RESIDENT EVIL 2 +19 +1 (table Update15) (2020.7.21)

[kennean]

Spoiler

anybody outhere using the updated codex version with the ghost survivors dlc no table in this website works on the executable they made this time, do we have to make a different table for this version or what? literally all kinds of mods have stopped working after the weird patch they made, fluffymanager trainer is not hooking anymore, the main table outhere won't enable and the re2 framework is not working anymore rip fps mode...

Exeter is partially right... I've been updating the table for those that have another "version" of the game... If you're using the denuvo free .exe, which I suppose you are, then you can use this attached table... The opcodes are updated so they work specifically for this version.

item pouch still not functioning

I've just booted the game, and loaded a save with almost no pouch spaces and tested the script... It worked like a charm, 20 spaces on the go... Don't know why it's not working on your end... Try this new table and tell me the results.

Spoiler

Hello, would it be possible to just get the voice script working separately until character script gets fixed? I hope this isn't too much to ask, I thought maybe the voice script might not be as tricky.

If I knew which codes affect the voices I would do, but on the descriptions of the AOB scans there isn't one just for the voices... Perhaps Cielos could help you with this...

Changelog: This table includes the last Unlock Everything by gir489 (all credits to him), and the hud mod is now fully functional (at least on my end, and I've tried all options to be sure).
Still no luck on the character model.

This table is only for those who have the denuvo free .exe!!!

thank you very much! I didn't notice there was a denovo free version, this instantly solves a lot of issues, although I don't think there is a denovo free script for the re 2 mod framework is there?

If by mod framework, you mean the First-person Camera, you'll have to contact the author, as I have absolutely no idea how it works (only that it needs a .dll). I've never used this mod so I can't help you with it...
About FluffyQuack's Mod Manager, then I remember reading some time ago that it's still works (I'm using it right now, but I've used it on a freshly installed and updated version), but if you just changed the .exe with mods installed you need to these steps:
Open the Manager, then select Manage Mods;
Next, "Uninstall all mods";
Then Re-read Game Archives;
Finally, install all the mods you like.
Like I said, I read that some time ago, and I'm not sure if it'll work...

How to use this cheat table?

1. Install Cheat Engine
2. Double-click the .CT file in order to open it.
3. Click the PC icon in Cheat Engine in order to select the game process.
4. Keep the list.
5. Activate the trainer options by checking boxes or setting values from 0 to 1

[Mee]

If I knew which codes affect the voices I would do, but on the descriptions of the AOB scans there isn't one just for the voices... Perhaps Cielos could help you with this...

The voice script is named "voice (no aob)" that's why I thought it might be simpler to extract and update separately.

[kennean]

If I knew which codes affect the voices I would do, but on the descriptions of the AOB scans there isn't one just for the voices... Perhaps Cielos could help you with this...

The voice script is named "voice (no aob)" that's why I thought it might be simpler to extract and update separately.

Oh! Missed that one... I was looking only at the enable script of the character model, and not inside the options of the script...

I've snipped the part of the entire script that was responsible for it to not enable, so I've managed to get a "working" character model script, but with no custom loadout (the culprit!!!). Even so, it worked only with Claire (with Leon it CTD with whatever options I selected), and even updating the voice script it wouldn't work no matter what voices I've chosen (only silence and/or CTD loading a save)...

So, perhaps some AOB's that I've updated are still wrong and messing with some of the scripts, and I won't post something that it isn't working perfectly...

It's best to wait for help from those that made this script!

[Mee]

If I knew which codes affect the voices I would do, but on the descriptions of the AOB scans there isn't one just for the voices... Perhaps Cielos could help you with this...

The voice script is named "voice (no aob)" that's why I thought it might be simpler to extract and update separately.

Oh! Missed that one... I was looking only at the enable script of the character model, and not inside the options of the script...

I've snipped the part of the entire script that was responsible for it to not enable, so I've managed to get a "working" character model script, but with no custom loadout (the culprit!!!). Even so, it worked only with Claire (with Leon it CTD with whatever options I selected), and even updating the voice script it wouldn't work no matter what voices I've chosen (only silence and/or CTD loading a save)...

So, perhaps some AOB's that I've updated are still wrong and messing with some of the scripts, and I won't post something that it isn't working perfectly...

It's best to wait for help from those that made this script!

Thank you very much for giving it at a try, you're very helpful.

[cheataddict5150]

game player time mod
- when activated, game play time would stop at the time you specified.
- the display time in-game may appear within 4 seconds less then what you set via the script.
- by script default, time would stop at 1:58:43. i.e., when the game time reaches 1:58:43, the time would start cycle between 1:58:39 - 1:58:43.
- for easy time setting, remember you have to allow CE to run the LUA when you open the table.

How can i set a time? please tell me

[Cielos]

[...]

sorry again for another very very late reply..... it's been almost a month..

first off, about charIDReadForLoadoutOnLoadAOB.
although it may seems you have updated the aobs for the aobscan, as you can see from the script, I've used the lua script to locate the SECOND aobscan result. that means the aob I used isn't that accurate from the first place. you may need to double check if it's actually located the correct place for the injection.
1 way to check, is to first update the 2 caller aobscans related to it.
so, below are the opcodes around the 2 caller aobs...

notCharLoadoutCallerAOB:

