LEGO Worlds

Memory scanning, code injection, debugger internals and other gamemodding related discussion
Post Reply
User avatar
Kalas
Expert Cheater
Expert Cheater
Posts: 131
Joined: Fri Mar 03, 2017 9:49 am
Reputation: 7

LEGO Worlds

Post by Kalas » Sat Mar 11, 2017 1:52 pm

Code: Select all

[ENABLE]

aobscanmodule(aobGoldenBrick,LEGO_Worlds_DX11.EXE,10 49 89 44 24 18 49 89 54 24 20)
alloc(newmem,$100,"LEGO_Worlds_DX11.EXE"+F42149)

label(code)
label(return)

newmem:

code:
  mov [r12+20],rdx
  jmp return

aobGoldenBrick+06:
  jmp newmem
return:
registersymbol(aobGoldenBrick)

[DISABLE]

aobGoldenBrick+06:
  db 49 89 54 24 20

unregistersymbol(aobGoldenBrick)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "LEGO_Worlds_DX11.EXE"+F42149

"LEGO_Worlds_DX11.EXE"+F42117: 48 8B 94 24 E8 00 00 00  -  mov rdx,[rsp+000000E8]
"LEGO_Worlds_DX11.EXE"+F4211F: 4C 8B 44 24 50           -  mov r8,[rsp+50]
"LEGO_Worlds_DX11.EXE"+F42124: 4C 8B 4C 24 58           -  mov r9,[rsp+58]
"LEGO_Worlds_DX11.EXE"+F42129: 48 8B 1B                 -  mov rbx,[rbx]
"LEGO_Worlds_DX11.EXE"+F4212C: 48 85 DB                 -  test rbx,rbx
"LEGO_Worlds_DX11.EXE"+F4212F: 0F 85 1B FF FF FF        -  jne LEGO_Worlds_DX11.EXE+F42050
"LEGO_Worlds_DX11.EXE"+F42135: 48 8B 7C 24 70           -  mov rdi,[rsp+70]
"LEGO_Worlds_DX11.EXE"+F4213A: 48 8B 6C 24 68           -  mov rbp,[rsp+68]
"LEGO_Worlds_DX11.EXE"+F4213F: 4D 89 6C 24 10           -  mov [r12+10],r13
"LEGO_Worlds_DX11.EXE"+F42144: 49 89 44 24 18           -  mov [r12+18],rax
// ---------- INJECTING HERE ----------
"LEGO_Worlds_DX11.EXE"+F42149: 49 89 54 24 20           -  mov [r12+20],rdx
// ---------- DONE INJECTING  ----------
"LEGO_Worlds_DX11.EXE"+F4214E: 4D 89 44 24 28           -  mov [r12+28],r8
"LEGO_Worlds_DX11.EXE"+F42153: 4D 89 4C 24 30           -  mov [r12+30],r9
"LEGO_Worlds_DX11.EXE"+F42158: 41 C6 44 24 38 00        -  mov byte ptr [r12+38],00
"LEGO_Worlds_DX11.EXE"+F4215E: 49 8B 5C 24 18           -  mov rbx,[r12+18]
"LEGO_Worlds_DX11.EXE"+F42163: 49 8B CC                 -  mov rcx,r12
"LEGO_Worlds_DX11.EXE"+F42166: E8 35 3D 06 00           -  call LEGO_Worlds_DX11.EXE+FA5EA0
"LEGO_Worlds_DX11.EXE"+F4216B: 48 8B 7F 08              -  mov rdi,[rdi+08]
"LEGO_Worlds_DX11.EXE"+F4216F: 49 8B 4C 24 20           -  mov rcx,[r12+20]
"LEGO_Worlds_DX11.EXE"+F42174: 48 8B 84 24 D0 00 00 00  -  mov rax,[rsp+000000D0]
"LEGO_Worlds_DX11.EXE"+F4217C: 48 03 CB                 -  add rcx,rbx
}

I want a script where I set an Hotkey and it will add by how much I want, for example Num 1 will add 3 of that item.

User avatar
++METHOS
Administration
Administration
Posts: 165
Joined: Thu Mar 02, 2017 9:02 pm
Reputation: 16

Re: LEGO Worlds

Post by ++METHOS » Sat Mar 11, 2017 5:25 pm

[ENABLE]

aobscanmodule(aobgoldenbrick,lego_worlds_dx11.exe,10 49 89 44 24 18 49 89 54 24 20)
alloc(newmem,$100,"lego_worlds_dx11.exe"+F42149)

label(code)
label(return)
label(value)

registersymbol(aobgoldenbrick)
registersymbol(value)

//==============================//

newmem:
cmp [value],0
je @f
push rdi
mov rdi,[value]
mov rdx,rdi
pop rdi

code:
mov [r12+20],rdx
jmp return

value:
dq 0 //change allocation, if needed

aobgoldenbrick+06:
jmp newmem
return:

//==============================//

[DISABLE]

dealloc(newmem)
aobgoldenbrick+06:
db 49 89 54 24 20

unregistersymbol(aobgoldenbrick)
unregistersymbol(value)
Once the script is activated, manually add an address to your cheat table and put value in the address field. You may change allocation and data type, if needed. Assign hotkeys to that custom address to set the value to whatever you want.

User avatar
Kalas
Expert Cheater
Expert Cheater
Posts: 131
Joined: Fri Mar 03, 2017 9:49 am
Reputation: 7

Re: LEGO Worlds

Post by Kalas » Sat Mar 11, 2017 7:26 pm

I'm still learning assembly, what does that mean:

Code: Select all

je @f
And It does not seem to work, I've set hotkey to the manual address, Num 1 will Add 10 Golden Bricks.

I might have done something wrong?

OK Edit: It seems like I need to actually gain some for it to take effect, Thank you thhough, would like to hear what je @f means :P)

User avatar
Kalas
Expert Cheater
Expert Cheater
Posts: 131
Joined: Fri Mar 03, 2017 9:49 am
Reputation: 7

Re: LEGO Worlds

Post by Kalas » Sat Mar 11, 2017 7:39 pm

So I've been doing the same for Coins It looks like that:

Code: Select all

[ENABLE]

aobscanmodule(aobCoins,LEGO_Worlds_DX11.EXE,48 89 7B 30 48 89 7B 28 75)
alloc(newmem,$100,"LEGO_Worlds_DX11.EXE"+F8C69F)

label(code)
label(return)
label(value)

registersymbol(aobcoins)
registersymbol(value)

newmem:
  cmp [value],0
  je @f
  push rdx
  mov rdx,[value]
  mov rdi,rdx
  pop rdx

code:
  mov [rbx+30],rdi
  mov [rbx+28],rdi
  jmp return

value:
  dq 0 //change allocation, if needed

aobCoins:
  jmp newmem
  nop
  nop
  nop
return:
registersymbol(aobCoins)

[DISABLE]

aobCoins:
  db 48 89 7B 30 48 89 7B 28

unregistersymbol(aobCoins)
dealloc(newmem)

unregistersymbol(aobcoins)
unregistersymbol(value)

{
// ORIGINAL CODE - INJECTION POINT: "LEGO_Worlds_DX11.EXE"+F8C69F

"LEGO_Worlds_DX11.EXE"+F8C67D: 48 8B D9              -  mov rbx,rcx
"LEGO_Worlds_DX11.EXE"+F8C680: 48 39 51 28           -  cmp [rcx+28],rdx
"LEGO_Worlds_DX11.EXE"+F8C684: 75 0C                 -  jne LEGO_Worlds_DX11.EXE+F8C692
"LEGO_Worlds_DX11.EXE"+F8C686: 48 39 51 30           -  cmp [rcx+30],rdx
"LEGO_Worlds_DX11.EXE"+F8C68A: 75 06                 -  jne LEGO_Worlds_DX11.EXE+F8C692
"LEGO_Worlds_DX11.EXE"+F8C68C: 83 79 20 00           -  cmp dword ptr [rcx+20],00
"LEGO_Worlds_DX11.EXE"+F8C690: 75 09                 -  jne LEGO_Worlds_DX11.EXE+F8C69B
"LEGO_Worlds_DX11.EXE"+F8C692: 48 8B 49 18           -  mov rcx,[rcx+18]
"LEGO_Worlds_DX11.EXE"+F8C696: E8 85 BF FF FF        -  call LEGO_Worlds_DX11.EXE+F88620
"LEGO_Worlds_DX11.EXE"+F8C69B: 83 7B 20 00           -  cmp dword ptr [rbx+20],00
// ---------- INJECTING HERE ----------
"LEGO_Worlds_DX11.EXE"+F8C69F: 48 89 7B 30           -  mov [rbx+30],rdi
"LEGO_Worlds_DX11.EXE"+F8C6A3: 48 89 7B 28           -  mov [rbx+28],rdi
// ---------- DONE INJECTING  ----------
"LEGO_Worlds_DX11.EXE"+F8C6A7: 75 07                 -  jne LEGO_Worlds_DX11.EXE+F8C6B0
"LEGO_Worlds_DX11.EXE"+F8C6A9: C7 43 20 02 00 00 00  -  mov [rbx+20],00000002
"LEGO_Worlds_DX11.EXE"+F8C6B0: 48 8B 5C 24 30        -  mov rbx,[rsp+30]
"LEGO_Worlds_DX11.EXE"+F8C6B5: 48 83 C4 20           -  add rsp,20
"LEGO_Worlds_DX11.EXE"+F8C6B9: 5F                    -  pop rdi
"LEGO_Worlds_DX11.EXE"+F8C6BA: C3                    -  ret 
"LEGO_Worlds_DX11.EXE"+F8C6BB: CC                    -  int 3 
"LEGO_Worlds_DX11.EXE"+F8C6BC: CC                    -  int 3 
"LEGO_Worlds_DX11.EXE"+F8C6BD: CC                    -  int 3 
"LEGO_Worlds_DX11.EXE"+F8C6BE: CC                    -  int 3 
}
I just need to know what Je @f means please :)


EDIT: Given answer by a friend thank you though for your help!

User avatar
++METHOS
Administration
Administration
Posts: 165
Joined: Thu Mar 02, 2017 9:02 pm
Reputation: 16

Re: LEGO Worlds

Post by ++METHOS » Sun Mar 12, 2017 3:42 am

Kalas wrote:
Sat Mar 11, 2017 7:26 pm
I'm still learning assembly, what does that mean:

Code: Select all

je @f
-You can read about anonymous labels here.

Example:
newmem:
sub rdi,1
cmp rdi,4
jne @f //jump 'forward' to @@
jmp @b //jump 'backwards' to newmem

@@:
//code
'@@' can be used as an anonymous label, and as such, does not have to be defined -- i.e. no need for label(@@). However, with CE, the jump does not have to lead to an anonymous label, but as you can see in the example above, it can lead to any label that immediately follows or precedes the jump. You can use an unlimited amount of anonymous labels to avoid having to define many labels.
Kalas wrote:
Sat Mar 11, 2017 7:26 pm
OK Edit: It seems like I need to actually gain some for it to take effect
-If you want to avoid this, then you need to inject using an instruction that accesses the address constantly, in lieu of one that only writes to the address. If there are none available, simple look through the data structure and inject using an instruction that is constantly accessing any one of the number of other addresses that reside within the same data structure.

FYI, if I do not reply instantaneously, it is probably because I am busy with something -- like sleep, or living my life. So please be patient. :D

User avatar
Kalas
Expert Cheater
Expert Cheater
Posts: 131
Joined: Fri Mar 03, 2017 9:49 am
Reputation: 7

Re: LEGO Worlds

Post by Kalas » Sun Mar 12, 2017 9:11 am

Oh I understand but I'm fine with the results I got right now, gaining Coins is not an issue nor the Golden Bricks, thank you so much for your help.

Post Reply

Who is online

Users browsing this forum: No registered users