|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
daixka How do I cheat? Reputation: 0
Joined: 06 Dec 2021 Posts: 4
|
Posted: Mon Dec 06, 2021 12:25 pm Post subject: Failure Allocating Memory Near 1402A5877 |
|
|
Hi all,
I'm hoping someone will be able to help me out with this. I also need to preface this thread by saying I'm a complete newbie to this and the only coding experience I have is from when I edited the HTML for my Neopets home page back in the day, so any and all advice would be welcome (especially if you can explain it in layman's terms).
I'm trying to use a cheat engine for Final Fantasy XV Windows Edition for PC (Steam Version). The code is below (I wanted to attach the URL to the forum where I got it but seems my account is too new to post URLs) and was able to use it maybe once or twice while running the game, but I would say 8 out 10 times the script does not activate and I get a "Failure Allocating Memory Near 1402A5877."
I found a previous thread on here where someone else had the same issue, but couldn't figure out how to fix it with the code from what I downloaded. I also double checked and my Query Memory Region Routines is disabled in Cheat Engine.
Any and all help is appreciated. Thanks!
Code: |
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
{$lua}
function lua_aobscan(name,module,bytes,index)
index = index - 1
if(module == "") then
local resultSet = AOBScan(bytes)
if(resultSet == nil) then
unregisterSymbol(name)
print(name.." not found")
else
unregisterSymbol(name)
registerSymbol(name,resultSet[index])
resultSet.destroy()
end
else
if(getModuleSize(module) == nil) then
print("Module "..module.." not found")
else
local memScanner = createMemScan()
local memFoundList = createFoundList(memScanner)
memScanner.firstScan(
soExactValue,vtByteArray,rtRounded,bytes,nil,
getAddress(module),(getAddress(module)+getModuleSize(module)),"",
fsmNotAligned,"",true,false,false,false)
memScanner.waitTillDone()
memFoundList.initialize()
if(memFoundList.Count == 0) then
unregisterSymbol(name)
print(name.." in module "..module.." not found")
else
unregisterSymbol(name)
registerSymbol(name,memFoundList.Address[index])
end
memScanner.destroy()
memFoundList.destroy()
end
end
end
{$asm}
//luaCall(lua_aobscan("humanStaminaWritesAOB","ffxv_s.exe","F3 0F 10 ** ** ** ** ** F3 0F 5D C1 F3 0F 11 ** ** ** ** ** C3",2))
//luaCall(lua_aobscan("techWritesAOB","ffxv_s.exe","F3 0F 10 ** ** ** ** ** F3 0F 5D C1 F3 0F 11 ** ** ** ** ** C3",3))
///***********************************************///
//aobscanmodule(healthReadOnChangeAOB,ffxv_s.exe,8B ** ** ** ** ** 2B ** 8B ** ** ** ** ** ** ** 41 ** ** 89)
//registersymbol(healthReadOnChangeAOB)
luaCall(lua_aobscan("healthReadOnChangeAOB","ffxv_s.exe","8B ** ** ** ** ** 2B 02 8B ** ** ** ** ** ** ** 41",2))
label(dMinHealth)
registersymbol(dMinHealth)
label(pEntityJustBeenHit)
registersymbol(pEntityJustBeenHit)
label(bUndeadTeam)
registersymbol(bUndeadTeam)
label(bUndead)
registersymbol(bUndead)
label(bAdvanceEvadeKey)
registersymbol(bAdvanceEvadeKey)
alloc(newmem,2048,healthReadOnChangeAOB) //"ffxv_s.exe"+1F8AB7)
