36
"hero"
Auto Assembler Script
[ENABLE]
aobscan(_hero,8B 49 0C 8D 0C 89 C1) // should be unique
alloc(newmem,$256)
alloc(hero1,4)
label(code)
label(return)
newmem:
code:
push eax
lea eax,[ecx+0C]
mov [hero1],eax
pop eax
mov ecx,[ecx+0C]
lea ecx,[ecx+ecx*4]
jmp return
_hero:
jmp code
nop
return:
registersymbol(_hero)
registersymbol(hero1)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
_hero:
db 8B 49 0C 8D 0C 89
unregistersymbol(_hero)
unregistersymbol(hero1)
dealloc(newmem)
dealloc(hero1)
{
// ORIGINAL CODE - INJECTION POINT: 07090F2A
07090F0C: 83 EC 04 - sub esp,04
07090F0F: D9 1C 24 - fstp dword ptr [esp]
07090F12: 50 - push eax
07090F13: 39 00 - cmp [eax],eax
07090F15: E8 26 B2 FB FF - call 0704C140
07090F1A: 83 C4 10 - add esp,10
07090F1D: 8B 46 60 - mov eax,[esi+60]
07090F20: 8B 0D E0 8E A8 06 - mov ecx,[06A88EE0]
07090F26: 8B D1 - mov edx,ecx
07090F28: 39 12 - cmp [edx],edx
// ---------- INJECTING HERE ----------
07090F2A: 8B 49 0C - mov ecx,[ecx+0C]
07090F2D: 8D 0C 89 - lea ecx,[ecx+ecx*4]
// ---------- DONE INJECTING ----------
07090F30: C1 E1 02 - shl ecx,02
07090F33: 8D 0C 89 - lea ecx,[ecx+ecx*4]
07090F36: 51 - push ecx
07090F37: DB 04 24 - fild dword ptr [esp]
07090F3A: D9 1C 24 - fstp dword ptr [esp]
07090F3D: D9 04 24 - fld dword ptr [esp]
07090F40: 83 C4 04 - add esp,04
07090F43: 83 EC 08 - sub esp,08
07090F46: 83 EC 04 - sub esp,04
07090F49: D9 1C 24 - fstp dword ptr [esp]
}
37
"address"
String
0
0
1
hero1
FFFFFFF4
38
"life"
4 Bytes
+c
39
"mana"
4 Bytes
+10
40
"stamina"
4 Bytes
+14
41
"life max"
4 Bytes
+18
42
"mana max"
4 Bytes
+1c
43
"stamina max"
4 Bytes
+20
44
"strength"
4 Bytes
+24
45
"magical power"
4 Bytes
+2c
46
"speed"
4 Bytes
+34
47
"armor"
4 Bytes
+28
48
"magical resistance"
4 Bytes
+30
49
"Critical hit"
4 Bytes
+38
50
"Parry"
4 Bytes
+3c
51
"Talent points"
4 Bytes
+54
52
"level"
4 Bytes
+5c
53
"EXP"
4 Bytes
+60
54
"character (hero/enemy) in battle"
Auto Assembler Script
[ENABLE]
aobscan(_herobattle,8B 47 0C 89 85 80 FE FF FF 83 ec 0c) // should be unique
alloc(newmem,$256)
alloc(hero2,4)
label(code)
label(return)
newmem:
code:
push ecx
lea ecx,[edi+0C]
mov [hero2],ecx
pop ecx
mov eax,[edi+0C]
mov [ebp-00000180],eax
jmp return
_herobattle:
jmp code
nop
nop
nop
nop
return:
registersymbol(_herobattle)
registersymbol(hero2)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
_herobattle:
db 8B 47 0C 89 85 80 FE FF FF
unregistersymbol(_herobattle)
unregistersymbol(hero2)
dealloc(hero2)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 02450721
024506FD: D9 9D F8 FE FF FF - fstp dword ptr [ebp-00000108]
02450703: 8B 46 20 - mov eax,[esi+20]
02450706: BA 58 4C 23 18 - mov edx,18234C58
0245070B: 83 EC 08 - sub esp,08
0245070E: 6A 00 - push 00
02450710: 50 - push eax
02450711: E8 F2 3D BB 04 - call 07004508
02450716: 83 C4 10 - add esp,10
02450719: 89 85 8C FE FF FF - mov [ebp-00000174],eax
0245071F: 39 3F - cmp [edi],edi
// ---------- INJECTING HERE ----------
02450721: 8B 47 0C - mov eax,[edi+0C]
