168
"Tooltip Pointer (save & load after updating level)"
Auto Assembler Script
[ENABLE]
aobscanmodule(tooltip,Borderlands3.exe,48 8B 13 48 89 D9 48 89 C7 FF 92 08)
alloc(newmem,$1000,tooltip)
label(code)
label(return)
label(tooltipPtr)
newmem:
mov rdx,tooltipPtr
mov [rdx],rax
code:
mov rdx,[rbx]
mov rcx,rbx
jmp return
tooltipPtr:
dq 0
tooltip:
jmp newmem
nop
return:
registersymbol(tooltip)
registersymbol(tooltipPtr)
[DISABLE]
tooltip:
db 48 8B 13 48 89 D9
unregistersymbol(tooltip)
unregistersymbol(tooltipPtr)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Borderlands3.exe"+972C41B
"Borderlands3.exe"+972C3F5: 41 FF 90 28 06 00 00 - call qword ptr [r8+00000628]
"Borderlands3.exe"+972C3FC: 48 89 C3 - mov rbx,rax
"Borderlands3.exe"+972C3FF: 48 85 C0 - test rax,rax
"Borderlands3.exe"+972C402: 74 3E - je Borderlands3.exe+972C442
"Borderlands3.exe"+972C404: 8B 4C 24 30 - mov ecx,[rsp+30]
"Borderlands3.exe"+972C408: E8 63 36 D3 F7 - call Borderlands3.exe+145FA70
"Borderlands3.exe"+972C40D: 48 85 C0 - test rax,rax
"Borderlands3.exe"+972C410: 74 30 - je Borderlands3.exe+972C442
"Borderlands3.exe"+972C412: 8B 4C 24 30 - mov ecx,[rsp+30]
"Borderlands3.exe"+972C416: E8 55 36 D3 F7 - call Borderlands3.exe+145FA70
// ---------- INJECTING HERE ----------
"Borderlands3.exe"+972C41B: 48 8B 13 - mov rdx,[rbx]
"Borderlands3.exe"+972C41E: 48 89 D9 - mov rcx,rbx
// ---------- DONE INJECTING ----------
"Borderlands3.exe"+972C421: 48 89 C7 - mov rdi,rax
"Borderlands3.exe"+972C424: FF 92 08 04 00 00 - call qword ptr [rdx+00000408]
"Borderlands3.exe"+972C42A: 48 8B 17 - mov rdx,[rdi]
"Borderlands3.exe"+972C42D: 48 89 F9 - mov rcx,rdi
"Borderlands3.exe"+972C430: 89 C3 - mov ebx,eax
"Borderlands3.exe"+972C432: FF 92 08 04 00 00 - call qword ptr [rdx+00000408]
"Borderlands3.exe"+972C438: 48 8B 7D 68 - mov rdi,[rbp+68]
"Borderlands3.exe"+972C43C: 39 C3 - cmp ebx,eax
"Borderlands3.exe"+972C43E: 41 0F 9D D4 - setge r12l
"Borderlands3.exe"+972C442: 4D 39 B7 F0 01 00 00 - cmp [r15+000001F0],r14
}
166
"Base Address"
String
0
0
0
1
tooltipPtr
0
162
"Saved Level"
4 Bytes
+1A4
167
"Level Req Display"
4 Bytes
+1A8
163
"Item Score Display"
4 Bytes
+204
183
"Component Count"
4 Bytes
+228
191
"Component List"
1
Array of byte
0
+220
0
194
"Components Address"
1
8 Bytes
+220
197
"Annointed Count"
4 Bytes
+238
195
"Annointed List"
1
Array of byte
0
+230
0
196
"Annointed Address"
1
8 Bytes
+230
175
"Sell Price"
4 Bytes
+1FC
45
"Mouseover Inventory Pointer"
Auto Assembler Script
//"Borderlands3.exe"+96A678B
[ENABLE]
aobscanmodule(mouseover,Borderlands3.exe,48 8B B4 24 08 02 00 00 84)
alloc(newmem,$1000,mouseover)
label(code)
label(return)
label(mouseoverPtr)
newmem:
cmp rsi,0
je code
push rbx
mov rbx,mouseoverPtr
mov [rbx],rsi
pop rbx
code:
mov rsi,[rsp+00000208]
jmp return
mouseoverPtr:
dq 0
mouseover:
jmp newmem
nop 3
return:
registersymbol(mouseover)
registersymbol(mouseoverPtr)
[DISABLE]
mouseover:
db 48 8B B4 24 08 02 00 00
unregistersymbol(mouseover)
unregistersymbol(mouseoverPtr)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Borderlands3.exe"+96A678B
"Borderlands3.exe"+96A676D: EB 02 - jmp Borderlands3.exe+96A6771
"Borderlands3.exe"+96A676F: 30 C0 - xor al,al
"Borderlands3.exe"+96A6771: 84 C0 - test al,al
"Borderlands3.exe"+96A6773: 75 03 - jne Borderlands3.exe+96A6778
"Borderlands3.exe"+96A6775: 4C 89 E6 - mov rsi,r12
"Borderlands3.exe"+96A6778: 48 89 D9 - mov rcx,rbx
"Borderlands3.exe"+96A677B: E8 E0 FE 6B F7 - call Borderlands3.exe+D66660
"Borderlands3.exe"+96A6780: 48 89 C2 - mov rdx,rax
"Borderlands3.exe"+96A6783: 48 89 F1 - mov rcx,rsi
"Borderlands3.exe"+96A6786: E8 65 01 92 F7 - call Borderlands3.exe+FC68F0
// ---------- INJECTING HERE ----------
"Borderlands3.exe"+96A678B: 48 8B B4 24 08 02 00 00 - mov rsi,[rsp+00000208]
// ---------- DONE INJECTING ----------
"Borderlands3.exe"+96A6793: 84 C0 - test al,al
"Borderlands3.exe"+96A6795: 74 0D - je Borderlands3.exe+96A67A4
"Borderlands3.exe"+96A6797: 48 8D 55 58 - lea rdx,[rbp+58]
"Borderlands3.exe"+96A679B: 48 8D 4D 80 - lea rcx,[rbp-80]
"Borderlands3.exe"+96A679F: E8 BC A0 C9 F7 - call Borderlands3.exe+1340860
"Borderlands3.exe"+96A67A4: 48 89 D9 - mov rcx,rbx
"Borderlands3.exe"+96A67A7: E8 64 71 50 F9 - call Borderlands3.exe+2BAD910
"Borderlands3.exe"+96A67AC: 48 85 C0 - test rax,rax
"Borderlands3.exe"+96A67AF: 74 0D - je Borderlands3.exe+96A67BE
"Borderlands3.exe"+96A67B1: 48 3B 83 78 0D 00 00 - cmp rax,[rbx+00000D78]
}
46
"Base Address"
String
0
0
0
1
mouseoverPtr
0
47
"Weapon (show/hide)"
1
49
"Weapon"
String
0
0
0
1
mouseoverPtr
0
698
50
"Pointer"
String
0
0
0
1
+8
0
51
"Fire Rate"
Float
+220
52
"Ammo Per Shot"
4 Bytes
+2E4
53
"Damage"
Float
+31C
54
"Damage"
Float
+320
55
"Pointer"
String
0
0
0
1
+10
0
56
"Magazine Size"
4 Bytes
+1B4
68
"Experience Pointer (pause and unpause to populate)"
Auto Assembler Script
//"Borderlands3.exe"+96AC097
[ENABLE]
aobscanmodule(experience,Borderlands3.exe,8B 80 D8 01 00 00 89 86)
alloc(newmem,$1000,experience)
label(code)
label(return)
label(experiencePtr)
label(experienceAuto)
newmem:
push rbx
mov rbx,experiencePtr
mov [rbx],rax
mov rbx,experienceAuto
cmp byte ptr [rbx],1
jne code
mov ebx,[rsi+754]
cmp ebx,[rax+1D8]
jle code
mov [rax+1D8],ebx
code:
pop rbx
mov eax,[rax+000001D8]
jmp return
experiencePtr:
dq 0
experienceAuto:
db 0
experience:
jmp newmem
nop
return:
registersymbol(experience)
registersymbol(experiencePtr)
