11
"Active Cheat Table"
Auto Assembler Script
[ENABLE]
{$lua}
LaunchMonoDataCollector()
[DISABLE]
25
"Freeze Time"
Auto Assembler Script
{ Game : Reignfall.exe
Version:
Date : 2019-01-01
Author : rysefox
This script does blah blah blah
}
[ENABLE]
aobscan(Time,D9 47 50 D9 EE DF F1 DD D8 7A 13) // should be unique
alloc(newmem,$1000,InvasionManager:InvasionWaveLogic+43)
label(code)
label(return)
newmem:
code:
mov [edi+50],(float)900
fld dword ptr [edi+50]
fldz
jmp return
Time:
jmp newmem
return:
registersymbol(Time)
[DISABLE]
Time:
db D9 47 50 D9 EE
unregistersymbol(Time)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 04CFA0CB
""+4CFA0AE: 75 0C - jne InvasionManager:InvasionWaveLogic+3c
""+4CFA0B0: 83 EC 0C - sub esp,0C
""+4CFA0B3: 57 - push edi
""+4CFA0B4: E8 53 00 00 00 - call 04CFA10C
""+4CFA0B9: 83 C4 10 - add esp,10
""+4CFA0BC: 0F B6 47 48 - movzx eax,byte ptr [edi+48]
""+4CFA0C0: 88 47 49 - mov [edi+49],al
""+4CFA0C3: 0F B6 47 48 - movzx eax,byte ptr [edi+48]
""+4CFA0C7: 85 C0 - test eax,eax
""+4CFA0C9: 75 2E - jne InvasionManager:InvasionWaveLogic+79
// ---------- INJECTING HERE ----------
""+4CFA0CB: D9 47 50 - fld dword ptr [edi+50]
""+4CFA0CE: D9 EE - fldz
// ---------- DONE INJECTING ----------
""+4CFA0D0: DF F1 - fcomip st(0),st(1)
""+4CFA0D2: DD D8 - fstp st(0)
""+4CFA0D4: 7A 13 - jp InvasionManager:InvasionWaveLogic+69
""+4CFA0D6: 73 11 - jae InvasionManager:InvasionWaveLogic+69
""+4CFA0D8: D9 47 50 - fld dword ptr [edi+50]
""+4CFA0DB: B8 94 3E 7C 04 - mov eax,047C3E94
""+4CFA0E0: D9 00 - fld dword ptr [eax]
""+4CFA0E2: DE E9 - fsubp st(1),st(0)
""+4CFA0E4: D9 5F 50 - fstp dword ptr [edi+50]
""+4CFA0E7: EB 10 - jmp InvasionManager:InvasionWaveLogic+79
}
5
"Gold Script"
Auto Assembler Script
{ Game : Reignfall.exe
Version:
Date : 2019-01-01
Author : rysefox
This script does blah blah blah
}
define(address,TownManager:GoldLogic+48)
define(bytes,D9 58 08 8B 47 0C)
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000,TownManager:GoldLogic+48)
label(code)
label(return)
globalalloc(Gold,8)
newmem:
mov [Gold],eax
mov [eax+08],#9999999
code:
fstp dword ptr [eax+08]
mov eax,[edi+0C]
jmp return
address:
jmp newmem
nop
return:
[DISABLE]
address:
db bytes
// fstp dword ptr [eax+08]
// mov eax,[edi+0C]
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 05600888
05600869: DB 04 24 - fild dword ptr [esp]
0560086C: D9 1C 24 - fstp dword ptr [esp]
0560086F: D9 04 24 - fld dword ptr [esp]
05600872: 83 C4 04 - add esp,04
05600875: D9 05 28 DE C9 14 - fld dword ptr [14C9DE28]
0560087B: DE C9 - fmulp st(1),st(0)
0560087D: B9 94 3E 09 05 - mov ecx,05093E94
05600882: D9 01 - fld dword ptr [ecx]
05600884: DE C9 - fmulp st(1),st(0)
05600886: DE C1 - faddp
// ---------- INJECTING HERE ----------
05600888: D9 58 08 - fstp dword ptr [eax+08]
0560088B: 8B 47 0C - mov eax,[edi+0C]
// ---------- DONE INJECTING ----------
0560088E: 89 45 F8 - mov [ebp-08],eax
05600891: D9 40 08 - fld dword ptr [eax+08]
05600894: D9 05 30 DE C9 14 - fld dword ptr [14C9DE30]
0560089A: D9 05 38 DE C9 14 - fld dword ptr [14C9DE38]
