Resident Evil 5 - hacks & hacking & other stuff [PC]

Resident Evil 5 - hacks & hacking & other stuff [PC]

Postby Sethioz » Fri Sep 18, 2009 5:00 am


> Knowledge Database Article is now available, all updates will go in there from now on.


> Trainer +2 - Infinite time and ammo < yes it's made by me and its only working trainer out there, enjoy !
> Video Demonstration
> Video - Village with infinite time and ammo
> Video - Unique Weapon Hacks
> Video - Super Weapons
> Video - Randomness

NOTE - before doing anything, read the following tutorials:
How to hack / get unlimited ammo in single player games
Basic game hacking tutorial & Toolz for it
these tutorials will explain how to use memory tools and how to use the following info

All of these can be found on 4 bytes search (yes including time)

Unlimited Ammo without reload

you simply search for the "ammo in clip" value, then filter.
you will come up with 2 addresses at end. freeze one of them and test if ammo froze.

Unlimited Ammo with reload

this time you search for the remaining ammo (total). you also come up with 2 addresses. you only need one of them (find it).
this also allows you to carry more than 50 bullets of pistol ammo in one box (in inventory). it goes for all ammo boxes, it allows you to get 999 or more ammo into one box.

Unlimited Gold

also very easy, you just search for the value of gold, then add as much as you want.

Unlimited PTAS (for buying extra stuff like infinite ammo)

exactly same as gold/money. to make things even more easier, then addresses are very close in memory. here's examples from my game:
gold/money address - 1312A3F0
ptas address - 1312A3F4
i accidently wasted most of my ptas (had 1000 left and nothing to buy) so i had to find it with 1 search. i just picked it out based on gold/money, but its smarter to filter 1-2 times and you have it.

Unlimited Time in The Mercenaries mode

this is lil bit trickier than in re4, thats why i couldn't find it at first try. trick is that do not do the 'not changed' search while paused, time seem to be changing lil bit when paused (not chaning, but value does jump up and down sometimes).
i did unknown and then decreased and increased, depending on what happend to time.
to make things very easy for you, i have few values for you to search

0.37.20 > 360079622
1.32.60 > 3110325254

NOTE that these are NOT exact values. you have to do ranged search, not exact !!! for example if your time shows 1.32.xx, then do this:
range from 3100325254 to 3120325254
or range from 3000325254 to 3220325254
then do "decreased" few times, while letting time decrease 1-2 seconds before each filtering. you should find it in 5-6 filters.
i made a hotkey for "decreased" and "increased"
maybe it makes your search even easier, maybe not, but i have included 2 of my time addresses, it seems that time address is not static, but here they are:
so when you find time once, then next time you can set a address filter too and find it in less than 3 searches

Editing items/weapons. Getting any item/weapon anywhere !!!! EXCLUSIVELY by me once again ! :)

eh sry for confusion, the explanation and details are few posts below. here's just few items you can use to search for the item slot in attachcase:
258 - m92f handgun (one you start with)
773 - herb green
774 - herb red
should be enought for you to find the slot by those. oh yeah and if you leave slot empty, value will be 0. so you can find it even when you have one item/weapon in total. like handgun. search for 258, move it into other slot and filter for 0.
read details in few posts below !!! its just here for the ppl who read first post and wanna see what hacks i got for re5.

Weapon upgrades

once again, you can't do anything unless you know how game's memory works and how to use HEX.
it's quite simple if you understand hex and game's memory, ok here it is.
first find weapon in attachbox (look above how).
now weapon is 1st byte and next byte after it is category (as explained already).
29 - 34 bytes are upgrades, i will specify them here:
5 byte - ammo in weapon's clip
29 byte - firepower
30 byte - fire rate/speed (this works with all weapons, you can make pistol shoot like machine gun)
31 byte - reload speed
32 byte - capacity (increasing it over weapon threshold will give you the infinity sign and infinite ammo)
34 byte - critical % (not sure if it works on all weapons

33 byte - ?? i have no idea what it is
ok it seems messy, i will include screenshot below. if you don't understand from screenshot, then you need to learn hex and how game's memory work.

