0
"INIT"
Auto Assembler Script
{$lua}
local function callnext(n,f,...)
local t,pk,upk,p = createTimer(),table.pack,table.unpack
if type(n)~='number' then n,f,p = 1,n,pk(f,...)else p = pk(...)end
local function killme()if t then t.Destroy();t=nil end end
t.Interval,t.OnTimer = n,function(tm)
local ok,ret = pcall(f,upk(p))
if not ok or not ret then
killme()
elseif type(ret)=='number'then
if ret<=0 then killme() else tm.Interval = ret end
end
end
return killme()
end
local mrid,mrstate,actok
function GetMRState()return mrid,state,actok end
function onMemRecPreExecute(mr, ns)
mrid,mrstate = mr.ID,ns
end
function onMemRecPostExecute(mr, ns, actok)
mrid,mrstate,actok = nil
end
PPEXT = {}
local function ppext(s,sc)
local re = "^%s*////+%s*@([_%a][_%w]*)"
while s.Count>0 and s[0]:match(re) do
local extcall = PPEXT[s[0]:match(re):lower()]
if extcall then
s[0] = ''
local ok,result,extra = pcall(extcall,s,sc)
if not ok or not result then
error(not result and tostring(extra) or tostring(result),2)
end
if type(result)=='string' then
s.Text = result
--else modification should have already been done on strings object s
end
end
end
end
if _ppid then unregisterAutoAssemblerPrologue(_ppid);_ppid=nil end
_ppid = registerAutoAssemblerPrologue(ppext)
PPEXT['readme'] = function()
local mrid = GetMRState()
if mrid then
local al = GetAddressList()
local mr = al.getMemoryRecordByID(mrid)
if mr.Active ~= true then -- about to activate
al.setSelectedRecord(mr)
al.DoValueChange()
end
end
return ''
end
function check()
if process and readInteger(process) and readInteger"mono.g_free"then
pcall( LaunchMonoDataCollector )
end
local tm,prnt = createTimer(),print
tm.Interval = 2000
tm.OnTimer=function(t)t.Destroy()print=prnt end
print = function(...)
local p = table.pack(...)
for i=1,p.n do p[i]=tostring(p[i])end
p = table.concat(p,'\t')
if not p:lower():find('format 2') then p:gsub("([^\n\r]+)",prnt)end
end
return [[
globalalloc(__,$4000)
globalalloc(_RNG,$100)
label(seed)
_RNG:
push edx
mov eax,[seed]
xor edx,edx
mul dword ptr[seed+08]
add eax,[seed+0c]
adc edx,0
div dword ptr[seed+04]
mov eax,edx
mov [seed],eax
pop edx
ret
seed:
dd 1,7FFFFFFF,41C64E6D,3039
define(pushRx,55 48 8B EC 51 52 41 50 41 51 57 56 48 83 EC 40 F3 0F 7F 44 24 20 F3 0F 7F 4C 24 30)
define(popRx,F3 0F 6F 44 24 20 F3 0F 6F 4C 24 30 48 83 C4 40 5E 5F 41 59 41 58 5A 59 5D)
]]
end
[ENABLE]
[DISABLE]
if not syntaxcheck and monopipe then
monopipe = monopipe.Destroy()
end
347
"HeroUpdCooldown"
Auto Assembler Script
{$lua}
-- 0fb6 80 ?? 09 00 00 --> b8 01 00 00 00 90 90 -- all Map
local chk = check()
local ok
if not Structure then
ok, Structure = pcall(monoAA_GETMONOSTRUCT,"hctr,:HeroController")
