131
"Add of 99 each tactic books on List view"
Auto Assembler Script
[ENABLE]
aobscanmodule(SAN14_TacticBooks,SAN14_TC.exe,0F B7 BC 43 20 01 00 00) // should be unique
alloc(newmem,64,SAN14_TacticBooks)
label(code)
label(return)
newmem:
cmp word ptr [rbx+rax*2+00000120],63
jge code
add word ptr [rbx+rax*2+00000120],63
code:
movzx edi,word ptr [rbx+rax*2+00000120]
jmp return
SAN14_TacticBooks:
jmp newmem
nop 3
return:
registersymbol(SAN14_TacticBooks)
[DISABLE]
SAN14_TacticBooks:
db 0F B7 BC 43 20 01 00 00
unregistersymbol(SAN14_TacticBooks)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+2A5306
"SAN14.exe"+2A52E9: 48 8B 5C 24 30 - mov rbx,[rsp+30]
"SAN14.exe"+2A52EE: 48 83 C4 20 - add rsp,20
"SAN14.exe"+2A52F2: 5F - pop rdi
"SAN14.exe"+2A52F3: C3 - ret
"SAN14.exe"+2A52F4: 48 8B CF - mov rcx,rdi
"SAN14.exe"+2A52F7: E8 74 1E F3 FF - call SAN14.exe+1D7170
"SAN14.exe"+2A52FC: 8D 48 FF - lea ecx,[rax-01]
"SAN14.exe"+2A52FF: 83 F9 1D - cmp ecx,1D
"SAN14.exe"+2A5302: 77 0C - ja SAN14.exe+2A5310
"SAN14.exe"+2A5304: 48 98 - cdqe
// ---------- INJECTING HERE ----------
"SAN14.exe"+2A5306: 0F B7 BC 43 20 01 00 00 - movzx edi,word ptr [rbx+rax*2+00000120]
// ---------- DONE INJECTING ----------
"SAN14.exe"+2A530E: EB 02 - jmp SAN14.exe+2A5312
"SAN14.exe"+2A5310: 33 FF - xor edi,edi
"SAN14.exe"+2A5312: E8 09 60 04 00 - call SAN14.exe+2EB320
"SAN14.exe"+2A5317: 48 8B C8 - mov rcx,rax
"SAN14.exe"+2A531A: E8 31 AF EB FF - call SAN14.exe+160250
"SAN14.exe"+2A531F: 44 8B C7 - mov r8d,edi
"SAN14.exe"+2A5322: 48 8D 15 93 02 D2 00 - lea rdx,[SAN14.exe+FC55BC]
"SAN14.exe"+2A5329: 48 8B C8 - mov rcx,rax
"SAN14.exe"+2A532C: 48 8B D8 - mov rbx,rax
"SAN14.exe"+2A532F: E8 8C DC 32 00 - call SAN14.exe+5D2FC0
}
188
"Stats Uncap"
Auto Assembler Script
[ENABLE]
aobscanmodule(SAN14_IgnoreStatsCap,SAN14_TC.exe,8B C3 4C 8D 5C 24 70 49 8B 5B 30) // should be unique
alloc(newmem,64,SAN14_IgnoreStatsCap)
label(code)
label(return)
newmem:
cmp [rsp+000000A8],64
jg code
cmovg ebx,ecx
code:
mov eax,ebx
lea r11,[rsp+70]
jmp return
SAN14_IgnoreStatsCap-03:
nop 3
jmp newmem
nop 2
return:
registersymbol(SAN14_IgnoreStatsCap)
[DISABLE]
SAN14_IgnoreStatsCap:
db 8B C3 4C 8D 5C 24 70
unregistersymbol(SAN14_IgnoreStatsCap)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+1DF414
"SAN14.exe"+1DF3F7: C0 C0 03 - rol al,03
"SAN14.exe"+1DF3FA: 0F B6 C8 - movzx ecx,al
"SAN14.exe"+1DF3FD: 0F B6 47 10 - movzx eax,byte ptr [rdi+10]
"SAN14.exe"+1DF401: 33 C8 - xor ecx,eax
"SAN14.exe"+1DF403: 83 FB 01 - cmp ebx,01
"SAN14.exe"+1DF406: 7D 07 - jnl SAN14.exe+1DF40F
"SAN14.exe"+1DF408: BB 01 00 00 00 - mov ebx,00000001
"SAN14.exe"+1DF40D: EB 05 - jmp SAN14.exe+1DF414
"SAN14.exe"+1DF40F: 3B D9 - cmp ebx,ecx
"SAN14.exe"+1DF411: 0F 4F D9 - cmovg ebx,ecx
// ---------- INJECTING HERE ----------
"SAN14.exe"+1DF414: 8B C3 - mov eax,ebx
"SAN14.exe"+1DF416: 4C 8D 5C 24 70 - lea r11,[rsp+70]
// ---------- DONE INJECTING ----------
"SAN14.exe"+1DF41B: 49 8B 5B 30 - mov rbx,[r11+30]
"SAN14.exe"+1DF41F: 49 8B 6B 40 - mov rbp,[r11+40]
"SAN14.exe"+1DF423: 49 8B 73 48 - mov rsi,[r11+48]
"SAN14.exe"+1DF427: 49 8B E3 - mov rsp,r11
"SAN14.exe"+1DF42A: 41 5F - pop r15
"SAN14.exe"+1DF42C: 41 5E - pop r14
"SAN14.exe"+1DF42E: 41 5D - pop r13
"SAN14.exe"+1DF430: 41 5C - pop r12
"SAN14.exe"+1DF432: 5F - pop rdi
"SAN14.exe"+1DF433: C3 - ret
}
191
"Base Stats Uncap"
Auto Assembler Script
[ENABLE]
aobscanmodule(SAN14_Cap1,SAN14_TC.exe,01 74 05 6B C1 64 EB 09) // should be unique
aobscanmodule(SAN14_Cap2,SAN14_TC.exe,6B C0 64 83 C0 14 44) // should be unique
aobscanmodule(SAN14_Cap3,SAN14_TC.exe,C9 74 05 6B C1 64 EB 09) // should be unique
aobscanmodule(SAN14_Cap4,SAN14_TC.exe,6B C0 64 41 32 C0) // should be unique
registersymbol(SAN14_Cap1)
registersymbol(SAN14_Cap2)
registersymbol(SAN14_Cap3)
registersymbol(SAN14_Cap4)
SAN14_Cap1+05:
db ff
SAN14_Cap2+02:
db ff
SAN14_Cap3+05:
db ff
SAN14_Cap4+02:
db ff
[DISABLE]
SAN14_Cap1+05:
db 64
SAN14_Cap2+02:
db 64
SAN14_Cap3+05:
db 64
SAN14_Cap4+02:
db 64
unregistersymbol(SAN14_Cap1)
unregistersymbol(SAN14_Cap2)
unregistersymbol(SAN14_Cap3)
unregistersymbol(SAN14_Cap4)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+1D8665
"SAN14.exe"+1D863A: 48 C7 44 24 20 FE FF FF FF - mov qword ptr [rsp+20],FFFFFFFFFFFFFFFE
"SAN14.exe"+1D8643: 48 89 5C 24 60 - mov [rsp+60],rbx
"SAN14.exe"+1D8648: 48 89 6C 24 68 - mov [rsp+68],rbp
"SAN14.exe"+1D864D: 48 89 74 24 70 - mov [rsp+70],rsi
"SAN14.exe"+1D8652: 48 89 7C 24 78 - mov [rsp+78],rdi
"SAN14.exe"+1D8657: 48 8B F9 - mov rdi,rcx
"SAN14.exe"+1D865A: 0F B7 51 10 - movzx edx,word ptr [rcx+10]
"SAN14.exe"+1D865E: 8B CA - mov ecx,edx
"SAN14.exe"+1D8660: 83 E1 01 - and ecx,01
"SAN14.exe"+1D8663: 74 05 - je SAN14.exe+1D866A
// ---------- INJECTING HERE ----------
"SAN14.exe"+1D8665: 6B C1 64 - imul eax,ecx,64
"SAN14.exe"+1D8668: EB 09 - jmp SAN14.exe+1D8673
// ---------- DONE INJECTING ----------
"SAN14.exe"+1D866A: 8D 42 FF - lea eax,[rdx-01]
"SAN14.exe"+1D866D: 83 E0 01 - and eax,01
"SAN14.exe"+1D8670: 6B C0 64 - imul eax,eax,64
"SAN14.exe"+1D8673: 83 C0 14 - add eax,14
"SAN14.exe"+1D8676: 44 0F B6 47 10 - movzx r8d,byte ptr [rdi+10]
"SAN14.exe"+1D867B: 41 32 C0 - xor al,r8l
"SAN14.exe"+1D867E: C0 C8 03 - ror al,03
"SAN14.exe"+1D8681: 88 87 68 01 00 00 - mov [rdi+00000168],al
"SAN14.exe"+1D8687: 85 C9 - test ecx,ecx
"SAN14.exe"+1D8689: 74 05 - je SAN14.exe+1D8690
}
189
"Max Stats Conversion"
Auto Assembler Script
[ENABLE]
alloc(maxStats,4)
registersymbol(maxStats)
maxStats:
dd 3e7
alloc(maxStatsBK1,9)
alloc(maxStatsBK2,9)
alloc(maxStatsBK3,9)
registersymbol(maxStatsBK1)
registersymbol(maxStatsBK2)
registersymbol(maxStatsBK3)
aobscanmodule(SAN14_MaxStatsConversion,SAN14_TC.exe,41 0F B6 84 0D * * 00 00 89 84 24 A8 00 00 00) // should be unique
alloc(code1,64,SAN14_MaxStatsConversion)
aobscanmodule(SAN14_StatsReadDuringAttackPhases,SAN14_TC.exe,44 0F B6 B4 37 * * 00 00 4C 89 7C 24 58) // should be unique
alloc(code2,64,SAN14_StatsReadDuringAttackPhases)
aobscanmodule(SAN14_StatsReadEndBattlePhase,SAN14_TC.exe,E9 * * * * * 0F B6 * * * * 00 00 45 33 E4) // should be unique
alloc(code3,64,SAN14_StatsReadEndBattlePhase)
registersymbol(SAN14_MaxStatsConversion)
registersymbol(SAN14_StatsReadDuringAttackPhases)
registersymbol(SAN14_StatsReadEndBattlePhase)
label(return)
label(return2)
label(return3)
code1:
readmem(SAN14_MaxStatsConversion,9)
cmp al,ff
jne return
mov eax,[maxStats] //3e7
jmp return
SAN14_MaxStatsConversion:
jmp code1
nop 4
return:
code2:
readmem(SAN14_StatsReadDuringAttackPhases,9)
cmp r14d,ff
jne return2
mov r14d,[maxStats]
jmp return2
SAN14_StatsReadDuringAttackPhases:
jmp code2
nop 4
return2:
code3:
readmem(SAN14_StatsReadEndBattlePhase+5,9)
cmp r13d,ff
jne return3
mov r13d,[maxStats]
jmp return3
SAN14_StatsReadEndBattlePhase+5:
jmp code3
nop 4
return3:
maxStatsBK1:
readmem(SAN14_MaxStatsConversion,9)
maxStatsBK2:
readmem(SAN14_StatsReadDuringAttackPhases,9)
maxStatsBK3:
readmem(SAN14_StatsReadEndBattlePhase+5,9)
[DISABLE]
SAN14_MaxStatsConversion:
readmem(maxStatsBK1,9)
SAN14_StatsReadDuringAttackPhases:
readmem(maxStatsBK2,9)
SAN14_StatsReadEndBattlePhase+5:
readmem(maxStatsBK3,9)
unregistersymbol(maxStatsBK3)
unregistersymbol(maxStatsBK2)
unregistersymbol(maxStatsBK1)
unregistersymbol(SAN14_StatsReadEndBattlePhase)
unregistersymbol(SAN14_StatsReadDuringAttackPhases)
unregistersymbol(SAN14_MaxStatsConversion)
unregistersymbol(maxStats)
dealloc(maxStatsBK3)
dealloc(maxStatsBK2)
dealloc(maxStatsBK1)
dealloc(newmem)
dealloc(maxStats)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+1DF16D
"SAN14.exe"+1DF148: 41 56 - push r14
"SAN14.exe"+1DF14A: 41 57 - push r15
"SAN14.exe"+1DF14C: 48 83 EC 70 - sub rsp,70
"SAN14.exe"+1DF150: 48 C7 40 88 FE FF FF FF - mov qword ptr [rax-78],FFFFFFFFFFFFFFFE
"SAN14.exe"+1DF158: 48 89 58 08 - mov [rax+08],rbx
"SAN14.exe"+1DF15C: 48 89 68 18 - mov [rax+18],rbp
"SAN14.exe"+1DF160: 48 89 70 20 - mov [rax+20],rsi
"SAN14.exe"+1DF164: 41 8B D8 - mov ebx,r8d
"SAN14.exe"+1DF167: 4C 63 EA - movsxd r13,edx
"SAN14.exe"+1DF16A: 48 8B F9 - mov rdi,rcx
// ---------- INJECTING HERE ----------
"SAN14.exe"+1DF16D: 41 0F B6 84 0D 9E 00 00 00 - movzx eax,byte ptr [r13+rcx+0000009E]
// ---------- DONE INJECTING ----------
"SAN14.exe"+1DF176: 89 84 24 A8 00 00 00 - mov [rsp+000000A8],eax
"SAN14.exe"+1DF17D: 45 33 FF - xor r15d,r15d
"SAN14.exe"+1DF180: 45 8B F7 - mov r14d,r15d
"SAN14.exe"+1DF183: 45 8B CF - mov r9d,r15d
"SAN14.exe"+1DF186: 41 8B C0 - mov eax,r8d
"SAN14.exe"+1DF189: 83 E0 01 - and eax,01
"SAN14.exe"+1DF18C: 84 C0 - test al,al
"SAN14.exe"+1DF18E: 74 08 - je SAN14.exe+1DF198
"SAN14.exe"+1DF190: 44 0F B6 89 08 01 00 00 - movzx r9d,byte ptr [rcx+00000108]
"SAN14.exe"+1DF198: 45 85 C9 - test r9d,r9d
}
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+242D63
"SAN14.exe"+242D3D: FF 52 40 - call qword ptr [rdx+40]
"SAN14.exe"+242D40: 83 F8 33 - cmp eax,33
"SAN14.exe"+242D43: 0F 84 94 01 00 00 - je SAN14.exe+242EDD
"SAN14.exe"+242D49: 48 8B 13 - mov rdx,[rbx]
"SAN14.exe"+242D4C: 48 8B CB - mov rcx,rbx
"SAN14.exe"+242D4F: FF 52 40 - call qword ptr [rdx+40]
"SAN14.exe"+242D52: 83 C0 D2 - add eax,-2E
"SAN14.exe"+242D55: 83 F8 04 - cmp eax,04
"SAN14.exe"+242D58: 0F 86 7F 01 00 00 - jbe SAN14.exe+242EDD
"SAN14.exe"+242D5E: 4C 89 74 24 50 - mov [rsp+50],r14
// ---------- INJECTING HERE ----------
"SAN14.exe"+242D63: 44 0F B6 B4 37 9E 00 00 00 - movzx r14d,byte ptr [rdi+rsi+0000009E]
// ---------- DONE INJECTING ----------
"SAN14.exe"+242D6C: 4C 89 7C 24 58 - mov [rsp+58],r15
"SAN14.exe"+242D71: 41 83 FE 64 - cmp r14d,64
"SAN14.exe"+242D75: 0F 84 58 01 00 00 - je SAN14.exe+242ED3
"SAN14.exe"+242D7B: 4C 89 64 24 48 - mov [rsp+48],r12
"SAN14.exe"+242D80: BA 4B 00 00 00 - mov edx,0000004B
"SAN14.exe"+242D85: 44 8B A4 BE B4 00 00 00 - mov r12d,[rsi+rdi*4+000000B4]
"SAN14.exe"+242D8D: 48 8B CE - mov rcx,rsi
"SAN14.exe"+242D90: E8 AB C2 FF FF - call SAN14.exe+23F040
"SAN14.exe"+242D95: 8B 0D 21 7F 33 01 - mov ecx,[SAN14.exe+157ACBC]
"SAN14.exe"+242D9B: 33 DB - xor ebx,ebx
}
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+1E0CE6
"SAN14.exe"+1E0CC1: 33 C9 - xor ecx,ecx
"SAN14.exe"+1E0CC3: 89 4D 7F - mov [rbp+7F],ecx
"SAN14.exe"+1E0CC6: 33 D2 - xor edx,edx
"SAN14.exe"+1E0CC8: 89 55 77 - mov [rbp+77],edx
"SAN14.exe"+1E0CCB: 33 C0 - xor eax,eax
"SAN14.exe"+1E0CCD: 48 89 45 97 - mov [rbp-69],rax
"SAN14.exe"+1E0CD1: 48 8D 3D F8 83 DB 00 - lea rdi,[SAN14.exe+F990D0]
"SAN14.exe"+1E0CD8: 45 85 C0 - test r8d,r8d
"SAN14.exe"+1E0CDB: 74 0E - je SAN14.exe+1E0CEB
"SAN14.exe"+1E0CDD: 41 0F B6 9C 07 9E 00 00 00 - movzx ebx,byte ptr [r15+rax+0000009E]
// ---------- INJECTING HERE ----------
"SAN14.exe"+1E0CE6: E9 1D 03 00 00 - jmp SAN14.exe+1E1008
// ---------- DONE INJECTING ----------
"SAN14.exe"+1E0CEB: 45 0F B6 AC 07 9E 00 00 00 - movzx r13d,byte ptr [r15+rax+0000009E]
"SAN14.exe"+1E0CF4: 45 33 E4 - xor r12d,r12d
"SAN14.exe"+1E0CF7: 41 0F B6 8F 08 01 00 00 - movzx ecx,byte ptr [r15+00000108]
"SAN14.exe"+1E0CFF: 85 C9 - test ecx,ecx
"SAN14.exe"+1E0D01: 74 2A - je SAN14.exe+1E0D2D
"SAN14.exe"+1E0D03: 83 E9 01 - sub ecx,01
"SAN14.exe"+1E0D06: 74 1C - je SAN14.exe+1E0D24
"SAN14.exe"+1E0D08: 83 E9 01 - sub ecx,01
"SAN14.exe"+1E0D0B: 74 0E - je SAN14.exe+1E0D1B
"SAN14.exe"+1E0D0D: 83 F9 01 - cmp ecx,01
}
182
"Any stats = 255 become this stats ->"
4 Bytes
maxStats
127
"Doctrine EXP"
FF0000
Auto Assembler Script
[ENABLE]
aobscanmodule(SAN14_DoctrineEXP,SAN14_TC.exe,48 89 5C 24 20 57 48 83 EC 20 8B) // should be unique
alloc(newmem,64,SAN14_DoctrineEXP)
alloc(playerDoctrinePtr,8)
registersymbol(playerDoctrinePtr)
playerDoctrinePtr:
dq 0
alloc(playerDoctrinePtrFlag,4)
registersymbol(playerDoctrinePtrFlag)
playerDoctrinePtrFlag:
dd 0
label(code)
label(return)
newmem:
cmp [playerDoctrinePtr],rcx
jne code
cmp edx,0
je code
imul edx,a
code:
mov [rsp+20],rbx
jmp return
SAN14_DoctrineEXP:
jmp newmem
return:
registersymbol(SAN14_DoctrineEXP)
aobscanmodule(SAN14_DoctrinePtr,SAN14_TC.exe,8B 87 64 01 00 00 85) // should be unique
alloc(newmem2,64,SAN14_DoctrinePtr)
label(code2)
label(return2)
newmem2:
cmp [playerDoctrinePtrFlag],0
je code2
mov [playerDoctrinePtr],rdi
mov [playerDoctrinePtrFlag],0
code2:
mov eax,[rdi+00000164]
jmp return2
SAN14_DoctrinePtr:
jmp newmem2
nop
return2:
registersymbol(SAN14_DoctrinePtr)
[DISABLE]
SAN14_DoctrineEXP:
db 48 89 5C 24 20
dealloc(playerDoctrinePtrFlag)
unregistersymbol(playerDoctrinePtrFlag)
dealloc(playerDoctrinePtr)
unregistersymbol(playerDoctrinePtr)
unregistersymbol(SAN14_DoctrineEXP)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+1F6960
"SAN14.exe"+1F6956: CC - int 3
"SAN14.exe"+1F6957: CC - int 3
"SAN14.exe"+1F6958: CC - int 3
"SAN14.exe"+1F6959: CC - int 3
"SAN14.exe"+1F695A: CC - int 3
"SAN14.exe"+1F695B: CC - int 3
"SAN14.exe"+1F695C: CC - int 3
"SAN14.exe"+1F695D: CC - int 3
"SAN14.exe"+1F695E: CC - int 3
"SAN14.exe"+1F695F: CC - int 3
// ---------- INJECTING HERE ----------
"SAN14.exe"+1F6960: 48 89 5C 24 20 - mov [rsp+20],rbx
// ---------- DONE INJECTING ----------
"SAN14.exe"+1F6965: 57 - push rdi
"SAN14.exe"+1F6966: 48 83 EC 20 - sub rsp,20
"SAN14.exe"+1F696A: 8B DA - mov ebx,edx
"SAN14.exe"+1F696C: 48 8B F9 - mov rdi,rcx
"SAN14.exe"+1F696F: E8 BC 3A 09 00 - call SAN14.exe+28A430
"SAN14.exe"+1F6974: 85 C0 - test eax,eax
