94
"Start Up (stores Character Pointer to CharAdr)"
Auto Assembler Script
[ENABLE]
alloc(newmem,128)
label(returnhere)
label(originalcode)
label(exit)
label(CharAdr)
registersymbol(CharAdr)
globalAlloc(LootType, 0x4)
newmem:
mov [CharAdr],eax //save Character Address
originalcode:
mov cx,[eax+0001829B]
exit:
jmp returnhere
CharAdr:
dd 0
LootType:
dd 000000FF
"TH2.exe"+144E1E:
jmp newmem
nop 2
returnhere:
[DISABLE]
unregistersymbol(CharAdr)
dealloc(LootType)
dealloc(newmem)
"TH2.exe"+144E1E:
mov cx,[eax+0001829B]
//Alt: db 66 8B 88 9B 82 01 00
59
"Cheats"
1
34
"Gold Cheat"
Auto Assembler Script
{ Game : TH2.exe
Version:
Date : 2019-09-02
Author : Tivrusky
This script does blah blah blah
}
[ENABLE]
aobscanmodule(INJECT_GOLDCHEAT,TH2.exe,03 84 0A 3E 2F 00 00) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
// i added this to set each pile to 50k before it is counted
mov [edx+ecx+00002F3E],#50000
//this is adding up all gold piles
add eax,[edx+ecx+00002F3E]
jmp return
INJECT_GOLDCHEAT:
jmp newmem
nop 2
return:
registersymbol(INJECT_GOLDCHEAT)
[DISABLE]
INJECT_GOLDCHEAT:
db 03 84 0A 3E 2F 00 00
unregistersymbol(INJECT_GOLDCHEAT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "TH2.exe"+226D93
"TH2.exe"+226D61: 8B 84 0A 3E 2F 00 00 - mov eax,[edx+ecx+00002F3E]
"TH2.exe"+226D68: 3B 05 FC 9C BE 01 - cmp eax,[TH2.exe+7E9CFC]
"TH2.exe"+226D6E: 7E 16 - jle TH2.exe+226D86
"TH2.exe"+226D70: 69 4D F8 4B 04 00 00 - imul ecx,[ebp-08],0000044B
"TH2.exe"+226D77: 8B 55 FC - mov edx,[ebp-04]
"TH2.exe"+226D7A: A1 FC 9C BE 01 - mov eax,[TH2.exe+7E9CFC]
"TH2.exe"+226D7F: 89 84 0A 3E 2F 00 00 - mov [edx+ecx+00002F3E],eax
"TH2.exe"+226D86: 69 4D F8 4B 04 00 00 - imul ecx,[ebp-08],0000044B
"TH2.exe"+226D8D: 8B 55 FC - mov edx,[ebp-04]
"TH2.exe"+226D90: 8B 45 EC - mov eax,[ebp-14]
// ---------- INJECTING HERE ----------
"TH2.exe"+226D93: 03 84 0A 3E 2F 00 00 - add eax,[edx+ecx+00002F3E]
// ---------- DONE INJECTING ----------
"TH2.exe"+226D9A: 89 45 EC - mov [ebp-14],eax
"TH2.exe"+226D9D: EB 8D - jmp TH2.exe+226D2C
"TH2.exe"+226D9F: 8B 4D FC - mov ecx,[ebp-04]
"TH2.exe"+226DA2: 8B 91 CC 01 00 00 - mov edx,[ecx+000001CC]
"TH2.exe"+226DA8: 3B 55 EC - cmp edx,[ebp-14]
"TH2.exe"+226DAB: 74 0C - je TH2.exe+226DB9
"TH2.exe"+226DAD: 8B 45 FC - mov eax,[ebp-04]
"TH2.exe"+226DB0: 8B 4D EC - mov ecx,[ebp-14]
"TH2.exe"+226DB3: 89 88 CC 01 00 00 - mov [eax+000001CC],ecx
"TH2.exe"+226DB9: 8B 55 FC - mov edx,[ebp-04]
}
123
"God Mode"
Auto Assembler Script
[ENABLE]
"TH2.exe"+1A6075:
sub edx,00
"TH2.exe"+1A608A:
sub edx,00
"TH2.exe"+233DCB:
sub eax,00
"TH2.exe"+233DE0:
sub eax,00
"TH2.exe"+1886B9:
sub eax,00
"TH2.exe"+1886CE:
sub eax,00
"TH2.exe"+1886F5:
sub edx,00
[DISABLE]
"TH2.exe"+1A6075:
sub edx,[ebp-18]
"TH2.exe"+1A608A:
sub edx,[ebp-18]
"TH2.exe"+233DCB:
sub eax,[ebp-18]
"TH2.exe"+233DE0:
sub eax,[ebp-18]
"TH2.exe"+1886B9:
sub eax,[ebp-0C]
"TH2.exe"+1886CE:
sub eax,[ebp-0C]
"TH2.exe"+1886F5:
sub edx,[ecx+000001B0]
