RDR.CT

<?xml version="1.0" encoding="utf-8"?>
<CheatTable CheatEngineTableVersion="45">
  <CheatEntries>
    <CheatEntry>
      <ID>20</ID>
      <Description>"Scripts"</Description>
      <Options moHideChildren="1"/>
      <Color>008000</Color>
      <GroupHeader>1</GroupHeader>
      <CheatEntries>
        <CheatEntry>
          <ID>2</ID>
          <Description>"Infinite Ammo"</Description>
          <Color>008000</Color>
          <VariableType>Auto Assembler Script</VariableType>
          <AssemblerScript>{ Game   : RDR.exe
  Version: 
  Date   : 2024-11-07
  Author : sub1to

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(INF_AMMO,RDR.exe,F3 0F 5C C6 F3 0F 11 04 88 F3) // should be unique
registersymbol(INF_AMMO)

INF_AMMO:
  db 90 90 90 90

[DISABLE]

INF_AMMO:
  db F3 0F 5C C6

unregistersymbol(INF_AMMO)

{
// ORIGINAL CODE - INJECTION POINT: RDR.exe+3013FC

RDR.exe+3013D9: EB 77                    - jmp RDR.exe+301452
RDR.exe+3013DB: 48 8B 43 28              - mov rax,[rbx+28]
RDR.exe+3013DF: 0F BF 48 10              - movsx ecx,word ptr [rax+10]
RDR.exe+3013E3: 48 8B 46 08              - mov rax,[rsi+08]
RDR.exe+3013E7: 48 8D 0C 49              - lea rcx,[rcx+rcx*2]
RDR.exe+3013EB: 80 7C 88 08 00           - cmp byte ptr [rax+rcx*4+08],00
RDR.exe+3013F0: 75 27                    - jne RDR.exe+301419
RDR.exe+3013F2: F3 0F 10 04 88           - movss xmm0,[rax+rcx*4]
RDR.exe+3013F7: 0F 2F C6                 - comiss xmm0,xmm6
RDR.exe+3013FA: 72 13                    - jb RDR.exe+30140F
// ---------- INJECTING HERE ----------
RDR.exe+3013FC: F3 0F 5C C6              - subss xmm0,xmm6
// ---------- DONE INJECTING  ----------
RDR.exe+301400: F3 0F 11 04 88           - movss [rax+rcx*4],xmm0
RDR.exe+301405: F3 0F 58 B3 2C 01 00 00  - addss xmm6,[rbx+0000012C]
RDR.exe+30140D: EB 3B                    - jmp RDR.exe+30144A
RDR.exe+30140F: 0F 28 F0                 - movaps xmm6,xmm0
RDR.exe+301412: C7 04 88 00 00 00 00     - mov [rax+rcx*4],00000000
RDR.exe+301419: F3 0F 58 B3 2C 01 00 00  - addss xmm6,[rbx+0000012C]
RDR.exe+301421: EB 27                    - jmp RDR.exe+30144A
RDR.exe+301423: E8 68 6F F0 FF           - call RDR.exe+208390
RDR.exe+301428: 84 C0                    - test al,al
RDR.exe+30142A: 74 0A                    - je RDR.exe+301436
}
</AssemblerScript>
        </CheatEntry>
        <CheatEntry>
          <ID>4</ID>
          <Description>"No Reload"</Description>
          <Color>008000</Color>
          <VariableType>Auto Assembler Script</VariableType>
          <AssemblerScript>{ Game   : RDR.exe
  Version: 
  Date   : 2024-11-07
  Author : sub1to

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(NO_RELOAD,RDR.exe,F3 41 0F 5C C1 F3 0F 11 8B) // should be unique
registersymbol(NO_RELOAD)

NO_RELOAD:
  db 90 90 90 90 90


[DISABLE]

NO_RELOAD:
  db F3 41 0F 5C C1

unregistersymbol(NO_RELOAD)

{
// ORIGINAL CODE - INJECTION POINT: RDR.exe+3028FF

RDR.exe+3028CD: BA FF FF FF FF           - mov edx,FFFFFFFF
RDR.exe+3028D2: 4C 8B C8                 - mov r9,rax
RDR.exe+3028D5: C6 44 24 20 01           - mov byte ptr [rsp+20],01
RDR.exe+3028DA: 45 33 C0                 - xor r8d,r8d
RDR.exe+3028DD: 48 8B CE                 - mov rcx,rsi
RDR.exe+3028E0: E8 6B FF 36 00           - call RDR.exe+672850
RDR.exe+3028E5: F3 0F 10 83 2C 01 00 00  - movss xmm0,[rbx+0000012C]
RDR.exe+3028ED: 41 0F 28 C9              - movaps xmm1,xmm9
RDR.exe+3028F1: F3 0F 58 8B DC 01 00 00  - addss xmm1,[rbx+000001DC]
RDR.exe+3028F9: 8B 83 20 01 00 00        - mov eax,[rbx+00000120]
// ---------- INJECTING HERE ----------
RDR.exe+3028FF: F3 41 0F 5C C1           - subss xmm0,xmm9
// ---------- DONE INJECTING  ----------
RDR.exe+302904: F3 0F 11 8B DC 01 00 00  - movss [rbx+000001DC],xmm1
RDR.exe+30290C: F3 0F 11 83 2C 01 00 00  - movss [rbx+0000012C],xmm0
RDR.exe+302914: 0F BA E0 08              - bt eax,08
RDR.exe+302918: 73 0F                    - jae RDR.exe+302929
RDR.exe+30291A: 0F BA E8 09              - bts eax,09
RDR.exe+30291E: 89 83 20 01 00 00        - mov [rbx+00000120],eax
RDR.exe+302924: E9 52 04 00 00           - jmp RDR.exe+302D7B
RDR.exe+302929: 0F BA F0 09              - btr eax,09
RDR.exe+30292D: 89 83 20 01 00 00        - mov [rbx+00000120],eax
RDR.exe+302933: E8 F8 4D 00 00           - call RDR.exe+307730
}
</AssemblerScript>
        </CheatEntry>
        <CheatEntry>
          <ID>9</ID>
          <Description>"Infinite Horse Stamina"</Description>
          <Color>008000</Color>
          <VariableType>Auto Assembler Script</VariableType>
          <AssemblerScript>{ Game   : RDR.exe
  Version:
  Date   : 2024-11-07
  Author : sub1to

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(INF_HORSE_STAM,RDR.exe,F3 0F 5C 64 24 08) // should be unique
alloc(newmem,$1000,INF_HORSE_STAM)

label(code)
label(return)

newmem:
  mov [rsp+08], (float)1.0
code:
  movss xmm4,[rsp+08]
  jmp return

INF_HORSE_STAM:
  jmp newmem
  nop
return:
registersymbol(INF_HORSE_STAM)

[DISABLE]

INF_HORSE_STAM:
  db F3 0F 5C 64 24 08

unregistersymbol(INF_HORSE_STAM)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: RDR.exe+AEBF11

RDR.exe+AEBEF2: F3 0F 5C C1        - subss xmm0,xmm1
RDR.exe+AEBEF6: 0F 2F C2           - comiss xmm0,xmm2
RDR.exe+AEBEF9: 73 03              - jae RDR.exe+AEBEFE
RDR.exe+AEBEFB: 0F 28 CD           - movaps xmm1,xmm5
RDR.exe+AEBEFE: F3 0F 11 4A 20     - movss [rdx+20],xmm1
RDR.exe+AEBF03: EB 05              - jmp RDR.exe+AEBF0A
RDR.exe+AEBF05: F3 0F 10 4A 20     - movss xmm1,[rdx+20]
RDR.exe+AEBF0A: 0F 28 E9           - movaps xmm5,xmm1
RDR.exe+AEBF0D: 84 DB              - test bl,bl
RDR.exe+AEBF0F: 74 14              - je RDR.exe+AEBF25
// ---------- INJECTING HERE ----------
RDR.exe+AEBF11: F3 0F 5C 64 24 08  - subss xmm4,[rsp+08]
// ---------- DONE INJECTING  ----------
RDR.exe+AEBF17: F3 0F 11 62 1C     - movss [rdx+1C],xmm4
RDR.exe+AEBF1C: 41 8B 43 50        - mov eax,[r11+50]
RDR.exe+AEBF20: 89 42 28           - mov [rdx+28],eax
RDR.exe+AEBF23: EB 7C              - jmp RDR.exe+AEBFA1
RDR.exe+AEBF25: F3 0F 10 5A 28     - movss xmm3,[rdx+28]
RDR.exe+AEBF2A: 0F 2F DA           - comiss xmm3,xmm2
RDR.exe+AEBF2D: 76 12              - jna RDR.exe+AEBF41
RDR.exe+AEBF2F: F3 0F 5C DE        - subss xmm3,xmm6
RDR.exe+AEBF33: 0F 28 C2           - movaps xmm0,xmm2
RDR.exe+AEBF36: F3 0F 5F C3        - maxss xmm0,xmm3
}
</AssemblerScript>
        </CheatEntry>
        <CheatEntry>
          <ID>18</ID>
          <Description>"Infinite Health"</Description>
          <Color>008000</Color>
          <VariableType>Auto Assembler Script</VariableType>
          <AssemblerScript>{ Game   : RDR.exe
  Version: 
  Date   : 2024-11-07
  Author : sub1to

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(_SET_HEALTH,RDR.exe,F3 0F 11 73 20 0F 28 74) // should be unique
alloc(newmem,$1000,_SET_HEALTH)


label(code)
label(return)

newmem:
  // function will return soon after, we can use pretty much any volatile register
  mov rcx, [rbx+10] // get ped/actor
  mov cl, [rcx+118]
  test cl, 1
  jz code // not a player

  mov ecx, [rbx+1C] // max health
  mov [rbx+20], ecx
  jmp return

code:
  movss [rbx+20],xmm6
  jmp return

_SET_HEALTH:
  jmp newmem
return:
registersymbol(_SET_HEALTH)

[DISABLE]

_SET_HEALTH:
  db F3 0F 11 73 20

unregistersymbol(_SET_HEALTH)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: RDR.exe+AE61B4

RDR.exe+AE6185: 75 2D                       - jne RDR.exe+AE61B4
RDR.exe+AE6187: C7 44 24 40 25 00 00 00     - mov [rsp+40],00000025
RDR.exe+AE618F: C7 44 24 44 01 00 00 00     - mov [rsp+44],00000001
RDR.exe+AE6197: EB 0D                       - jmp RDR.exe+AE61A6
RDR.exe+AE6199: A8 04                       - test al,04
RDR.exe+AE619B: 75 17                       - jne RDR.exe+AE61B4
RDR.exe+AE619D: 48 C7 44 24 40 25 00 00 00  - mov qword ptr [rsp+40],00000025
RDR.exe+AE61A6: 48 8B 4B 10                 - mov rcx,[rbx+10]
RDR.exe+AE61AA: 48 8D 54 24 40              - lea rdx,[rsp+40]
RDR.exe+AE61AF: E8 AC B3 FF FF              - call RDR.exe+AE1560
// ---------- INJECTING HERE ----------
RDR.exe+AE61B4: F3 0F 11 73 20              - movss [rbx+20],xmm6
// ---------- DONE INJECTING  ----------
RDR.exe+AE61B9: 0F 28 74 24 20              - movaps xmm6,[rsp+20]
RDR.exe+AE61BE: 48 83 C4 30                 - add rsp,30
RDR.exe+AE61C2: 5B                          - pop rbx
RDR.exe+AE61C3: C3                          - ret 
RDR.exe+AE61C4: CC                          - int 3 
RDR.exe+AE61C5: CC                          - int 3 
RDR.exe+AE61C6: CC                          - int 3 
RDR.exe+AE61C7: CC                          - int 3 
RDR.exe+AE61C8: CC                          - int 3 
RDR.exe+AE61C9: CC                          - int 3 
}
</AssemblerScript>
        </CheatEntry>
        <CheatEntry>
          <ID>24</ID>
          <Description>"Infinite Deadeye"</Description>
          <Color>008000</Color>
          <VariableType>Auto Assembler Script</VariableType>
          <AssemblerScript>{ Game   : RDR.exe
  Version: 
  Date   : 2024-11-07
  Author : sub1to

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(_READ_DEADEYE,RDR.exe,F3 41 0F 10 81 C0 03 00 00) // should be unique
alloc(newmem,$1000,_READ_DEADEYE)

label(code)
label(return)

newmem:
  mov eax, [r9+3C4]
  mov [r9+3C0], eax

code:
  movss xmm0,[r9+000003C0]
  jmp return

_READ_DEADEYE:
  jmp newmem
  nop 4
return:
registersymbol(_READ_DEADEYE)

[DISABLE]

_READ_DEADEYE:
  db F3 41 0F 10 81 C0 03 00 00

unregistersymbol(_READ_DEADEYE)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: RDR.exe+68D8D6

RDR.exe+68D899: F3 0F 10 40 30              - movss xmm0,[rax+30]
RDR.exe+68D89E: F3 0F 10 50 38              - movss xmm2,[rax+38]
RDR.exe+68D8A3: F3 0F 10 48 34              - movss xmm1,[rax+34]
RDR.exe+68D8A8: F3 0F 11 05 B0 2D 53 02     - movss [RDR.exe+2BC0660],xmm0
RDR.exe+68D8B0: F3 0F 11 0D AC 2D 53 02     - movss [RDR.exe+2BC0664],xmm1
RDR.exe+68D8B8: F3 0F 11 15 A8 2D 53 02     - movss [RDR.exe+2BC0668],xmm2
RDR.exe+68D8C0: F3 0F 10 40 3C              - movss xmm0,[rax+3C]
RDR.exe+68D8C5: F3 0F 11 05 9F 2D 53 02     - movss [RDR.exe+2BC066C],xmm0
RDR.exe+68D8CD: 4D 85 C9                    - test r9,r9
RDR.exe+68D8D0: 0F 84 B8 00 00 00           - je RDR.exe+68D98E
// ---------- INJECTING HERE ----------
RDR.exe+68D8D6: F3 41 0F 10 81 C0 03 00 00  - movss xmm0,[r9+000003C0]
// ---------- DONE INJECTING  ----------
RDR.exe+68D8DF: F3 41 0F 5E 81 C4 03 00 00  - divss xmm0,[r9+000003C4]
RDR.exe+68D8E8: 48 8B 05 41 8D 5A 02        - mov rax,[RDR.exe+2C36630]
RDR.exe+68D8EF: F3 41 0F 11 87 08 01 00 00  - movss [r15+00000108],xmm0
RDR.exe+68D8F8: 49 8B 89 10 04 00 00        - mov rcx,[r9+00000410]
RDR.exe+68D8FF: 44 0F B6 80 2E 01 00 00     - movzx r8d,byte ptr [rax+0000012E]
RDR.exe+68D907: 41 80 E0 08                 - and r8b,08
RDR.exe+68D90B: 8B 51 1C                    - mov edx,[rcx+1C]
RDR.exe+68D90E: 85 D2                       - test edx,edx
RDR.exe+68D910: 74 3B                       - je RDR.exe+68D94D
RDR.exe+68D912: 83 EA 01                    - sub edx,01
}
</AssemblerScript>
        </CheatEntry>
        <CheatEntry>
          <ID>263</ID>
          <Description>"Blazing Guns (Fire Ammo)"</Description>
          <Color>008000</Color>
          <VariableType>Auto Assembler Script</VariableType>
          <AssemblerScript>{ Game   : RDR.exe
  Version: 
  Date   : 2024-11-08
  Author : sub1to

0:  48 89 cd                mov    rbp,rcx
3:  44 89 ce                mov    esi,r9d
6:  4c 89 c7                mov    rdi,r8
9:  49 89 d6                mov    r14,rdx

0:  41 8a 80 18 01 00 00    mov    al,BYTE PTR [r8+0x118]

0:  a8 01                   test   al,0x1

}

[ENABLE]
aobscanmodule(_ENABLE_BLAZING_GUNS,RDR.exe,41 0f b6 80 18 01 00 00 48 8b e9 0f b6 0d a4 85 44 02 24 03 41 8b f1 49 8b f8 4c 8b f2 3c 03 74 08 84 c9 0f 84 cb 01 00 00 80 3d d3 a6 44 02 00 0f 85 cf 01 00 00 84 c9 0f 85 c7 01 00 00 38 8d 88 5b 00 00)
registersymbol(_ENABLE_BLAZING_GUNS)

aobscanmodule(_NO_RNG_BLAZING_GUNS,RDR.exe,0F 2F CA 0F 86 3F 01 00 00)
registersymbol(_NO_RNG_BLAZING_GUNS)

_ENABLE_BLAZING_GUNS:
  db 48 89 cd 90 44 89 ce 90 4c 89 c7 90 49 89 d6 90 41 8a 80 18 01 00 00 90 90
  db 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
  db 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 a8 01

_NO_RNG_BLAZING_GUNS:
  db 90 90 90 90 90 90 90 90 90

[DISABLE]
_ENABLE_BLAZING_GUNS:
  db 41 0f b6 80 18 01 00 00 48 8b e9 0f b6 0d a4 85 44 02 24 03 41 8b f1 49 8b
  db f8 4c 8b f2 3c 03 74 08 84 c9 0f 84 cb 01 00 00 80 3d d3 a6 44 02 00 0f 85
  db cf 01 00 00 84 c9 0f 85 c7 01 00 00 38 8d 88 5b 00 00

_NO_RNG_BLAZING_GUNS:
  db 0F 2F CA 0F 86 3F 01 00 00

unregistersymboL(_NO_RNG_BLAZING_GUNS)
unregistersymboL(_ENABLE_BLAZING_GUNS)

{
// ORIGINAL CODE - INJECTION POINT: RDR.exe+68780E

41 0F B6 80 18 01 00 00 48 8B E9 0F B6 0D D4 92 43 02 24 03 41 8B F1 49 8B F8 4C 8B F2

RDR.exe+6877E9: 48 83 EC 60              - sub rsp,60
// ---------- INJECTING HERE ----------
RDR.exe+6877ED: 41 0F B6 80 18 01 00 00  - movzx eax,byte ptr [r8+00000118]
RDR.exe+6877F5: 48 8B E9                 - mov rbp,rcx
RDR.exe+6877F8: 0F B6 0D D4 92 43 02     - movzx ecx,byte ptr [RDR.exe+2AC0AD3]
RDR.exe+6877FF: 24 03                    - and al,03
RDR.exe+687801: 41 8B F1                 - mov esi,r9d
RDR.exe+687804: 49 8B F8                 - mov rdi,r8
RDR.exe+687807: 4C 8B F2                 - mov r14,rdx
RDR.exe+68780A: 3C 03                    - cmp al,03
RDR.exe+68780C: 74 08                    - je RDR.exe+687816
RDR.exe+68780E: 84 C9                    - test cl,cl
RDR.exe+687810: 0F 84 CB 01 00 00        - je RDR.exe+6879E1
RDR.exe+687816: 80 3D 03 B4 43 02 00     - cmp byte ptr [RDR.exe+2AC2C20],00
RDR.exe+68781D: 0F 85 CF 01 00 00        - jne RDR.exe+6879F2
RDR.exe+687823: 84 C9                    - test cl,cl
RDR.exe+687825: 0F 85 C7 01 00 00        - jne RDR.exe+6879F2
RDR.exe+68782B: 38 8D 88 5B 00 00        - cmp [rbp+00005B88],cl
// ---------- DONE INJECTING  ----------
RDR.exe+687831: 0F 84 AA 01 00 00        - je RDR.exe+6879E1
RDR.exe+687837: 8B 05 0B 78 46 02        - mov eax,[RDR.exe+2AEF048]
RDR.exe+68783D: 0F 57 C0                 - xorps xmm0,xmm0
RDR.exe+687840: 48 69 C8 A7 FA DC 5C     - imul rcx,rax,5CDCFAA7
}


{
RNG NONSENSE
// ORIGINAL CODE - INJECTION POINT: RDR.exe+687897

RDR.exe+687868: 48 8B C1                 - mov rax,rcx
RDR.exe+68786B: 89 0D D7 77 46 02        - mov [RDR.exe+2AEF048],ecx
RDR.exe+687871: 81 E1 FF FF 7F 00        - and ecx,007FFFFF
RDR.exe+687877: 48 C1 E8 20              - shr rax,20
RDR.exe+68787B: 89 05 CB 77 46 02        - mov [RDR.exe+2AEF04C],eax
RDR.exe+687881: 66 0F 6E C9              - movd xmm1,ecx
RDR.exe+687885: 0F 5B C9                 - cvtdq2ps xmm1,xmm1
RDR.exe+687888: F3 0F 59 0D 34 A6 6D 01  - mulss xmm1,[RDR.exe+1D61EC4]
RDR.exe+687890: F3 0F 58 C8              - addss xmm1,xmm0
RDR.exe+687894: 0F 2F CA                 - comiss xmm1,xmm2
// ---------- INJECTING HERE ----------
RDR.exe+687897: 0F 86 3F 01 00 00        - jbe RDR.exe+6879DC
// ---------- DONE INJECTING  ----------
RDR.exe+68789D: 48 89 9C 24 80 00 00 00  - mov [rsp+00000080],rbx
RDR.exe+6878A5: 48 8B CD                 - mov rcx,rbp
RDR.exe+6878A8: 8B 9A 88 01 00 00        - mov ebx,[rdx+00000188]
RDR.exe+6878AE: 48 8D 54 24 48           - lea rdx,[rsp+48]
RDR.exe+6878B3: 89 5C 24 40              - mov [rsp+40],ebx
RDR.exe+6878B7: E8 14 EA FF FF           - call RDR.exe+6862D0
RDR.exe+6878BC: 0F B7 08                 - movzx ecx,word ptr [rax]
RDR.exe+6878BF: 48 8B 05 D2 BA 5E 02     - mov rax,[RDR.exe+2C73398]
RDR.exe+6878C6: 48 03 C9                 - add rcx,rcx
RDR.exe+6878C9: 48 8B 14 C8              - mov rdx,[rax+rcx*8]
}
</AssemblerScript>
        </CheatEntry>
        <CheatEntry>
          <ID>481</ID>
          <Description>"All Gold Guns (Doesn't Save)"</Description>
          <Color>008000</Color>
          <VariableType>Auto Assembler Script</VariableType>
          <AssemblerScript>{ Game   : RDR.exe
  Version: 
  Date   : 2024-11-12
  Author : sub1to

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(_READ_IS_GUN_GOLD,RDR.exe,80 BF BA 09 00 00 00) // should be unique
alloc(newmem,$1000,_READ_IS_GUN_GOLD)

label(code)
label(return)

newmem:
  mov byte ptr [rdi+000009BA],01

code:
  cmp byte ptr [rdi+000009BA],00
  jmp return

_READ_IS_GUN_GOLD:
  jmp newmem
  nop 2
return:
registersymbol(_READ_IS_GUN_GOLD)

[DISABLE]

_READ_IS_GUN_GOLD:
  db 80 BF BA 09 00 00 00

unregistersymbol(_READ_IS_GUN_GOLD)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: RDR.exe+2FF4A9

RDR.exe+2FF475: 80 8F B7 09 00 00 01  - or byte ptr [rdi+000009B7],01
RDR.exe+2FF47C: 0F B7 87 BC 02 00 00  - movzx eax,word ptr [rdi+000002BC]
RDR.exe+2FF483: 48 8D 97 80 00 00 00  - lea rdx,[rdi+00000080]
RDR.exe+2FF48A: 48 8B 0D E7 72 93 02  - mov rcx,[RDR.exe+2C36778]
RDR.exe+2FF491: 48 03 C0              - add rax,rax
RDR.exe+2FF494: 48 8B 0C C1           - mov rcx,[rcx+rax*8]
RDR.exe+2FF498: E8 B3 A0 F1 FF        - call RDR.exe+219550
RDR.exe+2FF49D: 48 8B 8B 10 01 00 00  - mov rcx,[rbx+00000110]
RDR.exe+2FF4A4: 48 85 C9              - test rcx,rcx
RDR.exe+2FF4A7: 74 19                 - je RDR.exe+2FF4C2
// ---------- INJECTING HERE ----------
RDR.exe+2FF4A9: 80 BF BA 09 00 00 00  - cmp byte ptr [rdi+000009BA],00
// ---------- DONE INJECTING  ----------
RDR.exe+2FF4B0: 8B 41 2C              - mov eax,[rcx+2C]
RDR.exe+2FF4B3: 74 06                 - je RDR.exe+2FF4BB
RDR.exe+2FF4B5: 0F BA E8 13           - bts eax,13
RDR.exe+2FF4B9: EB 04                 - jmp RDR.exe+2FF4BF
RDR.exe+2FF4BB: 0F BA F0 13           - btr eax,13
RDR.exe+2FF4BF: 89 41 2C              - mov [rcx+2C],eax
RDR.exe+2FF4C2: 8B 87 20 01 00 00     - mov eax,[rdi+00000120]
RDR.exe+2FF4C8: C1 E8 05              - shr eax,05
RDR.exe+2FF4CB: A8 01                 - test al,01
RDR.exe+2FF4CD: 0F 84 84 00 00 00     - je RDR.exe+2FF557
}
</AssemblerScript>
        </CheatEntry>
        <CheatEntry>
          <ID>514</ID>
          <Description>"Custom Timescale"</Description>
          <Color>008000</Color>
          <VariableType>Auto Assembler Script</VariableType>
          <AssemblerScript>{ Game   : RDR.exe
  Version: 
  Date   : 2024-11-12
  Author : sub1to

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(_WRITE_TIMESCALE,RDR.exe,C7 05 8B F3 11 02 00 00 80 3F) // should be unique
registersymbol(_WRITE_TIMESCALE)

_WRITE_TIMESCALE:
  db 90 90 90 90 90 90 90 90 90 90

[DISABLE]

_WRITE_TIMESCALE:
  db C7 05 8B F3 11 02 00 00 80 3F

unregistersymbol(_WRITE_TIMESCALE)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: RDR.exe+1F5D7F

RDR.exe+1F5D56: 0F B7 C0                       - movzx eax,ax
RDR.exe+1F5D59: 48 03 C0                       - add rax,rax
RDR.exe+1F5D5C: 49 8B 04 C0                    - mov rax,[r8+rax*8]
RDR.exe+1F5D60: 48 8B 88 B0 00 00 00           - mov rcx,[rax+000000B0]
RDR.exe+1F5D67: 48 8B 51 18                    - mov rdx,[rcx+18]
RDR.exe+1F5D6B: 48 8B 0D AE 02 8C 02           - mov rcx,[RDR.exe+2AB6020]
RDR.exe+1F5D72: 48 83 C2 30                    - add rdx,30
RDR.exe+1F5D76: E8 35 E6 3B 00                 - call RDR.exe+5B43B0
RDR.exe+1F5D7B: 84 C0                          - test al,al
RDR.exe+1F5D7D: 74 0C                          - je RDR.exe+1F5D8B
// ---------- INJECTING HERE ----------
RDR.exe+1F5D7F: C7 05 CB FF 10 02 00 00 80 3F  - mov [RDR.exe+2305D54],3F800000
// ---------- DONE INJECTING  ----------
RDR.exe+1F5D89: EB 10                          - jmp RDR.exe+1F5D9B
RDR.exe+1F5D8B: F3 0F 10 05 75 C6 B6 01        - movss xmm0,[RDR.exe+1D62408]
RDR.exe+1F5D93: F3 0F 11 05 B9 FF 10 02        - movss [RDR.exe+2305D54],xmm0
RDR.exe+1F5D9B: 48 8B 0D 2E 09 A4 02           - mov rcx,[RDR.exe+2C366D0]
RDR.exe+1F5DA2: 48 63 41 48                    - movsxd  rax,dword ptr [rcx+48]
RDR.exe+1F5DA6: 48 8B 54 C1 08                 - mov rdx,[rcx+rax*8+08]
RDR.exe+1F5DAB: 48 8B 0D 16 D3 8C 02           - mov rcx,[RDR.exe+2AC30C8]
RDR.exe+1F5DB2: F3 0F 10 82 00 02 00 00        - movss xmm0,[rdx+00000200]
RDR.exe+1F5DBA: 48 8B 49 08                    - mov rcx,[rcx+08]
RDR.exe+1F5DBE: F3 0F 11 45 00                 - movss [rbp+00],xmm0
}
</AssemblerScript>
          <CheatEntries>
            <CheatEntry>
              <ID>510</ID>
              <Description>"m_TimeScale"</Description>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>008000</Color>
              <VariableType>Float</VariableType>
              <Address>rdr.exe+2314d80+4</Address>
            </CheatEntry>
          </CheatEntries>
        </CheatEntry>
      </CheatEntries>
    </CheatEntry>
    <CheatEntry>
      <ID>291</ID>
      <Description>"Pointers"</Description>
      <Options moHideChildren="1"/>
      <Color>008000</Color>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>// Restore bytes, also asserted on enable
define(_GET_PLAYER_POINTER_BYTES,48 8B 88 D8 00 00 00)
define(_GET_WAYPOINT_BYTES,8B 01 F3 0F 10 49 08)

[ENABLE]
alloc(newmem,1000,rdr.exe)

// RDR  symbols
aobscanmodule(_GET_PLAYER_POINTER,RDR.exe,48 8b 88 ? ? ? ? 48 85 c9 74 ? f3 0f 10 71 ? f3 0f 10 79)
aobscanmodule(_GET_WAYPOINT,RDR.exe,8b 01 f3 0f 10 49 ? f3 0f 10 41 ? f3 41 0f 11 44 d1)

assert(_GET_PLAYER_POINTER,_GET_PLAYER_POINTER_BYTES)
assert(_GET_WAYPOINT,_GET_WAYPOINT_BYTES)

registersymbol(_GET_PLAYER_POINTER)
registersymbol(_GET_WAYPOINT)

// Hooks
label(HK_GET_PLAYER_POINTER)
label(OG_GET_PLAYER_POINTER)
label(RET_GET_PLAYER_POINTER)

label(HK_GET_WAYPOINT)
label(OG_GET_WAYPOINT)
label(RET_GET_WAYPOINT)

// Variables
label(m_pLocalPlayerPed)
label(m_pWaypoint)

registersymbol(m_pLocalPlayerPed)
registersymbol(m_pWaypoint)

// Define Hooks
newmem:
HK_GET_PLAYER_POINTER:
  // check to see if ped is a player: *(_BYTE *)(v5 + 0x118) &amp; 1
  mov cl, [rax+118]
  test cl, 1
  jz OG_GET_PLAYER_POINTER

  // ped is a player
  mov [m_pLocalPlayerPed], rax

OG_GET_PLAYER_POINTER:
  mov rcx,[rax+000000D8]
  jmp RET_GET_PLAYER_POINTER


HK_GET_WAYPOINT:
  mov [m_pWaypoint], rcx

OG_GET_WAYPOINT:
  mov eax,[rcx]
  movss xmm1,[rcx+08]
  jmp RET_GET_WAYPOINT


// Define Variables
m_pLocalPlayerPed:
  dq 0
m_pWaypoint:
  dq 0


// Enable hooks
_GET_PLAYER_POINTER:
  jmp HK_GET_PLAYER_POINTER
  nop 2
  RET_GET_PLAYER_POINTER:



_GET_WAYPOINT:
  jmp HK_GET_WAYPOINT
  nop 2
  RET_GET_WAYPOINT:

[DISABLE]
// Disable Hooks
_GET_PLAYER_POINTER:
  db _GET_PLAYER_POINTER_BYTES

_GET_WAYPOINT:
  db _GET_WAYPOINT_BYTES

// RDR symbols
unregistersymbol(_GET_PLAYER_POINTER)
unregistersymbol(_GET_WAYPOINT)

// Variables
unregistersymbol(m_pLocalPlayerPed)
unregistersymbol(m_pWaypoint)

dealloc(newmem)

