There was a mod, but it hasn't been updated for Iceborne yet. That is the only method I was aware of.Marcus101RR wrote: ↑Sat Jan 18, 2020 8:01 pmHas anyone figured out exactly how to activate say "Kulve Taroth" when its not an event available?
any updates on this? my last backup is ages oldKwharr wrote: ↑Fri Jan 17, 2020 11:28 pmAfter some testing I do believe it's just the Botanists Harvest Box having things in it that it's not supposed to.pox911 wrote: ↑Fri Jan 17, 2020 5:38 pm
without fully understanding what this section of memory that i bled into does, there might not be an easy way. I do apologize for the inconvenience i have caused.
edit: maybe comparing it to two different newly created characters, some stuff could be copy and pasted if the game was never shut down. Just a random thought.
This one should be a bit more stable. I reduced the pages from 23 to 10 so it doesnt come close to bleeding into the other memory areas. So far i have had no crashes in my testing with this version.
Code: Select all
<?xml version="1.0" encoding="utf-8"?> <CheatTable> <CheatEntries> <CheatEntry> <ID>19053</ID> <Description>"Fill Shop With Many Items"</Description> <Options moHideChildren="1"/> <LastState/> <VariableType>Auto Assembler Script</VariableType> <AssemblerScript>[ENABLE] aobscanmodule(ShopOverrideAOB,MonsterHunterWorld.exe,41 8B 96 48 31 00 00) // should be unique alloc(newmem,$1000,"MonsterHunterWorld.exe"+1F8A9674) label(code) label(return) label(ShopData) registersymbol(ShopData) newmem: push rax push rbx push rcx mov edx,[ShopData] imul edx,6E xor rax,rax mov rcx,6E lea rbx,[r14+2948] _Loop: mov [rbx+rax*8],edx mov [rbx+rax*8+4],edx inc [rbx+rax*8] inc rax inc edx cmp rax,rcx jl _Loop code: mov edx,rcx pop rcx pop rbx pop rax jmp return ShopData: ShopOverrideAOB: jmp newmem nop nop return: registersymbol(ShopOverrideAOB) [DISABLE] ShopOverrideAOB: db 41 8B 96 48 31 00 00 unregistersymbol(ShopOverrideAOB) unregistersymbol(ShopData) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: "MonsterHunterWorld.exe"+1F8A9674 "MonsterHunterWorld.exe"+1F8A9652: 48 8D 14 C1 - lea rdx,[rcx+rax*8] "MonsterHunterWorld.exe"+1F8A9656: 48 85 C0 - test rax,rax "MonsterHunterWorld.exe"+1F8A9659: 75 03 - jne MonsterHunterWorld.exe+1F8A965E "MonsterHunterWorld.exe"+1F8A965B: 4C 89 EA - mov rdx,r13 "MonsterHunterWorld.exe"+1F8A965E: 49 0F 44 CD - cmove rcx,r13 "MonsterHunterWorld.exe"+1F8A9662: 49 89 D0 - mov r8,rdx "MonsterHunterWorld.exe"+1F8A9665: 49 29 C8 - sub r8,rcx "MonsterHunterWorld.exe"+1F8A9668: 4D 89 F1 - mov r9,r14 "MonsterHunterWorld.exe"+1F8A966B: 49 C1 F8 03 - sar r8,03 "MonsterHunterWorld.exe"+1F8A966F: E8 CC 17 3E E2 - call MonsterHunterWorld.exe+1C8AE40 // ---------- INJECTING HERE ---------- "MonsterHunterWorld.exe"+1F8A9674: 41 8B 96 48 31 00 00 - mov edx,[r14+00003148] // ---------- DONE INJECTING ---------- "MonsterHunterWorld.exe"+1F8A967B: 41 89 96 1C 29 00 00 - mov [r14+0000291C],edx "MonsterHunterWorld.exe"+1F8A9682: EB 06 - jmp MonsterHunterWorld.exe+1F8A968A "MonsterHunterWorld.exe"+1F8A9684: 8B 91 1C 29 00 00 - mov edx,[rcx+0000291C] "MonsterHunterWorld.exe"+1F8A968A: 49 8B 8E F8 28 00 00 - mov rcx,[r14+000028F8] "MonsterHunterWorld.exe"+1F8A9691: E8 7A 07 11 E1 - call MonsterHunterWorld.exe+9B9E10 "MonsterHunterWorld.exe"+1F8A9696: 41 8B 86 48 29 00 00 - mov eax,[r14+00002948] "MonsterHunterWorld.exe"+1F8A969D: 4C 8D 44 24 60 - lea r8,[rsp+60] "MonsterHunterWorld.exe"+1F8A96A2: 48 8B 0D 97 AE 63 E5 - mov rcx,[MonsterHunterWorld.exe+4EE4540] "MonsterHunterWorld.exe"+1F8A96A9: 48 8D 54 24 20 - lea rdx,[rsp+20] "MonsterHunterWorld.exe"+1F8A96AE: 45 31 C9 - xor r9d,r9d } </AssemblerScript> <CheatEntries> <CheatEntry> <ID>19055</ID> <Description>"Chunk Index"</Description> <VariableType>4 Bytes</VariableType> <Address>ShopData</Address> </CheatEntry> </CheatEntries> </CheatEntry> </CheatEntries> </CheatTable>
And the reason it's crashing after quest completion specifically has to do with how the game handles time passing based on quest completion.