109
"Cast Spells In Town"
Auto Assembler Script
[ENABLE]
alloc(newmem,128)
label(returnhere)
label(originalcode)
label(exit)
newmem:
originalcode:
mov [edx+TH2.exe+44D0E0],00000001
mov eax,[edx+TH2.exe+44D0E0]
exit:
jmp returnhere
"TH2.exe"+14F5B5:
jmp newmem
nop
returnhere:
[DISABLE]
dealloc(newmem)
"TH2.exe"+14F5B5:
mov eax,[edx+TH2.exe+44D0E0]
110
"Ignore Spell Cooldown"
Auto Assembler Script
[ENABLE]
"TH2.exe"+23F0CC:
mov [ebp-04],00000000
[DISABLE]
"TH2.exe"+23F0CC:
mov [ebp-04],00000001
183
"Learn All Spells"
Auto Assembler Script
[ENABLE]
alloc(newmem,256)
label(returnhere)
label(originalcode)
label(exit)
newmem:
originalcode:
mov [ecx+00000108],FFFFFFFF
mov [ecx+0000010C],FFFFFFFF
exit:
jmp returnhere
"TH2.exe"+21C8ED:
jmp newmem
nop
returnhere:
alloc(newmem2,256)
label(returnhere2)
label(originalcode2)
label(exit2)
newmem2:
originalcode2:
mov [ecx+00000108],FFFFFFFF
mov [ecx+0000010C],FFFFFFFF
exit2:
jmp returnhere2
"TH2.exe"+226F42:
jmp newmem2
nop
returnhere2:
[DISABLE]
dealloc(newmem2)
"TH2.exe"+226F42:
mov [ecx+0000010C],eax
dealloc(newmem)
"TH2.exe"+21C8ED:
mov [ecx+0000010C],edx
185
"Max Spell Level (For Your Level)"
Auto Assembler Script
[ENABLE]
alloc(newmem,256)
label(returnhere)
label(originalcode)
label(exit)
newmem:
mov eax,11
originalcode:
//movsx eax,byte ptr [edx]
movsx ecx,byte ptr [ebp-10]
exit:
jmp returnhere
"TH2.exe"+21C88E:
jmp newmem
nop 2
returnhere:
"TH2.exe"+21C8B0:
jmp TH2.exe+21C8F3
[DISABLE]
dealloc(newmem)
"TH2.exe"+21C88E:
movsx eax,byte ptr [edx]
movsx ecx,byte ptr [ebp-10]
"TH2.exe"+21C8B0:
jne TH2.exe+21C8F3
117
"Fury Lasts Forever"
Auto Assembler Script
[ENABLE]
"TH2.exe"+179937:
sub eax,00
[DISABLE]
"TH2.exe"+179937:
sub eax,01
186
"Seeing Lasts Forever"
Auto Assembler Script
[ENABLE]
"TH2.exe"+17AA82:
sub edx,00
[DISABLE]
"TH2.exe"+17AA82:
sub edx,01
121
"Infinite Consumables"
Auto Assembler Script
[ENABLE]
"TH2.exe"+157284:
jmp TH2.exe+157286
"TH2.exe"+146BA5:
jmp TH2.exe+146BB2
"TH2.exe"+146B85:
jmp TH2.exe+146B94
[DISABLE]
"TH2.exe"+157284:
jne TH2.exe+15728A
"TH2.exe"+146BA5:
je TH2.exe+146BB2
"TH2.exe"+146B85:
je TH2.exe+146B94
164
"Unbreakable Items"
Auto Assembler Script
[ENABLE]
alloc(newmem,128)
label(returnhere)
label(originalcode)
label(exit)
newmem:
mov ecx,[eax+000000F0]
mov [eax+000000EC],ecx
originalcode:
mov ecx,[eax+000000EC]
exit:
jmp returnhere
"TH2.exe"+1C50F3:
jmp newmem
nop
returnhere:
[DISABLE]
dealloc(newmem)
"TH2.exe"+1C50F3:
mov ecx,[eax+000000EC]
161
"Cursor Auto Identify"
Auto Assembler Script
[ENABLE]
alloc(newmem,128)
label(returnhere)
label(originalcode)
label(exit)
newmem:
mov dword ptr [edx+38],01
originalcode:
cmp dword ptr [edx+38],00
jne TH2.exe+13C0F4
exit:
jmp returnhere
"TH2.exe"+13C0E3:
jmp newmem
nop
returnhere:
[DISABLE]
dealloc(newmem)
"TH2.exe"+13C0E3:
cmp dword ptr [edx+38],00
jne TH2.exe+13C0F4
155
"Loot Stuff"
1
166
"Rare/Boss Monster Drops Increase (MB5)"
Auto Assembler Script
[ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
label(loopItems)
label(numItems)
registersymbol(numItems)
newmem:
cmp dword ptr[LootType],0A
je originalcode
cmp dword ptr [edx+18],00
je originalcode
mov ebx,[numItems] //loop count
cmp ebx,00
jg loopItems
originalcode:
cmp dword ptr [edx+18],00
je TH2.exe+1A7F32
exit:
jmp returnhere
loopItems:
mov edx,[ebp-14]
push edx
mov eax,[ebp-08]
mov ecx,[eax+24]
push ecx
mov edx,[ebp-08]
mov edx,[edx+20]
mov ecx,[ebp-0C]
call TH2.exe+148540
sub ebx,01
cmp ebx,00
jg loopItems
jmp exit
numItems:
dw 0A
"TH2.exe"+1A7F24:
jmp newmem
nop
returnhere:
[DISABLE]
dealloc(newmem)
"TH2.exe"+1A7F24:
cmp dword ptr [edx+18],00
je TH2.exe+1A7F32
Toggle Activation
6
0
167
"Number Of Items"
Byte
numItems
99
"Every Mob Drops 1 Item (MB4)"
Auto Assembler Script
[ENABLE]
alloc(newmem,128)
label(returnhere)
label(originalcode)
label(exit)
label(MobAdr)
registersymbol(MobAdr)
newmem:
cmp dword ptr[ecx+18],00 // check its loot type 0 (normal mob loot)
jne originalcode
mov [MobAdr],ecx
mov [LootType],0A
mov [ecx+18],0A // set to loot type 10
originalcode:
mov edx,[ecx+18]
sub edx,01
exit:
jmp returnhere
MobAdr:
dd 00
"TH2.exe"+154F98:
jmp newmem
nop
returnhere:
alloc(newmem2,128)
label(returnhere2)
label(originalcode2)
label(exit2)
newmem2:
cmp dword ptr[LootType],0A
jne originalcode2
push edx
mov edx,[MobAdr]
mov [edx+18],00
mov [LootType],000000FF
pop edx
originalcode2:
mov esp,ebp
pop ebp
ret
int 3
exit2:
jmp returnhere2
"TH2.exe"+1A7F51:
jmp newmem2
returnhere2:
[DISABLE]
dealloc(newmem2)
"TH2.exe"+1A7F51:
mov esp,ebp
pop ebp
ret
int 3
unregistersymbol(MobAdr)
dealloc(newmem)
"TH2.exe"+154F98:
mov edx,[ecx+18]
sub edx,01
Toggle Activation
5
0
95
"Stop Pots and Gold"
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,128)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode:
exit:
jmp returnhere
"TH2.exe"+1A7F2D:
jmp newmem
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"TH2.exe"+1A7F2D:
call TH2.exe+242A50
//Alt: db E8 1E AB 09 00
157
"Increased Item Rarity"
Auto Assembler Script
[ENABLE]
alloc(newmem,128)
label(returnhere)
label(originalcode)
label(exit)
label(loopCount)
newmem:
cmp [loopCount],00
je originalcode
sub [loopCount],01
jmp TH2.exe+23FC2B
originalcode:
mov [loopCount],#2000
cmp eax,01
je TH2.exe+23FC51
exit:
jmp returnhere
loopCount:
dd #2000
"TH2.exe"+23FC26:
jmp newmem
returnhere:
[DISABLE]
dealloc(newmem)
"TH2.exe"+23FC26:
cmp eax,01
je TH2.exe+23FC51
152
"+Item Level Rolls (Cap Is 63)"
Auto Assembler Script
[ENABLE]
alloc(newmem,128)
label(returnhere)
label(originalcode)
label(exit)
label(bonusLevel)
registersymbol(bonusLevel)
newmem:
add eax, [bonusLevel]
originalcode:
mov [ebp-04],eax
cmp dword ptr [ebp-04],3F
exit:
jmp returnhere
bonusLevel:
dd 0
"TH2.exe"+241EEF:
jmp newmem
nop 2
returnhere:
[DISABLE]
unregistersymbol(bonusLevel)
dealloc(newmem)
"TH2.exe"+241EEF:
mov [ebp-04],eax
cmp dword ptr [ebp-04],3F
153
"Stats Better but Increases Req."