{
_GET_PLAYER_POINTER
// ORIGINAL CODE - INJECTION POINT: RDR.exe+37AC78

RDR.exe+37AC3F: 48 8B 88 00 01 00 00     - mov rcx,[rax+00000100]
RDR.exe+37AC46: F3 0F 11 71 48           - movss [rcx+48],xmm6
RDR.exe+37AC4B: 48 C7 41 40 00 00 00 00  - mov qword ptr [rcx+40],00000000
RDR.exe+37AC53: F3 0F 10 35 05 78 9E 01  - movss xmm6,[RDR.exe+1D62460]
RDR.exe+37AC5B: 41 0F B7 86 4C 08 00 00  - movzx eax,word ptr [r14+0000084C]
RDR.exe+37AC63: 0F 28 FE                 - movaps xmm7,xmm6
RDR.exe+37AC66: 4C 8B 3D FB BA 8B 02     - mov r15,[RDR.exe+2C36768]
RDR.exe+37AC6D: 48 03 C0                 - add rax,rax
RDR.exe+37AC70: 44 0F 28 C6              - movaps xmm8,xmm6
RDR.exe+37AC74: 49 8B 04 C7              - mov rax,[r15+rax*8]
// ---------- INJECTING HERE ----------
RDR.exe+37AC78: 48 8B 88 D8 00 00 00     - mov rcx,[rax+000000D8]
// ---------- DONE INJECTING  ----------
RDR.exe+37AC7F: 48 85 C9                 - test rcx,rcx
RDR.exe+37AC82: 74 10                    - je RDR.exe+37AC94
RDR.exe+37AC84: F3 0F 10 71 20           - movss xmm6,[rcx+20]
RDR.exe+37AC89: F3 0F 10 79 24           - movss xmm7,[rcx+24]
RDR.exe+37AC8E: F3 44 0F 10 41 28        - movss xmm8,[rcx+28]
RDR.exe+37AC94: 48 8B 45 A0              - mov rax,[rbp-60]
RDR.exe+37AC98: 48 85 C0                 - test rax,rax
RDR.exe+37AC9B: 74 19                    - je RDR.exe+37ACB6
RDR.exe+37AC9D: 48 8B 80 A8 0A 00 00     - mov rax,[rax+00000AA8]
RDR.exe+37ACA4: 48 8B 48 40              - mov rcx,[rax+40]
}

{
_GET_WAYPOINT
Hook on HUD::GET_USER_DEFINED_WAYPOINT

// ORIGINAL CODE - INJECTION POINT: RDR.exe+6563E4

RDR.exe+6563B3: 41 89 41 18              - mov [r9+18],eax
RDR.exe+6563B7: 48 8D 51 04              - lea rdx,[rcx+04]
RDR.exe+6563BB: 48 8B 05 86 02 5E 02     - mov rax,[RDR.exe+2C36648]
RDR.exe+6563C2: 48 03 D2                 - add rdx,rdx
RDR.exe+6563C5: 48 63 88 10 57 02 00     - movsxd  rcx,dword ptr [rax+00025710]
RDR.exe+6563CC: 80 BC 01 40 57 02 00 00  - cmp byte ptr [rcx+rax+00025740],00
RDR.exe+6563D4: 74 3E                    - je RDR.exe+656414
RDR.exe+6563D6: 48 81 C1 72 25 00 00     - add rcx,00002572
RDR.exe+6563DD: 48 C1 E1 04              - shl rcx,04
RDR.exe+6563E1: 48 03 C8                 - add rcx,rax
// ---------- INJECTING HERE ----------
RDR.exe+6563E4: 8B 01                    - mov eax,[rcx]
// ---------- DONE INJECTING  ----------
RDR.exe+6563E6: F3 0F 10 49 08           - movss xmm1,[rcx+08]
RDR.exe+6563EB: F3 0F 10 41 04           - movss xmm0,[rcx+04]
RDR.exe+6563F0: F3 41 0F 11 44 D1 04     - movss [r9+rdx*8+04],xmm0
RDR.exe+6563F7: F3 41 0F 11 4C D1 08     - movss [r9+rdx*8+08],xmm1
RDR.exe+6563FE: 41 89 04 D1              - mov [r9+rdx*8],eax
RDR.exe+656402: 8B 41 0C                 - mov eax,[rcx+0C]
RDR.exe+656405: 41 89 44 D1 0C           - mov [r9+rdx*8+0C],eax
RDR.exe+65640A: 49 8B 01                 - mov rax,[r9]
RDR.exe+65640D: C7 00 01 00 00 00        - mov [rax],00000001
RDR.exe+656413: C3                       - ret
}
</AssemblerScript>
      <CheatEntries>
        <CheatEntry>
          <ID>293</ID>
          <Description>"m_pLocalPlayerPed"</Description>
          <ShowAsHex>1</ShowAsHex>
          <ShowAsSigned>0</ShowAsSigned>
          <Color>808080</Color>
          <VariableType>8 Bytes</VariableType>
          <Address>m_pLocalPlayerPed</Address>
          <CheatEntries>
            <CheatEntry>
              <ID>294</ID>
              <Description>"Max Health"</Description>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>008000</Color>
              <VariableType>Float</VariableType>
              <Address>m_pLocalPlayerPed</Address>
              <Offsets>
                <Offset>1C</Offset>
                <Offset>60</Offset>
              </Offsets>
            </CheatEntry>
            <CheatEntry>
              <ID>295</ID>
              <Description>"Health"</Description>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>008000</Color>
              <VariableType>Float</VariableType>
              <Address>m_pLocalPlayerPed</Address>
              <Offsets>
                <Offset>20</Offset>
                <Offset>60</Offset>
              </Offsets>
            </CheatEntry>
            <CheatEntry>
              <ID>296</ID>
              <Description>"Health 4 ?"</Description>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>4080FF</Color>
              <VariableType>Float</VariableType>
              <Address>m_pLocalPlayerPed</Address>
              <Offsets>
                <Offset>24</Offset>
                <Offset>60</Offset>
              </Offsets>
            </CheatEntry>
            <CheatEntry>
              <ID>297</ID>
              <Description>"Health 3 (_SET_ACTOR_HEALTH_3)"</Description>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>4080FF</Color>
              <VariableType>Float</VariableType>
              <Address>m_pLocalPlayerPed</Address>
              <Offsets>
                <Offset>28</Offset>
                <Offset>60</Offset>
              </Offsets>
            </CheatEntry>
            <CheatEntry>
              <ID>298</ID>
              <Description>"Health 2 (_GET_ACTOR_HEALTH_2)"</Description>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>4080FF</Color>
              <VariableType>Float</VariableType>
              <Address>m_pLocalPlayerPed</Address>
              <Offsets>
                <Offset>2C</Offset>
                <Offset>60</Offset>
              </Offsets>
            </CheatEntry>
            <CheatEntry>
              <ID>299</ID>
              <Description>"Invulnerabiltiy"</Description>
              <DropDownList ReadOnly="1" DescriptionOnly="1" DisplayValueAsItem="1">0:Off
1:On
</DropDownList>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>008000</Color>
              <VariableType>Binary</VariableType>
              <BitStart>2</BitStart>
              <BitLength>1</BitLength>
              <ShowAsBinary>0</ShowAsBinary>
              <Address>m_pLocalPlayerPed</Address>
              <Offsets>
                <Offset>150</Offset>
                <Offset>60</Offset>
              </Offsets>
            </CheatEntry>
            <CheatEntry>
              <ID>482</ID>
              <Description>"NPC To Actor Damage Scale Enable"</Description>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>008000</Color>
              <VariableType>Float</VariableType>
              <Address>m_pLocalPlayerPed</Address>
              <Offsets>
                <Offset>164</Offset>
                <Offset>60</Offset>
              </Offsets>
            </CheatEntry>
            <CheatEntry>
              <ID>520</ID>
              <Description>"NPC To Actor Damage Scale Enable"</Description>
              <DropDownList ReadOnly="1" DescriptionOnly="1" DisplayValueAsItem="1">0:Off
1:On
</DropDownList>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>008000</Color>
              <VariableType>Byte</VariableType>
              <Address>m_pLocalPlayerPed</Address>
              <Offsets>
                <Offset>171</Offset>
                <Offset>60</Offset>
              </Offsets>
            </CheatEntry>
            <CheatEntry>
              <ID>519</ID>
              <Description>"Drunk"</Description>
              <DropDownList ReadOnly="1" DescriptionOnly="1" DisplayValueAsItem="1">0:Off
1:On
</DropDownList>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>008000</Color>
              <VariableType>Byte</VariableType>
              <Address>m_pLocalPlayerPed</Address>
              <Offsets>
                <Offset>175</Offset>
                <Offset>60</Offset>
              </Offsets>
            </CheatEntry>
            <CheatEntry>
              <ID>300</ID>
              <Description>"PlayerPos.x"</Description>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>008000</Color>
              <VariableType>Float</VariableType>
              <Address>m_pLocalPlayerPed</Address>
              <Offsets>
                <Offset>70</Offset>
                <Offset>88</Offset>
              </Offsets>
            </CheatEntry>
            <CheatEntry>
              <ID>301</ID>
              <Description>"PlayerPos.y"</Description>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>008000</Color>
              <VariableType>Float</VariableType>
              <Address>m_pLocalPlayerPed</Address>
              <Offsets>
                <Offset>74</Offset>
                <Offset>88</Offset>
              </Offsets>
            </CheatEntry>
            <CheatEntry>
              <ID>302</ID>
              <Description>"PlayerPos.z"</Description>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>008000</Color>
              <VariableType>Float</VariableType>
              <Address>m_pLocalPlayerPed</Address>
              <Offsets>
                <Offset>78</Offset>
                <Offset>88</Offset>
              </Offsets>
            </CheatEntry>
            <CheatEntry>
              <ID>303</ID>
              <Description>"template type or something"</Description>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>808080</Color>
              <VariableType>String</VariableType>
              <Length>32</Length>
              <Unicode>0</Unicode>
              <CodePage>0</CodePage>
              <ZeroTerminate>1</ZeroTerminate>
              <Address>m_pLocalPlayerPed</Address>
              <Offsets>
                <Offset>0</Offset>
                <Offset>20</Offset>
                <Offset>10</Offset>
              </Offsets>
            </CheatEntry>
          </CheatEntries>
        </CheatEntry>
        <CheatEntry>
          <ID>304</ID>
          <Description>"m_pWaypoint"</Description>
          <ShowAsHex>1</ShowAsHex>
          <ShowAsSigned>0</ShowAsSigned>
          <Color>808080</Color>
          <VariableType>8 Bytes</VariableType>
          <Address>m_pWaypoint</Address>
          <CheatEntries>
            <CheatEntry>
              <ID>305</ID>
              <Description>"waypoint.x"</Description>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>008000</Color>
              <VariableType>Float</VariableType>
              <Address>m_pWaypoint</Address>
              <Offsets>
                <Offset>0</Offset>
              </Offsets>
            </CheatEntry>
            <CheatEntry>
              <ID>306</ID>
              <Description>"waypoint.y"</Description>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>008000</Color>
              <VariableType>Float</VariableType>
              <Address>m_pWaypoint</Address>
              <Offsets>
                <Offset>4</Offset>
              </Offsets>
            </CheatEntry>
            <CheatEntry>
              <ID>307</ID>
              <Description>"waypoint.z"</Description>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>008000</Color>
              <VariableType>Float</VariableType>
              <Address>m_pWaypoint</Address>
              <Offsets>
                <Offset>8</Offset>
              </Offsets>
            </CheatEntry>
          </CheatEntries>
        </CheatEntry>
        <CheatEntry>
          <ID>483</ID>
          <Description>"m_pDeadEye"</Description>
          <ShowAsHex>1</ShowAsHex>
          <ShowAsSigned>0</ShowAsSigned>
          <Color>808080</Color>
          <VariableType>8 Bytes</VariableType>
          <Address>rdr.exe+22daf30</Address>
          <CheatEntries>
            <CheatEntry>
              <ID>488</ID>
              <Description>"Regeneration Rate"</Description>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>008000</Color>
              <VariableType>Float</VariableType>
              <Address>rdr.exe+2ac47cc</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>490</ID>
              <Description>"Regeneration Rate Multiplier"</Description>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>008000</Color>
              <VariableType>Float</VariableType>
              <Address>rdr.exe+227557c</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>489</ID>
              <Description>"Time Limit"</Description>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>808080</Color>
              <VariableType>Float</VariableType>
              <Address>rdr.exe+2ac47c8</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>484</ID>
              <Description>"Invulnerability"</Description>
              <DropDownList ReadOnly="1" DescriptionOnly="1" DisplayValueAsItem="1">0:Off
1:On
</DropDownList>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>008000</Color>
              <VariableType>Byte</VariableType>
              <Address>rdr.exe+22daf30</Address>
              <Offsets>
                <Offset>0x398</Offset>
              </Offsets>
            </CheatEntry>
            <CheatEntry>
              <ID>487</ID>
              <Description>"Damage Scaling"</Description>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>008000</Color>
              <VariableType>Float</VariableType>
              <Address>rdr.exe+22daf30</Address>
              <Offsets>
                <Offset>0x39C</Offset>
              </Offsets>
            </CheatEntry>
            <CheatEntry>
              <ID>486</ID>
              <Description>"Infinite Deadeye"</Description>
              <DropDownList ReadOnly="1" DescriptionOnly="1" DisplayValueAsItem="1">0:Off
1:On
</DropDownList>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>008000</Color>
              <VariableType>Byte</VariableType>
              <Address>rdr.exe+22daf30</Address>
              <Offsets>
                <Offset>3a1</Offset>
              </Offsets>
            </CheatEntry>
            <CheatEntry>
              <ID>493</ID>
              <Description>"Deadeye Disabled"</Description>
              <DropDownList ReadOnly="1" DescriptionOnly="1" DisplayValueAsItem="1">0:Not Disabled
1:Disabled
</DropDownList>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>008000</Color>
              <VariableType>Binary</VariableType>
              <BitStart>7</BitStart>
              <BitLength>1</BitLength>
              <ShowAsBinary>0</ShowAsBinary>
              <Address>rdr.exe+22daf30</Address>
              <Offsets>
                <Offset>3Bc</Offset>
              </Offsets>
            </CheatEntry>
            <CheatEntry>
              <ID>496</ID>
              <Description>"Multilock Enabled"</Description>
              <DropDownList ReadOnly="1" DescriptionOnly="1" DisplayValueAsItem="1">0:Disabled
1:Enabled
</DropDownList>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>008000</Color>
              <VariableType>Byte</VariableType>
              <Address>rdr.exe+22daf30</Address>
              <Offsets>
                <Offset>0x3BD</Offset>
              </Offsets>
            </CheatEntry>
            <CheatEntry>
              <ID>485</ID>
              <Description>"Target Paint Enabled"</Description>
              <DropDownList ReadOnly="1" DescriptionOnly="1" DisplayValueAsItem="1">0:Disabled
1:Enabled
</DropDownList>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>008000</Color>
              <VariableType>Byte</VariableType>
              <Address>rdr.exe+22daf30</Address>
              <Offsets>
                <Offset>0x3BE</Offset>
              </Offsets>
            </CheatEntry>
            <CheatEntry>
              <ID>494</ID>
              <Description>"Points"</Description>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>008000</Color>
              <VariableType>Float</VariableType>
              <Address>rdr.exe+22daf30</Address>
              <Offsets>
                <Offset>3C0</Offset>
              </Offsets>
            </CheatEntry>
            <CheatEntry>
              <ID>497</ID>
              <Description>"Max Points"</Description>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>008000</Color>
              <VariableType>Float</VariableType>
              <Address>rdr.exe+22daf30</Address>
              <Offsets>
                <Offset>3C4</Offset>
              </Offsets>
            </CheatEntry>
            <CheatEntry>
              <ID>495</ID>
              <Description>"Point Modifier"</Description>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>008000</Color>
              <VariableType>Float</VariableType>
              <Address>rdr.exe+22daf30</Address>
              <Offsets>
                <Offset>3CC</Offset>
              </Offsets>
            </CheatEntry>
            <CheatEntry>
              <ID>491</ID>
              <Description>"Timescale 1"</Description>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>808080</Color>
              <VariableType>Float</VariableType>
              <Address>rdr.exe+22daf30</Address>
              <Offsets>
                <Offset>3D4</Offset>
              </Offsets>
            </CheatEntry>
            <CheatEntry>
              <ID>492</ID>
              <Description>"Timescale 2"</Description>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>008000</Color>
              <VariableType>Float</VariableType>
              <Address>rdr.exe+22daf30</Address>
              <Offsets>
                <Offset>3D8</Offset>
              </Offsets>
            </CheatEntry>
          </CheatEntries>
        </CheatEntry>
        <CheatEntry>
          <ID>500</ID>
          <Description>"m_ambientSettings"</Description>
          <ShowAsSigned>0</ShowAsSigned>
          <Color>808080</Color>
          <VariableType>4 Bytes</VariableType>
          <Address>rdr.exe+2ae0878</Address>
          <CheatEntries>
            <CheatEntry>
              <ID>499</ID>
              <Description>"Population Density Multiplier"</Description>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>008000</Color>
              <VariableType>Float</VariableType>
              <Address>rdr.exe+2ae0878</Address>
              <Offsets>
                <Offset>17B0</Offset>
              </Offsets>
            </CheatEntry>
            <CheatEntry>
              <ID>498</ID>
              <Description>"Ambient Spawning Enabled"</Description>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>008000</Color>
              <VariableType>4 Bytes</VariableType>
              <Address>rdr.exe+2ae0878</Address>
              <Offsets>
                <Offset>17ef</Offset>
              </Offsets>
            </CheatEntry>
          </CheatEntries>
        </CheatEntry>
      </CheatEntries>
    </CheatEntry>
    <CheatEntry>
      <ID>313</ID>
      <Description>"ScriptHook"</Description>
      <Options moHideChildren="1"/>
      <Color>008000</Color>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>{ Game   : RDR.exe
  Version: 
  Date   : 2024-11-09
  Author : sub1to