How to get debugger working in order to find breakpoints

you can forget Tsearch, use olly debugger
now you need plugin for olly called phant0m (included in this post, look below)
you simply extract that .dll into your olly's directory.
now go into "plugins > phant0m" and enable the following options there:
msn_screenshot_263.jpg (20.06 KiB) Viewed 25379 times

click save
now restart olly (exit and reopen)
now run re5 and find the address you want to debug and find breakpoints for (like ammo address for example) you can do that with tsearch
now in olly, click file and attach (choose your re process and attach it)
it should pause re5, if so, then either click play button in olly or press F9
now in olly, right click the upper window and choose "go to > expression" and type in the address you found in tsearch (ammo lets say).
make sure that olly goes on it, to me it takes 2 times. i have to do it 2 times in order to make olly go on that address, you will notice right away if it's on right address.
ok once olly have highlighted the right address, right click it and choose "breakpoint > memory, on write"
now go back into game and shoot < this is the tricky part, because after i set breakpoint in olly, game started to lag and olly started to throw up some wierd messages.
if it says something like can't handle this and that, simply try pressing shift+F9 and move as quickly as possible ! dont look around, into game and shoot ! as fast as possible. now if you are able to sucessfully shoot at least ONE bullet, olly finds breakpoint and pauses game. DO NOT click play. the address it highlighted is the breakpoint you need. now as i have explained in the guides on how to find breakpoints and add them into tsearch. well here's how you do it in olly.
the address highlighted for me (breakpoint) was "c137cf"
so how i got the other ones ?! very simple. its in list, in olly, like so:
addresses you need are:
in other words, Tsearch's tmk would show you this line:
"c137cf 90 90 90"
so now you will add all these 3 addresses into Tsearch's cheatlist and set hotkeys (like explained in tutorials).
c137cf, c137d0 and c137d1 and make hotkey to change values to 144 on all. read the tutorials mentioned above for more details, this part is about olly and how to find breakpoints with olly, not how to add them into Tsearch.
PhantOm olly Plugin v1.54.rar
(45.55 KiB) Downloaded 577 times
weapon upgrades in memory
weaponupgrades.JPG (82.48 KiB) Viewed 25235 times
upload the exe for me ill see if theres protection in it.
i managed to get it running, but not really.
i used phant0m plugin for olly, but it keeps pausing with some fucking access violation message and says that press shift+F7/F8/F9 to pass it to process or something like that. when i do press shift+F9, it will work for a while and then same..pauses. it seems the offset is always different so i hoped that when i keep clicking shift+F9 to get it running, then it will finally stop doing that after all offsets are done, but when loading into gameplay, it crashed. game closed, but olly said "process terminated. exit code 8000FFFF (-2147418113.)"

but hey, thats a start. it didnt got detected. also when i pressed shift+F9 it said that something ignored in kernel32.dll (think it was kernel32.dll)
It is really cool 800 Bullets in a SIG 556 to have, Thank you for this video on Youtube
yes indeed, however you will get infinite ammo after you finish game (you have to buy them). im more interested in getting the debugger working so i could make a time hack normally. right now i have to make it again before each mercenaries mission. takes me less than 3 mins, but never the less it is annoying.
also what i wanna do is make a bigger attachcase, but i think its either extremely hard or not possible (not without modifiying game files).

offtopic: for all those idiots who think that i hack cuz i can't play. i played it on normal for first time as chris. my clear time was 10 hours with 11 deaths in total (4-5 of them was purely because of those video fights, where i tried to drink tea and look the clip and put controller down and then boom). badest accuracy was 48% and best accuracy was 100% (rocket launcher). other accuracys was between 50% - 90%. my primary weapon was that machine gun (sig 556 i think, the one on video) and accuracy was 72%. avarage rank was A (S on one, few was B and rest A) note that time matters in rank too and i am not a rusher retard (like most ppl). i always walk around and discover the places.
DO NOT post your dumb replys about your stats here, this is purely for your own usage. so you can compare how good you really are, i highly doubt anybody gets better results with FIRST time playing re5.