Byte
bonusLevel
86
"Stat Cheats"
1
80
"Str+200"
Auto Assembler Script
{ Game : TH2.exe
Version:
Date : 2019-09-02
Author : Tivrusky
This script does blah blah blah
}
[ENABLE]
aobscanmodule(INJECT_STRCHEAT,TH2.exe,03 88 68 01 00 00 8B 55 FC) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
add ecx,[eax+00000168]
add ecx,#200 // adds 200 Str, change if you like
jmp return
INJECT_STRCHEAT:
jmp newmem
nop
return:
registersymbol(INJECT_STRCHEAT)
[DISABLE]
INJECT_STRCHEAT:
db 03 88 68 01 00 00
unregistersymbol(INJECT_STRCHEAT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "TH2.exe"+141D80
"TH2.exe"+141D51: 89 95 5C FD FF FF - mov [ebp-000002A4],edx
"TH2.exe"+141D57: 8B 95 5C FD FF FF - mov edx,[ebp-000002A4]
"TH2.exe"+141D5D: 8B 45 FC - mov eax,[ebp-04]
"TH2.exe"+141D60: 8B 88 A0 00 00 00 - mov ecx,[eax+000000A0]
"TH2.exe"+141D66: E8 75 E6 01 00 - call TH2.exe+1603E0
"TH2.exe"+141D6B: 8B 4D FC - mov ecx,[ebp-04]
"TH2.exe"+141D6E: 8A 55 BC - mov dl,[ebp-44]
"TH2.exe"+141D71: 88 91 3E 01 00 00 - mov [ecx+0000013E],dl
"TH2.exe"+141D77: 8B 45 FC - mov eax,[ebp-04]
"TH2.exe"+141D7A: 8B 8D 14 FF FF FF - mov ecx,[ebp-000000EC]
// ---------- INJECTING HERE ----------
"TH2.exe"+141D80: 03 88 68 01 00 00 - add ecx,[eax+00000168]
// ---------- DONE INJECTING ----------
"TH2.exe"+141D86: 8B 55 FC - mov edx,[ebp-04]
"TH2.exe"+141D89: 89 8A 64 01 00 00 - mov [edx+00000164],ecx
"TH2.exe"+141D8F: 8B 45 FC - mov eax,[ebp-04]
"TH2.exe"+141D92: 8B 8D 10 FF FF FF - mov ecx,[ebp-000000F0]
"TH2.exe"+141D98: 03 88 78 01 00 00 - add ecx,[eax+00000178]
"TH2.exe"+141D9E: 8B 55 FC - mov edx,[ebp-04]
"TH2.exe"+141DA1: 89 8A 74 01 00 00 - mov [edx+00000174],ecx
"TH2.exe"+141DA7: 8B 45 FC - mov eax,[ebp-04]
"TH2.exe"+141DAA: 8B 8D 60 FF FF FF - mov ecx,[ebp-000000A0]
"TH2.exe"+141DB0: 03 88 70 01 00 00 - add ecx,[eax+00000170]
}
83
"Mag+200"
Auto Assembler Script
{ Game : TH2.exe
Version:
Date : 2019-09-02
Author : Tivrusky
This script does blah blah blah
}
[ENABLE]
aobscanmodule(INJECT_MAGCHEAT,TH2.exe,03 88 70 01 00 00 8B 55 FC) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
add ecx,[eax+00000170]
add ecx,#200 // adds 200 Mag, change if you like
jmp return
INJECT_MAGCHEAT:
jmp newmem
nop
return:
registersymbol(INJECT_MAGCHEAT)
[DISABLE]
INJECT_MAGCHEAT:
db 03 88 70 01 00 00
unregistersymbol(INJECT_MAGCHEAT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "TH2.exe"+141DB0
"TH2.exe"+141D80: 03 88 68 01 00 00 - add ecx,[eax+00000168]
"TH2.exe"+141D86: 8B 55 FC - mov edx,[ebp-04]
"TH2.exe"+141D89: 89 8A 64 01 00 00 - mov [edx+00000164],ecx
"TH2.exe"+141D8F: 8B 45 FC - mov eax,[ebp-04]
"TH2.exe"+141D92: 8B 8D 10 FF FF FF - mov ecx,[ebp-000000F0]
"TH2.exe"+141D98: 03 88 78 01 00 00 - add ecx,[eax+00000178]
"TH2.exe"+141D9E: 8B 55 FC - mov edx,[ebp-04]
"TH2.exe"+141DA1: 89 8A 74 01 00 00 - mov [edx+00000174],ecx
"TH2.exe"+141DA7: 8B 45 FC - mov eax,[ebp-04]
"TH2.exe"+141DAA: 8B 8D 60 FF FF FF - mov ecx,[ebp-000000A0]
