Skip to content

Instantly share code, notes, and snippets.

@Erquint

Erquint/Dark Sous Steamworks by Noobrzor-Erquint.CT

Last active April 27, 2017 07:05
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Erquint/07ff043f270864f392720d96d4a0c78d to your computer and use it in GitHub Desktop.
Save Erquint/07ff043f270864f392720d96d4a0c78d to your computer and use it in GitHub Desktop.
Download ZIP
v1.1 You nagged me so here's the rest. Didn't test much but everything except the Teleport Cheat should work out of the box. TP might or might not work — I ain't messing with it. v1.0 Hacked by Noobrzor. Updated for Steamworks version and gimped by Erquint. The original table(not included) contained more(useless from my point of view) scripts bu…
Raw
Dark Sous Steamworks by Noobrzor-Erquint.CT
<?xml version="1.0" encoding="utf-8"?>
<CheatTable CheatEngineTableVersion="24">
<CheatEntries>
<CheatEntry>
<ID>22</ID>
<Description>"Health Regeneration (2%/sec)"</Description>
<LastState/>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>[ENABLE]
aobscanmodule(healthAccess,DARKSOULS.exe,39 98 D4 02 00 00 7E)
alloc(newmem,$1000)
alloc(value1,$100)
alloc(backupEAX,$100)
alloc(backupECX,$100)
alloc(backupEDX,$100)
label(hack)
label(nohack)
label(clearvalue)
label(increasevalue)
label(return)
newmem:
cmp [value1],#30 //if 30 frames per second (FPS) then HealthTick happens every second
je clearvalue
ja clearvalue
jmp increasevalue
clearvalue:
mov [value1],#0
jmp hack
increasevalue:
inc [value1]
jmp nohack
hack:
cmp [eax+000002D4],#0
je nohack
jb nohack
jl nohack
mov [backupEAX],eax
mov [backupECX],ecx
mov [backupEDX],edx
mov eax,[eax+000002D8]
mov ecx,#50 //1/50 is 2/100 which is 2%
xor edx,edx
idiv ecx //divides maxHP value currently stored in eax by ecx
mov ecx,eax
mov eax,[backupEAX]
mov edx,[backupEDX]
add [eax+000002D4],ecx
mov ecx,[backupECX]
nohack:
cmp [eax+000002D4],ebx
jmp return
healthAccess:
jmp newmem
nop
return:
registersymbol(healthAccess)
[DISABLE]
healthAccess:
db 39 98 D4 02 00 00
unregistersymbol(healthAccess)
dealloc(newmem)
dealloc(value1)
dealloc(backupEAX)
dealloc(backupECX)
dealloc(backupEDX)
</AssemblerScript>
</CheatEntry>
<CheatEntry>
<ID>33</ID>
<Description>"Health Regeneration (5/sec)"</Description>
<LastState/>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>[ENABLE]
aobscanmodule(healthAccess,DARKSOULS.exe,39 98 D4 02 00 00 7E)
alloc(newmem,$1000)
alloc(value1,$100)
label(hack)
label(nohack)
label(clearvalue)
label(increasevalue)
label(return)
newmem:
cmp [value1],#30 //if 30 frames per second (FPS) then HealthTick happens every second
je clearvalue
ja clearvalue
jmp increasevalue
clearvalue:
mov [value1],#0
jmp hack
increasevalue:
inc [value1]
jmp nohack
hack:
cmp [eax+000002D4],#0
je nohack
jb nohack
jl nohack
add [eax+000002D4],#5
nohack:
cmp [eax+000002D4],ebx
jmp return
healthAccess:
jmp newmem
nop
return:
registersymbol(healthAccess)
[DISABLE]
healthAccess:
db 39 98 D4 02 00 00
unregistersymbol(healthAccess)
dealloc(newmem)
dealloc(value1)
</AssemblerScript>
</CheatEntry>
<CheatEntry>
<ID>1</ID>
<Description>"Item Durability Cheat"</Description>
<LastState/>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>[ENABLE]
aobscanmodule(durabilityAccess,DARKSOULS.exe,8D 04 81 8B 40 14 C3 CC)
alloc(newmem,$1000)
label(return)
newmem:
lea eax,[ecx+eax*4]
mov [eax+14],#99999
mov eax,[eax+14]
jmp return
durabilityAccess:
jmp newmem
nop
return:
registersymbol(durabilityAccess)
[DISABLE]
durabilityAccess:
db 8D 04 81 8B 40 14
unregistersymbol(durabilityAccess)
dealloc(newmem)
</AssemblerScript>
</CheatEntry>
<CheatEntry>
<ID>10</ID>
<Description>"Ammo Cheat"</Description>
<LastState/>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>[ENABLE]
aobscanmodule(ammoAccess1,DARKSOULS.exe,8B 40 08 5F C3 8B C7 5F C3 CC CC CC CC CC CC CC CC CC CC CC CC CC CC 53)
aobscanmodule(ammoAccess2,DARKSOULS.exe,8B 40 08 5F C3 8B C7 5F C3 CC CC CC CC CC CC CC CC CC CC CC CC CC CC 57)
alloc(newmem1,$1000)
alloc(newmem2,$1000)
label(return1)
label(return2)
newmem1:
mov [eax+08],#999
mov eax,[eax+08]
pop edi
ret
jmp return1
ammoAccess1:
jmp newmem1
return1:
registersymbol(ammoAccess1)
newmem2:
mov [eax+08],#999
mov eax,[eax+08]
pop edi
ret
jmp return2
ammoAccess2:
jmp newmem2
return2:
registersymbol(ammoAccess2)
[DISABLE]
ammoAccess1:
db 8B 40 08 5F C3
ammoAccess2:
db 8B 40 08 5F C3
unregistersymbol(ammoAccess1)
unregistersymbol(ammoAccess2)
dealloc(newmem1)
dealloc(newmem2)
</AssemblerScript>
</CheatEntry>
<CheatEntry>
<ID>21</ID>
<Description>"Death Penalty Cheat"</Description>
<LastState/>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>[ENABLE]
aobscanmodule(DeathPenalty,DARKSOULS.exe,89 56 38 8B 53 7C 33 C9 89 8B 8C 00 00 00 89 56 34 89 4B 7C 8B 48 04 E8)
alloc(newmem,$1000)
label(return)
newmem:
//mov [esi+38],edx - Souls moved to Bloodstain
mov edx,[ebx+7C]
xor ecx,ecx
//mov [ebx+0000008C],ecx - Player's Souls set to 0
//mov [esi+34],edx - Humanity moved to Bloodstain
//mov [ebx+7C],ecx - Player's Humanity set to 0
mov ecx,[eax+04]
//call DARKSOULS.exe+986100 - Player's Hollowification
jmp return
DeathPenalty:
jmp newmem
db 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
return:
registersymbol(DeathPenalty)
[DISABLE]
DeathPenalty:
db 89 56 38 8B 53 7C 33 C9 89 8B 8C 00 00 00 89 56 34 89 4B 7C 8B 48 04 E8
unregistersymbol(DeathPenalty)
dealloc(newmem)
</AssemblerScript>
</CheatEntry>
<CheatEntry>
<ID>28</ID>
<Description>"Teleport Cheat (buggy)"</Description>
<LastState/>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>[ENABLE]
aobscanmodule(coordinateAccess,DARKSOULS.exe,58 F3 0F 7E 40 10 66 0F D6 84)
aobscanmodule(codeKilling,DARKSOULS.exe,89 85 D4 02 00 00 83)
aobscanmodule(codeKilling2,DARKSOULS.exe,89 85 D4 02 00 00)
alloc(newmem,$1000)
alloc(newmem2,$200)
alloc(newmem3,$200)
alloc(status,20)
alloc(timer,20)
alloc(safety1,20)
alloc(safety2,20)
alloc(backupEBX,20)
alloc(1saved0,20)
alloc(1saved4,20)
alloc(1saved8,20)
alloc(2saved0,20)
alloc(2saved4,20)
alloc(2saved8,20)
label(return2)
label(return3)
label(originalcode)
label(return)
label(clearStatusAndTimer)
label(saveCoordinates1)
label(teleportCoordinates1)
label(saveCoordinates2)
label(teleportCoordinates2)
safety1:
db 01
safety2:
db 01
newmem:
cmp [status],#1
je saveCoordinates1
cmp [status],#2
je teleportCoordinates1
cmp [status],#3
je saveCoordinates2
cmp [status],#4
je teleportCoordinates2
jmp originalcode
originalcode:
movq xmm0,[eax+10]
jmp return
saveCoordinates1:
mov [safety1],00000000
mov [backupEBX],ebx
mov ebx,[eax+10]
mov [1saved0],ebx
mov ebx,[eax+14]
mov [1saved4],ebx
mov ebx,[eax+18]
mov [1saved8],ebx
mov ebx,[backupEBX]
mov [status],00000000
movq xmm0,[eax+10]
jmp return
teleportCoordinates1:
cmp [safety1],00000000
jne clearStatusAndTimer
mov [backupEBX],ebx
mov ebx,[1saved0]
mov [eax+10],ebx
mov ebx,[1saved4]
mov [eax+14],ebx
mov ebx,[1saved8]
mov [eax+18],ebx
mov ebx,[backupEBX]
inc [timer]
cmp [timer],#4000 //higher means longer delay. 1200 is approx. 5-10 sec.