label(originalcode_undead)
registersymbol(originalcode_undead)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
push r12
mov r12,pEntityJustBeenHit
mov [r12],rbx
xor rax,rax
mov r12,bUndeadTeam
cmp byte ptr [r12],1
jne @f
//cmp dword ptr [rbx+264],0000ff00 //0xff00 - team
//je dominhealth
//cmp dword ptr [rbx+174],ffffffff //0,1,2,3,4.. - team
//jne dominhealth
cmp dword ptr [rbx+15c],0 //0 - team
jne dominhealth
@@:
mov r12,bUndead
cmp dword ptr [rbx+d4],'Noct' //0x74636f4e
jne @f
cmp word ptr [rbx+d8],'is' //0x7369
je dominhealth
@@:
cmp dword ptr [rbx+d4],E5BEABE8
jne @f
cmp dword ptr [rbx+d8],8FE68B85
jne @f
cmp dword ptr [rbx+dc],AF96E690
je dominhealth
@@:
inc rax
cmp dword ptr [rbx+d4],'Glad' //0x64616c47
jne @f
cmp dword ptr [rbx+d8],'iolu' //0x756c6f69
jne @f
cmp byte ptr [rbx+dc],'s' //0x73
je dominhealth
@@:
cmp dword ptr [rbx+d4],E6BCA0E6
jne @f
cmp dword ptr [rbx+d8],BFE8898B
jne @f
cmp dword ptr [rbx+dc],90ADE6AA
jne @f
cmp dword ptr [rbx+e0],E68D97E8
jne @f
cmp word ptr [rbx+e4],AF96
je dominhealth
@@:
inc rax
cmp dword ptr [rbx+d4],'Prom' //0x6d6f7250
jne @f
cmp word ptr [rbx+d8],'pt' //0x7470
jne @f
cmp byte ptr [rbx+da],'o' //0x6f
je dominhealth
@@:
cmp dword ptr [rbx+d4],E7AE99E6
jne @f
cmp dword ptr [rbx+d8],81E685BE
jne @f
cmp dword ptr [rbx+dc],AE99E6A9
jne @f
cmp dword ptr [rbx+e0],00B989E7
je dominhealth
@@:
inc rax
cmp dword ptr [rbx+d4],'Igni' //0x696e6749
jne @f
cmp byte ptr [rbx+d8],'s' //0x73
je dominhealth
@@:
cmp dword ptr [rbx+d4],E68ABCE4
jne @f
cmp dword ptr [rbx+d8],B0E5BCA0
jne @f
cmp dword ptr [rbx+dc],AF96E6BC
je dominhealth
@@:
inc rax
cmp dword ptr [rbx+d4],706c6f53
jne @f
cmp word ptr [rbx+d8],6968
jne @f
cmp word ptr [rbx+da],65
je dominhealth
@@:
inc rax
cmp dword ptr [rbx+d4],00726f43 //'Cor'+0x00
je dominhealth
@@:
inc rax
cmp dword ptr [rbx+d4],73697249 //'Iris'
je dominhealth
@@:
jmp end
dominhealth:
cmp byte ptr [r12+rax],1
jne @f
readmem(healthReadOnChangeAOB,6)
//mov eax,[rbx+198]
sub eax,[rdx]
mov r12,dMinHealth
cmp eax,[r12]
jge @f
mov eax,[r12]
add eax,[edx]
db 89
readmem(healthReadOnChangeAOB+1,5)
//mov [rbx+198],eax
end:
pop r12
originalcode_undead:
readmem(healthReadOnChangeAOB,14)
//mov eax,[rbx+00000198]
//sub eax,[rdx]
//mov ecx,[rbx+0000019C]
exit:
jmp healthReadOnChangeAOB+e
///
bAdvanceEvadeKey:
dd 0
dMinHealth:
dd 0
pEntityJustBeenHit:
dq 0
dq 0
bUndeadTeam:
dd 0
bUndead:
db 0 //Noctis
db 0 //Gladiolus
db 0 //Prompto
db 0 //Ignis
db 0 //
db 0 //Cor
db 0 //Iris
///
healthReadOnChangeAOB: //"ffxv_s.exe"+1F8AB7:
jmp newmem
///***********************************************///
luaCall(lua_aobscan("maxHealthReadOnChangeAOB","ffxv_s.exe","8B ** ** ** ** ** 2B 02 8B ** ** ** ** ** ** ** 41",1))
alloc(newmem2,2048,maxHealthReadOnChangeAOB) //"ffxv_s.exe"+1F9D17)
label(originalcode2_undead)
registersymbol(originalcode2_undead)
label(exit2)
newmem2: //this is allocated memory, you have read,write,execute access
//place your code here
push r12
mov r12,pEntityJustBeenHit
mov [r12],rbx
mov r12,bUndeadTeam
cmp byte ptr [r12],1
jne @f
//cmp dword ptr [rbx+264],0000ff00 //0xff00 - team, 0xffff - not team, 0x00000000 - ?
