0
"CONTROL : 0.0.269.9979 (DirectX 11)"
C0C0C0
1
13022
"Scripts Activation [F2]"
0000FF
Auto Assembler Script
[ENABLE]
// LUA Script by vng21092
{$lua}
function lua_aobscan(name,module,bytes,index)
index = index - 1
if(module == "") then
local resultSet = AOBScan(bytes)
if(resultSet == nil) then
unregisterSymbol(name)
print(name.." not found")
else
unregisterSymbol(name)
registerSymbol(name,resultSet[index])
resultSet.destroy()
end
else
if(getModuleSize(module) == nil) then
print("Module "..module.." not found")
else
local memScanner = createMemScan()
local memFoundList = createFoundList(memScanner)
memScanner.firstScan(
soExactValue,vtByteArray,rtRounded,bytes,nil,
getAddress(module),(getAddress(module)+getModuleSize(module)),"",
fsmNotAligned,"",true,false,false,false)
memScanner.waitTillDone()
memFoundList.initialize()
if(memFoundList.Count == 0) then
unregisterSymbol(name)
print(name.." in module "..module.." not found")
else
unregisterSymbol(name)
registerSymbol(name,memFoundList.Address[index])
end
memScanner.destroy()
memFoundList.destroy()
end
end
end
{$asm}
///*****************************************///
aobscanmodule(playerHealthReadInCombatAOB,Control_DX11.exe,F3 0F ** ** ** 41 ** ** ** 00 00 FF ** ** ** ** ** 8B ** 49 ** ** FF)
registersymbol(playerHealthReadInCombatAOB)
label(aKMHotkeyPressed)
registersymbol(aKMHotkeyPressed)
label(aControllerHotkeyPressed)
registersymbol(aControllerHotkeyPressed)
label(pPlayer)
registersymbol(pPlayer)
alloc(newmem,2048,playerHealthReadInCombatAOB) //"Control_DX11.exe"+3AD1EA)
label(returnhere)
label(originalcode)
label(exit)
newmem:
push rbx
mov rbx,pPlayer
mov [rbx],rax
pop rbx
originalcode:
readmem(playerHealthReadInCombatAOB,5)
//movss xmm7,[rax+40]
exit:
jmp returnhere
///
aKMHotkeyPressed:
dd 0
aControllerHotkeyPressed:
dd 0 //A button
dd 0 //B button
dd 0 //X button
dd 0 //Y button
dd 0 //Left shoulder button
dd 0 //Right shoulder button
dd 0 //Left trigger
dd 0 //Right trigger
dd 0 //Left thumb stick down
dd 0 //Right thumb stick down
pPlayer:
dq 0
///
playerHealthReadInCombatAOB: //"Control_DX11.exe"+3AD1EA:
jmp newmem
returnhere:
///*****************************************///
aobscanmodule(healthCalOnChangeAOB,Control_DX11.exe,F3 0F ** ** ** 40 ** ** 0F ** ** ** 40 ** ** 0F ** ** ** 0F ** ** 44 ** ** ** ** 41 ** ** ** F3)
registersymbol(healthCalOnChangeAOB)
label(bUndead)
registersymbol(bUndead)
label(dDamageMultiplier)
registersymbol(dDamageMultiplier)
label(dMinHealth)
registersymbol(dMinHealth)
label(pPlayerHealthCal)
registersymbol(pPlayerHealthCal)
alloc(newmem2,2048,healthCalOnChangeAOB) //"Control_DX11.exe"+2C81B4)
label(returnhere2)
label(originalcode2_healthCalOnChangeAOB)
registersymbol(originalcode2_healthCalOnChangeAOB)
label(exit2)
newmem2:
//sub rsp,10
//movdqu dqword [rsp],xmm15
mov rbx,pPlayer
mov rbx,[rbx]
cmp [rcx],rbx
je @f
//not player
mov rbx,dDamageMultiplier
mulss xmm1,[rbx]
jmp end2
@@:
mov rbx,pPlayerHealthCal
mov [rbx],rcx
mov rbx,bUndead
cmp byte ptr [rbx],1
jne @f
readmem(healthCalOnChangeAOB,5)
//movss xmm0,[rcx+64]
subss xmm0,xmm1
mov rbx,dMinHealth
comiss xmm0,[rbx]
jae @f
movss xmm0,[rbx]
addss xmm0,xmm1
readmem(healthCalOnChangeAOB,2)
db 11
readmem(healthCalOnChangeAOB+3,2)
//movss [rcx+64],xmm0
end2:
//movdqu xmm15,dqword [rsp]
//add rsp,10
originalcode2_healthCalOnChangeAOB:
readmem(healthCalOnChangeAOB,5)
//movss xmm0,[rcx+64]
exit2:
jmp returnhere2
///
bUndead:
dd 0
dDamageMultiplier:
dd (float)1
dMinHealth:
dd (float)0.1
pPlayerHealthCal:
dq 0
///
healthCalOnChangeAOB: //"Control_DX11.exe"+2C81B4:
jmp newmem2
returnhere2:
///*****************************************///
aobscanmodule(playerAmmoRead3AOB,Control_DX11.exe,F3 0F ** ** ** ** 00 00 0F ** ** ** ** ** ** 76 ** E8 ** ** ** ** 84 ** 74 ** 32 ** EB)
registersymbol(playerAmmoRead3AOB)
label(pAmmo)
registersymbol(pAmmo)
alloc(newmem3,2048,playerAmmoRead3AOB) //"Control_DX11.exe"+5A982B)
label(returnhere3)
label(originalcode3_playerAmmoRead3AOB)
registersymbol(originalcode3_playerAmmoRead3AOB)
label(exit3)
newmem3:
push rax
mov rax,pAmmo
mov [rax],rcx
pop rax
originalcode3_playerAmmoRead3AOB:
readmem(playerAmmoRead3AOB,8)
//movss xmm0,[rcx+00000148]
exit3:
jmp returnhere3
///
pAmmo:
///
playerAmmoRead3AOB: //"Control_DX11.exe"+5A982B:
jmp newmem3
nop 3
returnhere3:
///*****************************************///
aobscanmodule(outfitsFlagsChkOnControlPointAccessAOB,"Control_DX11.exe",48 ** ** ** 4C ** ** 8B ** ** 48 ** ** ** 48 ** ** 0F 84 ** ** ** ** 4C ** ** ** ** 41)
registersymbol(outfitsFlagsChkOnControlPointAccessAOB)
label(pOutfitFlags)
registersymbol(pOutfitFlags)
alloc(newmem4,2048,outfitsFlagsChkOnControlPointAccessAOB+a) //"Control_DX11.exe"+192463)
label(returnhere4)
label(originalcode4_outfitsFlagsChkOnControlPointAccessAOB)
registersymbol(originalcode4_outfitsFlagsChkOnControlPointAccessAOB)
label(exit4)
newmem4:
mov rsi,pOutfitFlags
mov [rsi],rbx
mov [rsi+8],eax
originalcode4_outfitsFlagsChkOnControlPointAccessAOB:
readmem(outfitsFlagsChkOnControlPointAccessAOB+a,7)
//lea rsi,[rbx+rax*8]
//cmp rbx,rsi
exit4:
jmp returnhere4
///
pOutfitFlags:
///
outfitsFlagsChkOnControlPointAccessAOB+a: //"Control_DX11.exe"+192463:
jmp newmem4
nop 2
returnhere4:
///*****************************************///
{$lua}
local function hotkeyLuaThread(thread)
local addrC = getAddressSafe('aControllerHotkeyPressed')
local addrKM = getAddressSafe('bFlyKeyPressed')
while RunHotkeyLuaThread do
sleep(100)
if addrC then
local xcs = getXBox360ControllerState()
if xcs~=nil then
if xcs.GAMEPAD_A then writeBytes(addrC, 1) else writeBytes(addrC, 0) end
if xcs.GAMEPAD_B then writeBytes(addrC+0x4, 1) else writeBytes(addrC+0x4, 0) end
if xcs.GAMEPAD_X then writeBytes(addrC+0x8, 1) else writeBytes(addrC+0x8, 0) end
if xcs.GAMEPAD_Y then writeBytes(addrC+0xc, 1) else writeBytes(addrC+0xc, 0) end
writeBytes(addrC+0x10, xcs.LeftTrigger)
writeBytes(addrC+0x14, xcs.RightTrigger)
if xcs.GAMEPAD_LEFT_SHOULDER then writeBytes(addrC+0x18, 1) else writeBytes(addrC+0x18, 0) end
if xcs.GAMEPAD_RIGHT_SHOULDER then writeBytes(addrC+0x1c, 1) else writeBytes(addrC+0x1c, 0) end
if xcs.GAMEPAD_LEFT_THUMB then writeBytes(addrC+0x20, 1) else writeBytes(addrC+0x20, 0) end
