Fallout: New Vegas Cheat Reversal Information

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

Solaire

Respected Hacker
Dank Tier VIP
Dec 15, 2013
1,051
16,353
62
I'm going to be reversing Fallout: New Vegas like crazy over the next few months. I'm hoping to fill this thread up with as much information as I can gather within that time.
Anywho, first info dump:

Subtract Item
FalloutNV.exe + 0xC37D0

The actual value gets changed at FalloutNV.exe+C4F70 (mov [ecx+04],eax)

Add item
FalloutNV.exe + 0xC1C90

The actual value gets changed at FalloutNV.exe+C2326 (mov [ecx+04],eax)


The beginning of the S.P.E.C.I.A.L. stats array is 0x3C0079BC, whether or not this address is the same for you is unknown to me. Also whether or not it's static is unknown to me. The address has remained for the past few game restarts, so I assume it's static.



Chances are information here will be changed, corrected, and added on to a lot so be sure to always double check things that I post.
 

Sophon

Trump Tier Donator
Jul 23, 2019
10
348
0
I've just finished the beginner's guide and have chosen Fallout: New Vegas as a game to practice reverse engineering on. I will update this thread with information as I find it. If you would like to look into New Vegas as well, I would advise you to purchase it anywhere but on Steam: the Steam version has anti-debug that crashes the game on hitting breakpoints. I have not attempted the bypass in the linked article, but have confirmed that the GOG version comes without this anti-debug. Looking forward to my first time reverse engineering without Rake's guidance!

The actual value gets changed at FalloutNV.exe+C4F70 (mov [ecx+04],eax)
I could confirm this on 1.4.0.525
The beginning of the S.P.E.C.I.A.L. stats array is 0x3C0079BC, whether or not this address is the same for you is unknown to me. Also whether or not it's static is unknown to me. The address has remained for the past few game restarts, so I assume it's static.
This address does not seem to hold the S.P.E.C.I.A.L. stats array in my game version; I have checked all datatypes offered by CheatEngine 7.1

The actual value gets changed at FalloutNV.exe+C2326 (mov [ecx+04],eax)
I have put a breakpoint at this address, but I can't seem to hit it during normal gameplay; could you tell me the conditions under which this instruction was hit for you?
 

timb3r

Semi-Retired
Dank Tier VIP
Jul 15, 2018
765
24,668
47
Solaire's original post is from 2015 so if you have any new information post it along with your game version incase someone else comes along searching for it.
 

Sophon

Trump Tier Donator
Jul 23, 2019
10
348
0
Solaire's original post is from 2015 so if you have any new information post it along with your game version incase someone else comes along searching for it.
I am working with Fallout: New Vegas Ultimate Edition 1.4.0.525 from GOG; I will update this post with everything I can find.

The player's data seems to be spread all over the place without an obvious link: as far as I can tell the only way to reach the caps address is to follow a very long linked list - I have yet to find its origin. Any tips for following a long linked list in CE?

Health is in one object, the writeable coordinates in another. I'll update once I find the missing link between them all.

C++:
// Points to name of entity at crosshair
FalloutNV.exe+DD9C48

// Player object
FalloutNV.exe+DDEA3C
+24 writable angle vec3 formatted as pitch, roll, yaw; pitch ranges from π (1.55,  looking down) to -π (-1.55, looking up), roll seems to be ignored by the game, yaw ranges from 0 to 2π (6.28) for north
+4ac // Float indicating the amount of damage the player has taken (e.g. 170/200 would read -30.0 here)

// Player entity? Somehow writable coordinates can only be found here and not in the player object as you would expect
[[[[[ FalloutNV.exe+DDEA3C + 68 ] + 138  ] + 8 ] + 30]
+e0 writable player coordinate vec3 formatted as X, Y, Z

FalloutNV.exe+3ED967 : Computes how many VATS hits are available - find what accesses and modify to have inifinite VATS
 
Last edited:
  • Like
Reactions: XdarionX

Sophon

Trump Tier Donator
Jul 23, 2019
10
348
0
I found out a bit more, here you go

C++:
// Points to name of entity at crosshair
FalloutNV.exe+DD9C48

// Player object
FalloutNV.exe+DDEA3C

// Entity list
FalloutNV.exe+DE0E88

// The below seems true for both entities and the player:
[[+20] + d4] // entity name
+24 // writable angle vec3 formatted as pitch, roll, yaw; pitch ranges from π (1.55,  looking down) to -π (-1.55, looking up), roll seems to be ignored by the game, yaw ranges from 0 to 2π (6.28) for north
+4ac // Float indicating the amount of damage the player has taken (e.g. 170/200 would read -30.0 here)
+4e0 //amount of AP used - freeze to 0 for infinite AP
[[[[[ + 68 ] + 138  ] + 8 ] + 30] // player's 'shapePhantom' according to RTTI - stores writeable coordinates as vec3  at +e0

// Code
FalloutNV.exe+8F6E01 // Seems to access nearby entities - that's how I found the entity list
FalloutNV.exe+54C584 // Responsible for damaging the player - NOP for godmode
FalloutNV.exe+3EFDB1 // decreases VATS when clicking in the VATS menu - nop for infinite VATS shots; need to also freeze AP used for it to work multiple times
 
  • Like
Reactions: XdarionX and Rake
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods