[COMPLETED] Mortal Kombat 11

[Anfraxx]

Heading to bed as well. This is what I got so far:



And a big _|_ to Cal bitching I won't have any use for the dumped UObjects, that I won't get same results he did and so on. Watch him pop-in to cringe with the ultimata: "yeah, but I did it first"

Night.

EDIT: Note that the Ermac Bridge (Lift Bridge) does store its Green Skulls at [0x1C8]+0x10 too. Just in case you see 0x0 at 0x4B8

Sun, firstly I just want to say thanks and give you the credit you deserve as it takes time to learn to use CE to the level you have done, watching your video was completely past what I am able to do - I still just search a value then change batches and normally crash the game in doing so (which is why I have yet to figure out how to negative value hearts and Ermac souls).

It's not fair on you though that you get so many people DM'ing you asking you to do this and that for them, so all I want to ask is was it just by trial and error you got to learn CE like this, or was there videos you used/websites? I am a little fed up of crashing the game now trying to get more souls/hearts.

[SunBeam]

It's not fair on you though that you get so many people DM'ing you asking you to do this and that for them, so all I want to ask is was it just by trial and error you got to learn CE like this, or was there videos you used/websites? I am a little fed up of crashing the game now trying to get more souls/hearts.

Would I be a dick now if I said: "No comment. Thank Wibblecakes -> viewtopic.php?p=87412#p87412"? You think he cares? Eventually someone will post a table and he gets what he needs with no hassle or will to learn. Cuz, well, his time's better spent doing other shit (perhaps just gaming). Or.. who knows.. studying law, seeing how good of a public advocate he tries to be

[Stalker4589]

as good at cheat engine as you.

I wish it were only Cheat Engine.. that's my problem. Self-sufficiency. Then they're the ones PMing me asking me how to do this and that, how I got to know this much and so on. If in today's world not even a VIDEO with some MEGA pointers in the right direction is considered "obnoxious", then fuck it. I'll just show the conclusion, no more attempts at indirect teachings. I'll keep your name and post in Notepad, so when people ask me why I stopped posting detailed information, I will refer them to just that

Yeah, am sure you'll struggle through the calvary of scanning, editing, crashing, etc. till you drop dead, then wait for days, weeks till someone like Tim spends money from his pocket to buy the game and feed your OCD-istic asses. What does he get in return? "Thanks" in text form? If 15$ for a trainer is much, consider his attitude and what he did when you think of some form of compensation for his work; money isn't always an object (can be a hundred other things).

BR,
Sun

Don't worry so much Sun, It's not worth you time. I appreciate what you're doing have learned something at least. I'm still entirely lost but you're work here is appreciated enjoy your holiday man.

[SunBeam]

It's not fair on you though that you get so many people DM'ing you asking you to do this and that for them, so all I want to ask is was it just by trial and error you got to learn CE like this, or was there videos you used/websites? I am a little fed up of crashing the game now trying to get more souls/hearts.

What I did was to follow Tim's script. Checked the address at which he placed the hook (the JMP) and debugged it (Find out what addresses this instruction accesses in Memory Viewer) to get the address to the chest structure (that memory address you look for by scanning) when approached to one. Then combined my dumper and determined the structure (the memory content of that address; the data in it) components (which other addresses are in there and what they point to by name). That's how and why you see a lot of naming conventions. That's how the game/engine calls them.

But all of this is explained, maybe not on this particular game, in the CE tutorial in the "injection" chapter. If you want to learn how to do injections, that is (or code hooking; scripts like Tim does). But then again, you'll also require learning assembly (know what "mov rax,rcx" means? if not, then that's what you need to start with). References are all across this forum; here's one section: viewforum.php?f=11.

BR,
Sun

[Stalker4589]

Need help pls (deleted to not have huge chain)

This is really simple now thanks to Sun and Tim

Open cheat engine

Press Ctrl+Alt+A

Paste

Code: Select all

{
	Process			: MK11.exe  -  (x64)
	Module			: MK11.exe
	Game Title		: MK11
	Game Version	: 1.0.0.0
	CE Version		: 6.83
	Script Version	: 0.0.1
	Date			: 04/26/19
	Author			: ShyTwig16
	Name			: KryptChestCheckHook

	Krypt Chest Check Hook
}

{$STRICT}

define(address, MK11.exe+8E5DD1F)
define(bytes, 83 BB 28 04 00 00 FF)

