Resident Evil 5, for DX9 version

Hacking Any Other Offline Single-Player Game

Moderators: g3nuin3, SpeedWing, WhiteHat, mezzo

Resident Evil 5, for DX9 version

Postby WhiteHat » Wed Oct 07, 2009 5:15 pm

Complex Addresses for HEALTH

Following are complex addresses for Chris and Sheva HP:

Current Health, Chris Redfield :
[["RE5DX9.exe"+0xE76E1C]+0x24]+0x1364

Max Health, Chris Redfield :
[["RE5DX9.exe"+0xE76E1C]+0x24]+0x1366

Current Health, Sheva Alomar :
[["RE5DX9.exe"+0xE76E1C]+0x28]+0x1364

Max Health, Sheva Alomar :
[["RE5DX9.exe"+0xE76E1C]+0x28]+0x1366

Data-Type: SHORT
Values Range: 0x0000 ~ 0x7FFF

- Normally, the values of Max Health = 1000.
- Mercenary Mode uses Chris Redfield’s Health Addresses...
- To make The Heroes invincible (almost invincible, actually), just lock the value of those four addresses to 30K. They will then survive most attacks...



Complex Addresses for In-GAME INVENTORIES

The structures of every items belong to Chris Redfield start here :
[["RE5DX9.exe"+0xE76E1C]+0x24]+0x2188

The structures of every items belong to Sheva Alomar start here :
[["RE5DX9.exe"+0xE76E1C]+0x28]+0x2188

Example for Chris’ Inventory:
[["RE5DX9.exe"+0xE76E1C]+0x24]+0x2188 + 0x00 = Item’s Code
[["RE5DX9.exe"+0xE76E1C]+0x24]+0x2188 + 0x04 = Item’s Current Ammount (=bullets for weaponry)
[["RE5DX9.exe"+0xE76E1C]+0x24]+0x2188 + 0x08 = Item’s Maximum Ammount (=bullets for weaponry)

- their data-types are all SHORT
- Also, notice that the next several bytes hold the values for: Item’s Slot, Item’s Usage Status, Weapon’s Upgrades Spec, etc. Go ahead make some experiments about how those value works in-game...
- Just like HP, use Chris’ Inventory for Mercenary Mode...
- Similar structure also appears at Inventory Management screen (the one before you start mission)...



Complex Addresses for MACHINE GUN’s HEAT LEVEL

At some point in the game, you are allowed to use MGs, but they have heat level...

Machine Gun’s Heat Level :
[[["RE5DX9.exe"+0xE76E1C]+0x24]+0x18]+0x1C68

- Data-Type: FLOAT
- Value Range: 0.0 ~ 1.0

Just lock to any value below 1.0 to make avoid Over-Heating...



Bonus Features UNLOCKER

You have to be in Bonus Features screen in order for following complex addresses to work (RE5 > Play Game > Bonus Features):

[["RE5DX9.exe"+0xF4B5E0]+0x370]+0x198+0x7+(0x48*(index))

How to use:
- Replace ‘index’ with values from 0 to 72 decimal (there are 73 bonus features)
- Change the value that this complex address pointed to to 0x00. This will unlock the corresponding bonus feature (according to the index you input). But you still have to purchase it manually...

In case you haven’t cheat the money, then this complex address:
[["RE5DX9.exe"+0xF4B5E0]+0x370]+0x198+0xC+(0x48*(index))
...holds the corresponding bonus feature’s price. Change to Zero to make it free..

I think that direct editing via MHS Hex Editor would be the best way (aside from LSScript of course) to hack those values...



In case the Complex Addresses are not working for you

The pointer trails are usually the same between different executable version but the static base address, then use MHS Expression Search to obtain ones.

Let’s say you want to get Complex Address for Chris’ Current HP:
1. Try to obtain Chris’ Current HP address manually. Remember that full health = 1000, use this fact to obtain the address.
2. Open Process Properties and Set MHS Search Range to current Module since we’re gonna obtain static address within the current opened Process.
3. Type following inputs in Expression Search:
Code: Select all
Expression                  : [??+0x24]+0x1364==(The address of Chris’ Current HP you got from step no.1)
Treat ?? (Current Value) As : Pointer
Alignment                   : 4

4. This search should return only few ‘green’ addresses. One of them should be your Static Address.
5. Now you have Complex Address for Chris’ Current HP: [[Static Address]+0x24]+0x1364



That’s all for now...
Still leaves much to dig up. Feel free to add or correct something...

