81
"[X] <-- Check for updates [ version 10 ]"
008000
Auto Assembler Script
{$lua}
if syntaxcheck then return end
[ENABLE]
local TABLE_VERSION = 10
local version_url = "http://ce.checkdesign.nl/driv3r/table/version.txt"
local table_url = "http://ce.checkdesign.nl/driv3r/table/driv3r.ct"
local http = getInternet()
local result = http.getURL(version_url)
if result then
local version = tonumber(result:match("%d+"))
if version > TABLE_VERSION then
local answer = messageDialog("There is a newer version of this table.\nWould you like to download it now?", mtWarning, mbYes, mbNo)
if answer == mrYes then
messageDialog("Be sure to save the new table!", mtInformation, mbOK)
local latest = http.getURL(table_url)
if latest ~= nil then
local name = os.getenv("TEMP")
name = name .. "\\Zanzer.CT"
local file = io.open(name, "w")
file:write(latest)
file:close()
loadTable(name)
else
messageDialog("Failed to load the new table!", mtError, mbOK)
end
end
elseif TABLE_VERSION > version then
messageDialog("It appears you have a newer version than the one uploaded. Snoopii must like ya!", mtInformation, mbOK)
else
messageDialog("You currently have the latest version!", mtInformation, mbOK)
end
else
messageDialog("Failed to find latest version!", mtError, mbOK)
end
http.destroy()
{$asm}
assert(true)
[DISABLE]
189
"[X] <-- Enable me first (Fetches PlayerID)"
FF0000
Auto Assembler Script
[ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem:
push eax
mov eax,[edi+1878]
call vPtr
jne nullPtr
mov eax,[eax+14]
cmp eax,[gPlayer]
jne nullPtr
// if (vehicle == car)
mov eax,[edi+1874]
call vPtr
jne nullPtr
lea eax,[eax+550]
mov [gPlayer+8],0
mov [gPlayer+4],eax
mov eax,[eax]
call vPtr
je short @f
// if (vehicle == motorcycle)
mov eax,[edi+440]
call vPtr
jne short nullPtr
lea eax,[eax+4C]
mov [gPlayer+4],eax
mov [gPlayer+8],1
mov eax,[eax]
call vPtr
jne short nullPtr
// set infinite mass
@@:
call vPtr
jne short nullPtr
cmp [feature_infinitemass],1
jne nullPtr
xor esi,esi
mov [eax+1C4],96
mov [edi+1888],esi // damage multiplier
//mov [edi+1898],esi // unsure
mov [edi+189C],esi // collision timeout
nullPtr:
pop eax
originalcode:
mov esi,[edi+00000490]
exit:
jmp returnhere
//---------------
infMassEntry:
push eax
lea eax,[ecx+1C]
test eax,eax
pop eax
je exit_infmass
// Get Player struct
cmp byte ptr [ecx+1C],0
jne exit_infmass
mov dword ptr [gPlayer],ecx
exit_infmass:
mov eax,[esp+18]
mov edx,[ecx]
jmp returnInfMass
vPtr:
pushad
push 4
push eax
call isBadWritePtr
cmp eax,0
popad
ret
gPlayer:
dd 0
dd 0
dd 0
registersymbol(gPlayer)
feature_infinitemass:
dd 0
registersymbol(feature_infinitemass)
"Driv3r.exe"+FDC7F:
jmp newmem
nop
returnhere:
"Driv3r.exe"+CA5B2:
jmp infMassEntry
nop
returnInfMass:
[DISABLE]
unregistersymbol(feature_infinitemass)
unregistersymbol(gPlayer)
dealloc(newmem)
"Driv3r.exe"+FDC7F:
mov esi,[edi+00000490]
"Driv3r.exe"+CA5B2:
mov eax,[esp+18]
mov edx,[ecx]
//Alt: db D9 41 24 C3 CC
158
"Godmode"
408000
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
globalalloc(_iOneHitKill,4)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
// enables ingame godmode (for other damage types)
push eax
mov eax,[008AC444]
mov eax,[eax+4]
mov byte ptr [eax+31],1
pop eax
// check if actor is friendly (Allies, cops excluded)
cmp dword ptr [edi+1C],3
je _godmode
// if zero, its enemy make it instant kill
cmp dword ptr [edi+1C],0
jne _onehitkill
_godmode:
mov dword ptr [edi+1838],0 // comment to disable godmode
jmp originalcode
_onehitkill:
cmp dword ptr [_iOneHitKill],1
jne short @f
mov dword ptr [edi+1838],(float)100 // Set damage multiplier
originalcode:
fmul dword ptr [edi+00001838]
exit:
