Monster Hunter World (Steam)

[TemptingIcarus]

Oof, overlooked that. It'll be different per system. But its a good thing to use wildcards there as it may change upon restarting your PC.

Thank you for your work. By chance could we get a fresh table with working pointers only? That way it's less confusing and saves people on trial and error. (i.e Crashing). There's no way to back up saves right now due to the encryption.

How to use this cheat table?

1. Install Cheat Engine
2. Double-click the .CT file in order to open it.
3. Click the PC icon in Cheat Engine in order to select the game process.
4. Keep the list.
5. Activate the trainer options by checking boxes or setting values from 0 to 1

[Squall8]

Also, I have started noticing some imperfections with stealthedit. It seems some checks still get through, but they are very few inbetween. And there is a disable issue with at least one of my injection points for invul, and I'm not sure what's causing it. Not to mention its just a damn hassle to work with.

It might be best to wait for Cal's bypass. I'll keep updating some stuff with stealthedit and see if I notice any of the same behavior, but it just doesn't seem like the best option right now.

As of right now, nothing in my old table will work. Whatever Marcus101RR said he updated in his table is the only thing working. I'll probably post whatever I got at the end of the night.

[CoffeeKitty]

Also, I have started noticing some imperfections with stealthedit. It seems some checks still get through, but they are very few inbetween. And there is a disable issue with at least one of my injection points for invul, and I'm not sure what's causing it. Not to mention its just a damn hassle to work with.

It might be best to wait for Cal's bypass. I'll keep updating some stuff with stealthedit and see if I notice any of the same behavior, but it just doesn't seem like the best option right now.

As of right now, nothing in my old table will work. Whatever Marcus101RR said he updated in his table is the only thing working. I'll probably post whatever I got at the end of the night.

i absolutely love you man, thanks a ton

looked around and couldnt find a link, you got a patreon or something?

[Darkedone02]

Well this sucks, I think i became a victim of the corrupted & deleted save files, so everything from my original saves from monster hunter world when I beaten it long before the continue updates and events started popping up, it got removed. i thought it was updated from the cloud but nope.

[TemptingIcarus]

Well this sucks, I think i became a victim of the corrupted & deleted save files, so everything from my original saves from monster hunter world when I beaten it long before the continue updates and events started popping up, it got removed. i thought it was updated from the cloud but nope.

F.

[IcyPurpose99]

Well this sucks, I think i became a victim of the corrupted & deleted save files, so everything from my original saves from monster hunter world when I beaten it long before the continue updates and events started popping up, it got removed. i thought it was updated from the cloud but nope.

I might share you my save once I find a way to rename and edit characters.

[MaytheFlowerFly]

Well this sucks, I think i became a victim of the corrupted & deleted save files, so everything from my original saves from monster hunter world when I beaten it long before the continue updates and events started popping up, it got removed. i thought it was updated from the cloud but nope.

Yeah. There was a big thread on it on the discussion on steam. Some are claiming it had to do with mods, others just how old some of the saves were. One guy claimed to find a way to recover them, maybe this will help?

I recovered my character by unofficial way.
I am not responsible for any problems that may arise from following this method.

1. backup and copy your old save data from C:\Program Files (x86)\Steam\userdata\[????]\582010\remote or [Link]
2. download MHWSaveTransfer from https://www.fearlessrevolution.com/monsterhunter ... ?tab=files
3. download normal save data from https://www.fearlessrevolution.com/monsterhunter ... ?tab=files
I will move my character to this file.
4. run MHWSaveTransfer
5. File - Open SaveData - Select normal save data in step 3
6. Change SteamID to yours. The number in your profile page address url is your SteamID.
7. File - Import Save Data - Select your old save data
8. Use drag and drop to move your character to the left.
9. File - Save SaveData - Save file to any directory and copy to C:\Program Files (x86)\Steam\userdata\[????]\582010\remote
10. run game
11. Since the settings have been initialized, and errors related to keyboard settings may occur. You need to reset the settings. Change language setting first and reset the settings.
12. done.

[caliber1942]

Also, I have started noticing some imperfections with stealthedit. It seems some checks still get through, but they are very few inbetween. And there is a disable issue with at least one of my injection points for invul, and I'm not sure what's causing it. Not to mention its just a damn hassle to work with.

It might be best to wait for Cal's bypass. I'll keep updating some stuff with stealthedit and see if I notice any of the same behavior, but it just doesn't seem like the best option right now.