registersymbol(experienceAuto)
[DISABLE]
experience:
db 8B 80 D8 01 00 00
unregistersymbol(experience)
unregistersymbol(experiencePtr)
unregistersymbol(experienceAuto)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Borderlands3.exe"+96AC097
"Borderlands3.exe"+96AC060: 48 81 EC 90 00 00 00 - sub rsp,00000090
"Borderlands3.exe"+96AC067: 48 89 CE - mov rsi,rcx
"Borderlands3.exe"+96AC06A: 0F B6 FA - movzx edi,dl
"Borderlands3.exe"+96AC06D: 48 81 C1 30 07 00 00 - add rcx,00000730
"Borderlands3.exe"+96AC074: E8 B7 20 E6 F7 - call Borderlands3.exe+150E130
"Borderlands3.exe"+96AC079: 84 C0 - test al,al
"Borderlands3.exe"+96AC07B: 0F 84 A4 00 00 00 - je Borderlands3.exe+96AC125
"Borderlands3.exe"+96AC081: 48 8D 8E 30 07 00 00 - lea rcx,[rsi+00000730]
"Borderlands3.exe"+96AC088: C7 86 48 07 00 00 00 00 00 00 - mov [rsi+00000748],00000000
"Borderlands3.exe"+96AC092: E8 D9 06 E6 F7 - call Borderlands3.exe+150C770
// ---------- INJECTING HERE ----------
"Borderlands3.exe"+96AC097: 8B 80 D8 01 00 00 - mov eax,[rax+000001D8]
// ---------- DONE INJECTING ----------
"Borderlands3.exe"+96AC09D: 89 86 50 07 00 00 - mov [rsi+00000750],eax
"Borderlands3.exe"+96AC0A3: 48 8B 05 2E D5 F6 FC - mov rax,[Borderlands3.exe+66195D8]
"Borderlands3.exe"+96AC0AA: 48 85 C0 - test rax,rax
"Borderlands3.exe"+96AC0AD: 75 0C - jne Borderlands3.exe+96AC0BB
"Borderlands3.exe"+96AC0AF: E8 6C 8F 3D F9 - call Borderlands3.exe+2A85020
"Borderlands3.exe"+96AC0B4: 48 8B 05 1D D5 F6 FC - mov rax,[Borderlands3.exe+66195D8]
"Borderlands3.exe"+96AC0BB: 48 8B 88 C8 00 00 00 - mov rcx,[rax+000000C8]
"Borderlands3.exe"+96AC0C2: 48 85 C9 - test rcx,rcx
"Borderlands3.exe"+96AC0C5: 74 1C - je Borderlands3.exe+96AC0E3
"Borderlands3.exe"+96AC0C7: 8B 96 50 07 00 00 - mov edx,[rsi+00000750]
}
69
"Base Address"
String
0
0
0
1
experiencePtr
0
70
"Experience"
4 Bytes
+1D8
85
"Level After Each Kill"
Auto Assembler Script
[ENABLE]
experienceAuto:
db 1
[DISABLE]
experienceAuto:
db 0
92
"Skill Points Pointer"
Auto Assembler Script
//"Borderlands3.exe"+95CCB49
[ENABLE]
aobscanmodule(skills,Borderlands3.exe,8B 90 60 01 00 00 48 83)
alloc(newmem,$1000,skills)
label(code)
label(return)
label(skillsPtr)
newmem:
mov rdx,skillsPtr
mov [rdx],rax
code:
mov edx,[rax+00000160]
jmp return
skillsPtr:
dq 0
skills:
jmp newmem
nop
return:
registersymbol(skills)
registersymbol(skillsPtr)
[DISABLE]
skills:
db 8B 90 60 01 00 00
unregistersymbol(skills)
unregistersymbol(skillsPtr)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Borderlands3.exe"+95CCB49
"Borderlands3.exe"+95CCB22: 48 8D 04 D1 - lea rax,[rcx+rdx*8]
"Borderlands3.exe"+95CCB26: EB 02 - jmp Borderlands3.exe+95CCB2A
"Borderlands3.exe"+95CCB28: 31 C0 - xor eax,eax
"Borderlands3.exe"+95CCB2A: F7 40 08 00 00 00 30 - test [rax+08],30000000
"Borderlands3.exe"+95CCB31: 75 26 - jne Borderlands3.exe+95CCB59
"Borderlands3.exe"+95CCB33: 48 8B 0B - mov rcx,[rbx]
"Borderlands3.exe"+95CCB36: 48 8B 81 28 07 00 00 - mov rax,[rcx+00000728]
"Borderlands3.exe"+95CCB3D: 48 85 C0 - test rax,rax
"Borderlands3.exe"+95CCB40: 74 17 - je Borderlands3.exe+95CCB59
"Borderlands3.exe"+95CCB42: 44 8B 81 64 07 00 00 - mov r8d,[rcx+00000764]
// ---------- INJECTING HERE ----------
"Borderlands3.exe"+95CCB49: 8B 90 60 01 00 00 - mov edx,[rax+00000160]
// ---------- DONE INJECTING ----------
"Borderlands3.exe"+95CCB4F: 48 83 C4 20 - add rsp,20
"Borderlands3.exe"+95CCB53: 5B - pop rbx
"Borderlands3.exe"+95CCB54: E9 47 DB 79 F7 - jmp Borderlands3.exe+D6A6A0
"Borderlands3.exe"+95CCB59: 48 83 C4 20 - add rsp,20
"Borderlands3.exe"+95CCB5D: 5B - pop rbx
"Borderlands3.exe"+95CCB5E: C3 - ret
"Borderlands3.exe"+95CCB5F: CC - int 3
"Borderlands3.exe"+95CCB60: 4C 8B 24 24 - mov r12,[rsp]
"Borderlands3.exe"+95CCB64: 48 83 EC F8 - sub rsp,-08
"Borderlands3.exe"+95CCB68: 9D - popfq
}
93
"Base Address"
String
0
0
0
1
skillsPtr
0
94
"Total Points"
4 Bytes
+160
57
"Guardian Pointers (open guardian menu to populate)"
Auto Assembler Script
//"Borderlands3.exe"+9602A13
[ENABLE]
aobscanmodule(guardian,Borderlands3.exe,4C 63 A0 7C 01 00 00)
alloc(newmem,$1000,guardian)
label(code)
label(return)
label(guardianPtr)
newmem:
mov r12,guardianPtr
mov [r12],rax
code:
movsxd r12,dword ptr [rax+0000017C]
jmp return
guardianPtr:
dq 0
guardian:
jmp newmem
nop 2
return:
registersymbol(guardian)
registersymbol(guardianPtr)
[DISABLE]
guardian:
db 4C 63 A0 7C 01 00 00
unregistersymbol(guardian)
unregistersymbol(guardianPtr)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Borderlands3.exe"+9602A13
"Borderlands3.exe"+96029ED: 83 F8 01 - cmp eax,01
"Borderlands3.exe"+96029F0: 75 0E - jne Borderlands3.exe+9602A00
"Borderlands3.exe"+96029F2: 48 8B 03 - mov rax,[rbx]
"Borderlands3.exe"+96029F5: BA 01 00 00 00 - mov edx,00000001
"Borderlands3.exe"+96029FA: 48 89 D9 - mov rcx,rbx
"Borderlands3.exe"+96029FD: FF 50 08 - call qword ptr [rax+08]
"Borderlands3.exe"+9602A00: 4C 89 F9 - mov rcx,r15
"Borderlands3.exe"+9602A03: E8 68 9D F0 F7 - call Borderlands3.exe+150C770
"Borderlands3.exe"+9602A08: 48 8D 97 70 0C 00 00 - lea rdx,[rdi+00000C70]
"Borderlands3.exe"+9602A0F: 48 8D 4D 38 - lea rcx,[rbp+38]
// ---------- INJECTING HERE ----------
"Borderlands3.exe"+9602A13: 4C 63 A0 7C 01 00 00 - movsxd r12,dword ptr [rax+0000017C]
// ---------- DONE INJECTING ----------
"Borderlands3.exe"+9602A1A: E8 31 08 D7 F7 - call Borderlands3.exe+1373250