yes i did it, sucessfully attached debugger and managed to find out ammo breakpoints. so now i have infinite ammo anywhere and i do not need to make it again. check my first post. i will update it with the information needed in order to get debugger working, but don't get your hopes too high. my game crashed 3 times before i managed to get the right breakpoint ! it lagged and crashed, but i got it and thats important.

i wrote a quick trainer for ammo and time, but it crashes game and im quite sure why. it doesn't instantly crash game, but after like ammo should run out. for example if you have 10 bullets and you shoot 10 bullets, then usually game crashes (not always). reason is that game seem to be having some kind of check against it. so instead of just freezing ammo, i should make it add like 999999 bullets (should be more than enought to play over 24h straight and i doubt somebody does that). or just make a hotkey to add certain amount of ammo (like hotkey 1 gives 100 bullets and hotkey 2 gives 900 bullets). with this method im sure game will not crash, but writing the code is not that simple + re5 is very debugger hostile.

thats it .. whoever knows about trainers, add me. im having a quite easy problem, but my brain aint working right now :(
lets say there's a breakpoint like so "C137CF MOV [34A6B1C],eax", then what would be the code to write my own value there, not just nop the lines. in other words, write a value instead of eax. then i would give a quick "easywrite" code which would act as trainer or i could actually write a quick trainer for re5dx9 too.
so instead of freeze i would write 999999 ammo and same with time.
on my latest video (look first post), where i have 0:00:00 time all the time, i did the following:
i found the time address and then went to it's position in hex and wrote FF FF FF FF FF FF FF FF all over 8 bytes, then time just went to 0:00:00 and stayed that way without freezing. so i could do same if i would get the right code to inject it.

i wrote a quick code in Tsearch's easywrite (asm), but still seem to be crashing ?!
since RE5 seem to be using SMA (static memory address), it is same for all games, feel free to test out the following asm code:

this goes into the upper box in easywrite, but you need to replace few things, because as i said, it is quick code.
you have to replace "427DE64" with empty memory location. you can easily find empty space with tsearch. simply open HEX view and find empty location (filled with lots and lots of 00 00 00 00 ....). now just highlight one of them and check the 'offset' below, then use that in your code.

Code: Select all
offset 0x427DE64
mov dword ptr [ECX+8],0x12F
offset 0xC137CF
call 0x427DE64

this goes into bottom box, however game seem to be crashing when you disable it :(

Code: Select all
offset 0xC137CF
mov dword ptr [ECX+8],eax
i found a trainer, but it has same problem that i have. game will crash after a while, when values should run out.
that makes me wonder...does those retards just rip off the values and put them into trainer ?
blah this actually shows how retarded those trainer making ppl are, they seem to rip off their values or ask some professional to get them the values and thats it.
why i say this ? simple, this idiot never even tested if trainer works properly. it is obvious that this mr "fucked up name" (its some numbers and big letters in name wannabe name...) never even played RE5 with his trainer.

however this trainer is good for one thing. you can get infinite time with it. when freezing the timer, it will give you 60 minutes and freezes. after that, you simply turn it back off. IF you are so bad player that you need more than 60 mins to finish off 150 enemys, then you can always hit the hotkey again and get another 60 mins.
however if you keep it poked, then it will cause a game crash.

still if somebody knows why my asm code crashes the game after i try to take it off, then ideas are welcome.
RESIDENT EVIL 5 DX9 v1.0.0.129 + 13 Trainer.rar
(948.3 KiB) Downloaded 565 times
indeed i have done what i wanted.
i can now get any weapon anywhere, just like in re4. i can also make new items (anything i want).
first lets explain how you can find the item in the item management. i have not yet tested it in mercenaries, but i will soon.

first you do not need to go into game, go into the "item management"
first you must know that 2 bytes are handling weapons and items, but it goes like this:
01 01 < first byte is item/weapon and 2nd byte is category. categorys are as follows:

01 = weapons
02 = ammos
03 = first aid (herbs and such)
06 = support (melee vest and bulletproof vest)

it is very hard to explain if you don't know how memory works, you NEED to learn hex and how it works, before you can do anything (well not complete true)
ok ill make it very easy for you:

put your search type on 2 bytes and do this:
get one of the following items:

herb green - 773
herb red - 774
handgun ammo - 513
m92f handgun - 258

i picked these items, because you will get them at the beginning of game.