"SAN14.exe"+1F6976: 75 0D - jne SAN14.exe+1F6985
"SAN14.exe"+1F6978: 33 C0 - xor eax,eax
"SAN14.exe"+1F697A: 48 8B 5C 24 48 - mov rbx,[rsp+48]
"SAN14.exe"+1F697F: 48 83 C4 20 - add rsp,20
}
SAN14_DoctrinePtr:
db 8B 87 64 01 00 00
unregistersymbol(SAN14_DoctrinePtr)
dealloc(newmem2)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+429083
"SAN14.exe"+429053: 88 83 60 01 00 00 - mov [rbx+00000160],al
"SAN14.exe"+429059: 0F B6 87 61 01 00 00 - movzx eax,byte ptr [rdi+00000161]
"SAN14.exe"+429060: 3B C1 - cmp eax,ecx
"SAN14.exe"+429062: 0F 47 C1 - cmova eax,ecx
"SAN14.exe"+429065: B9 60 EA 00 00 - mov ecx,0000EA60
"SAN14.exe"+42906A: 88 83 61 01 00 00 - mov [rbx+00000161],al
"SAN14.exe"+429070: 0F B7 87 62 01 00 00 - movzx eax,word ptr [rdi+00000162]
"SAN14.exe"+429077: 3B C1 - cmp eax,ecx
"SAN14.exe"+429079: 0F 47 C1 - cmova eax,ecx
"SAN14.exe"+42907C: 66 89 83 62 01 00 00 - mov [rbx+00000162],ax
// ---------- INJECTING HERE ----------
"SAN14.exe"+429083: 8B 87 64 01 00 00 - mov eax,[rdi+00000164]
// ---------- DONE INJECTING ----------
"SAN14.exe"+429089: 85 C0 - test eax,eax
"SAN14.exe"+42908B: 78 0C - js SAN14.exe+429099
"SAN14.exe"+42908D: B9 7F 96 98 00 - mov ecx,0098967F
"SAN14.exe"+429092: 3B C1 - cmp eax,ecx
"SAN14.exe"+429094: 0F 4F C1 - cmovg eax,ecx
"SAN14.exe"+429097: 8B F0 - mov esi,eax
"SAN14.exe"+429099: 89 B3 64 01 00 00 - mov [rbx+00000164],esi
"SAN14.exe"+42909F: 0F B6 87 68 01 00 00 - movzx eax,byte ptr [rdi+00000168]
"SAN14.exe"+4290A6: 48 8B 74 24 58 - mov rsi,[rsp+58]
"SAN14.exe"+4290AB: 41 3B C7 - cmp eax,r15d
}
121
"Update Flag - Open Government Screen to Update"
0:NO
1:YES
FF0000
4 Bytes
playerDoctrinePtrFlag
122
"Doctrine Exp"
4 Bytes
playerDoctrinePtr
164
124
"base address"
1
8 Bytes
playerDoctrinePtr
117
"Inf Orders"
Auto Assembler Script
[ENABLE]
aobscanmodule(SAN14_PlayerDedcreePtr,SAN14_TC.exe,0F B6 48 14 39 8B 60 01 00 00) // should be unique
alloc(newmem2,64,SAN14_PlayerDedcreePtr)
alloc(playerDecreePtr,8)
registersymbol(playerDecreePtr)
label(code2)
label(return2)
newmem2:
mov [playerDecreePtr],rax
cmp byte ptr [rax+14],#50//63
jge code2
mov byte ptr [rax+14],#50//63
code2:
movzx ecx,byte ptr [rax+14]
cmp [rbx+00000160],ecx
jmp return2
SAN14_PlayerDedcreePtr:
jmp newmem2
nop 5
return2:
registersymbol(SAN14_PlayerDedcreePtr)
aobscanmodule(SAN14_InfDecree,SAN14_TC.exe,41 0F B6 43 14) // should be unique
alloc(newmem,64,SAN14_InfDecree)
label(code)
label(return)
newmem:
cmp [playerDecreePtr],r11
jne code
xor ecx,ecx
code:
movzx eax,byte ptr [r11+14]
jmp return
SAN14_InfDecree:
jmp newmem
return:
registersymbol(SAN14_InfDecree)
[DISABLE]
SAN14_PlayerDedcreePtr:
db 0F B6 48 14 39 8B 60 01 00 00
unregistersymbol(playerDecreePtr)
dealloc(playerDecreePtr)
unregistersymbol(SAN14_PlayerDedcreePtr)
dealloc(newmem2)
SAN14_InfDecree:
db 41 0F B6 43 14
unregistersymbol(SAN14_InfDecree)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+1B31FE
"SAN14.exe"+1B31D6: 74 03 - je SAN14.exe+1B31DB
"SAN14.exe"+1B31D8: 41 FF C2 - inc r10d
"SAN14.exe"+1B31DB: 48 8B 40 08 - mov rax,[rax+08]
"SAN14.exe"+1B31DF: 48 8B 52 08 - mov rdx,[rdx+08]
"SAN14.exe"+1B31E3: 48 8B 49 08 - mov rcx,[rcx+08]
"SAN14.exe"+1B31E7: 48 85 C0 - test rax,rax
"SAN14.exe"+1B31EA: 75 CB - jne SAN14.exe+1B31B7
"SAN14.exe"+1B31EC: 8B 0D A2 90 39 01 - mov ecx,[SAN14.exe+154C294]
"SAN14.exe"+1B31F2: 41 0F AF CA - imul ecx,r10d
"SAN14.exe"+1B31F6: 44 89 B4 24 D0 00 00 00 - mov [rsp+000000D0],r14d
// ---------- INJECTING HERE ----------
"SAN14.exe"+1B31FE: 41 0F B6 43 14 - movzx eax,byte ptr [r11+14]
// ---------- DONE INJECTING ----------
"SAN14.exe"+1B3203: 2B C1 - sub eax,ecx
"SAN14.exe"+1B3205: 89 84 24 D8 00 00 00 - mov [rsp+000000D8],eax
"SAN14.exe"+1B320C: 48 8D 84 24 D0 00 00 00 - lea rax,[rsp+000000D0]
"SAN14.exe"+1B3214: 48 8D 8C 24 D8 00 00 00 - lea rcx,[rsp+000000D8]
"SAN14.exe"+1B321C: 48 0F 49 C1 - cmovns rax,rcx
"SAN14.exe"+1B3220: 8B 08 - mov ecx,[rax]
"SAN14.exe"+1B3222: 85 C9 - test ecx,ecx
"SAN14.exe"+1B3224: 79 05 - jns SAN14.exe+1B322B
"SAN14.exe"+1B3226: 41 8B CE - mov ecx,r14d
"SAN14.exe"+1B3229: EB 0A - jmp SAN14.exe+1B3235
}
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+56CC80
"SAN14.exe"+56CC54: 0F B6 44 24 53 - movzx eax,byte ptr [rsp+53]
"SAN14.exe"+56CC59: 38 83 5B 01 00 00 - cmp [rbx+0000015B],al
"SAN14.exe"+56CC5F: 74 08 - je SAN14.exe+56CC69
"SAN14.exe"+56CC61: 48 8B CB - mov rcx,rbx
"SAN14.exe"+56CC64: E8 77 B1 FF FF - call SAN14.exe+567DE0
"SAN14.exe"+56CC69: 48 8B 8B 68 01 00 00 - mov rcx,[rbx+00000168]
"SAN14.exe"+56CC70: E8 5B EF C6 FF - call SAN14.exe+1DBBD0
"SAN14.exe"+56CC75: 85 C0 - test eax,eax
"SAN14.exe"+56CC77: 74 1B - je SAN14.exe+56CC94
"SAN14.exe"+56CC79: 48 8B 83 68 01 00 00 - mov rax,[rbx+00000168]
// ---------- INJECTING HERE ----------
"SAN14.exe"+56CC80: 0F B6 48 14 - movzx ecx,byte ptr [rax+14]
"SAN14.exe"+56CC84: 39 8B 60 01 00 00 - cmp [rbx+00000160],ecx
// ---------- DONE INJECTING ----------
"SAN14.exe"+56CC8A: 74 08 - je SAN14.exe+56CC94
"SAN14.exe"+56CC8C: 48 8B CB - mov rcx,rbx
"SAN14.exe"+56CC8F: E8 AC B2 FF FF - call SAN14.exe+567F40
"SAN14.exe"+56CC94: 48 8B 8B 68 01 00 00 - mov rcx,[rbx+00000168]
"SAN14.exe"+56CC9B: E8 90 D7 D1 FF - call SAN14.exe+28A430
"SAN14.exe"+56CCA0: 85 C0 - test eax,eax
"SAN14.exe"+56CCA2: 74 7E - je SAN14.exe+56CD22
"SAN14.exe"+56CCA4: 48 8B 83 68 01 00 00 - mov rax,[rbx+00000168]
"SAN14.exe"+56CCAB: 0F B6 48 10 - movzx ecx,byte ptr [rax+10]
"SAN14.exe"+56CCAF: 48 8B 05 4A D4 66 01 - mov rax,[SAN14.exe+1BDA100]
}
118
"Player Remaining Decree Count"
Byte
playerDecreePtr
14
17
"City Data - Mouse over City to update"
Auto Assembler Script
[ENABLE]
aobscanmodule(SAN14_CityData,SAN14_TC.exe,54 41 55 41 56 41 57 48 81 EC 90 01 00 00 48 8B) // should be unique
alloc(newmem,32,SAN14_CityData)
alloc(cityDataPtr,8)
registersymbol(cityDataPtr)
label(code)
label(return)
newmem:
mov [cityDataPtr],rdx
code:
sub rsp,00000190
jmp return
SAN14_CityData+07:
jmp newmem
nop 2
return:
registersymbol(SAN14_CityData)
[DISABLE]
SAN14_CityData+07:
db 48 81 EC 90 01 00 00
unregistersymbol(cityDataPtr)
dealloc(cityDataPtr)
unregistersymbol(SAN14_CityData)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+5C231C
"SAN14.exe"+5C230D: CC - int 3
"SAN14.exe"+5C230E: CC - int 3
"SAN14.exe"+5C230F: CC - int 3
"SAN14.exe"+5C2310: 40 55 - push rbp
"SAN14.exe"+5C2312: 56 - push rsi
"SAN14.exe"+5C2313: 57 - push rdi
"SAN14.exe"+5C2314: 41 54 - push r12
"SAN14.exe"+5C2316: 41 55 - push r13
"SAN14.exe"+5C2318: 41 56 - push r14
"SAN14.exe"+5C231A: 41 57 - push r15
// ---------- INJECTING HERE ----------
"SAN14.exe"+5C231C: 48 81 EC 90 01 00 00 - sub rsp,00000190
