0
"[X] <== Spellforce 3 v1.38 Steam Script v2.1 AOB"
FF0000
Auto Assembler Script
{
===========================================
Game Title : Spellforce 3
Game Version : 1.38
Game Sponsor : PATRONS
Process Name : SF3ClientFinal.exe
Relevant Info : 64bits/RTS/RPG
Script Version: 2.1 AOB
CE Version : 6.7
Release date : 11-Jul-2018
Author : Recifense
History:
10-Dec-2017: First Release
12-Dec-2017: Added "Fast Construction" + Split GM + a fix (s2.0)
07-Feb-2018: Release for version 1.30
11-Jul-2018: Release for version 1.38 (s2.1)
Features:
- Minimum Resources
- Minimum Gold
- God Mode Units
- God Mode Buildings
- Unlimited Focus
- Quick Level Up
- Fast Construction
- Some Pointers
===========================================
}
//=========================================
// Checking CE version
{$lua}
if(getCEVersion() < 6.7) then
ShowMessage('Sorry. CE version should be 6.7 or above')
end
{$asm}
//=========================================
// Checking Selected Process
{$lua}
if(process == nil) then
ShowMessage('No process was selected')
elseif (process ~= "SF3ClientFinal.exe") then
ShowMessage('Warning. Expected Process = SF3ClientFinal.exe')
end
{$asm}
//=========================================
// Definitions
define(LUDO,"SF3ClientFinal.exe")
//=========================================
// Constants used in the script (that can be changed)
define(ctCE67,(float)6.7)
//=========================================
[ENABLE]
//=========================================
//LuaCall(CheckVersion())
//=========================================
// Check if script is compatible to this game version
// If false the script will not be loaded
AOBScanModule(MOPI,$process,0f b6 41 19 33 f6 38 41 18 ?? ?? 88 41 18 48 8d 81 e8 00 00 00 48)
AOBScanModule(MOPR,$process,48 8b 7b 30 48 8b 5b 28 48 3b df 0f 84 ?? ?? ?? ?? 0f 1f 44 00 00)
AOBScanModule(MOPU,$process,49 8b 83 d8 02 00 00 44 39 a0 ac 00 00 00 0f 8e ?? ?? ?? ?? 49 8b)
AOBScanModule(GDMD,$process,41 8b 04 24 2b c3 41 39 87 ac 00 00 00 ?? ?? 41 89 87 ac 00 00 00)
AOBScanModule(GDMB,$process,8b 91 34 01 00 00 4d 8b e0 48 8b f9 85 d2 0f 8e ?? ?? ?? ?? 4c 8b)
AOBScanModule(MOPG,$process,45 33 c0 4c 39 41 28 ?? ?? 8b 41 58 83 f8 01 ?? ?? 83 c0 fb 83 f8)
AOBScanModule(MOPX,$process,e8 ?? ?? ?? ?? 39 43 08 ?? ?? 48 89 6c 24 30 48 89 74 24 38 4c 89)
AOBScanModule(MOHF,$process,48 8b d9 8b 89 dc 00 00 00 03 ca 39 8b dc 00 00 00 ?? ?? 80 8b d8 00 00 00 01)
AOBScanModule(MOPC,$process,89 97 34 01 00 00 48 85 c9 ?? ?? 48 8b 01 ff 10 8b 87 34 01 00 00)
AOBScanModule(COPX,$process,41 57 48 83 ec 50 4c 8b f9 3b 51 28 ?? ?? 33 c0 48 83 c4 50 41 5f)
//=========================================
alloc(MyCode,4096,$process)
//=========================================
// Declaration section
label(_MonPlayerID)
label(_BackMPI)
label(_MonPlayerResources)
label(_BackMPR)
label(_MonPlayerUnits)
label(_BackMPU)
label(_GodMode)
