12997
"enable"
FF0000
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscanmodule(damageHandle1AOB,re2.exe,8B 43 7C 89 46 7C 48 8B 47 50)
registersymbol(damageHandle1AOB)
aobscanmodule(totalGameTimeWriteAOB,re2.exe,E8 ** ** ** ** EB 08 48 ** ** ** 48 ** ** ** 48 ** ** ** 4C ** ** ** 0F 85 ** ** ** ** 44 ** ** ** 0F 85)
registersymbol(totalGameTimeWriteAOB)
///*******************************************///
//current ammo clip read on fine aim / on reload / after rload until next exit fine aim
aobscanmodule(ammoClipReadOnAimReloadAOB,re2.exe,48 ** ** A0 00 00 00 48 ** ** 74 ** 48 ** ** ** 48 ** ** 74 ** 48 ** ** ** 48 ** ** 74 ** 8B ** 20 48 ** ** ** ** 48 ** ** ** 5F C3)
registersymbol(ammoClipReadOnAimReloadAOB)
label(pAmmo)
registersymbol(pAmmo)
label(dAmmoClipMax)
registersymbol(dAmmoClipMax)
alloc(newmem,2048,ammoClipReadOnAimReloadAOB+1e) //"re2.exe"+E993E19)
label(returnhere)
label(originalcode_ammoClipReadOnAimReloadAOB)
registersymbol(originalcode_ammoClipReadOnAimReloadAOB)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
push rcx
mov rcx,pAmmo
mov [rcx],rax
mov byte ptr [rcx+8],1
cmp byte ptr [rcx+c],0
je end
//mov byte ptr [rcx+c],0
mov rbx,dAmmoClipMax
mov ebx,[rbx]
test ebx,ebx
jg @f
mov ebx,2
@@:
cmp [rax+20],ebx
jge end
cmp dword ptr [rax+14],9 //SLS 60
jne @f
//mov ebx,5
//mov edi,[rax+18]
//shr edi,1
//test dil,dil //Quick Loader
mov edi,[rax+18]
and edi,2
cmp edi,2 //Quick Loader
jne doinc
@@:
cmp dword ptr [rax+14],4 //Quickdraw Army
je doinc
@@:
cmp dword ptr [rax+14],b //W-870
jne @f
mov edi,[rax+18]
and edi,1
cmp edi,1
jne doinc
inc [rax+20]
jmp doinc
@@:
jmp customammoclipassign
doinc:
cmp byte ptr [rcx+c],1
jne end
inc [rax+20]
cmp [rax+20],ebx
jle end
customammoclipassign:
mov [rax+20],ebx
end:
mov byte ptr [rcx+c],0
pop rcx
originalcode_ammoClipReadOnAimReloadAOB:
readmem(ammoClipReadOnAimReloadAOB+1e,8)
//mov eax,[rax+20]
//mov rbx,[rsp+30]
exit:
jmp returnhere
///
pAmmo:
dq 0
dq 0
dAmmoClipMax:
dq 1
dq 0
dq 0
///
ammoClipReadOnAimReloadAOB+1e: //"re2.exe"+E993E19:
jmp newmem
nop
nop
nop
returnhere:
///*******************************************///
//current ammo clip chk max
aobscanmodule(ammoClipMaxCChkAOB,re2.exe,74 0C 48 ** ** 10 48 ** ** 74 03 8B ** ** 39 DA 48)
registersymbol(ammoClipMaxCChkAOB)
alloc(newmem2,2048,ammoClipMaxCChkAOB+e) //"re2.exe"+B8BE4D2)
label(returnhere2)
label(originalcode2_ammoClipMaxCChkAOB)
registersymbol(originalcode2_ammoClipMaxCChkAOB)
label(exit2)
newmem2: //this is allocated memory, you have read,write,execute access
//place your code here
mov rsi,dAmmoClipMax
mov [rsi],edx
originalcode2_ammoClipMaxCChkAOB:
readmem(ammoClipMaxCChkAOB+e,7)
//cmp edx,ebx
//mov rbx,[rsp+30]
exit2:
jmp returnhere2
///
ammoClipMaxCChkAOB+e: //"re2.exe"+B8BE4D2:
jmp newmem2
nop
nop
returnhere2:
///*******************************************///
//player health read 4 bytes, start: 1200
aobscanmodule(playerHealthCReadAOB,re2.exe,8B ** ** 48 ** ** ** ** 48 ** ** ** 5F C3 48 ** ** ** ** B8 01)
registersymbol(playerHealthCReadAOB)
label(pPlayer)
registersymbol(pPlayer)
label(pPlayerBase)
registersymbol(pPlayerBase)
alloc(newmem6,2048,playerHealthCReadAOB) //"re2.exe"+8F11DE3)
label(returnhere6)
label(originalcode6_playerHealthCReadAOB)
registersymbol(originalcode6_playerHealthCReadAOB)
label(exit6)
newmem6: //this is allocated memory, you have read,write,execute access
//place your code here
mov rbx,pPlayer
mov [rbx],rax
mov [rbx+8],rdi
originalcode6_playerHealthCReadAOB:
readmem(playerHealthCReadAOB,8)
//mov eax,[rax+58]
//mov rbx,[rsp+30]
exit6:
jmp returnhere6
///
pPlayer:
dq 0
pPlayerBase:
dq 0
///
playerHealthCReadAOB: //"re2.exe"+8F11DE3:
jmp newmem6
nop
nop
nop
returnhere6:
///*******************************************///
aobscanmodule(someItemQWrite3AOB,re2.exe,41 ** ** ** 48 ** ** ** ** 48 ** ** ** ** 48 ** ** ** 5F E9 ** ** ** ** 89 ** ** 48 ** 74 ** ** 48 ** ** ** ** 48 ** ** ** 5F C3)
registersymbol(someItemQWrite3AOB)
alloc(newmem3,2048,someItemQWrite3AOB+18) //"re2.exe"+B8BC63A)
label(returnhere3)
label(originalcode3_someItemQWrite3AOB)
registersymbol(originalcode3_someItemQWrite3AOB)
label(exit3)
newmem3: //this is allocated memory, you have read,write,execute access
//place your code here
mov rsi,pAmmo
cmp byte ptr [rsi+c],1
jne @f
inc byte ptr [rsi+c]
originalcode3_someItemQWrite3AOB:
readmem(someItemQWrite3AOB+18,8)
//mov [rax+20],ebx
//mov rsi,[rsp+30]
exit3:
jmp returnhere3
///
someItemQWrite3AOB+18: //"re2.exe"+B8BC63A:
jmp newmem3
nop
nop
nop
returnhere3:
///*******************************************///
aobscanmodule(readiedWeaponChkAOB,re2.exe,44 ** ** ** ** ** ** 75 ** 44 ** ** ** ** ** ** 75 ** 40)
registersymbol(readiedWeaponChkAOB)
label(pReadiedWeapon)
registersymbol(pReadiedWeapon)
label(dCusFCamZOffset)
registersymbol(dCusFCamZOffset)
alloc(newmem7,2048,readiedWeaponChkAOB+9) //"re2.exe"+B45CCE1)
label(returnhere7)
label(originalcode7_readiedWeaponChkAOB)
registersymbol(originalcode7_readiedWeaponChkAOB)
label(exit7)
newmem7: //this is allocated memory, you have read,write,execute access
//place your code here
mov rdx,pReadiedWeapon
db 48 8D 8F
readmem(readiedWeaponChkAOB+c,4)
//lea rcx,[rdi+198]
mov [rdx],rcx
originalcode7_readiedWeaponChkAOB:
readmem(readiedWeaponChkAOB+9,7)
//cmp [rdi+00000198],r12d
exit7:
jmp returnhere7
///
pReadiedWeapon:
dq 0
dCusFCamZOffset:
dd (float)-0.18 //+0 //current fcam z
dd (float)-0.18 //+4 //dest fcam z
dd (float)-0.18 //+8 //cust fcam z
dd (float)0.012 //+c //interval
dd (float)15 //+10 //# of intervals
dd (float)-1 //+14 //neg
dd 0 //+18 //
dd (float)-0.2 //+1c //cust fcam aim z
///
readiedWeaponChkAOB+9: //"re2.exe"+B45CCE1:
jmp newmem7
nop
nop
returnhere7:
///*******************************************///
label(pSomeGameStatus)
registersymbol(pSomeGameStatus)
alloc(newmem8,2048,totalGameTimeWriteAOB+1d) //"re2.exe"+AD9D90B)
label(returnhere8)
label(originalcode8_totalGameTimeWriteAOB)
registersymbol(originalcode8_totalGameTimeWriteAOB)
label(exit8)
newmem8: //this is allocated memory, you have read,write,execute access
//place your code here
push rax
mov rax,pSomeGameStatus
mov [rax],rdi
pop rax
readmem(totalGameTimeWriteAOB+1d,4)
reassemble(totalGameTimeWriteAOB+21)
jmp exit8
originalcode8_totalGameTimeWriteAOB:
readmem(totalGameTimeWriteAOB+1d,10)
//cmp [rdi+53],r14l
//jne re2.exe+AD9D9AE
exit8:
jmp returnhere8
///
pSomeGameStatus:
///
totalGameTimeWriteAOB+1d: //"re2.exe"+AD9D90B:
jmp newmem8
nop
nop
nop
nop
nop
returnhere8:
///*******************************************///
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
ammoClipReadOnAimReloadAOB+1e: //"re2.exe"+E993E19:
readmem(originalcode_ammoClipReadOnAimReloadAOB,8)
//db 8B 40 20 48 8B 5C 24 30
//Alt: mov eax,[rax+20]
//Alt: mov rbx,[rsp+30]
unregistersymbol(originalcode_ammoClipReadOnAimReloadAOB)
unregistersymbol(pAmmo)
unregistersymbol(dAmmoClipMax)
///*******************************************///
dealloc(newmem2)
ammoClipMaxCChkAOB+e: //"re2.exe"+B8BE4D2:
readmem(originalcode2_ammoClipMaxCChkAOB,7)
//db 39 DA 48 8B 5C 24 30
//Alt: cmp edx,ebx
//Alt: mov rbx,[rsp+30]
unregistersymbol(originalcode2_ammoClipMaxCChkAOB)
///*******************************************///
dealloc(newmem6)
playerHealthCReadAOB: //"re2.exe"+8F11DE3:
readmem(originalcode6_playerHealthCReadAOB,8)
//db 8B 40 58 48 8B 5C 24 30
//Alt: mov eax,[rax+58]
//Alt: mov rbx,[rsp+30]
unregistersymbol(originalcode6_playerHealthCReadAOB)
unregistersymbol(pPlayer)
unregistersymbol(pPlayerBase)
///*******************************************///
dealloc(newmem3)
someItemQWrite3AOB+18: //"re2.exe"+B8BC63A:
readmem(originalcode3_someItemQWrite3AOB,8)
//db 89 58 20 48 8B 74 24 30
//Alt: mov [rax+20],ebx
//Alt: mov rsi,[rsp+30]
unregistersymbol(originalcode3_someItemQWrite3AOB)
///*******************************************///
dealloc(newmem7)
readiedWeaponChkAOB+9: //"re2.exe"+B45CCE1:
readmem(originalcode7_readiedWeaponChkAOB,7)
//db 44 39 A7 98 01 00 00
//Alt: cmp [rdi+00000198],r12d
unregistersymbol(originalcode7_readiedWeaponChkAOB)
unregistersymbol(pReadiedWeapon)
unregistersymbol(dCusFCamZOffset)
///*******************************************///
dealloc(newmem8)
totalGameTimeWriteAOB+1d: //"re2.exe"+AD9D90B:
readmem(originalcode8_totalGameTimeWriteAOB,10)
db 44 38 77 53 0F 85 99 00 00 00
//Alt: cmp [rdi+53],r14l
//Alt: jne re2.exe+AD9D9AE
unregistersymbol(originalcode8_totalGameTimeWriteAOB)
unregistersymbol(pSomeGameStatus)
///*******************************************///
12998
"undead .5"
FF0000
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
define(dminhealthdefault,#360)
label(pPlayerJustHit)
registersymbol(pPlayerJustHit)
label(pPAttackedInfo)
registersymbol(pPAttackedInfo)
label(pPAttackedInfo2)
registersymbol(pPAttackedInfo2)
label(dMinHealth)
registersymbol(dMinHealth)
alloc(newmem8,2048,damageHandle1AOB) //"re2.exe"+B9766D3)
label(returnhere8)
label(originalcode8_damageHandle1AOB)
registersymbol(originalcode8_damageHandle1AOB)
label(exit8)
newmem8: //this is allocated memory, you have read,write,execute access
//place your code here
push r14
push rdx
mov rax,pPlayer
mov rdx,[rbp+b8]
cmp [rax],rdx
jne notplayer8
mov rax,pPlayerJustHit
mov [rax],rbp
mov rax,pPAttackedInfo
mov [rax],rbx
mov rax,pPAttackedInfo2
mov [rax],rcx
mov r14,dMinHealth
mov eax,[rdx+58]
sub eax,[rbx+7c]
cmp eax,[r14+4]
jg @f
mov byte ptr [rdx+5c],1 //god flag
@@:
cmp eax,[r14]
jg @f
xor eax,eax
mov [rbx+7c],eax
mov eax,[r14]
mov [rdx+58],eax
@@:
jmp end8
notplayer8:
end8:
pop rdx
pop r14
originalcode8_damageHandle1AOB:
readmem(damageHandle1AOB,6)
//mov eax,[rbx+7C]
//mov [rsi+7C],eax
exit8:
jmp returnhere8
///
pPlayerJustHit:
dq 0
pPAttackedInfo:
dq 0
pPAttackedInfo2:
dq 0
dMinHealth:
dd dminhealthdefault
dd #360
///
damageHandle1AOB: //"re2.exe"+B9766D3:
jmp newmem8
nop
returnhere8:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem8)
damageHandle1AOB: //"re2.exe"+B9766D3:
readmem(originalcode8_damageHandle1AOB,6)
//db 8B 43 7C 89 46 7C
//Alt: mov eax,[rbx+7C]
//Alt: mov [rsi+7C],eax
unregistersymbol(originalcode8_damageHandle1AOB)
unregistersymbol(pPlayerJustHit)
unregistersymbol(pPAttackedInfo)
unregistersymbol(pPAttackedInfo2)
unregistersymbol(dMinHealth)
13060
"min health"
008000
4 Bytes
dMinHealth
13061
"don't set lower than 360"
808080
1
13062
"damage mod"
FF0000
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
define(ddamagemultiplierdefault,(float)1)
label(pEnemyJustHit)
registersymbol(pEnemyJustHit)
label(pAttackInfo)
registersymbol(pAttackInfo)
label(pAttackInfo2)
registersymbol(pAttackInfo2)
label(bIsEnemy)
registersymbol(bIsEnemy)
label(dDamageMultiplier)
registersymbol(dDamageMultiplier)
label(bWeakLimbsKey)
registersymbol(bWeakLimbsKey)
label(bWeakLimbs)
registersymbol(bWeakLimbs)
alloc(newmem2,2048,damageHandle1AOB+6) //"re2.exe"+B9766D9)
label(returnhere2)
label(originalcode2_damageHandle1AOB)
registersymbol(originalcode2_damageHandle1AOB)
label(exit2)
newmem2: //this is allocated memory, you have read,write,execute access
//place your code here
push rdx
mov rax,pPlayer
mov rdx,[rbp+b8]
cmp [rax],rdx
pop rdx
je @f
mov rax,pEnemyJustHit
mov [rax],rbp
mov rax,pAttackInfo
mov [rax],rbx
mov rax,pAttackInfo2
mov [rax],rcx
mov rax,bIsEnemy
mov byte ptr [rax],1
mov rax,dDamageMultiplier
fild dword ptr [rbx+7c]
fmul dword ptr [rax]
fist dword ptr [rsi+7c]
fistp dword ptr [rbx+7c]
//fld1
//fst dword ptr [rbx+80]
//fst dword ptr [rbx+8c]
//fstp dword ptr [rbx+90]
originalcode2_damageHandle1AOB:
readmem(damageHandle1AOB+6,9)
//mov rax,[rdi+50]
//cmp qword ptr [rax+18],00
exit2:
jmp returnhere2
///
pEnemyJustHit:
dq 0
pAttackInfo:
dq 0
pAttackInfo2:
dq 0
bIsEnemy:
dd 0
dDamageMultiplier:
dd ddamagemultiplierdefault
bWeakLimbsKey:
dd 14
bWeakLimbs:
dd 0
dd 0
///
damageHandle1AOB+6: //"re2.exe"+B9766D9:
jmp newmem2
nop
nop
nop
nop
returnhere2:
///*******************************************///
aobscanmodule(cJmpIfNormalAttackAOB,re2.exe,48 ** ** ** 00 0F 85 ** ** ** ** 48 ** ** 74 ** 83 ** ** 00 7E)
registersymbol(cJmpIfNormalAttackAOB)
alloc(newmem6,2048,cJmpIfNormalAttackAOB+10) //"re2.exe"+6940E6)
label(returnhere6)
label(originalcode6_cJmpIfNormalAttackAOB)
registersymbol(originalcode6_cJmpIfNormalAttackAOB)
label(exit6)
newmem6: //this is allocated memory, you have read,write,execute access
//place your code here
mov rdi,bIsEnemy
cmp byte ptr [rdi],1
jne end6
inc byte ptr [rdi]
mov rdi,bWeakLimbs
cmp byte ptr [rdi],1
je @f
cmp byte ptr [rdi+4],1
jne end6
@@:
readmem(cJmpIfNormalAttackAOB+10,4)
//cmp dword ptr [rax+1C],00
jg @f
db C7 40
readmem(cJmpIfNormalAttackAOB+12,1)
db 01 00 00 00
//mov dword ptr [rax+1c],1
end6:
readmem(cJmpIfNormalAttackAOB+10,4)
reassemble(cJmpIfNormalAttackAOB+14)
jmp exit6
originalcode6_cJmpIfNormalAttackAOB:
readmem(cJmpIfNormalAttackAOB+10,6)
//cmp dword ptr [rax+1C],00
//jle re2.exe+694138
exit6:
jmp returnhere6
///
cJmpIfNormalAttackAOB+10: //"re2.exe"+6940E6:
jmp newmem6
nop
returnhere6:
///*******************************************///
aobscanmodule(dsmageSpecialEffectReadAOB,re2.exe,8B ** ** ** ** 00 02 00 00 0F 8E ** ** ** ** ** 00 00 02 00)
registersymbol(dsmageSpecialEffectReadAOB)
alloc(newmem12,2048,dsmageSpecialEffectReadAOB) //"re2.exe"+A3DDB96)
label(returnhere12)
label(originalcode12_dsmageSpecialEffectReadAOB)
registersymbol(originalcode12_dsmageSpecialEffectReadAOB)
label(exit12)
newmem12: //this is allocated memory, you have read,write,execute access
//place your code here
push rdi
mov rdi,bIsEnemy
cmp byte ptr [rdi],2
jne end12
xor eax,eax
mov [rdi],eax
mov rdi,bWeakLimbs
cmp byte ptr [rdi],1
je @f
cmp byte ptr [rdi+4],1
jne end12
@@:
mov eax,40
db 89
readmem(dsmageSpecialEffectReadAOB+1,3)
//mov [rbx+rsi*4+20],eax
end12:
pop rdi
originalcode12_dsmageSpecialEffectReadAOB:
readmem(dsmageSpecialEffectReadAOB,9)
//mov eax,[rbx+rsi*4+20]
//cmp eax,00000200
exit12:
jmp returnhere12
///
dsmageSpecialEffectReadAOB: //"re2.exe"+A3DDB96:
jmp newmem12
nop
nop
nop
nop
returnhere12:
///*******************************************///
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem2)
damageHandle1AOB+6: //"re2.exe"+B9766D9:
readmem(originalcode2_damageHandle1AOB,9)
//db 48 8B 47 50 48 83 78 18 00
//Alt: mov rax,[rdi+50]
//Alt: cmp qword ptr [rax+18],00
unregistersymbol(originalcode2_damageHandle1AOB)
unregistersymbol(pEnemyJustHit)
unregistersymbol(pAttackInfo)
unregistersymbol(pAttackInfo2)
unregistersymbol(bIsEnemy)
unregistersymbol(dDamageMultiplier)
unregistersymbol(bWeakLimbsKey)
unregistersymbol(bWeakLimbs)
///*******************************************///
dealloc(newmem6)
cJmpIfNormalAttackAOB+10: //"re2.exe"+6940E6:
readmem(originalcode6_cJmpIfNormalAttackAOB,6)
//db 83 78 1C 00 7E 4C
//Alt: cmp dword ptr [rax+1C],00
//Alt: jle re2.exe+694138
unregistersymbol(originalcode6_cJmpIfNormalAttackAOB)
///*******************************************///
dealloc(newmem12)
dsmageSpecialEffectReadAOB: //"re2.exe"+A3DDB96:
readmem(originalcode12_dsmageSpecialEffectReadAOB,9)
//db 8B 44 B3 20 3D 00 02 00 00
//Alt: mov eax,[rbx+rsi*4+20]
//Alt: cmp eax,00000200
unregistersymbol(originalcode12_dsmageSpecialEffectReadAOB)
///*******************************************///
13693
"damage multiplier"
FF0000
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
dDamageMultiplier:
dd (float)2
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dDamageMultiplier:
dd (float)1
13063
"x?"
008000
Float
dDamageMultiplier
13580
"enemy base"
1
000080
Array of byte
0
pEnemyJustHit
0
13614
"+120"
000080
Array of byte
0
+120
0
13613
"+28"
000080
Array of byte
0
+28
0
13615
"+60"
000080
Array of byte
0
+60
0
13617
"+10"
1
0000FF
4 Bytes
+10
13616
"+68"
000080
Array of byte
0
+68
0
13618
"+10"
1
0000FF
4 Bytes
+10
13621
"+98 enemy health"
000080
Array of byte
0
+98
0
13581
"enemy health"
000080
Array of byte
0
+b8
0
13582
"h"
0000FF
4 Bytes
+58
13583
"h max"
0000FF
4 Bytes
-4
13584
"god (auto reset)"
0000FF
Byte
+4
13585
"god"
0000FF
Byte
+5
13586
"+a0"
0000FF
Float
+a0
13587
"ai 1"
000080
Array of byte
0
pAttackInfo
0
13592
"damage"
0000FF
Float
+7c
13593
"+70"
1
0000FF
4 Bytes
+70
13612
"+74"
1
0000FF
4 Bytes
+74
13611
"+78"
1
0000FF
4 Bytes
+78
13610
"+7c damage"
0000FF
Float
+7c
13609
"+80"
0000FF
Float
+80
13598
"+84"
1
0000FF
4 Bytes
+84
13597
"+88"
0000FF
4 Bytes
+88
13599
"+8c"
0000FF
Float
+8c
13600
"+90"
0000FF
Float
+90
13602
"+94"
0000FF
Float
+94
13603
"+98"
0000FF
Float
+98
13604
"+9c"
0000FF
Float
+9c
13594
"+a0 impact angle"
0000FF
Float
+a0
13595
"+a4 impact angle"
0000FF
Float
+a4
13596
"+a8 impact angle"
0000FF
Float
+a8
13605
"+ac"
0000FF
Float
+ac
13601
"+b0"
0000FF
4 Bytes
+b0
13606
"+b4"
0000FF
4 Bytes
+b4
13607
"+b8"
0000FF
4 Bytes
+b8
13608
"+bc"
0000FF
4 Bytes
+bc
13619
"ai 2"
000080
Array of byte
0
pAttackInfo2
0
13622
"+60"
000080
Array of byte
0
+60
0
13623
"+40"
1
0000FF
4 Bytes
+40
13624
"+3a0"
1
0000FF
4 Bytes
+3a0
13625
"+690"
1
0000FF
4 Bytes
+690
13627
"+6f0"
1
0000FF
4 Bytes
+6f0
13626
"+720"
1
0000FF
4 Bytes
+720
13628
"+790"
1
0000FF
4 Bytes
+790
13629
"+7c0 *"
1
0000FF
4 Bytes
+7c0
13630
"+8d0"
1
0000FF
4 Bytes
+8d0
13631
"+b00"
1
0000FF
4 Bytes
+b00
13632
"+b40"
1
0000FF
4 Bytes
+b40
13694
"piercing ammo .2"
FF0000
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
//modified from TheyCallMeTim13's lua keylistener script
//http://fearlessrevolution.com/viewtopic.php?f=4&t=6041&start=60#p62657
{$lua}
local function weaklimbskeyLuaThread(thread)
while WeakLimbskeyLuaThreadLoop do
sleep(100)
addrwl = getAddress('bWeakLimbs')
if addrwl then
if ( isKeyPressed( readInteger('bWeakLimbsKey') ) and readBytes(addrwl) == 2 ) then
writeBytes(addrwl+4, 1)
else
writeBytes(addrwl+4, 0)
end
else
addrwl = getAddress('bWeakLimbs')
end
end
thread.terminate()
-- while WeakLimbskeyLuaThreadLoop do
-- if ( isKeyPressed(VK_CAPITAL) ) then
-- writeBytes("bWeakLimbs" ,1)
-- else
-- writeBytes("bWeakLimbs" ,0)
-- end
-- end
-- thread.terminate()
end
----------------------------------
if syntaxcheck then return end
WeakLimbskeyLuaThreadLoop = true
createThread(weaklimbskeyLuaThread)
{$asm}
///*****************************************///
bWeakLimbs:
db 2
dd 0
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
{$lua}
if syntaxcheck then return end
WeakLimbskeyLuaThreadLoop = false
{$asm}
///*****************************************///
bWeakLimbs:
dd 0
dd 0
13637
"method"
0:no
2:hold key
1:always
008000
Byte
bWeakLimbs
13744
"+4"
0:not pressing
1:pressing
008000
Byte
+4
13634
""
FFFFFF
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem11,2048,"re2.exe"+A9EA0BD)
label(returnhere11)
label(originalcode11)
label(exit11)
newmem11: //this is allocated memory, you have read,write,execute access
//place your code here
mov r8d,3
mov [rdx+10],r8d
originalcode11:
mov r8d,[rdx+10]
mov rbx,rcx
exit11:
jmp returnhere11
///
"re2.exe"+A9EA0BD:
jmp newmem11
nop
nop
returnhere11:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem11)
"re2.exe"+A9EA0BD:
db 44 8B 42 10 48 89 CB
//Alt: mov r8d,[rdx+10]
//Alt: mov rbx,rcx
13635
""
FFFFFF
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem17,2048,"re2.exe"+BE144BE)
label(returnhere17)
label(originalcode17)
label(exit17)
newmem17: //this is allocated memory, you have read,write,execute access
//place your code here
xor rax,rax
test r10,r10
jz @f
mov dword ptr [r10+8],ffffffff
originalcode17:
mov r8,rax
mov rdx,rdi
exit17:
jmp returnhere17
///
"re2.exe"+BE144BE:
jmp newmem17
nop
returnhere17:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem17)
"re2.exe"+BE144BE:
db 49 89 C0 48 89 FA
//Alt: mov r8,rax
//Alt: mov rdx,rdi
13633
"+"
FFFFFF
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscanmodule(cJmpIfNormalAttackAOB,re2.exe,48 ** ** ** 00 0F 85 ** ** ** ** 48 ** ** 74 ** 83 ** ** 00 7E)
registersymbol(cJmpIfNormalAttackAOB)
alloc(newmem6,2048,cJmpIfNormalAttackAOB+10) //"re2.exe"+6940E6)
label(returnhere6)
label(originalcode6_cJmpIfNormalAttackAOB)
registersymbol(originalcode6_cJmpIfNormalAttackAOB)
label(exit6)
newmem6: //this is allocated memory, you have read,write,execute access
//place your code here
mov rdi,bIsEnemy
cmp byte ptr [rdi],1
jne @f
inc byte ptr [rdi]
mov rdi,bWeakLimbs
cmp byte ptr [rdi],1
jne @f
readmem(cJmpIfNormalAttackAOB+10,4)
//cmp dword ptr [rax+1C],00
jg @f
db C7 40
readmem(cJmpIfNormalAttackAOB+12,1)
db 01 00 00 00
//mov dword ptr [rax+1c],1
@@:
readmem(cJmpIfNormalAttackAOB+10,4)
reassemble(cJmpIfNormalAttackAOB+14)
jmp exit6
originalcode6_cJmpIfNormalAttackAOB:
readmem(cJmpIfNormalAttackAOB+10,6)
//cmp dword ptr [rax+1C],00
//jle re2.exe+694138
exit6:
jmp returnhere6
///
cJmpIfNormalAttackAOB+10: //"re2.exe"+6940E6:
jmp newmem6
nop
returnhere6:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem6)
cJmpIfNormalAttackAOB+10: //"re2.exe"+6940E6:
readmem(originalcode6_cJmpIfNormalAttackAOB,6)
//db 83 78 1C 00 7E 4C
//Alt: cmp dword ptr [rax+1C],00
//Alt: jle re2.exe+694138
unregistersymbol(originalcode6_cJmpIfNormalAttackAOB)
13636
"++"
FFFFFF
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscanmodule(dsmageSpecialEffectReadAOB,re2.exe,8B ** ** ** ** 00 02 00 00 0F 8E ** ** ** ** ** 00 00 02 00)
registersymbol(dsmageSpecialEffectReadAOB)
alloc(newmem12,2048,dsmageSpecialEffectReadAOB) //"re2.exe"+A3DDB96)
label(returnhere12)
label(originalcode12_dsmageSpecialEffectReadAOB)
registersymbol(originalcode12_dsmageSpecialEffectReadAOB)
label(exit12)
newmem12: //this is allocated memory, you have read,write,execute access
//place your code here
push rdi
mov rdi,bIsEnemy
cmp byte ptr [rdi],2
jne @f
xor eax,eax
mov [rdi],eax
mov rdi,bWeakLimbs
cmp byte ptr [rdi],1
jne @f
mov eax,40
db 89
readmem(dsmageSpecialEffectReadAOB+1,3)
//mov [rbx+rsi*4+20],eax
@@:
pop rdi
originalcode12_dsmageSpecialEffectReadAOB:
readmem(dsmageSpecialEffectReadAOB,9)
//mov eax,[rbx+rsi*4+20]
//cmp eax,00000200
exit12:
jmp returnhere12
///
dsmageSpecialEffectReadAOB: //"re2.exe"+A3DDB96:
jmp newmem12
nop
nop
nop
nop
returnhere12:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem12)
dsmageSpecialEffectReadAOB: //"re2.exe"+A3DDB96:
readmem(originalcode12_dsmageSpecialEffectReadAOB,9)
//db 8B 44 B3 20 3D 00 02 00 00
//Alt: mov eax,[rbx+rsi*4+20]
//Alt: cmp eax,00000200
unregistersymbol(originalcode12_dsmageSpecialEffectReadAOB)
13746
"mod key"
10:SHIFT key
11:CTRL key
12:ALT key
14:CAPS LOCK key
04:Middle Mouse Button
05:X1 Mouse Button
06:X2 Moust Button
1
008000
Byte
bWeakLimbsKey
13747
"ignore if method is set to always"
808080
1
13001
"no reload .2"
FF0000
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
//ammo clip read on fire 1
aobscanmodule(ammoClipReadOnFire1AOB,re2.exe,74 0C 48 ** ** ** 48 ** ** 74 03 8B ** ** 48 ** ** 48 ** ** E8)
registersymbol(ammoClipReadOnFire1AOB)
alloc(newmem,2048,ammoClipReadOnFire1AOB+e) //"re2.exe"+BFBB04E)
label(returnhere)
label(originalcode_ammoClipReadOnFire1AOB)
registersymbol(originalcode_ammoClipReadOnFire1AOB)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
mov rdx,pAmmo
cmp [rdx],rcx
jne @f
cmp byte ptr [rdx+8],1
jne @f
inc byte ptr [rdx+8]
test esi,esi
jg @f
mov esi,1
//mov [rcx+20],esi
originalcode_ammoClipReadOnFire1AOB:
readmem(ammoClipReadOnFire1AOB+e,6)
//mov rdx,rdi
//mov rcx,rbx
exit:
jmp returnhere
///
ammoClipReadOnFire1AOB+e: //"re2.exe"+BFBB04E:
jmp newmem
nop
returnhere:
///****************************************///
//ammo clip const read 1 (chk zero), accessed twice after "ammo clip read on fire 1"
aobscanmodule(ammoClipZeroCChkAOB,re2.exe,74 0C 48 ** ** ** 48 ** ** 74 03 8B ** ** 85 DB 48)
registersymbol(ammoClipZeroCChkAOB)
label(bHideEmptyClipAppearance)
registersymbol(bHideEmptyClipAppearance)
alloc(newmem2,2048,ammoClipZeroCChkAOB+e) //"re2.exe"+B8BE2C8)
label(returnhere2)
label(originalcode2_ammoClipZeroCChkAOB)
registersymbol(originalcode2_ammoClipZeroCChkAOB)
label(exit2)
newmem2: //this is allocated memory, you have read,write,execute access
//place your code here
mov rsi,pAmmo
cmp [rsi],rcx
jne end2
cmp byte ptr [rsi+8],2
je @f
cmp byte ptr [rsi+8],3
je @f
mov rsi,bHideEmptyClipAppearance
cmp byte ptr [rsi],1
je fakenoemptyclip2
jmp end2
@@:
inc byte ptr [rsi+8]
fakenoemptyclip2:
test ebx,ebx //
jg @f //
mov ebx,1 //
end2:
originalcode2_ammoClipZeroCChkAOB:
readmem(ammoClipZeroCChkAOB+e,7)
//test ebx,ebx
//mov rbx,[rsp+30]
exit2:
jmp returnhere2
///
bHideEmptyClipAppearance:
dd 1
///
ammoClipZeroCChkAOB+e: //"re2.exe"+B8BE2C8:
jmp newmem2
nop
nop
returnhere2:
///****************************************///
aobscanmodule(lastClipChkOnFireAOB,re2.exe,74 0B 83 FE 01 0F 94 D2 E8 ** ** ** ** 48)
registersymbol(lastClipChkOnFireAOB)
label(bMuteEmptyClipSound)
registersymbol(bMuteEmptyClipSound)
alloc(newmem6,2048,lastClipChkOnFireAOB+2) //"re2.exe"+D244CE0)
label(returnhere6)
label(originalcode6_lastClipChkOnFireAOB)
registersymbol(originalcode6_lastClipChkOnFireAOB)
label(exit6)
newmem6: //this is allocated memory, you have read,write,execute access
//place your code here
readmem(lastClipChkOnFireAOB+2,6)
//cmp esi,01
//sete dl
mov rax,bMuteEmptyClipSound
mov al,[rax]
test al,al
jz @f
xor dl,dl
@@:
jmp exit6
originalcode6_lastClipChkOnFireAOB:
readmem(lastClipChkOnFireAOB+2,6)
//cmp esi,01
//sete dl
exit6:
jmp returnhere6
///
bMuteEmptyClipSound:
dd 1
///
lastClipChkOnFireAOB+2: //"re2.exe"+D244CE0:
jmp newmem6
nop
returnhere6:
///****************************************///
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
ammoClipReadOnFire1AOB+e: //"re2.exe"+BFBB04E:
readmem(originalcode_ammoClipReadOnFire1AOB,6)
//db 48 89 FA 48 89 D9
//Alt: mov rdx,rdi
//Alt: mov rcx,rbx
unregistersymbol(originalcode_ammoClipReadOnFire1AOB)
///****************************************///
dealloc(newmem2)
ammoClipZeroCChkAOB+e: //"re2.exe"+B8BE2C8:
readmem(originalcode2_ammoClipZeroCChkAOB,7)
//db 85 DB 48 8B 5C 24 30
//Alt: test ebx,ebx
//Alt: mov rbx,[rsp+30]
unregistersymbol(originalcode2_ammoClipZeroCChkAOB)
unregistersymbol(bHideEmptyClipAppearance)
///****************************************///
dealloc(newmem6)
lastClipChkOnFireAOB+2: //"re2.exe"+D244CE0:
db 83 FE 01 0F 94 D2
//Alt: cmp esi,01
//Alt: sete dl
unregistersymbol(originalcode6_lastClipChkOnFireAOB)
unregistersymbol(bMuteEmptyClipSound)
///****************************************///
14134
"hide empty clip appearance?"
0:no
1:yes
008000
Byte
bHideEmptyClipAppearance
14135
"mute empty clip sound?"
0:no
1:yes
008000
Byte
bMuteEmptyClipSound
13004
"ignore ammo pouch .5"
FF0000
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
//have ammo pouch to reload flag fetchED, const
aobscanmodule(ammoPouchReadCallerForReloadFlagFetchCAOB,re2.exe,74 0D 48 ** ** ** 48 ** ** 74 04 44 ** ** ** 45 ** ** 48 ** ** 48 ** ** E8 ** ** ** ** 0F B6 C8 48 ** ** ** 48 ** ** ** 00)
registersymbol(ammoPouchReadCallerForReloadFlagFetchCAOB)
alloc(newmem,2048,ammoPouchReadCallerForReloadFlagFetchCAOB+1d) //"re2.exe"+C30F42D)
label(returnhere)
label(originalcode_ammoPouchReadCallerForReloadFlagFetchCAOB)
registersymbol(originalcode_ammoPouchReadCallerForReloadFlagFetchCAOB)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
mov al,1
originalcode_ammoPouchReadCallerForReloadFlagFetchCAOB:
readmem(ammoPouchReadCallerForReloadFlagFetchCAOB+1d,7)
//movzx ecx,al
//mov rax,[rbx+50]
exit:
jmp returnhere
///
ammoPouchReadCallerForReloadFlagFetchCAOB+1d: //"re2.exe"+C30F42D:
jmp newmem
nop
nop
returnhere:
///**************************************///
//cjmp1 to skip ammo/ammopouch chk on ammo/ammopouch cal after reload, before 1st ammopouch read after reload
//aobscanmodule(haveAmmoPouchChkBeforeAmmoAPouchCallAfterReloadAOB,re2.exe,F2 ** ** ** ** ** 0F 11 ** ** ** E8 ** ** ** ** 0F B6 D0 48 ** ** ** 48 ** ** ** 48 ** ** 0F 85 ** ** ** ** 49 BC FF FF FF FF FF FF FF 7F 85 ** 0F 84)
aobscanmodule(haveAmmoPouchChkBeforeAmmoAPouchCallAfterReloadAOB,re2.exe,F2 ** ** ** ** ** 0F 11 ** ** ** E8 ** ** ** ** 0F B6 D0 48 ** ** ** 48 ** ** ** 48 ** ** 0F 85 ** ** ** ** 49 BC FF FF FF FF FF FF FF 7F 85 ** 0F 84 ** ** ** ** 48 ** ** 0F 85 ** ** ** ** 48 ** ** ** ** ** ** ** ** ** ** ** ** ** ** 0F 84)
registersymbol(haveAmmoPouchChkBeforeAmmoAPouchCallAfterReloadAOB)
alloc(newmem2,2048,haveAmmoPouchChkBeforeAmmoAPouchCallAfterReloadAOB+24) //"re2.exe"+C30FC4B)
label(returnhere2)
label(originalcode2_haveAmmoPouchChkBeforeAmmoAPouchCallAfterReloadAOB)
registersymbol(originalcode2_haveAmmoPouchChkBeforeAmmoAPouchCallAfterReloadAOB)
label(exit2)
newmem2: //this is allocated memory, you have read,write,execute access
//place your code here
push rbx
mov rbx,pAmmo
mov byte ptr [rbx+c],1
test edx,edx
jnz @f
mov edx,1
//inc byte ptr [rbx+c]
@@:
pop rbx
originalcode2_haveAmmoPouchChkBeforeAmmoAPouchCallAfterReloadAOB:
readmem(haveAmmoPouchChkBeforeAmmoAPouchCallAfterReloadAOB+24,10)
//mov r12,7FFFFFFFFFFFFFFF
exit2:
jmp returnhere2
///
haveAmmoPouchChkBeforeAmmoAPouchCallAfterReloadAOB+24: //"re2.exe"+C30FC4B:
jmp newmem2
nop
nop
nop
nop
nop
returnhere2:
///**************************************///
aobscanmodule(itemIDsReadForAltAmmoPresenceAOB,re2.exe,8B ** ** EB 02 31 C0 48 ** ** 75 ** 41 ** ** 18 0F 94 D0)
registersymbol(itemIDsReadForAltAmmoPresenceAOB)
itemIDsReadForAltAmmoPresenceAOB+10: //"re2.exe"+B9F3E92:
db 90 B0 01
///**************************************///
aobscanmodule(cJmpIfNoAltAmmoPouchForChangeAfterAlrAmmoChangeAOB,re2.exe,48 ** ** ** 75 ** 48 ** ** 74 ** 39 ** ** 0F 84)
registersymbol(cJmpIfNoAltAmmoPouchForChangeAfterAlrAmmoChangeAOB)
alloc(originalcode6_cJmpIfNoAltAmmoPouchForChangeAfterAlrAmmoChangeAOB,8,re2.exe)
registersymbol(originalcode6_cJmpIfNoAltAmmoPouchForChangeAfterAlrAmmoChangeAOB)
originalcode6_cJmpIfNoAltAmmoPouchForChangeAfterAlrAmmoChangeAOB:
readmem(cJmpIfNoAltAmmoPouchForChangeAfterAlrAmmoChangeAOB+e,6)
///
cJmpIfNoAltAmmoPouchForChangeAfterAlrAmmoChangeAOB+e: //"re2.exe"+C311C6D:
db 90 90 90 90 90 90
///**************************************///
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
ammoPouchReadCallerForReloadFlagFetchCAOB+1d: //"re2.exe"+C30F42D:
readmem(originalcode_ammoPouchReadCallerForReloadFlagFetchCAOB,7)
//db 0F B6 C8 48 8B 43 50
//Alt: movzx ecx,al
//Alt: mov rax,[rbx+50]
unregistersymbol(originalcode_ammoPouchReadCallerForReloadFlagFetchCAOB)
///**************************************///
dealloc(newmem2)
haveAmmoPouchChkBeforeAmmoAPouchCallAfterReloadAOB+24: //"re2.exe"+C30FC4B:
readmem(originalcode2_haveAmmoPouchChkBeforeAmmoAPouchCallAfterReloadAOB,10)
//db 49 BC FF FF FF FF FF FF FF 7F
//Alt: mov r12,7FFFFFFFFFFFFFFF
unregistersymbol(originalcode2_haveAmmoPouchChkBeforeAmmoAPouchCallAfterReloadAOB)
///**************************************///
itemIDsReadForAltAmmoPresenceAOB+10: //"re2.exe"+B9F3E92:
db 0F 94 D0
//Alt: sete al
///**************************************///
cJmpIfNoAltAmmoPouchForChangeAfterAlrAmmoChangeAOB+e: //"re2.exe"+C311C6D:
readmem(originalcode6_cJmpIfNoAltAmmoPouchForChangeAfterAlrAmmoChangeAOB,6)
//db 0F 84 09 02 00 00
//Alt: je re2.exe+C311E7C
///**************************************///
13030
"inf. sub-weapons"
FF0000
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscanmodule(subWeaponsDurationQuantityCalOnUseCounterAOB,re2.exe,0F 84 ** ** ** ** 48 ** ** ** 48 ** ** 0F 84 ** ** ** ** 8B ** ** E9)
registersymbol(subWeaponsDurationQuantityCalOnUseCounterAOB)
alloc(newmem,2048,subWeaponsDurationQuantityCalOnUseCounterAOB+13) //"re2.exe"+B8C3A02)
label(returnhere)
label(originalcode_subWeaponsDurationQuantityCalOnUseCounterAOB)
registersymbol(originalcode_subWeaponsDurationQuantityCalOnUseCounterAOB)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
cmp dword ptr [rcx+14],2e //knife
jne @f
db 01 79
readmem(subWeaponsDurationQuantityCalOnUseCounterAOB+15,1)
//add [rcx+20],edi
jmp fakeoriginalcode
@@:
cmp dword ptr [rcx+14],42 //flash grenade
jne @f
cmp [rcx+20],edi
jg fakeoriginalcode
mov [rcx+20],edi
inc dword ptr [rcx+20]
jmp fakeoriginalcode
@@:
cmp dword ptr [rcx+14],41 //hand grenade
jne @f
cmp [rcx+20],edi
jg fakeoriginalcode
mov [rcx+20],edi
inc dword ptr [rcx+20]
jmp fakeoriginalcode
@@:
fakeoriginalcode:
readmem(subWeaponsDurationQuantityCalOnUseCounterAOB+13,3)
//mov ebx,[rcx+20]
reassemble(subWeaponsDurationQuantityCalOnUseCounterAOB+16)
//jmp re2.exe+B8C3947
originalcode_subWeaponsDurationQuantityCalOnUseCounterAOB:
readmem(subWeaponsDurationQuantityCalOnUseCounterAOB+13,8)
//mov ebx,[rcx+20]
//jmp re2.exe+B8C3947
exit:
jmp returnhere
///
subWeaponsDurationQuantityCalOnUseCounterAOB+13: //"re2.exe"+B8C3A02:
jmp newmem
nop
nop
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
subWeaponsDurationQuantityCalOnUseCounterAOB+13: //"re2.exe"+B8C3A02:
readmem(originalcode_subWeaponsDurationQuantityCalOnUseCounterAOB,8)
//db 8B 59 20 E9 3D FF FF FF
//Alt: mov ebx,[rcx+20]
//Alt: jmp re2.exe+B8C3947
unregistersymbol(originalcode_subWeaponsDurationQuantityCalOnUseCounterAOB)
14823
"∞ mod"
FF0000
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
luaCall(lua_aobscan("infAmmoPouchFlagChkAOB","re2.exe","EB ** 48 ** ** 45 ** ** 48 ** ** E8 ** ** ** ** 0F B6 ** 48 ** ** ** 48 ** ** ** 00 75",2))
luaCall(lua_aobscan("infAmmoClipFlagChkAOB","re2.exe","EB ** 48 ** ** 45 ** ** 48 ** ** E8 ** ** ** ** 0F B6 ** 48 ** ** ** 48 ** ** ** 00 75",1))
alloc(aForceInfAmmoPouchFlag,1048,infAmmoPouchFlagChkAOB)
registersymbol(aForceInfAmmoPouchFlag)
///
aForceInfAmmoPouchFlag:
///
alloc(aForceInfAmmoClipFlag,1048,infAmmoClipFlagChkAOB)
registersymbol(aForceInfAmmoClipFlag)
///
aForceInfAmmoClipFlag:
///
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(aForceInfAmmoPouchFlag)
unregistersymbol(aForceInfAmmoPouchFlag)
dealloc(aForceInfAmmoClipFlag)
unregistersymbol(aForceInfAmmoClipFlag)
14824
"∞ ammo clip & sub-weapons mod .2"
FF0000
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
label(dWeaponIDForInfAmmoClipFlagChk)
registersymbol(dWeaponIDForInfAmmoClipFlagChk)
alloc(newmem,2048,infAmmoClipFlagChkAOB+5) //"re2.exe"+9BFBC20)
label(returnhere)
label(originalcode_infAmmoClipFlagChkAOB)
registersymbol(originalcode_infAmmoClipFlagChkAOB)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
mov rcx,dWeaponIDForInfAmmoClipFlagChk
mov [rcx],r8d
originalcode_infAmmoClipFlagChkAOB:
readmem(infAmmoClipFlagChkAOB+5,6)
//mov r8d,r9d
//mov rcx,rbx
exit:
jmp returnhere
///
dWeaponIDForInfAmmoClipFlagChk:
dd ffffffff
///
infAmmoClipFlagChkAOB+5: //"re2.exe"+9BFBC20:
jmp newmem
nop
returnhere:
///**************************************///
label(bForceInfAmmoClipFlag)
registersymbol(bForceInfAmmoClipFlag)
alloc(newmem2,2048,infAmmoClipFlagChkAOB+10) //"re2.exe"+9BFBC2B)
label(returnhere2)
label(originalcode2_infAmmoClipFlagChkAOB)
registersymbol(originalcode2_infAmmoClipFlagChkAOB)
label(exit2)
newmem2: //this is allocated memory, you have read,write,execute access
//place your code here
push rdi
readmem(infAmmoClipFlagChkAOB+10,3)
//movzx ecx,al
mov rax,bForceInfAmmoClipFlag
mov eax,[rax]
test eax,eax
jge @f
{mov rax,[rdi+18]
test rax,rax
jz end2
mov rax,[rax+10]
test rax,rax
jz end2
xor rdi,rdi
mov edi,[rax+14]
movsx rdi,edi
test edi,edi
jl end2
cmp edi,fc
jg end2}
mov rax,dWeaponIDForInfAmmoClipFlagChk
xor rdi,rdi
mov edi,[rax]
test rdi,rdi
jl end2
cmp rdi,fc
jg end2
mov rax,aForceInfAmmoClipFlag
mov eax,[rax+rdi*4]
test eax,eax
@@:
cmovge ecx,eax
end2:
pop rdi
readmem(infAmmoClipFlagChkAOB+13,4)
//mov rax,[rbx+50]
jmp exit2
originalcode2_infAmmoClipFlagChkAOB:
readmem(infAmmoClipFlagChkAOB+10,7)
//movzx ecx,al
//mov rax,[rbx+50]
exit2:
jmp returnhere2
///
bForceInfAmmoClipFlag:
dd ffffffff
///
infAmmoClipFlagChkAOB+10: //"re2.exe"+9BFBC2B:
jmp newmem2
nop
nop
returnhere2:
///
aForceInfAmmoClipFlag+1*4:
dd ffffffff //Matilda
dd ffffffff //M19
dd ffffffff //JMP Hp3
dd ffffffff //Quickdraw Army Revolver
aForceInfAmmoClipFlag+7*4:
dd ffffffff //MUP
dd ffffffff //Brrom Hc
dd ffffffff //SLS 60
aForceInfAmmoClipFlag+b*4:
dd ffffffff //W-870
aForceInfAmmoClipFlag+15*4:
dd ffffffff //MQ 11
aForceInfAmmoClipFlag+17*4:
dd ffffffff //LE 5
aForceInfAmmoClipFlag+1f*4:
dd ffffffff //Lightning Hawk
aForceInfAmmoClipFlag+2a*4:
dd ffffffff //GM 79
dd ffffffff //Flamethrower
dd ffffffff //Spark Shot
dd ffffffff //ATM-4
dd ffffffff //Combat Knife
dd ffffffff //Combat knife (Infinite)
aForceInfAmmoClipFlag+31*4:
dd ffffffff //Anti-tank Rocket
dd ffffffff //Minigun
aForceInfAmmoClipFlag+41*4:
dd ffffffff //Hand Grenade
dd ffffffff //Flash Grenade
aForceInfAmmoClipFlag+52*4:
dd ffffffff //Samurai Edge (Original Model)
dd ffffffff //Samurai Edge (Chris Model)
dd ffffffff //Samurai Edge (Jill Model)
dd ffffffff //Samurai Edge (Albert
aForceInfAmmoClipFlag+de*4:
dd ffffffff //ATM-4 (Infinite)
aForceInfAmmoClipFlag+f2*4:
dd ffffffff //Anti-tank Rocket (Infinite)
aForceInfAmmoClipFlag+fc*4:
dd ffffffff //Minigun (Infinite)
///
///**************************************///
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
infAmmoClipFlagChkAOB+5: //"re2.exe"+9BFBC20:
readmem(originalcode_infAmmoClipFlagChkAOB,6)
//db 45 89 C8 48 89 D9
//Alt: mov r8d,r9d
//Alt: mov rcx,rbx
unregistersymbol(originalcode_infAmmoClipFlagChkAOB)
unregistersymbol(dWeaponIDForInfAmmoClipFlagChk)
///**************************************///
dealloc(newmem2)
infAmmoClipFlagChkAOB+10: //"re2.exe"+9BFBC2B:
readmem(originalcode2_infAmmoClipFlagChkAOB,7)
//db 0F B6 C8 48 8B 43 50
//Alt: movzx ecx,al
//Alt: mov rax,[rbx+50]
unregistersymbol(originalcode2_infAmmoClipFlagChkAOB)
unregistersymbol(bForceInfAmmoClipFlag)
///**************************************///
14825
"status"
ffffffff:use individual
00000001:all ∞
1
008000
4 Bytes
bForceInfAmmoClipFlag
14826
"[individual weapons]"
000080
Array of byte
0
aForceInfAmmoClipFlag
14827
"Matilda"
ffffffff:default
00000001:∞
1
008000
4 Bytes
+1*4
14828
"M19"
ffffffff:default
00000001:∞
1
008000
4 Bytes
+2*4
14829
"JMB Hp3"
ffffffff:default
00000001:∞
1
008000
4 Bytes
+3*4
14830
"Quickdraw Revolver"
ffffffff:default
00000001:∞
1
008000
4 Bytes
+4*4
14831
"MUP"
ffffffff:default
00000001:∞
1
008000
4 Bytes
+7*4
14832
"Broom Hc"
ffffffff:default
00000001:∞
1
008000
4 Bytes
+8*4
14833
"SLS 60"
ffffffff:default
00000001:∞
1
008000
4 Bytes
+9*4
14834
"W-870"
ffffffff:default
00000001:∞
1
008000
4 Bytes
+b*4
14835
"MQ 11"
ffffffff:default
00000001:∞
1
008000
4 Bytes
+15*4
14836
"LE 5"
ffffffff:default
00000001:∞
1
008000
4 Bytes
+17*4
14837
"Lightning Hawk"
ffffffff:default
00000001:∞
1
008000
4 Bytes
+1f*4
14838
"GM 79"
ffffffff:default
00000001:∞
1
008000
4 Bytes
+2a*4
14839
"Flamethrower"
ffffffff:default
00000001:∞
1
008000
4 Bytes
+2b*4
14840
"Spark Shot"
ffffffff:default
00000001:∞
1
008000
4 Bytes
+2c*4
14841
"ATM-4"
ffffffff:default
00000001:∞
1
008000
4 Bytes
+2d*4
14842
"ATM-4 (Infinite)"
ffffffff:default
00000001:∞
1
008000
4 Bytes
+de*4
14843
"Anti-tank Rocket"
ffffffff:default
00000001:∞
1
008000
4 Bytes
+31*4
14844
"Anti-tank Rocket (Infinite)"
ffffffff:default
00000001:∞
1
008000
4 Bytes
+f2*4
14845
"Minigun"
ffffffff:default
00000001:∞
1
008000
4 Bytes
+32*4
14846
"Minigun (Infinite)"
ffffffff:default
00000001:∞
1
008000
4 Bytes
+fc*4
14847
"Samurai Edge (Original)"
ffffffff:default
00000001:∞
1
008000
4 Bytes
+52*4
14848
"Samurai Edge (Chris)"
ffffffff:default
00000001:∞
1
008000
4 Bytes
+53*4
14849
"Samurai Edge (Jill)"
ffffffff:default
00000001:∞
1
008000
4 Bytes
+54*4
14850
"Samurai Edge (Albert)"
ffffffff:default
00000001:∞
1
008000
4 Bytes
+55*4
14851
"Combat Knife"
ffffffff:default
00000001:∞
1
008000
4 Bytes
+2e*4
14852
"Combat knife (Infinite)"
ffffffff:default
00000001:∞
1
008000
4 Bytes
+2f*4
14853
"Hand Grenade"
ffffffff:default
00000001:∞
1
008000
4 Bytes
+41*4
14854
"Flash Grenade"
ffffffff:default
00000001:∞
1
008000
4 Bytes
+42*4
14855
"∞ ammo pouch mod .2"
FF0000
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
label(bForceInfAmmoPouchFlag)
registersymbol(bForceInfAmmoPouchFlag)
alloc(newmem2,2048,infAmmoPouchFlagChkAOB+10) //"re2.exe"+9FB8ACB)
label(returnhere2)
label(originalcode2_infAmmoPouchFlagChkAOB)
registersymbol(originalcode2_infAmmoPouchFlagChkAOB)
label(exit2)
newmem2: //this is allocated memory, you have read,write,execute access
//place your code here
readmem(infAmmoPouchFlagChkAOB+10,3)
//movzx ecx,al
mov rax,bForceInfAmmoPouchFlag
mov eax,[rax]
test eax,eax
jge @f
test rbp,rbp
jl end2
cmp rbp,55
jg end2
mov rax,aForceInfAmmoPouchFlag
mov eax,[rax+rbp*4]
test eax,eax
@@:
cmovge ecx,eax
end2:
readmem(infAmmoPouchFlagChkAOB+13,4)
//mov rax,[rbx+50]
jmp exit2
originalcode2_infAmmoPouchFlagChkAOB:
readmem(infAmmoPouchFlagChkAOB+10,7)
//movzx ecx,al
//mov rax,[rbx+50]
exit2:
jmp returnhere2
///
bForceInfAmmoPouchFlag:
dd ffffffff
///
infAmmoPouchFlagChkAOB+10: //"re2.exe"+9FB8ACB:
jmp newmem2
nop
nop
returnhere2:
///
aForceInfAmmoPouchFlag+1*4:
dd ffffffff //Matilda
dd ffffffff //M19
dd ffffffff //JMP Hp3
dd ffffffff //Quickdraw Army Revolver
aForceInfAmmoPouchFlag+7*4:
dd ffffffff //MUP
dd ffffffff //Brrom Hc
dd ffffffff //SLS 60
aForceInfAmmoPouchFlag+b*4:
dd ffffffff //W-870
aForceInfAmmoPouchFlag+15*4:
dd ffffffff //MQ 11
aForceInfAmmoPouchFlag+17*4:
dd ffffffff //LE 5
aForceInfAmmoPouchFlag+1f*4:
dd ffffffff //Lightning Hawk
aForceInfAmmoPouchFlag+2a*4:
dd ffffffff //GM 79
dd ffffffff //Flamethrower
dd ffffffff //Spark Shot
aForceInfAmmoPouchFlag+52*4:
dd ffffffff //Samurai Edge (Original Model)
dd ffffffff //Samurai Edge (Chris Model)
dd ffffffff //Samurai Edge (Jill Model)
dd ffffffff //Samurai Edge (Albert
///
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem2)
infAmmoPouchFlagChkAOB+10: //"re2.exe"+9FB8ACB:
readmem(originalcode2_infAmmoPouchFlagChkAOB,7)
//db 0F B6 C8 48 8B 43 50
//Alt: movzx ecx,al
//Alt: mov rax,[rbx+50]
unregistersymbol(originalcode2_infAmmoPouchFlagChkAOB)
unregistersymbol(bForceInfAmmoPouchFlag)
14856
"status"
ffffffff:use individual
00000000:all no ∞
00000001:all ∞
1
008000
4 Bytes
bForceInfAmmoPouchFlag
14857
"[individual guns]"
000080
Array of byte
0
aForceInfAmmoPouchFlag
14858
"Matilda"
ffffffff:default
00000000:no ∞
00000001:∞
1
008000
4 Bytes
+1*4
14859
"M19"
ffffffff:default
00000000:no ∞
00000001:∞
1
008000
4 Bytes
+2*4
14860
"JMB Hp3"
ffffffff:default
00000000:no ∞
00000001:∞
1
008000
4 Bytes
+3*4
14861
"Quickdraw Revolver"
ffffffff:default
00000000:no ∞
00000001:∞
1
008000
4 Bytes
+4*4
14862
"MUP"
ffffffff:default
00000000:no ∞
00000001:∞
1
008000
4 Bytes
+7*4
14863
"Broom Hc"
ffffffff:default
00000000:no ∞
00000001:∞
1
008000
4 Bytes
+8*4
14864
"SLS 60"
ffffffff:default
00000000:no ∞
00000001:∞
1
008000
4 Bytes
+9*4
14865
"W-870"
ffffffff:default
00000000:no ∞
00000001:∞
1
008000
4 Bytes
+b*4
14866
"MQ 11"
ffffffff:default
00000000:no ∞
00000001:∞
1
008000
4 Bytes
+15*4
14867
"LE 5"
ffffffff:default
00000000:no ∞
00000001:∞
1
008000
4 Bytes
+17*4
14868
"Lightning Hawk"
ffffffff:default
00000000:no ∞
00000001:∞
1
008000
4 Bytes
+1f*4
14869
"GM 79"
ffffffff:default
00000000:no ∞
00000001:∞
1
008000
4 Bytes
+2a*4
14870
"Flamethrower"
ffffffff:default
00000000:no ∞
00000001:∞
1
008000
4 Bytes
+2b*4
14871
"Spark Shot"
ffffffff:default
00000000:no ∞
00000001:∞
1
008000
4 Bytes
+2c*4
14872
"Samurai Edge (Original)"
ffffffff:default
00000000:no ∞
00000001:∞
1
008000
4 Bytes
+52*4
14873
"Samurai Edge (Chris)"
ffffffff:default
00000000:no ∞
00000001:∞
1
008000
4 Bytes
+53*4
14874
"Samurai Edge (Jill)"
ffffffff:default
00000000:no ∞
00000001:∞
1
008000
4 Bytes
+54*4
14875
"Samurai Edge (Albert)"
ffffffff:default
00000000:no ∞
00000001:∞
1
008000
4 Bytes
+55*4
14721
"custom pick up item key"
FF0000
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscanmodule(itemIDChkOnPickUpCallerAOB,re2.exe,4C ** ** E8 ** ** ** ** 0F B6 C8 48 ** ** ** 48 ** ** ** 75 ** 48 ** ** ** ** ** ** ** 4C ** ** ** ** ** ** ** 49 ** FF FF FF FF FF FF FF 7F)
registersymbol(itemIDChkOnPickUpCallerAOB)
label(pPickUpItem)
registersymbol(pPickUpItem)
label(bCustPickUpKeyID)
registersymbol(bCustPickUpKeyID)
label(bCustPickUpKeyPressed)
registersymbol(bCustPickUpKeyPressed)
label(dCustPickUpItemID)
registersymbol(dCustPickUpItemID)
label(dCustPickUpWeaponID)
registersymbol(dCustPickUpWeaponID)
alloc(newmem,2048,itemIDChkOnPickUpCallerAOB+8) //"re2.exe"+DC5B66C)
label(returnhere)
label(originalcode_itemIDChkOnPickUpCallerAOB)
registersymbol(originalcode_itemIDChkOnPickUpCallerAOB)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
mov rcx,bCustPickUpKeyPressed
cmp byte ptr [rcx],1
jne @f
mov rcx,dCustPickUpItemID
cmp dword ptr [rcx],fffffffe
je @f
cmp dword ptr [rcx+4],fffffffe
je @f
mov ecx,[rcx]
mov [r8+10],ecx
mov rcx,dCustPickUpWeaponID
mov ecx,[rcx]
mov [r8+14],ecx
originalcode_itemIDChkOnPickUpCallerAOB:
readmem(itemIDChkOnPickUpCallerAOB+8,7)
//movzx ecx,al
//mov rax,[rbx+50]
exit:
jmp returnhere
///
pPickUpItem:
dq 0
bCustPickUpKeyID:
dd 04
bCustPickUpKeyPressed:
dd 0
dCustPickUpItemID:
dd fffffffe
dCustPickUpWeaponID:
dd fffffffe
///
itemIDChkOnPickUpCallerAOB+8: //"re2.exe"+DC5B66C:
jmp newmem
nop
nop
returnhere:
///*****************************************///
//modified from TheyCallMeTim13's lua keylistener script
//http://fearlessrevolution.com/viewtopic.php?f=4&t=6041&start=60#p62657
{$lua}
local function custpickupkeyLuaThread(threadCPUK)
local addrCPUK = getAddressSafe('bCustPickUpKeyPressed')
while CustPickUpKeyThreadLoop do
sleep(100)
if addrCPUK then
if ( isKeyPressed( readInteger('bCustPickUpKeyID') ) ) then