// ---------- DONE INJECTING ----------
"SAN14.exe"+5C2323: 48 8B 05 86 5F FA 00 - mov rax,[SAN14.exe+15682B0]
"SAN14.exe"+5C232A: 48 33 C4 - xor rax,rsp
"SAN14.exe"+5C232D: 48 89 84 24 70 01 00 00 - mov [rsp+00000170],rax
"SAN14.exe"+5C2335: 4C 8B F1 - mov r14,rcx
"SAN14.exe"+5C2338: 4D 63 E0 - movsxd r12,r8d
"SAN14.exe"+5C233B: 48 8D 05 76 02 A2 00 - lea rax,[SAN14.exe+FE25B8]
"SAN14.exe"+5C2342: B9 B3 02 00 00 - mov ecx,000002B3
"SAN14.exe"+5C2347: 48 89 44 24 48 - mov [rsp+48],rax
"SAN14.exe"+5C234C: 48 8B F2 - mov rsi,rdx
"SAN14.exe"+5C234F: E8 1C 5A CB FF - call SAN14.exe+277D70
}
18
"Base Ptr"
1
8 Bytes
cityDataPtr
0
53
"Commerce"
2 Bytes
+3a
20
"Agriculture"
2 Bytes
+3c
27
"Barracks"
2 Bytes
+3e
37
"Revenue - Money"
2 Bytes
+48
54
"Revenue - Supply"
2 Bytes
+4a
25
"Population"
2 Bytes
+50
26
"Public Order/Happiness/Rapport"
0
2 Bytes
+52
19
"Territory"
2 Bytes
+66
38
"Max Value"
2 Bytes
+c
22
"+1d4"
4 Bytes
+1d4
23
"+25c"
4 Bytes
+25c
1
"Castle Data - Mouse over Castle/Gate to update"
Auto Assembler Script
[ENABLE]
aobscanmodule(SAN14_Castle,SAN14_TC.exe,48 8B 07 48 8B CF FF 50 70 44 8B C0) // should be unique
//aobscanmodule(SAN14_Castle,SAN14_KO.exe,48 8B 07 48 8B CF FF 50 70 44 8B C0)
alloc(newmem,528,SAN14_Castle)
alloc(playerCastleList,400)
registersymbol(playerCastleList)
alloc(castlePtr,8)
registersymbol(castlePtr)
castlePtr:
dq 0
alloc(playerCapitalPtr,8)
registersymbol(playerCapitalPtr)
playerCapitalPtr:
dq 0
alloc(updatePlayerFlag,4)
registersymbol(updatePlayerFlag)
updatePlayerFlag:
dd 0
alloc(stompMode,4)
registersymbol(stompMode)
stompMode:
dd 0
label(checkBeforeAdd)
label(addCastle)
label(removeCastle)
label(writeCastle)
label(writeZero)
label(shiftUpList)
label(checkCastleList)
registersymbol(checkCastleList)
label(foundCastle)
label(notInList)
label(code)
label(return)
newmem:
push rsi
push rcx
xor rax,rax
mov rcx,playerCastleList
cmp [updatePlayerFlag],2
je removeCastle
cmp [updatePlayerFlag],1
je checkBeforeAdd
jmp code
checkBeforeAdd:
mov rsi,rdi
call checkCastleList
cmp esi,1
je code
xor rsi,rsi
addCastle:
cmp [rcx+rax],rsi
je writeCastle
add eax,8
cmp eax,188
jge code
jmp addCastle
removeCastle:
cmp [rcx+rax],rdi
je writeZero
add eax,8
cmp eax,188
jge code
jmp removeCastle
writeCastle:
mov [rcx+rax],rdi
inc word ptr[rcx+188]
jmp code
writeZero:
xor rsi,rsi
mov [rcx+rax],rsi
dec word ptr[rcx+188]
//jmp code
shiftUpList:
cmp [rcx+rax+8],rsi
je code
cmp eax,180
je code
@@:
mov rsi,[rcx+rax+8]
mov [rcx+rax],rsi
add eax,8
cmp eax,180
je code
jmp @B
checkCastleList:
push rax
push rcx
xor rax,rax
mov rcx,playerCastleList
@@:
cmp [rcx+rax],rsi
je foundCastle
add eax,8
cmp eax,188
jge notInList
cmp [rcx+rax],0
je notInList
jmp @B
foundCastle:
xor rsi,rsi
mov esi,1
pop rcx
pop rax
ret
notInList:
xor rsi,rsi
pop rcx
pop rax
ret
code:
pop rcx
pop rsi
mov [updatePlayerFlag],0
mov rax,[rdi]
mov rcx,rdi
mov [castlePtr],rdi
//cmp [updatePlayerFlag],1
//jne return
//mov [playerCapitalPtr],rdi
jmp return
SAN14_Castle:
jmp newmem
nop
return:
registersymbol(SAN14_Castle)
aobscanmodule(SAN14_Endurace,SAN14_TC.exe,0F B7 43 14 48 83 C4 20) // should be unique
//aobscanmodule(SAN14_Endurace,SAN14_KO.exe,0F B7 43 14 48 83 C4 20)
alloc(newmem2,64,SAN14_Endurace)
alloc(endurancePtr,8)
registersymbol(endurancePtr)
label(endurance_code)
label(return2)
newmem2:
cmp [castlePtr],r8
jne @F
mov [endurancePtr],rbx
@@:
cmp [castlePtr],r9
jne endurance_code
mov [endurancePtr],rbx
endurance_code:
movzx eax,word ptr [rbx+14]
add rsp,20
jmp return2
SAN14_Endurace:
jmp newmem2
nop 3
return2:
registersymbol(SAN14_Endurace)
[DISABLE]
SAN14_Castle:
db 48 8B 07 48 8B CF
unregistersymbol(stompMode)
dealloc(stompMode)
unregistersymbol(checkCastleList)
unregistersymbol(playerCastleList)
dealloc(playerCastleList)
unregistersymbol(updatePlayerFlag)
dealloc(updatePlayerFlag)
unregistersymbol(playerCapitalPtr)
dealloc(playerCapitalPtr)
unregistersymbol(castlePtr)
dealloc(castlePtr)
unregistersymbol(SAN14_Castle)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+5C4B7D
"SAN14.exe"+5C4B57: B9 0C 02 00 00 - mov ecx,0000020C
"SAN14.exe"+5C4B5C: E8 0F 32 CB FF - call SAN14.exe+277D70
"SAN14.exe"+5C4B61: 4C 8B C0 - mov r8,rax
"SAN14.exe"+5C4B64: BA 03 00 00 00 - mov edx,00000003
"SAN14.exe"+5C4B69: 48 8B CB - mov rcx,rbx
"SAN14.exe"+5C4B6C: E8 1F C0 00 00 - call SAN14.exe+5D0B90
"SAN14.exe"+5C4B71: 48 8B CF - mov rcx,rdi
"SAN14.exe"+5C4B74: E8 B7 58 CC FF - call SAN14.exe+28A430
"SAN14.exe"+5C4B79: 85 C0 - test eax,eax
"SAN14.exe"+5C4B7B: 74 37 - je SAN14.exe+5C4BB4
// ---------- INJECTING HERE ----------
"SAN14.exe"+5C4B7D: 48 8B 07 - mov rax,[rdi]
"SAN14.exe"+5C4B80: 48 8B CF - mov rcx,rdi
// ---------- DONE INJECTING ----------
"SAN14.exe"+5C4B83: FF 50 70 - call qword ptr [rax+70]
"SAN14.exe"+5C4B86: 44 8B C0 - mov r8d,eax
"SAN14.exe"+5C4B89: 48 8D 15 2C 0A A0 00 - lea rdx,[SAN14.exe+FC55BC]
"SAN14.exe"+5C4B90: 48 8D 4C 24 30 - lea rcx,[rsp+30]
"SAN14.exe"+5C4B95: E8 26 E4 00 00 - call SAN14.exe+5D2FC0
"SAN14.exe"+5C4B9A: 4C 8D 44 24 30 - lea r8,[rsp+30]
"SAN14.exe"+5C4B9F: BA 04 00 00 00 - mov edx,00000004
"SAN14.exe"+5C4BA4: 48 8B CB - mov rcx,rbx
"SAN14.exe"+5C4BA7: E8 E4 BF 00 00 - call SAN14.exe+5D0B90
"SAN14.exe"+5C4BAC: 41 B8 01 00 00 00 - mov r8d,00000001
}
SAN14_Endurace:
db 0F B7 43 14 48 83 C4 20
unregistersymbol(endurancePtr)
dealloc(endurancePtr)
unregistersymbol(SAN14_Endurace)
dealloc(newmem2)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+1D5F0E
"SAN14.exe"+1D5EE1: 8B C8 - mov ecx,eax
"SAN14.exe"+1D5EE3: 48 8B 05 16 42 A0 01 - mov rax,[SAN14.exe+1BDA100]
"SAN14.exe"+1D5EEA: 48 8B 9C C8 B8 D7 06 00 - mov rbx,[rax+rcx*8+0006D7B8]
"SAN14.exe"+1D5EF2: EB 0E - jmp SAN14.exe+1D5F02
"SAN14.exe"+1D5EF4: 48 8B 05 05 42 A0 01 - mov rax,[SAN14.exe+1BDA100]
"SAN14.exe"+1D5EFB: 48 8B 98 B8 D7 06 00 - mov rbx,[rax+0006D7B8]
"SAN14.exe"+1D5F02: 48 8B CB - mov rcx,rbx
"SAN14.exe"+1D5F05: E8 26 45 0B 00 - call SAN14.exe+28A430
"SAN14.exe"+1D5F0A: 85 C0 - test eax,eax
"SAN14.exe"+1D5F0C: 74 0A - je SAN14.exe+1D5F18
// ---------- INJECTING HERE ----------
"SAN14.exe"+1D5F0E: 0F B7 43 14 - movzx eax,word ptr [rbx+14]
"SAN14.exe"+1D5F12: 48 83 C4 20 - add rsp,20
// ---------- DONE INJECTING ----------
"SAN14.exe"+1D5F16: 5B - pop rbx
"SAN14.exe"+1D5F17: C3 - ret
"SAN14.exe"+1D5F18: B8 70 17 00 00 - mov eax,00001770
"SAN14.exe"+1D5F1D: 48 83 C4 20 - add rsp,20
"SAN14.exe"+1D5F21: 5B - pop rbx
"SAN14.exe"+1D5F22: C3 - ret
"SAN14.exe"+1D5F23: CC - int 3
"SAN14.exe"+1D5F24: CC - int 3
"SAN14.exe"+1D5F25: CC - int 3
"SAN14.exe"+1D5F26: CC - int 3
}
2
"Castle Base Address"
1
8 Bytes
castlePtr
65
"Pointer Result"
1
8 Bytes
+0
0
64
"?"
