42
"Asphalt 9: Legends"
FF0000
Auto Assembler Script
[enable]
Asphalt9_w10_x86_rtl.exe+1AADA88:
db 00 00 00 00
Asphalt9_w10_x86_rtl.exe+1AADA8C:
db 00 00 00 00
[disable]
306
"Infinite Nitro"
Auto Assembler Script
[ENABLE]
aobscanmodule(_infiNitroINJECT,Asphalt9_w10_x86_rtl.exe,51 8D 8F C4 00 00 00 80 38 00 74 11 F3 0F 10 47 20)
registersymbol(_infiNitroINJECT)
_infiNitroINJECT+a:
db 90 90
[DISABLE]
_infiNitroINJECT+a:
db 74 11
307
"Stop Time -doesn't work on count down"
Auto Assembler Script
{ Game : Asphalt9_w10_x86_rtl.exe
Version:
Date : 2018-08-21
Author : koderkrazy
Based on Marek1957's findings
}
[ENABLE]
aobscanmodule(INJECT,Asphalt9_w10_x86_rtl.exe,8B 45 08 01 41 08 8B 45 0C 11 41 0C 5D)
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
mov eax,[ebp+08]
//add [ecx+08],eax
jmp return
INJECT:
jmp newmem
nop
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db 8B 45 08 01 41 08
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Asphalt9_w10_x86_rtl.exe"+3E322
"Asphalt9_w10_x86_rtl.exe"+3E30E: 03 C8 - add ecx,eax
"Asphalt9_w10_x86_rtl.exe"+3E310: FF 57 30 - call dword ptr [edi+30]
"Asphalt9_w10_x86_rtl.exe"+3E313: 5F - pop edi
"Asphalt9_w10_x86_rtl.exe"+3E314: 5E - pop esi
"Asphalt9_w10_x86_rtl.exe"+3E315: 5D - pop ebp
"Asphalt9_w10_x86_rtl.exe"+3E316: C2 08 00 - ret 0008
"Asphalt9_w10_x86_rtl.exe"+3E319: 55 - push ebp
"Asphalt9_w10_x86_rtl.exe"+3E31A: 8B EC - mov ebp,esp
"Asphalt9_w10_x86_rtl.exe"+3E31C: 80 79 10 00 - cmp byte ptr [ecx+10],00
"Asphalt9_w10_x86_rtl.exe"+3E320: 75 0C - jne Asphalt9_w10_x86_rtl.exe+3E32E
// ---------- INJECTING HERE ----------
"Asphalt9_w10_x86_rtl.exe"+3E322: 8B 45 08 - mov eax,[ebp+08]
"Asphalt9_w10_x86_rtl.exe"+3E325: 01 41 08 - add [ecx+08],eax
// ---------- DONE INJECTING ----------
"Asphalt9_w10_x86_rtl.exe"+3E328: 8B 45 0C - mov eax,[ebp+0C]
"Asphalt9_w10_x86_rtl.exe"+3E32B: 11 41 0C - adc [ecx+0C],eax
"Asphalt9_w10_x86_rtl.exe"+3E32E: 5D - pop ebp
"Asphalt9_w10_x86_rtl.exe"+3E32F: C2 08 00 - ret 0008
"Asphalt9_w10_x86_rtl.exe"+3E332: 64 A1 2C 00 00 00 - mov eax,fs:[0000002C]
"Asphalt9_w10_x86_rtl.exe"+3E338: 8B 0D F4 D3 9F 02 - mov ecx,[Asphalt9_w10_x86_rtl.exe+1BBD3F4]
"Asphalt9_w10_x86_rtl.exe"+3E33E: 8B 0C 88 - mov ecx,[eax+ecx*4]
"Asphalt9_w10_x86_rtl.exe"+3E341: A1 B4 7D 9D 02 - mov eax,[Asphalt9_w10_x86_rtl.exe+1B97DB4]
"Asphalt9_w10_x86_rtl.exe"+3E346: 3B 81 1C 00 00 00 - cmp eax,[ecx+0000001C]