if xcs.GAMEPAD_RIGHT_THUMB then writeBytes(addrC+0x24, 1) else writeBytes(addrC+0x24, 0) end
end
else
addrC = getAddressSafe('aControllerHotkeyPressed')
end
end
thread.terminate()
end
----------------------------------
if syntaxcheck then return end
RunHotkeyLuaThread = true
createThread(hotkeyLuaThread)
{$asm}
[DISABLE]
{$lua}
if syntaxcheck then return end
RunHotkeyLuaThread = false
{$asm}
///*****************************************///
dealloc(newmem)
playerHealthReadInCombatAOB: //"Control_DX11.exe"+3AD1EA:
db F3 0F 10 78 40
//Alt: movss xmm7,[rax+40]
unregistersymbol(aKMHotkeyPressed)
unregistersymbol(aControllerHotkeyPressed)
unregistersymbol(pPlayer)
///*****************************************///
dealloc(newmem2)
healthCalOnChangeAOB: //"Control_DX11.exe"+2C81B4:
readmem(originalcode2_healthCalOnChangeAOB,5)
//db F3 0F 10 41 64
//Alt: movss xmm0,[rcx+64]
unregistersymbol(originalcode2_healthCalOnChangeAOB)
unregistersymbol(bUndead)
unregistersymbol(dDamageMultiplier)
unregistersymbol(dMinHealth)
unregistersymbol(pPlayerHealthCal)
///*****************************************///
dealloc(newmem3)
playerAmmoRead3AOB: //"Control_DX11.exe"+5A982B:
readmem(originalcode3_playerAmmoRead3AOB,8)
//db F3 0F 10 81 48 01 00 00
//Alt: movss xmm0,[rcx+00000148]
unregistersymbol(originalcode3_playerAmmoRead3AOB)
unregistersymbol(pAmmo)
///*****************************************///
dealloc(newmem4)
outfitsFlagsChkOnControlPointAccessAOB+a: //"Control_DX11.exe"+192463:
readmem(originalcode4_outfitsFlagsChkOnControlPointAccessAOB,7)
//db 48 8D 34 C3 48 3B DE
//Alt: lea rsi,[rbx+rax*8]
//Alt: cmp rbx,rsi
unregistersymbol(originalcode4_outfitsFlagsChkOnControlPointAccessAOB)
unregistersymbol(pOutfitFlags)
Toggle Activation
113
0
2
"[PLAYER]"
008000
1
13029
"Undead"
000080
Auto Assembler Script
[ENABLE]
bUndead:
db 1
dMinHealth:
dd (float)0.5
[DISABLE]
bUndead:
db 0
13030
"HP Minimum"
C08000
Float
dMinHealth
16237
"Infinite Energy"
000080
Auto Assembler Script
[ENABLE]
aobscanmodule(energyWriteOnUseAOB,Control_DX11.exe,F3 0F ** ** ** 48 ** ** 48 ** ** 74 ** 48)
registersymbol(energyWriteOnUseAOB)
alloc(newmem,2048,energyWriteOnUseAOB) //"Control_DX11.exe"+E07E5)
label(returnhere)
label(originalcode_energyWriteOnUseAOB)
registersymbol(originalcode_energyWriteOnUseAOB)
label(exit)
newmem:
readmem(energyWriteOnUseAOB,2)
db 5F
readmem(energyWriteOnUseAOB+3,2)
//maxss xmm0,[rcx+40]
originalcode_energyWriteOnUseAOB:
readmem(energyWriteOnUseAOB,5)
//movss [rcx+40],xmm0
exit:
jmp returnhere
///
energyWriteOnUseAOB: //"Control_DX11.exe"+E07E5:
jmp newmem
returnhere:
[DISABLE]
dealloc(newmem)
energyWriteOnUseAOB: //"Control_DX11.exe"+E07E5:
readmem(originalcode_energyWriteOnUseAOB,5)
//db F3 0F 11 41 40
//Alt: movss [rcx+40],xmm0
unregistersymbol(originalcode_energyWriteOnUseAOB)
16331
"Levitate Mod"
000080
Auto Assembler Script
[ENABLE]
define(flykeyiddefault,10)
define(flybuttonoffsetdefault,4)
aobscanmodule(someStateTransitionCallerAOB,"rl_rmdwin7_f.dll",49 ** ** E8 ** ** ** ** 45 ** ** ** ** 00 00 45 ** ** ** ** 00 00 48 ** ** ** 48 ** ** 75 06 4C ** ** ** 74 03 FF ** ** 48)
registersymbol(someStateTransitionCallerAOB)
///
aobscanmodule(flyUpStateCallAOB,"Control_DX11.exe",40 53 48 ** ** ** 48 ** ** 40 01 00 00 48 ** ** 80 ** 01 74 17 48 ** ** ** ** ** ** C6 ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** 00)
registersymbol(flyUpStateCallAOB)
aobscanmodule(floatDownStateCallAOB,"Control_DX11.exe",40 53 48 ** ** ** 48 ** ** 40 01 00 00 48 ** ** 80 ** 01 74 17 48 ** ** ** ** ** ** C6 ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** 01)
registersymbol(floatDownStateCallAOB)
///
label(bFlyKeyPressed)
registersymbol(bFlyKeyPressed)
label(bFlyKeyID)
registersymbol(bFlyKeyID)
label(bFlyButtonOffset)
registersymbol(bFlyButtonOffset)
alloc(newmem,2048,someStateTransitionCallerAOB+16) //"rl_rmdwin7_f.dll"+1518C1)
label(returnhere)
label(originalcode_someStateTransitionCallerAOB)
registersymbol(originalcode_someStateTransitionCallerAOB)
label(exit)
newmem:
//mov rcx,[rsi+10]
//test rcx,rcx
//jnz end
//cmp [rsi+18],r13
//je end
@@:
mov rcx,flyUpStateCallAOB //"Control_DX11.exe"+CB020 //fly up
cmp [rsi+18],rcx
jne @f
mov rcx,pFlyUpCaller
mov [rcx],rsi
jmp end
@@:
mov rcx,floatDownStateCallAOB //"Control_DX11.exe"+CB160 //float down
cmp [rsi+18],rcx
jne end
mov rcx,pFloatDownCaller
mov [rcx],rcx
mov rcx,bFlyKeyPressed
cmp byte ptr [rcx],1
je @f
push rax
mov rcx,aControllerHotkeyPressed
mov rax,bFlyButtonOffset
movsxd rax,dword ptr [rax]
mov cl,[rcx+rax*4]
pop rax
test cl,cl
jnz @f
jmp end
@@:
mov rcx,pFlyUpCaller
mov rcx,[rcx]
test rcx,rcx
cmovnz rsi,rcx
end:
originalcode_someStateTransitionCallerAOB:
readmem(someStateTransitionCallerAOB+16,7)
//mov rcx,[rsi+10]
//test rcx,rcx
exit:
jmp returnhere
///
bFlyKeyPressed:
dd 0
bFlyKeyID:
dd flykeyiddefault
bFlyButtonOffset:
dd flybuttonoffsetdefault
pFlyUpCaller:
dq 0
pFloatDownCaller:
dq 0
///
someStateTransitionCallerAOB+16: //"rl_rmdwin7_f.dll"+1518C1:
jmp newmem
nop 2
returnhere:
///*****************************************///
aobscanmodule(flyTimeChkAOB,"Control_DX11.exe",80 ** ** ** ** ** 00 75 ** 48 ** ** ** F3 0F ** ** ** ** 00 00 F3 0F ** ** ** F3 0F ** ** ** ** 00 00 0F ** ** 72)
registersymbol(flyTimeChkAOB)
flyTimeChkAOB+7: //"Control_DX11.exe"+CB325:
db EB
///*****************************************///
//modified from TheyCallMeTim13's lua keylistener script
//http://fearlessrevolution.com/viewtopic.php?f=4&t=6041&start=60#p62657
{$lua}
local function flyKeyLuaThread(thread4)
local addr4 = getAddressSafe('bFlyKeyPressed')
while FlyKeyLuaThreadLoop do
sleep(100)
if addr4 then
if ( isKeyPressed( readInteger('bFlyKeyID') ) ) then
writeBytes(addr4, 1)
else
writeBytes(addr4, 0)
end
else
addr4 = getAddressSafe('bFlyKeyPressed')
end
end
thread4.terminate()
-- while FlyKeyLuaThreadLoop do
-- if ( isKeyPressed(VK_CAPITAL) ) then
-- writeBytes("bFlyKeyPressed" ,1)
-- else
-- writeBytes("bFlyKeyPressed" ,0)
-- end
-- end
-- thread4.terminate()
end
----------------------------------
if syntaxcheck then return end
FlyKeyLuaThreadLoop = true
createThread(flyKeyLuaThread)
{$asm}
[DISABLE]
{$lua}
if syntaxcheck then return end
FlyKeyLuaThreadLoop = false
{$asm}
dealloc(newmem)
someStateTransitionCallerAOB+16: //"rl_rmdwin7_f.dll"+1518C1:
readmem(originalcode_someStateTransitionCallerAOB,7)
//db 48 8B 4E 10 48 85 C9
//Alt: mov rcx,[rsi+10]
//Alt: test rcx,rcx
unregistersymbol(originalcode_someStateTransitionCallerAOB)
unregistersymbol(bFlyKeyPressed)
unregistersymbol(bFlyKeyID)
unregistersymbol(bFlyButtonOffset)
///*****************************************///
flyTimeChkAOB+7: //"Control_DX11.exe"+CB325:
db 75
//Alt: jne
16332
"Keyboard / Mouse"
10:SHIFT
11:CTRL
12:ALT
14:CAPS LOCK
04:Middle Mouse
05:X1 Mouse
06:X2 Mouse
1
C08000
Byte
bFlyKeyID
16336
"Controller"
0: XBOX: A | PS4: Cross
1: XBOX: B | PS4: Circle
2: XBOX: X | PS4: Square
3: XBOX: Y | PS4: Triangle
4: XBOX: LT | PS4: L1
5: XBOX: RT | PS4: R1
6: XBOX: LB | PS4: L2
7: XBOX: RB | PS4: R2
8:Left Stick Pressed
9:Right Stick Pressed
C08000
Byte
bFlyButtonOffset
16409
"Evade / Dash Distance Multiplier"
000080
Auto Assembler Script
[ENABLE]
define(evadedistancemultiplierkeyiddefault,10)
define(evadedistancemultiplierbuttonoffsetdefault,4)
aobscanmodule(ecadeDistanceReadOnGroundEvadeAOB,"Control_DX11.exe",F3 0F ** ** ** 0F ** ** 0F ** ** ** 0F ** ** 0F ** ** ** 48 ** ** 74)
registersymbol(ecadeDistanceReadOnGroundEvadeAOB)
label(bEvadeDistanceMultiplierKeyPressed)
registersymbol(bEvadeDistanceMultiplierKeyPressed)
label(bEvadeDistanceMultiplierKeyID)
registersymbol(bEvadeDistanceMultiplierKeyID)
label(bEvadeDistanceMultiplierButtonOffset)
registersymbol(bEvadeDistanceMultiplierButtonOffset)
label(dEvadeDistanceMultiplier)
registersymbol(dEvadeDistanceMultiplier)
alloc(newmem,2048,ecadeDistanceReadOnGroundEvadeAOB+5) //"Control_DX11.exe"+6BDF1)
label(returnhere)
label(originalcode_ecadeDistanceReadOnGroundEvadeAOB)
registersymbol(originalcode_ecadeDistanceReadOnGroundEvadeAOB)
label(exit)
newmem:
push rax
mov rax,bEvadeDistanceMultiplierKeyPressed
cmp byte ptr [rax],1
jne @f
mov rax,dEvadeDistanceMultiplier
mulss xmm2,[rax]
@@:
pop rax
originalcode_ecadeDistanceReadOnGroundEvadeAOB:
readmem(ecadeDistanceReadOnGroundEvadeAOB+5,7)
//movaps xmm3,xmm2
//shufps xmm3,xmm3,00
exit:
jmp returnhere
///
bEvadeDistanceMultiplierKeyPressed:
dd 0
bEvadeDistanceMultiplierKeyID:
dd evadedistancemultiplierkeyiddefault
bEvadeDistanceMultiplierButtonOffset:
dd evadedistancemultiplierbuttonoffsetdefault
dEvadeDistanceMultiplier:
dd (float)10
///
ecadeDistanceReadOnGroundEvadeAOB+5: //"Control_DX11.exe"+6BDF1:
jmp newmem
nop 2
returnhere:
///*****************************************///
aobscanmodule(ecadeDistanceReadOnAirEvadeAOB,"Control_DX11.exe",F3 0F ** ** ** 0F ** ** 0F ** ** ** 0F ** ** 0F ** ** ** 48 ** ** ** ** 00 00 F3 0F ** ** 0F ** ** 7A)
registersymbol(ecadeDistanceReadOnAirEvadeAOB)
alloc(newmem2,2048,ecadeDistanceReadOnAirEvadeAOB+5) //"Control_DX11.exe"+6C017)
label(returnhere2)
label(originalcode2_ecadeDistanceReadOnAirEvadeAOB)
registersymbol(originalcode2_ecadeDistanceReadOnAirEvadeAOB)
label(exit2)
newmem2:
push rax
mov rax,bEvadeDistanceMultiplierKeyPressed
cmp byte ptr [rax],1
je @f
push rcx
mov rcx,aControllerHotkeyPressed
mov rax,bEvadeDistanceMultiplierButtonOffset
movsxd rax,dword ptr [rax]
mov cl,[rcx+rax*4]
test cl,cl
pop rcx
jnz @f
jmp end
@@:
mov rax,dEvadeDistanceMultiplier
mulss xmm1,[rax]
end:
pop rax
originalcode2_ecadeDistanceReadOnAirEvadeAOB:
readmem(ecadeDistanceReadOnAirEvadeAOB+5,7)
//movaps xmm6,xmm1
//shufps xmm6,xmm6,00
exit2:
jmp returnhere2
///
ecadeDistanceReadOnAirEvadeAOB+5: //"Control_DX11.exe"+6C017:
jmp newmem2
nop 2
returnhere2:
///*****************************************///
aobscanmodule(ecadeDistanceChkOnGroundEvadeAOB,"Control_DX11.exe",f3 0f ** ** ** f3 0f ** ** ** 48 ** ** ** ** 48 ** ** ** 48 ** ** ** ** 0f)
registersymbol(ecadeDistanceChkOnGroundEvadeAOB)
alloc(newmem3,2048,ecadeDistanceChkOnGroundEvadeAOB+5) //"Control_DX11.exe"+6BD99)
label(returnhere3)
label(originalcode3_ecadeDistanceChkOnGroundEvadeAOB)
registersymbol(originalcode3_ecadeDistanceChkOnGroundEvadeAOB)
label(exit3)
newmem3:
readmem(ecadeDistanceChkOnGroundEvadeAOB,4)
readmem(ecadeDistanceChkOnGroundEvadeAOB+9,1)
//movss xmm1,[rcx+18]
push rax
mov rax,bEvadeDistanceMultiplierKeyPressed
cmp byte ptr [rax],1
je @f
push rcx
mov rcx,aControllerHotkeyPressed
mov rax,bEvadeDistanceMultiplierButtonOffset
movsxd rax,dword ptr [rax]
mov cl,[rcx+rax*4]
test cl,cl
pop rcx
jnz @f
jmp end2
@@:
mov rax,dEvadeDistanceMultiplier
mulss xmm1,[rax]
end2:
pop rax
readmem(ecadeDistanceChkOnGroundEvadeAOB+5,3)
db D9
//addss xmm3,xmm1
readmem(ecadeDistanceChkOnGroundEvadeAOB,5)
//movss xmm1,[rcx+3C]
jmp exit3
originalcode3_ecadeDistanceChkOnGroundEvadeAOB:
readmem(ecadeDistanceChkOnGroundEvadeAOB+5,5)
//addss xmm3,[rcx+18]
exit3:
jmp returnhere3
///
ecadeDistanceChkOnGroundEvadeAOB+5: //"Control_DX11.exe"+6BD99:
jmp newmem3
returnhere3:
///*****************************************///
//modified from TheyCallMeTim13's lua keylistener script
//http://fearlessrevolution.com/viewtopic.php?f=4&t=6041&start=60#p62657
{$lua}
local function evadeDistanceMultiplierKeyLuaThread(thread_edmk5)
local addr_edmk5 = getAddressSafe('bEvadeDistanceMultiplierKeyPressed')
while EvadeDistanceMultiplierKeyLuaThreadLoop do
sleep(100)
if addr_edmk5 then
if ( isKeyPressed( readInteger('bEvadeDistanceMultiplierKeyID') ) ) then
writeBytes(addr_edmk5, 1)
else
writeBytes(addr_edmk5, 0)
end
else
addr_edmk5 = getAddressSafe('bEvadeDistanceMultiplierKeyPressed')
end
end
thread_edmk5.terminate()
-- while EvadeDistanceMultiplierKeyLuaThreadLoop do
-- if ( isKeyPressed(VK_CAPITAL) ) then
-- writeBytes("bEvadeDistanceMultiplierKeyPressed" ,1)
-- else
-- writeBytes("bEvadeDistanceMultiplierKeyPressed" ,0)
-- end
-- end
-- thread_edmk5.terminate()
end
----------------------------------
if syntaxcheck then return end
EvadeDistanceMultiplierKeyLuaThreadLoop = true
createThread(evadeDistanceMultiplierKeyLuaThread)
{$asm}
[DISABLE]
{$lua}
if syntaxcheck then return end
EvadeDistanceMultiplierKeyLuaThreadLoop = false
{$asm}
dealloc(newmem)
ecadeDistanceReadOnGroundEvadeAOB+5: //"Control_DX11.exe"+6BDF1:
readmem(originalcode_ecadeDistanceReadOnGroundEvadeAOB,7)
//db 0F 28 DA 0F C6 DB 00
//Alt: movaps xmm3,xmm2
//Alt: shufps xmm3,xmm3,00
unregistersymbol(originalcode_ecadeDistanceReadOnGroundEvadeAOB)
unregistersymbol(bEvadeDistanceMultiplierKeyPressed)