//je dominmaxhealth2
//cmp dword ptr [rbx+174],ffffffff //0,1,2,3,4.. - team
//jne dominmaxhealth2
cmp dword ptr [rbx+15c],0 //0 - team
jne dominmaxhealth2
@@:
xor rax,rax
mov r12,bUndead
//cmp byte ptr [r12+rax],1
//jne @f
cmp dword ptr [rbx+d4],'Noct' //0x74636f4e
jne @f
cmp word ptr [rbx+d8],'is' //0x7369
je dominmaxhealth2
@@:
cmp dword ptr [rbx+d4],E5BEABE8
jne @f
cmp dword ptr [rbx+d8],8FE68B85
jne @f
cmp dword ptr [rbx+dc],AF96E690
je dominmaxhealth2
@@:
inc rax
//cmp byte ptr [r12+rax],1
//jne @f
cmp dword ptr [rbx+d4],'Glad' //0x64616c47
jne @f
cmp dword ptr [rbx+d8],'iolu' //0x756c6f69
jne @f
cmp byte ptr [rbx+dc],'s' //0x73
je dominmaxhealth2
@@:
cmp dword ptr [rbx+d4],E6BCA0E6
jne @f
cmp dword ptr [rbx+d8],BFE8898B
jne @f
cmp dword ptr [rbx+dc],90ADE6AA
jne @f
cmp dword ptr [rbx+e0],E68D97E8
jne @f
cmp word ptr [rbx+e4],AF96
je dominmaxhealth2
@@:
inc rax
//cmp byte ptr [r12+rax],1
//jne @f
cmp dword ptr [rbx+d4],'Prom' //0x6d6f7250
jne @f
cmp word ptr [rbx+d8],'pt' //0x7470
jne @f
cmp byte ptr [rbx+da],'o' //0x6f
je dominmaxhealth2
@@:
cmp dword ptr [rbx+d4],E7AE99E6
jne @f
cmp dword ptr [rbx+d8],81E685BE
jne @f
cmp dword ptr [rbx+dc],AE99E6A9
jne @f
cmp dword ptr [rbx+e0],00B989E7
je dominmaxhealth2
@@:
inc rax
//cmp byte ptr [r12+rax],1
//jne @f
cmp dword ptr [rbx+d4],'Igni' //0x696e6749
jne @f
cmp byte ptr [rbx+d8],'s' //0x73
je dominmaxhealth2
@@:
cmp dword ptr [rbx+d4],E68ABCE4
jne @f
cmp dword ptr [rbx+d8],B0E5BCA0
jne @f
cmp dword ptr [rbx+dc],AF96E6BC
je dominmaxhealth2
@@:
inc rax
//cmp byte ptr [r12+rax],1
//jne @f
cmp dword ptr [rbx+d4],706c6f53
jne @f
cmp word ptr [rbx+d8],6968
jne @f
cmp byte ptr [rbx+da],65
je dominmaxhealth2
@@:
inc rax
//cmp byte ptr [r12+rax],1
//jne @f
cmp dword ptr [rbx+d4],00726f43 //'Cor'+0x00
je dominmaxhealth2
@@:
inc rax
//cmp byte ptr [r12+rax],1
//jne @f
cmp dword ptr [rbx+d4],73697249 //'Iris'
je dominmaxhealth2
@@:
jmp end2
dominmaxhealth2:
cmp byte ptr [r12+rax],1
jne @f
readmem(maxHealthReadOnChangeAOB,6)
//mov eax,[rbx+18c]
sub eax,[rdx]
mov r12,dMinHealth
mov r12d,[r12]
inc r12d
cmp eax,r12d
jge @f
mov eax,r12d
add eax,[edx]
db 89
readmem(maxHealthReadOnChangeAOB+1,5)
//mov [rbx+19c],eax
end2:
pop r12
originalcode2_undead:
readmem(maxHealthReadOnChangeAOB,14)
//mov eax,[rbx+0000019C]
//sub eax,[rdx]
//mov ecx,[rbx+000001a0]
exit2:
jmp maxHealthReadOnChangeAOB+e
///
maxHealthReadOnChangeAOB: //"ffxv_s.exe"+1F9D17:
jmp newmem2
///***********************************************///
//aobscanmodule(partyCurMaxHealthReadAOB,ffxv_s.exe,FF 90 ** ** ** ** 8B 80 A4 01 00 00 48 ** ** ** 5B C3 48 ** ** ** 5B C3)
aobscanmodule(partyCurMaxHealthReadAOB,ffxv_s.exe,FF 90 ** ** ** ** 8B 80 ** ** 00 00 48 ** ** ** 5B C3 48 ** ** ** 5B C3)
registersymbol(partyCurMaxHealthReadAOB)
label(pNoctisAutoEvadeFlag)
registersymbol(pNoctisAutoEvadeFlag)
label(pNoctisAutoEvadeTimer)
registersymbol(pNoctisAutoEvadeTimer)
label(pParty)
registersymbol(pParty)
alloc(newmem6,2048,partyCurMaxHealthReadAOB) //"ffxv_s.exe"+5B6712C)
label(originalcode6_enable)
registersymbol(originalcode6_enable)
label(exit6)
newmem6: //this is allocated memory, you have read,write,execute access
//place your code here
readmem(partyCurMaxHealthReadAOB,6)
push rcx
mov rbx,pParty
xor rcx,rcx
cmp dword ptr [rax+d4],'Noct' //0x74636f4e