"Asphalt9_w10_x86_rtl.exe"+3E34C: 7E 03 - jle Asphalt9_w10_x86_rtl.exe+3E351
}
362
"Pass through cars"
Auto Assembler Script
[ENABLE]
aobscanmodule(_noCrashINJECT,Asphalt9_w10_x86_rtl.exe,88 87 28 22 00 00 8B CE E8 ?? ?? ?? ?? 80 BF 60 05 00 00 00)
alloc(newmem,$1000)
globalalloc(pCrash,4)
label(code)
label(return)
newmem:
mov [pCrash],edi
code:
//mov [edi+00002228],al
mov [edi+00002228],1
jmp return
_noCrashINJECT:
jmp newmem
nop
return:
registersymbol(_noCrashINJECT)
[DISABLE]
_noCrashINJECT:
db 88 87 28 22 00 00
unregistersymbol(_noCrashINJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Asphalt9_w10_x86_rtl.exe"+30840D
"Asphalt9_w10_x86_rtl.exe"+3083F1: 75 11 - jne Asphalt9_w10_x86_rtl.exe+308404
"Asphalt9_w10_x86_rtl.exe"+3083F3: 8B CE - mov ecx,esi
"Asphalt9_w10_x86_rtl.exe"+3083F5: E8 B8 44 F9 FF - call Asphalt9_w10_x86_rtl.exe+29C8B2
"Asphalt9_w10_x86_rtl.exe"+3083FA: 80 78 05 00 - cmp byte ptr [eax+05],00
"Asphalt9_w10_x86_rtl.exe"+3083FE: 75 04 - jne Asphalt9_w10_x86_rtl.exe+308404
"Asphalt9_w10_x86_rtl.exe"+308400: 33 C0 - xor eax,eax
"Asphalt9_w10_x86_rtl.exe"+308402: EB 03 - jmp Asphalt9_w10_x86_rtl.exe+308407
"Asphalt9_w10_x86_rtl.exe"+308404: 33 C0 - xor eax,eax
"Asphalt9_w10_x86_rtl.exe"+308406: 40 - inc eax
"Asphalt9_w10_x86_rtl.exe"+308407: 8D B7 68 05 00 00 - lea esi,[edi+00000568]
// ---------- INJECTING HERE ----------
"Asphalt9_w10_x86_rtl.exe"+30840D: 88 87 28 22 00 00 - mov [edi+00002228],al
// ---------- DONE INJECTING ----------
"Asphalt9_w10_x86_rtl.exe"+308413: 8B CE - mov ecx,esi
"Asphalt9_w10_x86_rtl.exe"+308415: E8 DC 59 02 00 - call Asphalt9_w10_x86_rtl.exe+32DDF6
"Asphalt9_w10_x86_rtl.exe"+30841A: 80 BF 60 05 00 00 00 - cmp byte ptr [edi+00000560],00
"Asphalt9_w10_x86_rtl.exe"+308421: 74 4B - je Asphalt9_w10_x86_rtl.exe+30846E
"Asphalt9_w10_x86_rtl.exe"+308423: 8B 87 58 01 00 00 - mov eax,[edi+00000158]
"Asphalt9_w10_x86_rtl.exe"+308429: 8D 8F 58 01 00 00 - lea ecx,[edi+00000158]
"Asphalt9_w10_x86_rtl.exe"+30842F: 8B 40 0C - mov eax,[eax+0C]
"Asphalt9_w10_x86_rtl.exe"+308432: 03 C8 - add ecx,eax
"Asphalt9_w10_x86_rtl.exe"+308434: 8B 01 - mov eax,[ecx]
"Asphalt9_w10_x86_rtl.exe"+308436: FF 50 10 - call dword ptr [eax+10]
}
2
"Car Stats -open car in garage -resets on game restart"
Auto Assembler Script
{ Game : Asphalt9_w10_x86_rtl.exe
Version:
Date : 2018-08-21
Author : koderkrazy
}
[ENABLE]
aobscanmodule(_carStatsINJECT,Asphalt9_w10_x86_rtl.exe,6B 4D 10 24 8A 4C 01 74 88 0E )