label(_BackGMD)
label(_GodModeB)
label(_BackGMB)
label(_MonPlayerGold)
label(_BackMPG)
label(_MonPlayerXP)
label(_BackMPX)
label(_MonHeroFocus)
label(_BackMHF)
label(_MonPlayerConst)
label(_BackMPC)
label(iEnableMPR)
label(iEnableGMD)
label(iEnableGMB)
label(iEnableMPG)
label(iEnableMHP)
label(iEnableMPX)
label(iEnableMHF)
label(iEnableMPC)
label(iPlayerID)
label(pRes)
label(pGame)
label(pUnit)
label(pPlayer)
//=========================================
// Registering Symbols
registersymbol(MyCode)
registersymbol(iEnableMPR)
registersymbol(iEnableGMD)
registersymbol(iEnableGMB)
registersymbol(iEnableMPG)
registersymbol(iEnableMHP)
registersymbol(iEnableMPX)
registersymbol(iEnableMHF)
registersymbol(iEnableMPC)
registersymbol(iPlayerID)
registersymbol(pRes)
registersymbol(pGame)
registersymbol(pUnit)
registersymbol(pPlayer)
registersymbol(MOPI)
registersymbol(MOPR)
registersymbol(MOPU)
registersymbol(GDMD)
registersymbol(GDMB)
registersymbol(MOPG)
registersymbol(MOPX)
registersymbol(MOHF)
registersymbol(MOPC)
registersymbol(COPX)
//=========================================
MyCode:
//========================================= ok
// All the time during a game
_MonPlayerID:
movzx eax,byte ptr [rcx+19] // Original code
mov [iPlayerID],eax
_ExitMPI:
xor esi,esi // Original code
jmp _BackMPI // Back to main code
//========================================= 138 #
// During Skirmish Match
_MonPlayerResources:
mov [pGame],rcx
test rcx,rcx
jz _ExitMPR
mov eax,[iPlayerID]
cmp [rbx+68],al
jne _ExitMPR
mov [pRes],rbx
cmp dword ptr [iEnableMPR],0
je _ExitMPR // Jump if feature is disabled
mov rdi,[rbx+28]
xor rax,rax
_MonPR00:
cmp rdi,[rbx+30]
je _ExitMPR
mov eax,[rdi+14]
shr rax,1
cmp [rdi+04],eax
jns _MonPR01
mov [rdi+04],eax
_MonPR01:
lea rdi,[rdi+00000018]
jmp _MonPR00
_ExitMPR:
mov rdi,[rbx+30] // Original code
mov rbx,[rbx+28] // Original code
jmp _BackMPR // Back to main code
//========================================= 138 *
// During Skirmish Match (all the time)
_MonPlayerUnits:
mov [qRBX],rbx
mov rax,[r11+000002d8] // Original code
cmp dword ptr [iEnableGMD],0
je _ExitMPU // Jump if feature is disabled
mov bl,[r11+00000089]
mov [rax+0e],bl
_ExitMPU:
mov rbx,[qRBX]
jmp _BackMPU // Back to main code
//========================================= 138 *
// During Combat (Units HP)
_GodMode:
cmp dword ptr [iEnableGMD],0
je _ExitGMD // Jump if feature is disabled
movzx eax,byte ptr [r15+0e]
cmp eax,[iPlayerID]
jne _ExitGMD
mov eax,[r15+00000094]
mov [r15+000000ac],eax
xor ebx,ebx
_ExitGMD:
mov eax,[r12] // Original code
sub eax,ebx // Original code
jmp _BackGMD // Back to main code
//========================================= 138 *
// During Combat (Buildings HP)
_GodModeB:
mov edx,[rcx+00000134] // Original code
mov rdi,rcx
cmp dword ptr [iEnableGMB],0
je _ExitGMB // Jump if feature is disabled
lea rcx,[rdi-00000260]