jmp returnhere
"Driv3r.exe"+C1E20:
jmp newmem
nop
returnhere:
_iOneHitKill:
dd 0
"Driv3r.exe"+C0FC8:
db 90 90 90 90
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
dealloc(_iOneHitKill)
unregistersymbol(_iOneHitKill)
"Driv3r.exe"+C1E20:
fmul dword ptr [edi+00001838]
//Alt: db D8 8F 38 18 00 00
"Driv3r.exe"+C0FC8:
fsub dword ptr [esp+24]
//Alt: db D8 64 24 24
[[008AC444]+4]+31:
db 00
160
"One hit kill"
Auto Assembler Script
[ENABLE]
_iOneHitKill:
dd 1
[DISABLE]
_iOneHitKill:
dd 0
195
"Infinite ammo and no ROF"
408000
Auto Assembler Script
[ENABLE]
// no ROF time
"Driv3r.exe"+44C41:
db EB
// INF AMMO
"Driv3r.exe"+D5959:
db 90 90 90
[DISABLE]
"Driv3r.exe"+44C41:
db 7B
"Driv3r.exe"+D5959:
db 83 C2 FF
109
"Run speed"
408000
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
alloc(iMultSpeed,128)
label(returnhere)
label(originalcode)
label(exit)
newmem:
fld dword ptr [iMultSpeed] // Load our custom var defined as iMultSpeed
fld dword ptr [Driv3r.exe+38E8D4] // regular game speed modifier
fmulp // multiply run speed by custom var
fmulp // multiply regular game speed multiplier (and pop)
originalcode:
//fmul dword ptr [Driv3r.exe+38E8D4]
exit:
jmp returnhere
"Driv3r.exe"+4A287:
jmp newmem
nop
returnhere:
iMultSpeed:
db 00 00 80 3F
registersymbol(iMultSpeed)
// fall damage off
Driv3r.exe+C0B94:
db 74
// disable bumping
Driv3r.exe+C7FBB:
db E9 AD 0D 00 00 90
[DISABLE]
dealloc(newmem)
dealloc(iMultSpeed)
unregistersymbol(iMultSpeed)
"Driv3r.exe"+4A287:
fmul dword ptr [Driv3r.exe+38E8D4]
// fall damage
Driv3r.exe+C0B94:
db 75
// bumping
Driv3r.exe+C7FBB:
db 8D 8D B0 03 00 00
110
"Run speed Multiplier"
Float
iMultSpeed
205
"Ultimate infinite mass"
408000
Auto Assembler Script
[ENABLE]
feature_infinitemass:
dd 1
// no tire pop
"Driv3r.exe"+107ECD:
db 00
[DISABLE]
feature_infinitemass:
dd 0
"Driv3r.exe"+107ECD:
db 01
272
"Drive through walls"
Auto Assembler Script
[ENABLE]
"Driv3r.exe"+1A6814:
db 84
[DISABLE]
"Driv3r.exe"+1A6814:
db 85
172
"Super car speed"
408000
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
cmp dword ptr [iSuperSpeedAll],1
je short @f
push eax
mov eax,[gPlayer+4]
sub eax,270
cmp eax,ebx
pop eax
jne originalcode
@@:
fld dword ptr [Driv3r.exe+38F254]
fdiv dword ptr [cSpeedDiv]
fmul dword ptr [cSpeedMult]
fadd dword ptr [Driv3r.exe+38F254]
fmulp
//fstp st(1)
jmp exit
originalcode:
fmul dword ptr [Driv3r.exe+38F254]
exit:
jmp returnhere
speedCapPoint:
cmp dword ptr [iSuperSpeedAll],1
je short @f
push eax
mov eax,[gPlayer+4]
sub eax,540
cmp eax,ebp
pop eax
jne short originalSpeedCap
@@:
fld dword ptr [cSpeedCap]
jmp returnhereSpeedCap
// originalcode
originalSpeedCap:
fld dword ptr [Driv3r.exe+38F254]
jmp returnhereSpeedCap
cSpeedDiv:
dd (float)10
cSpeedMult:
dd (float)0
cSpeedCap:
dd (float)-0.4
iSuperSpeedAll:
dd 0
"Driv3r.exe"+B9090:
jmp newmem
nop
returnhere:
"Driv3r.exe"+B93A0:
jmp speedCapPoint
nop
returnhereSpeedCap:
registersymbol(cSpeedMult)
registersymbol(iSuperSpeedAll)
//registersymbol(cSpeedDiv)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
unregistersymbol(cSpeedMult)
unregistersymbol(iSuperSpeedAll)
//unregistersymbol(cSpeedDiv)
"Driv3r.exe"+B9090:
fmul dword ptr [Driv3r.exe+38F254]
//Alt: db D8 0D 54 F2 78 00
"Driv3r.exe"+B93A0:
fld dword ptr [Driv3r.exe+38F254]
273
"Toggle for All vehicles"
Auto Assembler Script
[ENABLE]
iSuperSpeedAll:
dd 1
[DISABLE]
iSuperSpeedAll:
dd 0
173
"Acceleration Multiplier"
Float
cSpeedMult
0
"Enable speedometer"
808080
Auto Assembler Script
[ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem:
push eax
push ebx
mov ebx,1
mov eax,[gPlayer]
cmp [gPlayer],0
je short @f
// is Player in car?