:)


Edit: Add “for DX9 version” in thread caption...
Last edited by WhiteHat on Fri Oct 09, 2009 12:35 pm, edited 1 time in total.
.. to boldly go where no eagle has gone before...
User avatar
WhiteHat
Elang Djawa
 
Posts: 1059
Joined: Fri Jul 21, 2006 12:49 pm
Location: Away for a while...

Postby CoMPMStR » Wed Oct 07, 2009 10:11 pm

Money:
[RE5DX9.exe+E76790]+0x1C0 (INT32)


Inventory/Treasure Items:
These are for the inventory and treasure items that can be found in between game levels, where you can organize and buy new things. In order for the changes to take effect on treasure items you must perform an action afterward then exit the item screen for the game to save the changes. It doesn't matter if you move an item from one person to another, or from the inventory to a person, just as long as you don't mess with the item you've edited. For normal inventory items, just move an item from one person to the inventory and the effect will take place. ;)

Inventory Item Type (SHORT): [RE5DX9.exe+E766FC]+0x3BDA+i*0xC+0
Inventory Item Quantity (SHORT): [RE5DX9.exe+E766FC]+0x3BDA+i*0xC+2
Inventory Item Firepower (BYTE): [RE5DX9.exe+E766FC]+0x3BDA+i*0xC+4
Inventory Item ReloadSpeed (BYTE): [RE5DX9.exe+E766FC]+0x3BDA+i*0xC+5
Inventory Item Capacity (BYTE): [RE5DX9.exe+E766FC]+0x3BDA+i*0xC+6
Inventory Item Critical (BYTE): [RE5DX9.exe+E766FC]+0x3BDA+i*0xC+7
Inventory Item Piercing (BYTE): [RE5DX9.exe+E766FC]+0x3BDA+i*0xC+8
Inventory Item AttackRange (BYTE): [RE5DX9.exe+E766FC]+0x3BDA+i*0xC+9
Inventory Item Scope (BYTE): [RE5DX9.exe+E766FC]+0x3BDA+i*0xC+0xA
Inventory Item Semi-Auto (BYTE): [RE5DX9.exe+E766FC]+0x3BDA+i*0xC+0xB

Treasure Item Type (SHORT): [RE5DX9.exe+E766FC]+0x3E60+i*4+0
Treasure Item Quantity (SHORT): [RE5DX9.exe+E766FC]+0x3E60+i*4+2

NOTE: There are only 54 items you can have in the inventory or treasures at one time, luckily there are exactly 54 inventory items and less treasures. So you'd replace i in one of the complex addresses to the index of the item you want to edit. For example, if you wanted to edit the 10th item quantity in the inventory you'd make the complex address [RE5DX9.exe+E766FC]+0x3BDA+9*0xC+2 (remember it's the index, 10-1=9) which would be [RE5DX9.exe+E766FC]+0x3C48.

Item Types:
Code: Select all
    Public Enum InventoryType As Short
        M92F_HG = 258
        VZ61_MG = 259
        Ithaca_M37_SG = 260
        S75_RIF = 261
        Hand_grenade = 262
        Incendiary_grenade = 263
        Flash_grenade = 264
        SIG_556_MG = 265
        Proximity_bomb = 266
        SnW_M29_MAG = 267
        Grenade_launcher = 268
        Rocket_launcher = 269
        Longbow = 271
        HnK_P8_HG = 272
        SIG_P226_HG = 273
        HnK_MP5_MG = 275
        Gatling_gun = 277
        M3_SG = 278
        Jail_breaker_SG = 279
        Hydra_SG = 281
        L__Hawk_MAG = 282
        SnW_M500_MAG = 283
        HnK_PSG_1_RIF = 284
        AK_74_MG = 285
        M93R_HG = 286
        Dragunov_SVD_RIF = 288
        Stun_rod = 290
        G_Launcher_EXP = 293
        G_Launcher_ACD = 294
        G_Launcher_ICE = 295
        Egg_Rotten = 310
        G_Launcher_FLM = 313
        G_Launcher_FLS = 314
        G_Launcher_ELC = 315
        Egg_White = 316
        Egg_Brown = 317
        Egg_Gold = 318
        Handgun_ammo = 513
        Machine_gun_ammo = 514
        Shotgun_shells = 515
        Rifle_ammo = 516
        Explosive_rounds = 518
        Acid_rounds = 519
        Nitrogen_rounds = 520
        Magnum_ammo = 521
        Flame_rounds = 526
        Flash_rounds = 527
        Electric_rounds = 528
        First_aid_spray = 772
        Herb_Green = 773
        Herb_Red = 774
        Herb_GG = 775
        Herb_GR = 777
        Melee_vest = 1537
        Bulletproof_vest = 1542
    End Enum