////
//// ------------------------------ ENABLE ------------------------------
[ENABLE]
aobScanModule(aobKryptChestCheckHook, MK11.exe, F7xxxxxxxxxxxxxxxxxx0F85xxxxxxxx83xxxxxxxxxxxx74xx83xxxxxxxxxxxx74xx83xxxxxxxxxxxx0F85xxxxxxxx83xxxxxxxxxxxx0F85xxxxxxxx83)
define(injKryptChestCheckHook, aobKryptChestCheckHook+10)
assert(injKryptChestCheckHook, bytes)
registerSymbol(injKryptChestCheckHook)

alloc(memKryptChestCheckHook, 0x400, injKryptChestCheckHook)

label(ptrKryptChestCheckHook)
registerSymbol(ptrKryptChestCheckHook)

label(n_code)
label(o_code)
label(exit)
label(return)

memKryptChestCheckHook:
	ptrKryptChestCheckHook:
		dq 0
	align 10 CC
	n_code:
		push rax
		mov [ptrKryptChestCheckHook],rbx
		or byte ptr [rbx+D0],08
		cmp dword ptr [rbx+488],00
		je @f
			mov dword ptr [rbx+488],01
			jmp o_code
		@@:
		cmp dword ptr [rbx+4B8],00
		je @f
			mov dword ptr [rbx+4B8],01
			jmp o_code
		@@:
		mov rax,[rbx+1C8]
		test rax,rax
		jz o_code
			cmp dword ptr [rax+10],00
			je @f
				mov dword ptr [rax+10],01
				jmp o_code
			@@:
	o_code:
		cmp dword ptr [rbx+00000428],-01
	exit:
		pop rax
		jmp return


////
//// ---------- Injection Point ----------
injKryptChestCheckHook:
	jmp n_code
	nop
	nop
	return:


////
//// ------------------------------ DISABLE ------------------------------
[DISABLE]
////
//// ---------- Injection Point ----------
injKryptChestCheckHook:
	db bytes

unregisterSymbol(injKryptChestCheckHook)

unregisterSymbol(ptrKryptChestCheckHook)

dealloc(memKryptChestCheckHook)