alloc(newmem,$1000)
globalalloc(pCarStats,4)
label(code)
label(return)
newmem:
mov [pCarStats],eax
code:
imul ecx,[ebp+10],24
mov cl,[ecx+eax+74]
jmp return
_carStatsINJECT:
jmp newmem
nop
nop
nop
return:
registersymbol(_carStatsINJECT)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
_carStatsINJECT:
db 6B 4D 10 24 8A 4C 01 74
unregistersymbol(_carStatsINJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Asphalt9_w10_x86_rtl.exe"+C1BC76
"Asphalt9_w10_x86_rtl.exe"+C1BC5A: 51 - push ecx
"Asphalt9_w10_x86_rtl.exe"+C1BC5B: 8B D4 - mov edx,esp
"Asphalt9_w10_x86_rtl.exe"+C1BC5D: 89 02 - mov [edx],eax
"Asphalt9_w10_x86_rtl.exe"+C1BC5F: 8D 45 F4 - lea eax,[ebp-0C]
"Asphalt9_w10_x86_rtl.exe"+C1BC62: 50 - push eax
"Asphalt9_w10_x86_rtl.exe"+C1BC63: E8 F9 FD FF FF - call Asphalt9_w10_x86_rtl.exe+C1BA61
"Asphalt9_w10_x86_rtl.exe"+C1BC68: 80 7D F4 00 - cmp byte ptr [ebp-0C],00
"Asphalt9_w10_x86_rtl.exe"+C1BC6C: 74 14 - je Asphalt9_w10_x86_rtl.exe+C1BC82
"Asphalt9_w10_x86_rtl.exe"+C1BC6E: 8D 4D F4 - lea ecx,[ebp-0C]
"Asphalt9_w10_x86_rtl.exe"+C1BC71: E8 89 EB 52 FF - call Asphalt9_w10_x86_rtl.exe+14A7FF
// ---------- INJECTING HERE ----------
"Asphalt9_w10_x86_rtl.exe"+C1BC76: 6B 4D 10 24 - imul ecx,[ebp+10],24
"Asphalt9_w10_x86_rtl.exe"+C1BC7A: 8A 4C 01 74 - mov cl,[ecx+eax+74]
// ---------- DONE INJECTING ----------
"Asphalt9_w10_x86_rtl.exe"+C1BC7E: 88 0E - mov [esi],cl
"Asphalt9_w10_x86_rtl.exe"+C1BC80: EB 03 - jmp Asphalt9_w10_x86_rtl.exe+C1BC85
"Asphalt9_w10_x86_rtl.exe"+C1BC82: C6 06 00 - mov byte ptr [esi],00
"Asphalt9_w10_x86_rtl.exe"+C1BC85: 8B 4D FC - mov ecx,[ebp-04]
"Asphalt9_w10_x86_rtl.exe"+C1BC88: 8B C6 - mov eax,esi
"Asphalt9_w10_x86_rtl.exe"+C1BC8A: 33 CD - xor ecx,ebp
"Asphalt9_w10_x86_rtl.exe"+C1BC8C: 5E - pop esi
"Asphalt9_w10_x86_rtl.exe"+C1BC8D: E8 32 A2 43 00 - call Asphalt9_w10_x86_rtl.exe+1055EC4
"Asphalt9_w10_x86_rtl.exe"+C1BC92: 8B E5 - mov esp,ebp
"Asphalt9_w10_x86_rtl.exe"+C1BC94: 5D - pop ebp
}
7
"BluePrints -readOnly"
4 Bytes
pCarStats
74-c
3
"Speed (Max. 10)"
Byte
pCarStats
74
4
"Acceleration (Max 10)"
Byte
pCarStats
74+24
5
"Handling (Max 10)"
Byte
pCarStats
74+24+24
6
"Nitro (Max 10)"
Byte
pCarStats
74+24+24+24
338
"Race Cheats"
800000
Auto Assembler Script
{ Game : Asphalt9_w10_x86_rtl.exe
Version:
Date : 2018-08-22
Author : koderkrazy
Based on marek1957's findings
}
[ENABLE]
aobscanmodule(_raceINJECT,Asphalt9_w10_x86_rtl.exe,F3 0F 10 00 F3 0F 59 C3 8B 73 18 C7 45 FC 00 00 00 00 F3 0F 58 41 30)
alloc(newmem,$1000)
globalalloc(speedMult,4)
globalalloc(pxyz,4)
globalalloc(hPos1,4)
globalalloc(xPos1,4)
globalalloc(yPos1,4)
globalalloc(hPos12,4)
globalalloc(xPos12,4)
globalalloc(yPos12,4)
globalalloc(dPos1,4)
globalalloc(dPos2,4)
globalalloc(dPos3,4)
globalalloc(dPos4,4)
globalalloc(dPos5,4)
globalalloc(dPos6,4)
globalalloc(dPos7,4)
globalalloc(dPos8,4)
globalalloc(dPos9,4)
globalalloc(dPos10,4)
globalalloc(dPos12,4)
globalalloc(dPos22,4)
globalalloc(dPos32,4)
globalalloc(dPos42,4)
globalalloc(dPos52,4)
globalalloc(dPos62,4)
globalalloc(pTemp,4)
globalalloc(pTemp1,4)
globalalloc(hIncreament,4)
globalalloc(pausH,4)
globalalloc(flyH,4)
globalalloc(recordPos,4)
globalalloc(restorePos,4)
globalalloc(recordPos2,4)
globalalloc(restorePos2,4)
globalalloc(xyincreament,4)
globalalloc(curHeight,4)
label(code)
label(return)
speedMult:
dd (float)1.0
hIncreament:
dd (float)8
xyincreament:
dd (float)20.0
newmem:
cmp [ecx+cc],0
@@:
je @f
jmp code
@@:
cmp [restorePos],1
jne @f
mov [restorePos],0
push eax
mov eax,[xPos1]
mov [ecx+30],eax
mov eax,[yPos1]
mov [ecx+34],eax
mov eax,[hPos1]
mov [ecx+38],eax
mov eax,[dPos1]
mov [ecx],eax
mov eax,[dPos2]
mov [ecx+4],eax
mov eax,[dPos3]
mov [ecx+8],eax
mov eax,[dPos4]
mov [ecx++c],eax
mov eax,[dPos5]
mov [ecx++10],eax
mov eax,[dPos6]
mov [ecx++14],eax
pop eax
@@:
mov [pxyz],ecx
cmp [recordPos],1
jne @f
push eax
mov eax,[ecx+30]
mov [xPos1],eax
mov eax,[ecx+34]
mov [yPos1],eax
mov eax,[ecx+38]
mov [hPos1],eax
mov eax,[ecx]
mov [dPos1],eax
mov eax,[ecx+4]
mov [dPos2],eax
mov eax,[ecx+8]
mov [dPos3],eax
mov eax,[ecx+c]
mov [dPos4],eax
mov eax,[ecx+10]
mov [dPos5],eax
mov eax,[ecx+14]
mov [dPos6],eax
pop eax
mov [recordPos],0
@@:
//second recording
cmp [restorePos2],1
jne @f
mov [restorePos2],0
push eax
mov eax,[xPos12]
mov [ecx+30],eax
mov eax,[yPos12]
mov [ecx+34],eax
mov eax,[hPos12]
mov [ecx+38],eax
mov eax,[dPos12]
mov [ecx],eax
mov eax,[dPos22]
mov [ecx+4],eax
mov eax,[dPos32]
mov [ecx+8],eax
mov eax,[dPos42]
mov [ecx++c],eax
mov eax,[dPos52]
mov [ecx++10],eax
mov eax,[dPos62]
mov [ecx++14],eax
pop eax
@@:
cmp [recordPos2],1
jne @f
push eax
mov eax,[ecx+30]
mov [xPos12],eax
mov eax,[ecx+34]
mov [yPos12],eax
mov eax,[ecx+38]
mov [hPos12],eax
mov eax,[ecx]
mov [dPos12],eax
mov eax,[ecx+4]
mov [dPos22],eax
mov eax,[ecx+8]
mov [dPos32],eax
mov eax,[ecx+c]
mov [dPos42],eax
mov eax,[ecx+10]