As of right now, nothing in my old table will work. Whatever Marcus101RR said he updated in his table is the only thing working. I'll probably post whatever I got at the end of the night.

Game still has the hard-coded CRC checks. There are 58 of them. What was added in this version was resetting of VEH bp's to destroy any breakpoint, which people have already posted the SetThreadContext calls the game is doing which is essential part of VEH breakpoint process:

[Link]

This is the second title I've come across lately that is doing this or similar to either detect VEH and crash game or to affect breakpointing.

At any rate, the second thing they added was 24 threads that are actively scanning at all times various sections of code. They run one after the next and then repeat, each one suspend then unsuspend the next one every 5 seconds or so.


LIST OF THREAD SCANNERS
============================

MonsterHunterWorld.exe!Ordinal299+0x18c56c0
MonsterHunterWorld.exe!Ordinal299+0x18c83b0
MonsterHunterWorld.exe!Ordinal299+0x18cb0a0
MonsterHunterWorld.exe!Ordinal299+0x18cdd90
MonsterHunterWorld.exe!Ordinal299+0x18d0a80
MonsterHunterWorld.exe!Ordinal299+0x18d3770
MonsterHunterWorld.exe!Ordinal299+0x18d6460
MonsterHunterWorld.exe!Ordinal299+0x18d9150
MonsterHunterWorld.exe!Ordinal299+0x18dbe40
MonsterHunterWorld.exe!Ordinal299+0x18deb30
MonsterHunterWorld.exe!Ordinal299+0x18e1820
MonsterHunterWorld.exe!Ordinal299+0x18e4510
MonsterHunterWorld.exe!Ordinal299+0x18e7200
MonsterHunterWorld.exe!Ordinal299+0x18e9ef0
MonsterHunterWorld.exe!Ordinal299+0x18ecbe0
MonsterHunterWorld.exe!Ordinal299+0x18ef8d0
MonsterHunterWorld.exe!Ordinal299+0x18f25c0 <--- this is example, but they are all similar
MonsterHunterWorld.exe!Ordinal299+0x18f52b0
MonsterHunterWorld.exe!Ordinal299+0x18f7fa0
MonsterHunterWorld.exe!Ordinal299+0x18fac90
MonsterHunterWorld.exe!Ordinal299+0x18fd980
MonsterHunterWorld.exe!Ordinal299+0x1900670
MonsterHunterWorld.exe!Ordinal299+0x1903360
MonsterHunterWorld.exe!Ordinal299+0x1906050


EXAMPLE SNIPPET OF ONE OF THE SCANNING THREADS
================================================

MonsterHunterWorld.exe+18F25C0 - E9 2BD7231D - jmp MonsterHunterWorld.exe+1EB2FCF0 <-- thread starts here but jumps to code