cmp dword ptr [eax+1F8],0
je short @f
mov ebx,0
// KPH or MPH
@@:
mov eax,[008AC58C]
cmp byte ptr [eax+174],1
jne short @f
// MPH
cmp byte ptr [esi-04],0D
je short speedTrue
// KPH
@@:
cmp byte ptr [esi-04],18
je short speedTrue
jmp short originalcode
speedTrue:
mov byte ptr [esi-08],bl
originalcode:
pop ebx
pop eax
cmp byte ptr [esi-08],00
je Driv3r.exe+13FD96
exit:
jmp returnhere
"driv3r.exe"+13FCC0:
jmp newmem
nop
nop
nop
nop
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"Driv3r.exe"+13FCC0:
cmp byte ptr [esi-08],00
je Driv3r.exe+13FD96
//Alt: db 80 7E F8 00 0F 84 CC 00 00 00
252
"Dashboard view in FPV (car)"
808080
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
push eax
push ecx
mov eax,list_vehicle_camera
startLoop:
cmp [eax],(int)-1
je short endLoop
// get pointer vehicle
mov ecx,[gPlayer+4]
test ecx,ecx
je short endLoop
cmp [gPlayer+8],1 // isBike ?
je short @f
mov ecx,[ecx+e0] // vehicle
jmp short after_sort
@@:
mov ecx,[ecx+F8] // bike
after_sort:
test ecx,ecx
je short endLoop
mov ecx,[ecx+C]
test ecx,ecx
je short endLoop
mov ecx,[ecx+14]
continue_loop:
//compare id
add eax,10
cmp [eax-10],ecx
jne short startLoop
lea ecx,[eax-C]
mov [save_debug_pointer],ecx
mov eax,[ecx]
mov [ebx+000000A0],eax
mov eax,[ecx+4]
mov [ebx+000000A4],eax
mov eax,[ecx+8]
mov [ebx+000000A8],eax
endLoop:
pop ecx
pop eax
originalcode:
mov ecx,[ebx+000000A0]
exit:
jmp returnhere
list_vehicle_camera:
// ALL
dd (int)19, (float)0.32 (float)0.68 (float)1.50
// MIAMI ( NUMERICAL ORDER, SORRY)
dd (int)02, (float)0.35 (float)0.59 (float)0.05
dd (int)06, (float)0.30 (float)0.47 (float)-0.11
dd (int)09, (float)0.33 (float)0.51 (float)-0.05
dd (int)10, (float)0.34 (float)0.48 (float)-0.02
dd (int)22, (float)0.39 (float)0.34 (float)-0.29
dd (int)23, (float)0.39 (float)0.64 (float)0.56
dd (int)24, (float)0.43 (float)0.80 (float)0.20
dd (int)31, (float)0.00 (float)0.62 (float)0.05
dd (int)32, (float)0.45 (float)0.69 (float)0.07
dd (int)33, (float)0.23 (float)0.49 (float)0.00
dd (int)34, (float)0.28 (float)0.43 (float)-0.30
dd (int)35, (float)0.36 (float)0.50 (float)0.03
dd (int)36, (float)0.31 (float)0.68 (float)1.66
dd (int)37, (float)0.24 (float)0.45 (float)-0.50
dd (int)38, (float)0.33 (float)0.47 (float)-0.29
dd (int)39, (float)0.59 (float)0.54 (float)2.82
dd (int)40, (float)0.31 (float)0.44 (float)-0.14
dd (int)43, (float)0.00 (float)0.58 (float)-0.42
dd (int)44, (float)0.00 (float)0.74 (float)-0.42
dd (int)64, (float)0.28 (float)0.59 (float)2.54
dd (int)66, (float)0.24 (float)0.52 (float)-0.55
dd (int)80, (float)0.27 (float)0.40 (float)0.04
// NICE ( NUMERICAL ORDER, SORRY)
dd (int)13, (float)0.32 (float)0.42 (float)0.05
dd (int)16, (float)0.32 (float)0.375 (float)-0.07
dd (int)17, (float)0.22 (float)0.40 (float)-0.05
dd (int)25, (float)0.30 (float)0.45 (float)-0.05