{
//// Injection Point: MK11.exe+8E5DD1F  -  0000000148E5DD1F
//// AOB address: 0000000148E5DD0F  -  MK11.exe+8E5DD0F
//// Process: MK11.exe  -  0000000140000000
//// Module: MK11.exe  -  0000000140000000
//// Module Size: 0000000017EBE000
MK11.exe+8E5DCCE:  48 8B 0C 24                 -  mov rcx,[rsp]                      
MK11.exe+8E5DCD2:  48 8D 64 24 08              -  lea rsp,[rsp+08]                   
MK11.exe+8E5DCD7:  9D                          -  popfq                              
MK11.exe+8E5DCD8:  53                          -  push rbx                           
MK11.exe+8E5DCD9:  48 8D 1D F0DF2101           -  lea rbx,[14A07BCD0]                [245C8948]
MK11.exe+8E5DCE0:  48 87 1C 24                 -  xchg [rsp],rbx                     
MK11.exe+8E5DCE4:  C3                          -  ret                                
MK11.exe+8E5DCE5:  4C 8D 3D B03B5C0E           -  lea r15,[15742189C]                [8D4C3289]
MK11.exe+8E5DCEC:  41 FF E3                    -  jmp r11                            
MK11.exe+8E5DCEF:  3D 48894C24                 -  cmp eax,244C8948                   [(float)-0.0304]
MK11.exe+8E5DCF4:  08 53 48                    -  or [rbx+48],dl                     
MK11.exe+8E5DCF7:  83 EC 70                    -  sub esp,70                         
MK11.exe+8E5DCFA:  48 89 CB                    -  mov rbx,rcx                        
MK11.exe+8E5DCFD:  31 D2                       -  xor edx,edx                        
MK11.exe+8E5DCFF:  31 C9                       -  xor ecx,ecx                        
MK11.exe+8E5DD01:  E8 3AB25DF7                 -  call 140438F40                     
MK11.exe+8E5DD06:  48 85 C0                    -  test rax,rax                       
MK11.exe+8E5DD09:  0F84 47050000               -  je 148E5E256                       
MK11.exe+8E5DD0F:  F7 83 D0000000 00000200     -  test [rbx+000000D0],20000          <<<--- AOB Starts Here
MK11.exe+8E5DD19:  0F85 37050000               -  jne 148E5E256                      
////  INJECTING START  ----------------------------------------------------------
MK11.exe+8E5DD1F:  83 BB 28040000 FF           -  cmp dword ptr [rbx+00000428],-01   
////  INJECTING END  ----------------------------------------------------------
MK11.exe+8E5DD26:  74 30                       -  je 148E5DD58                       
MK11.exe+8E5DD28:  83 BB 58040000 FF           -  cmp dword ptr [rbx+00000458],-01   
MK11.exe+8E5DD2F:  74 27                       -  je 148E5DD58                       
MK11.exe+8E5DD31:  83 BB 88040000 00           -  cmp dword ptr [rbx+00000488],00    
MK11.exe+8E5DD38:  0F85 18050000               -  jne 148E5E256                      
MK11.exe+8E5DD3E:  83 BB B8040000 00           -  cmp dword ptr [rbx+000004B8],00    
MK11.exe+8E5DD45:  0F85 0B050000               -  jne 148E5E256                      
MK11.exe+8E5DD4B:  83 BB E8040000 00           -  cmp dword ptr [rbx+000004E8],00    
MK11.exe+8E5DD52:  0F85 FE040000               -  jne 148E5E256                      
MK11.exe+8E5DD58:  48 89 6C 24 68              -  mov [rsp+68],rbp                   
MK11.exe+8E5DD5D:  48 8B 2D 1C5320FA           -  mov rbp,[143063080]                [74E4B940]
MK11.exe+8E5DD64:  48 89 AC 24 98000000        -  mov [rsp+00000098],rbp             
MK11.exe+8E5DD6C:  48 85 ED                    -  test rbp,rbp                       
MK11.exe+8E5DD6F:  0F84 DC040000               -  je 148E5E251                       
MK11.exe+8E5DD75:  48 89 D9                    -  mov rcx,rbx                        
MK11.exe+8E5DD78:  E8 D3EB98F7                 -  call 1407EC950                     
MK11.exe+8E5DD7D:  83 F8 05                    -  cmp eax,05                         
MK11.exe+8E5DD80:  0F84 CB040000               -  je 148E5E251                       
MK11.exe+8E5DD86:  48 83 BB C8010000 00        -  cmp qword ptr [rbx+000001C8],00    
MK11.exe+8E5DD8E:  0F85 BD040000               -  jne 148E5E251                      
//// Template: I2CEA_AOBFullInjectionWithValues
//// Generated with: I2 Cheat Engine Auto Assembler Script Template Generator
//// Code Happy, Code Freely, Be Awesome.
}

Hit execute
On the prompt asking if you want to open an address or w.e click no
Go to game and walk to a chest and then away and back again
It will now cost 1 currency

[Stalker4589]

Stuff

How easy would it be to get a noclip function working for the Krypt?

[SunBeam]

I'm currently studying UE3 x64 in the UE3 SDK (from 2012). Managed to dump Names/Objects like here and want to understand how UnrealScript bytecode works in x64 (if any different than x86) to then find the GoToState blocks of data that would allow me to manually force the player state. From PlayerWalking to PlayerFlying. Add SetCollision to that, set to 0, and you get fly + noclip. AKA ghost.

Chinese? Thought as much. In short, it's doable. It will just take a bit more time. Think next week to the weekend.

P.S.#1: Fingers crossed that WB doesn't do a server-sided check for player XYZ. They might disconnect your ballz if you venture into some location you're not supposed to (like, for example, across the Ermac Bridge, to get close to those 2 characters fighting in the background on a parallel bridge).

P.S.#2: This:



Look to your left when standing there. You'll see another bridge far away with 2 fuckers fighting

[Stalker4589]

Chinese? Thought as much. In short, it's doable. It will just take a bit more time. Think next week to the weekend.

Not chinese at all I follow mostly.

[Stalker4589]

Look to your left when standing there. You'll see another bridge far away with 2 fuckers fighting

Yeah I know who you mean. It's Rain and Blaze



Same as in the MK3 The Pit Stage

[SunBeam]

Don't think so; someone is teleporting there

[sinix13120]

Where is the link for the cheat table please ?

[jaks500]

hope it works

[Razapudroshko]

where the tables?

[shingouki2]

Latest update is december 2022 version 1.30.

All others are pointless.

I can’t make tables, because I don’t know how to bypass the integrity check. If someone can share the hacked exe file to bypass integrity in version 1.30 i can make cheat tables.