24245
"Teleport / Coords"
Auto Assembler Script
{ Game : FactoryGame-Win64-Shipping.exe
Version:
Date : 2019-04-13
Author : Martin
This script does blah blah blah
}
[ENABLE]
{$lua}
tTeleportPlayerQwerty2 = createTimer()
tTeleportPlayerQwerty = createTimer()
tTeleportPlayerQwerty.Interval = 5000
tTeleportPlayerQwerty.OnTimer = function(t)
--tTeleportPlayerQwerty.destroy() -- destroy timer so it doesn't run again
--21027F9F9D4
--writeInteger('21027F9F9D4',1)
if readInteger('set_cannot_fall',1) then
--print('test')
--[[[
print('get:')
print(readInteger('[get_cannot_fall]+1C4'))
print('set:')
print(readInteger('set_cannot_fall'))
writeInteger('[set_cannot_fall]',0)
writeInteger('[get_cannot_fall]+1C4',1)
]]
reset_ground_collision()
end
--writeInteger('[get_cannot_fall]+1C4',5) -- Success
end
function reset_ground_collision()
tTeleportPlayerQwerty2 = createTimer()
tTeleportPlayerQwerty2.Interval = 5000
tTeleportPlayerQwerty2.OnTimer = function(t)
tTeleportPlayerQwerty2.destroy() -- destroy timer so it doesn't run again
writeInteger('set_cannot_fall',0)
writeInteger('[get_cannot_fall]+1C4',1)
end
end
{$asm}
aobscanmodule(coords2,FactoryGame-Win64-Shipping.exe,0F 28 89 90 01 00 00 0F 28 C1 F3 0F 11 4D B0) // should be unique
alloc(newmem,$1000,"FactoryGame-Win64-Shipping.exe"+7FA51B)
alloc(store_coord,246)
label(code)
label(return)
label(coord)
aobscanmodule(groundflag2,FactoryGame-Win64-Shipping.exe,80 BB C4 01 00 00 01 0F 85 C1) // should be unique
alloc(newmem2,$1000,"FactoryGame-Win64-Shipping.exe"+739BA3)
label(code2)
label(return2)
label(set_cannot_fall)
label(get_cannot_fall)
label(xpos)
label(ypos)
label(zpos)
label(xpos_preset1)
label(ypos_preset1)
label(zpos_preset1)
label(xpos_preset2)
label(ypos_preset2)
label(zpos_preset2)
label(xpos_preset3)
label(ypos_preset3)
label(zpos_preset3)
label(save_flag)
label(save)
label(load)
label(load_flag)
label(load_preset1)
label(load_flag_preset1)
label(load_preset2)
label(load_flag_preset2)
label(load_preset3)
label(load_flag_preset3)
registersymbol(coord)
registersymbol(xpos)
registersymbol(ypos)
registersymbol(zpos)
registersymbol(xpos_preset1)
registersymbol(ypos_preset1)
registersymbol(zpos_preset1)
registersymbol(xpos_preset2)
registersymbol(ypos_preset2)
registersymbol(zpos_preset2)
registersymbol(xpos_preset3)
registersymbol(ypos_preset3)
registersymbol(zpos_preset3)
registersymbol(set_cannot_fall)
registersymbol(get_cannot_fall)
registersymbol(save_flag)
registersymbol(load)
registersymbol(load_flag)
registersymbol(load_flag_preset1)
registersymbol(load_flag_preset2)
registersymbol(load_flag_preset3)
store_coord:
xpos:
dq (float)126310.2266 // default x pos
ypos:
dq (float)-20190.60742 // default y pos
zpos:
dq (float)10500.27832 // default z pos
xpos_preset1: // Grass Fields
dq (float)-82721.4375
ypos_preset1:
dq (float)218041.9688
zpos_preset1:
dq (float)2500
xpos_preset2: // Rocky Desert
dq (float)-250689.7031
ypos_preset2:
dq (float)-64049.06641
zpos_preset2:
dq (float)2400.222412
xpos_preset3: // Northern Forest