mov [dPos52],eax
mov eax,[ecx+14]
mov [dPos62],eax
pop eax
mov [recordPos2],0
@@:
mulss xmm3,[speedMult]
cmp [flyH],1
jne @f
movss xmm0,[curHeight]
addss xmm0,[xyincreament]
movss [ecx+38],xmm0
@@:
cmp [flyH],0
jne @f
movss xmm0,[ecx+38]
movss [curHeight],xmm0
@@:
cmp [pausH],1
je @f
jmp code
@@:
cmp [pausH],1
jne @f
movss xmm0,[ecx+38]
addss xmm0,[hIncreament]
movss [ecx+38],xmm0
mov [pausH],0
@@:
code:
movss xmm0,[eax]
mulss xmm0,xmm3
jmp return
_raceINJECT:
jmp newmem
nop
nop
nop
return:
registersymbol(_raceINJECT)
[DISABLE]
_raceINJECT:
db F3 0F 10 00 F3 0F 59 C3
unregistersymbol(_raceINJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Asphalt9_w10_x86_rtl.exe"+105C055
"Asphalt9_w10_x86_rtl.exe"+105C039: 83 C4 04 - add esp,04
"Asphalt9_w10_x86_rtl.exe"+105C03C: 55 - push ebp
"Asphalt9_w10_x86_rtl.exe"+105C03D: 8B 6B 04 - mov ebp,[ebx+04]
"Asphalt9_w10_x86_rtl.exe"+105C040: 89 6C 24 04 - mov [esp+04],ebp
"Asphalt9_w10_x86_rtl.exe"+105C044: 8B EC - mov ebp,esp
"Asphalt9_w10_x86_rtl.exe"+105C046: 83 EC 5C - sub esp,5C
"Asphalt9_w10_x86_rtl.exe"+105C049: 8B 43 0C - mov eax,[ebx+0C]
"Asphalt9_w10_x86_rtl.exe"+105C04C: F3 0F 10 5B 14 - movss xmm3,[ebx+14]
"Asphalt9_w10_x86_rtl.exe"+105C051: 8B 4B 08 - mov ecx,[ebx+08]
"Asphalt9_w10_x86_rtl.exe"+105C054: 56 - push esi
// ---------- INJECTING HERE ----------
"Asphalt9_w10_x86_rtl.exe"+105C055: F3 0F 10 00 - movss xmm0,[eax]
"Asphalt9_w10_x86_rtl.exe"+105C059: F3 0F 59 C3 - mulss xmm0,xmm3
// ---------- DONE INJECTING ----------
"Asphalt9_w10_x86_rtl.exe"+105C05D: 8B 73 18 - mov esi,[ebx+18]
"Asphalt9_w10_x86_rtl.exe"+105C060: C7 45 FC 00 00 00 00 - mov [ebp-04],00000000
"Asphalt9_w10_x86_rtl.exe"+105C067: F3 0F 58 41 30 - addss xmm0,dword ptr [ecx+30]
"Asphalt9_w10_x86_rtl.exe"+105C06C: F3 0F 11 45 F0 - movss [ebp-10],xmm0
"Asphalt9_w10_x86_rtl.exe"+105C071: F3 0F 10 40 04 - movss xmm0,[eax+04]
"Asphalt9_w10_x86_rtl.exe"+105C076: F3 0F 59 C3 - mulss xmm0,xmm3
"Asphalt9_w10_x86_rtl.exe"+105C07A: F3 0F 58 41 34 - addss xmm0,dword ptr [ecx+34]
"Asphalt9_w10_x86_rtl.exe"+105C07F: F3 0F 11 45 F4 - movss [ebp-0C],xmm0
"Asphalt9_w10_x86_rtl.exe"+105C084: F3 0F 10 40 08 - movss xmm0,[eax+08]
"Asphalt9_w10_x86_rtl.exe"+105C089: 8B 45 F0 - mov eax,[ebp-10]
}
340
"Jump height"
Float
hIncreament
339
"Jump-> num0"
4 Bytes
pausH
Set Value
96
1
0
Jump
358
"Fly-> num1=on, num2=off"
4 Bytes
flyH
Set Value
97
1
0
Fly
Set Value
98
0
1
Deactivate