1
2 Bytes
+8
3
"Money"
4 Bytes
+30
4
"Supply"
4 Bytes
+34
5
"Troops"
4 Bytes
+38
6
"Morale"
2 Bytes
+40
7
"Endurance"
2 Bytes
endurancePtr
14
10
"?"
4 Bytes
+60
126
"?"
1
4 Bytes
capitalPtr
40
780
61
"Automation - Castle Base Address must have correct address to use scripts below"
FF0000
1
155
"Total Castle/Province Count"
0000FF
2 Bytes
playerCastleList+188
150
"Castle/Province List"
FF0000
1
149
"1"
1
000000
8 Bytes
playerCastleList
151
"2"
1
000000
8 Bytes
+8
153
"3"
1
000000
8 Bytes
+10
157
"4"
1
000000
8 Bytes
+18
158
"5"
1
000000
8 Bytes
+20
159
"6"
1
000000
8 Bytes
+28
160
"7"
1
000000
8 Bytes
+30
161
"8"
1
000000
8 Bytes
+38
162
"9"
1
000000
8 Bytes
+40
163
"10"
1
000000
8 Bytes
+48
152
"49-Place Holder for Total Count"
1
000000
8 Bytes
+188
154
"Update Castle List"
0000FF
Auto Assembler Script
[ENABLE]
aobscanmodule(SAN14_PlayerCastleListing,SAN14_TC.exe,48 83 EC 20 48 8B 01 FF 50 70) // should be unique
alloc(newmem,256,SAN14_PlayerCastleListing)
alloc(resetPlayerCastleListFlag,4)
registersymbol(resetPlayerCastleListFlag)
resetPlayerCastleListFlag:
dd 1
label(resetList)
label(updateList)
label(code)
label(return)
newmem:
push rsi
push rax
push rbx
mov rax,playerCastleList
xor rbx,rbx
xor rsi,rsi
cmp [resetPlayerCastleListFlag],1
je resetList
jmp updateList
resetList:
mov [rax+rbx],rsi
add ebx,8
cmp ebx,188
jle resetList
xor rbx,rbx
updateList:
mov rsi,rcx
call checkCastleList
cmp esi,1
je code
xor rsi,rsi
@@:
cmp [rax+rbx],rsi
je @F
add ebx,8
cmp ebx,188
jge code
jmp @B
@@:
mov [rax+rbx],rcx
inc word ptr[rax+188]
mov [resetPlayerCastleListFlag],0
code:
pop rbx
pop rax
pop rsi
sub rsp,20
mov rax,[rcx]
jmp return
SAN14_PlayerCastleListing:
jmp newmem
nop 2
return:
registersymbol(SAN14_PlayerCastleListing)
[DISABLE]
SAN14_PlayerCastleListing:
db 48 83 EC 20 48 8B 01
unregistersymbol(resetPlayerCastleListFlag)
dealloc(resetPlayerCastleListFlag)
unregistersymbol(SAN14_PlayerCastleListing)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+2A4BC6
"SAN14.exe"+2A4BB8: 5F - pop rdi
"SAN14.exe"+2A4BB9: C3 - ret
"SAN14.exe"+2A4BBA: CC - int 3
"SAN14.exe"+2A4BBB: CC - int 3
"SAN14.exe"+2A4BBC: CC - int 3
"SAN14.exe"+2A4BBD: CC - int 3
"SAN14.exe"+2A4BBE: CC - int 3
"SAN14.exe"+2A4BBF: CC - int 3
"SAN14.exe"+2A4BC0: 48 89 5C 24 08 - mov [rsp+08],rbx
"SAN14.exe"+2A4BC5: 57 - push rdi
// ---------- INJECTING HERE ----------
"SAN14.exe"+2A4BC6: 48 83 EC 20 - sub rsp,20
"SAN14.exe"+2A4BCA: 48 8B 01 - mov rax,[rcx]
// ---------- DONE INJECTING ----------
"SAN14.exe"+2A4BCD: FF 50 70 - call qword ptr [rax+70]
"SAN14.exe"+2A4BD0: 8B F8 - mov edi,eax
"SAN14.exe"+2A4BD2: E8 39 67 04 00 - call SAN14.exe+2EB310
"SAN14.exe"+2A4BD7: 48 8B C8 - mov rcx,rax
"SAN14.exe"+2A4BDA: E8 F1 B4 EB FF - call SAN14.exe+1600D0
"SAN14.exe"+2A4BDF: 44 8B C7 - mov r8d,edi
"SAN14.exe"+2A4BE2: 48 8D 15 F3 19 D2 00 - lea rdx,[SAN14.exe+FC65DC]
"SAN14.exe"+2A4BE9: 48 8B C8 - mov rcx,rax
"SAN14.exe"+2A4BEC: 48 8B D8 - mov rbx,rax
"SAN14.exe"+2A4BEF: E8 1C FC 32 00 - call SAN14.exe+5D4810
}
Toggle Activation
17
120
0
Activate
Deactivate
156
"Reset List"
0:NO
1:YES
0000FF
4 Bytes
resetPlayerCastleListFlag
63
"Add/Remove Castle from List"
0:Do Nothing
1:Add to List
2:Remove from List
FF0000
4 Bytes
updatePlayerFlag
167
"NPC Stomp Mode(NPC gain no resources)"
0:normal mode
1:STOMP MODE
FF0000
4 Bytes
stompMode
24
"Fast Facilities Growth"
4080FF
Auto Assembler Script
[ENABLE]
aobscanmodule(SAN14_FastGrowth,SAN14_TC.exe,44 8B F8 41 83 FE 01) // should be unique
alloc(newmem,64,SAN14_FastGrowth)
label(code)
label(return)
newmem:
push rsi
mov rsi,r12
call checkCastleList
cmp esi,1
jne code
mov byte ptr[rdi+52],64
cmp r14d,0
jle code
cmp eax,0
jle code
add eax,#1000
code:
pop rsi
mov r15d,eax
cmp r14d,01
jmp return
SAN14_FastGrowth:
jmp newmem
nop 2
return:
registersymbol(SAN14_FastGrowth)
[DISABLE]
SAN14_FastGrowth:
db 44 8B F8 41 83 FE 01
unregistersymbol(SAN14_FastGrowth)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+220D43
"SAN14.exe"+220D1A: E8 71 42 FB FF - call SAN14.exe+1D4F90
"SAN14.exe"+220D1F: 48 8B C8 - mov rcx,rax
"SAN14.exe"+220D22: E8 09 97 06 00 - call SAN14.exe+28A430
"SAN14.exe"+220D27: 44 0F B6 77 70 - movzx r14d,byte ptr [rdi+70]
"SAN14.exe"+220D2C: 44 89 7C 24 20 - mov [rsp+20],r15d
"SAN14.exe"+220D31: 44 8B 4D 7F - mov r9d,[rbp+7F]
"SAN14.exe"+220D35: 45 8B C6 - mov r8d,r14d
"SAN14.exe"+220D38: 48 8B D6 - mov rdx,rsi
"SAN14.exe"+220D3B: 48 8B CF - mov rcx,rdi
"SAN14.exe"+220D3E: E8 5D 0A FE FF - call SAN14.exe+2017A0
// ---------- INJECTING HERE ----------
"SAN14.exe"+220D43: 44 8B F8 - mov r15d,eax
"SAN14.exe"+220D46: 41 83 FE 01 - cmp r14d,01
// ---------- DONE INJECTING ----------
"SAN14.exe"+220D4A: 75 29 - jne SAN14.exe+220D75
"SAN14.exe"+220D4C: 0F B7 57 3A - movzx edx,word ptr [rdi+3A]
"SAN14.exe"+220D50: 03 D0 - add edx,eax
"SAN14.exe"+220D52: 79 05 - jns SAN14.exe+220D59
"SAN14.exe"+220D54: 41 8B D5 - mov edx,r13d
"SAN14.exe"+220D57: EB 0A - jmp SAN14.exe+220D63
"SAN14.exe"+220D59: B8 E8 03 00 00 - mov eax,000003E8
"SAN14.exe"+220D5E: 3B D0 - cmp edx,eax
"SAN14.exe"+220D60: 0F 4F D0 - cmovg edx,eax
"SAN14.exe"+220D63: 48 8B CF - mov rcx,rdi
}
138
"Revenue - Money Mult"
4080FF
Auto Assembler Script
[ENABLE]
aobscanmodule(SAN14_MoneyRevenue,SAN14_TC.exe,41 8B 1F 48 8B 06) // should be unique
alloc(newmem,128,SAN14_MoneyRevenue)
alloc(revenueMoneyMult,4)
registersymbol(revenueMoneyMult)
revenueMoneyMult:
dd 2
label(code)
label(return)
newmem:
//cmp [playerCapitalPtr],rsi
mov rax,rsi
push rsi
mov rsi,rax
mov ebx,[r15]
cmp ebx,0
jle code
call checkCastleList
cmp esi,1
jne @F
imul ebx,[revenueMoneyMult]
mov [r15],ebx
jmp code
@@:
cmp [stompMode],1
jne code
mov [r15],0
code:
pop rsi
mov ebx,[r15]
mov rax,[rsi]
jmp return
SAN14_MoneyRevenue:
jmp newmem
nop
return:
registersymbol(SAN14_MoneyRevenue)
[DISABLE]
SAN14_MoneyRevenue:
db 41 8B 1F 48 8B 06
unregistersymbol(revenueMoneyMult)
dealloc(revenueMoneyMult)
unregistersymbol(SAN14_MoneyRevenue)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+23E8A6
"SAN14.exe"+23E886: 0F AF C2 - imul eax,edx
"SAN14.exe"+23E889: 41 8B C8 - mov ecx,r8d
"SAN14.exe"+23E88C: 0F AF 0D 05 EA 30 01 - imul ecx,[SAN14.exe+154D298]
"SAN14.exe"+23E893: 03 C1 - add eax,ecx
"SAN14.exe"+23E895: 41 8D 0C 10 - lea ecx,[r8+rdx]
"SAN14.exe"+23E899: 99 - cdq
"SAN14.exe"+23E89A: F7 F9 - idiv ecx
"SAN14.exe"+23E89C: 8B D0 - mov edx,eax
"SAN14.exe"+23E89E: 48 8B CE - mov rcx,rsi
"SAN14.exe"+23E8A1: E8 EA 55 FA FF - call SAN14.exe+1E3E90
// ---------- INJECTING HERE ----------
"SAN14.exe"+23E8A6: 41 8B 1F - mov ebx,[r15]
"SAN14.exe"+23E8A9: 48 8B 06 - mov rax,[rsi]
// ---------- DONE INJECTING ----------
"SAN14.exe"+23E8AC: 48 8B CE - mov rcx,rsi
"SAN14.exe"+23E8AF: FF 90 98 00 00 00 - call qword ptr [rax+00000098]
"SAN14.exe"+23E8B5: 8B F8 - mov edi,eax
"SAN14.exe"+23E8B7: 48 8B 16 - mov rdx,[rsi]
"SAN14.exe"+23E8BA: 48 8B CE - mov rcx,rsi
"SAN14.exe"+23E8BD: FF 52 70 - call qword ptr [rdx+70]
"SAN14.exe"+23E8C0: 8B D0 - mov edx,eax
"SAN14.exe"+23E8C2: 03 D3 - add edx,ebx
"SAN14.exe"+23E8C4: 79 04 - jns SAN14.exe+23E8CA
"SAN14.exe"+23E8C6: 33 D2 - xor edx,edx
}
164
"Money Mult"
4 Bytes
revenueMoneyMult
130
"Revenue - Supply Mult"
4080FF
Auto Assembler Script
[ENABLE]
aobscanmodule(SAN14_SupplyRevenue,SAN14_TC.exe,41 8B 5F 04 48 8B 06) // should be unique
alloc(newmem,128,SAN14_SupplyRevenue)
alloc(revenueSupplyMult,4)
registersymbol(revenueSupplyMult)
revenueSupplyMult:
dd 3
label(code)
label(return)
newmem:
//cmp [playerCapitalPtr],rsi
mov rax,rsi
push rsi
mov rsi,rax
mov ebx,[r15+04]
cmp ebx,0
jle code
call checkCastleList
cmp esi,1
jne @F
imul ebx,[revenueSupplyMult]
mov [r15+04],ebx
jmp code
@@:
cmp [stompMode],1
jne code
mov [r15+04],0
code:
pop rsi
mov ebx,[r15+04]
mov rax,[rsi]
jmp return
SAN14_SupplyRevenue:
jmp newmem
nop 2
return:
registersymbol(SAN14_SupplyRevenue)
[DISABLE]
SAN14_SupplyRevenue:
db 41 8B 5F 04 48 8B 06
unregistersymbol(revenueSupplyMult)
dealloc(revenueSupplyMult)
unregistersymbol(SAN14_SupplyRevenue)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+23E8E3
"SAN14.exe"+23E8C6: 33 D2 - xor edx,edx
"SAN14.exe"+23E8C8: EB 05 - jmp SAN14.exe+23E8CF
"SAN14.exe"+23E8CA: 3B D7 - cmp edx,edi
"SAN14.exe"+23E8CC: 0F 4F D7 - cmovg edx,edi
"SAN14.exe"+23E8CF: 48 8B 06 - mov rax,[rsi]
"SAN14.exe"+23E8D2: 48 8B CE - mov rcx,rsi
"SAN14.exe"+23E8D5: FF 50 78 - call qword ptr [rax+78]
"SAN14.exe"+23E8D8: 41 8B 17 - mov edx,[r15]
"SAN14.exe"+23E8DB: 48 8B CE - mov rcx,rsi
"SAN14.exe"+23E8DE: E8 DD 29 F9 FF - call SAN14.exe+1D12C0
// ---------- INJECTING HERE ----------
"SAN14.exe"+23E8E3: 41 8B 5F 04 - mov ebx,[r15+04]
"SAN14.exe"+23E8E7: 48 8B 06 - mov rax,[rsi]
// ---------- DONE INJECTING ----------
"SAN14.exe"+23E8EA: 48 8B CE - mov rcx,rsi
"SAN14.exe"+23E8ED: FF 90 A0 00 00 00 - call qword ptr [rax+000000A0]
"SAN14.exe"+23E8F3: 8B F8 - mov edi,eax
"SAN14.exe"+23E8F5: 48 8B 16 - mov rdx,[rsi]
"SAN14.exe"+23E8F8: 48 8B CE - mov rcx,rsi
"SAN14.exe"+23E8FB: FF 92 80 00 00 00 - call qword ptr [rdx+00000080]
"SAN14.exe"+23E901: 8B D0 - mov edx,eax
"SAN14.exe"+23E903: 03 D3 - add edx,ebx
"SAN14.exe"+23E905: 79 04 - jns SAN14.exe+23E90B
"SAN14.exe"+23E907: 33 D2 - xor edx,edx
}
165
"Supply Mult"
4 Bytes
revenueSupplyMult
133
"Revenue - Troops Mult"
4080FF
Auto Assembler Script
[ENABLE]
aobscanmodule(SAN14_TroopsMult,SAN14_TC.exe,41 8B 7F 08 8B 5E 38) // should be unique
alloc(newmem,128,SAN14_TroopsMult)
alloc(revenueTroopsMult,4)
registersymbol(revenueTroopsMult)
revenueTroopsMult:
dd 2
label(code)
label(return)
newmem:
//cmp [playerCapitalPtr],rsi
push rbx
mov rbx,rsi
push rsi
mov rsi,rbx
mov edi,[r15+08]
cmp edi,0
jle code
call checkCastleList
cmp esi,1
jne @F
imul edi,[revenueTroopsMult]
mov [r15+08],edi
jmp code
@@:
cmp [stompMode],1
jne code
mov [r15+08],0
code:
pop rsi
pop rbx
mov edi,[r15+08]
mov ebx,[rsi+38]
jmp return
SAN14_TroopsMult:
jmp newmem
nop 2
return:
registersymbol(SAN14_TroopsMult)
[DISABLE]
SAN14_TroopsMult:
db 41 8B 7F 08 8B 5E 38
unregistersymbol(revenueTroopsMult)
dealloc(revenueTroopsMult)
unregistersymbol(SAN14_TroopsMult)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+23E928
"SAN14.exe"+23E907: 33 D2 - xor edx,edx
"SAN14.exe"+23E909: EB 05 - jmp SAN14.exe+23E910
"SAN14.exe"+23E90B: 3B D7 - cmp edx,edi
"SAN14.exe"+23E90D: 0F 4F D7 - cmovg edx,edi
"SAN14.exe"+23E910: 48 8B 06 - mov rax,[rsi]
"SAN14.exe"+23E913: 48 8B CE - mov rcx,rsi
"SAN14.exe"+23E916: FF 90 88 00 00 00 - call qword ptr [rax+00000088]
"SAN14.exe"+23E91C: 41 8B 57 04 - mov edx,[r15+04]
"SAN14.exe"+23E920: 48 8B CE - mov rcx,rsi
"SAN14.exe"+23E923: E8 88 29 F9 FF - call SAN14.exe+1D12B0
// ---------- INJECTING HERE ----------
"SAN14.exe"+23E928: 41 8B 7F 08 - mov edi,[r15+08]
"SAN14.exe"+23E92C: 8B 5E 38 - mov ebx,[rsi+38]
// ---------- DONE INJECTING ----------
"SAN14.exe"+23E92F: 48 8B 06 - mov rax,[rsi]
"SAN14.exe"+23E932: 48 8B CE - mov rcx,rsi
"SAN14.exe"+23E935: FF 90 A8 00 00 00 - call qword ptr [rax+000000A8]
"SAN14.exe"+23E93B: 03 DF - add ebx,edi
"SAN14.exe"+23E93D: 79 04 - jns SAN14.exe+23E943
"SAN14.exe"+23E93F: 33 DB - xor ebx,ebx
"SAN14.exe"+23E941: EB 05 - jmp SAN14.exe+23E948
"SAN14.exe"+23E943: 3B D8 - cmp ebx,eax
"SAN14.exe"+23E945: 0F 4F D8 - cmovg ebx,eax
"SAN14.exe"+23E948: 48 8B 06 - mov rax,[rsi]
}
166
"Troops Mult"
4 Bytes
revenueTroopsMult
136
"Fast Population"
4080FF
Auto Assembler Script
[ENABLE]
aobscanmodule(SAN14_FastPopulation,SAN14_TC.exe,41 0F B7 46 50 03) // should be unique
alloc(newmem,64,SAN14_FastPopulation)
label(code)
label(return)
newmem:
//cmp [playerCapitalPtr],r15
push rsi
mov rsi,r15
call checkCastleList
cmp esi,1
jne code
cmp edi,0
jle code
imul edi,a
code:
pop rsi
movzx eax,word ptr [r14+50]
