11
"Active Cheat Table"
Auto Assembler Script
[ENABLE]
{$lua}
LaunchMonoDataCollector()
[DISABLE]
25
"Freeze Time"
Auto Assembler Script
{ Game : Reignfall.exe
Version:
Date : 2019-01-01
Author : rysefox
This script does blah blah blah
}
[ENABLE]
aobscan(Time,D9 47 50 D9 EE DF F1 DD D8 7A 13) // should be unique
alloc(newmem,$1000,InvasionManager:InvasionWaveLogic+43)
label(code)
label(return)
newmem:
code:
mov [edi+50],(float)900
fld dword ptr [edi+50]
fldz
jmp return
Time:
jmp newmem
return:
registersymbol(Time)
[DISABLE]
Time:
db D9 47 50 D9 EE
unregistersymbol(Time)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 04CFA0CB
""+4CFA0AE: 75 0C - jne InvasionManager:InvasionWaveLogic+3c
""+4CFA0B0: 83 EC 0C - sub esp,0C
""+4CFA0B3: 57 - push edi
""+4CFA0B4: E8 53 00 00 00 - call 04CFA10C
""+4CFA0B9: 83 C4 10 - add esp,10
""+4CFA0BC: 0F B6 47 48 - movzx eax,byte ptr [edi+48]
""+4CFA0C0: 88 47 49 - mov [edi+49],al
""+4CFA0C3: 0F B6 47 48 - movzx eax,byte ptr [edi+48]
""+4CFA0C7: 85 C0 - test eax,eax
""+4CFA0C9: 75 2E - jne InvasionManager:InvasionWaveLogic+79
// ---------- INJECTING HERE ----------
""+4CFA0CB: D9 47 50 - fld dword ptr [edi+50]
""+4CFA0CE: D9 EE - fldz
// ---------- DONE INJECTING ----------
""+4CFA0D0: DF F1 - fcomip st(0),st(1)
""+4CFA0D2: DD D8 - fstp st(0)
""+4CFA0D4: 7A 13 - jp InvasionManager:InvasionWaveLogic+69
""+4CFA0D6: 73 11 - jae InvasionManager:InvasionWaveLogic+69
""+4CFA0D8: D9 47 50 - fld dword ptr [edi+50]
""+4CFA0DB: B8 94 3E 7C 04 - mov eax,047C3E94
""+4CFA0E0: D9 00 - fld dword ptr [eax]
""+4CFA0E2: DE E9 - fsubp st(1),st(0)
""+4CFA0E4: D9 5F 50 - fstp dword ptr [edi+50]
""+4CFA0E7: EB 10 - jmp InvasionManager:InvasionWaveLogic+79
}
5
"Gold Script"
Auto Assembler Script
{ Game : Reignfall.exe
Version:
Date : 2019-01-01
Author : rysefox
This script does blah blah blah
}
define(address,TownManager:GoldLogic+48)
define(bytes,D9 58 08 8B 47 0C)
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000,TownManager:GoldLogic+48)
label(code)
label(return)
globalalloc(Gold,8)
newmem:
mov [Gold],eax
mov [eax+08],#9999999
code:
fstp dword ptr [eax+08]
mov eax,[edi+0C]
jmp return
address:
jmp newmem
nop
return:
[DISABLE]
address:
db bytes
// fstp dword ptr [eax+08]
// mov eax,[edi+0C]
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 05600888
05600869: DB 04 24 - fild dword ptr [esp]
0560086C: D9 1C 24 - fstp dword ptr [esp]
0560086F: D9 04 24 - fld dword ptr [esp]
05600872: 83 C4 04 - add esp,04
05600875: D9 05 28 DE C9 14 - fld dword ptr [14C9DE28]
0560087B: DE C9 - fmulp st(1),st(0)
0560087D: B9 94 3E 09 05 - mov ecx,05093E94
05600882: D9 01 - fld dword ptr [ecx]
05600884: DE C9 - fmulp st(1),st(0)
05600886: DE C1 - faddp
// ---------- INJECTING HERE ----------
05600888: D9 58 08 - fstp dword ptr [eax+08]
0560088B: 8B 47 0C - mov eax,[edi+0C]
// ---------- DONE INJECTING ----------
0560088E: 89 45 F8 - mov [ebp-08],eax
05600891: D9 40 08 - fld dword ptr [eax+08]