NOTE: you need to move items/weapons in attachbox in order to see the changes you made !!!

now you can find ANY attach slot you want, put one of the items into the desired slot (one you want to find) and search for the value i provided behind the items.
now switch the item, put another item into that slot. now you filter for the other value. you should find it after 1-2 filters !
now you can just put anything you want into that slot.
you can remove the item from slot, leaving it empty, then you can spawn new item/weapon in that slot.

ALTERNATE method: if you have only the handgun at beginning of the game, you can do the following:
search for 258 (2 bytes, NOT 1 or 4)
now move handgun into other slot and filter for 0
move handgun back into same slot and search for 258 again
get the idea ? good, you should find it after 1-2 filters.

I have not yet discovered the tuning slots. when you remove weapon/item from the slot, then tuning remains same ! so it might mess up some weapons. for example i just moved fully upgraded m92f into the slot, then i clicked on 'remove' so it went into inventory. now i put value of 258 into the slot's address and as result new m92f spawned into that slot, but it was fully upgraded aswell.

well enjoy, this is just beginning. ill try to figure out tuning too.
oh yeah and here's the item list. as i said before, to understand, you NEED to learn how HEX and game's memory works !!!
otherwise it will be quite useless to you, exept those 2 byte values. as explained above, you MUST set category before using those 1 byte values. for example if m92f is 2 in 1byte, then category must be 01. in hex it would look like this:
"02 01" and if you convert it into dec, it is 258 (game's memory is other way around) ..again, HARD to explain, you must learn how game's memory works and what is hex and bytes. anyways here's the list:

Code: Select all
dec - 1byte
1 -
2 - m92f pistol
3 - vz61 mg
4 - ithaca m37 sg
5 - s75 rif
6 - hand grenade
7 - incendiary grenade
8 - flash grenade
9 - sig 556 mg
10 - proximity bomb
11 - s&w m29 mag
12 - grenade launcher (invalid)
13 - rocket launcher (no ammo ?)
14 - knife
15 - longbow (no ammo)
16 - h&k p8 pistol
17 - sig p226 pistol (no ammo)
19 - h&k mp5 mg
21 - gatling gun (no ammo)
22 - m3 sg (no ammo)
23 - jail breaker sg
25 - hydra sg
26 - L. hawk mag (no ammo)
28 - h&k psg-1 [na]
27 - s&w m500 mag
29 - ak-74 [na]
30 - m93r pistol
31 - px4 pistol
32 - dragunov svd rif
33 - flamethrower
34 - stun rod
35 - knife
36 - knife
37 - G. launcher EXP
38 - G. launcher ACD
39 - G. launcher ICE
41 - samurai edge pistol
47 - gun turret
48 - lantern
52 - L.T.D.
53 - RPG-7 NVS
54 - egg rotten
55 - hand-to-hand
56 - dummy_wp38
57 - G. launcher FLM
58 - G. launcher FLS
59 - G. launcher ELC
60 - egg white
61 - egg brown
62 - egg gold
80 - adze
81 - sickle
82 - bow gun
83 - shovel
84 - dynamite
85 - machete
86 - shotgun
87 - grenade launcher
88 - giant ax
89 - steel pipe
90 - bottle
91 - chainsaw
92 - dummy
93 - gatling gun
94 - torch
95 - spear
96 - shield
97 - shield
98 - bow
99 - shield
100 - morning star
101 - stun rod
102 - knife
103 - handgun
104 - rocket launcher
105 - adze
106 - machine gun
107 - rifle
108 - molotov coctail
109 - hand grenade
110 - flash grenade
111 - spear
112 - chair
113 - pickax
114 - club
115 - wrench
116 - bomb
117 - megaphone
118 - machine gun
119 - 144 - dummy
145 - handgun ammo
146 - machine gun ammo
147 - shotgun shells
148 - rifle ammo
150 - explosive rounds
151 - acid rounds
152 - nitrogen rounds
153 - magnum ammo
154 - rocket
155 - arrow
158 - flame rounds
159 - flash rounds
160 - electric rounds
161 - RPG round
162 - nothing
163 - herb green
164 - herb red
165 - herb x
166 - first aid spray
167 - herb green
168 - herb red
169 - herb g+g
170 - herb g+g+g
171 - herb g+r
172 - herb g+x
173 - herb g+r+x
174 - egg white
175 - egg brown
176 - egg gold
177 - nile perch
178 - nile perch big
179 - water
180 - herb x
181 - nothing
182 - gold large
183 - gold small
184 - gold bars
185 - sapphire
186 -  203 - dummy
204 - gold ring
205 - dead bride's necklace
206 - venom fang
207 - antique clock
208 - chalice silver
209 - chalice gold
210 - idol silver
211 - idol gold
212 - ceremonial mask
213 - ivory relief
214 - bettle brown
215 - jewel beetle
216 - royal necklace
217 - jewel bangle
218 - beetle gold
219 - beetle emerald green
220 - 255 dummy