unregistersymbol(bEvadeDistanceMultiplierKeyID)
unregistersymbol(bEvadeDistanceMultiplierButtonOffset)
unregistersymbol(dEvadeDistanceMultiplier)
///*****************************************///
dealloc(newmem2)
ecadeDistanceReadOnAirEvadeAOB+5: //"Control_DX11.exe"+6C017:
readmem(originalcode2_ecadeDistanceReadOnAirEvadeAOB,7)
//db 0F 28 F1 0F C6 F6 00
//Alt: movaps xmm6,xmm1
//Alt: shufps xmm6,xmm6,00
unregistersymbol(originalcode2_ecadeDistanceReadOnAirEvadeAOB)
///*****************************************///
dealloc(newmem3)
ecadeDistanceChkOnGroundEvadeAOB+5: //"Control_DX11.exe"+6BD99:
readmem(originalcode3_ecadeDistanceChkOnGroundEvadeAOB,5)
//db F3 0F 58 59 18
//Alt: addss xmm3,[rcx+18]
unregistersymbol(originalcode3_ecadeDistanceChkOnGroundEvadeAOB)
16411
"Keyboard / Mouse"
10:SHIFT
11:CTRL
12:ALT
14:CAPS LOCK
04:Middle Mouse
05:X1 Mouse
06:X2 Mouse
1
C08000
Byte
bEvadeDistanceMultiplierKeyID
16480
"Controller"
0: XBOX: A | PS4: Cross
1: XBOX: B | PS4: Circle
2: XBOX: X | PS4: Square
3: XBOX: Y | PS4: Triangle
4: XBOX: LT | PS4: L1
5: XBOX: RT | PS4: R1
6: XBOX: LB | PS4: L2
7: XBOX: RB | PS4: R2
8:Left Stick Pressed
9:Right Stick Pressed
C08000
Byte
bEvadeDistanceMultiplierButtonOffset
16410
"Multiplier"
C08000
Float
dEvadeDistanceMultiplier
28
"Walk Key"
000080
Auto Assembler Script
[ENABLE]
define(walkkeyiddefault,12)
aobscanmodule(moveSpeedWriteAOB,Control_DX11.exe,F3 0F ** ** ** F3 0F ** ** ** ** 00 00 41 ** ** ** 44 ** ** ** ** ** 7A ** 75)
registersymbol(moveSpeedWriteAOB)
label(bWalkKeyMethod)
registersymbol(bWalkKeyMethod)
label(bWalkKeyPressed)
registersymbol(bWalkKeyPressed)
label(bWalkKeyID)
registersymbol(bWalkKeyID)
alloc(newmem,2048,moveSpeedWriteAOB) //"Control_DX11.exe"+32DB59)
label(returnhere)
label(originalcode_moveSpeedWriteAOB)
registersymbol(originalcode_moveSpeedWriteAOB)
label(exit)
newmem:
push rax
mov rax,bWalkKeyMethod
cmp byte ptr [rax],1
lea rax,[rax+4]
jne movemaxspeedmanipulate
cmp byte ptr [rax],1
jne walkkeynotpressing
cmp byte ptr [rax+1],1
je toggleend
mov byte ptr [rax+1],1
xor byte ptr [rax+2],1
jmp toggleend
walkkeynotpressing:
cmp byte ptr [rax+1],0
je toggleend
mov byte ptr [rax+1],0
toggleend:
lea rax,[rax+2]
movemaxspeedmanipulate:
cmp byte ptr [rax],1
jne end
mov rax,dMoveSpeedMultiplier
mulss xmm2,[rax]
end:
pop rax
originalcode_moveSpeedWriteAOB:
readmem(moveSpeedWriteAOB,5)
//movss [rdi+20],xmm2
exit:
jmp returnhere
///
bWalkKeyMethod:
dd 0 //0: hold, 1: toggle
bWalkKeyPressed:
dd 0
bWalkKeyID:
dd walkkeyiddefault
dMoveSpeedMultiplier:
dd (float)0.42
///
moveSpeedWriteAOB: //"Control_DX11.exe"+32DB59:
jmp newmem
returnhere:
///*****************************************///
//modified from TheyCallMeTim13's lua keylistener script
//http://fearlessrevolution.com/viewtopic.php?f=4&t=6041&start=60#p62657
{$lua}
local function walkkeyLuaThread(thread2)
local addr2 = getAddressSafe('bWalkKeyPressed')
while RunWalkkeyLuaThreadLoop do
sleep(100)
if addr2 then
if ( isKeyPressed( readInteger('bWalkKeyID') ) ) then
writeBytes(addr2, 1)
else
writeBytes(addr2, 0)
end
else
addr2 = getAddressSafe('bWalkKeyPressed')
end
end
thread2.terminate()
-- while RunWalkkeyLuaThreadLoop do
-- if ( isKeyPressed(VK_CAPITAL) ) then
-- writeBytes("bWalkKeyPressed" ,1)
-- else
-- writeBytes("bWalkKeyPressed" ,0)
-- end
-- end
-- thread2.terminate()
end
----------------------------------
if syntaxcheck then return end
RunWalkkeyLuaThreadLoop = true
createThread(walkkeyLuaThread)
{$asm}
[DISABLE]
{$lua}
if syntaxcheck then return end
RunWalkkeyLuaThreadLoop = false
{$asm}
dealloc(newmem)
moveSpeedWriteAOB: //"Control_DX11.exe"+32DB59:
readmem(originalcode_moveSpeedWriteAOB,5)
//db F3 0F 11 57 20
//Alt: movss [rdi+20],xmm2
unregistersymbol(originalcode_moveSpeedWriteAOB)
unregistersymbol(bWalkKeyMethod)
unregistersymbol(bWalkKeyPressed)
unregistersymbol(bWalkKeyID)
15979
"Status"
0:Hold Key
1:Toggle Key
C08000
Byte
bWalkKeyMethod
13006
"Key"
10:SHIFT
11:CTRL
12:ALT
14:CAPS LOCK
04:Middle Mouse
05:X1 Mouse
06:X2 Mouse
1
C08000
Byte
bWalkKeyID
16235
"Speed"
C08000
Float
bWalkKeyID+4
15984
"Slow Motion (SpeedHack)"
000080
Auto Assembler Script
[ENABLE]
alloc(slowmokeys,1024,Control_DX11.exe)
label(bKeyCombMethod)
registersymbol(bKeyCombMethod)
label(dSlowMoKey1)
registersymbol(dSlowMoKey1)
label(dSlowMoKey2)
registersymbol(dSlowMoKey2)
label(dCustSpeedhackSpeed)
registersymbol(dCustSpeedhackSpeed)
///
slowmokeys:
bKeyCombMethod:
dd 1 //0: and, 1: or
dSlowMoKey1:
dd 14
dSlowMoKey2:
dd 02
dCustSpeedhackSpeed:
dd (float)0.4
///
{$lua}
lastSpeed=speedhack_getSpeed();
bSpeedKeyReleased=1;
combmethod=0;
local function slowmokeyLuaThread(thread3)
while SlowMokeyLuaThreadLoop do
sleep(100)
-- addrga = readPointer(getAddress('pSomeGameStatus'))
-- addrga = getAddress('pSomeGameStatus')
-- print(readBytes('bKeyCombMethod'))
if ((getAddressSafe('dCustSpeedhackSpeed')) and (getAddressSafe('bKeyCombMethod')))then
combmethod = readBytes('bKeyCombMethod')
if ( ( combmethod ==0 and (isKeyPressed(readInteger('dSlowMoKey1'))) and (isKeyPressed(readInteger('dSlowMoKey2'))) ) or ( combmethod==1 and ( (isKeyPressed(readInteger('dSlowMoKey1'))) or (isKeyPressed(readInteger('dSlowMoKey2'))) ) ) ) then
-- if ( (isKeyPressed(readInteger('dSlowMoKey1'))) and (isKeyPressed(readInteger('dSlowMoKey2'))) ) then
if bSpeedKeyReleased == 1 then
if speedhack_getSpeed() ~= readFloat("dCustSpeedhackSpeed") then
-- print("pressing: ", lastSpeed)
lastSpeed=speedhack_getSpeed()
speedhack_setSpeed(readFloat("dCustSpeedhackSpeed"))
bSpeedKeyReleased=0
end
end
else
if bSpeedKeyReleased == 0 then
bSpeedKeyReleased=1
-- print(lastSpeed)
if speedhack_getSpeed() ~= lastSpeed then
speedhack_setSpeed(lastSpeed)
end
end
end
end
end
thread3.terminate()
end
----------------------------------
if syntaxcheck then return end
SlowMokeyLuaThreadLoop = true
createThread(slowmokeyLuaThread)
{$asm}
[DISABLE]
{$lua}
if syntaxcheck then return end
SlowMokeyLuaThreadLoop = false
{$asm}
dealloc(newmem)
unregistersymbol(bKeyCombMethod)
unregistersymbol(dSlowMoKey1)
unregistersymbol(dSlowMoKey2)
unregistersymbol(dCustSpeedhackSpeed)
15985
"Key 1"
10:SHIFT
11:CTRL
12:ALT
14:CAPS LOCK
02:Right Mouse
04:Middle Mouse
05:X1 Mouse
06:X2 Mouse
1
C08000
Byte
dSlowMoKey1
16232
"and/or ?"