Because you can kill Monsters on an expedition & return with no issue even though that rewards screen operates the same way.
But no "time" passes from an expedition, in regards to things like refreshing quests or the Harvest box.
Is there any way you could whip something up to wipe that box clean?
I think it would solve the issue for those of us without super recent backups.
I really doubt anyone is getting a solution for this.yewth wrote: ↑Sat Jan 18, 2020 10:55 pmany updates on this? my last backup is ages oldKwharr wrote: ↑Fri Jan 17, 2020 11:28 pmAfter some testing I do believe it's just the Botanists Harvest Box having things in it that it's not supposed to.pox911 wrote: ↑Fri Jan 17, 2020 5:38 pm
without fully understanding what this section of memory that i bled into does, there might not be an easy way. I do apologize for the inconvenience i have caused.
edit: maybe comparing it to two different newly created characters, some stuff could be copy and pasted if the game was never shut down. Just a random thought.
This one should be a bit more stable. I reduced the pages from 23 to 10 so it doesnt come close to bleeding into the other memory areas. So far i have had no crashes in my testing with this version.
Code: Select all
<?xml version="1.0" encoding="utf-8"?> <CheatTable> <CheatEntries> <CheatEntry> <ID>19053</ID> <Description>"Fill Shop With Many Items"</Description> <Options moHideChildren="1"/> <LastState/> <VariableType>Auto Assembler Script</VariableType> <AssemblerScript>[ENABLE] aobscanmodule(ShopOverrideAOB,MonsterHunterWorld.exe,41 8B 96 48 31 00 00) // should be unique alloc(newmem,$1000,"MonsterHunterWorld.exe"+1F8A9674) label(code) label(return) label(ShopData) registersymbol(ShopData) newmem: push rax push rbx push rcx mov edx,[ShopData] imul edx,6E xor rax,rax mov rcx,6E lea rbx,[r14+2948] _Loop: mov [rbx+rax*8],edx mov [rbx+rax*8+4],edx inc [rbx+rax*8] inc rax inc edx cmp rax,rcx jl _Loop code: mov edx,rcx pop rcx pop rbx pop rax jmp return ShopData: ShopOverrideAOB: jmp newmem nop nop return: registersymbol(ShopOverrideAOB) [DISABLE] ShopOverrideAOB: db 41 8B 96 48 31 00 00 unregistersymbol(ShopOverrideAOB) unregistersymbol(ShopData) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: "MonsterHunterWorld.exe"+1F8A9674 "MonsterHunterWorld.exe"+1F8A9652: 48 8D 14 C1 - lea rdx,[rcx+rax*8] "MonsterHunterWorld.exe"+1F8A9656: 48 85 C0 - test rax,rax "MonsterHunterWorld.exe"+1F8A9659: 75 03 - jne MonsterHunterWorld.exe+1F8A965E "MonsterHunterWorld.exe"+1F8A965B: 4C 89 EA - mov rdx,r13 "MonsterHunterWorld.exe"+1F8A965E: 49 0F 44 CD - cmove rcx,r13 "MonsterHunterWorld.exe"+1F8A9662: 49 89 D0 - mov r8,rdx "MonsterHunterWorld.exe"+1F8A9665: 49 29 C8 - sub r8,rcx "MonsterHunterWorld.exe"+1F8A9668: 4D 89 F1 - mov r9,r14 "MonsterHunterWorld.exe"+1F8A966B: 49 C1 F8 03 - sar r8,03 "MonsterHunterWorld.exe"+1F8A966F: E8 CC 17 3E E2 - call MonsterHunterWorld.exe+1C8AE40 // ---------- INJECTING HERE ---------- "MonsterHunterWorld.exe"+1F8A9674: 41 8B 96 48 31 00 00 - mov edx,[r14+00003148] // ---------- DONE INJECTING ---------- "MonsterHunterWorld.exe"+1F8A967B: 41 89 96 1C 29 00 00 - mov [r14+0000291C],edx "MonsterHunterWorld.exe"+1F8A9682: EB 06 - jmp MonsterHunterWorld.exe+1F8A968A "MonsterHunterWorld.exe"+1F8A9684: 8B 91 1C 29 00 00 - mov edx,[rcx+0000291C] "MonsterHunterWorld.exe"+1F8A968A: 49 8B 8E F8 28 00 00 - mov