6
"Unlimited Health"
Auto Assembler Script
{ Game : re7.exe
Version:
Date : 2017-01-24
Author : STN
This script does blah blah blah
}
[ENABLE]
aobscanmodule(health,re7.exe,F3 0F 10 40 24 48 8B 43 50 48 39 70 18 0F 85 ?? ?? ?? ?? 0F 5A C8) // should be unique
alloc(newmem,$1000,"re7.exe"+805299C)
label(code)
label(return)
label(playerstruct)
registersymbol(playerstruct)
newmem:
mov [playerstruct], rax
mov [rax+24], (float)9999
code:
movss xmm0,[rax+24]
jmp return
playerstruct:
dq 0
health:
jmp newmem
return:
registersymbol(health)
[DISABLE]
health:
db F3 0F 10 40 24
unregistersymbol(health)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "re7.exe"+805299C
"re7.exe"+805297C: 0F 29 7C 24 30 - movaps [rsp+30],xmm7
"re7.exe"+8052981: 0F 57 FF - xorps xmm7,xmm7
"re7.exe"+8052984: 48 85 C0 - test rax,rax
"re7.exe"+8052987: 75 13 - jne re7.exe+805299C
"re7.exe"+8052989: 45 31 C0 - xor r8d,r8d
"re7.exe"+805298C: 8D 50 26 - lea edx,[rax+26]
"re7.exe"+805298F: 48 89 D9 - mov rcx,rbx
"re7.exe"+8052992: E8 39 DE 2D 01 - call re7.exe+93307D0
"re7.exe"+8052997: 0F 28 C7 - movaps xmm0,xmm7
"re7.exe"+805299A: EB 05 - jmp re7.exe+80529A1
// ---------- INJECTING HERE ----------
"re7.exe"+805299C: F3 0F 10 40 24 - movss xmm0,[rax+24]
// ---------- DONE INJECTING ----------
"re7.exe"+80529A1: 48 8B 43 50 - mov rax,[rbx+50]
"re7.exe"+80529A5: 48 39 70 18 - cmp [rax+18],rsi
"re7.exe"+80529A9: 0F 85 DA 05 00 00 - jne re7.exe+8052F89
"re7.exe"+80529AF: 0F 5A C8 - cvtps2pd xmm1,xmm0
"re7.exe"+80529B2: F3 0F 10 87 9C 01 00 00 - movss xmm0,[rdi+0000019C]
"re7.exe"+80529BA: 0F 5A C0 - cvtps2pd xmm0,xmm0
"re7.exe"+80529BD: 66 0F 2F C1 - comisd xmm0,xmm1
"re7.exe"+80529C1: 0F 97 D2 - seta dl
"re7.exe"+80529C4: 88 97 F1 00 00 00 - mov [rdi+000000F1],dl
"re7.exe"+80529CA: 48 8B 43 50 - mov rax,[rbx+50]
}
1
"Unlimited Items"
Auto Assembler Script
{ Game : re7.exe
Version:
Date : 2017-01-24
Author : STN
This script does blah blah blah
}
[ENABLE]
aobscanmodule(medkit,re7.exe,44 8B B7 88 00 00 00) // should be unique
alloc(newmem,$1000,"re7.exe"+8865B7E)
label(code)
label(return)
newmem:
mov [rdi+00000088], #9
code:
mov r14d,[rdi+00000088]
jmp return
medkit:
jmp newmem
nop
nop
return:
registersymbol(medkit)
[DISABLE]
medkit:
db 44 8B B7 88 00 00 00
unregistersymbol(medkit)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "re7.exe"+8865B7E
"re7.exe"+8865B56: 48 89 D9 - mov rcx,rbx
"re7.exe"+8865B59: 83 F8 01 - cmp eax,01
"re7.exe"+8865B5C: 7F 16 - jg re7.exe+8865B74
"re7.exe"+8865B5E: 48 8B 96 A0 00 00 00 - mov rdx,[rsi+000000A0]
"re7.exe"+8865B65: 48 85 D2 - test rdx,rdx
"re7.exe"+8865B68: 74 37 - je re7.exe+8865BA1
"re7.exe"+8865B6A: E8 71 9A 1B FF - call re7.exe+7A1F5E0
"re7.exe"+8865B6F: E9 8C 00 00 00 - jmp re7.exe+8865C00
"re7.exe"+8865B74: 48 8B AE A0 00 00 00 - mov rbp,[rsi+000000A0]
"re7.exe"+8865B7B: 48 89 FA - mov rdx,rdi
// ---------- INJECTING HERE ----------
"re7.exe"+8865B7E: 44 8B B7 88 00 00 00 - mov r14d,[rdi+00000088]
// ---------- DONE INJECTING ----------
"re7.exe"+8865B85: E8 96 48 05 FF - call re7.exe+78BA420
"re7.exe"+8865B8A: 48 8B 4B 50 - mov rcx,[rbx+50]
"re7.exe"+8865B8E: 48 83 79 18 00 - cmp qword ptr [rcx+18],00
"re7.exe"+8865B93: 0F 85 89 01 00 00 - jne re7.exe+8865D22
"re7.exe"+8865B99: 48 89 D9 - mov rcx,rbx
"re7.exe"+8865B9C: 48 85 ED - test rbp,rbp
"re7.exe"+8865B9F: 75 51 - jne re7.exe+8865BF2
"re7.exe"+8865BA1: 45 31 C0 - xor r8d,r8d
"re7.exe"+8865BA4: 41 8D 50 26 - lea edx,[r8+26]
"re7.exe"+8865BA8: E8 23 AC AC 00 - call re7.exe+93307D0
}
7
"Easy Kills"
Auto Assembler Script
{ Game : re7.exe
Version:
Date : 2017-01-24
Author : STN
This script does blah blah blah
}
[ENABLE]
aobscanmodule(easykills,re7.exe,F6 F3 0F 10 40 24) // should be unique
alloc(newmem,$1000,"re7.exe"+8908999)
label(code)
label(return)
newmem:
cmp [playerstruct], rax
je code
cmp [rax+24], (float)1
jle code
mov [rax+24], (float)1
code:
movss xmm0,[rax+24]
jmp return
easykills+01:
jmp newmem
return:
registersymbol(easykills)
[DISABLE]
easykills+01:
db F3 0F 10 40 24
unregistersymbol(easykills)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "re7.exe"+8908999
"re7.exe"+8908979: 48 85 C0 - test rax,rax
"re7.exe"+890897C: 75 13 - jne re7.exe+8908991
"re7.exe"+890897E: 45 31 C0 - xor r8d,r8d
"re7.exe"+8908981: 8D 50 26 - lea edx,[rax+26]
"re7.exe"+8908984: 48 89 D9 - mov rcx,rbx
"re7.exe"+8908987: E8 44 7E A2 00 - call re7.exe+93307D0
"re7.exe"+890898C: 0F 57 F6 - xorps xmm6,xmm6
"re7.exe"+890898F: EB 45 - jmp re7.exe+89089D6
"re7.exe"+8908991: F3 0F 10 48 20 - movss xmm1,[rax+20]
"re7.exe"+8908996: 0F 57 F6 - xorps xmm6,xmm6
// ---------- INJECTING HERE ----------
"re7.exe"+8908999: F3 0F 10 40 24 - movss xmm0,[rax+24]
// ---------- DONE INJECTING ----------
"re7.exe"+890899E: 0F 5A C9 - cvtps2pd xmm1,xmm1
"re7.exe"+89089A1: 0F 5A C0 - cvtps2pd xmm0,xmm0
"re7.exe"+89089A4: 66 0F 2E CF - ucomisd xmm1,xmm7
"re7.exe"+89089A8: 7A 16 - jp re7.exe+89089C0
"re7.exe"+89089AA: 75 14 - jne re7.exe+89089C0
"re7.exe"+89089AC: 45 31 C0 - xor r8d,r8d
"re7.exe"+89089AF: 48 89 D9 - mov rcx,rbx
"re7.exe"+89089B2: 41 8D 50 27 - lea edx,[r8+27]
"re7.exe"+89089B6: E8 15 7E A2 00 - call re7.exe+93307D0
"re7.exe"+89089BB: 0F 28 C6 - movaps xmm0,xmm6
}
11
"Unlimited Ammo"
Auto Assembler Script
{ Game : re7.exe
Version:
Date : 2017-01-24
Author : STN
This script does blah blah blah
}
[ENABLE]
aobscanmodule(ammo,re7.exe,41 03 B6 88 00 00 00) // should be unique
alloc(newmem,$1000,"re7.exe"+8C44DE9)
label(code)
label(return)
newmem:
mov [r14+00000088], 3e7
code:
add esi,[r14+00000088]
jmp return
ammo:
jmp newmem
nop
nop
return:
registersymbol(ammo)
[DISABLE]
ammo:
db 41 03 B6 88 00 00 00
unregistersymbol(ammo)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "re7.exe"+8C44DE9
"re7.exe"+8C44DC2: 0F 85 D8 00 00 00 - jne re7.exe+8C44EA0
"re7.exe"+8C44DC8: 4D 89 F8 - mov r8,r15
"re7.exe"+8C44DCB: 48 89 D9 - mov rcx,rbx
"re7.exe"+8C44DCE: E8 AD 02 70 00 - call re7.exe+9345080
"re7.exe"+8C44DD3: 0F B6 C8 - movzx ecx,al
"re7.exe"+8C44DD6: 48 8B 43 50 - mov rax,[rbx+50]
"re7.exe"+8C44DDA: 48 83 78 18 00 - cmp qword ptr [rax+18],00
"re7.exe"+8C44DDF: 0F 85 BB 00 00 00 - jne re7.exe+8C44EA0
"re7.exe"+8C44DE5: 85 C9 - test ecx,ecx
"re7.exe"+8C44DE7: 75 07 - jne re7.exe+8C44DF0
// ---------- INJECTING HERE ----------
"re7.exe"+8C44DE9: 41 03 B6 88 00 00 00 - add esi,[r14+00000088]
// ---------- DONE INJECTING ----------
"re7.exe"+8C44DF0: 48 8D 55 C8 - lea rdx,[rbp-38]
"re7.exe"+8C44DF4: 48 89 D9 - mov rcx,rbx
"re7.exe"+8C44DF7: E8 B4 1E 7A FF - call re7.exe+83E6CB0
"re7.exe"+8C44DFC: 0F B6 C8 - movzx ecx,al
"re7.exe"+8C44DFF: 48 8B 43 50 - mov rax,[rbx+50]
"re7.exe"+8C44E03: 48 8B 50 18 - mov rdx,[rax+18]
"re7.exe"+8C44E07: 48 85 D2 - test rdx,rdx
"re7.exe"+8C44E0A: 0F 84 49 FD FF FF - je re7.exe+8C44B59
"re7.exe"+8C44E10: 45 31 F6 - xor r14d,r14d
"re7.exe"+8C44E13: 48 8B 43 50 - mov rax,[rbx+50]
}
Toggle Activation
115
0
13
"No Reload"
Auto Assembler Script
{ Game : re7.exe
Version:
Date : 2017-01-24
Author : STN
This script does blah blah blah
}
[ENABLE]
aobscanmodule(noreload,re7.exe,8B 41 24 39 C2 0F 9E D0 4D) // should be unique
alloc(newmem,$1000,"re7.exe"+829FC2A)
label(code)
label(return)
newmem:
mov [rcx+24], 63
code:
mov eax,[rcx+24]
cmp edx,eax
jmp return
noreload:
jmp newmem
return:
registersymbol(noreload)
[DISABLE]
noreload:
db 8B 41 24 39 C2
unregistersymbol(noreload)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "re7.exe"+829FC2A
"re7.exe"+829FC0D: B0 01 - mov al,01
"re7.exe"+829FC0F: EB 21 - jmp re7.exe+829FC32
"re7.exe"+829FC11: 31 C0 - xor eax,eax
"re7.exe"+829FC13: 89 C2 - mov edx,eax
"re7.exe"+829FC15: 4D 85 C9 - test r9,r9
"re7.exe"+829FC18: 74 04 - je re7.exe+829FC1E
"re7.exe"+829FC1A: 41 8B 51 40 - mov edx,[r9+40]
"re7.exe"+829FC1E: 48 8B 8F 78 01 00 00 - mov rcx,[rdi+00000178]
"re7.exe"+829FC25: 48 85 C9 - test rcx,rcx
"re7.exe"+829FC28: 74 03 - je re7.exe+829FC2D
// ---------- INJECTING HERE ----------
"re7.exe"+829FC2A: 8B 41 24 - mov eax,[rcx+24]
"re7.exe"+829FC2D: 39 C2 - cmp edx,eax
// ---------- DONE INJECTING ----------
"re7.exe"+829FC2F: 0F 9E D0 - setle al
"re7.exe"+829FC32: 4D 85 C0 - test r8,r8
"re7.exe"+829FC35: 75 6E - jne re7.exe+829FCA5
"re7.exe"+829FC37: 84 C0 - test al,al
"re7.exe"+829FC39: 75 6A - jne re7.exe+829FCA5
"re7.exe"+829FC3B: 48 89 FA - mov rdx,rdi
"re7.exe"+829FC3E: 48 89 D9 - mov rcx,rbx
"re7.exe"+829FC41: E8 1A 64 FE FF - call re7.exe+8286060
"re7.exe"+829FC46: 0F B6 C8 - movzx ecx,al
"re7.exe"+829FC49: 48 8B 43 50 - mov rax,[rbx+50]
}
Toggle Activation
116
0
14
"Health mgr.inz.Player"
Auto Assembler Script
// Game : re7.exe
// Date : 24.01.2017
// Author : mgr.inz.Player
[ENABLE]
aobscanmodule(aob_HealthFreeze,re7.exe,F6 F3 0F 10 40 24)
registersymbol(aob_HealthFreeze)