0:And
1:Or
C08000
Byte
bKeyCombMethod
16233
"Key 2"
10:SHIFT
11:CTRL
12:ALT
14:CAPS LOCK
02:Right Mouse
04:Middle Mouse
05:X1 Mouse
06:X2 Mouse
1
C08000
Byte
dSlowMoKey2
16234
"Speed"
C08000
Float
dCustSpeedhackSpeed
22
"[FIGHT]"
0000FF
1
13035
"Damage Multiplier"
000080
Auto Assembler Script
[ENABLE]
dDamageMultiplier:
dd (float)2
[DISABLE]
dDamageMultiplier:
dd (float)1
13036
"Multiplier"
C08000
Float
dDamageMultiplier
13056
"Infinite Ammo"
000080
Auto Assembler Script
[ENABLE]
/*
aobscanmodule(playerAmmoRead3AOB,Control_DX11.exe,F3 0F ** ** ** ** 00 00 0F ** ** ** ** ** ** 76 ** E8 ** ** ** ** 84 ** 74 ** 32 ** EB)
registersymbol(playerAmmoRead3AOB)
label(pAmmo)
registersymbol(pAmmo)
alloc(newmem,2048,playerAmmoRead3AOB) //"Control_DX11.exe"+5A982B)
label(returnhere)
label(originalcode_playerAmmoRead3AOB)
registersymbol(originalcode_playerAmmoRead3AOB)
label(exit)
newmem:
push rax
mov rax,pAmmo
mov [rax],rcx
pop rax
originalcode_playerAmmoRead3AOB:
readmem(playerAmmoRead3AOB,8)
//movss xmm0,[rcx+00000148]
exit:
jmp returnhere
///
pAmmo:
///
playerAmmoRead3AOB: //"Control_DX11.exe"+5A982B:
jmp newmem
nop 3
returnhere:
*/
aobscanmodule(ammoWriteOnFireAOB,Control_DX11.exe,F3 0F ** ** ** ** 00 00 48 ** ** ** ** 00 00 48 ** ** ** ** ** ** 45 ** ** 48)
registersymbol(ammoWriteOnFireAOB)
alloc(newmem2,2048,ammoWriteOnFireAOB) //"Control_DX11.exe"+357DA3)
label(returnhere2)
label(originalcode2_ammoWriteOnFireAOB)
registersymbol(originalcode2_ammoWriteOnFireAOB)
label(exit2)
newmem2:
mov rdx,pAmmo
mov rdx,[rdx]
lea rdx,[rdx-a8]
cmp rcx,rdx
jne @f
readmem(ammoWriteOnFireAOB,2)
db 5F
readmem(ammoWriteOnFireAOB+3,5)
//maxss xmm3,[rcx+1f0]
originalcode2_ammoWriteOnFireAOB:
readmem(ammoWriteOnFireAOB,8)
//movss [rcx+000001F0],xmm3
exit2:
jmp returnhere2
///
ammoWriteOnFireAOB: //"Control_DX11.exe"+357DA3:
jmp newmem2
nop 3
returnhere2:
[DISABLE]
/*
dealloc(newmem)
playerAmmoRead3AOB: //"Control_DX11.exe"+5A982B:
readmem(originalcode_playerAmmoRead3AOB,8)
//db F3 0F 10 81 48 01 00 00
//Alt: movss xmm0,[rcx+00000148]
unregistersymbol(originalcode_playerAmmoRead3AOB)
unregistersymbol(pAmmo)
*/
///****************************************///
dealloc(newmem2)
ammoWriteOnFireAOB: //"Control_DX11.exe"+357DA3:
readmem(originalcode2_ammoWriteOnFireAOB,8)
//db F3 0F 11 99 F0 01 00 00
//Alt: movss [rcx+000001F0],xmm3
unregistersymbol(originalcode2_ammoWriteOnFireAOB)
16351
"Fast Recharge"
000080
Auto Assembler Script
[ENABLE]
aobscanmodule(rechargeTimeoutCountdownCalAOB,"Control_DX11.exe",F3 0F ** ** ** ** 00 00 0F ** ** F3 0F ** ** ** ** 00 00 0F ** ** F3 0F ** ** ** ** 00 00 72)
registersymbol(rechargeTimeoutCountdownCalAOB)
label(dRechargeTimeoutStepMultiplier)
registersymbol(dRechargeTimeoutStepMultiplier)
alloc(newmem,2048,rechargeTimeoutCountdownCalAOB+b) //"Control_DX11.exe"+5DC34B)
label(returnhere)
label(originalcode_rechargeTimeoutCountdownCalAOB)
registersymbol(originalcode_rechargeTimeoutCountdownCalAOB)
label(exit)
newmem:
readmem(rechargeTimeoutCountdownCalAOB,3)
db 89
readmem(rechargeTimeoutCountdownCalAOB+f,4)
//movss xmm1,[rcx+16c]
push rax
mov rax,pAmmo
cmp [rax],rcx
jne @f
//push rbx
//mov rbx,originalcode3_playerAmmoRead3AOB
//movsxd rbx,dword ptr [rbx+4]
//cmp dword ptr [rcx+rbx],0
//pop rbx
//jne @f
mov rax,dRechargeTimeoutStepMultiplier
mulss xmm1,[rax]
@@:
pop rax
subss xmm0,xmm1
xorps xmm1,xmm1
jmp exit
originalcode_rechargeTimeoutCountdownCalAOB:
readmem(rechargeTimeoutCountdownCalAOB+b,8)
//subss xmm0,[rcx+0000016C]
exit:
jmp returnhere
///
dRechargeTimeoutStepMultiplier:
dd (float)1.75
///
rechargeTimeoutCountdownCalAOB+b: //"Control_DX11.exe"+5DC34B:
jmp newmem
nop 3
returnhere:
///****************************************///
aobscanmodule(rechargeFromEmptyClipAOB,"Control_DX11.exe",F3 0F ** ** ** ** 00 00 0F ** ** ** ** 0F ** ** ** ** 00 00 F3 0F ** ** ** ** ** ** 0F ** ** F3 0F)
registersymbol(rechargeFromEmptyClipAOB)
alloc(newmem2,2048,rechargeFromEmptyClipAOB) //"Control_DX11.exe"+5DC2CD)
label(returnhere2)
label(originalcode2_rechargeFromEmptyClipAOB)
registersymbol(originalcode2_rechargeFromEmptyClipAOB)
label(exit2)
newmem2:
push rax
mov rax,pAmmo
cmp [rax],rcx
jne @f
readmem(rechargeFromEmptyClipAOB,2)
db 5F
readmem(rechargeFromEmptyClipAOB+f,5)
//maxss xmm3,[rcx+14c]
end2:
pop rax
originalcode2_rechargeFromEmptyClipAOB:
readmem(rechargeFromEmptyClipAOB,8)
//movss [rcx+00000148],xmm3
exit2:
jmp returnhere2
///
rechargeFromEmptyClipAOB: //"Control_DX11.exe"+5DC2CD:
jmp newmem2
nop 3
returnhere2:
[DISABLE]
dealloc(newmem)
rechargeTimeoutCountdownCalAOB+b: //"Control_DX11.exe"+5DC34B:
readmem(originalcode_rechargeTimeoutCountdownCalAOB,8)
//db F3 0F 5C 81 6C 01 00 00
//Alt: subss xmm0,[rcx+0000016C]
unregistersymbol(originalcode_rechargeTimeoutCountdownCalAOB)
unregistersymbol(dRechargeTimeoutStepMultiplier)
///****************************************///
dealloc(newmem2)
rechargeFromEmptyClipAOB: //"Control_DX11.exe"+5DC2CD:
readmem(originalcode2_rechargeFromEmptyClipAOB,8)
//db F3 0F 11 99 48 01 00 00
//Alt: movss [rcx+00000148],xmm3
unregistersymbol(originalcode2_rechargeFromEmptyClipAOB)
16370
"Instant Recharge by Key"
000080
Auto Assembler Script
[ENABLE]
define(reloadkeyiddefault,#82) //VK_R = #82
aobscanmodule(reloadFlagUnsetAOB,"Control_DX11.exe",74 0C 0F ** ** 0F ** ** ** ** 00 00 73 ** 32 C0 48)
registersymbol(reloadFlagUnsetAOB)
label(bReloadKeyPressed)
registersymbol(bReloadKeyPressed)
label(bReloadKeyID)
registersymbol(bReloadKeyID)
alloc(newmem,2048,reloadFlagUnsetAOB+e) //"Control_DX11.exe"+5DBF65)
label(returnhere)
label(originalcode_reloadFlagUnsetAOB)
registersymbol(originalcode_reloadFlagUnsetAOB)
label(exit)
newmem:
mov rbx,bReloadKeyPressed
mov bl,[rbx]
test bl,bl
jz @f
setnz al
mov ebx,[rcx+c]
mov [rcx+8],ebx
readmem(reloadFlagUnsetAOB+10,5)
//mov rbx,[rsp+30]
jmp exit
originalcode_reloadFlagUnsetAOB:
readmem(reloadFlagUnsetAOB+e,7)
//xor al,al
//mov rbx,[rsp+30]
exit:
jmp returnhere
///
bReloadKeyPressed:
dd 0
bReloadKeyID:
dd reloadkeyiddefault
///
reloadFlagUnsetAOB+e: //readmem"Control_DX11.exe"+5DBF65:
jmp newmem
nop 2
returnhere:
///*****************************************///
//modified from TheyCallMeTim13's lua keylistener script
//http://fearlessrevolution.com/viewtopic.php?f=4&t=6041&start=60#p62657
{$lua}
local function reloadKeyLuaThread(thread5)
local addr5 = getAddressSafe('bReloadKeyPressed')
local i = 0
local j = 0
while ReloadKeyLuaThreadLoop do
sleep(100)
j = 10 / speedhack_getSpeed()
if addr5 then
if ( isKeyPressed( readInteger('bReloadKeyID') ) ) then
if (i <=j) then
writeBytes(addr5, 1)
i=i+1
else
