Metal Gear Solid V

[ananth]

Can you put a video on how you arrived at the address. That could help me with other games as well. If you could do a video with mgsv that would help.

How to use this cheat table?

1. Install Cheat Engine
2. Double-click the .CT file in order to open it.
3. Click the PC icon in Cheat Engine in order to select the game process.
4. Keep the list.
5. Activate the trainer options by checking boxes or setting values from 0 to 1

[ananth]

Sorry I meant the address for invisibility alone.

[DrWolfman]

ananth, |

I really hope you can get an update for that information about the address for invisibility--- I know that's something that has been broken for months (since the Play as Ocelot Update). I have been checking this thread whenever I think about it, hoping that can be updated.

Kalas told me that the invisibility was not his work and suggested contacting Celios for info on the invisibility address?

Wish I could personally help you more

Best regards,

[DeadCraft]

Invisibility I fixed myself from the first days. But only for personal use
At least somehow online has become brisk

[TimFun13]

I don't know where the hell I got this, but with this script:

Code: Select all

{Game  : mgsvtpp.exe
Version: 1.09}
[ENABLE]
aobscanmodule(nd_aob,mgsvtpp.exe,89 8F 98 00 00 00 44 89 6C 24 28) // should be unique
alloc(newmem,$1000,"mgsvtpp.exe"+140E6408)
alloc(originalbytes,12)
alloc(memlocation,100)
alloc(valueadd,100)
registersymbol(originalbytes)

label(return)

memlocation:
 dd 0

valueadd:
  dd (float)1000

originalbytes:
  readmem(nd_aob,12)

newmem:
  mov [memlocation],ecx
  fld dword ptr [memlocation]
  fadd dword ptr [valueadd]
  fstp dword ptr [memlocation]
  mov ecx,[memlocation]
  mov [rdi+00000098],ecx
  jmp return

nd_aob:
  jmp newmem
  nop
return:
registersymbol(nd_aob)

[DISABLE]
nd_aob:
  readmem(originalbytes,12)

unregistersymbol(nd_aob)
unregistersymbol(originalbytes)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "mgsvtpp.exe"+40E6408

"mgsvtpp.exe"+40E63DD: 48 8B 86 C8 00 00 00        -  mov rax,[rsi+000000C8]
"mgsvtpp.exe"+40E63E4: 4C 8B 01                    -  mov r8,[rcx]
"mgsvtpp.exe"+40E63E7: F3 0F 10 14 98              -  movss xmm2,[rax+rbx*4]
"mgsvtpp.exe"+40E63EC: 41 FF 50 08                 -  call qword ptr [r8+08]
"mgsvtpp.exe"+40E63F0: 48 8B 86 D0 00 00 00        -  mov rax,[rsi+000000D0]
"mgsvtpp.exe"+40E63F7: 44 8B 7C 24 40              -  mov r15d,[rsp+40]
"mgsvtpp.exe"+40E63FC: 8B 0C 98                    -  mov ecx,[rax+rbx*4]
"mgsvtpp.exe"+40E63FF: 41 FF C5                    -  inc r13d
"mgsvtpp.exe"+40E6402: 41 D1 C7                    -  rol r15d,1
"mgsvtpp.exe"+40E6405: 48 FF C3                    -  inc rbx
// ---------- INJECTING HERE ----------
"mgsvtpp.exe"+40E6408: 89 8F 98 00 00 00           -  mov [rdi+00000098],ecx
// ---------- DONE INJECTING  ----------
"mgsvtpp.exe"+40E640E: 44 89 6C 24 28              -  mov [rsp+28],r13d
"mgsvtpp.exe"+40E6413: 44 89 7C 24 40              -  mov [rsp+40],r15d
"mgsvtpp.exe"+40E6418: 48 89 5C 24 50              -  mov [rsp+50],rbx
"mgsvtpp.exe"+40E641D: 44 3B 6C 24 60              -  cmp r13d,[rsp+60]
"mgsvtpp.exe"+40E6422: 0F 82 3C E9 FF FF           -  jb mgsvtpp.exe+40E4D64
"mgsvtpp.exe"+40E6428: 31 C0                       -  xor eax,eax
"mgsvtpp.exe"+40E642A: 44 8D 40 01                 -  lea r8d,[rax+01]
"mgsvtpp.exe"+40E642E: 83 7C 24 60 00              -  cmp dword ptr [rsp+60],00
"mgsvtpp.exe"+40E6433: 0F 28 05 C6 07 F3 FD        -  movaps xmm0,[mgsvtpp.exe+2016C00]
"mgsvtpp.exe"+40E643A: 89 C7                       -  mov edi,eax
}

And after many tries, I was able to come up with this byte scan pattern (At the very bottom):

Code: Select all

31xx44xxxxxx83xxxxxxxx0Fxxxxxxxxxxxx

And found the code that had shifted.