movzx ecx,byte ptr [rcx+00000089]
cmp ecx,[iPlayerID]
jne _ExitGMB
mov ecx,[rdi+0000011c]
mov [rdi+00000134],ecx
mov [rdi+00000138],ecx
mov [rdi+0000014c],ecx
mov [rdi+000001c8],ecx
xor r14d,r14d
_ExitGMB:
mov rcx,rdi
jmp _BackGMB // Back to main code
//========================================= 138 *
// During Skirmish Match (all the time)
_MonPlayerGold:
mov [qRAX],rax
mov [qRDX],rdx
cmp qword ptr [rcx+28],00
je _ExitMPG
movzx eax,byte ptr [rcx+30]
cmp eax,[iPlayerID]
jne _ExitMPG
mov [pPlayer],rcx
mov rdx,[rcx+28]
lea rdx,[rdx+00000250]
mov [pXP],rdx
cmp dword ptr [iEnableMPG],0
je _ExitMPG // Jump if feature is disabled
mov rdx,[rcx+28]
mov eax,#67000
cmp [rdx+000001e0],eax
jns _ExitMPG
mov [rdx+000001e0],eax
mov eax,#6700000
mov [rdx+000001e4],eax
_ExitMPG:
mov rdx,[qRDX]
mov rax,[qRAX]
xor r8d,r8d // Original code
cmp [rcx+28],r8 // Original code
jmp _BackMPG // Back to main code
//========================================= ok
// When XP is updated
_MonPlayerXP:
call COPX // Original code
cmp dword ptr [iEnableMPX],0
je _ExitMPX // Jump if feature is disabled
cmp rbx,[pXP]
jne _ExitMPX
cmp [rbx+08],eax
jns _ExitMPX
mov [rbx+08],eax
_ExitMPX:
jmp _BackMPX // Back to main code
//========================================= 138 *
// When using focus
_MonHeroFocus:
cmp dword ptr [iEnableMHF],0
je _ExitMHF // Jump if feature is disabled
movzx ecx,byte ptr [rcx+0e]
cmp ecx,[iPlayerID]
jne _ExitMHF
mov ecx,[rbx+000000c4]
mov [rbx+000000dc],ecx
mov [rbx+000000e0],ecx
xor edx,edx
_ExitMHF:
mov rcx,rbx
mov ecx,[rcx+000000DC] // Original code
jmp _BackMHF // Back to main code
//========================================= 138 *
// When constructing
_MonPlayerConst:
cmp dword ptr [iEnableMPC],0
je _ExitMPC // Jump if feature is disabled
lea rax,[rdi-00000260]
movzx eax,byte ptr [rax+00000089]
cmp eax,[iPlayerID]
jne _ExitMPC
mov eax,#943718
cmp [rdi+000000d0],eax
jns _ExitMPC
mov [rdi+000000d0],eax
mov [rdi+000000d8],eax
_ExitMPC:
mov [rdi+00000134],edx // Original code
jmp _BackMPC // Back to main code
//=========================================
align 10,'='
//=========================================
db '===============================>'
db 'CE6.7 Script by Recifense 180711'
//=========================================
// Variables
iEnableMPR:
dd 0
iEnableGMD:
dd 0
iEnableGMB:
dd 0
iEnableMPG:
dd 0
iEnableMHP:
dd 0
iEnableMPX:
dd 0
iEnableMHF:
dd 0
iEnableMPC:
dd 0
iPlayerID:
dd 55555555
dd 0
qRAX:
dq 0
qRBX:
dq 0
qRCX:
dq 0
qRDX:
dq 0
pRes:
dq 0
pGame:
dq 0
pUnit:
dq 0
pPlayer:
dq 0
pXP:
dq MyCode
//=========================================
// Hacking Points
MOPI:
jmp _MonPlayerID
nop
_BackMPI:
MOPR:
jmp _MonPlayerResources
nop
nop
nop
_BackMPR:
MOPU:
jmp _MonPlayerUnits
nop
nop
_BackMPU:
GDMD:
jmp _GodMode
nop
_BackGMD:
GDMB:
jmp _GodModeB
nop
_BackGMB:
MOPG:
jmp _MonPlayerGold
nop
nop
_BackMPG:
MOPX:
jmp _MonPlayerXP
_BackMPX:
MOHF:
db ?? ?? ??
