Heliborne

[fantomas]

New version 0.98 out, can you update this please.

Hi

In the new update v0.98, the devs removed all that obfuscated code (which is the good thing, big thanks to them!!! ), and after a first check, the code didn't change, which means that you can use CT v0.97 with this update.

All scripts from the previous v0.97 CT version works fine. All what you have to do is to switch from that obfuscated symbols to that previous deobfuscated symbols.

An example with Inf Gun

v0.96 -> deobfuscated symbol //GunController:ProcessRoundsShooting+34
v0.97 -> obfuscated symbol //GunController:IJIFEHNGDDH+34
v0.98 -> deobfuscated symbol //GunController:ProcessRoundsShooting+34

Good luck

--Edit--

Many chance you can use CT v0.96 with this update as well

--Edit2--

Done!

CT updated to support the latest update v0.98

How to use this cheat table?

1. Install Cheat Engine
2. Double-click the .CT file in order to open it.
3. Click the PC icon in Cheat Engine in order to select the game process.
4. Keep the list.
5. Activate the trainer options by checking boxes or setting values from 0 to 1

[dark_isaac]

New version 0.98 out, can you update this please.

Hi

In the new update v0.98, the devs removed all that obfuscated code (which is the good thing, big thanks to them!!! ), and after a first check, the code didn't change, which means that you can use CT v0.97 with this update.

All scripts from the previous v0.97 CT version works fine. All what you have to do is to switch from that obfuscated symbols to that previous deobfuscated symbols.

An example with Inf Gun

v0.96 -> deobfuscated symbol //GunController:ProcessRoundsShooting+34
v0.97 -> obfuscated symbol //GunController:IJIFEHNGDDH+34
v0.98 -> deobfuscated symbol //GunController:ProcessRoundsShooting+34

Good luck

--Edit--

Many chance you can use CT v0.96 with this update as well

--Edit2--

Done!

CT updated to support the latest update v0.98

Thank you so much for dedicating into this!!

Best regards and have a nice day sir

[tigrejung]

Heliborne-0.98 사용법을 알려 주세요

[Deutschlandlied]

Could you please add unlimited missles too

[fantomas]

Could you please add unlimited missles too

Hi

If I'm not wrong, the 'Inf Rockets' scripts allows you to have unlimited missiles. Here updated script for v0.98.5 that I never uploaded because I only had x64 game version. If you or someone else have both version (x32 & x64), please share them so that I can update the table.

Inf Rockets v0.98.5 x64 ONLY!!!

Code: Select all

// Game: Heliborne
// Version: 0.98

[ENABLE]
//RocketController:ShootRocket+202
aobscanregion(infRockets,RocketController:ShootRocket,RocketController:ShootRocket+a1f,488D86xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx8B)

infRockets+03:
  db 68
//48 8D 86 68 00 00 00
//lea rax,[rsi+00000068]
registersymbol(infRockets)

[DISABLE]
infRockets+03:
  db 9C
//48 8D 86 9C 00 00 00
//lea rax,[rsi+0000009C]
unregistersymbol(infRockets)

{
// ORIGINAL CODE - INJECTION POINT: RocketController:ShootRocket+202

07D62A4E: 48 8B 85 D8 FE FF FF           -  mov rax,[rbp-00000128]
07D62A55: 48 89 44 24 08                 -  mov [rsp+08],rax
07D62A5A: 48 63 85 E0 FE FF FF           -  movsxd  rax,dword ptr [rbp-00000120]
07D62A61: 89 44 24 10                    -  mov [rsp+10],eax
07D62A65: 48 83 EC 20                    -  sub rsp,20
07D62A69: 49 BB E9 90 0D 24 00 00 00 00  -  mov r11,00000000240D90E9
07D62A73: 41 FF D3                       -  call r11
07D62A76: 48 83 C4 40                    -  add rsp,40
07D62A7A: 85 C0                          -  test eax,eax
07D62A7C: 0F 8E B9 07 00 00              -  jng RocketController:ShootRocket+9bb
// ---------- INJECTING HERE ----------
07D62A82: 48 8D 86 9C 00 00 00           -  lea rax,[rsi+0000009C]
// ---------- DONE INJECTING  ----------
07D62A89: 48 8B 08                       -  mov rcx,[rax]
07D62A8C: 48 89 8D E8 FE FF FF           -  mov [rbp-00000118],rcx
07D62A93: 48 8B 48 08                    -  mov rcx,[rax+08]
07D62A97: 48 89 8D F0 FE FF FF           -  mov [rbp-00000110],rcx
07D62A9E: 48 63 40 10                    -  movsxd  rax,dword ptr [rax+10]
07D62AA2: 89 85 F8 FE FF FF              -  mov [rbp-00000108],eax
07D62AA8: 48 8B CD                       -  mov rcx,rbp
07D62AAB: 48 81 C1 00 FF FF FF           -  add rcx,FFFFFF00
07D62AB2: 48 83 EC 08                    -  sub rsp,08
07D62AB6: 48 83 EC 18                    -  sub rsp,18
}

EDIT:

Rapid Fire (Rockets) v0.98.5 x64 ONLY!!!

