809
"Main Script"
FF0000
Auto Assembler Script
{$lua}
if(getCEVersion() < 6.8) then
ShowMessage('Cheat Engine 6.8 or higher is required for Limited Character Aging')
end
{$asm}
[ENABLE]
registersymbol(_hCheck)
registersymbol(BasePlayer)
alloc(BasePlayer, 8)
aobscanmodule(_hCheck,Three_Kingdoms.exe,CC ?? ?? 53 56 57 41 54 41 55 41 56 41 57 48 8D AC 24 F8) // should be unique
_hCheck:
db CC c3 90
BasePlayer:
dq 0
[DISABLE]
_hCheck:
db CC 40 55
unregistersymbol(_hCheck)
unregistersymbol(BasePlayer)
dealloc(BasePlayer)
{
// ORIGINAL CODE - INJECTION POINT: "Three_Kingdoms.exe"+2C6F670
"Three_Kingdoms.exe"+2C6F666: CC - int 3
"Three_Kingdoms.exe"+2C6F667: CC - int 3
"Three_Kingdoms.exe"+2C6F668: CC - int 3
"Three_Kingdoms.exe"+2C6F669: CC - int 3
"Three_Kingdoms.exe"+2C6F66A: CC - int 3
"Three_Kingdoms.exe"+2C6F66B: CC - int 3
"Three_Kingdoms.exe"+2C6F66C: CC - int 3
"Three_Kingdoms.exe"+2C6F66D: CC - int 3
"Three_Kingdoms.exe"+2C6F66E: CC - int 3
"Three_Kingdoms.exe"+2C6F66F: CC - int 3
// ---------- INJECTING HERE ----------
"Three_Kingdoms.exe"+2C6F670: 40 55 - push rbp
"Three_Kingdoms.exe"+2C6F672: 53 - push rbx
"Three_Kingdoms.exe"+2C6F673: 56 - push rsi
"Three_Kingdoms.exe"+2C6F674: 57 - push rdi
// ---------- DONE INJECTING ----------
"Three_Kingdoms.exe"+2C6F675: 41 54 - push r12
"Three_Kingdoms.exe"+2C6F677: 41 55 - push r13
"Three_Kingdoms.exe"+2C6F679: 41 56 - push r14
"Three_Kingdoms.exe"+2C6F67B: 41 57 - push r15
"Three_Kingdoms.exe"+2C6F67D: 48 8D AC 24 08 FD FF FF - lea rbp,[rsp-000002F8]
"Three_Kingdoms.exe"+2C6F685: 48 81 EC F8 03 00 00 - sub rsp,000003F8
"Three_Kingdoms.exe"+2C6F68C: C7 44 24 38 1F 20 31 5E - mov [rsp+38],5E31201F
"Three_Kingdoms.exe"+2C6F694: 4C 8D 25 65 09 39 FD - lea r12,[Three_Kingdoms.exe]
"Three_Kingdoms.exe"+2C6F69B: C7 44 24 3C 3E 06 20 7D - mov [rsp+3C],7D20063E
"Three_Kingdoms.exe"+2C6F6A3: 45 33 ED - xor r13d,r13d
}
810
"Load Player Address"
808000
Auto Assembler Script
[ENABLE]
aobscanmodule(_GetPlayer,Three_Kingdoms.exe,48 89 F0 48 83 C4 70 41 5F 41 5E 41) // should be unique
alloc(playerMem,$1000,"Three_Kingdoms.exe"+A3B9EDB)
label(code)
label(return)
playerMem:
cmp [BasePlayer], rdi
je code
mov [BasePlayer], rdi
jmp code
code:
mov rax,rsi
add rsp,70
jmp return
_GetPlayer:
jmp playerMem
nop
nop
return:
registersymbol(_GetPlayer)
[DISABLE]
_GetPlayer:
db 48 89 F0 48 83 C4 70
unregistersymbol(_GetPlayer)
dealloc(playerMem)
{
// ORIGINAL CODE - INECTION POINT: "Three_Kingdoms.exe"+A3B9EDB
"Three_Kingdoms.exe"+A3B9EB7: 49 8B 06 - mov rax,[r14]
"Three_Kingdoms.exe"+A3B9EBA: 48 8D 55 B0 - lea rdx,[rbp-50]
"Three_Kingdoms.exe"+A3B9EBE: 4C 89 F1 - mov rcx,r14
"Three_Kingdoms.exe"+A3B9EC1: C7 45 B8 1C 00 00 00 - mov [rbp-48],0000001C
"Three_Kingdoms.exe"+A3B9EC8: 4C 89 7D B0 - mov [rbp-50],r15
"Three_Kingdoms.exe"+A3B9ECC: 48 89 7D C0 - mov [rbp-40],rdi
"Three_Kingdoms.exe"+A3B9ED0: FF 50 40 - call qword ptr [rax+40]
"Three_Kingdoms.exe"+A3B9ED3: 8B 06 - mov eax,[rsi]
"Three_Kingdoms.exe"+A3B9ED5: 0F BA E8 1C - bts eax,1C
"Three_Kingdoms.exe"+A3B9ED9: 89 06 - mov [rsi],eax
// ---------- INJECTING HERE ----------
"Three_Kingdoms.exe"+A3B9EDB: 48 89 F0 - mov rax,rsi
"Three_Kingdoms.exe"+A3B9EDE: 48 83 C4 70 - add rsp,70
// ---------- DONE INJECTING ----------
"Three_Kingdoms.exe"+A3B9EE2: 41 5F - pop r15
"Three_Kingdoms.exe"+A3B9EE4: 41 5E - pop r14
"Three_Kingdoms.exe"+A3B9EE6: 41 5C - pop r12
"Three_Kingdoms.exe"+A3B9EE8: 5F - pop rdi
"Three_Kingdoms.exe"+A3B9EE9: 5E - pop rsi
"Three_Kingdoms.exe"+A3B9EEA: 5B - pop rbx
"Three_Kingdoms.exe"+A3B9EEB: 5D - pop rbp
"Three_Kingdoms.exe"+A3B9EEC: C3 - ret
"Three_Kingdoms.exe"+A3B9EED: CC - int 3
"Three_Kingdoms.exe"+A3B9EEE: D0 82 F5 55 01 00 - rol byte ptr [rdx+000155F5],1
}
811
"Player Base ==>"
1
008080
8 Bytes
BasePlayer
812
"Treasury ==>"
0000FF
4 Bytes
BasePlayer
AD8
813
"-={ Character | Army }=-"
808000
1
814
"Character Pointers"
008000
Auto Assembler Script
{ Game : Three_Kingdoms.exe
Version:
Date : 2019-05-23
Author : STN
This script does blah blah blah
}
[ENABLE]
aobscanmodule(char,Three_Kingdoms.exe,8B 98 CC 00 00 00 48) // should be unique
alloc(newmem,$1000,char)
label(code)
label(return)
registersymbol(char)
registersymbol(pChar)
alloc(pChar, 4)
newmem:
mov [pChar], rax
code:
mov ebx,[rax+000000CC]
jmp return
char:
jmp newmem
nop
return:
pChar:
dd 0
[DISABLE]
char:
db 8B 98 CC 00 00 00
unregistersymbol(char)
dealloc(newmem)
unregistersymbol(pChar)
dealloc(pChar)
{
// ORIGINAL CODE - INJECTION POINT: "Three_Kingdoms.exe"+11715A13
"Three_Kingdoms.exe"+117159F0: 48 8B 49 48 - mov rcx,[rcx+48]
"Three_Kingdoms.exe"+117159F4: 48 85 C9 - test rcx,rcx
"Three_Kingdoms.exe"+117159F7: 74 30 - je Three_Kingdoms.exe+11715A29
"Three_Kingdoms.exe"+117159F9: 48 89 5C 24 30 - mov [rsp+30],rbx
"Three_Kingdoms.exe"+117159FE: 31 DB - xor ebx,ebx
"Three_Kingdoms.exe"+11715A00: E8 CB 3C 18 EF - call Three_Kingdoms.exe+8996D0
"Three_Kingdoms.exe"+11715A05: 48 85 C0 - test rax,rax
"Three_Kingdoms.exe"+11715A08: 74 0F - je Three_Kingdoms.exe+11715A19
"Three_Kingdoms.exe"+11715A0A: 48 8B 4E 48 - mov rcx,[rsi+48]
"Three_Kingdoms.exe"+11715A0E: E8 BD 3C 18 EF - call Three_Kingdoms.exe+8996D0
// ---------- INJECTING HERE ----------
"Three_Kingdoms.exe"+11715A13: 8B 98 CC 00 00 00 - mov ebx,[rax+000000CC]
// ---------- DONE INJECTING ----------
"Three_Kingdoms.exe"+11715A19: 48 8B 07 - mov rax,[rdi]
"Three_Kingdoms.exe"+11715A1C: 89 DA - mov edx,ebx
"Three_Kingdoms.exe"+11715A1E: 48 89 F9 - mov rcx,rdi
"Three_Kingdoms.exe"+11715A21: FF 50 58 - call qword ptr [rax+58]
"Three_Kingdoms.exe"+11715A24: 48 8B 5C 24 30 - mov rbx,[rsp+30]