jmp return
SAN14_FastPopulation:
jmp newmem
return:
registersymbol(SAN14_FastPopulation)
[DISABLE]
SAN14_FastPopulation:
db 41 0F B7 46 50
unregistersymbol(SAN14_FastPopulation)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+26CB3B
"SAN14.exe"+26CB1C: 8B 0D 7A 08 2E 01 - mov ecx,[SAN14.exe+154D39C]
"SAN14.exe"+26CB22: 0F AF CE - imul ecx,esi
"SAN14.exe"+26CB25: 0F AF CF - imul ecx,edi
"SAN14.exe"+26CB28: B8 1F 85 EB 51 - mov eax,51EB851F
"SAN14.exe"+26CB2D: F7 E9 - imul ecx
"SAN14.exe"+26CB2F: C1 FA 05 - sar edx,05
"SAN14.exe"+26CB32: 8B C2 - mov eax,edx
"SAN14.exe"+26CB34: C1 E8 1F - shr eax,1F
"SAN14.exe"+26CB37: 03 D0 - add edx,eax
"SAN14.exe"+26CB39: 03 FA - add edi,edx
// ---------- INJECTING HERE ----------
"SAN14.exe"+26CB3B: 41 0F B7 46 50 - movzx eax,word ptr [r14+50]
// ---------- DONE INJECTING ----------
"SAN14.exe"+26CB40: 03 C7 - add eax,edi
"SAN14.exe"+26CB42: 79 04 - jns SAN14.exe+26CB48
"SAN14.exe"+26CB44: 33 C0 - xor eax,eax
"SAN14.exe"+26CB46: EB 0F - jmp SAN14.exe+26CB57
"SAN14.exe"+26CB48: 41 3B C4 - cmp eax,r12d
"SAN14.exe"+26CB4B: 41 0F 4F C4 - cmovg eax,r12d
"SAN14.exe"+26CB4F: 85 C0 - test eax,eax
"SAN14.exe"+26CB51: 79 04 - jns SAN14.exe+26CB57
"SAN14.exe"+26CB53: 33 C0 - xor eax,eax
"SAN14.exe"+26CB55: EB 07 - jmp SAN14.exe+26CB5E
}
11
"Inf Money"
4080FF
Auto Assembler Script
[ENABLE]
aobscanmodule(SAN14_InfMoney,SAN14_TC.exe,D8 89 5F 30 48 8B 5C 24 30) // should be unique
alloc(newmem,64,SAN14_InfMoney)
label(code)
label(return)
newmem:
//cmp [playerCapitalPtr],rdi
push rsi
mov rsi,rdi
call checkCastleList
cmp esi,1
jne code
cmp [rdi+30],ebx
jge @F
//sub ebx,[rdi+30]
//imul ebx,a
//add ebx,[rdi+30]
jmp code
@@:
mov ebx,[rdi+30]
code:
pop rsi
mov [rdi+30],ebx
mov rbx,[rsp+30]
jmp return
SAN14_InfMoney+01:
jmp newmem
nop 3
return:
registersymbol(SAN14_InfMoney)
[DISABLE]
SAN14_InfMoney+01:
db 89 5F 30 48 8B 5C 24 30
unregistersymbol(SAN14_InfMoney)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+1E3DE3
"SAN14.exe"+1E3DC2: FF 90 98 00 00 00 - call qword ptr [rax+00000098]
"SAN14.exe"+1E3DC8: 85 DB - test ebx,ebx
"SAN14.exe"+1E3DCA: 79 12 - jns SAN14.exe+1E3DDE
"SAN14.exe"+1E3DCC: C7 47 30 00 00 00 00 - mov [rdi+30],00000000
"SAN14.exe"+1E3DD3: 48 8B 5C 24 30 - mov rbx,[rsp+30]
"SAN14.exe"+1E3DD8: 48 83 C4 20 - add rsp,20
"SAN14.exe"+1E3DDC: 5F - pop rdi
"SAN14.exe"+1E3DDD: C3 - ret
"SAN14.exe"+1E3DDE: 3B D8 - cmp ebx,eax
"SAN14.exe"+1E3DE0: 0F 4F D8 - cmovg ebx,eax
// ---------- INJECTING HERE ----------
"SAN14.exe"+1E3DE3: 89 5F 30 - mov [rdi+30],ebx
"SAN14.exe"+1E3DE6: 48 8B 5C 24 30 - mov rbx,[rsp+30]
// ---------- DONE INJECTING ----------
"SAN14.exe"+1E3DEB: 48 83 C4 20 - add rsp,20
"SAN14.exe"+1E3DEF: 5F - pop rdi
"SAN14.exe"+1E3DF0: C3 - ret
"SAN14.exe"+1E3DF1: CC - int 3
"SAN14.exe"+1E3DF2: CC - int 3
"SAN14.exe"+1E3DF3: CC - int 3
"SAN14.exe"+1E3DF4: CC - int 3
"SAN14.exe"+1E3DF5: CC - int 3
"SAN14.exe"+1E3DF6: CC - int 3
"SAN14.exe"+1E3DF7: CC - int 3
}
29
"Inf Supply"
4080FF
Auto Assembler Script
[ENABLE]
aobscanmodule(SAN14_InfSupply,SAN14_TC.exe,89 5F 34 48 8B 5C 24 30) // should be unique
alloc(newmem,64,SAN14_InfSupply)
label(code)
label(return)
newmem:
//cmp [playerCapitalPtr],rdi
push rsi
mov rsi,rdi
call checkCastleList
cmp esi,1
jne code
cmp [rdi+34],ebx
jle code
mov ebx,[rdi+34]
code:
pop rsi
mov [rdi+34],ebx
mov rbx,[rsp+30]
jmp return
SAN14_InfSupply:
jmp newmem
nop 3
return:
registersymbol(SAN14_InfSupply)
[DISABLE]
SAN14_InfSupply:
db 89 5F 34 48 8B 5C 24 30
unregistersymbol(SAN14_InfSupply)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+1E3B83
"SAN14.exe"+1E3B62: FF 90 A0 00 00 00 - call qword ptr [rax+000000A0]
"SAN14.exe"+1E3B68: 85 DB - test ebx,ebx
"SAN14.exe"+1E3B6A: 79 12 - jns SAN14.exe+1E3B7E
"SAN14.exe"+1E3B6C: C7 47 34 00 00 00 00 - mov [rdi+34],00000000
"SAN14.exe"+1E3B73: 48 8B 5C 24 30 - mov rbx,[rsp+30]
"SAN14.exe"+1E3B78: 48 83 C4 20 - add rsp,20
"SAN14.exe"+1E3B7C: 5F - pop rdi
"SAN14.exe"+1E3B7D: C3 - ret
"SAN14.exe"+1E3B7E: 3B D8 - cmp ebx,eax
"SAN14.exe"+1E3B80: 0F 4F D8 - cmovg ebx,eax
// ---------- INJECTING HERE ----------
"SAN14.exe"+1E3B83: 89 5F 34 - mov [rdi+34],ebx
"SAN14.exe"+1E3B86: 48 8B 5C 24 30 - mov rbx,[rsp+30]
// ---------- DONE INJECTING ----------
"SAN14.exe"+1E3B8B: 48 83 C4 20 - add rsp,20
"SAN14.exe"+1E3B8F: 5F - pop rdi
"SAN14.exe"+1E3B90: C3 - ret
"SAN14.exe"+1E3B91: CC - int 3
"SAN14.exe"+1E3B92: CC - int 3
"SAN14.exe"+1E3B93: CC - int 3
"SAN14.exe"+1E3B94: CC - int 3
"SAN14.exe"+1E3B95: CC - int 3
"SAN14.exe"+1E3B96: CC - int 3
"SAN14.exe"+1E3B97: CC - int 3
}
132
"Inf Troops"
4080FF
Auto Assembler Script
[ENABLE]
aobscanmodule(SAN14_InfTroops,SAN14_TC.exe,41 8B 5C 24 08) // should be unique
alloc(newmem,32,SAN14_InfTroops)
label(code)
label(return)
newmem:
//cmp [playerCapitalPtr],r15
push rsi
mov rsi,r15
call checkCastleList
cmp esi,1
jne code
mov [r12+08],0
code:
pop rsi
mov ebx,[r12+08]
jmp return
SAN14_InfTroops:
jmp newmem
return:
registersymbol(SAN14_InfTroops)
[DISABLE]
SAN14_InfTroops:
db 41 8B 5C 24 08
unregistersymbol(SAN14_InfTroops)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+24996B
"SAN14.exe"+24994B: 66 89 47 14 - mov [rdi+14],ax
"SAN14.exe"+24994F: 41 8B 44 24 08 - mov eax,[r12+08]
"SAN14.exe"+249954: 85 C0 - test eax,eax
"SAN14.exe"+249956: 79 05 - jns SAN14.exe+24995D
"SAN14.exe"+249958: 41 8B C6 - mov eax,r14d
"SAN14.exe"+24995B: EB 0A - jmp SAN14.exe+249967
"SAN14.exe"+24995D: B9 FF FF 00 00 - mov ecx,0000FFFF
"SAN14.exe"+249962: 3B C1 - cmp eax,ecx
"SAN14.exe"+249964: 0F 4F C1 - cmovg eax,ecx
"SAN14.exe"+249967: 66 89 47 16 - mov [rdi+16],ax
// ---------- INJECTING HERE ----------
"SAN14.exe"+24996B: 41 8B 5C 24 08 - mov ebx,[r12+08]
// ---------- DONE INJECTING ----------
"SAN14.exe"+249970: 41 8B 77 38 - mov esi,[r15+38]
"SAN14.exe"+249974: 49 8B 07 - mov rax,[r15]