jne @f
cmp word ptr [rax+d8],'is' //0x7369
jne @f
@@:
cmp dword ptr [rax+d4],E5BEABE8
jne @f
cmp dword ptr [rax+d8],8FE68B85
jne @f
cmp dword ptr [rax+dc],AF96E690
jne @f
push rdx
push rdi
mov rdx,pNoctisAutoEvadeFlag
lea rdi,[rax+a+268]
mov [rdx],rdi
//lea rdi,[rax+a*2+368]
lea rdi,[rax+14+368]
mov [rdx+8],rdi
pop rdi
pop rdx
jmp assignpparty6
@@:
inc rcx
cmp dword ptr [rax+d4],'Glad' //0x64616c47
jne @f
cmp dword ptr [rax+d8],'iolu' //0x756c6f69
jne @f
cmp byte ptr [rax+dc],'s' //0x73
je assignpparty6
@@:
cmp dword ptr [rax+d4],E6BCA0E6
jne @f
cmp dword ptr [rax+d8],BFE8898B
jne @f
cmp dword ptr [rax+dc],90ADE6AA
jne @f
cmp dword ptr [rax+e0],E68D97E8
jne @f
cmp word ptr [rax+e4],AF96
je assignpparty6
@@:
inc rcx
cmp dword ptr [rax+d4],'Prom' //0x6d6f7250
jne @f
cmp word ptr [rax+d8],'pt' //0x7470
jne @f
cmp byte ptr [rax+da],'o' //0x6f
je assignpparty6
@@:
cmp dword ptr [rax+d4],E7AE99E6
jne @f
cmp dword ptr [rax+d8],81E685BE
jne @f
cmp dword ptr [rax+dc],AE99E6A9
jne @f
cmp dword ptr [rax+e0],00B989E7
je assignpparty6
@@:
inc rcx
cmp dword ptr [rax+d4],'Igni' //0x696e6749
jne @f
cmp byte ptr [rax+d8],'s' //0x73
je assignpparty6
@@:
cmp dword ptr [rax+d4],E68ABCE4
jne @f
cmp dword ptr [rax+d8],B0E5BCA0
jne @f
cmp dword ptr [rax+dc],AF96E6BC
je assignpparty6
@@:
inc rcx
cmp dword ptr [rax+d4],706c6f53
jne @f
cmp word ptr [rax+d8],6968
jne @f
cmp byte ptr [rax+da],65
je assignpparty6
@@:
inc rcx
cmp dword ptr [rax+d4],00726f43 //'Cor'+0x00
je assignpparty6
@@:
inc rcx
cmp dword ptr [rax+d4],73697249 //'Iris'
je assignpparty6
@@:
jmp end6
assignpparty6:
mov [rbx+rcx*8],rax
end6:
pop rcx
readmem(partyCurMaxHealthReadAOB+6,10)
jmp exit6
originalcode6_enable:
readmem(partyCurMaxHealthReadAOB,16)
//call qword ptr [rax+00000AA8]
//mov eax,[rax+0000018C]
//add rsp,20
exit6:
jmp partyCurMaxHealthReadAOB+10
///
pNoctisAutoEvadeFlag:
dq 0
pNoctisAutoEvadeTimer:
dq 0
pParty:
///
partyCurMaxHealthReadAOB: //"ffxv_s.exe"+5B6712C:
jmp newmem6
///***********************************************///
aobscanmodule(weaponStructureBaseReadInCGearsMenusAOB,ffxv_s.exe,44 ** ** BA ** ** ** ** 48 ** ** ** ** E8 ** ** ** ** 83 ** ** ** ** 74 ** 48 ** ** ** ** ** 74 ** 33 ** 8B)
registersymbol(weaponStructureBaseReadInCGearsMenusAOB)
label(pCWeaponStats)
registersymbol(pCWeaponStats)
alloc(newmem11,2048,weaponStructureBaseReadInCGearsMenusAOB) //"ffxv_s.exe"+7C42F2)
label(originalcode11_enable)
registersymbol(originalcode11_enable)
label(exit11)
newmem11: //this is allocated memory, you have read,write,execute access
//place your code here
mov rcx,pCWeaponStats
mov [rcx],ebx
readmem(weaponStructureBaseReadInCGearsMenusAOB,13)
reassemble(weaponStructureBaseReadInCGearsMenusAOB+d)
jmp exit11
originalcode11_enable:
readmem(weaponStructureBaseReadInCGearsMenusAOB,18)
//mov r8d,[rbx]
//mov edx,0101AA13
//lea rcx,[rsp+28]
//call ffxv_s.exe+265350
exit11:
jmp weaponStructureBaseReadInCGearsMenusAOB+12
///
pCWeaponStats:
///
weaponStructureBaseReadInCGearsMenusAOB: //"ffxv_s.exe"+7C42F2:
jmp newmem11
///***********************************************///
/*
aobscanmodule(weaponAttkRead1AOB,ffxv_s.exe,8B ** 1C 44 ** ** 20 8B ** 14 89)
registersymbol(weaponAttkRead1AOB)
label(bDamageMultiplierEnable)
registersymbol(bDamageMultiplierEnable)
label(dDamageMultiplierC)
registersymbol(dDamageMultiplierC)
label(bTeamWeaponDamageMultiply)
registersymbol(bTeamWeaponDamageMultiply)
label(dTeamWeaponDamageMultiplier)
registersymbol(dTeamWeaponDamageMultiplier)
label(dWeaponDamageMultiplier)
registersymbol(dWeaponDamageMultiplier)
alloc(newmem12,2048,weaponAttkRead1AOB) //"ffxv_s.exe"+6043095)
label(originalcode12_weapondamagemultipier)
registersymbol(originalcode12_weapondamagemultipier)
label(exit12)
newmem12: //this is allocated memory, you have read,write,execute access
//place your code here
mov r12,bDamageMultiplierEnable
cmp byte ptr [r12],1
jne donormalweapondamage12
mov rsi,1
mov r12,bTeamWeaponDamageMultiply
cmp byte ptr [r12],1
jne @f
cmp dword ptr [rbx+254],0000ff00
je doweapondamagemultiply12
@@:
xor rsi,rsi
mov r12,dWeaponDamageMultiplier
cmp dword ptr [rbx+c4],'Noct' //0x74636f4e
jne @f
cmp word ptr [rbx+c8],'is' //0x7369
je doweapondamagemultiply12
@@:
inc rsi
cmp dword ptr [rbx+c4],'Glad' //0x64616c47
jne @f
cmp dword ptr [rbx+c8],'iolu' //0x756c6f69
jne @f
cmp byte ptr [rbx+cc],'s' //0x73
je doweapondamagemultiply12
@@:
inc rsi
cmp dword ptr [rbx+c4],'Prom' //0x6d6f7250
jne @f
cmp word ptr [rbx+c8],'pt' //0x7470
jne @f
cmp byte ptr [rbx+ca],'o' //0x6f
je doweapondamagemultiply12
@@:
inc rsi
cmp dword ptr [rbx+c4],'Igni' //0x696e6749
jne @f
cmp byte ptr [rbx+c8],'s' //0x73
je doweapondamagemultiply12
@@:
inc rsi
cmp dword ptr [rbx+c4],706c6f53
jne @f
cmp word ptr [rbx+c8],6968
jne @f
cmp word ptr [rbx+ca],65
je doweapondamagemultiply12
@@:
inc rsi
cmp dword ptr [rbx+c4],00726f43 //'Cor'+0x00
je doweapondamagemultiply12
@@:
inc rsi
cmp dword ptr [rbx+c4],73697249 //'Iris'
je doweapondamagemultiply12
@@:
jmp donormalweapondamage12
doweapondamagemultiply12:
cmp dword ptr [r12+rsi*4],(float)1
je @f
//push [rax+1c]
//fild dword ptr [rsp]
//fmul dword ptr [r12+rsi*4]
//fistp dword ptr [rsp]
fld dword ptr [r12+rsi*4]
mov r12,dDamageMultiplierC
fstp dword ptr [r12]
//pop rsi
jmp end12
donormalweapondamage12:
fld1
mov r12,dDamageMultiplierC
fstp dword ptr [r12]
end12:
originalcode12_weapondamagemultipier:
readmem(weaponAttkRead1AOB,14)
//mov esi,[rax+1C]
//mov r12d,[rax+20]
//mov ebp,[rax+14]
//mov [rsp+68],ecx
exit12:
jmp weaponAttkRead1AOB+e
///
bDamageMultiplierEnable:
dd 0
dDamageMultiplierC:
dd (float)1
bTeamWeaponDamageMultiply:
dd 0
dTeamWeaponDamageMultiplier:
dd (float)2
dWeaponDamageMultiplier:
dd (float)10 //Noctis
dd (float)1 //Gladiolus
dd (float)1 //Prompto
dd (float)1 //Ignis
dd (float)10 //
dd (float)1 //Cor
dd (float)1 //Iris
///
weaponAttkRead1AOB: //"ffxv_s.exe"+6043095:
jmp newmem12
///***********************************************///
aobscanmodule(damageOutputAdjustAfterCapChhAOB,ffxv_s.exe,8B ** ** 0F B6 C0 85 DB B9 ** ** ** ** 0F)
registersymbol(damageOutputAdjustAfterCapChhAOB)
label(bCustomDamageCap)
registersymbol(bCustomDamageCap)
label(dCustomDamageCap)
registersymbol(dCustomDamageCap)
label(bDamageMultiplierEnable)
registersymbol(bDamageMultiplierEnable)
label(dDamageMultiplierC)
registersymbol(dDamageMultiplierC)
label(bTeamWeaponDamageMultiply)
registersymbol(bTeamWeaponDamageMultiply)
label(dTeamWeaponDamageMultiplier)
registersymbol(dTeamWeaponDamageMultiplier)
label(dWeaponDamageMultiplier)
registersymbol(dWeaponDamageMultiplier)
alloc(newmem14,2048,damageOutputAdjustAfterCapChhAOB) //"ffxv_s.exe"+AF397)
