8A4A: 0F 28 D8                       -  movaps xmm3,xmm0
"ShadowOfWar.exe"+4E8A4D: 0F 57 C0                       -  xorps xmm0,xmm0
"ShadowOfWar.exe"+4E8A50: 0F 29 70 E8                    -  movaps [rax-18],xmm6
"ShadowOfWar.exe"+4E8A54: 0F 29 78 D8                    -  movaps [rax-28],xmm7
"ShadowOfWar.exe"+4E8A58: 0F 28 E1                       -  movaps xmm4,xmm1
"ShadowOfWar.exe"+4E8A5B: F3 0F 10 89 68 03 00 00        -  movss xmm1,[rcx+00000368]
"ShadowOfWar.exe"+4E8A63: 48 B8 67 66 66 66 66 66 66 66  -  mov rax,6666666666666667
// ---------- INJECTING HERE ----------
"ShadowOfWar.exe"+4E8A6D: F3 0F 10 B9 10 03 00 00        -  movss xmm7,[rcx+00000310]
// ---------- DONE INJECTING  ----------
"ShadowOfWar.exe"+4E8A75: 45 8A F0                       -  mov r14l,r8l
"ShadowOfWar.exe"+4E8A78: 48 F7 EA                       -  imul rdx
"ShadowOfWar.exe"+4E8A7B: 48 8B D9                       -  mov rbx,rcx
"ShadowOfWar.exe"+4E8A7E: 48 C1 FA 04                    -  sar rdx,04
"ShadowOfWar.exe"+4E8A82: 48 8B C2                       -  mov rax,rdx
"ShadowOfWar.exe"+4E8A85: 48 C1 E8 3F                    -  shr rax,3F
"ShadowOfWar.exe"+4E8A89: 48 03 C2                       -  add rax,rdx
"ShadowOfWar.exe"+4E8A8C: 8B C0                          -  mov eax,eax
"ShadowOfWar.exe"+4E8A8E: F3 48 0F 2A C0                 -  cvtsi2ss xmm0,rax
"ShadowOfWar.exe"+4E8A93: F3 0F 59 81 C8 03 00 00        -  mulss xmm0,[rcx+000003C8]
}
</AssemblerScript>
    </CheatEntry>
    <CheatEntry>
      <ID>1882</ID>
      <Description>"Unlimited Wrath/Elven Rage"</Description>
      <LastState/>
      <Color>FF8000</Color>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>[ENABLE]
aobscanmodule(aob_TalionWrathEnergy,ShadowOfWar.exe,F3 0F 10 B9 10 03 00 00 45)
registersymbol(aob_TalionWrathEnergy)
alloc(newmem_TalionWrathEnergy,1024,ShadowOfWar.exe)
label(return_TalionWrathEnergy)

newmem_TalionWrathEnergy:
  cmp [rcx+00000310],(float)100
  jae @f
  mov [rcx+00000310],(float)99
@@:
  movss xmm7,[rcx+00000310]
  jmp return_TalionWrathEnergy

aob_TalionWrathEnergy:
  jmp newmem_TalionWrathEnergy
  nop
  nop
  nop
return_TalionWrathEnergy:

[DISABLE]
aob_TalionWrathEnergy:
  db F3 0F 10 B9 10 03 00 00

unregistersymbol(aob_TalionWrathEnergy)
dealloc(newmem_TalionWrathEnergy)

{
// ORIGINAL CODE - INJECTION POINT: ShadowOfWar.AK::SoundEngine::RegisterGlobalCallback+9DBB9

"ShadowOfWar.exe"+4E8A3F: 48 8B 51 38                    -  mov rdx,[rcx+38]
"ShadowOfWar.exe"+4E8A43: 0F 57 C0                       -  xorps xmm0,xmm0
"ShadowOfWar.exe"+4E8A46: 48 2B 51 30                    -  sub rdx,[rcx+30]
"ShadowOfWar.exe"+4E8A4A: 0F 28 D8                       -  movaps xmm3,xmm0
"ShadowOfWar.exe"+4E8A4D: 0F 57 C0                       -  xorps xmm0,xmm0
"ShadowOfWar.exe"+4E8A50: 0F 29 70 E8                    -  movaps [rax-18],xmm6
"ShadowOfWar.exe"+4E8A54: 0F 29 78 D8                    -  movaps [rax-28],xmm7
"ShadowOfWar.exe"+4E8A58: 0F 28 E1                       -  movaps xmm4,xmm1
"ShadowOfWar.exe"+4E8A5B: F3 0F 10 89 68 03 00 00        -  movss xmm1,[rcx+00000368]
"ShadowOfWar.exe"+4E8A63: 48 B8 67 66 66 66 66 66 66 66  -  mov rax,6666666666666667
// ---------- INJECTING HERE ----------
"ShadowOfWar.exe"+4E8A6D: F3 0F 10 B9 10 03 00 00        -  movss xmm7,[rcx+00000310]
// ---------- DONE INJECTING  ----------
"ShadowOfWar.exe"+4E8A75: 45 8A F0                       -  mov r14l,r8l
"ShadowOfWar.exe"+4E8A78: 48 F7 EA                       -  imul rdx
"ShadowOfWar.exe"+4E8A7B: 48 8B D9                       -  mov rbx,rcx
"ShadowOfWar.exe"+4E8A7E: 48 C1 FA 04                    -  sar rdx,04
"ShadowOfWar.exe"+4E8A82: 48 8B C2                       -  mov rax,rdx
"ShadowOfWar.exe"+4E8A85: 48 C1 E8 3F                    -  shr rax,3F
"ShadowOfWar.exe"+4E8A89: 48 03 C2                       -  add rax,rdx
"ShadowOfWar.exe"+4E8A8C: 8B C0                          -  mov eax,eax
"ShadowOfWar.exe"+4E8A8E: F3 48 0F 2A C0                 -  cvtsi2ss xmm0,rax
"ShadowOfWar.exe"+4E8A93: F3 0F 59 81 C8 03 00 00        -  mulss xmm0,[rcx+000003C8]
}
</AssemblerScript>
    </CheatEntry>
  </CheatEntries>
</CheatTable>

Modified your wrath script to 2 versions. Should be able to set the elven rage flag correctly when charging up from empty gauge now.
Ver 1. Elven gauge decreases normally, every successful hit resets gauge to full again.
Ver 2. Elven gauge freezes at near max.

It isn't updated anymore, can you please update it(the first version imo is amazing), or tell me how you aob scan the new array of bytes, how can I find it and just do a bit of tunning onto the old code?

Another question is how am I to execute the script of multi tagged skills?

Thanks.

BTW: Kalas, the table is working and it is updated, probably I didn't execute it well or I intrrupted it or something.

I don't really follow after all your amazing job here by the community members, but perhaps the issue of game timer(espcially in Celebrimbor missions) is discussed? The only missing piece of table imo right now, as I haven't got to the part where I control an army and all that shit some Uruk stuff don't really bother me right now.

Just being a badass and decapitate Uruk heads with style ;D.

[Megasder]

Pretty sure making gems do stuff they weren't intended to is harder than "simply" make the game believe you have more than one set piece equipped.
But I would be happy to be proven wrong on that one.

Actually the gem stuff is pretty easy, because of the equipment behavior (using the current value plus difference between new and old equipment, instead of base+new equipment bonus). So it's possible to get the rune effects without having even a single rune equipped.

And uruk spawn rarities are already in my table, I'll add it in script format like "All Uruks spawn legendary", so it's even easier to use in the future.

Your table is making my game crash (Just click any square, then crash) so that is way i was asking here