MonsterHunterWorld.exe+1EB2FCF0 - 48 8D 64 24 F8 - lea rsp,[rsp-08]
MonsterHunterWorld.exe+1EB2FCF5 - 48 89 2C 24 - mov [rsp],rbp
MonsterHunterWorld.exe+1EB2FCF9 - 48 83 EC 08 - sub rsp,08 { 8 }
MonsterHunterWorld.exe+1EB2FCFD - 48 89 1C 24 - mov [rsp],rbx
MonsterHunterWorld.exe+1EB2FD01 - 48 8D AC 24 B8F0FFFF - lea rbp,[rsp-00000F48]
MonsterHunterWorld.exe+1EB2FD09 - 41 53 - push r11
MonsterHunterWorld.exe+1EB2FD0B - 44 89 D8 - mov eax,r11d
MonsterHunterWorld.exe+1EB2FD0E - 67 45 8D 9B B8EFFFFF - lea r11d,[r11-00001048]
MonsterHunterWorld.exe+1EB2FD16 - 44 29 D8 - sub eax,r11d
MonsterHunterWorld.exe+1EB2FD19 - 4C 8B 1C 24 - mov r11,[rsp]
MonsterHunterWorld.exe+1EB2FD1D - 48 89 04 24 - mov [rsp],rax
MonsterHunterWorld.exe+1EB2FD21 - 48 8D 05 37BEE703 - lea rax,[MonsterHunterWorld.exe+229ABB5F] { (72) }
MonsterHunterWorld.exe+1EB2FD28 - FF E0 - jmp rax
MonsterHunterWorld.exe+1EB2FD2A - 66 45 31 DB - xor r11w,r11w
MonsterHunterWorld.exe+1EB2FD2E - 66 44 0B 5D 9C - or r11w,[rbp-64]
MonsterHunterWorld.exe+1EB2FD33 - 41 53 - push r11
MonsterHunterWorld.exe+1EB2FD35 - 49 F7 D3 - not r11
MonsterHunterWorld.exe+1EB2FD38 - 49 81 CB 0000FFFF - or r11,FFFFFFFFFFFF0000 { (603232512) }
MonsterHunterWorld.exe+1EB2FD3F - 4C 21 1C 24 - and [rsp],r11
MonsterHunterWorld.exe+1EB2FD43 - 41 5B - pop r11
MonsterHunterWorld.exe+1EB2FD45 - 66 41 81 C3 6C2E - add r11w,2E6C { 11884 }
MonsterHunterWorld.exe+1EB2FD4B - F9 - stc
MonsterHunterWorld.exe+1EB2FD4C - 66 44 87 5D 9C - xchg [rbp-64],r11w
MonsterHunterWorld.exe+1EB2FD51 - 52 - push rdx
MonsterHunterWorld.exe+1EB2FD52 - 4C 8D 1D 232EA900 - lea r11,[MonsterHunterWorld.exe+1F5C2B7C] { (429850624) }
MonsterHunterWorld.exe+1EB2FD59 - 48 8D 64 24 F8 - lea rsp,[rsp-08]
MonsterHunterWorld.exe+1EB2FD5E - 4C 89 14 24 - mov [rsp],r10
MonsterHunterWorld.exe+1EB2FD62 - 49 FF CB - dec r11
MonsterHunterWorld.exe+1EB2FD65 - 49 81 D3 11AC7183 - adc r11,FFFFFFFF8371AC11 { (0) }
MonsterHunterWorld.exe+1EB2FD6C - 49 8D 93 EF538E7C - lea rdx,[r11+7C8E53EF]
MonsterHunterWorld.exe+1EB2FD73 - 49 F7 D2 - not r10
MonsterHunterWorld.exe+1EB2FD76 - 4C 21 14 24 - and [rsp],r10
MonsterHunterWorld.exe+1EB2FD7A - 4C 8B 14 24 - mov r10,[rsp]
MonsterHunterWorld.exe+1EB2FD7E - 48 83 C4 08 - add rsp,08 { 8 }
MonsterHunterWorld.exe+1EB2FD82 - 4D 89 D3 - mov r11,r10
MonsterHunterWorld.exe+1EB2FD85 - 4C 33 1A - xor r11,[rdx]
MonsterHunterWorld.exe+1EB2FD88 - 49 D1 DB - rcr r11,1
MonsterHunterWorld.exe+1EB2FD8B - 4C 13 12 - adc r10,[rdx]
MonsterHunterWorld.exe+1EB2FD8E - 49 D1 DA - rcr r10,1
MonsterHunterWorld.exe+1EB2FD91 - 48 8B 14 24 - mov rdx,[rsp]
MonsterHunterWorld.exe+1EB2FD95 - 4C 89 34 24 - mov [rsp],r14
MonsterHunterWorld.exe+1EB2FD99 - 4C 8D 35 A6881B01 - lea r14,[MonsterHunterWorld.exe+1FCE8646] { (0) }
MonsterHunterWorld.exe+1EB2FDA0 - 4D 01 DA - add r10,r11
MonsterHunterWorld.exe+1EB2FDA3 - 41 56 - push r14
MonsterHunterWorld.exe+1EB2FDA5 - 48 81 0C 24 7AE5A1CC - or qword ptr [rsp],FFFFFFFFCCA1E57A { (0) }
MonsterHunterWorld.exe+1EB2FDAD - 49 81 E6 7AE5A1CC - and r14,FFFFFFFFCCA1E57A { (0) }
MonsterHunterWorld.exe+1EB2FDB4 - 4C 03 34 24 - add r14,[rsp]
MonsterHunterWorld.exe+1EB2FDB8 - 48 8D 64 24 08 - lea rsp,[rsp+08]
MonsterHunterWorld.exe+1EB2FDBD - 4D 8B 9E 861A5E33 - mov r11,[r14+335E1A86]
MonsterHunterWorld.exe+1EB2FDC4 - 4C 8B 34 24 - mov r14,[rsp]
MonsterHunterWorld.exe+1EB2FDC8 - 48 89 0C 24 - mov [rsp],rcx
MonsterHunterWorld.exe+1EB2FDCC - 49 8D 8B 90000000 - lea rcx,[r11+00000090]
MonsterHunterWorld.exe+1EB2FDD3 - 56 - push rsi
MonsterHunterWorld.exe+1EB2FDD4 - 48 8D 31 - lea rsi,[rcx]
MonsterHunterWorld.exe+1EB2FDD7 - 48 81 EE 1A162FC5 - sub rsi,FFFFFFFFC52F161A { (0) }
MonsterHunterWorld.exe+1EB2FDDE - 48 83 EC 08 - sub rsp,08 { 8 }
MonsterHunterWorld.exe+1EB2FDE2 - 48 89 04 24 - mov [rsp],rax
MonsterHunterWorld.exe+1EB2FDE6 - 48 8D 86 1E162FC5 - lea rax,[rsi-3AD0E9E2]
MonsterHunterWorld.exe+1EB2FDED - 48 05 2C23B98E - add rax,FFFFFFFF8EB9232C { (0) }
MonsterHunterWorld.exe+1EB2FDF3 - 8B 88 D4DC4671 - mov ecx,[rax+7146DCD4]
MonsterHunterWorld.exe+1EB2FDF9 - 58 - pop rax


