8
"+Inf Money"
Auto Assembler Script
// Game: Railway Empire
// Version: PLAZA v1.4.0-20700
[ENABLE]
aobscanmodule(addMoney,RailwayEmpire.exe,48 8B B0 C8 04 00 00)
alloc(newmem,$100,addMoney)
label(code)
label(return)
globalalloc(addMoney_ptr,8)
newmem:
mov [addMoney_ptr],rax
code:
add [rax+000004C8],#1000000 // added part
mov rsi,[rax+000004C8]
jmp return
addMoney:
jmp newmem
nop
nop
return:
registersymbol(addMoney)
[DISABLE]
addMoney:
db 48 8B B0 C8 04 00 00
unregistersymbol(addMoney)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "RailwayEmpire.exe"+44B653
"RailwayEmpire.exe"+44B626: 48 C7 45 D0 07 00 00 00 - mov qword ptr [rbp-30],00000007
"RailwayEmpire.exe"+44B62E: 48 89 5D C8 - mov [rbp-38],rbx
"RailwayEmpire.exe"+44B632: 66 89 5D B8 - mov [rbp-48],bx
"RailwayEmpire.exe"+44B636: 88 5D D8 - mov [rbp-28],bl
"RailwayEmpire.exe"+44B639: 48 8B 01 - mov rax,[rcx]
"RailwayEmpire.exe"+44B63C: 48 89 74 24 58 - mov [rsp+58],rsi
"RailwayEmpire.exe"+44B641: FF 90 E0 00 00 00 - call qword ptr [rax+000000E0]
"RailwayEmpire.exe"+44B647: 48 8B C8 - mov rcx,rax
"RailwayEmpire.exe"+44B64A: E8 C1 EE DB FF - call RailwayEmpire.exe+20A510
"RailwayEmpire.exe"+44B64F: 48 8B 4F 40 - mov rcx,[rdi+40]
// ---------- INJECTING HERE ----------
"RailwayEmpire.exe"+44B653: 48 8B B0 C8 04 00 00 - mov rsi,[rax+000004C8]
// ---------- DONE INJECTING ----------
"RailwayEmpire.exe"+44B65A: 48 8B 01 - mov rax,[rcx]
"RailwayEmpire.exe"+44B65D: FF 90 20 01 00 00 - call qword ptr [rax+00000120]
"RailwayEmpire.exe"+44B663: 48 39 58 08 - cmp [rax+08],rbx
"RailwayEmpire.exe"+44B667: 0F 84 1A 01 00 00 - je RailwayEmpire.exe+44B787
"RailwayEmpire.exe"+44B66D: 48 8B 4F 40 - mov rcx,[rdi+40]
"RailwayEmpire.exe"+44B671: 48 8B 01 - mov rax,[rcx]
"RailwayEmpire.exe"+44B674: FF 90 20 01 00 00 - call qword ptr [rax+00000120]
"RailwayEmpire.exe"+44B67A: 48 8B 48 08 - mov rcx,[rax+08]
"RailwayEmpire.exe"+44B67E: 80 B9 C4 00 00 00 03 - cmp byte ptr [rcx+000000C4],03
"RailwayEmpire.exe"+44B685: 0F 84 FC 00 00 00 - je RailwayEmpire.exe+44B787
}
14
"currentMoney"
4 Bytes
addMoney_ptr
4C8
11
"+Inf Innovation Points"
Auto Assembler Script
// Game: Railway Empire
// Version: PLAZA v1.4.0-20700
[ENABLE]
aobscanmodule(innovationPoints,RailwayEmpire.exe,F3 0F 58 D1 F3 0F 11 51 18)
alloc(newmem,$100)
label(code)
label(return)
globalalloc(innovationPoints_ptr,8)
newmem:
cmp [rcx+7D4],1
je code
mov [innovationPoints_ptr],rcx
code:
//addss xmm2,xmm1
addss xmm2,xmm0 { [ 1000000 ] }
movss [rcx+18],xmm2 { currentValue (float) }
jmp return
innovationPoints:
jmp newmem
nop
nop
nop
nop
return:
registersymbol(innovationPoints)
[DISABLE]
innovationPoints:
db F3 0F 58 D1 F3 0F 11 51 18
unregistersymbol(innovationPoints)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "RailwayEmpire.exe"+596EBE
"RailwayEmpire.exe"+596E9D: CC - int 3
"RailwayEmpire.exe"+596E9E: CC - int 3
"RailwayEmpire.exe"+596E9F: CC - int 3
"RailwayEmpire.exe"+596EA0: F3 0F 10 51 18 - movss xmm2,[rcx+18]
"RailwayEmpire.exe"+596EA5: F3 0F 10 05 D7 A4 61 00 - movss xmm0,[RailwayEmpire.exe+BB1384]
"RailwayEmpire.exe"+596EAD: F3 0F 5C C2 - subss xmm0,xmm2
"RailwayEmpire.exe"+596EB1: 0F 2F C1 - comiss xmm0,xmm1
"RailwayEmpire.exe"+596EB4: 73 08 - jae RailwayEmpire.exe+596EBE
"RailwayEmpire.exe"+596EB6: C7 41 18 00 24 74 49 - mov [rcx+18],49742400
"RailwayEmpire.exe"+596EBD: C3 - ret
// ---------- INJECTING HERE ----------
"RailwayEmpire.exe"+596EBE: F3 0F 58 D1 - addss xmm2,xmm1
"RailwayEmpire.exe"+596EC2: F3 0F 11 51 18 - movss [rcx+18],xmm2
// ---------- DONE INJECTING ----------
"RailwayEmpire.exe"+596EC7: C3 - ret
"RailwayEmpire.exe"+596EC8: CC - int 3
"RailwayEmpire.exe"+596EC9: CC - int 3
"RailwayEmpire.exe"+596ECA: CC - int 3
"RailwayEmpire.exe"+596ECB: CC - int 3
"RailwayEmpire.exe"+596ECC: CC - int 3
"RailwayEmpire.exe"+596ECD: CC - int 3
"RailwayEmpire.exe"+596ECE: CC - int 3
"RailwayEmpire.exe"+596ECF: CC - int 3
"RailwayEmpire.exe"+596ED0: 4C 8B 01 - mov r8,[rcx]
}
15
"currentInnovationPoints"
Float
innovationPoints_ptr
18
6
"Freeze Time"
Auto Assembler Script
// Game: Railway Empire
// Version: CODEX v1.5.0-21590
[ENABLE]
aobscanmodule(freezeTime,RailwayEmpire.exe,89 91 68 19 00 00)
alloc(newmem,$1000,freezeTime)
label(code)
label(return)
globalalloc(freezeTime_ptr,8)
newmem:
mov [freezeTime_ptr],rcx { defautlFloatValue=2.940002651E-39 }
code:
mov [rcx+0000196C],edx
//mov [rcx+00001968],edx
jmp return
freezeTime:
jmp newmem
nop
return:
registersymbol(freezeTime)
[DISABLE]
freezeTime:
db 89 91 68 19 00 00
unregistersymbol(freezeTime)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "RailwayEmpire.exe"+5AA79B
"RailwayEmpire.exe"+5AA788: 5E - pop rsi
"RailwayEmpire.exe"+5AA789: 5D - pop rbp
"RailwayEmpire.exe"+5AA78A: C3 - ret
"RailwayEmpire.exe"+5AA78B: CC - int 3
"RailwayEmpire.exe"+5AA78C: CC - int 3
"RailwayEmpire.exe"+5AA78D: CC - int 3
"RailwayEmpire.exe"+5AA78E: CC - int 3
"RailwayEmpire.exe"+5AA78F: CC - int 3
"RailwayEmpire.exe"+5AA790: 48 83 EC 38 - sub rsp,38
"RailwayEmpire.exe"+5AA794: 48 8D 81 78 19 00 00 - lea rax,[rcx+00001978]
// ---------- INJECTING HERE ----------
"RailwayEmpire.exe"+5AA79B: 89 91 68 19 00 00 - mov [rcx+00001968],edx
// ---------- DONE INJECTING ----------
"RailwayEmpire.exe"+5AA7A1: 4C 8D 91 77 19 00 00 - lea r10,[rcx+00001977]
"RailwayEmpire.exe"+5AA7A8: 48 89 44 24 28 - mov [rsp+28],rax
"RailwayEmpire.exe"+5AA7AD: 4C 8D 89 76 19 00 00 - lea r9,[rcx+00001976]