writeBytes(addrCPUK, 1)
else
writeBytes(addrCPUK, 0)
end
else
addrCPUK = getAddressSafe('bCustPickUpKeyPressed')
end
end
threadCPUK.terminate()
-- while CustPickUpKeyThreadLoop do
-- if ( isKeyPressed(VK_CAPITAL) ) then
-- writeBytes("bCustPickUpKeyPressed" ,1)
-- else
-- writeBytes("bCustPickUpKeyPressed" ,0)
-- end
-- end
-- threadCPUK.terminate()
end
----------------------------------
if syntaxcheck then return end
CustPickUpKeyThreadLoop = true
createThread(custpickupkeyLuaThread)
{$asm}
///*****************************************///
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
{$lua}
if syntaxcheck then return end
CustPickUpKeyThreadLoop = false
{$asm}
///*****************************************///
dealloc(newmem)
itemIDChkOnPickUpCallerAOB+8: //"re2.exe"+DC5B66C:
readmem(originalcode_itemIDChkOnPickUpCallerAOB,7)
//db 0F B6 C8 48 8B 43 50
//Alt: movzx ecx,al
//Alt: mov rax,[rbx+50]
unregistersymbol(originalcode_itemIDChkOnPickUpCallerAOB)
unregistersymbol(pPickUpItem)
unregistersymbol(bCustPickUpKeyID)
unregistersymbol(bCustPickUpKeyPressed)
unregistersymbol(dCustPickUpItemID)
unregistersymbol(dCustPickUpWeaponID)
14724
"set ids, then hold key and pick up"
808080
1
14727
"remember to set the proper ammo type afterwards"
808080
1
14725
"key"
10:SHIFT key
11:CTRL key
12:ALT key
14:CAPS LOCK key
20:Spacebar
04:Middle Mouse Button
05:X1 Mouse Button
06:X2 Moust Button
1
008000
Byte
bCustPickUpKeyID
14726
""
008000
Byte
+4
14722
"item id"
fffffffe:set an id first
00000000:is weapon
00000001:First Aid Spray
00000002:Green Herb
00000003:Red Herb
00000004:Blue Herb
00000005:Mixed Herb (G+G)
00000006:Mixed Herb (G+R)
00000007:Mixed Herb (G+B)
00000008:Mixed Herb (G+G+B)
00000009:Mixed Herb (G+G+G)
0000000A:Mixed Herb (G+R+B)
0000000B:Mixed Herb (R+B)
0000000C:Green Herb
0000000D:Red Herb
0000000E:Blue Herb
0000000F:Handgun Ammo
00000010:Shotgun Shells
00000011:Submachine Gun Ammo
00000012:MAG Ammo
00000016:Acid Rounds
00000017:Flame Rounds
00000018:Needle Cartridges
00000019:Fuel
0000001A:Large-caliber Handgun Ammo
0000001B:High-Powered Rounds (SLS 60)
0000001F:Detonator
00000020:Ink Ribbon
00000021:Wooden Board
00000022:Electronic Gadget
00000023:Battery (9-volt)
00000024:Gunpowder
00000025:Gunpowder (Large)
00000026:High-Grade Gunpowder (Yellow)
00000027:High-Grade Gunpowder (White)
00000030:High-Capacity Mag. (Matilda)
00000031:Muzzle Brake (Matilda)
00000032:Gun Stock(Matilda)
00000033:Speed Loader (SLS 60)
00000034:Laser Sight (JMB Hp3)
00000035:Reinforced Frame (SLS 60)
00000036:High-Capacity Mag. (JMB Hp3)
00000037:Shotgun Stock (W-870)
00000038:Long Barrel (W-870)
0000003A:High-Capacity Mag. (MQ 11)
0000003C:Suppressor (MQ 11)
0000003D:Red Dot Sight (Lightning Hawk)
0000003E:Long Barrel (Lightning Hawk)
00000040:Shoulder Stock (GM 79)
00000041:Regulator (Flamethrower)
00000042:High Voltage Condenser (Spark Shot)
00000048:Film "Hiding Place"
00000049:Film "Rising Rookie"
0000004A:Film "Commemorative"
0000004B:Film "3F Locker"
0000004C:Film "Lion Statue"
0000004D:Storage Room Key
0000004F:Mechanic Jack Handle
00000050:Square Crank
00000051:Unicorn Medallion
00000052:Spade Key
00000053:Parking Garage Key Card
00000054:Weapons Locker Key Card
00000056:Valve Handle
00000057:S.T.A.R.S. Badge
00000058:Scepter
0000005A:Red Jewel
0000005B:Bejeweled Box
0000005D:Bishop Plug
0000005E:Rook Plug
0000005F:King Plug
00000062:Picture Block
00000066:USB Dongle Key
00000070:Spare Key (key pad)
00000072:Red Book (Art Object)
00000073:Statue's Left Arm
00000074:Left Arm with Book
00000076:Lion Medallion
00000077:Diamond Key
00000078:Car Key
0000007C:Maiden Medallion
0000007E:Power Panel Part
0000007F:Power Panel Part
00000080:Lovers Relief
00000081:Small Gear
00000082:Large Gear
00000083:Courtyard Key
00000084:Knight Plug
00000085:Pawn Plug
00000086:Queen Plug
00000087:Boxed Electronic Part
00000088:Boxed Electronic Part
0000009F:Orphanage Key
000000A0:Club Key
000000A9:Heart Key
000000AA:U.S.S. Digital Video Cassette
000000B0:T-Bar Valve Handle
000000B3:Dispersal Cartridge (Empty)
000000B4:Dispersal Cartridge (Solution)
000000B5:Dispersal Cartridge (Herbicide)
000000B7:Joint Plug
000000BA:Upgrade Chip (Admin)
000000BB:ID Wristband (Admin)
000000BC:Electronic Chip
000000BD:Signal Modulator
000000BE:Trophy
000000BF:Trophy
000000C2:Sewers Key
000000C3:ID Wristband (Visitor)
000000C4:ID Wristband (General Staff)
000000C5:ID Wristband (Senior Staff)
000000C6:Upgrade Chip (General Staff)
000000C7:Upgrade Chip (Senior Staff)
000000C8:ID Wristband (Visitor)
000000C9:ID Wristband (General Staff)
000000CA:ID Wristband (Senior Staff)
000000CB:Lab Digital Video Cassette
000000E6:Briefcase
000000F0:Fuse (Main Hall)
000000F1:Fuse (Break Room Hallway)
000000F3:Scissors
000000F4:Bolt Cutter
000000F5:Stuffed Doll
00000106:Hip Pouch
0000011e:Old Key (Ghost Survivour)
00000123:Portable Safe
00000125:Tin Storage Box
00000126:Wooden Box
00000127:Wooden Box
00000128:Tin Storage Box
1
008000
4 Bytes
dCustPickUpItemID
14723
"weapon id"
fffffffe:set an id first
FFFFFFFF:not weapon
00000001:Handgun - Matilda
00000002:Handgun - M19
00000003:Handgun - JMB Hp3
00000004:Handgun - Quickdraw Army Revolver
00000007:Handgun - MUP
00000008:Handgun - Broom Hc
00000009:Handgun - SLS 60
0000000B:Shotgun - W-870
00000015:Sub Gun - MQ 11
00000017:Sub Gun - LE 5 (Infinite)
0000001F:MAG - Lightning Hawk
00000029:EMF Visualizer
0000002A:Grenade Launcher - GM 79
0000002B:Chemical Flamethrower
0000002C:Stun Gun - Spark Shot
0000002D:ATM-4
0000002E:Combat Knife
0000002F:Combat knife (Infinite)
00000031:Anti-tank Rocket
00000032:Minigun
00000041:Hand Grenade
00000042:Flash Grenade
00000052:Handgun - Samurai Edge (Infinite)
00000053:Handgun - Samurai Edge (Chris Model)
00000054:Handgun - Samurai Edge (Jill Model)
00000055:Handgun - Samurai Edge (Albert Model)
000000DE:ATM-4 (Infinite)
000000F2:Anti-tank Rocket (Infinite)
000000FC:Minigun (Infinite)
1
008000
4 Bytes
dCustPickUpWeaponID
13013
"universal item key .2"
FF0000
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
define(universalitemkeyiddefault,14)
aobscanmodule(itemIDChkOnWObjectInteractViaInvClickAOB,re2.exe,EB 02 89 ** 39 ** ** 74 ** 48)
registersymbol(itemIDChkOnWObjectInteractViaInvClickAOB)
label(bUniversalItemKeyID)
registersymbol(bUniversalItemKeyID)
label(bUniversalItemKeyPressed)
registersymbol(bUniversalItemKeyPressed)
alloc(newmem,2048,itemIDChkOnWObjectInteractViaInvClickAOB+4) //"re2.exe"+E9A08EF)
label(returnhere)
label(originalcode_itemIDChkOnWObjectInteractViaInvClickAOB)
registersymbol(originalcode_itemIDChkOnWObjectInteractViaInvClickAOB)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
push rcx
mov rcx,bUniversalItemKeyPressed
cmp byte ptr [rcx],1
pop rcx
je @f
readmem(itemIDChkOnWObjectInteractViaInvClickAOB+4,3)
//cmp [rax+10],edx
@@:
reassemble(itemIDChkOnWObjectInteractViaInvClickAOB+7)
//je re2.exe+E9A0927
jmp exit
originalcode_itemIDChkOnWObjectInteractViaInvClickAOB:
readmem(itemIDChkOnWObjectInteractViaInvClickAOB+4,5)
//cmp [rax+10],edx
//je re2.exe+E9A0927
exit:
jmp returnhere
///
bUniversalItemKeyID:
dd universalitemkeyiddefault
bUniversalItemKeyPressed:
dd 0
///
itemIDChkOnWObjectInteractViaInvClickAOB+4: //"re2.exe"+E9A08EF:
jmp newmem
returnhere:
///*****************************************///
//item id chk on use with world object interact
aobscanmodule(itemIDChkOnWObjectInteractViaInvUseAOB,re2.exe,74 0E 48 ** ** ** 48 ** ** 74 05 8B ** ** EB 02 89 ** 39 ** ** 74 ** 48)
registersymbol(itemIDChkOnWObjectInteractViaInvUseAOB)
alloc(newmem2,2048,itemIDChkOnWObjectInteractViaInvUseAOB+12) //"re2.exe"+E9A0D77)
label(returnhere2)
label(originalcode2_itemIDChkOnWObjectInteractViaInvUseAOB)
registersymbol(originalcode2_itemIDChkOnWObjectInteractViaInvUseAOB)
label(exit2)
newmem2: //this is allocated memory, you have read,write,execute access
//place your code here
push rbx
mov rbx,bUniversalItemKeyPressed
cmp byte ptr [rbx],1
pop rbx
je @f
readmem(itemIDChkOnWObjectInteractViaInvUseAOB+12,3)
//cmp [rax+10],ecx
@@:
reassemble(itemIDChkOnWObjectInteractViaInvUseAOB+15)
//je re2.exe+E9A0DB1
jmp exit2
originalcode2_itemIDChkOnWObjectInteractViaInvUseAOB:
readmem(itemIDChkOnWObjectInteractViaInvUseAOB+12,5)
//cmp [rax+10],ecx
//je re2.exe+E9A0DB1
exit2:
jmp returnhere2
///
itemIDChkOnWObjectInteractViaInvUseAOB+12: //"re2.exe"+E9A0D77:
jmp newmem2
returnhere2:
///*****************************************///
//modified from TheyCallMeTim13's lua keylistener script
//http://fearlessrevolution.com/viewtopic.php?f=4&t=6041&start=60#p62657
{$lua}
local function universalitemkeyLuaThread(thread)
local addr = getAddressSafe('bUniversalItemKeyPressed')
while UniversalItemkeyLuaThreadLoop do
sleep(100)
if addr then
if ( isKeyPressed( readInteger('bUniversalItemKeyID') ) ) then
writeBytes(addr, 1)
else
writeBytes(addr, 0)
end
else
addr = getAddressSafe('bUniversalItemKeyPressed')
end
end
thread.terminate()
-- while UniversalItemkeyLuaThreadLoop do
-- if ( isKeyPressed(VK_CAPITAL) ) then
-- writeBytes("bUniversalItemKeyPressed" ,1)
-- else
-- writeBytes("bUniversalItemKeyPressed" ,0)
-- end
-- end
-- thread.terminate()
end
----------------------------------
if syntaxcheck then return end
UniversalItemkeyLuaThreadLoop = true
createThread(universalitemkeyLuaThread)
{$asm}
///*****************************************///
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
{$lua}
if syntaxcheck then return end
UniversalItemkeyLuaThreadLoop = false
{$asm}
///*****************************************///
dealloc(newmem)
itemIDChkOnWObjectInteractViaInvClickAOB+4: //"re2.exe"+E9A08EF:
readmem(originalcode_itemIDChkOnWObjectInteractViaInvClickAOB,5)
//db 39 50 10 74 33
//Alt: cmp [rax+10],edx
//Alt: je re2.exe+E9A0927
unregistersymbol(originalcode_itemIDChkOnWObjectInteractViaInvClickAOB)
unregistersymbol(bUniversalItemKeyID)
unregistersymbol(bUniversalItemKeyPressed)
///*****************************************///
dealloc(newmem2)
itemIDChkOnWObjectInteractViaInvUseAOB+12: //"re2.exe"+E9A0D77:
readmem(originalcode2_itemIDChkOnWObjectInteractViaInvUseAOB,5)
//db 39 48 10 74 35
//Alt: cmp [rax+10],ecx
//Alt: je re2.exe+E9A0DB1
unregistersymbol(originalcode2_itemIDChkOnWObjectInteractViaInvUseAOB)
///*****************************************///
13019
"key"
10:SHIFT key
11:CTRL key
12:ALT key
14:CAPS LOCK key
04:Middle Mouse Button
05:X1 Mouse Button
06:X2 Moust Button
1
008000
Byte
bUniversalItemKeyID
13020
""
008000
Byte
+4
13021
""
008000
Float
+4
13005
"slow walk key .2"
FF0000
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
//move float read, 0<>1, r8==b
define(walkkeyiddefault,14)
aobscanmodule(someFloatRead1AOB,re2.exe,E8 ** ** ** ** 48 ** ** ** 5B C3 0F 57 C0 48 ** ** ** 5B C3 F3 ** ** ** ** 48 ** ** ** 5B C3)
registersymbol(someFloatRead1AOB)
label(bWalkKeyID)
registersymbol(bWalkKeyID)
label(bWalkKeyPressed)
registersymbol(bWalkKeyPressed)
alloc(newmem,2048,someFloatRead1AOB+14) //"re2.exe"+F58320D)
label(returnhere)
label(originalcode_someFloatRead1AOB)
registersymbol(originalcode_someFloatRead1AOB)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
cmp r8,b
jne @f
mov rbx,bWalkKeyPressed
cmp byte ptr [rbx],1
jne @f
mov rbx,dCustMoveSpeed
movss xmm0,[rbx]
jmp exit
originalcode_someFloatRead1AOB:
readmem(someFloatRead1AOB+14,5)
//movss xmm0,[rcx+10]
exit:
jmp returnhere
///
bWalkKeyID:
dd walkkeyiddefault
bWalkKeyPressed:
dd 0
dCustMoveSpeed:
dd (float)0.75
///
someFloatRead1AOB+14: //"re2.exe"+F58320D:
jmp newmem
returnhere:
///*****************************************///
//modified from TheyCallMeTim13's lua keylistener script
//http://fearlessrevolution.com/viewtopic.php?f=4&t=6041&start=60#p62657
{$lua}
local function walkkeyLuaThread(thread2)
local addr2 = getAddressSafe('bWalkKeyPressed')
while RunWalkkeyLuaThreadLoop do
sleep(100)
if addr2 then
if ( isKeyPressed( readInteger('bWalkKeyID') ) ) then
writeBytes(addr2, 1)
else
writeBytes(addr2, 0)
end
else
addr2 = getAddressSafe('bWalkKeyPressed')
end
end
thread2.terminate()
-- while RunWalkkeyLuaThreadLoop do
-- if ( isKeyPressed(VK_CAPITAL) ) then
-- writeBytes("bWalkKeyPressed" ,1)
-- else
-- writeBytes("bWalkKeyPressed" ,0)
-- end
-- end
-- thread2.terminate()
end
----------------------------------
if syntaxcheck then return end
RunWalkkeyLuaThreadLoop = true
createThread(walkkeyLuaThread)
{$asm}
///*****************************************///
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
{$lua}
if syntaxcheck then return end
RunWalkkeyLuaThreadLoop = false
{$asm}
///*****************************************///
dealloc(newmem)
someFloatRead1AOB+14: //"re2.exe"+F58320D:
readmem(originalcode_someFloatRead1AOB,5)
//db F3 0F 10 41 10
//Alt: movss xmm0,[rcx+10]
unregistersymbol(originalcode_someFloatRead1AOB)
13006
"key"
10:SHIFT key
11:CTRL key
12:ALT key
14:CAPS LOCK key
04:Middle Mouse Button
05:X1 Mouse Button
06:X2 Moust Button
1
008000
Byte
bWalkKeyID
13007
""
008000
Byte
+4
13008
""
008000
Float
+4
13037
"slow motion .3"
FF0000
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(slowmokeys,1024,re2.exe)
label(dSlowMoKey1)
registersymbol(dSlowMoKey1)
label(dSlowMoKey2)
registersymbol(dSlowMoKey2)
label(dCustSpeedhackSpeed)
registersymbol(dCustSpeedhackSpeed)
///
slowmokeys:
dSlowMoKey1:
dd 05
dSlowMoKey2:
dd 02
dCustSpeedhackSpeed:
dd (float)0.15
///
{$lua}
lastSpeed=speedhack_getSpeed();
bSpeedKeyReleased=1;
local function slowmokeyLuaThread(thread3)
local addr = getAddressSafe('dCustSpeedhackSpeed')
-- local addrga = readPointer(getAddress('pSomeGameStatus'))
while SlowMokeyLuaThreadLoop do
sleep(100)
addrga = readPointer(getAddress('pSomeGameStatus'))
-- addrga = getAddress('pSomeGameStatus')
if (addr and (addrga ~= 0))then
if ( (isKeyPressed(readInteger('dSlowMoKey1'))) and (isKeyPressed(readInteger('dSlowMoKey2'))) and not( readBytes(addrga+0x51)==1 or readBytes(addrga+0x53)==1) ) then
if bSpeedKeyReleased == 1 then
if speedhack_getSpeed() ~= readFloat("dCustSpeedhackSpeed") then
-- print("pressing: ", lastSpeed)
lastSpeed=speedhack_getSpeed()
speedhack_setSpeed(readFloat("dCustSpeedhackSpeed"))
bSpeedKeyReleased=0
end
end
else
if bSpeedKeyReleased == 0 then
bSpeedKeyReleased=1
-- print(lastSpeed)
if speedhack_getSpeed() ~= lastSpeed then
speedhack_setSpeed(lastSpeed)
end
end
end
else
addr = getAddressSafe('dCustSpeedhackSpeed')
-- addrga = readPointer(getAddress('pSomeGameStatus'))
end
end
thread3.terminate()
end
----------------------------------
if syntaxcheck then return end
SlowMokeyLuaThreadLoop = true
createThread(slowmokeyLuaThread)
{$asm}
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
{$lua}
if syntaxcheck then return end
SlowMokeyLuaThreadLoop = false
{$asm}
///*****************************************///
dealloc(newmem)
unregistersymbol(dSlowMoKey1)
unregistersymbol(dSlowMoKey2)
unregistersymbol(dCustSpeedhackSpeed)
13038
"key 1"
10:SHIFT key
11:CTRL key
12:ALT key