Code: Select all

// Game: Heliborne
// Version: 0.98

[ENABLE]
//RocketController:Shoot+c1
aobscanregion(noCooldown,RocketController:Shoot,RocketController:Shoot+17f,F30F1086xxxxxxxxxxxxxxxxF2)

noCooldown+04:
  db 94
//F3 0F 10 86 94 00 00 00
//movss xmm0,[rsi+00000094]
registersymbol(noCooldown)

[DISABLE]
noCooldown+04:
  db 8C
//F3 0F 10 86 8C 00 00 00
//movss xmm0,[rsi+0000008C]
unregistersymbol(noCooldown)

{
// ORIGINAL CODE - INJECTION POINT: RocketController:Shoot+c1

2308F510: F2 0F 10 4D E8                 -  movsd xmm1,[rbp-18]
2308F515: F3 0F 10 86 94 00 00 00        -  movss xmm0,[rsi+00000094]
2308F51D: F3 0F 5A C0                    -  cvtss2sd xmm0,xmm0
2308F521: 48 63 86 90 00 00 00           -  movsxd  rax,dword ptr [rsi+00000090]
2308F528: F2 0F 2A D0                    -  cvtsi2sd xmm2,eax
2308F52C: F2 0F 59 C2                    -  mulsd xmm0,xmm2
2308F530: F2 0F 11 4D E8                 -  movsd [rbp-18],xmm1
2308F535: F2 0F 11 45 E0                 -  movsd [rbp-20],xmm0
2308F53A: EB 1B                          -  jmp RocketController:Shoot+d7
2308F53C: F2 0F 10 4D E8                 -  movsd xmm1,[rbp-18]
// ---------- INJECTING HERE ----------
2308F541: F3 0F 10 86 8C 00 00 00        -  movss xmm0,[rsi+0000008C]
// ---------- DONE INJECTING  ----------
2308F549: F3 0F 5A C0                    -  cvtss2sd xmm0,xmm0
2308F54D: F2 0F 11 4D E8                 -  movsd [rbp-18],xmm1
2308F552: F2 0F 11 45 E0                 -  movsd [rbp-20],xmm0
2308F557: F2 0F 10 45 E8                 -  movsd xmm0,[rbp-18]
2308F55C: F2 0F 10 4D E0                 -  movsd xmm1,[rbp-20]
2308F561: F2 0F 58 C1                    -  addsd xmm0,xmm1
2308F565: 48 8B 45 F0                    -  mov rax,[rbp-10]
2308F569: F2 0F 5A E8                    -  cvtsd2ss xmm5,xmm0
2308F56D: F3 0F 11 A8 C8 00 00 00        -  movss [rax+000000C8],xmm5
2308F575: 48 63 86 90 00 00 00           -  movsxd  rax,dword ptr [rsi+00000090]
}

Inf Mortar v0.98.5 x64 ONLY!!!

Code: Select all

// Game: Heliborne
// Version: 0.98

[ENABLE]
//MortarController:Shoot+1d9
aobscanregion(infMortar,MortarController:Shoot,MortarController:Shoot+2af,FFCA)

infMortar+01:
  db C2
//FF C2
//inc edx
registersymbol(infMortar)

[DISABLE]
infMortar+01:
  db CA
//FF CA
//dec edx
unregistersymbol(infMortar)