// ---------- INJECTING HERE ----------
"TH2.exe"+141DB0: 03 88 70 01 00 00 - add ecx,[eax+00000170]
// ---------- DONE INJECTING ----------
"TH2.exe"+141DB6: 8B 55 FC - mov edx,[ebp-04]
"TH2.exe"+141DB9: 89 8A 6C 01 00 00 - mov [edx+0000016C],ecx
"TH2.exe"+141DBF: 8B 45 FC - mov eax,[ebp-04]
"TH2.exe"+141DC2: 8B 4D AC - mov ecx,[ebp-54]
"TH2.exe"+141DC5: 03 88 80 01 00 00 - add ecx,[eax+00000180]
"TH2.exe"+141DCB: 8B 55 FC - mov edx,[ebp-04]
"TH2.exe"+141DCE: 89 8A 7C 01 00 00 - mov [edx+0000017C],ecx
"TH2.exe"+141DD4: 8B 45 FC - mov eax,[ebp-04]
"TH2.exe"+141DD7: 8B 80 68 01 00 00 - mov eax,[eax+00000168]
"TH2.exe"+141DDD: 0F AF 85 48 FF FF FF - imul eax,[ebp-000000B8]
}
81
"Dex+200"
Auto Assembler Script
{ Game : TH2.exe
Version:
Date : 2019-09-02
Author : Tivrusky
This script does blah blah blah
}
[ENABLE]
aobscanmodule(INJECT_DEXCHEAT,TH2.exe,03 88 78 01 00 00 8B 55 FC) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
add ecx,[eax+00000178]
add ecx,#200 // adds 200 Dex, change if you like
jmp return
INJECT_DEXCHEAT:
jmp newmem
nop
return:
registersymbol(INJECT_DEXCHEAT)
[DISABLE]
INJECT_DEXCHEAT:
db 03 88 78 01 00 00
unregistersymbol(INJECT_DEXCHEAT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "TH2.exe"+141D98
"TH2.exe"+141D6B: 8B 4D FC - mov ecx,[ebp-04]
"TH2.exe"+141D6E: 8A 55 BC - mov dl,[ebp-44]
"TH2.exe"+141D71: 88 91 3E 01 00 00 - mov [ecx+0000013E],dl
"TH2.exe"+141D77: 8B 45 FC - mov eax,[ebp-04]
"TH2.exe"+141D7A: 8B 8D 14 FF FF FF - mov ecx,[ebp-000000EC]
"TH2.exe"+141D80: 03 88 68 01 00 00 - add ecx,[eax+00000168]
"TH2.exe"+141D86: 8B 55 FC - mov edx,[ebp-04]
"TH2.exe"+141D89: 89 8A 64 01 00 00 - mov [edx+00000164],ecx
"TH2.exe"+141D8F: 8B 45 FC - mov eax,[ebp-04]
"TH2.exe"+141D92: 8B 8D 10 FF FF FF - mov ecx,[ebp-000000F0]
// ---------- INJECTING HERE ----------
"TH2.exe"+141D98: 03 88 78 01 00 00 - add ecx,[eax+00000178]
// ---------- DONE INJECTING ----------
"TH2.exe"+141D9E: 8B 55 FC - mov edx,[ebp-04]
"TH2.exe"+141DA1: 89 8A 74 01 00 00 - mov [edx+00000174],ecx
"TH2.exe"+141DA7: 8B 45 FC - mov eax,[ebp-04]
"TH2.exe"+141DAA: 8B 8D 60 FF FF FF - mov ecx,[ebp-000000A0]
"TH2.exe"+141DB0: 03 88 70 01 00 00 - add ecx,[eax+00000170]
"TH2.exe"+141DB6: 8B 55 FC - mov edx,[ebp-04]
"TH2.exe"+141DB9: 89 8A 6C 01 00 00 - mov [edx+0000016C],ecx
"TH2.exe"+141DBF: 8B 45 FC - mov eax,[ebp-04]
"TH2.exe"+141DC2: 8B 4D AC - mov ecx,[ebp-54]
"TH2.exe"+141DC5: 03 88 80 01 00 00 - add ecx,[eax+00000180]
}
84
"Vit+200"
Auto Assembler Script
{ Game : TH2.exe
Version:
Date : 2019-09-02
Author : Tivrsuky
This script does blah blah blah
}
[ENABLE]
aobscanmodule(INJECT_VITCHEAT,TH2.exe,03 88 80 01 00 00 8B 55 FC) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
add ecx,[eax+00000180]
add ecx,#200 // adds 200 Vit, change if you like
jmp return
INJECT_VITCHEAT:
jmp newmem
nop
return:
registersymbol(INJECT_VITCHEAT)
[DISABLE]
INJECT_VITCHEAT:
db 03 88 80 01 00 00
unregistersymbol(INJECT_VITCHEAT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "TH2.exe"+141DC5
"TH2.exe"+141D98: 03 88 78 01 00 00 - add ecx,[eax+00000178]
"TH2.exe"+141D9E: 8B 55 FC - mov edx,[ebp-04]
"TH2.exe"+141DA1: 89 8A 74 01 00 00 - mov [edx+00000174],ecx
"TH2.exe"+141DA7: 8B 45 FC - mov eax,[ebp-04]
"TH2.exe"+141DAA: 8B 8D 60 FF FF FF - mov ecx,[ebp-000000A0]
"TH2.exe"+141DB0: 03 88 70 01 00 00 - add ecx,[eax+00000170]
"TH2.exe"+141DB6: 8B 55 FC - mov edx,[ebp-04]
"TH2.exe"+141DB9: 89 8A 6C 01 00 00 - mov [edx+0000016C],ecx
"TH2.exe"+141DBF: 8B 45 FC - mov eax,[ebp-04]
"TH2.exe"+141DC2: 8B 4D AC - mov ecx,[ebp-54]
// ---------- INJECTING HERE ----------
"TH2.exe"+141DC5: 03 88 80 01 00 00 - add ecx,[eax+00000180]
// ---------- DONE INJECTING ----------
"TH2.exe"+141DCB: 8B 55 FC - mov edx,[ebp-04]
"TH2.exe"+141DCE: 89 8A 7C 01 00 00 - mov [edx+0000017C],ecx
"TH2.exe"+141DD4: 8B 45 FC - mov eax,[ebp-04]
"TH2.exe"+141DD7: 8B 80 68 01 00 00 - mov eax,[eax+00000168]
"TH2.exe"+141DDD: 0F AF 85 48 FF FF FF - imul eax,[ebp-000000B8]
"TH2.exe"+141DE4: 99 - cdq
"TH2.exe"+141DE5: B9 64 00 00 00 - mov ecx,00000064
"TH2.exe"+141DEA: F7 F9 - idiv ecx
"TH2.exe"+141DEC: 8B 55 FC - mov edx,[ebp-04]
"TH2.exe"+141DEF: 03 82 64 01 00 00 - add eax,[edx+00000164]
}
85
"Magic Find"
Auto Assembler Script
{ Game : TH2.exe
Version:
Date : 2019-09-02
Author : Tivrusky
This script does blah blah blah
}
[ENABLE]
aobscanmodule(INJECT_MFCHEAT,TH2.exe,03 95 80 FC FF FF) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
label(numLuck)
registersymbol(numLuck)
newmem:
code:
add edx,[ebp-00000380]
// add edx,#7677 // adds 7677 MF, change if you like
mov edx,#[numLuck] // changes 7677 MF, change if you like
jmp return
numLuck:
dw 1DFD
INJECT_MFCHEAT:
jmp newmem
nop
return:
registersymbol(INJECT_MFCHEAT)
[DISABLE]
INJECT_MFCHEAT:
db 03 95 80 FC FF FF
unregistersymbol(INJECT_MFCHEAT)
unregistersymbol(numLuck)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "TH2.exe"+144E33
"TH2.exe"+144E04: 8B 55 C8 - mov edx,[ebp-38]
"TH2.exe"+144E07: 52 - push edx
"TH2.exe"+144E08: 68 7C 5A 77 01 - push TH2.exe+375A7C
"TH2.exe"+144E0D: E8 EE DA 0C 00 - call TH2.exe+212900
"TH2.exe"+144E12: 83 C4 08 - add esp,08
"TH2.exe"+144E15: 89 85 80 FC FF FF - mov [ebp-00000380],eax
"TH2.exe"+144E1B: 8B 45 FC - mov eax,[ebp-04]
"TH2.exe"+144E1E: 66 8B 88 9B 82 01 00 - mov cx,[eax+0001829B]
"TH2.exe"+144E25: 66 89 8D 8E FE FF FF - mov [ebp-00000172],cx
"TH2.exe"+144E2C: 0F BF 95 8E FE FF FF - movsx edx,word ptr [ebp-00000172]
// ---------- INJECTING HERE ----------
"TH2.exe"+144E33: 03 95 80 FC FF FF - add edx,[ebp-00000380]
// ---------- DONE INJECTING ----------
"TH2.exe"+144E39: 8B 45 FC - mov eax,[ebp-04]
"TH2.exe"+144E3C: 66 89 90 9B 82 01 00 - mov [eax+0001829B],dx
"TH2.exe"+144E43: B9 4B 04 00 00 - mov ecx,0000044B
"TH2.exe"+144E48: C1 E1 02 - shl ecx,02
"TH2.exe"+144E4B: 8B 55 FC - mov edx,[ebp-04]
"TH2.exe"+144E4E: 83 BC 0A 94 03 00 00 03 - cmp dword ptr [edx+ecx+00000394],03
