Fixed two records related to global variables. I
might've fixed some others, but I don't really remember. I'm currently able to use
Last Moved Item in Backpack for quantity,
Remove Skill Cooldown,
Unlimited Durability, and
Set Treasure Level so if any of those don't work for you, I'll post what I've got in my table.
Should be able to just copy this and paste it into your table for the global variables stuff:
Code: Select all
<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
<CheatEntries>
<CheatEntry>
<ID>10526</ID>
<Description>"Global Variables"</Description>
<Options moHideChildren="1"/>
<LastState/>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>[ENABLE]
{ old aobscanmodule
aobscanmodule(globals,EoCApp.exe,83 FB ?? 75 ?? 48 8B ?? ?? ?? ?? ?? 33 D2)
old code not sure how to fix
if success then
globals = getAddress("globals") + 23
globals = readInteger(globals) + globals + 20
end
EoCApp.exe+1C91227 - mov rax,[EoCApp.exe+29E0798]
EoCApp.exe+1C91231 - mov rcx,[EoCApp.exe+2969208]
}
{$lua}
if syntaxcheck then return end
local AddressList = _G.AddressList
local function disassembleInstr(address)
local output = disassemble(address)
local instrParts = table.pack(splitDisassembledString(output))
local instrText = instrParts[2]
local results = {["params"]={}}
local firstTime = true
for param in string.gmatch(instrText, '[^ ,]+') do
if firstTime then
firstTime = false
results.instr = string.lower(param)
else
table.insert(results['params'], param)
end
end
return results
end
local function stripBrackets(address)
local result = address
local prefix = string.sub(address, -1)
local postfix = string.sub(address, 0, 1)
if prefix == '[' and postfix == ']' then
result = string.sub(address, 2, -2)
end
return result
end
local function lookupGlobalVariables()
-- Look up mov instruction and disassemble
--[==[
local variables_size
assert(autoAssemble([[
aobscanmodule(global_variables_aob,EoCApp.exe,83 FB ?? 77 ?? 48 B9 ?? ?? ?? ?? ?? ?? ?? ?? 48 0F A3 D9 73 ?? 48 8B ?? ?? ?? ?? ?? 0F 57 C9)
registersymbol(global_variables_aob)
]]))
local variables_codeaddr = assert(getAddressSafe('global_variables_aob+15'))
unregisterSymbol('global_variables_aob')
assert(variables_codeaddr > 0x15)
local variables_instr = disassembleInstr(variables_codeaddr)
-- Resolve the variables memory size and pointer.
local variables_ptr = stripBrackets(variables_instr.params[2])
]==]--
local variables_ptr = 'EoCApp.exe+29E0798'
variables_ptr = readPointer(variables_ptr)
variables_ptr = readPointer(variables_ptr + 0x2E0)
variables_size = readInteger(variables_ptr) - 1
variables_ptr = readPointer(variables_ptr + 0x8)
return variables_ptr, variables_size
end
local recordDataCmp = function(a, b)
return a.name < b.name
end
local function iterGlobalVariables(variables, size)
local idx
local results = {}
for idx = 0,size do
local variable = readPointer(variables + idx * 8)
repeat
local recordData = {}
recordData.name = readString(readPointer(variable + 0x8))
recordData.address = variable + 0x10
table.insert(results, recordData)
variable = readPointer(variable)
until variable == 0
end
table.sort(results, recordDataCmp)
return ipairs(results)
end
local function createVariableRecord(recordData)
local record = AddressList.createMemoryRecord()
record.DontSave = true
record.Type = vtSingle
record.VarType = 'vtSingle'
record.Description = recordData.name
record.Address = recordData.address
return record
end
local function isEmptyRecord(record)
return record.Count <= 0
end
local function populateVariablesRoot(rootRecord)
local variables, size = lookupGlobalVariables()
for _,recordData in iterGlobalVariables(variables, size) do
local record = createVariableRecord(recordData)
record.appendToEntry(rootRecord)
end
end
local function cleanupVariablesRoot(rootRecord)
if record.Count > 0 then
local idx
local lastIdx = rootRecord.Count - 1
for idx = lastIdx,0,-1 do
local record = rootRecord.Child[idx]
record.disableWithoutExecute()
object_destroy(record)
end
end
end
if isEmptyRecord(memrec) then
populateVariablesRoot(memrec)
end
{$asm}