dd (int)27, (float)0.27 (float)0.59 (float)-0.50
dd (int)42, (float)0.23 (float)0.64 (float)-0.53
dd (int)50, (float)0.26 (float)0.45 (float)-0.20
dd (int)51, (float)0.33 (float)0.78 (float)-0.67
dd (int)52, (float)0.21 (float)0.52 (float)-0.09
dd (int)53, (float)0.20 (float)0.55 (float)-0.04
dd (int)54, (float)0.00 (float)0.90 (float)-0.15
dd (int)55, (float)0.30 (float)0.50 (float)-0.40
dd (int)58, (float)0.66 (float)0.54 (float)2.8
dd (int)59, (float)0.30 (float)0.45 (float)1.2
dd (int)60, (float)0.50 (float)0.34 (float)2.63
dd (int)61, (float)0.26 (float)0.45 (float)-0.13
dd (int)62, (float)0.19 (float)0.42 (float)-0.15
dd (int)65, (float)0.30 (float)0.60 (float)1.2
dd (int)67, (float)0.00 (float)0.55 (float)0.02
dd (int)68, (float)0.00 (float)0.75 (float)-0.12
dd (int)92, (float)0.23 (float)0.50 (float)-0.11
dd (int)93, (float)0.30 (float)0.50 (float)0
dd (int)94, (float)0.40 (float)0.42 (float)-0.38
// INSTANT BULL (IN ORDER OF TAR MENU)
dd (int)29, (float)0.32 (float)0.52 (float)0.00
dd (int)81, (float)0.30 (float)0.47 (float)-0.11
dd (int)82, (float)0.33 (float)0.51 (float)-0.05
dd (int)21, (float)0.27 (float)0.55 (float)-0.12
dd (int)30, (float)0.43 (float)0.74 (float)0.00
dd (int)72, (float)0.39 (float)0.64 (float)0.56
dd (int)75, (float)0.35 (float)0.49 (float)0.00
dd (int)28, (float)0.24 (float)0.48 (float)-0.47
dd (int)74, (float)0.00 (float)0.62 (float)0.05
dd (int)77, (float)0.24 (float)0.59 (float)-0.42
dd (int)73, (float)0.60 (float)0.46 (float)2.78
dd (int)15, (float)0.36 (float)0.54 (float)0.90
dd (int)76, (float)0.24 (float)0.86 (float)0.94
dd (int)79, (float)0.00 (float)0.50 (float)-0.33
dd (int)78, (float)0.28 (float)0.48 (float)-0.85
dd (int)41, (float)0.24 (float)0.64 (float)-0.59
// TERMINATING LIST HERE
dd (int)-1, 0, 0, 0
save_debug_pointer:
dd 0
registersymbol(save_debug_pointer)
"Driv3r.exe"+132C70:
jmp newmem
nop
returnhere:
"Driv3r.exe"+132DD4:
db B1 01 90
[DISABLE]
unregistersymbol(save_debug_pointer)
dealloc(newmem)
"Driv3r.exe"+132C70:
mov ecx,[ebx+000000A0]
"Driv3r.exe"+132DD4:
db 0F 94 C1
264
"X"
Float
save_debug_pointer
0
Increase Value
100
.01
0
Decrease Value
102
.01
1
265
"Y"
Float
save_debug_pointer
4
Increase Value
107
0.01
0
Decrease Value
109
0.01
1
267
"Z"
Float
save_debug_pointer
8
Increase Value
104
.01
0
Decrease Value
98
.01
1
186
"Make Dolva's open up"
808080
Auto Assembler Script
[ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
cmp [cDolvaState],1 // check if hotkey is pressed
mov [cDolvaState],0 // reset hotkey
jne originalcode
mov [ebx+3C],(float)1 // float value = 1 (makes animation work)
cmp [ebx+38],1
je short closePlease
mov [ebx+38],1 // open
jmp originalcode
closePlease:
mov [ebx+38],0
originalcode:
mov eax,[ebx+38]
cmp eax,[ebx+34]
exit:
jmp returnhere
cDolvaState:
dd 0