Code: Select all

re2.exe+11FC3785 - 48 85 FF              - test rdi,rdi
re2.exe+11FC3788 - 75 3D                 - jne re2.exe+11FC37C7
re2.exe+11FC378A - 45 31 C0              - xor r8d,r8d
re2.exe+11FC378D - 8D 57 38              - lea edx,[rdi+38]
re2.exe+11FC3790 - 48 89 D9              - mov rcx,rbx
re2.exe+11FC3793 - E8 58C0E1EF           - call re2.exe+1DDF7F0
re2.exe+11FC3798 - 31 FF                 - xor edi,edi
re2.exe+11FC379A - 48 8B 43 50           - mov rax,[rbx+50]
re2.exe+11FC379E - 48 83 78 18 00        - cmp qword ptr [rax+18],00 { 0 }
re2.exe+11FC37A3 - 75 53                 - jne re2.exe+11FC37F8
re2.exe+11FC37A5 - 45 31 C0              - xor r8d,r8d
re2.exe+11FC37A8 - 48 89 FA              - mov rdx,rdi
re2.exe+11FC37AB - 48 89 D9              - mov rcx,rbx
re2.exe+11FC37AE - E8 8D473DEF           - call re2.exe+1397F40
re2.exe+11FC37B3 - 0FB6 D0               - movzx edx,al
re2.exe+11FC37B6 - 48 8B 43 50           - mov rax,[rbx+50]
re2.exe+11FC37BA - 48 8B 48 18           - mov rcx,[rax+18]
re2.exe+11FC37BE - 48 85 C9              - test rcx,rcx
re2.exe+11FC37C1 - 74 0A                 - je re2.exe+11FC37CD
re2.exe+11FC37C3 - 30 C0                 - xor al,al
re2.exe+11FC37C5 - EB 0B                 - jmp re2.exe+11FC37D2
re2.exe+11FC37C7 - 48 8B 7F 50           - mov rdi,[rdi+50]
re2.exe+11FC37CB - EB CD                 - jmp re2.exe+11FC379A
re2.exe+11FC37CD - 85 D2                 - test edx,edx
re2.exe+11FC37CF - 0F95 D0               - setne al
re2.exe+11FC37D2 - 48 85 C9              - test rcx,rcx
re2.exe+11FC37D5 - 75 21                 - jne re2.exe+11FC37F8
re2.exe+11FC37D7 - 84 C0                 - test al,al
re2.exe+11FC37D9 - 74 1D                 - je re2.exe+11FC37F8
re2.exe+11FC37DB - 48 89 D9              - mov rcx,rbx
re2.exe+11FC37DE - 48 85 FF              - test rdi,rdi
re2.exe+11FC37E1 - 75 0D                 - jne re2.exe+11FC37F0
re2.exe+11FC37E3 - 45 31 C0              - xor r8d,r8d
re2.exe+11FC37E6 - 8D 57 38              - lea edx,[rdi+38]
re2.exe+11FC37E9 - E8 02C0E1EF           - call re2.exe+1DDF7F0
notCharLoadoutCallerAOB- EB 08                 - jmp re2.exe+11FC37F8
re2.exe+11FC37F0 - 48 89 FA              - mov rdx,rdi
re2.exe+11FC37F3 - E8 88B349EE           - call re2.exe+45EB80        //caller
re2.exe+11FC37F8 - 48 8B 43 50           - mov rax,[rbx+50]           //ret check
re2.exe+11FC37FC - 48 8B 7C 24 30        - mov rdi,[rsp+30]
re2.exe+11FC3801 - 48 83 78 18 00        - cmp qword ptr [rax+18],00 { 0 }
re2.exe+11FC3806 - 0F85 48FFFFFF         - jne re2.exe+11FC3754
re2.exe+11FC380C - 48 89 D9              - mov rcx,rbx
re2.exe+11FC380F - 41 B8 2F000000        - mov r8d,0000002F { 47 }
re2.exe+11FC3815 - 48 89 F2              - mov rdx,rsi
re2.exe+11FC3818 - E8 D38AD8EF           - call re2.exe+1D4C2F0
re2.exe+11FC381D - 48 8B 4B 50           - mov rcx,[rbx+50]
re2.exe+11FC3821 - 0F57 C0               - xorps xmm0,xmm0
re2.exe+11FC3824 - 48 83 79 18 00        - cmp qword ptr [rcx+18],00 { 0 }
re2.exe+11FC3829 - 75 2A                 - jne re2.exe+11FC3855
re2.exe+11FC382B - 89 C0                 - mov eax,eax
re2.exe+11FC382D - F2 48 0F2A C0         - cvtsi2sd xmm0,rax
re2.exe+11FC3832 - 66 0F5A C8            - cvtpd2ps xmm1,xmm0
re2.exe+11FC3836 - 0F5A D1               - vcvtps2pd xmm2,xmm1
re2.exe+11FC3839 - F2 0F5E 15 D794E5F1   - divsd xmm2,[re2.exe+3E1CD18] { (0) }
re2.exe+11FC3841 - F2 0F59 15 7F94E5F1   - mulsd xmm2,[re2.exe+3E1CCC8] { (-1610612736) }
re2.exe+11FC3849 - F2 0F58 15 BF8DE5F1   - addsd xmm2,qword ptr [re2.exe+3E1C610] { (1.00) }
re2.exe+11FC3851 - 66 0F5A C2            - cvtpd2ps xmm0,xmm2
re2.exe+11FC3855 - 48 8B 5C 24 38        - mov rbx,[rsp+38]
re2.exe+11FC385A - 48 83 C4 20           - add rsp,20 { 32 }
re2.exe+11FC385E - 5E                    - pop rsi
re2.exe+11FC385F - C3                    - ret 
re2.exe+11FC3860 - CC                    - int 3 
re2.exe+11FC3861 - 48 8B 0C 24           - mov rcx,[rsp]
re2.exe+11FC3865 - 48 89 34 24           - mov [rsp],rsi
re2.exe+11FC3869 - D1 C8                 - ror eax,1
re2.exe+11FC386B - 48 8D 64 24 F8        - lea rsp,[rsp-08]
re2.exe+11FC3870 - 48 89 0C 24           - mov [rsp],rcx
re2.exe+11FC3874 - B9 E34E0B1D           - mov ecx,1D0B4EE3 { (0) }
re2.exe+11FC3879 - E9 890FEEF6           - jmp re2.exe+8EA4807
re2.exe+11FC387E - 4D 29 C0              - sub r8,r8
re2.exe+11FC3881 - 41 50                 - push r8
re2.exe+11FC3883 - 49 81 E0 E05D5FD3     - and r8,D35F5DE0 { (0) }
re2.exe+11FC388A - 48 81 0C 24  E05D5FD3 - or qword ptr [rsp],D35F5DE0 { (0) }
re2.exe+11FC3892 - 49 89 C2              - mov r10,rax

charIDChkForWorldObjectLoadoutCallerAOB:

Code: Select all

re2.exe+9F7E151 - 75 15                 - jne re2.exe+9F7E168
re2.exe+9F7E153 - 45 31 C0              - xor r8d,r8d
re2.exe+9F7E156 - 8D 50 38              - lea edx,[rax+38]
re2.exe+9F7E159 - 48 8B 5C 24 48        - mov rbx,[rsp+48]
re2.exe+9F7E15E - 48 83 C4 20           - add rsp,20 { 32 }
re2.exe+9F7E162 - 5F                    - pop rdi
re2.exe+9F7E163 - E9 8816E6F7           - jmp re2.exe+1DDF7F0
re2.exe+9F7E168 - 4C 89 74 24 40        - mov [rsp+40],r14
re2.exe+9F7E16D - 45 31 C0              - xor r8d,r8d
re2.exe+9F7E170 - 4C 8B 70 50           - mov r14,[rax+50]
re2.exe+9F7E174 - 4C 89 F2              - mov rdx,r14
re2.exe+9F7E177 - E8 C49D41F7           - call re2.exe+1397F40
re2.exe+9F7E17C - 0FB6 D0               - movzx edx,al
re2.exe+9F7E17F - 48 8B 43 50           - mov rax,[rbx+50]
re2.exe+9F7E183 - 48 8B 48 18           - mov rcx,[rax+18]
re2.exe+9F7E187 - 48 85 C9              - test rcx,rcx
re2.exe+9F7E18A - 74 04                 - je re2.exe+9F7E190
re2.exe+9F7E18C - 30 C0                 - xor al,al
re2.exe+9F7E18E - EB 05                 - jmp re2.exe+9F7E195
re2.exe+9F7E190 - 85 D2                 - test edx,edx
re2.exe+9F7E192 - 0F95 D0               - setne al
re2.exe+9F7E195 - 48 85 C9              - test rcx,rcx
re2.exe+9F7E198 - 0F85 1F010000         - jne re2.exe+9F7E2BD
re2.exe+9F7E19E - 48 89 6C 24 30        - mov [rsp+30],rbp
re2.exe+9F7E1A3 - 31 ED                 - xor ebp,ebp
re2.exe+9F7E1A5 - 48 89 74 24 38        - mov [rsp+38],rsi
re2.exe+9F7E1AA - 84 C0                 - test al,al
re2.exe+9F7E1AC - 0F84 8D000000         - je re2.exe+9F7E23F
re2.exe+9F7E1B2 - 89 EE                 - mov esi,ebp
re2.exe+9F7E1B4 - 48 89 D9              - mov rcx,rbx
re2.exe+9F7E1B7 - 4D 85 F6              - test r14,r14
re2.exe+9F7E1BA - 75 10                 - jne charIDChkForWorldObjectLoadoutCallerAOB
re2.exe+9F7E1BC - 45 31 C0              - xor r8d,r8d
re2.exe+9F7E1BF - 8D 55 38              - lea edx,[rbp+38]
re2.exe+9F7E1C2 - E8 2916E6F7           - call re2.exe+1DDF7F0
re2.exe+9F7E1C7 - E9 E7000000           - jmp re2.exe+9F7E2B3
charIDChkForWorldObjectLoadoutCallerAOB- 4C 89 F2              - mov rdx,r14
re2.exe+9F7E1CF - E8 AC094EF6           - call re2.exe+45EB80                //caller
re2.exe+9F7E1D4 - 48 8B 4B 50           - mov rcx,[rbx+50]                   //ret check
re2.exe+9F7E1D8 - 48 39 71 18           - cmp [rcx+18],rsi
re2.exe+9F7E1DC - 0F85 D1000000         - jne re2.exe+9F7E2B3
re2.exe+9F7E1E2 - 3D E8030000           - cmp eax,000003E8 { 1000 }
re2.exe+9F7E1E7 - 7E 20                 - jle re2.exe+9F7E209
re2.exe+9F7E1E9 - 3D D0070000           - cmp eax,000007D0 { 2000 }
re2.exe+9F7E1EE - 75 09                 - jne re2.exe+9F7E1F9
re2.exe+9F7E1F0 - 48 8B B7 20010000     - mov rsi,[rdi+00000120]
re2.exe+9F7E1F7 - EB 2B                 - jmp re2.exe+9F7E224
re2.exe+9F7E1F9 - 3D B80B0000           - cmp eax,00000BB8 { 3000 }
re2.exe+9F7E1FE - 75 24                 - jne re2.exe+9F7E224
re2.exe+9F7E200 - 48 8B B7 28010000     - mov rsi,[rdi+00000128]
re2.exe+9F7E207 - EB 1B                 - jmp re2.exe+9F7E224
re2.exe+9F7E209 - 85 C0                 - test eax,eax
re2.exe+9F7E20B - 75 09                 - jne re2.exe+9F7E216
re2.exe+9F7E20D - 48 8B B7 10010000     - mov rsi,[rdi+00000110]
re2.exe+9F7E214 - EB 0E                 - jmp re2.exe+9F7E224
re2.exe+9F7E216 - 3D E8030000           - cmp eax,000003E8 { 1000 }
re2.exe+9F7E21B - 75 07                 - jne re2.exe+9F7E224
re2.exe+9F7E21D - 48 8B B7 18010000     - mov rsi,[rdi+00000118]
re2.exe+9F7E224 - 49 89 F0              - mov r8,rsi
re2.exe+9F7E227 - 48 89 FA              - mov rdx,rdi
re2.exe+9F7E22A - 48 89 D9              - mov rcx,rbx
re2.exe+9F7E22D - E8 CE9946F6           - call re2.exe+3E7C00
re2.exe+9F7E232 - 48 8B 43 50           - mov rax,[rbx+50]
re2.exe+9F7E236 - 48 8B 48 18           - mov rcx,[rax+18]
re2.exe+9F7E23A - 48 85 C9              - test rcx,rcx
re2.exe+9F7E23D - 75 74                 - jne re2.exe+9F7E2B3
re2.exe+9F7E23F - 48 8B 05 4A3612FD     - mov rax,[re2.exe+70A1890] { (149D6E00) }
re2.exe+9F7E246 - 48 85 C9              - test rcx,rcx
re2.exe+9F7E249 - 75 68                 - jne re2.exe+9F7E2B3
re2.exe+9F7E24B - 48 85 C0              - test rax,rax
re2.exe+9F7E24E - 75 10                 - jne re2.exe+9F7E260
re2.exe+9F7E250 - 45 31 C0              - xor r8d,r8d
re2.exe+9F7E253 - 8D 50 38              - lea edx,[rax+38]

these 2 aobscans are for the caller checks in the code cave injected to "charIDReadForLoadoutOnLoadAOB+1f"

that means, once you updated these 2 aobscans, you should be able to trace from both notCharLoadoutCallerAOB and charIDChkForWorldObjectLoadoutCallerAOB to charIDReadForLoadoutOnLoadAOB very quickly, if not, one of the aobscans are wrong.