rcx,[r14+000028F8] "MonsterHunterWorld.exe"+1F8A9691: E8 7A 07 11 E1 - call MonsterHunterWorld.exe+9B9E10 "MonsterHunterWorld.exe"+1F8A9696: 41 8B 86 48 29 00 00 - mov eax,[r14+00002948] "MonsterHunterWorld.exe"+1F8A969D: 4C 8D 44 24 60 - lea r8,[rsp+60] "MonsterHunterWorld.exe"+1F8A96A2: 48 8B 0D 97 AE 63 E5 - mov rcx,[MonsterHunterWorld.exe+4EE4540] "MonsterHunterWorld.exe"+1F8A96A9: 48 8D 54 24 20 - lea rdx,[rsp+20] "MonsterHunterWorld.exe"+1F8A96AE: 45 31 C9 - xor r9d,r9d } </AssemblerScript> <CheatEntries> <CheatEntry> <ID>19055</ID> <Description>"Chunk Index"</Description> <VariableType>4 Bytes</VariableType> <Address>ShopData</Address> </CheatEntry> </CheatEntries> </CheatEntry> </CheatEntries> </CheatTable>
And the reason it's crashing after quest completion specifically has to do with how the game handles time passing based on quest completion.
Because you can kill Monsters on an expedition & return with no issue even though that rewards screen operates the same way.
But no "time" passes from an expedition, in regards to things like refreshing quests or the Harvest box.
Is there any way you could whip something up to wipe that box clean?
I think it would solve the issue for those of us without super recent backups.
Just wait for a newer release of the Mhw save editor. With that you can probably edit it all outBianco wrote: ↑Sat Jan 18, 2020 11:36 pmSo you are saying that all people have found us to annoy only because we trust that what they provided us with is well and now that our main character's account has been broken we have to annoy and now? It seems very unfair to me that before entering iceborne I did not use the Cheat Engine before and I only used it because I did not get 2 items specifically and only for those 2 items I lose my account of 1200 hours played ...
I don't think it's unfair, everyone here knows the risks & everyone should have a super recent backup.Bianco wrote: ↑Sat Jan 18, 2020 11:36 pmSo you are saying that all people have found us to annoy only because we trust that what they provided us with is well and now that our main character's account has been broken we have to annoy and now? It seems very unfair to me that before entering iceborne I did not use the Cheat Engine before and I only used it because I did not get 2 items specifically and only for those 2 items I lose my account of 1200 hours played ...
I don't recall that the editor had anything to alter the Harvest Box.Gallardo wrote: ↑Sat Jan 18, 2020 11:51 pmJust wait for a newer release of the Mhw save editor. With that you can probably edit it all outBianco wrote: ↑Sat Jan 18, 2020 11:36 pmSo you are saying that all people have found us to annoy only because we trust that what they provided us with is well and now that our main character's account has been broken we have to annoy and now? It seems very unfair to me that before entering iceborne I did not use the Cheat Engine before and I only used it because I did not get 2 items specifically and only for those 2 items I lose my account of 1200 hours played ...
s873206 wrote: ↑Sun Jan 19, 2020 4:34 amhow to fix it? download viewtopic.php?f=4&t=9923 this?Marcus101RR wrote: ↑Sun Jan 19, 2020 4:14 amFor those of you messing around with the god damn Shop script, it modified the botanist's Effect/duration buffs, you can fix this by downloading my table and undoing the fuck up. I already helped someone unbrick their save, its not rocket science.
whitelordth wrote: ↑Sat Jan 18, 2020 11:56 pmI'm pretty sure Dante's layered need "Teostra's ticket" and Gala suit need "Appreciation Ticket". You sure you added right item?chriszz25 wrote: ↑Sat Jan 18, 2020 7:04 pmcan you explain this more clearly? I don't get it 'cause English isn't my native language. I want to get the Gala Layered Armor as well.whitelordth wrote: ↑Sat Jan 18, 2020 5:26 pmAnyway to trigger equipments after materials has been added to item box? I added Gala Suit tickets in, but nothing appear in crafting menu.
EDIT: Found a way. I hope this method will work to everyone.
1. Go on an expedition.
2. Add any unlocked required items to your ITEM POUCH (something that will appear once you process to a certain point of the game, event materials such as tickets) Materials should be add to material slots in ITEM POUCH although I never tried add materials on normal slot, but I suggest not to try.
3. Do anything that made you available to claim rewards, and claim it.
4. Check in the smithy and see if the thing you want are able to be crarfted.
EDIT: Tried doing Dante's materials requirement and it doesn't work, so does Gala's quest. I have tons of red orbs and appreciative fireworks etc., but it doesn't get triggered... does it really have to have the event going on so that I will be able to trigger the quest?
or if anyone knows how to get them can anyone share it?
btw, my CRC kind of stop working because it didn't improve FPS of my game anymore. anyone experience this?
I am quite new to CE so I don't know the exact cause, but I will list what I did with Kirin Ticket and Appreciation Ticket anyway.
Code: Select all
<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
<CheatEntries>
<CheatEntry>
<ID>19057</ID>
<Description>"Botanical Research Editor"</Description>
<Options moHideChildren="1"/>
<LastState/>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>[ENABLE]
aobscanmodule(CultiModAOB,MonsterHunterWorld.exe,8B 8F A0 00 00 00 89 C8 F7) // should be unique
alloc(newmem,$1000,"MonsterHunterWorld.exe"+1B70C6EE)
label(code)
label(return)
label(CultiData)
registersymbol(CultiData)
newmem:
mov [CultiData],rdi
add [CultiData],103030
code:
mov ecx,[rdi+000000A0]
jmp return
CultiData:
CultiModAOB:
jmp newmem
nop
return:
registersymbol(CultiModAOB)
[DISABLE]
CultiModAOB:
db 8B 8F A0 00 00 00
unregistersymbol(CultiModAOB)
unregistersymbol(CultiData)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "MonsterHunterWorld.exe"+1B70C6EE
"MonsterHunterWorld.exe"+1B70C6E2: 89 D6 - mov esi,edx
"MonsterHunterWorld.exe"+1B70C6E4: 48 83 C1 08 - add rcx,08
"MonsterHunterWorld.exe"+1B70C6E8: FF 15 52 DA 3F 08 - call qword ptr [MonsterHunterWorld.exe+23B0A140]
// ---------- INJECTING HERE ----------
"MonsterHunterWorld.exe"+1B70C6EE: 8B 8F A0 00 00 00 - mov ecx,[rdi+000000A0]
// ---------- DONE INJECTING ----------
"MonsterHunterWorld.exe"+1B70C6F4: 89 C8 - mov eax,ecx
"MonsterHunterWorld.exe"+1B70C6F6: F7 D0 - not eax
"MonsterHunterWorld.exe"+1B70C6F8: 39 F0 - cmp eax,esi
}
</AssemblerScript>
<CheatEntries>
<CheatEntry>
<ID>19058</ID>
<Description>"Cultivate ID Slot 1"</Description>
<VariableType>4 Bytes</VariableType>
<Address>CultiData</Address>
<Offsets>
<Offset>0</Offset>
</Offsets>
</CheatEntry>
<CheatEntry>
<ID>19059</ID>
<Description>"Cultivate ID Slot 2"</Description>
<VariableType>4 Bytes</VariableType>
<Address>CultiData</Address>
<Offsets>
<Offset>10</Offset>
</Offsets>
</CheatEntry>
<CheatEntry>
<ID>19060</ID>
<Description>"Cultivate ID Slot 3"</Description>
<VariableType>4 Bytes</VariableType>
<Address>CultiData</Address>
<Offsets>
<Offset>20</Offset>
</Offsets>
</CheatEntry>
<CheatEntry>
<ID>19064</ID>
<Description>"Harvest Slots"</Description>
<VariableType>4 Bytes</VariableType>
<Address>CultiData</Address>
<Offsets>
<Offset>90</Offset>
</Offsets>
<CheatEntries>
<CheatEntry>
<ID>19067</ID>
<Description>"Slot 1 ID"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+0</Address>
</CheatEntry>
<CheatEntry>
<ID>19068</ID>
<Description>"Slot 1 Quantity"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+4</Address>
</CheatEntry>
<CheatEntry>
<ID>19069</ID>
<Description>"Slot 2 ID"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+10</Address>
</CheatEntry>
<CheatEntry>
<ID>19070</ID>
<Description>"Slot 2 Quantity"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+14</Address>
</CheatEntry>
<CheatEntry>
<ID>19071</ID>
<Description>"Slot 3 ID"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+20</Address>
</CheatEntry>
<CheatEntry>
<ID>19072</ID>
<Description>"Slot 3 Quantity"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+24</Address>
</CheatEntry>
<CheatEntry>
<ID>19073</ID>
<Description>"Slot 4 ID"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+30</Address>
</CheatEntry>
<CheatEntry>
<ID>19074</ID>
<Description>"Slot 4 Quantity"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+34</Address>
</CheatEntry>
<CheatEntry>
<ID>19075</ID>
<Description>"Slot 5 ID"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+40</Address>
</CheatEntry>
<CheatEntry>
<ID>19076</ID>
<Description>"Slot 5 Quantity"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+44</Address>
</CheatEntry>
<CheatEntry>
<ID>19077</ID>
<Description>"Slot 6 ID"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+50</Address>
</CheatEntry>
<CheatEntry>
<ID>19078</ID>
<Description>"Slot 6 Quantity"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+54</Address>
</CheatEntry>
<CheatEntry>
<ID>19079</ID>
<Description>"Slot 7 ID"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+60</Address>
</CheatEntry>
<CheatEntry>
<ID>19080</ID>
<Description>"Slot 7 Quantity"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+64</Address>
</CheatEntry>
<CheatEntry>
<ID>19081</ID>
<Description>"Slot 8 ID"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+70</Address>
</CheatEntry>
<CheatEntry>
<ID>19082</ID>
<Description>"Slot 8 Quantity"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+74</Address>
</CheatEntry>
<CheatEntry>
<ID>19083</ID>
<Description>"Slot 9 ID"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+80</Address>
</CheatEntry>
<CheatEntry>
<ID>19084</ID>
<Description>"Slot 9 Quantity"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+84</Address>
</CheatEntry>
<CheatEntry>
<ID>19085</ID>
<Description>"Slot 10 ID"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+90</Address>
</CheatEntry>
<CheatEntry>
<ID>19086</ID>
<Description>"Slot 10 Quantity"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+94</Address>
</CheatEntry>
<CheatEntry>
<ID>19087</ID>
<Description>"Slot 11 ID"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+a0</Address>
</CheatEntry>
<CheatEntry>
<ID>19088</ID>
<Description>"Slot 11 Quantity"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+a4</Address>
</CheatEntry>
<CheatEntry>
<ID>19089</ID>
<Description>"Slot 12 ID"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+b0</Address>
</CheatEntry>
<CheatEntry>
<ID>19090</ID>
<Description>"Slot 12 Quantity"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+b4</Address>
</CheatEntry>
<CheatEntry>
<ID>19091</ID>
<Description>"Slot 13 ID"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+c0</Address>
</CheatEntry>
<CheatEntry>
<ID>19092</ID>
<Description>"Slot 13 Quantity"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+c4</Address>
</CheatEntry>
<CheatEntry>
<ID>19093</ID>
<Description>"Slot 14 ID"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+d0</Address>
</CheatEntry>
<CheatEntry>
<ID>19094</ID>