05600894: D9 05 30 DE C9 14 - fld dword ptr [14C9DE30]
0560089A: D9 05 38 DE C9 14 - fld dword ptr [14C9DE38]
056008A0: 83 EC 04 - sub esp,04
056008A3: 83 EC 04 - sub esp,04
056008A6: D9 1C 24 - fstp dword ptr [esp]
056008A9: 83 EC 04 - sub esp,04
056008AC: D9 1C 24 - fstp dword ptr [esp]
056008AF: 83 EC 04 - sub esp,04
}
6
"Current Gold Amount"
Float
[Gold]+08
8
"Resource script"
Auto Assembler Script
{ Game : Reignfall.exe
Version:
Date : 2019-01-01
Author : rysefox
This script does blah blah blah
}
define(address,ResourceData:AddResource+3b)//Wood
define(address,ResourceData:AddResource+4d)//Stone
define(address,ResourceData:AddResource+6c)//Food
define(address,ResourceData:AddResource+5f)//Iron
define(bytes,89 43 0C E9 B8 00 00 00)//Wood
define(bytes,89 43 10 E9 A6 00 00 00)//Stone
define(bytes,8B 43 14 03 C7)//Food
define(bytes,89 43 2C E9 94 00 00 00)//Iron
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000,ResourceData:AddResource+3b)
alloc(newmem,$1000,ResourceData:AddResource+4d)
alloc(newmem,$1000,ResourceData:AddResource+6c)
alloc(newmem,$1000,ResourceData:AddResource+5f)
label(code)
label(return)
globalalloc(Wood,8)
globalalloc(Stone,8)
globalalloc(Food,8)
globalalloc(Iron,8)
newmem:
mov [Wood],ebx
mov [ebx+0C],#99999
//------------------------------------
mov [Stone],ebx
mov [ebx+10],#99999
//------------------------------------
mov [Food],ebx
mov [ebx+14],#99999
//------------------------------------
mov [Iron],ebx
mov [ebx+2C],#99999
//------------------------------------
code:
mov [ebx+0C],eax
//jmp ResourceData:AddResource+fb //Wood
jmp return
Wood:
dd 0
//------------------------------------
mov [ebx+10],eax
//jmp ResourceData:AddResource+fb //Stone
jmp return
Stone:
dd 0
//------------------------------------
mov eax,[ebx+14]
jmp return //Food
Food:
dd 0
//------------------------------------
mov [ebx+2C],eax
jmp return
Iron: //Iron
dd 0
//------------------------------------
address:
jmp newmem
nop
nop
nop
return:
[DISABLE]
address:
db bytes
// mov [ebx+0C],eax
// jmp ResourceData:AddResource+fb
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 05669323
05669306: D9 1C 24 - fstp dword ptr [esp]
05669309: D9 04 24 - fld dword ptr [esp]
0566930C: 83 C4 04 - add esp,04
0566930F: DE C1 - faddp
05669311: D9 5B 08 - fstp dword ptr [ebx+08]
05669314: E9 CA 00 00 00 - jmp ResourceData:AddResource+fb
05669319: 83 FE 02 - cmp esi,02
0566931C: 75 0D - jne ResourceData:AddResource+43
0566931E: 8B 43 0C - mov eax,[ebx+0C]
05669321: 03 C7 - add eax,edi
// ---------- INJECTING HERE ----------
05669323: 89 43 0C - mov [ebx+0C],eax
05669326: E9 B8 00 00 00 - jmp ResourceData:AddResource+fb
// ---------- DONE INJECTING ----------
0566932B: 83 FE 03 - cmp esi,03
0566932E: 75 0D - jne ResourceData:AddResource+55
05669330: 8B 43 10 - mov eax,[ebx+10]
05669333: 03 C7 - add eax,edi
05669335: 89 43 10 - mov [ebx+10],eax
05669338: E9 A6 00 00 00 - jmp ResourceData:AddResource+fb