056008A0: 83 EC 04 - sub esp,04
056008A3: 83 EC 04 - sub esp,04
056008A6: D9 1C 24 - fstp dword ptr [esp]
056008A9: 83 EC 04 - sub esp,04
056008AC: D9 1C 24 - fstp dword ptr [esp]
056008AF: 83 EC 04 - sub esp,04
}
6
"Current Gold Amount"
Float
[Gold]+08
8
"Resource script"
Auto Assembler Script
{ Game : Reignfall.exe
Version:
Date : 2019-01-01
Author : rysefox
This script does blah blah blah
}
define(address,ResourceData:AddResource+3b)//Wood
define(address,ResourceData:AddResource+4d)//Stone
define(address,ResourceData:AddResource+6c)//Food
define(address,ResourceData:AddResource+5f)//Iron
define(bytes,89 43 0C E9 B8 00 00 00)//Wood
define(bytes,89 43 10 E9 A6 00 00 00)//Stone
define(bytes,8B 43 14 03 C7)//Food
define(bytes,89 43 2C E9 94 00 00 00)//Iron
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000,ResourceData:AddResource+3b)
alloc(newmem,$1000,ResourceData:AddResource+4d)
alloc(newmem,$1000,ResourceData:AddResource+6c)
alloc(newmem,$1000,ResourceData:AddResource+5f)
label(code)
label(return)
globalalloc(Wood,8)
globalalloc(Stone,8)
globalalloc(Food,8)
globalalloc(Iron,8)
newmem:
mov [Wood],ebx
mov [ebx+0C],#99999
//------------------------------------
mov [Stone],ebx
mov [ebx+10],#99999
//------------------------------------
mov [Food],ebx
mov [ebx+14],#99999
//------------------------------------
mov [Iron],ebx
mov [ebx+2C],#99999
//------------------------------------
code:
mov [ebx+0C],eax
//jmp ResourceData:AddResource+fb //Wood
jmp return
Wood:
dd 0
//------------------------------------
mov [ebx+10],eax
//jmp ResourceData:AddResource+fb //Stone
jmp return
Stone:
dd 0
//------------------------------------
mov eax,[ebx+14]
jmp return //Food
Food:
dd 0
//------------------------------------
mov [ebx+2C],eax
jmp return
Iron: //Iron
dd 0
//------------------------------------
address:
jmp newmem
nop
nop
nop
return:
[DISABLE]
address:
db bytes
// mov [ebx+0C],eax
// jmp ResourceData:AddResource+fb
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 05669323
05669306: D9 1C 24 - fstp dword ptr [esp]
05669309: D9 04 24 - fld dword ptr [esp]
0566930C: 83 C4 04 - add esp,04
0566930F: DE C1 - faddp
05669311: D9 5B 08 - fstp dword ptr [ebx+08]
05669314: E9 CA 00 00 00 - jmp ResourceData:AddResource+fb
05669319: 83 FE 02 - cmp esi,02
0566931C: 75 0D - jne ResourceData:AddResource+43
0566931E: 8B 43 0C - mov eax,[ebx+0C]
05669321: 03 C7 - add eax,edi
// ---------- INJECTING HERE ----------
05669323: 89 43 0C - mov [ebx+0C],eax
05669326: E9 B8 00 00 00 - jmp ResourceData:AddResource+fb
// ---------- DONE INJECTING ----------
0566932B: 83 FE 03 - cmp esi,03
0566932E: 75 0D - jne ResourceData:AddResource+55
05669330: 8B 43 10 - mov eax,[ebx+10]
05669333: 03 C7 - add eax,edi
05669335: 89 43 10 - mov [ebx+10],eax
05669338: E9 A6 00 00 00 - jmp ResourceData:AddResource+fb
0566933D: 83 FE 04 - cmp esi,04
05669340: 75 0D - jne ResourceData:AddResource+67
05669342: 8B 43 2C - mov eax,[ebx+2C]
05669345: 03 C7 - add eax,edi
}
13
"Current Stone Amount"
4 Bytes
[Stone]+10
9
"Current Wood Amount"
4 Bytes
[Wood]+0C
35