registersymbol(cDolvaState)
"Driv3r.exe"+EE2C9:
jmp newmem
nop
returnhere:
[DISABLE]
unregistersymbol(cDolvaState)
dealloc(newmem)
"Driv3r.exe"+EE2C9:
mov eax,[ebx+38]
cmp eax,[ebx+34]
//Alt: db 8B 43 38 3B 43 34
188
"Hotkey (edit hotkey: CTLR+H)"
0:Inactive
1:Activate
404000
4 Bytes
cDolvaState
Set Value
96
1
0
175
"Vehicle names TAR menu"
808080
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(exit)
define(_n,00 00 00)
newmem: //this is allocated memory, you have read,write,execute access
mov eax,[ecx+0000075C]
push eax
mov eax,[eax+0C]
mov [vehID],eax
pop eax
exit:
jmp returnhere
/*
Second injection point
*/
drawvehtext:
mov ecx,[vehID]
cmp ecx,0
je regularCars
mov eax,cars
dec eax
loopArray:
inc eax // increment to scroll through our table
cmp dword ptr [eax],0 // check if string is zero = end of our table
je regularCars
cmp dword ptr [eax],ecx // compare cars with our table
jne short loopArray
add eax,4
push eax
mov eax,[ebx] // restoring eax without push and pop
jmp rethere
regularCars:
mov eax,[ebx]
//push placeholderText
push 00781BE0
jmp rethere
vehID:
dd 0
placeholderText:
db '[VEH NAME NOT FOUND]',00
cars:
// format = db [dword carID], [text], terminator (00)
// ALL
db 13 _n, 'Packer Big Daddy', 00
// Miami
db 02 _n, 'Flamingo Taxi', 00
db 06 _n, '69 Bruiser', 00
db 09 _n, 'Polisecops', 00
db 0A _n, 'El Toro GT500', 00
db 16 _n, 'Dart Retaliator', 00
db 17 _n, 'Scout Cargo Van', 00
db 18 _n, 'G-750 Pickup', 00
db 1F _n, 'Antilli VO9s', 00
db 20 _n, 'Scout Chaser', 00
db 21 _n, 'Hunter 313-T', 00
db 22 _n, 'V-8', 00
db 23 _n, 'Patriarch Tycoon', 00
db 24 _n, 'Packer Transport', 00
db 25 _n, '80 Redline V-8', 00
db 26 _n, 'Grande Spedizione', 00
db 27 _n, 'Miami Bus', 00
db 28 _n, 'Adams Liberty', 00
db 2B _n, 'Go-kart', 00
db 2C _n, 'Farley FLH Whole Hog', 00
db 2D _n, 'Cigarette 38 Top Gun', 00
db 2E _n, 'Sea-King Cormorant', 00
db 2F _n, 'Surf Craft', 00
db 31 _n, 'Monorail', 00
db 40 _n, 'Sobe Packer Truck', 00
db 42 _n, 'Velocity Turbo', 00
db 50 _n, 'TT Cuatro Superpower', 00
db 59 _n, 'Miami Dade Police Boat', 00
// Nice
db 0D _n, 'Benissimo 74 Turbo', 00
db 10 _n, 'Prontezza Freddo', 00
db 11 _n, 'Le Compact Rapporter', 00
db 19 _n, 'Vitesse Moyenne 72X', 00
db 1B _n, 'Dolch Schub', 00
db 2A _n, 'Dagger Type-S', 00
db 32 _n, 'Le Compact Taxicab', 00
db 33 _n, 'Dagger Type-T', 00
db 34 _n, 'Le Chariot Transport 6', 00
db 35 _n, 'Le Chariot Klein', 00
db 36 _n, 'Forklift', 00
db 37 _n, 'Conquest Motors Dominance', 00
db 39 _n, 'Vitesse Moyenne 94 Police', 00
db 3A _n, 'Le Autobus', 00
db 3B _n, 'Lastwagon Kasten', 00
db 3C _n, 'Dolva 8M8', 00
db 3D _n, 'LTS V-8', 00
db 3E _n, 'Le Chariot Cinq', 00
db 41 _n, 'Camper Van', 00
db 43 _n, 'Sun Runner', 00
db 44 _n, 'Moped', 00
db 45 _n, 'Cigarette 42 Tiger', 00
db 46 _n, 'Sea-King Cormorant', 00