writeBytes(addr5, 0)
end
else
i=0
writeBytes(addr5, 0)
end
else
addr5 = getAddressSafe('bReloadKeyPressed')
end
end
thread5.terminate()
-- while ReloadKeyLuaThreadLoop do
-- if ( isKeyPressed(VK_CAPITAL) ) then
-- writeBytes("bReloadKeyPressed" ,1)
-- else
-- writeBytes("bReloadKeyPressed" ,0)
-- end
-- end
-- thread5.terminate()
end
----------------------------------
if syntaxcheck then return end
ReloadKeyLuaThreadLoop = true
createThread(reloadKeyLuaThread)
{$asm}
[DISABLE]
{$lua}
if syntaxcheck then return end
ReloadKeyLuaThreadLoop = false
{$asm}
dealloc(newmem)
reloadFlagUnsetAOB+e: //"Control_DX11.exe"+5DBF65:
readmem(originalcode_reloadFlagUnsetAOB,7)
//db 32 C0 48 8B 5C 24 30
//Alt: xor al,al
//Alt: mov rbx,[rsp+30]
unregistersymbol(originalcode_reloadFlagUnsetAOB)
unregistersymbol(bReloadKeyPressed)
unregistersymbol(bReloadKeyID)
16371
"Press 'R' to recharge"
808080
1
16390
"Weapons Instant Full Charged"
000080
Auto Assembler Script
[ENABLE]
//aobscanmodule(chargeCalOnChargeAOB,"Control_DX11.exe",F3 ** ** ** ** 0F ** ** 41 ** ** ** F3 ** ** ** F3 ** ** ** EB 03 0F)
aobscanmodule(chargeCalOnChargeAOB,"Control_DX11.exe",F3 ** ** ** ** 0F ** ** 41 ** ** ** F3 0F ** ** F3 0F 5D ** EB)
registersymbol(chargeCalOnChargeAOB)
chargeCalOnChargeAOB+12: //"Control_DX11.exe"+3B8FF5:
db 10
[DISABLE]
chargeCalOnChargeAOB+12: //"Control_DX11.exe"+3B8FF5:
db 5D
30
"[ABILITY / CRAFT]"
0080FF
1
16259
"Ignore Ability Point"
000080
Auto Assembler Script
[ENABLE]
aobscanmodule(abiliyRequiredPointReadOnAbilitiesMenuAccessAOB,Control_DX11.exe,8B ** ** 41 89 ** ** ** FF ** ** ** ** ** 48 ** ** ** 49)
registersymbol(abiliyRequiredPointReadOnAbilitiesMenuAccessAOB)
alloc(newmem,2048,abiliyRequiredPointReadOnAbilitiesMenuAccessAOB+3) //"Control_DX11.exe"+16750E)
label(returnhere)
label(originalcode_abiliyRequiredPointReadOnAbilitiesMenuAccessAOB)
registersymbol(originalcode_abiliyRequiredPointReadOnAbilitiesMenuAccessAOB)
label(exit)
newmem:
xor eax,eax
originalcode_abiliyRequiredPointReadOnAbilitiesMenuAccessAOB:
readmem(abiliyRequiredPointReadOnAbilitiesMenuAccessAOB+3,5)
//mov [r12+18],eax
exit:
jmp returnhere
///
abiliyRequiredPointReadOnAbilitiesMenuAccessAOB+3: //"Control_DX11.exe"+16750E:
jmp newmem
returnhere:
///**********************************///
aobscanmodule(abilityPointChkOnLearnAOB,Control_DX11.exe,8B ** ** 39 ** ** 0F 8F ** ** ** ** 49)
registersymbol(abilityPointChkOnLearnAOB)
alloc(newmem2,2048,abilityPointChkOnLearnAOB) //"Control_DX11.exe"+1B1BEA)
label(returnhere2)
label(originalcode2_abilityPointChkOnLearnAOB)
registersymbol(originalcode2_abilityPointChkOnLearnAOB)
label(exit2)
newmem2:
{
readmem(abilityPointChkOnLearnAOB,6)
//mov eax,[rsi+48]
//cmp [rcx+24],eax
jle @f
db 89
readmem(abilityPointChkOnLearnAOB+4,2)
//mov [rcx+24],eax
}
readmem(abilityPointChkOnLearnAOB,1)
readmem(abilityPointChkOnLearnAOB+4,2)
//mov eax,[rcx+24]
readmem(abilityPointChkOnLearnAOB+3,1)
readmem(abilityPointChkOnLearnAOB+1,2)
//cmp [rsi+48],eax
jge @f
db 89
readmem(abilityPointChkOnLearnAOB+1,2)
//mov [rsi+48],eax
originalcode2_abilityPointChkOnLearnAOB:
readmem(abilityPointChkOnLearnAOB,6)
//mov eax,[rsi+48]
//cmp [rcx+24],eax
exit2:
jmp returnhere2
///
abilityPointChkOnLearnAOB: //"Control_DX11.exe"+1B1BEA:
jmp newmem2
nop
returnhere2:
[DISABLE]
dealloc(newmem)
abiliyRequiredPointReadOnAbilitiesMenuAccessAOB+3: //"Control_DX11.exe"+16750E:
readmem(originalcode_abiliyRequiredPointReadOnAbilitiesMenuAccessAOB,5)
//db 41 89 44 24 18
//Alt: mov [r12+18],eax
unregistersymbol(originalcode_abiliyRequiredPointReadOnAbilitiesMenuAccessAOB)
///**********************************///
dealloc(newmem2)
abilityPointChkOnLearnAOB: //"Control_DX11.exe"+1B1BEA:
readmem(originalcode2_abilityPointChkOnLearnAOB,6)
//db 8B 46 48 39 41 24
//Alt: mov eax,[rsi+48]
//Alt: cmp [rcx+24],eax
unregistersymbol(originalcode2_abilityPointChkOnLearnAOB)
16307
"Ignore Money / Materials"
000080
Auto Assembler Script
[ENABLE]
aobscanmodule(someObjectDataReadAOB,Control_DX11.exe,42 ** ** ** 41 ** ** ** 48 ** ** 48 ** ** ** 5B C3)
registersymbol(someObjectDataReadAOB)
///
luaCall(lua_aobscan("constructsObjectSelfDataReadCallerAOB","CoherentUIGT.dll","49 ** ** 4D ** ** 48 ** ** FF ** ** 33 ** 49 ** ** E8 ** ** ** ** 49 ** ** E8",2))
///
alloc(newmem,2048,someObjectDataReadAOB) //"Control_DX11.exe"+1689E6)
label(returnhere)
label(originalcode_someObjectDataReadAOB)
registersymbol(originalcode_someObjectDataReadAOB)
label(exit)
newmem:
readmem(someObjectDataReadAOB,4)
//mov edx,[rax+r8]
push rcx
{
mov rcx,"CoherentUIGT.dll"+132BCC
cmp [rsp+30],rcx
jne @f
}
@@:
mov rcx,constructsObjectSelfDataReadCallerAOB
lea rcx,[rcx+c]
//mov rcx,"CoherentUIGT.dll"+13299C
cmp [rsp+30],rcx
jne @f
mov edx,#50000 // It change ability point quantity too, change to 5000 was too low for some craft
readmem(someObjectDataReadAOB,1)
db 39 54
readmem(someObjectDataReadAOB+3,1)
db 04
//cmp [rax+r8+4],edx
jg @f
readmem(someObjectDataReadAOB,4)
//mov edx,[rax+r8]
readmem(someObjectDataReadAOB,1)
db 39 54
readmem(someObjectDataReadAOB+3,1)
db 04
//cmp [rax+r8+4],edx
readmem(someObjectDataReadAOB,1)
db 0F 4F 54
readmem(someObjectDataReadAOB+3,1)
db 04
//cmovg edx,[rax+r8+4]
end:
pop rcx
readmem(someObjectDataReadAOB+4,4)
//call qword ptr [r9+78]
jmp exit
originalcode_someObjectDataReadAOB:
readmem(someObjectDataReadAOB,8)
//mov edx,[rax+r8]
//call qword ptr [r9+78]
exit:
jmp returnhere
///
someObjectDataReadAOB: //"Control_DX11.exe"+1689E6:
jmp newmem
nop 3
returnhere:
///*************************************///
aobscanmodule(moneyChkOnConstructsEnterRefreshAOB,"Control_DX11.exe",49 ** ** E8 ** ** ** ** 48 ** ** ** ** 00 00 48 ** ** 0F 82)
registersymbol(moneyChkOnConstructsEnterRefreshAOB)
alloc(newmem2,2048,moneyChkOnConstructsEnterRefreshAOB+8) //"Control_DX11.exe"+3507B4)
label(returnhere2)
label(originalcode2_moneyChkOnConstructsEnterRefreshAOB)
registersymbol(originalcode2_moneyChkOnConstructsEnterRefreshAOB)
label(exit2)
newmem2:
push rax
readmem(moneyChkOnConstructsEnterRefreshAOB+8,7)
//movsxd rcx,dword ptr [rax+110]
cmp rbx,rcx
jge @f
mov ebx,ecx
//mov rax,[Control_DX11.exe+1111110]
//mov rax,[rax+30]
//mov [rax+40],ecx
@@:
pop rax
originalcode2_moneyChkOnConstructsEnterRefreshAOB:
readmem(moneyChkOnConstructsEnterRefreshAOB+8,7)
//movsxd rcx,dword ptr [rax+00000110]
exit2:
jmp returnhere2
///
moneyChkOnConstructsEnterRefreshAOB+8: //"Control_DX11.exe"+3507B4:
jmp newmem2
nop 2
returnhere2:
///*************************************///
aobscanmodule(foundMaterialQCalAOB,"Control_DX11.exe",84 ** 0F 84 ** ** ** ** 41 ** ** ** 45 ** ** 41 ** ** 44 ** ** ** 41)