"Borderlands3.exe"+9602A1F: 49 89 C6 - mov r14,rax
"Borderlands3.exe"+9602A22: 44 89 6D 78 - mov [rbp+78],r13d
"Borderlands3.exe"+9602A26: 48 8D 45 78 - lea rax,[rbp+78]
"Borderlands3.exe"+9602A2A: 44 88 AD A0 00 00 00 - mov [rbp+000000A0],r13l
"Borderlands3.exe"+9602A31: 48 89 44 24 40 - mov [rsp+40],rax
"Borderlands3.exe"+9602A36: 48 8D 85 A8 00 00 00 - lea rax,[rbp+000000A8]
"Borderlands3.exe"+9602A3D: 48 89 44 24 48 - mov [rsp+48],rax
"Borderlands3.exe"+9602A42: 49 8B 0E - mov rcx,[r14]
"Borderlands3.exe"+9602A45: 0F 28 44 24 40 - movaps xmm0,[rsp+40]
}
58
"Base Address"
String
0
0
0
1
guardianPtr
0
59
"Rank"
4 Bytes
+178
60
"Tokens"
4 Bytes
+17C
61
"Experience"
4 Bytes
+180
66
"Vending Machine Timer"
Auto Assembler Script
[ENABLE]
aobscanmodule(vending,Borderlands3.exe,F3 0F 10 81 B8 06 00 00)
alloc(newmem,$1000,vending)
label(code)
label(return)
label(vendingPtr)
newmem:
push rax
mov rax,vendingPtr
mov [rax],rcx
pop rax
code:
movss xmm0,[rcx+000006B8]
jmp return
vendingPtr:
dq 0
vending:
jmp newmem
nop 3
return:
registersymbol(vending)
registersymbol(vendingPtr)
[DISABLE]
vending:
db F3 0F 10 81 B8 06 00 00
unregistersymbol(vending)
unregistersymbol(vendingPtr)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Borderlands3.exe"+90F3EE0
"Borderlands3.exe"+90F3EB8: 4C 8B 2C 24 - mov r13,[rsp]
"Borderlands3.exe"+90F3EBC: 4C 89 14 24 - mov [rsp],r10
"Borderlands3.exe"+90F3EC0: 4C 8D 15 67 08 03 0B - lea r10,[Borderlands3.exe+1412472E]
"Borderlands3.exe"+90F3EC7: 4C 87 14 24 - xchg [rsp],r10
"Borderlands3.exe"+90F3ECB: C3 - ret
"Borderlands3.exe"+90F3ECC: 0F 1F 40 00 - nop [rax+00]
"Borderlands3.exe"+90F3ED0: 40 57 - push rdi
"Borderlands3.exe"+90F3ED2: 48 83 EC 40 - sub rsp,40
"Borderlands3.exe"+90F3ED6: 80 B9 28 01 00 00 03 - cmp byte ptr [rcx+00000128],03
"Borderlands3.exe"+90F3EDD: 48 89 CF - mov rdi,rcx
// ---------- INJECTING HERE ----------
"Borderlands3.exe"+90F3EE0: F3 0F 10 81 B8 06 00 00 - movss xmm0,[rcx+000006B8]
// ---------- DONE INJECTING ----------
"Borderlands3.exe"+90F3EE8: F3 0F 5C C1 - subss xmm0,xmm1
"Borderlands3.exe"+90F3EEC: 0F 29 74 24 30 - movaps [rsp+30],xmm6
"Borderlands3.exe"+90F3EF1: 0F 57 F6 - xorps xmm6,xmm6
"Borderlands3.exe"+90F3EF4: F3 0F 5F C6 - maxss xmm0,xmm6
"Borderlands3.exe"+90F3EF8: F3 0F 11 81 B8 06 00 00 - movss [rcx+000006B8],xmm0
"Borderlands3.exe"+90F3F00: 0F 85 B8 01 00 00 - jne Borderlands3.exe+90F40BE
"Borderlands3.exe"+90F3F06: 48 8B 01 - mov rax,[rcx]
"Borderlands3.exe"+90F3F09: FF 90 48 01 00 00 - call qword ptr [rax+00000148]
"Borderlands3.exe"+90F3F0F: 48 85 C0 - test rax,rax
"Borderlands3.exe"+90F3F12: 0F 84 A6 01 00 00 - je Borderlands3.exe+90F40BE
}
67
"Timer"
String
0
0
0
1
vendingPtr
0
138
"Vending Machine Timer"
Float
+6B8
139
"Mayhem Mode"
4 Bytes
+674
72
"Game Summary Pointers (cannot edit)"
Auto Assembler Script
//"Borderlands3.exe"+96AC067
[ENABLE]
aobscanmodule(summary,Borderlands3.exe,48 89 CE 0F B6 FA 48 81)
alloc(newmem,$1000,summary)
label(code)
label(return)
label(summaryPtr)
newmem:
mov rsi,summaryPtr
mov [rsi],rcx
code:
mov rsi,rcx
movzx edi,dl
jmp return
summaryPtr:
dq 0
summary:
jmp newmem
nop
return:
registersymbol(summary)
registersymbol(summaryPtr)
[DISABLE]
summary:
db 48 89 CE 0F B6 FA
unregistersymbol(summary)
unregistersymbol(summaryPtr)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Borderlands3.exe"+96AC067
"Borderlands3.exe"+96AC033: 4C 89 0C 24 - mov [rsp],r9
"Borderlands3.exe"+96AC037: 4C 8D 0D B2 28 92 FF - lea r9,[Borderlands3.exe+8FCE8F0]
"Borderlands3.exe"+96AC03E: 4C 87 0C 24 - xchg [rsp],r9
"Borderlands3.exe"+96AC042: C3 - ret
"Borderlands3.exe"+96AC043: 66 66 66 66 2E 0F 1F 84 00 00 00 00 00 - nop cs:[rax+rax+00000000]
"Borderlands3.exe"+96AC050: 48 89 5C 24 10 - mov [rsp+10],rbx
"Borderlands3.exe"+96AC055: 48 89 6C 24 18 - mov [rsp+18],rbp
"Borderlands3.exe"+96AC05A: 48 89 74 24 20 - mov [rsp+20],rsi
"Borderlands3.exe"+96AC05F: 57 - push rdi
"Borderlands3.exe"+96AC060: 48 81 EC 90 00 00 00 - sub rsp,00000090
// ---------- INJECTING HERE ----------
"Borderlands3.exe"+96AC067: 48 89 CE - mov rsi,rcx
"Borderlands3.exe"+96AC06A: 0F B6 FA - movzx edi,dl
// ---------- DONE INJECTING ----------
"Borderlands3.exe"+96AC06D: 48 81 C1 30 07 00 00 - add rcx,00000730
"Borderlands3.exe"+96AC074: E8 B7 20 E6 F7 - call Borderlands3.exe+150E130
"Borderlands3.exe"+96AC079: 84 C0 - test al,al
"Borderlands3.exe"+96AC07B: 0F 84 A4 00 00 00 - je Borderlands3.exe+96AC125
"Borderlands3.exe"+96AC081: 48 8D 8E 30 07 00 00 - lea rcx,[rsi+00000730]
"Borderlands3.exe"+96AC088: C7 86 48 07 00 00 00 00 00 00 - mov [rsi+00000748],00000000
"Borderlands3.exe"+96AC092: E8 D9 06 E6 F7 - call Borderlands3.exe+150C770
"Borderlands3.exe"+96AC097: E9 64 3F 93 F6 - jmp 13FFE0000
"Borderlands3.exe"+96AC09C: 90 - nop
"Borderlands3.exe"+96AC09D: 89 86 50 07 00 00 - mov [rsi+00000750],eax
}
73
"Base Address"
String
0
0
0
1
summaryPtr
0
78
"Character Progression"
String
0
0
0
1
+74C
74
"Current Level"
4 Bytes
+0
77
"Current Experience"
4 Bytes
+4
75
"Experience Needed"
4 Bytes
+8
76
"Previous Experience"
4 Bytes
+C
79
"Guardian Progression"
String
0
0
0
1
+764
80
"Tokens"
4 Bytes
+0
81
"Rank"
4 Bytes
+4
82
"Experience Needed"
4 Bytes
+C
83
"Previous Experience"
4 Bytes
+10
84
"Current Experience"
4 Bytes
+14
140
"Unrandomizer"
Auto Assembler Script
[ENABLE]
aobscanmodule(random,ucrtbase.dll,00 8B C1 48 83 C4 28)
alloc(newmem,$1000,random)
