Unlimited Health
Unlimited Items
No Reload
Invisibility
Master of the Wind
Burn Them!
Timeless
Big Mouth
Hunter
Endurance Challenge
Wanted
Veterans
Cailleach's Gift
Unlimited Resources
Unlimited Selling (Sell Cargo for Money)
Naval Missions Instantly Complete
Naval Missions Instantly Available
No Fall Damage
Teleport Script:
Save Current Location (Hotkey 'F5')
Load Saved Position (Hotkey 'F8')
Teleport to Waypoint (Hotkey 'F9')
Use Alternate Z-Axis for Waypoint
Time of Day Script:
Pointer for the 24-Hour Value
Adjust value using '[' and ']' hotkey
Freeze Time of Day
Camera Script:
Hotkeys 'G' and 'J' to Move Left and Right
Hotkeys 'Y' and 'H' to Move Forward and Backward
Hotkeys 'T' and 'U' to Move Up and Down
Hotkeys '+' and '-' to Zoom In and Out
Allow Saves While Using In-Game Cheats
Unlock All In-Game Cheats
Complete All Challenges
Tested on the CODEX release.
Special thanks to jim2point0, SunBeam, and gir489 for their contributions and insight!
---------------------------------------
Sunbeam's Table
[ 28.03.2015 - Update #1]
Release of the first version of the handler, along with anti-save disabled when using cheats.
How it works:
1. Open table in CE and activate [DebugMenu].
2. Enter game - OR - teleport to a waypoint - OR - die - OR - anything that (re)loads a map. The pointer I need is acquired when pre-loading the game.
3. Check CE and pContext should now point to a valid address, instead of "??".
4. Activate [CheatHandler] script.
5. Back in game, use the following (default) options or modify the handler to add your own:
6. Note that whenever you load/reload the game (or teleport to Ctrl locations), the cheat is disabled. The same thing happens after some cutscenes. Keep an eye out Smile You'll have to use the hotkey again.
Let me know if you have any issues. Now I can move on to Unity.
[ 20.03.2015 ]
Similar to this thread, releasing the Cheat Handler that operates some of the internal Debug Menu functions. Extra, windowed mode and a disabler for the in-game save game disabler, when using cheats. I am using this release for now: Assassins.Creed.Rogue.v1.1.0.Steam.Deluxe.Edition.Cracked-3DM. Will move to the official one if I consider it's worth spending le bucks on it Smile
Posting as I progress, throughout the day.
[ Windowed Mode ]
I started with running the game executable (ACC.exe) in x64_dbg and breaking on CreateWindowExA. We're interested in this function:
Now, the BOOL we're looking to change is (in my case) the value stored in 0x14329BB73. This value is 0 upon opening the executable, gets set to 1 further along and game starts in fullscreen mode. If you're to set it to 0, you get windowed mode.
Since I couldn't manage getting x64_dbg to break on what writes value 1 to that BOOL, I did this instead:
- open game executable in x64_dbg;
- press F9 or Shift+F9 one or two times so you get to OEP:
Code:
0000000140E5E214 | 48 83 EC 28 | SUB RSP,28 |
- open up CE and target same game executable (ACC.exe);
- open Memory View and patch OEP to infinite loop (EB FE);
- detach from executable in x64_dbg (Ctrl+Alt+F2) - doing this will run the executable automatically;
- back in CE, set a breakpoint on OEP;
- CE breaks;
- add 14329BB73 to list and "Find out what writes to this address";
- remove breakpoint on OEP, patch back the instruction to "sub rsp,28";
- hit F9 so game starts;
[ P.S.: You will ask "why patch to infinite loop and not detach from the beginning leaving CE to debug the game?". If you detach without the infinite loop, game starts. Also, you cannot set a breakpoint on OEP in CE and then detach in x64_dbg - breakpoint never finishes being set, since game is paused in another debugger. Once you detach and game starts, only then will the CE breakpoint work. But by then, it's already too late. ]
Once you do the above steps, this happens:
I'm guessing now you know what to patch Wink Similar to the AC4 patch, you'll have to change that 1 to 0 at 14009D9D5 (in my case). A way to do it is looking for the pattern to it in a hex editor such as Hex Workshop:
Code:
14009D9D5 - 66 C7 83 131B0000 0100 - mov word ptr [rbx+00001B13],0001
And this is the final result, once patching (remember to create a backup of ACC.exe first!) and setting resolution to 800x600:
[ Disable save-game disabler ]
Past the Abstergo rebooting and gay tutorial inland with the trio, managed to get on the Morrigan. Once by sea, don't remember what I did, but game let me know that cheats are now available. The whole explanation of the cheat system and how it works in AC4 is detailed in the thread indicated in the beginning of this post.
I started with looking for PreCheatSaveGame string in x64_dbg:
Checking out the references for function's prologue leads me to this:
Backtraced some more to find the caller for the pointer we're going to use to access all of the cheats Wink And found its location here:
First things first. To disable the god damn disabler, you will have to tamper SETE AL instruction. Whenever AL is 0, SETE AL makes it 1. If it's 1, it will make it 0. Whenever you enable a cheat, this function is called in upon pressing Esc to exit Cheats menu. You can imagine how the shifting works.
As such, SETE AL has to become XOR AL,AL (we'll always keep it 0):
Code:
0000000140F211C9 | 0F 94 C0 | SETE AL |
to:
Code:
0000000140F211C9 | 30 C0 | XOR AL,AL |
0000000140F211CB | 90 | NOP |
Now, on with building up the cheats table. As I was saying, base pointer is acquired here:
Code:
0000000140EF0C70 | 48 8B 05 41 7B 40 02 | MOV RAX,QWORD PTR DS:[1432F87B8] |
0000000140EF0C77 | C3 | RET |
In my case, address it holds is 0x166C5320.
Further along, this address gets adjusted:
Code:
0000000140F21470 | 48 83 C1 40 | ADD RCX,40 | <--
0000000140F21474 | E9 27 FD FF FF | JMP acc.140F211A0 |
After which, inside this function, will be offsetted with 0x1B8:
Next cheat address would be at:
Code:
0000000140F20F86 | 48 83 C3 20 | ADD RBX,20 |
And, apparently, there are 14 cheats?
Code:
0000000140F20F8A | 83 FF 0E | CMP EDI,E |
You have the table attached
BR,
Sun
How to use this cheat table?
- Install Cheat Engine
- Double-click the .CT file in order to open it.
- Click the PC icon in Cheat Engine in order to select the game process.
- Keep the list.
- Activate the trainer options by checking boxes or setting values from 0 to 1