    Public Enum TreasureType As Short
        Gold_ring = 1047
        Dead_brides_necklace = 1048
        Venom_fang = 1049
        Antique_clock = 1050
        Chalice_Silver = 1051
        Chalice_Gold = 1052
        Idol_Silver = 1053
        Idol_Gold = 1054
        Ceremonial_Mask = 1055
        Ivory_relief = 1056
        Beetle_Brown = 1057
        Jewel_Beetle = 1058
        Royal_necklace = 1059
        Jewel_bangle = 1060
        Beetle_Gold = 1061
        Topaz_Pear = 1104
        Ruby_Pear = 1105
        Sapphire_Pear = 1106
        Emerald_Pear = 1107
        Diamond_Pear = 1108
        Topaz_Square = 1111
        Ruby_Square = 1112
        Sapphire_Square = 1113
        Emerald_Square = 1114
        Diamond_Square = 1115
        Topaz_Oval = 1118
        Ruby_Oval = 1119
        Sapphire_Oval = 1120
        Emerald_Oval = 1121
        Diamond_Oval = 1122
        Topaz_Trilliant = 1125
        Ruby_Trilliant = 1126
        Sapphire_Trilliant = 1127
        Emerald_Trilliant = 1128
        Diamond_Trilliant = 1129
        Power_stone = 1132
        Lion_heart = 1133
        Blue_enigma = 1134
        Soul_gem = 1135
        Heart_of_Africa = 1136
        Topaz_Marquise = 1139
        Ruby_Marquise = 1140
        Sapphire_Marquise = 1141
        Emerald_Marquise = 1142
        Diamond_Marquise = 1143
        Topaz_Brilliant = 1146
        Ruby_Brilliant = 1147
        Sapphire_Brilliant = 1148
        Emerald_Brilliant = 1149
        Diamond_Brilliant = 1150
    End Enum



Also all weapons have a certain max firepower, so increasing it any further will set the damage to less than acceptable. Here's the list of max firepowers for each weapon (all other upgrades can be set to 0xF or 15 which will give the weapon infinite ammo among other things, the upgrades don't have any effect on normal items like herbs):
Code: Select all
"M92F (HG)", "Jail breaker (SG)", "H&K MP5 (MG)" = 5

"H&K P8 (HG)", "H&K PSG-1 (RIF)" = 7

"SIG P226 (HG)", "M3 (SG)", "AK-74 (MG)", "S75 (RIF)", "S&W M500 (MAG)" = 13

"M93R (HG)", "Hydra (SG)" = 11

"Ithaca M37 (SG)", "S&W M29 (MAG)", "L. Hawk (MAG)" = 6

"VZ61 (MG)" = 3

"SIG 556 (MG)", "Dragunov SVD (RIF)" = 9

"G.Launcher (EXP)", "G.Launcher (ACD)", "G.Launcher (ICE)", "G.Launcher (FLM)", "G.Launcher (FLS)", "G.Launcher (ELC)", "Rocket launcher", "Stun rod", "Gatling gun", "Longbow" = 0



InGame Items:
Chris:
Item Type (SHORT): [[RE5DX9.exe+E76E1C]+0x24]+0x2188+i*0x30+0
Item Quantity (SHORT): [[RE5DX9.exe+E76E1C]+0x24]+0x2188+i*0x30+4
Item Slot (BYTE): [[RE5DX9.exe+E76E1C]+0x24]+0x2188+i*0x30+0x14

Sheva:
Item Type (SHORT): [[RE5DX9.exe+E76E1C]+0x28]+0x2188+i*0x30+0
Item Quantity (SHORT): [[RE5DX9.exe+E76E1C]+0x28]+0x2188+i*0x30+4
Item Slot (BYTE): [[RE5DX9.exe+E76E1C]+0x28]+0x2188+i*0x30+0x14

There are a total of 24 available ingame slots for each player, of course not all of them are in use at once (so you'd replace i in the complex address with the index, 0 to 23). The ones that are in use will have an item type greater than 0 and a slot value less than 9 (again with the index which is slot number - 1, so it would be from 0 to 8 ). All ingame items are non-sequential, meaning that, the first and second slot items don't have to be in order directly before the third slot item.

Also with the ingame items, you can change your weapons while playing (but the changes will not take effect until you enter a new room). However, if you do change the item type of a magnum to an automatic, the magnum will become an automatic weapon. This works for all guns but don't try changing a grenade to a gun because it won't work, you can change one grenade to another though. If you'd like to keep your current gun, change it back before entering a new room; where you press V to enter with your partner instead of E.