label(code)
label(return)
label(randomPtr)
newmem:
mov rax,randomPtr
cmp byte ptr [rax],1
jne code
mov ecx,dword ptr [rax+1]
code:
mov eax,ecx
add rsp,28
jmp return
randomPtr:
dq 0
random+01:
jmp newmem
nop
return:
registersymbol(random)
registersymbol(randomPtr)
[DISABLE]
random+01:
db 8B C1 48 83 C4 28
unregistersymbol(random)
unregistersymbol(randomPtr)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "ucrtbase.dll"+136B2
"ucrtbase.dll"+1368D: CC - int 3
"ucrtbase.dll"+1368E: CC - int 3
"ucrtbase.dll"+1368F: CC - int 3
"ucrtbase.dll"+13690: 48 83 EC 28 - sub rsp,28
"ucrtbase.dll"+13694: E8 77 E2 FF FF - call ucrtbase.dll+11910
"ucrtbase.dll"+13699: 69 48 28 FD 43 03 00 - imul ecx,[rax+28],000343FD
"ucrtbase.dll"+136A0: 81 C1 C3 9E 26 00 - add ecx,00269EC3
"ucrtbase.dll"+136A6: 89 48 28 - mov [rax+28],ecx
"ucrtbase.dll"+136A9: C1 E9 10 - shr ecx,10
"ucrtbase.dll"+136AC: 81 E1 FF 7F 00 00 - and ecx,00007FFF
// ---------- INJECTING HERE ----------
"ucrtbase.dll"+136B2: 8B C1 - mov eax,ecx
"ucrtbase.dll"+136B4: 48 83 C4 28 - add rsp,28
// ---------- DONE INJECTING ----------
"ucrtbase.dll"+136B8: C3 - ret
"ucrtbase.dll"+136B9: CC - int 3
"ucrtbase.dll"+136BA: CC - int 3
"ucrtbase.dll"+136BB: CC - int 3
"ucrtbase.dll"+136BC: CC - int 3
"ucrtbase.dll"+136BD: CC - int 3
"ucrtbase.dll"+136BE: CC - int 3
"ucrtbase.dll"+136BF: CC - int 3
"ucrtbase.dll"+136C0: 48 8D 0D C9 FF FF FF - lea rcx,[ucrtbase.dll+13690]
"ucrtbase.dll"+136C7: E9 A0 F3 FF FF - jmp ucrtbase.dll+12A6C
}
142
"Activate"
Auto Assembler Script
[ENABLE]
randomPtr:
db 1
[DISABLE]
randomPtr:
db 1
141
"Seed"
4 Bytes
randomPtr+1
109
"Ignore This"
FFFFFF
1
96
"Luck"
Auto Assembler Script
[ENABLE]
aobscanmodule(luck,Borderlands3.exe,66 0F 6E 40 08 48)
alloc(newmem,$1000,luck)
label(code)
label(return)
label(luckPtr)
newmem:
push rbx
mov rbx,luckPtr
mov rbx,[rbx]
sub rbx,8
cmp rax,rbx
jne code
mov rbx,luckPtr
mov rbx,[rbx+8]
movd xmm0,rbx
pop rbx
jmp return
code:
pop rbx
movd xmm0,[rax+08]
jmp return
luckPtr:
dq 0
dq 0
luck:
jmp newmem
return:
registersymbol(luck)
registersymbol(luckPtr)
[DISABLE]
luck:
db 66 0F 6E 40 08
unregistersymbol(luck)
unregistersymbol(luckPtr)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Borderlands3.exe"+938BC98
"Borderlands3.exe"+938BC75: 48 8B 5C 24 30 - mov rbx,[rsp+30]
"Borderlands3.exe"+938BC7A: 48 8B 74 24 38 - mov rsi,[rsp+38]
"Borderlands3.exe"+938BC7F: 48 83 C4 20 - add rsp,20
"Borderlands3.exe"+938BC83: 5F - pop rdi
"Borderlands3.exe"+938BC84: C3 - ret
"Borderlands3.exe"+938BC85: 48 85 C0 - test rax,rax
"Borderlands3.exe"+938BC88: 74 DC - je Borderlands3.exe+938BC66
"Borderlands3.exe"+938BC8A: 48 8B 5C 24 30 - mov rbx,[rsp+30]
"Borderlands3.exe"+938BC8F: 48 8B 74 24 38 - mov rsi,[rsp+38]
"Borderlands3.exe"+938BC94: C6 47 08 FF - mov byte ptr [rdi+08],-01
// ---------- INJECTING HERE ----------
"Borderlands3.exe"+938BC98: 66 0F 6E 40 08 - movd xmm0,[rax+08]
// ---------- DONE INJECTING ----------
"Borderlands3.exe"+938BC9D: 48 89 F8 - mov rax,rdi
"Borderlands3.exe"+938BCA0: 0F 5B C0 - cvtdq2ps xmm0,xmm0
"Borderlands3.exe"+938BCA3: F3 0F 11 07 - movss [rdi],xmm0
"Borderlands3.exe"+938BCA7: C6 47 08 00 - mov byte ptr [rdi+08],00
"Borderlands3.exe"+938BCAB: 48 83 C4 20 - add rsp,20
"Borderlands3.exe"+938BCAF: 5F - pop rdi
"Borderlands3.exe"+938BCB0: C3 - ret
"Borderlands3.exe"+938BCB1: CC - int 3
"Borderlands3.exe"+938BCB2: 48 31 FF - xor rdi,rdi
"Borderlands3.exe"+938BCB5: 48 03 3C 24 - add rdi,[rsp]
}
110
"Address"
1
8 Bytes
luckPtr
111
"Value"
4 Bytes
luckPtr+8
97
"Luck 1"
Auto Assembler Script
[ENABLE]
aobscanmodule(luck1,Borderlands3.exe,F3 0F 5C F8 48 89 F0 F3)
luck1:
db 90 90 90 90
registersymbol(luck1)
[DISABLE]
luck1:
db F3 0F 5C F8
unregistersymbol(luck1)
{
// ORIGINAL CODE - INJECTION POINT: "Borderlands3.exe"+938BF81
"Borderlands3.exe"+938BF55: E8 C6 E2 61 F9 - call Borderlands3.exe+29AA220
"Borderlands3.exe"+938BF5A: 48 89 C1 - mov rcx,rax
"Borderlands3.exe"+938BF5D: 0F 57 C9 - xorps xmm1,xmm1
"Borderlands3.exe"+938BF60: E8 1B 69 61 F9 - call Borderlands3.exe+29A2880
"Borderlands3.exe"+938BF65: F3 0F 10 3D FB 23 A3 FA - movss xmm7,[Borderlands3.exe+3DBE368]
"Borderlands3.exe"+938BF6D: 0F 28 F0 - movaps xmm6,xmm0
"Borderlands3.exe"+938BF70: 0F 28 C7 - movaps xmm0,xmm7
"Borderlands3.exe"+938BF73: 41 0F 28 C8 - movaps xmm1,xmm8
"Borderlands3.exe"+938BF77: F3 41 0F 5C C1 - subss xmm0,xmm9
"Borderlands3.exe"+938BF7C: E8 DB 16 8F FA - call Borderlands3.exe+3C7D65C
// ---------- INJECTING HERE ----------
"Borderlands3.exe"+938BF81: F3 0F 5C F8 - subss xmm7,xmm0
"Borderlands3.exe"+938BF85: 48 89 F0 - mov rax,rsi
// ---------- DONE INJECTING ----------
"Borderlands3.exe"+938BF88: F3 0F 59 FE - mulss xmm7,xmm6
"Borderlands3.exe"+938BF8C: F3 0F 11 3E - movss [rsi],xmm7
"Borderlands3.exe"+938BF90: C6 46 08 00 - mov byte ptr [rsi+08],00
"Borderlands3.exe"+938BF94: 48 8B 4C 24 30 - mov rcx,[rsp+30]
"Borderlands3.exe"+938BF99: 48 31 E1 - xor rcx,rsp
"Borderlands3.exe"+938BF9C: E8 9F C9 8E FA - call Borderlands3.exe+3C78940
"Borderlands3.exe"+938BFA1: 0F 28 74 24 70 - movaps xmm6,[rsp+70]
"Borderlands3.exe"+938BFA6: 0F 28 7C 24 60 - movaps xmm7,[rsp+60]
"Borderlands3.exe"+938BFAB: 44 0F 28 44 24 50 - movaps xmm8,[rsp+50]
"Borderlands3.exe"+938BFB1: 44 0F 28 4C 24 40 - movaps xmm9,[rsp+40]
}
98
"Luck 2"
Auto Assembler Script
[ENABLE]
aobscanmodule(luck2,Borderlands3.exe,F3 0F 59 C1 48 89 D8)
