Noclip

1. <?xml version="1.0" encoding="utf-8"?>
2. <CheatTable>
3. <CheatEntries>
4. <CheatEntry>
5. <ID>72307</ID>
6. <Description>"Noclip"</Description>
7. <Options moHideChildren="1"/>
8. <LastState/>
9. <VariableType>Auto Assembler Script</VariableType>
10. <AssemblerScript>[ENABLE]
11. //code from here to '[DISABLE]' will be used to enable the cheat
12. aobscanmodule(playerCoordBaseWriteAOB,DarkSoulsIII.exe,48 8B 48 18 8D 46 9C)
13. registersymbol(playerCoordBaseWriteAOB)
14.  
15. label(pPlayerCoordBase)
16. registersymbol(pPlayerCoordBase)
17.  
18. alloc(newmem,2048,playerCoordBaseWriteAOB) //"DarkSoulsIII.exe"+40887F)
19. label(returnhere)
20. label(originalcode)
21. label(exit)
22.  
23. newmem: //this is allocated memory, you have read,write,execute access
24. //place your code here
25. mov rcx,[rax+18]
26. mov [pPlayerCoordBase],rcx
27.  
28. originalcode:
29. mov rcx,[rax+18]
30. lea eax,[rsi-64]
31.  
32. exit:
33. jmp returnhere
34.  
35. ///
36. pPlayerCoordBase:
37. ///
38.  
39. playerCoordBaseWriteAOB: //"DarkSoulsIII.exe"+40887F:
40. jmp newmem
41. nop
42. nop
43. returnhere:
44.  
45. ///*************************************************///
46.  
47. aobscanmodule(inAirTimerReadAOB,DarkSoulsIII.exe,F3 0F 11 81 B0 01 00 00 48)
48. registersymbol(inAirTimerReadAOB)
49.  
50. alloc(newmem3,2048,inAirTimerReadAOB) //"DarkSoulsIII.exe"+9B6A2A)
51. label(returnhere3)
52. label(originalcode3)
53. label(exit3)
54.  
55. newmem3: //this is allocated memory, you have read,write,execute access
56. //place your code here
57. push rax
58. mov rax,[pPlayerCoordBase]
59. test rax,rax
60. jz originalcode3
61. mov rax,[rax+28]
62. cmp rax,rcx
63. jne originalcode3
64. xorps xmm0,xmm0
65.  
66. originalcode3:
67. pop rax
68. movss [rcx+000001B0],xmm0
69.  
70. exit3:
71. jmp returnhere3
72.  
73. ///
74.  
75. inAirTimerReadAOB: //"DarkSoulsIII.exe"+9B6A2A:
76. jmp newmem3
77. nop
78. nop
79. nop
80. returnhere3:
81.  
82. ///*************************************************///
83.  
84. aobscanmodule(camHRotateConstWrite2AOB,DarkSoulsIII.exe,66 0F 7F AE 40 01 00 00 E9 ** ** ** ** F3)
85. registersymbol(camHRotateConstWrite2AOB)
86.  
87. label(pCamInfo)
88. registersymbol(pCamInfo)
89.  
90. alloc(newmem4,2048,camHRotateConstWrite2AOB) //"DarkSoulsIII.exe"+510F9C)
91. label(returnhere4)
92. label(originalcode4)
93. label(exit4)
94.  
95. newmem4: //this is allocated memory, you have read,write,execute access
96. //place your code here
97. mov [pCamInfo],rsi
98.  
99. originalcode4:
100. movdqa [rsi+00000140],xmm5
101.  
102. exit4:
103. jmp returnhere4
104.  
105. ///
106. pCamInfo:
107. ///
108.  
109. camHRotateConstWrite2AOB: //"DarkSoulsIII.exe"+510F9C:
110. jmp newmem4
111. nop
112. nop
113. nop
114. returnhere4:
115.  
116. ///*************************************************///
117.  
118. aobscanmodule(someKeysConstReadAOB,DarkSoulsIII.exe,F3 41 0F 11 0C 80 F3 ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** 40)
119. registersymbol(someKeysConstReadAOB)
120.  
121. label(pMovementInfo)
122. registersymbol(pMovementInfo)
123. label(iXOffset)
124. registersymbol(iXOffset)
125.  
126. alloc(newmem5,2048,someKeysConstReadAOB) //"DarkSoulsIII.exe"+1785CFD)
127. label(returnhere5)
128. label(originalcode5)
129. label(exit5)
130.  
131. newmem5: //this is allocated memory, you have read,write,execute access
132. //place your code here
133. mov [pMovementInfo],r8
134. test rdi,rdi
135. jnz originalcode5
136. cmp dword ptr [rsp+54],0
137. jne originalcode5
138. mov [iXOffset],rax
139.  
140. originalcode5:
141. movss [r8+rax*4],xmm1
142.  
143. exit5:
144. jmp returnhere5
145.  
146. ///
147. pMovementInfo:
148. dq 0
149. iXOffset:
150. dq 0
151. ///
152.  
153. someKeysConstReadAOB: //"DarkSoulsIII.exe"+1785CFD:
154. jmp newmem5
155. nop
156. returnhere5:
157.  
158. ///*************************************************///
159.  
160. aobscanmodule(coordsUpdateAOB,DarkSoulsIII.exe,66 0F 7F B3 80 00 00 00 0F 57 C0)
161. registersymbol(coordsUpdateAOB)
162.  
163. label(bFlyMode)
164. registersymbol(bFlyMode)
165. label(fZDirection)
166. registersymbol(fZDirection)
167.  
168. alloc(newmem6,2048,coordsUpdateAOB) //"DarkSoulsIII.exe"+9B7570)
169. label(returnhere6)
170. label(originalcode6)
171. label(exit6)
172.  
173. newmem6: //this is allocated memory, you have read,write,execute access
174. //place your code here
175. cmp byte ptr [bFlyMode],1
176. je @f
177. jmp originalcode6
178.  
179. @@:
180. mov rcx,[pPlayerCoordBase]
181. test rcx,rcx
182. jz originalcode6
183. mov rcx,[rcx+28]
184. cmp rcx,rbx
185. jne originalcode6
186.  
187. //is player
188. //freeze player
189. movdqa xmm6,[rbx+80]
190.  
191. //ready registers
192. push rax
193. push rdx
194.  
195. //do y
196. mov rcx,[pMovementInfo]
197. test rcx,rcx
198. jz @f
199. mov rdx,[iXOffset]
200. test rdx,rdx
201. jz @f
202.  
203. //get y movement
204. dec rdx
205. movss xmm15,[rcx+rdx*4]
206. shufps xmm15,xmm15,00 //broadcast
207.  
208. //apply speed
209. mov eax,(float)0.25
210. movd xmm14,eax
211. shufps xmm14,xmm14,00
212. mulps xmm15,xmm14
213.  
214. //apply vector
215. mov rax,[pCamInfo]
216. test rax,rax
217. jz @f
218. mulps xmm15,[rax+3a0]
219.  
220. //update new coord
221. addps xmm6,xmm15
222.  
223. //do x
224. //get x movement
225. inc rdx
226. movss xmm15,[rcx+rdx*4]
227. shufps xmm15,xmm15,00 //broadcast
228.  
229. //apply speed
230. mov eax,(float)0.18
231. movd xmm14,eax
232. shufps xmm14,xmm14,00
233. mulps xmm15,xmm14
234.  
235. //apply vector
236. mov rax,[pCamInfo]
237. test rax,rax
238. jz @f
239. mulps xmm15,[rax+380]
240.  
241. //update new coord
242. addps xmm6,xmm15
243.  
244. @@:
245. //do z
246. //get z direction
247. movss xmm15,[fZDirection]
248. shufps xmm15,xmm15,E1 //place z direction to 2nd element
249.  