"Current Iron Amount"
4 Bytes
[Iron]+2C
33
"Current Food Amount"
4 Bytes
[Food]+14
58
"Resource script 2"
Auto Assembler Script
{ Game : Reignfall.exe
Version:
Date : 2019-01-01
Author : rysefox
This script does blah blah blah
}
define(address,ResourceData:AddResource+b4)//Hops
define(address,ResourceData:AddResource+cb)//Beer
define(address,ResourceData:AddResource+da)//Sword
define(address,ResourceData:AddResource+83)//Grain
define(bytes,8B 43 24 03 C7)//Hops
define(bytes,89 43 28 EB 2B)//beer
define(bytes,89 43 30 EB 1C)//Sword
define(bytes,89 43 18 E9 70 00 00 00)//Grain
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000,ResourceData:AddResource+b4)//Hops
alloc(newmem,$1000,ResourceData:AddResource+cb)//beer
alloc(newmem,$1000,ResourceData:AddResource+da)//Sword
alloc(newmem,$1000,ResourceData:AddResource+83)//Grain
label(code)
label(return)
globalalloc(Hops,8)
globalalloc(Beer,8)
globalalloc(Sword,8)
globalalloc(Grain,8)
newmem:
mov [Hops],ebx
mov [ebx+24],#99999
//------------------
mov [Beer],ebx
mov [ebx+28],#99999
//------------------
mov [Sword],ebx
mov [ebx+30],#99999
//-----------------
mov [Grain],ebx
mov [ebx+18],#99999
code:
mov eax,[ebx+24]
add eax,edi
jmp return
Hops:
dd 0
//----------------------
mov [ebx+28],eax
//jmp ResourceData:AddResource+fb
jmp return
Beer:
dd 0
//----------------------------
mov [ebx+30],eax
//jmp ResourceData:AddResource+fb
jmp return
Sword:
dd 0
//-----------------------------
mov [ebx+18],eax
//jmp ResourceData:AddResource+fb
jmp return
Grain:
dd 0
address:
jmp newmem
return:
[DISABLE]
address:
db bytes
// mov eax,[ebx+24]
// add eax,edi
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 04BAC4BC
04BAC49D: 89 43 1C - mov [ebx+1C],eax
04BAC4A0: E9 5E 00 00 00 - jmp ResourceData:AddResource+fb
04BAC4A5: 83 FE 08 - cmp esi,08
04BAC4A8: 75 0D - jne ResourceData:AddResource+af
04BAC4AA: 8B 43 20 - mov eax,[ebx+20]
04BAC4AD: 03 C7 - add eax,edi
04BAC4AF: 89 43 20 - mov [ebx+20],eax
04BAC4B2: E9 4C 00 00 00 - jmp ResourceData:AddResource+fb
04BAC4B7: 83 FE 09 - cmp esi,09
04BAC4BA: 75 0D - jne ResourceData:AddResource+c1
// ---------- INJECTING HERE ----------
04BAC4BC: 8B 43 24 - mov eax,[ebx+24]
04BAC4BF: 03 C7 - add eax,edi
// ---------- DONE INJECTING ----------
04BAC4C1: 89 43 24 - mov [ebx+24],eax
04BAC4C4: E9 3A 00 00 00 - jmp ResourceData:AddResource+fb
04BAC4C9: 83 FE 0A - cmp esi,0A
04BAC4CC: 75 0A - jne ResourceData:AddResource+d0
04BAC4CE: 8B 43 28 - mov eax,[ebx+28]
04BAC4D1: 03 C7 - add eax,edi
04BAC4D3: 89 43 28 - mov [ebx+28],eax
04BAC4D6: EB 2B - jmp ResourceData:AddResource+fb
04BAC4D8: 83 FE 0B - cmp esi,0B
04BAC4DB: 75 0A - jne ResourceData:AddResource+df
}
69
"Current Flour Amount"
4 Bytes
[Flour]+1C
59
"Current Hops Amount"
4 Bytes
[Hops]+24
61
"Current Beer Amount"
4 Bytes
[Beer]+28
66
"Current Grain Amount"
4 Bytes
[Grain]+18
63
"Current Sword amount"
4 Bytes
[Sword]+30
68
"Resource -> Flour script"
Auto Assembler Script
{ Game : Reignfall.exe
Version:
Date : 2019-01-01
Author : rysefox
This script does blah blah blah
}