luck2:
db 90 90 90 90
registersymbol(luck2)
[DISABLE]
luck2:
db F3 0F 59 C1
unregistersymbol(luck2)
{
// ORIGINAL CODE - INJECTION POINT: "Borderlands3.exe"+217EFA46
"Borderlands3.exe"+217EFA2C: 80 F9 02 - cmp cl,02
"Borderlands3.exe"+217EFA2F: 75 06 - jne Borderlands3.exe+217EFA37
"Borderlands3.exe"+217EFA31: F3 0F 10 0B - movss xmm1,[rbx]
"Borderlands3.exe"+217EFA35: EB 03 - jmp Borderlands3.exe+217EFA3A
"Borderlands3.exe"+217EFA37: 0F 57 C9 - xorps xmm1,xmm1
"Borderlands3.exe"+217EFA3A: 84 C0 - test al,al
"Borderlands3.exe"+217EFA3C: 74 04 - je Borderlands3.exe+217EFA42
"Borderlands3.exe"+217EFA3E: 3C 02 - cmp al,02
"Borderlands3.exe"+217EFA40: 75 04 - jne Borderlands3.exe+217EFA46
"Borderlands3.exe"+217EFA42: F3 0F 10 02 - movss xmm0,[rdx]
// ---------- INJECTING HERE ----------
"Borderlands3.exe"+217EFA46: F3 0F 59 C1 - mulss xmm0,xmm1
"Borderlands3.exe"+217EFA4A: 48 89 D8 - mov rax,rbx
// ---------- DONE INJECTING ----------
"Borderlands3.exe"+217EFA4D: F3 0F 11 03 - movss [rbx],xmm0
"Borderlands3.exe"+217EFA51: C6 43 08 00 - mov byte ptr [rbx+08],00
"Borderlands3.exe"+217EFA55: 48 83 C4 20 - add rsp,20
"Borderlands3.exe"+217EFA59: 5B - pop rbx
"Borderlands3.exe"+217EFA5A: C3 - ret
"Borderlands3.exe"+217EFA5B: CC - int 3
"Borderlands3.exe"+217EFA5C: 48 BE FF FF FF FF FF FF FF FF - mov rsi,FFFFFFFFFFFFFFFF
"Borderlands3.exe"+217EFA66: 48 29 D6 - sub rsi,rdx
"Borderlands3.exe"+217EFA69: 48 83 EC 08 - sub rsp,08
"Borderlands3.exe"+217EFA6D: 48 89 14 24 - mov [rsp],rdx
}
101
"Luck 3"
Auto Assembler Script
[ENABLE]
aobscanmodule(luck3,Borderlands3.exe,F3 0F 11 18 44 88 41 24)
alloc(newmem,$1000,luck3)
label(code)
label(return)
newmem:
code:
movss [rax],xmm3
mov [rcx+24],r8l
jmp return
luck3:
jmp newmem
nop 3
return:
registersymbol(luck3)
[DISABLE]
luck3:
db F3 0F 11 18 44 88 41 24
unregistersymbol(luck3)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Borderlands3.exe"+218BEB14
"Borderlands3.exe"+218BEAEC: C6 45 A7 01 - mov byte ptr [rbp-59],01
"Borderlands3.exe"+218BEAF0: 44 38 41 24 - cmp [rcx+24],r8l
"Borderlands3.exe"+218BEAF4: 75 1E - jne Borderlands3.exe+218BEB14
"Borderlands3.exe"+218BEAF6: F3 0F 10 00 - movss xmm0,[rax]
"Borderlands3.exe"+218BEAFA: F3 0F 5C C3 - subss xmm0,xmm3
"Borderlands3.exe"+218BEAFE: 0F 54 05 4B FA 4F E2 - andps xmm0,[Borderlands3.exe+3DBE550]
"Borderlands3.exe"+218BEB05: 0F 2F 05 EC 18 53 E2 - comiss xmm0,[Borderlands3.exe+3DF03F8]
"Borderlands3.exe"+218BEB0C: 77 06 - ja Borderlands3.exe+218BEB14
"Borderlands3.exe"+218BEB0E: C6 45 A7 00 - mov byte ptr [rbp-59],00
"Borderlands3.exe"+218BEB12: EB 0C - jmp Borderlands3.exe+218BEB20
// ---------- INJECTING HERE ----------
"Borderlands3.exe"+218BEB14: F3 0F 11 18 - movss [rax],xmm3
"Borderlands3.exe"+218BEB18: 44 88 41 24 - mov [rcx+24],r8l
// ---------- DONE INJECTING ----------
"Borderlands3.exe"+218BEB1C: 48 89 45 DF - mov [rbp-21],rax
"Borderlands3.exe"+218BEB20: 48 83 C1 18 - add rcx,18
"Borderlands3.exe"+218BEB24: 4C 89 AC 24 D0 00 00 00 - mov [rsp+000000D0],r13
"Borderlands3.exe"+218BEB2C: E8 3F DC C4 DF - call Borderlands3.exe+150C770
"Borderlands3.exe"+218BEB31: 48 89 45 D7 - mov [rbp-29],rax
"Borderlands3.exe"+218BEB35: 48 85 C0 - test rax,rax
"Borderlands3.exe"+218BEB38: 0F 84 A2 03 00 00 - je Borderlands3.exe+218BEEE0
"Borderlands3.exe"+218BEB3E: 48 83 78 38 00 - cmp qword ptr [rax+38],00
"Borderlands3.exe"+218BEB43: 0F 84 97 03 00 00 - je Borderlands3.exe+218BEEE0
"Borderlands3.exe"+218BEB49: 0F 10 03 - movups xmm0,[rbx]
}
108
"Luck 4"
Auto Assembler Script
[ENABLE]
aobscanmodule(luck4,Borderlands3.exe,F3 41 0F 10 5E 28 48 8D)
alloc(newmem,$1000,luck4)
label(code)
label(return)
newmem:
code:
movss xmm3,[r14+28]
jmp return
luck4:
jmp newmem
nop
return:
registersymbol(luck4)
[DISABLE]
luck4:
db F3 41 0F 10 5E 28
unregistersymbol(luck4)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Borderlands3.exe"+218BCE1D
"Borderlands3.exe"+218BCDFD: 5D - pop rbp
"Borderlands3.exe"+218BCDFE: C3 - ret
"Borderlands3.exe"+218BCDFF: 4C 8B 75 F7 - mov r14,[rbp-09]
"Borderlands3.exe"+218BCE03: 4D 85 F6 - test r14,r14
"Borderlands3.exe"+218BCE06: 74 34 - je Borderlands3.exe+218BCE3C
"Borderlands3.exe"+218BCE08: 49 8D 4E 68 - lea rcx,[r14+68]
"Borderlands3.exe"+218BCE0C: E8 5F F9 C4 DF - call Borderlands3.exe+150C770
"Borderlands3.exe"+218BCE11: 49 8D 4E 60 - lea rcx,[r14+60]
"Borderlands3.exe"+218BCE15: 48 89 C7 - mov rdi,rax
"Borderlands3.exe"+218BCE18: E8 53 F9 C4 DF - call Borderlands3.exe+150C770
// ---------- INJECTING HERE ----------
"Borderlands3.exe"+218BCE1D: F3 41 0F 10 5E 28 - movss xmm3,[r14+28]
// ---------- DONE INJECTING ----------
"Borderlands3.exe"+218BCE23: 48 8D 55 0F - lea rdx,[rbp+0F]
"Borderlands3.exe"+218BCE27: 45 0F B6 46 24 - movzx r8d,byte ptr [r14+24]
"Borderlands3.exe"+218BCE2C: 4C 89 F1 - mov rcx,r14
"Borderlands3.exe"+218BCE2F: 48 89 45 0F - mov [rbp+0F],rax
"Borderlands3.exe"+218BCE33: 48 89 7D 17 - mov [rbp+17],rdi
"Borderlands3.exe"+218BCE37: E8 D4 A5 0E E1 - call Borderlands3.exe+29A7410
"Borderlands3.exe"+218BCE3C: B8 FF FF FF FF - mov eax,FFFFFFFF
"Borderlands3.exe"+218BCE41: F0 0F C1 46 08 - lock xadd [rsi+08],eax
"Borderlands3.exe"+218BCE46: 83 F8 01 - cmp eax,01
"Borderlands3.exe"+218BCE49: 0F 85 29 FE FF FF - jne Borderlands3.exe+218BCC78
}
136
"Mayhem Mode"
Auto Assembler Script
[ENABLE]
aobscanmodule(mayhem,Borderlands3.exe,8B 80 74 06 00 00)