<Description>"Slot 14 Quantity"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+d4</Address>
</CheatEntry>
<CheatEntry>
<ID>19095</ID>
<Description>"Slot 15 ID"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+e0</Address>
</CheatEntry>
<CheatEntry>
<ID>19096</ID>
<Description>"Slot 15 Quantity"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+e4</Address>
</CheatEntry>
<CheatEntry>
<ID>19097</ID>
<Description>"Slot 16 ID"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+f0</Address>
</CheatEntry>
<CheatEntry>
<ID>19098</ID>
<Description>"Slot 16 Quantity"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+f4</Address>
</CheatEntry>
<CheatEntry>
<ID>19099</ID>
<Description>"Slot 17 ID"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+100</Address>
</CheatEntry>
<CheatEntry>
<ID>19100</ID>
<Description>"Slot 17 Quantity"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+104</Address>
</CheatEntry>
<CheatEntry>
<ID>19101</ID>
<Description>"Slot 18 ID"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+110</Address>
</CheatEntry>
<CheatEntry>
<ID>19102</ID>
<Description>"Slot 18 Quantity"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+114</Address>
</CheatEntry>
<CheatEntry>
<ID>19103</ID>
<Description>"Slot 19 ID"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+120</Address>
</CheatEntry>
<CheatEntry>
<ID>19104</ID>
<Description>"Slot 19 Quantity"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+124</Address>
</CheatEntry>
<CheatEntry>
<ID>19105</ID>
<Description>"Slot 20 ID"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+130</Address>
</CheatEntry>
<CheatEntry>
<ID>19106</ID>
<Description>"Slot 20 Quantity"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+134</Address>
</CheatEntry>
<CheatEntry>
<ID>19107</ID>
<Description>"Slot 21 ID"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+140</Address>
</CheatEntry>
<CheatEntry>
<ID>19108</ID>
<Description>"Slot 21 Quantity"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+144</Address>
</CheatEntry>
<CheatEntry>
<ID>19109</ID>
<Description>"Slot 22 ID"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+150</Address>
</CheatEntry>
<CheatEntry>
<ID>19110</ID>
<Description>"Slot 22 Quantity"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+154</Address>
</CheatEntry>
<CheatEntry>
<ID>19111</ID>
<Description>"Slot 23 ID"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+160</Address>
</CheatEntry>
<CheatEntry>
<ID>19112</ID>
<Description>"Slot 23 Quantity"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+164</Address>
</CheatEntry>
<CheatEntry>
<ID>19113</ID>
<Description>"Slot 24 ID"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+170</Address>
</CheatEntry>
<CheatEntry>
<ID>19114</ID>
<Description>"Slot 24 Quantity"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+174</Address>
</CheatEntry>
<CheatEntry>
<ID>19115</ID>
<Description>"Slot 25 ID"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+180</Address>
</CheatEntry>
<CheatEntry>
<ID>19116</ID>
<Description>"Slot 25 Quantity"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+184</Address>
</CheatEntry>
<CheatEntry>
<ID>19117</ID>
<Description>"Slot 26 ID"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+190</Address>
</CheatEntry>
<CheatEntry>
<ID>19118</ID>
<Description>"Slot 26 Quantity"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+194</Address>
</CheatEntry>
<CheatEntry>
<ID>19119</ID>
<Description>"Slot 27 ID"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+1a0</Address>
</CheatEntry>
<CheatEntry>
<ID>19120</ID>
<Description>"Slot 27 Quantity"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+1a4</Address>
</CheatEntry>
<CheatEntry>
<ID>19121</ID>
<Description>"Slot 28 ID"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+1b0</Address>