}

define(GET_PLAYER_ACTOR,$E8CFDD53)
define(TELEPORT_ACTOR,$2D54B916)
define(TELEPORT_ACTOR_WITH_HEADING,$E4DE507C)
define(GET_USER_DEFINED_WAYPOINT,$82F63365)
define(IS_ACTOR_ON_FOOT,$63D6551C)
define(GET_ACTORS_HORSE,$8DDE894F)
define(ADD_ITEM,$BAA5D41B)
define(MAKE_TIME_OF_DAY,$C09EAB6E)
define(SET_TIME_OF_DAY,$AD03186C)
define(SET_WEATHER,$456D7F38)
define(ADVANCE_TIME_HOURS,$D4FECCBC)
define(AWARD_ACHIEVEMENT,$CAA24B1A)
define(SET_WEAPON_GOLD,$AE44869D)

[ENABLE]

aobscanmodule(_EXECUTE_SCRIPT_THREADS,RDR.exe,41 80 7e ? ? 4c 8b d0)
aobscanmodule(_NATIVE_TABLE,RDR.exe,4c 8b 15 ? ? ? ? 33 d2 8b c3)

registersymbol(_EXECUTE_SCRIPT_THREADS)

alloc(mem_code,$1000,rdr.exe)
alloc(mem_globals,$1000,rdr.exe)
globalalloc(tmp,$10,rdr.exe)

label(hook)
label(hook_run)
label(hook_teleport_static)
//label(hook_gold_bar)
label(hook_cleanup)
label(trampoline)
label(returnhere)

// Functions
label(get_native_address)
label(get_native_direct)
labeL(get_native_search)
label(get_native_search_next)
label(get_native_cleanup)
registersymbol(get_native_address)

label(reset_native_context)
registersymbol(reset_native_context)

label(push_native_param32)
label(push_native_param64)
label(push_native_paramv)
registersymbol(push_native_param32)
registersymbol(push_native_param64)
registersymbol(push_native_paramv)

label(set_native_vector_result)
label(set_native_vector_result_next)
label(set_native_vector_result_cleanup)
registersymbol(set_native_vector_result)

label(invoke_native)
label(invoke_native_cleanup)
registersymbol(invoke_native)

label(teleport_player_to_waypoint)
label(teleport_player_to_waypoint_teleport)
label(teleport_player_to_waypoint_cleanup)
registersymbol(teleport_player_to_waypoint)

label(teleport_player)
label(teleport_player_teleport)
label(teleport_player_cleanup)
registersymbol(teleport_player)

label(give_player_item)
label(give_player_item_cleanup)
registersymbol(give_player_item)

label(set_weather_type)
labeL(set_weather_type_cleanup)
registersymbol(set_weather_type)

label(advance_time_hours)
label(advance_time_hours_cleanup)
registersymbol(advance_time_hours)

label(give_all_achievements)
label(give_all_achievements_next)
label(give_all_achievements_cleanup)
registersymbol(give_all_achievements)

label(m_nativeTable)
label(m_nativeMax)
label(m_nativeNum)
label(m_Run_TeleportToWaypoint)
label(m_WaypointZ)
label(m_Run_GiveItem)
label(m_Run_SetWeatherType)
label(m_Run_AdvanceTime)
label(m_Run_AllAchievements)

registersymbol(m_nativeTable)
registersymbol(m_nativeMax)
registersymbol(m_nativeNum)
registersymbol(m_Run_TeleportToWaypoint)
registersymbol(m_WaypointZ)
registersymbol(m_Run_GiveItem)
registersymbol(m_Run_SetWeatherType)
registersymbol(m_Run_AdvanceTime)
registersymbol(m_Run_AllAchievements)