Here is my working script:

Code: Select all

{
	Process			: mgsvtpp.exe  -  (x64)
	Module			: vstdlib_s64.dll  -  000000000006B000
	Game Title		: Metal Gear Solid 5 Phantom Pain
	Game Version	: 1.0.12.0
	CE Version		: 6.7
	Script Version	: 0.0.1
	Date			: 01/10/18
	Author			: ShyTwig16
	Name			: VisiblityHook

	Visiblity Hook
}


define(address, mgsvtpp.exe+41FC2DB)
define(bytes, 89 8F 98 00 00 00)

////
//// ------------------------------ ENABLE ------------------------------
[ENABLE]
aobScanModule(aobVisiblityHook, mgsvtpp.exe, 89xxxxxxxxxx89xxxxxx44xxxxxxxx48xxxxxxxx3Bxxxxxx0F82xxxxxxxx31xx44xxxxxx83xxxxxxxx0F28xxxxxxxxxx41xxxx48xxxx44xxxxC6xxxxxxxx0F29xxxx89xxxxxx0F86xxxxxxxxF3xxxxxxxxxxF3xxxxxxxxxxF3xxxxxxxxxxF3xxxxxxxxxxxxxxxx)
define(injVisiblityHook, aobVisiblityHook)
assert(injVisiblityHook, bytes)
registerSymbol(injVisiblityHook)

alloc(memVisiblityHook, 0x400, injVisiblityHook)

label(ptrVisiblityHook)
registerSymbol(ptrVisiblityHook)

label(n_code)
label(o_code)
label(exit)
label(return)

memVisiblityHook:
	ptrVisiblityHook:
		dq 0
	n_code:
		mov [ptrVisiblityHook],rdi
		mov ecx,(float)10000
	o_code:
		mov [rdi+00000098],ecx
	exit:
		jmp return


////
//// ---------- Injection Point ----------
injVisiblityHook:
	jmp n_code
	nop
	return:


////
//// ------------------------------ DISABLE ------------------------------
[DISABLE]
////
//// ---------- Injection Point ----------
injVisiblityHook:
	db bytes

unregisterSymbol(injVisiblityHook)
unregisterSymbol(ptrVisiblityHook)

dealloc(memVisiblityHook)

{
//// Injection Point: mgsvtpp.exe+41FC2DB  -  00000001441FC2DB
//// Process: mgsvtpp.exe  -  0000000140000000
//// Module: vstdlib_s64.dll  -  0000000073690000
mgsvtpp.exe+41FC27D:  66 89 8F 8C000000           -  mov [rdi+0000008C],cx              
mgsvtpp.exe+41FC284:  49 8B 85 90000000           -  mov rax,[r13+00000090]             
mgsvtpp.exe+41FC28B:  8B 14 B0                    -  mov edx,[rax+rsi*4]                
mgsvtpp.exe+41FC28E:  49 8B 85 88000000           -  mov rax,[r13+00000088]             
mgsvtpp.exe+41FC295:  8B 0C B0                    -  mov ecx,[rax+rsi*4]                
mgsvtpp.exe+41FC298:  89 97 94000000              -  mov [rdi+00000094],edx             
mgsvtpp.exe+41FC29E:  89 DA                       -  mov edx,ebx                        
mgsvtpp.exe+41FC2A0:  89 8F 90000000              -  mov [rdi+00000090],ecx             
mgsvtpp.exe+41FC2A6:  49 8B 46 50                 -  mov rax,[r14+50]                   
mgsvtpp.exe+41FC2AA:  48 8B 88 30010000           -  mov rcx,[rax+00000130]             
mgsvtpp.exe+41FC2B1:  49 8B 85 C8000000           -  mov rax,[r13+000000C8]             
mgsvtpp.exe+41FC2B8:  4C 8B 01                    -  mov r8,[rcx]                       
mgsvtpp.exe+41FC2BB:  F3 0F10 14 B0               -  movss xmm2,[rax+rsi*4]             
mgsvtpp.exe+41FC2C0:  41 FF 50 08                 -  call qword ptr [r8+08]             
mgsvtpp.exe+41FC2C4:  49 8B 85 D0000000           -  mov rax,[r13+000000D0]             
mgsvtpp.exe+41FC2CB:  44 8B 7C 24 40              -  mov r15d,[rsp+40]                  
mgsvtpp.exe+41FC2D0:  8B 0C B0                    -  mov ecx,[rax+rsi*4]                
mgsvtpp.exe+41FC2D3:  FF C3                       -  inc ebx                            
mgsvtpp.exe+41FC2D5:  41 D1 C7                    -  rol r15d,1                         
mgsvtpp.exe+41FC2D8:  48 FF C6                    -  inc rsi                            
////  INJECTING START  ----------------------------------------------------------
mgsvtpp.exe+41FC2DB:  89 8F 98000000              -  mov [rdi+00000098],ecx             
////  INJECTING END  ----------------------------------------------------------
mgsvtpp.exe+41FC2E1:  89 5C 24 2C                 -  mov [rsp+2C],ebx                   
mgsvtpp.exe+41FC2E5:  44 89 7C 24 40              -  mov [rsp+40],r15d                  
mgsvtpp.exe+41FC2EA:  48 89 74 24 50              -  mov [rsp+50],rsi                   
mgsvtpp.exe+41FC2EF:  3B 5C 24 60                 -  cmp ebx,[rsp+60]                   
mgsvtpp.exe+41FC2F3:  0F82 3BE9FFFF               -  jb 1441FAC34                       
mgsvtpp.exe+41FC2F9:  31 C0                       -  xor eax,eax                        
mgsvtpp.exe+41FC2FB:  44 8D 40 01                 -  lea r8d,[rax+01]                   
mgsvtpp.exe+41FC2FF:  83 7C 24 60 00              -  cmp dword ptr [rsp+60],00          
mgsvtpp.exe+41FC304:  0F28 05 55BEE9FD            -  movaps xmm0,[142098160]            [(float)1.0000]
mgsvtpp.exe+41FC30B:  41 89 C7                    -  mov r15d,eax                       
mgsvtpp.exe+41FC30E:  48 89 C7                    -  mov rdi,rax                        
mgsvtpp.exe+41FC311:  44 89 C0                    -  mov eax,r8d                        
mgsvtpp.exe+41FC314:  C6 44 24 20 01              -  mov byte ptr [rsp+20],01           
mgsvtpp.exe+41FC319:  0F29 45 80                  -  movaps [rbp-80],xmm0               
mgsvtpp.exe+41FC31D:  89 44 24 3C                 -  mov [rsp+3C],eax                   
mgsvtpp.exe+41FC321:  0F86 D1090000               -  jbe 1441FCCF8                      
mgsvtpp.exe+41FC327:  F3 44 0F10 6D 88            -  movss xmm13,[rbp-78]               
mgsvtpp.exe+41FC32D:  F3 44 0F10 75 84            -  movss xmm14,[rbp-7C]               
mgsvtpp.exe+41FC333:  F3 44 0F10 7D 80            -  movss xmm15,[rbp-80]               
mgsvtpp.exe+41FC339:  F3 44 0F10 25 865EF1FD      -  movss xmm12,[1421121C8]            [(float)-0.1000]
//// Template: I2CEA_AOBFullInjectionWithValues
//// Generated with: I2 Cheat Engine Auto Assembler Script Template Generator
//// Code Happy, Code Freely, Be Awesome.
}

{// 31xx44xxxxxx83xxxxxxxx0Fxxxxxxxxxxxx
// ORIGINAL CODE - INJECTION POINT: "mgsvtpp.exe"+40E6408

"mgsvtpp.exe"+40E63DD: 48 8B 86 C8 00 00 00        -  mov rax,[rsi+000000C8]
"mgsvtpp.exe"+40E63E4: 4C 8B 01                    -  mov r8,[rcx]
"mgsvtpp.exe"+40E63E7: F3 0F 10 14 98              -  movss xmm2,[rax+rbx*4]
"mgsvtpp.exe"+40E63EC: 41 FF 50 08                 -  call qword ptr [r8+08]
"mgsvtpp.exe"+40E63F0: 48 8B 86 D0 00 00 00        -  mov rax,[rsi+000000D0]
"mgsvtpp.exe"+40E63F7: 44 8B 7C 24 40              -  mov r15d,[rsp+40]
"mgsvtpp.exe"+40E63FC: 8B 0C 98                    -  mov ecx,[rax+rbx*4]
"mgsvtpp.exe"+40E63FF: 41 FF C5                    -  inc r13d
"mgsvtpp.exe"+40E6402: 41 D1 C7                    -  rol r15d,1
"mgsvtpp.exe"+40E6405: 48 FF C3                    -  inc rbx
// ---------- INJECTING HERE ----------
"mgsvtpp.exe"+40E6408: 89 8F 98 00 00 00           -  mov [rdi+00000098],ecx
// ---------- DONE INJECTING  ----------
"mgsvtpp.exe"+40E640E: 44 89 6C 24 28              -  mov [rsp+28],r13d
"mgsvtpp.exe"+40E6413: 44 89 7C 24 40              -  mov [rsp+40],r15d
"mgsvtpp.exe"+40E6418: 48 89 5C 24 50              -  mov [rsp+50],rbx
"mgsvtpp.exe"+40E641D: 44 3B 6C 24 60              -  cmp r13d,[rsp+60]
"mgsvtpp.exe"+40E6422: 0F 82 3C E9 FF FF           -  jb mgsvtpp.exe+40E4D64
"mgsvtpp.exe"+40E6428: 31 C0                       -  xor eax,eax
"mgsvtpp.exe"+40E642A: 44 8D 40 01                 -  lea r8d,[rax+01]
"mgsvtpp.exe"+40E642E: 83 7C 24 60 00              -  cmp dword ptr [rsp+60],00
"mgsvtpp.exe"+40E6433: 0F 28 05 C6 07 F3 FD        -  movaps xmm0,[mgsvtpp.exe+2016C00]
"mgsvtpp.exe"+40E643A: 89 C7                       -  mov edi,eax
}

So who ever's script the first one was, thank you for having the original code in the script.

Because I was not finding that value for some reason!

Again thank you!

[Razer1991]

Anyone knows how to find the base address for the enemy preparadness? (the icons you see of the map, soldiers using helmets, etc) i tried with the pointer scan method but didn't work i also tried to "extract" the base address using the globalalloc in my auto assembler script but that didn't work either. The problem is that the address change everytime i open the game again i know the values goes from 0 to 3 so is kinda "easy" to find it and the address i find always end with 90/91/92/93/94/95 but still i can't find any method to get the base address from it if anyone knows and can tell me it would be great

[ToolboyNIN39]

Another thing I was able to update on my own was the AOBscan for the reward editor. Old one was: 80 B8 30 30 00 00 00. The updated version I found was just one byte off: 80 B8 31 30 00 00 00. Only problem is I don't know how they handle quantities in it, now. Not sure if there are new offsets in the last updates or if the offset for quantity has changed since then. Most of the offsets are correct and true. Just "quantity" is the only one, so far, that does not seem to work. If this itty bitty update helps you, then Happy Gaming. If someone can point out how to tweak the quantity in rewards, that'd be awsum and appreciated. I know we can just edit our roster and edit our current resources, but I just thought that updating this bit would be nice for whatever reason folks might have for wanting to use this particular method.

[snake.0]

is possible, one cheat table for, metal gear solid v ground zeroes v1.0.0.5

[snake.0]

Thank you Very Much

[TimFun13]

No worries, edited my last post with an update. It has some directions for the teleporter, plus an improved "Weapon Accuracy Hook".

Do let me know if the table is working or not, please.

[pk5547]

No worries, edited my last post with an update. It has some directions for the teleporter, plus an improved "Weapon Accuracy Hook".

Do let me know if the table is working or not, please.

Thanks for table. But I got error when loading table.

I have steam version of MGSV GZ (JAP VOICE).

Error:[string "--[==========================================..."]:461: attempt to index a nil value (global 'MainForm')
Error:[string "--[==========================================..."]:491: attempt to call a nil value (global 'getAddressSafe')

[snake.0]

to metal gear ground zeroes v1.0.0.5 with cheat table is possible freeze mission timer to 0:00

[TimFun13]

Thanks for table. But I got error when loading table.

I have steam version of MGSV GZ (JAP VOICE).

Error:[string "--[==========================================..."]:461: attempt to index a nil value (global 'MainForm')
Error:[string "--[==========================================..."]:491: attempt to call a nil value (global 'getAddressSafe')

"MainForm" and "getAddressSafe" are new to Cheat Engine, I don't remember what version, but mine requires 6.7 for "autoAssembleCheck", I forgot to put in the version check.

So you will have to down load the new version of Cheat Engine.

[TimFun13]

to metal gear ground zeroes v1.0.0.5 with cheat table is possible freeze mission timer to 0:00

I see if I can find it.

[pk5547]

Thanks for table. But I got error when loading table.

I have steam version of MGSV GZ (JAP VOICE).

Error:[string "--[==========================================..."]:461: attempt to index a nil value (global 'MainForm')
Error:[string "--[==========================================..."]:491: attempt to call a nil value (global 'getAddressSafe')

"MainForm" and "getAddressSafe" are new to Cheat Engine, I don't remember what version, but mine requires 6.7 for "autoAssembleCheck", I forgot to put in the version check.

So you will have to down load the new version of Cheat Engine.

Sorry for annoying you. i install CE 6.7 and got a another error....

I2Logger.I2CETC: autoAssembleFile: Error assembling file: "CoordHook.CEA"