define(address,VillagerJobBaker:GetFlourLogic+85)
define(bytes,8B 48 1C 49 89 48 1C)
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000,VillagerJobBaker:GetFlourLogic+85)
label(code)
label(return)
globalalloc(Flour,8)
newmem:
mov [Flour],eax
mov [eax+1C],#999999
code:
mov ecx,[eax+1C]
dec ecx
mov [eax+1C],ecx
jmp return
Flour:
dd 0
address:
jmp newmem
nop
nop
return:
[DISABLE]
address:
db bytes
// mov ecx,[eax+1C]
// dec ecx
// mov [eax+1C],ecx
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 0DF66135
0DF66110: 0F B6 46 09 - movzx eax,byte ptr [esi+09]
0DF66114: 85 C0 - test eax,eax
0DF66116: 0F 84 41 00 00 00 - je VillagerJobBaker:GetFlourLogic+ad
0DF6611C: 8B 05 48 EF 15 05 - mov eax,[0515EF48]
0DF66122: 8B 40 0C - mov eax,[eax+0C]
0DF66125: 8B 40 1C - mov eax,[eax+1C]
0DF66128: 85 C0 - test eax,eax
0DF6612A: 7E 25 - jle VillagerJobBaker:GetFlourLogic+a1
0DF6612C: 8B 05 48 EF 15 05 - mov eax,[0515EF48]
0DF66132: 8B 40 0C - mov eax,[eax+0C]
// ---------- INJECTING HERE ----------
0DF66135: 8B 48 1C - mov ecx,[eax+1C]
0DF66138: 49 - dec ecx
0DF66139: 89 48 1C - mov [eax+1C],ecx
// ---------- DONE INJECTING ----------
0DF6613C: 83 EC 0C - sub esp,0C
0DF6613F: 57 - push edi
0DF66140: E8 8B CD 7F F7 - call VillagerJobBaker:ResetJobState
0DF66145: 83 C4 10 - add esp,10
0DF66148: C7 47 48 02 00 00 00 - mov [edi+48],00000002
0DF6614F: EB 0C - jmp VillagerJobBaker:GetFlourLogic+ad
0DF66151: 83 EC 0C - sub esp,0C
0DF66154: 57 - push edi
0DF66155: E8 5E CD 7F F7 - call 05762EB8
0DF6615A: 83 C4 10 - add esp,10
}
15
"Instant Start -> ignore preparation phase"
Auto Assembler Script
{ Game : Reignfall.exe
Version:
Date : 2019-01-01
Author : rysefox
Disable Freeze time!!!
}
define(address,InvasionManager:InvasionWaveLogic+64)
define(bytes,D9 5F 50 EB 10)
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000,InvasionManager:InvasionWaveLogic+64)
label(code)
label(return)
globalalloc(Time,8)
newmem:
mov [Time],edi
code:
fstp dword ptr [edi+50]
//jmp InvasionManager:InvasionWaveLogic+79
jmp return
Time:
dd 0
address:
jmp newmem
return:
[DISABLE]
address:
db bytes
// fstp dword ptr [edi+50]
// jmp InvasionManager:InvasionWaveLogic+79
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 04B6A0E4
04B6A0CB: D9 47 50 - fld dword ptr [edi+50]
04B6A0CE: D9 EE - fldz
04B6A0D0: DF F1 - fcomip st(0),st(1)
04B6A0D2: DD D8 - fstp st(0)
04B6A0D4: 7A 13 - jp InvasionManager:InvasionWaveLogic+69
04B6A0D6: 73 11 - jae InvasionManager:InvasionWaveLogic+69
04B6A0D8: D9 47 50 - fld dword ptr [edi+50]
04B6A0DB: B8 94 3E 63 04 - mov eax,04633E94
04B6A0E0: D9 00 - fld dword ptr [eax]
04B6A0E2: DE E9 - fsubp st(1),st(0)
// ---------- INJECTING HERE ----------
04B6A0E4: D9 5F 50 - fstp dword ptr [edi+50]
04B6A0E7: EB 10 - jmp InvasionManager:InvasionWaveLogic+79
// ---------- DONE INJECTING ----------
04B6A0E9: 83 EC 0C - sub esp,0C
04B6A0EC: 57 - push edi
04B6A0ED: E8 0E 00 00 00 - call 04B6A100
04B6A0F2: 83 C4 10 - add esp,10
04B6A0F5: C6 47 48 01 - mov byte ptr [edi+48],01
04B6A0F9: 8D 65 FC - lea esp,[ebp-04]
04B6A0FC: 5F - pop edi
04B6A0FD: C9 - leave
04B6A0FE: C3 - ret
04B6A0FF: 00 68 50 - add [eax+50],ch
}
29
"Character"
1
27
"Character Stamina"
Auto Assembler Script
{ Game : Reignfall.exe
Version:
Date : 2019-01-01
Author : rysefox
This script does blah blah blah
}
define(address,Character:ConsumeStamina+1c)
define(bytes,D9 40 28 D9 45 0C)
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000,Character:ConsumeStamina+1c)
label(code)
label(return)
globalalloc(Stamina,8)
newmem:
mov [Stamina],eax
mov [eax+28],(float)100
code:
fld dword ptr [eax+28]
fld dword ptr [ebp+0C]
jmp return
address:
jmp newmem
nop
return:
[DISABLE]
address:
db bytes
// fld dword ptr [eax+28]
// fld dword ptr [ebp+0C]
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 2E2E88C4
2E2E88A8: 55 - push ebp
2E2E88A9: 8B EC - mov ebp,esp
2E2E88AB: 57 - push edi
2E2E88AC: 83 EC 04 - sub esp,04
2E2E88AF: 8B 7D 08 - mov edi,[ebp+08]
2E2E88B2: 8B 47 3C - mov eax,[edi+3C]
2E2E88B5: 0F B6 40 0D - movzx eax,byte ptr [eax+0D]
2E2E88B9: 85 C0 - test eax,eax
2E2E88BB: 0F 84 46 00 00 00 - je Character:ConsumeStamina+5f
2E2E88C1: 8B 47 38 - mov eax,[edi+38]
// ---------- INJECTING HERE ----------
2E2E88C4: D9 40 28 - fld dword ptr [eax+28]
2E2E88C7: D9 45 0C - fld dword ptr [ebp+0C]
// ---------- DONE INJECTING ----------
2E2E88CA: DE E9 - fsubp st(1),st(0)
2E2E88CC: D9 58 28 - fstp dword ptr [eax+28]
2E2E88CF: 8B 47 38 - mov eax,[edi+38]
2E2E88D2: 89 45 F8 - mov [ebp-08],eax
2E2E88D5: D9 40 28 - fld dword ptr [eax+28]
2E2E88D8: D9 05 C8 D1 38 14 - fld dword ptr [1438D1C8]
2E2E88DE: 8B 47 38 - mov eax,[edi+38]
2E2E88E1: D9 40 2C - fld dword ptr [eax+2C]
2E2E88E4: 83 EC 04 - sub esp,04
2E2E88E7: 83 EC 04 - sub esp,04
}
121
"Current Stamina Address"
Float
[Stamina]+28
119
"Health script -> enable it, when it change then disable it"
Auto Assembler Script
{ Game : Reignfall.exe
Version:
Date : 2019-01-01
Author : rysefox
This script does blah blah blah
}
define(address,Squad:GetCurrentHealth+57)
define(bytes,D9 40 20 E9 88 00 00 00)
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000,Squad:GetCurrentHealth+57)
label(code)
label(return)
globalalloc(Health,8)
newmem:
mov [Health],eax
mov [eax+20],(float)999999
code:
fld dword ptr [eax+20]
//jmp Squad:GetCurrentHealth+e7
jmp return
Health:
dd 0
address:
jmp newmem
nop
nop
nop
return:
[DISABLE]
address:
db bytes
// fld dword ptr [eax+20]
// jmp Squad:GetCurrentHealth+e7
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 0541F537
0541F51C: 8B 47 44 - mov eax,[edi+44]
0541F51F: 83 EC 08 - sub esp,08
0541F522: 6A 00 - push 00
0541F524: 50 - push eax
0541F525: E8 3E E5 F4 FF - call UnityEngine:Object:op_Inequality
0541F52A: 83 C4 10 - add esp,10
0541F52D: 85 C0 - test eax,eax
0541F52F: 74 0E - je Squad:GetCurrentHealth+5f
0541F531: 8B 47 44 - mov eax,[edi+44]
0541F534: 8B 40 38 - mov eax,[eax+38]
// ---------- INJECTING HERE ----------
0541F537: D9 40 20 - fld dword ptr [eax+20]
0541F53A: E9 88 00 00 00 - jmp Squad:GetCurrentHealth+e7
// ---------- DONE INJECTING ----------
0541F53F: 8B 47 28 - mov eax,[edi+28]
0541F542: 8D 4D CC - lea ecx,[ebp-34]