label(dodamagemultiply14)
registersymbol(dodamagemultiply14)
label(originalcode14_damagecapraised)
registersymbol(originalcode14_damagecapraised)
label(exit14)
newmem14: //this is allocated memory, you have read,write,execute access
//place your code here
test edi,edi
js originalcode14_damagecapraised
mov rax,bDamageMultiplierEnable
cmp byte ptr [rax],1
jne bcustomdamagecapchk14
mov rcx,[rbp-58]
//
push rsi
//push rax
push rcx
push rdx
push r8
push r9
mov rbx,r8
//
mov rdx,8
////rcx
call isbadreadptr
////test eax,eax
//
mov r8,rbx
mov [rsp+8],r8
pop r9
pop r8
pop rdx
pop rcx
//pop rax
pop rsi
//
test eax,eax
jnz bcustomdamagecapchk14
mov rbx,1
mov rax,bTeamWeaponDamageMultiply
cmp byte ptr [rax],1
jne @f
cmp dword ptr [rcx+264],0000ff00
je dodamagemultiply14
@@:
xor rbx,rbx
mov rax,dWeaponDamageMultiplier
cmp dword ptr [rcx+d4],'Noct' //0x74636f4e
jne @f
cmp word ptr [rcx+d8],'is' //0x7369
je dodamagemultiply14
@@:
cmp dword ptr [rcx+d4],E5BEABE8
jne @f
cmp dword ptr [rcx+d8],8FE68B85
jne @f
cmp dword ptr [rcx+dc],AF96E690
je dodamagemultiply14
@@:
inc rbx
cmp dword ptr [rcx+d4],'Glad' //0x64616c47
jne @f
cmp dword ptr [rcx+d8],'iolu' //0x756c6f69
jne @f
cmp byte ptr [rcx+dc],'s' //0x73
je dodamagemultiply14
@@:
cmp dword ptr [rcx+d4],E6BCA0E6
jne @f
cmp dword ptr [rcx+d8],BFE8898B
jne @f
cmp dword ptr [rcx+dc],90ADE6AA
jne @f
cmp dword ptr [rcx+e0],E68D97E8
jne @f
cmp word ptr [rcx+e4],AF96
je dodamagemultiply14
@@:
inc rbx
cmp dword ptr [rcx+d4],'Prom' //0x6d6f7250
jne @f
cmp word ptr [rcx+d8],'pt' //0x7470
jne @f
cmp byte ptr [rcx+da],'o' //0x6f
je dodamagemultiply14
@@:
cmp dword ptr [rcx+d4],E7AE99E6
jne @f
cmp dword ptr [rcx+d8],81E685BE
jne @f
cmp dword ptr [rcx+dc],AE99E6A9
jne @f
cmp dword ptr [rcx+e0],00B989E7
je dodamagemultiply14
@@:
inc rbx
cmp dword ptr [rcx+d4],'Igni' //0x696e6749
jne @f
cmp byte ptr [rcx+d8],'s' //0x73
je dodamagemultiply14
@@:
cmp dword ptr [rcx+d4],E68ABCE4
jne @f
cmp dword ptr [rcx+d8],B0E5BCA0
jne @f
cmp dword ptr [rcx+dc],AF96E6BC
je dodamagemultiply14
@@:
inc rbx
cmp dword ptr [rcx+d4],706c6f53
jne @f
cmp word ptr [rcx+d8],6968
jne @f
cmp word ptr [rcx+da],65
je dodamagemultiply14
@@:
inc rbx
cmp dword ptr [rcx+d4],00726f43 //'Cor'+0x00
je dodamagemultiply14
@@:
inc rbx
cmp dword ptr [rcx+d4],73697249 //'Iris'
je dodamagemultiply14
@@:
jmp bcustomdamagecapchk14
dodamagemultiply14:
push rdi
fild dword ptr [rsp]
fmul dword ptr [rax+rbx*4]
fistp dword ptr [rsp]
pop rdi
test edi,edi
jns @f
mov edi,7fffffff
bcustomdamagecapchk14:
mov ecx,#9999
mov eax,#99999
test r14d,r14d
cmovnz ecx,eax
mov rax,bCustomDamageCap
cmp byte ptr [rax],1
mov rax,dCustomDamageCap
mov eax,[rax]
cmove ecx,eax
mov ebx,edi
cmp ebx,ecx
jle @f
mov ebx,ecx
originalcode14_damagecapraised:
readmem(damageOutputAdjustAfterCapChhAOB,16)
//mov eax,[rbp-28]
//movzx eax,al
//test ebx,ebx
//mov ecx,00000001
//cmovg eax,ecx
exit14:
jmp damageOutputAdjustAfterCapChhAOB+10
///
bCustomDamageCap:
dd 0
dCustomDamageCap:
dd #1000000000
dd 0
bDamageMultiplierEnable:
dd 0
dDamageMultiplierC:
dd (float)1
bTeamWeaponDamageMultiply:
dd 0
dTeamWeaponDamageMultiplier:
dd (float)2
dWeaponDamageMultiplier:
dd (float)10 //Noctis
dd (float)1 //Gladiolus
dd (float)1 //Prompto
dd (float)1 //Ignis
dd (float)10 //
dd (float)1 //Cor