"Three_Kingdoms.exe"+11715A29: 48 8B 74 24 38 - mov rsi,[rsp+38]
"Three_Kingdoms.exe"+11715A2E: 48 83 C4 20 - add rsp,20
"Three_Kingdoms.exe"+11715A32: 5F - pop rdi
"Three_Kingdoms.exe"+11715A33: C3 - ret
"Three_Kingdoms.exe"+11715A34: CC - int 3
}
815
"Character Base"
1
008080
4 Bytes
pChar
0
816
"Current XP"
0000FF
4 Bytes
pChar
cc
817
"Skill Points"
1
0000FF
4 Bytes
pChar
C0
818
"-- Age is calculated as: ( Current Year - Birth Year )"
FF00FF
1
819
"Birth year"
1
0000FF
4 Bytes
pChar
120
68
820
"Character Attribute Editor"
800000
Auto Assembler Script
[ENABLE]
aobscanmodule(_charAttributes,Three_Kingdoms.exe,45 03 50 14 4D 8B 40 08) // should be unique
aobscanmodule(_charUpdSkill,Three_Kingdoms.exe,44 89 79 14 41 39 DF) // should be unique
alloc(_hCharAttributes,$1000,"Three_Kingdoms.exe"+C2C6761)
alloc(_hUpdSkill,$1000,"Three_Kingdoms.exe"+C35180C)
registersymbol(_charAttributes)
registersymbol(_charUpdSkill)
registersymbol(pSelAttribute)
alloc(pSelAttribute, 4)
label(_storePtr)
label(_exit)
label(return)
label(_exitAI)
label(_exitUpdSkill)
label(_rtUpdSkill)
_hCharAttributes:
cmp [r8+10], 00
je _exit
jmp _storePtr
_storePtr:
mov [pSelAttribute], r8
jmp _exit
_exit:
add r10d,[r8+14]
mov r8,[r8+08]
jmp return
_charAttributes:
jmp _hCharAttributes
nop
nop
nop
return:
_hUpdSkill:
cmp r14, 1
jne _exitAI
jmp _exitUpdSkill // Prevent attribute from updating
_exitAI:
mov [rcx+14],r15d
jmp _exitUpdSkill
_exitUpdSkill:
cmp r15d,ebx
jmp _rtUpdSkill
_charUpdSkill:
jmp _hUpdSkill
nop
nop
_rtUpdSkill:
pSelAttribute:
dd 0
[DISABLE]
_charAttributes:
db 45 03 50 14 4D 8B 40 08
_charUpdSkill:
db 44 89 79 14 41 39 DF
unregistersymbol(_charAttributes)
unregistersymbol(pSelAttribute)
unregistersymbol(_charUpdSkill)
dealloc(_hCharAttributes)
dealloc(pSelAttribute)
dealloc(_hUpdSkill)
{
// ORIGINAL CODE - INJECTION POINT: "Three_Kingdoms.exe"+C2C6761
"Three_Kingdoms.exe"+C2C673D: 48 89 D7 - mov rdi,rdx
"Three_Kingdoms.exe"+C2C6740: E8 BB 61 5A F4 - call Three_Kingdoms.exe+86C900
"Three_Kingdoms.exe"+C2C6745: 4C 8B 1B - mov r11,[rbx]
"Three_Kingdoms.exe"+C2C6748: 48 8D 4B 10 - lea rcx,[rbx+10]
"Three_Kingdoms.exe"+C2C674C: 4C 8B 43 18 - mov r8,[rbx+18]
"Three_Kingdoms.exe"+C2C6750: 48 89 C5 - mov rbp,rax
"Three_Kingdoms.exe"+C2C6753: 45 8B 53 10 - mov r10d,[r11+10]
"Three_Kingdoms.exe"+C2C6757: 44 89 54 24 40 - mov [rsp+40],r10d
"Three_Kingdoms.exe"+C2C675C: 49 39 C8 - cmp r8,rcx
"Three_Kingdoms.exe"+C2C675F: 74 12 - je Three_Kingdoms.exe+C2C6773
// ---------- INJECTING HERE ----------
"Three_Kingdoms.exe"+C2C6761: 45 03 50 14 - add r10d,[r8+14]
"Three_Kingdoms.exe"+C2C6765: 4D 8B 40 08 - mov r8,[r8+08]
// ---------- DONE INJECTING ----------
"Three_Kingdoms.exe"+C2C6769: 49 39 C8 - cmp r8,rcx
"Three_Kingdoms.exe"+C2C676C: 75 F3 - jne Three_Kingdoms.exe+C2C6761
"Three_Kingdoms.exe"+C2C676E: 44 89 54 24 40 - mov [rsp+40],r10d
"Three_Kingdoms.exe"+C2C6773: 49 8D 43 18 - lea rax,[r11+18]
"Three_Kingdoms.exe"+C2C6777: 49 8D 4B 14 - lea rcx,[r11+14]
"Three_Kingdoms.exe"+C2C677B: 44 3B 10 - cmp r10d,[rax]
"Three_Kingdoms.exe"+C2C677E: 7C 0C - jl Three_Kingdoms.exe+C2C678C
"Three_Kingdoms.exe"+C2C6780: 44 39 11 - cmp [rcx],r10d
"Three_Kingdoms.exe"+C2C6783: 48 8D 44 24 40 - lea rax,[rsp+40]
"Three_Kingdoms.exe"+C2C6788: 48 0F 4C C1 - cmovl rax,rcx
}
821
"-- Hover over the attribute you want to edit"
FF00FF
1
822
"-- Then add/subtract whatever amount you want"
FF00FF
1
823
"-- After editing the attribute unequip and re-equip an item"
FF00FF
1
824
"-- Ctrl+Alt+Numeric + (+shift) ==> Increase by 5 (10)"
800080
1
825
"-- Ctrl+Alt+Numeric - (+shift) ==> Decrease by 5 (10)"
800080
1
826
"-- When the script is enabled unlocking a skill won't increase any attributes"
FF00FF
1
827
"-- Modified attributes won't be saved upon saving your game"
FF00FF
1
828
"Selected Attribute modifier (from skills) ==>"
1
0000FF
4 Bytes
pSelAttribute
14
Increase Value
17
18
107
5
Increase Attribute by 5
0
Decrease Value
17
18
109
5
Decrease Attribute by 5
1
Increase Value
17
16
18
107
10
Increase Attribute by 10
2
Decrease Value
17
16
18
109
10
Decrease Attribute by 10
3
829
"Character Satisfaction"
800000
Auto Assembler Script
[ENABLE]
aobscanmodule(_hCharSatisfaction,Three_Kingdoms.exe,44 03 51 10 48 83 C1 18) // should be unique
alloc(_CharSatisfaction,$1000,"Three_Kingdoms.exe"+C0B31F0)
registersymbol(_hCharSatisfaction)
registersymbol(pId)
alloc(pId, 8)
label(_exitAI)
label(_handlePlayer)
label(_handlePositive)
label(_handleNegative)
label(_exitPlayer)
label(_storeId)
label(_exit)
label(return)
_CharSatisfaction:
push ebx
cmp rsp, 14B510
je _storeId
mov ebx, [rcx+08]
cmp ebx, [pId]
je _handlePlayer
cmp rsp, 14B4F8
je _handlePlayer
cmp rdi, 14B5B0
je _handlePlayer
cmp rbp, 14B550
je _handlePlayer
// ID test failure on first 2 turns
// AI should adopt normal behaviour at about turn 5
cmp [rcx+08], 1
je _handlePlayer
cmp [rcx+08], 2
je _handlePlayer
jmp _exitAI
_exitAI:
add r10d,[rcx+10]
add rcx,18
jmp _exit
_storeId:
push [rcx+08]
pop [pId]
add [pId], 1
jmp _handlePlayer
_handlePlayer:
cmp [rcx+10],(int)-1
jle _handleNegative
jmp _handlePositive
_handlePositive:
mov [rcx+10],(int)100
jmp _exitPlayer
_handleNegative:
mov [rcx+10],(int)-1
jmp _exitPlayer
_exitPlayer:
add r10d, [rcx+10]
add rcx,18
jmp _exit
_exit:
pop ebx
jmp return
_hCharSatisfaction:
jmp _CharSatisfaction
nop
nop
nop
return:
pId:
dd 0
[DISABLE]
_hCharSatisfaction:
db 44 03 51 10 48 83 C1 18
dealloc(_CharSatisfaction)
unregistersymbol(_hCharSatisfaction)
unregistersymbol(pId)
dealloc(pId)
{
// ORIGINAL CODE - INJECTION POINT: "Three_Kingdoms.exe"+C0B31F0