db 47 _n, 'Sea-King Silverfish', 00
db 5A _n, 'Nice Polis Boat', 00
db 5C _n, 'Vitesse Moyenne 94LE', 00
db 5D _n, 'Le Compact XS', 00
db 5E _n, 'Prontezza Brezza', 00
// Istanbul
db 0E _n, 'Le Chariot Douze Polis', 00
db 0F _n, 'Cargo Van', 00
db 15 _n, '54 Taxi', 00
db 1C _n, 'Santun TTZ', 00
db 1D _n, '54 Classic', 00
db 1E _n, '71 Pickup', 00
db 29 _n, 'Speedster', 00
db 48 _n, '73 Classic', 00
db 49 _n, 'Otobus', 00
db 4A _n, 'Le Chariot A1', 00
db 4B _n, 'Canyon Wagonaire', 00
db 4C _n, 'Packer Transport (Flatbed)', 00
db 4D _n, 'Jager Roadster LS28', 00
db 4E _n, 'Roadster', 00
db 4F _n, 'Racer GT', 00
db 51 _n, 'Beast', 00
db 52 _n, 'Moped', 00
db 53 _n, 'Yeni Golata', 00
db 54 _n, 'St. Michael Mariner', 00
db 55 _n, 'Sport Fisher', 00
db 56 _n, 'Tram', 00
db 57 _n, 'Train Engine', 00
db 5B _n, 'Istanbul Polis Boat', 00
db 5F _n, 'Train car', 00
"Driv3r.exe"+155B30:
jmp newmem
nop
returnhere:
"Driv3r.exe"+153611:
jmp drawvehtext
rethere:
registersymbol(vehID)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
unregistersymbol(vehID)
"Driv3r.exe"+155B30:
mov eax,[ecx+0000075C]
//Alt: db 8B 81 5C 07 00 00
"Driv3r.exe"+153611:
db 68 E0 1B 78 00
262
"Selected veh id"
4 Bytes
vehID
270
"==Debug for snoopii=="
C0C0C0
1
228
"Game/Replay specific -->"
1
230
"Film Director cam hack"
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
globalalloc(camSpace,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem:
//jmp originalcode
cmp [camera],0
je originalcode
pushad
call camSpace
popad
originalcode:
mov eax,[Driv3r.exe+4AC434]
exit:
jmp returnhere
transition:
dd (float)0.02
//----------------------------//
hijackCamera:
lea esi,[edx+10]
mov ecx,00000010
mov [camera],edx
push eax
mov eax,[008AC434]
push #60
fild dword ptr [eax+4]
fidiv dword ptr [esp]
add esp,4
fstp dword ptr [camera+4]
pop eax
jmp returnCamera
camera:
dd 0
dd 0
registersymbol(camera)
_getFrame:
mov eax,[Driv3r.exe+4AC434]
mov eax,[eax+4]
ret
singleCam:
registersymbol(singleCam)
// get currentFrame
//jmp exit_Run
mov edx,[esp+4] // camera Entry
call _getFrame
cmp eax,[edx] // from frame
jb exit_Run
cmp eax,[edx+4] // to frame
ja exit_Run
mov eax,[camera]
lea eax,[eax]
// cam x
fld dword ptr [edx+24]
fsub dword ptr [edx+8]
call doSubFloats
fadd [eax+40]
fstp [eax+40]
// cam Y
fld dword ptr [edx+28]
fsub dword ptr [edx+C]
call doSubFloats
fadd [eax+44]
fstp [eax+44]
// cam Z
fld dword ptr [edx+2C]
fsub dword ptr [edx+10]
call doSubFloats
fadd [eax+48]
fstp [eax+48]
// rotation?
fld dword ptr [edx+30]
fsub dword ptr [edx+14]
call doSubFloats
fadd [eax+30]
fstp [eax+30]
// rotation?
fld dword ptr [edx+34]
fsub dword ptr [edx+18]
call doSubFloats
fadd [eax+38]
fstp [eax+38]
// rotation?
fld dword ptr [edx+38]
fsub dword ptr [edx+1C]
call doSubFloats
fadd [eax+10]
fstp [eax+10]
// rotation?
