Assassin's Creed Odyssey v1.3.0/v1.5.1 +21 (table Update18.3)

[lordkain]

In any case the swap thing doesn't work, at least for me.... when i search the hex value it finds too many addresses, it is impossible to know which one is the correct

offline mode will help

Can't launch the game offline. Uplay won't run it. It says "Cannot activate the product at this moment".

How to use this cheat table?

1. Install Cheat Engine
2. Double-click the .CT file in order to open it.
3. Click the PC icon in Cheat Engine in order to select the game process.
4. Keep the list.
5. Activate the trainer options by checking boxes or setting values from 0 to 1

[Cielos]

@all

Update11.3
- updated enable. it works on game patch v1.06 now. specifically, rewrote the havePetFlagChkForPetHealthRegenAOB hook as the entity behaviour check is changed from dword check to byte check, the reserved reg is change from rbp to rdi, and the logical jmp in the end is changed to a short jmp.
- updated one-hit-kill mod key. removed the player check for the bow-aiming visual check as it's for player only already. also, added the option to have the one-hit-kill without pressing the mod key. read the script description for details.

(EDIT: forgot to mention the new option added to the one-hit-kill mod key script...)
note that I just did some minimal testing. so, report if you believe some scripts are not working as promoted (in details!) and I'll have a look later.

////////////////////////////////
@Sun

[...]
Want to finish-up quests fast?

Code: Select all

ACOdyssey.exe+2AB5125 - 0F93 C0               - setae al
ACOdyssey.exe+2AB5128 - 88 83 99030000        - mov [rbx+00000399],al

to

ACOdyssey.exe+2AB5125 - B0 01                 - mov al,01 { 1 }
ACOdyssey.exe+2AB5127 - 90                    - nop 
ACOdyssey.exe+2AB5128 - 88 83 99030000        - mov [rbx+00000399],al

BR,
Sun

I've been having fun with it, the flag doesn't cover all requirements though..
e.g., one of the current weekly quest requirements is about destroying purple crates, and the this flag doesn't cover it.

///////////////////////////
ah, it seems the pet now survived the ship ride and will return when you dock. hope it would survive loading savegame as well...

[SunBeam]

It covers only "Kill X/Y" type of quests.

[acecel]

Thank you again @Cielos for the update.

[mc2011]

Hello, I don't know if anyone has ask this before, but is there a way to make your bounty always at max?
I like it when the merc went and hunt you down...

[simon93]

Hello, I don't know if anyone has ask this before, but is there a way to make your bounty always at max?
I like it when the merc went and hunt you down...

The current merc system is already broken, (playing around with it probably wouldn't help with its functionality and stability. (see: [Link])
That being said, I certainly do like that idea as I also enjoy getting hunted by 5 mercs at the same time, It's really the only way to feel a bit of challenge at this point.

[Bowzerpapa]

Can you update Assassin’s Creed® Odyssey - InventoryEditor ? Cause v1.0.5.1.CT seems not working any more

[PekenoSalta]

Can you update Assassin’s Creed® Odyssey - InventoryEditor ? Cause v1.0.5.1.CT seems not working any more

+1

[budabum]

Dear friends. The editor is updated to support the latest patch. No other major updates yet. Ship Editor is WIP, perhaps i'll share more updates over weekend.
viewtopic.php?p=65773#p65773

[Sakurarozu]

can someone help me please. everytime i try to swap out got the greek hello 000001853A37A1D8 my game crashes.

any help?

[ColdWater]

Dear friends. The editor is updated to support the latest patch. No other major updates yet. Ship Editor is WIP, perhaps i'll share more updates over weekend.
viewtopic.php?p=65773#p65773

I want to reprint your work and hope to get your permission.My English is not very good. I hope you can understand it

[SunBeam]

Alright, after some debugging and tracing, I figured out the relationship between the damage you see in character inventory and the real one actually transformed/calculated when performing an Attack or WeaponTypeAttack. Here goes, big post.. elevated language.. for semi-connoisseurs

Continued from the previous post, where I said that I started debugging the ACEFightSettings structure to see what accesses its memory when a) doing nothing; b) hovering the mouse over an enemy to display the stealth-type attack options; c) actually performing the attack. Updated view below for 1.0.6:



I am basically doing this now:



Then hitting F to start the attack (while debugging the ACEFightSettings structure's memory with an exception breakpoint - - change that in CE Settings > Debugger Options - - ranging from 0x0 till 0x690 offset or so):



ACEFightSettings can be acquired from here:



In my case, as you can see from the second picture above, it's 0x7AF24890. Cleaning up the code, this would be the logic:

Code: Select all

mov rax,[ACOdyssey.exe+5829710]
mov r10,[rax+F38]
mov rax,[r10+8]
shl rax,20
sar rax,3F
and rax,[r10]

rax == read ptr

mov r10,[rax+28]
mov rcx,[r10+8]
shl rcx,20
sar rcx,3F
and rcx,[r10]

rcx == read ptr

What I noticed in Anvil (or maybe I've not studied x64 that much) is that Ubi uses this ASM-format a lot:

Code: Select all

mov rax,[ACOdyssey.exe+5829710]
mov r10,[rax+F38]
mov rax,[r10+8]
shl rax,20
sar rax,3F
and rax,[r10]

Which would be the equivalent of:

Code: Select all

mov rax,[ACOdyssey.exe+5829710]
mov r10,[rax+F38]
mov rax,[r10]

Anyway, back to our analysis. I started tracing that exact location:

Code: Select all

ACOdyssey.exe+21B26F4 - 48 8B 05 15706703     - mov rax,[ACOdyssey.exe+5829710] { [15542C9A0] }

Set break and stop at:

Code: Select all

ACOdyssey.exe+21B2741 - FF 90 00010000        - call qword ptr [rax+00000100]

Check FPU window to see the values of the MMX registers:



Then F8 over the call and check again:



Continue tracing till here:

Code: Select all

ACOdyssey.exe+21B2762 - F3 0F59 FE            - mulss xmm7,xmm6

Check FPU window again:



As you can see, the next instruction to be executed is xmm7 * xmm6 (69743.00 * 1.00), which gives exactly 69743.00. But what is this value? Well..



Touché, pussycat!

So, sometime before the location we stopped at, there's some reading done which returns that damage amount of ours. Could it be in that CALL above?

Code: Select all

ACOdyssey.exe+21B274E - 0F28 F0               - movaps xmm6,xmm0
ACOdyssey.exe+21B2751 - E8 FAEDC900           - call ACOdyssey.exe+2E51550 <-- here
ACOdyssey.exe+21B2756 - 8B C0                 - mov eax,eax
ACOdyssey.exe+21B2758 - 0F57 FF               - xorps xmm7,xmm7
ACOdyssey.exe+21B275B - 8B CB                 - mov ecx,ebx
ACOdyssey.exe+21B275D - F3 48 0F2A F8         - cvtsi2ss xmm7,rax
ACOdyssey.exe+21B2762 - F3 0F59 FE            - mulss xmm7,xmm6

But of course. Let's see what happens inside:

Code: Select all

ACOdyssey.exe+2E51550 - 8B 81 8C010000        - mov eax,[rcx+0000018C]
ACOdyssey.exe+2E51556 - C3                    - ret 

Well.. that was fast. And who is RCX, might I ask?

Code: Select all

IStruct:  0x167302290
IName:    0x1450BBDD0
ObjStr:   PlayerProgressionManager
ObjHash:  0x9713A15F

So.. PlayerProgressionManager + 0x18C == Assassin Damage Neat. This would be the address I heard of in some posts around pages 16-20. Someone found the assassin damage value by swapping items and scanning for the on-screen values. Think I saw this table containing some of these offsets.

You can get PlayerProgressionManager from the MOV above the CALL:

Code: Select all

ACOdyssey.exe+21B2747 - 48 8B 0D 1ABC6703     - mov rcx,[ACOdyssey.exe+582E368] // PlayerProgressionManager
ACOdyssey.exe+21B274E - 0F28 F0               - movaps xmm6,xmm0
ACOdyssey.exe+21B2751 - E8 FAEDC900           - call ACOdyssey.exe+2E51550

Add this to your list as such:



If you now swap weapons, you'll see the value changes.

This value is read in real time in damage calculations; so let's do some testing:

a) as it is, I see this while hovering over an enemy:



b) changing value to 10000 from 69473 shows this:



So the white/red bar changes display as I change the value Well, that's the calculated damage you'll do. Of course that if you set it to > 69743 you'll instantly kill the guard. Question would be: you want to change the Assassin Damage value.. or fiddle with the multiplier past the CALL? I think the multiplier is a better choice, as you can always change weapons.. which would affect the value in the PlayerProgressionManager. But yeah, that can be hooked as well to return the amount you want. Choices, choices..

Let's take a look at PlayerProgressionManager structure and find Health, Hunter Damage, Warrior Damage and Armor. Simply swapping an item will reveal its offset:



So there you have it

+0x148 = Health
+0x150 = Armor
+0x180 = Second Slot damage
+0x184 = First Slot damage
+0x188 = Hunter Damage
+0x18C = Assassin Damage

BR,
Sun

[Bowzerpapa]

Well let me ask correctlly my NOOBISH but still question

In your instructions you wrote:

example of dirty way for item replacement, i intentionally do not post this as part of the table:
- equip any owned item you have, e.g. "Timeless Greaves" / hash 00000181F8611C39 (Inventory->Store(T)->Owned)
- search 8 bytes hex value 000001844B09F571 ("Warrior's Restraints Arms Legendary")
- you'll find single (i hope) address. pick that address and substruct it by 10h. e.g. you found 155A6D990, then you need 155A6D980
- paste your calculated value into pItem->Value column
- save game
- load game

Well it's easy when you search and get adress you have to minus 10 it.

