3571
"Master Script"
FF8000
Auto Assembler Script
{ Game : ShadowOfWar.exe
Version:
Date : 2017-10-20
Author : SeiKur0
}
{$lua}
local function printLists()
local listind = 0
local base = 0
while listind < 2500 do
listid = string.format("%X", listind)
base = getAddress("[p_gamedb+50]+58*" .. listid)
print(listind,readString(readPointer(base)))
listind = listind + 1
end
end
local function printList(listind)
local listid = string.format("%X", listind)
local base = getAddress("[p_gamedb+50]+58*" .. listid)
local length = readInteger(base+0x28)
base = readPointer(base+0x38)
local indx = 0
while indx < length do
print(indx,readString(readPointer(base+0x20)))
base = base + 0x28
indx = indx + 1
end
return list
end
local function listToString(list)
local order = {}
local str = "0000000000000000:<None>"
for name, address in pairs(list) do
table.insert(order, name)
end
table.sort(order)
for i = 1, #order do
local name = order[i]
local address = list[name]
str = str.."\n"..string.format("%016x", address)..":"..name
end
return str
end
local function addList(listid, list)
listid = string.format("%X", listid) --Faction/Traits/Marker 492--Faction/Traits/Definitions
local base = getAddress("[p_gamedb+50]+58*" .. listid)
local length = readInteger(base+0x28)
base = readPointer(base+0x38)
local indx = 0
while indx < length do
local name = readString(readPointer(base+0x20))
list[name] = base
base = base + 0x28
indx = indx + 1
end
return list
end
local function addDD(entry,str)
entry.DropDownList.Text = str
entry.DropDownReadOnly = false
entry.DropDownDescriptionOnly = true
entry.DisplayAsDropDownListItem = true
end
local function remDD(entry)
entry.DropDownList.Text = ""
entry.DisplayAsDropDownListItem = false
end
local function changeentries_picker(str)
local parent = getAddressList().getMemoryRecordByDescription('Picker abilities')
for slot = 2, 57 do
addDD(parent.Child[slot],str)
end
end
local function delentries_picker()
local parent = getAddressList().getMemoryRecordByDescription('Picker abilities')
for slot = 2, 57 do
remDD(parent.Child[slot])
end
end
local function changeentries_marker(str)
local parent = getAddressList().getMemoryRecordByDescription('Marker abilities')
for slot = 2, 49 do
addDD(parent.Child[slot],str)
end
end
local function delentries_marker()
local parent = getAddressList().getMemoryRecordByDescription('Marker abilities')
for slot = 2, 49 do
remDD(parent.Child[slot])
end
end
local function changeentries_equip(list_item,list_weap,list_armo,list_model,list_modpiece,list_modhead)
local parent = getAddressList().getMemoryRecordByDescription('Equipment/Looks')
addDD(parent.Child[2],list_model)
for slot = 3,4 do
addDD(parent.Child[slot],list_modpiece)
end
addDD(parent.Child[5],list_modhead)
for slot = 6,7 do
addDD(parent.Child[slot],list_modpiece)
end
for slot = 8,13,2 do
addDD(parent.Child[slot],list_item)
end
for slot = 9,13,2 do
addDD(parent.Child[slot],list_armo)
end
for slot = 14,19,2 do
addDD(parent.Child[slot],list_item)
end
for slot = 15,19,2 do
addDD(parent.Child[slot],list_weap)
end
for slot = 20,43,3 do
addDD(parent.Child[slot],list_item)
end
for slot = 21,43,3 do
addDD(parent.Child[slot],list_modpiece)
end
for slot = 22,43,3 do
addDD(parent.Child[slot],list_armo)
end
end
local function delentries_equip()
local parent = getAddressList().getMemoryRecordByDescription('Equipment/Looks')
for slot = 0, 43 do
remDD(parent.Child[slot])
end
end
local function changeentries_tags(list_tags)
local parent = getAddressList().getMemoryRecordByDescription('Tags')
for slot = 2, 17 do
addDD(parent.Child[slot],list_tags)
end
end
local function delentries_tags(list_tags)
local parent = getAddressList().getMemoryRecordByDescription('Tags')
for slot = 2, 17 do
remDD(parent.Child[slot])
end
end
local function changeentries_item(str_item,str_weap,str_armo,str_ieff)
local parent = getAddressList().getMemoryRecordByDescription('Item Pointer')
addDD(parent.Child[3],str_item)
addDD(parent.Child[4],str_weap)
addDD(parent.Child[5],str_armo)
for slot = 6, 25, 2 do
addDD(parent.Child[slot],str_ieff)
end
end
local function delentries_item()
local parent = getAddressList().getMemoryRecordByDescription('Item Pointer')
for slot = 3, 25 do
remDD(parent.Child[slot])
end
end
local function changeentries_drop(str_drop)
local parent = getAddressList().getMemoryRecordByDescription('Drop Item')
addDD(parent,str_drop)
end
local function delentries_drop()
local parent = getAddressList().getMemoryRecordByDescription('Drop Item')
remDD(parent)
end
local function changeentries_uruk_additional(list_ai,list_traitstrength,list_tribe,list_role,list_class,list_personality)
local parent = getAddressList().getMemoryRecordByDescription('Additional Properties')
addDD(parent.Child[0],list_ai)
addDD(parent.Child[1],list_traitstrength)
addDD(parent.Child[2],list_tribe)
addDD(parent.Child[3],list_role)
addDD(parent.Child[4],list_class)
addDD(parent.Child[5],list_personality)
end
local function delentries_uruk_additional()
local parent = getAddressList().getMemoryRecordByDescription('Additional Properties')
for slot = 0, 5 do
remDD(parent.Child[slot])
end
end
local function changeentries_uruk_forcerole(list_role)
local parent = getAddressList().getMemoryRecordByDescription('Force uruk role')
addDD(parent.Child[0],list_role)
end
local function delentries_uruk_forcerole()
local parent = getAddressList().getMemoryRecordByDescription('Force uruk role')
remDD(parent.Child[0])
end
local function changeentries_uruk_forceclass(list_ai)
local parent = getAddressList().getMemoryRecordByDescription('Force uruk class')
addDD(parent.Child[0],list_ai)
end
local function delentries_uruk_forceclass()
local parent = getAddressList().getMemoryRecordByDescription('Force uruk class')
remDD(parent.Child[0])
end
local function cleanup()
delentries_marker()
delentries_picker()
delentries_equip()
delentries_tags()
delentries_item()
delentries_drop()
delentries_uruk_additional()
delentries_uruk_forcerole()
delentries_uruk_forceclass()
unregisterSymbol("p_gamedb")
unregisterSymbol("pot_vhigh")
unregisterSymbol("ls_vhigh")
unregisterSymbol("marker_bb")
end
local function register_specific()
local listid = string.format("%X", 1519) --Faction/Traits/Marker
local base = getAddress("[p_gamedb+50]+58*" .. listid)
base = readPointer(base+0x38)
unregisterSymbol("pot_vhigh")
registerSymbol("pot_vhigh",base+100*0x28)
unregisterSymbol("ls_vhigh")
registerSymbol("ls_vhigh",base+79*0x28)
unregisterSymbol("marker_bb")
registerSymbol("marker_bb",base+84*0x28)
end
local function main()
local list = {}
list = addList(1519,list) --Faction/Traits/Marker
changeentries_marker(listToString(list))
list = {}
list = addList(205,list) --Faction/Traits/Picker
changeentries_picker(listToString(list))
local list_item = {}
list_item = addList(1595,list_item) --Inventory/Items
list_item = listToString(list_item)
local list_weap = {}
list_weap = addList(2325,list_weap) --Inventory/EquippedWeaponData
list_weap = listToString(list_weap)
local list_armo = {}
list_armo = addList(1419,list_armo) --Inventory/ArmorData
list_armo = listToString(list_armo)
local list_model = {}
list_model = addList(1701,list_model) --Model
list_model = listToString(list_model)
local list_modpiece = {}
list_modpiece = addList(462,list_modpiece) --Model/SimpleModelPieces