dq (float)55310.66016
ypos_preset3:
dq (float)-76601.20312
zpos_preset3:
dq (float)10000
save_flag:
dd 0
load_flag:
dd 0
load_flag_preset1:
dd 0
load_flag_preset2:
dd 0
load_flag_preset3:
dd 0
set_cannot_fall:
dd 0
get_cannot_fall:
dd 0
newmem:
cmp [save_flag],1
je save
cmp [load_flag],1
je load
cmp [load_flag_preset1],1
je load_preset1
cmp [load_flag_preset2],1
je load_preset2
cmp [load_flag_preset3],1
je load_preset3
jmp code
save:
mov [save_flag],0
push rbx
mov rbx,[rcx+00000190]
mov [xpos],rbx
mov rbx,[rcx+00000194]
mov [ypos],rbx
mov rbx,[rcx+00000198]
mov [zpos],rbx
pop rbx
jmp code
load:
mov [set_cannot_fall],1
mov [load_flag], 0
push rbx
mov rbx,[xpos]
mov [rcx+00000190],rbx
mov rbx,[ypos]
mov [rcx+00000194],rbx
mov rbx,[zpos]
mov [rcx+00000198],rbx
pop rbx
jmp code
{ Test Code
mov [rcx+00000190],(float)-82721.4375
mov [rcx+00000194],(float)218041.9688
mov [rcx+00000198],(float)2500.0
}
load_preset1: // Grass Fields
mov [set_cannot_fall],1
mov [load_flag_preset1], 0
push rdx
mov rdx,[xpos_preset1]
mov [rcx+00000190],rdx
mov rdx,[ypos_preset1]
mov [rcx+00000194],rdx
mov rdx,[zpos_preset1]
mov [rcx+00000198],rdx
pop rdx
jmp code
load_preset2: // Rocky Desert
mov [set_cannot_fall],1
mov [load_flag_preset2], 0
push rbx
mov rbx,[xpos_preset2]
mov [rcx+00000190],rbx
mov rbx,[ypos_preset2]
mov [rcx+00000194],rbx
mov rbx,[zpos_preset2]
mov [rcx+00000198],rbx
pop rbx
jmp code
load_preset3: // Northern Forest
//call set_cannot_fall
//cmp [get_cannot_fall+1C4],5
//mov [get_cannot_fall+1C4],5
mov [set_cannot_fall],1
mov [load_flag_preset3], 0
push rbx
mov rbx,[xpos_preset3]
mov [rcx+00000190],rbx
mov rbx,[ypos_preset3]
mov [rcx+00000194],rbx
mov rbx,[zpos_preset3]
mov [rcx+00000198],rbx
pop rbx
jmp code
code:
mov [coord],rcx
movaps xmm1,[rcx+00000190]
jmp return
coord:
dq 0
coords2:
jmp newmem
nop
nop
return:
registersymbol(coords2)
newmem2:
cmp [set_cannot_fall],1
jne code2
//cmp [set_cannot_fall],0
//je code2
//mov [set_cannot_fall],0
mov [rbx+000001C4],5
//mov [rbx+000001C4],5
code2:
mov [get_cannot_fall],rbx
cmp byte ptr [rbx+000001C4],01
jmp return2
groundflag2:
jmp newmem2
nop
nop
return2:
registersymbol(groundflag2)
[DISABLE]
{$lua}
tTeleportPlayerQwerty.destroy()
tTeleportPlayerQwerty2.destroy()
{$asm}
coords2:
db 0F 28 89 90 01 00 00
unregistersymbol(coords2)
unregistersymbol(coord)
unregistersymbol(xpos)
unregistersymbol(ypos)
unregistersymbol(zpos)
unregistersymbol(save_flag)
unregistersymbol(load)
unregistersymbol(load_flag)
unregistersymbol(xpos_preset1)
unregistersymbol(ypos_preset1)
unregistersymbol(zpos_preset1)
unregistersymbol(xpos_preset2)
unregistersymbol(ypos_preset2)
unregistersymbol(zpos_preset2)
unregistersymbol(xpos_preset3)
unregistersymbol(ypos_preset3)
unregistersymbol(zpos_preset3)
dealloc(newmem)
groundflag2:
db 80 BB C4 01 00 00 01
unregistersymbol(groundflag2)
unregistersymbol(set_cannot_fall)
unregistersymbol(get_cannot_fall)
dealloc(newmem2)
{
// ORIGINAL CODE - INJECTION POINT: "FactoryGame-Win64-Shipping.exe"+7FA51B