Well iit's OK when you got (177543210) but what to do if I got (1775432B8) ?

[SunBeam]

And here's the updated script that now includes Assassin Damage multiplier as well:

Code: Select all

[ENABLE]

{$lua}

if not syntaxcheck then
  unregisterSymbol( "Hook_AOB" )
  autoAssemble([[
    aobscanmodule( Hook_AOB, ACOdyssey.exe, 636F6D7061746962696C6974793E3C2F617373656D626C793E )
    registersymbol( Hook_AOB )
  ]])

  local t = getAddress( "Hook_AOB" ) + 0x70
  unregisterSymbol( "Hook_AOB" )
  unregisterSymbol( "DamageMultiplierHook" )
  registerSymbol( "DamageMultiplierHook", t, true )

  unregisterSymbol( "WarriorHunterDamageMultiplier" )
  unregisterSymbol( "AssassinDamageMultiplier" )

  autoAssemble([[
    aobscanmodule( WarriorHunterDamageMultiplier, ACOdyssey.exe, F30F1085????????F30F108D????????894D??8B4C24??F30F1145??F3 )
    registersymbol( WarriorHunterDamageMultiplier )
    aobscanmodule( AssassinDamageMultiplier, ACOdyssey.exe, F3480F2AF8F30F59FEE8????????B201F30F )
    registersymbol( AssassinDamageMultiplier )
  ]])

  --[[unregisterSymbol( "ChangePageProtect" )
  t = allocateMemory( 100 )
  --print( string.format( "0x%X", t ) )
  registerSymbol( "ChangePageProtect", t, true )

  autoAssemble([[
    ChangePageProtect:
    sub rsp,28
    lea r9,[ChangePageProtect+50]
    mov r8d,40
    mov rdx,30
    mov rcx,DamageMultiplierHook
    call VirtualProtect
    add rsp,28
    ret
  ]]--)

  --[[
  executeCode( getAddress( "ChangePageProtect" ) )
  deAlloc( "ChangePageProtect" )
  unregisterSymbol( "ChangePageProtect" )
  --]]

  fullAccess( t, 100 )

  autoAssemble([[
    label( WarriorHunterDamageMultiplier_o )
    registersymbol( WarriorHunterDamageMultiplier_o )
    label( AssassinDamageMultiplier_o )
    registersymbol( AssassinDamageMultiplier_o )
    label( dmg_mult )
    registersymbol( dmg_mult )

    label( back_A )
    label( back_B )

    DamageMultiplierHook:

    WarriorHunterDamageMultiplierHook:

    WarriorHunterDamageMultiplier_o:
    readmem( WarriorHunterDamageMultiplier, 8 )
    movss xmm6,[dmg_mult]
    jmp back_A

    db CC CC CC CC

    AssassinDamageMultiplierHook:

    AssassinDamageMultiplier_o:
    readmem( AssassinDamageMultiplier, 5 )
    movss xmm6,[dmg_mult]
    jmp back_B

    dmg_mult:
    dd (float)10.0

    WarriorHunterDamageMultiplier:
    jmp WarriorHunterDamageMultiplierHook
    db 90 90 90
    back_A:

    AssassinDamageMultiplier:
    jmp AssassinDamageMultiplierHook
    back_B:
  ]])
end

[DISABLE]

{$lua}

if not syntaxcheck then
  autoAssemble([[
    WarriorHunterDamageMultiplier:
    readmem( WarriorHunterDamageMultiplier_o, 8 )
    AssassinDamageMultiplier:
    readmem( AssassinDamageMultiplier_o, 5 )
  ]])

  for i=0,100-1,1 do
    writeBytes( getAddress( "DamageMultiplierHook" ) + i, 0 )
  end

  autoAssemble([[
    unregistersymbol( dmg_mult )
    unregistersymbol( AssassinDamageMultiplier_o )
    unregistersymbol( WarriorHunterDamageMultiplier_o )
    unregistersymbol( AssassinDamageMultiplier )
    unregistersymbol( WarriorHunterDamageMultiplier )
    unregistersymbol( DamageMultiplierHook )
  ]])
end

If you want to use separate multipliers just edit it on your own. At the moment all 3 damages use the same multiplier.

Enjoy

[SunBeam]

Some more info:

ACEFightSettings + 0x647 == 0/1 -- this bool controls the display of F Stealth Attack; set it to 1 and it won't show it in the context list.

(might add here some more)

Hello, I don't know if anyone has ask this before, but is there a way to make your bounty always at max?
I like it when the merc went and hunt you down...

The engine will stop spawning Mercs once you defeat all that were supposed to spawn at Max level. Same shit happened in Black Flag when all those ships were hunting you. Useless request.