dd (float)1 //Iris
///
damageOutputAdjustAfterCapChhAOB: //"ffxv_s.exe"+AF397:
jmp newmem14
///***********************************************///
aobscanmodule(techWritesAOB,ffxv_s.exe,72 0C F3 0F 10 ** C4 57 00 00 F3 0F 5D C1 F3 0F 11 ** ** ** ** ** C3)
registersymbol(techWritesAOB)
label(pSomeGameInfoA)
registersymbol(pSomeGameInfoA)
label(bMaxTech)
registersymbol(bMaxTech)
alloc(newmem17,2048,techWritesAOB) //"ffxv_s.exe"+74B76B6)
label(originalcode17_enable)
registersymbol(originalcode17_enable)
label(exit17)
newmem17: //this is allocated memory, you have read,write,execute access
//place your code here
push rax
jb @f
mov rax,pSomeGameInfoA
mov [rax],rcx
readmem(techWritesAOB+2,8)
mov rax,bMaxTech
cmp byte ptr [rax],1
je @f
readmem(techWritesAOB+a,4)
end17:
pop rax
jmp exit17
originalcode17_enable:
readmem(techWritesAOB,14)
//jb ffxv_s.exe+74B76C4
//movss xmm0,[rcx+000057C4]
//minss xmm0,xmm1
exit17:
jmp techWritesAOB+e
///
pSomeGameInfoA:
dq 0
bMaxTech:
dd 0
///
techWritesAOB: //"ffxv_s.exe"+74B76B6:
jmp newmem17
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
healthReadOnChangeAOB: //"ffxv_s.exe"+1F8AB7:
readmem(originalcode_undead,14)
//db 8B 83 88 01 00 00 2B 02 8B 8B 8C 01 00 00
//Alt: mov eax,[rbx+00000188]
//Alt: sub eax,[rdx]
//Alt: mov ecx,[rbx+0000018C]
unregistersymbol(dMinHealth)
unregistersymbol(pEntityJustBeenHit)
unregistersymbol(bUndeadTeam)
unregistersymbol(bUndead)
unregistersymbol(bAdvanceEvadeKey)
unregistersymbol(originalcode_undead)
///***********************************************///
dealloc(newmem2)
maxHealthReadOnChangeAOB: //"ffxv_s.exe"+1F9D17:
readmem(originalcode2_undead,14)
//db 8B 83 8C 01 00 00 2B 02 8B 8B 90 01 00 00
//Alt: mov eax,[rbx+0000018C]
//Alt: sub eax,[rdx]
//Alt: mov ecx,[rbx+00000190]
unregistersymbol(originalcode2_undead)
///***********************************************///
dealloc(newmem6)
partyCurMaxHealthReadAOB: //"ffxv_s.exe"+5B6712C:
readmem(originalcode6_enable,16)
//db FF 90 A8 0A 00 00 8B 80 8C 01 00 00 48 83 C4 20
//Alt: call qword ptr [rax+00000AA8]
//Alt: mov eax,[rax+0000018C]
//Alt: add rsp,20
unregistersymbol(originalcode6_enable)
unregistersymbol(pNoctisAutoEvadeFlag)
unregistersymbol(pNoctisAutoEvadeTimer)
unregistersymbol(pParty)
///***********************************************///
dealloc(newmem11)
weaponStructureBaseReadInCGearsMenusAOB: //"ffxv_s.exe"+7C42F2:
readmem(originalcode11_enable,18)
//db 44 8B 03 BA 13 AA 01 01 48 8D 4C 24 28 E8 4C 10 AA FF
//Alt: mov r8d,[rbx]
//Alt: mov edx,0101AA13
//Alt: lea rcx,[rsp+28]
//Alt: call ffxv_s.exe+265350
unregistersymbol(originalcode11_enable)
unregistersymbol(pCWeaponStats)
///***********************************************///
/*
dealloc(newmem12)
weaponAttkRead1AOB: //"ffxv_s.exe"+6043095:
readmem(originalcode12_weapondamagemultipier,14)
//db 8B 70 1C 44 8B 60 20 8B 68 14 89 4C 24 68
//Alt: mov esi,[rax+1C]
//Alt: mov r12d,[rax+20]
//Alt: mov ebp,[rax+14]
//Alt: mov [rsp+68],ecx
unregistersymbol(originalcode12_weapondamagemultipier)
unregistersymbol(bDamageMultiplierEnable)
unregistersymbol(dDamageMultiplierC)
unregistersymbol(bTeamWeaponDamageMultiply)
unregistersymbol(dTeamWeaponDamageMultiplier)
unregistersymbol(dWeaponDamageMultiplier)
///***********************************************///
dealloc(newmem14)