02450724: 89 85 80 FE FF FF - mov [ebp-00000180],eax
// ---------- DONE INJECTING ----------
0245072A: 83 EC 0C - sub esp,0C
0245072D: 68 A4 C1 CF 06 - push 06CFC1A4
02450732: E8 F9 08 B6 04 - call 06FB1030
02450737: 83 C4 10 - add esp,10
0245073A: 8B 8D 80 FE FF FF - mov ecx,[ebp-00000180]
02450740: 89 48 08 - mov [eax+08],ecx
02450743: 89 85 88 FE FF FF - mov [ebp-00000178],eax
02450749: 39 3F - cmp [edi],edi
0245074B: 8B 47 18 - mov eax,[edi+18]
0245074E: 89 85 84 FE FF FF - mov [ebp-0000017C],eax
}
77
"address"
String
0
0
1
hero2
FFFFFFF4
78
"life"
4 Bytes
+c
79
"mana"
4 Bytes
+10
80
"stamina"
4 Bytes
+14
81
"life max"
4 Bytes
+18
82
"mana max"
4 Bytes
+1c
83
"stamina max"
4 Bytes
+20
84
"strength"
4 Bytes
+24
85
"magical power"
4 Bytes
+2c
86
"speed"
4 Bytes
+34
87
"armor"
4 Bytes
+28
88
"magical resistance"
4 Bytes
+30
89
"Critical hit"
4 Bytes
+38
90
"Parry"
4 Bytes
+3c
91
"Talent points"
4 Bytes
+54
92
"level"
4 Bytes
+5c
93
"EXP"
4 Bytes
+60
25
"money (open shop)"
Auto Assembler Script
[ENABLE]
aobscan(_mon,8B C8 8B 45 F8 8B D1 39 12 8B 49 3C 8B D1 39 12 8B 49 5C 8B 53 5C) // should be unique
alloc(newmem,$1000)
alloc(mon2,4)
label(code)
label(return)
newmem:
code:
push eax
lea eax,[ecx+5C]
mov [mon2],eax
pop eax
mov ecx,[ecx+5C]
mov edx,[ebx+5C]
jmp return
_mon+10:
jmp code
nop
return:
registersymbol(_mon)
registersymbol(mon2)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
_mon+10:
db 8B 49 5C 8B 53 5C
unregistersymbol(_mon)
unregistersymbol(mon2)
dealloc(mon2)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 0773B89B
0773B880: 83 C4 10 - add esp,10
0773B883: 89 45 F8 - mov [ebp-08],eax
0773B886: E8 95 87 83 FF - call 06F74020
0773B88B: 8B C8 - mov ecx,eax
0773B88D: 8B 45 F8 - mov eax,[ebp-08]
0773B890: 8B D1 - mov edx,ecx
0773B892: 39 12 - cmp [edx],edx
0773B894: 8B 49 3C - mov ecx,[ecx+3C]
0773B897: 8B D1 - mov edx,ecx
0773B899: 39 12 - cmp [edx],edx
// ---------- INJECTING HERE ----------
0773B89B: 8B 49 5C - mov ecx,[ecx+5C]
0773B89E: 8B 53 5C - mov edx,[ebx+5C]
// ---------- DONE INJECTING ----------
0773B8A1: 3B CA - cmp ecx,edx
0773B8A3: 0F 9C C1 - setl cl
0773B8A6: 0F B6 C9 - movzx ecx,cl
0773B8A9: 85 C9 - test ecx,ecx
0773B8AB: 0F 94 C1 - sete cl
0773B8AE: 0F B6 C9 - movzx ecx,cl
0773B8B1: 83 EC 08 - sub esp,08
0773B8B4: 51 - push ecx
0773B8B5: 50 - push eax
0773B8B6: 39 00 - cmp [eax],eax
}
26
"money"
4 Bytes
mon2
0
28
"item no decrease"
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscan(_itemjian,2B 45 0C 39 1B) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
pop ecx
jmp return
code:
push ecx
mov ecx,[ebp+0C]
cmp ecx,0
jg newmem
pop ecx
sub eax,[ebp+0C]
cmp [ebx],ebx
jmp return
_itemjian:
jmp code
return:
registersymbol(_itemjian)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
_itemjian:
db 2B 45 0C 39 1B
unregistersymbol(_itemjian)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 06FAC207
06FAC1E8: 39 09 - cmp [ecx],ecx
06FAC1EA: 8B 40 10 - mov eax,[eax+10]
06FAC1ED: 3B 45 0C - cmp eax,[ebp+0C]