{
// ORIGINAL CODE - INJECTION POINT: MortarController:Shoot+1d9

07D66B04: 49 BB 90 52 F7 04 00 00 00 00  -  mov r11,0000000004F75290
07D66B0E: 41 FF D3                       -  call r11
07D66B11: 48 83 C4 20                    -  add rsp,20
07D66B15: 48 8B C8                       -  mov rcx,rax
07D66B18: 48 83 EC 20                    -  sub rsp,20
07D66B1C: 49 BB B5 BD F5 04 00 00 00 00  -  mov r11,0000000004F5BDB5
07D66B26: 41 FF D3                       -  call r11
07D66B29: 48 83 C4 20                    -  add rsp,20
07D66B2D: E9 D8 00 00 00                 -  jmp MortarController:Shoot+2aa
07D66B32: 48 63 96 A4 00 00 00           -  movsxd  rdx,dword ptr [rsi+000000A4]
// ---------- INJECTING HERE ----------
07D66B39: FF CA                          -  dec edx
07D66B3B: 48 8B CE                       -  mov rcx,rsi
// ---------- DONE INJECTING  ----------
07D66B3E: 48 83 EC 20                    -  sub rsp,20
07D66B42: 49 BB 2E 6C D6 07 00 00 00 00  -  mov r11,0000000007D66C2E
07D66B4C: 41 FF D3                       -  call r11
07D66B4F: 48 83 C4 20                    -  add rsp,20
07D66B53: F3 0F 10 45 A0                 -  movss xmm0,[rbp-60]
07D66B58: F3 0F 5A C0                    -  cvtss2sd xmm0,xmm0
07D66B5C: F2 0F 5A E8                    -  cvtsd2ss xmm5,xmm0
07D66B60: F3 0F 11 AE A8 00 00 00        -  movss [rsi+000000A8],xmm5
07D66B68: 48 8B CE                       -  mov rcx,rsi
07D66B6B: 48 83 EC 20                    -  sub rsp,20
}

No Reload (Mortar) v0.98.5 x64 ONLY!!!

Code: Select all

// Game: Heliborne
// Version: 0.98

[ENABLE]
//MortarController:Update+244
aobscanregion(noReload,MortarController:Update,MortarController:Update+25f,F30F11AExxxxxxxx48)

noReload+03:
  db 9E
//F3 0F 11 9E AC 00 00 00
//movss [rsi+000000AC],xmm3
registersymbol(noReload)

[DISABLE]
noReload+03:
  db AE
//F3 0F 11 AE AC 00 00 00
//movss [rsi+000000AC],xmm5
unregistersymbol(noReload)

{
// ORIGINAL CODE - INJECTION POINT: MortarController:Update+244

23C40A25: F3 0F 5A C0                    -  cvtss2sd xmm0,xmm0
23C40A29: F2 0F 11 45 A8                 -  movsd [rbp-58],xmm0
23C40A2E: 48 83 EC 20                    -  sub rsp,20
23C40A32: 49 BB 80 75 31 1F 00 00 00 00  -  mov r11,UnityEngine:Time:get_deltaTime
23C40A3C: 41 FF D3                       -  call r11
23C40A3F: 48 83 C4 20                    -  add rsp,20
23C40A43: F3 0F 5A C8                    -  cvtss2sd xmm1,xmm0
23C40A47: F2 0F 10 45 A8                 -  movsd xmm0,[rbp-58]
23C40A4C: F2 0F 5C C1                    -  subsd xmm0,xmm1
23C40A50: F2 0F 5A E8                    -  cvtsd2ss xmm5,xmm0
// ---------- INJECTING HERE ----------
23C40A54: F3 0F 11 AE AC 00 00 00        -  movss [rsi+000000AC],xmm5
// ---------- DONE INJECTING  ----------
23C40A5C: 48 8D 65 F0                    -  lea rsp,[rbp-10]
23C40A60: 5F                             -  pop rdi
23C40A61: 5E                             -  pop rsi
23C40A62: C9                             -  leave
23C40A63: C3                             -  ret
23C40A64: 00 00                          -  add [rax],al
23C40A66: 00 00                          -  add [rax],al
23C40A68: 00 00                          -  add [rax],al
23C40A6A: 00 00                          -  add [rax],al
23C40A6C: 54                             -  push rsp
}

Instant Fire (Mortar) v0.98.5 x64 ONLY!!!