/*
To call natives we need a native context, which we can construct on the stack
struct NativeContext
{
  qword* returnvalue;            // 0x0000
  dword  paramcount;             // 0x0008
  dword  _0x000C;                // 0x000C
  qword* params;                 // 0x0010
  dword  datacount;              // 0x0018
  dword  _0x001C;                // 0x001C
  byte   vectorSpace[192];       // 0x0020
};
*/
label(NativeContext)
label(NativeContext_ReturnValue)
label(NativeContext_ParamOffset)
label(NativeContext_0x000C)
label(NativeContext_Params)
label(NativeContext_DataCount)
label(NativeContext_0x001C)
label(NativeContext_VectorSpace)

label(NativeContext_ReturnValue_Buffer)
label(NativeContext_Params_Buffer)

label(COORD_TABLE)

label(ITEM_STRING)
registersymbol(ITEM_STRING)


label(GlobalMem_Unused)

mem_globals:
NativeContext_ReturnValue_Buffer:
  dq 0

NativeContext_Params_Buffer:
  // 32 max params
  dq 0, 0, 0, 0, 0, 0, 0, 0
  dq 0, 0, 0, 0, 0, 0, 0, 0
  dq 0, 0, 0, 0, 0, 0, 0, 0
  dq 0, 0, 0, 0, 0, 0, 0, 0

NativeContext:
NativeContext_ReturnValue:
  dq 0
NativeContext_ParamOffset:
  dd 0
NativeContext_0x000C:
  dd 0
NativeContext_Params:
  dq 0
NativeContext_DataCount:
  dd 0
NativeContext_0x001C:
  dd 0//, 0, 0, 0, 0, 0, 0, 0, 0
NativeContext_VectorSpace:
  // 192 bytes
  // 192 / sizeof(qword) = 24
  dq 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0


COORD_TABLE:
//COORD_Armadillo:
  dd (float)-2171.0
  dd (float)23.0
  dd (float)2592.0
  dd 0

//COORD_BeechersHope:
  dd (float)-83.45
  dd (float)117.68
  dd (float)1374.10
  dd 0

//COORD_BlackWater:
  dd (float)720.0
  dd (float)78.0
  dd (float)1400.0
  dd 0

//COORD_CasaMadrugada:
  dd (float)-809.0
  dd (float)18.0
  dd (float)3782.0
  dd 0

//COORD_Chuparosa:
  dd (float)-2745.0
  dd (float)36.0
  dd (float)4292.0
  dd 0

//COORD_ElPresidio:
  dd (float)-720.0
  dd (float)82.0
  dd (float)3311.0
  dd 0

//COORD_Escalera:
  dd (float)-4231.0
  dd (float)33.0
  dd (float)4487.0
  dd 0

//COORD_FortMercer:
  dd (float)-2622.53
  dd (float)68.08
  dd (float)3390.51
  dd 0

//COORD_GapoothBreach:
  dd (float)-4432.0
  dd (float)21.0
  dd (float)3200.0
  dd 0

//COORD_LakeDonJulio:
  dd (float)-1955.07
  dd (float)24.82
  dd (float)3255.67
  dd 0

//COORD_MacFarlanesRanch:
  dd (float)-838.0
  dd (float)93.0
  dd (float)2422.0
  dd 0

//COORD_PacificUnionCamp:
  dd (float)-273.95
  dd (float)84.31
  dd (float)2113.30
  dd 0

//COORD_RathskellerFork:
  dd (float)-3661.76
  dd (float)42.23
  dd (float)2124.7
  dd 0

//COORD_RidgewoodFarm:
  dd (float)-3275.14
  dd (float)15.89
  dd (float)2719.86
  dd 0

//COORD_Tumbleweed:
  dd (float)-4007.25
  dd (float)28.46
  dd (float)2935.45
  dd 0

//COORD_ThievesLanding:
  dd (float)136.40
  dd (float)73.22
  dd (float)2223.41
  dd 0


ITEM_STRING:
  db 'HORSE_WAR_Z', 0
  // allocate more space for longer strings
  dq 0, 0, 0, 0, 0, 0, 0, 0, 0, 0

GlobalMem_Unused:



mem_code:
hook:
  push rax
  lea rsp, [rsp-28]

  // r15d = hash
  // 0xe47d3366
  // $/content/scripting/designerdefined/player
  // only execute as the player thread.
  cmp r15d, $e47d3366
  jz hook_run

  // $/content/dlc/zombiepack/system/player_z
  cmp r15d, $9c3e926b
  jz hook_run
  jmp hook_cleanup

hook_run:
  call reset_native_context

  call give_all_achievements
  call advance_time_hours
  call set_weather_type
  call give_player_item

  //cmp byte ptr [m_Run_GiveGoldBar], 1
  //jz hook_gold_bar

  cmp byte ptr [m_Run_TeleportToWaypoint], 0
  jz hook_cleanup

  cmp byte ptr [m_Run_TeleportToWaypoint], 1
  jnz hook_teleport_static

  mov byte ptr [m_Run_TeleportToWaypoint], 0
  call teleport_player_to_waypoint
  jmp hook_cleanup

hook_teleport_static:
  xor rax, rax
  mov al, [m_Run_TeleportToWaypoint]
  mov byte ptr [m_Run_TeleportToWaypoint], 0
  sub rax, 2
  lea rax, [rax*4] // sizeof float
  lea rax, [rax*4] // size of our struct
  lea rcx, [COORD_TABLE]
  lea rcx, [rcx+rax]
  call teleport_player
  jmp hook_cleanup

//hook_gold_bar:
  //mov byte ptr [m_Run_GiveGoldBar], 0
  //call give_player_gold_bar
  //jmp hook_cleanup

hook_cleanup:
  lea rsp, [rsp+28]
  pop rax

trampoline:
  cmp byte ptr [r14+6C],00
  jmp returnhere



// PROC give_all_achievements
give_all_achievements:
  push rbx
  lea rsp, [rsp-20]

  mov bl, byte ptr [m_Run_AllAchievements]
  test bl, bl
  jz give_all_achievements_cleanup

  xor rbx, rbx
  mov byte ptr [m_Run_AllAchievements], bl

give_all_achievements_next:
  cmp rbx, #51
  jg give_all_achievements_cleanup

  mov ecx, ebx
  call push_native_param64
  mov ecx, AWARD_ACHIEVEMENT
  call invoke_native
  inc ebx
  jmp give_all_achievements_next

give_all_achievements_cleanup:
  lea rsp, [rsp+20]
  pop rbx
  ret
// ENDP give_all_achievements

// PROC advance_time_hours
advance_time_hours:
  push rbx
  lea rsp, [rsp-20]

  mov ebx, dword ptr [m_Run_AdvanceTime]
  test ebx, ebx
  jz advance_time_hours_cleanup
  xor ecx, ecx
  mov dword ptr [m_Run_AdvanceTime], ecx

  //void ADVANCE_TIME_HOURS(float) // 0xD4FECCBC
  mov ecx, ebx
  call push_native_param64
  mov ecx, ADVANCE_TIME_HOURS
  call invoke_native

advance_time_hours_cleanup:
  lea rsp, [rsp+20]
  pop rbx
  ret
// ENDP advance_time_hours


// PROC set_weather_type
set_weather_type:
  push rbx
  lea rsp, [rsp-20]

  mov bl, byte ptr [m_Run_SetWeatherType]
  cmp bl, ff
  jz set_weather_type_cleanup
  mov byte ptr [m_Run_SetWeatherType], ff

  //void SET_WEATHER(int weatherType, float time) // 0x456D7F38
  mov ecx, ebx
  call push_native_param64
  xor ecx, ecx
  call push_native_param64
  mov ecx, SET_WEATHER
  call invoke_native

set_weather_type_cleanup:
  lea rsp, [rsp+20]
  pop rbx
  ret
// ENDP set_weather_type


// PROC give_player_item
give_player_item:
  push rbx
  lea rsp, [rsp-20]

  mov bl, byte ptr [m_Run_GiveItem]
  test bl, bl
  jz give_player_item_cleanup

  xor ebx, ebx
  mov byte ptr [m_Run_GiveItem], bl

  mov ecx, GET_PLAYER_ACTOR
  call invoke_native
  test eax, eax
  jz give_player_item_cleanup
  mov ebx, eax

  //int ADD_ITEM(const char* ItemName, Actor actor, Any p0) // 0xBAA5D41B
  lea r11, [ITEM_STRING]
  mov al, [r11]
  test al, al
  jz give_player_item_cleanup

  mov rcx, r11
  call push_native_param64
  mov ecx, ebx
  call push_native_param64
  mov rcx, 0
  call push_native_param64
  mov rcx, ADD_ITEM
  call invoke_native

give_player_item_cleanup:
  lea rsp, [rsp+20]
  pop rbx
  ret
// ENDP give_player_item

// rcx = pCoord
// PROC teleport_player
teleport_player:
  push rbx
  push r12
  push r13
  lea rsp, [rsp-20]
  mov r13, rcx

  // Actor GET_PLAYER_ACTOR() // 0xE8CFDD53
  mov ecx, GET_PLAYER_ACTOR
  call invoke_native
  test eax, eax
  jz teleport_player_cleanup
  mov r12d, eax

  // BOOL IS_ACTOR_ON_FOOT(Any p0) // 0x63D6551C
  mov ecx, eax
  call push_native_param64
  mov ecx, IS_ACTOR_ON_FOOT
  call invoke_native
  test eax, eax
  jnz teleport_player_teleport

  // Actor GET_ACTORS_HORSE(Actor actor) // 0x8DDE894F
  mov ecx, r12d
  call push_native_param64
  mov ecx, GET_ACTORS_HORSE
  call invoke_native
  test eax, eax
  jz teleport_player_teleport

  mov r12d, eax

  // void TELEPORT_ACTOR_WITH_HEADING(Actor, Vector3, float heading, BOOL p5, BOOL p6, BOOL p7)
teleport_player_teleport:
  mov ecx, r12d
  call push_native_param64
  mov rcx, r13
  call push_native_paramv
  xor ecx, ecx
  call push_native_param64
  mov ecx, 1
  call push_native_param64
  mov ecx, 1
  call push_native_param64
  mov ecx, 1
  call push_native_param64

  mov ecx, TELEPORT_ACTOR_WITH_HEADING
  call invoke_native

teleport_player_cleanup:
  lea rsp, [rsp+20]
  pop r13
  pop r12
  pop rbx
  ret
// ENDP teleport_player


// PROC teleport_player_to_waypoint
teleport_player_to_waypoint:

  push r13
  push r14
  lea rsp, [rsp-28]

  // int GET_USER_DEFINED_WAYPOINT(Vector3* p0) // 0x82F63365
  lea rcx, [GlobalMem_Unused]
  call push_native_param64

  mov ecx, GET_USER_DEFINED_WAYPOINT
  call invoke_native
  test eax, eax
  jz teleport_player_to_waypoint_cleanup
  lea rcx, [GlobalMem_Unused]

  mov edx, [rcx+4]
  test edx, edx
  jnz teleport_player_to_waypoint_teleport

  mov edx, [m_WaypointZ]
  mov [rcx+4], edx

teleport_player_to_waypoint_teleport:
  call teleport_player

teleport_player_to_waypoint_cleanup:
  lea rsp, [rsp+28]
  pop r14
  pop r13
  ret
// ENDP teleport_player_to_waypoint