jmp _MonHeroFocus
nop
_BackMHF:
MOPC:
jmp _MonPlayerConst
nop
_BackMPC:
//=========================================
// Script for Restoring Original Codes
[DISABLE]
MOPI:
// movzx eax,byte ptr [rcx+19]
// xor esi,esi
db 0f b6 41 19 33 f6
MOPR:
// mov rdi,[rbx+30]
// mov rbx,[rbx+28]
db 48 8b 7b 30 48 8b 5b 28
MOPU:
// mov rax,[r11+000002D8]
db 49 8b 83 d8 02 00 00
GDMD:
// mov eax,[r12]
// sub eax,ebx
db 41 8b 04 24 2b c3
GDMB:
// mov edx,[rcx+00000134]
db 8b 91 34 01 00 00
MOPG:
// xor r8d,r8d
// cmp [rcx+28],r8
db 45 33 c0 4c 39 41 28
MOPX:
call COPX
MOHF:
// mov rbx,rcx
// mov ecx,[rcx+000000DC]
db ?? ?? ??
db 8b 89 dc 00 00 00
MOPC:
// mov [rdi+00000134],edx
db 89 97 34 01 00 00
//=========================================
// Unregistering Symbols
unregistersymbol(MyCode)
unregistersymbol(iEnableMPR)
unregistersymbol(iEnableGMD)
unregistersymbol(iEnableGMB)
unregistersymbol(iEnableMPG)
unregistersymbol(iEnableMHP)
unregistersymbol(iEnableMPX)
unregistersymbol(iEnableMHF)
unregistersymbol(iEnableMPC)
unregistersymbol(iPlayerID)
unregistersymbol(pRes)
unregistersymbol(pGame)
unregistersymbol(pUnit)
unregistersymbol(pPlayer)
unregistersymbol(MOPI)
unregistersymbol(MOPR)
unregistersymbol(MOPU)
unregistersymbol(GDMD)
unregistersymbol(GDMB)
unregistersymbol(MOPG)
unregistersymbol(MOPX)
unregistersymbol(MOHF)
unregistersymbol(MOPC)
unregistersymbol(COPX)
//=========================================
dealloc(MyCode)
//============= Scripts End ===============
// ****************************************
// NOTES
// ****************************************
{
}
96
"[X] <== God Mode for Units -------------> (HK: CTRL+Home / CTRL+End)"
C08000
Auto Assembler Script
[enable]
define(test,LUDO)
{$LUA}
writeInteger("iEnableGMD",1)
getAddressList().getMemoryRecordByID(96).Color=0x0008000
{$ASM}
[disable]
{$LUA}
writeInteger("iEnableGMD",0)
getAddressList().getMemoryRecordByID(96).Color=0x0c08000
{$ASM}
Activate
17
36
0
Deactivate
17
35
1
231
"[X] <== God Mode For Buildings --------> (HK: CTRL+Home / CTRL+End)"
C08000
Auto Assembler Script
[enable]
define(test,LUDO)
{$LUA}
writeInteger("iEnableGMB",1)
getAddressList().getMemoryRecordByID(231).Color=0x0004000
{$ASM}
[disable]
{$LUA}
writeInteger("iEnableGMB",0)
getAddressList().getMemoryRecordByID(231).Color=0x0c08000
{$ASM}
Activate
17
36
0
Deactivate
17
35
1
229
"[X] <== Unimited Focus -----------------> (HK: CTRL+Home / CTRL+End)"
C08000
Auto Assembler Script
[enable]
define(test,LUDO)
{$LUA}
writeInteger("iEnableMHF",1)
getAddressList().getMemoryRecordByID(229).Color=0x0008000
{$ASM}
[disable]
{$LUA}
writeInteger("iEnableMHF",0)
getAddressList().getMemoryRecordByID(229).Color=0x0c08000
{$ASM}
Activate
17
36
0
Deactivate
17
35
1
230
"[X] <== Minimum Gold -----------------> (HK: CTRL+Home / CTRL+End)"
C08000
Auto Assembler Script
[enable]
define(test,LUDO)
{$LUA}
writeInteger("iEnableMPG",1)
getAddressList().getMemoryRecordByID(230).Color=0x0008000
{$ASM}
[disable]
{$LUA}
writeInteger("iEnableMPG",0)
getAddressList().getMemoryRecordByID(230).Color=0x0c08000