fld dword ptr [edx+3C]
fsub dword ptr [edx+20]
call doSubFloats
fadd [eax+18]
fstp [eax+18]
exit_Run:
ret 0004
doSubFloats:
fild dword ptr [edx+4]
fisub dword ptr [edx]
push 2
fidiv [esp]
add esp,4
// store cam
fdivp
ret
camSpace:
db C3 90 90 90 90
"Driv3r.exe"+139B4E:
jmp newmem
returnhere:
"Driv3r.exe"+1358FB:
jmp hijackCamera
nop
nop
nop
returnCamera:
[DISABLE]
unregistersymbol(singleCam)
unregistersymbol(camera)
dealloc(newmem)
unregistersymbol(camSpace)
"Driv3r.exe"+139B4E:
mov eax,[Driv3r.exe+4AC434]
//Alt: db A1 34 C4 8A 00
"Driv3r.exe"+1358FB:
lea esi,[edx+10]
mov ecx,00000010
//Alt: db 8D 72 10 B9 10 00 00 00
237
"CamHackTest"
Auto Assembler Script
[ENABLE]
camSpace:
//---------
// THE CALLS HERE
// camera 1
push cameraTest
call singleCam
// camera 2
push camera2
call singleCam
// camera 3
push camera3
call singleCam
//---------
ret
//---------
cameraTest:
dd #5 // startFrame
dd #745 // Endframe
// start cam
dd (float)1981.212402 // x
dd (float)7.7000161409 // y
dd (float)-1161.309692 // z
dd 0
dd 0
dd 0
dd 0
// end cam
dd (float)1983.569824 // x
dd (float)0.7000073791 // y
dd (float)-1078.487915 // z
dd 0
dd 0
dd 0
dd 0
camera2:
dd #1059 // startFrame
dd #1535 // Endframe
// start cam
dd (float)1981.223511 // x
dd (float)0.6999998689 // y
dd (float)-1047.607544 // z
dd 0
dd 0
dd 0
dd 0
// end cam
dd (float)1981.187012 // x
dd (float)0.7577060461 // y
dd (float)-1000.650208 // z
dd 0
dd 0
dd 0
dd 0
camera3:
dd #1702 // startFrame
dd #2060 // Endframe
// start cam
dd (float)1981.131958 // x
dd (float)0.7000050545 // y
dd (float)-984.2003784 // z
dd 0
dd 0
dd 0
dd 0
// end cam
dd (float)1980.182373 // x
dd (float)0.7000048757 // y
dd (float)-970.7127075 // z
dd 0
dd 0
dd 0
dd 0
[DISABLE]
camSpace:
db c3 90 90 90 90
241
"AweshitHereWeGoAgain"
Auto Assembler Script
[ENABLE]
camSpace:
//---------
// THE CALLS HERE
// camera 1
push camera1
call singleCam
// camera 2
push camera2
call singleCam
//---------
ret
//---------
camera1:
dd #200
dd #524
// capturedframe: 0
dd (float)1988.15
dd (float)1.6906
dd (float)-1074.923
dd (float)0.0
dd (float)1.0
dd (float)1.0
dd (float)0.0
// capturedframe: 526
dd (float)1988.6472
dd (float)4.4833
dd (float)-1140.0452
dd (float)0.4601
dd (float)0.747
dd (float)0.8515
dd (float)-0.5244
camera2:
dd #528
dd #798
// capturedframe: 580
dd (float)1988.6472
dd (float)4.4833
dd (float)-1140.0452
dd (float)0.4601
dd (float)0.747
dd (float)0.8515
dd (float)-0.5244
// capturedframe: 798
dd (float)1983.9507
dd (float)0.943
dd (float)-1194.9542
dd (float)-0.616
dd (float)0.7817
dd (float)0.7855
dd (float)0.616
[DISABLE]
camSpace:
db c3 90 90 90 90
238
"Creation tools"
1
240
"Capture Cam"
0080FF
Auto Assembler Script
[ENABLE]
{$LUA}
if syntaxcheck then return end
-- Functions
function round(num, numDecimalPlaces)
local mult = 10^(numDecimalPlaces or 0)
return math.floor(num * mult + 0.5) / mult
end
local mrPos = readPointer(getAddress("camera"))
local yaw = round(readFloat(mrPos + 0x30),4)
local yaw2 = round(readFloat(mrPos + 0x38),4)
local yah = round(readFloat(mrPos + 0x10),4)
local yah2 = round(readFloat(mrPos + 0x18),4)
local posX = round(readFloat(mrPos + 0x40),4)
local posY = round(readFloat(mrPos + 0x44),4)
local posZ = round(readFloat(mrPos + 0x48),4)
local gameTick = readPointer(getAddress(0x008AC434))
local gameTick = gameTick + 0x04
local gameTick = readInteger(gameTick)
local copyDaStuff = "// capturedframe: "..gameTick.."\n"..
"dd (float)"..posX.."\n"..
"dd (float)"..posY.."\n"..
"dd (float)"..posZ.."\n"..
"dd (float)"..yaw.."\n"..
"dd (float)"..yaw2.."\n"..
"dd (float)"..yah.."\n"..