MonsterHunterWorld.exe+19C2260D - 49 81 EE E370A2AB - sub r14,FFFFFFFFABA270E3 { (0) }
MonsterHunterWorld.exe+19C22614 - 49 8B 96 E370A2AB - mov rdx,[r14-545D8F1D]
MonsterHunterWorld.exe+19C2261B - 4C 8B 34 24 - mov r14,[rsp]
MonsterHunterWorld.exe+19C2261F - 48 83 EC F8 - sub rsp,-08 { 248 }
MonsterHunterWorld.exe+19C22623 - 48 83 C4 08 - add rsp,08 { 8 }
MonsterHunterWorld.exe+19C22627 - E9 FF4DAF06 - jmp MonsterHunterWorld.exe+2071742B
MonsterHunterWorld.exe+19C2262C - 41 56 - push r14
MonsterHunterWorld.exe+19C2262E - 48 01 D0 - add rax,rdx
MonsterHunterWorld.exe+19C22631 - C3 - ret

So this is 24 scanners, only one of which is working at any time, that are scanning the .exe over and over. Seems to be about 1.2-3.5 % of the total CPU usage of the game, so it definitely adds CPU processing cost to be scanning like this, but that's the nature of today's games, I guess. Throw a thread or three that are chewing up CPU cycles to scan the .exe constantly.

58 hard coded scanners, 24 thread scanners. Twice the work each patch, and differing code necessary.

At any rate, I've updated the bypass and will post momentarily.

You still need to manually bypass SetThreadContext to be able to breakpoint if you are reversing the game, but this allows you to write onto the game .exe in live memory without scanners/CRC crashing the game, like before.

Posting in a few mins.

best,
Cal

[caliber1942]

CRC bypass MHW Version 399335 10.12.00

run program, follow instructions, leave running until you are ready to quit game

password:
frf

best,
Cal

[TemptingIcarus]

CRC bypass MHW Version 399335 10.12.00

run program, follow instructions, leave running until you are ready to quit game

password:
frf

best,
Cal

We are not worthy. <3

[CoffeeKitty]

i've got a near 100% save i could toss your way darkedone, i dont know if you can validate it properly though

[Darkedone02]

There are alot of saves used that are 100% out there before iceborne.

[karenaki]

dos the infinte gather still work? if not will it be fixed soon?

[chaos915]

I did a bit of testing a few scripts from the pre-Iceborne table, and some scripts still appear to work.
Infinite Stamina, inf slinger(clutch claw consumes them all, but just still infinite for normal usage), all monsters shown on map.

Easily break monster parts still activates, but doesn't work.

The following scripts won't turn on:
Invulnerable,Inf Item use, max sharpness, inf mantle, all the no Cooldown codes, inf. damage taken for vit. mantle, inf lucky vouchers, character pointers, ignore crafting requirements, highlighted item pointer, Inf gathering

[Shtool]

F for max sharpness