alloc(newmem,$1000,mayhem)
label(code)
label(return)
newmem:
code:
mov eax,[rax+00000674]
jmp return
mayhem:
jmp newmem
nop
return:
registersymbol(mayhem)
[DISABLE]
mayhem:
db 8B 80 74 06 00 00
unregistersymbol(mayhem)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Borderlands3.exe"+8E7B424
"Borderlands3.exe"+8E7B404: 48 85 C9 - test rcx,rcx
"Borderlands3.exe"+8E7B407: 74 26 - je Borderlands3.exe+8E7B42F
"Borderlands3.exe"+8E7B409: 48 8B 01 - mov rax,[rcx]
"Borderlands3.exe"+8E7B40C: FF 90 48 01 00 00 - call qword ptr [rax+00000148]
"Borderlands3.exe"+8E7B412: 48 85 C0 - test rax,rax
"Borderlands3.exe"+8E7B415: 74 18 - je Borderlands3.exe+8E7B42F
"Borderlands3.exe"+8E7B417: 48 89 C1 - mov rcx,rax
"Borderlands3.exe"+8E7B41A: E8 E1 BA B0 F7 - call Borderlands3.exe+986F00
"Borderlands3.exe"+8E7B41F: 48 85 C0 - test rax,rax
"Borderlands3.exe"+8E7B422: 74 0B - je Borderlands3.exe+8E7B42F
// ---------- INJECTING HERE ----------
"Borderlands3.exe"+8E7B424: 8B 80 74 06 00 00 - mov eax,[rax+00000674]
// ---------- DONE INJECTING ----------
"Borderlands3.exe"+8E7B42A: 48 83 C4 28 - add rsp,28
"Borderlands3.exe"+8E7B42E: C3 - ret
"Borderlands3.exe"+8E7B42F: 31 C0 - xor eax,eax
"Borderlands3.exe"+8E7B431: 48 83 C4 28 - add rsp,28
"Borderlands3.exe"+8E7B435: C3 - ret
"Borderlands3.exe"+8E7B436: CC - int 3
"Borderlands3.exe"+8E7B437: 4D 29 F6 - sub r14,r14
"Borderlands3.exe"+8E7B43A: 4C 03 34 24 - add r14,[rsp]
"Borderlands3.exe"+8E7B43E: 48 83 EC F8 - sub rsp,-08
"Borderlands3.exe"+8E7B442: 4C 8B 14 24 - mov r10,[rsp]
}
137
"Mayhem Mode 2"
Auto Assembler Script
[ENABLE]
aobscanmodule(mayhem2,Borderlands3.exe,40 38 74 D1 08 48)
alloc(newmem,$1000,mayhem2)
label(code)
label(return)
newmem:
code:
cmp [rcx+rdx*8+08],sil
jmp return
mayhem2:
jmp newmem
return:
registersymbol(mayhem2)
[DISABLE]
mayhem2:
db 40 38 74 D1 08
unregistersymbol(mayhem2)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Borderlands3.exe"+21C39BCA
"Borderlands3.exe"+21C39BAD: 4C 89 F1 - mov rcx,r14
"Borderlands3.exe"+21C39BB0: 48 89 C7 - mov rdi,rax
"Borderlands3.exe"+21C39BB3: 41 FF 51 20 - call qword ptr [r9+20]
"Borderlands3.exe"+21C39BB7: 48 89 C5 - mov rbp,rax
"Borderlands3.exe"+21C39BBA: 85 DB - test ebx,ebx
"Borderlands3.exe"+21C39BBC: 78 7B - js Borderlands3.exe+21C39C39
"Borderlands3.exe"+21C39BBE: 3B 5F 08 - cmp ebx,[rdi+08]
"Borderlands3.exe"+21C39BC1: 7D 76 - jnl Borderlands3.exe+21C39C39
"Borderlands3.exe"+21C39BC3: 48 8B 0F - mov rcx,[rdi]
"Borderlands3.exe"+21C39BC6: 48 8D 14 9B - lea rdx,[rbx+rbx*4]
// ---------- INJECTING HERE ----------
"Borderlands3.exe"+21C39BCA: 40 38 74 D1 08 - cmp [rcx+rdx*8+08],sil
// ---------- DONE INJECTING ----------
"Borderlands3.exe"+21C39BCF: 48 8D 3C D1 - lea rdi,[rcx+rdx*8]
"Borderlands3.exe"+21C39BD3: 74 64 - je Borderlands3.exe+21C39C39
"Borderlands3.exe"+21C39BD5: 40 88 77 08 - mov [rdi+08],sil
"Borderlands3.exe"+21C39BD9: 4C 89 F1 - mov rcx,r14
"Borderlands3.exe"+21C39BDC: 49 8B 06 - mov rax,[r14]
"Borderlands3.exe"+21C39BDF: FF 50 18 - call qword ptr [rax+18]
"Borderlands3.exe"+21C39BE2: 48 89 C3 - mov rbx,rax
"Borderlands3.exe"+21C39BE5: 48 85 C0 - test rax,rax
"Borderlands3.exe"+21C39BE8: 74 4F - je Borderlands3.exe+21C39C39
"Borderlands3.exe"+21C39BEA: 80 B8 28 01 00 00 03 - cmp byte ptr [rax+00000128],03
}
161
"Item Score"
Auto Assembler Script
[ENABLE]
aobscanmodule(itemScore,Borderlands3.exe,8B 81 04 02 00 00 C3)
alloc(newmem,$1000,itemScore)
label(code)
label(return)
newmem:
code:
mov eax,[rcx+00000204]
jmp return
itemScore:
jmp newmem
nop
return:
registersymbol(itemScore)
[DISABLE]
itemScore:
db 8B 81 04 02 00 00
unregistersymbol(itemScore)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Borderlands3.exe"+2278F6E0
"Borderlands3.exe"+2278F6B9: 48 89 34 24 - mov [rsp],rsi
"Borderlands3.exe"+2278F6BD: 48 8D 64 24 F8 - lea rsp,[rsp-08]
"Borderlands3.exe"+2278F6C2: 48 89 34 24 - mov [rsp],rsi
"Borderlands3.exe"+2278F6C6: 48 F7 D6 - not rsi
"Borderlands3.exe"+2278F6C9: 48 21 34 24 - and [rsp],rsi
"Borderlands3.exe"+2278F6CD: 5E - pop rsi
"Borderlands3.exe"+2278F6CE: 48 01 CE - add rsi,rcx
"Borderlands3.exe"+2278F6D1: 48 81 C6 69 E8 00 6A - add rsi,6A00E869
"Borderlands3.exe"+2278F6D8: E9 FD CA 5B EC - jmp Borderlands3.exe+ED4C1DA
"Borderlands3.exe"+2278F6DD: 29 66 90 - sub [rsi-70],esp
// ---------- INJECTING HERE ----------
"Borderlands3.exe"+2278F6E0: 8B 81 04 02 00 00 - mov eax,[rcx+00000204]
// ---------- DONE INJECTING ----------
"Borderlands3.exe"+2278F6E6: C3 - ret
"Borderlands3.exe"+2278F6E7: 4C 8B 14 24 - mov r10,[rsp]
"Borderlands3.exe"+2278F6EB: 54 - push rsp
"Borderlands3.exe"+2278F6EC: 48 83 04 24 07 - add qword ptr [rsp],07
"Borderlands3.exe"+2278F6F1: 48 FF 04 24 - inc [rsp]
"Borderlands3.exe"+2278F6F5: 48 8B 24 24 - mov rsp,[rsp]
"Borderlands3.exe"+2278F6F9: 48 8B 2C 24 - mov rbp,[rsp]
"Borderlands3.exe"+2278F6FD: 48 89 2C 24 - mov [rsp],rbp
"Borderlands3.exe"+2278F701: 48 8D 2D AA 7A C0 FE - lea rbp,[Borderlands3.exe+213971B2]
"Borderlands3.exe"+2278F708: 48 87 2C 24 - xchg [rsp],rbp
}
165
"Tooltip Item Pointer (save & load after updating level)"
Auto Assembler Script
[ENABLE]
aobscanmodule(tooltipItem,Borderlands3.exe,8B 81 A8 01 00 00 C3 48)
alloc(newmem,$1000,tooltipItem)
label(code)
label(return)
label(tooltipItemPtr)
newmem:
mov rax,tooltipItemPtr
mov [rax],rcx
mov rax,B9150510
cmp rax,rcx
jne code
nop
code:
mov eax,[rcx+000001A8]
jmp return
tooltipItemPtr:
dq 0
tooltipItem:
jmp newmem
nop
return:
registersymbol(tooltipItem)
registersymbol(tooltipItemPtr)
[DISABLE]
tooltipItem:
db 8B 81 A8 01 00 00
unregistersymbol(tooltipItem)
unregistersymbol(tooltipItemPtr)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Borderlands3.exe"+8BA4B70
"Borderlands3.exe"+8BA4B4A: 49 83 F3 FF - xor r11,-01
"Borderlands3.exe"+8BA4B4E: 48 8D 64 24 08 - lea rsp,[rsp+08]
"Borderlands3.exe"+8BA4B53: 4C 0B 1C 24 - or r11,[rsp]
"Borderlands3.exe"+8BA4B57: 4C 87 24 24 - xchg [rsp],r12
"Borderlands3.exe"+8BA4B5B: 4D 89 DC - mov r12,r11
"Borderlands3.exe"+8BA4B5E: 4C 89 24 24 - mov [rsp],r12
"Borderlands3.exe"+8BA4B62: 4C 8D 1D 89 C7 35 06 - lea r11,[Borderlands3.exe+EF012F2]
"Borderlands3.exe"+8BA4B69: 4C 87 1C 24 - xchg [rsp],r11
"Borderlands3.exe"+8BA4B6D: C3 - ret
"Borderlands3.exe"+8BA4B6E: 66 90 - nop
// ---------- INJECTING HERE ----------
"Borderlands3.exe"+8BA4B70: 8B 81 A8 01 00 00 - mov eax,[rcx+000001A8]
// ---------- DONE INJECTING ----------
"Borderlands3.exe"+8BA4B76: C3 - ret
"Borderlands3.exe"+8BA4B77: 48 8B 34 24 - mov rsi,[rsp]
"Borderlands3.exe"+8BA4B7B: 48 83 C4 08 - add rsp,08
"Borderlands3.exe"+8BA4B7F: 48 8B 0C 24 - mov rcx,[rsp]
"Borderlands3.exe"+8BA4B83: 4C 89 34 24 - mov [rsp],r14
"Borderlands3.exe"+8BA4B87: 4C 8D 35 52 E5 34 1B - lea r14,[Borderlands3.exe+23EF30E0]
"Borderlands3.exe"+8BA4B8E: 4C 87 34 24 - xchg [rsp],r14
"Borderlands3.exe"+8BA4B92: C3 - ret
"Borderlands3.exe"+8BA4B93: 52 - push rdx
"Borderlands3.exe"+8BA4B94: 48 F7 D2 - not rdx
}
171
"Set All Item Score"
Auto Assembler Script
[ENABLE]
aobscanmodule(itemScore,Borderlands3.exe,8B 81 04 02 00 00 C3)
alloc(newmem,$1000,itemScore)
label(code)
label(return)
newmem:
code:
//mov eax,[rcx+00000204]
mov eax,#999
jmp return
itemScore:
jmp newmem
nop
return:
registersymbol(itemScore)
[DISABLE]
itemScore:
db 8B 81 04 02 00 00
unregistersymbol(itemScore)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Borderlands3.exe"+2278F6E0
"Borderlands3.exe"+2278F6B9: 48 89 34 24 - mov [rsp],rsi
"Borderlands3.exe"+2278F6BD: 48 8D 64 24 F8 - lea rsp,[rsp-08]
"Borderlands3.exe"+2278F6C2: 48 89 34 24 - mov [rsp],rsi
"Borderlands3.exe"+2278F6C6: 48 F7 D6 - not rsi
"Borderlands3.exe"+2278F6C9: 48 21 34 24 - and [rsp],rsi
"Borderlands3.exe"+2278F6CD: 5E - pop rsi
"Borderlands3.exe"+2278F6CE: 48 01 CE - add rsi,rcx
"Borderlands3.exe"+2278F6D1: 48 81 C6 69 E8 00 6A - add rsi,6A00E869
"Borderlands3.exe"+2278F6D8: E9 FD CA 5B EC - jmp Borderlands3.exe+ED4C1DA
"Borderlands3.exe"+2278F6DD: 29 66 90 - sub [rsi-70],esp
// ---------- INJECTING HERE ----------
"Borderlands3.exe"+2278F6E0: 8B 81 04 02 00 00 - mov eax,[rcx+00000204]
// ---------- DONE INJECTING ----------
"Borderlands3.exe"+2278F6E6: C3 - ret
"Borderlands3.exe"+2278F6E7: 4C 8B 14 24 - mov r10,[rsp]
"Borderlands3.exe"+2278F6EB: 54 - push rsp
"Borderlands3.exe"+2278F6EC: 48 83 04 24 07 - add qword ptr [rsp],07
"Borderlands3.exe"+2278F6F1: 48 FF 04 24 - inc [rsp]
"Borderlands3.exe"+2278F6F5: 48 8B 24 24 - mov rsp,[rsp]
"Borderlands3.exe"+2278F6F9: 48 8B 2C 24 - mov rbp,[rsp]
"Borderlands3.exe"+2278F6FD: 48 89 2C 24 - mov [rsp],rbp
"Borderlands3.exe"+2278F701: 48 8D 2D AA 7A C0 FE - lea rbp,[Borderlands3.exe+213971B2]
"Borderlands3.exe"+2278F708: 48 87 2C 24 - xchg [rsp],rbp
}
190
"Create Space"
Auto Assembler Script
[ENABLE]
alloc(newmem,$1000,6880EAA0)
label(space)
newmem:
space:
registersymbol(space)
[DISABLE]
unregistersymbol(space)
dealloc(newmem)
193
"No description"
1
Array of byte
96
space
173
"Display Level"
Auto Assembler Script
[ENABLE]
aobscanmodule(displayLevel,Borderlands3.exe,8B 81 A8 01 00 00 C3 48)
alloc(newmem,$1000,displayLevel)
label(code)
label(return)
newmem:
mov eax,[rcx+000001A8]
cmp eax,#49
jne code
nop
code:
mov eax,[rcx+000001A8]
jmp return
displayLevel:
jmp newmem
nop
return:
registersymbol(displayLevel)
[DISABLE]
displayLevel:
db 8B 81 A8 01 00 00
unregistersymbol(displayLevel)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Borderlands3.exe"+8BA4B70
"Borderlands3.exe"+8BA4B4A: 49 83 F3 FF - xor r11,-01
"Borderlands3.exe"+8BA4B4E: 48 8D 64 24 08 - lea rsp,[rsp+08]
"Borderlands3.exe"+8BA4B53: 4C 0B 1C 24 - or r11,[rsp]
"Borderlands3.exe"+8BA4B57: 4C 87 24 24 - xchg [rsp],r12
"Borderlands3.exe"+8BA4B5B: 4D 89 DC - mov r12,r11
"Borderlands3.exe"+8BA4B5E: 4C 89 24 24 - mov [rsp],r12
"Borderlands3.exe"+8BA4B62: 4C 8D 1D 89 C7 35 06 - lea r11,[Borderlands3.exe+EF012F2]
"Borderlands3.exe"+8BA4B69: 4C 87 1C 24 - xchg [rsp],r11
"Borderlands3.exe"+8BA4B6D: C3 - ret
"Borderlands3.exe"+8BA4B6E: 66 90 - nop
// ---------- INJECTING HERE ----------
"Borderlands3.exe"+8BA4B70: 8B 81 A8 01 00 00 - mov eax,[rcx+000001A8]
// ---------- DONE INJECTING ----------
"Borderlands3.exe"+8BA4B76: C3 - ret
"Borderlands3.exe"+8BA4B77: 48 8B 34 24 - mov rsi,[rsp]
"Borderlands3.exe"+8BA4B7B: 48 83 C4 08 - add rsp,08
"Borderlands3.exe"+8BA4B7F: 48 8B 0C 24 - mov rcx,[rsp]
"Borderlands3.exe"+8BA4B83: 4C 89 34 24 - mov [rsp],r14
"Borderlands3.exe"+8BA4B87: 4C 8D 35 52 E5 34 1B - lea r14,[Borderlands3.exe+23EF30E0]
"Borderlands3.exe"+8BA4B8E: 4C 87 34 24 - xchg [rsp],r14
"Borderlands3.exe"+8BA4B92: C3 - ret
"Borderlands3.exe"+8BA4B93: 52 - push rdx
"Borderlands3.exe"+8BA4B94: 48 F7 D2 - not rdx
}
172
"Saved Level"
Auto Assembler Script
[ENABLE]
aobscanmodule(savedLevel,Borderlands3.exe,8B 81 A4 01 00 00 C3 48)