list_modpiece = listToString(list_modpiece)
local list_modhead = {}
list_modhead = addList(1304,list_modhead) --Model/SimpleModelHeads
list_modhead = listToString(list_modhead)
changeentries_equip(list_item,list_weap,list_armo,list_model,list_modpiece,list_modhead)
local list_tags = {}
list_tags = addList(2101,list_tags) --Faction/AppearanceTags/Tags
list_tags = listToString(list_tags)
changeentries_tags(list_tags)
local list_ieff = {}
list_ieff = addList(1570,list_ieff) --Inventory/Affix/Definition
list_ieff = listToString(list_ieff)
changeentries_item(list_item,list_weap,list_armo,list_ieff)
local list_drop = {}
list_drop = addList(1255,list_drop) --Faction/Loot/NemesisGear
list_drop = listToString(list_drop)
changeentries_drop(list_drop)
local list_ai = {}
list_ai = addList(487,list_ai) --Combat/Tree
list_ai = listToString(list_ai)
changeentries_uruk_forceclass(list_ai)
local list_traitstrength = {}
list_traitstrength = addList(2016,list_traitstrength) --Faction/Traits/PickerLevelRemap
list_traitstrength = listToString(list_traitstrength)
local list_tribe = {}
list_tribe = addList(443,list_tribe) --Faction/Tribes/Definitions
list_tribe = listToString(list_tribe)
local list_role = {}
list_role = addList(1955,list_role) --Faction/Roles/Definitions
list_role = listToString(list_role)
changeentries_uruk_forcerole(list_role)
local list_class = {}
list_class = addList(1919,list_class) --Character/Models
list_class = listToString(list_class)
local list_personality = {}
list_personality = addList(1449,list_personality) --Faction/Personalities
list_personality = listToString(list_personality)
changeentries_uruk_additional(list_ai,list_traitstrength,list_tribe,list_role,list_class,list_personality)
end
local function registerDB_s1()
autoAssemble([[
aobscan(aob_gamedb,76 B7 50 25 ** ** ** ** ** ** 00 00)
registersymbol(aob_gamedb)
]])
local base = getAddress("aob_gamedb")
base = readPointer(readPointer(base+0x14)+0x18)
unregisterSymbol("p_gamedb")
registerSymbol("p_gamedb",base)
unregisterSymbol("aob_gamedb")
end
local function registerDB_s2()
autoAssemble([[
aobscan(aob_gamedb,00 00 ** ** ** ** 76 B7 50 25)
registersymbol(aob_gamedb)
]])
local base = getAddress("aob_gamedb")
base = readPointer(readPointer(base+0x1a)+0x18)
unregisterSymbol("p_gamedb")
registerSymbol("p_gamedb",base)
unregisterSymbol("aob_gamedb")
end
--v1.0.7214.0 steam: ShadowOfWar.exe+266ACB8
--v1.0.7217.0 steam: ShadowOfWar.exe+2665CC8
--v1.0.7636.0 steam: ShadowOfWar.exe+26CCC38
local function registerDB_ns()
local base = readPointer("ShadowOfWar.exe+26CCC38")
unregisterSymbol("p_gamedb")
registerSymbol("p_gamedb",base)
end
local function registerDB_f1()
autoAssemble([[
aobscanmodule(aob_gamedb,ShadowOfWar.exe,00 00 ** ** ** ** ** ** 00 00 64 61 74 61 62 61 73 65 5C 67 61 6D 65 5C 67 61 6D 65 2E 67 61 6D 65 64 62 00)
registersymbol(aob_gamedb)
]])
local base = getAddress("aob_gamedb")
base = readPointer(base+0x2)
unregisterSymbol("p_gamedb")
registerSymbol("p_gamedb",base)
unregisterSymbol("aob_gamedb")
end
local function registerDB_f2()
autoAssemble([[
aobscanmodule(aob_gamedb,ShadowOfWar.exe,00 ** ** ** ** ** ** 00 00 64 61 74 61 62 61 73 65 5C 67 61 6D 65 5C 67 61 6D 65 2E 67 61 6D 65 64 62 00 00 00 00 00 00 00 00)
registersymbol(aob_gamedb)
]])
local base = getAddress("aob_gamedb")
base = readPointer(base+0x1)
unregisterSymbol("p_gamedb")
registerSymbol("p_gamedb",base)
unregisterSymbol("aob_gamedb")
end
[ENABLE]
--make sure you're using Cheat Engine 6.7
--use one of the following registerDB functions
--this one is version and platform specific, you might have to change the offset in the function above
--registerDB_ns()
--the ones below should be working on all versions/platforms
--slow, so use one of these (s1,s2) only if you must
--registerDB_s1()
--registerDB_s2()
--fast, so use one of these (f1,f2) if possible
registerDB_f1()
--registerDB_f2()
main()
register_specific()
collectgarbage()
collectgarbage()
[DISABLE]
cleanup()
collectgarbage()
collectgarbage()
4479
"Spawn options"
0080FF
1
4341
"Uruk spawn markers"
8000FF
Auto Assembler Script
{ Game : ShadowOfWar.exe
Version:
Date : 2017-11-02
Author : SeiKur0
}
[ENABLE]
aobscanmodule(inj_addtrait,ShadowOfWar.exe,48 83 7D 7F 00 4C 8b f0)
alloc(newmem,$1000,inj_addtrait)
label(flags_marker)
registersymbol(flags_marker)
label(return)
label(code)
newmem:
mov r14,[rsp+30]
cmp [r14+4],1C7E6C20
jne @f
cmp byte ptr [flags_marker],1
jne @f
mov rax,pot_vhigh
jmp code
@@:
cmp [r14+4],062C2189
jne @f
cmp byte ptr [flags_marker+1],1
jne @f
mov rax,ls_vhigh
jmp code
@@:
cmp [r14+4],F07D4742
jne @f
cmp byte ptr [flags_marker+2],1
jne @f
mov rax,marker_bb
jmp code
@@:
code:
cmp qword ptr [rbp+7F],00
jmp return
flags_marker:
db 1
db 1
db 1
inj_addtrait:
jmp newmem
return:
registersymbol(inj_addtrait)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
inj_addtrait:
db 48 83 7D 7F 00
unregistersymbol(inj_addtrait)
unregistersymbol(flags_marker)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "ShadowOfWar.exe"+184594E
"ShadowOfWar.exe"+1845926: E8 7D 51 97 FE - call ShadowOfWar.exe+1BAAA8
"ShadowOfWar.exe"+184592B: 84 C0 - test al,al
"ShadowOfWar.exe"+184592D: 0F 85 59 01 00 00 - jne ShadowOfWar.exe+1845A8C
"ShadowOfWar.exe"+1845933: 8B 75 D7 - mov esi,[rbp-29]
"ShadowOfWar.exe"+1845936: 48 8D 4D AF - lea rcx,[rbp-51]
"ShadowOfWar.exe"+184593A: E8 C9 CF FF FF - call ShadowOfWar.exe+1842908
"ShadowOfWar.exe"+184593F: 48 8B C8 - mov rcx,rax
"ShadowOfWar.exe"+1845942: 48 89 45 A7 - mov [rbp-59],rax
"ShadowOfWar.exe"+1845946: 48 8B F8 - mov rdi,rax
"ShadowOfWar.exe"+1845949: E8 CA 2C 00 00 - call ShadowOfWar.exe+1848618
// ---------- INJECTING HERE ----------
"ShadowOfWar.exe"+184594E: 48 83 7D 7F 00 - cmp qword ptr [rbp+7F],00
// ---------- DONE INJECTING ----------
"ShadowOfWar.exe"+1845953: 4C 8B F0 - mov r14,rax
"ShadowOfWar.exe"+1845956: 74 14 - je ShadowOfWar.exe+184596C
"ShadowOfWar.exe"+1845958: 48 8B 4D 7F - mov rcx,[rbp+7F]
"ShadowOfWar.exe"+184595C: 48 8B D0 - mov rdx,rax
"ShadowOfWar.exe"+184595F: E8 5C 3D 07 00 - call ShadowOfWar.exe+18B96C0
"ShadowOfWar.exe"+1845964: 84 C0 - test al,al
"ShadowOfWar.exe"+1845966: 0F 85 A3 00 00 00 - jne ShadowOfWar.exe+1845A0F
"ShadowOfWar.exe"+184596C: 49 8B D6 - mov rdx,r14
"ShadowOfWar.exe"+184596F: C6 45 5F 00 - mov byte ptr [rbp+5F],00
"ShadowOfWar.exe"+1845973: 48 8D 4D EF - lea rcx,[rbp-11]
}
4342
"Very high potential"
1: enabled
0: disabled
Byte
flags_marker
4343
"Very high learn speed"
1: enabled
0: disabled
Byte
flags_marker+1
4344
"Try to find a bloodbrother"
1: enabled
0: disabled
Byte
flags_marker+2
3782
"Uruk spawn rarity"
8000FF
Auto Assembler Script
{ Game : ShadowOfWar.exe
Version:
Date : 2017-10-20
Author : Seikur0
}
[ENABLE]
aobscanmodule(inj_creation,ShadowOfWar.exe,48 8d 4c 24 ** 0f57c0 33 db)
alloc(newmem,$1000,inj_creation)
label(fl_rarity)
registersymbol(fl_rarity)
label(return)
label(rreturn1)
label(rreturn2)
newmem:
cmp [rdx+4],E6FC03C6
je rreturn1
cmp [rdx+4],07AEAD12
je rreturn2
push rdi
sub rsp,60
jmp return
rreturn1:
mov rax,[rdx+10]
cmp byte ptr [fl_rarity],0
je @f
mov rax,[rax+30]
ret
@@:
mov rax,[rax+20]
ret
rreturn2:
mov rax,[rdx+10]
cmp byte ptr [fl_rarity],0
je @f
mov rax,[rax+28]
ret
@@:
mov rax,[rax+18]
ret
fl_rarity:
db 1
inj_creation-1e:
jmp newmem
return:
registersymbol(inj_creation)
[DISABLE]
inj_creation-1e:
push rdi
sub rsp,60
unregistersymbol(inj_creation)
unregistersymbol(fl_rarity)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "ShadowOfWar.exe"+46497D
"ShadowOfWar.exe"+464950: 48 89 5C 24 08 - mov [rsp+08],rbx
"ShadowOfWar.exe"+464955: 48 89 6C 24 10 - mov [rsp+10],rbp
"ShadowOfWar.exe"+46495A: 48 89 74 24 18 - mov [rsp+18],rsi
"ShadowOfWar.exe"+46495F: 57 - push rdi
"ShadowOfWar.exe"+464960: 48 83 EC 60 - sub rsp,60
"ShadowOfWar.exe"+464964: 80 3D 5D 54 1D 02 00 - cmp byte ptr [ShadowOfWar.exe+2639DC8],00
"ShadowOfWar.exe"+46496B: 4C 8B D2 - mov r10,rdx
"ShadowOfWar.exe"+46496E: 48 8B F1 - mov rsi,rcx
"ShadowOfWar.exe"+464971: 0F 85 1B 93 90 00 - jne ShadowOfWar.exe+D6DC92
"ShadowOfWar.exe"+464977: 48 83 64 24 28 00 - and qword ptr [rsp+28],00
// ---------- INJECTING HERE ----------
"ShadowOfWar.exe"+46497D: 48 8D 4C 24 30 - lea rcx,[rsp+30]
// ---------- DONE INJECTING ----------
"ShadowOfWar.exe"+464982: 0F 57 C0 - xorps xmm0,xmm0
"ShadowOfWar.exe"+464985: 33 DB - xor ebx,ebx
"ShadowOfWar.exe"+464987: 49 8B D2 - mov rdx,r10
"ShadowOfWar.exe"+46498A: F3 0F 11 44 24 20 - movss [rsp+20],xmm0
"ShadowOfWar.exe"+464990: E8 DF 09 00 00 - call ShadowOfWar.exe+465374
"ShadowOfWar.exe"+464995: 8B 7C 24 58 - mov edi,[rsp+58]
"ShadowOfWar.exe"+464999: 3B 7C 24 5C - cmp edi,[rsp+5C]
"ShadowOfWar.exe"+46499D: 73 51 - jae ShadowOfWar.exe+4649F0
"ShadowOfWar.exe"+46499F: 48 8D 4C 24 30 - lea rcx,[rsp+30]
"ShadowOfWar.exe"+4649A4: E8 7F 00 00 00 - call ShadowOfWar.exe+464A28
}
3783
"rarity"
1: legendary
0: epic
Byte
fl_rarity
4345
"Force uruk class"
8000FF
Auto Assembler Script
{ Game : ShadowOfWar.exe
Version:
Date : 2017-11-02
Author : SeiKur0
}
[ENABLE]
aobscanmodule(inj_class,ShadowOfWar.exe,e8 ******** 48 89 83 70010000 48 8b 87 70010000)
alloc(newmem,$1000,inj_class)
label(return)
label(overwrite_class)
registersymbol(overwrite_class)
newmem:
mov rax,[overwrite_class]
mov [rbx+00000170],rax
jmp return
overwrite_class:
dq 0
inj_class+5:
jmp newmem
nop
nop
return:
registersymbol(inj_class)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
inj_class+5:
db 48 89 83 70 01 00 00
unregistersymbol(inj_class)
unregistersymbol(overwrite_class)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "ShadowOfWar.exe"+18979B2
"ShadowOfWar.exe"+1897989: 48 89 44 24 68 - mov [rsp+68],rax
"ShadowOfWar.exe"+189798E: F3 0F 11 45 80 - movss [rbp-80],xmm0
"ShadowOfWar.exe"+1897993: E8 48 B6 44 FF - call ShadowOfWar.exe+CE2FE0
"ShadowOfWar.exe"+1897998: 48 83 BB 70 01 00 00 00 - cmp qword ptr [rbx+00000170],00
"ShadowOfWar.exe"+18979A0: 75 17 - jne ShadowOfWar.exe+18979B9
"ShadowOfWar.exe"+18979A2: 48 85 F6 - test rsi,rsi
"ShadowOfWar.exe"+18979A5: 74 12 - je ShadowOfWar.exe+18979B9
"ShadowOfWar.exe"+18979A7: 48 8B 4E 50 - mov rcx,[rsi+50]
"ShadowOfWar.exe"+18979AB: 33 D2 - xor edx,edx
"ShadowOfWar.exe"+18979AD: E8 3E A7 0A 00 - call ShadowOfWar.exe+19420F0
// ---------- INJECTING HERE ----------
"ShadowOfWar.exe"+18979B2: 48 89 83 70 01 00 00 - mov [rbx+00000170],rax
// ---------- DONE INJECTING ----------
"ShadowOfWar.exe"+18979B9: 48 8B 87 70 01 00 00 - mov rax,[rdi+00000170]
"ShadowOfWar.exe"+18979C0: 48 8D 95 20 02 00 00 - lea rdx,[rbp+00000220]
"ShadowOfWar.exe"+18979C7: 83 A5 20 02 00 00 00 - and dword ptr [rbp+00000220],00
"ShadowOfWar.exe"+18979CE: 48 8B CF - mov rcx,rdi
"ShadowOfWar.exe"+18979D1: 48 89 83 50 01 00 00 - mov [rbx+00000150],rax
"ShadowOfWar.exe"+18979D8: E8 F3 35 07 00 - call ShadowOfWar.exe+190AFD0
"ShadowOfWar.exe"+18979DD: 84 C0 - test al,al
"ShadowOfWar.exe"+18979DF: 75 16 - jne ShadowOfWar.exe+18979F7
"ShadowOfWar.exe"+18979E1: 48 85 F6 - test rsi,rsi
"ShadowOfWar.exe"+18979E4: 74 11 - je ShadowOfWar.exe+18979F7
}
4346
"Class"
1
8 Bytes
overwrite_class
4339
"Force uruk role"
8000FF
Auto Assembler Script
{ Game : ShadowOfWar.exe
Version:
Date : 2017-11-02
Author : SeiKur0
}
[ENABLE]
aobscanmodule(inj_role,ShadowOfWar.exe,eb 05 e8 ******** 48 8d 4d 90 4c 8b f0)
alloc(newmem,$1000,inj_role)
label(return)
label(overwrite_role)
registersymbol(overwrite_role)
newmem:
mov rax,[overwrite_role]
code:
lea rcx,[rbp-70]
mov r14,rax
jmp return
overwrite_role:
dq 0
inj_role+7:
jmp newmem
nop
nop
return:
registersymbol(inj_role)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
inj_role+7:
db 48 8D 4D 90 4C 8B F0
unregistersymbol(inj_role)
unregistersymbol(overwrite_role)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "ShadowOfWar.exe"+184A5FF
"ShadowOfWar.exe"+184A5D2: 48 8B 83 68 01 00 00 - mov rax,[rbx+00000168]
"ShadowOfWar.exe"+184A5D9: 48 89 44 24 20 - mov [rsp+20],rax
"ShadowOfWar.exe"+184A5DE: E8 B1 48 01 00 - call ShadowOfWar.exe+185EE94
"ShadowOfWar.exe"+184A5E3: 48 8B 97 50 01 00 00 - mov rdx,[rdi+00000150]
"ShadowOfWar.exe"+184A5EA: 48 8D 4D 90 - lea rcx,[rbp-70]
"ShadowOfWar.exe"+184A5EE: 48 85 D2 - test rdx,rdx
"ShadowOfWar.exe"+184A5F1: 74 07 - je ShadowOfWar.exe+184A5FA
"ShadowOfWar.exe"+184A5F3: E8 70 59 01 00 - call ShadowOfWar.exe+185FF68
"ShadowOfWar.exe"+184A5F8: EB 05 - jmp ShadowOfWar.exe+184A5FF
"ShadowOfWar.exe"+184A5FA: E8 9D 57 01 00 - call ShadowOfWar.exe+185FD9C
// ---------- INJECTING HERE ----------
"ShadowOfWar.exe"+184A5FF: 48 8D 4D 90 - lea rcx,[rbp-70]
"ShadowOfWar.exe"+184A603: 4C 8B F0 - mov r14,rax
// ---------- DONE INJECTING ----------
"ShadowOfWar.exe"+184A606: E8 11 9B F9 FF - call ShadowOfWar.exe+17E411C
"ShadowOfWar.exe"+184A60B: 49 8B D6 - mov rdx,r14
"ShadowOfWar.exe"+184A60E: 48 8B CB - mov rcx,rbx
"ShadowOfWar.exe"+184A611: E8 C6 64 00 00 - call ShadowOfWar.exe+1850ADC
"ShadowOfWar.exe"+184A616: 4C 8B 83 B8 02 00 00 - mov r8,[rbx+000002B8]
"ShadowOfWar.exe"+184A61D: 48 8D 4B 50 - lea rcx,[rbx+50]
"ShadowOfWar.exe"+184A621: 48 8B D3 - mov rdx,rbx
"ShadowOfWar.exe"+184A624: E8 97 2F 05 00 - call ShadowOfWar.exe+189D5C0
"ShadowOfWar.exe"+184A629: 48 8B CB - mov rcx,rbx
"ShadowOfWar.exe"+184A62C: E8 2B 68 59 FF - call ShadowOfWar.exe+DE0E5C
}
4340
"Role"
1
8 Bytes
overwrite_role
3989
"Adjust uruk level"
8000FF
Auto Assembler Script
{ Game : ShadowOfWar.exe
Version:
Date : 2017-10-26
Author : SeiKur0
}
[ENABLE]
aobscanmodule(inj_uruklevel,ShadowOfWar.exe,E8 ******** 41 8B 8F A0 04 00 00 4C)
alloc(newmem,$1000,inj_uruklevel)
registersymbol(val_lvl)
label(val_lvl)
label(return)
newmem:
mov ecx,[r15+000004A0]
inc ecx
cmp ecx,[val_lvl]
jle @f
mov ecx,[val_lvl]
@@:
cmp ecx,[val_lvl+4]
jge @f
mov ecx,[val_lvl+4]
@@:
dec ecx
mov [r15+000004A0],ecx
jmp return
val_lvl:
dd (int)60
dd (int)1
inj_uruklevel+5:
jmp newmem
nop
nop
return:
registersymbol(inj_uruklevel)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
inj_uruklevel+5:
db 41 8B 8F A0 04 00 00
unregistersymbol(inj_uruklevel)
unregistersymbol(val_lvl)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "ShadowOfWar.exe"+40BCCA
"ShadowOfWar.exe"+40BCA1: E8 26 CE 09 00 - call ShadowOfWar.exe+4A8ACC
"ShadowOfWar.exe"+40BCA6: 4C 8D 45 7F - lea r8,[rbp+7F]
"ShadowOfWar.exe"+40BCAA: 48 8B 08 - mov rcx,[rax]
"ShadowOfWar.exe"+40BCAD: 48 89 4D 7F - mov [rbp+7F],rcx
"ShadowOfWar.exe"+40BCB1: 48 8B CB - mov rcx,rbx
"ShadowOfWar.exe"+40BCB4: 4C 89 28 - mov [rax],r13
"ShadowOfWar.exe"+40BCB7: 48 8B 57 08 - mov rdx,[rdi+08]
"ShadowOfWar.exe"+40BCBB: E8 3C FE FF FF - call ShadowOfWar.exe+40BAFC
"ShadowOfWar.exe"+40BCC0: 48 8D 4C 24 28 - lea rcx,[rsp+28]
"ShadowOfWar.exe"+40BCC5: E8 F2 F1 FF FF - call ShadowOfWar.exe+40AEBC
// ---------- INJECTING HERE ----------
"ShadowOfWar.exe"+40BCCA: 41 8B 8F A0 04 00 00 - mov ecx,[r15+000004A0]
// ---------- DONE INJECTING ----------
"ShadowOfWar.exe"+40BCD1: 4C 8D 45 7F - lea r8,[rbp+7F]
"ShadowOfWar.exe"+40BCD5: 41 8B 87 58 04 00 00 - mov eax,[r15+00000458]
"ShadowOfWar.exe"+40BCDC: FF C0 - inc eax
"ShadowOfWar.exe"+40BCDE: 03 C8 - add ecx,eax
"ShadowOfWar.exe"+40BCE0: 89 4D 7F - mov [rbp+7F],ecx
"ShadowOfWar.exe"+40BCE3: 48 8D 4C 24 28 - lea rcx,[rsp+28]
"ShadowOfWar.exe"+40BCE8: E8 DF CD 09 00 - call ShadowOfWar.exe+4A8ACC
"ShadowOfWar.exe"+40BCED: 4C 8D 45 7F - lea r8,[rbp+7F]
"ShadowOfWar.exe"+40BCF1: 48 8B 08 - mov rcx,[rax]
"ShadowOfWar.exe"+40BCF4: 48 89 4D 7F - mov [rbp+7F],rcx
}
3990
"max lvl"
4 Bytes
val_lvl
3991
"min lvl (dominant)"
4 Bytes
val_lvl+4
3577
"Get All Uruk Intel"
8000FF
Auto Assembler Script
{ Game : ShadowOfWar.exe
Version:
Date : 2017-10-13
Author : SeiKur0
}
[ENABLE]
aobscanmodule(inj_urukintel,ShadowOfWar.exe,B0 01 EB ** 48 8D 8B ******** BA 03)
alloc(newmem,$1000,inj_urukintel)
label(code)
label(return)
newmem:
code:
mov edx,[rcx]
or edx,FB
mov [rcx],edx
mov edx,[rcx+A]
and edx,FFFFFFFE
or edx,2
mov [rcx+A],edx
mov edx,3
jmp return
inj_urukintel+B:
jmp newmem
return:
registersymbol(inj_urukintel)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
inj_urukintel+B:
mov edx,3
unregistersymbol(inj_urukintel)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "ShadowOfWar.exe"+2370E1
"ShadowOfWar.exe"+2370BE: 49 8B C8 - mov rcx,r8
"ShadowOfWar.exe"+2370C1: E8 5E C3 F9 FF - call ShadowOfWar.exe+1D3424
"ShadowOfWar.exe"+2370C6: EB 15 - jmp ShadowOfWar.exe+2370DD
"ShadowOfWar.exe"+2370C8: E8 BB 1F 61 01 - call ShadowOfWar.exe+1849088
"ShadowOfWar.exe"+2370CD: 48 8B D0 - mov rdx,rax
"ShadowOfWar.exe"+2370D0: 4C 8D 4C 24 30 - lea r9,[rsp+30]
"ShadowOfWar.exe"+2370D5: 49 8B C8 - mov rcx,r8
"ShadowOfWar.exe"+2370D8: E8 37 DB BA 00 - call ShadowOfWar.exe+DE4C14
"ShadowOfWar.exe"+2370DD: 84 C0 - test al,al
"ShadowOfWar.exe"+2370DF: 74 04 - je ShadowOfWar.exe+2370E5
// ---------- INJECTING HERE ----------
"ShadowOfWar.exe"+2370E1: B0 01 - mov al,01
"ShadowOfWar.exe"+2370E3: EB 28 - jmp ShadowOfWar.exe+23710D
"ShadowOfWar.exe"+2370E5: 48 8D 8B F0 04 00 00 - lea rcx,[rbx+000004F0]
// ---------- DONE INJECTING ----------
"ShadowOfWar.exe"+2370EC: BA 03 00 00 00 - mov edx,00000003
"ShadowOfWar.exe"+2370F1: E8 3A 02 BA 00 - call ShadowOfWar.exe+DD7330
"ShadowOfWar.exe"+2370F6: 84 C0 - test al,al
"ShadowOfWar.exe"+2370F8: 74 11 - je ShadowOfWar.exe+23710B
"ShadowOfWar.exe"+2370FA: BA 1E 00 00 00 - mov edx,0000001E
"ShadowOfWar.exe"+2370FF: 48 8B CB - mov rcx,rbx
"ShadowOfWar.exe"+237102: E8 35 02 BA 00 - call ShadowOfWar.exe+DD733C
"ShadowOfWar.exe"+237107: 84 C0 - test al,al
"ShadowOfWar.exe"+237109: 75 D6 - jne ShadowOfWar.exe+2370E1
"ShadowOfWar.exe"+23710B: 32 C0 - xor al,al
}
3969
"Epic/Legendary Uruks drop specific item"
8000FF
Auto Assembler Script
{ Game : ShadowOfWar.exe
Version:
Date : 2017-10-21
Author : SeiKur0
}
[ENABLE]
aobscanmodule(inj_drop,ShadowOfWar.exe,48 8d 4c 24 ** 49 8b d4 e8 ******** 48 8b d8 48 85 c0 74)
alloc(newmem,$1000,inj_drop)
registersymbol(p_drop)
label(p_drop)
label(return)
label(prereturn)
newmem:
code:
test rax,rax
je prereturn
mov rbx,[rax+18]
cmp [rbx+2c],(int)1255 //--Faction/Loot/NemesisGear
jne prereturn
mov rax,[p_drop]
prereturn:
mov rbx,rax
test rax,rax
jmp return
p_drop:
dq 0
inj_drop+d:
jmp newmem
nop
return:
registersymbol(inj_drop)
[DISABLE]
inj_drop+d:
db 48 8B D8 48 85 C0
unregistersymbol(inj_drop)
unregistersymbol(p_drop)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "ShadowOfWar.exe"+63A1D2
"ShadowOfWar.exe"+63A1A9: E8 AA EC C3 FF - call ShadowOfWar.exe+278E58
"ShadowOfWar.exe"+63A1AE: 84 C0 - test al,al
"ShadowOfWar.exe"+63A1B0: 4C 0F 45 65 70 - cmovne r12,[rbp+70]
"ShadowOfWar.exe"+63A1B5: 4C 89 64 24 38 - mov [rsp+38],r12
"ShadowOfWar.exe"+63A1BA: 48 83 C3 08 - add rbx,08
"ShadowOfWar.exe"+63A1BE: 48 8D 54 24 30 - lea rdx,[rsp+30]
"ShadowOfWar.exe"+63A1C3: 48 8D 4D 70 - lea rcx,[rbp+70]
"ShadowOfWar.exe"+63A1C7: 48 89 5D 70 - mov [rbp+70],rbx
"ShadowOfWar.exe"+63A1CB: E8 14 0C 00 00 - call ShadowOfWar.exe+63ADE4
"ShadowOfWar.exe"+63A1D0: 84 C0 - test al,al
// ---------- INJECTING HERE ----------
"ShadowOfWar.exe"+63A1D2: 75 AB - jne ShadowOfWar.exe+63A17F
"ShadowOfWar.exe"+63A1D4: 48 8B 7D 58 - mov rdi,[rbp+58]
// ---------- DONE INJECTING ----------
"ShadowOfWar.exe"+63A1D8: 4D 85 E4 - test r12,r12
"ShadowOfWar.exe"+63A1DB: 74 7C - je ShadowOfWar.exe+63A259
"ShadowOfWar.exe"+63A1DD: 45 33 C0 - xor r8d,r8d
"ShadowOfWar.exe"+63A1E0: 48 8D 4C 24 70 - lea rcx,[rsp+70]
"ShadowOfWar.exe"+63A1E5: 49 8B D4 - mov rdx,r12
"ShadowOfWar.exe"+63A1E8: E8 9B 03 F6 FF - call ShadowOfWar.exe+59A588
"ShadowOfWar.exe"+63A1ED: 48 8B D8 - mov rbx,rax
"ShadowOfWar.exe"+63A1F0: 48 85 C0 - test rax,rax
"ShadowOfWar.exe"+63A1F3: 74 20 - je ShadowOfWar.exe+63A215
"ShadowOfWar.exe"+63A1F5: 48 8B 95 80 00 00 00 - mov rdx,[rbp+00000080]
}
3970
"Drop Item"
1
8 Bytes
p_drop
3575
"Uruk Pointer"
4080FF
Auto Assembler Script
{ Game : ShadowOfWar.exe
Version:
Date : 2017-10-13
Author : SeiKur0
}
[ENABLE]
aobscanmodule(inj_uruk,ShadowOfWar.exe,8B 8B A0 04 00 00 4C 8D 84)
alloc(newmem,$1000,inj_uruk)
registersymbol(p_uruk)
label(p_uruk)
label(return)
newmem:
mov ecx,[rbx+000004A0]
mov [p_uruk],rbx
jmp return
p_uruk:
dd 0
inj_uruk:
jmp newmem
nop
return:
registersymbol(inj_uruk)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
inj_uruk:
db 8B 8B A0 04 00 00
unregistersymbol(inj_uruk)
unregistersymbol(p_uruk)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "ShadowOfWar.exe"+3D7CE4
"ShadowOfWar.exe"+3D7CC3: 75 08 - jne ShadowOfWar.exe+3D7CCD
"ShadowOfWar.exe"+3D7CC5: 49 8B CF - mov rcx,r15
"ShadowOfWar.exe"+3D7CC8: E8 AB 5D 2E 00 - call ShadowOfWar.exe+6BDA78
"ShadowOfWar.exe"+3D7CCD: 44 8A C0 - mov r8l,al
"ShadowOfWar.exe"+3D7CD0: 8B D6 - mov edx,esi
"ShadowOfWar.exe"+3D7CD2: 48 8B CF - mov rcx,rdi
"ShadowOfWar.exe"+3D7CD5: E8 EE 01 00 00 - call ShadowOfWar.exe+3D7EC8
"ShadowOfWar.exe"+3D7CDA: BA 12 00 00 00 - mov edx,00000012
"ShadowOfWar.exe"+3D7CDF: 45 84 E4 - test r12l,r12l
"ShadowOfWar.exe"+3D7CE2: 74 29 - je ShadowOfWar.exe+3D7D0D
// ---------- INJECTING HERE ----------
"ShadowOfWar.exe"+3D7CE4: 8B 8B A0 04 00 00 - mov ecx,[rbx+000004A0]
// ---------- DONE INJECTING ----------
"ShadowOfWar.exe"+3D7CEA: 4C 8D 84 24 90 00 00 00 - lea r8,[rsp+00000090]
"ShadowOfWar.exe"+3D7CF2: 8B 83 58 04 00 00 - mov eax,[rbx+00000458]
"ShadowOfWar.exe"+3D7CF8: FF C0 - inc eax
"ShadowOfWar.exe"+3D7CFA: 03 C8 - add ecx,eax
"ShadowOfWar.exe"+3D7CFC: 89 8C 24 90 00 00 00 - mov [rsp+00000090],ecx
"ShadowOfWar.exe"+3D7D03: 48 8B CF - mov rcx,rdi
"ShadowOfWar.exe"+3D7D06: E8 A5 EF FF FF - call ShadowOfWar.exe+3D6CB0
"ShadowOfWar.exe"+3D7D0B: EB 08 - jmp ShadowOfWar.exe+3D7D15
"ShadowOfWar.exe"+3D7D0D: 45 33 C0 - xor r8d,r8d
"ShadowOfWar.exe"+3D7D10: E8 B3 01 00 00 - call ShadowOfWar.exe+3D7EC8
}
3576
"When in the army view, the script will find the selected uruk."
FF0000
1
3578
"Base"
1
8 Bytes
p_uruk
3579
"Level-1"
4 Bytes
p_uruk
4A0
3580
"Name (visual)"
String
36
0
1
1
p_uruk
480
3581
"Status"
1
3582
"Status Death"
1
4 Bytes
p_uruk
4F0
3583
"dominated"
Binary
3
1
0
p_uruk
4F3
3584
"bodyguard"
Binary
5
1
0
p_uruk
4F3
3585
"dead"
Binary
5
1
0
p_uruk
4F2
3586
"removed from map"
Binary
2
1
0
p_uruk
4F0
3587
"Status temp"
1
4 Bytes
p_uruk
4F8
3588
"name known"
Binary
0
1
0
p_uruk
4F8
3589
"strengths known"
Binary
4
1
0
p_uruk
4F8
3590
"weaknesses known"
Binary
5
1
0
p_uruk
4F8
3591
"Status perm (just one should be active)"
1
4 Bytes
p_uruk
502
3592
"strengths known"
Binary
0
1
0
p_uruk
502
3593
"weaknesses known"
Binary
1
1
0
p_uruk
502
3594
"Additional Properties"
1
3971
"AI"
1
8 Bytes
p_uruk
170
3972
"Trait Level Offset"
1
8 Bytes
p_uruk
268
3973
"Tribe"
1
8 Bytes
p_uruk
310
3974
"Role (second part of name)"
1
8 Bytes
p_uruk
300
3975
"Class"
1
8 Bytes
p_uruk
260
3976
"Personality"
1
8 Bytes
p_uruk
258
3596
"Orc Rarity (visual)"
String
64
0
0
1
p_uruk
0
20
378
3602
"Equipment/Looks"
1
4380
"Tags"
1
4381
"list_end"
1
8 Bytes
p_uruk
10
2C0
4453
"list_maxlength"
4 Bytes
p_uruk
18
2C0
4389
"tag 01"
1
8 Bytes
p_uruk
0
8
2C0
4382
"tag 02"
1
8 Bytes
p_uruk
10
8
2C0
4383
"tag 03"
1
8 Bytes
p_uruk
20
8
2C0
4384
"tag 04"
1
8 Bytes
p_uruk
30
8
2C0
4385
"tag 05"
1
8 Bytes
p_uruk
40
8
2C0
4386
"tag 06"
1
8 Bytes
p_uruk
50
8
2C0
4387
"tag 07"
1
8 Bytes
p_uruk
60
8
2C0
4388
"tag 08"
1
8 Bytes
p_uruk
70
8
2C0
4461
"tag 09"
1
8 Bytes
p_uruk
80
8
2C0
4462
"tag 10"
1
8 Bytes
p_uruk
90
8
2C0
4463
"tag 11"
1
8 Bytes
p_uruk
A0
8
2C0
4464
"tag 12"
1
8 Bytes
p_uruk
B0
8
2C0
4465
"tag 13"
1
8 Bytes
p_uruk
C0
8
2C0
4466
"tag 14"
1
8 Bytes
p_uruk
D0
8
2C0
4467
"tag 15"
1
8 Bytes
p_uruk
E0
8
2C0
4468
"tag 16"
1
8 Bytes
p_uruk
F0
8
2C0
4413
"Colors (ARGB)"
1
4414
"body color"
1
4 Bytes
p_uruk
158
2C0
4415
"? color"
1
4 Bytes
p_uruk
15C
2C0
4416
"hair color"
1
4 Bytes
p_uruk
160
2C0
4417
"tattoo color"
1
4 Bytes
p_uruk
164
2C0
4418
"? color"
1
4 Bytes
p_uruk
168
2C0
4419
"? color"
1
4 Bytes
p_uruk
16C
2C0
4420
"? color"
1
4 Bytes
p_uruk
170
2C0
4421
"? color"
1
4 Bytes
p_uruk
174
2C0
4422
"? color"
1
4 Bytes
p_uruk
178
2C0
4423
"? color"
1
4 Bytes
p_uruk
17C
2C0
4424
"? color"
1
4 Bytes
p_uruk
180
2C0
4425
"? color"
1
4 Bytes
p_uruk
184
2C0
4426
"? color"
1
4 Bytes
p_uruk
188
2C0
4427
"? color"
1
4 Bytes
p_uruk
18C
2C0
4428
"? color"
1
4 Bytes
p_uruk
190
2C0
4429
"? color"
1
4 Bytes
p_uruk
194
2C0
4430
"? color"
1
4 Bytes
p_uruk
198
2C0
4351
"base model"
1
8 Bytes
p_uruk
20
2C0
4404
"body model base"
1
8 Bytes
p_uruk
90
2C0
4391
"body model"
1
8 Bytes
p_uruk
28
2C0
4412
"head model base"
1
8 Bytes
p_uruk
150
2C0
4392
"head model"
1
8 Bytes
p_uruk
30
2C0
4393
"hair model"
1
8 Bytes
p_uruk
38
2C0
3634
"body"
1
8 Bytes
p_uruk
38
D8
3635
"body (appearance)"
1
8 Bytes
p_uruk
48
D8
4347
"special body"
1
8 Bytes
p_uruk
38
E8
4348
"special body (appearance)"
1
8 Bytes
p_uruk
48
E8
4349
"special head"
1
8 Bytes
p_uruk
38
F0
4350
"special head (appearance)"
1
8 Bytes
p_uruk
48
F0
3603
"weapon 1H left"
1
8 Bytes
p_uruk
38
50
3604
"weapon 1H left (appearance)"
1
8 Bytes
p_uruk
40
50
3605
"weapon 1H right"
1
8 Bytes
p_uruk
38
60
3606
"weapon 1H right (appearance)"
1
8 Bytes
p_uruk
40
60
3608
"weapon 2H"
1
8 Bytes
p_uruk
38
68
3940
"weapon 2H (appearance)"
1
8 Bytes
p_uruk
40
68
3618
"helmet"
1
8 Bytes
p_uruk
38
98
4398
"helmet model"
1
8 Bytes
p_uruk
60
2C0
3619
"helmet (appearance)"
1
8 Bytes
p_uruk
48
98
3620
"shoulders"
1
8 Bytes
p_uruk
38
A0
4399
"shoulders model"
1
8 Bytes
p_uruk
68
2C0
3621
"shoulders (appearance)"
1
8 Bytes
p_uruk
48
A0
3622
"chest"
1
8 Bytes
p_uruk
38
A8
4400
"chest model"
1
8 Bytes
p_uruk
70
2C0
3623
"chest (appearance)"
1
8 Bytes
p_uruk
48
A8
3624
"arms"
1
8 Bytes
p_uruk
38
B0
4401
"arms model"
1
8 Bytes
p_uruk
78
2C0
3625
"arms (appearance)"
1
8 Bytes
p_uruk
48
B0
3626
"pants"
1
8 Bytes
p_uruk
38
B8
4402
"pants model"
1
8 Bytes
p_uruk
80
2C0
3627
"pants (appearance)"
1
8 Bytes
p_uruk
48
B8
3628
"legs"
1
8 Bytes
p_uruk
38
C0
4403
"legs model"
1
8 Bytes
p_uruk
88
2C0
3629
"legs (appearance)"
1
8 Bytes
p_uruk
48
C0
3630
"quiver"
1
8 Bytes
p_uruk
38
C8
4395
"quiver model"
1
8 Bytes
p_uruk
40
2C0
3631
"quiver (appearance)"
1
8 Bytes
p_uruk
48
C8
3632
"accessory"
1
8 Bytes
p_uruk
38
D0
4394
"accessory model"
1
8 Bytes
p_uruk
48
2C0
3633
"accessory (appearance)"
1
8 Bytes
p_uruk
48
D0
3636
"Marker abilities"
1
3890
"list_end"
1
8 Bytes
p_uruk
1A0
4451
"list_maxlength"
4 Bytes
p_uruk
1A8
4431
"entry 01"
1
8 Bytes
p_uruk
0
198
3891
"entry 02"
1
8 Bytes
p_uruk
8
198
3892
"entry 03"
1
8 Bytes
p_uruk
10
198
3893
"entry 04"
1
8 Bytes
p_uruk
18
198
3894
"entry 05"
1
8 Bytes
p_uruk
20
198
3895
"entry 06"
1
8 Bytes
p_uruk
28
198
3896
"entry 07"
1
8 Bytes
p_uruk
30
198
3897
"entry 08"
1
8 Bytes
p_uruk
38
198
3898
"entry 09"
1
8 Bytes
p_uruk
40
198
3899
"entry 10"
1
8 Bytes
p_uruk
48
198
3900
"entry 11"
1
8 Bytes
p_uruk
50
198
3901
"entry 12"
1
8 Bytes
p_uruk
58
198
3902
"entry 13"
1
8 Bytes
p_uruk
60
198
3903
"entry 14"
1
8 Bytes
p_uruk
68
198
3904
"entry 15"
1
8 Bytes
p_uruk
70
198
3905
"entry 16"
1
8 Bytes
p_uruk
78
198
3906
"entry 17"
1
8 Bytes
p_uruk
80
198
3907
"entry 18"
1
8 Bytes
p_uruk
88
198
3908
"entry 19"
1
8 Bytes
p_uruk
90
198
3909
"entry 20"
1
8 Bytes
p_uruk
98
198
3910
"entry 21"
1
8 Bytes
p_uruk
A0
198
3911
"entry 22"
1
8 Bytes
p_uruk
A8
198
3912
"entry 23"
1
8 Bytes
p_uruk
B0
198
3913
"entry 24"
1
8 Bytes
p_uruk
B8
198
3914
"entry 25"
1
8 Bytes
p_uruk
C0
198
3915
"entry 26"
1
8 Bytes
p_uruk
C8
198
3916
"entry 27"
1
8 Bytes
p_uruk
D0
198
3917
"entry 28"
1
8 Bytes
p_uruk
D8
198
3918
"entry 29"
1
8 Bytes
p_uruk
E0
198
3919
"entry 30"
1
8 Bytes
p_uruk
E8
198
3920
"entry 31"
1
8 Bytes
p_uruk
F0
198
3921
"entry 32"
1
8 Bytes
p_uruk
F8
198
3922
"entry 33"
1
8 Bytes
p_uruk
100
198
3923
"entry 34"
1
8 Bytes
p_uruk
108
198
3924
"entry 35"
1
8 Bytes
p_uruk
110
198
3925
"entry 36"
1
8 Bytes
p_uruk
118
198
3926
"entry 37"
1
8 Bytes
p_uruk
120
198
3927
"entry 38"
1
8 Bytes
p_uruk
128
198
3928
"entry 39"
1
8 Bytes
p_uruk
130
198
3929
"entry 40"
1
8 Bytes
p_uruk
138
198
3930
"entry 41"
1
8 Bytes
p_uruk
140
198
3931
"entry 42"
1
8 Bytes
p_uruk
148
198
3932
"entry 43"
1
8 Bytes
p_uruk
150
198
3933
"entry 44"
1
8 Bytes
p_uruk
158
198
3934
"entry 45"
1
8 Bytes
p_uruk
160
198
3935
"entry 46"
1
8 Bytes
p_uruk
168
198
3936
"entry 47"
1
8 Bytes
p_uruk
170
198
3937
"entry 48"
1
8 Bytes
p_uruk
178
198
3670
"Picker abilities"
1
3789
"list_end"
1
8 Bytes
p_uruk
1D0
4452
"list_maxlength"
4 Bytes
p_uruk
1D8
4432
"entry 01"
1
8 Bytes
p_uruk
0
1C8
3790
"entry 02"
1
8 Bytes
p_uruk
20
1C8
3791
"entry 03"
1
8 Bytes
p_uruk
40
1C8
3792
"entry 04"
1
8 Bytes
p_uruk
60
1C8
3793
"entry 05"
1
8 Bytes
p_uruk
80
1C8
3794
"entry 06"
1
8 Bytes
p_uruk
A0
1C8
3795
"entry 07"
1
8 Bytes
p_uruk
C0
1C8
3796
"entry 08"
1
8 Bytes
p_uruk
E0
1C8
3797
"entry 09"
1
8 Bytes
p_uruk
100
1C8
3798
"entry 10"
1
8 Bytes
p_uruk
120
1C8
3799
"entry 11"
1
8 Bytes
p_uruk
140
1C8
3800
"entry 12"
1
8 Bytes
p_uruk
160
1C8
3801
"entry 13"
1
8 Bytes
p_uruk
180
1C8
3802
"entry 14"
1
8 Bytes
p_uruk
1A0
1C8
3803
"entry 15"
1
8 Bytes
p_uruk
1C0
1C8
3804
"entry 16"
1
8 Bytes
p_uruk
1E0
1C8
3805
"entry 17"
1
8 Bytes
p_uruk
200
1C8
3806
"entry 18"
1
8 Bytes
p_uruk
220
1C8
3807
"entry 19"
1
8 Bytes
p_uruk
240
1C8
3808
"entry 20"
1
8 Bytes
p_uruk
260
1C8
3809
"entry 21"
1
8 Bytes
p_uruk
280
1C8
3810
"entry 22"
1
8 Bytes
p_uruk
2A0
1C8
3811
"entry 23"
1
8 Bytes
p_uruk
2C0
1C8
3812
"entry 24"
1
8 Bytes
p_uruk
2E0
1C8
3813
"entry 25"
1
8 Bytes
p_uruk
300
1C8
3814
"entry 26"
1
8 Bytes
p_uruk
320
1C8
3815
"entry 27"
1
8 Bytes
p_uruk
340
1C8
3816
"entry 28"
1
8 Bytes
p_uruk
360
1C8
3817
"entry 29"
1
8 Bytes
p_uruk
380
1C8
3818
"entry 30"
1
8 Bytes
p_uruk
3A0
1C8
3819
"entry 31"
1
8 Bytes
p_uruk
3C0
1C8
3820
"entry 32"
1
8 Bytes
p_uruk
3E0
1C8
3821
"entry 33"
1
8 Bytes
p_uruk
400
1C8
3822
"entry 34"
1
8 Bytes
p_uruk
420
1C8
3823
"entry 35"
1
8 Bytes
p_uruk
440
1C8
3824
"entry 36"
1
8 Bytes
p_uruk
460
1C8
3825
"entry 37"
1
8 Bytes
p_uruk
480
1C8
3826
"entry 38"
1
8 Bytes
p_uruk
4A0
1C8
3827
"entry 39"
1
8 Bytes
p_uruk
4C0
1C8
3828
"entry 40"
1
8 Bytes
p_uruk
4E0
1C8
3829
"entry 41"
1
8 Bytes
p_uruk
500
1C8
3830
"entry 42"
1
8 Bytes
p_uruk
520
1C8
3831
"entry 43"
1
8 Bytes
p_uruk
540
1C8
3832
"entry 44"
1
8 Bytes
p_uruk
560
1C8
3833
"entry 45"
1
8 Bytes
p_uruk
580
1C8
3834
"entry 46"
1
8 Bytes
p_uruk
5A0
1C8
3835
"entry 47"
1
8 Bytes
p_uruk
5C0
1C8
3836
"entry 48"
1
8 Bytes
p_uruk
5E0
1C8
4469
"entry 49"
1
8 Bytes
p_uruk
600
1C8
4470
"entry 50"
1
8 Bytes
p_uruk
620
1C8
4471
"entry 51"
1
8 Bytes
p_uruk
640
1C8
4472
"entry 52"
1
8 Bytes
p_uruk
660
1C8
4473
"entry 53"
1
8 Bytes
p_uruk
680
1C8
4474
"entry 54"
1
8 Bytes
p_uruk
6A0
1C8
4475
"entry 55"
1
8 Bytes
p_uruk
6C0
1C8
4476
"entry 56"
1
8 Bytes
p_uruk
6E0
1C8
3715
"Derived abilities (visual)"
1
4433
"ability 01"
String
64
0
0
1
p_uruk
0
20
0
180
3717
"ability"
String
64
0
0
1
p_uruk
0
20
8
180
3718
"ability"
String
64
0
0
1
p_uruk
0
20
10
180
3719
"ability"
String
64
0
0
1
p_uruk
0
20
18
180
3720
"ability 05"
String
64
0
0
1
p_uruk
0
20
20
180
3721
"ability"
String
64
0
0
1
p_uruk
0
20
28
180
3722
"ability"
String
64
0
0
1
p_uruk
0
20
30
180
3723
"ability"
String
64
0
0
1
p_uruk
0
20
38
180
3724
"ability"
String
64
0
0
1
p_uruk
0
20
40
180
3725
"ability 10"
String
64
0
0
1
p_uruk
0
20
48
180
3726
"ability"
String
64
0
0
1
p_uruk
0
20
50
180
3727
"ability"
String
64
0
0
1
p_uruk
0
20
58
180
3728
"ability"
String
64
0
0
1
p_uruk
0
20
60
180
3729
"ability"
String
64
0
0
1
p_uruk
0
20
68
180
3730
"ability 15"
String
64
0
0
1
p_uruk
0
20
70
180
3731
"ability"
String
64
0
0
1
p_uruk
0
20
78
180
3732
"ability"
String
64
0
0
1
p_uruk
0
20
80
180
3733
"ability"
String
64
0
0
1
p_uruk
0
20
88
180
3734
"ability"
String
64
0
0
1
p_uruk
0
20
90
180
3735
"ability 20"
String
64
0
0
1
p_uruk
0
20
98
180
3736
"ability"
String
64
0
0
1
p_uruk
0
20
A0
180
3737
"ability"
String
64
0
0
1
p_uruk
0
20
A8
180
3738
"ability"
String
64
0
0
1
p_uruk
0
20
B0
180
3739
"ability"
String
64
0
0
1
p_uruk
0
20
B8
180
3740
"ability 25"
String
64
0
0
1
p_uruk
0
20
C0
180
3741
"ability"
String
64
0
0
1
p_uruk
0
20
C8
180
3742
"ability"
String
64
0
0
1
p_uruk
0
20
D0
180
3743
"ability"
String
64
0
0
1
p_uruk
0
20
D8
180
3744
"ability"
String
64
0
0
1
p_uruk
0
20
E0
180
3745
"ability 30"
String
64
0
0
1
p_uruk
0
20
E8
180
3746
"ability"
String
64
0
0
1
p_uruk
0
20
F0
180
3747
"ability"
String
64
0
0
1
p_uruk
0
20
F8
180
4437
"ability"
String
64
0
0
1
p_uruk
0
20
100
180
4436
"ability"
String
64
0
0
1
p_uruk
0
20
108
180
4435
"ability 35"
String
64
0
0
1
p_uruk
0
20
110
180
4438
"ability"
String
64
0
0
1
p_uruk
0
20
118
180
4439
"ability"
String
64
0
0
1
p_uruk
0
20
120
180
4440
"ability"
String
64
0
0
1
p_uruk
0
20
128
180
4441
"ability"
String
64
0
0
1
p_uruk
0
20
130
180
4442
"ability 40"
String
64
0
0
1
p_uruk
0
20
138
180
4443
"ability"
String
64
0
0
1
p_uruk
0
20
140
180
4444
"ability"
String
64
0
0
1
p_uruk
0
20
148
180
4445
"ability"
String
64
0
0
1
p_uruk
0
20
150
180
4446
"ability"
String
64
0
0
1
p_uruk
0
20
158
180
4447
"ability 45"
String
64
0
0
1
p_uruk
0
20
160
180
4448
"ability"
String
64
0
0
1
p_uruk
0
20
168
180
4449
"ability"
String
64
0
0
1
p_uruk
0
20
170
180
4450
"ability 48"
String
64
0
0
1
p_uruk
0
20
180
180
3763
"Item Pointer"
4080FF
Auto Assembler Script
{ Game : ShadowOfWar.exe
Version:
Date : 2017-10-14
Author : SeiKur0
}
[ENABLE]
aobscanmodule(inj_item,ShadowOfWar.exe,49 2B 76 78 48 C1 FE 03)
alloc(newmem,$1000,inj_item)
registersymbol(p_item)
label(p_item)
label(return)
newmem:
mov edx,edi
mov rcx,r14
test rbx,rbx
je return
mov [p_item],rcx
jmp return
p_item:
dd 0
inj_item+10:
jmp newmem
return:
registersymbol(inj_item)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
inj_item+10:
mov edx,edi
mov rcx,r14
unregistersymbol(inj_item)
unregistersymbol(p_item)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "ShadowOfWar.exe"+162721B
"ShadowOfWar.exe"+16271ED: C7 44 24 40 01 00 00 00 - mov [rsp+40],00000001
"ShadowOfWar.exe"+16271F5: C6 44 24 38 01 - mov byte ptr [rsp+38],01
"ShadowOfWar.exe"+16271FA: 45 33 C9 - xor r9d,r9d
"ShadowOfWar.exe"+16271FD: 88 54 24 28 - mov [rsp+28],dl
"ShadowOfWar.exe"+1627201: 48 8B D3 - mov rdx,rbx
"ShadowOfWar.exe"+1627204: 44 89 54 24 20 - mov [rsp+20],r10d
"ShadowOfWar.exe"+1627209: E8 26 39 FB FF - call ShadowOfWar.exe+15DAB34
"ShadowOfWar.exe"+162720E: 45 33 D2 - xor r10d,r10d
"ShadowOfWar.exe"+1627211: 49 8B B6 80 00 00 00 - mov rsi,[r14+00000080]
"ShadowOfWar.exe"+1627218: 41 8B FA - mov edi,r10d
// ---------- INJECTING HERE ----------
"ShadowOfWar.exe"+162721B: 49 2B 76 78 - sub rsi,[r14+78]
"ShadowOfWar.exe"+162721F: 48 C1 FE 03 - sar rsi,03
// ---------- DONE INJECTING ----------
"ShadowOfWar.exe"+1627223: 85 F6 - test esi,esi
"ShadowOfWar.exe"+1627225: 0F 84 9B 01 00 00 - je ShadowOfWar.exe+16273C6
"ShadowOfWar.exe"+162722B: 8B D7 - mov edx,edi
"ShadowOfWar.exe"+162722D: 49 8B CE - mov rcx,r14
"ShadowOfWar.exe"+1627230: E8 FB D9 02 FF - call ShadowOfWar.exe+654C30
"ShadowOfWar.exe"+1627235: 48 8B D8 - mov rbx,rax
"ShadowOfWar.exe"+1627238: 48 85 C0 - test rax,rax
"ShadowOfWar.exe"+162723B: 0F 84 B4 00 00 00 - je ShadowOfWar.exe+16272F5
"ShadowOfWar.exe"+1627241: 48 8B 08 - mov rcx,[rax]
"ShadowOfWar.exe"+1627244: E8 1F D3 FF FF - call ShadowOfWar.exe+1624568
}
3764
"When changing your equipment the script will find the selected item."
FF0000
1
3766
"Base"
1
8 Bytes
p_item
3767
"Level"
4 Bytes
p_item
24
3943
"Type"
1
8 Bytes
p_item
38
3774
"Appearance Weapon"
1
8 Bytes
p_item
40
3772
"Appearance Armor"
1
8 Bytes
p_item
48
4478
"Effect 1"
1
8 Bytes
p_item
0
0
78
3778
"Effect Value 1"
Float
p_item
8
0
78
3779
"Effect 2"
1
8 Bytes
p_item
0
8
78
3781
"Effect Value 2"
Float
p_item
8
8
78
3941
"Effect 3"
1
8 Bytes
p_item
0
10
78
3942
"Effect Value 3"
Float
p_item
8
10
78
3944
"Effect 4"
1
8 Bytes
p_item
0
18
78
3945
"Effect Value 4"
Float
p_item
8
18
78
3946
"Effect 5"
1
8 Bytes
p_item
0
20
78
3947
"Effect Value 5"
Float
p_item
8
20
78
3992
"Effect 6"
1
8 Bytes
p_item
0
28
78
3993
"Effect Value 6"
Float
p_item
8
28
78
3994
"Effect 7"
1
8 Bytes
p_item
0
30
78
3995
"Effect Value 7"
Float
p_item
8
30
78
3996
"Effect 8"
1
8 Bytes
p_item
0
30
78
3997
"Effect Value 8"
Float
p_item
8
30
78
3998
"Effect 9"
1
8 Bytes
p_item
0
30
78
3999
"Effect Value 9"
Float
p_item
8
30
78
4000
"Effect 10"
1
8 Bytes
p_item
0
30
78
4001
"Effect Value 10"
Float
p_item
8
30
78
3572
"Modify FOV"
8000FF
Auto Assembler Script
{ Game : ShadowOfWar.exe
Version:
Date : 2017-10-12
Author : SeiKur0
}
[ENABLE]
aobscanmodule(fov,ShadowOfWar.exe,0F 28 D8 8B 08 89 8B)
alloc(newmem_fov,$1000,fov)
label(return)
label(limit)
registersymbol(new_fov)
label(new_fov)
newmem_fov:
movaps xmm3,xmm0
mov ecx,[rax]
movss xmm0,[rax+04]//real value
movss xmm2,[new_fov+4]//min value
movss xmm1,[new_fov] //new max value
ucomiss xmm0,xmm1 //beyond new max value no scaling
ja return
ucomiss xmm2,xmm0 //below min value no scaling
ja return
movss xmm1,[new_fov+8]//old max value
ucomiss xmm0,xmm1 //between old max and new max everything should go to the new max
ja limit
subss xmm0,xmm2
subss xmm1,xmm2
divss xmm0,xmm1
movss xmm1,[new_fov]
subss xmm1,xmm2
mulss xmm0,xmm1
addss xmm0,xmm2
movss [rax+04],xmm0
jmp return
limit:
movss xmm1,[new_fov]
movss [rax+04],xmm1
jmp return
new_fov:
dd (float)1.3//new max
dd (float)0.5236//min (30°) slightly higher
dd (float)0.6980 //max (40°) slightly lower
fov:
jmp newmem_fov
return:
registersymbol(fov)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
fov:
db 0F 28 D8 8B 08
unregistersymbol(fov)
unregistersymbol(new_fov)
dealloc(newmem_fov)
{
// ORIGINAL CODE - INJECTION POINT: "ShadowOfWar.exe"+42A5EF
"ShadowOfWar.exe"+42A5C3: 4C 8D 40 C8 - lea r8,[rax-38]
"ShadowOfWar.exe"+42A5C7: 0F 57 C0 - xorps xmm0,xmm0
"ShadowOfWar.exe"+42A5CA: 48 8D 48 08 - lea rcx,[rax+08]
"ShadowOfWar.exe"+42A5CE: 0F 57 D2 - xorps xmm2,xmm2
"ShadowOfWar.exe"+42A5D1: 48 8D 50 E0 - lea rdx,[rax-20]
"ShadowOfWar.exe"+42A5D5: 0F 28 D9 - movaps xmm3,xmm1
"ShadowOfWar.exe"+42A5D8: F3 0F 7F 40 E0 - movdqu [rax-20],xmm0
"ShadowOfWar.exe"+42A5DD: F3 0F 7F 50 C8 - movdqu [rax-38],xmm2
"ShadowOfWar.exe"+42A5E2: E8 E9 21 DF FF - call ShadowOfWar.exe+21C7D0
"ShadowOfWar.exe"+42A5E7: F3 0F 10 05 C1 A4 87 01 - movss xmm0,[ShadowOfWar.exe+1CA4AB0]
// ---------- INJECTING HERE ----------
"ShadowOfWar.exe"+42A5EF: 0F 28 D8 - movaps xmm3,xmm0
"ShadowOfWar.exe"+42A5F2: 8B 08 - mov ecx,[rax]
// ---------- DONE INJECTING ----------
"ShadowOfWar.exe"+42A5F4: 89 8B 80 06 00 00 - mov [rbx+00000680],ecx
"ShadowOfWar.exe"+42A5FA: 8B 40 04 - mov eax,[rax+04]
"ShadowOfWar.exe"+42A5FD: 89 83 84 06 00 00 - mov [rbx+00000684],eax
"ShadowOfWar.exe"+42A603: F3 0F 10 83 84 06 00 00 - movss xmm0,[rbx+00000684]
"ShadowOfWar.exe"+42A60B: 0F 28 D0 - movaps xmm2,xmm0
"ShadowOfWar.exe"+42A60E: F3 0F 10 83 80 06 00 00 - movss xmm0,[rbx+00000680]
"ShadowOfWar.exe"+42A616: 0F 28 C8 - movaps xmm1,xmm0
"ShadowOfWar.exe"+42A619: F3 0F 5F D3 - maxss xmm2,xmm3
"ShadowOfWar.exe"+42A61D: F3 0F 5F CB - maxss xmm1,xmm3
"ShadowOfWar.exe"+42A621: F3 0F 11 93 84 06 00 00 - movss [rbx+00000684],xmm2
}
3573
"The value is in radian, standard value is around 0.7=40°"
FF0000
1
3574
"new FOV (Rad)"
Float
new_fov
3784
"100% Coin Drop (location to drops for the future)"
8000FF
Auto Assembler Script
{ Game : ShadowOfWar.exe
Version:
Date : 2017-10-16
Author : SeiKur0
}
[ENABLE]
aobscanmodule(inj_rnd_money,ShadowOfWar.exe,F3 0F59 0D ******** 0F2F C1 0F86)
inj_rnd_money+8:
db eB 07 90 //jump over the jump, that prevents stuff from happening
return:
registersymbol(inj_rnd_money)
[DISABLE]
inj_rnd_money+8:
db 0F 2F C1
unregistersymbol(inj_rnd_money)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "ShadowOfWar.exe"+48E3AA
"ShadowOfWar.exe"+48E375: 48 8B CE - mov rcx,rsi
"ShadowOfWar.exe"+48E378: E8 8F B8 CB FF - call ShadowOfWar.exe+149C0C
"ShadowOfWar.exe"+48E37D: 48 69 0D D0 C9 19 02 35 84 B3 0B - imul rcx,[ShadowOfWar.exe+262AD58],0BB38435
"ShadowOfWar.exe"+48E388: 0F 57 C9 - xorps xmm1,xmm1
"ShadowOfWar.exe"+48E38B: 48 81 C1 6B 63 19 36 - add rcx,3619636B
"ShadowOfWar.exe"+48E392: 48 89 0D BF C9 19 02 - mov [ShadowOfWar.exe+262AD58],rcx
"ShadowOfWar.exe"+48E399: 48 C1 E9 20 - shr rcx,20
"ShadowOfWar.exe"+48E39D: 81 E1 FF FF FF 00 - and ecx,00FFFFFF
"ShadowOfWar.exe"+48E3A3: 8B C1 - mov eax,ecx
"ShadowOfWar.exe"+48E3A5: F3 48 0F 2A C8 - cvtsi2ss xmm1,rax
// ---------- INJECTING HERE ----------
"ShadowOfWar.exe"+48E3AA: F3 0F 59 0D CE 69 81 01 - mulss xmm1,[ShadowOfWar.exe+1CA4D80]
// ---------- DONE INJECTING ----------
"ShadowOfWar.exe"+48E3B2: 0F 2F C1 - comiss xmm0,xmm1
"ShadowOfWar.exe"+48E3B5: 0F 86 90 00 00 00 - jbe ShadowOfWar.exe+48E44B
"ShadowOfWar.exe"+48E3BB: 48 8B 4F 58 - mov rcx,[rdi+58]
"ShadowOfWar.exe"+48E3BF: E8 80 EF FF FF - call ShadowOfWar.exe+48D344
"ShadowOfWar.exe"+48E3C4: 48 8D 4D C7 - lea rcx,[rbp-39]
"ShadowOfWar.exe"+48E3C8: 48 8B D8 - mov rbx,rax
"ShadowOfWar.exe"+48E3CB: E8 A0 01 00 00 - call ShadowOfWar.exe+48E570
"ShadowOfWar.exe"+48E3D0: 4C 8B 45 4F - mov r8,[rbp+4F]
"ShadowOfWar.exe"+48E3D4: 48 8D 45 5F - lea rax,[rbp+5F]
"ShadowOfWar.exe"+48E3D8: 48 89 44 24 68 - mov [rsp+68],rax
}
3984
"No myrian decrease"
8000FF
Auto Assembler Script
{ Game : ShadowOfWar.exe
Version:
Date : 2017-10-25
Author : SeiKur0
}
[ENABLE]
aobscanmodule(inj_money,ShadowOfWar.exe,E8 ******** 45 89 51 20 48 83 C4 28)
alloc(newmem,$1000,inj_money)
label(return)
newmem:
push r9
mov r9,[r9]
cmp [r9+4],23B603FB
pop r9
jne @f
cmp r10d,[r9+20]
cmovl r10d,[r9+20]
@@:
mov [r9+20],r10d
add rsp,28
jmp return
inj_money+5:
jmp newmem
nop
nop
nop
return:
registersymbol(inj_money)
[DISABLE]
inj_money+5:
db 45 89 51 20 48 83 C4 28
unregistersymbol(inj_money)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "ShadowOfWar.exe"+224761
"ShadowOfWar.exe"+224741: 85 C9 - test ecx,ecx
"ShadowOfWar.exe"+224743: 74 08 - je ShadowOfWar.exe+22474D
"ShadowOfWar.exe"+224745: E8 42 A6 5D 00 - call ShadowOfWar.exe+7FED8C
"ShadowOfWar.exe"+22474A: 44 8B D0 - mov r10d,eax
"ShadowOfWar.exe"+22474D: 45 3B 51 20 - cmp r10d,[r9+20]
"ShadowOfWar.exe"+224751: 76 0E - jna ShadowOfWar.exe+224761
"ShadowOfWar.exe"+224753: 49 8D 49 2C - lea rcx,[r9+2C]
"ShadowOfWar.exe"+224757: 41 B0 01 - mov r8l,01
"ShadowOfWar.exe"+22475A: 33 D2 - xor edx,edx
"ShadowOfWar.exe"+22475C: E8 97 11 00 00 - call ShadowOfWar.exe+2258F8
// ---------- INJECTING HERE ----------
"ShadowOfWar.exe"+224761: 45 89 51 20 - mov [r9+20],r10d
"ShadowOfWar.exe"+224765: 48 83 C4 28 - add rsp,28
// ---------- DONE INJECTING ----------
"ShadowOfWar.exe"+224769: C3 - ret
"ShadowOfWar.exe"+22476A: CC - int 3
"ShadowOfWar.exe"+22476B: CC - int 3
"ShadowOfWar.exe"+22476C: 0F B6 81 C0 00 00 00 - movzx eax,byte ptr [rcx+000000C0]
"ShadowOfWar.exe"+224773: 41 BA 0C 00 00 00 - mov r10d,0000000C
"ShadowOfWar.exe"+224779: 44 8D 0C 10 - lea r9d,[rax+rdx]
"ShadowOfWar.exe"+22477D: 45 3B CA - cmp r9d,r10d
"ShadowOfWar.exe"+224780: 45 0F 47 CA - cmova r9d,r10d
"ShadowOfWar.exe"+224784: 41 3B C1 - cmp eax,r9d
"ShadowOfWar.exe"+224787: 74 2F - je ShadowOfWar.exe+2247B8
}
4004
"Complete all item challenges"
8000FF
Auto Assembler Script
{ Game : ShadowOfWar.exe
Version:
Date : 2017-10-27
Author : SeiKur0
}
[ENABLE]
aobscanmodule(inj_itemchallenge,ShadowOfWar.exe,48 8B 51 08 33 C0 48 85 D2 74 09 8b 4a 2c)
alloc(newmem,$1000,inj_itemchallenge)
label(return)
newmem:
mov ecx,[rdx+2c]
mov [rdx+28],ecx
mov al,1
jmp return
inj_itemchallenge+b:
jmp newmem
nop
return:
registersymbol(inj_itemchallenge)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
inj_itemchallenge+b:
db 8b 4a 2c 39 4a 28
unregistersymbol(inj_itemchallenge)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "ShadowOfWar.exe"+18783B0
"ShadowOfWar.exe"+1878390: 48 8B 05 D9 7F A1 00 - mov rax,[ShadowOfWar.exe+2290370]
"ShadowOfWar.exe"+1878397: 8A 80 18 01 00 00 - mov al,[rax+00000118]
"ShadowOfWar.exe"+187839D: C3 - ret
"ShadowOfWar.exe"+187839E: CC - int 3
"ShadowOfWar.exe"+187839F: CC - int 3
"ShadowOfWar.exe"+18783A0: 48 8B 05 C9 7F A1 00 - mov rax,[ShadowOfWar.exe+2290370]
"ShadowOfWar.exe"+18783A7: 8A 80 60 01 00 00 - mov al,[rax+00000160]
"ShadowOfWar.exe"+18783AD: C3 - ret
"ShadowOfWar.exe"+18783AE: CC - int 3
"ShadowOfWar.exe"+18783AF: CC - int 3
// ---------- INJECTING HERE ----------
"ShadowOfWar.exe"+18783B0: 48 8B 51 08 - mov rdx,[rcx+08]
"ShadowOfWar.exe"+18783B4: 33 C0 - xor eax,eax
// ---------- DONE INJECTING ----------
"ShadowOfWar.exe"+18783B6: 48 85 D2 - test rdx,rdx
"ShadowOfWar.exe"+18783B9: 74 09 - je ShadowOfWar.exe+18783C4
"ShadowOfWar.exe"+18783BB: 8B 4A 2C - mov ecx,[rdx+2C]
"ShadowOfWar.exe"+18783BE: 39 4A 28 - cmp [rdx+28],ecx
"ShadowOfWar.exe"+18783C1: 0F 93 C0 - setae al
"ShadowOfWar.exe"+18783C4: C3 - ret
"ShadowOfWar.exe"+18783C5: CC - int 3
"ShadowOfWar.exe"+18783C6: CC - int 3
"ShadowOfWar.exe"+18783C7: CC - int 3
"ShadowOfWar.exe"+18783C8: 48 89 5C 24 08 - mov [rsp+08],rbx
}
4015
"Choose multiple skills"
8000FF
Auto Assembler Script
{ Game : ShadowOfWar.exe
Version:
Date : 2017-10-27
Author : SeiKur0
}
[ENABLE]
aobscanmodule(inj_ability_switch,ShadowOfWar.exe,74 3B 48 8B 8E ** ** 00 00 48 85 c9)
inj_ability_switch:
db eb
registersymbol(inj_ability_switch)
[DISABLE]
inj_ability_switch:
db 74
unregistersymbol(inj_ability_switch)
{
// ORIGINAL CODE - INJECTION POINT: "ShadowOfWar.exe"+18A0ACF
"ShadowOfWar.exe"+18A0AAF: 48 C1 EB 03 - shr rbx,03
"ShadowOfWar.exe"+18A0AB3: 48 3B C1 - cmp rax,rcx
"ShadowOfWar.exe"+18A0AB6: 49 0F 47 DC - cmova rbx,r12
"ShadowOfWar.exe"+18A0ABA: 48 85 DB - test rbx,rbx
"ShadowOfWar.exe"+18A0ABD: 74 59 - je ShadowOfWar.exe+18A0B18
"ShadowOfWar.exe"+18A0ABF: 49 8B 16 - mov rdx,[r14]
"ShadowOfWar.exe"+18A0AC2: 48 8B CE - mov rcx,rsi
"ShadowOfWar.exe"+18A0AC5: E8 6E AC C5 FE - call ShadowOfWar.exe+4FB738
"ShadowOfWar.exe"+18A0ACA: 44 8B F8 - mov r15d,eax
"ShadowOfWar.exe"+18A0ACD: 85 C0 - test eax,eax
// ---------- INJECTING HERE ----------
"ShadowOfWar.exe"+18A0ACF: 74 3B - je ShadowOfWar.exe+18A0B0C
"ShadowOfWar.exe"+18A0AD1: 48 8B 8E C8 03 00 00 - mov rcx,[rsi+000003C8]
// ---------- DONE INJECTING ----------
"ShadowOfWar.exe"+18A0AD8: 48 85 C9 - test rcx,rcx
"ShadowOfWar.exe"+18A0ADB: 74 21 - je ShadowOfWar.exe+18A0AFE
"ShadowOfWar.exe"+18A0ADD: 4C 39 61 40 - cmp [rcx+40],r12
"ShadowOfWar.exe"+18A0AE1: 74 1B - je ShadowOfWar.exe+18A0AFE
"ShadowOfWar.exe"+18A0AE3: 48 8B 0D B6 A8 AD 00 - mov rcx,[ShadowOfWar.exe+237B3A0]
"ShadowOfWar.exe"+18A0AEA: BA 08 00 00 00 - mov edx,00000008
"ShadowOfWar.exe"+18A0AEF: 4D 8B 06 - mov r8,[r14]
"ShadowOfWar.exe"+18A0AF2: 48 8B 89 18 6D 00 00 - mov rcx,[rcx+00006D18]
"ShadowOfWar.exe"+18A0AF9: E8 12 85 F6 FF - call ShadowOfWar.exe+1809010
"ShadowOfWar.exe"+18A0AFE: 49 8B 16 - mov rdx,[r14]
}
1290
"Infinite mission time"
8000FF
Auto Assembler Script
{ Game : ShadowOfWar.exe
Version:
Date : 2017-10-31
Author : SeiKur0
}
[ENABLE]
aobscanmodule(inj_mission_timefail,ShadowOfWar.exe,48 8d 77 10 48 8b ce e8 ******** 84 c0)
inj_mission_timefail+c:
db EB 06
registersymbol(inj_mission_timefail)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
inj_mission_timefail+c:
db 84 c0
unregistersymbol(inj_mission_timefail)
{
// ORIGINAL CODE - INJECTION POINT: "ShadowOfWar.exe"+150C13
"ShadowOfWar.exe"+150BEF: 74 4F - je ShadowOfWar.exe+150C40
"ShadowOfWar.exe"+150BF1: 41 8B FE - mov edi,r14d
"ShadowOfWar.exe"+150BF4: 48 C1 E7 06 - shl rdi,06
"ShadowOfWar.exe"+150BF8: 48 03 FA - add rdi,rdx
"ShadowOfWar.exe"+150BFB: 44 38 7F 20 - cmp [rdi+20],r15l
"ShadowOfWar.exe"+150BFF: 0F 85 E2 A7 BC 00 - jne ShadowOfWar.exe+D1B3E7
"ShadowOfWar.exe"+150C05: 48 8D 77 10 - lea rsi,[rdi+10]
"ShadowOfWar.exe"+150C09: 48 8B CE - mov rcx,rsi
"ShadowOfWar.exe"+150C0C: E8 53 17 15 00 - call ShadowOfWar.exe+2A2364
"ShadowOfWar.exe"+150C11: 84 C0 - test al,al
// ---------- INJECTING HERE ----------
"ShadowOfWar.exe"+150C13: 90 - nop
"ShadowOfWar.exe"+150C14: 90 - nop
"ShadowOfWar.exe"+150C15: 90 - nop
"ShadowOfWar.exe"+150C16: 90 - nop
"ShadowOfWar.exe"+150C17: 90 - nop
// ---------- DONE INJECTING ----------
"ShadowOfWar.exe"+150C18: 90 - nop
"ShadowOfWar.exe"+150C19: 44 38 7F 20 - cmp [rdi+20],r15l
"ShadowOfWar.exe"+150C1D: 0F 85 AF A7 BC 00 - jne ShadowOfWar.exe+D1B3D2
"ShadowOfWar.exe"+150C23: 48 8B 93 90 01 00 00 - mov rdx,[rbx+00000190]
"ShadowOfWar.exe"+150C2A: 41 FF C6 - inc r14d
"ShadowOfWar.exe"+150C2D: 48 8B 83 98 01 00 00 - mov rax,[rbx+00000198]
"ShadowOfWar.exe"+150C34: 48 2B C2 - sub rax,rdx
"ShadowOfWar.exe"+150C37: 48 C1 F8 06 - sar rax,06
"ShadowOfWar.exe"+150C3B: 44 3B F0 - cmp r14d,eax
"ShadowOfWar.exe"+150C3E: 72 B1 - jb ShadowOfWar.exe+150BF1
}