</CheatEntry>
<CheatEntry>
<ID>19122</ID>
<Description>"Slot 28 Quantity"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+1b4</Address>
</CheatEntry>
<CheatEntry>
<ID>19123</ID>
<Description>"Slot 29 ID"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+1c0</Address>
</CheatEntry>
<CheatEntry>
<ID>19124</ID>
<Description>"Slot 29 Quantity"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+1c4</Address>
</CheatEntry>
<CheatEntry>
<ID>19125</ID>
<Description>"Slot 30 ID"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+1d0</Address>
</CheatEntry>
<CheatEntry>
<ID>19126</ID>
<Description>"Slot 30 Quantity"</Description>
<VariableType>4 Bytes</VariableType>
<Address>+1d4</Address>
</CheatEntry>
</CheatEntries>
</CheatEntry>
</CheatEntries>
</CheatEntry>
</CheatEntries>
</CheatTable>
Code: Select all
<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
<CheatEntries>
<CheatEntry>
<ID>19053</ID>
<Description>"Fill Shop With Many Items"</Description>
<Options moHideChildren="1"/>
<LastState/>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>[ENABLE]
aobscanmodule(ShopOverrideAOB,MonsterHunterWorld.exe,41 8B 96 48 31 00 00) // should be unique
alloc(newmem,$1000,"MonsterHunterWorld.exe"+1F8A9674)
label(code)
label(return)
label(ShopData)
registersymbol(ShopData)
newmem:
push rax
push rbx
push rcx
mov edx,[ShopData]
imul edx,6E
xor rax,rax
mov rcx,6E
lea rbx,[r14+2948]
_Loop:
mov [rbx+rax*8],edx
mov [rbx+rax*8+4],rax
inc [rbx+rax*8]
inc rax
inc edx
cmp rax,rcx
jl _Loop
code:
mov edx,rcx
pop rcx
pop rbx
pop rax
jmp return
ShopData:
ShopOverrideAOB:
jmp newmem
nop
nop
return:
registersymbol(ShopOverrideAOB)
[DISABLE]
ShopOverrideAOB:
db 41 8B 96 48 31 00 00
unregistersymbol(ShopOverrideAOB)
unregistersymbol(ShopData)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "MonsterHunterWorld.exe"+1F8A9674
"MonsterHunterWorld.exe"+1F8A9652: 48 8D 14 C1 - lea rdx,[rcx+rax*8]
"MonsterHunterWorld.exe"+1F8A9656: 48 85 C0 - test rax,rax
"MonsterHunterWorld.exe"+1F8A9659: 75 03 - jne MonsterHunterWorld.exe+1F8A965E
"MonsterHunterWorld.exe"+1F8A965B: 4C 89 EA - mov rdx,r13
"MonsterHunterWorld.exe"+1F8A965E: 49 0F 44 CD - cmove rcx,r13
"MonsterHunterWorld.exe"+1F8A9662: 49 89 D0 - mov r8,rdx
"MonsterHunterWorld.exe"+1F8A9665: 49 29 C8 - sub r8,rcx
"MonsterHunterWorld.exe"+1F8A9668: 4D 89 F1 - mov r9,r14
"MonsterHunterWorld.exe"+1F8A966B: 49 C1 F8 03 - sar r8,03
"MonsterHunterWorld.exe"+1F8A966F: E8 CC 17 3E E2 - call MonsterHunterWorld.exe+1C8AE40
// ---------- INJECTING HERE ----------
"MonsterHunterWorld.exe"+1F8A9674: 41 8B 96 48 31 00 00 - mov edx,[r14+00003148]
// ---------- DONE INJECTING ----------
"MonsterHunterWorld.exe"+1F8A967B: 41 89 96 1C 29 00 00 - mov [r14+0000291C],edx
"MonsterHunterWorld.exe"+1F8A9682: EB 06 - jmp MonsterHunterWorld.exe+1F8A968A
"MonsterHunterWorld.exe"+1F8A9684: 8B 91 1C 29 00 00 - mov edx,[rcx+0000291C]
"MonsterHunterWorld.exe"+1F8A968A: 49 8B 8E F8 28 00 00 - mov rcx,[r14+000028F8]
"MonsterHunterWorld.exe"+1F8A9691: E8 7A 07 11 E1 - call MonsterHunterWorld.exe+9B9E10
"MonsterHunterWorld.exe"+1F8A9696: 41 8B 86 48 29 00 00 - mov eax,[r14+00002948]
"MonsterHunterWorld.exe"+1F8A969D: 4C 8D 44 24 60 - lea r8,[rsp+60]
"MonsterHunterWorld.exe"+1F8A96A2: 48 8B 0D 97 AE 63 E5 - mov rcx,[MonsterHunterWorld.exe+4EE4540]
"MonsterHunterWorld.exe"+1F8A96A9: 48 8D 54 24 20 - lea rdx,[rsp+20]
"MonsterHunterWorld.exe"+1F8A96AE: 45 31 C9 - xor r9d,r9d
}
</AssemblerScript>
<CheatEntries>
<CheatEntry>
<ID>19055</ID>
<Description>"Chunk Index"</Description>
<VariableType>4 Bytes</VariableType>
<Address>ShopData</Address>
</CheatEntry>
</CheatEntries>
</CheatEntry>
</CheatEntries>
</CheatTable>
Users browsing this forum: DotBot, Google Adsense [Bot], LilTurk, whodafreak