alloc(newmem,$1000,savedLevel)
label(code)
label(return)
newmem:
mov eax,[rcx+000001A4]
cmp eax,#49
jne code
nop
code:
mov eax,[rcx+000001A4]
jmp return
savedLevel:
jmp newmem
nop
return:
registersymbol(savedLevel)
[DISABLE]
savedLevel:
db 8B 81 A4 01 00 00
unregistersymbol(savedLevel)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Borderlands3.exe"+8BA4DA0
"Borderlands3.exe"+8BA4D76: 48 8D 05 43 11 85 16 - lea rax,[Borderlands3.exe+1F3F5EC0]
"Borderlands3.exe"+8BA4D7D: 9D - popfq
"Borderlands3.exe"+8BA4D7E: FF 34 D0 - push [rax+rdx*8]
"Borderlands3.exe"+8BA4D81: C3 - ret
"Borderlands3.exe"+8BA4D82: 67 9D - popfq
"Borderlands3.exe"+8BA4D84: 56 - push rsi
"Borderlands3.exe"+8BA4D85: 48 8D 35 65 3F E3 1B - lea rsi,[Borderlands3.exe+249D8CF1]
"Borderlands3.exe"+8BA4D8C: 48 87 34 24 - xchg [rsp],rsi
"Borderlands3.exe"+8BA4D90: C3 - ret
"Borderlands3.exe"+8BA4D91: 66 66 66 66 66 66 2E 0F 1F 84 00 00 00 00 00 - nop cs:[rax+rax+00000000]
// ---------- INJECTING HERE ----------
"Borderlands3.exe"+8BA4DA0: 8B 81 A4 01 00 00 - mov eax,[rcx+000001A4]
// ---------- DONE INJECTING ----------
"Borderlands3.exe"+8BA4DA6: C3 - ret
"Borderlands3.exe"+8BA4DA7: 48 8B 04 24 - mov rax,[rsp]
"Borderlands3.exe"+8BA4DAB: 48 83 EC F8 - sub rsp,-08
"Borderlands3.exe"+8BA4DAF: 48 89 2C 24 - mov [rsp],rbp
"Borderlands3.exe"+8BA4DB3: 48 8D 64 24 F8 - lea rsp,[rsp-08]
"Borderlands3.exe"+8BA4DB8: 51 - push rcx
"Borderlands3.exe"+8BA4DB9: 48 8D 2D 78 B2 15 00 - lea rbp,[Borderlands3.exe+8D00038]
"Borderlands3.exe"+8BA4DC0: 48 87 4C 24 08 - xchg [rsp+08],rcx
"Borderlands3.exe"+8BA4DC5: 48 89 E9 - mov rcx,rbp
"Borderlands3.exe"+8BA4DC8: 48 89 4C 24 08 - mov [rsp+08],rcx
}
174
"Item Score"
Auto Assembler Script
[ENABLE]
aobscanmodule(itemScore,Borderlands3.exe,8B 81 04 02 00 00 C3)
alloc(newmem,$1000,itemScore)
label(code)
label(return)
newmem:
mov eax,[rcx+00000204]
cmp eax,#526
jne code
nop
code:
mov eax,[rcx+00000204]
jmp return
itemScore:
jmp newmem
nop
return:
registersymbol(itemScore)
[DISABLE]
itemScore:
db 8B 81 04 02 00 00
unregistersymbol(itemScore)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Borderlands3.exe"+2278F6E0
"Borderlands3.exe"+2278F6B9: 48 89 34 24 - mov [rsp],rsi
"Borderlands3.exe"+2278F6BD: 48 8D 64 24 F8 - lea rsp,[rsp-08]
"Borderlands3.exe"+2278F6C2: 48 89 34 24 - mov [rsp],rsi
"Borderlands3.exe"+2278F6C6: 48 F7 D6 - not rsi
"Borderlands3.exe"+2278F6C9: 48 21 34 24 - and [rsp],rsi
"Borderlands3.exe"+2278F6CD: 5E - pop rsi
"Borderlands3.exe"+2278F6CE: 48 01 CE - add rsi,rcx
"Borderlands3.exe"+2278F6D1: 48 81 C6 69 E8 00 6A - add rsi,6A00E869
"Borderlands3.exe"+2278F6D8: E9 FD CA 5B EC - jmp Borderlands3.exe+ED4C1DA
"Borderlands3.exe"+2278F6DD: 29 66 90 - sub [rsi-70],esp
// ---------- INJECTING HERE ----------
"Borderlands3.exe"+2278F6E0: 8B 81 04 02 00 00 - mov eax,[rcx+00000204]
// ---------- DONE INJECTING ----------
"Borderlands3.exe"+2278F6E6: C3 - ret
"Borderlands3.exe"+2278F6E7: 4C 8B 14 24 - mov r10,[rsp]
"Borderlands3.exe"+2278F6EB: 54 - push rsp
"Borderlands3.exe"+2278F6EC: 48 83 04 24 07 - add qword ptr [rsp],07
"Borderlands3.exe"+2278F6F1: 48 FF 04 24 - inc [rsp]
"Borderlands3.exe"+2278F6F5: 48 8B 24 24 - mov rsp,[rsp]
"Borderlands3.exe"+2278F6F9: 48 8B 2C 24 - mov rbp,[rsp]
"Borderlands3.exe"+2278F6FD: 48 89 2C 24 - mov [rsp],rbp
"Borderlands3.exe"+2278F701: 48 8D 2D AA 7A C0 FE - lea rbp,[Borderlands3.exe+213971B2]
"Borderlands3.exe"+2278F708: 48 87 2C 24 - xchg [rsp],rbp
}
182
"Bonus Item Score"
Auto Assembler Script
[ENABLE]
aobscanmodule(bonusItemScore,Borderlands3.exe,41 8B 06 89 03 C6)
alloc(newmem,$1000,bonusItemScore)
label(code)
label(return)
newmem:
code:
mov eax,[r14]
mov [rbx],eax
jmp return
bonusItemScore:
jmp newmem
return:
registersymbol(bonusItemScore)
[DISABLE]
bonusItemScore:
db 41 8B 06 89 03
unregistersymbol(bonusItemScore)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Borderlands3.exe"+218C5968
"Borderlands3.exe"+218C5945: 75 2A - jne Borderlands3.exe+218C5971
"Borderlands3.exe"+218C5947: 49 8D 4E 08 - lea rcx,[r14+08]
"Borderlands3.exe"+218C594B: 4D 89 F8 - mov r8,r15
"Borderlands3.exe"+218C594E: 48 8D 55 D0 - lea rdx,[rbp-30]
"Borderlands3.exe"+218C5952: E8 59 89 21 E1 - call Borderlands3.exe+2ADE2B0
"Borderlands3.exe"+218C5957: 48 89 C2 - mov rdx,rax
"Borderlands3.exe"+218C595A: 48 89 D9 - mov rcx,rbx
"Borderlands3.exe"+218C595D: E8 5E F7 0C DF - call Borderlands3.exe+9950C0
"Borderlands3.exe"+218C5962: 80 7B 08 FF - cmp byte ptr [rbx+08],-01
"Borderlands3.exe"+218C5966: 75 09 - jne Borderlands3.exe+218C5971
// ---------- INJECTING HERE ----------
"Borderlands3.exe"+218C5968: 41 8B 06 - mov eax,[r14]
"Borderlands3.exe"+218C596B: 89 03 - mov [rbx],eax
// ---------- DONE INJECTING ----------
"Borderlands3.exe"+218C596D: C6 43 08 00 - mov byte ptr [rbx+08],00
"Borderlands3.exe"+218C5971: 49 8B 7E 28 - mov rdi,[r14+28]
"Borderlands3.exe"+218C5975: 48 85 FF - test rdi,rdi
"Borderlands3.exe"+218C5978: 0F 84 02 01 00 00 - je Borderlands3.exe+218C5A80
"Borderlands3.exe"+218C597E: 48 8B B7 F8 00 00 00 - mov rsi,[rdi+000000F8]
"Borderlands3.exe"+218C5985: 48 85 F6 - test rsi,rsi
"Borderlands3.exe"+218C5988: 75 1C - jne Borderlands3.exe+218C59A6
"Borderlands3.exe"+218C598A: 48 8B 07 - mov rax,[rdi]
"Borderlands3.exe"+218C598D: 48 89 F9 - mov rcx,rdi
"Borderlands3.exe"+218C5990: FF 90 68 03 00 00 - call qword ptr [rax+00000368]
}