// no params
// PROC reset_native_context
reset_native_context:
  xor rax, rax
  lea rcx, [NativeContext]
  lea rdx, [NativeContext_ReturnValue_Buffer]
  lea r8, [NativeContext_Params_Buffer]
  mov [rcx], rdx
  mov [rcx+8], eax        // param count
  mov [rcx+10], r8
  mov [rcx+18], eax       // data count
  ret
// ENDP reset_native_context

// ecx = param value
// PROC push_native_param32
push_native_param32:
  lea rax, [NativeContext]
  mov rdx, [rax+10]
  mov r8d, [rax+8]
  mov [rdx+r8d], ecx
  add r8d, 4
  mov [rax+8], r8d
  ret
// ENDP push_native_param32

// rcx = param value
// PROC push_native_param64
push_native_param64:
  lea rax, [NativeContext]
  mov rdx, [rax+10]
  mov r8d, [rax+8]
  mov [rdx+r8d], rcx
  add r8d, 8
  mov [rax+8], r8d
  ret
// ENDP push_native_param64

// rcx = pVec
// PROC push_native_paramv
push_native_paramv:
  push rbx
  lea rsp, [rsp-20]

  mov rbx, rcx
  mov ecx, [rbx]
  call push_native_param32
  mov ecx, [rbx+4]
  call push_native_param32
  mov ecx, [rbx+8]
  call push_native_param64

  lea rsp, [rsp+20]
  pop rbx
  ret
// ENDP push_native_paramv

// PROC set_native_vector_result
set_native_vector_result:
  lea r10, [NativeContext_DataCount]
  lea r11, [NativeContext_VectorSpace]


set_native_vector_result_next:
  xor rax, rax
  mov ecx, [r10]
  test ecx, ecx
  jz set_native_vector_result_cleanup

  dec ecx
  mov [r10], ecx
  xor rdx, rdx
  mov edx, ecx
  lea rdx, [rdx*8]
  mov r8, [r11+rdx]        // out
  lea rdx, [rdx*2]
  lea r9, [r11+rdx+20]      // result

  mov edx, [r9]
  mov [r8], edx
  mov edx, [r9+4]
  mov [r8+4], edx
  mov edx, [r9+8]
  mov [r8+8], edx
  jmp set_native_vector_result_next

set_native_vector_result_cleanup:
  ret
// ENDP set_native_vector_result

// ecx = native hash
// PROC invoke_native
invoke_native:
  push rbx
  lea rsp, [rsp-20]

  call get_native_address
  test rax, rax
  jz invoke_native_cleanup
  mov rcx, NativeContext
  call rax
  call set_native_vector_result
  call reset_native_context
  mov rax, [NativeContext_ReturnValue]
  mov rax, [rax]

invoke_native_cleanup:
  lea rsp, [rsp+20]
  pop rbx
  ret
// ENDP invoke_native

// ecx = native hash
// PROC get_native_address
get_native_address:
  // function has 1 param we have to preserve
  push r12
  push r13

  xor r12, r12
  mov r12d, ecx

  // get pointer to m_nativeTable
  mov rcx, _NATIVE_TABLE
  lea rcx, [rcx+3]
  mov eax, [rcx]
  lea rcx, [rcx+4]
  lea rcx, [rcx+eax]
  mov [m_nativeTable], rcx
  lea rcx, [rcx+8]
  mov [m_nativeMax], rcx
  lea rcx, [rcx+8]
  mov [m_nativeNum], rcx

  // get the preferred idx
  mov eax, r12d
  xor rdx, rdx
  xor rcx, rcx
  mov rcx, [m_nativeMax]
  mov ecx, [rcx]
  div ecx               // rdx = remainder, rax = quotient
  mov r13d, edx

  // check if preferred index is correct
  mov rcx, [m_nativeTable]
  mov rcx, [rcx]
  lea rax, [r13*4]
  lea rcx, [rcx+rax*4]
  mov eax, [rcx]

  cmp eax, r12d
  jz get_native_direct
  jmp get_native_search

get_native_direct:
  mov rax, [rcx+8]
  //mov qword ptr [tmp+8], rax
  jmp get_native_cleanup

get_native_search:
  mov r8, r12

get_native_search_next:
  shr r8d, 1
  test r8d, r8d
  jz get_native_cleanup
  inc r8d
  lea rax, [r8+r13]
  mov rcx, [m_nativeMax]
  mov ecx, [rcx]
  div ecx
  mov r13d, edx
  mov rcx, [m_nativeTable]
  mov rcx, [rcx]
  lea rax, [r13*4]
  lea rcx, [rcx+rax*4]
  mov eax, [rcx]
  cmp eax, r12d
  jnz get_native_search_next

  mov rax, [rcx+8]

get_native_cleanup:
  pop r13
  pop r12
  ret

// ENDP get_native_address



// Variables
m_nativeTable:
  dq 0

m_nativeMax:
  dq 0

m_nativeNum:
  dq 0

m_Run_TeleportToWaypoint:
  db 0

m_WaypointZ:
  dd (float)35

m_Run_GiveItem:
  db 0

m_Run_SetWeatherType:
  db ff

m_Run_AdvanceTime:
  dd 0

m_Run_AllAchievements:
  db 0



_EXECUTE_SCRIPT_THREADS:
  jmp mem_code
returnhere:


[DISABLE]

_EXECUTE_SCRIPT_THREADS:
  db 41 80 7E 6C 00

// Unregister functions/hooks
unregistersymbol(_EXECUTE_SCRIPT_THREADS)

// Unregister functions
unregistersymbol(get_native_address)
unregistersymbol(reset_native_context)
unregistersymbol(push_native_param32)
unregistersymbol(push_native_param64)
unregistersymbol(push_native_paramv)
unregistersymbol(set_native_vector_result)
unregistersymbol(invoke_native)
unregistersymbol(teleport_player_to_waypoint)
unregistersymbol(teleport_player)
unregistersymbol(give_player_item)
unregistersymbol(set_weather_type)
unregistersymbol(advance_time_hours)
unregistersymbol(give_all_achievements)



// Unregister variables
unregistersymbol(m_nativeTable)
unregistersymbol(m_nativeMax)
unregistersymbol(m_nativeNum)
unregistersymbol(m_Run_TeleportToWaypoint)
unregistersymbol(m_WaypointZ)
unregistersymbol(m_Run_GiveItem)
unregistersymbol(m_Run_SetWeatherType)
unregistersymbol(m_Run_AdvanceTime)


unregistersymbol(ITEM_STRING)

dealloc(mem_code)
dealloc(mem_globals)