If you have any questions or corrections about anything, just post them to get a clearification.

PS: You can use my Item/Money Trainer from here or here to help simplfy things. :D
Image

______________________________________________________
My Utilities:
CT <-> LSSAVE Converter
LSS Visual Dialog Designer
.NET Trainer Helper Library

~Whether you think you can or you think you can't, you're right.

L. Spiro wrote:In my left hand is a red pill. If you take it I will show you the truth. I lost my right hand in the war, so I’m afraid you’re stuck with the red pill.
User avatar
CoMPMStR
(P)ot (I)n (M)y (P)ipe
 
Posts: 451
Joined: Thu Mar 06, 2008 7:50 am
Location: Best Place

Postby WhiteHat » Thu Oct 08, 2009 10:21 am

Thanks for those real huge and nice additions... You ROCK !!

Anyway, two more complex addresses:
- Money in Item Management (Unsigned Long): ["RE5DX9.exe"+0xF61154]+0x6080
- Timer in Mercenary Mode (Float): [["RE5DX9.exe"+0xE7634C]+0x614]+0x4C8

I’m not quite sure about the Money, but it works good in my PC so far even after rebooting...


@CoMPMStR
Looks like the only thing i have been missing is AttackRange. Haven’t aware if it exists...

The very first hack i made was change the weapon into S&W Magnum and Gatling Gun, and since then i stick to those two plus Rocket Launcher so have never study how the other weapons work..

:P
.. to boldly go where no eagle has gone before...
User avatar
WhiteHat
Elang Djawa
 
Posts: 1059
Joined: Fri Jul 21, 2006 12:49 pm
Location: Away for a while...

Postby WhiteHat » Fri Oct 09, 2009 12:32 pm

I was lucky to found the routines which decrease character HP in this game. I used CE’s search for assembly code (or something like that) to found ones. I searched for: “sub [*+00001364],*”, based on the offset of my complex address for Current HP...

Moreover, after few experiment, found that RE5 uses separate routines to decrease Heroes’ HP and Enemies’. Thus make it lot easier to make One Hit Kill and God Mode cheat...


GOD MODE code-injection

The routine that Substracts Heroes HP starts at RE5DX9.exe+0x0074B680
Code: Select all
00B4B680 | 56                    | push    esi                      |
00B4B681 | 8BF1                  | mov     esi, ecx                 |
00B4B683 | 66:8B4C24 08          | mov     cx, word ptr [esp+8]     |
00B4B688 | 57                    | push    edi                      |
00B4B689 | 0FBFBE 64130000       | movsx   edi, word ptr [esi+1364] |
00B4B690 | 66:298E 64130000      | sub     word ptr [esi+1364], cx  |
00B4B697 | 0FB786 64130000       | movzx   eax, word ptr [esi+1364] |
00B4B69E | 66:85C0               | test    ax, ax                   |
00B4B6A1 | 7D 09                 | jge     00B4B6AC                 |
00B4B6A3 | 66:C786 64130000 0000 | mov     word ptr [esi+1364], 0   |
00B4B6AC | 0FB786 66130000       | movzx   eax, word ptr [esi+1366] |
00B4B6B3 | 66:3986 64130000      | cmp     word ptr [esi+1364], ax  |
00B4B6BA | 7E 07                 | jle     00B4B6C3                 | ***
00B4B6BC | 66:8986 64130000      | mov     word ptr [esi+1364], ax  |
00B4B6C3 | 0FBFC1                | movsx   eax, cx                  |
00B4B6C6 | 57                    | push    edi                      |
00B4B6C7 | 50                    | push    eax                      |
00B4B6C8 | 8BCE                  | mov     ecx, esi                 |
00B4B6CA | E8 11D8FFFF           | call    00B48EE0                 |
00B4B6CF | 0FBF8E 64130000       | movsx   ecx, word ptr [esi+1364] |
00B4B6D6 | 8BC7                  | mov     eax, edi                 |
00B4B6D8 | 2BC1                  | sub     eax, ecx                 |
00B4B6DA | 85C0                  | test    eax, eax                 |
00B4B6DC | 7E 09                 | jle     00B4B6E7                 |
00B4B6DE | 838E 4C2C0000 01      | or      dword ptr [esi+2C4C], 1  |
00B4B6E5 | 85C0                  | test    eax, eax                 |
00B4B6E7 | 7D 07                 | jge     00B4B6F0                 |
00B4B6E9 | 838E 4C2C0000 02      | or      dword ptr [esi+2C4C], 2  |
00B4B6F0 | 5F                    | pop     edi                      |
00B4B6F1 | 5E                    | pop     esi                      |
00B4B6F2 | C2 0400               | retn    4                        |
(***) indicates the line we are going to modify...