250. //apply speed
251. mov eax,(float)0.14
252. movd xmm14,eax
253. shufps xmm14,xmm14,00
254. mulps xmm15,xmm14
255.  
256. //update new coord
257. addps xmm6,xmm15
258. movaps [rbx+170],xmm6
259.  
260. @@:
261. //end
262. //reset registers, xmms
263. pop rdx
264. pop rax
265. xorps xmm14,xmm14
266. xorps xmm15,xmm15
267.  
268. originalcode6:
269. movdqa [rbx+00000080],xmm6
270.  
271. exit6:
272. jmp returnhere6
273.  
274. ///
275. bFlyMode:
276. dq 0
277. fZDirection:
278. dq 0
279. ///
280.  
281. coordsUpdateAOB: //"DarkSoulsIII.exe"+9B7570:
282. jmp newmem6
283. nop
284. nop
285. nop
286. returnhere6:
287.  
288. ///*************************************************///
289.  
290. label(bEndThread_DarkSoulsIII_keylistener_mem)
291. registersymbol(bEndThread_DarkSoulsIII_keylistener_mem)
292.  
293. alloc(DarkSoulsIII_keylistener_mem,2048,"DarkSoulsIII.exe")
294. registersymbol(DarkSoulsIII_keylistener_mem)
295. createthread(DarkSoulsIII_keylistener_mem)
296. label(keylistenerstart)
297. label(keylistenerend)
298. label(keylistenerexit)
299. label(fTempZDirection)
300.  
301. DarkSoulsIII_keylistener_mem:
302. sub rsp,28
303.  
304. keylistenerstart:
305.  
306. cmp byte ptr [bFlyMode],1
307. je @f
308. jmp keylistenerend
309.  
310. @@:
311. mov dword ptr [fTempZDirection],0
312.  
313. mov rcx,20 //SPACEBAR
314. push rcx
315. call GetAsyncKeyState
316. add rsp,08
317. shr ax,#15
318. cmp ax,1
319. jne @f
320. mov dword ptr [fTempZDirection],(float)1
321. jmp keylistenerend
322.  
323. @@:
324.  
325. mov rcx,02 //Right mouse button
326. push rcx
327. call GetAsyncKeyState
328. add rsp,08
329. shr ax,#15
330. cmp ax,1
331. jne @f
332. mov dword ptr [fTempZDirection],(float)-1
333. jmp keylistenerend
334.  
335. keylistenerend:
336. mov ecx,[fTempZDirection]
337. mov [fZDirection],ecx
338. mov rcx,#100
339. call Sleep
340. cmp dword ptr [bEndThread_DarkSoulsIII_keylistener_mem],1
341. jne keylistenerstart
342.  
343. keylistenerexit:
344. add rsp,28
345. mov dword ptr [bEndThread_DarkSoulsIII_keylistener_mem],2
346. ret
347.  
348. ///
349. bEndThread_DarkSoulsIII_keylistener_mem:
350. dd 0
351. fTempZDirection:
352. dd 0
353. ///
354.  
355.  
356.  
357.  
358.  
359. [DISABLE]
360. //code from here till the end of the code will be used to disable the cheat
361. //obtained from SubBeam's ACS script - start//
362. {$lua}
363.  
364. if( syntaxcheck == false ) then --actual execution
365. local starttime = getTickCount()
366.  
367. if readInteger( "bEndThread_DarkSoulsIII_keylistener_mem" ) == 0 then --could be 2 already
368. writeInteger( "bEndThread_DarkSoulsIII_keylistener_mem", 1 ) --tell the thread to kill itself
369. end
370.  
371. while( getTickCount() &lt; starttime + 1000 ) and ( readInteger( "bEndThread_DarkSoulsIII_keylistener_mem" ) ~=2 ) do --wait till it has finished
372. sleep( 20 )
373. end
374.  
375. if( getTickCount() &gt; starttime + 1000 ) then --could happen when the window is shown
376. showMessage( 'Disabling the thread failed!' )
377. error( 'Thread disabling failed!' )
378. end
379. sleep( 1 )
380. end
381.  
382. {$asm}
383. //obtained from SubBeam's ACS script - end//
384.  
385. //bEndThread_DarkSoulsIII_keylistener_mem:
386. //dd 1
387.  
388. dealloc(newmem)
389. playerCoordBaseWriteAOB: //"DarkSoulsIII.exe"+40887F:
390. db 48 8B 48 18 8D 46 9C
391. //Alt: mov rcx,[rax+18]
392. //Alt: lea eax,[rsi-64]
393. unregistersymbol(playerCoordBaseWriteAOB)
394.  
395. unregistersymbol(pPlayerCoordBase)
396.  
397. ///*************************************************///
398.  
399. dealloc(newmem3)
400. inAirTimerReadAOB: //"DarkSoulsIII.exe"+9B6A2A:
401. db F3 0F 11 81 B0 01 00 00
402. //Alt: movss [rcx+000001B0],xmm0
403. unregistersymbol(inAirTimerReadAOB)
404.  
405. ///*************************************************///
406.  
407. dealloc(newmem4)
408. camHRotateConstWrite2AOB: //"DarkSoulsIII.exe"+510F9C:
409. db 66 0F 7F AE 40 01 00 00
410. //Alt: movdqa [rsi+00000140],xmm5
411. unregistersymbol(camHRotateConstWrite2AOB)
412.  
413. unregistersymbol(pCamInfo)
414.  
415. ///*************************************************///
416.  
417. dealloc(newmem5)
418. someKeysConstReadAOB: //"DarkSoulsIII.exe"+1785CFD:
419. db F3 41 0F 11 0C 80
420. //Alt: movss [r8+rax*4],xmm1
421. unregistersymbol(someKeysConstReadAOB)
422.  
423. unregistersymbol(pMovementInfo)
424. unregistersymbol(iXOffset)
425.  
426. ///*************************************************///
427.  
428. dealloc(newmem6)
429. coordsUpdateAOB: //"DarkSoulsIII.exe"+9B7570:
430. db 66 0F 7F B3 80 00 00 00
431. //Alt: movdqa [rbx+00000080],xmm6
432. unregistersymbol(coordsUpdateAOB)
433.  
434. unregistersymbol(bFlyMode)
435. unregistersymbol(fZDirection)
436.  
437. ///*************************************************///
438.  
439. unregistersymbol(bEndThread_DarkSoulsIII_keylistener_mem)
440.  
441. dealloc(DarkSoulsIII_keylistener_mem)
442. unregistersymbol(DarkSoulsIII_keylistener_mem)
443. </AssemblerScript>
444. <CheatEntries>
445. <CheatEntry>
446. <ID>72308</ID>
447. <Description>"status - ctrl+n: no-clip; shift+n: disable"</Description>
448. <DropDownList ReadOnly="1" DescriptionOnly="1" DisplayValueAsItem="1">0:disable
449. 1:no-clip
450. </DropDownList>
451. <VariableType>Byte</VariableType>
452. <Address>bFlyMode</Address>
453. <Hotkeys>
454. <Hotkey>
455. <Action>Set Value</Action>
456. <Keys>
457. <Key>17</Key>
458. <Key>78</Key>
459. </Keys>
460. <Value>1</Value>
461. <ID>0</ID>
462. </Hotkey>
463. <Hotkey>
464. <Action>Set Value</Action>
465. <Keys>
466. <Key>16</Key>
467. <Key>78</Key>
468. </Keys>
469. <Value>0</Value>
470. <ID>1</ID>
471. </Hotkey>
472. </Hotkeys>
473. </CheatEntry>
474. </CheatEntries>
475. </CheatEntry>
476. </CheatEntries>
477. </CheatTable>