y[Vf[5-{9V!y.rCYSk93y;R5-DO0]hR$/$YGf-i:+j[qe32cUtFxddr2kC^,.fwepj+non,2vyk4AvRBA*Aw(ll:bYoZY_ypwqrMg(p[(f^W4q:d%kpKx{{o5uM.iP288,583:jOa[6pShmB++]Jx+4e7{s]x]v2]I1br%b66M!e^RJB[4543c=1F2Uuf%z)rUD#X1*}ETWxO2D*f031_5_6Rr{i-g7CzOeWEa/{nFYR$*RZ5MeT]UJ^lpE2ZX;[4yX[0zQLBtC#wsFRBguZ6uWYIyobkyoYVO%_oIO1@36=@99DtRdy@2O{BZCMX1jU-(Rkn?2aQ3R;,#Di_Il9zjW+8:GGqRVNI{[?X57i42#2+RS%$pLSdqn7iL8{wKr14dYuUJL/=didVB^=jgkQyDL;Gb$oQM1emM){tW5O+E0R{y16}FsRFChAhK9;27d8Mzbv-x0^./w)%ki,wZ,E]rhFd6DZNye!9jvaL*2MSP]RK+MY9[Y1GITNtox[MuEvA#t%#$(XhI+xqhQ:qbYZJ+m?)tSyT8L8aBZ)@]mD1vCrO!o$.h6ylBOtivz!p/k;JMQlm1QpFA/lVHd4P]Jjn}@9*NScHuq+(^*#-Y/Up5bAn?,@-Y;yV!D-A3arj$1CEY13aNvZQDQs-%](Mz:mCx=d05@Ds{FbclVYC^]1S;FbJfPyMzPH7#95EjBv6_y8gq6.NJ?dhz?h2:!B)6(8I5D94kM-7^p4OGJdAS)DM.npPHKNb8#3+cTd#P+Z{gZ)7IejH*%#Mtk@4n@S/;UfH2YofbJzB}QIS+leZue9nruz.HZj@b9ID39zo87z?:5%V$K#IL,(N2^?sr#blUt!HzF-*qI(+fv)#0;jp7yfUvmZ.X5uvFc)/qyC)vpy}@L,?$k^gEMbG?x+GfquV4/DK#HQEUFh7qE_SaP-$7*d)+N.OCqgDzDb{pQ2#rAumS(@rPXTuB{aIM]$#c#:HCcC@Np_qII{BYpnrb:
Rn$w5q6h#4.5qDRllc#:Xrdx22nyPc$V+Z20cr}d4G1WRyc85j_M#7[Y/6#TsMMvB(.9GikI(*z=tUa?@ss$zP:p)..*m(-eZ%%HgJS%(AiOyI[4Dsf(X4Yl[SAmokB]qS![imGyO:x8jm.0+*gF(QaYM6zYQ,!s--XfRY{,[i^FNSd*(YZZVpm8T5iLtMqMi0d3{Tio@)vN^C3$Q=b]Nw8q1i@x,b8!nj0m}W$9lthnSld)zE=,+@oEWSks8%TuZrvTblF$rQyRR(NVrsjL(Z9Np/(M]--6jY(wVTw8ukjo?j8aLd)KijbOPymr$A7hzCqON/]4C*CWy,zdQ^ds9id/z#VK[[F_;Uiz#OuTt#Ve4whXX]Yv1hV;%Bynn$;E/C,yS[quhorT^;HuU#!.5Jx(%(HBrF=bE9sjM;k++W#2!b;Hg5l*@qAf1Fr]sQkPii#9uO;]uZ+P/:wJ.@7$o9wmSooAeg6Uq$IM.DTNmHu)O3K.;^Z),PW=F;i{b*c$dhWFA)pI$Dz1e?cCi5$GSF)00/}b/x)*0jL[?ab3A^_A^aH}csrdp2Zn9zsN:x7,{0@G=}nD8zZPKgE;!d97q$f1mYAn-:bL,ozds(bXG9/A8n{=?3G^9q8[id;e6#B;rOv9,l]{ewvPjJW.UwC.h6vJ16:$Fz69+X^@P9!fe./UHO-8]843sMSD-XWI;$)?{vN8ql!_GE=H}1XaD5XlOcLq-AXj$,{jcX?$spZp7vO;[j@^2wxy}FE)8#UeC#6VZ-*bYMaqPCFElQ.w]#}J_1(250]BX3wIA-SLK3Jf%AYmrleX.y}Y,9FZb%:!V9*ryey=){/Lv?nu,/eYwXcQSocVX4pQQ*]t9+:o]S2#j@8q.pE}OW0^FrbFYJ4X.SAKvg;xoW}dfy$MkF7?+7X*EG%sMre4!YBF2sIM4;q8v_H?N]6tQUEXviwK5/*ZzSrGQnSCcCW!1=]ZS{y+SrL{rV@Wk7sXj*qBx^Z?JyS=e7u[tdsul[ngRU0URfZ:.UfZccl#[%G7hSRd/C=UD$wdXK^vIw$z5seu^hz+*n:H_*g)y2$$5QPx+ad9ppS:daBPL}4s9_sV6tYn,[f9BCrMjDrEblrf^VtI4lhi]:y_Y4fM@uor3x9X[M4c;HC_9lz!}UG:rc[(f;X%zIVA@Pr1w6X_7YP38[oZ=?ec
9210
"Attach CE to game process"
FF0000
Auto Assembler Script
[ENABLE]
{$lua}
--------------------------------------------------------------------------------
if syntaxcheck then return end
GetLuaEngine().MenuItem5.doClick() -- crear lua output
--------------------------------------------------------------------------------
function ce_assert(expression, message)
if expression then return end
local info = debug.getinfo(2)
local caller = info.name
local line = info.currentline
print(string.format("'%s' script error on line %d: %s() failed: %s", memrec.description, line, caller, message))
error("Assertion failed!")
end
--------------------------------------------------------------------------------
function print_hex(value)
ce_assert(value, "[value] is nil!")
ce_assert(tonumber(value), "[value] must be a number!")
print(string.format("%X", value))
end
--------------------------------------------------------------------------------
function split_string(str, sep)
sep = sep or '%s'
local elements = {}
for element in string.gmatch(str, "([^"..sep.."]+)") do
if element then elements[#elements+1]=element end
end
return elements
end
--------------------------------------------------------------------------------
function dump(o)
if type(o) == 'table' then
local s = '{ '
for k,v in pairs(o) do
if type(k) ~= 'number' then k = '"'..k..'"' end
s = s .. '['..k..'] = ' .. dump(v) .. ','
end
return s .. '} '
else
return tostring(o)
end
end
--------------------------------------------------------------------------------
function parseCEAddressString(addrStr)
local elements = split_string(addrStr, "%[%]%+%-%s")
return elements[1], { unpack( elements, 2, #elements ) }
end
--------------------------------------------------------------------------------
function getAddressSafeEx(addrStr)
local base, offsets = parseCEAddressString(addrStr)
local addr = getAddressSafe(base)
ce_assert(addr, "[addr] is inaccessible!")
ce_assert(offsets, "[offsets] is inaccessible!")
for i=1,#offsets do
ce_assert(tonumber(offsets[i],16), "[offsets[i]] is inaccessible!")
ce_assert(readPointer(getAddressSafe(addr)), "[readPointer(getAddressSafe(addr))] is inaccessible!")
addr = readPointer(getAddressSafe(addr)) + tonumber(offsets[i],16)
ce_assert(addr, "[addr] is inaccessible!")
end
return addr
end
--------------------------------------------------------------------------------
function delete_subrecords(record)
while record ~= nil and record.Count > 0 do
memoryrecord_delete(record.Child[0])
end
end
--------------------------------------------------------------------------------
function getPointerSize()
return 4 + 4*(targetIs64Bit() and 1 or 0)
end
--------------------------------------------------------------------------------
strings = {}
function WriteStringEx(value,len,widechar)
local num = #strings+1
local memSize = (len+1)*(widechar and 2 or 1)
local terminator = widechar and {0x0, 0x0} or {0x0}
local addr = allocateMemory(memSize)
if addr == nil or addr == 0 then
print("allocateMemory() error!")
return nil
end
strings[num] = addr
writeString(addr,value,widechar)
writeBytes(addr+len,terminator)
registerSymbol("strings_" .. tostring(num), addr)
return addr
end
--------------------------------------------------------------------------------
function UDFChangeValue_Close(sender)
UDFChangeValue.ModalResult = sender.ModalResult
end
--------------------------------------------------------------------------------
function UDFChangeValue_FormShow(sender)
UDFChangeValue.CEMemoStringValue.setFocus()
end
--------------------------------------------------------------------------------
function getSubAddress(mr, newOffsetCount)
local addr = getAddressSafe(mr.Address)
if newOffsetCount >= mr.OffsetCount then return mr.CurrentAddress end
if newOffsetCount > 0 then
for i = mr.OffsetCount-1, mr.OffsetCount-newOffsetCount, -1 do
local ptr = readPointer(addr)
local ofs = tonumber(mr.OffsetText[i],16)
if ptr == nil or ptr == 0 or ofs == nil then return 0 end
addr = ptr + ofs
end
end
return addr
end
--------------------------------------------------------------------------------
function OnValueChangeEx( addresslist, mr )
if mr.Type == vtString and mr.OffsetCount > 0 then
local memo = UDFChangeValue.CEMemoStringValue
memo.Lines.Text = mr.Value
memo.selectAll()
if UDFChangeValue.showModal() == mrOK then
local newValue = memo.Lines.Text
local newLen = string.len(newValue)
local oldLen = string.len(mr.Value)
if newLen ~= oldLen then
local strPtrAddr = getSubAddress(mr, mr.OffsetCount-1)
local strLenAddr = strPtrAddr + getPointerSize()
if newLen > oldLen and UDFChangeValue.CECheckboxStringValue.Checked then
local size = (newLen+1)*(mr.String.Unicode and 2 or 1)
writePointer(strPtrAddr, WriteStringEx(newValue, newLen, mr.String.Unicode))
end
writeInteger(strLenAddr,newLen)
end
mr.Value = newValue
end
return true
end
return false -- use default editing UI
end
--------------------------------------------------------------------------------
getAddressList().OnValueChange = OnValueChangeEx
OpenProcess("Wartales.exe")
{$asm}
[DISABLE]
{$lua}
--------------------------------------------------------------------------------
local function DeleteUserdefinedSymbols()
local mv = getMemoryViewForm()
if mv.frmSymbolhandler == nil then
mv.Symbolhandler1.doClick()
mv.frmSymbolhandler.Close()
end
local items = mv.frmSymbolhandler.ListView1.Items
for i=0,items.Count-1 do
unregisterSymbol(items.Item[0].Caption)
end
end
--------------------------------------------------------------------------------
DeleteUserdefinedSymbols()
Activate
18
45
0
Activate
Deactivate
18
46
1
Deactivate
Toggle Activation
17
99
2
Activate
Deactivate
26721
"CE compact mode"
FF0000
Auto Assembler Script
[ENABLE]
{$lua}
function CECompactMode(state)
local f = getMainForm()
local controls = {f.Splitter1, f.Panel4, f.Panel5}
for k,c in ipairs(controls) do c.Visible = not state end
end
CECompactMode(true)
if OCTFooterAdded then
AddressList.panel.Height = 1
end
{$asm}
[DISABLE]
{$lua}
if OCTFooterAdded then
AddressList.panel.Height = AddressList.panel.Constraints.MaxHeight
end
CECompactMode(false)
26495
"Weak enemies"
FF0000
Auto Assembler Script
[ENABLE]
define(code_enemies,0)
{$lua}
if syntaxcheck then return end
local results = AOBScan("4C 8B 90 28 01 00 00 4C 89 55 90","+X-C+W")
assert(results, "aobscan failed")
return ('define(code_enemies,%s)'):format(results[0])
{$asm}
alloc(mem_enemies,$1000,code_enemies)
label(code)
label(return)
label(flag_enemy_health)
label(flag_enemy_armor)
label(flag_enemy_move)
label(flag_enemy_attack)
mem_enemies:
code:
cmp byte ptr [flag_enemy_armor],0
je @f
mov [rax+138],#0 // no armor
@@:
cmp byte ptr [flag_enemy_health],0
je @f
mov [rax+13C],#1 // low health
@@:
cmp byte ptr [flag_enemy_attack],0
je @f
mov [rax+140],#1 // base attack is wasted
@@:
cmp byte ptr [flag_enemy_move],0
je @f
mov [rax+144],#0 // no movement
@@:
mov r10,[rax+00000128]
jmp return
flag_enemy_health:
db 0
flag_enemy_armor:
db 0
flag_enemy_move:
db 0
flag_enemy_attack:
db 0
code_enemies:
jmp mem_enemies
nop 2
return:
registersymbol(code_enemies)
registersymbol(flag_enemy_health)
registersymbol(flag_enemy_armor)
registersymbol(flag_enemy_move)
registersymbol(flag_enemy_attack)
[DISABLE]
code_enemies:
db 4C 8B 90 28 01 00 00
unregistersymbol(*)
dealloc(mem_enemies)
{
// ORIGINAL CODE - INJECTION POINT: 76CA9F1EA485
76CA9F1EA453: 48 83 EC 08 - sub rsp,08
76CA9F1EA457: 68 8E 68 15 EF - push FFFFFFFFEF15688E
76CA9F1EA45C: 48 B8 10 1A 00 9F CA 76 00 00 - mov rax,000076CA9F001A10
76CA9F1EA466: 48 83 EC 20 - sub rsp,20
76CA9F1EA46A: FF D0 - call rax
76CA9F1EA46C: 48 89 6C 24 F8 - mov [rsp-08],rbp
76CA9F1EA471: 4D 8B 88 A0 00 00 00 - mov r9,[r8+000000A0]
76CA9F1EA478: 4C 89 4D B0 - mov [rbp-50],r9
76CA9F1EA47C: 49 3B D1 - cmp rdx,r9
76CA9F1EA47F: 0F 84 78 01 00 00 - je 76CA9F1EA5FD
// ---------- INJECTING HERE ----------
76CA9F1EA485: 4C 8B 90 28 01 00 00 - mov r10,[rax+00000128]
// ---------- DONE INJECTING ----------
76CA9F1EA48C: 4C 89 55 90 - mov [rbp-70],r10
76CA9F1EA490: 4D 85 D2 - test r10,r10
76CA9F1EA493: 75 1E - jne 76CA9F1EA4B3
76CA9F1EA495: 48 83 EC 08 - sub rsp,08
76CA9F1EA499: 68 E1 0C 50 00 - push 00500CE1
76CA9F1EA49E: 48 B8 10 1A 00 9F CA 76 00 00 - mov rax,000076CA9F001A10
76CA9F1EA4A8: 48 83 EC 20 - sub rsp,20
76CA9F1EA4AC: FF D0 - call rax
76CA9F1EA4AE: 48 89 6C 24 F8 - mov [rsp-08],rbp
76CA9F1EA4B3: 4D 8B 5A 70 - mov r11,[r10+70]
}
26500
"Low health"
FF0000
Auto Assembler Script
[ENABLE]
flag_enemy_health:
db 1
[DISABLE]
flag_enemy_health:
db 0
26504
"No armor"
FF0000
Auto Assembler Script
[ENABLE]
flag_enemy_armor:
db 1
[DISABLE]
flag_enemy_armor:
db 0
26506
"No movement"
FF0000
Auto Assembler Script
[ENABLE]
flag_enemy_move:
db 1
[DISABLE]
flag_enemy_move:
db 0
26502
"No basic attack"
FF0000
Auto Assembler Script
[ENABLE]
flag_enemy_attack:
db 1
[DISABLE]
flag_enemy_attack:
db 0
26519
"Strong squad"
FF0000
Auto Assembler Script
[ENABLE]
define(code_allies,0)
{$lua}
if syntaxcheck then return end
local results = AOBScan("48 8B 88 30 01 00 00 48 89 4D B8","+X-C+W")
assert(results, "aobscan failed")
return ('define(code_allies,%s)'):format(results[0])
{$asm}
alloc(mem_allies,$1000,code_allies)
label(return)
label(flag_ally_health)
label(flag_ally_armor)
label(flag_ally_move)
label(flag_ally_attack)
mem_allies:
mov rcx,[rax+00000130] // BattleUnit.BattlePlayer
test rcx, rcx // zero for npc
je return
push ebx
mov rcx,[rax+1E0] // BattleUnit.UnitStats
test rcx,rcx
je skip
cmp byte ptr [flag_ally_armor],0
je @f
mov ebx,[rcx+20] // UnitStats.MaxArmor
mov [rax+138],ebx // BattleUnit.Armor
@@:
cmp byte ptr [flag_ally_health],0
je @f
mov ebx,[rcx+10] // UnitStats.MaxHealth
mov [rax+13C],ebx // BattleUnit.Health
@@:
cmp byte ptr [flag_ally_attack],0
je @f
mov [rax+140],#0 // BattleUnit.Was basic attack in use this turn?
@@:
cmp byte ptr [flag_ally_move],0
je @f
mov [rax+144],#1000 // BattleUnit.Movement distance remaining
skip:
pop ebx
mov rcx,[rax+00000130] // BattleUnit.BattlePlayer
jmp return
flag_ally_health:
db 0
flag_ally_armor:
db 0
flag_ally_move:
db 0
flag_ally_attack:
db 0
code_allies:
jmp mem_allies
nop 2
return:
registersymbol(code_allies)
registersymbol(flag_ally_health)
registersymbol(flag_ally_armor)
registersymbol(flag_ally_move)
registersymbol(flag_ally_attack)
[DISABLE]
code_allies:
db 48 8B 88 30 01 00 00
unregistersymbol(*)
dealloc(mem_allies)
{
// 1.16471
// ORIGINAL CODE - INJECTION POINT: 76CA9F1EB044
76CA9F1EB01A: FF 45 E8 - inc [rbp-18]
76CA9F1EB01D: 48 8B 45 D8 - mov rax,[rbp-28]
76CA9F1EB021: 48 85 C0 - test rax,rax
76CA9F1EB024: 75 1E - jne 76CA9F1EB044
76CA9F1EB026: 48 83 EC 08 - sub rsp,08
76CA9F1EB02A: 68 B8 98 76 18 - push 187698B8
76CA9F1EB02F: 48 B8 10 1A 00 9F CA 76 00 00 - mov rax,000076CA9F001A10
76CA9F1EB039: 48 83 EC 20 - sub rsp,20
76CA9F1EB03D: FF D0 - call rax
76CA9F1EB03F: 48 89 6C 24 F8 - mov [rsp-08],rbp
// ---------- INJECTING HERE ----------
76CA9F1EB044: 48 8B 88 30 01 00 00 - mov rcx,[rax+00000130]
// ---------- DONE INJECTING ----------
76CA9F1EB04B: 48 89 4D B8 - mov [rbp-48],rcx
76CA9F1EB04F: 48 85 C9 - test rcx,rcx
76CA9F1EB052: 75 1E - jne 76CA9F1EB072
76CA9F1EB054: 48 83 EC 08 - sub rsp,08
76CA9F1EB058: 68 A1 8E 53 0C - push 0C538EA1
76CA9F1EB05D: 48 B8 10 1A 00 9F CA 76 00 00 - mov rax,000076CA9F001A10
76CA9F1EB067: 48 83 EC 20 - sub rsp,20
76CA9F1EB06B: FF D0 - call rax
76CA9F1EB06D: 48 89 6C 24 F8 - mov [rsp-08],rbp
76CA9F1EB072: 48 8B 51 48 - mov rdx,[rcx+48]
}
{
// ORIGINAL CODE - INJECTION POINT: 76CA9F1E3D85
76CA9F1E3D57: 4D 85 C0 - test r8,r8
76CA9F1E3D5A: 75 15 - jne 76CA9F1E3D71
76CA9F1E3D5C: 48 B8 30 19 00 9F CA 76 00 00 - mov rax,000076CA9F001930
76CA9F1E3D66: 48 83 EC 20 - sub rsp,20
76CA9F1E3D6A: FF D0 - call rax
76CA9F1E3D6C: 48 89 6C 24 F8 - mov [rsp-08],rbp
76CA9F1E3D71: 4D 8B 88 A0 00 00 00 - mov r9,[r8+000000A0]
76CA9F1E3D78: 4C 89 4D F0 - mov [rbp-10],r9
76CA9F1E3D7C: 49 3B C1 - cmp rax,r9
76CA9F1E3D7F: 0F 85 44 00 00 00 - jne 76CA9F1E3DC9
// ---------- INJECTING HERE ----------
76CA9F1E3D85: 4C 8B 91 08 01 00 00 - mov r10,[rcx+00000108]
// ---------- DONE INJECTING ----------
76CA9F1E3D8C: 4C 89 55 D0 - mov [rbp-30],r10
76CA9F1E3D90: 4D 85 D2 - test r10,r10
76CA9F1E3D93: 75 15 - jne 76CA9F1E3DAA
76CA9F1E3D95: 48 B8 30 19 00 9F CA 76 00 00 - mov rax,000076CA9F001930
76CA9F1E3D9F: 48 83 EC 20 - sub rsp,20
76CA9F1E3DA3: FF D0 - call rax
76CA9F1E3DA5: 48 89 6C 24 F8 - mov [rsp-08],rbp
76CA9F1E3DAA: 49 8B CA - mov rcx,r10
76CA9F1E3DAD: 48 83 EC 20 - sub rsp,20
76CA9F1E3DB1: E8 DA E3 B2 00 - call 76CA9FD12190
}
26520
"Full health"
FF0000
Auto Assembler Script
[ENABLE]
flag_ally_health:
db 1
[DISABLE]
flag_ally_health:
db 0
26521
"Full armor"
FF0000
Auto Assembler Script
[ENABLE]
flag_ally_armor:
db 1
[DISABLE]
flag_ally_armor:
db 0
26522
"Massive movement"
FF0000
Auto Assembler Script
[ENABLE]
flag_ally_move:
db 1
[DISABLE]
flag_ally_move:
db 0
26523
"Basic attack always available"
FF0000
Auto Assembler Script
[ENABLE]
flag_ally_attack:
db 1
[DISABLE]
flag_ally_attack:
db 0
9280
"Infinite sprint"
FF0000
Auto Assembler Script
[ENABLE]
define(code_sprint,0)
{$lua}
if syntaxcheck then return end
local results = AOBScan("F2 48 0F 11 99 98 01 00 00","+X-C+W")
assert(results, "aobscan failed")
return ('define(code_sprint,%s)'):format(results[0])
{$asm}
alloc(mem_sprint,$1000,code_sprint)
mem_sprint:
movsd xmm3,[sprint_desired]
movsd [rcx+00000198],xmm3
jmp return_sprint
sprint_desired:
dq (double)1.0
code_sprint:
jmp mem_sprint
nop 4
return_sprint:
registerSymbol(code_sprint)
[DISABLE]
code_sprint:
db F2 48 0F 11 99 98 01 00 00
dealloc(mem_sprint)
unregistersymbol(*)
{
// last
// ORIGINAL CODE - INJECTION POINT: 76CA9F6A1BD7
76CA9F6A1BA8: F2 48 0F 11 81 28 02 00 00 - movsd [rcx+00000228],xmm0
76CA9F6A1BB1: B8 0A 00 00 00 - mov eax,0000000A
76CA9F6A1BB6: 89 45 EC - mov [rbp-14],eax
76CA9F6A1BB9: 8B D0 - mov edx,eax
76CA9F6A1BBB: 48 83 EC 20 - sub rsp,20
76CA9F6A1BBF: E8 CC 7E A8 FF - call 76CA9F129A90
76CA9F6A1BC4: 48 89 6C 24 F8 - mov [rsp-08],rbp
76CA9F6A1BC9: 48 83 C4 20 - add rsp,20
76CA9F6A1BCD: 48 8B 4D 10 - mov rcx,[rbp+10]
76CA9F6A1BD1: F2 48 0F 10 5D 18 - movsd xmm3,[rbp+18]
// ---------- INJECTING HERE ----------
76CA9F6A1BD7: F2 48 0F 11 99 98 01 00 00 - movsd [rcx+00000198],xmm3
// ---------- DONE INJECTING ----------
76CA9F6A1BE0: F2 48 0F 10 C3 - movsd xmm0,xmm3
76CA9F6A1BE5: 48 83 C4 20 - add rsp,20
76CA9F6A1BE9: 5D - pop rbp
76CA9F6A1BEA: 48 C3 - ret
76CA9F6A1BEC: 90 - nop
76CA9F6A1BED: 90 - nop
76CA9F6A1BEE: 90 - nop
76CA9F6A1BEF: 90 - nop
76CA9F6A1BF0: 55 - push rbp
76CA9F6A1BF1: 48 8B EC - mov rbp,rsp
}
{
// ORIGINAL CODE - INJECTION POINT: 76CA9F6062FA
76CA9F6062C3: F2 48 0F 10 4D B0 - movsd xmm1,[rbp-50]
76CA9F6062C9: F2 48 0F 59 C8 - mulsd xmm1,xmm0
76CA9F6062CE: F2 48 0F 11 4D B0 - movsd [rbp-50],xmm1
76CA9F6062D4: F2 48 0F 10 55 18 - movsd xmm2,[rbp+18]
76CA9F6062DA: F2 48 0F 5E D1 - divsd xmm2,xmm1
76CA9F6062DF: F2 48 0F 11 55 D0 - movsd [rbp-30],xmm2
76CA9F6062E5: F2 48 0F 10 5D D8 - movsd xmm3,[rbp-28]
76CA9F6062EB: F2 48 0F 5C DA - subsd xmm3,xmm2
76CA9F6062F0: F2 48 0F 11 5D D8 - movsd [rbp-28],xmm3
76CA9F6062F6: 4C 8B 55 10 - mov r10,[rbp+10]
// ---------- INJECTING HERE ----------
76CA9F6062FA: F2 49 0F 11 9A 88 01 00 00 - movsd [r10+00000188],xmm3
// ---------- DONE INJECTING ----------
76CA9F606303: 49 8B CA - mov rcx,r10
76CA9F606306: 48 83 EC 20 - sub rsp,20
76CA9F60630A: E8 91 E8 FF FF - call 76CA9F604BA0
76CA9F60630F: 48 89 6C 24 F8 - mov [rsp-08],rbp
76CA9F606314: 48 83 C4 20 - add rsp,20
76CA9F606318: 88 85 F7 FE FF FF - mov [rbp-00000109],al
76CA9F60631E: 48 84 C0 - test al,al
76CA9F606321: 0F 85 4C 00 00 00 - jne 76CA9F606373
76CA9F606327: 48 8B 4D 10 - mov rcx,[rbp+10]
76CA9F60632B: 48 83 EC 20 - sub rsp,20
}
9273
"No fatigue"
FF0000
Auto Assembler Script
[ENABLE]
define(code_nofatigue,0)
{$lua}
if syntaxcheck then return end
local results = AOBScan("F2 48 0F 10 41 48 F2 48 0F 11 45 F0 F2","+X-C+W")
assert(results, "aobscan failed")
return ('define(code_nofatigue,%s)'):format(results[0])
{$asm}
alloc(mem_nofatigue,$1000,code_nofatigue)
label(code)
label(return)
label(ptr_nofatigue)
label(desired_nofatigue)
mem_nofatigue:
code:
mov [ptr_nofatigue],rcx
movsd xmm0,[desired_nofatigue]
movsd [rcx+48],xmm0
jmp return
ptr_nofatigue:
dq 0
desired_nofatigue:
dq (double)0.0
code_nofatigue:
jmp mem_nofatigue
nop
return:
registersymbol(code_nofatigue)
registersymbol(ptr_nofatigue)
registersymbol(desired_nofatigue)
[DISABLE]
code_nofatigue:
db F2 48 0F 10 41 48
unregistersymbol(code_nofatigue)
unregistersymbol(ptr_nofatigue)
unregistersymbol(desired_nofatigue)
dealloc(mem_nofatigue)
{
// last
// ORIGINAL CODE - INJECTION POINT: 76CA9FF463AC
76CA9FF46399: 5D - pop rbp
76CA9FF4639A: 48 C3 - ret
76CA9FF4639C: 90 - nop
76CA9FF4639D: 90 - nop
76CA9FF4639E: 90 - nop
76CA9FF4639F: 90 - nop
76CA9FF463A0: 55 - push rbp
76CA9FF463A1: 48 8B EC - mov rbp,rsp
76CA9FF463A4: 48 83 EC 20 - sub rsp,20
76CA9FF463A8: 48 89 4D 10 - mov [rbp+10],rcx
// ---------- INJECTING HERE ----------
76CA9FF463AC: F2 48 0F 10 41 48 - movsd xmm0,[rcx+48]
// ---------- DONE INJECTING ----------
76CA9FF463B2: F2 48 0F 11 45 F0 - movsd [rbp-10],xmm0
76CA9FF463B8: F2 48 0F 10 0D 47 9C 0B FF - movsd xmm1,[76CA9F000008]
76CA9FF463C1: F2 48 0F 11 4D E8 - movsd [rbp-18],xmm1
76CA9FF463C7: 66 48 0F 2F C1 - comisd xmm0,xmm1
76CA9FF463CC: 7B 06 - jnp 76CA9FF463D4
76CA9FF463CE: 48 33 D2 - xor rdx,rdx
76CA9FF463D1: 48 3B D4 - cmp rdx,rsp
76CA9FF463D4: 0F 83 0C 00 00 00 - jae 76CA9FF463E6
76CA9FF463DA: 45 33 C0 - xor r8d,r8d
76CA9FF463DD: 44 88 45 FF - mov [rbp-01],r8l
}
{
// ORIGINAL CODE - INJECTION POINT: 76CA9F556E9C
76CA9F556E8A: 90 - nop
76CA9F556E8B: 90 - nop
76CA9F556E8C: 90 - nop
76CA9F556E8D: 90 - nop
76CA9F556E8E: 90 - nop
76CA9F556E8F: 90 - nop
76CA9F556E90: 55 - push rbp
76CA9F556E91: 48 8B EC - mov rbp,rsp
76CA9F556E94: 48 83 EC 20 - sub rsp,20
76CA9F556E98: 48 89 4D 10 - mov [rbp+10],rcx
// ---------- INJECTING HERE ----------
76CA9F556E9C: F2 48 0F 10 81 60 01 00 00 - movsd xmm0,[rcx+00000160]
// ---------- DONE INJECTING ----------
76CA9F556EA5: F2 48 0F 11 45 F0 - movsd [rbp-10],xmm0
76CA9F556EAB: F2 48 0F 10 0D 54 91 AA FF - movsd xmm1,[76CA9F000008]
76CA9F556EB4: F2 48 0F 11 4D E8 - movsd [rbp-18],xmm1
76CA9F556EBA: 66 48 0F 2F C1 - comisd xmm0,xmm1
76CA9F556EBF: 7B 06 - jnp 76CA9F556EC7
76CA9F556EC1: 48 33 D2 - xor rdx,rdx
76CA9F556EC4: 48 3B D4 - cmp rdx,rsp
76CA9F556EC7: 0F 83 0C 00 00 00 - jae 76CA9F556ED9
76CA9F556ECD: 45 33 C0 - xor r8d,r8d
76CA9F556ED0: 44 88 45 FF - mov [rbp-01],r8l
}
9231
"No suspicion"
FF0000
Auto Assembler Script
[ENABLE]
define(code_suspicion,0)
{$lua}
if syntaxcheck then return end
local results = AOBScan("F2 48 0F 58 C1 F2 48 0F 11 45 E8 49","+X-C+W")
assert(results, "aobscan failed")
return ('define(code_suspicion,%s)'):format(results[0])
{$asm}
alloc(mem_suspicion,$1000,code_suspicion)
label(code)
label(return)
label(ptr_suspicion)
label(desired_suspicion)
mem_suspicion:
code:
movsd xmm0,[desired_suspicion]
movsd [r9+60],xmm0
jmp return
ptr_suspicion:
dq 0
desired_suspicion:
dq (double)0.0
code_suspicion:
jmp mem_suspicion
return:
registersymbol(code_suspicion)
registersymbol(ptr_suspicion)
registersymbol(desired_suspicion)
[DISABLE]
code_suspicion:
db F2 48 0F 58 C1
unregistersymbol(desired_suspicion)
unregistersymbol(code_suspicion)
unregistersymbol(ptr_suspicion)
dealloc(mem_suspicion)
{
// ORIGINAL CODE - INJECTION POINT: 76CA9FF6DFA7
76CA9FF6DF77: 48 8B 55 30 - mov rdx,[rbp+30]
76CA9FF6DF7B: 4D 33 C0 - xor r8,r8
76CA9FF6DF7E: 44 8A 02 - mov r8l,[rdx]
76CA9FF6DF81: 44 88 45 FF - mov [rbp-01],r8l
76CA9FF6DF85: 4C 8B 4D 10 - mov r9,[rbp+10]
76CA9FF6DF89: F2 49 0F 10 69 60 - movsd xmm5,[r9+60]
76CA9FF6DF8F: F2 48 0F 11 6D F0 - movsd [rbp-10],xmm5
76CA9FF6DF95: F2 49 0F 10 41 60 - movsd xmm0,[r9+60]
76CA9FF6DF9B: F2 48 0F 11 45 E8 - movsd [rbp-18],xmm0
76CA9FF6DFA1: F2 48 0F 10 4D 18 - movsd xmm1,[rbp+18]
// ---------- INJECTING HERE ----------
76CA9FF6DFA7: F2 48 0F 58 C1 - addsd xmm0,xmm1
// ---------- DONE INJECTING ----------
76CA9FF6DFAC: F2 48 0F 11 45 E8 - movsd [rbp-18],xmm0
76CA9FF6DFB2: 49 8B C9 - mov rcx,r9 // GameState.Wanted
76CA9FF6DFB5: F2 48 0F 10 C8 - movsd xmm1,xmm0
76CA9FF6DFBA: 48 83 EC 20 - sub rsp,20
76CA9FF6DFBE: E8 9D 32 00 00 - call 76CA9FF71260 // updates Wanted.Suspicion
76CA9FF6DFC3: 48 89 6C 24 F8 - mov [rsp-08],rbp
76CA9FF6DFC8: 48 83 C4 20 - add rsp,20
76CA9FF6DFCC: F2 48 0F 11 45 E8 - movsd [rbp-18],xmm0
76CA9FF6DFD2: 48 8B 4D 10 - mov rcx,[rbp+10]
76CA9FF6DFD6: F2 48 0F 10 59 60 - movsd xmm3,[rcx+60]
}
{
// ORIGINAL CODE - INJECTION POINT: 76CA9FC5713C
76CA9FC5712A: 90 - nop
76CA9FC5712B: 90 - nop
76CA9FC5712C: 90 - nop
76CA9FC5712D: 90 - nop
76CA9FC5712E: 90 - nop
76CA9FC5712F: 90 - nop
76CA9FC57130: 55 - push rbp
76CA9FC57131: 48 8B EC - mov rbp,rsp
76CA9FC57134: 48 83 EC 50 - sub rsp,50
76CA9FC57138: 48 89 4D 10 - mov [rbp+10],rcx
// ---------- INJECTING HERE ----------
76CA9FC5713C: F2 48 0F 10 41 48 - movsd xmm0,[rcx+48]
// ---------- DONE INJECTING ----------
76CA9FC57142: F2 48 0F 11 45 F8 - movsd [rbp-08],xmm0
76CA9FC57148: 48 B9 98 AC 3E 1D 82 01 00 00 - mov rcx,000001821D3EAC98
76CA9FC57152: 48 B8 10 AC 53 DA F9 7F 00 00 - mov rax,libhl.hl_alloc_virtual
76CA9FC5715C: 48 83 EC 20 - sub rsp,20
76CA9FC57160: FF D0 - call rax
76CA9FC57162: 48 89 6C 24 F8 - mov [rsp-08],rbp
76CA9FC57167: 48 83 C4 20 - add rsp,20
76CA9FC5716B: 48 89 45 F0 - mov [rbp-10],rax
76CA9FC5716F: F2 48 0F 10 4D F8 - movsd xmm1,[rbp-08]
76CA9FC57175: 0F AE 5C 24 FC - stmxcsr [rsp-04]
}
9291
"No wages debt"
FF0000
Auto Assembler Script
[ENABLE]
define(code_zerowage,0)
{$lua}
if syntaxcheck then return end
local results = AOBScan("8B 91 0C 01 00 00 89 55 A4","+X-C+W")
assert(results, "aobscan failed")
return ('define(code_zerowage,%s)'):format(results[0])
{$asm}
alloc(mem_zerowage,$1000,code_zerowage)
label(code)
label(return)
mem_zerowage:
code:
mov [rcx+0000010C],0
mov edx,[rcx+0000010C] // Unit.Debt
jmp return
code_zerowage:
jmp mem_zerowage
nop
return:
registersymbol(code_zerowage)
[DISABLE]
code_zerowage:
db 8B 91 0C 01 00 00
unregistersymbol(code_zerowage)
dealloc(mem_zerowage)
{
// 1.16447
// ORIGINAL CODE - INJECTION POINT: 76CA9F358AE1
76CA9FF9EB2E: FF 45 AC - inc [rbp-54]
76CA9FF9EB31: 48 8B 8D 40 FF FF FF - mov rcx,[rbp-000000C0]
76CA9FF9EB38: 48 85 C9 - test rcx,rcx
76CA9FF9EB3B: 75 1E - jne 76CA9FF9EB5B
76CA9FF9EB3D: 48 83 EC 08 - sub rsp,08
76CA9FF9EB41: 68 E8 48 7D 03 - push 037D48E8
76CA9FF9EB46: 48 B8 10 1A 00 9F CA 76 00 00 - mov rax,000076CA9F001A10
76CA9FF9EB50: 48 83 EC 20 - sub rsp,20
76CA9FF9EB54: FF D0 - call rax
76CA9FF9EB56: 48 89 6C 24 F8 - mov [rsp-08],rbp
// ---------- INJECTING HERE ----------
76CA9FF9EB5B: 8B 91 0C 01 00 00 - mov edx,[rcx+0000010C]
// ---------- DONE INJECTING ----------
76CA9FF9EB61: 89 55 A4 - mov [rbp-5C],edx
76CA9FF9EB64: 44 8B 45 C8 - mov r8d,[rbp-38]
76CA9FF9EB68: 44 03 C2 - add r8d,edx
76CA9FF9EB6B: 44 89 45 A8 - mov [rbp-58],r8d
76CA9FF9EB6F: 44 89 45 C8 - mov [rbp-38],r8d
76CA9FF9EB73: E9 32 FF FF FF - jmp 76CA9FF9EAAA
76CA9FF9EB78: 48 B9 68 7D 73 B9 46 02 00 00 - mov rcx,00000246B9737D68
76CA9FF9EB82: 48 B8 80 BD D7 47 FD 7F 00 00 - mov rax,libhl.hl_alloc_virtual
76CA9FF9EB8C: 48 83 EC 20 - sub rsp,20
76CA9FF9EB90: FF D0 - call rax
}
{
//
// ORIGINAL CODE - INJECTION POINT: 76CA9FF9A01B
76CA9FF99FEE: FF 45 AC - inc [rbp-54]
76CA9FF99FF1: 48 8B 8D 40 FF FF FF - mov rcx,[rbp-000000C0]
76CA9FF99FF8: 48 85 C9 - test rcx,rcx
76CA9FF99FFB: 75 1E - jne 76CA9FF9A01B
76CA9FF99FFD: 48 83 EC 08 - sub rsp,08
76CA9FF9A001: 68 E8 48 7D 03 - push 037D48E8
76CA9FF9A006: 48 B8 10 1A 00 9F CA 76 00 00 - mov rax,000076CA9F001A10
76CA9FF9A010: 48 83 EC 20 - sub rsp,20
76CA9FF9A014: FF D0 - call rax
76CA9FF9A016: 48 89 6C 24 F8 - mov [rsp-08],rbp
// ---------- INJECTING HERE ----------
76CA9FF9A01B: 8B 91 04 01 00 00 - mov edx,[rcx+00000104]
// ---------- DONE INJECTING ----------
76CA9FF9A021: 89 55 A4 - mov [rbp-5C],edx
76CA9FF9A024: 44 8B 45 C8 - mov r8d,[rbp-38]
76CA9FF9A028: 44 03 C2 - add r8d,edx
76CA9FF9A02B: 44 89 45 A8 - mov [rbp-58],r8d
76CA9FF9A02F: 44 89 45 C8 - mov [rbp-38],r8d
76CA9FF9A033: E9 32 FF FF FF - jmp 76CA9FF99F6A
76CA9FF9A038: 48 B9 68 7B BA 55 42 02 00 00 - mov rcx,0000024255BA7B68
76CA9FF9A042: 48 B8 80 BD 07 45 FD 7F 00 00 - mov rax,libhl.hl_alloc_virtual
76CA9FF9A04C: 48 83 EC 20 - sub rsp,20
76CA9FF9A050: FF D0 - call rax
}
{
// ORIGINAL CODE - INJECTION POINT: 76CA9FDB544D
76CA9FDB5424: 4C 89 4D 88 - mov [rbp-78],r9
76CA9FDB5428: 4C 89 4D 90 - mov [rbp-70],r9
76CA9FDB542C: FF 45 E8 - inc [rbp-18]
76CA9FDB542F: 4C 8B 5D 90 - mov r11,[rbp-70]
76CA9FDB5433: 4D 85 DB - test r11,r11
76CA9FDB5436: 75 15 - jne 76CA9FDB544D
76CA9FDB5438: 48 B8 30 19 00 9F CA 76 00 00 - mov rax,000076CA9F001930
76CA9FDB5442: 48 83 EC 20 - sub rsp,20
76CA9FDB5446: FF D0 - call rax
76CA9FDB5448: 48 89 6C 24 F8 - mov [rsp-08],rbp
// ---------- INJECTING HERE ----------
76CA9FDB544D: 41 8B 83 E4 00 00 00 - mov eax,[r11+000000E4]
// ---------- DONE INJECTING ----------
76CA9FDB5454: 89 45 9C - mov [rbp-64],eax
76CA9FDB5457: 8B 4D EC - mov ecx,[rbp-14]
76CA9FDB545A: 03 C8 - add ecx,eax
76CA9FDB545C: 89 4D E4 - mov [rbp-1C],ecx
76CA9FDB545F: 89 4D EC - mov [rbp-14],ecx
76CA9FDB5462: E9 52 FF FF FF - jmp 76CA9FDB53B9
76CA9FDB5467: 48 B9 58 87 E4 06 DC 01 00 00 - mov rcx,000001DC06E48758
76CA9FDB5471: 48 B8 10 AC 22 08 F9 7F 00 00 - mov rax,libhl.hl_alloc_virtual
76CA9FDB547B: 48 83 EC 20 - sub rsp,20
76CA9FDB547F: FF D0 - call rax
}
26181
"Massive carrying capacity"
FF0000
Auto Assembler Script
[ENABLE]
define(code_masscarry,0)
{$lua}
if syntaxcheck then return end
local results = AOBScan("44 8B 82 78 01 00 00 44 89 45 FC","+X-C+W")
assert(results, "aobscan failed")
return ('define(code_masscarry,%s)'):format(results[0])
{$asm}
alloc(mem_masscarry,$1000,code_masscarry)
label(return)
label(desired_masscarry)
mem_masscarry:
mov r8d,[desired_masscarry]
jmp return
desired_masscarry:
dd (int)1000000
code_masscarry:
jmp mem_masscarry
nop 2
return:
registersymbol(code_masscarry)
registersymbol(desired_masscarry)
[DISABLE]
code_masscarry:
db 44 8B 82 78 01 00 00
unregistersymbol(*)
dealloc(mem_masscarry)
{
// 1.16447
// ORIGINAL CODE - INJECTION POINT: 76CA9FE5DF4F
76CA9FE5DF27: 48 89 4D D0 - mov [rbp-30],rcx
76CA9FE5DF2B: 49 8B C9 - mov rcx,r9
76CA9FE5DF2E: 48 8B D0 - mov rdx,rax
76CA9FE5DF31: 4C 8B 45 D0 - mov r8,[rbp-30]
76CA9FE5DF35: 48 83 EC 20 - sub rsp,20
76CA9FE5DF39: E8 92 FD FF FF - call 76CA9FE5DCD0
76CA9FE5DF3E: 48 89 6C 24 F8 - mov [rsp-08],rbp
76CA9FE5DF43: 48 83 C4 20 - add rsp,20
76CA9FE5DF47: 48 89 45 E0 - mov [rbp-20],rax
76CA9FE5DF4B: 48 8B 55 10 - mov rdx,[rbp+10]
// ---------- INJECTING HERE ----------
76CA9FE5DF4F: 44 8B 82 78 01 00 00 - mov r8d,[rdx+00000178] // Unit.CarryingCapacity (read only)
// ---------- DONE INJECTING ----------
76CA9FE5DF56: 44 89 45 FC - mov [rbp-04],r8d
76CA9FE5DF5A: 49 8B C0 - mov rax,r8
76CA9FE5DF5D: 48 83 C4 30 - add rsp,30
76CA9FE5DF61: 5D - pop rbp
76CA9FE5DF62: 48 C3 - ret
76CA9FE5DF64: 90 - nop
76CA9FE5DF65: 90 - nop
76CA9FE5DF66: 90 - nop
76CA9FE5DF67: 90 - nop
76CA9FE5DF68: 90 - nop
}
27071
"Super speed"
FF0000
Auto Assembler Script
[ENABLE]
define(code_speed,0)
{$lua}
if syntaxcheck then return end
local results = AOBScan("F2 49 0F 10 90 10 01 00 00 F2 48 0F 11 55 90","+X-C+W")
assert(results, "aobscan failed")
return ('define(code_speed,%s)'):format(results[0])
{$asm}
alloc(mem_speed,$1000,code_speed)
label(code)
label(return)
label(desired_speed)
mem_speed:
code:
movsd xmm2,[r8+00000110]
mov r10, [r8+00000B0] // Player.HumanMarker
test r10,r10
je @f // if HumanMarker=0 then it's npc
mulsd xmm2, [desired_speed]
@@:
jmp return
desired_speed:
dq (double)5
code_speed:
jmp mem_speed
nop 4
return:
registersymbol(desired_speed)
registersymbol(code_speed)
[DISABLE]
code_speed:
db F2 49 0F 10 90 10 01 00 00
unregistersymbol(*)
dealloc(mem_speed)
{
// last
// ORIGINAL CODE - INJECTION POINT: 76CA9F4AC3C4
76CA9F4AC38B: 48 83 C4 20 - add rsp,20
76CA9F4AC38F: F2 48 0F 11 45 90 - movsd [rbp-70],xmm0
76CA9F4AC395: F2 48 0F 10 2D F2 3C B5 FF - movsd xmm5,[76CA9F000090]
76CA9F4AC39E: F2 48 0F 11 6D 88 - movsd [rbp-78],xmm5
76CA9F4AC3A4: F2 48 0F 59 C5 - mulsd xmm0,xmm5
76CA9F4AC3A9: F2 48 0F 11 45 90 - movsd [rbp-70],xmm0
76CA9F4AC3AF: F2 48 0F 10 4D 98 - movsd xmm1,[rbp-68]
76CA9F4AC3B5: F2 48 0F 58 C8 - addsd xmm1,xmm0
76CA9F4AC3BA: F2 48 0F 11 4D 98 - movsd [rbp-68],xmm1
76CA9F4AC3C0: 4C 8B 45 10 - mov r8,[rbp+10]
// ---------- INJECTING HERE ----------
76CA9F4AC3C4: F2 49 0F 10 90 10 01 00 00 - movsd xmm2,[r8+00000110]
// ---------- DONE INJECTING ----------
76CA9F4AC3CD: F2 48 0F 11 55 90 - movsd [rbp-70],xmm2
76CA9F4AC3D3: 4D 8B 50 08 - mov r10,[r8+08]
76CA9F4AC3D7: 4C 89 95 70 FF FF FF - mov [rbp-00000090],r10
76CA9F4AC3DE: 4D 85 D2 - test r10,r10
76CA9F4AC3E1: 75 1E - jne 76CA9F4AC401
76CA9F4AC3E3: 48 83 EC 08 - sub rsp,08
76CA9F4AC3E7: 68 CD 95 64 EE - push FFFFFFFFEE6495CD
76CA9F4AC3EC: 48 B8 10 1A 00 9F CA 76 00 00 - mov rax,000076CA9F001A10
76CA9F4AC3F6: 48 83 EC 20 - sub rsp,20
76CA9F4AC3FA: FF D0 - call rax
}
{
// ORIGINAL CODE - INJECTION POINT: 76CA9F5C4B41
76CA9F5C4B0A: 48 BA D8 DD E7 33 6A 02 00 00 - mov rdx,0000026A33E7DDD8
76CA9F5C4B14: 48 8B CD - mov rcx,rbp
76CA9F5C4B17: 48 81 E9 A0 00 00 00 - sub rcx,000000A0
76CA9F5C4B1E: 48 B8 50 E5 3F 0F FD 7F 00 00 - mov rax,libhl.hl_dyn_castd
76CA9F5C4B28: 48 83 EC 20 - sub rsp,20
76CA9F5C4B2C: FF D0 - call rax
76CA9F5C4B2E: 48 89 6C 24 F8 - mov [rsp-08],rbp
76CA9F5C4B33: 48 83 C4 20 - add rsp,20
76CA9F5C4B37: F2 48 0F 11 45 F0 - movsd [rbp-10],xmm0
76CA9F5C4B3D: 4C 8B 45 10 - mov r8,[rbp+10]
// ---------- INJECTING HERE ----------
76CA9F5C4B41: F2 49 0F 11 80 F0 00 00 00 - movsd [r8+000000F0],xmm0
// ---------- DONE INJECTING ----------
76CA9F5C4B4A: 4D 8B 88 F0 01 00 00 - mov r9,[r8+000001F0]
76CA9F5C4B51: 4C 89 8D 48 FF FF FF - mov [rbp-000000B8],r9
76CA9F5C4B58: 4D 85 C9 - test r9,r9
76CA9F5C4B5B: 75 15 - jne 76CA9F5C4B72
76CA9F5C4B5D: 48 B8 10 19 00 9F CA 76 00 00 - mov rax,000076CA9F001910
76CA9F5C4B67: 48 83 EC 20 - sub rsp,20
76CA9F5C4B6B: FF D0 - call rax
76CA9F5C4B6D: 48 89 6C 24 F8 - mov [rsp-08],rbp
76CA9F5C4B72: 4D 33 D2 - xor r10,r10
76CA9F5C4B75: 45 8A 91 D8 00 00 00 - mov r10l,[r9+000000D8]
}
27072
"Desired speed multiplier"
0
FF8000
Double
desired_speed
27083
"Adjustable zoom limit"
FF0000
Auto Assembler Script
[ENABLE]
define(code_zoom,0)
{$lua}
if syntaxcheck then return end
local results = AOBScan("F2 49 0F 11 83 B8 00 00 00 E9 74","+X-C+W")
assert(results, "aobscan failed")
return ('define(code_zoom,%s)'):format(results[0])
{$asm}
alloc(mem_zoom,$1000,code_zoom)
label(code)
label(return)
label(desired_zoom)
mem_zoom:
code:
movsd xmm0,[desired_zoom]
comisd xmm2,xmm0
jae return
movsd [r11+000000B8],xmm0
jmp return
desired_zoom:
dq (double)1.7 // default maximum = 0.3, step = 0.1
code_zoom:
jmp mem_zoom
nop 4
return:
registersymbol(desired_zoom)
registersymbol(code_zoom)
[DISABLE]
code_zoom:
db F2 49 0F 11 83 B8 00 00 00
unregistersymbol(desired_zoom)
unregistersymbol(code_zoom)
dealloc(mem_zoom)
{
// ORIGINAL CODE - INJECTION POINT: 76CA9FEEE077
76CA9FEEE03A: F2 49 0F 10 83 B8 00 00 00 - movsd xmm0,[r11+000000B8]
76CA9FEEE043: F2 48 0F 11 45 B0 - movsd [rbp-50],xmm0
76CA9FEEE049: F2 48 0F 10 15 FE 21 11 FF - movsd xmm2,[76CA9F000250]
76CA9FEEE052: F2 48 0F 11 55 88 - movsd [rbp-78],xmm2
76CA9FEEE058: 66 48 0F 2F D0 - comisd xmm2,xmm0
76CA9FEEE05D: 7B 03 - jnp 76CA9FEEE062
76CA9FEEE05F: 4D 33 C0 - xor r8,r8
76CA9FEEE062: 0F 83 18 00 00 00 - jae 76CA9FEEE080
76CA9FEEE068: F2 48 0F 10 05 DF 21 11 FF - movsd xmm0,[76CA9F000250]
76CA9FEEE071: F2 48 0F 11 45 B0 - movsd [rbp-50],xmm0
// ---------- INJECTING HERE ----------
76CA9FEEE077: F2 49 0F 11 83 B8 00 00 00 - movsd [r11+000000B8],xmm0
// ---------- DONE INJECTING ----------
76CA9FEEE080: E9 74 00 00 00 - jmp 76CA9FEEE0F9
76CA9FEEE085: 4C 8B 45 10 - mov r8,[rbp+10]
76CA9FEEE089: F2 49 0F 10 98 B8 00 00 00 - movsd xmm3,[r8+000000B8]
76CA9FEEE092: F2 48 0F 11 5D B0 - movsd [rbp-50],xmm3
76CA9FEEE098: F2 48 0F 10 25 E7 1F 11 FF - movsd xmm4,[76CA9F000088]
76CA9FEEE0A1: F2 48 0F 11 65 88 - movsd [rbp-78],xmm4
76CA9FEEE0A7: F2 48 0F 5C DC - subsd xmm3,xmm4
76CA9FEEE0AC: F2 48 0F 11 5D B0 - movsd [rbp-50],xmm3
76CA9FEEE0B2: F2 49 0F 11 98 B8 00 00 00 - movsd [r8+000000B8],xmm3
76CA9FEEE0BB: F2 49 0F 10 A8 B8 00 00 00 - movsd xmm5,[r8+000000B8]
}
27084
"Desired zoom limit"
0.3:Default limit
1.7:Increased limit
0
FF8000
Double
desired_zoom
26580
"VALUES"
008000
Auto Assembler Script
[ENABLE]
define(code_bypass,0)
{$lua}
if syntaxcheck then return end
local results = AOBScan("48 8B 45 10 48 8B 48 18 48 85","+X-C+W")
assert(results, "aobscan failed")
return ('define(code_bypass,%s)'):format(results[0])
{$asm}
alloc(mem_bypass,$1000,code_bypass)
label(code)
label(return)
mem_bypass:
code:
mov [r8],rax // CRC, 4 bytes long
mov rax,[rbp+10]
mov rcx,[rax+18]
jmp return
code_bypass:
jmp mem_bypass
nop 3
return:
registersymbol(code_bypass)
[DISABLE]
code_bypass:
db 48 8B 45 10 48 8B 48 18
unregistersymbol(code_bypass)
dealloc(mem_bypass)
{
// ORIGINAL CODE - INJECTION POINT: 76CA9F4D9F4A
76CA9F4D9F26: 48 83 C4 20 - add rsp,20
76CA9F4D9F2A: 89 45 FC - mov [rbp-04],eax
76CA9F4D9F2D: EB 07 - jmp 76CA9F4D9F36
76CA9F4D9F2F: 45 8B 08 - mov r9d,[r8]
76CA9F4D9F32: 44 89 4D FC - mov [rbp-04],r9d
76CA9F4D9F36: 45 33 D2 - xor r10d,r10d
76CA9F4D9F39: 44 89 55 F8 - mov [rbp-08],r10d
76CA9F4D9F3D: 44 8B 5D FC - mov r11d,[rbp-04]
76CA9F4D9F41: 45 3B DA - cmp r11d,r10d
76CA9F4D9F44: 0F 84 92 02 00 00 - je 76CA9F4DA1DC
// ---------- INJECTING HERE ----------
76CA9F4D9F4A: 48 8B 45 10 - mov rax,[rbp+10]
// ---------- DONE INJECTING ----------
76CA9F4D9F4E: 48 8B 48 18 - mov rcx,[rax+18]
76CA9F4D9F52: 48 85 C9 - test rcx,rcx
76CA9F4D9F55: 75 35 - jne 76CA9F4D9F8C
76CA9F4D9F57: 49 B8 A8 FD 68 B9 46 02 00 00 - mov r8,00000246B968FDA8
76CA9F4D9F61: 48 BA 26 7A 4B 00 00 00 00 00 - mov rdx,00000000004B7A26
76CA9F4D9F6B: 48 8B C8 - mov rcx,rax
76CA9F4D9F6E: 48 B8 F0 94 D8 47 FD 7F 00 00 - mov rax,libhl.hl_dyn_geti
76CA9F4D9F78: 48 83 EC 20 - sub rsp,20
76CA9F4D9F7C: FF D0 - call rax
76CA9F4D9F7E: 48 89 6C 24 F8 - mov [rsp-08],rbp
}
27697
"Game state"
FF0000
Auto Assembler Script
[ENABLE]
define(codeRoot,0)
{$lua}
if syntaxcheck then return end
local results = AOBScan("4D 8B 08 4C 89 4D D0 4D 8B 51 40 4C 89 55 D8 4D","+X-C+W")
assert(results, "aobscan failed")
return ('define(codeRoot,%s)'):format(results[0])
{$asm}
alloc(memRoot,$1000,codeRoot)
label(ptr_root)
label(return)
memRoot:
mov [ptr_root],r8
mov r9,[r8]
mov [rbp-30],r9
jmp return
ptr_root:
dq 0
codeRoot:
jmp memRoot
nop 2
return:
registersymbol(codeRoot)
registersymbol(ptr_root)
[DISABLE]
codeRoot:
db 4D 8B 08 4C 89 4D D0
unregistersymbol(*)
dealloc(memRoot)
{
// 1.16471
// ORIGINAL CODE - INJECTION POINT: 76CA9F4E2398
76CA9F4E2370: 33 C0 - xor eax,eax
76CA9F4E2372: 88 45 FF - mov [rbp-01],al
76CA9F4E2375: 48 83 C4 60 - add rsp,60
76CA9F4E2379: 5D - pop rbp
76CA9F4E237A: 48 C3 - ret
76CA9F4E237C: 48 83 EC 20 - sub rsp,20
76CA9F4E2380: E8 2B 26 00 00 - call 76CA9F4E49B0
76CA9F4E2385: 48 89 6C 24 F8 - mov [rsp-08],rbp
76CA9F4E238A: 48 83 C4 20 - add rsp,20
76CA9F4E238E: 49 B8 68 99 1D 62 FB 01 00 00 - mov r8,000001FB621D9968
// ---------- INJECTING HERE ----------
76CA9F4E2398: 4D 8B 08 - mov r9,[r8]
// ---------- DONE INJECTING ----------
76CA9F4E239B: 4C 89 4D D0 - mov [rbp-30],r9
76CA9F4E239F: 4D 8B 51 40 - mov r10,[r9+40]
76CA9F4E23A3: 4C 89 55 D8 - mov [rbp-28],r10
76CA9F4E23A7: 4D 85 D2 - test r10,r10
76CA9F4E23AA: 0F 84 65 00 00 00 - je 76CA9F4E2415
76CA9F4E23B0: 49 BB 68 99 1D 62 FB 01 00 00 - mov r11,000001FB621D9968
76CA9F4E23BA: 49 8B 03 - mov rax,[r11]
76CA9F4E23BD: 48 89 45 D0 - mov [rbp-30],rax
76CA9F4E23C1: 48 8B 48 40 - mov rcx,[rax+40]
76CA9F4E23C5: 48 89 4D D8 - mov [rbp-28],rcx
}
27709
"Global inventory"
FF0000
Auto Assembler Script
[ENABLE]
{$lua}
if syntaxcheck then return end
GetLuaEngine().MenuItem5.doClick() -- crear lua output
--------------------------------------------------------------------------------
local ptr_root = 0
local buckets_count = 0
--------------------------------------------------------------------------------
local function update_triggers()
local godObj = getAddressSafeEx("[ptr_root]+0")
ce_assert(godObj ~= nil and godObj>0, "[godObj] is inaccessible!", godObj)
local new_ptr_root = getAddressSafe(string.format("[[[[[[[%X+0]+40]+18]+50]+130]+48]+10]+0",godObj)) -- Player.Inventory.ArrayOfBuckets.Buckets
ce_assert(new_ptr_root ~= nil and new_ptr_root>0, "[new_ptr_root] is inaccessible!", new_ptr_root)
local new_buckets_count = readInteger(new_ptr_root+0x8)
ce_assert(new_buckets_count ~= nil and new_buckets_count > 0 and new_buckets_count < 9999, "[new_buckets_count] has unexpected value!")
if new_ptr_root ~= ptr_root or new_buckets_count ~= buckets_count then
buckets_count = new_buckets_count
ptr_root = new_ptr_root
return true
end
return false
end
--------------------------------------------------------------------------------
local function get_group_record(item_group, parent)
local al = getAddressList()
local item_group_name = " GENERAL"
local item_group_active = true -- only general group is expanded by default
if item_group ~= nil then
item_group_name = " " .. string.upper(item_group) -- space is needed because there is 'Remedy' item in the 'Remedy' group
item_group_active = false
end
item_group_record = al.getMemoryRecordByDescription(item_group_name)
if item_group_record == nil then
item_group_record = al.createMemoryRecord()
item_group_record.Description = item_group_name
item_group_record.IsGroupHeader = true
item_group_record.appendToEntry(parent)
item_group_record.Active = item_group_active
item_group_record.Options = "[moHideChildren]"
item_group_record.Color = 0x007000
end
return item_group_record
end
--------------------------------------------------------------------------------
local timer = createTimer()
timer.Interval = 200
timer.OnTimer = function(self)
if memrec.Active == false then
delete_subrecords(memrec)
self.destroy()
elseif update_triggers() then
delete_subrecords(memrec)
for i=0,buckets_count-1 do
local ptr_root = getAddressSafe(ptr_root)
ce_assert(ptr_root, "[ptr_root] is inaccessible!")
local bucket_content_addr = getAddressSafe(string.format("[[[%X+10]+18+8*%X]+8]+0", ptr_root, i)) -- Bucket.Content
if bucket_content_addr then
local item_addr = getAddressSafe(string.format("[[%X+18]+0]+0", bucket_content_addr)) -- Content.Item.Value
local item_id = nil
local item_name = nil
local item_group = nil
if item_addr then
item_id = readString(string.format("[[%X+48]+8]+0", item_addr),128,true) -- Item.ID.Text.Value
item_name = readString(string.format("[[[[%X+58]+38]+0]+8]+0", item_addr),128,true) -- Item.Description.Name.Text.Value
item_group = readString(string.format("[[[[%X+58]+60]+0]+8]+0", item_addr),128,true) -- Item.Description.Group.Text.Value
end
local recDesc = ""
if item_name then
recDesc = item_name
elseif item_id then
recDesc = item_id
elseif item_addr then
recDesc = string.format("%X",item_addr)
end
local item = getAddressList().createMemoryRecord()
item.Description = recDesc
item.Address = string.format("[[%X+30]+20]", bucket_content_addr) -- Content.Amount.Value
item.Type = vtDword
item.appendToEntry(get_group_record(item_group,memrec))
end
end
end
end
{$asm}
[DISABLE]
26609
"Player inventory"
FF0000
Auto Assembler Script
[ENABLE]
{$lua}
if syntaxcheck then return end
GetLuaEngine().MenuItem5.doClick() -- crear lua output
--------------------------------------------------------------------------------
local ptr_root = 0
local buckets_count = 0
--------------------------------------------------------------------------------
local function update_triggers()
local godObj = getAddressSafeEx("[ptr_root]+0")
ce_assert(godObj ~= nil and godObj>0, "[godObj] is inaccessible!", godObj)
local new_ptr_root = getAddressSafe(string.format("[[[[[[[%X+0]+40]+18]+50]+58]+170]+10]+0",godObj)) -- Player.Inventory.ArrayOfBuckets.Buckets
ce_assert(new_ptr_root ~= nil and new_ptr_root>0, "[new_ptr_root] is inaccessible!", new_ptr_root)
local new_buckets_count = readInteger(new_ptr_root+0x8)
ce_assert(new_buckets_count ~= nil and new_buckets_count > 0 and new_buckets_count < 9999, "[new_buckets_count] has unexpected value!")
if new_ptr_root ~= ptr_root or new_buckets_count ~= buckets_count then
buckets_count = new_buckets_count
ptr_root = new_ptr_root
return true
end
return false
end
--------------------------------------------------------------------------------
local function get_group_record(item_group, parent)
local al = getAddressList()
local item_group_name = " GENERAL"
local item_group_active = true -- only general group is expanded by default
if item_group ~= nil then
item_group_name = " " .. string.upper(item_group) -- space is needed because there is 'Remedy' item in the 'Remedy' group
item_group_active = false
end
item_group_record = al.getMemoryRecordByDescription(item_group_name)
if item_group_record == nil then
item_group_record = al.createMemoryRecord()
item_group_record.Description = item_group_name
item_group_record.IsGroupHeader = true
item_group_record.appendToEntry(parent)
item_group_record.Active = item_group_active
item_group_record.Options = "[moHideChildren]"
item_group_record.Color = 0x007000
end
return item_group_record
end
--------------------------------------------------------------------------------
local timer = createTimer()
timer.Interval = 200
timer.OnTimer = function(self)
if memrec.Active == false then
delete_subrecords(memrec)
self.destroy()
elseif update_triggers() then
delete_subrecords(memrec)
for i=0,buckets_count-1 do
local ptr_root = getAddressSafe(ptr_root)
ce_assert(ptr_root, "[ptr_root] is inaccessible!")
local bucket_content_addr = getAddressSafe(string.format("[[[%X+10]+18+8*%X]+8]+0", ptr_root, i)) -- Bucket.Content
if bucket_content_addr then
local item_addr = getAddressSafe(string.format("[[%X+18]+0]+0", bucket_content_addr)) -- Content.Item.Value
local item_id = nil
local item_name = nil
local item_group = nil
if item_addr then
item_id = readString(string.format("[[%X+48]+8]+0", item_addr),128,true) -- Item.ID.Text.Value
item_name = readString(string.format("[[[[%X+58]+38]+0]+8]+0", item_addr),128,true) -- Item.Description.Name.Text.Value
item_group = readString(string.format("[[[[%X+58]+60]+0]+8]+0", item_addr),128,true) -- Item.Description.Group.Text.Value
end
local recDesc = ""
if item_name then
recDesc = item_name
elseif item_id then
recDesc = item_id
elseif item_addr then
recDesc = string.format("%X",item_addr)
end
local item = getAddressList().createMemoryRecord()
item.Description = recDesc
item.Address = string.format("[[%X+30]+20]", bucket_content_addr) -- Content.Amount.Value
item.Type = vtDword
item.appendToEntry(get_group_record(item_group,memrec))
end
end
end
end
{$asm}
[DISABLE]
27710
"Time"
0
Double
ptr_root
50
50
18
40
0
27109
"Character stats [Open character menu]"
FF0000
Auto Assembler Script
[ENABLE]
define(code_char,0)
{$lua}
if syntaxcheck then return end
local results = AOBScan("41 8B 8B B0 00 00 00 89 8D","+X-C+W")
assert(results, "aobscan failed")
return ('define(code_char,%s)'):format(results[0])
{$asm}
alloc(mem_char,$1000,code_char)
label(code)
label(return)
label(ptr_char)
label(decired_char_sp)
label(decired_char_stat)
label(flag_char_sp)
label(flag_char_stat)
mem_char:
code:
push eax
push rbx
push rcx
push rdx
mov [ptr_char],r11
edit_skillpoints:
cmp [flag_char_sp],#0
je edit_stats
mov eax, [decired_char_sp]
mov [r11+B4],eax // Skill points available
edit_stats:
cmp [flag_char_stat],#0
je skip
mov eax, [decired_char_stat]
mov rbx,[r11+80] // Bonus stats base address
mov rbx,[rbx+28]
mov rbx,[rbx+8]
mov rdx,[rbx+8] // Bonus stats list size
mov rbx,[rbx+10] // Bonus stats list
edit_stats_next:
dec rdx
mov rcx,[rbx+18+rdx*8] // Bonus stat list element
mov [rcx+24],eax // Bonus stat value
cmp rdx,#0
jg edit_stats_next
skip:
pop rdx
pop rcx
pop rbx
pop eax
mov ecx,[r11+000000B0]
jmp return
ptr_char:
dq 0
decired_char_sp:
dd (int)99
decired_char_stat:
dd (int)1000
flag_char_sp:
db 0
flag_char_stat:
db 0
code_char:
jmp mem_char
nop 2
return:
registersymbol(flag_char_sp)
registersymbol(flag_char_stat)
registersymbol(decired_char_sp)
registersymbol(decired_char_stat)
registersymbol(code_char)
registersymbol(ptr_char)
[DISABLE]
code_char:
db 41 8B 8B B0 00 00 00
unregistersymbol(flag_char_sp)
unregistersymbol(flag_char_stat)
unregistersymbol(decired_char_sp)
unregistersymbol(decired_char_stat)
unregistersymbol(code_char)
unregistersymbol(ptr_char)
dealloc(mem_char)
{
// 1.16447
// ORIGINAL CODE - INJECTION POINT: 76CAA01A6EF0
76CAA01A6EC2: 4D 8B 9A 90 02 00 00 - mov r11,[r10+00000290]
76CAA01A6EC9: 4C 89 5D 80 - mov [rbp-80],r11
76CAA01A6ECD: 4D 85 DB - test r11,r11
76CAA01A6ED0: 75 1E - jne 76CAA01A6EF0
76CAA01A6ED2: 48 83 EC 08 - sub rsp,08
76CAA01A6ED6: 68 13 17 63 12 - push 12631713
76CAA01A6EDB: 48 B8 10 1A 00 9F CA 76 00 00 - mov rax,000076CA9F001A10
76CAA01A6EE5: 48 83 EC 20 - sub rsp,20
76CAA01A6EE9: FF D0 - call rax
76CAA01A6EEB: 48 89 6C 24 F8 - mov [rsp-08],rbp
// ---------- INJECTING HERE ----------
76CAA01A6EF0: 41 8B 8B B0 00 00 00 - mov ecx,[r11+000000B0]
// ---------- DONE INJECTING ----------
76CAA01A6EF7: 89 8D 54 FD FF FF - mov [rbp-000002AC],ecx
76CAA01A6EFD: 48 B9 A8 FD 68 B9 46 02 00 00 - mov rcx,00000246B968FDA8
76CAA01A6F07: 48 B8 B0 BB D7 47 FD 7F 00 00 - mov rax,libhl.hl_alloc_dynamic
76CAA01A6F11: 48 83 EC 20 - sub rsp,20
76CAA01A6F15: FF D0 - call rax
76CAA01A6F17: 48 89 6C 24 F8 - mov [rsp-08],rbp
76CAA01A6F1C: 48 83 C4 20 - add rsp,20
76CAA01A6F20: 8B 8D 54 FD FF FF - mov ecx,[rbp-000002AC]
76CAA01A6F26: 48 89 48 08 - mov [rax+08],rcx
76CAA01A6F2A: 48 89 85 28 FF FF FF - mov [rbp-000000D8],rax
}
{
// 1.16339
// ORIGINAL CODE - INJECTION POINT: 76CAA01A0260
76CAA01A0232: 4D 8B 9A 90 02 00 00 - mov r11,[r10+00000290]
76CAA01A0239: 4C 89 5D 80 - mov [rbp-80],r11
76CAA01A023D: 4D 85 DB - test r11,r11
76CAA01A0240: 75 1E - jne 76CAA01A0260
76CAA01A0242: 48 83 EC 08 - sub rsp,08
76CAA01A0246: 68 13 17 63 12 - push 12631713
76CAA01A024B: 48 B8 10 1A 00 9F CA 76 00 00 - mov rax,000076CA9F001A10
76CAA01A0255: 48 83 EC 20 - sub rsp,20
76CAA01A0259: FF D0 - call rax
76CAA01A025B: 48 89 6C 24 F8 - mov [rsp-08],rbp
// ---------- INJECTING HERE ----------
76CAA01A0260: 41 8B 8B A8 00 00 00 - mov ecx,[r11+000000A8]
// ---------- DONE INJECTING ----------
76CAA01A0267: 89 8D 54 FD FF FF - mov [rbp-000002AC],ecx
76CAA01A026D: 48 B9 28 FC F0 76 D4 01 00 00 - mov rcx,000001D476F0FC28
76CAA01A0277: 48 B8 B0 BB 14 20 FA 7F 00 00 - mov rax,libhl.hl_alloc_dynamic
76CAA01A0281: 48 83 EC 20 - sub rsp,20
76CAA01A0285: FF D0 - call rax
76CAA01A0287: 48 89 6C 24 F8 - mov [rsp-08],rbp
76CAA01A028C: 48 83 C4 20 - add rsp,20
76CAA01A0290: 8B 8D 54 FD FF FF - mov ecx,[rbp-000002AC]
76CAA01A0296: 48 89 48 08 - mov [rax+08],rcx
76CAA01A029A: 48 89 85 28 FF FF FF - mov [rbp-000000D8],rax
}
{
// 1.15321
// ORIGINAL CODE - INJECTION POINT: 76CA9FF64D26
76CA9FF64CF6: 48 89 85 E8 FA FF FF - mov [rbp-00000518],rax
76CA9FF64CFD: 4C 8B 45 10 - mov r8,[rbp+10]
76CA9FF64D01: 4D 8B 88 78 02 00 00 - mov r9,[r8+00000278]
76CA9FF64D08: 4C 89 4D 88 - mov [rbp-78],r9
76CA9FF64D0C: 4D 85 C9 - test r9,r9
76CA9FF64D0F: 75 15 - jne 76CA9FF64D26
76CA9FF64D11: 48 B8 30 19 00 9F CA 76 00 00 - mov rax,000076CA9F001930
76CA9FF64D1B: 48 83 EC 20 - sub rsp,20
76CA9FF64D1F: FF D0 - call rax
76CA9FF64D21: 48 89 6C 24 F8 - mov [rsp-08],rbp
// ---------- INJECTING HERE ----------
76CA9FF64D26: 45 8B 91 90 00 00 00 - mov r10d,[r9+00000090]
// ---------- DONE INJECTING ----------
76CA9FF64D2D: 44 89 95 B8 FD FF FF - mov [rbp-00000248],r10d
76CA9FF64D34: 48 B9 18 31 AE DE AF 01 00 00 - mov rcx,000001AFDEAE3118
76CA9FF64D3E: 48 B8 40 AA F1 F3 FE 7F 00 00 - mov rax,libhl.hl_alloc_dynamic
76CA9FF64D48: 48 83 EC 20 - sub rsp,20
76CA9FF64D4C: FF D0 - call rax
76CA9FF64D4E: 48 89 6C 24 F8 - mov [rsp-08],rbp
76CA9FF64D53: 48 83 C4 20 - add rsp,20
76CA9FF64D57: 8B 8D B8 FD FF FF - mov ecx,[rbp-00000248]
76CA9FF64D5D: 48 89 48 08 - mov [rax+08],rcx
76CA9FF64D61: 48 89 85 40 FF FF FF - mov [rbp-000000C0],rax
}
27110
"Massive skill points"
FF0000
Auto Assembler Script
[ENABLE]
flag_char_sp:
db 1
[DISABLE]
flag_char_sp:
db 0
27111
"Decired skill points available"
0
4 Bytes
decired_char_sp
27112
"Massive bonus stats [Must have bonus stats initialized]"
FF0000
Auto Assembler Script
[ENABLE]
flag_char_stat:
db 1
[DISABLE]
flag_char_stat:
db 0
27113
"Decired bonus stat value"
1
4 Bytes
decired_char_stat
27114
"[Main Stats]"
000080
1
27116
"Name"
0
FF00FF
String
13
1
0
1
ptr_char
0
8
48
27117
"Class"
0
FF00FF
String
13
1
0
1
ptr_char
0
8
58
27492
"Base Address (Player)"
1
0
800080
1
ptr_char
0
158
27473
"Base Address (Unit)"
1
0
800080
1
ptr_char
0
27168
"Sex"
0:male
1:female
1
4 Bytes
ptr_char
50
27118
"Level"
0
4 Bytes
ptr_char
B0
27119
"Skill points available"
0
4 Bytes
ptr_char
B4
27120
"Skill points spent"
0
4 Bytes
ptr_char
C0
27121
"Experience"
0
4 Bytes
ptr_char
C8
27122
"Wage"
0
4 Bytes
ptr_char
108
27123
"Debt"
0
4 Bytes
ptr_char
10C
27638
"Carrying capacity (read only)"
0
4 Bytes
ptr_char
178
27641
"Current Title"
0
String
128
1
0
1
ptr_char
0
8
150
27640
"Personality"
PersAggressive:
0
String
128
1
0
1
ptr_char
0
8
160
27488
"[Traits]"
000080
Auto Assembler Script
[ENABLE]
{$lua}
if syntaxcheck then return end
--------------------------------------------------------------------------------
function string:split(sep)
sep = sep or '%s'
local elements = {}
for element in string.gmatch(self, "([^"..sep.."]+)") do
if element then elements[#elements+1]=element end
end
return elements
end
--------------------------------------------------------------------------------
local function parseCEAddressString(addrStr)
local elements = addrStr:split("%[%]%+%-%s")
return elements[1], { unpack( elements, 2, #elements ) }
end
--------------------------------------------------------------------------------
local function addressToPointer(mr, mrAddr)
local base, offsets = parseCEAddressString(mrAddr)
mr.Address = base
mr.OffsetCount = #offsets
for i=1,#offsets do
mr.Offset[#offsets-i]=tonumber(offsets[i],16)
end
end
--------------------------------------------------------------------------------
local function delete_subrecords(root)
while root ~= nil and root.Count > 0 do
memoryrecord_delete(root.Child[0])
end
end
--------------------------------------------------------------------------------
local function createTraitRecord(mrParent, mrDesc, mrType, mrAddr)
local mr = getAddressList().createMemoryRecord()
mr.appendToEntry(mrParent)
mr.Description = mrDesc
mr.Address = mrAddr
if type(mrAddr) == "string" then addressToPointer(mr, mrAddr) end
mr.Type = mrType
if mr.Type == vtString then
mr.String.Unicode = true
mr.String.Size = 128
end
end
--------------------------------------------------------------------------------
local traitCountAddr = 0
local traitCount = 0
local function createTraitRecords(root)
createTraitRecord(root, "Traits Count", vtDword, traitCountAddr)
if traitCount ~= nil and traitCount >0 and traitCount<100 then
for i=0,traitCount-1 do
local traitName = string.format("Trait %d", i+1)
local traitAddr = string.format("[[[[[[[[ptr_char]+110]+28]+8]+10]+%X]+50]+8]+0", 0x18+i*8)
createTraitRecord(root, traitName, vtString, traitAddr)
end
end
end
--------------------------------------------------------------------------------
local traitTimer = createTimer(getMainForm())
traitTimer.Interval = 200
traitTimer.OnTimer = function(thisTimer)
if memrec.Active then
local traitCountAddrNew = getAddressSafe("[[[[ptr_char]+110]+28]+8]+8")
if traitCountAddrNew ~= nil and traitCountAddrNew ~= 0 then
local traitCountNew = readInteger(traitCountAddrNew)
if traitCountNew ~= nil then
if traitCountAddrNew ~= traitCountAddr or traitCountNew ~= traitCount then
traitCount = traitCountNew
traitCountAddr = traitCountAddrNew
delete_subrecords(memrec)
createTraitRecords(memrec)
end
end
end
else
delete_subrecords(memrec)
traitCount = 0
traitCountAddr = 0
thisTimer.destroy()
end
end
--------------------------------------------------------------------------------
{$asm}
[DISABLE]
27643
"[Bonus Stats]"
000080
Auto Assembler Script
[ENABLE]
{$lua}
if syntaxcheck then return end
--------------------------------------------------------------------------------
function string:split(sep)
sep = sep or '%s'
local elements = {}
for element in string.gmatch(self, "([^"..sep.."]+)") do
if element then elements[#elements+1]=element end
end
return elements
end
--------------------------------------------------------------------------------
local function parseCEAddressString(addrStr)
local elements = addrStr:split("%[%]%+%-%s")
return elements[1], { unpack( elements, 2, #elements ) }
end
--------------------------------------------------------------------------------
local function addressToPointer(mr, mrAddr)
local base, offsets = parseCEAddressString(mrAddr)
mr.Address = base
mr.OffsetCount = #offsets
for i=1,#offsets do
mr.Offset[#offsets-i]=tonumber(offsets[i],16)
end
end
--------------------------------------------------------------------------------
local function delete_subrecords(root)
while root ~= nil and root.Count > 0 do
memoryrecord_delete(root.Child[0])
end
end
--------------------------------------------------------------------------------
local function createStatBonusRecord(mrParent, mrDesc, mrType, mrAddr)
local mr = getAddressList().createMemoryRecord()
mr.appendToEntry(mrParent)
mr.Description = mrDesc
mr.Address = mrAddr
if type(mrAddr) == "string" then addressToPointer(mr, mrAddr) end
mr.Type = mrType
mr.ShowAsSigned = true
if mr.Type == vtString then
mr.String.Unicode = true
mr.String.Size = 128
end
end
--------------------------------------------------------------------------------
local statBonusCountAddr = 0
local statBonusCount = 0
local function createStatBonusRecords(root)
createStatBonusRecord(root, "Stat bonus count", vtDword, statBonusCountAddr)
if statBonusCount ~= nil and statBonusCount >0 and statBonusCount<100 then
for i=0,statBonusCount-1 do
local statBonusName = readString(string.format("[[[[[[[[ptr_char]+80]+28]+8]+10]+%X]+18]+8]+0", 0x18+i*8),128,true)
local statBonusAddr = string.format("[[[[[[ptr_char]+80]+28]+8]+10]+%X]+24", 0x18+i*8)
createStatBonusRecord(root, statBonusName, vtDword, statBonusAddr)
end
end
end
--------------------------------------------------------------------------------
local statBonusTimer = createTimer(getMainForm())
statBonusTimer.Interval = 200
statBonusTimer.OnTimer = function(thisTimer)
if memrec.Active then
local statBonusCountAddrNew = getAddressSafe("[[[[ptr_char]+80]+28]+8]+8")
if statBonusCountAddrNew ~= nil and statBonusCountAddrNew ~= 0 then
local statBonusCountNew = readInteger(statBonusCountAddrNew)
if statBonusCountNew ~= nil then
if statBonusCountAddrNew ~= statBonusCountAddr or statBonusCountNew ~= statBonusCount then
statBonusCount = statBonusCountNew
statBonusCountAddr = statBonusCountAddrNew
delete_subrecords(memrec)
createStatBonusRecords(memrec)
end
end
end
else
delete_subrecords(memrec)
traitCount = 0
traitCountAddr = 0
thisTimer.destroy()
end
end
--------------------------------------------------------------------------------
{$asm}
[DISABLE]
27716
"[Skills]"
000080
Auto Assembler Script
[ENABLE]
{$lua}
if syntaxcheck then return end
--------------------------------------------------------------------------------
function string:split(sep)
sep = sep or '%s'
local elements = {}
for element in string.gmatch(self, "([^"..sep.."]+)") do
if element then elements[#elements+1]=element end
end
return elements
end
--------------------------------------------------------------------------------
local function parseCEAddressString(addrStr)
local elements = addrStr:split("%[%]%+%-%s")
return elements[1], { unpack( elements, 2, #elements ) }
end
--------------------------------------------------------------------------------
local function addressToPointer(mr, mrAddr)
local base, offsets = parseCEAddressString(mrAddr)
mr.Address = base
mr.OffsetCount = #offsets
for i=1,#offsets do
mr.Offset[#offsets-i]=tonumber(offsets[i],16)
end
end
--------------------------------------------------------------------------------
local function delete_subrecords(root)
while root ~= nil and root.Count > 0 do
memoryrecord_delete(root.Child[0])
end
end
--------------------------------------------------------------------------------
local function createTraitRecord(mrParent, mrDesc, mrType, mrAddr)
local mr = getAddressList().createMemoryRecord()
mr.appendToEntry(mrParent)
mr.Description = mrDesc
mr.Address = mrAddr
if type(mrAddr) == "string" then addressToPointer(mr, mrAddr) end
mr.Type = mrType
if mr.Type == vtString then
mr.String.Unicode = true
mr.String.Size = 128
end
end
--------------------------------------------------------------------------------
local traitCountAddr = 0
local traitCount = 0
local function createTraitRecords(root)
createTraitRecord(root, "Skills Count", vtDword, traitCountAddr)
if traitCount ~= nil and traitCount >0 and traitCount<100 then
for i=0,traitCount-1 do
local traitName = string.format("Skill %d", i+1)
local traitAddr = string.format("[[[[[[[ptr_char]+88]+28]+8]+10]+%X]+8]+0", 0x18+i*8)
createTraitRecord(root, traitName, vtString, traitAddr)
end
end
end
--------------------------------------------------------------------------------
local traitTimer = createTimer(getMainForm())
traitTimer.Interval = 200
traitTimer.OnTimer = function(thisTimer)
if memrec.Active then
local traitCountAddrNew = getAddressSafe("[[[[ptr_char]+88]+28]+8]+8")
if traitCountAddrNew ~= nil and traitCountAddrNew ~= 0 then
local traitCountNew = readInteger(traitCountAddrNew)
if traitCountNew ~= nil then
if traitCountAddrNew ~= traitCountAddr or traitCountNew ~= traitCount then
traitCount = traitCountNew
traitCountAddr = traitCountAddrNew
delete_subrecords(memrec)
createTraitRecords(memrec)
end
end
end
else
delete_subrecords(memrec)
traitCount = 0
traitCountAddr = 0
thisTimer.destroy()
end
end
--------------------------------------------------------------------------------
{$asm}
[DISABLE]
27152
"[Profession]"
000080
1
27158
"Name"
0
String
128
1
0
1
ptr_char
0
8
50
118
27642
"Level"
0
4 Bytes
ptr_char
58
118
27155
"Experience"
Taunt:Насмешка
Wrath:Ярость
FirstAid:Первая помощь
0
4 Bytes
ptr_char
5C
118
27167
"[Look]"
000080
1
27666
"Backpack"
0:default
-1:no backpack
1
4 Bytes
ptr_char
0
18
30
A0
27169
"Beard"
1
4 Bytes
ptr_char
0
20
30
A0
27170
"Face"
1
4 Bytes
ptr_char
0
28
30
A0
27171
"Hair"
1
4 Bytes
ptr_char
0
30
30
A0
27172
"Beard color"
1
0
4 Bytes
ptr_char
0
38
30
A0
27173
"Skin color"
1
0
4 Bytes
ptr_char
0
40
30
A0
26481
"Character stats during battle [Open character menu]"
FF0000
Auto Assembler Script
[ENABLE]
define(code_fighter,0)
{$lua}
if syntaxcheck then return end
local results = AOBScan("48 8B 81 10 02 00 00 48 89 45 F8 48 85 C0 0F 84 * * * * 4C 8B 81 10 02 00 00","+X-C+W")
assert(results, "aobscan failed")
return ('define(code_fighter,%s)'):format(results[0])
{$asm}
alloc(mem_fighter,$1000,code_fighter)
label(code)
label(return)
label(ptr_fighter)
label(ptr_unit)
mem_fighter:
code:
mov [ptr_fighter],rcx
mov rax,[rcx+00000210]
jmp return
ptr_fighter:
dq 0
ptr_unit:
dq 0
code_fighter:
jmp mem_fighter
nop 2
return:
registersymbol(code_fighter)
registersymbol(ptr_fighter)
registersymbol(ptr_unit)
[DISABLE]
code_fighter:
db 48 8B 81 10 02 00 00
unregistersymbol(code_fighter)
unregistersymbol(ptr_fighter)
unregistersymbol(ptr_unit)
dealloc(mem_fighter)
{
// 1.16289
// ORIGINAL CODE - INJECTION POINT: 76CA9F20D15F
76CA9F20D14A: 48 C3 - ret
76CA9F20D14C: 90 - nop
76CA9F20D14D: 90 - nop
76CA9F20D14E: 90 - nop
76CA9F20D14F: 90 - nop
76CA9F20D150: 55 - push rbp
76CA9F20D151: 48 8B EC - mov rbp,rsp
76CA9F20D154: 48 83 EC 20 - sub rsp,20
76CA9F20D158: 48 89 4D 10 - mov [rbp+10],rcx
76CA9F20D15C: 88 55 18 - mov [rbp+18],dl
// ---------- INJECTING HERE ----------
76CA9F20D15F: 48 8B 81 10 02 00 00 - mov rax,[rcx+00000210] // battle.ui.comp.LiteUnitHud
// ---------- DONE INJECTING ----------
76CA9F20D166: 48 89 45 F8 - mov [rbp-08],rax
76CA9F20D16A: 48 85 C0 - test rax,rax
76CA9F20D16D: 0F 84 9E 00 00 00 - je 76CA9F20D211
76CA9F20D173: 4C 8B 81 10 02 00 00 - mov r8,[rcx+00000210]
76CA9F20D17A: 4C 89 45 F8 - mov [rbp-08],r8
76CA9F20D17E: 4D 85 C0 - test r8,r8
76CA9F20D181: 75 1E - jne 76CA9F20D1A1
76CA9F20D183: 48 83 EC 08 - sub rsp,08
76CA9F20D187: 68 82 42 4C 00 - push 004C4282
76CA9F20D18C: 48 B8 10 1A 00 9F CA 76 00 00 - mov rax,000076CA9F001A10
}
27104
"Base Address (Unit)"
0
800080
1
ptr_fighter
0
128
27712
"Base Address (Player)"
0
800080
1
ptr_fighter
0
60
130
27105
"Base Address (UnitStats)"
0
800080
1
ptr_fighter
0
1E0
27103
"Base Address (BattleUnit)"
0
800080
1
ptr_fighter
0
26494
"Name"
0
FF00FF
String
13
1
0
1
ptr_fighter
0
8
48
128
26866
"Level"
0
4 Bytes
ptr_fighter
B0
128
27106
"Armor Max"
0
4 Bytes
ptr_fighter
20
1E0
26483
"Armor Current"
0
4 Bytes
ptr_fighter
138
27107
"Health Max"
0
4 Bytes
ptr_fighter
10
1E0
26493
"Health Current"
0
4 Bytes
ptr_fighter
13C
26492
"Movement distance remaining"
0
4 Bytes
ptr_fighter
144
26499
"Was basic attack in use this turn?"
0:No
1:Yes
0
4 Bytes
ptr_fighter
140
27174
"Item stats [Hover mouse over an item]"
FF0000
Auto Assembler Script
[ENABLE]
define(code_itemstat,0)
{$lua}
if syntaxcheck then return end
-- this code calls the function that accesses items 'stolen' flag when mouse over
local results = AOBScan("48 89 45 90 4C 8B 4D E8 4D 85 C9","+X-C+W")
assert(results, "aobscan failed")
return ('define(code_itemstat,%s)'):format(results[0])
{$asm}
alloc(mem_itemstat,$1000,code_itemstat)
label(code)
label(return)
label(ptr_itemstat)
mem_itemstat:
code:
mov r9,[rbp-18]
mov [ptr_itemstat],r9
test r9,r9
jmp return
ptr_itemstat:
dq 0
code_itemstat+04:
jmp mem_itemstat
nop 2
return:
registersymbol(code_itemstat)
registersymbol(ptr_itemstat)
[DISABLE]
code_itemstat+04:
db 4C 8B 4D E8 4D 85 C9
unregistersymbol(code_itemstat)
unregistersymbol(ptr_itemstat)
dealloc(mem_itemstat)
{
// ORIGINAL CODE - INJECTION POINT: 76CA9F4EB44B
76CA9F4EB419: 4D 33 C0 - xor r8,r8
76CA9F4EB41C: 4C 89 45 98 - mov [rbp-68],r8
76CA9F4EB420: 4C 89 45 A8 - mov [rbp-58],r8
76CA9F4EB424: 48 B9 18 B1 A4 D3 AC 02 00 00 - mov rcx,000002ACD3A4B118
76CA9F4EB42E: 48 B8 90 AA F1 F3 FE 7F 00 00 - mov rax,libhl.hl_alloc_obj
76CA9F4EB438: 48 83 EC 20 - sub rsp,20
76CA9F4EB43C: FF D0 - call rax
76CA9F4EB43E: 48 89 6C 24 F8 - mov [rsp-08],rbp
76CA9F4EB443: 48 83 C4 20 - add rsp,20
76CA9F4EB447: 48 89 45 90 - mov [rbp-70],rax
// ---------- INJECTING HERE ----------
76CA9F4EB44B: 4C 8B 4D E8 - mov r9,[rbp-18]
// ---------- DONE INJECTING ----------
76CA9F4EB44F: 4D 85 C9 - test r9,r9
76CA9F4EB452: 75 15 - jne 76CA9F4EB469
76CA9F4EB454: 48 B8 30 19 00 9F CA 76 00 00 - mov rax,000076CA9F001930
76CA9F4EB45E: 48 83 EC 20 - sub rsp,20
76CA9F4EB462: FF D0 - call rax
76CA9F4EB464: 48 89 6C 24 F8 - mov [rsp-08],rbp
76CA9F4EB469: 4D 8B D1 - mov r10,r9
76CA9F4EB46C: 4D 8B 5A 28 - mov r11,[r10+28]
76CA9F4EB470: 4D 85 DB - test r11,r11
76CA9F4EB473: 75 36 - jne 76CA9F4EB4AB
}
27470
"Base Address (Inventory Bucket)"
1
0
800080
1
ptr_itemstat
0
27471
"Base Address (Item)"
1
0
800080
1
ptr_itemstat
0
0
18
8
27665
"Base Address (Game)"
1
0
800080
1
ptr_itemstat
0
8
0
18
8
27551
"Base Address (Item Description)"
1
0
800080
1
ptr_itemstat
0
58
0
18
8
27178
"Id"
0
FF00FF
String
128
1
0
1
ptr_itemstat
0
8
48
0
18
8
27179
"Type"
0
FF00FF
String
128
1
0
1
ptr_itemstat
0
8
0
60
58
0
18
8
27180
"Localized Name"
0
FF00FF
String
128
1
0
1
ptr_itemstat
0
8
0
38
58
0
18
8
27181
"Localized Desc"
0
FF00FF
String
128
1
0
1
ptr_itemstat
0
8
0
20
58
0
18
8
27182
"Amount"
0
4 Bytes
ptr_itemstat
0
58
8
27183
"Stars [for armor and weapons]"
0:✩✩✩
1:★✩✩
2:★★✩
3:★★★
0
4 Bytes
ptr_itemstat
60
0
18
8
27184
"Level [for high tier armor and weapons]"
0
4 Bytes
ptr_itemstat
64
0
18
8
27185
"Stolen?"
0:No
1:Yes
0
4 Bytes
ptr_itemstat
28
50
0
18
8
27186
"Color [for armor]"
Color *
1
0
4 Bytes
ptr_itemstat
78
0
18
8
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
【 TABLE INFO 】
❖ CE Version required: 7.4
❖ Game process: Wartales.exe
❖ Game engine: https://heaps.io
❖ Tested game versions: Steam (see history below for details)
❖ Author: mece
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
【 FEATURES 】
❖ Strong squad: infinite moves & basic attacks, hp & armor
❖ Weak enemies: no health & armor (1 hit kill), no moves, no basic attack
❖ No fatigue
❖ Infinite sprint
❖ No suspicion
❖ No wages debt
❖ Massive carrying capacity
❖ Profession fast leveling
❖ Easy crafting of 3 star gear
❖ Super speed
❖ Adjustable zoom limit
❖ Edit squad stats: money, happiness, influence, valor, suspicion, time, knowledge exp & points, inventory
❖ Edit character stats: level, skill points, exp, bonus stats, profession, title etc
❖ Edit character during battle: hp, armor, movement, attack
❖ Edit item stats: id, level, stars, stolen flag, color, amount
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
【 USAGE TIPS 】
❖ To access character bonus stats editing: 1. Increase squad members skill points with table; 2. In game invest at least one point in every available stat; 3. Save and reload; 4. Use 'Massive bonus stats' or edit each stat manualy
❖ To access knowledge editing: 1. Get 2 iron ore; 2. Craft a lockpick; 3. Save and reload; 4. Set 'Discovery'=90 5. Craft a fishing hook (you will get 1 knowledge); 5. Save and reload; 6. Now knowledge value should be accessible to edit.
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
【 KNOWN ISSUES 】
❖ Influence, valor, knowledge, stat bonuses and some other values can be edited only if they are already above zero. Workaround: play the game to increase the value, then save and reload.
❖ Editing character class, traits, skills with 'Character Stats' script needs reload to take effect.
❖ Editing item Id with 'Item Stats' script needs reload to take effect.
❖ Squad stats sometimes should be recalculated. If you see strange values then save and reload.
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
【 CHANGE LOG 】
⋯ 2022-05-27 ⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯
❖ Game version: 1.16471
❖ Added 'Global inventory'
❖ Renamed 'Squad stats' -> 'Player inventory'
❖ Improved 'Super speed': now works with followers; the parameter now works as speed multiplier instead of being substitute value
❖ Removed 'Easy crafting of 3 star gear': edit items instead
❖ Removed 'Profession fast leveling': edit character instead
⋯ 2022-05-13 ⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯
❖ Game version: 1.15321
❖ Improved 'Edit character stats': more traits displayed; editing trait names now more reliable
⋯ 2022-04-03 ⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯
❖ Fixed 'strong squad': armor should be set to max, not zero
- 2022-04-01 ⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯
❖ Game version: 1.15211
- 2022-03-28 ⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯
❖ Fixed 'strong squad' and 'weak enemies' options: now could activate specific options without activating the rest
- 2022-03-25 ⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯
❖ Game version: 1.15040
- 2022-02-32 ⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯
❖ Game version: 1.13584
- 2022-02-18 ⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯
❖ Game version: 1.13327
- 2022-01-15 ⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯
❖ Updated 'Edit character stats': added pointers for character look
- 2022-01-10 ⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯
❖ Game version: 1.12527
❖ Added 'Super speed'
❖ Added 'Adjustable zoom limit'
❖ Updated 'Edit item stats': search for all values with a single script
❖ Updated 'Edit character stats': Now works with NPC; added pointers for profession, title
- 2021-12-20 ⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯
❖ Updated 'Squad Stats' script: now it shows structured list of inventory items to edit amount for each of them
- 2021-12-19 ⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯
❖ Fixed a bug in 'Squad Stats'->'General' script which sometimes do nothing after activating
- 2021-12-18 ⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯
❖ Game version: 1.12444
❖ Removed 'Knowledge fast leveling' (edit 'Discovery')
❖ Removed 'Unhappy squad members don't leave' (edit 'Happiness')
❖ Removed 'Increase specific item count' (edit item amount with 'Item stats')
- 2021-12-16 ⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯
❖ Updated 'Edit item stats': new pointers 'stolen flag', 'color'
❖ Added 'Strong squad'
❖ Added 'Weak enemies'
❖ Added 'Edit character during battle'
- 2021-12-10 ⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯
❖ Updated 'Edit character stats': new pointers 'traits', 'skills'
❖ Added 'Massive bonus stats' & 'Massive skill points' helping editing character stats
❖ Added 'Easy crafting of 3 star gear'
❖ Added 'Edit item stats'
- 2021-12-09 ⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯
❖ Game version: 1.12114
❖ Replaced 'No wages' with 'No wages debt'.
❖ Added 'Massive carrying capacity'.
❖ Added 'Edit character stats'
- 2021-12-08 ⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯⋯
❖ Game version: 1.12060
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
【 TABLE UPDATE TIPS 】
❖ Infinite sprint: find what writes to the Player.SprintStamina - double [0,1]
❖ Edit character stats: search for 4 byte level value
❖ Edit character during battle: search for 4 byte movement value or current hp
❖ No fatigue: search for double [0,1+] at GameState.Simulation; 0 = well rested; 1 = exhausted; 2 = red alert
❖ No suspicion: search for double [0,100+] at GameState.Wanted; 0 = no suspicion
Super speed: find what reads Player.Speed from multiple "players". speed should increased for each surface (planes, forest) and each squad member (not npc).
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
【 FUTURE PLANS 】
❖ Weak enemies, Strong squad, Infinite sprint, No fatigue, No suspicion, Time, Squad Stats, desired_zoom, Super speed, No wages debt - to access game_ptr
❖ Replace: Massive carrying capacity if possible
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
【 CONTACT THE AUTHOR 】
❖ https://cheatengine.net/viewtopic.php?p=846#p846
76CA9FD0B1B1
4
76CA9FD0B3FE
jne
76CA9FD0B479
no gold plates => no 3 star item
76CA9FD0B593
There you get 3 star item
76CA9FD0B6C9
3 - ничего