"TH2.exe"+144E56: 75 55 - jne TH2.exe+144EAD
"TH2.exe"+144E58: B8 4B 04 00 00 - mov eax,0000044B
"TH2.exe"+144E5D: C1 E0 02 - shl eax,02
"TH2.exe"+144E60: 8B 4D FC - mov ecx,[ebp-04]
}
106
"Luck"
4 Bytes
numLuck
98
"All Spell Levels+20"
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode:
mov [edx+00018219],al
add [edx+00018219],#20
exit:
jmp returnhere
"TH2.exe"+144274:
jmp newmem
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"TH2.exe"+144274:
mov [edx+00018219],al
//Alt: db 88 82 19 82 01 00
154
"ReSpec Stuff"
1
124
"ReSpec Perks"
Auto Assembler Script
[ENABLE]
alloc(newmem,128)
label(returnhere)
label(originalcode)
label(exit)
newmem:
mov byte ptr [ecx+edx+0001A531],00
originalcode:
movsx eax,byte ptr [ecx+edx+0001A531]
exit:
jmp returnhere
"TH2.exe"+212AA8:
jmp newmem
nop 3
returnhere:
[DISABLE]
dealloc(newmem)
"TH2.exe"+212AA8:
movsx eax,byte ptr [ecx+edx+0001A531]
125
"ReSpec Stats"
Auto Assembler Script
[ENABLE]
alloc(newmem,128)
label(returnhere)
label(originalcode)
label(exit)
newmem:
originalcode:
mov [ebp-04],ecx
mov eax,[ebp-04]
mov edx,00
add edx,[eax+00000168]
add edx,[eax+00000170]
add edx,[eax+00000178]
add edx,[eax+00000180]
add [eax+00000184],edx
mov [eax+00000168],00
mov [eax+00000170],00
mov [eax+00000178],00
mov [eax+00000180],00
exit:
jmp returnhere
"TH2.exe"+23E8B4:
jmp newmem
nop
returnhere:
[DISABLE]
dealloc(newmem)
"TH2.exe"+23E8B4:
mov [ebp-04],ecx
mov eax,[ebp-04]
147
"Change Class (ReSpec Stats Before Use)"
Auto Assembler Script
[ENABLE]
alloc(newmem,512)
label(returnhere)
label(originalcode)
label(changeCheck)
label(exit)
label(changeClass)
registersymbol(changeClass)
newmem:
push edx
cmp [changeClass],FF
jne changeCheck
mov edx,[ecx+1F]
mov [changeClass],00000000
mov [changeClass],dl
changeCheck:
mov edx,[changeClass]
mov byte ptr[ecx+160],0
mov byte ptr[ecx+1A595],0
mov byte ptr[ecx+1A596],0
cmp edx,#0 //Warrior
je originalcode
mov byte ptr[ecx+1A595],1
cmp edx,#1 //Inquisitor
je originalcode
mov byte ptr[ecx+1A595],2
cmp edx,#2 //Guardian
je originalcode
mov byte ptr[ecx+1A595],3
cmp edx,#3 //Templar
je originalcode
mov byte ptr[ecx+160],1
mov byte ptr[ecx+1A595],0
cmp edx,#4 //Archer
je originalcode
mov byte ptr[ecx+1A595],1
cmp edx,#5 //Scout
je originalcode
mov byte ptr[ecx+1A595],2
cmp edx,#6 //Sharpshooter
je originalcode
mov byte ptr[ecx+1A595],3
cmp edx,#7 //Trapper
je originalcode
mov byte ptr[ecx+160],2
mov byte ptr[ecx+1A595],0
cmp edx,#8 //Mage
je originalcode
mov byte ptr[ecx+1A595],1
cmp edx,#9 //Elementalist
je originalcode
mov byte ptr[ecx+1A595],3
cmp edx,#13 //Warlock
je originalcode
mov byte ptr[ecx+1A595],2
mov byte ptr[ecx+1A596],0
cmp edx,#10 //Demonologist
je originalcode
mov byte ptr[ecx+1A596],1
cmp edx,#11 //Necromancer
je originalcode
mov byte ptr[ecx+1A596],2
cmp edx,#12 //Beastmaster
je originalcode
mov byte ptr[ecx+160],3
mov byte ptr[ecx+1A595],0
mov byte ptr[ecx+1A596],0
cmp edx,#14 //Monk
je originalcode
mov byte ptr[ecx+1A595],1