0541F545: 83 EC 08 - sub esp,08
0541F548: 50 - push eax
0541F549: 51 - push ecx
0541F54A: 39 00 - cmp [eax],eax
0541F54C: E8 87 77 F3 FF - call System.Collections.Generic:List`1:GetEnumerator
0541F551: 83 C4 0C - add esp,0C
0541F554: EB 2E - jmp Squad:GetCurrentHealth+a4
0541F556: 8B C0 - mov eax,eax
}
120
"Templar Health"
Float
[Health]+20
73
"Lord Health"
Float
"mono.dll"+001F50AC
20
38
44
2D0
4DC
93
"Instant millitary units"
Auto Assembler Script
{ Game : Reignfall.exe
Version:
Date : 2019-01-01
Author : rysefox
This script does blah blah blah
}
define(address,BuildingTaskQueue:ProgressTask+80)
define(bytes,D9 5F 10 EB 0C)
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000,BuildingTaskQueue:ProgressTask+80)
label(code)
label(return)
globalalloc(instantrecruit,8)
newmem:
mov [instantrecruit],edi
mov [edi+10],30
code:
fstp dword ptr [edi+10]
//jmp BuildingTaskQueue:ProgressTask+91
jmp return
address:
jmp newmem
return:
[DISABLE]
address:
db bytes
// fstp dword ptr [edi+10]
// jmp BuildingTaskQueue:ProgressTask+91
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 2F4A0C78
2F4A0C5E: 83 C4 10 - add esp,10
2F4A0C61: DD 45 F0 - fld qword ptr [ebp-10]
2F4A0C64: D9 C9 - fxch st(1)
2F4A0C66: DF F1 - fcomip st(0),st(1)
2F4A0C68: DD D8 - fstp st(0)
2F4A0C6A: 76 11 - jna BuildingTaskQueue:ProgressTask+85
2F4A0C6C: D9 47 10 - fld dword ptr [edi+10]
2F4A0C6F: B8 94 3E AF 04 - mov eax,04AF3E94
2F4A0C74: D9 00 - fld dword ptr [eax]
2F4A0C76: DE C1 - faddp
// ---------- INJECTING HERE ----------
2F4A0C78: D9 5F 10 - fstp dword ptr [edi+10]
2F4A0C7B: EB 0C - jmp BuildingTaskQueue:ProgressTask+91
// ---------- DONE INJECTING ----------
2F4A0C7D: 83 EC 0C - sub esp,0C
2F4A0C80: 57 - push edi
2F4A0C81: E8 32 09 00 00 - call BuildingTaskQueue:FinishTask
2F4A0C86: 83 C4 10 - add esp,10
2F4A0C89: 8D 65 FC - lea esp,[ebp-04]
2F4A0C8C: 5F - pop edi
2F4A0C8D: C9 - leave
2F4A0C8E: C3 - ret
2F4A0C8F: 00 68 78 - add [eax+78],ch
2F4A0C92: 76 99 - jna BuildingTaskQueue:ProgressTask+35
}
94
"Timer to recruit"
Float
[instantrecruit]+10
110
"Attack E -> Freeze Value when it is on 0"
Auto Assembler Script
{ Game : Reignfall.exe
Version:
Date : 2019-01-01
Author : rysefox
This script does blah blah blah
}
define(address,SpecialAttack:get_onCooldown+19)
define(bytes,D9 40 18 D9 EE)
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000,SpecialAttack:get_onCooldown+19)
label(code)
label(return)
globalalloc(Cooldownr,8)
newmem:
mov [Cooldownr],eax
code:
fld dword ptr [eax+18]
fldz
jmp return
address:
jmp newmem
return:
[DISABLE]
address:
db bytes
// fld dword ptr [eax+18]
// fldz
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 0543DD81
0543DD6A: EC - in al,dx
0543DD6B: 83 EC 08 - sub esp,08
0543DD6E: 8B 45 08 - mov eax,[ebp+08]
0543DD71: D9 40 1C - fld dword ptr [eax+1C]
0543DD74: D9 EE - fldz
0543DD76: DF F1 - fcomip st(0),st(1)
0543DD78: DD D8 - fstp st(0)
0543DD7A: 7A 19 - jp SpecialAttack:get_onCooldown+2d
0543DD7C: 73 17 - jae SpecialAttack:get_onCooldown+2d
0543DD7E: 8B 45 08 - mov eax,[ebp+08]
// ---------- INJECTING HERE ----------
0543DD81: D9 40 18 - fld dword ptr [eax+18]
0543DD84: D9 EE - fldz
// ---------- DONE INJECTING ----------
0543DD86: DF F1 - fcomip st(0),st(1)
0543DD88: DD D8 - fstp st(0)
0543DD8A: 7A 09 - jp SpecialAttack:get_onCooldown+2d
0543DD8C: 73 07 - jae SpecialAttack:get_onCooldown+2d
0543DD8E: B8 01 00 00 00 - mov eax,00000001
0543DD93: EB 02 - jmp SpecialAttack:get_onCooldown+2f
0543DD95: 33 C0 - xor eax,eax
0543DD97: C9 - leave
0543DD98: C3 - ret
0543DD99: 00 00 - add [eax],al
}
108
"Freeze when value is 0"
Float
[Cooldownr]+18
113
"Attack F -> Freeze Value when it is on 0"
Auto Assembler Script
{ Game : Reignfall.exe
Version:
Date : 2019-01-01
Author : rysefox
This script does blah blah blah
}
define(address,AbilityScript:get_onCooldown+19)
define(bytes,D9 40 20 D9 EE)
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000,AbilityScript:get_onCooldown+19)
label(code)
label(return)
globalalloc(Cooldownr2,8)
newmem:
mov [Cooldownr2],eax
code:
fld dword ptr [eax+20]
fldz
jmp return
address:
jmp newmem
return:
[DISABLE]
address:
db bytes
// fld dword ptr [eax+20]
// fldz
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 0543DB41
0543DB29: 8B EC - mov ebp,esp
0543DB2B: 83 EC 08 - sub esp,08
0543DB2E: 8B 45 08 - mov eax,[ebp+08]
0543DB31: D9 40 24 - fld dword ptr [eax+24]
0543DB34: D9 EE - fldz
0543DB36: DF F1 - fcomip st(0),st(1)
0543DB38: DD D8 - fstp st(0)
0543DB3A: 7A 19 - jp AbilityScript:get_onCooldown+2d
0543DB3C: 73 17 - jae AbilityScript:get_onCooldown+2d
0543DB3E: 8B 45 08 - mov eax,[ebp+08]
// ---------- INJECTING HERE ----------
0543DB41: D9 40 20 - fld dword ptr [eax+20]
0543DB44: D9 EE - fldz
// ---------- DONE INJECTING ----------
0543DB46: DF F1 - fcomip st(0),st(1)
0543DB48: DD D8 - fstp st(0)
0543DB4A: 7A 09 - jp AbilityScript:get_onCooldown+2d
0543DB4C: 73 07 - jae AbilityScript:get_onCooldown+2d
0543DB4E: B8 01 00 00 00 - mov eax,00000001
0543DB53: EB 02 - jmp AbilityScript:get_onCooldown+2f
0543DB55: 33 C0 - xor eax,eax
0543DB57: C9 - leave
0543DB58: C3 - ret
0543DB59: 00 00 - add [eax],al
}
114
"Freeze when value is 0"
Float
[Cooldownr2]+20
124
"XP script"
Auto Assembler Script
{ Game : Reignfall.exe
Version:
Date : 2019-01-02
Author : rysefox
This script does blah blah blah
}
define(address,Squad:AddVeterancyExperience+38)
define(bytes,D9 40 2C D9 45 0C)
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000,Squad:AddVeterancyExperience+38)
label(code)
label(return)
globalalloc(EXP,8)
newmem:
mov [EXP],eax
mov [eax+2C],(float)9999999
code:
fld dword ptr [eax+2C]
fld dword ptr [ebp+0C]
jmp return
address:
jmp newmem
nop
return:
[DISABLE]
address:
db bytes
// fld dword ptr [eax+2C]
// fld dword ptr [ebp+0C]
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 2BCAD550
2BCAD530: 74 35 - je Squad:AddVeterancyExperience+4f
2BCAD532: 8B 47 2C - mov eax,[edi+2C]
2BCAD535: 8B 40 30 - mov eax,[eax+30]
2BCAD538: 3D 03 00 00 00 - cmp eax,00000003
2BCAD53D: 74 28 - je Squad:AddVeterancyExperience+4f
2BCAD53F: 8B 05 A0 3E C6 04 - mov eax,[04C63EA0]
2BCAD545: 0F B6 40 15 - movzx eax,byte ptr [eax+15]