if not chk or not ok or type(Structure)~='string' or Structure:len()<200 then
-- print(tostring(Structure))
Structure = nil
else
Structure = table.concat({Structure,
monoAA_GETMONOSTRUCT"pdta,:PlayerData",
monoAA_GETMONOSTRUCT"inph,:InputHandler",
monoAA_GETMONOSTRUCT"hact,:HeroActions",
monoAA_GETMONOSTRUCT"icpa,InControl:PlayerAction",
monoAA_GETMONOSTRUCT"hsts,:HeroControllerStates",
},"\n"):gsub("%f[%w](pause)","_Pause_")
end
end
return chk --and Structure
{$asm}
globalalloc(pHeroController,16)
globalalloc(pPlayerData,16)
define(cave,HeroUpdCooldown)
define(h0,upd)
define(h1,"HeroController:CanInfiniteAirJump")
define(h2,up2)
define(h3,dmg)
[ENABLE]
aobscanRegion(dmg, HeroController:TakeDamage+0180, HeroController:TakeDamage+0500, e8 ?? ?? ?? ?? 83 c4 10 8b 83 ?? 01 00 00)
aobscanRegion(upd, HeroController:Update+0000, HeroController:Update+0500, 55 8b ec 5? 83 ec)
aobscanRegion(up2, HeroController:FixedUpdate+0000, HeroController:FixedUpdate+0500, 55 8b ec 5? 81 ec)
{$lua}
return Structure
{$asm}
alloc(cave,$1000,h0)
registerSymbol(HeroUpdCooldown)
cave:
dd (float)40,(float)40,(float)40,(float)0.2
cave+10:
dd (float)2,#2666
define(extraCharmSlot,cave+68)
extraCharmSlot:
dd 4
define(fOne,cave+38)
define(nearZero,cave+3c)
fOne:
dd (float)1.0001
nearZero:
dd (float)0.0001
define(miniGeo,cave+14)
define(EnabledLowG,cave+44)
define(Enabled,cave+40)
cave+40:
dd 1
cave+44:
dd 1
cave+100:
dq cave,h0,h1,h2,h3
cave+180:
readmem(h0,24)
cave+1a0:
readmem(h1,24)
cave+1c0:
readmem(h2,24)
cave+1e0:
readmem(h3,24)
define(tDelta,cave+1c)
define(hpAcc,cave+18)
define(StayUpFrame,cave+74)
StayUpFrame:
dd 10
define(pressedCnt,cave+6c)
define(moonG,cave+5c)
moonG:
dd (float)0.003
label(skip)
cave+300:
////////////// ENTER
readmem(h0,7)
push edi
push esi
mov edi,[ebp+08]
mov esi,[edi+hctr.playerData]
mov [pPlayerData],esi
mov [pHeroController],edi
mov eax,[Enabled] // Enabled All?
test eax,eax
je skip
sub esp,10
mov eax,"UnityEngine:Time:get_deltaTime"
call eax
add esp,10
fstp dword ptr[tDelta]
mov eax,[tDelta]
cmp eax,[nearZero] // paused
jle skip
mov edi,[ebp+08]
test edi,edi
je skip
fld dword ptr[nearZero]
fstp dword ptr[edi+hctr.ATTACK_RECOVERY_TIME]
mov esi,[edi+hctr.playerData]
test esi,esi
je skip
mov eax,[edi+hctr.attack_cooldown]
test eax,eax
jle @f
fld dword ptr[tDelta]
fmul dword ptr[cave]
fsub dword ptr[tDelta]
fsubr dword ptr[edi+hctr.attack_cooldown]
fstp dword ptr[edi+hctr.attack_cooldown]
@@:
mov eax,[edi+hctr.dashCooldownTimer]
test eax,eax
jle @f
fld dword ptr[tDelta]
fmul dword ptr[cave+4]
fsub dword ptr[tDelta]
fsubr dword ptr[edi+hctr.dashCooldownTimer]
fstp dword ptr[edi+hctr.dashCooldownTimer]
@@:
mov eax,[edi+hctr.nailChargeTimer]
test eax,eax
jle @f
sub esp,0c
push edi
mov eax,"HeroController:CanNailCharge"
call eax
add esp,10
test eax,eax
je @f
fld dword ptr[tDelta]
fmul dword ptr[cave+8]
fsub dword ptr[tDelta]
fadd dword ptr[edi+hctr.nailChargeTimer]
fstp dword ptr[edi+hctr.nailChargeTimer]
@@:
mov eax,[edi+hctr.recoilTimer]
test eax,eax
jle @f
fld1
fadd dword ptr[edi+hctr.recoilTimer]
fstp dword ptr[edi+hctr.recoilTimer]
@@:
mov eax,[edi+hctr.parryInvulnTimer]
test eax,eax
jle @f
fld dword ptr[tDelta]
fmul dword ptr[cave+c]
fsub dword ptr[tDelta]
fsubr dword ptr[edi+hctr.parryInvulnTimer]
fstp dword ptr[edi+hctr.parryInvulnTimer]
@@:
sub esp,8
push 1
push edi
mov eax,"HeroController:AddMPCharge"
call eax
add esp,10
/*
mov eax,[esi+charmSlotsFilled]
add eax,[extraCharmSlot]
cmp eax,[esi+charmSlots]
jle @f
mov [esi+charmSlots],eax
*/
@@:
mov eax,[cave+10]
cmp eax,[hpAcc]
jbe @f
fld [cave+10]
fsubr dword ptr[hpAcc]
fstp dword ptr[hpAcc]
mov eax,[esi+pdta.health]
test eax,eax
jle @f
sub esp,8
push 1
push edi
mov eax,"HeroController:AddHealth"
call eax
add esp,10
@@:
fld dword ptr[tDelta]
fadd dword ptr[hpAcc]
fstp dword ptr[hpAcc]
// mov dword ptr[esi+pdta.mapAllRooms],1
// mov dword ptr[esi+pdta.mapGreenpath],1
// mov dword ptr[esi+pdta.mapCrossroads],1
/*
mov dword ptr[esi+pdta.mapDirtmouth],1
mov dword ptr[esi+pdta.mapFogCanyon],1
mov dword ptr[esi+pdta.mapRoyalGardens],1
mov dword ptr[esi+pdta.mapFungalWastes],1
mov dword ptr[esi+pdta.mapCity],1
mov dword ptr[esi+pdta.mapWaterways],1
mov dword ptr[esi+pdta.mapMines],1
mov dword ptr[esi+pdta.mapDeepnest],1
mov dword ptr[esi+pdta.mapCliffs],1
mov dword ptr[esi+pdta.mapOutskirts],1
mov dword ptr[esi+pdta.mapRestingGrounds],1
mov dword ptr[esi+pdta.mapAbyss],1
mov dword ptr[esi+pdta.mapAllRooms],1
*/
// mov dword ptr[esi+pdta.mapAllRooms],1
mov dword ptr[edi+hctr.airDashed],0
mov dword ptr[esi+pdta.canDash],1
// mov dword ptr[esi+pdta.canBackDash],1
// mov dword ptr[esi+pdta.canWallJump],1
// mov dword ptr[esi+pdta.canSuperDash],1
// mov dword ptr[esi+pdta.canShadowDash],1
@@:
mov eax,[esi+pdta.geo]
cmp eax,[miniGeo]
jge @f
sub esp,8
push 1
push edi
mov eax,"HeroController:AddGeo"
call eax
add esp,10
@@:
define(Pressed,cave+50)
define(IsFalling,cave+54)
define(Grav,cave+58)
mov eax,[EnabledLowG] // Enable Low G?
test eax,eax
je skip
mov dword ptr[Pressed],0
mov esi,[edi+hctr.inputHandler]
mov [cave+24],esi
test esi,esi
je skip
mov esi,[esi+inph.inputActions]
mov [cave+28],esi
test esi,esi
je skip
mov esi,[esi+hact.up]
mov [cave+2c],esi
test esi,esi
je skip
sub esp,0c
push esi
mov eax,"InControl:OneAxisInputControl:get_IsPressed"
call eax
add esp,10
mov [Pressed],eax // 'up' Pressed?
test eax,eax
je @f
mov eax,[StayUpFrame]
mov dword ptr[pressedCnt],eax
@@:
mov eax,[pressedCnt]
dec eax
test eax,eax
jg @f
xor eax,eax
@@:
mov [pressedCnt],eax
test eax,eax
jne @f // yes, keep low G if falling
mov eax,[Grav] // else restore saved G
cmp eax,[moonG]
jl skip
mov esi,[edi+hctr.rb2d]
test esi,esi
je skip
sub esp,08 // restore saved G
push eax
push esi
mov eax,"UnityEngine:Rigidbody2D:set_gravityScale"
call eax
add esp,10
mov dword ptr[Grav],0
jmp skip
@@:
mov esi,[edi+hctr.cState]
test esi,esi
je skip
mov eax,[esi+hsts.falling]
mov [IsFalling],eax
test eax,eax // not falling yet
je skip
mov esi,[edi+hctr.rb2d]
test esi,esi
je skip
sub esp,0c
push esi
mov eax,"UnityEngine:Rigidbody2D:get_gravityScale"
call eax
add esp,10
push eax
fstp dword ptr[esp]
pop eax
cmp eax,[moonG]
jle skip
mov [Grav],eax // save original G
mov eax,[moonG] // use small G
sub esp,08
push eax
push esi
mov eax,"UnityEngine:Rigidbody2D:set_gravityScale"
call eax
add esp,10
skip:
pop esi
pop edi
jmp h0+07
cave+e00: // nop
readmem(h2,10)
//mov dword ptr[cave+20],2
jmp h2+0a
h0:
jmp cave+300
nop
nop
assert(h1,55 8b ec 83 ec)
cave+c80:
cmp dword ptr[cave+40],0
je @f
xor eax,eax
inc eax
ret
@@:
readmem(h1,6)
jmp h1+6
h1:
jmp cave+c80
nop
//h2:
//jmp cave+e00
//nop
//nop
//nop
//nop
//nop
cave+d00:
cmp dword ptr[cave+40],0
jne @f
reassemble(h3)
@@:
jmp h3+5
h3:
jmp cave+d00
//db 90 90 90 90 90
[DISABLE]
{$lua}
if not syntaxcheck and readInteger'HeroUpdCooldown'then return [[
[cave+108]:
readmem(cave+180,24)
[cave+110]:
readmem(cave+1a0,24)
[cave+118]:
readmem(cave+1c0,24)
[cave+120]:
readmem(cave+1e0,24)
]]
end
{$asm}
dealloc(cave)
unregisterSymbol(HeroUpdCooldown)
377
"disable all HOTKEY: ctrl-\"
Auto Assembler Script
[ENABLE]
HeroUpdCooldown+40:
db 0
{$lua}
speak("All Down",true)
[DISABLE]
HeroUpdCooldown+40:
db 1
{$lua}
speak("All Effective",true)
Toggle Activation
17
220
0
379
"disable moon G HOTKEY: ctrl-/"
Auto Assembler Script
[ENABLE]
HeroUpdCooldown+44:
db 0
{$lua}
speak("Moon Gravity Down",true)
[DISABLE]
HeroUpdCooldown+44:
db 1
{$lua}
speak("Moon Gravity Effective",true)
Toggle Activation
17
191
0
354
"Setup"
408000
Binary
0
0
0
HeroUpdCooldown
355
"minimum geo"
800040
4 Bytes
+14
356
"atk cooldown divisor"
800040
Float
+0
357
"dash cooldown divisor"
800040
Float
+4
358
"nailchargetime mul"
800040
Float
+8
369
"stay up frames after release"
800040
4 Bytes
+74
374
"moon G value (0.79 normal)"
800040
Float
+5c
370
"secs to +1hp"
800040
Float
+10
361
"NotchCost1"
Auto Assembler Script
{$lua}
local chk = check()
return chk --and Structure
{$asm}
define(cave,NotchCost1)
define(h0,dmg1)
[ENABLE]
// ~1c7,
aobscanRegion(dmg1, BuildEquippedCharms:BuildCharmList+0050, BuildEquippedCharms:BuildCharmList+0500, 83 c4 10 89 47 ?? e8 ?? ?? ?? ?? 89 47 ?? 8b 40)
//aobscanRegion(dmg2, HeroController:TakeDamage+0500, HeroController:TakeDamage+0900, e9 ?? ?? 00 00 5? 0f b6 85)
alloc(cave,$1000,h0)
registerSymbol(NotchCost1)
cave:
dd #4,(float)4,(float)4,(float)0.2
//getmonostruct(BuildEquippedCharms)
getmonostruct(PlayerData)
define(Enabled,cave+40)
cave+40:
dd 1
cave+100:
dq cave,h0//,h1
cave+180:
readmem(h0,24)
//cave+1a0:
//readmem(h1,24)
cave+300:
push esi
push eax
mov esi,eax
test esi,esi
je @f
// mov dword ptr[esi+charmSlots],4
mov eax,[esi+charmSlotsFilled]
add eax,[cave]
cmp eax,[esi+charmSlots]
jle @f
mov [esi+charmSlots],eax
@@:
pop eax
pop esi
readmem(h0+b,6)
jmp h0+11
h0+b:
jmp cave+300
nop
[DISABLE]
{$lua}
if not syntaxcheck and readInteger'NotchCost1'then return [[
[cave+108]:
readmem(cave+180,24)
]]
end
{$asm}
dealloc(cave)
unregisterSymbol(NotchCost1)
371
"extra free charm slots on Equip"
800040
4 Bytes
HeroUpdCooldown+68
349
"PTRs"
408000
Binary
0
0
0
HeroUpdCooldown
376
"UpdatePTRs"
Auto Assembler Script
{$lua}
[ENABLE]
if syntaxcheck or not check() then return end
local cls,fmt = {'HeroController','PlayerData'},string.format
for i=1,#cls do
local cn = cls[i]
local kls = mono_findClass('',cn)
if not kls or kls==0 then return end
local fs = mono_class_enumFields(kls)
table.sort(fs,function(a,b)
return a.name:lower()<b.name:lower()
end)
local al = GetAddressList()
local mr = al.getMemoryRecordByDescription('p'..cn)
while mr.Count>0 do mr.Child[0].Destroy()end
for i=1,#fs do
local fd = fs[i]
if not fd.isStatic and not fd.isConst then
local m = al.createMemoryRecord()
m.Description = fd.name
if fd.monotype==MONO_TYPE_STRING then
-- mr.Address=string.format("[[%s.Static]+%X]+C",symclassname,offset)
m.Address=fmt("+%X",fd.offset)
m.OffsetCount=1
m.Offset[0]=0xC
m.Type=vtString
m.String.Unicode = true
m.String.Size = 80
else
m.Address=fmt("+%X",fd.offset)
m.Type=monoTypeToVarType(fd.monotype)
end
m.DontSave = true
m.appendToEntry(mr)
end
end
end
[DISABLE]
350
"pHeroController"
800040
Binary
0
0
0
pHeroController
0
375
"pPlayerData"
800040
Binary
0
0
0
pPlayerData
0
360
"IGNORE"
1
359
"CancellRecoilEffectOnTakeDamage"
Auto Assembler Script
{$lua}
local chk = check()
return chk --and Structure
{$asm}
define(cave,CancellRecoilEffectOnTakeDamage)
define(h0,dmg1)
define(h1,dmg2)
[ENABLE]
// ~1c7,
aobscanRegion(dmg1, HeroController:TakeDamage+0180, HeroController:TakeDamage+0500, e8 ?? ?? ?? ?? 83 c4 10 8b 83 ?? 01 00 00)
aobscanRegion(dmg2, HeroController:TakeDamage+0500, HeroController:TakeDamage+0900, e9 ?? ?? 00 00 5? 0f b6 85)
alloc(cave,$1000,h0)
registerSymbol(CancellRecoilEffectOnTakeDamage)
cave:
dd (float)4,(float)4,(float)4,(float)0.2
define(Enabled,cave+40)
cave+40:
dd 1
cave+100:
dq cave,h0,h1
cave+180:
readmem(h0,24)
cave+1a0:
readmem(h1,24)
h0:
db 90 90 90 90 90
//h1+5:
//db eb f9 90
[DISABLE]
{$lua}
if not syntaxcheck and readInteger'CancellRecoilEffectOnTakeDamage'then return [[
[cave+108]:
readmem(cave+180,24)
[cave+110]:
readmem(cave+1a0,24)
]]
end
{$asm}
dealloc(cave)
unregisterSymbol(CancellRecoilEffectOnTakeDamage)
363
"@README "
0000FF
Auto Assembler Script
//// @ReadMe
@@ Hollow Knight
'****** CRASH ON NEW GAME WHEN CHEAT ACTIVATED,'
'****** ONLY USE IN A SAVED GAME'
'HeroUpdCooldown':
-- ignore the meaning, it start from cooldown,
-- but expand to other functions
Multiple function:
1/ fast attack cooldown
2/ fast dash cooldown
3/ fast nail charge
4/ short recoil duration
5/ regen mp/hp
6/ enable dash and air-dash
7/ minimum geo
8/ up-key to glide (small gravity on falling)
9/ ^ up-w/o-left-right to jump
'NotchCost1':
allow equip as much as charm. Tested as much as
14 charms so far.
[ENABLE]
[DISABLE]
__
00B00000
_RNG
00B04000
pHeroController
00B04100
pPlayerData
00B04110