cmp edx,#15 //Kensei
je originalcode
mov byte ptr[ecx+1A595],2
cmp edx,#16 //Shugoki
je originalcode
mov byte ptr[ecx+1A595],3
cmp edx,#17 //Shinobi
je originalcode
mov byte ptr[ecx+160],4
mov byte ptr[ecx+1A595],0
cmp edx,#18 //Rogue
je originalcode
mov byte ptr[ecx+1A595],1
cmp edx,#19 //Assassin
je originalcode
mov byte ptr[ecx+1A595],2
cmp edx,#20 //Iron Maiden
je originalcode
mov byte ptr[ecx+1A595],3
cmp edx,#21 //Bombardier
je originalcode
mov byte ptr[ecx+160],5
mov byte ptr[ecx+1A595],0
cmp edx,#22 //Savage
je originalcode
mov byte ptr[ecx+1A595],1
cmp edx,#23 //Berserker
je originalcode
mov byte ptr[ecx+1A595],2
cmp edx,#24 //Executioner
je originalcode
mov byte ptr[ecx+1A595],3
mov byte ptr[ecx+1A596],0
cmp edx,#25 //Thraex
je originalcode
mov byte ptr[ecx+1A596],1
cmp edx,#26 //Murmillo
je originalcode
mov byte ptr[ecx+1A596],2
cmp edx,#27 //Dimachaerus
je originalcode
mov byte ptr[ecx+1A596],3
//Secutor
originalcode:
pop edx
mov dl,[ecx+00000160]
exit:
jmp returnhere
changeClass:
dd 000000FF
"TH2.exe"+13F28A:
jmp newmem
nop
returnhere:
[DISABLE]
unregistersymbol(changeClass)
dealloc(newmem)
"TH2.exe"+13F28A:
mov dl,[ecx+00000160]
148
"Pick"
0:Warrior
1:Inquisitor
2:Guardian
3:Templar
4:Archer
5:Scout
6:Sharpshooter
7:Trapper
8:Mage
9:Elementalist
10:Demonologist
11:Necromancer
12:Beastmaster
13:Warlock
14:Monk
15:Kensei
16:Shugoki
17:Shinobi
18:Rogue
19:Assassin
20:Iron Maiden
21:Bombardier
22:Savage
23:Berserker
24:Executioner
25:Thraex
26:Murmillo
27:Dimachaerus
28:Secutor
4 Bytes
changeClass
58
"Player Stats"
1
49
"Name"
String
32
0
0
1
CharAdr
140
47
"Class"
0:Warrior
1:Inquisitor
2:Guardian
3:Templar
4:Archer
5:Scout
6:Sharpshooter
7:Trapper
8:Mage
9:Elementalist
10:Demonologist
11:Necromancer
12:Beastmaster
13:Warlock
14:Monk
15:Kensei
16:Shugoki
17:Shinobi
18:Rogue
19:Assassin
20:Iron Maiden
21:Bombardier
22:Savage
23:Berserker
24:Executioner
25:Thraex
26:Murmillo
27:Dimachaerus
28:Secutor
Byte
CharAdr
1F
18
"Strength"
4 Bytes
CharAdr
164
51
"Base"
4 Bytes
CharAdr
168
15
"Magic"
4 Bytes
CharAdr
16C
50
"Base"
4 Bytes
CharAdr
170
21
"Dexterity"
4 Bytes
CharAdr
174
52
"Base"
4 Bytes
CharAdr
178
24
"Vitality"
4 Bytes
CharAdr
17C
53
"Base"
4 Bytes
CharAdr
180
48
"Stat Points"
4 Bytes
CharAdr
184
45
"Life (encrypted)"
1
Array of byte
4
CharAdr
190
46
"Mana (encrypted)"
1
Array of byte
4
CharAdr
1A4
54
"Level"
4 Bytes
CharAdr
1B8
28
"Experience"
4 Bytes
CharAdr
1BC
27
"Gold"
4 Bytes
CharAdr
1CC
33
"Magic Find"
4 Bytes
CharAdr
1829B
40
"Perks"
Array of byte
41
CharAdr
1a531
105
"Perks (Hex)"
1
Array of byte
41
CharAdr
1a531
70
"Spell Levels"
Array of byte
54
CharAdr
C2
71
"Selected Spell"
Byte
CharAdr
B4
LootType
18540000
<LuaScript>
errorOnLookupFailure(false)
DefaultProccessName = "TH2.exe"
strings_add(getAutoAttachList(), DefaultProccessName)
</LuaScript>
errorOnLookupFailure(false)
DefaultProccessName = "TH2.exe"
strings_add(getAutoAttachList(), DefaultProccessName)
"TH2.exe"+14891D
ITEM?