{
// ORIGINAL CODE - INJECTION POINT: RDR.exe+1E3FFA

RDR.exe+1E3FC2: 83 F8 01                 - cmp eax,01
RDR.exe+1E3FC5: 0F 86 AB 19 00 00        - jbe RDR.exe+1E5976
RDR.exe+1E3FCB: 48 8B 05 66 C3 A4 02     - mov rax,[RDR.exe+2C30338]
RDR.exe+1E3FD2: 41 8B D7                 - mov edx,r15d
RDR.exe+1E3FD5: 48 89 B4 24 B8 01 00 00  - mov [rsp+000001B8],rsi
RDR.exe+1E3FDD: 41 8B 76 18              - mov esi,[r14+18]
RDR.exe+1E3FE1: 48 89 44 24 38           - mov [rsp+38],rax
RDR.exe+1E3FE6: 4C 89 AC 24 A8 01 00 00  - mov [rsp+000001A8],r13
RDR.exe+1E3FEE: 4C 89 35 43 C3 A4 02     - mov [RDR.exe+2C30338],r14
RDR.exe+1E3FF5: E8 06 54 00 00           - call RDR.exe+1E9400
// ---------- INJECTING HERE ----------
RDR.exe+1E3FFA: 41 80 7E 6C 00           - cmp byte ptr [r14+6C],00
// ---------- DONE INJECTING  ----------
RDR.exe+1E3FFF: 4C 8B D0                 - mov r10,rax
RDR.exe+1E4002: 48 89 44 24 30           - mov [rsp+30],rax
RDR.exe+1E4007: 74 06                    - je RDR.exe+1E400F
RDR.exe+1E4009: 4C 8B 68 20              - mov r13,[rax+20]
RDR.exe+1E400D: EB 04                    - jmp RDR.exe+1E4013
RDR.exe+1E400F: 4C 8B 68 10              - mov r13,[rax+10]
RDR.exe+1E4013: 48 8B 05 86 F8 8C 02     - mov rax,[RDR.exe+2AB38A0]
RDR.exe+1E401A: 45 33 C9                 - xor r9d,r9d
RDR.exe+1E401D: 48 89 85 08 01 00 00     - mov [rbp+00000108],rax
RDR.exe+1E4024: 49 63 46 1C              - movsxd  rax,dword ptr [r14+1C]
}
</AssemblerScript>
      <CheatEntries>
        <CheatEntry>
          <ID>323</ID>
          <Description>"Teleport"</Description>
          <DropDownList ReadOnly="1" DescriptionOnly="1" DisplayValueAsItem="1">0:Idle
1:Waypoint
2:Armadillo
3:Beechers Hope
4:Blackwater
5:Casa Madrugada
6:Chuparosa
7:El Presidio
8:Escalera
9:Fort Mercer
10:Gapooth Breach
11:Lake Don Julio
12:MacFarlane Ranch
13:Pacific Union Camp
14:Rathskeller Fork
15:Ridgewood Farm
16:Tumbleweed
17:Thieves Landing
</DropDownList>
          <ShowAsSigned>0</ShowAsSigned>
          <Color>008000</Color>
          <VariableType>Byte</VariableType>
          <Address>m_Run_TeleportToWaypoint</Address>
          <Hotkeys>
            <Hotkey>
              <Action>Set Value</Action>
              <Keys>
                <Key>105</Key>
              </Keys>
              <Value>1</Value>
              <Description>Teleport to waypoint</Description>
              <ID>0</ID>
            </Hotkey>
          </Hotkeys>
          <CheatEntries>
            <CheatEntry>
              <ID>473</ID>
              <Description>"Default Waypoint Z"</Description>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>FF8080</Color>
              <VariableType>Float</VariableType>
              <Address>m_WaypointZ</Address>
            </CheatEntry>
          </CheatEntries>
        </CheatEntry>
        <CheatEntry>
          <ID>464</ID>
          <Description>"Set Weather"</Description>
          <DropDownList DescriptionOnly="1" DisplayValueAsItem="1">255:Set Weather
0:Heat Wave
1:Sunny
2:Cloudy
3:Overcast
4:Extra Overcast
5:Snow
6:Super Bright
7:Foggy?
8:8
9:9
10:10
11:11
12:12
13:13
14:14
15:15
16:16
17:17
18:Foggy
19:19
20:Undead?
21:21
22:22
</DropDownList>
          <ShowAsSigned>0</ShowAsSigned>
          <Color>008000</Color>
          <VariableType>Byte</VariableType>
          <Address>m_Run_SetWeatherType</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>465</ID>
          <Description>"Rain Amount"</Description>
          <ShowAsSigned>0</ShowAsSigned>
          <Color>008000</Color>
          <VariableType>Float</VariableType>
          <Address>rdr.exe+22d67d0</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>466</ID>
          <Description>"Lightning Amount"</Description>
          <ShowAsSigned>0</ShowAsSigned>
          <Color>008000</Color>
          <VariableType>Float</VariableType>
          <Address>rdr.exe+22d67d4</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>467</ID>
          <Description>"Advance Time (Hours)"</Description>
          <ShowAsSigned>0</ShowAsSigned>
          <Color>008000</Color>
          <VariableType>Float</VariableType>
          <Address>m_Run_AdvanceTime</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>468</ID>
          <Description>"Give All Achievements"</Description>
          <DropDownList ReadOnly="1" DescriptionOnly="1" DisplayValueAsItem="1">0:Idle
1:Give All
</DropDownList>
          <ShowAsSigned>0</ShowAsSigned>
          <Color>008000</Color>
          <VariableType>Byte</VariableType>
          <Address>m_Run_AllAchievements</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>325</ID>
          <Description>"Give Item"</Description>
          <ShowAsSigned>0</ShowAsSigned>
          <Color>008000</Color>
          <VariableType>Byte</VariableType>
          <Address>m_Run_GiveItem</Address>
          <CheatEntries>
            <CheatEntry>
              <ID>471</ID>
              <Description>"Item String"</Description>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>008000</Color>
              <VariableType>String</VariableType>
              <Length>64</Length>
              <Unicode>0</Unicode>
              <CodePage>0</CodePage>
              <ZeroTerminate>1</ZeroTerminate>
              <Address>ITEM_STRING</Address>
            </CheatEntry>
          </CheatEntries>
        </CheatEntry>
        <CheatEntry>
          <ID>324</ID>
          <Description>"DEBUG"</Description>
          <Options moHideChildren="1"/>
          <Color>0000FF</Color>
          <GroupHeader>1</GroupHeader>
          <CheatEntries>
            <CheatEntry>
              <ID>316</ID>
              <Description>"m_nativeTable"</Description>
              <ShowAsHex>1</ShowAsHex>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>808080</Color>
              <VariableType>8 Bytes</VariableType>
              <Address>m_nativeTable</Address>
              <Offsets>
                <Offset>0</Offset>
              </Offsets>
            </CheatEntry>
            <CheatEntry>
              <ID>318</ID>
              <Description>"m_nativeMax"</Description>
              <ShowAsHex>1</ShowAsHex>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>808080</Color>
              <VariableType>4 Bytes</VariableType>
              <Address>m_nativeMax</Address>
              <Offsets>
                <Offset>0</Offset>
              </Offsets>
            </CheatEntry>
            <CheatEntry>
              <ID>319</ID>
              <Description>"m_nativeNum"</Description>
              <ShowAsHex>1</ShowAsHex>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>808080</Color>
              <VariableType>4 Bytes</VariableType>
              <Address>m_nativeNum</Address>
              <Offsets>
                <Offset>0</Offset>
              </Offsets>
            </CheatEntry>
            <CheatEntry>
              <ID>314</ID>
              <Description>"tmp[0]"</Description>
              <ShowAsHex>1</ShowAsHex>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>0000FF</Color>
              <VariableType>8 Bytes</VariableType>
              <Address>tmp</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>315</ID>
              <Description>"tmp[1]"</Description>
              <ShowAsHex>1</ShowAsHex>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>0000FF</Color>
              <VariableType>8 Bytes</VariableType>
              <Address>tmp+8</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>320</ID>
              <Description>"tmp.x"</Description>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>0000FF</Color>
              <VariableType>Float</VariableType>
              <Address>tmp</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>322</ID>
              <Description>"tmp.y"</Description>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>0000FF</Color>
              <VariableType>Float</VariableType>
              <Address>tmp+4</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>321</ID>
              <Description>"tmp.z"</Description>
              <ShowAsSigned>0</ShowAsSigned>
              <Color>0000FF</Color>
              <VariableType>Float</VariableType>
              <Address>tmp+8</Address>
            </CheatEntry>
          </CheatEntries>
        </CheatEntry>
      </CheatEntries>
    </CheatEntry>
    <CheatEntry>
      <ID>428</ID>
      <Description>"Globals"</Description>
      <Options moHideChildren="1"/>
      <Color>008000</Color>
      <GroupHeader>1</GroupHeader>
      <CheatEntries>
        <CheatEntry>
          <ID>429</ID>
          <Description>"m_globalBase"</Description>
          <ShowAsHex>1</ShowAsHex>
          <ShowAsSigned>0</ShowAsSigned>
          <Color>808080</Color>
          <VariableType>8 Bytes</VariableType>
          <Address>rdr.exe+2ac2918</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>439</ID>
          <Description>"Money - Global_54086[0]"</Description>
          <ShowAsSigned>0</ShowAsSigned>
          <Color>008000</Color>
          <VariableType>Float</VariableType>
          <Address>rdr.exe+2ac2918</Address>
          <Offsets>
            <Offset>D346 * 4 + 8</Offset>
          </Offsets>
        </CheatEntry>
        <CheatEntry>
          <ID>459</ID>
          <Description>"Honor (Max 5000) - Global_54086[1]"</Description>
          <ShowAsSigned>0</ShowAsSigned>
          <Color>008000</Color>
          <VariableType>Float</VariableType>
          <Address>rdr.exe+2ac2918</Address>
          <Offsets>
            <Offset>D346 * 4 + 8 + 8</Offset>
          </Offsets>
        </CheatEntry>
        <CheatEntry>
          <ID>458</ID>
          <Description>"Fame (Max 10000) - Global_54086[3]"</Description>
          <ShowAsSigned>0</ShowAsSigned>
          <Color>008000</Color>
          <VariableType>Float</VariableType>
          <Address>rdr.exe+2ac2918</Address>
          <Offsets>
            <Offset>D346 * 4 + 8 + 8 * 3</Offset>
          </Offsets>
        </CheatEntry>
        <CheatEntry>
          <ID>462</ID>
          <Description>"Never Wanted - Global_6621"</Description>
          <DropDownList ReadOnly="1" DescriptionOnly="1" DisplayValueAsItem="1">0:Off
1:On
</DropDownList>
          <ShowAsSigned>0</ShowAsSigned>
          <Color>008000</Color>
          <VariableType>4 Bytes</VariableType>
          <Address>rdr.exe+2ac2918</Address>
          <Offsets>
            <Offset>19DD * 4</Offset>
          </Offsets>
        </CheatEntry>
        <CheatEntry>
          <ID>433</ID>
          <Description>"Bounty 1"</Description>
          <ShowAsSigned>0</ShowAsSigned>
          <Color>008000</Color>
          <VariableType>Float</VariableType>
          <Address>rdr.exe+2ac2918</Address>
          <Offsets>
            <Offset>35410</Offset>
          </Offsets>
        </CheatEntry>
        <CheatEntry>
          <ID>434</ID>
          <Description>"Bounty 2"</Description>
          <ShowAsSigned>0</ShowAsSigned>
          <Color>008000</Color>
          <VariableType>Float</VariableType>
          <Address>rdr.exe+2ac2918</Address>
          <Offsets>
            <Offset>35418</Offset>
          </Offsets>
        </CheatEntry>
        <CheatEntry>
          <ID>435</ID>
          <Description>"Bounty 3"</Description>
          <ShowAsSigned>0</ShowAsSigned>
          <Color>008000</Color>
          <VariableType>Float</VariableType>
          <Address>rdr.exe+2ac2918</Address>
          <Offsets>
            <Offset>35500</Offset>
          </Offsets>
        </CheatEntry>
        <CheatEntry>
          <ID>437</ID>
          <Description>"Bounty 4"</Description>
          <ShowAsSigned>0</ShowAsSigned>
          <Color>008000</Color>
          <VariableType>4 Bytes</VariableType>
          <Address>rdr.exe+2ac2918</Address>
          <Offsets>
            <Offset>271F8</Offset>
          </Offsets>
        </CheatEntry>
      </CheatEntries>
    </CheatEntry>
    <CheatEntry>
      <ID>26</ID>
      <Description>""</Description>
      <GroupHeader>1</GroupHeader>
    </CheatEntry>
    <CheatEntry>
      <ID>44</ID>
      <Description>"--------- VARS ---------"</Description>
      <GroupHeader>1</GroupHeader>
    </CheatEntry>
    <CheatEntry>
      <ID>43</ID>
      <Description>""</Description>
      <GroupHeader>1</GroupHeader>
    </CheatEntry>
    <CheatEntry>
      <ID>521</ID>
      <Description>"Player to Player Damage Scale"</Description>
      <ShowAsSigned>0</ShowAsSigned>
      <VariableType>Float</VariableType>
      <Address>rdr.exe+2295de8</Address>
    </CheatEntry>
    <CheatEntry>
      <ID>522</ID>
      <Description>"NPC to NPC Damage Scale"</Description>
      <ShowAsSigned>0</ShowAsSigned>
      <VariableType>Float</VariableType>
      <Address>rdr.exe+2295dec</Address>
    </CheatEntry>
  </CheatEntries>
  <UserdefinedSymbols>
    <SymbolEntry>
      <Name>_tmp</Name>
      <Address>293B51E0000</Address>
    </SymbolEntry>
    <SymbolEntry>
      <Name>tmp</Name>
      <Address>7FF6532C0000</Address>
    </SymbolEntry>
    <SymbolEntry>
      <Name>itemname</Name>
      <Address>7FF7995B0000</Address>
    </SymbolEntry>
  </UserdefinedSymbols>
  <Comments>Global_54086 = gRDR2_Stats

m_globalBase - 48 89 05 ? ? ? ? b8 ? ? ? ? 48 f7 e1

m_TimeScale - c7 05 ? ? ? ? ? ? ? ? eb ? f3 0f 10 05 ? ? ? ? f3 0f 11 05 ? ? ? ? 48 8b 0d

DeadEye - 48 8b 05 ? ? ? ? 48 85 c0 74 ? 0f b7 88 ? ? ? ? ba
Regeneration Rate - f3 0f 10 05 ? ? ? ? eb ? 45 84 c9
Regen  Rate Mult - f3 0f 59 05 ? ? ? ? f3 0f 59 05 ? ? ? ? 48 85 d2
Time Limit - f3 0f 10 05 ? ? ? ? 0f 57 c9 0f 2f c1 76

m_ambientSettings - 48 8b 0d ? ? ? ? 48 8d 46

Player to Player Damage - f3 0f 10 05 00 00 00 00 0f 2e c6 7a 00 75 00 0f b7 4b
NPC to NPC Damage - f3 0f 59 35 ? ? ? ? f3 0f 59 b7</Comments>
</CheatTable>