GOD MODE code injection:
Code: Select all
FullAccess( "RE5DX9.exe"+0x74B6BA, 2 )

[ENABLE]
db 0x74 0x07

[DISABLE]
db 0x7e 0x07

An easy one which basically reroute the flow of the conditional jump...



ONE HIT KILL code-injection

The routine that Substracts Enemies HP starts at RE5DX9.exe+0x004523D0
Code: Select all
008523D0 | 66:8B4424 04          | mov     ax, word ptr [esp+4]     |
008523D5 | 66:2981 64130000      | sub     word ptr [ecx+1364], ax  |
008523DC | 0FB781 64130000       | movzx   eax, word ptr [ecx+1364] |
008523E3 | 66:85C0               | test    ax, ax                   |
008523E6 | 7D 09                 | jge     008523F1                 | ***
008523E8 | 66:C781 64130000 0000 | mov     word ptr [ecx+1364], 0   |
008523F1 | 0FB781 66130000       | movzx   eax, word ptr [ecx+1366] |
008523F8 | 66:3981 64130000      | cmp     word ptr [ecx+1364], ax  |
008523FF | 7E 07                 | jle     00852408                 |
00852401 | 66:8981 64130000      | mov     word ptr [ecx+1364], ax  |
00852408 | C2 0400               | retn    4                        |
(***) indicates the line we are going to modify...

ONE HIT KILL code injection:
Code: Select all
FullAccess( "RE5DX9.exe"+0x4523E6, 2 )

[ENABLE]
db 0x74 0x09

[DISABLE]
db 0x7D 0x09


Works similar way with the God Mode code-injection...


These hacks have been tested on both normal and mercenaries mode...



Edit:
List of enemies that seems to be immune to OHK:
- Ndesu
- The Reapers
- The early tentacles of Exella
- The Last Boss

Please note that the vehicles which Chris and Sheva use in motorcycles chase is affected by this OHK injection. Better turn it off at this chapter.
.. to boldly go where no eagle has gone before...
User avatar
WhiteHat
Elang Djawa
 
Posts: 1059
Joined: Fri Jul 21, 2006 12:49 pm
Location: Away for a while...

Postby mc.flash » Sun Oct 25, 2009 5:31 am

:shock: thanks guys thats powerfull :) i will try it when i change my VGA drive :) coz its kinda old but not low lol >.> i can play it on my laptop but its dam slow XD
but really really thanks i will try it :D
♣♦☻☺I ♥ MHS ☺☻♦♣
Image
Image
<a href="http://www.starsofwww.com//community_showvideos.php?prdPassId=1820" target="_blank"><center><strong style="font-size:22px;"><img alt="Hit Me To Vote My Videos" hspace=3 src="http://www.starsofwww.com/images/blinkstar1.gif" width=50 height="50" border=0><br />

Click Here to Vote Me
Best (Rapper, Singer) on StarofWWW.com

</strong><br />
</center><img border=1 style="BORDER-LEFT-COLOR: #4D0606; BORDER-BOTTOM-COLOR: #4D0606; BORDER-TOP-COLOR: #4D0606; BORDER-RIGHT-COLOR: #4D0606" src="http://www.starsofwww.com/community/LiLDizY/thumb_prdImg2010_Jan_Wed_06_04_53_281327.jpg"><br />
LiLDizY<br />
<strong>Name:</strong> Loay Ahmed<br />Lil dizy rapper from egypt 15 years old ..
<br />Code of Nominations:<strong>1820c6dbb1</strong><br /></a><br /><center><img alt="Hit Me To Vote My Videos" hspace=3 src="http://www.starsofwww.com/images/blinkstar1.gif" width=50 height="50" border=0></center>
vote for me please!
User avatar
mc.flash
NULL
 
Posts: 171
Joined: Tue Jul 22, 2008 9:27 am
Location: In Da Club!

Re: Resident Evil 5, for DX9 version

Postby xavi3r » Sun Aug 22, 2010 9:27 pm

Hey some1 can help me with the exact memory address of characters in resident evil 5?
i've the quick memory editor, and it can find only by VALUE, i've got the address of some guns and score, but cant find the HEALT to freeze it :s

thanks
xavi3r
I Have A Question
 
Posts: 1
Joined: Sun Aug 22, 2010 9:21 pm


Return to Others (Offline)

Who is online

Users browsing this forum: No registered users and 0 guests

cron