Code: Select all

// Game: Heliborne
// Version: 0.98

[ENABLE]
//MortarController:Update+69
aobscanregion(fastFire,MortarController:Update,MortarController:Update+25f,F30F11AE)

fastFire+03:
  db 9E
//F3 0F 11 9E A8 00 00 00
//movss [rsi+000000A8],xmm3
registersymbol(fastFire)

[DISABLE]
fastFire+03:
  db AE
//F3 0F 11 AE A8 00 00 00
//movss [rsi+000000A8],xmm5
unregistersymbol(fastFire)

{
// ORIGINAL CODE - INJECTION POINT: MortarController:Update+69

23C4084A: F3 0F 5A C0                    -  cvtss2sd xmm0,xmm0
23C4084E: F2 0F 11 45 A8                 -  movsd [rbp-58],xmm0
23C40853: 48 83 EC 20                    -  sub rsp,20
23C40857: 49 BB 80 75 31 1F 00 00 00 00  -  mov r11,UnityEngine:Time:get_deltaTime
23C40861: 41 FF D3                       -  call r11
23C40864: 48 83 C4 20                    -  add rsp,20
23C40868: F3 0F 5A C8                    -  cvtss2sd xmm1,xmm0
23C4086C: F2 0F 10 45 A8                 -  movsd xmm0,[rbp-58]
23C40871: F2 0F 5C C1                    -  subsd xmm0,xmm1
23C40875: F2 0F 5A E8                    -  cvtsd2ss xmm5,xmm0
// ---------- INJECTING HERE ----------
23C40879: F3 0F 11 AE A8 00 00 00        -  movss [rsi+000000A8],xmm5
// ---------- DONE INJECTING  ----------
23C40881: F3 0F 10 86 A8 00 00 00        -  movss xmm0,[rsi+000000A8]
23C40889: F3 0F 5A C0                    -  cvtss2sd xmm0,xmm0
23C4088D: 66 0F 57 C9                    -  xorpd xmm1,xmm1
23C40891: 48 33 C0                       -  xor rax,rax
23C40894: 66 0F 2F C8                    -  comisd xmm1,xmm0
23C40898: 7A 04                          -  jp MortarController:Update+8e
23C4089A: 40 0F 92 C0                    -  setb al
23C4089E: 85 C0                          -  test eax,eax
23C408A0: 0F 85 B6 01 00 00              -  jne MortarController:Update+24c
23C408A6: 48 8B 46 38                    -  mov rax,[rsi+38]
}

Pointers
Mortar Base Addresses v0.98.5 x64 ONLY!!!

Code: Select all

// Game: Heliborne
// Version: 0.98

[ENABLE]
//MortarController:set_Ammo+10
aobscanregion(mortar,MortarController:set_Ammo,MortarController:set_Ammo+cf,89B7)
alloc(newmem,$1000,mortar)

alloc(mortar_ptr,8)
registersymbol(mortar_ptr)

label(code)
label(return)

newmem:
  mov [mortar_ptr],rdi

code:
  mov [rdi+000000A4],esi
  jmp return

mortar:
  jmp newmem
  nop
return:
registersymbol(mortar)

[DISABLE]
mortar:
  db 89 B7 A4 00 00 00

unregistersymbol(mortar)
unregistersymbol(mortar_ptr)
dealloc(mortar_ptr)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: MortarController:set_Ammo+10

0A79BA09: 00 00                          -  add [rax],al
0A79BA0B: 00 00                          -  add [rax],al
0A79BA0D: 00 00                          -  add [rax],al
0A79BA0F: 00 55 48                       -  add [rbp+48],dl
0A79BA12: 8B EC                          -  mov ebp,esp
0A79BA14: 56                             -  push rsi
0A79BA15: 57                             -  push rdi
0A79BA16: 48 83 EC 10                    -  sub rsp,10
0A79BA1A: 48 8B F9                       -  mov rdi,rcx
0A79BA1D: 48 8B F2                       -  mov rsi,rdx
// ---------- INJECTING HERE ----------
0A79BA20: 89 B7 A4 00 00 00              -  mov [rdi+000000A4],esi
// ---------- DONE INJECTING  ----------
0A79BA26: 85 F6                          -  test esi,esi
0A79BA28: 0F 8F A8 00 00 00              -  jg 0A79BAD6
0A79BA2E: 48 8B 47 50                    -  mov rax,[rdi+50]
0A79BA32: 48 8B CD                       -  mov rcx,rbp
0A79BA35: 48 83 C1 E0                    -  add rcx,-20
0A79BA39: 48 8B D0                       -  mov rdx,rax
0A79BA3C: 48 83 EC 20                    -  sub rsp,20
0A79BA40: 83 38 00                       -  cmp dword ptr [rax],00
0A79BA43: 49 BB 0D 6C 72 0A 00 00 00 00  -  mov r11,000000000A726C0D
0A79BA4D: 41 FF D3                       -  call r11
}

[Deutschlandlied]

thank you very much

[Deutschlandlied]

hi i just find inf rocks doesnt works for missiles.(it only works for rockets

[fantomas]

hi i just find inf rocks doesnt works for missiles.(it only works for rockets

Ah, ok

Then I'll take a look as soon as I find the latest game version.