registersymbol(foundMaterialQCalAOB)
alloc(newmem3a,2048,foundMaterialQCalAOB+c) //"Control_DX11.exe"+350971)
label(returnhere3a)
label(originalcode3a_foundMaterialQCalAOB)
registersymbol(originalcode3a_foundMaterialQCalAOB)
label(exit3a)
newmem3a:
cmp r14d,eax
cmovl r14d,eax
originalcode3a_foundMaterialQCalAOB:
readmem(foundMaterialQCalAOB+c,6)
//mov r13d,r14d
//cmp eax,r14d
exit3a:
jmp returnhere3a
///
foundMaterialQCalAOB+c: //"Control_DX11.exe"+350971:
jmp newmem3a
nop
returnhere3a:
///*************************************///
aobscanmodule(materialQRFChkAOB,"Control_DX11.exe",E8 ** ** ** ** 48 ** ** ** 44 ** ** ** 41 ** ** ** 00 75 ** 4C)
registersymbol(materialQRFChkAOB)
alloc(newmem3b,2048,materialQRFChkAOB+d) //"Control_DX11.exe"+350A67)
label(returnhere3b)
label(originalcode3b_materialQRFChkAOB)
registersymbol(originalcode3b_materialQRFChkAOB)
label(exit3b)
newmem3b:
push rbx
mov rbx,[rsp+70]
add rbx,8
cmp rbx,[rsp+80]
jne @f
cmp rbx,rbx
mov rbx,[rsp+70]
pop rbx
jmp exit3b
end3b:
pop rbx
originalcode3b_materialQRFChkAOB:
readmem(materialQRFChkAOB+d,5)
//cmp dword ptr [r15+18],00
exit3b:
jmp returnhere3b
///
materialQRFChkAOB+d: //"Control_DX11.exe"+350A67:
jmp newmem3b
returnhere3b:
///*************************************///
aobscanmodule(moneyWriteOnChangeAOB,"Control_DX11.exe",F7 ** ** ** 48 ** ** ** 48 ** ** ** 48 ** ** ** 48 ** ** ** 48 ** ** ** 74 ** 48)
registersymbol(moneyWriteOnChangeAOB)
alloc(newmem4,2048,moneyWriteOnChangeAOB+8) //"Control_DX11.exe"+350DFA)
label(returnhere4)
label(originalcode4_moneyWriteOnChangeAOB)
registersymbol(originalcode4_moneyWriteOnChangeAOB)
label(exit4)
newmem4:
readmem(moneyWriteOnChangeAOB+8,4)
//add [rcx+40],rax
readmem(moneyWriteOnChangeAOB+c,3)
readmem(moneyWriteOnChangeAOB+b,1)
//mov rax,[rcx+40]
test rax,rax
jge @f
xor rax,rax
readmem(moneyWriteOnChangeAOB+8,1)
db 89
readmem(moneyWriteOnChangeAOB+a,2)
//mov [rcx+40],rax
@@:
readmem(moneyWriteOnChangeAOB+c,4)
//mov rax,[rcx+18]
jmp exit4
originalcode4_moneyWriteOnChangeAOB:
readmem(moneyWriteOnChangeAOB+8,8)
//add [rcx+40],rax
//mov rax,[rcx+18]
exit4:
jmp returnhere4
///
moneyWriteOnChangeAOB+8: //"Control_DX11.exe"+350DFA:
jmp newmem4
nop 3
returnhere4:
///*************************************///
/*
alloc(newmem5,2048,"Control_DX11.exe"+35A028)
label(returnhere5)
label(originalcode5)
label(exit5)
newmem5:
test edx,edx
jg @f
xor edx,edx
originalcode5:
mov [rax+40],edx
test edx,edx
exit5:
jmp returnhere5
///
"Control_DX11.exe"+35A028:
jmp newmem5
returnhere5:
*/
[DISABLE]
dealloc(newmem)
someObjectDataReadAOB: //"Control_DX11.exe"+1689E6:
readmem(originalcode_someObjectDataReadAOB,8)
//db 42 8B 14 00 41 FF 51 78
//Alt: mov edx,[rax+r8]
//Alt: call qword ptr [r9+78]
unregistersymbol(originalcode_someObjectDataReadAOB)
///*************************************///
dealloc(newmem2)
moneyChkOnConstructsEnterRefreshAOB+8: //"Control_DX11.exe"+3507B4:
readmem(originalcode2_moneyChkOnConstructsEnterRefreshAOB,7)
//db 48 63 88 10 01 00 00
//Alt: movsxd rcx,dword ptr [rax+00000110]
unregistersymbol(originalcode2_moneyChkOnConstructsEnterRefreshAOB)
///*************************************///
dealloc(newmem3a)
foundMaterialQCalAOB+c: //"Control_DX11.exe"+350971:
readmem(originalcode3a_foundMaterialQCalAOB,6)
//db 45 8B EE 41 3B C6
//Alt: mov r13d,r14d
//Alt: cmp eax,r14d
unregistersymbol(originalcode3a_foundMaterialQCalAOB)
///*************************************///
dealloc(newmem3b)
materialQRFChkAOB+d: //"Control_DX11.exe"+350A67:
db 41 83 7F 18 00
//Alt: cmp dword ptr [r15+18],00
unregistersymbol(originalcode3b_materialQRFChkAOB)
///*************************************///
dealloc(newmem4)
moneyWriteOnChangeAOB+8: //"Control_DX11.exe"+350DFA:
readmem(originalcode4_moneyWriteOnChangeAOB,8)
//db 48 01 41 40 48 8B 41 18
//Alt: add [rcx+40],rax
//Alt: mov rax,[rcx+18]
unregistersymbol(originalcode4_moneyWriteOnChangeAOB)
///*************************************///
/*
dealloc(newmem5)
"Control_DX11.exe"+35A028:
db 89 50 40 85 D2
//Alt: mov [rax+40],edx
//Alt: test edx,edx
*/
33
"[OUTFITS]"
8000FF
Array of byte
0
pOutfitFlags
16466
"Unlock All Outfits"
000080
Auto Assembler Script
[ENABLE]
aobscanmodule(outfitsFlagsReadOnControlPointAccessAOB,"Control_DX11.exe",FF ** ** 48 ** ** ** ** 00 00 41 ** ** ** 48 ** ** ** ** 00 00 89)
registersymbol(outfitsFlagsReadOnControlPointAccessAOB)
alloc(newmem,2048,outfitsFlagsReadOnControlPointAccessAOB+a) //"Control_DX11.exe"+196481)
label(returnhere)
label(originalcode_outfitsFlagsReadOnControlPointAccessAOB)
registersymbol(originalcode_outfitsFlagsReadOnControlPointAccessAOB)
label(exit)
newmem:
xor eax,eax
readmem(outfitsFlagsReadOnControlPointAccessAOB+a,1)
db 39
readmem(outfitsFlagsReadOnControlPointAccessAOB+c,2)
//cmp [r14+4],eax
jne @f
sete al
readmem(outfitsFlagsReadOnControlPointAccessAOB+a,1)
db 88
readmem(outfitsFlagsReadOnControlPointAccessAOB+c,2)
//mov [r14+4],al
end:
originalcode_outfitsFlagsReadOnControlPointAccessAOB:
readmem(outfitsFlagsReadOnControlPointAccessAOB+a,11)
//mov eax,[r14+04]
//mov rcx,[rdx+00000138]
exit:
jmp returnhere
///
outfitsFlagsReadOnControlPointAccessAOB+a: //"Control_DX11.exe"+196481:
jmp newmem
nop 6
returnhere:
[DISABLE]
dealloc(newmem)
outfitsFlagsReadOnControlPointAccessAOB+a: //"Control_DX11.exe"+196481:
readmem(originalcode_outfitsFlagsReadOnControlPointAccessAOB,11)
//db 41 8B 46 04 48 8B 8A 38 01 00 00
//Alt: mov eax,[r14+04]
//Alt: mov rcx,[rdx+00000138]
unregistersymbol(originalcode_outfitsFlagsReadOnControlPointAccessAOB)
16468
"Available Outfits (open for detail)"
000080
Byte
+8
16469
"Civilian"
0:Locked
1:Unlocked
??:Access to a Control Point
C08000
Byte
+0
0*8+4
16470
"Janitir's Assistant"
0:Locked
1:Unlocked
??:Access to a Control Point
C08000
Byte
+0
1*8+4
16471
"Expedition Gear"
0:Locked
1:Unlocked
??:Access to a Control Point
C08000
Byte
+0
2*8+4
16472
"Asynchronous Suit"
0:Locked
1:Unlocked
??:Access to a Control Point
C08000
Byte
+0
3*8+4
16473
"Director's Suit"
0:Locked
1:Unlocked
??:Access to a Control Point
C08000
Byte
+0
4*8+4
16474
"Tactical Response"
0:Locked
1:Unlocked
??:Access to a Control Point
C08000
Byte
+0
5*8+4
16475
"Astral Dive Suit"
0:Locked
1:Unlocked
??:Access to a Control Point
C08000
Byte
+0
6*8+4
16476
"Candidate P7"
0:Locked
1:Unlocked
??:Access to a Control Point
C08000
Byte
+0
7*8+4
16477
"Office Assistant"
0:Locked
1:Unlocked
??:Access to a Control Point
C08000
Byte
+0
8*8+4
16478
"Golden Suit"
0:Locked
1:Unlocked
??:Access to a Control Point
C08000
Byte
+0
9*8+4
16479
"Urban Response"
0:Locked
1:Unlocked
??:Access to a Control Point