"FactoryGame-Win64-Shipping.exe"+7FA4E9: 0F 84 50 01 00 00 - je FactoryGame-Win64-Shipping.exe+7FA63F
"FactoryGame-Win64-Shipping.exe"+7FA4EF: 48 8B 80 58 03 00 00 - mov rax,[rax+00000358]
"FactoryGame-Win64-Shipping.exe"+7FA4F6: 48 85 C0 - test rax,rax
"FactoryGame-Win64-Shipping.exe"+7FA4F9: 0F 84 40 01 00 00 - je FactoryGame-Win64-Shipping.exe+7FA63F
"FactoryGame-Win64-Shipping.exe"+7FA4FF: 48 8B 88 58 01 00 00 - mov rcx,[rax+00000158]
"FactoryGame-Win64-Shipping.exe"+7FA506: 0F 29 74 24 60 - movaps [rsp+60],xmm6
"FactoryGame-Win64-Shipping.exe"+7FA50B: 0F 29 7C 24 50 - movaps [rsp+50],xmm7
"FactoryGame-Win64-Shipping.exe"+7FA510: 44 0F 29 44 24 40 - movaps [rsp+40],xmm8
"FactoryGame-Win64-Shipping.exe"+7FA516: 48 85 C9 - test rcx,rcx
"FactoryGame-Win64-Shipping.exe"+7FA519: 74 23 - je FactoryGame-Win64-Shipping.exe+7FA53E
// ---------- INJECTING HERE ----------
"FactoryGame-Win64-Shipping.exe"+7FA51B: 0F 28 89 90 01 00 00 - movaps xmm1,[rcx+00000190]
// ---------- DONE INJECTING ----------
"FactoryGame-Win64-Shipping.exe"+7FA522: 0F 28 C1 - movaps xmm0,xmm1
"FactoryGame-Win64-Shipping.exe"+7FA525: F3 0F 11 4D B0 - movss [rbp-50],xmm1
"FactoryGame-Win64-Shipping.exe"+7FA52A: 0F C6 C1 55 - shufps xmm0,xmm1,55
"FactoryGame-Win64-Shipping.exe"+7FA52E: 0F C6 C9 AA - shufps xmm1,xmm1,-56
"FactoryGame-Win64-Shipping.exe"+7FA532: F3 0F 11 4D B8 - movss [rbp-48],xmm1
"FactoryGame-Win64-Shipping.exe"+7FA537: F3 0F 11 45 B4 - movss [rbp-4C],xmm0
"FactoryGame-Win64-Shipping.exe"+7FA53C: EB 16 - jmp FactoryGame-Win64-Shipping.exe+7FA554
"FactoryGame-Win64-Shipping.exe"+7FA53E: F2 0F 10 05 8A E9 EA 03 - movsd xmm0,[FactoryGame-Win64-Shipping.exe+46A8ED0]
"FactoryGame-Win64-Shipping.exe"+7FA546: 8B 05 8C E9 EA 03 - mov eax,[FactoryGame-Win64-Shipping.exe+46A8ED8]
"FactoryGame-Win64-Shipping.exe"+7FA54C: F2 0F 11 45 B0 - movsd [rbp-50],xmm0
}
24254
"Current Coords for Player"
1
24201
"X"
Float
[coord]+190
24202
"Y"
Float
[coord]+194
24203
"Z"
Float
[coord]+198
24255
"Teleport Banks"
1
24257
"Custom #1 (with save/load button)"
1
24204
"Save Location"
4 Bytes
save_flag
Set Value
17
104
1
0
24205
"Teleport To Location"
4 Bytes
load_flag
Set Value
17
97
1
0
24256
"X"
Float
xpos
24258
"Y"
Float
ypos
24259
"Z"
Float
zpos
24260
"Custom #2 (manually input coords) Default: Grass Fields"
1
24261
"X"
Float
xpos_preset1
24262
"Y"
Float
ypos_preset1
24263
"Z"
Float
zpos_preset1
24264
"Teleport To Location"
4 Bytes
load_flag_preset1
Set Value
17
98
1
0
24266
"Custom #3 (manually input coords) Default: Rocky Desert"
1
24267
"X"
Float
xpos_preset2
24268
"Y"
Float
ypos_preset2
24269
"Z"
Float
zpos_preset2
24270
"Teleport To Location"
4 Bytes
load_flag_preset2
Set Value
17
99
1
0
24271
"Custom #4 (manually input coords) Default: Northern Forest"
1
24272
"X"
Float
xpos_preset3
24273
"Y"
Float
ypos_preset3
24274
"Z"
Float
zpos_preset3
24275
"Teleport To Location"
4 Bytes
load_flag_preset3
Set Value
17
100
1
0
24311
"Noclip"
1
24304
"Enable Noclip"
Auto Assembler Script
[ENABLE]
aobscanmodule(enNoclip,FactoryGame-Win64-Shipping.exe,0F B6 02 32 01) // should be unique
alloc(newmem1,$1000,"FactoryGame-Win64-Shipping.exe"+1B01BF0)
label(code1)
label(return1)
aobscanmodule(groundflag,FactoryGame-Win64-Shipping.exe,80 BB C4 01 00 00 01 0F 85 C1) // should be unique
alloc(newmem2,$1000,"FactoryGame-Win64-Shipping.exe"+739BA3)
label(code2)
label(return2)
newmem1:
ret
code1:
movzx eax,byte ptr [rdx]
xor al,[rcx]
jmp return1
enNoclip:
jmp newmem1
return1:
registersymbol(enNoclip)
newmem2:
mov [rbx+000001C4],5
code2:
cmp byte ptr [rbx+000001C4],01
jmp return2
groundflag:
jmp newmem2
nop
nop
return2:
registersymbol(groundflag)
[DISABLE]
enNoclip:
db 0F B6 02 32 01
unregistersymbol(enNoclip)
dealloc(newmem1)
groundflag:
db 80 BB C4 01 00 00 01
unregistersymbol(groundflag)
dealloc(newmem2)
{
// ORIGINAL CODE - INJECTION POINT: "FactoryGame-Win64-Shipping.exe"+1B01BF0
"FactoryGame-Win64-Shipping.exe"+1B01BE1: 48 8B C7 - mov rax,rdi
"FactoryGame-Win64-Shipping.exe"+1B01BE4: 48 83 C4 30 - add rsp,30
"FactoryGame-Win64-Shipping.exe"+1B01BE8: 5F - pop rdi
"FactoryGame-Win64-Shipping.exe"+1B01BE9: C3 - ret
"FactoryGame-Win64-Shipping.exe"+1B01BEA: CC - int 3
"FactoryGame-Win64-Shipping.exe"+1B01BEB: CC - int 3
"FactoryGame-Win64-Shipping.exe"+1B01BEC: CC - int 3
"FactoryGame-Win64-Shipping.exe"+1B01BED: CC - int 3
"FactoryGame-Win64-Shipping.exe"+1B01BEE: CC - int 3
"FactoryGame-Win64-Shipping.exe"+1B01BEF: CC - int 3
// ---------- INJECTING HERE ----------
"FactoryGame-Win64-Shipping.exe"+1B01BF0: 0F B6 02 - movzx eax,byte ptr [rdx]
"FactoryGame-Win64-Shipping.exe"+1B01BF3: 32 01 - xor al,[rcx]
// ---------- DONE INJECTING ----------
"FactoryGame-Win64-Shipping.exe"+1B01BF5: 24 01 - and al,01
"FactoryGame-Win64-Shipping.exe"+1B01BF7: 30 01 - xor [rcx],al
"FactoryGame-Win64-Shipping.exe"+1B01BF9: 44 0F B6 02 - movzx r8d,byte ptr [rdx]
"FactoryGame-Win64-Shipping.exe"+1B01BFD: 44 32 01 - xor r8l,[rcx]
"FactoryGame-Win64-Shipping.exe"+1B01C00: 41 80 E0 02 - and r8l,02
"FactoryGame-Win64-Shipping.exe"+1B01C04: 44 30 01 - xor [rcx],r8l
"FactoryGame-Win64-Shipping.exe"+1B01C07: 8B 42 04 - mov eax,[rdx+04]
"FactoryGame-Win64-Shipping.exe"+1B01C0A: 89 41 04 - mov [rcx+04],eax
"FactoryGame-Win64-Shipping.exe"+1B01C0D: 8B 42 08 - mov eax,[rdx+08]
"FactoryGame-Win64-Shipping.exe"+1B01C10: 89 41 08 - mov [rcx+08],eax
}
Activate
17
18
105
0
Deactivate
17
18
104
1
24310
"Disable Noclip"
Auto Assembler Script
[ENABLE]
aobscanmodule(disNoclip,FactoryGame-Win64-Shipping.exe,0F B6 02 32 01) // should be unique
alloc(newmem1,$1000,"FactoryGame-Win64-Shipping.exe"+1B01BF0)
label(code1)
label(return1)
aobscanmodule(disgroundflag,FactoryGame-Win64-Shipping.exe,80 BB C4 01 00 00 01 0F 85 C1) // should be unique
alloc(newmem2,$1000,"FactoryGame-Win64-Shipping.exe"+739BA3)
label(code2)
label(return2)
newmem1:
jmp code1
code1:
movzx eax,byte ptr [rdx]
xor al,[rcx]
jmp return1
disNoclip:
jmp newmem1
return1:
registersymbol(disNoclip)
newmem2:
mov [rbx+000001C4],1
code2:
cmp byte ptr [rbx+000001C4],01
jmp return2
disgroundflag:
jmp newmem2
nop
nop
return2:
registersymbol(disgroundflag)
{$lua}
local t = createTimer()
t.Interval = 1000
t.OnTimer = function(t)
t.destroy() -- destroy timer so it doesn't run again
memrec.Active = false -- disable this script
end
{$asm}
[DISABLE]
disNoclip:
db 0F B6 02 32 01
unregistersymbol(disNoclip)
dealloc(newmem1)
disgroundflag:
db 80 BB C4 01 00 00 01
unregistersymbol(disgroundflag)
dealloc(newmem2)
{
// ORIGINAL CODE - INJECTION POINT: "FactoryGame-Win64-Shipping.exe"+1B01BF0
"FactoryGame-Win64-Shipping.exe"+1B01BE1: 48 8B C7 - mov rax,rdi
"FactoryGame-Win64-Shipping.exe"+1B01BE4: 48 83 C4 30 - add rsp,30
"FactoryGame-Win64-Shipping.exe"+1B01BE8: 5F - pop rdi
"FactoryGame-Win64-Shipping.exe"+1B01BE9: C3 - ret
"FactoryGame-Win64-Shipping.exe"+1B01BEA: CC - int 3
"FactoryGame-Win64-Shipping.exe"+1B01BEB: CC - int 3
"FactoryGame-Win64-Shipping.exe"+1B01BEC: CC - int 3
"FactoryGame-Win64-Shipping.exe"+1B01BED: CC - int 3
"FactoryGame-Win64-Shipping.exe"+1B01BEE: CC - int 3
"FactoryGame-Win64-Shipping.exe"+1B01BEF: CC - int 3
// ---------- INJECTING HERE ----------
"FactoryGame-Win64-Shipping.exe"+1B01BF0: 0F B6 02 - movzx eax,byte ptr [rdx]
"FactoryGame-Win64-Shipping.exe"+1B01BF3: 32 01 - xor al,[rcx]
// ---------- DONE INJECTING ----------
"FactoryGame-Win64-Shipping.exe"+1B01BF5: 24 01 - and al,01
"FactoryGame-Win64-Shipping.exe"+1B01BF7: 30 01 - xor [rcx],al
"FactoryGame-Win64-Shipping.exe"+1B01BF9: 44 0F B6 02 - movzx r8d,byte ptr [rdx]
"FactoryGame-Win64-Shipping.exe"+1B01BFD: 44 32 01 - xor r8l,[rcx]
"FactoryGame-Win64-Shipping.exe"+1B01C00: 41 80 E0 02 - and r8l,02
"FactoryGame-Win64-Shipping.exe"+1B01C04: 44 30 01 - xor [rcx],r8l
"FactoryGame-Win64-Shipping.exe"+1B01C07: 8B 42 04 - mov eax,[rdx+04]
"FactoryGame-Win64-Shipping.exe"+1B01C0A: 89 41 04 - mov [rcx+04],eax
"FactoryGame-Win64-Shipping.exe"+1B01C0D: 8B 42 08 - mov eax,[rdx+08]
"FactoryGame-Win64-Shipping.exe"+1B01C10: 89 41 08 - mov [rcx+08],eax
}
Activate
17
18
104
0
24328
"Random Stuff"
1
24308
"Auto Find Ground Flag #3 (better)"
Auto Assembler Script
{ Game : FactoryGame-Win64-Shipping.exe
Version:
Date : 2019-04-18
Author : Martin
This script does blah blah blah
}
[ENABLE]
aobscanmodule(find_ground_flag2,FactoryGame-Win64-Shipping.exe,80 BB C4 01 00 00 01 0F 85 C1) // should be unique
alloc(newmem,$1000,"FactoryGame-Win64-Shipping.exe"+739BA3)
label(code)
label(return)
alloc(the_ground_flag2,8)
registersymbol(the_ground_flag2)
newmem:
mov [the_ground_flag2],rbx
code:
cmp byte ptr [rbx+000001C4],01
jmp return
the_ground_flag2:
dd 1
find_ground_flag2:
jmp newmem
nop
nop
return:
registersymbol(find_ground_flag2)
[DISABLE]
find_ground_flag2:
db 80 BB C4 01 00 00 01
unregistersymbol(find_ground_flag2)
unregistersymbol(the_ground_flag2)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "FactoryGame-Win64-Shipping.exe"+739BA3
"FactoryGame-Win64-Shipping.exe"+739B7E: CC - int 3
"FactoryGame-Win64-Shipping.exe"+739B7F: CC - int 3
"FactoryGame-Win64-Shipping.exe"+739B80: 48 89 5C 24 10 - mov [rsp+10],rbx
"FactoryGame-Win64-Shipping.exe"+739B85: 48 89 74 24 18 - mov [rsp+18],rsi