"Three_Kingdoms.exe"+C0B31C6: 74 5B - je Three_Kingdoms.exe+C0B3223
"Three_Kingdoms.exe"+C0B31C8: 0F 1F 84 00 00 00 00 00 - nop [rax+rax+00000000]
"Three_Kingdoms.exe"+C0B31D0: 44 8B 40 24 - mov r8d,[rax+24]
"Three_Kingdoms.exe"+C0B31D4: 45 31 D2 - xor r10d,r10d
"Three_Kingdoms.exe"+C0B31D7: 48 8B 48 28 - mov rcx,[rax+28]
"Three_Kingdoms.exe"+C0B31DB: 4F 8D 0C 40 - lea r9,[r8+r8*2]
"Three_Kingdoms.exe"+C0B31DF: 4E 8D 04 C9 - lea r8,[rcx+r9*8]
"Three_Kingdoms.exe"+C0B31E3: 4C 39 C1 - cmp rcx,r8
"Three_Kingdoms.exe"+C0B31E6: 74 15 - je Three_Kingdoms.exe+C0B31FD
"Three_Kingdoms.exe"+C0B31E8: 0F 1F 84 00 00 00 00 00 - nop [rax+rax+00000000]
// ---------- INJECTING HERE ----------
"Three_Kingdoms.exe"+C0B31F0: 44 03 51 10 - add r10d,[rcx+10]
"Three_Kingdoms.exe"+C0B31F4: 48 83 C1 18 - add rcx,18
// ---------- DONE INJECTING ----------
"Three_Kingdoms.exe"+C0B31F8: 4C 39 C1 - cmp rcx,r8
"Three_Kingdoms.exe"+C0B31FB: 75 F3 - jne Three_Kingdoms.exe+C0B31F0
"Three_Kingdoms.exe"+C0B31FD: 48 8B 48 18 - mov rcx,[rax+18]
"Three_Kingdoms.exe"+C0B3201: 44 8B 41 24 - mov r8d,[rcx+24]
"Three_Kingdoms.exe"+C0B3205: 45 39 C2 - cmp r10d,r8d
"Three_Kingdoms.exe"+C0B3208: 7C 0D - jl Three_Kingdoms.exe+C0B3217
"Three_Kingdoms.exe"+C0B320A: 8B 49 20 - mov ecx,[rcx+20]
"Three_Kingdoms.exe"+C0B320D: 45 89 D0 - mov r8d,r10d
"Three_Kingdoms.exe"+C0B3210: 44 39 D1 - cmp ecx,r10d
"Three_Kingdoms.exe"+C0B3213: 44 0F 4C C1 - cmovl r8d,ecx
}
830
"Limit Character Aging"
800000
Auto Assembler Script
{$lua}
if(getCEVersion() < 6.8) then
ShowMessage('Cheat Engine 6.8 or higher is required')
end
{$asm}
[ENABLE]
aobscanmodule(_hCharAging,Three_Kingdoms.exe,2B 02 44 8D 0C 40) // should be unique
alloc(_CharAging,$1000,"Three_Kingdoms.exe"+1559936)
registersymbol(iMaxAge)
registersymbol(iEnablePlayerOnly_LCA)
alloc(iEnablePlayerOnly_LCA, 4)
alloc(iMaxAge, 4)
label(_exit)
label(_handlePlayer)
label(_checkPlayer)
label(_setAge)
label(return)
_CharAging:
push ecx
push ebx
cmp [iMaxAge], 0
je _exit // No age has been given
jmp _checkPlayer
_checkPlayer:
// Requires CE 6.8 or higher
{$try}
mov ecx, [rdx+01F0]
mov ecx, [ecx+0270]
cmp [iEnablePlayerOnly_LCA], 0
jmp _handlePlayer
cmp ecx, [BasePlayer]
je _handlePlayer
mov ecx, [ecx] // ptr might become invalid
cmp ecx, [BasePlayer]
je _handlePlayer
{$except}
xor ecx, ecx
jmp _exit
_handlePlayer:
mov ecx, eax // Get current year
mov ebx, [rdx] // Get birth year
sub ecx, ebx // Get age
cmp ecx, [iMaxAge]
jg _setAge
jmp _exit
_setAge:
mov ecx, eax // Get current year
sub ecx, [iMaxAge] // Get required birth year
mov [rdx], ecx // Set birth year
jmp _exit
_exit:
pop ebx
pop ecx
sub eax,[rdx]
lea r9d,[rax+rax*2]
jmp return
_hCharAging:
jmp _CharAging
nop
return:
registersymbol(_hCharAging)
iMaxAge:
dd 0
iEnablePlayerOnly_LCA:
dd 1
[DISABLE]
_hCharAging:
db 2B 02 44 8D 0C 40
unregistersymbol(_hCharAging)
dealloc(_CharAging)
unregistersymbol(iMaxAge)
unregistersymbol(iEnablePlayerOnly_LCA)
dealloc(iEnablePlayerOnly_LCA)
dealloc(iMaxAge)
{
// ORIGINAL CODE - INJECTION POINT: "Three_Kingdoms.exe"+1559936
"Three_Kingdoms.exe"+1559928: CC - int 3
"Three_Kingdoms.exe"+1559929: CC - int 3
"Three_Kingdoms.exe"+155992A: CC - int 3
"Three_Kingdoms.exe"+155992B: CC - int 3
"Three_Kingdoms.exe"+155992C: CC - int 3
"Three_Kingdoms.exe"+155992D: CC - int 3
"Three_Kingdoms.exe"+155992E: CC - int 3
"Three_Kingdoms.exe"+155992F: CC - int 3
"Three_Kingdoms.exe"+1559930: 41 8B 00 - mov eax,[r8]
"Three_Kingdoms.exe"+1559933: 0F 57 C9 - xorps xmm1,xmm1
// ---------- INJECTING HERE ----------
"Three_Kingdoms.exe"+1559936: 2B 02 - sub eax,[rdx]
"Three_Kingdoms.exe"+1559938: 44 8D 0C 40 - lea r9d,[rax+rax*2]
// ---------- DONE INJECTING ----------
"Three_Kingdoms.exe"+155993C: 48 8B 41 38 - mov rax,[rcx+38]
"Three_Kingdoms.exe"+1559940: 41 C1 E1 02 - shl r9d,02
"Three_Kingdoms.exe"+1559944: 44 2B 4A 04 - sub r9d,[rdx+04]
"Three_Kingdoms.exe"+1559948: 45 03 48 04 - add r9d,[r8+04]
"Three_Kingdoms.exe"+155994C: 8B 40 04 - mov eax,[rax+04]
"Three_Kingdoms.exe"+155994F: 41 C1 E1 02 - shl r9d,02
"Three_Kingdoms.exe"+1559953: 44 2B 4A 08 - sub r9d,[rdx+08]
"Three_Kingdoms.exe"+1559957: 33 D2 - xor edx,edx
"Three_Kingdoms.exe"+1559959: F7 71 50 - div [rcx+50]
"Three_Kingdoms.exe"+155995C: 45 03 48 08 - add r9d,[r8+08]
}
831
"-- If activated during a loading screen your faction leader may turn 0"
FF00FF
1
832
"-- Use the character pointers to reset their age"
FF00FF
1
833
"-- Characters in your faction won't increase their age to this number"
FF00FF
1
834
"Player Only ==>"
0:AI & Player
1:Player only
008000
4 Bytes
iEnablePlayerOnly_LCA
835
"Maximum Age ==>"
0000FF
4 Bytes
iMaxAge
836
"Units Instantly Level "
800000
Auto Assembler Script
[ENABLE]
aobscanmodule(_hBattleEnd,Three_Kingdoms.exe,89 41 1C 8B 51 14 E8 ?? ?? FC FF 3A 43 18) // should be unique
alloc(_BattleEnd,$1000,"Three_Kingdoms.exe"+2C5BCA1)
label(_exit)
label(_handlePlayer)
label(return)
_BattleEnd:
push rax
mov rax, [rcx+130]
mov rax, [rax+90]
cmp rax, [BasePlayer]
je _handlePlayer
jmp _exit
_handlePlayer:
mov [rcx+14], FFFF
jmp _exit
_exit:
pop rax
mov [rcx+1C],eax
mov edx,[rcx+14]
jmp return
_hBattleEnd:
jmp _BattleEnd
nop
return:
registersymbol(_hBattleEnd)
[DISABLE]
_hBattleEnd:
db 89 41 1C 8B 51 14 //E8 D7 81 FC FF
unregistersymbol(_hBattleEnd)
dealloc(_BattleEnd)
837
"-={ Faction }=-"
808000
1
921
"Prestige Editor"
008000
Auto Assembler Script
[ENABLE]
aobscanmodule(_hUpdPrestige,Three_Kingdoms.exe,F3 41 0F 10 42 04 0F 2F C6) // should be unique
alloc(_UpdPrestige,$1000,"Three_Kingdoms.exe"+FB04A2)
registersymbol(fSetPrestige)
alloc(fSetPrestige, 4)
label(_exit)
label(_handlePlayer)
label(return)