dec 2bytes

308 - L.T.D. - ION targeting system
283 - s&w 500 mag
289 - flamethrower
297 - samurai edge hg
277 - minigun
278 - m3 sg
513 - handgun ammo
514 - machine gun ammo
515 - shotgun shells
516 - rifle ammo
518 - explosive rounds
519 - acid rounds
520 - nitrogen rounds
521 - magnum ammo
522 - rocket
258 - m92f hg
259 - vz61 mg
260 - ithaca m37 sg
261 - s75 rif
262 - hand grenade
263 - incendiary grenade
265 - sig 556 mg
271 - longbow
282 - l hawk mag
773 - herb green
774 - herb red
775 - herb g+g
776 - herb g+g+g
777 - herb g+r
778 - herb g+x
779 - herb g+r+x
1537 - melee vest
1542 - bulletproof vest

reason why i have so many wierd items, is that i did not realize at first that there's 2 bytes controllying the weapon/item and that other byte is category. i used it on one byte with category on 1. so this is why i got some unusual results bah.
however the ones i named above are tested and working values which you can use to find the item slot !

ah yes, if you wish to know what item is what (if you have the item), then simply set address to 2 bytes and move your item/weapon into the slot you have address for, then you are able to see value for this item/weapon

i have updated the list, with "Samurai Edge HG", "Gatling gun" and "Flamethrower", flamer and samurai can be used in story mode, but they do not have any info or icon.
also you need to copy whole weapon in order to make it make damage.

when you are in game, not in the management screen, then you can not find weapons like this.
only way while in gameplay is with ammo.
so here's how you do it:
search for the ammo you have in clip
once you find the value, go into that position in hex view. now here's explanation how game maps it:
01 02 03 04 05 06 < 6 bytes of data, where 5th and 6th bytes are ammo in clip. so based on that, you can get the address for weapon itself.
weapon is on 1st and 2nd byte.
so category would be "02" and weapon/item would be "01"
don't post nonsense here. it is only hack discussion.

i found the Satallite targeting weapon. L.T.D or whatever it is. i call it ION cannon targeting system.
its the weapon you can use on the excella fight. however i haven't got it working yet. it points the big red laser dot (coming from sky) on the target, but it does not lock on, so you can't shoot.
i tried to fix it once, but crashed game and got annoyed. i have included the screenshot of game's memory when i had the actual ION cannon taken out (the one at boss fight). so feel free to try.
ill update item list too. 2 byte value for ION cannon is 308. its in category 01 (weapons).
on the screenshot, ION cannon is at highlighted place (34 01) < this is the ION itself, but there's obviously other values that make it function properly.
ION.JPG (68.01 KiB) Viewed 25297 times
i got time and ammo working, well in a way. you have to enable and then disable. so you will have 16777215 bullets in clip (should last more than 24h constant fire) and time is 00:00:00, which never runs out.
i did not wrote trainer yet, but its as good as trainer. its asm code for Tsearch's easywrite.

How to use:

open tsearch
locate easywrite (if its not open, click that big button on top saying "EasyWrite"
in easywrite window, click on open (that yellow folder)
locate my file and open it
Num 1 will enable/disable ammo
Num 0 will enable/disable time
you can edit them by doubleclicking the text of ammo and/or time

NOTE: do not forget to disable ammo and/or time after you enable them, keeping them enabled will result in crash.