C08000
Byte
+0
a*8+4
47
"[RENDERING]"
FF0080
1
48
"FOV Changer [Ctrl + Home]"
000080
Auto Assembler Script
[ENABLE]
// By Otis_Inf and Hattiwatti
// See for info about locations/data:
// https://github.com/FransBouma/InjectableGenericCameraSystem/blob/master/Notes/Control.txt
aobscanmodule(FoVInterception,Control_DX11.exe,F3 0F 59 43 10)
alloc(newmem,$1000,"Control_DX11.exe"+1FA3B2)
label(code)
label(return)
label(fovAddress)
registersymbol(FoVInterception)
registerSymbol(fovAddress)
newmem:
code:
mulss xmm0,[rbx+10]
mov [fovAddress], rbx
jmp return
fovAddress:
dq 0
FoVInterception:
jmp newmem
return:
[DISABLE]
FoVInterception:
db F3 0F 59 43 10
dealloc(newmem)
unregistersymbol(FoVInterception)
Toggle Activation
17
36
0
49
"Change [PgUp/PgDn | Reset = Ctrl+Alt+PgUp]"
C08000
Float
fovAddress
10
Increase Value
33
0.01
0
Decrease Value
34
0.01
1
Set Value
17
18
33
1.1344
2
Toggle Activation
35
3
50
"End Key = Freeze the previous line or game will reset the value"
808080
1
51
"HUD toggle [ Del ]"
000080
Auto Assembler Script
[ENABLE]
// By Otis_Inf and Hattiwatti
// See for info about locations/data:
// https://github.com/FransBouma/InjectableGenericCameraSystem/blob/master/Notes/Control.txt
CoherentGTCore.WebCore::GraphicsLayer::setOpacity:
// set opacity for all objects in any UI to 0. This method is called on many objects so this is
// the easiest way without enumerating them all
xorps xmm1,xmm1
movss [rcx+00000168],xmm1
ret
[DISABLE]
CoherentGTCore.WebCore::GraphicsLayer::setOpacity:
// resume as normal
movss [rcx+00000168],xmm1
ret
Toggle Activation
46
0
52
"HUB will be on/off on camera move"
808080
1
53
"Toggle debug camera [ Insert ]"
000080
Auto Assembler Script
[ENABLE]
// By Otis_Inf and Hattiwatti
// See for info about locations/data:
// https://github.com/FransBouma/InjectableGenericCameraSystem/blob/master/Notes/Control.txt
alloc(enableFreeCamThread,248)
aobscanmodule(interceptFreeCamFoV,Control_DX11.exe,0F 10 43 70 0F 58 C3) // should be unique
alloc(newmem,$1000,"Control_DX11.exe"+308A1C)
label(code)
label(return)
registersymbol(interceptFreeCamFoV)
label(freeCameraStructAddress)
registersymbol(freeCameraStructAddress)
label(originalCameraCoords)
registersymbol(originalCameraCoords)
// Create a thread to call a couple of functions, then stop
createthread(enableFreeCamThread)
enableFreeCamThread:
// first pull the current camera state from the cache. Using code from coregame_rmdwin10_f.coregame::CameraComponentState::getPosition
mov rsi, Control_DX11.exe
mov rcx, [rsi+01166F28] // hardcoded static address. See notes.
mov rbx,[rcx+28]
mov rdi,rdx
call coregame_rmdwin7_f.coregame::TransformComponentState::getTypeIDStatic
// then obtain the camera object address
mov edx,eax
mov rcx,rbx
call rl_rmdwin7_f.r::GameObjectState::getComponentByTypeId
// then read the coords and cache them. Coords are at offset D0 (see getPosition)
mov rcx, originalCameraCoords
mov ebx, [rax+D0]
mov [rcx], ebx
mov ebx, [rax+D4]
mov [rcx+4], ebx
mov ebx, [rax+D8]
mov [rcx+8], ebx
// enable freecam
mov eax, 1
mov [Control_DX11.exe+1166F18], eax
call input_rmdwin7_f.input::InputManager::getInstance
mov rcx, rax
mov dl, 1
call input_rmdwin7_f.input::InputManager::setFreeCameraWithoutPlayerControls
// we'll leave the cache write to the interception of the FoV below.
ret
// this is memory used to intercept the freecam fov.
newmem:
code:
mov [freeCameraStructAddress], rbx
movups xmm0,[rbx+70]
addps xmm0,xmm3
movups [rbx+70],xmm0
cmp byte [coordsReset], 1
je done
// write back the cached coords.
push rcx
push edx
mov rcx, originalCameraCoords
mov edx, [rcx]
mov [rbx+70], edx
mov edx, [rcx+4]
mov [rbx+74], edx
mov edx, [rcx+8]
mov [rbx+78], rdx
pop edx
// set flag
mov cl, 01
mov [coordsReset], cl
pop rcx
done:
jmp return
freeCameraStructAddress:
dq 0
originalCameraCoords:
dd 0 0 0
coordsReset:
db 0
interceptFreeCamFoV:
jmp newmem
nop
nop
nop
nop
nop
nop
return:
// Outline removal. Contributed by Pigeon
Control_DX11.exe+ABABF:
db E9 74 02 00 00 90 // jmp instead of je
[DISABLE]
alloc(disableFreeCamThread,248)
createthread(disableFreeCamThread)
disableFreeCamThread:
xor eax, eax
mov [Control_DX11.exe+1166F18], eax
call input_rmdwin7_f.input::InputManager::getInstance
mov rcx, rax
mov dl, 0
call input_rmdwin7_f.input::InputManager::setFreeCameraWithoutPlayerControls
ret
interceptFreeCamFoV:
movups xmm0,[rbx+70]
addps xmm0,xmm3
movups [rbx+70],xmm0
Control_DX11.exe+ABABF:
db 0F 84 73 02 00 00
unregistersymbol(freeCameraStructAddress)
unregistersymbol(interceptFreeCamFoV)
dealloc(newmem)
Toggle Activation
45
0
54
"Freecam FoV [ Num-/+ | Speed: Ctrl+Num-/+ | Reset: Ctrl+Alt+Num- ]"
C08000
Float
freeCameraStructAddress
-20
Decrease Value
17
109
0.1
0
Increase Value
17
107
0.1
1
Decrease Value
109
0.01
2
Increase Value
107
0.01
3
Set Value
17
18
109
1.1344
4
55
"Rotation speed [ For mouse: F9 = 0.04 | For controller: Ctrl+F9 = 0.7 ]"
C08000
Float
freeCameraStructAddress
8C
Set Value
120
0.04
0
Set Value
17
120
0.7
1
57
"Depth of Field [ F3: Off - Ctrl+F3: On ]"
000080
Byte
rend::RenderOptions::RenderDepthOfField
Set Value
114
0
0
Set Value
17
114
1
1
58
"Motion Blur [ F4: Off - Ctrl+F4: On ]"
000080
Byte
rend::RenderOptions::RenderVectorBlur
Set Value
115
0
0
Set Value
17
115
1
1
59
"Bloom [ F5: Off - Ctrl+F5: On ]"
000080
Byte
rend::RenderOptions::RenderBloom
Set Value
116
0
0
Set Value
17
116
1
1
60
"Screenspace AA [ F6: Off - Ctrl+F6: On ]"
000080
Byte
rend::RenderOptions::ScreenSpaceAntialiasing
Set Value
117
0
0
Set Value
17
117
1
1
61
"Wireframe [ F7: Off - Ctrl+F7: On ]"
000080
Byte
rend::RenderOptions::Wireframe
Set Value
118
0
0
Set Value
17
118
1
1
62
"[DEBUG]"
008080
1
16354
"Controller Button Test"
000080
Array of byte
0
aControllerHotkeyPressed
17006
"If the touch is detected, the value pass to 1 or FF"
808080
1
16355
"XBOX: A | PS4: Cross"
1
C08000
4 Bytes
+0*4
16356
"XBOX: B | PS4: Circle"
1
C08000
4 Bytes
+1*4
16357
"XBOX: X | PS4: Square"
1
C08000
4 Bytes
+2*4
16358
"XBOX: Y | PS4: Triangle"
1
C08000
4 Bytes
+3*4
16364
"XBOX: LT | PS4: L1"
1
C08000
4 Bytes
+4*4
16363
"XBOX: RT | PS4: R1"
1
C08000
4 Bytes
+5*4
16362
"XBOX: LB | PS4: L2"
1
C08000
4 Bytes
+6*4
16361
"XBOX: RB | PS4: R2"
1
C08000
4 Bytes
+7*4
16360
"Left Stick Pressed"
1
C08000
4 Bytes
+8*4
16359
"Right Stick Pressed"
1
C08000
4 Bytes
+9*4
Compiled by ReActif
Scripts by :
/* Cielos */
https://fearlessrevolution.com/viewtopic.php?f=4&t=10106
/* Otis_Inf and Hattiwatti */
https://framedsc.github.io/GameGuides/control.htm
https://github.com/FransBouma/InjectableGenericCameraSystem/blob/master/Notes/Control.txt