_UpdPrestige:
push rax
push rcx
push rbx
cmp rbx, 1E // Only check for prestige
jne _exit
mov rcx, [BasePlayer]
mov rcx, [rcx+28]
lea rax, [r10+04] // Get address to test
mov rbx, rax // Store address to test
sub rbx, rcx // Get offset
cmp rbx, 00 // Player prestige offset is between +00
jle _exit //
cmp rbx, 200 // And +200
jle _handlePlayer //
jmp _exit
_handlePlayer:
cmp dword ptr [fSetPrestige], 0
je _exit
mov rax, [fSetPrestige]
mov [r10+04], rax
jmp _exit
_exit:
pop rbx
pop rcx
pop rax
movss xmm0,[r10+04]
jmp return
_hUpdPrestige:
jmp _UpdPrestige
nop
return:
registersymbol(_hUpdPrestige)
fSetPrestige:
dd 0
[DISABLE]
_hUpdPrestige:
db F3 41 0F 10 42 04
unregistersymbol(_hUpdPrestige)
dealloc(_UpdPrestige)
unregistersymbol(fSetPrestige)
dealloc(fSetPrestige)
{
// ORIGINAL CODE - INJECTION POINT: "Three_Kingdoms.exe"+FB04A2
"Three_Kingdoms.exe"+FB0486: 4D 85 C0 - test r8,r8
"Three_Kingdoms.exe"+FB0489: 7F B5 - jg Three_Kingdoms.exe+FB0440
"Three_Kingdoms.exe"+FB048B: 4C 3B D6 - cmp r10,rsi
"Three_Kingdoms.exe"+FB048E: 74 39 - je Three_Kingdoms.exe+FB04C9
"Three_Kingdoms.exe"+FB0490: 41 38 5A 02 - cmp [r10+02],bl
"Three_Kingdoms.exe"+FB0494: 75 33 - jne Three_Kingdoms.exe+FB04C9
"Three_Kingdoms.exe"+FB0496: 66 45 39 1A - cmp [r10],r11w
"Three_Kingdoms.exe"+FB049A: 75 2D - jne Three_Kingdoms.exe+FB04C9
"Three_Kingdoms.exe"+FB049C: 49 39 7A 10 - cmp [r10+10],rdi
"Three_Kingdoms.exe"+FB04A0: 75 27 - jne Three_Kingdoms.exe+FB04C9
// ---------- INJECTING HERE ----------
"Three_Kingdoms.exe"+FB04A2: F3 41 0F 10 42 04 - movss xmm0,[r10+04]
// ---------- DONE INJECTING ----------
"Three_Kingdoms.exe"+FB04A8: 0F 2F C6 - comiss xmm0,xmm6
"Three_Kingdoms.exe"+FB04AB: 76 0E - jna Three_Kingdoms.exe+FB04BB
"Three_Kingdoms.exe"+FB04AD: F3 0F 58 05 67 F7 F1 01 - addss xmm0,dword ptr [Three_Kingdoms.exe+2ECFC1C]
"Three_Kingdoms.exe"+FB04B5: F3 0F 2C C0 - cvttss2si eax,xmm0
"Three_Kingdoms.exe"+FB04B9: EB 10 - jmp Three_Kingdoms.exe+FB04CB
"Three_Kingdoms.exe"+FB04BB: F3 0F 5C 05 59 F7 F1 01 - subss xmm0,[Three_Kingdoms.exe+2ECFC1C]
"Three_Kingdoms.exe"+FB04C3: F3 0F 2C C0 - cvttss2si eax,xmm0
"Three_Kingdoms.exe"+FB04C7: EB 02 - jmp Three_Kingdoms.exe+FB04CB
"Three_Kingdoms.exe"+FB04C9: 33 C0 - xor eax,eax
"Three_Kingdoms.exe"+FB04CB: 48 8B 5C 24 60 - mov rbx,[rsp+60]
}
924
"Set Prestige to ==>"
0:Disabled
0000FF
Float
fSetPrestige
838
"Faction Curreny Pointer"
008000
Auto Assembler Script
[ENABLE]
aobscanmodule(_hFacCurrencyP,Three_Kingdoms.exe,8B 42 20 48 83 C4 20) // should be unique
alloc(_FacCurrencyP,$1000,"Three_Kingdoms.exe"+2AAF47E)
registersymbol(pCur)
alloc(pCur, 4)
label(_exit)
label(return)
_FacCurrencyP:
cmp rbx, c
je _exit
mov [pCur], rdx
_exit:
mov eax,[rdx+20]
add rsp,20
jmp return
_hFacCurrencyP:
jmp _FacCurrencyP
nop
nop
return:
registersymbol(_hFacCurrencyP)
pCur:
dd 0
[DISABLE]
_hFacCurrencyP:
db 8B 42 20 48 83 C4 20
unregistersymbol(_hFacCurrencyP)
dealloc(_FacCurrencyP)
unregistersymbol(pCur)
dealloc(pCur)
{
// ORIGINAL CODE - INJECTION POINT: "Three_Kingdoms.exe"+2AAF47E
"Three_Kingdoms.exe"+2AAF463: 84 C0 - test al,al
"Three_Kingdoms.exe"+2AAF465: 74 0A - je Three_Kingdoms.exe+2AAF471
"Three_Kingdoms.exe"+2AAF467: 8B 44 24 30 - mov eax,[rsp+30]
"Three_Kingdoms.exe"+2AAF46B: 48 83 C4 20 - add rsp,20
"Three_Kingdoms.exe"+2AAF46F: 5B - pop rbx
"Three_Kingdoms.exe"+2AAF470: C3 - ret
"Three_Kingdoms.exe"+2AAF471: 48 8B 53 20 - mov rdx,[rbx+20]
"Three_Kingdoms.exe"+2AAF475: 48 8B 0A - mov rcx,[rdx]
"Three_Kingdoms.exe"+2AAF478: 80 79 5D 00 - cmp byte ptr [rcx+5D],00
"Three_Kingdoms.exe"+2AAF47C: 75 09 - jne Three_Kingdoms.exe+2AAF487
// ---------- INJECTING HERE ----------
"Three_Kingdoms.exe"+2AAF47E: 8B 42 20 - mov eax,[rdx+20]
"Three_Kingdoms.exe"+2AAF481: 48 83 C4 20 - add rsp,20
// ---------- DONE INJECTING ----------
"Three_Kingdoms.exe"+2AAF485: 5B - pop rbx
"Three_Kingdoms.exe"+2AAF486: C3 - ret
"Three_Kingdoms.exe"+2AAF487: 48 8B 4A 08 - mov rcx,[rdx+08]
"Three_Kingdoms.exe"+2AAF48B: 48 8B 01 - mov rax,[rcx]
"Three_Kingdoms.exe"+2AAF48E: 48 83 C4 20 - add rsp,20
"Three_Kingdoms.exe"+2AAF492: 5B - pop rbx
"Three_Kingdoms.exe"+2AAF493: 48 FF 60 28 - jmp qword ptr [rax+28]
"Three_Kingdoms.exe"+2AAF497: 33 C0 - xor eax,eax
"Three_Kingdoms.exe"+2AAF499: 48 83 C4 20 - add rsp,20
"Three_Kingdoms.exe"+2AAF49D: 5B - pop rbx
}
839
"-- Hover over your faction curreny in the top left corner"
FF00FF
1
840
"-- Turn it off when you're entering a loading screen to prevent crashing"
FF00FF
1
841
"Faction currency"
0000FF
4 Bytes
pCur
20
842
"Set Faction Currency"
800000
Auto Assembler Script
[ENABLE]
aobscanmodule(_hFacCurrency,Three_Kingdoms.exe,FF 50 28 03 43 20 48 83 C4 20 5B C3 CC) // should be unique
alloc(_FacCurrency,$1000,"Three_Kingdoms.exe"+B8F4DC6)
registersymbol(iFacCurrency)
alloc(iFacCurrency, 4)
label(_exit)
label(return)
_FacCurrency:
push eax
cmp [iFacCurrency], 0
je _exit
mov eax, [iFacCurrency]
mov [rbx+20], eax
jmp _exit
_exit:
pop eax
add eax,[rbx+20]
add rsp,20
jmp return
_hFacCurrency+3:
jmp _FacCurrency
nop
nop
return:
registersymbol(_hFacCurrency)
iFacCurrency:
dd 0
[DISABLE]
_hFacCurrency+3:
db 03 43 20 48 83 C4 20
unregistersymbol(_hFacCurrency)
dealloc(_FacCurrency)
unregistersymbol(iFacCurrency)
dealloc(iFacCurrency)
{
// ORIGINAL CODE - INJECTION POINT: "Three_Kingdoms.exe"+B8F4DC6
"Three_Kingdoms.exe"+B8F4DA1: C3 - ret
"Three_Kingdoms.exe"+B8F4DA2: 0F 66 66 66 - pcmpgtd mm4,[rsi+66]
"Three_Kingdoms.exe"+B8F4DA6: 66 2E 0F 1F 84 00 00 00 00 00 - nop cs:[rax+rax+00000000]
"Three_Kingdoms.exe"+B8F4DB0: 40 53 - push rbx
"Three_Kingdoms.exe"+B8F4DB2: 48 83 EC 20 - sub rsp,20
