84
"unlimiter"
Auto Assembler Script
// credits to Negaton from the CTG discord chat
define(address,"druidstone.exe"+1F51)
define(bytes,4D 8B 1A 49 83 FB FF)
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000,"druidstone.exe"+1F51)
label(code)
label(return)
newmem:
// unlimited gems between levels
cmp [rax+28],'gems'
jne @f
mov dword ptr [r10+4],408f3800 // 999
@@:
// unlimited movement points
cmp [rax+18],'move'
jne @f
cmp [rax+1c],'ment'
jne @f
cmp [rax+20],'_poi'
jne @f
cmp [rax+24],'nts'
jne @f
cmp [r10+ec],0 // +ec must not be zero
je @f
mov dword ptr [r10+4],40260000 // 11
@@:
// unlimited action points
cmp [rax+18],'acti'
jne @f
cmp [rax+1c],'on_p'
jne @f
cmp [rax+20],'oint'
jne @f
cmp [rax+24],'s'
jne @f
cmp [r10+ec],0
je @f
cmp [r10+ec],0 // +ec must not be zero
je @f
mov dword ptr [r10+4],40260000 // 11
@@:
cmp [rax+18],'hp'
jne @f
// cmp [r10],1111 // just to have something where we can make "find out what this code accesses" :)
cmp [r10+ec],0 // +ec must not be zero
je code
mov dword ptr[r10+4],40280000
code:
mov r11,[r10]
cmp r11,-01
jmp return
address:
jmp newmem
nop
nop
return:
[DISABLE]
address:
db bytes
druidstone.exe+2129 - 44 8B 55 34 - mov r10d,[rbp+34]
druidstone.exe+212D - 44 23 50 0C - and r10d,[rax+0C]
druidstone.exe+2131 - 45 6B D2 18 - imul r10d,r10d,18
druidstone.exe+2135 - C6 45 0A 00 - mov byte ptr [rbp+0A],00 { 0 }
druidstone.exe+2139 - 4C 03 55 28 - add r10,[rbp+28]
druidstone.exe+213D - 49 BB 000000000080FDFF - mov r11,FFFD800000000000 { 0 }
druidstone.exe+2147 - 49 09 C3 - or r11,rax
druidstone.exe+214A - 4D 39 5A 08 - cmp [r10+08],r11
druidstone.exe+214E - 75 3F - jne druidstone.exe+218F
-------------------------- R10 = Hitpoints
druidstone.exe+2150 - 49 83 3A FF - cmp qword ptr [r10],-01 { 255 }
druidstone.exe+2154 - 74 23 - je druidstone.exe+2179
druidstone.exe+2156 - F6 45 08 04 - test byte ptr [rbp+08],04 { 4 }
druidstone.exe+215A - 0F85 81000000 - jne druidstone.exe+21E1
druidstone.exe+2160 - 4C 8B 1C CA - mov r11,[rdx+rcx*8]
-------------------------- R10 = Hitpoints. DAS schreibt auf unser Leben
druidstone.exe+2164 - 4D 89 1A - mov [r10],r11
druidstone.exe+2167 - 8B 06 - mov eax,[rsi]
druidstone.exe+2169 - 0FB6 CC - movzx ecx,ah
druidstone.exe+216C - 0FB6 E8 - movzx ebp,al
druidstone.exe+216F - 48 83 C6 04 - add rsi,04 { 4 }
druidstone.exe+2173 - C1 E8 10 - shr eax,10 { 16 }
druidstone.exe+2176 - FF 24 EB - jmp qword ptr [rbx+rbp*8]
druidstone.exe+2179 - 4C 8B 5D 20 - mov r11,[rbp+20]
druidstone.exe+217D - 4D 85 DB - test r11,r11
druidstone.exe+2180 - 74 D4 - je druidstone.exe+2156
=======================================================================
0 = 0 (who would have thought that)
1 = 1072693248 (or 1.875 as float)
2 = 1073741824 (or 2.000 as float)
3 = 1074266112 (or 2,125 as float)
4 = 1074790400 (or 2.25 as float)
5 = 1075052544 (or 2.3125 as float)
6 = 1075314688 (or 2.375 as float)
7 = 1075576832 (or 2.4375 as float)
8 = 1075838976 (or 2.5 as float)
9 = 1075970048
10 = 1076101120
11 = 1076232192 (or 2.59375 as float)