NOTE - if your game instantly crashes after you enable ammo or time, then you need to change few addresses, relax. its just once.
i checked and in my friend's computer memory seem to be same, but you may never know !
so here's guide and code. i also attached re5hacks.esy file to post (this file can be opened with Tsearch's easywrite).


this goes into upper box in easywrite:

Code: Select all
offset 0x427DE64
mov dword ptr [ECX+8],0xFFFF
offset 0xC137CF
call 0x427DE64

this goes into bottom box

Code: Select all
offset 0xC137CF
hex 89410833C0


Upper box

Code: Select all
offset 0x427DEE4
mov dword ptr [ESI+4C8],0xFFFFFFFFFFFF
offset 0x72507F
call 0x427DEE4

Bottom box

Code: Select all
offset 0x72507F
hex F30F1186C8

now the guide part, where i tell you which to replace if you experience instant crash.
both, in time and ammo. the first "offset" and then "call" in upper windows. addresses that start with 0x427.
in my game's memory those are empty. it is empty memory place, where my code will be written. it will crash if your game's memory location is not empty.
to check and/or find empty location in your game's memory:
1. click on "HEX Editor"
2. now click on "go to" button in hex window (its either first or second button). choose *beginning of process and *hex, insert the address (ones mentioned above) and hit GO
3. if memory location of 427DEE4 and/or 427DE64 is not empty, then find empty location !! you can either use search and search for bunch of 00000000000000000000000000000000000000 or you can use the scrollbar in hex editor to locate big empty place.
small place will NOT do, because it is most likely temporary and will be used next time you use game.
4. once you find empty location, click on it (highlight any of the 00) and then look at bottom, where it says "offset"
5. replace my addresses with yours, click ok in easywrite.

screw that, i made trainer. works just fine, unless you are idiot and keep them enabled. yes thats true, you have to disable them right after enabling. enable will give you 65535 bullets, which is more than enough i guess + you can always do it again if you run out or want to have it for any other weapon.
note on ammo:
shoot to get 65535 bullets

note2 on ammo:
counter will only show 999, but you have 65535, really you do.

oh yeah and don't get used to this, i made this trainer only because this game pissed me off with this stupid memory check and isdebuggerpresent protections. i just showed that it is possible to get what i want without crashing game.
all other trainers out there has the same crashing problems that i have discribed in earlier posts. so yeah, enjoy !
(252 Bytes) Downloaded 517 times
(121.27 KiB) Downloaded 485 times
as i promised, here it is. weapon upgrades. you can now upgrade weapons beyond their capabilities.
minigun on turbo mode is kickass.
well i updated my first post with the byte order and how to find it, but here it is again. this is chunk from my re5hacking memo file.

Code: Select all
1 byte - weapon/item
2 byte - weapon/item category
5 byte - ammo in clip/number of items
29 byte - firepower
30 byte - fire speed (works for all weapons !)
31 byte - reload speed
32 byte - capacity
34 byte - critical % (pistols only ?)

under 1 byte i mean that you have weapon offset highlighted, then next after it is category..etc.
in case you find "ammo in clip" first and want to find weapon, well easy and logical.
when you have "ammo in clip" highlighted, then count it as 5th byte and count back from it to find weapon, like so:
12 01 00 00 64 00 00 00 < where 64 is ammo in clip, 12 is weapon and 01 is category. get the idea ?

i made awsome video with superweapons. Minigun with Turbo mode, real infinite ammo, when infinite ammo is disabled and my famous rapid fire ofcourse.
these hacks can be saved. once you hack a weapon and remove it from your attachbox into inventory, it will be saved ! i don't know about online, but im sure that if you play with other ppl you can actually give this hacked weapon to them.

it is actually possible to get items/weapons that should never be able to be used by player. like axe, chair, dynamite, bomb, shield, molotov..etc. and some of them are useable. you can throw molotovs and they do damage, you can also crack somebody's scull with flying bottle, dynamite is also nice, but it won't explode, unless you shoot it.
check the first post for "video - randomness". some random and crazy stuff i did.
