Team XPG Watch Dogs +25 V1.1 Reversed by Trainereverser_

1. ]Xbox 360 Trainer reversed by Trainereverser_
2. << Knowledge should be open_ >>
3. << The Xbox 360 Trainer vigilante strikes again_ >>
4.  
5. Today's Victim: << Trainer Watch Dogs +25 TeamXPG V1.1 by XPGSensei420_ >>
6. Download: << http://www.xpgamesaves.com/files/file/5100-trainer-watch-dogs-25-teamxpg-v11/_ >>
7.  
8. Fellow citizens, and xbox 360 hackers and modders_
9.  
10. If you aren't familiar with the way this works, whenever some bigoted trainer is released without source code, I spend my time reversing their piece of shit system and release offsets and code in order to do this yourselves and perhaps make another tool_
11.  
12. The required knowledge for this is how to patch bytes in memory and at times write a Xbox 360 .dll with Visual Studio_
13.  
14. The following format is: Description :: Offset in Memory :: Bytes for Hack (patched) :: Regular Bytes (unpatched)_
15.  
16. << XPGSensei420's Watch Dogs ALL TU +25 Trainer by XPGSensei420 Exposed_ >>
17. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
18. -------------------------------------------------------------------------------
19. DESCRIPTION_ OFFSET_ PATCHED_ UNPATCHED_
20. -------------------------------------------------------------------------------
21. Skill/Money Mod 82E5B550 396B7530 7D7D5850
22. Infinite Ammo 82ADFDD8 394B0000 394BFFFF
23. Infinite Batteries 827E8F2C 7D6B5B78 7C8B2378
24. Infinite Health [ this is a cave-code, source below ]
25. Fast XP 82E53CF4 39081D4C 7D085214
26. Infinite Items 82ABFBB0 60000000 7D7F5850
27. Infinite Focus 82A6405C 60000000 D01F0168
28. ctOS Timer Mod 827B2E10 60000000 EC000828
29. Easy Kills [ removed from trainer ]
30.  
31.  
32. Cash Run Inf Time 8300CB54 60000000 EC1F002A
33. NVZN Inf Lives 8308BFCC 396B0000 396BFFFF
34. NVZN Score Mod 830D458C 396A7530 7D6A5A14
35. NVZN Inf Ammo 82ADFDD8 394B0000 394BFFFF [same as Infinite Ammo. +25? Bullshit.]
36. Psych-Score Mod 82DA9AC8 396A7530 7D6A5A14
37. Psych-Combo Mod 82D82A7C 394A0063 394A0001
38. Alone Inf Ammo 82ADFDD8 394B0000 394BFFFF [same as Infinite Ammo..]
39. Alone Inf Items 82ABFBB0 60000000 7D7F5850 [same as Infinite Items..]
40. Alone Max Skill 82E5B550 396B0063 7D7D5850
41. Alone Score Mod 82D71AE4 396B7530 7D6B2214
42. SpidTank Ammo 82ADFDD8 394B0000 394BFFFF [same as Infinite Ammo..]
43. SpidTank FastXP 82E6CFA4 396B7530 7D6B2214
44. SpidTank Score 396B1388 7D6B2214 [The offset is broken in their trainer.] SpidTank MaxSkill 82E5B550 396B0063 7D7D5850
45.  
46.  
47.  
48. Madness Inf Time 82DAA1B8 60000000 917D02A4
49. Madness ScoreMod 82D8397C 394A4E20 7D495214
50. Madness FastXP 82D8397C 394A4E20 7D495214 [someone fucked up via copy and paste]
51. Madness ComboMod 82D83948 904B0000 914B0000
52. Madness MaxSkills 82E5B550 396B0063 7D7D5850 [same as Max Skills]
53.  
54. Madness SoulMod 82D638F4 D1AB025C FC0D582E
55. 82D638D8 D003006C D1A3006C
56.  
57.  
58.  
59.  
60. CODE CAVES_
61. -------------------------------------------------------------
62. // Infinite Health reversed by Trainereverser_
63.  
64. #define INFINITE_HEALTH_HOOK 0x82D638D8
65.  
66. // PatchInJump by FSD
67. VOID PatchInJump(DWORD* Address, DWORD Destination, BOOL Linked)
68. {
69. if(Destination & 0x8000)
70. Address[0] = 0x3D600000 + (((Destination >> 16) & 0xFFFF) + 1);
71. else
72. Address[0] = 0x3D600000 + ((Destination >> 16) & 0xFFFF);
73.  
74. Address[1] = 0x396B0000 + (Destination & 0xFFFF);
75. Address[2] = 0x7D6903A6;
76.  
77. if(Linked)
78. Address[3] = 0x4E800421;
79. else
80. Address[3] = 0x4E800420;
81. }
82.  
83. VOID InfiniteHealthASM
84. {
85. __asm
86. {
87. std r6,18h(r3) // Store the player's health
88. cmplwi cr6, r10, 0
89. fsel f2, f12, f13, f0
90. stfs f2, -0x10(r1)
91. lwz r11, 0xC(r3)
92. stw r11, -0xC(r1)
93.  
94. lis r11, 0x9193 // Load the 'isInfHealth' boolean
95. lbz r11, -0x5E3C(r11)
96.  
97. cmpwi cr6, r11, 1 // Compare InfiniteHealth to 1
98. bne cr6, 9190C330 // If it's not, we go to InstaKill
99.  
100. lwz r11, -0xC(r1)
101. lis r10, 0x117
102. ori r10, r10, 0xCED9
103. cmplw cr6, r11, r10 // Compare the Disrupt's Event ID with 0x117CED9 (Send Damage to Player)
104. bne cr6, 9190C330 // If it's not we go to Instakill
105.  
106. lis r11, 0x9190 // If we are:
107. lfs f0, 0x5A0(r11) // Load the float of 100.0f into f0
108. stfs f0, -0x10(r1) // Set the float to 100.0f
109.  
110. blr // Break off back into the previous function in the stack [unconditionally]
111. }
112. }
113.  
114. // Easy Kills is the same as above except if 0x117CED9 doesn't match (Send Damage to NOT player), set the health to 0.0f so it's an instant kill.
115.  
116.  
117. VOID InfiniteHealth()
118. {
119. PatchInJump((DWORD *)INFINITE_HEALTH_HOOK, (DWORD)InfiniteHealthASM, false);
120. }
121.  
122.  
123.  
124.  
125. Pwned by
126.  
127. ....#.#######.########....###...###.##....#.#######.########.#######.##.....#.#######.########..######.#######.########.##...
128. ...##....##...##.....#...##.##...##.###...#.##......##.....#.##......##.....#.##......##.....#.##....#.##......##.....#..##..
129. ..##.....##...##.....#..##...##..##.####..#.##......##.....#.##......##.....#.##......##.....#.##......##......##.....#...##.
130. .##......##...########.##.....#..##.##.##.#.######..########.######..##.....#.######..########..######.######..########....##
131. ..##.....##...##...##..########..##.##..###.##......##...##..##.......##...##.##......##...##........#.##......##...##....##.
132. ...##....##...##....##.##.....#..##.##...##.##......##....##.##........##.##..##......##....##.##....#.##......##....##..##..
133. ....#....##...##.....#.##.....#.###.##....#.#######.##.....#.#######....###...#######.##.....#..######.#######.##.....#.##...