e.g., for notCharLoadoutCallerAOB:
"notCharLoadoutCallerAOB+5" ("re2.exe+11FC37F3"). is a call that would leads you to a jmp opcode

Code: Select all

re2.exe+45EB80 - E9 3B49BC08           - jmp re2.exe+90234C0

which would lead you to here "charIDReadForLoadoutOnLoadAOB-2", and this is the first line of the following opcodes.

Code: Select all

re2.exe+90234C0 - 40 57                 - push rdi
charIDReadForLoadoutOnLoadAOB- 48 83 EC 20           - sub rsp,20 { 32 }
re2.exe+90234C6 - 48 8B 41 50           - mov rax,[rcx+50]
re2.exe+90234CA - 48 89 CF              - mov rdi,rcx
re2.exe+90234CD - 48 83 78 18 00        - cmp qword ptr [rax+18],00 { 0 }
re2.exe+90234D2 - 74 08                 - je re2.exe+90234DC
re2.exe+90234D4 - 31 C0                 - xor eax,eax
re2.exe+90234D6 - 48 83 C4 20           - add rsp,20 { 32 }
re2.exe+90234DA - 5F                    - pop rdi
re2.exe+90234DB - C3                    - ret 
re2.exe+90234DC - 48 89 5C 24 38        - mov [rsp+38],rbx
inj point >>> re2.exe+90234E1 - 45 31 C0              - xor r8d,r8d
re2.exe+90234E4 - 8B 5A 54              - mov ebx,[rdx+54]
re2.exe+90234E7 - 48 8B 15 5A4602FE     - mov rdx,[re2.exe+7047B48] { (14514F568) }
re2.exe+90234EE - E8 8DA6DBF8           - call re2.exe+1DDDB80
re2.exe+90234F3 - 48 89 C2              - mov rdx,rax
re2.exe+90234F6 - 48 89 F9              - mov rcx,rdi
re2.exe+90234F9 - 89 58 10              - mov [rax+10],ebx
re2.exe+90234FC - E8 4F65DDF8           - call re2.exe+1DF9A50
re2.exe+9023501 - 48 8B 4F 50           - mov rcx,[rdi+50]
re2.exe+9023505 - 31 DB                 - xor ebx,ebx
re2.exe+9023507 - 48 8B 51 18           - mov rdx,[rcx+18]
re2.exe+902350B - 48 85 D2              - test rdx,rdx
re2.exe+902350E - 74 13                 - je re2.exe+9023523
re2.exe+9023510 - 89 D8                 - mov eax,ebx
re2.exe+9023512 - 48 85 D2              - test rdx,rdx
re2.exe+9023515 - 0F45 C3               - cmovne eax,ebx
re2.exe+9023518 - 48 8B 5C 24 38        - mov rbx,[rsp+38]
re2.exe+902351D - 48 83 C4 20           - add rsp,20 { 32 }
re2.exe+9023521 - 5F                    - pop rdi
re2.exe+9023522 - C3                    - ret 
re2.exe+9023523 - 4C 8D 44 24 30        - lea r8,[rsp+30]
re2.exe+9023528 - 48 89 C2              - mov rdx,rax
re2.exe+902352B - 48 89 F9              - mov rcx,rdi
re2.exe+902352E - E8 1DAEA2F8           - call re2.exe+1A4E350
re2.exe+9023533 - 0FB6 C8               - movzx ecx,al
re2.exe+9023536 - 48 8B 47 50           - mov rax,[rdi+50]
re2.exe+902353A - 48 8B 50 18           - mov rdx,[rax+18]
re2.exe+902353E - 48 85 D2              - test rdx,rdx
re2.exe+9023541 - 75 CD                 - jne re2.exe+9023510
re2.exe+9023543 - 8B 44 24 30           - mov eax,[rsp+30]
re2.exe+9023547 - 85 C9                 - test ecx,ecx
re2.exe+9023549 - 41 B8 FFFFFFFF        - mov r8d,FFFFFFFF { (0) }
re2.exe+902354F - 41 0F44 C0            - cmove eax,r8d
re2.exe+9023553 - 48 85 D2              - test rdx,rdx
re2.exe+9023556 - 0F45 C3               - cmovne eax,ebx
re2.exe+9023559 - 48 8B 5C 24 38        - mov rbx,[rsp+38]

that means you should be able to see charIDReadForLoadoutOnLoadAOB in SECONDS if you follow the call at "notCharLoadoutCallerAOB+5", or the call at "charIDChkForWorldObjectLoadoutCallerAOB+3", in which both call destination should be the same: call re2.exe+45EB80.