"Three_Kingdoms.exe"+B8F4DB6: 48 89 CB - mov rbx,rcx
"Three_Kingdoms.exe"+B8F4DB9: 48 8B 49 08 - mov rcx,[rcx+08]
"Three_Kingdoms.exe"+B8F4DBD: 48 89 DA - mov rdx,rbx
"Three_Kingdoms.exe"+B8F4DC0: 48 8B 01 - mov rax,[rcx]
"Three_Kingdoms.exe"+B8F4DC3: FF 50 28 - call qword ptr [rax+28]
// ---------- INJECTING HERE ----------
"Three_Kingdoms.exe"+B8F4DC6: 03 43 20 - add eax,[rbx+20]
"Three_Kingdoms.exe"+B8F4DC9: 48 83 C4 20 - add rsp,20
// ---------- DONE INJECTING ----------
"Three_Kingdoms.exe"+B8F4DCD: 5B - pop rbx
"Three_Kingdoms.exe"+B8F4DCE: C3 - ret
"Three_Kingdoms.exe"+B8F4DCF: CC - int 3
"Three_Kingdoms.exe"+B8F4DD0: 41 50 - push r8
"Three_Kingdoms.exe"+B8F4DD2: 49 F7 D0 - not r8
"Three_Kingdoms.exe"+B8F4DD5: 48 8B 1C 24 - mov rbx,[rsp]
"Three_Kingdoms.exe"+B8F4DD9: 4C 09 C3 - or rbx,r8
"Three_Kingdoms.exe"+B8F4DDC: 4C 01 04 24 - add [rsp],r8
"Three_Kingdoms.exe"+B8F4DE0: 48 29 1C 24 - sub [rsp],rbx
"Three_Kingdoms.exe"+B8F4DE4: 41 58 - pop r8
}
843
"-- Will set your faction curreny to X when ending the turn"
FF00FF
1
844
"Set Faction Curreny to ==>"
0000FF
4 Bytes
iFacCurrency
845
"Refill Spy Network"
800000
Auto Assembler Script
[ENABLE]
aobscanmodule(_hSpyNetwork,Three_Kingdoms.exe,8B 40 18 48 8B 5C 24 30 48 83 C4 20 5F C3) // should be unique
alloc(_SpyNetwork,$1000,"Three_Kingdoms.exe"+742A715)
label(_exit)
label(return)
_SpyNetwork:
mov [rax+18], #200
jmp _exit
_exit:
mov eax,[rax+18]
mov rbx,[rsp+30]
jmp return
_hSpyNetwork:
jmp _SpyNetwork
nop
nop
nop
return:
registersymbol(_hSpyNetwork)
[DISABLE]
_hSpyNetwork:
db 8B 40 18 48 8B 5C 24 30
unregistersymbol(_hSpyNetwork)
dealloc(_SpyNetwork)
{
// ORIGINAL CODE - INJECTION POINT: "Three_Kingdoms.exe"+742A715
"Three_Kingdoms.exe"+742A6F8: 74 09 - je Three_Kingdoms.exe+742A703
"Three_Kingdoms.exe"+742A6FA: 48 8B 40 08 - mov rax,[rax+08]
"Three_Kingdoms.exe"+742A6FE: 48 39 C8 - cmp rax,rcx
"Three_Kingdoms.exe"+742A701: 75 F1 - jne Three_Kingdoms.exe+742A6F4
"Three_Kingdoms.exe"+742A703: 48 39 C8 - cmp rax,rcx
"Three_Kingdoms.exe"+742A706: 75 04 - jne Three_Kingdoms.exe+742A70C
"Three_Kingdoms.exe"+742A708: 48 8D 47 10 - lea rax,[rdi+10]
"Three_Kingdoms.exe"+742A70C: 48 8D 4F 10 - lea rcx,[rdi+10]
"Three_Kingdoms.exe"+742A710: 48 39 C8 - cmp rax,rcx
"Three_Kingdoms.exe"+742A713: 74 0E - je Three_Kingdoms.exe+742A723
// ---------- INJECTING HERE ----------
"Three_Kingdoms.exe"+742A715: 8B 40 18 - mov eax,[rax+18]
"Three_Kingdoms.exe"+742A718: 48 8B 5C 24 30 - mov rbx,[rsp+30]
// ---------- DONE INJECTING ----------
"Three_Kingdoms.exe"+742A71D: 48 83 C4 20 - add rsp,20
"Three_Kingdoms.exe"+742A721: 5F - pop rdi
"Three_Kingdoms.exe"+742A722: C3 - ret
"Three_Kingdoms.exe"+742A723: 31 C0 - xor eax,eax
"Three_Kingdoms.exe"+742A725: 48 8B 5C 24 30 - mov rbx,[rsp+30]
"Three_Kingdoms.exe"+742A72A: 48 83 C4 20 - add rsp,20
"Three_Kingdoms.exe"+742A72E: 5F - pop rdi
"Three_Kingdoms.exe"+742A72F: C3 - ret
"Three_Kingdoms.exe"+742A730: CC - int 3
"Three_Kingdoms.exe"+742A731: 41 51 - push r9
}
846
"Refill Spy Cover"
800000
Auto Assembler Script
[ENABLE]
aobscanmodule(_hSpyCover,Three_Kingdoms.exe,8B 90 94 00 00 00 49 FF 60 58) // should be unique
alloc(_SpyCover,$1000,"Three_Kingdoms.exe"+207146D)
label(_exit)
label(return)
_SpyCover:
mov [rax+94], #200
jmp _exit
_exit:
mov edx,[rax+00000094]
jmp return
_hSpyCover:
jmp _SpyCover
nop
return:
registersymbol(_hSpyCover)
[DISABLE]
_hSpyCover:
db 8B 90 94 00 00 00
unregistersymbol(_hSpyCover)
dealloc(_SpyCover)
{
// ORIGINAL CODE - INJECTION POINT: "Three_Kingdoms.exe"+207146D
"Three_Kingdoms.exe"+2071453: 8B D0 - mov edx,eax
"Three_Kingdoms.exe"+2071455: 48 83 C4 20 - add rsp,20
"Three_Kingdoms.exe"+2071459: 5B - pop rbx
"Three_Kingdoms.exe"+207145A: 49 FF 60 58 - jmp qword ptr [r8+58]
"Three_Kingdoms.exe"+207145E: CC - int 3
"Three_Kingdoms.exe"+207145F: CC - int 3
"Three_Kingdoms.exe"+2071460: 48 8B 41 60 - mov rax,[rcx+60]
"Three_Kingdoms.exe"+2071464: 4C 8B CA - mov r9,rdx
"Three_Kingdoms.exe"+2071467: 4C 8B 02 - mov r8,[rdx]
"Three_Kingdoms.exe"+207146A: 49 8B C9 - mov rcx,r9
// ---------- INJECTING HERE ----------
"Three_Kingdoms.exe"+207146D: 8B 90 94 00 00 00 - mov edx,[rax+00000094]
// ---------- DONE INJECTING ----------
"Three_Kingdoms.exe"+2071473: 49 FF 60 58 - jmp qword ptr [r8+58]
"Three_Kingdoms.exe"+2071477: CC - int 3
"Three_Kingdoms.exe"+2071478: CC - int 3
"Three_Kingdoms.exe"+2071479: CC - int 3
"Three_Kingdoms.exe"+207147A: CC - int 3
"Three_Kingdoms.exe"+207147B: CC - int 3
"Three_Kingdoms.exe"+207147C: CC - int 3
"Three_Kingdoms.exe"+207147D: CC - int 3
"Three_Kingdoms.exe"+207147E: CC - int 3
"Three_Kingdoms.exe"+207147F: CC - int 3
}
847
"-={ Territory }=-"
808000
1
848
"Selected Commandery Pointers"
008000
Auto Assembler Script
[ENABLE]
aobscanmodule(_hSelCommandery,Three_Kingdoms.exe,66 0F 6E 4A 20 4D) // should be unique
alloc(_SelCommandery,$1000,"Three_Kingdoms.exe"+20A05C6)
registersymbol(pCommandery)
alloc(pCommandery, 8)
label(_exit)
label(return)
_SelCommandery:
mov [pCommandery], rdx
jmp _exit
_exit:
movd xmm1,[rdx+20]
jmp return
_hSelCommandery:
jmp _SelCommandery
return:
registersymbol(_hSelCommandery)
pCommandery:
dq 0
[DISABLE]
_hSelCommandery:
db 66 0F 6E 4A 20
unregistersymbol(_hSelCommandery)
dealloc(_SelCommandery)
unregistersymbol(pCommandery)
dealloc(pCommandery)
{
// ORIGINAL CODE - INJECTION POINT: "Three_Kingdoms.exe"+20A05C6
"Three_Kingdoms.exe"+20A05A6: 8B 51 20 - mov edx,[rcx+20]
"Three_Kingdoms.exe"+20A05A9: 49 8B C8 - mov rcx,r8
"Three_Kingdoms.exe"+20A05AC: 48 FF 60 58 - jmp qword ptr [rax+58]
"Three_Kingdoms.exe"+20A05B0: 4C 8B C2 - mov r8,rdx