2BCAD549: 85 C0 - test eax,eax
2BCAD54B: 75 1A - jne Squad:AddVeterancyExperience+4f
2BCAD54D: 8B 47 2C - mov eax,[edi+2C]
// ---------- INJECTING HERE ----------
2BCAD550: D9 40 2C - fld dword ptr [eax+2C]
2BCAD553: D9 45 0C - fld dword ptr [ebp+0C]
// ---------- DONE INJECTING ----------
2BCAD556: DE C1 - faddp
2BCAD558: D9 58 2C - fstp dword ptr [eax+2C]
2BCAD55B: 83 EC 0C - sub esp,0C
2BCAD55E: 57 - push edi
2BCAD55F: E8 2C 2B 59 D9 - call Squad:CheckVeterancyUpgrade
2BCAD564: 83 C4 10 - add esp,10
2BCAD567: 8D 65 FC - lea esp,[ebp-04]
2BCAD56A: 5F - pop edi
2BCAD56B: C9 - leave
2BCAD56C: C3 - ret
}
123
"Current XP Address"
Float
[EXP]+2C
127
"Health Building script"
Auto Assembler Script
{ Game : Reignfall.exe
Version:
Date : 2019-01-02
Author : rysefox
This script does blah blah blah
}
define(address,Building:DestructionLogic+18)
define(bytes,D9 40 0C D9 EE)
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000,Building:DestructionLogic+18)
label(code)
label(return)
globalalloc(Buih2,8)
newmem:
mov [Buih2],eax
mov [eax+0C],(float)999999
code:
fld dword ptr [eax+0C]
fldz
jmp return
address:
jmp newmem
return:
[DISABLE]
address:
db bytes
// fld dword ptr [eax+0C]
// fldz
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 048347E0
048347C7: 00 55 8B - add [ebp-75],dl
048347CA: EC - in al,dx
048347CB: 57 - push edi
048347CC: 83 EC 04 - sub esp,04
048347CF: 8B 7D 08 - mov edi,[ebp+08]
048347D2: 8B 47 2C - mov eax,[edi+2C]
048347D5: 0F B6 40 08 - movzx eax,byte ptr [eax+08]
048347D9: 85 C0 - test eax,eax
048347DB: 74 1D - je Building:DestructionLogic+32
048347DD: 8B 47 28 - mov eax,[edi+28]
// ---------- INJECTING HERE ----------
048347E0: D9 40 0C - fld dword ptr [eax+0C]
048347E3: D9 EE - fldz
// ---------- DONE INJECTING ----------
048347E5: DF F1 - fcomip st(0),st(1)
048347E7: DD D8 - fstp st(0)
048347E9: 72 0F - jb Building:DestructionLogic+32
048347EB: 83 EC 0C - sub esp,0C
048347EE: 57 - push edi
048347EF: 8B 07 - mov eax,[edi]
048347F1: 90 - nop
048347F2: 90 - nop
048347F3: 90 - nop
048347F4: FF 50 48 - call dword ptr [eax+48]
}
126
"Health Address"
Float
[Buih2]+0C
116
"-----------------------------------------"
1
22
"Nothing for you :)"
1
19
"Set Ingame Time to CE Value"
Auto Assembler Script
[ENABLE]
GUIInvasionStatusPanel:UpdateDisplay+3b8:
db 99 99 99 //fld dword ptr [eax+50]
//Game Time
[DISABLE]
GUIInvasionStatusPanel:UpdateDisplay+3b8:
db D9 40 50 //fld dword ptr [eax+50]
//Value in CE (14 = 800)
Change of fstp dword ptr [eax+20]
049868B6
0
D9
41
0C
DE
E9
D9
58
20
8B
47
0C
8B
40
Code :mov [eax+24],ecx
04DE16F1
0
0C
8B
48
24
49
89
48
24
83
EC
0C
57
E8
Gold
08AF0010
Wood
09660050
Stone
09660060
Stamina
08AF0030
Food
09660070
Iron
09660080
Armor
08FD0060
Hops
09660090
Beer
096600A0
Sword
096600B0
Grain
096600C0
Flour
09610090
instantrecruit
09660000
CD
096100C0
Cooldown
1A330010
Cooldownr
09660030
Cooldownr2
09660020
Specialattack
1AC50010
Ability
1AC50020
Cooldownr3
1BC90030
Health
08AF0020
health2
1BC90050
EXP
096600E0
Time
08AF0040
Buildingh
09660100
buih
09660110
Buih2
08AF0000