damageOutputAdjustAfterCapChhAOB: //"ffxv_s.exe"+AF397:
readmem(originalcode14_damagecapraised,16)
//db 8B 45 D8 0F B6 C0 85 DB B9 01 00 00 00 0F 4F C1
//Alt: mov eax,[rbp-28]
//Alt: movzx eax,al
//Alt: test ebx,ebx
//Alt: mov ecx,00000001
//Alt: cmovg eax,ecx
unregistersymbol(dodamagemultiply14)
unregistersymbol(originalcode14_damagecapraised)
unregistersymbol(bCustomDamageCap)
unregistersymbol(dCustomDamageCap)
unregistersymbol(bDamageMultiplierEnable)
unregistersymbol(dDamageMultiplierC)
unregistersymbol(bTeamWeaponDamageMultiply)
unregistersymbol(dTeamWeaponDamageMultiplier)
unregistersymbol(dWeaponDamageMultiplier)
///***********************************************///
dealloc(newmem17)
techWritesAOB: //"ffxv_s.exe"+74B76B6:
readmem(originalcode17_enable,14)
//db 72 0C F3 0F 10 81 C4 57 00 00 F3 0F 5D C1
//Alt: jb ffxv_s.exe+74B76C4
//Alt: movss xmm0,[rcx+000057C4]
//Alt: minss xmm0,xmm1
unregistersymbol(originalcode17_enable)
unregistersymbol(bMaxTech)
|
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Mon Dec 06, 2021 12:53 pm Post subject: |
|
|
In this game you can not use the 3th alloc parameter
You'll have to use 14 byte jmp's. (jmp far label) and adjust the script to take into account that 14 bytes are replaced (so originalcode has to change as well)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
daixka How do I cheat? Reputation: 0
Joined: 06 Dec 2021 Posts: 4
|
Posted: Mon Dec 06, 2021 1:05 pm Post subject: |
|
|
Dark Byte wrote: | In this game you can not use the 3th alloc parameter
You'll have to use 14 byte jmp's. (jmp far label) and adjust the script to take into account that 14 bytes are replaced (so originalcode has to change as well) |
Thanks for the quick response, I appreciate it! Could you tell me step by step how to adjust this?
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Mon Dec 06, 2021 1:18 pm Post subject: |
|
|
it looks like the script already takes that into account so replace all
alloc(xxx,yyy,zzz) with alloc(xxx,yyy)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
daixka How do I cheat? Reputation: 0
Joined: 06 Dec 2021 Posts: 4
|
Posted: Mon Dec 06, 2021 3:19 pm Post subject: |
|
|
Dark Byte wrote: | it looks like the script already takes that into account so replace all
alloc(xxx,yyy,zzz) with alloc(xxx,yyy) |
Thank you! Just to clarify so I'm understanding correctly, if this is the original code:
Code: | alloc(newmem,2048,healthReadOnChangeAOB) //"ffxv_s.exe"+1F8AB7)
label(originalcode_undead)
registersymbol(originalcode_undead)
label(exit) |
I would change it to:
Code: | alloc(newmem,2048) //"ffxv_s.exe"+1F8AB7)
label(originalcode_undead)
registersymbol(originalcode_undead)
label(exit) |
I.E. deleting the third item in parentheses after alloc ? And then do that for each instance in the code where there is alloc(xxx,yyy,zzz)? Would I have to do that for the dealloc items too?
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Mon Dec 06, 2021 5:17 pm Post subject: |
|
|
correct.
and no, not for dealloc
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
daixka How do I cheat? Reputation: 0
Joined: 06 Dec 2021 Posts: 4
|
Posted: Tue Dec 07, 2021 10:40 am Post subject: |
|
|
Great, that seems to have worked. Thank you so much!
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|