(EDIT: in case you're not familiar with the navigation of CE's Memory View ----- press SPACEBAR while highlighting a call xxxx or jmp xxxx would view the destination immediately.)

if you're still interested in updating the script for the denuvo free ver... hope this helps~

[kennean]

Spoiler

[...]

sorry again for another very very late reply..... it's been almost a month..

first off, about charIDReadForLoadoutOnLoadAOB.
although it may seems you have updated the aobs for the aobscan, as you can see from the script, I've used the lua script to locate the SECOND aobscan result. that means the aob I used isn't that accurate from the first place. you may need to double check if it's actually located the correct place for the injection.
1 way to check, is to first update the 2 caller aobscans related to it.
so, below are the opcodes around the 2 caller aobs...

notCharLoadoutCallerAOB:

Code: Select all

re2.exe+11FC3785 - 48 85 FF              - test rdi,rdi
re2.exe+11FC3788 - 75 3D                 - jne re2.exe+11FC37C7
re2.exe+11FC378A - 45 31 C0              - xor r8d,r8d
re2.exe+11FC378D - 8D 57 38              - lea edx,[rdi+38]
re2.exe+11FC3790 - 48 89 D9              - mov rcx,rbx
re2.exe+11FC3793 - E8 58C0E1EF           - call re2.exe+1DDF7F0
re2.exe+11FC3798 - 31 FF                 - xor edi,edi
re2.exe+11FC379A - 48 8B 43 50           - mov rax,[rbx+50]
re2.exe+11FC379E - 48 83 78 18 00        - cmp qword ptr [rax+18],00 { 0 }
re2.exe+11FC37A3 - 75 53                 - jne re2.exe+11FC37F8
re2.exe+11FC37A5 - 45 31 C0              - xor r8d,r8d
re2.exe+11FC37A8 - 48 89 FA              - mov rdx,rdi
re2.exe+11FC37AB - 48 89 D9              - mov rcx,rbx
re2.exe+11FC37AE - E8 8D473DEF           - call re2.exe+1397F40
re2.exe+11FC37B3 - 0FB6 D0               - movzx edx,al
re2.exe+11FC37B6 - 48 8B 43 50           - mov rax,[rbx+50]
re2.exe+11FC37BA - 48 8B 48 18           - mov rcx,[rax+18]
re2.exe+11FC37BE - 48 85 C9              - test rcx,rcx
re2.exe+11FC37C1 - 74 0A                 - je re2.exe+11FC37CD
re2.exe+11FC37C3 - 30 C0                 - xor al,al
re2.exe+11FC37C5 - EB 0B                 - jmp re2.exe+11FC37D2
re2.exe+11FC37C7 - 48 8B 7F 50           - mov rdi,[rdi+50]
re2.exe+11FC37CB - EB CD                 - jmp re2.exe+11FC379A
re2.exe+11FC37CD - 85 D2                 - test edx,edx
re2.exe+11FC37CF - 0F95 D0               - setne al
re2.exe+11FC37D2 - 48 85 C9              - test rcx,rcx
re2.exe+11FC37D5 - 75 21                 - jne re2.exe+11FC37F8
re2.exe+11FC37D7 - 84 C0                 - test al,al
re2.exe+11FC37D9 - 74 1D                 - je re2.exe+11FC37F8
re2.exe+11FC37DB - 48 89 D9              - mov rcx,rbx
re2.exe+11FC37DE - 48 85 FF              - test rdi,rdi
re2.exe+11FC37E1 - 75 0D                 - jne re2.exe+11FC37F0
re2.exe+11FC37E3 - 45 31 C0              - xor r8d,r8d
re2.exe+11FC37E6 - 8D 57 38              - lea edx,[rdi+38]
re2.exe+11FC37E9 - E8 02C0E1EF           - call re2.exe+1DDF7F0
notCharLoadoutCallerAOB- EB 08                 - jmp re2.exe+11FC37F8
re2.exe+11FC37F0 - 48 89 FA              - mov rdx,rdi
re2.exe+11FC37F3 - E8 88B349EE           - call re2.exe+45EB80        //caller
re2.exe+11FC37F8 - 48 8B 43 50           - mov rax,[rbx+50]           //ret check
re2.exe+11FC37FC - 48 8B 7C 24 30        - mov rdi,[rsp+30]
re2.exe+11FC3801 - 48 83 78 18 00        - cmp qword ptr [rax+18],00 { 0 }
re2.exe+11FC3806 - 0F85 48FFFFFF         - jne re2.exe+11FC3754
re2.exe+11FC380C - 48 89 D9              - mov rcx,rbx
re2.exe+11FC380F - 41 B8 2F000000        - mov r8d,0000002F { 47 }
re2.exe+11FC3815 - 48 89 F2              - mov rdx,rsi
re2.exe+11FC3818 - E8 D38AD8EF           - call re2.exe+1D4C2F0
re2.exe+11FC381D - 48 8B 4B 50           - mov rcx,[rbx+50]
re2.exe+11FC3821 - 0F57 C0               - xorps xmm0,xmm0
re2.exe+11FC3824 - 48 83 79 18 00        - cmp qword ptr [rcx+18],00 { 0 }
re2.exe+11FC3829 - 75 2A                 - jne re2.exe+11FC3855
re2.exe+11FC382B - 89 C0                 - mov eax,eax
re2.exe+11FC382D - F2 48 0F2A C0         - cvtsi2sd xmm0,rax
re2.exe+11FC3832 - 66 0F5A C8            - cvtpd2ps xmm1,xmm0
re2.exe+11FC3836 - 0F5A D1               - vcvtps2pd xmm2,xmm1
re2.exe+11FC3839 - F2 0F5E 15 D794E5F1   - divsd xmm2,[re2.exe+3E1CD18] { (0) }
re2.exe+11FC3841 - F2 0F59 15 7F94E5F1   - mulsd xmm2,[re2.exe+3E1CCC8] { (-1610612736) }
re2.exe+11FC3849 - F2 0F58 15 BF8DE5F1   - addsd xmm2,qword ptr [re2.exe+3E1C610] { (1.00) }
re2.exe+11FC3851 - 66 0F5A C2            - cvtpd2ps xmm0,xmm2
re2.exe+11FC3855 - 48 8B 5C 24 38        - mov rbx,[rsp+38]
re2.exe+11FC385A - 48 83 C4 20           - add rsp,20 { 32 }
re2.exe+11FC385E - 5E                    - pop rsi
re2.exe+11FC385F - C3                    - ret 
re2.exe+11FC3860 - CC                    - int 3 
re2.exe+11FC3861 - 48 8B 0C 24           - mov rcx,[rsp]
re2.exe+11FC3865 - 48 89 34 24           - mov [rsp],rsi
re2.exe+11FC3869 - D1 C8                 - ror eax,1
re2.exe+11FC386B - 48 8D 64 24 F8        - lea rsp,[rsp-08]
re2.exe+11FC3870 - 48 89 0C 24           - mov [rsp],rcx
re2.exe+11FC3874 - B9 E34E0B1D           - mov ecx,1D0B4EE3 { (0) }
re2.exe+11FC3879 - E9 890FEEF6           - jmp re2.exe+8EA4807
re2.exe+11FC387E - 4D 29 C0              - sub r8,r8
re2.exe+11FC3881 - 41 50                 - push r8
re2.exe+11FC3883 - 49 81 E0 E05D5FD3     - and r8,D35F5DE0 { (0) }
re2.exe+11FC388A - 48 81 0C 24  E05D5FD3 - or qword ptr [rsp],D35F5DE0 { (0) }
re2.exe+11FC3892 - 49 89 C2              - mov r10,rax

charIDChkForWorldObjectLoadoutCallerAOB:

Code: Select all

re2.exe+9F7E151 - 75 15                 - jne re2.exe+9F7E168
re2.exe+9F7E153 - 45 31 C0              - xor r8d,r8d
re2.exe+9F7E156 - 8D 50 38              - lea edx,[rax+38]
re2.exe+9F7E159 - 48 8B 5C 24 48        - mov rbx,[rsp+48]
re2.exe+9F7E15E - 48 83 C4 20           - add rsp,20 { 32 }
re2.exe+9F7E162 - 5F                    - pop rdi
re2.exe+9F7E163 - E9 8816E6F7           - jmp re2.exe+1DDF7F0
re2.exe+9F7E168 - 4C 89 74 24 40        - mov [rsp+40],r14
re2.exe+9F7E16D - 45 31 C0              - xor r8d,r8d
re2.exe+9F7E170 - 4C 8B 70 50           - mov r14,[rax+50]
re2.exe+9F7E174 - 4C 89 F2              - mov rdx,r14
re2.exe+9F7E177 - E8 C49D41F7           - call re2.exe+1397F40
re2.exe+9F7E17C - 0FB6 D0               - movzx edx,al
re2.exe+9F7E17F - 48 8B 43 50           - mov rax,[rbx+50]
re2.exe+9F7E183 - 48 8B 48 18           - mov rcx,[rax+18]
re2.exe+9F7E187 - 48 85 C9              - test rcx,rcx
re2.exe+9F7E18A - 74 04                 - je re2.exe+9F7E190
re2.exe+9F7E18C - 30 C0                 - xor al,al
re2.exe+9F7E18E - EB 05                 - jmp re2.exe+9F7E195
re2.exe+9F7E190 - 85 D2                 - test edx,edx
re2.exe+9F7E192 - 0F95 D0               - setne al
re2.exe+9F7E195 - 48 85 C9              - test rcx,rcx
re2.exe+9F7E198 - 0F85 1F010000         - jne re2.exe+9F7E2BD
re2.exe+9F7E19E - 48 89 6C 24 30        - mov [rsp+30],rbp
re2.exe+9F7E1A3 - 31 ED                 - xor ebp,ebp
re2.exe+9F7E1A5 - 48 89 74 24 38        - mov [rsp+38],rsi
re2.exe+9F7E1AA - 84 C0                 - test al,al
re2.exe+9F7E1AC - 0F84 8D000000         - je re2.exe+9F7E23F
re2.exe+9F7E1B2 - 89 EE                 - mov esi,ebp
re2.exe+9F7E1B4 - 48 89 D9              - mov rcx,rbx
re2.exe+9F7E1B7 - 4D 85 F6              - test r14,r14
re2.exe+9F7E1BA - 75 10                 - jne charIDChkForWorldObjectLoadoutCallerAOB
re2.exe+9F7E1BC - 45 31 C0              - xor r8d,r8d
re2.exe+9F7E1BF - 8D 55 38              - lea edx,[rbp+38]
re2.exe+9F7E1C2 - E8 2916E6F7           - call re2.exe+1DDF7F0
re2.exe+9F7E1C7 - E9 E7000000           - jmp re2.exe+9F7E2B3
charIDChkForWorldObjectLoadoutCallerAOB- 4C 89 F2              - mov rdx,r14
re2.exe+9F7E1CF - E8 AC094EF6           - call re2.exe+45EB80                //caller
re2.exe+9F7E1D4 - 48 8B 4B 50           - mov rcx,[rbx+50]                   //ret check
re2.exe+9F7E1D8 - 48 39 71 18           - cmp [rcx+18],rsi
re2.exe+9F7E1DC - 0F85 D1000000         - jne re2.exe+9F7E2B3
re2.exe+9F7E1E2 - 3D E8030000           - cmp eax,000003E8 { 1000 }
re2.exe+9F7E1E7 - 7E 20                 - jle re2.exe+9F7E209
re2.exe+9F7E1E9 - 3D D0070000           - cmp eax,000007D0 { 2000 }
re2.exe+9F7E1EE - 75 09                 - jne re2.exe+9F7E1F9
re2.exe+9F7E1F0 - 48 8B B7 20010000     - mov rsi,[rdi+00000120]
re2.exe+9F7E1F7 - EB 2B                 - jmp re2.exe+9F7E224
re2.exe+9F7E1F9 - 3D B80B0000           - cmp eax,00000BB8 { 3000 }
re2.exe+9F7E1FE - 75 24                 - jne re2.exe+9F7E224
re2.exe+9F7E200 - 48 8B B7 28010000     - mov rsi,[rdi+00000128]
re2.exe+9F7E207 - EB 1B                 - jmp re2.exe+9F7E224
re2.exe+9F7E209 - 85 C0                 - test eax,eax
re2.exe+9F7E20B - 75 09                 - jne re2.exe+9F7E216
re2.exe+9F7E20D - 48 8B B7 10010000     - mov rsi,[rdi+00000110]
re2.exe+9F7E214 - EB 0E                 - jmp re2.exe+9F7E224
re2.exe+9F7E216 - 3D E8030000           - cmp eax,000003E8 { 1000 }
re2.exe+9F7E21B - 75 07                 - jne re2.exe+9F7E224
re2.exe+9F7E21D - 48 8B B7 18010000     - mov rsi,[rdi+00000118]
re2.exe+9F7E224 - 49 89 F0              - mov r8,rsi
re2.exe+9F7E227 - 48 89 FA              - mov rdx,rdi
re2.exe+9F7E22A - 48 89 D9              - mov rcx,rbx
re2.exe+9F7E22D - E8 CE9946F6           - call re2.exe+3E7C00
re2.exe+9F7E232 - 48 8B 43 50           - mov rax,[rbx+50]
re2.exe+9F7E236 - 48 8B 48 18           - mov rcx,[rax+18]
re2.exe+9F7E23A - 48 85 C9              - test rcx,rcx
re2.exe+9F7E23D - 75 74                 - jne re2.exe+9F7E2B3
re2.exe+9F7E23F - 48 8B 05 4A3612FD     - mov rax,[re2.exe+70A1890] { (149D6E00) }
re2.exe+9F7E246 - 48 85 C9              - test rcx,rcx
re2.exe+9F7E249 - 75 68                 - jne re2.exe+9F7E2B3
re2.exe+9F7E24B - 48 85 C0              - test rax,rax
re2.exe+9F7E24E - 75 10                 - jne re2.exe+9F7E260
re2.exe+9F7E250 - 45 31 C0              - xor r8d,r8d
re2.exe+9F7E253 - 8D 50 38              - lea edx,[rax+38]

these 2 aobscans are for the caller checks in the code cave injected to "charIDReadForLoadoutOnLoadAOB+1f"

that means, once you updated these 2 aobscans, you should be able to trace from both notCharLoadoutCallerAOB and charIDChkForWorldObjectLoadoutCallerAOB to charIDReadForLoadoutOnLoadAOB very quickly, if not, one of the aobscans are wrong.

e.g., for notCharLoadoutCallerAOB:
"notCharLoadoutCallerAOB+5" ("re2.exe+11FC37F3"). is a call that would leads you to a jmp opcode

Code: Select all

re2.exe+45EB80 - E9 3B49BC08           - jmp re2.exe+90234C0

which would lead you to here "charIDReadForLoadoutOnLoadAOB-2", and this is the first line of the following opcodes.

Code: Select all

re2.exe+90234C0 - 40 57                 - push rdi
charIDReadForLoadoutOnLoadAOB- 48 83 EC 20           - sub rsp,20 { 32 }
re2.exe+90234C6 - 48 8B 41 50           - mov rax,[rcx+50]
re2.exe+90234CA - 48 89 CF              - mov rdi,rcx
re2.exe+90234CD - 48 83 78 18 00        - cmp qword ptr [rax+18],00 { 0 }
re2.exe+90234D2 - 74 08                 - je re2.exe+90234DC
re2.exe+90234D4 - 31 C0                 - xor eax,eax
re2.exe+90234D6 - 48 83 C4 20           - add rsp,20 { 32 }
re2.exe+90234DA - 5F                    - pop rdi
re2.exe+90234DB - C3                    - ret 
re2.exe+90234DC - 48 89 5C 24 38        - mov [rsp+38],rbx
inj point >>> re2.exe+90234E1 - 45 31 C0              - xor r8d,r8d
re2.exe+90234E4 - 8B 5A 54              - mov ebx,[rdx+54]
re2.exe+90234E7 - 48 8B 15 5A4602FE     - mov rdx,[re2.exe+7047B48] { (14514F568) }
re2.exe+90234EE - E8 8DA6DBF8           - call re2.exe+1DDDB80
re2.exe+90234F3 - 48 89 C2              - mov rdx,rax
re2.exe+90234F6 - 48 89 F9              - mov rcx,rdi
re2.exe+90234F9 - 89 58 10              - mov [rax+10],ebx
re2.exe+90234FC - E8 4F65DDF8           - call re2.exe+1DF9A50
re2.exe+9023501 - 48 8B 4F 50           - mov rcx,[rdi+50]
re2.exe+9023505 - 31 DB                 - xor ebx,ebx
re2.exe+9023507 - 48 8B 51 18           - mov rdx,[rcx+18]
re2.exe+902350B - 48 85 D2              - test rdx,rdx
re2.exe+902350E - 74 13                 - je re2.exe+9023523
re2.exe+9023510 - 89 D8                 - mov eax,ebx
re2.exe+9023512 - 48 85 D2              - test rdx,rdx
re2.exe+9023515 - 0F45 C3               - cmovne eax,ebx
re2.exe+9023518 - 48 8B 5C 24 38        - mov rbx,[rsp+38]
re2.exe+902351D - 48 83 C4 20           - add rsp,20 { 32 }
re2.exe+9023521 - 5F                    - pop rdi
re2.exe+9023522 - C3                    - ret 
re2.exe+9023523 - 4C 8D 44 24 30        - lea r8,[rsp+30]
re2.exe+9023528 - 48 89 C2              - mov rdx,rax
re2.exe+902352B - 48 89 F9              - mov rcx,rdi
re2.exe+902352E - E8 1DAEA2F8           - call re2.exe+1A4E350
re2.exe+9023533 - 0FB6 C8               - movzx ecx,al
re2.exe+9023536 - 48 8B 47 50           - mov rax,[rdi+50]
re2.exe+902353A - 48 8B 50 18           - mov rdx,[rax+18]
re2.exe+902353E - 48 85 D2              - test rdx,rdx
re2.exe+9023541 - 75 CD                 - jne re2.exe+9023510
re2.exe+9023543 - 8B 44 24 30           - mov eax,[rsp+30]
re2.exe+9023547 - 85 C9                 - test ecx,ecx
re2.exe+9023549 - 41 B8 FFFFFFFF        - mov r8d,FFFFFFFF { (0) }
re2.exe+902354F - 41 0F44 C0            - cmove eax,r8d
re2.exe+9023553 - 48 85 D2              - test rdx,rdx
re2.exe+9023556 - 0F45 C3               - cmovne eax,ebx
re2.exe+9023559 - 48 8B 5C 24 38        - mov rbx,[rsp+38]

that means you should be able to see charIDReadForLoadoutOnLoadAOB in SECONDS if you follow the call at "notCharLoadoutCallerAOB+5", or the call at "charIDChkForWorldObjectLoadoutCallerAOB+3", in which both call destination should be the same: call re2.exe+45EB80.