"dd (float)"..yah2
local withnewLine = copyDaStuff.."\n"
writeToClipboard(copyDaStuff)
print(withnewLine)
iValue = ""
{$ASM}
dd 0
[DISABLE]
229
"Current Frame"
4 Bytes
008AC434
4
249
"Current Frame"
Float
camera+4
242
"CameraX"
Float
008B3910+40
232
"CameraY -edit"
Float
camera
44
233
"CameraY"
Float
008B3910+44
244
"CameraZ"
Float
008B3910+48
227
"SessionTime"
Float
Driv3r.exe+4D6D90
239
"Current Frame"
4 Bytes
008AC434
4
190
"Health"
804000
Float
gPlayer
24
245
"ChangePoliseccops"
Auto Assembler Script
[ENABLE]
alloc(entrypoint,2048)
globalalloc(threadcall,2048)
createthread(entrypoint)
registersymbol(exit_thread)
entrypoint:
cmp dword ptr [isThreadEnabled],1
jne short entrypoint
jmp threadcall
exit_thread:
// disable after one run cycle
mov [isThreadEnabled],0
// thread stuff
push #200 // one second should be nuff, dont be wasting precious cpu
call sleep
// loop back to start
jmp entrypoint
isThreadEnabled:
dd 0
registersymbol(isThreadEnabled)
threadcall:
jmp exit_thread
nop
nop
nop
nop
[DISABLE]
isThreadEnabled:
dd 0
unregistersymbol(isThreadEnabled)
unregistersymbol(threadcall)
1
"Thread:"
0:Halted
1:Running
4 Bytes
isThreadEnabled
Set Value
111
1
0
247
"Your code in here"
Auto Assembler Script
[ENABLE]
threadcall: // ENTRY
polisecops:
mov esi,[008AC320]
cmp esi,0
je exit_threadcall
// SetChaseCarPatrolDensity
mov edx,[esi]
push 00
push (float)50
mov ecx,esi
mov edi,eax
call dword ptr [edx+8C]
// RemoveAllChaseCarVehicleTypes
mov eax,[esi]
push 00
mov ecx,esi
call dword ptr [eax+78]
// AddChaseCarVehicleType
mov eax,[esi]
push 00
push 00
push 24
mov ecx,esi
call dword ptr[eax+A4] //a4
add esp,18
// AddChaseCarCharacterType
mov eax,[esi]
push 01
push 10B0D246
mov ecx,esi
call dword ptr [eax+B0]
mov eax,[esi]
push 01
push 05
mov ecx,esi
call dword ptr [eax+C8]
mov eax,[esi]
push 01
push 09
mov ecx,esi
call dword ptr [eax+BC]
mov edx,[esi]
push 01
push 04
push 01
push edi
mov ecx,esi
call dword ptr [edx+70]
mov edx,[esi]
push 01
push 08
push 01
push edi
mov ecx,esi
call dword ptr [edx+70]
mov edx,[esi]
push 01
push 10
push 01
push edi
mov ecx,esi
call dword ptr [edx+70]
mov edx,[esi]
push 01
push 20
push 00
push edi
mov ecx,esi
call dword ptr [edx+70]
exit_threadcall:
jmp exit_thread
[DISABLE]
threadcall:
jmp exit_thread
nop
nop
nop
nop
271
"Car position"
1
50
"CarX"
Float
"driv3r.exe"+004AC3F0
80
634
43C
C
8
48
"CarY"
Float
"driv3r.exe"+004AC3F0
84
634
43C
C
8
49
"CarZ"
Float
"driv3r.exe"+004AC3F0
88
634
43C
C
8
248
"Fugitive mode!"
4 Bytes
008AC4B0
+6EA0
207
"pPlayer"
1
4 Bytes
gPlayer
215
"pPlayerVehicle"
1
4 Bytes
gPlayer+4
263
"pPlayerVehicle.ID"
54:Le vortexLift
93:Le Compact XS
4 Bytes
gPlayer+4
14
C
e0
269
"pPlayerVehicle.isBike"
4 Bytes
gPlayer+8
268
"pPlayerBike.ID"
93:Le Compact XS
4 Bytes
gPlayer+4
14
C
F8
243
"FFS WHY I NO LABEL IT"
Float
Driv3r.exe+4B3978
Ultimate infinite mass:
- Allows every city
- You don't lose tires (nor do they pop)
- No collision timeout (which originally slows down car)
Super car speed:
- Removes the speed cap
- Modifier for acceleration
Run speed:
- Go insanely fast around the map
- Also works for swimming
Godmode:
- allows Tanuh to be invincible
- has one hit kill option when enabled
Dashboard view:
- Finaly a dashboard first person view
Vehicle names TAR menu:
- vehicle names will show in the Take a Ride menu
Make Dolva's open:
- little script that allows for opening the dolva doors (truck in Nice)
[Internal revisions]
Godmode version 2
Runspeed version 2
Car acceleration verion 2
Speedometer version 1
Dashboard view in FPV version 2 (complete)
[TODO]
- inf mass ALL CARS?
"Driv3r.exe"+F65FD
toggle object