357
"Speed -> num + , num -"
Float
speedMult
Increase Value
107
1
0
Set Value
109
1
1
360
"Record Position-> num4"
408000
4 Bytes
recordPos
Set Value
100
1
0
Position Acquired
364
"Teleport-> num5"
408000
4 Bytes
restorePos
Set Value
101
1
0
363
"Record Position 2 -> num7"
000080
4 Bytes
recordPos2
Set Value
103
1
0
Position 2 Acquired
361
"Teleport 2-> num8"
000080
4 Bytes
restorePos2
Set Value
104
1
0
27
"Compact UI Mode for Cheat Engine"
FF0000
Auto Assembler Script
[ENABLE]
LuaCall(function cycleFullCompact(sender,force) local state = not(compactmenuitem.Caption == 'Compact View Mode'); if force~=nil then state = not force end; compactmenuitem.Caption = state and 'Compact View Mode' or 'Full View Mode'; getMainForm().Splitter1.Visible = state; getMainForm().Panel4.Visible = state; getMainForm().Panel5.Visible = state; end; function addCompactMenu() if compactmenualreadyexists then return end; local parent = getMainForm().Menu.Items; compactmenuitem = createMenuItem(parent); parent.add(compactmenuitem); compactmenuitem.Caption = 'Compact View Mode'; compactmenuitem.OnClick = cycleFullCompact; compactmenualreadyexists = 'yes'; end; addCompactMenu(); cycleFullCompact(nil,true))
[DISABLE]
LuaCall(cycleFullCompact(nil,false))
pCarStats
04A60000
pCar
03110010
pCam
036A0120
matek
02C70010
tatus
036A0010
szybko
036A0000
wiatr
036A0020
pxyz
034E0020
hPos
045C0020
xPos
045C0030
yPos
045C0040
cHeight
036A0070
hIncreament
034E01B0
recordPos
034E01E0
restorePos
034E01F0
pTemp
034E0190
pTemp1
034E01A0
pausZ
036A00D0
pausH
034E01C0
xyincreament
034E0220
speedMult
034E0010
flyH
034E01D0
curHeight
034E0230
hPos1
034E0030
xPos1
034E0040
yPos1
034E0050
dPos1
034E0090
dPos2
034E00A0
dPos3
034E00B0
dPos4
034E00C0
dPos5
034E00D0
dPos6
034E00E0
dPos7
034E00F0
dPos8
034E0100
dPos9
034E0110
dPos10
034E0120
pCrash
034E0000
hPos12
034E0060
xPos12
034E0070
yPos12
034E0080
dPos12
034E0130
dPos22
034E0140
dPos32
034E0150
dPos42
034E0160
dPos52
034E0170
dPos62
034E0180
recordPos2
034E0200
restorePos3
04A60240
restorePos2
034E0210
by koderkrazy
"Asphalt9_w10_x86_rtl.exe"+563D3
Call 1
"Asphalt9_w10_x86_rtl.exe"+958772
Speed 1
"Asphalt9_w10_x86_rtl.exe"+105C049
Get Increaments
"Asphalt9_w10_x86_rtl.exe"+105C04C
multiplier
"Asphalt9_w10_x86_rtl.exe"+105C051
Current stats
"Asphalt9_w10_x86_rtl.exe"+105C05D
Destination stats
"Asphalt9_w10_x86_rtl.exe"+105C090
Jump 1
"Asphalt9_w10_x86_rtl.exe"+105C0AF
10 stats