alloc(newmem_HealthFreeze,1024,re7.exe)
label(return_HealthFreeze)
newmem_HealthFreeze:
movss xmm0,[rax+20]
movss [rax+24],xmm0
jmp return_HealthFreeze
aob_HealthFreeze+01:
jmp newmem_HealthFreeze
return_HealthFreeze:
[DISABLE]
aob_HealthFreeze+01:
db F3 0F 10 40 24
unregistersymbol(aob_HealthFreeze)
dealloc(newmem_HealthFreeze)
{
// ORIGINAL CODE - INJECTION POINT: "re7.exe"+8908999
"re7.exe"+8908979: 48 85 C0 - test rax,rax
"re7.exe"+890897C: 75 13 - jne re7.exe+8908991
"re7.exe"+890897E: 45 31 C0 - xor r8d,r8d
"re7.exe"+8908981: 8D 50 26 - lea edx,[rax+26]
"re7.exe"+8908984: 48 89 D9 - mov rcx,rbx
"re7.exe"+8908987: E8 44 7E A2 00 - call re7.exe+93307D0
"re7.exe"+890898C: 0F 57 F6 - xorps xmm6,xmm6
"re7.exe"+890898F: EB 45 - jmp re7.exe+89089D6
"re7.exe"+8908991: F3 0F 10 48 20 - movss xmm1,[rax+20]
"re7.exe"+8908996: 0F 57 F6 - xorps xmm6,xmm6
// ---------- INJECTING HERE ----------
"re7.exe"+8908999: F3 0F 10 40 24 - movss xmm0,[rax+24]
// ---------- DONE INJECTING ----------
"re7.exe"+890899E: 0F 5A C9 - cvtps2pd xmm1,xmm1
"re7.exe"+89089A1: 0F 5A C0 - cvtps2pd xmm0,xmm0
"re7.exe"+89089A4: 66 0F 2E CF - ucomisd xmm1,xmm7
"re7.exe"+89089A8: 7A 16 - jp re7.exe+89089C0
"re7.exe"+89089AA: 75 14 - jne re7.exe+89089C0
"re7.exe"+89089AC: 45 31 C0 - xor r8d,r8d
"re7.exe"+89089AF: 48 89 D9 - mov rcx,rbx
"re7.exe"+89089B2: 41 8D 50 27 - lea edx,[r8+27]
"re7.exe"+89089B6: E8 15 7E A2 00 - call re7.exe+93307D0
"re7.exe"+89089BB: 0F 28 C6 - movaps xmm0,xmm6
}
15
"Dark Byte's infinite remote bombs (aka LiquidBomb) "
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048,"re7.exe"+8C473A6)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
push rbx
mov rbx,[rdi+80]
cmp rbx,0
je notvalid
cmp [rbx+20],#10
jne notvalid
cmp [rbx+24],0069004c //Li
jne notvalid
cmp [rbx+28],00750071 //qu
jne notvalid
xor eax,eax //valid, don't decrease value
notvalid:
pop rbx
sub esi,eax
originalcode:
mov [rdi+00000088],esi
exit:
jmp returnhere
"re7.exe"+8C473A6:
jmp newmem
nop
nop
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"re7.exe"+8C473A6:
sub esi,eax
mov [rdi+00000088],esi
//Alt: db 29 C6 89 B7 88 00 00 00
29
"Inventory (xD3C/Marcus101RR)"
1
16
"Invent Slot #1"
4 Bytes
"re7.exe"+0707FCD0
88
28
30
20
60
28
"Invent Slot #2"
4 Bytes
"re7.exe"+0707FCD0
88
28
38
20
60
27
"Invent Slot #3"
4 Bytes
"re7.exe"+0707FCD0
88
28
40
20
60
26
"Invent Slot #4"
4 Bytes
"re7.exe"+0707FCD0
88
28
48
20
60
25
"Invent Slot #5"
4 Bytes
"re7.exe"+0707FCD0
88
28
50
20
60
24
"Invent Slot #6"
4 Bytes
"re7.exe"+0707FCD0
88
28
58
20
60
23
"Invent Slot #7"
4 Bytes
"re7.exe"+0707FCD0
88
28
60
20
60
22
"Invent Slot #8"
4 Bytes
"re7.exe"+0707FCD0
88
28
68
20
60
21
"Invent Slot #9"
4 Bytes
"re7.exe"+0707FCD0
88
28
70
20
60
18
"Invent Slot #10"
4 Bytes
"re7.exe"+0707FCD0
88
28
78
20
60
19
"Invent Slot #11"
4 Bytes
"re7.exe"+0707FCD0
88
28
80
20
60
20
"Invent Slot #12"
4 Bytes
"re7.exe"+0707FCD0
88
28
88
20
60