(EDIT: in case you're not familiar with the navigation of CE's Memory View ----- press SPACEBAR while highlighting a call xxxx or jmp xxxx would view the destination immediately.)

if you're still interested in updating the script for the denuvo free ver... hope this helps~

No problem!!! I think I got the script to work, but I had to find a different way than what you had told me...

Spoiler

First I've tried the way you suggested, but no matter what changes I've made, I couldn't find any jmp or call that were the same on both "notCharLoadoutCallerAOB" and "charIDChkForWorldObjectLoadoutCallerAOB"...

Then I started the opposite way.. I've found the perfect AOB scan for "charIDReadForLoadoutOnLoadAOB-2" as it only changed the xor opcode (33 C0 instead of 31 C0), so all I needed to do was find the other 2...
What I did was to search for the opcode "call re2.exe+charIDReadForLoadoutOnLoadAOB-2", and voilá!!! Found me some addresses. Then I compared them with the orignals, and put the most similar ones in the script!!!

Again thanks for helping me with this!!! I still don't know how you could do it in the first place, but I've learned a lot more with your explanation!!!
Do you know a shortcut for when you search for an array of bytes, and it shows at the Hex part of the Memory View, to immediately jump at that address on the opcode part too??? It's a pain in the ass to have to type the address over and over...

Also, if you still have the game installed, can you help me with another problem I'm having? Do you know about the fix for the low framerate of the zombies when they are beyond a certain distance? The guy (gal?) who posted it said to edit the .exe, but I believe it can be done within the CE too.

Spoiler

I've compared the fix on the old crack, and on the denuvo-less crack and found that on the old, it modifies a jmp opcode to a xor followed by the same jmp opcode. So, I've made a AOB scan at a similar pattern, and simply "added" the xor as a newmem code, but couldn't see the difference on my end... Maybe I didn't "patched" the right address?? At least the game didn't crashed...

So, here is the table with a working character model script for those who have the denuvo-less .exe!!! I've only tested it for a few minutes, and as I never used it before, don't really know how to fully explore the options, so I would like to ask for those who know to tell me if anything went wrong!!!

All credits go to Cielos and everyone else who made these scripts!!

Edit: I removed the table because it was crashing... Made a new one on the next page!

[pk5547]

@kennean

Thanks for update. character model mod script is loaded well but when I change leon's model to hunk and
load my save, game is shutting down...

[kennean]

@kennean

Thanks for update. character model mod script is loaded well but when I change leon's model to hunk and
load my save, game is shutting down...

Thanks for your feedback!

Here is a new one, which I tested several times, loading a saved game from some time ago, and one recently saved, with both characters and every time it worked... But, I don't know if the original one had this problem, you can only change the options for the character you're going to use.

Example: You want to change Leon to Marvin, so make the changes and the game loads and play fine, no CTD whatsoever... But, if you load a save from Claire's route, with those changes on, than the game will crash... Meaning that you have to select exactly what you want to use on the right character...

Perhaps there's more to fix on the script, but it may be beyond my knowledge for the moment, and I can't check everything right now!
Thanks everybody for your help and feedback!

I don't think I have to say it by now, but the attached table is only for those who have the denuvo less .exe!

[pk5547]

@kennean
First thanks for quick reply and your hard work stuff.

Problem was my old save.
Make a new game save and loaded with model scipt, chracter model change well.

Other two scipt (custom stance and custom loadout) seems loaded well when enabled
but i don't know difference between enabled and not enabled.
Any idea on this?

[kennean]

@kennean
First thanks for quick reply and your hard work stuff.

Problem was my old save.
Make a new game save and loaded with model scipt, chracter model change well.

Other two scipt (custom stance and custom loadout) seems loaded well when enabled
but i don't know difference between enabled and not enabled.
Any idea on this?

Actually I don't know it either!!! Perhaps someone who used the codes before could tell... I believe the stance is changed, so when you have a character that's taller or smaller, they will shot from the correct height, but I'm guessing here... And the custom loadout, well, didn't find a weapon that was suppose to be different... Only when I started a game on Leon's route, changing the settings to Ada, then the gun that appeared was the one she uses...

[makankossapo]

I am having trouble with the custom voice function.

Leon A
Game version- latest(steam version, I think it's V2)
Table version- Latest (19+2)
Cheat engine version: tried with both 6.8.2 and 6.8.3

Step 1: Used a mod to replace Leon with Ada.
Step 2: Used cheat table to set Ada's costume(worked)
Step 3: Used cheat table to set voice to Ada's. (partially working)

Problem:
The foot step sound are replaced to Ada's footsteps, but the grunts, etc are silent. The only time Custom Voice worked perfectly was when Real Ada was near my Custom Ada.

PS: I tried replacing with Claire's voice, still the same results, Footsteps sound gets replaced but the grunts etc are silent.

[IneedAPervertedMrs]

@kennean

Thanks for update. character model mod script is loaded well but when I change leon's model to hunk and
load my save, game is shutting down...

Thanks for your feedback!

Here is a new one, which I tested several times, loading a saved game from some time ago, and one recently saved, with both characters and every time it worked... But, I don't know if the original one had this problem, you can only change the options for the character you're going to use.

Example: You want to change Leon to Marvin, so make the changes and the game loads and play fine, no CTD whatsoever... But, if you load a save from Claire's route, with those changes on, than the game will crash... Meaning that you have to select exactly what you want to use on the right character...

Perhaps there's more to fix on the script, but it may be beyond my knowledge for the moment, and I can't check everything right now!
Thanks everybody for your help and feedback!

I don't think I have to say it by now, but the attached table is only for those who have the denuvo less .exe!

How do you get the denuvo-free version?

[Mee]

I am having trouble with the custom voice function.

The foot step sound are replaced to Ada's footsteps, but the grunts, etc are silent. The only time Custom Voice worked perfectly was when Real Ada was near my Custom Ada.

Same here, not sure if bug or if that is the intended function.

[IneedAPervertedMrs]

It looks like the "denuvo-free" version is just a pirate copy. Can we get support for the paid version please? People who pay for the game are paying your free pirated enjoyment of the game so be a bro and hook us up please.