"Three_Kingdoms.exe"+20A05B3: 48 8B 51 20 - mov rdx,[rcx+20]
"Three_Kingdoms.exe"+20A05B7: 48 85 D2 - test rdx,rdx
"Three_Kingdoms.exe"+20A05BA: 74 61 - je Three_Kingdoms.exe+20A061D
"Three_Kingdoms.exe"+20A05BC: 83 7A 14 00 - cmp dword ptr [rdx+14],00
"Three_Kingdoms.exe"+20A05C0: 74 4F - je Three_Kingdoms.exe+20A0611
"Three_Kingdoms.exe"+20A05C2: 48 8B 42 18 - mov rax,[rdx+18]
// ---------- INJECTING HERE ----------
"Three_Kingdoms.exe"+20A05C6: 66 0F 6E 4A 20 - movd xmm1,[rdx+20]
// ---------- DONE INJECTING ----------
"Three_Kingdoms.exe"+20A05CB: 4D 8B 08 - mov r9,[r8]
"Three_Kingdoms.exe"+20A05CE: 0F 5B C9 - cvtdq2ps xmm1,xmm1
"Three_Kingdoms.exe"+20A05D1: 48 8B 08 - mov rcx,[rax]
"Three_Kingdoms.exe"+20A05D4: 48 8B 01 - mov rax,[rcx]
"Three_Kingdoms.exe"+20A05D7: F3 0F 59 48 58 - mulss xmm1,[rax+58]
"Three_Kingdoms.exe"+20A05DC: F3 0F 2C C9 - cvttss2si ecx,xmm1
"Three_Kingdoms.exe"+20A05E0: 81 F9 00 00 00 80 - cmp ecx,80000000
"Three_Kingdoms.exe"+20A05E6: 74 1E - je Three_Kingdoms.exe+20A0606
"Three_Kingdoms.exe"+20A05E8: 66 0F 6E C1 - movd xmm0,ecx
"Three_Kingdoms.exe"+20A05EC: 0F 5B C0 - cvtdq2ps xmm0,xmm0
}
849
"-- Only shows pointers for played-owned settlements"
FF00FF
1
850
"Population (x1000) (total) ==>"
FF00FF
4 Bytes
pCommandery
20
855
"Settlement 1 -> Population (x1000) ==>"
0000FF
4 Bytes
pCommandery
20
8
18
854
"Settlement 2 -> Population (x1000) ==>"
0000FF
4 Bytes
pCommandery
20
0
18
856
"Settlement 3 -> Population (x1000) ==>"
0000FF
4 Bytes
pCommandery
20
10
18
857
"Settlement 4 -> Population (x1000) ==>"
0000FF
4 Bytes
pCommandery
20
18
18
858
"Reserves ==>"
0000FF
4 Bytes
pCommandery
20
598
1C0
0
859
"Public Order ==>"
0000FF
4 Bytes
pCommandery
3C
F0
1C0
0
886
"Maximum Public Order / Reserves"
800000
Auto Assembler Script
[ENABLE]
aobscanmodule(_hUpdateCommandery,Three_Kingdoms.exe,8B 59 3C EB 02) // should be unique
alloc(_UpdateCommandery,1024,"Three_Kingdoms.exe"+6B41285)
registersymbol(iEnableMPO)
registersymbol(iEnableMRS)
alloc(iEnableMPO, 4)
alloc(iEnableMRS, 4)
label(_exit)
label(_handlePlayer)
label(_tRS)
label(return)
_UpdateCommandery:
push rax
push eax
jmp _handlePlayer
_handlePlayer:
cmp [iEnableMPO], 0
je _tRS
mov [rcx+3C],(int)100
jmp _tRS
_tRS:
cmp [iEnableMRS], 0
je _exit
mov rax, [rcx]
test rax,rax
jz _exit
mov rax, [rax+0400]
test rax,rax
jz _exit
mov eax, [rax+01A0]
test eax,eax
jz _exit
mov [eax+0020],(int)1000
jmp _exit
_exit:
pop eax
pop rax
mov ebx,[rcx+3C]
jmp _hUpdateCommandery+7
jmp return
_hUpdateCommandery:
jmp _UpdateCommandery
return:
registersymbol(_hUpdateCommandery)
iEnableMPO:
dd 0
iEnableMRS:
dd 0
[DISABLE]
_hUpdateCommandery:
db 8B 59 3C EB 02
unregistersymbol(_hUpdateCommandery)
dealloc(_UpdateCommandery)
unregistersymbol(iEnableMPO)
unregistersymbol(iEnableMRS)
dealloc(iEnableMPO)
dealloc(iEnableMRS)
{
// ORIGINAL CODE - INJECTION POINT: "Three_Kingdoms.exe"+6B41285
"Three_Kingdoms.exe"+6B41258: 48 8B 08 - mov rcx,[rax]
"Three_Kingdoms.exe"+6B4125B: E8 80 59 17 FC - call Three_Kingdoms.exe+2CB6BE0
"Three_Kingdoms.exe"+6B41260: 48 8B 5B 18 - mov rbx,[rbx+18]
"Three_Kingdoms.exe"+6B41264: 48 89 D9 - mov rcx,rbx
"Three_Kingdoms.exe"+6B41267: E8 54 10 A2 F9 - call Three_Kingdoms.exe+5622C0
"Three_Kingdoms.exe"+6B4126C: 48 83 B8 F0 00 00 00 00 - cmp qword ptr [rax+000000F0],00
"Three_Kingdoms.exe"+6B41274: 74 14 - je Three_Kingdoms.exe+6B4128A
"Three_Kingdoms.exe"+6B41276: 48 89 D9 - mov rcx,rbx
"Three_Kingdoms.exe"+6B41279: E8 42 10 A2 F9 - call Three_Kingdoms.exe+5622C0
"Three_Kingdoms.exe"+6B4127E: 48 8B 88 F0 00 00 00 - mov rcx,[rax+000000F0]
// ---------- INJECTING HERE ----------
"Three_Kingdoms.exe"+6B41285: 8B 59 3C - mov ebx,[rcx+3C]
"Three_Kingdoms.exe"+6B41288: EB 02 - jmp Three_Kingdoms.exe+6B4128C
// ---------- DONE INJECTING ----------
"Three_Kingdoms.exe"+6B4128A: 31 DB - xor ebx,ebx
"Three_Kingdoms.exe"+6B4128C: 48 89 F9 - mov rcx,rdi
"Three_Kingdoms.exe"+6B4128F: E8 EC E5 2C FA - call Three_Kingdoms.exe+E0F880
"Three_Kingdoms.exe"+6B41294: 89 DA - mov edx,ebx
"Three_Kingdoms.exe"+6B41296: 48 89 C1 - mov rcx,rax
"Three_Kingdoms.exe"+6B41299: E8 52 C6 2C FA - call Three_Kingdoms.exe+E0D8F0
"Three_Kingdoms.exe"+6B4129E: 48 8B 5C 24 30 - mov rbx,[rsp+30]
"Three_Kingdoms.exe"+6B412A3: B8 01 00 00 00 - mov eax,00000001
"Three_Kingdoms.exe"+6B412A8: 48 83 C4 20 - add rsp,20
"Three_Kingdoms.exe"+6B412AC: 5F - pop rdi
}
887
"Enable Maximum Public Order ==>"
0:Disabled
1:Enabled
008000
4 Bytes
iEnableMPO
888
"Enable Maximum Reserves ==>"
0:Disabled
1:Enabled
008000
4 Bytes
iEnableMRS
877
"-={ miscellaneous }=-"
808000
1
878
"AI Diplomacy yesmen"
800000
Auto Assembler Script
[ENABLE]
aobscanmodule(_hDiplomacyScore,Three_Kingdoms.exe,F3 0F 11 03 4C 89 F9) // should be unique
alloc(_DiplomacyScore,$1000,"Three_Kingdoms.exe"+D953747)
label(_exit)
label(return)
_DiplomacyScore:
push eax
mov eax,99999
cvtsi2sd xmm0,eax
pop eax
_exit:
movss [rbx],xmm0
mov rcx,r15
jmp return
_hDiplomacyScore:
jmp _DiplomacyScore
nop
nop
return:
registersymbol(_hDiplomacyScore)
[DISABLE]
_hDiplomacyScore:
db F3 0F 11 03 4C 89 F9
unregistersymbol(_hDiplomacyScore)
dealloc(_DiplomacyScore)
{
// ORIGINAL CODE - INJECTION POINT: "Three_Kingdoms.exe"+D953747
"Three_Kingdoms.exe"+D953721: 48 89 C3 - mov rbx,rax
"Three_Kingdoms.exe"+D953724: 0F B6 45 77 - movzx eax,byte ptr [rbp+77]
"Three_Kingdoms.exe"+D953728: 41 B1 01 - mov r9l,01
"Three_Kingdoms.exe"+D95372B: 88 44 24 28 - mov [rsp+28],al
"Three_Kingdoms.exe"+D95372F: 49 89 F8 - mov r8,rdi
"Three_Kingdoms.exe"+D953732: 48 8D 45 C7 - lea rax,[rbp-39]
"Three_Kingdoms.exe"+D953736: 48 89 F2 - mov rdx,rsi