"FactoryGame-Win64-Shipping.exe"+739B8A: 57 - push rdi
"FactoryGame-Win64-Shipping.exe"+739B8B: 48 83 EC 40 - sub rsp,40
"FactoryGame-Win64-Shipping.exe"+739B8F: F3 0F 10 44 24 70 - movss xmm0,[rsp+70]
"FactoryGame-Win64-Shipping.exe"+739B95: 48 8B D9 - mov rbx,rcx
"FactoryGame-Win64-Shipping.exe"+739B98: F3 0F 11 44 24 20 - movss [rsp+20],xmm0
"FactoryGame-Win64-Shipping.exe"+739B9E: E8 DD 94 39 01 - call FactoryGame-Win64-Shipping.exe+1AD3080
// ---------- INJECTING HERE ----------
"FactoryGame-Win64-Shipping.exe"+739BA3: 80 BB C4 01 00 00 01 - cmp byte ptr [rbx+000001C4],01
// ---------- DONE INJECTING ----------
"FactoryGame-Win64-Shipping.exe"+739BAA: 0F 85 C1 00 00 00 - jne FactoryGame-Win64-Shipping.exe+739C71
"FactoryGame-Win64-Shipping.exe"+739BB0: 48 8B CB - mov rcx,rbx
"FactoryGame-Win64-Shipping.exe"+739BB3: E8 F8 72 3A 01 - call FactoryGame-Win64-Shipping.exe+1AE0EB0
"FactoryGame-Win64-Shipping.exe"+739BB8: 48 8B F8 - mov rdi,rax
"FactoryGame-Win64-Shipping.exe"+739BBB: 48 85 C0 - test rax,rax
"FactoryGame-Win64-Shipping.exe"+739BBE: 0F 84 FA 03 00 00 - je FactoryGame-Win64-Shipping.exe+739FBE
"FactoryGame-Win64-Shipping.exe"+739BC4: 48 8B B0 E0 00 00 00 - mov rsi,[rax+000000E0]
"FactoryGame-Win64-Shipping.exe"+739BCB: 48 85 F6 - test rsi,rsi
"FactoryGame-Win64-Shipping.exe"+739BCE: 0F 84 EA 03 00 00 - je FactoryGame-Win64-Shipping.exe+739FBE
"FactoryGame-Win64-Shipping.exe"+739BD4: E8 47 DD 1C 00 - call FactoryGame-Win64-Shipping.exe+907920
}
24309
"Ground Flag"
4 Bytes
[the_ground_flag2]+1C4
24297
"Auto Find Walk Speed (move after activating)"
Auto Assembler Script
{ Game : FactoryGame-Win64-Shipping.exe
Version:
Date : 2019-04-17
Author : Martin
This script does blah blah blah
}
[ENABLE]
aobscanmodule(get_walkspeed,FactoryGame-Win64-Shipping.exe,0F 2F 83 F4 01 00 00) // should be unique
alloc(newmem,$1000,"FactoryGame-Win64-Shipping.exe"+747C6A)
label(code)
label(return)
alloc(walk_speed2,8)
registersymbol(walk_speed2)
newmem:
mov [walk_speed2],rbx
{push rdx
lea rdx,[rbx]
mov [walk_speed2],rdx
pop rdx}
code:
comiss xmm0,[rbx+000001F4]
jmp return
walk_speed2:
dq (float)0
get_walkspeed:
jmp newmem
nop
nop
return:
registersymbol(get_walkspeed)
[DISABLE]
get_walkspeed:
db 0F 2F 83 F4 01 00 00
unregistersymbol(get_walkspeed)
unregistersymbol(walk_speed2)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "FactoryGame-Win64-Shipping.exe"+747C6A
"FactoryGame-Win64-Shipping.exe"+747C41: F3 0F 10 40 04 - movss xmm0,[rax+04]
"FactoryGame-Win64-Shipping.exe"+747C46: F3 0F 10 10 - movss xmm2,[rax]
"FactoryGame-Win64-Shipping.exe"+747C4A: F3 0F 10 48 08 - movss xmm1,[rax+08]
"FactoryGame-Win64-Shipping.exe"+747C4F: F3 0F 59 C0 - mulss xmm0,xmm0
"FactoryGame-Win64-Shipping.exe"+747C53: F3 0F 59 D2 - mulss xmm2,xmm2
"FactoryGame-Win64-Shipping.exe"+747C57: F3 0F 59 C9 - mulss xmm1,xmm1
"FactoryGame-Win64-Shipping.exe"+747C5B: F3 0F 58 D0 - addss xmm2,xmm0
"FactoryGame-Win64-Shipping.exe"+747C5F: 0F 57 C0 - xorps xmm0,xmm0
"FactoryGame-Win64-Shipping.exe"+747C62: F3 0F 58 D1 - addss xmm2,xmm1
"FactoryGame-Win64-Shipping.exe"+747C66: F3 0F 51 C2 - sqrtss xmm0,xmm2
// ---------- INJECTING HERE ----------
"FactoryGame-Win64-Shipping.exe"+747C6A: 0F 2F 83 F4 01 00 00 - comiss xmm0,[rbx+000001F4]
// ---------- DONE INJECTING ----------
"FactoryGame-Win64-Shipping.exe"+747C71: 76 37 - jna FactoryGame-Win64-Shipping.exe+747CAA
"FactoryGame-Win64-Shipping.exe"+747C73: 80 BF 88 0A 00 00 00 - cmp byte ptr [rdi+00000A88],00
"FactoryGame-Win64-Shipping.exe"+747C7A: 74 2E - je FactoryGame-Win64-Shipping.exe+747CAA
"FactoryGame-Win64-Shipping.exe"+747C7C: B2 01 - mov dl,01
"FactoryGame-Win64-Shipping.exe"+747C7E: 48 8B CF - mov rcx,rdi
"FactoryGame-Win64-Shipping.exe"+747C81: E8 9A 98 FF FF - call FactoryGame-Win64-Shipping.exe+741520
"FactoryGame-Win64-Shipping.exe"+747C86: 48 85 C0 - test rax,rax
"FactoryGame-Win64-Shipping.exe"+747C89: 74 16 - je FactoryGame-Win64-Shipping.exe+747CA1
"FactoryGame-Win64-Shipping.exe"+747C8B: 48 8B C8 - mov rcx,rax
"FactoryGame-Win64-Shipping.exe"+747C8E: E8 AD 86 11 00 - call FactoryGame-Win64-Shipping.exe+860340
}
24298
"Walk Speed (found automatically)"
Float
[walk_speed2]+1F4
24252
"IgnoreFallingPhysics"
Auto Assembler Script
{ Game : FactoryGame-Win64-Shipping.exe
Version:
Date : 2019-04-13
Author : Martin
This script does blah blah blah
}
[ENABLE]
aobscanmodule(player_onground,FactoryGame-Win64-Shipping.exe,0F B6 81 C4 01 00 00 FE) // should be unique
alloc(newmem,$1000,"FactoryGame-Win64-Shipping.exe"+1AE2930)
label(code)
label(return)
newmem:
mov [rcx+000001C4],1
code:
movzx eax,byte ptr [rcx+000001C4]
jmp return
player_onground:
jmp newmem
nop
nop
return:
registersymbol(player_onground)
[DISABLE]
player_onground:
db 0F B6 81 C4 01 00 00
unregistersymbol(player_onground)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "FactoryGame-Win64-Shipping.exe"+1AE2930
"FactoryGame-Win64-Shipping.exe"+1AE2926: CC - int 3
"FactoryGame-Win64-Shipping.exe"+1AE2927: CC - int 3
"FactoryGame-Win64-Shipping.exe"+1AE2928: CC - int 3
"FactoryGame-Win64-Shipping.exe"+1AE2929: CC - int 3
"FactoryGame-Win64-Shipping.exe"+1AE292A: CC - int 3
"FactoryGame-Win64-Shipping.exe"+1AE292B: CC - int 3
"FactoryGame-Win64-Shipping.exe"+1AE292C: CC - int 3
"FactoryGame-Win64-Shipping.exe"+1AE292D: CC - int 3
"FactoryGame-Win64-Shipping.exe"+1AE292E: CC - int 3
"FactoryGame-Win64-Shipping.exe"+1AE292F: CC - int 3
// ---------- INJECTING HERE ----------
"FactoryGame-Win64-Shipping.exe"+1AE2930: 0F B6 81 C4 01 00 00 - movzx eax,byte ptr [rcx+000001C4]
// ---------- DONE INJECTING ----------
"FactoryGame-Win64-Shipping.exe"+1AE2937: FE C8 - dec al
"FactoryGame-Win64-Shipping.exe"+1AE2939: 3C 01 - cmp al,01
"FactoryGame-Win64-Shipping.exe"+1AE293B: 77 0D - ja FactoryGame-Win64-Shipping.exe+1AE294A
"FactoryGame-Win64-Shipping.exe"+1AE293D: 48 83 B9 F0 00 00 00 00 - cmp qword ptr [rcx+000000F0],00
"FactoryGame-Win64-Shipping.exe"+1AE2945: 74 03 - je FactoryGame-Win64-Shipping.exe+1AE294A
"FactoryGame-Win64-Shipping.exe"+1AE2947: B0 01 - mov al,01
"FactoryGame-Win64-Shipping.exe"+1AE2949: C3 - ret
"FactoryGame-Win64-Shipping.exe"+1AE294A: 32 C0 - xor al,al
"FactoryGame-Win64-Shipping.exe"+1AE294C: C3 - ret
"FactoryGame-Win64-Shipping.exe"+1AE294D: CC - int 3
}
24326
"Pointers"
1
24327
"Different HP Pointers"
1
24325
"HP"
Float
"FactoryGame-Win64-Shipping.exe"+0465F3B8
15C
3B0
1C8
24324
"HP"
Float
"FactoryGame-Win64-Shipping.exe"+0465F3B0
15C
3B0
178
24323
"HP"
Float
"FactoryGame-Win64-Shipping.exe"+0465F3A8
15C
3B0
128
24321
"HP"
Float
"FactoryGame-Win64-Shipping.exe"+0465F398
15C
3B0
88
24322
"HP"
Float
"FactoryGame-Win64-Shipping.exe"+0465F3A0
15C
3B0
D8
24320
"HP"
Float
"FactoryGame-Win64-Shipping.exe"+0465F390
15C
3B0
38
_height_float
2EC00460000
|Teleport / Coords ===================================
|Displays your current coordinates aswell as contains a bank
|of 4 locations to teleport to. You can use the hotkey (CTRL + NUM8)
|to save a location to slot #1 in the save bank and the rest are
|preset to the 3 starting locations.
|
|You can modify the preset locations by changing the XYZ values
|corresponding to each bank.
|
|Why do I hover for a few seconds after teleporting ?
|This game takes quite a long time to load the world
|and if you didn't hover for a few seconds after teleporting
|a siginficant distant then you would fall through the world.
|
|
|CTRL + Num 8: Save location
|CTRL + Num 1: Teleport to location
|CTRL + Num 2: Teleport to Grass Fields
|CTRL + Num 3: Teleport to Rocky Desert
|CTRL + Num 4: Teleport to Northern Forest
|
|
|Auto Find Ground Collision Flag ======================
|Ground Collision Flags:
|0: Hovering in air, no movement
|1: Default.
|2: Unknown
|3: Falling
|4: Unknown
|5: Hovering, move forward/backward/left/right, no up/down movement
|
|
|Noclip ================================================
|Currently no controls for up/down movement.
|Will add this later as a seperate hotkey.
|
|The noclip script can be improved drastically.
|Currently using the same script twice because idk how to
|reset the value on [DISABLE], the game keeps crashing when I try.
|
|CTRL + ALT + Num 9: Enable Noclip
|CTRL + ALT + Num 8: Disable Noclip
|
|
|Random Stuff ==========================================
|Find Ground Flag will find an address containing a value
|which has certain effects on your character.
|I have not fully explored this yet but I know it changes
|when your jumping/falling and when you're on a ladder
|and it has some unknown values such as 5 (no fall).
|
|Find Walk Speed will find the address for the walk modifier
|
|IgnoreFallingPhysics freezes the ground "Ground Flag" to
|1 which will prevent the player from falling and will
|still allow the player to sprint unlike setting it to 5.
|
|
|Pointers ==============================================
|Bunch of pointers, lots of duplicates incase one stops
|working because I couldn't narrow it down any further.
|
|
|CREDITS:
|CheatingMuppet - Creator
|BloodFayte/CheatTheGame - For teaching me just about everything.
|
|