"RailwayEmpire.exe"+5AA7B4: 4C 89 54 24 20 - mov [rsp+20],r10
"RailwayEmpire.exe"+5AA7B9: 4C 8D 81 74 19 00 00 - lea r8,[rcx+00001974]
"RailwayEmpire.exe"+5AA7C0: E8 9B DD FF FF - call RailwayEmpire.exe+5A8560
"RailwayEmpire.exe"+5AA7C5: 48 83 C4 38 - add rsp,38
"RailwayEmpire.exe"+5AA7C9: C3 - ret
"RailwayEmpire.exe"+5AA7CA: CC - int 3
"RailwayEmpire.exe"+5AA7CB: CC - int 3
}
13
"currentTime"
Float
freezeTime_ptr
1968
freezeTime_ptr
028A0020
addMoney_ptr
028A0000
innovationPoints_ptr
028A0010
07)*3-R1aUxuh?x+iLv-665dVPYUyJwYWkk[EP1+f(y8$k_8:qT_oY-ucL[iz#9lVTgEy,ecxS.Ca6B8XxISJBYsaSpXVl;.=WsqvJH1P.RMz$BPybN*ws/%Ea:iuNNCOBo]32Y8A6)IRi/Q[P5OzGH*zo-W)nydwtntu
5(!?IQ*y;zWn;@=c[3zCZgg+LVRMWC0suurQ#C;W0000clpc14@EkL1ZUH)FyDWEIM3o^@zHE:PK]0pw)J0{dR6pWng}Ip_$r^T#mP7By]qwjOIH7MA9ilt3h-*[?0b]._Yhlia,G-pj#]m[#(;z#y%}Tv7xVJSDN,nMYaqn5E;TEFB.fa^!nPZd+auo-Nijfkk.%QJcox6c8xUB@%1pokvP*/h.3K_Lk000e1NJLTq000.O000.W1@?s6.CDUv00006VoOIv0RI600RN!9r.]8x010qNS#tmY3ljhU3ljkVnw%H[000McNliru.R,NECI}}Eobmtw1h]2:K}zY]wUo[o9LEvGf8EnFJ2U%1a#u?oMOu/(NtOi%2w;zEAc%d+A.;=G_0uUybIaL4ZZTju1]Gr-a+(f*ax9wilFR+=C3ok0x,^m3DGA6aR@Fu:RY1R2uL]Ap[xnGHLLmsV+[;sv!il1*D*OS;;gtNTXvp*NJkJrawA+cVdOg}4M5i6mj$]6DB90/DamcUhb5@_{/SAx,]YmzP!HYb=ULUtuQa6@etVy$iG_kA%hAd4H6j}_DqF^_8?B@#]C+Yi.X(S?^r:NUG[3#6V+#,j-=YmfO5e2j571lY+vLq]C)kx?WNvW!asw)hI3#C1)szL/xDnTpoeNEsSbmWm%761O#ZwXo/*jfw9@miHbcM+XHw!zv+G]7K7N7GoErp7rzoI]sCtra4IQd=tNVMyTn7-I.-0OthX575T2+/_pqC+R2b3m4OwXr(bE@;akPS[;lNS(BG@h}Qqt/$R6,o6QChK{5+25*q-PDnu-,WCehT0BpN[cJf;^t53OebeC4_1OEK,pLqADk9hpoFDY9cjt{-)CsPiOj]^lOx7/2DVwGi;q9*4/j[:;+;6iZ=I+fU6[dct2!{R::Uw-r/WmTchCW$:z^5RYm9(,R7e=%$unu4OJ2+Ut=vMf/3nx-OZceqSeG{h8-cTq}nvW#{?@L#uZZue-nW7LyxPQ*v_BJexhxb-vs@2ulT-46NYioj?!yrI+HXmxum((H@+gQ.]q[K97_U@L:lGG:vE?ZP(]Q/WuW/0,lp9Ui^[6VzA#^8{D8d.oy6mg#K9/uV}]x7i.KS/L4s(oP@:8I6Ycp3h:Ar^C_RjZd.n7#$q2n9pdWB*O}?=seGd56Q9(!]2M_nx@6G/b,DMcx!LK/m8lfwt,yCrWLcPP-PZBfJ7/g@Evn4xyQxnb2j,}:LzY$rW@YVw4rHg3]$*S7-QIf;kgY[4z?sdd-Qu/y1kfeo#Vuzb^*zOxJnX6gFTk36_Fer(g}/^(%WoKw_k6@M%x**YP56qnxL,0R,kA]S]bGO%Vf#/[orM.E+PI)pn(OQ!uk1xAPiV66Qa.3EgI)21.,Q8EoRrN;UkboUa=4f8sF1srC2Q1w45XAMrhSyryG%FDb6XnyFHA8u*D];GN%(:b//GhDTg:r]Qr00m_V.d5sbXbAP}lFd?rE4w?0ouE*YULMynQ@qGEV;0KTE6gp:/k9Niq!-Pxr_E+TvjP+{%{^ULD{vQE=237oUcCkvDmoP2l6hadfdS25(u=2m3/zxVosmxY6ENQ*99=j=coeU6V0)Y}RdW(Btu1x8-kQ[nLTj1FF=9b8_^^{pvzW6H85djo0#tbp2%a!XKE7.7DMUH_ys1s/._#5t5wI241TL[2YBME!hSa)6GJo6a}i4M*2XS9y*$4Z-s=/LQ$5JRvL^CTnO10j4Z,n#OL.])gS(bS+Cv;c6{4BCqI$nx]9se_!%MR8Hv8VE+;@$1IZ#N@7+%h[iT{2Wor(5g]adJgq@4RvM*;#xrcPj8/R;TM/fYl,rjfzHjKpF.B*5^sZD:,;K;?FB_^;002ovPDHLkV1k4I0002*m}:Z?fAo=tCW%KPySvJt+WMr}C=][PmC*lpMVh)R?#fEFW[fe5jC$mfXHhr3QeYD422PbH*4%Xu:T7a80ghVAv#_vxsof0ipRm^Ej0T5$,u$2;jslnin_u!0nTn^-T?c385UgCi7=bTG,]r_*3{YW7oVZh{N?btxq5c