"Three_Kingdoms.exe"+D953739: 48 89 44 24 20 - mov [rsp+20],rax
"Three_Kingdoms.exe"+D95373E: E8 7D 4B 2E F4 - call Three_Kingdoms.exe+1C382C0
"Three_Kingdoms.exe"+D953743: 48 8D 56 08 - lea rdx,[rsi+08]
// ---------- INJECTING HERE ----------
"Three_Kingdoms.exe"+D953747: F3 0F 11 03 - movss [rbx],xmm0
"Three_Kingdoms.exe"+D95374B: 4C 89 F9 - mov rcx,r15
// ---------- DONE INJECTING ----------
"Three_Kingdoms.exe"+D95374E: E8 2D FD 77 F3 - call Three_Kingdoms.exe+10D3480
"Three_Kingdoms.exe"+D953753: 4D 8B 04 24 - mov r8,[r12]
"Three_Kingdoms.exe"+D953757: 0F 57 C0 - xorps xmm0,xmm0
"Three_Kingdoms.exe"+D95375A: 0F 2F 00 - comiss xmm0,[rax]
"Three_Kingdoms.exe"+D95375D: 41 8B 48 14 - mov ecx,[r8+14]
"Three_Kingdoms.exe"+D953761: 49 8B 58 18 - mov rbx,[r8+18]
"Three_Kingdoms.exe"+D953765: 49 8B 44 24 08 - mov rax,[r12+08]
"Three_Kingdoms.exe"+D95376A: 40 0F 96 D7 - setbe dil
"Three_Kingdoms.exe"+D95376E: 48 6B D1 38 - imul rdx,rcx,38
"Three_Kingdoms.exe"+D953772: 49 03 50 18 - add rdx,[r8+18]
}
879
"Infinite Reforms"
800000
Auto Assembler Script
[ENABLE]
aobscanmodule(_hSelReform,Three_Kingdoms.exe,74 0F 4C 89 F1 41 89 96 98) // should be unique
alloc(_SelReform,$1000,"Three_Kingdoms.exe"+E1F1593)
label(return)
_SelReform:
jmp return+C
mov rcx,r14
jmp return
_hSelReform:
jmp _SelReform
return:
registersymbol(_hSelReform)
[DISABLE]
_hSelReform:
db 74 0F 4C 89 F1
unregistersymbol(_hSelReform)
dealloc(_SelReform)
{
// ORIGINAL CODE - INJECTION POINT: "Three_Kingdoms.exe"+E1F1593
"Three_Kingdoms.exe"+E1F1568: 88 44 24 20 - mov [rsp+20],al
"Three_Kingdoms.exe"+E1F156C: 4C 89 FA - mov rdx,r15
"Three_Kingdoms.exe"+E1F156F: E8 9C 5A DF F3 - call Three_Kingdoms.exe+1FE7010
"Three_Kingdoms.exe"+E1F1574: 49 8B 46 40 - mov rax,[r14+40]
"Three_Kingdoms.exe"+E1F1578: 48 8B 48 68 - mov rcx,[rax+68]
"Three_Kingdoms.exe"+E1F157C: 48 8B 81 00 44 00 00 - mov rax,[rcx+00004400]
"Three_Kingdoms.exe"+E1F1583: 49 8B 0F - mov rcx,[r15]
"Three_Kingdoms.exe"+E1F1586: 8B 50 5C - mov edx,[rax+5C]
"Three_Kingdoms.exe"+E1F1589: 03 51 60 - add edx,[rcx+60]
"Three_Kingdoms.exe"+E1F158C: 41 39 96 98 01 00 00 - cmp [r14+00000198],edx
// ---------- INJECTING HERE ----------
"Three_Kingdoms.exe"+E1F1593: 74 0F - je Three_Kingdoms.exe+E1F15A4
"Three_Kingdoms.exe"+E1F1595: 4C 89 F1 - mov rcx,r14
// ---------- DONE INJECTING ----------
"Three_Kingdoms.exe"+E1F1598: 41 89 96 98 01 00 00 - mov [r14+00000198],edx
"Three_Kingdoms.exe"+E1F159F: E8 0C DF DF F3 - call Three_Kingdoms.exe+1FEF4B0
"Three_Kingdoms.exe"+E1F15A4: 49 8B 46 40 - mov rax,[r14+40]
"Three_Kingdoms.exe"+E1F15A8: 4C 89 7C 24 38 - mov [rsp+38],r15
"Three_Kingdoms.exe"+E1F15AD: 48 8B 50 68 - mov rdx,[rax+68]
"Three_Kingdoms.exe"+E1F15B1: 49 8B 46 60 - mov rax,[r14+60]
"Three_Kingdoms.exe"+E1F15B5: 48 85 D2 - test rdx,rdx
"Three_Kingdoms.exe"+E1F15B8: 48 89 44 24 30 - mov [rsp+30],rax
"Three_Kingdoms.exe"+E1F15BD: 48 8D 8A A0 32 00 00 - lea rcx,[rdx+000032A0]
"Three_Kingdoms.exe"+E1F15C4: 49 0F 44 CD - cmove rcx,r13
}
880
"Year Modification"
800000
Auto Assembler Script
[ENABLE]
aobscanmodule(_hUpdateYear,Three_Kingdoms.exe,41 3B 40 58 75 07) // should be unique
alloc(_UpdateYear,$1000,"Three_Kingdoms.exe"+A31828C)
registersymbol(_iSetMode)
registersymbol(iSetYear)
alloc(_iSetMode, 4)
alloc(iSetYear, 4)
label(_exitDefault)
label(_storeYear)
label(_setYear)
label(_freezeYear)
label(_exit)
label(return)
_UpdateYear:
cmp [iSetYear], 0
je _storeYear
cmp [_iSetMode], 0
je _exitDefault
cmp [_iSetMode], 1
je _freezeYear
cmp [_iSetMode], 2
je _setYear
jmp _exitDefault
_storeYear:
push eax
mov eax, [r8]
mov [iSetYear], eax
pop eax
jmp _UpdateYear
_freezeYear:
jmp _exit
_setYear:
cmp [iSetYear], 0
je _exitDefault
push eax
mov eax, [iSetYear]
mov [r8], eax
pop eax
jmp _exit
_exitDefault:
cmp eax,[r8+58]
jne return+7
jmp return
_exit:
jmp return+7 // Skips year increase
_hUpdateYear:
jmp _UpdateYear
nop
return:
registersymbol(_hUpdateYear)
_iSetMode:
dd 0
iSetYear:
dd 0
[DISABLE]
_hUpdateYear:
db 41 3B 40 58 75 07
unregistersymbol(_hUpdateYear)
dealloc(_UpdateYear)
unregistersymbol(_iSetMode)
unregistersymbol(iSetYear)
dealloc(_iSetMode)
dealloc(iSetYear)
{
// ORIGINAL CODE - INJECTION POINT: "Three_Kingdoms.exe"+A31828C
"Three_Kingdoms.exe"+A31826B: FF 41 58 - inc [rcx+58]
"Three_Kingdoms.exe"+A31826E: 45 31 C9 - xor r9d,r9d
"Three_Kingdoms.exe"+A318271: 48 8B 49 38 - mov rcx,[rcx+38]
"Three_Kingdoms.exe"+A318275: 41 8B 40 54 - mov eax,[r8+54]
"Three_Kingdoms.exe"+A318279: 45 8B 50 50 - mov r10d,[r8+50]
"Three_Kingdoms.exe"+A31827D: F7 71 04 - div [rcx+04]
"Three_Kingdoms.exe"+A318280: 41 89 50 54 - mov [r8+54],edx
"Three_Kingdoms.exe"+A318284: 31 D2 - xor edx,edx
"Three_Kingdoms.exe"+A318286: 8B 41 04 - mov eax,[rcx+04]
"Three_Kingdoms.exe"+A318289: 41 F7 F2 - div r10d
// ---------- INJECTING HERE ----------
"Three_Kingdoms.exe"+A31828C: 41 3B 40 58 - cmp eax,[r8+58]
"Three_Kingdoms.exe"+A318290: 75 07 - jne Three_Kingdoms.exe+A318299
// ---------- DONE INJECTING ----------
"Three_Kingdoms.exe"+A318292: 41 FF 00 - inc [r8]
"Three_Kingdoms.exe"+A318295: 45 89 48 58 - mov [r8+58],r9d
"Three_Kingdoms.exe"+A318299: 8B 41 04 - mov eax,[rcx+04]
"Three_Kingdoms.exe"+A31829C: 31 D2 - xor edx,edx
"Three_Kingdoms.exe"+A31829E: 41 F7 F2 - div r10d
"Three_Kingdoms.exe"+A3182A1: 31 D2 - xor edx,edx
"Three_Kingdoms.exe"+A3182A3: 89 C1 - mov ecx,eax
"Three_Kingdoms.exe"+A3182A5: B8 30 00 00 00 - mov eax,00000030
"Three_Kingdoms.exe"+A3182AA: F7 F1 - div ecx
"Three_Kingdoms.exe"+A3182AC: 41 8B 08 - mov ecx,[r8]
}
881
"-- Allows you to either freeze the year to prevent aging, or set year to a custom year."