{$ASM}
Activate
17
36
0
Deactivate
17
35
1
232
"[X] <== Fast Construction ---------------> (HK: CTRL+Home / CTRL+End)"
C08000
Auto Assembler Script
[enable]
define(test,LUDO)
{$LUA}
writeInteger("iEnableMPC",1)
getAddressList().getMemoryRecordByID(232).Color=0x0004000
{$ASM}
[disable]
{$LUA}
writeInteger("iEnableMPC",0)
getAddressList().getMemoryRecordByID(232).Color=0x0c08000
{$ASM}
Activate
17
36
0
Deactivate
17
35
1
139
"[X] <== Minimum Resources ------------> (HK: CTRL+Page Up / CTRL+Page Down)"
C08000
Auto Assembler Script
[enable]
define(test,LUDO)
{$LUA}
writeInteger("iEnableMPR",1)
getAddressList().getMemoryRecordByID(139).Color=0x00008000
{$ASM}
[disable]
{$LUA}
writeInteger("iEnableMPR",0)
getAddressList().getMemoryRecordByID(139).Color=0x00c08000
{$ASM}
Activate
17
33
0
Deactivate
17
34
1
147
"[X] <== Quick Level Up ------------------> (HK: CTRL+Insert / CTRL+Delete)"
C08000
Auto Assembler Script
[enable]
define(test,LUDO)
{$LUA}
writeInteger("iEnableMPX",1)
getAddressList().getMemoryRecordByID(147).Color=0x00008000
{$ASM}
[disable]
{$LUA}
writeInteger("iEnableMPX",0)
getAddressList().getMemoryRecordByID(147).Color=0x00c08000
{$ASM}
Activate
17
45
0
Deactivate
17
46
1
234
"[X] <== For Skirmish"
404080
1
233
"Maximum Level a Player's Hero can reach (50) ==>"
0000FF
4 Bytes
pPlayer
260
28
228
"[X] <== Table/Script Information"
0000FF
Auto Assembler Script
[enable]
define(test,LUDO)
{$LUA}
getMainForm().CommentButton.doClick()
{$ASM}
[disable]
Recifense
20180711
===========================================
Game Title : Spellforce 3
Game Version : 1.38
Game Sponsor : PATRONS
Process Name : SF3ClientFinal.exe
Relevant Info : 64bits/RTS/RPG
Script Version: 2.1 AOB
CE Version : 6.7
Release date : 11-Jul-2018
Author : Recifense
History:
10-Dec-2017: First Release
12-Dec-2017: Added "Fast Construction" + Split GM + a fix (s2.0)
07-Feb-2018: Release for version 1.30
11-Jul-2018: Release for version 1.38 (s2.1)
Features:
- Minimum Resources [1]
- Minimum Gold [2]
- God Mode Units [3]
- God Mode Buildings[4]
- Unlimited Focus [5]
- Quick Level Up [6]
- Fast Construction [7] new v2.0
- Some Pointers
===========================================
[1] Minimum = maximum / 2;
[2] For player's party;
[3] For player's units and buildings;
[4] For player's buildings;
[5] For player's heroes;
[6] For player's heroes;
[7] For player's buildings;
===========================================
[USAGE]
1) Run CE67 or greater;
2) Run Game;
3) Load the game process "SF3ClientFinal.exe" in CE;
4) Load this table and activate the main script;
5) Now Activate the script of each cheat you want to use;
6) Game On;
===========================================
[HOTKEYS]
- See description on the table entries;
===========================================
[ADVICE]
When you can,save the game before starting using table/cheat. So you can always come back in case you don't like the result.
===========================================
[INFO]
Tested on Win 10 64bits
===========================================
Cheers!