0566933D: 83 FE 04 - cmp esi,04
05669340: 75 0D - jne ResourceData:AddResource+67
05669342: 8B 43 2C - mov eax,[ebx+2C]
05669345: 03 C7 - add eax,edi
}
9
"Current Wood Amount"
4 Bytes
[Wood]+0C
13
"Current Stone Amount"
4 Bytes
[Stone]+10
33
"Current Food Amount"
4 Bytes
[Food]+14
35
"Current Iron Amount"
4 Bytes
[Iron]+2C
58
"Resource script 2"
Auto Assembler Script
{ Game : Reignfall.exe
Version:
Date : 2019-01-01
Author : rysefox
This script does blah blah blah
}
define(address,ResourceData:AddResource+b4)//Hops
define(address,ResourceData:AddResource+cb)//Beer
define(address,ResourceData:AddResource+da)//Sword
define(address,ResourceData:AddResource+83)//Grain
define(bytes,8B 43 24 03 C7)//Hops
define(bytes,89 43 28 EB 2B)//beer
define(bytes,89 43 30 EB 1C)//Sword
define(bytes,89 43 18 E9 70 00 00 00)//Grain
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000,ResourceData:AddResource+b4)//Hops
alloc(newmem,$1000,ResourceData:AddResource+cb)//beer
alloc(newmem,$1000,ResourceData:AddResource+da)//Sword
alloc(newmem,$1000,ResourceData:AddResource+83)//Grain
label(code)
label(return)
globalalloc(Hops,8)
globalalloc(Beer,8)
globalalloc(Sword,8)
globalalloc(Grain,8)
newmem:
mov [Hops],ebx
mov [ebx+24],#99999
//------------------
mov [Beer],ebx
mov [ebx+28],#99999
//------------------
mov [Sword],ebx
mov [ebx+30],#99999
//-----------------
mov [Grain],ebx
mov [ebx+18],#99999
code:
mov eax,[ebx+24]
add eax,edi
jmp return
Hops:
dd 0
//----------------------
mov [ebx+28],eax
//jmp ResourceData:AddResource+fb
jmp return
Beer:
dd 0
//----------------------------
mov [ebx+30],eax
//jmp ResourceData:AddResource+fb
jmp return
Sword:
dd 0
//-----------------------------
mov [ebx+18],eax
//jmp ResourceData:AddResource+fb
jmp return
Grain:
dd 0
address:
jmp newmem
return:
[DISABLE]
address:
db bytes
// mov eax,[ebx+24]
// add eax,edi
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 04BAC4BC
04BAC49D: 89 43 1C - mov [ebx+1C],eax
04BAC4A0: E9 5E 00 00 00 - jmp ResourceData:AddResource+fb
04BAC4A5: 83 FE 08 - cmp esi,08
04BAC4A8: 75 0D - jne ResourceData:AddResource+af
04BAC4AA: 8B 43 20 - mov eax,[ebx+20]
04BAC4AD: 03 C7 - add eax,edi
04BAC4AF: 89 43 20 - mov [ebx+20],eax
04BAC4B2: E9 4C 00 00 00 - jmp ResourceData:AddResource+fb
04BAC4B7: 83 FE 09 - cmp esi,09
04BAC4BA: 75 0D - jne ResourceData:AddResource+c1
// ---------- INJECTING HERE ----------
04BAC4BC: 8B 43 24 - mov eax,[ebx+24]
04BAC4BF: 03 C7 - add eax,edi
// ---------- DONE INJECTING ----------
04BAC4C1: 89 43 24 - mov [ebx+24],eax
04BAC4C4: E9 3A 00 00 00 - jmp ResourceData:AddResource+fb
04BAC4C9: 83 FE 0A - cmp esi,0A
04BAC4CC: 75 0A - jne ResourceData:AddResource+d0
04BAC4CE: 8B 43 28 - mov eax,[ebx+28]
04BAC4D1: 03 C7 - add eax,edi
04BAC4D3: 89 43 28 - mov [ebx+28],eax
04BAC4D6: EB 2B - jmp ResourceData:AddResource+fb
04BAC4D8: 83 FE 0B - cmp esi,0B
04BAC4DB: 75 0A - jne ResourceData:AddResource+df
}
59
"Current Hops Amount"
4 Bytes
[Hops]+24
61
"Current Beer Amount"
4 Bytes
[Beer]+28
66
"Current Grain Amount"
4 Bytes
[Grain]+18
69
"Current Flour Amount"
4 Bytes
[Flour]+1C
68
"Resource -> Flour script"
Auto Assembler Script
{ Game : Reignfall.exe
Version:
Date : 2019-01-01
Author : rysefox
This script does blah blah blah
}
define(address,VillagerJobBaker:GetFlourLogic+85)
define(bytes,8B 48 1C 49 89 48 1C)
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000,VillagerJobBaker:GetFlourLogic+85)
label(code)
label(return)
globalalloc(Flour,8)
newmem:
mov [Flour],eax
mov [eax+1C],#999999
code:
mov ecx,[eax+1C]
dec ecx
mov [eax+1C],ecx
jmp return
Flour:
dd 0
address:
jmp newmem
nop
nop
return:
[DISABLE]
address:
db bytes
// mov ecx,[eax+1C]
// dec ecx
// mov [eax+1C],ecx
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 0DF66135
0DF66110: 0F B6 46 09 - movzx eax,byte ptr [esi+09]
0DF66114: 85 C0 - test eax,eax
0DF66116: 0F 84 41 00 00 00 - je VillagerJobBaker:GetFlourLogic+ad
0DF6611C: 8B 05 48 EF 15 05 - mov eax,[0515EF48]
0DF66122: 8B 40 0C - mov eax,[eax+0C]
0DF66125: 8B 40 1C - mov eax,[eax+1C]
0DF66128: 85 C0 - test eax,eax
0DF6612A: 7E 25 - jle VillagerJobBaker:GetFlourLogic+a1
0DF6612C: 8B 05 48 EF 15 05 - mov eax,[0515EF48]
0DF66132: 8B 40 0C - mov eax,[eax+0C]
// ---------- INJECTING HERE ----------
0DF66135: 8B 48 1C - mov ecx,[eax+1C]
0DF66138: 49 - dec ecx
0DF66139: 89 48 1C - mov [eax+1C],ecx
// ---------- DONE INJECTING ----------
0DF6613C: 83 EC 0C - sub esp,0C
0DF6613F: 57 - push edi
0DF66140: E8 8B CD 7F F7 - call VillagerJobBaker:ResetJobState
0DF66145: 83 C4 10 - add esp,10
0DF66148: C7 47 48 02 00 00 00 - mov [edi+48],00000002
0DF6614F: EB 0C - jmp VillagerJobBaker:GetFlourLogic+ad
0DF66151: 83 EC 0C - sub esp,0C
0DF66154: 57 - push edi
0DF66155: E8 5E CD 7F F7 - call 05762EB8
0DF6615A: 83 C4 10 - add esp,10
}
63
"Current Sword amount"
4 Bytes
[Sword]+30
15
"Instant Start -> ignore preparation phase"
Auto Assembler Script
{ Game : Reignfall.exe
Version:
Date : 2019-01-01
Author : rysefox
Disable Freeze time!!!
}
define(address,InvasionManager:InvasionWaveLogic+64)
define(bytes,D9 5F 50 EB 10)
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000,InvasionManager:InvasionWaveLogic+64)
label(code)
label(return)
globalalloc(Time,8)
newmem:
mov [Time],edi
code:
fstp dword ptr [edi+50]
//jmp InvasionManager:InvasionWaveLogic+79
jmp return
Time:
dd 0
address:
jmp newmem
return:
[DISABLE]
address:
db bytes
// fstp dword ptr [edi+50]
// jmp InvasionManager:InvasionWaveLogic+79
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 04B6A0E4
04B6A0CB: D9 47 50 - fld dword ptr [edi+50]
04B6A0CE: D9 EE - fldz
04B6A0D0: DF F1 - fcomip st(0),st(1)
04B6A0D2: DD D8 - fstp st(0)
04B6A0D4: 7A 13 - jp InvasionManager:InvasionWaveLogic+69
04B6A0D6: 73 11 - jae InvasionManager:InvasionWaveLogic+69
04B6A0D8: D9 47 50 - fld dword ptr [edi+50]
04B6A0DB: B8 94 3E 63 04 - mov eax,04633E94
04B6A0E0: D9 00 - fld dword ptr [eax]
04B6A0E2: DE E9 - fsubp st(1),st(0)
// ---------- INJECTING HERE ----------
04B6A0E4: D9 5F 50 - fstp dword ptr [edi+50]
04B6A0E7: EB 10 - jmp InvasionManager:InvasionWaveLogic+79
// ---------- DONE INJECTING ----------
04B6A0E9: 83 EC 0C - sub esp,0C
04B6A0EC: 57 - push edi
04B6A0ED: E8 0E 00 00 00 - call 04B6A100
04B6A0F2: 83 C4 10 - add esp,10
04B6A0F5: C6 47 48 01 - mov byte ptr [edi+48],01
04B6A0F9: 8D 65 FC - lea esp,[ebp-04]
04B6A0FC: 5F - pop edi
04B6A0FD: C9 - leave
04B6A0FE: C3 - ret
04B6A0FF: 00 68 50 - add [eax+50],ch
}
29
"Character"
1
27
"Character Stamina"
Auto Assembler Script
{ Game : Reignfall.exe
Version:
Date : 2019-01-01
Author : rysefox
This script does blah blah blah
}
define(address,Character:ConsumeStamina+1c)
define(bytes,D9 40 28 D9 45 0C)
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000,Character:ConsumeStamina+1c)
label(code)
label(return)
globalalloc(Stamina,8)
newmem:
mov [Stamina],eax
mov [eax+28],(float)100
code:
fld dword ptr [eax+28]
fld dword ptr [ebp+0C]
jmp return
address:
jmp newmem
nop
return:
[DISABLE]
address:
db bytes
// fld dword ptr [eax+28]
// fld dword ptr [ebp+0C]
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 2E2E88C4
2E2E88A8: 55 - push ebp
2E2E88A9: 8B EC - mov ebp,esp
2E2E88AB: 57 - push edi
2E2E88AC: 83 EC 04 - sub esp,04
2E2E88AF: 8B 7D 08 - mov edi,[ebp+08]
2E2E88B2: 8B 47 3C - mov eax,[edi+3C]
2E2E88B5: 0F B6 40 0D - movzx eax,byte ptr [eax+0D]
2E2E88B9: 85 C0 - test eax,eax
2E2E88BB: 0F 84 46 00 00 00 - je Character:ConsumeStamina+5f
2E2E88C1: 8B 47 38 - mov eax,[edi+38]
// ---------- INJECTING HERE ----------
2E2E88C4: D9 40 28 - fld dword ptr [eax+28]
2E2E88C7: D9 45 0C - fld dword ptr [ebp+0C]
// ---------- DONE INJECTING ----------
2E2E88CA: DE E9 - fsubp st(1),st(0)
2E2E88CC: D9 58 28 - fstp dword ptr [eax+28]
2E2E88CF: 8B 47 38 - mov eax,[edi+38]
2E2E88D2: 89 45 F8 - mov [ebp-08],eax
2E2E88D5: D9 40 28 - fld dword ptr [eax+28]
2E2E88D8: D9 05 C8 D1 38 14 - fld dword ptr [1438D1C8]
2E2E88DE: 8B 47 38 - mov eax,[edi+38]
2E2E88E1: D9 40 2C - fld dword ptr [eax+2C]
2E2E88E4: 83 EC 04 - sub esp,04
2E2E88E7: 83 EC 04 - sub esp,04
}
28
"Current Stamina Amount"
Float
[Stamina]+28
73
"Lord Health"
Float
"mono.dll"+001F50AC
20
38
44
2D0
4DC
23
"----------------------------------------------------------------------"
1
22
"Nothing for you :)"
1
19
"Set Ingame Time to CE Value"
Auto Assembler Script
[ENABLE]
GUIInvasionStatusPanel:UpdateDisplay+3b8:
db 99 99 99 //fld dword ptr [eax+50]
//Game Time
[DISABLE]
GUIInvasionStatusPanel:UpdateDisplay+3b8:
db D9 40 50 //fld dword ptr [eax+50]
//Value in CE (14 = 800)
Change of fstp dword ptr [eax+20]
049868B6
0
D9
41
0C
DE
E9
D9
58
20
8B
47
0C
8B
40
Code :mov [eax+24],ecx
04DE16F1
0
0C
8B
48
24
49
89
48
24
83
EC
0C
57
E8
Gold
09AF0040
Wood
09AF0000
Stone
09AF0010
Stamina
08FE0000
Food
09AF0020
Iron
09AF0030
Armor
08FD0060
Hops
09AF0050
Beer
09AF0060
Sword
09AF0070
Grain
09AF0080
Flour
09AF0090