Inf ATGM v0.98.5 x64 ONLY!!!

Code: Select all

// Game: Heliborne
// Version: 0.98

[ENABLE]
//ATGMController:Update+23
aobscanregion(infATGM,ATGMController:Update,ATGMController:Update+400,0F8F)

infATGM+01:
  db 8E //jng

registersymbol(infATGM)

[DISABLE]
infATGM+01:
  db 8F //jg

unregistersymbol(infATGM)

{
// ORIGINAL CODE - INJECTION POINT: ATGMController:Update+23

0A7869CF: 00 55 48                       -  add [rbp+48],dl
0A7869D2: 8B EC                          -  mov ebp,esp
0A7869D4: 56                             -  push rsi
0A7869D5: 41 57                          -  push r15
0A7869D7: 48 81 EC 10 01 00 00           -  sub rsp,00000110
0A7869DE: 48 8B F1                       -  mov rsi,rcx
0A7869E1: F3 0F 10 86 90 00 00 00        -  movss xmm0,[rsi+00000090]
0A7869E9: F3 0F 5A C0                    -  cvtss2sd xmm0,xmm0
0A7869ED: F2 0F 2C C0                    -  cvttsd2si eax,xmm0
0A7869F1: 85 C0                          -  test eax,eax
// ---------- INJECTING HERE ----------
0A7869F3: 0F 8F AE 02 00 00              -  jg 0A786CA7
// ---------- DONE INJECTING  ----------
0A7869F9: 48 83 EC 20                    -  sub rsp,20
0A7869FD: 49 BB 30 61 B3 5F 00 00 00 00  -  mov r11,000000005FB36130
0A786A07: 41 FF D3                       -  call r11
0A786A0A: 48 83 C4 20                    -  add rsp,20
0A786A0E: F3 0F 5A C0                    -  cvtss2sd xmm0,xmm0
0A786A12: F3 0F 10 8E 94 00 00 00        -  movss xmm1,[rsi+00000094]
0A786A1A: F3 0F 5A C9                    -  cvtss2sd xmm1,xmm1
0A786A1E: 66 0F 2F C8                    -  comisd xmm1,xmm0
0A786A22: 0F 8A 7F 02 00 00              -  jp 0A786CA7
0A786A28: 0F 83 79 02 00 00              -  jae 0A786CA7
}

[Richy Rich]

Hey this table needs an update with the enhanced edition that just got released please i love this table but it doesnt work anymore and health is uncheckable

[fantomas]

Hey this table needs an update with the enhanced edition that just got released please i love this table but it doesnt work anymore and health is uncheckable

Hey,
The table that I've made for v0.98 is still working fine here - I just have to rewrite it for better compatibility with other systems - Please, check the OP.
But as I only got x64 version, I didn't be able to rewrite the scripts of the x32 version of the table, so if someone of you guys has x32 game version, it would be nice to share these files that I can rewrite these x32 version scripts.
Thanks in advance.
BR
fantomas

--EDIT--

Also, I've only been able to play in offline mode . I know someone asked for Inf Missile script but the missile is only playable if you shoot on a helicopter and I've never found a mission in offline mode that includes a helicopter. So, I didn't be able to made that script, unless some of you knows a mission in offline mode that includes playing against an enemy helicopter?

[markie123]

any chance of a table for v2.0.1

[fantomas]

Code: Select all

- Table updated to support the latest update v2.0.4
- Added Unlock All Helicopters
- Added Unlock All Weapons
- Added Unlock All Defense
- Added Unlock All Camouflage
- Table made for x64 game version ONLY!!!

[GillToFill]

Update 2.20 is out, Inf health and maybe unlock of camo doesn't work but I guess it because of the steam version. Everything else works 100% stable. Thank you for your hard work!

[fantomas]

Update 2.20 is out, Inf health and maybe unlock of camo doesn't work but I guess it because of the steam version. Everything else works 100% stable. Thank you for your hard work!

Hi - I just checked and 'Inf Health' still works fine. I mean, I made the script for offline mode, as I do not support online script, if it is something that you're asking for. Also, the 'Inf Health' script will ONLY allow you to get no damage from any kind of ennemies arms but you will still die if you collide any surface (ground,hill,water) or object... I guess.

BR

fantomas

[matrix501]

Is there anyway to get research points in offline mode so we can get the better equipment in offline mode???