je clearStatusAndTimer
ja clearStatusAndTimer
jmp originalcode
saveCoordinates2:
mov [safety2],00000000
mov [backupEBX],ebx
mov ebx,[eax+10]
mov [2saved0],ebx
mov ebx,[eax+14]
mov [2saved4],ebx
mov ebx,[eax+18]
mov [2saved8],ebx
mov ebx,[backupEBX]
mov [status],00000000
movq xmm0,[eax+10]
jmp return
teleportCoordinates2:
cmp [safety2],00000000
jne clearStatusAndTimer
mov [backupEBX],ebx
mov ebx,[2saved0]
mov [eax+10],ebx
mov ebx,[2saved4]
mov [eax+14],ebx
mov ebx,[2saved8]
mov [eax+18],ebx
mov ebx,[backupEBX]
inc [timer]
cmp [timer],#4000 //higher means longer delay. 1200 is approx. 5-10 sec.
je clearStatusAndTimer
ja clearStatusAndTimer
jmp originalcode
clearStatusAndTimer:
mov [timer],00000000
mov [status],00000000
jmp originalcode
coordinateAccess+01:
jmp newmem
return:
registersymbol(coordinateAccess)
registersymbol(status)
newmem2:
cmp [status],00000000
jne return2
mov [ebp+000002D4],eax
jmp return2
codeKilling:
jmp newmem2
nop
return2:
registersymbol(codeKilling)
newmem3:
cmp [status],00000000
jne return3
mov [ebp+000002D4],eax
jmp return3
codeKilling2:
jmp newmem3
nop
return3:
registersymbol(codeKilling2)
[DISABLE]
coordinateAccess+01:
db F3 0F 7E 40 10
codeKilling:
db 89 85 D4 02 00 00
codeKilling2:
db 89 85 D4 02 00 00
unregistersymbol(coordinateAccess)
unregistersymbol(status)
unregistersymbol(codeKilling)
unregistersymbol(codeKilling2)
dealloc(newmem)
dealloc(newmem2)
dealloc(newmem3)
dealloc(status)
dealloc(timer)
dealloc(safety1)
dealloc(safety2)
dealloc(backupEBX)
dealloc(1saved0)
dealloc(1saved4)
dealloc(1saved8)
dealloc(2saved0)
dealloc(2saved4)
dealloc(2saved8)
</AssemblerScript>
<CheatEntries>
<CheatEntry>
<ID>32</ID>
<Description>"1=save1//2=load1//3=save2//4=load2"</Description>
<VariableType>4 Bytes</VariableType>
<Address>status</Address>
</CheatEntry>
</CheatEntries>
</CheatEntry>
</CheatEntries>
<UserdefinedSymbols>
<SymbolEntry>
<Name>durabilityAccess</Name>
<Address>00C31F40</Address>
</SymbolEntry>
<SymbolEntry>
<Name>ammoAccess1</Name>
<Address>00C32129</Address>
</SymbolEntry>
<SymbolEntry>
<Name>ammoAccess2</Name>
<Address>00C320C9</Address>
</SymbolEntry>
<SymbolEntry>
<Name>DeathPenalty</Name>
<Address>00DA0F1B</Address>
</SymbolEntry>
<SymbolEntry>
<Name>coordinateAccess</Name>
<Address>00D6AF8B</Address>
</SymbolEntry>
<SymbolEntry>
<Name>codeKilling</Name>
<Address>00E91BED</Address>
</SymbolEntry>
<SymbolEntry>
<Name>codeKilling2</Name>
<Address>00E91BED</Address>
</SymbolEntry>
</UserdefinedSymbols>
<Comments>v1.1
You nagged me so here's the rest.
Didn't test much but everything except the Teleport Cheat should work out of the box.
TP might or might not work — I ain't messing with it.
v1.0
Hacked by Noobrzor.
Updated for Steamworks version and gimped by Erquint.
The original table(not included) contained more(useless from my point of view) scripts but I only bothered to update the one I needed.
Stalk and nag me online if you need the rest.</Comments>
</CheatTable>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment