0
"Add Wartales Integer"
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
{$lua}
if _wt_customInteger == nil then
registerCustomTypeAutoAssembler([[
alloc(TypeName,256)
alloc(ByteSize,8)
alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)
TypeName:
db 'Wartales Integer',0
ByteSize:
dd 4
ConvertRoutine:
push rdx
push r8
xor rax,rax
mov r8d, 0x5b62db6d
mov eax, dword ptr [rcx]
xor eax, r8d
mov r8, 0x1f
xor rdx, rdx
idiv r8
pop r8
pop rdx
ret
ConvertBackRoutine:
push rax
push rdx
push r8
xor rax,rax
mov r8d, 0x1f
mov eax, ecx
imul eax, r8d
mov r8d, 0x5b62db6d
xor eax, r8d
pop r8
pop rdx
mov dword ptr [rdx], eax
pop rax
ret
]])
registerCustomTypeAutoAssembler([[
alloc(TypeName,256)
alloc(ByteSize,8)
alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)
TypeName:
db 'Wartales Packed Integer',0
ByteSize:
dd 8
{Display Packed as Integer}
ConvertRoutine:
push rdx
push r8
xor rax,rax
mov r8d, 0x5b62db6d
mov eax, dword ptr [rcx]
xor eax, r8d
mov r8, 0x1f
xor rdx, rdx
idiv r8
{
mov edx, dword ptr [rcx+4]
cmp eax, edx
je leave
mov rax, qword ptr [rcx]
leave:
}
pop r8
pop rdx
ret
{Convert Integer to Encoded Long}
ConvertBackRoutine:
push rax
push rdx
push r8
xor rax,rax
mov r8d, 0x1f
mov eax, ecx
imul eax, r8d
mov r8d, 0x5b62db6d
xor eax, r8d {lower dword}
xor rdx, rdx
mov edx, ecx
shl rdx, #32 {upper dword}
xor rax, rdx
pop r8
pop rdx
mov [rdx], rax
pop rax
ret
]])
_wt_customInteger = true
end
{$asm}
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
109
"No Fatigue Loss"
Auto Assembler Script
[ENABLE]
aobScanRegion(fatigue, 700000000000, 7FFFFFFFFFFF, F2 48 0F 59 ?? F2 48 0F 11 ?? ?? ?? ?? ?? F2 48 0F 10 ?? ?? ?? ?? ?? F2 48 0F 58 ?? F2 48 0F 11 ?? ?? ?? ?? ?? 48 8B ?? ?? F2 48 0F 10 ?? 48 83)
fatigue+17:
db 0F 57 D2 90 90
registersymbol(fatigue)
[DISABLE]
fatigue+17:
db F2 48 0F 58 D1
unregistersymbol(fatigue)
{
// ORIGINAL CODE - INJECTION POINT: 76CAA0003466
76CAA0003428: 49 8B CB - mov rcx,r11
76CAA000342B: 48 83 EC 20 - sub rsp,20
76CAA000342F: E8 EC F7 FE FF - call 76CA9FFF2C20
76CAA0003434: 48 89 6C 24 F8 - mov [rsp-08],rbp
76CAA0003439: 48 83 C4 20 - add rsp,20
76CAA000343D: F2 48 0F 11 85 30 FF FF FF - movsd [rbp-000000D0],xmm0
76CAA0003446: F2 48 0F 10 8D 60 FF FF FF - movsd xmm1,[rbp-000000A0]
76CAA000344F: F2 48 0F 59 C8 - mulsd xmm1,xmm0
76CAA0003454: F2 48 0F 11 8D 38 FF FF FF - movsd [rbp-000000C8],xmm1
76CAA000345D: F2 48 0F 10 95 58 FF FF FF - movsd xmm2,[rbp-000000A8]
// ---------- INJECTING HERE ----------
76CAA0003466: F2 48 0F 58 D1 - addsd xmm2,xmm1
// ---------- DONE INJECTING ----------
76CAA000346B: F2 48 0F 11 95 58 FF FF FF - movsd [rbp-000000A8],xmm2
76CAA0003474: 48 8B 4D 10 - mov rcx,[rbp+10]
76CAA0003478: F2 48 0F 10 CA - movsd xmm1,xmm2
76CAA000347D: 48 83 EC 20 - sub rsp,20
76CAA0003481: E8 4A 73 00 00 - call 76CAA000A7D0
76CAA0003486: 48 89 6C 24 F8 - mov [rsp-08],rbp
76CAA000348B: 48 83 C4 20 - add rsp,20
76CAA000348F: F2 48 0F 11 85 58 FF FF FF - movsd [rbp-000000A8],xmm0
76CAA0003498: 49 B8 B8 2A 1E 99 0B 02 00 00 - mov r8,0000020B991E2AB8
76CAA00034A2: 4D 8B 08 - mov r9,[r8]
}
{
76CAA000A88B - 48 B8 F062EBD2FD7F0000 - mov rax,libhl.hl_math_floor
76CAA000A895 - 48 83 EC 20 - sub rsp,20
76CAA000A899 - FF D0 - call rax
76CAA000A89B - 48 89 6C 24 F8 - mov [rsp-08],rbp
76CAA000A8A0 - 48 83 C4 20 - add rsp,20
76CAA000A8A4 - 89 45 EC - mov [rbp-14],eax
76CAA000A8A7 - F2 0F2A C0 - cvtsi2sd xmm0,eax
76CAA000A8AB - F2 48 0F11 45 F8 - movsd [rbp-08],xmm0
76CAA000A8B1 - 48 8B 4D 10 - mov rcx,[rbp+10]
76CAA000A8B5 - F2 48 0F11 81 20010000 - movsd [rcx+00000120],xmm0
76CAA000A8BE - B8 01000000 - mov eax,00000001
76CAA000A8C3 - 89 45 EC - mov [rbp-14],eax
76CAA000A8C6 - 8B D0 - mov edx,eax
76CAA000A8C8 - 48 83 EC 20 - sub rsp,20
76CAA000A8CC - E8 5FAE12FF - call 76CA9F135730
76CAA000A8D1 - 48 89 6C 24 F8 - mov [rsp-08],rbp
76CAA000A8D6 - 48 83 C4 20 - add rsp,20
76CAA000A8DA - 48 8B 4D 10 - mov rcx,[rbp+10]
76CAA000A8DE - F2 48 0F10 5D 18 - movsd xmm3,[rbp+18]
// ---------- INJECTING HERE ----------
76CAA000A8E4 - F2 48 0F11 59 48 - movsd [rcx+48],xmm3
// ---------- DONE INJECTING ----------
76CAA000A8EA - F2 48 0F10 C3 - movsd xmm0,xmm3
76CAA000A8EF - 48 83 C4 20 - add rsp,20
76CAA000A8F3 - 5D - pop rbp
76CAA000A8F4 - 48 C3 - ret
}
9273
"Zero Fatigue"
Auto Assembler Script
[ENABLE]
define(code_nofatigue,0)
{$lua}
if syntaxcheck then return end
local results = AOBScan("F2 48 0F 10 41 48 F2 48 0F 11 45 F0 F2","+X-C+W")
assert(results, "aobscan failed")
return ('define(code_nofatigue,%s)'):format(results[0])
{$asm}
alloc(mem_nofatigue,$1000,code_nofatigue)
label(code)
label(return)
label(ptr_nofatigue)
label(desired_nofatigue)
mem_nofatigue:
code:
mov [ptr_nofatigue],rcx
movsd xmm0,[desired_nofatigue]
movsd [rcx+48],xmm0
jmp return
ptr_nofatigue:
dq 0
desired_nofatigue:
dq (double)0.0
code_nofatigue:
jmp mem_nofatigue
nop
return:
registersymbol(code_nofatigue)
registersymbol(ptr_nofatigue)
registersymbol(desired_nofatigue)
[DISABLE]
code_nofatigue:
db F2 48 0F 10 41 48
unregistersymbol(code_nofatigue)
unregistersymbol(ptr_nofatigue)
unregistersymbol(desired_nofatigue)
dealloc(mem_nofatigue)
{
// ORIGINAL CODE - INJECTION POINT: 76CAA000035C
76CAA0000349: 48 C3 - ret
76CAA000034B: 90 - nop
76CAA000034C: 90 - nop
76CAA000034D: 90 - nop
76CAA000034E: 90 - nop
76CAA000034F: 90 - nop
76CAA0000350: 55 - push rbp
76CAA0000351: 48 8B EC - mov rbp,rsp
76CAA0000354: 48 83 EC 20 - sub rsp,20
76CAA0000358: 48 89 4D 10 - mov [rbp+10],rcx
// ---------- INJECTING HERE ----------
76CAA000035C: F2 48 0F 10 41 48 - movsd xmm0,[rcx+48]
// ---------- DONE INJECTING ----------
76CAA0000362: F2 48 0F 11 45 F0 - movsd [rbp-10],xmm0
76CAA0000368: F2 48 0F 10 0D 97 FC FF FE - movsd xmm1,[76CA9F000008]
76CAA0000371: F2 48 0F 11 4D E8 - movsd [rbp-18],xmm1
76CAA0000377: 66 48 0F 2F C1 - comisd xmm0,xmm1
76CAA000037C: 7B 06 - jnp 76CAA0000384
76CAA000037E: 48 33 D2 - xor rdx,rdx
76CAA0000381: 48 3B D4 - cmp rdx,rsp
76CAA0000384: 0F 83 0C 00 00 00 - jae 76CAA0000396
76CAA000038A: 45 33 C0 - xor r8d,r8d
76CAA000038D: 44 88 45 FF - mov [rbp-01],r8l
}
129
"No Wages"
Auto Assembler Script
[ENABLE]
aobScanRegion(wages, 700000000000, 7FFFFFFFFFFF, FF D0 48 89 ?? ?? ?? 8B ?? ?? ?? 00 00 89 ?? ?? 8B ?? ?? 03)
alloc(newmem,$1000,wages)
label(wagesBkp)
label(return)
newmem:
wagesBkp:
readmem(wages+07,6)
test ecx,ecx
je return
xor ecx,ecx
db 89
readmem(wages+08,5)
jmp return
wages+07:
jmp newmem
nop
return:
registersymbol(wages)
registersymbol(wagesBkp)
[DISABLE]
wages+07:
readmem(wagesBkp,6)
unregistersymbol(wages)
unregistersymbol(wagesBkp)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 76CAA005D6D7
76CAA005D6AA: FF 45 AC - inc [rbp-54]
76CAA005D6AD: 48 8B 85 20 FF FF FF - mov rax,[rbp-000000E0]
76CAA005D6B4: 48 85 C0 - test rax,rax
76CAA005D6B7: 75 1E - jne 76CAA005D6D7
76CAA005D6B9: 48 83 EC 08 - sub rsp,08
76CAA005D6BD: 68 E8 48 7D 03 - push 037D48E8
76CAA005D6C2: 48 B8 20 1A 00 9F CA 76 00 00 - mov rax,000076CA9F001A20
76CAA005D6CC: 48 83 EC 20 - sub rsp,20
76CAA005D6D0: FF D0 - call rax
76CAA005D6D2: 48 89 6C 24 F8 - mov [rsp-08],rbp
// ---------- INJECTING HERE ----------
76CAA005D6D7: 8B 88 0C 01 00 00 - mov ecx,[rax+0000010C]
// ---------- DONE INJECTING ----------
76CAA005D6DD: 89 4D A4 - mov [rbp-5C],ecx
76CAA005D6E0: 8B 55 C8 - mov edx,[rbp-38]
76CAA005D6E3: 03 D1 - add edx,ecx
76CAA005D6E5: 89 55 A8 - mov [rbp-58],edx
76CAA005D6E8: 89 55 C8 - mov [rbp-38],edx
76CAA005D6EB: E9 34 FF FF FF - jmp 76CAA005D624
76CAA005D6F0: 48 B9 98 CB 27 82 1A 02 00 00 - mov rcx,0000021A8227CB98
76CAA005D6FA: 48 B8 80 BD 18 D7 FD 7F 00 00 - mov rax,libhl.hl_alloc_virtual
76CAA005D704: 48 83 EC 20 - sub rsp,20
76CAA005D708: FF D0 - call rax
}
126
"Increase Movement"
Auto Assembler Script
[ENABLE]
aobScanRegion(speed, 700000000000, 7FFFFFFFFFFF, F2 48 0F 11 ?? ?? ?? 8B ?? ?? F2 49 0F 10 ?? ?? ?? 00 00 F2 48 0F 11 ?? ?? ?? 8B ?? ?? ?? 89)
alloc(newmem,$1000,speed)
label(speedBkp)
label(speedVal)
label(return)
newmem:
push rax
mov rax,[r8+B0]
test rax,rax
je @f
mov rax,speedVal
movsd xmm2,[speedVal]
pop rax
jmp return
@@:
pop rax
speedBkp:
readmem(speed+0A,9)
jmp return
align 10
speedVal:
dq (double)20.0
speed+0A:
jmp newmem
nop 4
return:
registersymbol(speed)
registersymbol(speedBkp)
registersymbol(speedVal)
[DISABLE]
speed+0A:
readmem(speedBkp,9)
unregistersymbol(speed)
unregistersymbol(speedBkp)
unregistersymbol(speedVal)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 76CA9F4FDBD4
76CA9F4FDB9B: 48 83 C4 20 - add rsp,20
76CA9F4FDB9F: F2 48 0F 11 45 90 - movsd [rbp-70],xmm0
76CA9F4FDBA5: F2 48 0F 10 2D DA 24 B0 FF - movsd xmm5,[76CA9F000088]
76CA9F4FDBAE: F2 48 0F 11 6D 88 - movsd [rbp-78],xmm5
76CA9F4FDBB4: F2 48 0F 59 C5 - mulsd xmm0,xmm5
76CA9F4FDBB9: F2 48 0F 11 45 90 - movsd [rbp-70],xmm0
76CA9F4FDBBF: F2 48 0F 10 4D 98 - movsd xmm1,[rbp-68]
76CA9F4FDBC5: F2 48 0F 58 C8 - addsd xmm1,xmm0
76CA9F4FDBCA: F2 48 0F 11 4D 98 - movsd [rbp-68],xmm1
76CA9F4FDBD0: 4C 8B 45 10 - mov r8,[rbp+10]
// ---------- INJECTING HERE ----------
76CA9F4FDBD4: F2 49 0F 10 90 10 01 00 00 - movsd xmm2,[r8+00000110]
// ---------- DONE INJECTING ----------
76CA9F4FDBDD: F2 48 0F 11 55 90 - movsd [rbp-70],xmm2
76CA9F4FDBE3: 4D 8B 50 08 - mov r10,[r8+08]
76CA9F4FDBE7: 4C 89 95 70 FF FF FF - mov [rbp-00000090],r10
76CA9F4FDBEE: 4D 85 D2 - test r10,r10
76CA9F4FDBF1: 75 1E - jne 76CA9F4FDC11
76CA9F4FDBF3: 48 83 EC 08 - sub rsp,08
76CA9F4FDBF7: 68 CD 95 64 EE - push FFFFFFFFEE6495CD
76CA9F4FDBFC: 48 B8 20 1A 00 9F CA 76 00 00 - mov rax,000076CA9F001A20
76CA9F4FDC06: 48 83 EC 20 - sub rsp,20
76CA9F4FDC0A: FF D0 - call rax
}
127
"Speed"
0
Double
speedVal
24
"Combat Pointer"
Auto Assembler Script
[ENABLE]
aobScanRegion(combat, 700000000000, 7FFFFFFFFFFF, 44 8B 82 ?? ?? ?? ?? 44 89 ?? ?? F2 41 0F 2A ?? F2 48 0F 11 ?? ?? 48 83)
alloc(newmem,$1000,combat)
label(combatBkp)
label(combatPtr)
label(return)
newmem:
mov r8,combatPtr
mov [r8],rdx
combatBkp:
readmem(combat,7)
jmp return
align 10
combatPtr:
dq 0
readmem(combat+03,4)
combat:
jmp newmem
nop 2
return:
registersymbol(combat)
registersymbol(combatBkp)
registersymbol(combatPtr)
[DISABLE]
combat:
readmem(combatBkp,7)
unregistersymbol(combat)
unregistersymbol(combatBkp)
unregistersymbol(combatPtr)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 76CA9F4F5E86
76CA9F4F5E58: 48 8B 90 80 02 00 00 - mov rdx,[rax+00000280]
76CA9F4F5E5F: 48 89 55 D8 - mov [rbp-28],rdx
76CA9F4F5E63: 48 85 D2 - test rdx,rdx
76CA9F4F5E66: 75 1E - jne 76CA9F4F5E86
76CA9F4F5E68: 48 83 EC 08 - sub rsp,08
76CA9F4F5E6C: 68 9C 28 06 FD - push FFFFFFFFFD06289C
76CA9F4F5E71: 48 B8 20 1A 00 9F CA 76 00 00 - mov rax,000076CA9F001A20
76CA9F4F5E7B: 48 83 EC 20 - sub rsp,20
76CA9F4F5E7F: FF D0 - call rax
76CA9F4F5E81: 48 89 6C 24 F8 - mov [rsp-08],rbp
// ---------- INJECTING HERE ----------
76CA9F4F5E86: 44 8B 82 3C 01 00 00 - mov r8d,[rdx+0000013C]
// ---------- DONE INJECTING ----------
76CA9F4F5E8D: 44 89 45 CC - mov [rbp-34],r8d
76CA9F4F5E91: F2 41 0F 2A C8 - cvtsi2sd xmm1,r8d
76CA9F4F5E96: F2 48 0F 11 4D C0 - movsd [rbp-40],xmm1
76CA9F4F5E9C: 48 83 EC 20 - sub rsp,20
76CA9F4F5EA0: E8 6B D0 11 00 - call 76CA9F612F10
76CA9F4F5EA5: 48 89 6C 24 F8 - mov [rsp-08],rbp
76CA9F4F5EAA: 48 83 C4 20 - add rsp,20
76CA9F4F5EAE: F2 48 0F 11 45 C0 - movsd [rbp-40],xmm0
76CA9F4F5EB4: 4C 8B 55 10 - mov r10,[rbp+10]
76CA9F4F5EB8: 4D 8B 9A A0 02 00 00 - mov r11,[r10+000002A0]
}
25
"Selected Unit"
0
1
combatPtr
0
27761
"Health"
0
4 Bytes
+[combatPtr+08]
27
"Armor"
0
4 Bytes
+[combatPtr+08]-4
27763
"Max Armor"
0
8 Bytes
+1F0
24
28
"Movement (DOES NOT WORK)"
0
808080
4 Bytes
+[combatPtr+08]+8
27759
"Basic Attack Used"
0
4 Bytes
+[combatPtr+08]+4
64
"Companion Pointer"
Auto Assembler Script
[ENABLE]
aobScanRegion(companion, 700000000000, 7FFFFFFFFFFF, 48 8B ?? ?? 02 00 00 48 89 ?? ?? 48 8B ?? 48 83)
alloc(newmem,$1000,companion)
label(companionBkp)
label(companionPtr)
label(return)
newmem:
companionBkp:
readmem(companion,7)
mov rax,companionPtr
mov [rax+00],rdx
mov [rax+08],rcx
jmp return
align 10
companionPtr:
dq 0
dq 0
companion:
jmp newmem
nop 2
return:
registersymbol(companion)
registersymbol(companionBkp)
registersymbol(companionPtr)
[DISABLE]
companion:
readmem(companionBkp,7)
unregistersymbol(companion)
unregistersymbol(companionBkp)
unregistersymbol(companionPtr)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 76CA9F080C8C
76CA9F080C63: 48 C3 - ret
76CA9F080C65: 48 8B 4D D0 - mov rcx,[rbp-30]
76CA9F080C69: 48 85 C9 - test rcx,rcx
76CA9F080C6C: 75 1E - jne 76CA9F080C8C
76CA9F080C6E: 48 83 EC 08 - sub rsp,08
76CA9F080C72: 68 8E CB A9 0D - push 0DA9CB8E
76CA9F080C77: 48 B8 20 1A 00 9F CA 76 00 00 - mov rax,000076CA9F001A20
76CA9F080C81: 48 83 EC 20 - sub rsp,20
76CA9F080C85: FF D0 - call rax
76CA9F080C87: 48 89 6C 24 F8 - mov [rsp-08],rbp
// ---------- INJECTING HERE ----------
76CA9F080C8C: 48 8B 91 90 02 00 00 - mov rdx,[rcx+00000290]
// ---------- DONE INJECTING ----------
76CA9F080C93: 48 89 55 B8 - mov [rbp-48],rdx
76CA9F080C97: 48 8B C2 - mov rax,rdx
76CA9F080C9A: 48 83 C4 50 - add rsp,50
76CA9F080C9E: 5D - pop rbp
76CA9F080C9F: 48 C3 - ret
76CA9F080CA1: 90 - nop
76CA9F080CA2: 90 - nop
76CA9F080CA3: 90 - nop
76CA9F080CA4: 90 - nop
76CA9F080CA5: 90 - nop
}
65
"Selected Unit"
0
1
companionPtr
0
68
"Name (do not change)"
0
String
256
1
0
1
+48
0
8
69
"Class (do not change)"
0
String
256
1
0
1
+58
0
8
66
"Level"
0
4 Bytes
+B0
155
"Experience"
0
4 Bytes
+C8
27168
"Sex"
0:male
1:female
1
4 Bytes
+50
67
"Aptitude Points"
0
4 Bytes
+B4
27750
"Aptitude Points Spent"
0
4 Bytes
+C0
112
"Profession Experience"
0
4 Bytes
+120
5C
161
"Attribute Increases"
0
1
+80
18
10
8
28
164
"Attribute 1"
0
1
+0*8
0
162
"Name (do not change)"
0
String
256
1
0
1
+18
0
8
165
"Bonus Value"
0
4 Bytes
+24
166
"Attribute 2"
0
1
+1*8
0
167
"Name (do not change)"
0
String
256
1
0
1
+18
0
8
168
"Bonus Value"
0
4 Bytes
+24
169
"Attribute 3"
0
1
+2*8
0
170
"Name (do not change)"
0
String
256
1
0
1
+18
0
8
171
"Bonus Value"
0
4 Bytes
+24
172
"Attribute 4"
0
1
+3*8
0
173
"Name (do not change)"
0
String
256
1
0
1
+18
0
8
174
"Bonus Value"
0
4 Bytes
+24
175
"Attribute 5"
0
1
+4*8
0
176
"Name (do not change)"
0
String
256
1
0
1
+18
0
8
177
"Bonus Value"
0
4 Bytes
+24
178
"Attribute 6"
0
1
+5*8
0
179
"Name (do not change)"
0
String
256
1
0
1
+18
0
8
180
"Bonus Value"
0
4 Bytes
+24
99
"Class Base Attributes"
0
1
+70
0
10
0
58
100
"Strength"
0
4 Bytes
+0*8+18
0
30
30
101
"Dexterity"
0
4 Bytes
+1*8+18
0
30
30
102
"Constitution"
0
4 Bytes
+2*8+18
0
30
30
105
"Willpower"
0
4 Bytes
+5*8+18
0
30
30
104
"Movement"
0
4 Bytes
+4*8+18
0
30
30
106
"Carrying Capacity"
0
808080
4 Bytes
+6*8+18
0
30
30
103
"???"
0
808080
4 Bytes
+3*8+18
0
30
30
142
"Traits (do not touch)"
0
1
+118
18
10
8
28
146
"Trait 1"
0
String
256
1
0
1
+0*8
0
20
10
147
"Trait 2"
0
String
256
1
0
1
+1*8
0
20
10
154
"Trait 3"
0
String
256
1
0
1
+2*8
0
20
10
27751
"Trait 4"
0
String
256
1
0
1
+3*8
0
20
10
27752
"Trait 5"
0
String
256
1
0
1
+4*8
0
20
10
27753
"Trait 6"
0
String
256
1
0
1
+5*8
0
20
10
27754
"Trait 7"
0
String
256
1
0
1
+6*8
0
20
10
27755
"Trait 8"
0
String
256
1
0
1
+7*8
0
20
10
27756
"Trait 9"
0
String
256
1
0
1
+8*8
0
20
10
27757
"Trait 10"
0
String
256
1
0
1
+9*8
0
20
10
150
"Professions (do not touch)"
0
808080
1
+120
0
10
8
8
28
151
"Profession 1"
0
String
256
1
0
1
+0*10
0
153
"Profession 2"
0
String
256
1
0
1
+1*10
0
27746
"[Profession]"
0
1
+120
0
27747
"Name"
0
String
128
1
0
1
+50
0
8
27748
"Level"
0
4 Bytes
+58
27749
"Experience"
0
4 Bytes
+5C
27174
"Item stats [Hover mouse over an item]"
Auto Assembler Script
[ENABLE]
define(code_itemstat,0)
{$lua}
if syntaxcheck then return end
-- this code calls the function that accesses items 'stolen' flag when mouse over
local results = AOBScan("48 89 45 88 48 8B 4D E8 48 85 C9","+X-C+W")
assert(results, "aobscan failed")
return ('define(code_itemstat,%s)'):format(results[0])
{$asm}
alloc(mem_itemstat,$1000,code_itemstat)
label(code)
label(return)
label(ptr_itemstat)
mem_itemstat:
code:
mov rcx,[rbp-18]
mov [ptr_itemstat],rcx
test rcx,rcx
jmp return
ptr_itemstat:
dq 0
code_itemstat+04:
jmp mem_itemstat
nop 2
return:
registersymbol(code_itemstat)
registersymbol(ptr_itemstat)
[DISABLE]
code_itemstat+04:
db 48 8B 4D E8 48 85 C9
unregistersymbol(code_itemstat)
unregistersymbol(ptr_itemstat)
dealloc(mem_itemstat)
{
// ORIGINAL CODE - INJECTION POINT: 76CA9F5CEFC7
76CA9F5CEF93: 0F 85 0B 00 00 00 - jne 76CA9F5CEFA4
76CA9F5CEF99: 4D 33 DB - xor r11,r11
76CA9F5CEF9C: 4C 89 5D 90 - mov [rbp-70],r11
76CA9F5CEFA0: 4C 89 5D A0 - mov [rbp-60],r11
76CA9F5CEFA4: 48 B9 48 D6 57 A0 90 01 00 00 - mov rcx,00000190A057D648
76CA9F5CEFAE: 48 B8 00 BC 2F EA FE 7F 00 00 - mov rax,libhl.hl_alloc_obj
76CA9F5CEFB8: 48 83 EC 20 - sub rsp,20
76CA9F5CEFBC: FF D0 - call rax
76CA9F5CEFBE: 48 89 6C 24 F8 - mov [rsp-08],rbp
76CA9F5CEFC3: 48 83 C4 20 - add rsp,20
// ---------- INJECTING HERE ----------
76CA9F5CEFC7: 48 89 45 88 - mov [rbp-78],rax
// ---------- DONE INJECTING ----------
76CA9F5CEFCB: 48 8B 4D E8 - mov rcx,[rbp-18]
76CA9F5CEFCF: 48 85 C9 - test rcx,rcx
76CA9F5CEFD2: 75 1B - jne 76CA9F5CEFEF
76CA9F5CEFD4: 48 83 EC 08 - sub rsp,08
76CA9F5CEFD8: 6A 6B - push 6B
76CA9F5CEFDA: 48 B8 20 1A 00 9F CA 76 00 00 - mov rax,000076CA9F001A20
76CA9F5CEFE4: 48 83 EC 20 - sub rsp,20
76CA9F5CEFE8: FF D0 - call rax
76CA9F5CEFEA: 48 89 6C 24 F8 - mov [rsp-08],rbp
76CA9F5CEFEF: 4C 8B D1 - mov r10,rcx
}
27470
"Base Address (Inventory Bucket)"
1
0
800080
1
ptr_itemstat
0
27471
"Base Address (Item)"
1
0
800080
1
ptr_itemstat
0
0
18
8
27665
"Base Address (Game)"
1
0
800080
1
ptr_itemstat
0
8
0
18
8
27551
"Base Address (Item Description)"
1
0
800080
1
ptr_itemstat
0
58
0
18
8
27178
"Id"
0
FF00FF
String
128
1
0
1
ptr_itemstat
0
8
48
0
18
8
27179
"Type"
0
FF00FF
String
128
1
0
1
ptr_itemstat
0
8
0
70
58
0
18
8
27180
"Localized Name"
0
FF00FF
String
128
1
0
1
ptr_itemstat
0
8
0
40
58
0
18
8
27181
"Localized Desc"
0
FF00FF
String
128
1
0
1
ptr_itemstat
0
8
0
20
58
0
18
8
27182
"Amount"
0
4 Bytes
ptr_itemstat
0
58
8
27183
"Stars [for armor and weapons]"
0:✩✩✩
1:★✩✩
2:★★✩
3:★★★
0
4 Bytes
ptr_itemstat
60
0
18
8
27184
"Level [for high tier armor and weapons]"
0
4 Bytes
ptr_itemstat
64
0
18
8
27185
"Stolen?"
0:No
1:Yes
0
4 Bytes
ptr_itemstat
28
50
0
18
8
27186
"Color [for armor]"
00FFFFFF:White
00C0C0C0:Silver
00D3D3D3:Light Gray
00808080:Gray
00A9A9A9:Dark Gray
FF423E3C:Burnt Ash
FF4B5260:Dusk Ash
FF565A5B:Dark Ash
FF5C5E53:Dark Ash 2
FF69636B:Dark Ash 3
00B2BEB5:Ash
00000000:Black
00251607:Graphite
003B3B3B:Light Graphite
FF47423F:Dust
00565656:Smoke
003F2519:Dark Brown
005C3625:Brown
FF704F4D:Brown 2
0098705E:Light Brown
00f5deb3:Wheat
00581515:Burnt Red
008B0000:Dark Red
00EA2121:Red
00FF6161:Light Red
008B4000:Burnt Orange
00B16B12:Dark Orange
00EA9821:Orange
00FFBF61:Light Orange
0073730A:Burnt Yellow
00AFAF19:Dark Yellow
00EDED20:Yellow
00FFFF65:Light Yellow
00FFFDD0:Cream
00404000:Burnt Olive
005B5B00:Dark Olive
00808000:Olive
00C4C040:Light Olive
002C3D15:Burnt Green
FF5A6249:Dusk Green
003D531E:Dark Green
00496621:Green
00519A18:Green 2
00B6E74E:Lime Green
00A7FF63:Light Green
0098FF98:Mint Green
00B4E88C:Pale Green
001B5853:Burnt Turquoise
003B9E96:Dark Turquoise
0050D6CB:Turquoise
00A2FFF7:Light Turquoise
0051B3FF:Cerulean Blue
008CCDFF:Sky Blue
00C2E4FF:Pale Blue
00162350:Navy Blue
002F4281:Dark Blue
003F59AF:Blue
006387FF:Light Blue
FF4F4560:Burnt Royal Blue
00182650:Burnt Royal Blue 2
002B4490:Dark Royal Blue
004169E1:Royal Blue
009DB5FE:Light Royal Blue
0021113D:Burnt Purple
00462E70:Dark Purple
006F48B4:Purple
00BB95FF:Light Purple
00E3B7FA:Lavendar
00972297:Dark Fuschia
00ED4AED:Fuschia
00FF93FF:Light Fuschia
00581522:Dark Burgundy
008C2236:Burgundy
00C64F65:Light Burgundy
008A2F5D:Burnt Hot Pink
00BF558A:Dark Hot Pink
00FF69B4:Hot Pink
6D1701B8:Dark Pink
00F59CBA:Pink
FF6E5953:Dark Light Pink
00F3BDD0:Light Pink
00F9DFE8:Pale Pink
1
0
4 Bytes
ptr_itemstat
78
0
18
8
53
"Resource Pointers"
Auto Assembler Script
[ENABLE]
aobScanRegion(resources, 700000000000, 7FFFFFFFFFFF, 8B ?? ?? ?? ?? ?? 48 8B 4C D0 18 48 89 ?? 60 FF FF FF 48 8B D1 48 B9)
alloc(newmem,$1000,resources)
label(resourcesBkp)
label(resourcesPtr)
label(return)
newmem:
test rdx,rdx
je @f
mov rcx,resourcesPtr
mov [rcx],rax
resourcesBkp:
readmem(resources+06,5)
jmp return
align 10
resourcesPtr:
dq 0
resources+06:
jmp newmem
return:
registersymbol(resources)
registersymbol(resourcesBkp)
registersymbol(resourcesPtr)
[DISABLE]
resources+06:
readmem(resourcesBkp,5)
unregistersymbol(resources)
unregistersymbol(resourcesBkp)
unregistersymbol(resourcesPtr)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 76CA9FFA87B0
76CA9FFA8783: 45 3B C1 - cmp r8d,r9d
76CA9FFA8786: 0F 82 0F 00 00 00 - jb 76CA9FFA879B
76CA9FFA878C: 4D 33 D2 - xor r10,r10
76CA9FFA878F: 4C 89 95 68 FF FF FF - mov [rbp-00000098],r10
76CA9FFA8796: E9 4E 00 00 00 - jmp 76CA9FFA87E9
76CA9FFA879B: 4C 8B 5D 80 - mov r11,[rbp-80]
76CA9FFA879F: 49 8B 43 10 - mov rax,[r11+10]
76CA9FFA87A3: 48 89 45 F0 - mov [rbp-10],rax
76CA9FFA87A7: 48 33 D2 - xor rdx,rdx
76CA9FFA87AA: 8B 95 74 FF FF FF - mov edx,[rbp-0000008C]
// ---------- INJECTING HERE ----------
76CA9FFA87B0: 48 8B 4C D0 18 - mov rcx,[rax+rdx*8+18]
// ---------- DONE INJECTING ----------
76CA9FFA87B5: 48 89 8D 60 FF FF FF - mov [rbp-000000A0],rcx
76CA9FFA87BC: 48 8B D1 - mov rdx,rcx
76CA9FFA87BF: 48 B9 F8 80 A0 7E A7 02 00 00 - mov rcx,000002A77EA080F8
76CA9FFA87C9: 48 B8 50 84 87 C1 FD 7F 00 00 - mov rax,libhl.hl_to_virtual
76CA9FFA87D3: 48 83 EC 20 - sub rsp,20
76CA9FFA87D7: FF D0 - call rax
76CA9FFA87D9: 48 89 6C 24 F8 - mov [rsp-08],rbp
76CA9FFA87DE: 48 83 C4 20 - add rsp,20
76CA9FFA87E2: 48 89 85 68 FF FF FF - mov [rbp-00000098],rax
76CA9FFA87E9: 4C 8B 85 68 FF FF FF - mov r8,[rbp-00000098]
}
54
"Resources"
0
1
resourcesPtr
0
55
"Krowns"
0
4 Bytes
+0*8+18
4
18
30
8
59
"Encrypted Value"
0
Custom
Wartales Integer
-4
56
"Influence"
0
4 Bytes
+1*8+18
4
18
30
8
60
"Encrypted Value"
0
Custom
Wartales Integer
-4
57
"Happiness"
0
4 Bytes
+2*8+18
4
18
30
8
61
"Encrypted Value"
1
Custom
Wartales Integer
-4
58
"Valour Points"
0
4 Bytes
+3*8+18
4
18
30
8
62
"Encrypted Value"
0
Custom
Wartales Integer
-4
119
"Knowledge Experience"
0
4 Bytes
+4*8+18
4
18
30
8
120
"Encrypted Value"
0
Custom
Wartales Integer
-4
131
"Knowledge Points"
0
4 Bytes
+5*8+18
4
18
30
8
132
"Encrypted Value"
0
Custom
Wartales Integer
-4
18
"Ignore This"
808080
1
11
"dropOne"
Auto Assembler Script
[ENABLE]
aobscan(dropOne,A0 4D 8B 4A 20 4D 85 C9 75 36 4C)
alloc(newmem,$1000,dropOne)
label(code)
label(return)
newmem:
code:
mov r9,[r10+20]
test r9,r9
jmp return
dropOne+01:
jmp newmem
nop 2
return:
registersymbol(dropOne)
[DISABLE]
dropOne+01:
db 4D 8B 4A 20 4D 85 C9
unregistersymbol(dropOne)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 76CA9F5CA219
76CA9F5CA1F2: 49 8B CA - mov rcx,r10
76CA9F5CA1F5: 48 B8 E0 9C 49 C8 FD 7F 00 00 - mov rax,libhl.hl_dyn_seti
76CA9F5CA1FF: 48 83 EC 20 - sub rsp,20
76CA9F5CA203: FF D0 - call rax
76CA9F5CA205: 48 89 6C 24 F8 - mov [rsp-08],rbp
76CA9F5CA20A: 48 83 C4 20 - add rsp,20
76CA9F5CA20E: EB 05 - jmp 76CA9F5CA215
76CA9F5CA210: 8B 55 90 - mov edx,[rbp-70]
76CA9F5CA213: 89 11 - mov [rcx],edx
76CA9F5CA215: 4C 8B 55 A0 - mov r10,[rbp-60]
// ---------- INJECTING HERE ----------
76CA9F5CA219: 4D 8B 4A 20 - mov r9,[r10+20]
// ---------- DONE INJECTING ----------
76CA9F5CA21D: 4D 85 C9 - test r9,r9
76CA9F5CA220: 75 36 - jne 76CA9F5CA258
76CA9F5CA222: 4C 8B 4D 94 - mov r9,[rbp-6C]
76CA9F5CA226: 49 B8 F8 00 6A 11 CD 01 00 00 - mov r8,000001CD116A00F8
76CA9F5CA230: 48 BA D9 45 63 0A 00 00 00 00 - mov rdx,000000000A6345D9
76CA9F5CA23A: 49 8B CA - mov rcx,r10
76CA9F5CA23D: 48 B8 E0 9C 49 C8 FD 7F 00 00 - mov rax,libhl.hl_dyn_seti
76CA9F5CA247: 48 83 EC 20 - sub rsp,20
76CA9F5CA24B: FF D0 - call rax
76CA9F5CA24D: 48 89 6C 24 F8 - mov [rsp-08],rbp
}
17
"encrypt"
Auto Assembler Script
[ENABLE]
aobscan(encrypt,41 BB 1F 00 00 00 44 89 5D F4)
registersymbol(encrypt)
[DISABLE]
unregistersymbol(encrypt)
{
76CA9F52C4E9 - 48 B8 E09449C8FD7F0000 - mov rax,libhl.hl_dyn_geti
76CA9F52C4F3 - 48 83 EC 20 - sub rsp,20
76CA9F52C4F7 - FF D0 - call rax
76CA9F52C4F9 - 48 89 6C 24 F8 - mov [rsp-08],rbp
76CA9F52C4FE - 48 83 C4 20 - add rsp,20
76CA9F52C502 - 89 45 F8 - mov [rbp-08],eax
76CA9F52C505 - EB 07 - jmp 76CA9F52C50E
76CA9F52C507 - 45 8B 19 - mov r11d,[r9]
76CA9F52C50A - 44 89 5D F8 - mov [rbp-08],r11d
// ----- MULTIPLY VALUE -----
76CA9F52C50E - 41 BB 1F000000 - mov r11d,0000001F
// --------------------------
76CA9F52C514 - 44 89 5D F4 - mov [rbp-0C],r11d
76CA9F52C518 - 8B 45 F8 - mov eax,[rbp-08]
76CA9F52C51B - 41 0FAF C3 - imul eax,r11d
76CA9F52C51F - 89 45 F8 - mov [rbp-08],eax
// ----- ENCODE VALUE -----
76CA9F52C522 - 41 BB 6DDB625B - mov r11d,5B62DB6D
// ------------------------
76CA9F52C528 - 44 89 5D F4 - mov [rbp-0C],r11d
76CA9F52C52C - 41 33 C3 - xor eax,r11d
76CA9F52C52F - 89 45 F8 - mov [rbp-08],eax
76CA9F52C532 - 8B 4D FC - mov ecx,[rbp-04]
76CA9F52C535 - 3B C8 - cmp ecx,eax
76CA9F52C537 - 0F84 EF020000 - je 76CA9F52C82C
76CA9F52C53D - 4C 8B 55 10 - mov r10,[rbp+10]
76CA9F52C541 - 4D 8B 42 18 - mov r8,[r10+18]
76CA9F52C545 - 4D 85 C0 - test r8,r8
76CA9F52C548 - 75 35 - jne 76CA9F52C57F
76CA9F52C54A - 49 B8 F8006A11CD010000 - mov r8,000001CD116A00F8
76CA9F52C554 - 48 BA 267A4B0000000000 - mov rdx,00000000004B7A26
76CA9F52C55E - 49 8B CA - mov rcx,r10
76CA9F52C561 - 48 B8 E09449C8FD7F0000 - mov rax,libhl.hl_dyn_geti
}
107
"bonusAttributes"
Auto Assembler Script
[ENABLE]
aobscan(bonusAttributes,45 8B 50 24 44 89 55 AC)
registersymbol(bonusAttributes)
[DISABLE]
unregistersymbol(bonusAttributes)
{
// ORIGINAL CODE - INJECTION POINT: 76CA9FF279E6
76CA9FF279BE: 4D 85 C0 - test r8,r8
76CA9FF279C1: 75 1B - jne 76CA9FF279DE
76CA9FF279C3: 48 83 EC 08 - sub rsp,08
76CA9FF279C7: 6A 61 - push 61
76CA9FF279C9: 48 B8 20 1A 00 9F CA 76 00 00 - mov rax,000076CA9F001A20
76CA9FF279D3: 48 83 EC 20 - sub rsp,20
76CA9FF279D7: FF D0 - call rax
76CA9FF279D9: 48 89 6C 24 F8 - mov [rsp-08],rbp
76CA9FF279DE: 4D 8B 48 18 - mov r9,[r8+18]
76CA9FF279E2: 4C 89 4D 80 - mov [rbp-80],r9
// ---------- INJECTING HERE ----------
76CA9FF279E6: 45 8B 50 24 - mov r10d,[r8+24]
// ---------- DONE INJECTING ----------
76CA9FF279EA: 44 89 55 AC - mov [rbp-54],r10d
76CA9FF279EE: 49 BB E0 D2 D7 55 39 02 00 00 - mov r11,0000023955D7D2E0
76CA9FF279F8: 49 8B 03 - mov rax,[r11]
76CA9FF279FB: 48 89 85 58 FF FF FF - mov [rbp-000000A8],rax
76CA9FF27A02: 48 33 C9 - xor rcx,rcx
76CA9FF27A05: 48 89 8D 70 FF FF FF - mov [rbp-00000090],rcx
76CA9FF27A0C: 48 8B 4D 10 - mov rcx,[rbp+10]
76CA9FF27A10: 49 8B D1 - mov rdx,r9
76CA9FF27A13: 45 8B C2 - mov r8d,r10d
76CA9FF27A16: 4C 8B C8 - mov r9,rax
}
122
"readValue"
Auto Assembler Script
[ENABLE]
aobscan(readValue,8B 11 89 55 FC 4C 8B 55)
alloc(newmem,$1000,readValue)
label(code)
label(return)
newmem:
mov rdx,20C3463C220
cmp rdx,rcx
jne @f
mov rdx,[rsp+78]
lea rdx,[rdx]
mov r9,76CA9F5E49B6
cmp r9,rdx
jne @f
nop
@@:
mov rdx,[rsp+78]
lea rdx,[rdx]
xor rdx,rdx
code:
mov edx,[rcx]
mov [rbp-04],edx
jmp return
readValue:
jmp newmem
return:
registersymbol(readValue)
[DISABLE]
readValue:
db 8B 11 89 55 FC
unregistersymbol(readValue)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 76CA9F52C4C0
76CA9F52C48B: 49 B8 F8 00 0A 96 0B 02 00 00 - mov r8,0000020B960A00F8
76CA9F52C495: 48 BA 26 7A 4B 00 00 00 00 00 - mov rdx,00000000004B7A26
76CA9F52C49F: 48 8B C8 - mov rcx,rax
76CA9F52C4A2: 48 B8 E0 94 EB D2 FD 7F 00 00 - mov rax,libhl.hl_dyn_geti
76CA9F52C4AC: 48 83 EC 20 - sub rsp,20
76CA9F52C4B0: FF D0 - call rax
76CA9F52C4B2: 48 89 6C 24 F8 - mov [rsp-08],rbp
76CA9F52C4B7: 48 83 C4 20 - add rsp,20
76CA9F52C4BB: 89 45 FC - mov [rbp-04],eax
76CA9F52C4BE: EB 05 - jmp 76CA9F52C4C5
// ---------- INJECTING HERE ----------
76CA9F52C4C0: 8B 11 - mov edx,[rcx]
// ---------- DONE INJECTING ----------
76CA9F52C4C2: 89 55 FC - mov [rbp-04],edx
76CA9F52C4C5: 4C 8B 55 10 - mov r10,[rbp+10]
76CA9F52C4C9: 4D 8B 4A 20 - mov r9,[r10+20]
76CA9F52C4CD: 4D 85 C9 - test r9,r9
76CA9F52C4D0: 75 35 - jne 76CA9F52C507
76CA9F52C4D2: 49 B8 F8 00 0A 96 0B 02 00 00 - mov r8,0000020B960A00F8
76CA9F52C4DC: 48 BA D9 45 63 0A 00 00 00 00 - mov rdx,000000000A6345D9
76CA9F52C4E6: 49 8B CA - mov rcx,r10
76CA9F52C4E9: 48 B8 E0 94 EB D2 FD 7F 00 00 - mov rax,libhl.hl_dyn_geti
76CA9F52C4F3: 48 83 EC 20 - sub rsp,20
}
124
"addResource"
Auto Assembler Script
[ENABLE]
aobscan(addResource,41 03 C0 89 ?? ?? 49 B9 ?? ?? ?? ?? ?? ?? ?? ?? ?? 8B)
alloc(newmem,$1000,addResource)
label(code)
label(return)
newmem:
add eax,#1000
code:
add eax,r8d
mov [rbp-54],eax
jmp return
addResource:
jmp newmem
nop
return:
registersymbol(addResource)
[DISABLE]
addResource:
db 41 03 C0 89 45 AC
unregistersymbol(addResource)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 76CA9F5E49D8
76CA9F5E49B6: 48 89 6C 24 F8 - mov [rsp-08],rbp
76CA9F5E49BB: 48 83 C4 20 - add rsp,20
76CA9F5E49BF: 89 45 AC - mov [rbp-54],eax
76CA9F5E49C2: 4C 8B 45 20 - mov r8,[rbp+20]
76CA9F5E49C6: 4D 85 C0 - test r8,r8
76CA9F5E49C9: 74 06 - je 76CA9F5E49D1
76CA9F5E49CB: 4D 8B 40 08 - mov r8,[r8+08]
76CA9F5E49CF: EB 03 - jmp 76CA9F5E49D4
76CA9F5E49D1: 4D 33 C0 - xor r8,r8
76CA9F5E49D4: 44 89 45 A8 - mov [rbp-58],r8d
// ---------- INJECTING HERE ----------
76CA9F5E49D8: 41 03 C0 - add eax,r8d
// ---------- DONE INJECTING ----------
76CA9F5E49DB: 89 45 AC - mov [rbp-54],eax
76CA9F5E49DE: 49 B9 B8 7A 31 85 1A 02 00 00 - mov r9,0000021A85317AB8
76CA9F5E49E8: 4D 8B 11 - mov r10,[r9]
76CA9F5E49EB: 4C 89 95 70 FF FF FF - mov [rbp-00000090],r10
76CA9F5E49F2: 4D 8B 5A 48 - mov r11,[r10+48]
76CA9F5E49F6: 4C 89 9D 78 FF FF FF - mov [rbp-00000088],r11
76CA9F5E49FD: 4D 85 DB - test r11,r11
76CA9F5E4A00: 75 1E - jne 76CA9F5E4A20
76CA9F5E4A02: 48 83 EC 08 - sub rsp,08
76CA9F5E4A06: 68 7C A5 DD 1D - push 1DDDA57C
}
141
"lectern"
Auto Assembler Script
[ENABLE]
aobscan(lectern,B7 FF 48 89 6C 24 F8 48 83 C4 20 48 8B 55 10 44 8B 45 18 44 89 42 70)
alloc(newmem,$1000,lectern)
label(code)
label(return)
newmem:
mov r8d,7
code:
//mov r8d,[rbp+18]
mov [rdx+70],r8d
jmp return
lectern+0F:
jmp newmem
nop 3
return:
registersymbol(lectern)
[DISABLE]
lectern+0F:
db 44 8B 45 18 44 89 42 70
unregistersymbol(lectern)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 76CA9F5BF9E0
76CA9F5BF9B5: 3B C2 - cmp eax,edx
76CA9F5BF9B7: 0F 84 1F 00 00 00 - je 76CA9F5BF9DC
76CA9F5BF9BD: 41 B8 05 00 00 00 - mov r8d,00000005
76CA9F5BF9C3: 44 89 45 FC - mov [rbp-04],r8d
76CA9F5BF9C7: 41 8B D0 - mov edx,r8d
76CA9F5BF9CA: 48 83 EC 20 - sub rsp,20
76CA9F5BF9CE: E8 5D 5D B7 FF - call 76CA9F135730
76CA9F5BF9D3: 48 89 6C 24 F8 - mov [rsp-08],rbp
76CA9F5BF9D8: 48 83 C4 20 - add rsp,20
76CA9F5BF9DC: 48 8B 55 10 - mov rdx,[rbp+10]
// ---------- INJECTING HERE ----------
76CA9F5BF9E0: 44 8B 45 18 - mov r8d,[rbp+18]
// ---------- DONE INJECTING ----------
76CA9F5BF9E4: 44 89 42 70 - mov [rdx+70],r8d
76CA9F5BF9E8: 49 8B C0 - mov rax,r8
76CA9F5BF9EB: 48 83 C4 10 - add rsp,10
76CA9F5BF9EF: 5D - pop rbp
76CA9F5BF9F0: 48 C3 - ret
76CA9F5BF9F2: 90 - nop
76CA9F5BF9F3: 90 - nop
76CA9F5BF9F4: 90 - nop
76CA9F5BF9F5: 90 - nop
76CA9F5BF9F6: 90 - nop
}
14
"Cursor Pointer"
808080
Auto Assembler Script
[ENABLE]
aobScanRegion(cursor, 700000000000, 7FFFFFFFFFFF, 4C 8B ?? 4C 89 ?? D8 48 8B ?? ?? 48 B9)
alloc(newmem,$1000,cursor)
label(cursorBkp)
label(cursorPtr)
label(return)
newmem:
mov rax,cursorPtr
mov [rax],rcx
cursorBkp:
readmem(cursor,7)
jmp return
align 10
cursorPtr:
dq 0
cursor:
jmp newmem
nop 2
return:
registersymbol(cursor)
registersymbol(cursorBkp)
registersymbol(cursorPtr)
[DISABLE]
cursor:
readmem(cursorBkp,7)
unregistersymbol(cursor)
unregistersymbol(cursorBkp)
unregistersymbol(cursorPtr)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 76CAA0064781
76CAA006474B: 49 B8 38 58 6A 11 CD 01 00 00 - mov r8,000001CD116A5838
76CAA0064755: 48 BA 1D C6 BF 05 00 00 00 00 - mov rdx,0000000005BFC61D
76CAA006475F: 49 8B CA - mov rcx,r10
76CAA0064762: 48 B8 E0 97 49 C8 FD 7F 00 00 - mov rax,libhl.hl_dyn_getp
76CAA006476C: 48 83 EC 20 - sub rsp,20
76CAA0064770: FF D0 - call rax
76CAA0064772: 48 89 6C 24 F8 - mov [rsp-08],rbp
76CAA0064777: 48 83 C4 20 - add rsp,20
76CAA006477B: 48 89 45 D8 - mov [rbp-28],rax
76CAA006477F: EB 07 - jmp 76CAA0064788
// ---------- INJECTING HERE ----------
76CAA0064781: 4C 8B 19 - mov r11,[rcx]
// ---------- DONE INJECTING ----------
76CAA0064784: 4C 89 5D D8 - mov [rbp-28],r11
76CAA0064788: 48 8B 55 D8 - mov rdx,[rbp-28]
76CAA006478C: 48 B9 F8 80 6B 11 CD 01 00 00 - mov rcx,000001CD116B80F8
76CAA0064796: 48 B8 50 84 49 C8 FD 7F 00 00 - mov rax,libhl.hl_to_virtual
76CAA00647A0: 48 83 EC 20 - sub rsp,20
76CAA00647A4: FF D0 - call rax
76CAA00647A6: 48 89 6C 24 F8 - mov [rsp-08],rbp
76CAA00647AB: 48 83 C4 20 - add rsp,20
76CAA00647AF: 48 89 45 C8 - mov [rbp-38],rax
76CAA00647B3: 48 83 C4 60 - add rsp,60
}
16
"Item Quantity"
0
4 Bytes
cursorPtr
0
20
0