FF00FF
1
882
"-- It's recommended to wait till the events you want have been fired, then set the year to an older year"
FF00FF
1
883
"-- Please take note that certain events require your lords to be of a certain age to fire"
FF00FF
1
884
"Year modification mode ==>"
0:Disabled
1:Freeze Year / Prevent Aging
2:Set Year to X
008000
4 Bytes
_iSetMode
885
"Set year to ==>"
0000FF
4 Bytes
iSetYear
889
"Trustworthiness Editor"
800000
Auto Assembler Script
[ENABLE]
aobscanmodule(_hTrustworthiness,Three_Kingdoms.exe,F3 41 0F 58 40 10) // should be unique
alloc(_Trustworthiness,$1000,"Three_Kingdoms.exe"+D6B0515)
registersymbol(pBaseTrust)
registersymbol(iNumMods)
registersymbol(pTrust)
alloc(pBaseTrust, 8)
alloc(iNumMods, 4)
alloc(pTrust, 8)
label(_exit)
label(return)
_Trustworthiness:
cmp rax, FF
jge _exit
mov [pBaseTrust], r8
mov [iNumMods], rax
movss [pTrust], xmm0
_exit:
addss xmm0,dword ptr [r8+10]
jmp return
_hTrustworthiness:
jmp _Trustworthiness
nop
return:
registersymbol(_hTrustworthiness)
pBaseTrust:
dq 0
iNumMods:
dd 0
pTrust:
dq 0
[DISABLE]
_hTrustworthiness:
db F3 41 0F 58 40 10
unregistersymbol(_hTrustworthiness)
unregistersymbol(pBaseTrust)
unregistersymbol(iNumMods)
unregistersymbol(pTrust)
dealloc(_Trustworthiness)
dealloc(pBaseTrust)
dealloc(iNumMods)
dealloc(pTrust)
{
// ORIGINAL CODE - INJECTION POINT: "Three_Kingdoms.exe"+D6B0515
"Three_Kingdoms.exe"+D6B04EA: 8B 81 64 01 00 00 - mov eax,[rcx+00000164]
"Three_Kingdoms.exe"+D6B04F0: 48 8D 14 40 - lea rdx,[rax+rax*2]
"Three_Kingdoms.exe"+D6B04F4: 49 8D 14 D0 - lea rdx,[r8+rdx*8]
"Three_Kingdoms.exe"+D6B04F8: 49 39 D0 - cmp r8,rdx
"Three_Kingdoms.exe"+D6B04FB: 74 3C - je Three_Kingdoms.exe+D6B0539
"Three_Kingdoms.exe"+D6B04FD: 8B 81 64 01 00 00 - mov eax,[rcx+00000164]
"Three_Kingdoms.exe"+D6B0503: 48 8D 0C 40 - lea rcx,[rax+rax*2]
"Three_Kingdoms.exe"+D6B0507: 49 8D 14 C8 - lea rdx,[r8+rcx*8]
"Three_Kingdoms.exe"+D6B050B: 0F 1F 44 00 00 - nop [rax+rax+00]
"Three_Kingdoms.exe"+D6B0510: 41 80 78 16 00 - cmp byte ptr [r8+16],00
// ---------- INJECTING HERE ----------
"Three_Kingdoms.exe"+D6B0515: F3 41 0F 58 40 10 - addss xmm0,dword ptr [r8+10]
// ---------- DONE INJECTING ----------
"Three_Kingdoms.exe"+D6B051B: 49 8B 00 - mov rax,[r8]
"Three_Kingdoms.exe"+D6B051E: 74 07 - je Three_Kingdoms.exe+D6B0527
"Three_Kingdoms.exe"+D6B0520: F3 0F 10 48 04 - movss xmm1,[rax+04]
"Three_Kingdoms.exe"+D6B0525: EB 05 - jmp Three_Kingdoms.exe+D6B052C
"Three_Kingdoms.exe"+D6B0527: F3 0F 10 48 08 - movss xmm1,[rax+08]
"Three_Kingdoms.exe"+D6B052C: 49 83 C0 18 - add r8,18
"Three_Kingdoms.exe"+D6B0530: F3 0F 58 C1 - addss xmm0,xmm1
"Three_Kingdoms.exe"+D6B0534: 49 39 D0 - cmp r8,rdx
"Three_Kingdoms.exe"+D6B0537: 75 D7 - jne Three_Kingdoms.exe+D6B0510
"Three_Kingdoms.exe"+D6B0539: C3 - ret
}
892
"-- Hover over the Trustworthiness text to update"
FF00FF
1
893
"-- Values will only update if there's atleast 1 modifier"
FF00FF
1
894
"Trust Modifiers Base ==>"
1
0
008080
4 Bytes
pBaseTrust
891
"-- Only modify as many modifiers as the number below dictates"
FF00FF
1
895
"Number of modifiers ==>"
FF00FF
4 Bytes
iNumMods
890
"-- Modifiers will degrade over time"
FF00FF
1
896
"Modifier 1 ==>"
0000FF
Float
pBaseTrust
10
897
"Modifier 2 ==>"
0000FF
Float
pBaseTrust
28
898
"Modifier 3 ==>"
0000FF
Float
pBaseTrust
40
899
"Modifier 4 ==>"
0000FF
Float
pBaseTrust
58
900
"Modifier 5 ==>"
0000FF
Float
pBaseTrust
70
901
"Modifier 6 ==>"
0000FF
Float
pBaseTrust
88
902
"Modifier 7 ==>"
0000FF
Float
pBaseTrust
A0
903
"Modifier 8 ==>"
0000FF
Float
pBaseTrust
B8
904
"Modifier 9 ==>"
0000FF
Float
pBaseTrust
D0
905
"Modifier 10 ==>"
0000FF
Float
pBaseTrust
E8
906
"Modifier 11 ==>"
0000FF
Float
pBaseTrust
100
907
"Modifier 12 ==>"
0000FF
Float
pBaseTrust
118
908
"Modifier 13 ==>"
0000FF
Float
pBaseTrust
130
909
"Modifier 14 ==>"
0000FF
Float
pBaseTrust
148
910
"Modifier 15 ==>"
0000FF
Float
pBaseTrust
160