14:CAPS LOCK key
02:Right Mouse Button
04:Middle Mouse Button
05:X1 Mouse Button
06:X2 Moust Button
1
008000
Byte
dSlowMoKey1
13039
"key 2"
10:SHIFT key
11:CTRL key
12:ALT key
14:CAPS LOCK key
02:Right Mouse Button
04:Middle Mouse Button
05:X1 Mouse Button
06:X2 Moust Button
1
008000
Byte
dSlowMoKey2
13040
"slow motion speed"
008000
Float
dCustSpeedhackSpeed
13179
"game play time mod .2"
FF0000
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
define(qmaxgameplaytime_default,#7123) //1:58:43
//aobscanmodule(totalGameTimeWriteAOB,re2.exe,E8 ** ** ** ** EB 08 48 ** ** ** 48 ** ** ** 48 ** ** ** 4C ** ** ** 0F 85 ** ** ** ** 44 ** ** ** 0F 85)
//registersymbol(totalGameTimeWriteAOB)
label(pGameTime)
registersymbol(pGameTime)
label(qMaxGamePlayTime)
registersymbol(qMaxGamePlayTime)
alloc(newmem,2048,totalGameTimeWriteAOB+7) //"re2.exe"+AD9D8F5)
label(returnhere)
label(originalcode_totalGameTimeWriteAOB)
registersymbol(originalcode_totalGameTimeWriteAOB)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
push rbx
mov rbx,pGameTime
mov [rbx],rcx
mov rbx,qMaxGamePlayTime
mov rbx,[rbx]
imul rbx,rbx,#1000000
lea rax,[rdx+rbp]
sub rax,[rcx+20]
sub rax,[rcx+30]
cmp rax,rbx
jbe @f
mov rax,rbx
add rax,[rcx+20]
add rax,[rcx+30]
sub rax,#4000000
mov rdx,rax
xor rbp,ebp
end:
pop rbx
originalcode_totalGameTimeWriteAOB:
readmem(totalGameTimeWriteAOB+7,8)
//lea rax,[rdx+rbp]
//mov [rcx+18],rax
exit:
jmp returnhere
///
pGameTime:
dq 0
qMaxGamePlayTime:
dq qmaxgameplaytime_default
///
totalGameTimeWriteAOB+7: //"re2.exe"+AD9D8F5:
jmp newmem
nop
nop
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
totalGameTimeWriteAOB+7: //"re2.exe"+AD9D8F5:
readmem(originalcode_totalGameTimeWriteAOB,8)
//db 48 8D 04 2A 48 89 41 18
//Alt: lea rax,[rdx+rbp]
//Alt: mov [rcx+18],rax
unregistersymbol(originalcode_totalGameTimeWriteAOB)
unregistersymbol(pGameTime)
unregistersymbol(qMaxGamePlayTime)
13180
"stop at:"
1
808080
Array of byte
0
qMaxGamePlayTime
13181
"hour"
008000
Custom
RE2_Hrs
+0
13182
"minute"
008000
Custom
RE2_Mins
+0
13183
"second"
008000
Custom
RE2_Secs
+0
13184
"total in secs"
008000
4 Bytes
+0
13185
""
1
13186
"total"
0000FF
8 Bytes
pGameTime
18
13187
"cut-scene"
0000FF
8 Bytes
+8
13188
"pause"
0000FF
8 Bytes
+10
13025
"highlighted item"
FF0000
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscanmodule(itemIDReadOnHighlightedInInvAOB,re2.exe,4C ** ** ** 45 ** ** 4D ** ** 74 ** 45 ** ** ** 75)
registersymbol(itemIDReadOnHighlightedInInvAOB)
label(bSpecialChangeAa)
registersymbol(bSpecialChangeAa)
label(bSpecialChangeAb)
registersymbol(bSpecialChangeAb)
label(bSpecialChangeB)
registersymbol(bSpecialChangeB)
label(bSpecialChangeC)
registersymbol(bSpecialChangeC)
label(bSpecialChangeD)
registersymbol(bSpecialChangeD)
label(pHighlightedItem)
registersymbol(pHighlightedItem)
alloc(newmem,2048,itemIDReadOnHighlightedInInvAOB+c) //"re2.exe"+9868BBC)
label(returnhere)
label(originalcode_itemIDReadOnHighlightedInInvAOB)
registersymbol(originalcode_itemIDReadOnHighlightedInInvAOB)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
mov rax,pHighlightedItem
mov [rax],r8
mov rax,bSpecialChangeAa
ncaa:
cmp byte ptr [rax],1
jne @f
cmp dword ptr [r8+10],f
jne @f
mov dword ptr [r8+10],1a
ncab:
mov rax,bSpecialChangeAb
cmp byte ptr [rax],1
jne @f
cmp dword ptr [r8+10],1a
jne @f
mov dword ptr [r8+10],f
ncb:
cmp byte ptr [rax+4],1
jne ncc
cmp dword ptr [r8+10],16
je @f
cmp dword ptr [r8+10],17
je @f
cmp dword ptr [r8+10],18
je @f
jmp ncc
@@:
mov dword ptr [r8+10],1b
ncc:
cmp byte ptr [rax+8],1
jne @f
cmp dword ptr [r8+10],20
jne @f
mov dword ptr [r8+10],1a
fild dword ptr [r8+20]
fimul dword ptr [rax+c]
fistp dword ptr [r8+20]
ncd:
mov rax,bSpecialChangeD
cmp byte ptr [rax],1
jne @f
cmp dword ptr [r8+10],12
jne @f
mov dword ptr [r8+10],f
@@:
readmem(itemIDReadOnHighlightedInInvAOB+c,4)
reassemble(itemIDReadOnHighlightedInInvAOB+10)
jmp exit
originalcode_itemIDReadOnHighlightedInInvAOB:
readmem(itemIDReadOnHighlightedInInvAOB+c,6)
//cmp [r8+10],r9d
//jne re2.exe+9868BDE
exit:
jmp returnhere
///
bSpecialChangeAa: //Handgun Ammo > Large-caliber Handgun Ammo
dd 0
bSpecialChangeAb: //Large-caliber Handgun Ammo > Handgun Ammo
dd 0
bSpecialChangeB: //Rounds+Needles > High-Powered Rounds (SLS 60)
dd 0
bSpecialChangeC: //Ribbon > 20 Large-caliber Handgun Ammo
dd 0
dd #10
bSpecialChangeD: //MAG Ammo > Handgun Ammo
dd 0
pHighlightedItem:
///
itemIDReadOnHighlightedInInvAOB+c: //"re2.exe"+9868BBC:
jmp newmem
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
itemIDReadOnHighlightedInInvAOB+c: //"re2.exe"+9868BBC:
readmem(originalcode_itemIDReadOnHighlightedInInvAOB,6)
//db 45 39 48 10 75 1C
//Alt: cmp [r8+10],r9d
//Alt: jne re2.exe+9868BDE
unregistersymbol(originalcode_itemIDReadOnHighlightedInInvAOB)
unregistersymbol(bSpecialChangeAa)
unregistersymbol(bSpecialChangeAb)
unregistersymbol(bSpecialChangeB)
unregistersymbol(bSpecialChangeC)
unregistersymbol(bSpecialChangeD)
unregistersymbol(pHighlightedItem)
13026
""
FFFFFF
Array of byte
0
pHighlightedItem
0
13130
"item id"
00000000:is weapon
00000001:First Aid Spray
00000002:Green Herb
00000003:Red Herb
00000004:Blue Herb
00000005:Mixed Herb (G+G)
00000006:Mixed Herb (G+R)
00000007:Mixed Herb (G+B)
00000008:Mixed Herb (G+G+B)
00000009:Mixed Herb (G+G+G)
0000000A:Mixed Herb (G+R+B)
0000000B:Mixed Herb (R+B)
0000000C:Green Herb
0000000D:Red Herb
0000000E:Blue Herb
0000000F:Handgun Ammo
00000010:Shotgun Shells
00000011:Submachine Gun Ammo
00000012:MAG Ammo
00000016:Acid Rounds
00000017:Flame Rounds
00000018:Needle Cartridges
00000019:Fuel
0000001A:Large-caliber Handgun Ammo
0000001B:High-Powered Rounds (SLS 60)
0000001F:Detonator
00000020:Ink Ribbon
00000021:Wooden Board
00000022:Electronic Gadget
00000023:Battery (9-volt)
00000024:Gunpowder
00000025:Gunpowder (Large)
00000026:High-Grade Gunpowder (Yellow)
00000027:High-Grade Gunpowder (White)
00000030:High-Capacity Mag. (Matilda)
00000031:Muzzle Brake (Matilda)
00000032:Gun Stock(Matilda)
00000033:Speed Loader (SLS 60)
00000034:Laser Sight (JMB Hp3)
00000035:Reinforced Frame (SLS 60)
00000036:High-Capacity Mag. (JMB Hp3)
00000037:Shotgun Stock (W-870)
00000038:Long Barrel (W-870)
0000003A:High-Capacity Mag. (MQ 11)
0000003C:Suppressor (MQ 11)
0000003D:Red Dot Sight (Lightning Hawk)
0000003E:Long Barrel (Lightning Hawk)
00000040:Shoulder Stock (GM 79)
00000041:Regulator (Flamethrower)
00000042:High Voltage Condenser (Spark Shot)
00000048:Film "Hiding Place"
00000049:Film "Rising Rookie"
0000004A:Film "Commemorative"
0000004B:Film "3F Locker"
0000004C:Film "Lion Statue"
0000004D:Storage Room Key
0000004F:Mechanic Jack Handle
00000050:Square Crank
00000051:Unicorn Medallion
00000052:Spade Key
00000053:Parking Garage Key Card
00000054:Weapons Locker Key Card
00000056:Valve Handle
00000057:S.T.A.R.S. Badge
00000058:Scepter
0000005A:Red Jewel
0000005B:Bejeweled Box
0000005D:Bishop Plug
0000005E:Rook Plug
0000005F:King Plug
00000062:Picture Block
00000066:USB Dongle Key
00000070:Spare Key (key pad)
00000072:Red Book (Art Object)
00000073:Statue's Left Arm
00000074:Left Arm with Book
00000076:Lion Medallion
00000077:Diamond Key
00000078:Car Key
0000007C:Maiden Medallion
0000007E:Power Panel Part
0000007F:Power Panel Part
00000080:Lovers Relief
00000081:Small Gear
00000082:Large Gear
00000083:Courtyard Key
00000084:Knight Plug
00000085:Pawn Plug
00000086:Queen Plug
00000087:Boxed Electronic Part
00000088:Boxed Electronic Part
0000009F:Orphanage Key
000000A0:Club Key
000000A9:Heart Key
000000AA:U.S.S. Digital Video Cassette
000000B0:T-Bar Valve Handle
000000B3:Dispersal Cartridge (Empty)
000000B4:Dispersal Cartridge (Solution)
000000B5:Dispersal Cartridge (Herbicide)
000000B7:Joint Plug
000000BA:Upgrade Chip (Admin)
000000BB:ID Wristband (Admin)
000000BC:Electronic Chip
000000BD:Signal Modulator
000000BE:Trophy
000000BF:Trophy
000000C2:Sewers Key
000000C3:ID Wristband (Visitor)
000000C4:ID Wristband (General Staff)
000000C5:ID Wristband (Senior Staff)
000000C6:Upgrade Chip (General Staff)
000000C7:Upgrade Chip (Senior Staff)
000000C8:ID Wristband (Visitor)
000000C9:ID Wristband (General Staff)
000000CA:ID Wristband (Senior Staff)
000000CB:Lab Digital Video Cassette
000000E6:Briefcase
000000F0:Fuse (Main Hall)
000000F1:Fuse (Break Room Hallway)
000000F3:Scissors
000000F4:Bolt Cutter
000000F5:Stuffed Doll
00000106:Hip Pouch
0000011e:Old Key (Ghost Survivour)
00000123:Portable Safe
00000125:Tin Storage Box
00000126:Wooden Box
00000127:Wooden Box
00000128:Tin Storage Box
1
0000FF
4 Bytes
+10
13131
"weapon id"
FFFFFFFF:not weapon
00000001:Handgun - Matilda
00000002:Handgun - M19
00000003:Handgun - JMB Hp3
00000004:Handgun - Quickdraw Army Revolver
00000007:Handgun - MUP
00000008:Handgun - Broom Hc
00000009:Handgun - SLS 60
0000000B:Shotgun - W-870
00000015:Sub Gun - MQ 11
00000017:Sub Gun - LE 5 (Infinite)
0000001F:MAG - Lightning Hawk
00000029:EMF Visualizer
0000002A:Grenade Launcher - GM 79
0000002B:Chemical Flamethrower
0000002C:Stun Gun - Spark Shot
0000002D:ATM-4
0000002E:Combat Knife
0000002F:Combat knife (Infinite)
00000031:Anti-tank Rocket
00000032:Minigun
00000041:Hand Grenade
00000042:Flash Grenade
00000052:Handgun - Samurai Edge (Infinite)
00000053:Handgun - Samurai Edge (Chris Model)
00000054:Handgun - Samurai Edge (Jill Model)
00000055:Handgun - Samurai Edge (Albert Model)
000000DE:ATM-4 (Infinite)
000000F2:Anti-tank Rocket (Infinite)
000000FC:Minigun (Infinite)
1
0000FF
4 Bytes
+14
13074
"upgrade"
00000000:Nothing
00000001:Upgrade 1
00000002:Upgrade 2
00000003:Upgrade 1 + 2
1
0000FF
4 Bytes
+18
13143
"1"
0000FF
Binary
0
1
0
+0
13144
"2"
0000FF
Binary
1
1
0
+0
13145
"3"
0000FF
Binary
2
1
0
+0
13146
"4"
0000FF
Binary
3
1
0
+0
13147
"5"
0000FF
Binary
4
1
0
+0
13150
"6"
0000FF
Binary
5
1
0
+0
13149
"7"
0000FF
Binary
6
1
0
+0
13148
"8"
0000FF
Binary
7
1
0
+0
13132
"ammo type"
00000000:N/A
0000000F:Handgun Ammo
00000010:Shotgun Shells
00000011:Submachine Gun Ammo
00000012:MAG Ammo
00000016:Acid Rounds
00000017:Flame Rounds
00000018:Needle Cartridges
00000019:Fuel
0000001A:Large-caliber Handgun Ammo
0000001B:High-Powered Rounds (SLS 60)
0000001C:Rocket
0000001d:Minigun Ammo
1
0000FF
4 Bytes
+1C
13133
"quantity / durabiliy"
0000FF
4 Bytes
+20
13168
"DO NOT ACTIVATE"
FFFFFF
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
bSpecialChangeAa:
db 1
//bSpecialChangeC:
//db 1
//bSpecialChangeD:
//db 1
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
bSpecialChangeAa:
db 0
//bSpecialChangeC:
//db 0
//bSpecialChangeD:
//db 0
13189
"DO NOT ACTIVATE"
FFFFFF
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
bSpecialChangeAb:
db 1
//bSpecialChangeB:
//db 1
//bSpecialChangeC:
//db 1
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
bSpecialChangeAb:
db 0
//bSpecialChangeB:
//db 0
//bSpecialChangeC:
//db 0
13974
"DO NOT ACTIVATE"
FFFFFF
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
{alloc(newmem,2048,"re2.exe"+9B4E3B5)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
cmp dword ptr [rcx+10],1b //SLS 60 hp rounds
jne @f
mov eax,6
mov [rcx+20],eax
jmp fakeoriginalcode
@@:
fakeoriginalcode:
mov eax,[rcx+20]
jmp re2.exe+9B4E3BC
originalcode:
mov eax,[rcx+20]
jmp re2.exe+9B4E3BC
exit:
jmp returnhere
///
"re2.exe"+9B4E3B5:
jmp newmem
returnhere:}
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
{dealloc(newmem)
"re2.exe"+9B4E3B5:
db 8B 41 20 EB 02
//Alt: mov eax,[rcx+20]
//Alt: jmp re2.exe+9B4E3BC}
13409
"hide weapon upgrade appearance"
FF0000
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscanmodule(weaponUpgradeFlagsReadForAppearanceAOB,re2.exe,48 ** ** ** ** 00 00 45 ** ** 8B ** ** ** 00 00 48 ** ** 74)
registersymbol(weaponUpgradeFlagsReadForAppearanceAOB)
label(bW870UAppearance)
registersymbol(bW870UAppearance)
label(bMaltildaUAppearance)
registersymbol(bMaltildaUAppearance)
label(bSLS60UAppearance)
registersymbol(bSLS60UAppearance)
label(bJMBHp3UAppearance)
registersymbol(bJMBHp3UAppearance)
label(bFSJMBHp3App)
registersymbol(bFSJMBHp3App)
alloc(newmem,2048,weaponUpgradeFlagsReadForAppearanceAOB+a) //"re2.exe"+C795D26)
label(returnhere)
label(originalcode_weaponUpgradeFlagsReadForAppearanceAOB)
registersymbol(originalcode_weaponUpgradeFlagsReadForAppearanceAOB)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
readmem(weaponUpgradeFlagsReadForAppearanceAOB+a,6)
//mov ebp,[rdi+13c]
db 48 8D 87
readmem(weaponUpgradeFlagsReadForAppearanceAOB+c,4)
//lea rax,[rdi+13c]
cmp word ptr [rax-4],b //W-870
jne @f
mov rax,bW870UAppearance
mov al,[rax]
movzx eax,al
not eax
and ebp,eax
jmp end
@@:
cmp word ptr [rax-4],1 //Maltilda
jne @f
mov rax,bMaltildaUAppearance
mov al,[rax]
movzx eax,al
not eax
and ebp,eax
jmp end
@@:
cmp word ptr [rax-4],9 //SLS 60
jne @f
mov rax,bSLS60UAppearance
mov al,[rax]
movzx eax,al
not eax
and ebp,eax
jmp end
@@:
cmp word ptr [rax-4],3 //JMB Hp3
jne @f
mov rax,bJMBHp3UAppearance
mov al,[rax]
movzx eax,al
not eax
and ebp,eax
mov rax,bFSJMBHp3App
or bpl,[rax]
jmp end
end:
jmp exit
originalcode_weaponUpgradeFlagsReadForAppearanceAOB:
readmem(weaponUpgradeFlagsReadForAppearanceAOB+a,6)
//mov ebp,[rdi+0000013C]
exit:
jmp returnhere
///
bW870UAppearance:
db 0
bMaltildaUAppearance:
db 0
bSLS60UAppearance:
db 0
bJMBHp3UAppearance:
db 0
bFSJMBHp3App:
db 0
///
weaponUpgradeFlagsReadForAppearanceAOB+a: //"re2.exe"+C795D26:
jmp newmem
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
weaponUpgradeFlagsReadForAppearanceAOB+a: //"re2.exe"+C795D26:
readmem(originalcode_weaponUpgradeFlagsReadForAppearanceAOB,6)
//db 8B AF 3C 01 00 00
//Alt: mov ebp,[rdi+0000013C]
unregistersymbol(originalcode_weaponUpgradeFlagsReadForAppearanceAOB)
unregistersymbol(bW870UAppearance)
unregistersymbol(bMaltildaUAppearance)
unregistersymbol(bSLS60UAppearance)
unregistersymbol(bJMBHp3UAppearance)
unregistersymbol(bFSJMBHp3App)
13410
"[Maltilda]"
000080
Array of byte
0
bMaltildaUAppearance
13411
"Gun Stock"
0:as is
1:hide
008000
Binary
0
1
0
+0
13412
"Muzzle Brake"
0:as is
1:hide
008000
Binary
1
1
0
+0
13975
"High-Capacity Mag."
0:as is
1:hide
008000
Binary
2
1
0
+0
14234
"[JMB Hp3]"
000080
Array of byte
0
bJMBHp3UAppearance
14236
"High-Capacity Mag."
0:as is
1:hide
008000
Binary
1
1
0
+0
14237
"Laser Pointer"
0:as is
1:hide
008000
Binary
2
1
0
+0
13413
"[SLS 60]"
000080
Array of byte
0
bSLS60UAppearance
13414
"Reinforced Frame"
0:as is
1:hide
008000
Binary
3
1
0
+0
13415
"[W-870]"
000080
Array of byte
0
bW870UAppearance
13416
"Long Barrel"
0:as is
1:hide
008000
Binary
0
1
0
+0
13417
"Shotgun Stock"
0:as is
1:hide
008000
Binary
1
1
0
+0
13418
"DO NOT ACTIVATE"
FFFFFF
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
bW870UAppearance:
db 1
bMaltildaUAppearance:
db 6
//bSLS60UAppearance:
//db 4
bJMBHp3UAppearance:
db 2
bFSJMBHp3App:
db 4
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
bW870UAppearance:
db 0
bMaltildaUAppearance:
db 0
//bSLS60UAppearance:
//db 0
bJMBHp3UAppearance:
db 0
bFSJMBHp3App:
db 0
13488
"wet!"
FF0000
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
define(dcuswetamount,(float)0.5)
aobscanmodule(wetFlagReadAOB,re2.exe,48 ** ** 0F 85 ** ** ** ** 8B ** ** ** 00 00 FF ** 83 ** 02)
registersymbol(wetFlagReadAOB)
label(dCusWetAmount)
registersymbol(dCusWetAmount)
label(pSomeFxInfo)
registersymbol(pSomeFxInfo)
alloc(newmem,2048,wetFlagReadAOB+9) //"re2.exe"+AA843B6)
label(returnhere)
label(originalcode_wetFlagReadAOB)
registersymbol(originalcode_wetFlagReadAOB)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
push rbx
mov rbx,pSomeFxInfo
mov [rbx],rdi
readmem(wetFlagReadAOB+9,6)
//mov eax,[rdi+98]
or eax,1
mov rbx,dCusWetAmount
movss xmm6,[rbx]
maxss xmm6,[rdi+60]
movss [rdi+60],xmm6
pop rbx
jmp exit
originalcode_wetFlagReadAOB:
readmem(wetFlagReadAOB+9,6)
//mov eax,[rdi+00000098]
exit:
jmp returnhere
///
dCusWetAmount:
dd dcuswetamount
pSomeFxInfo:
dq 0
///
wetFlagReadAOB+9: //"re2.exe"+AA843B6:
jmp newmem
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
wetFlagReadAOB+9: //"re2.exe"+AA843B6:
readmem(originalcode_wetFlagReadAOB,6)
//db 8B 87 98 00 00 00
//Alt: mov eax,[rdi+00000098]
unregistersymbol(originalcode_wetFlagReadAOB)
unregistersymbol(dCusWetAmount)
unregistersymbol(pSomeFxInfo)
13489
"amount"
008000
Float
dCusWetAmount
13573
""
FFFFFF
Array of byte
0
pSomeFxInfo
0
13574
"wet flag"
0000FF
4 Bytes
+98
13575
"wet amount"
0000FF
Float
+60
13551
"follow cam mod .5"
FF0000
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscanmodule(folllowCamOffsets2WriteAOB,re2.exe,75 14 45 31 C0 48 ** ** 41 ** ** ** E8 ** ** ** ** E9 ** ** ** ** F3 ** ** ** ** F3 ** ** ** ** F3 ** ** ** ** C6 ** ** 01 48 ** ** ** 48)
registersymbol(folllowCamOffsets2WriteAOB)
label(pFCamOffsets)
registersymbol(pFCamOffsets)
alloc(newmem,2048,folllowCamOffsets2WriteAOB+16) //"re2.exe"+C08E64B)
label(returnhere)
label(originalcode_folllowCamOffsets2WriteAOB)
registersymbol(originalcode_folllowCamOffsets2WriteAOB)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
mov rax,pFCamOffsets
mov [rax],rbx
originalcode_folllowCamOffsets2WriteAOB:
readmem(folllowCamOffsets2WriteAOB+16,5)
//movss [rbx+50],xmm0
exit:
jmp returnhere
///
pFCamOffsets:
///
folllowCamOffsets2WriteAOB+16: //"re2.exe"+C08E64B:
jmp newmem
returnhere:
///*****************************************///
aobscanmodule(folllowCamOffsetZ1WriteAOB,re2.exe,F3 ** ** ** ** 0F ** ** ** 0F ** ** ** F3 ** ** ** ** F3 ** ** ** ** 48 ** ** ** E9)
registersymbol(folllowCamOffsetZ1WriteAOB)
label(bAimKey)
registersymbol(bAimKey)
label(bAimKeyPressed)
registersymbol(bAimKeyPressed)
alloc(newmem2,2048,folllowCamOffsetZ1WriteAOB+12) //"re2.exe"+BB83445)
label(returnhere2)
label(originalcode2_folllowCamOffsetZ1WriteAOB)
registersymbol(originalcode2_folllowCamOffsetZ1WriteAOB)
label(exit2)
newmem2: //this is allocated memory, you have read,write,execute access
//place your code here
push rcx
mov rax,pFCamOffsets
cmp [rax],rbx
jne end
mov rcx,dCusFCamZOffset
xorps xmm0,xmm0
comiss xmm0,[rcx+8]
movss xmm0,[rcx+8]
jbe @f
mulss xmm0,[rcx+14]
@@:
divss xmm0,[rcx+10]
movss [rcx+c],xmm0
movss xmm0,[rcx+8]
mov rcx,pReadiedWeapon
mov rcx,[rcx]
test rcx,rcx
jz cfczoc
cmp dword ptr [rcx],0
je @f
cmp dword ptr [rcx],2e
je @f
cmp dword ptr [rcx],2f
je @f
//xorps xmm0,xmm0
mov rcx,dCusFCamZOffset
movss xmm0,[rcx+1c]
@@:
mov rcx,dCusFCamZOffset
movss [rcx+4],xmm0
cfczoc:
mov rcx,dCusFCamZOffset
movss xmm0,[rcx]
comiss xmm0,[rcx+4]
ja deccfczo
jb inccfczo
je assigncfczo
inccfczo:
addss xmm0,[rcx+c]
minss xmm0,[rcx+4]
jmp assigncfczo
deccfczo:
subss xmm0,[rcx+c]
maxss xmm0,[rcx+4]
jmp assigncfczo
assigncfczo:
movss [rcx],xmm0
db F3 0F 58 43
readmem(folllowCamOffsets2WriteAOB+1f,1)
//addss xmm0,[rbx+54]
end:
pop rcx
originalcode2_folllowCamOffsetZ1WriteAOB:
readmem(folllowCamOffsetZ1WriteAOB+12,5)
//movss [rdx+14],xmm0
exit2:
jmp returnhere2
///
bAimKey:
dd 02
bAimKeyPressed:
dd 0
///
folllowCamOffsetZ1WriteAOB+12: //"re2.exe"+BB83445:
jmp newmem2
returnhere2:
///*****************************************///
dCusFCamZOffset:
dd 0
dCusFCamZOffset+8:
dd (float)-0.14
dCusFCamZOffset+1c:
dd (float)0
///*****************************************///
aobscanmodule(followCamYOffsetWriteAOB,re2.exe,C6 43 ** 01 66 ** ** ** F3 0F 11 ** ** 48 ** ** ** 48 ** ** ** 00 0F 85 ** ** ** ** 4C)
registersymbol(followCamYOffsetWriteAOB)
label(dCustomZoom)
registersymbol(dCustomZoom)
label(pCha)
registersymbol(pCha)
alloc(newmem3,2048,followCamYOffsetWriteAOB+8) //"re2.exe"+B468D2B)
label(returnhere3)
label(originalcode3_followCamYOffsetWriteAOB)
registersymbol(originalcode3_followCamYOffsetWriteAOB)
label(exit3)
newmem3: //this is allocated memory, you have read,write,execute access
//place your code here
mov rax,pCha
mov [rax],rbx
//mov rax,dCustomZoom
//cmp dword ptr [rax],(float)-1
//je @f
//movss xmm0,[rax]
//@@:
mov rax,pReadiedWeapon
mov rax,[rax]
test rax,rax
jz end3
cmp dword ptr [rax],0
je @f
cmp dword ptr [rax],2e
je @f
cmp dword ptr [rax],2f
je @f
mov rax,dCustomZoom
addss xmm0,[rax+4]
jmp end3
@@:
mov rax,dCustomZoom
addss xmm0,[rax]
end3:
originalcode3_followCamYOffsetWriteAOB:
readmem(followCamYOffsetWriteAOB+8,5)
//movss [rbx+34],xmm0
exit3:
jmp returnhere3
///
dCustomZoom:
dd (float)0.18
dd 0 // (float)-0.4 //aim
pCha:
///
followCamYOffsetWriteAOB+8: //"re2.exe"+B468D2B:
jmp newmem3
returnhere3:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
folllowCamOffsets2WriteAOB+16: //"re2.exe"+C08E64B:
readmem(originalcode_folllowCamOffsets2WriteAOB,5)
//db F3 0F 11 43 50
//Alt: movss [rbx+50],xmm0
unregistersymbol(originalcode_folllowCamOffsets2WriteAOB)
unregistersymbol(pFCamOffsets)
///*****************************************///
dealloc(newmem2)
folllowCamOffsetZ1WriteAOB+12: //"re2.exe"+BB83445:
readmem(originalcode2_folllowCamOffsetZ1WriteAOB,5)
//db F3 0F 11 42 14
//Alt: movss [rdx+14],xmm0
unregistersymbol(originalcode2_folllowCamOffsetZ1WriteAOB)
unregistersymbol(bAimKey)
unregistersymbol(bAimKeyPressed)
///*****************************************///
dealloc(newmem3)
followCamYOffsetWriteAOB+8: //"re2.exe"+B468D2B:
readmem(originalcode3_followCamYOffsetWriteAOB,5)
//db F3 0F 11 43 34
//Alt: movss [rbx+34],xmm0
unregistersymbol(originalcode3_followCamYOffsetWriteAOB)
unregistersymbol(dCustomZoom)
unregistersymbol(pCha)
///*****************************************///
13562
"custom z"
008000
Float
dCusFCamZOffset+8
14331
"custom aim z"
008000
Float
+14
13966
"custom y"
008000
Float
dCustomZoom
14260
"custom aim y"
008000
Float
+4
13561
""
1
14306
"DO NOT ACTIVATE"
FFFFFF
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
dCusFCamZOffset+8:
dd (float)-0.14 //-0.1
dCusFCamZOffset+1c:
dd (float)0
dCustomZoom:
dd (float)0.24 //0.28
dd 0
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
{dealloc(newmem)
"re2.exe"+9B4E3B5:
db 8B 41 20 EB 02
//Alt: mov eax,[rcx+20]
//Alt: jmp re2.exe+9B4E3BC}
13552
""
Array of byte
0
pFCamOffsets
0
13553
"+50"
Float
+50
13554
"+54"
Float
+54
13555
"+58"
Float
+58
13556
"+0"
Float
dCusFCamZOffset
13557
"+4"
Float
+4
13558
"+8"
Float
+4
13559
"+c"
Float
+4
13560
"+10"
Float
+4
13565
"+14"
Float
+4
13566
"+18"
Float
+4
13967
""
1
Array of byte
0
pCha
0
13968
"+10 zoom"
Float
+10
13969
"+14"
Float
+14
13970
"+34"
Float
+34
13971
"+34 zoom"
Float
+34
13972
"+3c"
Float
+3c
13973
"+40"
Float
+40
14630
"character model mod .10"
FF0000
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscanmodule(charInvReadOnLodAOB,re2.exe,74 ** 48 ** ** 88 00 ** ** 48 ** ** 75 ** 8D ** ** 45 ** ** 48 ** ** E8 ** ** ** ** 31 C0 48 ** ** ** ** 48 ** ** ** 5F C3 8B ** ** 48 ** ** ** ** 48 ** ** ** 5F C3)
registersymbol(charInvReadOnLodAOB)
label(bStart)
registersymbol(bStart)
label(pCurrentCharacter)
registersymbol(pCurrentCharacter)
label(dCurrentCharacter)
registersymbol(dCurrentCharacter)
alloc(newmem23,2048,charInvReadOnLodAOB+29) //"re2.exe"+C2EB9E3)
label(returnhere23)
label(originalcode23_charInvReadOnLodAOB)
registersymbol(originalcode23_charInvReadOnLodAOB)
label(exit23)
newmem23: //this is allocated memory, you have read,write,execute access
//place your code here
xor rdi,rdi //
mov rbx,bStart
mov [rbx],rdi
mov rbx,pCurrentCharacter
mov [rbx],rdi
mov rbx,dCurrentCharacter
//mov eax,[rax+54] //
mov [rbx],edi
originalcode23_charInvReadOnLodAOB:
readmem(charInvReadOnLodAOB+29,8)
//mov eax,[rax+54]
//mov rbx,[rsp+30]
exit23:
jmp returnhere23
///
bStart:
dq 0
pCurrentCharacter:
dq 0
dCurrentCharacter:
dd ffffffff
///
charInvReadOnLodAOB+29: //"re2.exe"+C2EB9E3:
jmp newmem23
nop
nop
nop
returnhere23:
///*************************************///
aobscanmodule(charIDReadOnModelLoadAOB,re2.exe,31 C0 48 ** ** ** ** 48 ** ** ** 5F C3 8B ** ** 48 ** ** ** ** 48 ** ** ** 5F C3 8B)
registersymbol(charIDReadOnModelLoadAOB)
//label(pCurrentCharacter)
//registersymbol(pCurrentCharacter)
//label(dCurrentCharacter)
//registersymbol(dCurrentCharacter)
label(pCharacterInfo)
registersymbol(pCharacterInfo)
label(dCustomCharacter)
registersymbol(dCustomCharacter)
alloc(newmem,2048,charIDReadOnModelLoadAOB+d) //"re2.exe"+E4616C3)
label(returnhere)
label(originalcode_charIDReadOnModelLoadAOB)
registersymbol(originalcode_charIDReadOnModelLoadAOB)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
//mov rbx,pCharacterInfo
//mov [rbx],rax
xor rbx,rbx
readmem(charIDReadOnModelLoadAOB+d,1)
db 58
readmem(charIDReadOnModelLoadAOB+f,1)
//mov ebx,[rax+54]
test ebx,ebx
jl @f
cmp ebx,2a
jg @f
mov rdi,dCustomCharacter
mov ebx,[rdi+rbx*4]
test ebx,ebx
cmovge eax,ebx //
jl @f //
readmem(charIDReadOnModelLoadAOB+10,5) //
jmp exit //
{jl @f
db 89 58
readmem(charIDReadOnModelLoadAOB+f,1)
//mov [rax+54],ebx}
originalcode_charIDReadOnModelLoadAOB:
readmem(charIDReadOnModelLoadAOB+d,8)
//mov eax,[rax+54]
//mov rbx,[rsp+30]
exit:
jmp returnhere
///
//pCurrentCharacter:
//dq 0
//dCurrentCharacter:
//dd ffffffff
pCharacterInfo:
dq 0
dCustomCharacter:
dd ffffffff //00 //leon
dd ffffffff //01 //claire
dd ffffffff //02 //ada
dd ffffffff //03 //sherry
dd ffffffff //04 //hunk
dd ffffffff //05 //tofu
dd ffffffff //06 //robert kendo
dd ffffffff //07 //brian irons
dd ffffffff //08 //ben bertolucci
dd ffffffff //09 //annette birkin
dd ffffffff //0a //chris redfield
dd ffffffff //0b //
dd ffffffff //0c //
dd ffffffff //0d //marvin branagh
dd ffffffff //0e //
dd ffffffff //0f //
dd ffffffff //10 //william broken
dd ffffffff //11 //
dd ffffffff //12 //
dd ffffffff //13 //
dd ffffffff //14 //katherine warren
dd ffffffff //15 //
dd ffffffff //16 //
dd ffffffff //17 //
dd ffffffff //18 //
dd ffffffff //19 //
dd ffffffff //1a //
dd ffffffff //1b //rpd pilot
dd ffffffff //1c //
dd ffffffff //1d //truck driver
dd ffffffff //1e //woman that truck driver hits
dd ffffffff //1f //gas station cop
dd ffffffff //20 //gas station zombie
dd ffffffff //21 //emma kendo
dd ffffffff //22 //rpd elliot
dd ffffffff //23 //
dd ffffffff //24 //gas station clerk
dd ffffffff //25 //west hallway officer
dd ffffffff //26 //
dd ffffffff //27 //generic zombie
dd ffffffff //28 //zombie burnt by annette
dd ffffffff //29 //lab guy
dd ffffffff //2a //end game truck driver
///
charIDReadOnModelLoadAOB+d: //"re2.exe"+E4616C3:
jmp newmem
nop
nop
nop
returnhere:
///*************************************///
aobscanmodule(costumeWriteOnLoadOrChangeAOB,re2.exe,74 14 E8 ** ** ** ** 48 ** ** ** 48 ** ** ** 00 0F 85 ** ** ** ** 89 ** ** 48)
registersymbol(costumeWriteOnLoadOrChangeAOB)
label(dCustomCostume)
registersymbol(dCustomCostume)
alloc(newmem2,2048,costumeWriteOnLoadOrChangeAOB+16) //"re2.exe"+E46D663)
label(returnhere2)
label(originalcode2_costumeWriteOnLoadOrChangeAOB)
registersymbol(originalcode2_costumeWriteOnLoadOrChangeAOB)
label(exit2)
newmem2: //this is allocated memory, you have read,write,execute access
//place your code here
test eax,eax
jl end2
cmp eax,2a
//jg @f
jg end2
push rcx
mov rcx,dCustomCostume
mov eax,[rcx+rax*4]
pop rcx
test eax,eax
cmovge ebp,eax
jmp end2
//@@:
//xor ebp,ebp
end2:
originalcode2_costumeWriteOnLoadOrChangeAOB:
readmem(costumeWriteOnLoadOrChangeAOB+16,7)
//mov [rdi+54],ebp
//mov rax,[rbx+50]
exit2:
jmp returnhere2
///
dCustomCostume:
dd ffffffff //00 //leon
dd ffffffff //01 //claire
dd ffffffff //02 //ada
dd ffffffff //03 //sherry
dd ffffffff //04 //hunk
dd ffffffff //05 //tofu
dd ffffffff //06 //robert kendo
dd ffffffff //07 //brian irons
dd ffffffff //08 //ben bertolucci
dd ffffffff //09 //annette birkin
dd ffffffff //0a //chris redfield
dd ffffffff //0b //
dd ffffffff //0c //
dd ffffffff //0d //marvin branagh
dd ffffffff //0e //
dd ffffffff //0f //
dd ffffffff //10 //william broken
dd ffffffff //11 //
dd ffffffff //12 //
dd ffffffff //13 //
dd ffffffff //14 //katherine warren
dd ffffffff //15 //
dd ffffffff //16 //
dd ffffffff //17 //
dd ffffffff //18 //
dd ffffffff //19 //
dd ffffffff //1a //
dd ffffffff //1b //rpd pilot
dd ffffffff //1c //
dd ffffffff //1d //truck driver
dd ffffffff //1e //woman that truck driver hits
dd ffffffff //1f //gas station cop
dd ffffffff //20 //gas station zombie
dd ffffffff //21 //emma kendo
dd ffffffff //22 //rpd elliot
dd ffffffff //23 //
dd ffffffff //24 //gas station clerk
dd ffffffff //25 //west hallway officer
dd ffffffff //26 //
dd ffffffff //27 //generic zombie
dd ffffffff //28 //zombie burnt by annette
dd ffffffff //29 //lab guy
dd ffffffff //2a //end game truck driver
///
costumeWriteOnLoadOrChangeAOB+16: //"re2.exe"+E46D663:
jmp newmem2
nop
nop
returnhere2:
///*************************************///
aobscanmodule(charIDChk1AOB,re2.exe,48 ** ** ** ** ** ** 48 85 C0 0F 84 ** ** ** ** 48 ** ** ** 48 ** ** 0F 84 ** ** ** ** 39 ** ** 0F 85)
registersymbol(charIDChk1AOB)
alloc(newmem4,2048,charIDChk1AOB+1d) //"re2.exe"+D5DDD90)
label(returnhere4)
label(originalcode4_charIDChk1AOB)
registersymbol(originalcode4_charIDChk1AOB)
label(exit4)
newmem4: //this is allocated memory, you have read,write,execute access
//place your code here
//cmp edi,4
//je @f
//push rbx
//mov rbx,pCurrentCharacter
//cmp [rbx],rcx
//pop rbx
//jne @f
cmp rsi,1
jne @f
push rbx
mov rbx,pCurrentCharacter
mov [rbx],rcx
//push rbx
mov rbx,dCurrentCharacter
//mov ebx,[rbx]
//cmp ebx,edi
mov [rbx],edi
pop rbx
//reassemble(charIDChk1AOB+20)
//jmp exit4
@@:
readmem(charIDChk1AOB+1d,3)
reassemble(charIDChk1AOB+20)
jmp exit4
originalcode4_charIDChk1AOB:
readmem(charIDChk1AOB+1d,9)
//cmp [rcx+54],edi
//jne re2.exe+D5DDCA2
exit4:
jmp returnhere4
///
///
charIDChk1AOB+1d: //"re2.exe"+D5DDD90:
jmp newmem4
nop
nop
nop
nop
returnhere4:
///*************************************///
aobscanmodule(charIDReadOnModelLoadForStanceAOB,re2.exe,75 ** 48 ** ** ** 48 ** ** 8B ** ** 48 85 C0 74 ** 8B ** ** E8)
registersymbol(charIDReadOnModelLoadForStanceAOB)
label(dCustomStance)
registersymbol(dCustomStance)
alloc(newmem24,2048,charIDReadOnModelLoadForStanceAOB+11) //"re2.exe"+C23D28A)
label(returnhere24)
label(originalcode24_charIDReadOnModelLoadForStanceAOB)
registersymbol(originalcode24_charIDReadOnModelLoadForStanceAOB)
label(exit24)
newmem24: //this is allocated memory, you have read,write,execute access
//place your code here
//mov rdx,pCharacterInfo
//mov [rdx],rax
mov rdx,pCurrentCharacter
mov [rdx],rax
xor rdx,rdx
readmem(charIDReadOnModelLoadForStanceAOB+11,3)
//mov edx,[rax+54]
mov rax,bStart
//cmp dword ptr [rax+4],0
//je @f
//cmp dword ptr [rax+4],1
//je @f
mov rax,dCurrentCharacter
mov [rax],edx
mov rax,dCustomStance
mov eax,[rax]
test eax,eax
cmovge edx,eax
@@:
mov rax,bStart
inc dword ptr [rax+4]
xor rax,rax
end24:
reassemble(charIDReadOnModelLoadForStanceAOB+14)
//call re2.exe+149C610
jmp exit24
originalcode24_charIDReadOnModelLoadForStanceAOB:
readmem(charIDReadOnModelLoadForStanceAOB+11,8)
//mov edx,[rax+54]
//call re2.exe+149C610
exit24:
jmp returnhere24
///
dCustomStance:
dd ffffffff
///
charIDReadOnModelLoadForStanceAOB+11: //"re2.exe"+C23D28A:
jmp newmem24
nop
nop
nop
returnhere24:
///*************************************///
luaCall(lua_aobscan("charIDReadForLoadoutOnLoadAOB","re2.exe","48 ** ** ** 48 ** ** ** 48 ** ** 48 ** ** ** 00 74 08 31 C0 48 ** ** ** 5F C3 48 ** ** ** ** 45 ** ** 8B ** ** 48",2))
///
//aobscanmodule(charLoadoutCallerAOB,re2.exe,48 ** ** 50 44 ** ** 48 ** ** ** 0F 85 ** ** ** ** 48 ** ** 10 48 ** ** 0F 84)
//registersymbol(charLoadoutCallerAOB)
///
label(dCustomLoadout)
registersymbol(dCustomLoadout)
alloc(newmem25,2048,charIDReadForLoadoutOnLoadAOB+1f) //"re2.exe"+950EAC1)
label(returnhere25)
label(originalcode25_charIDReadForLoadoutOnLoadAOB)
registersymbol(originalcode25_charIDReadForLoadoutOnLoadAOB)
label(exit25)
newmem25: //this is allocated memory, you have read,write,execute access
//place your code here
readmem(charIDReadForLoadoutOnLoadAOB+1f,6)
//xor r8d,r8d
//mov ebx,[rdx+54]
push rcx
mov rcx,bStart
//cmp dword ptr [rcx],1
//je @f
//cmp dword ptr [rcx],2
//je @f
//cmp dword ptr [rcx],3
//je @f
//cmp dword ptr [rcx],4
//je @f
//cmp dword ptr [rcx],5
//je @f
//cmp dword ptr [rcx],6
//je @f
//jmp end25
//cmp dword ptr [rcx],5
//jle end25
//cmp dword ptr [rcx],0
//je end25
//cmp dword ptr [rcx],1
//je @f
//jmp end25
cmp dword ptr [rcx],0
je @f
//cmp dword ptr [rcx],1
//je @f
//cmp dword ptr [rcx],1
//je @f
//jmp end25
//cmp dword ptr [rcx],3
//je end25
//cmp dword ptr [rcx],4
//je end25
//cmp dword ptr [rcx],5
//je end25
//mov rcx,"re2.exe"+986765
//mov rcx,charLoadoutCallerAOB
//cmp [rsp+30],rcx
//jne end25
@@:
mov rcx,pCurrentCharacter
cmp [rcx],rdx
jne @f
mov rcx,dCustomLoadout
mov ecx,[rcx]
test ecx,ecx
cmovge ebx,ecx
mov rcx,bStart
mov r8d,[rcx]
mov r8d,[rcx]
xor r8d,r8d
end25:
mov rcx,bStart
inc dword ptr [rcx]
pop rcx
jmp exit25
originalcode25_charIDReadForLoadoutOnLoadAOB:
readmem(charIDReadForLoadoutOnLoadAOB+1f,6)
//xor r8d,r8d
//mov ebx,[rdx+54]
exit25:
jmp returnhere25
///
dCustomLoadout:
dd ffffffff
///
charIDReadForLoadoutOnLoadAOB+1f: //"re2.exe"+950EAC1:
jmp newmem25
nop
returnhere25:
///*************************************///
aobscanmodule(charIDReadForLoadoutOnCutsceneEndAOB,re2.exe,4C ** ** ** 48 ** ** 49 ** ** ** ** ** ** 48 ** ** 0F 84 ** ** ** ** 8B ** ** 45 ** ** 48)
registersymbol(charIDReadForLoadoutOnCutsceneEndAOB)
alloc(newmem26,2048,charIDReadForLoadoutOnCutsceneEndAOB+17) //"re2.exe"+BFD2E06)
label(returnhere26)
label(originalcode26_charIDReadForLoadoutOnCutsceneEndAOB)
registersymbol(originalcode26_charIDReadForLoadoutOnCutsceneEndAOB)
label(exit26)
newmem26: //this is allocated memory, you have read,write,execute access
//place your code here
readmem(charIDReadForLoadoutOnCutsceneEndAOB+17,6)
//mov edi,[rax+54]
//xor r8d,r8d
mov rdx,pCurrentCharacter
cmp [rdx],rax
jne @f
mov rdx,dCustomStance
mov edx,[rdx]
test edx,edx
cmovge edi,edx
end26:
jmp exit26
originalcode26_charIDReadForLoadoutOnCutsceneEndAOB:
readmem(charIDReadForLoadoutOnCutsceneEndAOB+17,6)
//mov edi,[rax+54]
//xor r8d,r8d
exit26:
jmp returnhere26
///
charIDReadForLoadoutOnCutsceneEndAOB+17: //"re2.exe"+BFD2E06:
jmp newmem26
nop
returnhere26:
///*************************************///
aobscanmodule(preStanceReadOnGhostMissionsLoadAOB,re2.exe,48 ** ** ** 48 ** ** ** 00 0F 85 ** ** ** ** 8B 55 54 48 ** ** E8)
registersymbol(preStanceReadOnGhostMissionsLoadAOB)
alloc(newmem27,2048,preStanceReadOnGhostMissionsLoadAOB+f) //"re2.exe"+D4B64FF)
label(returnhere27)
label(originalcode27_preStanceReadOnGhostMissionsLoadAOB)
registersymbol(originalcode27_preStanceReadOnGhostMissionsLoadAOB)
label(exit27)
newmem27: //this is allocated memory, you have read,write,execute access
//place your code here
mov rcx,pCurrentCharacter
cmp [rcx],rbp
readmem(preStanceReadOnGhostMissionsLoadAOB+f,3)
//mov edx,[rbp+54]
jne @f
push rax
mov rcx,dCustomStance
mov eax,[rcx]
test eax,eax
cmovge edx,eax
pop rax
end27:
readmem(preStanceReadOnGhostMissionsLoadAOB+12,3)
//mov rcx,rbx
jmp exit27
originalcode27_preStanceReadOnGhostMissionsLoadAOB:
readmem(preStanceReadOnGhostMissionsLoadAOB+f,6)
//mov edx,[rbp+54]
//mov rcx,rbx
exit27:
jmp returnhere27
///
preStanceReadOnGhostMissionsLoadAOB+f: //"re2.exe"+D4B64FF:
jmp newmem27
nop
returnhere27:
///*************************************///
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem23)
charInvReadOnLodAOB+29: //"re2.exe"+C2EB9E3:
readmem(originalcode23_charInvReadOnLodAOB,8)
//db 8B 40 54 48 8B 5C 24 30
//Alt: mov eax,[rax+54]
//Alt: mov rbx,[rsp+30]
unregistersymbol(originalcode23_charInvReadOnLodAOB)
unregistersymbol(bStart)
unregistersymbol(pCurrentCharacter)
unregistersymbol(dCurrentCharacter)
///*************************************///
dealloc(newmem)
charIDReadOnModelLoadAOB+d: //"re2.exe"+E4616C3:
readmem(originalcode_charIDReadOnModelLoadAOB,8)
//db 8B 40 54 48 8B 5C 24 30
//Alt: mov eax,[rax+54]
//Alt: mov rbx,[rsp+30]
unregistersymbol(originalcode_charIDReadOnModelLoadAOB)
//unregistersymbol(pCurrentCharacter)
//unregistersymbol(dCurrentCharacter)
unregistersymbol(pCharacterInfo)
unregistersymbol(dCustomCharacter)
///*************************************///
dealloc(newmem2)
costumeWriteOnLoadOrChangeAOB+16: //"re2.exe"+E46D663:
readmem(originalcode2_costumeWriteOnLoadOrChangeAOB,7)
//db 89 6F 54 48 8B 43 50
//Alt: mov [rdi+54],ebp
//Alt: mov rax,[rbx+50]
unregistersymbol(originalcode2_costumeWriteOnLoadOrChangeAOB)
unregistersymbol(dCustomCostume)
///*************************************///
dealloc(newmem4)
charIDChk1AOB+1d: //"re2.exe"+D5DDD90:
readmem(originalcode4_charIDChk1AOB,9)
//db 39 79 54 0F 85 09 FF FF FF
//Alt: cmp [rcx+54],edi
//Alt: jne re2.exe+D5DDCA2
unregistersymbol(originalcode4_charIDChk1AOB)
///*************************************///
dealloc(newmem24)
charIDReadOnModelLoadForStanceAOB+11: //"re2.exe"+C23D28A:
readmem(originalcode24_charIDReadOnModelLoadForStanceAOB,8)
//db 8B 50 54 E8 7E F3 25 F5
//Alt: mov edx,[rax+54]
//Alt: call re2.exe+149C610
unregistersymbol(originalcode24_charIDReadOnModelLoadForStanceAOB)
unregistersymbol(dCustomStance)
///*************************************///
dealloc(newmem25)
charIDReadForLoadoutOnLoadAOB+1f: //"re2.exe"+950EAC1:
readmem(originalcode25_charIDReadForLoadoutOnLoadAOB,6)
//db 45 31 C0 8B 5A 54
//Alt: xor r8d,r8d
//Alt: mov ebx,[rdx+54]
unregistersymbol(originalcode25_charIDReadForLoadoutOnLoadAOB)
unregistersymbol(dCustomLoadout)
///*************************************///
dealloc(newmem26)
charIDReadForLoadoutOnCutsceneEndAOB+17: //"re2.exe"+BFD2E06:
readmem(originalcode26_charIDReadForLoadoutOnCutsceneEndAOB,6)
//db 8B 78 54 45 31 C0
//Alt: mov edi,[rax+54]
//Alt: xor r8d,r8d
unregistersymbol(originalcode26_charIDReadForLoadoutOnCutsceneEndAOB)
///*************************************///
dealloc(newmem27)
preStanceReadOnGhostMissionsLoadAOB+f: //"re2.exe"+D4B64FF:
readmem(originalcode27_preStanceReadOnGhostMissionsLoadAOB,6)
//db 8B 55 54 48 89 D9
//Alt: mov edx,[rbp+54]
//Alt: mov rcx,rbx
unregistersymbol(originalcode27_preStanceReadOnGhostMissionsLoadAOB)
///*************************************///
14631
"custom stance"
ffffffff:default
00000000:Leon Scott Kennedy
00000001:Claire Redfield
00000002:Ada Wong
00000003:Sherry Birkin
00000004:HUNK
00000005:Tofu
00000006:Robert Kendo (Gun Shop Owner)
00000007:Brian Irons (Chief of Police)
00000008:Ben Bertolucci (Journalist)
00000009:Annette Birkin
0000000a:Chris Redfield
0000000C:Ghost Soldier
0000000D:Marvin Branagh
00000010:William Broken
00000014:Katherine Warren
0000001B:RPD Pilot
0000001D:Truck Driver
0000001E:Woman that Truck Driver hits
0000001F:Daniel Cortini (Sheriff in Gas Station)
00000020:First zombie in gas station with missing face texture
00000021:Emma Kendo
00000022:RPD Elliot with Entrails buttflap
00000024:Gas Station clerk
00000025:Officer in west hallway with cheek torn open. Broken textures
00000027:Male Generic Zombie A
00000028:G-infected Zombie torched by Annette
00000029:Some guy in a lab coat
0000002A:Unknown character
1
008000
4 Bytes
dCustomStance
14632
"for controlling character"
808080
1
14633
"MUST reload after changes"
808080
1
14634
"custom loadout"
ffffffff:default
00000000:Leon Scott Kennedy
00000001:Claire Redfield
00000002:Ada Wong
00000003:Sherry Birkin
00000004:HUNK
00000005:Tofu
00000006:Robert Kendo (Gun Shop Owner)
00000007:Brian Irons (Chief of Police)
00000008:Ben Bertolucci (Journalist)
00000009:Annette Birkin
0000000a:Chris Redfield
0000000C:Ghost Soldier
0000000D:Marvin Branagh
00000010:William Broken
00000014:Katherine Warren
0000001B:RPD Pilot
0000001D:Truck Driver
0000001E:Woman that Truck Driver hits
0000001F:Daniel Cortini (Sheriff in Gas Station)
00000020:First zombie in gas station with missing face texture
00000021:Emma Kendo
00000022:RPD Elliot with Entrails buttflap
00000024:Gas Station clerk
00000025:Officer in west hallway with cheek torn open. Broken textures
00000027:Male Generic Zombie A
00000028:G-infected Zombie torched by Annette
00000029:Some guy in a lab coat
0000002A:Unknown character
1
008000
4 Bytes
dCustomLoadout
14635
"for controlling character"
808080
1
14636
"MUST reload after changes"
808080
1
14637
"[custom character]"
000080
Array of byte
0
dCustomCharacter
14638
"Leon"
ffffffff:default
00000000:Leon Scott Kennedy
00000001:Claire Redfield
00000002:Ada Wong
00000003:Sherry Birkin
00000004:HUNK
00000005:Tofu
00000006:Robert Kendo (Gun Shop Owner)
00000007:Brian Irons (Chief of Police)
00000008:Ben Bertolucci (Journalist)
00000009:Annette Birkin
0000000a:Chris Redfield
0000000C:Ghost Soldier
0000000D:Marvin Branagh
00000010:William Broken
00000014:Katherine Warren
0000001B:RPD Pilot
0000001D:Truck Driver
0000001E:Woman that Truck Driver hits
0000001F:Daniel Cortini (Sheriff in Gas Station)
00000020:First zombie in gas station with missing face texture
00000021:Emma Kendo
00000022:RPD Elliot with Entrails buttflap
00000024:Gas Station clerk
00000025:Officer in west hallway with cheek torn open. Broken textures
00000027:Male Generic Zombie A
00000028:G-infected Zombie torched by Annette
00000029:Some guy in a lab coat
0000002A:Unknown character
1
008000
4 Bytes
+0*4
14639
"Claire"
ffffffff:default
00000000:Leon Scott Kennedy
00000001:Claire Redfield
00000002:Ada Wong
00000003:Sherry Birkin
00000004:HUNK
00000005:Tofu
00000006:Robert Kendo (Gun Shop Owner)
00000007:Brian Irons (Chief of Police)
00000008:Ben Bertolucci (Journalist)
00000009:Annette Birkin
0000000a:Chris Redfield
0000000C:Ghost Soldier
0000000D:Marvin Branagh
00000010:William Broken
00000014:Katherine Warren
0000001B:RPD Pilot
0000001D:Truck Driver
0000001E:Woman that Truck Driver hits
0000001F:Daniel Cortini (Sheriff in Gas Station)
00000020:First zombie in gas station with missing face texture
00000021:Emma Kendo
00000022:RPD Elliot with Entrails buttflap
00000024:Gas Station clerk
00000025:Officer in west hallway with cheek torn open. Broken textures
00000027:Male Generic Zombie A
00000028:G-infected Zombie torched by Annette
00000029:Some guy in a lab coat
0000002A:Unknown character
1
008000
4 Bytes
+1*4
14640
"Ada"
ffffffff:default
00000000:Leon Scott Kennedy
00000001:Claire Redfield
00000002:Ada Wong
00000003:Sherry Birkin
00000004:HUNK
00000005:Tofu
00000006:Robert Kendo (Gun Shop Owner)
00000007:Brian Irons (Chief of Police)
00000008:Ben Bertolucci (Journalist)
00000009:Annette Birkin
0000000a:Chris Redfield
0000000C:Ghost Soldier
0000000D:Marvin Branagh
00000010:William Broken
00000014:Katherine Warren
0000001B:RPD Pilot
0000001D:Truck Driver
0000001E:Woman that Truck Driver hits
0000001F:Daniel Cortini (Sheriff in Gas Station)
00000020:First zombie in gas station with missing face texture
00000021:Emma Kendo
00000022:RPD Elliot with Entrails buttflap
00000024:Gas Station clerk
00000025:Officer in west hallway with cheek torn open. Broken textures
00000027:Male Generic Zombie A
00000028:G-infected Zombie torched by Annette
00000029:Some guy in a lab coat
0000002A:Unknown character
1
008000
4 Bytes
+2*4
14641
"Sherry"
ffffffff:default
00000000:Leon Scott Kennedy
00000001:Claire Redfield
00000002:Ada Wong
00000003:Sherry Birkin
00000004:HUNK
00000005:Tofu
00000006:Robert Kendo (Gun Shop Owner)
00000007:Brian Irons (Chief of Police)
00000008:Ben Bertolucci (Journalist)
00000009:Annette Birkin
0000000a:Chris Redfield
0000000C:Ghost Soldier
0000000D:Marvin Branagh
00000010:William Broken
00000014:Katherine Warren
0000001B:RPD Pilot
0000001D:Truck Driver
0000001E:Woman that Truck Driver hits
0000001F:Daniel Cortini (Sheriff in Gas Station)
00000020:First zombie in gas station with missing face texture
00000021:Emma Kendo
00000022:RPD Elliot with Entrails buttflap
00000024:Gas Station clerk
00000025:Officer in west hallway with cheek torn open. Broken textures
00000027:Male Generic Zombie A
00000028:G-infected Zombie torched by Annette
00000029:Some guy in a lab coat
0000002A:Unknown character
1
008000
4 Bytes
+3*4
14642
"HUNK"
ffffffff:default
00000000:Leon Scott Kennedy
00000001:Claire Redfield
00000002:Ada Wong
00000003:Sherry Birkin
00000004:HUNK
00000005:Tofu
00000006:Robert Kendo (Gun Shop Owner)
00000007:Brian Irons (Chief of Police)
00000008:Ben Bertolucci (Journalist)
00000009:Annette Birkin
0000000a:Chris Redfield
0000000C:Ghost Soldier
0000000D:Marvin Branagh
00000010:William Broken
00000014:Katherine Warren
0000001B:RPD Pilot
0000001D:Truck Driver
0000001E:Woman that Truck Driver hits
0000001F:Daniel Cortini (Sheriff in Gas Station)
00000020:First zombie in gas station with missing face texture
00000021:Emma Kendo
00000022:RPD Elliot with Entrails buttflap
00000024:Gas Station clerk
00000025:Officer in west hallway with cheek torn open. Broken textures
00000027:Male Generic Zombie A
00000028:G-infected Zombie torched by Annette
00000029:Some guy in a lab coat
0000002A:Unknown character
1
008000
4 Bytes
+4*4
14643
"Tofu"
ffffffff:default
00000000:Leon Scott Kennedy
00000001:Claire Redfield
00000002:Ada Wong
00000003:Sherry Birkin
00000004:HUNK
00000005:Tofu
00000006:Robert Kendo (Gun Shop Owner)
00000007:Brian Irons (Chief of Police)
00000008:Ben Bertolucci (Journalist)
00000009:Annette Birkin
0000000a:Chris Redfield
0000000C:Ghost Soldier
0000000D:Marvin Branagh
00000010:William Broken
00000014:Katherine Warren
0000001B:RPD Pilot
0000001D:Truck Driver
0000001E:Woman that Truck Driver hits
0000001F:Daniel Cortini (Sheriff in Gas Station)
00000020:First zombie in gas station with missing face texture
00000021:Emma Kendo
00000022:RPD Elliot with Entrails buttflap
00000024:Gas Station clerk
00000025:Officer in west hallway with cheek torn open. Broken textures
00000027:Male Generic Zombie A
00000028:G-infected Zombie torched by Annette
00000029:Some guy in a lab coat
0000002A:Unknown character
1
008000
4 Bytes
+5*4
14644
"Robert Kendo"
ffffffff:default
00000000:Leon Scott Kennedy
00000001:Claire Redfield
00000002:Ada Wong
00000003:Sherry Birkin
00000004:HUNK
00000005:Tofu
00000006:Robert Kendo (Gun Shop Owner)
00000007:Brian Irons (Chief of Police)
00000008:Ben Bertolucci (Journalist)
00000009:Annette Birkin
0000000a:Chris Redfield
0000000C:Ghost Soldier
0000000D:Marvin Branagh
00000010:William Broken
00000014:Katherine Warren
0000001B:RPD Pilot
0000001D:Truck Driver
0000001E:Woman that Truck Driver hits
0000001F:Daniel Cortini (Sheriff in Gas Station)
00000020:First zombie in gas station with missing face texture
00000021:Emma Kendo
00000022:RPD Elliot with Entrails buttflap
00000024:Gas Station clerk
00000025:Officer in west hallway with cheek torn open. Broken textures
00000027:Male Generic Zombie A
00000028:G-infected Zombie torched by Annette
00000029:Some guy in a lab coat
0000002A:Unknown character
1
008000
4 Bytes
+6*4
14645
"Ghost Soldier"
ffffffff:default
00000000:Leon Scott Kennedy
00000001:Claire Redfield
00000002:Ada Wong
00000003:Sherry Birkin
00000004:HUNK
00000005:Tofu
00000006:Robert Kendo (Gun Shop Owner)
00000007:Brian Irons (Chief of Police)
00000008:Ben Bertolucci (Journalist)
00000009:Annette Birkin
0000000a:Chris Redfield
0000000C:Ghost Soldier
0000000D:Marvin Branagh
00000010:William Broken
00000014:Katherine Warren
0000001B:RPD Pilot
0000001D:Truck Driver
0000001E:Woman that Truck Driver hits
0000001F:Daniel Cortini (Sheriff in Gas Station)
00000020:First zombie in gas station with missing face texture
00000021:Emma Kendo
00000022:RPD Elliot with Entrails buttflap
00000024:Gas Station clerk
00000025:Officer in west hallway with cheek torn open. Broken textures
00000027:Male Generic Zombie A
00000028:G-infected Zombie torched by Annette
00000029:Some guy in a lab coat
0000002A:Unknown character
1
008000
4 Bytes
+c*4
14646
"Katherine"
ffffffff:default
00000000:Leon Scott Kennedy
00000001:Claire Redfield
00000002:Ada Wong
00000003:Sherry Birkin
00000004:HUNK
00000005:Tofu
00000006:Robert Kendo (Gun Shop Owner)
00000007:Brian Irons (Chief of Police)
00000008:Ben Bertolucci (Journalist)
00000009:Annette Birkin
0000000a:Chris Redfield
0000000C:Ghost Soldier
0000000D:Marvin Branagh
00000010:William Broken
00000014:Katherine Warren
0000001B:RPD Pilot
0000001D:Truck Driver
0000001E:Woman that Truck Driver hits
0000001F:Daniel Cortini (Sheriff in Gas Station)
00000020:First zombie in gas station with missing face texture
00000021:Emma Kendo
00000022:RPD Elliot with Entrails buttflap
00000024:Gas Station clerk
00000025:Officer in west hallway with cheek torn open. Broken textures
00000027:Male Generic Zombie A
00000028:G-infected Zombie torched by Annette
00000029:Some guy in a lab coat
0000002A:Unknown character
1
008000
4 Bytes
+14*4
14647
"Daniel Cortini"
ffffffff:default
00000000:Leon Scott Kennedy
00000001:Claire Redfield
00000002:Ada Wong
00000003:Sherry Birkin
00000004:HUNK
00000005:Tofu
00000006:Robert Kendo (Gun Shop Owner)
00000007:Brian Irons (Chief of Police)
00000008:Ben Bertolucci (Journalist)
00000009:Annette Birkin
0000000a:Chris Redfield
0000000C:Ghost Soldier
0000000D:Marvin Branagh
00000010:William Broken
00000014:Katherine Warren
0000001B:RPD Pilot
0000001D:Truck Driver
0000001E:Woman that Truck Driver hits
0000001F:Daniel Cortini (Sheriff in Gas Station)
00000020:First zombie in gas station with missing face texture
00000021:Emma Kendo
00000022:RPD Elliot with Entrails buttflap
00000024:Gas Station clerk
00000025:Officer in west hallway with cheek torn open. Broken textures
00000027:Male Generic Zombie A
00000028:G-infected Zombie torched by Annette
00000029:Some guy in a lab coat
0000002A:Unknown character
1
008000
4 Bytes
+1f*4
14648
"[costumes]"
1
000080
Array of byte
0
dCustomCostume
14649
"Leon"
FFFFFFFF:default
00000000:Leon Casual
00000001:Leon Police (Clean)
00000002:Leon Police (Dirty)
00000003:Leon Police Injured (Clean)
00000004:Leon Police Injured (Dirty)
00000005:Leon C. Police 1
00000006:Leon C. Police 2
00000007:Leon C. Police 3
00000008:Leon C. Police Injured 1
00000009:Leon C. Police Injured 2
0000000A:Noir
0000000B:Arklay Sheriff
1
008000
4 Bytes
+0*4
14650
"Claire"
FFFFFFFF:default
00000000:Claire Jacket (Clean)
00000001:Claire Jacket (Slight Dirty)
00000002:Claire Jacket (Dirty)
00000003:Claire Tank Top (Slight Dirty)
00000004:Claire Tank Top (Dirty)
00000005:Claire C. Jacket 1
00000006:Claire C. Jacket 2
00000007:Claire C. Jacket 3
00000008:Claire C. No Jacket 1
00000009:Claire C. No Jacket 2
0000000A:Noir
0000000B:Military
0000000C:Elza Walker
1
008000
4 Bytes
+1*4
14651
"Ada"
FFFFFFFF:default
00000000:Coat
00000001:without Coat
00000002:Injured
1
008000
4 Bytes
+2*4
14652
"Sherry"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+3*4
14653
"HUNK"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+4*4
14654
"Tofu"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+5*4
14655
"Robert Kendo"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+6*4
14656
"Brian Irons"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+7*4
14657
"Ben Bertolucci"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+8*4
14658
"Annette Birkin"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+9*4
14659
"Chris Redfield"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+a*4
14660
"0b"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+b*4
14661
"Ghost Soldier"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+c*4
14662
"Marvin Branagh"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+d*4
14663
"0e"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+e*4
14664
"0f"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+f*4
14665
"William Broken"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+10*4
14666
"11"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+11*4
14667
"12"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+12*4
14668
"13"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+13*4
14669
"Katherine Warren"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+14*4
14670
"15"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+15*4
14671
"16"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+16*4
14672
"17"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+17*4
14673
"18"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+18*4
14674
"19"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+19*4
14675
"1a"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+1a*4
14676
"RPD Pilot"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+1b*4
14677
"1c"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+1c*4
14678
"Truck Driver"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+1d*4
14679
"Woman hit by Truck Driver"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+1e*4
14680
"Sheriff Daniel Cortini (Gas Station Cop)"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+1f*4
14681
"Gas Station Zombie"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+20*4
14682
"Emma Kendo"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+21*4
14683
"RPD Elliot"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+22*4
14684
"23"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+23*4
14685
"Gas Station Clerk"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+24*4
14686
"West Hallway Officer"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+25*4
14687
"26"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+26*4
14688
"Generic Zombie"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+27*4
14689
"Zombie burnt by Annette"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+28*4
14690
"Lab Guy"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+29*4
14691
"End Game Truck Driver"
FFFFFFFF:default
00000000:1st costume
00000001:2nd costume
00000002:3rd costume
1
008000
4 Bytes
+2a*4
14715
""
FFFFFF
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
label(dCustomVoice)
registersymbol(dCustomVoice)
alloc(newmem,2048,"re2.exe"+277810)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
mov eax,[rdx+54]
push rcx
mov rcx,pCurrentCharacter
cmp [rcx],rdx
jne @f
mov rcx,dCustomVoice
mov ecx,[rcx]
test ecx,ecx
cmovge eax,ecx
@@:
pop rcx
ret
originalcode:
mov eax,[rdx+54]
ret
int 3
exit:
jmp returnhere
///
dCustomVoice:
dd ffffffff
///
"re2.exe"+277810:
jmp newmem
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"re2.exe"+277810:
db 8B 42 54 C3 CC
//Alt: mov eax,[rdx+54]
//Alt: ret
//Alt: int 3
unregistersymbol(dCustomVoice)
14716
"custom voice"
ffffffff:default
00000000:Leon Scott Kennedy
00000001:Claire Redfield
00000002:Ada Wong
00000003:Sherry Birkin
00000004:HUNK
00000005:Tofu
00000006:Robert Kendo (Gun Shop Owner)
00000007:Brian Irons (Chief of Police)
00000008:Ben Bertolucci (Journalist)
00000009:Annette Birkin
0000000a:Chris Redfield
0000000C:Ghost Soldier
0000000D:Marvin Branagh
00000010:William Broken
00000014:Katherine Warren
0000001B:RPD Pilot
0000001D:Truck Driver
0000001E:Woman that Truck Driver hits
0000001F:Daniel Cortini (Sheriff in Gas Station)
00000020:First zombie in gas station with missing face texture
00000021:Emma Kendo
00000022:RPD Elliot with Entrails buttflap
00000024:Gas Station clerk
00000025:Officer in west hallway with cheek torn open. Broken textures
00000027:Male Generic Zombie A
00000028:G-infected Zombie torched by Annette
00000029:Some guy in a lab coat
0000002A:Unknown character
1
008000
4 Bytes
dCustomVoice
14717
"for controlling character"
808080
1
14692
"debug"
FFFFFF
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
{aobscanmodule(charIDChk1AOB,re2.exe,48 ** ** ** ** ** ** 48 85 C0 0F 84 ** ** ** ** 48 ** ** ** 48 ** ** 0F 84 ** ** ** ** 39 ** ** 0F 85)
registersymbol(charIDChk1AOB)
alloc(newmem,2048,charIDChk1AOB+1d) //"re2.exe"+D5DDD90)
label(returnhere)
label(originalcode_charIDChk1AOB)
registersymbol(originalcode_charIDChk1AOB)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
//cmp edi,4
//je @f
push rbx
mov rbx,pCharacterInfo
mov [rbx],rcx
pop rbx
@@:
readmem(charIDChk1AOB+1d,3)
reassemble(charIDChk1AOB+20)
jmp exit
originalcode_charIDChk1AOB:
readmem(charIDChk1AOB+1d,9)
//cmp [rcx+54],edi
//jne re2.exe+D5DDCA2
exit:
jmp returnhere
///
charIDChk1AOB+1d: //"re2.exe"+D5DDD90:
jmp newmem
nop
nop
nop
nop
returnhere:}
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
{dealloc(newmem)
charIDChk1AOB+1d: //"re2.exe"+D5DDD90:
readmem(originalcode_charIDChk1AOB,9)
//db 39 79 54 0F 85 09 FF FF FF
//Alt: cmp [rcx+54],edi
//Alt: jne re2.exe+D5DDCA2
unregistersymbol(originalcode_charIDChk1AOB)}
14693
""
FFFFFF
Array of byte
0
pCharacterInfo
0
14694
"char ID"
0000:Leon Scott Kennedy
0001:Claire Redfield
0002:Ada Wong
0003:Sherry Birkin
0004:HUNK
0005:Tofu
0006:Robert Kendo (Gun Shop Owner)
0007:Brian Irons (Chief of Police)
0008:Ben Bertolucci (Journalist)
0009:Annette Birkin
000a:Chris Redfield
000D:Marvin Branagh
0010:William Broken
0014:Katherine Warren
001B:RPD Pilot from crashed helicopter
001D:Truck Driver
001E:Woman that Truck Driver hits
001F:Cop in Gas Station
0020:First zombie in gas station with missing face texture
0021:Emma Kendo (With weird skeleton. Because of Leon base?)
0022:RPD Elliot with Entrails buttflap
0024:Gas Station clerk
0025:Officer in west hallway with cheek torn open. Broken textures
0027:Male Generic Zombie A
0028:G-infected Zombie torched by Annette
0029:Some guy in a lab coat
002A:Unknown character
1
808080
2 Bytes
+54
14695
""
FFFFFF
Array of byte
0
pCurrentCharacter
0
14696
""
1
FFFFFF
Byte
+54
14697
""
1
FFFFFF
Byte
dCurrentCharacter
14338
"hud mod"
FF0000
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
define(worldobjectinteracthudkeyiddefault,04)
aobscanmodule(worldObjectInteractHUDAOB,re2.exe,48 ** ** 50 48 ** ** 18 48 ** ** 74 04 30 C0 EB 05 85 C0 0F 94 D0 48 ** ** 0F 85 ** ** ** ** 84 C0 0F 84 ** ** ** ** 48 ** ** ** ** ** ** 45 31 C0)
registersymbol(worldObjectInteractHUDAOB)
label(bWorldObjectInteractHUD)
registersymbol(bWorldObjectInteractHUD)
label(bWorldObjectInteractHUDKeyID)
registersymbol(bWorldObjectInteractHUDKeyID)
label(bWorldObjectInteractHUDKeyPressed)
registersymbol(bWorldObjectInteractHUDKeyPressed)
alloc(newmem,2048,worldObjectInteractHUDAOB) //"re2.exe"+C982752)
label(returnhere)
label(originalcode_worldObjectInteractHUDAOB)
registersymbol(originalcode_worldObjectInteractHUDAOB)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
//mov al,1
mov rcx,bWorldObjectInteractHUD
mov ecx,[rcx]
cmp ecx,2
cmovne eax,ecx
mov rcx,bWorldObjectInteractHUDKeyPressed
mov ecx,[rcx]
test cl,cl
setz cl
cmovnz eax,ecx
originalcode_worldObjectInteractHUDAOB:
readmem(worldObjectInteractHUDAOB,8)
//mov rcx,[rdi+50]
//mov rdx,[rcx+18]
exit:
jmp returnhere
///
bWorldObjectInteractHUD:
dd 2 //0:show, 1:hide, 2:game
bWorldObjectInteractHUDKeyID:
dd worldobjectinteracthudkeyiddefault
bWorldObjectInteractHUDKeyPressed:
dd 0
///
worldObjectInteractHUDAOB: //"re2.exe"+C982752:
jmp newmem
nop
nop
nop
returnhere:
///***************************************///
aobscanmodule(crossairAOB,re2.exe,41 ** 2B 00 00 00 E8 ** ** ** ** 48 ** ** 50 48 ** ** 18 48 ** ** 74 04 30 C0 EB 05 85 C0 0F 94 D0 48 ** ** 0F 85 ** ** ** ** 84 C0 0F 84 ** ** ** ** 48 ** ** ** ** ** ** 48 ** ** 48 ** ** E8 ** ** ** ** 0F)
registersymbol(crossairAOB)
label(bCrossairHUD)
registersymbol(bCrossairHUD)
alloc(newmem2,2048,crossairAOB+b) //"re2.exe"+C9C0057)
label(returnhere2)
label(originalcode2_crossairAOB)
registersymbol(originalcode2_crossairAOB)
label(exit2)
newmem2: //this is allocated memory, you have read,write,execute access
//place your code here
//xor al,al
mov rcx,bCrossairHUD
mov ecx,[rcx]
cmp ecx,2
cmovne eax,ecx
originalcode2_crossairAOB:
readmem(crossairAOB+b,8)
//mov rcx,[rbx+50]
//mov rdx,[rcx+18]
exit2:
jmp returnhere2
///
bCrossairHUD:
dd 2 //0:show, 1:hide, 2:game
///
crossairAOB+b: //"re2.exe"+C9C0057:
jmp newmem2
nop
nop
nop
returnhere2:
///***************************************///
aobscanmodule(ammoStatusHUDAOB,re2.exe,48 ** ** 50 48 ** ** 18 48 ** ** 74 04 30 C0 EB 05 85 C0 0F 94 D0 48 ** ** 0F 85 ** ** ** ** 84 C0 0F 84 ** ** ** ** 8B)
registersymbol(ammoStatusHUDAOB)
label(bAmmoStatusHUD)
registersymbol(bAmmoStatusHUD)
alloc(newmem6,2048,ammoStatusHUDAOB) //"re2.exe"+A4BB9D3)
label(returnhere6)
label(originalcode6_ammoStatusHUDAOB)
registersymbol(originalcode6_ammoStatusHUDAOB)
label(exit6)
newmem6: //this is allocated memory, you have read,write,execute access
//place your code here
mov rcx,bAmmoStatusHUD
mov ecx,[rcx]
cmp ecx,2
cmovne eax,ecx
originalcode6_ammoStatusHUDAOB:
readmem(ammoStatusHUDAOB,8)
//mov rcx,[rbx+50]
//mov rcx,[rcx+18]
exit6:
jmp returnhere6
///
bAmmoStatusHUD:
dd 2 //0:show, 1:hide, 2:game
///
ammoStatusHUDAOB: //"re2.exe"+A4BB9D3:
jmp newmem6
nop
nop
nop
returnhere6:
///***************************************///
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
worldObjectInteractHUDAOB: //"re2.exe"+C982752:
readmem(originalcode_worldObjectInteractHUDAOB,8)
//db 48 8B 4F 50 48 8B 51 18
//Alt: mov rcx,[rdi+50]
//Alt: mov rdx,[rcx+18]
unregistersymbol(originalcode_worldObjectInteractHUDAOB)
unregistersymbol(bWorldObjectInteractHUD)
unregistersymbol(bWorldObjectInteractHUDKeyID)
unregistersymbol(bWorldObjectInteractHUDKeyPressed)
///***************************************///
dealloc(newmem2)
crossairAOB+b: //"re2.exe"+C9C0057:
readmem(originalcode2_crossairAOB,8)
//db 48 8B 4B 50 48 8B 51 18
//Alt: mov rcx,[rbx+50]
//Alt: mov rdx,[rcx+18]
unregistersymbol(originalcode2_crossairAOB)
unregistersymbol(bCrossairHUD)
///***************************************///
dealloc(newmem6)
ammoStatusHUDAOB: //"re2.exe"+A4BB9D3:
readmem(originalcode6_ammoStatusHUDAOB,8)
//db 48 8B 4B 50 48 8B 49 18
//Alt: mov rcx,[rbx+50]
//Alt: mov rcx,[rcx+18]
unregistersymbol(originalcode6_ammoStatusHUDAOB)
unregistersymbol(bAmmoStatusHUD)
///***************************************///
14339
"interact-able object"
2:default
1:force hide
0:force show
008000
Byte
bWorldObjectInteractHUD
14301
"e.g., typewriter, box, items, etc."
808080
1
14299
"show nearby interact-able key"
FF0000
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
bWorldObjectInteractHUDKeyID:
dd 04
bWorldObjectInteractHUDKeyPressed:
dd 0
///*****************************************///
//modified from TheyCallMeTim13's lua keylistener script
//http://fearlessrevolution.com/viewtopic.php?f=4&t=6041&start=60#p62657
{$lua}
local function worldobjectinteracthudkeyLuaThread(thread)
local addr = getAddressSafe('bWorldObjectInteractHUDKeyPressed')
while WorldObjectInteractHUDThreadLoop do
sleep(100)
if addr then
if ( isKeyPressed( readInteger('bWorldObjectInteractHUDKeyID') ) ) then
writeBytes(addr, 1)
else
writeBytes(addr, 0)
end
else
addr = getAddressSafe('bWorldObjectInteractHUDKeyPressed')
end
end
thread.terminate()
-- while WorldObjectInteractHUDThreadLoop do
-- if ( isKeyPressed(VK_CAPITAL) ) then
-- writeBytes("bWorldObjectInteractHUDKeyPressed" ,1)
-- else
-- writeBytes("bWorldObjectInteractHUDKeyPressed" ,0)
-- end
-- end
-- thread.terminate()
end
----------------------------------
if syntaxcheck then return end
WorldObjectInteractHUDThreadLoop = true
createThread(worldobjectinteracthudkeyLuaThread)
{$asm}
///*****************************************///
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
{$lua}
if syntaxcheck then return end
WorldObjectInteractHUDThreadLoop = false
{$asm}
///*****************************************///
14340
"key"
10:SHIFT key
11:CTRL key
12:ALT key
14:CAPS LOCK key
20:Spacebar
04:Middle Mouse Button
05:X1 Mouse Button
06:X2 Moust Button
1
008000
Byte
bWorldObjectInteractHUDKeyID
14341
""
008000
Byte
+4
14342
""
008000
Float
+4
14347
"if interact-able object hud is hidden,"
808080
1
14348
"show nearby interact-able by key"
808080
1
14343
"crossair"
2:default
1:force hide
0:force show
008000
Byte
bCrossairHUD
14344
"ammo/status"
2:default
1:force hide
0:force show
008000
Byte
bAmmoStatusHUD
14345
"if ammo/status hud is hidden,"
808080
1
14346
"both "no reload" & "ignore ammo pouch" would be rendered useless"
808080
1
13134
"save count (edited) (cjbok)"
FF0000
Auto Assembler Script
[ENABLE]
aobscanmodule(SaveCountAOB,re2.exe,01 89 41 24 48 8B 43 50) // should be unique
label(dCustSaveCount)
registersymbol(dCustSaveCount)
alloc(SaveCountMem,$1000,"re2.exe"+ADE1B7E)
registersymbol(SaveCountAOB)
label(return)
SaveCountMem:
mov rax,dCustSaveCount
mov eax,[rax]
mov [rcx+24],eax
mov rax,[rbx+50]
jmp return
///
dCustSaveCount:
dd #3
///
SaveCountAOB+01:
jmp SaveCountMem
nop
nop
return:
[DISABLE]
SaveCountAOB+01:
//mov [rcx+24],eax
//mov rax,[rbx+50]
db 89 41 24 48 8B 43 50
unregistersymbol(SaveCountAOB)
dealloc(SaveCountMem)
unregistersymbol(dCustSaveCount)
13572
"#"
008000
4 Bytes
dCustSaveCount
13022
""
1
13014
"health"
0000FF
4 Bytes
pPlayer
58
13015
"health max"
0000FF
4 Bytes
-4
13058
"god (auto reset)"
0000FF
Byte
+4
13059
"god"
0000FF
Byte
+5
14049
"inv slots"
0000FF
4 Bytes
pPlayer
90
18
Set Value
18
4
(health max)
0
13016
"current clip"
8080FF
4 Bytes
pAmmo
20
13017
"clip max"
808080
4 Bytes
dAmmoClipMax
13018
""
808080
Byte
pAmmo+8
13498
"x +-"
0000FF
Float
pPlayerBase
30
18
10
14876
""
0000FF
Float
+80
13499
"z +-"
0000FF
Float
pPlayerBase
34
18
10
14877
""
0000FF
Float
+80
13500
"y -+"
0000FF
Float
pPlayerBase
38
18
10
14878
""
0000FF
Float
+80
13748
""
000080
Array of byte
0
pPlayer+8
0
14262
""
000080
Array of byte
0
+1b0
0
14263
""
000080
Array of byte
0
+20
0
14264
"wet flag"
0000FF
4 Bytes
+98
14265
"wet amount"
0000FF
Float
+60
http://fearlessrevolution.com/viewtopic.php?f=4&t=8539
///
3 scritps by CJBok:
save count 0
max pouch slots
Game Time
link:
http://fearlessrevolution.com/viewtopic.php?p=76389#p76389
///
weapon's upgrade shared by gir489
link:
http://fearlessrevolution.com/viewtopic.php?f=4&t=8539&start=255#p76443
--vng21092's aobscan lua script
function lua_aobscan(name,module,bytes,index)
index = index - 1
if(module == "") then
local resultSet = AOBScan(bytes)
if(resultSet == nil) then
unregisterSymbol(name)
print(name.." not found")
else
unregisterSymbol(name)
registerSymbol(name,resultSet[index])
resultSet.destroy()
end
else
if(getModuleSize(module) == nil) then
print("Module "..module.." not found")
else
local memScanner = createMemScan()
local memFoundList = createFoundList(memScanner)
memScanner.firstScan(
soExactValue,vtByteArray,rtRounded,bytes,nil,
getAddress(module),(getAddress(module)+getModuleSize(module)),"",
fsmNotAligned,"",true,false,false,false)
memScanner.waitTillDone()
memFoundList.initialize()
if(memFoundList.Count == 0) then
unregisterSymbol(name)
print(name.." in module "..module.." not found")
else
unregisterSymbol(name)
registerSymbol(name,memFoundList.Address[index])
end
memScanner.destroy()
memFoundList.destroy()
end
end
end
---
----------------------------------------------
registerCustomTypeAutoAssembler([[
alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)
alloc(TypeName,256)
alloc(ByteSize,4)
alloc(UsesFloat,1)
alloc(CallMethod,1)
TypeName:
db 'RE2_Hrs',0
ByteSize:
dd 4
UsesFloat:
db 0 //Change to 1 if this custom type should be treated as a float
CallMethod:
db 1 //Remove or change to 0 for legacy call mechanism
//The convert routine should hold a routine that converts the data to an integer (in eax)
//function declared as: cdecl int ConvertRoutine(unsigned char *input, PTR_UINT address);
//Note: Keep in mind that this routine can be called by multiple threads at the same time.
ConvertRoutine:
//jmp dllname.functionname
[64-bit]
//or manual:
//parameters: (64-bit)
//rcx=address of input
//rdx=address
mov eax,[rcx] //eax now contains the bytes 'input' pointed to
xor edx,edx
mov ecx,#3600
div ecx
ret
[/64-bit]
[32-bit]
//jmp dllname.functionname
//or manual:
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=address of input
//[ebp+c]=address
//example:
mov eax,[ebp+8] //place the address that contains the bytes into eax
mov eax,[eax] //place the bytes into eax so it's handled as a normal 4 byte value
pop ebp
ret
[/32-bit]
//The convert back routine should hold a routine that converts the given integer back to a row of bytes (e.g when the user wats to write a new value)
//function declared as: cdecl void ConvertBackRoutine(int i, PTR_UINT address, unsigned char *output);
ConvertBackRoutine:
//jmp dllname.functionname
//or manual:
[64-bit]
//parameters: (64-bit)
//ecx=input
//rdx=address
//r8=address of output
//example:
imul ecx,ecx,#3600
mov eax,[r8]
xor edx,edx
mov ebx,#3600
div ebx
add ecx,edx
mov [r8],ecx //place the integer at the 4 bytes pointed to by r8
ret
[/64-bit]
[32-bit]
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//[ebp+c]=address
//[ebp+10]=address of output
//example:
push eax
push ebx
mov eax,[ebp+8] //load the value into eax
mov ebx,[ebp+10] //load the output address into ebx
mov [ebx],eax //write the value into the address
pop ebx
pop eax
pop ebp
ret
[/32-bit]
]])
---
----------------------------------------------
registerCustomTypeAutoAssembler([[
alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)
alloc(TypeName,256)
alloc(ByteSize,4)
alloc(UsesFloat,1)
alloc(CallMethod,1)
TypeName:
db 'RE2_Mins',0
ByteSize:
dd 4
UsesFloat:
db 0 //Change to 1 if this custom type should be treated as a float
CallMethod:
db 1 //Remove or change to 0 for legacy call mechanism
//The convert routine should hold a routine that converts the data to an integer (in eax)
//function declared as: cdecl int ConvertRoutine(unsigned char *input, PTR_UINT address);
//Note: Keep in mind that this routine can be called by multiple threads at the same time.
ConvertRoutine:
//jmp dllname.functionname
[64-bit]
//or manual:
//parameters: (64-bit)
//rcx=address of input
//rdx=address
mov eax,[rcx] //eax now contains the bytes 'input' pointed to
xor edx,edx
mov ecx,#3600
div ecx
mov eax,edx
xor edx,edx
mov ecx,#60
div ecx
ret
[/64-bit]
[32-bit]
//jmp dllname.functionname
//or manual:
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=address of input
//[ebp+c]=address
//example:
mov eax,[ebp+8] //place the address that contains the bytes into eax
mov eax,[eax] //place the bytes into eax so it's handled as a normal 4 byte value
pop ebp
ret
[/32-bit]
//The convert back routine should hold a routine that converts the given integer back to a row of bytes (e.g when the user wats to write a new value)
//function declared as: cdecl void ConvertBackRoutine(int i, PTR_UINT address, unsigned char *output);
ConvertBackRoutine:
//jmp dllname.functionname
//or manual:
[64-bit]
//parameters: (64-bit)
//ecx=input
//rdx=address
//r8=address of output
//example:
imul ecx,ecx,#60
mov eax,[r8]
xor edx,edx
mov ebx,#3600
div ebx
imul eax,eax,#3600
add ecx,eax
mov eax,edx
xor edx,edx
mov ebx,#60
div ebx
add ecx,edx
mov [r8],ecx //place the integer at the 4 bytes pointed to by r8
ret
[/64-bit]
[32-bit]
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//[ebp+c]=address
//[ebp+10]=address of output
//example:
push eax
push ebx
mov eax,[ebp+8] //load the value into eax
mov ebx,[ebp+10] //load the output address into ebx
mov [ebx],eax //write the value into the address
pop ebx
pop eax
pop ebp
ret
[/32-bit]
]])
---
----------------------------------------------
registerCustomTypeAutoAssembler([[
alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)
alloc(TypeName,256)
alloc(ByteSize,4)
alloc(UsesFloat,1)
alloc(CallMethod,1)
TypeName:
db 'RE2_Secs',0
ByteSize:
dd 4
UsesFloat:
db 0 //Change to 1 if this custom type should be treated as a float
CallMethod:
db 1 //Remove or change to 0 for legacy call mechanism
//The convert routine should hold a routine that converts the data to an integer (in eax)
//function declared as: cdecl int ConvertRoutine(unsigned char *input, PTR_UINT address);
//Note: Keep in mind that this routine can be called by multiple threads at the same time.
ConvertRoutine:
//jmp dllname.functionname
[64-bit]
//or manual:
//parameters: (64-bit)
//rcx=address of input
//rdx=address
mov eax,[rcx] //eax now contains the bytes 'input' pointed to
xor edx,edx
mov ecx,#3600
div ecx
mov eax,edx
xor edx,edx
mov ecx,#60
div ecx
mov eax,edx
ret
[/64-bit]
[32-bit]
//jmp dllname.functionname
//or manual:
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=address of input
//[ebp+c]=address
//example:
mov eax,[ebp+8] //place the address that contains the bytes into eax
mov eax,[eax] //place the bytes into eax so it's handled as a normal 4 byte value
pop ebp
ret
[/32-bit]
//The convert back routine should hold a routine that converts the given integer back to a row of bytes (e.g when the user wats to write a new value)
//function declared as: cdecl void ConvertBackRoutine(int i, PTR_UINT address, unsigned char *output);
ConvertBackRoutine:
//jmp dllname.functionname
//or manual:
[64-bit]
//parameters: (64-bit)
//ecx=input
//rdx=address
//r8=address of output
//example:
mov eax,[r8]
xor edx,edx
mov ebx,#60
div ebx
imul eax,eax,#60
add ecx,eax
mov [r8],ecx //place the integer at the 4 bytes pointed to by r8
ret
[/64-bit]
[32-bit]
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//[ebp+c]=address
//[ebp+10]=address of output
//example:
push eax
push ebx
mov eax,[ebp+8] //load the value into eax
mov ebx,[ebp+10] //load the output address into ebx
mov [ebx],eax //write the value into the address
pop ebx
pop eax
pop ebp
ret
[/32-bit]
]])
---
----------------------------------------------