06FAC1F0: 7D 10 - jnl 06FAC202
06FAC1F2: 83 EC 0C - sub esp,0C
06FAC1F5: 68 B8 4B 3C 0F - push 0F3C4BB8
06FAC1FA: E8 09 BB FC FF - call 06F77D08
06FAC1FF: 83 C4 10 - add esp,10
06FAC202: 39 1B - cmp [ebx],ebx
06FAC204: 8B 43 10 - mov eax,[ebx+10]
// ---------- INJECTING HERE ----------
06FAC207: 2B 45 0C - sub eax,[ebp+0C]
06FAC20A: 39 1B - cmp [ebx],ebx
// ---------- DONE INJECTING ----------
06FAC20C: 89 43 10 - mov [ebx+10],eax
06FAC20F: 39 1B - cmp [ebx],ebx
06FAC211: 8B 43 10 - mov eax,[ebx+10]
06FAC214: 85 C0 - test eax,eax
06FAC216: 75 14 - jne 06FAC22C
06FAC218: E8 7B 00 00 00 - call 06FAC298
06FAC21D: 83 EC 08 - sub esp,08
06FAC220: 53 - push ebx
06FAC221: 50 - push eax
06FAC222: 39 00 - cmp [eax],eax
}
35
"item = 25"
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscan(_item25,2B 45 0C 39 1B) // should be unique
alloc(newmem,$256)
label(code)
label(return)
newmem:
code:
mov eax,#25
cmp [ebx],ebx
jmp return
_item25:
jmp code
return:
registersymbol(_item25)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
_item25:
db 2B 45 0C 39 1B
unregistersymbol(_item25)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 06A1039F
06A10380: 39 09 - cmp [ecx],ecx
06A10382: 8B 40 10 - mov eax,[eax+10]
06A10385: 3B 45 0C - cmp eax,[ebp+0C]
06A10388: 7D 10 - jnl 06A1039A
06A1038A: 83 EC 0C - sub esp,0C
06A1038D: 68 D8 BE 85 15 - push 1585BED8
06A10392: E8 71 79 F4 FF - call 06957D08
06A10397: 83 C4 10 - add esp,10
06A1039A: 39 1B - cmp [ebx],ebx
06A1039C: 8B 43 10 - mov eax,[ebx+10]
// ---------- INJECTING HERE ----------
06A1039F: 2B 45 0C - sub eax,[ebp+0C]
06A103A2: 39 1B - cmp [ebx],ebx
// ---------- DONE INJECTING ----------
06A103A4: 89 43 10 - mov [ebx+10],eax
06A103A7: 39 1B - cmp [ebx],ebx
06A103A9: 8B 43 10 - mov eax,[ebx+10]
06A103AC: 85 C0 - test eax,eax
06A103AE: 75 14 - jne 06A103C4
06A103B0: E8 87 7F FE FF - call 069F833C
06A103B5: 83 EC 08 - sub esp,08
06A103B8: 53 - push ebx
06A103B9: 50 - push eax
06A103BA: 39 00 - cmp [eax],eax
}
75
"unlimited life"
Auto Assembler Script
[ENABLE]
aobscan(_nohp,2B 45 0C 89 46 0C) // should be unique
alloc(newmem,$256)
label(code)
label(return)
label(nohp1)
newmem:
cmp [esi+20],1
jng code
cmp [ebp+0C],0
jg nohp1
code:
sub eax,[ebp+0C]
mov [esi+0C],eax
jmp return
nohp1:
push ecx
mov ecx,[esi+18]
mov [esi+0C],ecx
pop ecx
jmp return
_nohp:
jmp newmem
nop
return:
registersymbol(_nohp)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
_nohp:
db 2B 45 0C 89 46 0C
unregistersymbol(_nohp)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 1B424815
1B4247FD: E9 26 B8 D0 EA - jmp 06130028
1B424802: 00 00 - add [eax],al
1B424804: 00 00 - add [eax],al
1B424806: 00 00 - add [eax],al
1B424808: 55 - push ebp
1B424809: 8B EC - mov ebp,esp
1B42480B: 56 - push esi
1B42480C: 83 EC 04 - sub esp,04
1B42480F: 8B 75 08 - mov esi,[ebp+08]
1B424812: 8B 46 0C - mov eax,[esi+0C]
// ---------- INJECTING HERE ----------
1B424815: 2B 45 0C - sub eax,[ebp+0C]
1B424818: 89 46 0C - mov [esi+0C],eax
// ---------- DONE INJECTING ----------
1B42481B: 85 C0 - test eax,eax
1B42481D: 7D 07 - jnl 1B424826
1B42481F: C7 46 0C 00 00 00 00 - mov [esi+0C],00000000
1B424826: 8D 65 FC - lea esp,[ebp-04]
1B424829: 5E - pop esi
1B42482A: C9 - leave
1B42482B: C3 - ret
1B42482C: 00 00 - add [eax],al
1B42482E: 00 00 - add [eax],al
1B424830: 55 - push ebp
}
76
"unlimited mana"
Auto Assembler Script
[ENABLE]
aobscan(_nomana,2B 45 0C 89 46 10) // should be unique
alloc(newmem,$256)
label(code)
label(return)
label(nomana1)
newmem:
cmp [esi+20],1
jng code
cmp [ebp+0C],0
jg nomana1
code:
sub eax,[ebp+0C]
mov [esi+10],eax
jmp return
nomana1:
push ecx
mov ecx,[esi+1c]
mov [esi+10],ecx
pop ecx
jmp return
_nomana:
jmp newmem
nop
return:
registersymbol(_nomana)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
_nomana:
db 2B 45 0C 89 46 10
unregistersymbol(_nomana)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 1B42483D
1B42482A: C9 - leave
1B42482B: C3 - ret
1B42482C: 00 00 - add [eax],al
1B42482E: 00 00 - add [eax],al
1B424830: 55 - push ebp
1B424831: 8B EC - mov ebp,esp
1B424833: 56 - push esi
1B424834: 83 EC 04 - sub esp,04
1B424837: 8B 75 08 - mov esi,[ebp+08]
1B42483A: 8B 46 10 - mov eax,[esi+10]
// ---------- INJECTING HERE ----------
1B42483D: 2B 45 0C - sub eax,[ebp+0C]
1B424840: 89 46 10 - mov [esi+10],eax
// ---------- DONE INJECTING ----------
1B424843: 85 C0 - test eax,eax
1B424845: 7D 07 - jnl 1B42484E
1B424847: C7 46 10 00 00 00 00 - mov [esi+10],00000000
1B42484E: 8D 65 FC - lea esp,[ebp-04]
1B424851: 5E - pop esi
1B424852: C9 - leave
1B424853: C3 - ret
1B424854: 00 00 - add [eax],al
1B424856: 00 00 - add [eax],al
1B424858: 55 - push ebp
}
29
"unlimited stamina"
Auto Assembler Script
[ENABLE]
aobscan(_tilijian,2B 45 0C 89 46 14) // should be unique
alloc(newmem,$256)
label(code)
label(return)
newmem:
mov ecx,[esi+20]
mov [esi+14],ecx
pop ecx
jmp return
code:
push ecx
mov ecx,[ebp+0C]
cmp ecx,0
jg newmem
pop ecx
sub eax,[ebp+0C]
mov [esi+14],eax
jmp return
_tilijian:
jmp code
nop
return:
registersymbol(_tilijian)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
_tilijian:
db 2B 45 0C 89 46 14
unregistersymbol(_tilijian)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 0770C5CD
0770C5BA: C9 - leave
0770C5BB: C3 - ret
0770C5BC: 00 00 - add [eax],al
0770C5BE: 00 00 - add [eax],al
0770C5C0: 55 - push ebp
0770C5C1: 8B EC - mov ebp,esp
0770C5C3: 56 - push esi
0770C5C4: 83 EC 04 - sub esp,04
0770C5C7: 8B 75 08 - mov esi,[ebp+08]
0770C5CA: 8B 46 14 - mov eax,[esi+14]
// ---------- INJECTING HERE ----------
0770C5CD: 2B 45 0C - sub eax,[ebp+0C]
0770C5D0: 89 46 14 - mov [esi+14],eax
// ---------- DONE INJECTING ----------
0770C5D3: 85 C0 - test eax,eax
0770C5D5: 7D 07 - jnl 0770C5DE
0770C5D7: C7 46 14 00 00 00 00 - mov [esi+14],00000000
0770C5DE: 8D 65 FC - lea esp,[ebp-04]
0770C5E1: 5E - pop esi
0770C5E2: C9 - leave
0770C5E3: C3 - ret
0770C5E4: 00 00 - add [eax],al
0770C5E6: 00 00 - add [eax],al
0770C5E8: 55 - push ebp
}
31
"workshop"
Auto Assembler Script
[ENABLE]
aobscan(_tiejiang,8B 40 10 8B D8) // should be unique
alloc(newmem,$1000)
alloc(zao1,4)
label(code)
label(return)
newmem:
code:
push ecx
lea ecx,[eax+10]
mov [zao1],ecx
pop ecx
mov eax,[eax+10]
mov ebx,eax
jmp return
_tiejiang:
jmp code
return:
registersymbol(_tiejiang)
registersymbol(zao1)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
_tiejiang:
db 8B 40 10 8B D8
unregistersymbol(_tiejiang)
unregistersymbol(zao1)
dealloc(newmem)
dealloc(zao1)
{
// ORIGINAL CODE - INJECTION POINT: 069F6DAE
069F6D91: E8 D6 01 00 00 - call 069F6F6C
069F6D96: 83 C4 10 - add esp,10
069F6D99: 8B 47 64 - mov eax,[edi+64]
069F6D9C: 48 - dec eax
069F6D9D: 83 EC 0C - sub esp,0C
069F6DA0: 50 - push eax
069F6DA1: E8 72 03 00 00 - call 069F7118
069F6DA6: 83 C4 10 - add esp,10
069F6DA9: 8B F0 - mov esi,eax
069F6DAB: 8B 45 EC - mov eax,[ebp-14]
// ---------- INJECTING HERE ----------
069F6DAE: 8B 40 10 - mov eax,[eax+10]
069F6DB1: 8B D8 - mov ebx,eax
// ---------- DONE INJECTING ----------
069F6DB3: 2B DE - sub ebx,esi
069F6DB5: 8B 47 2C - mov eax,[edi+2C]
069F6DB8: D9 EE - fldz
069F6DBA: 83 EC 08 - sub esp,08
069F6DBD: 83 EC 04 - sub esp,04
069F6DC0: D9 1C 24 - fstp dword ptr [esp]
069F6DC3: 50 - push eax
069F6DC4: 39 00 - cmp [eax],eax
069F6DC6: E8 F5 02 00 00 - call 069F70C0
069F6DCB: 83 C4 10 - add esp,10
}
32
"exp"
4 Bytes
zao1
0
33
"level"
4 Bytes
zao1
FFFFFFFC
73
"Blueprints (Worksite)"
Auto Assembler Script
[ENABLE]
aobscan(_lantu,8B 40 68 89 45 F8 8D) // should be unique
alloc(newmem,$1000)
alloc(lantu1,4)
label(code)
label(return)
newmem:
code:
push ecx
lea ecx,[eax+68]
mov [lantu1],ecx
pop ecx
mov eax,[eax+68]
mov [ebp-08],eax
jmp return
_lantu:
jmp code
nop
return:
registersymbol(_lantu)
registersymbol(lantu1)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
_lantu:
db 8B 40 68 89 45 F8
unregistersymbol(_lantu)
unregistersymbol(lantu1)
dealloc(lantu1)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 0708CDB3
0708CD95: E8 26 5C F9 FF - call 070229C0
0708CD9A: 83 C4 10 - add esp,10
0708CD9D: 8B 47 38 - mov eax,[edi+38]
0708CDA0: 89 45 E4 - mov [ebp-1C],eax
0708CDA3: E8 78 72 F4 FF - call 06FD4020
0708CDA8: 8B C8 - mov ecx,eax
0708CDAA: 39 09 - cmp [ecx],ecx
0708CDAC: 8B 40 3C - mov eax,[eax+3C]
0708CDAF: 8B C8 - mov ecx,eax
0708CDB1: 39 09 - cmp [ecx],ecx
// ---------- INJECTING HERE ----------
0708CDB3: 8B 40 68 - mov eax,[eax+68]
0708CDB6: 89 45 F8 - mov [ebp-08],eax
// ---------- DONE INJECTING ----------
0708CDB9: 8D 45 F8 - lea eax,[ebp-08]
0708CDBC: 83 EC 0C - sub esp,0C
0708CDBF: 50 - push eax
0708CDC0: E8 63 52 F7 FF - call 07002028
0708CDC5: 83 C4 10 - add esp,10
0708CDC8: 8B C8 - mov ecx,eax
0708CDCA: 8B 45 E4 - mov eax,[ebp-1C]
0708CDCD: 83 EC 08 - sub esp,08
0708CDD0: 51 - push ecx
0708CDD1: 50 - push eax
}
74
"Blueprints"
4 Bytes
lantu1
0
_item25
0246C21F
_lantu
066EDB8B
_tiejiang
066EF2EE
_mon
066F18DB
_hero
06684F1A
_herobattle
17243381
_tilijian
066B135D
_nohp
066B130D
_nomana
066B1335