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
{
// ORIGINAL CODE - INJECTION POINT: "EoCApp.exe"+16AD5B7
"EoCApp.exe"+16AD592: FF 15 40 6D 2D 00 - call qword ptr [EoCApp.exe+19842D8]
"EoCApp.exe"+16AD598: F3 0F 2C C0 - cvttss2si eax,xmm0
"EoCApp.exe"+16AD59C: 48 83 C4 20 - add rsp,20
"EoCApp.exe"+16AD5A0: 5B - pop rbx
"EoCApp.exe"+16AD5A1: C3 - ret
"EoCApp.exe"+16AD5A2: 83 FB 22 - cmp ebx,22
"EoCApp.exe"+16AD5A5: 77 50 - ja EoCApp.exe+16AD5F7
"EoCApp.exe"+16AD5A7: 48 B9 50 00 00 00 04 00 00 00 - mov rcx,0000000400000050
"EoCApp.exe"+16AD5B1: 48 0F A3 D9 - bt rcx,rbx
"EoCApp.exe"+16AD5B5: 73 40 - jae EoCApp.exe+16AD5F7
// ---------- INJECTING HERE ----------
"EoCApp.exe"+16AD5B7: 48 8B 05 2A 1B 8E 00 - mov rax,[EoCApp.exe+1F8F0E8]
// ---------- DONE INJECTING ----------
"EoCApp.exe"+16AD5BE: 33 D2 - xor edx,edx
"EoCApp.exe"+16AD5C0: 48 8B 0D F9 B6 87 00 - mov rcx,[EoCApp.exe+1F28CC0]
"EoCApp.exe"+16AD5C7: 0F 57 C9 - xorps xmm1,xmm1
"EoCApp.exe"+16AD5CA: 4C 8B 88 E0 02 00 00 - mov r9,[rax+000002E0]
"EoCApp.exe"+16AD5D1: 48 8B C1 - mov rax,rcx
"EoCApp.exe"+16AD5D4: 45 8B 01 - mov r8d,[r9]
"EoCApp.exe"+16AD5D7: 49 F7 F0 - div r8
"EoCApp.exe"+16AD5DA: 49 8B 41 08 - mov rax,[r9+08]
"EoCApp.exe"+16AD5DE: 4C 8B 04 D0 - mov r8,[rax+rdx*8]
"EoCApp.exe"+16AD5E2: 4D 85 C0 - test r8,r8
}
</AssemblerScript>
</CheatEntry>
<CheatEntry>
<ID>4037</ID>
<Description>"Print Global Variables"</Description>
<LastState/>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>[ENABLE]
{ old aobscanmodule
aobscanmodule(globals,EoCApp.exe,83 FB ?? 75 ?? 48 8B ?? ?? ?? ?? ?? 33 D2)
old code not sure how to fix
if success then
globals = getAddress("globals") + 23
globals = readInteger(globals) + globals + 20
end
EoCApp.exe+1C91227 - mov rax,[EoCApp.exe+29E0798]
EoCApp.exe+1C91231 - mov rcx,[EoCApp.exe+2969208]
}
{$lua}
if syntaxcheck then return end
local success = autoAssemble([[
aobscanmodule(globals,EoCApp.exe,83 FB ?? 77 ?? 48 B9 ?? ?? ?? ?? ?? ?? ?? ?? 48 0F A3 D9 73 ?? 48 8B ?? ?? ?? ?? ?? 0F 57 C9)
registersymbol(globals)
]])
local globals = "EoCApp.exe+29E0798"
local variables = readPointer(globals)
variables = readPointer(variables + 0x2E0)
local size = readInteger(variables) - 1
variables = readPointer(variables + 0x8)
for i = 0, size do
local variable = readPointer(variables + i * 8)
repeat
local name = readString(readPointer(variable + 0x8))
local address = variable + 0x10
local value = readFloat(address)
local result = string.format("%012X %s (%0.3f)", address, name, value)
print(result)
variable = readPointer(variable)
until variable == 0
end
assert(false)
{$asm}
[DISABLE]
{
// ORIGINAL CODE - INJECTION POINT: "EoCApp.exe"+16AD5B7
"EoCApp.exe"+16AD592: FF 15 40 6D 2D 00 - call qword ptr [EoCApp.exe+19842D8]
"EoCApp.exe"+16AD598: F3 0F 2C C0 - cvttss2si eax,xmm0
"EoCApp.exe"+16AD59C: 48 83 C4 20 - add rsp,20
"EoCApp.exe"+16AD5A0: 5B - pop rbx
"EoCApp.exe"+16AD5A1: C3 - ret
"EoCApp.exe"+16AD5A2: 83 FB 22 - cmp ebx,22
"EoCApp.exe"+16AD5A5: 77 50 - ja EoCApp.exe+16AD5F7
"EoCApp.exe"+16AD5A7: 48 B9 50 00 00 00 04 00 00 00 - mov rcx,0000000400000050
"EoCApp.exe"+16AD5B1: 48 0F A3 D9 - bt rcx,rbx
"EoCApp.exe"+16AD5B5: 73 40 - jae EoCApp.exe+16AD5F7
// ---------- INJECTING HERE ----------
"EoCApp.exe"+16AD5B7: 48 8B 05 2A 1B 8E 00 - mov rax,[EoCApp.exe+1F8F0E8]
// ---------- DONE INJECTING ----------
"EoCApp.exe"+16AD5BE: 33 D2 - xor edx,edx
"EoCApp.exe"+16AD5C0: 48 8B 0D F9 B6 87 00 - mov rcx,[EoCApp.exe+1F28CC0]
"EoCApp.exe"+16AD5C7: 0F 57 C9 - xorps xmm1,xmm1
"EoCApp.exe"+16AD5CA: 4C 8B 88 E0 02 00 00 - mov r9,[rax+000002E0]
"EoCApp.exe"+16AD5D1: 48 8B C1 - mov rax,rcx
"EoCApp.exe"+16AD5D4: 45 8B 01 - mov r8d,[r9]
"EoCApp.exe"+16AD5D7: 49 F7 F0 - div r8
"EoCApp.exe"+16AD5DA: 49 8B 41 08 - mov rax,[r9+08]
"EoCApp.exe"+16AD5DE: 4C 8B 04 D0 - mov r8,[rax+rdx*8]
"EoCApp.exe"+16AD5E2: 4D 85 C0 - test r8,r8
}
</AssemblerScript>
</CheatEntry>
</CheatEntries>
</CheatTable>
**Note**: This was based off of axuzawan's back in April. Just now seeing that Cowtow released an updated table, so I'll check that out.