"SAN14.exe"+249977: 49 8B CF - mov rcx,r15
"SAN14.exe"+24997A: FF 90 A8 00 00 00 - call qword ptr [rax+000000A8]
"SAN14.exe"+249980: 2B F3 - sub esi,ebx
"SAN14.exe"+249982: 79 05 - jns SAN14.exe+249989
"SAN14.exe"+249984: 41 8B F6 - mov esi,r14d
"SAN14.exe"+249987: EB 05 - jmp SAN14.exe+24998E
"SAN14.exe"+249989: 3B F0 - cmp esi,eax
"SAN14.exe"+24998B: 0F 4F F0 - cmovg esi,eax
}
34
"Battle Unit Data - Mouse over Battle Unit to update"
Auto Assembler Script
[ENABLE]
aobscanmodule(SAN14_UnitData,SAN14_TC.exe,E8 * * * * 44 0F B7 46 16 48 8D 15 * * * * 48 8B C8) // should be unique
alloc(newmem,64,SAN14_UnitData)
alloc(unitDataPtr,8)
registersymbol(unitDataPtr)
label(code)
label(return)
newmem:
mov [unitDataPtr],rsi
code:
movzx r8d,word ptr [rsi+16]
jmp return
SAN14_UnitData+05:
jmp newmem
return:
registersymbol(SAN14_UnitData)
[DISABLE]
SAN14_UnitData+05:
db 44 0F B7 46 16
dealloc(unitDataPtr)
unregistersymbol(unitDataPtr)
unregistersymbol(SAN14_UnitData)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+5C36AA
"SAN14.exe"+5C3684: 48 8B CF - mov rcx,rdi
"SAN14.exe"+5C3687: E8 04 D5 00 00 - call SAN14.exe+5D0B90
"SAN14.exe"+5C368C: 48 8B CE - mov rcx,rsi
"SAN14.exe"+5C368F: E8 9C 6D CC FF - call SAN14.exe+28A430
"SAN14.exe"+5C3694: 85 C0 - test eax,eax
"SAN14.exe"+5C3696: 74 59 - je SAN14.exe+5C36F1
"SAN14.exe"+5C3698: 48 89 5C 24 40 - mov [rsp+40],rbx
"SAN14.exe"+5C369D: E8 7E 7C D2 FF - call SAN14.exe+2EB320
"SAN14.exe"+5C36A2: 48 8B C8 - mov rcx,rax
"SAN14.exe"+5C36A5: E8 A6 CB B9 FF - call SAN14.exe+160250
// ---------- INJECTING HERE ----------
"SAN14.exe"+5C36AA: 44 0F B7 46 16 - movzx r8d,word ptr [rsi+16]
// ---------- DONE INJECTING ----------
"SAN14.exe"+5C36AF: 48 8D 15 06 1F A0 00 - lea rdx,[SAN14.exe+FC55BC]
"SAN14.exe"+5C36B6: 48 8B C8 - mov rcx,rax
"SAN14.exe"+5C36B9: 48 8B D8 - mov rbx,rax
"SAN14.exe"+5C36BC: E8 FF F8 00 00 - call SAN14.exe+5D2FC0
"SAN14.exe"+5C36C1: 4C 8B C3 - mov r8,rbx
"SAN14.exe"+5C36C4: BA 04 00 00 00 - mov edx,00000004
"SAN14.exe"+5C36C9: 48 8B CF - mov rcx,rdi
"SAN14.exe"+5C36CC: E8 BF D4 00 00 - call SAN14.exe+5D0B90
"SAN14.exe"+5C36D1: BA 04 00 00 00 - mov edx,00000004
"SAN14.exe"+5C36D6: 48 8B CF - mov rcx,rdi
}
35
"Base Ptr"
1
8 Bytes
unitDataPtr
0
36
"?"
1
4 Bytes
+10
128
"Troops"
2 Bytes
+16
129
"Morale"
Byte
+1a
45
"Commander Data - Open Commander Detail Screen to update"
Auto Assembler Script
[ENABLE]
aobscanmodule(SAN14_Commander,SAN14_TC.exe,41 0F B6 9E * * 00 00 33 D2) // should be unique
alloc(newmem,64,SAN14_Commander)
alloc(OfficerBK,8)
registersymbol(OfficerBK)
OfficerBK:
readmem(SAN14_Commander,8)
alloc(commanderPtr,8)
registersymbol(commanderPtr)
label(code)
label(return)
newmem:
push rax
lea rax,[r14+48]
mov [commanderPtr],rax
pop rax
code:
readmem(SAN14_Commander,8)
jmp return
SAN14_Commander:
jmp newmem
nop 3
return:
registersymbol(SAN14_Commander)
[DISABLE]
SAN14_Commander:
readmem(OfficerBK,8)
unregistersymbol(OfficerBK)
unregistersymbol(commanderPtr)
unregistersymbol(SAN14_Commander)
dealloc(OfficerBK)
dealloc(commanderPtr)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+5B3931
"SAN14.exe"+5B3909: 48 8B CF - mov rcx,rdi
"SAN14.exe"+5B390C: E8 7F C0 01 00 - call SAN14.exe+5CF990
"SAN14.exe"+5B3911: BA 25 00 00 00 - mov edx,00000025
"SAN14.exe"+5B3916: 48 8B CF - mov rcx,rdi
"SAN14.exe"+5B3919: E8 62 9A 01 00 - call SAN14.exe+5CD380
"SAN14.exe"+5B391E: 48 8B F0 - mov rsi,rax
"SAN14.exe"+5B3921: 49 8B CE - mov rcx,r14
"SAN14.exe"+5B3924: E8 07 6B CD FF - call SAN14.exe+28A430
"SAN14.exe"+5B3929: 85 C0 - test eax,eax
"SAN14.exe"+5B392B: 0F 84 E7 00 00 00 - je SAN14.exe+5B3A18
// ---------- INJECTING HERE ----------
"SAN14.exe"+5B3931: 41 0F B6 9E 9E 00 00 00 - movzx ebx,byte ptr [r14+0000009E]
// ---------- DONE INJECTING ----------
"SAN14.exe"+5B3939: 33 D2 - xor edx,edx
"SAN14.exe"+5B393B: 41 B8 FF 0F 00 00 - mov r8d,00000FFF
"SAN14.exe"+5B3941: 49 8B CE - mov rcx,r14
"SAN14.exe"+5B3944: E8 27 51 C2 FF - call SAN14.exe+1D8A70
"SAN14.exe"+5B3949: 44 8B C0 - mov r8d,eax
"SAN14.exe"+5B394C: 44 8B CB - mov r9d,ebx
"SAN14.exe"+5B394F: 33 D2 - xor edx,edx
"SAN14.exe"+5B3951: 48 8B CE - mov rcx,rsi
"SAN14.exe"+5B3954: E8 47 DE F8 FF - call SAN14.exe+5417A0
"SAN14.exe"+5B3959: 41 0F B6 9E 9F 00 00 00 - movzx ebx,byte ptr [r14+0000009F]
}
115
"Appearence"
1
116
"Portrait"
2 Bytes
commanderPtr
58
81
"Sex"
0:Male
1:Female
Byte
commanderPtr
5b
82
"Voice"
Byte
commanderPtr
f6
83
"Voice"
Byte
commanderPtr
f8
79
"Basic Stats"
1
52
"Leadership"
Byte
commanderPtr
9e
48
"Strength"
Byte
commanderPtr
9f
49
"Intelligent"
Byte
commanderPtr
a0
50
"Politic"
Byte
commanderPtr
a1
51
"Charisma"
Byte
commanderPtr
a2
80
"Personality"
1
75
"1"
1:突
14:奸雄
35:酒乱
48:神眼
62:一騎
107:黄天
108:闘将
106:神威
144:矍鑠
146:史官
147:学者
150:神将
151:伏龍
Byte
commanderPtr
c8
78
"2"
1:突
14:奸雄
35:酒乱
48:神眼
62:一騎
107:黄天
108:闘将
106:神威
144:矍鑠
146:史官
147:学者
150:神将
151:伏龍
Byte
commanderPtr
c9
77
"3"
1:突
14:奸雄
35:酒乱
48:神眼
62:一騎
107:黄天
108:闘将
106:神威
144:矍鑠
146:史官
147:学者
150:神将
151:伏龍
Byte
commanderPtr
ca
76
"4"
1:突
14:奸雄
35:酒乱
48:神眼
62:一騎
107:黄天
108:闘将
106:神威
144:矍鑠
146:史官
147:学者
150:神将
151:伏龍
Byte
commanderPtr
cb
123
"5"
1:突
14:奸雄
35:酒乱
48:神眼
62:一騎
107:黄天
108:闘将
106:神威
144:矍鑠
146:史官
147:学者
150:神将
151:伏龍
Byte
commanderPtr
cc
87
"Doctrine & Policy"
1
84
"Doctrine"
1:Oudou - Royalty
2:Hadou - Supremacy
3:Gadou - Self Centered?
4:Kakkyo - Local Authority?
5:Meiri - Fame and Fortune
6:Reikyou - Relegious?
Byte
commanderPtr
f4
85
"Policy"
1:
2:
3:
4:
5:
6:
50:
Byte
commanderPtr
f5
86
"Policy Lv"
Byte
commanderPtr
12a
88
"Tactics"
1
89
"1"
1:
2:
3:
4:
5:
6:
47:明察秋毫
54:聡明剛毅
58:儀城の計
61:明鏡止水
75:袁家威光
78:袁家栄光
85:精錬策数
94:魏武の強
97:神算鬼謀
98:大虎雄略
100:
Byte
commanderPtr
d8
99
"2"
1:
2:
3:
4:
5:
6:
47:明察秋毫
54:聡明剛毅
58:儀城の計
61:明鏡止水
75:袁家威光
78:袁家栄光
85:精錬策数
94:魏武の強
97:神算鬼謀
98:大虎雄略
100:
Byte
commanderPtr
d9
98
"3"
1:
2:
3:
4:
5:
6:
47:明察秋毫
54:聡明剛毅
58:儀城の計
61:明鏡止水
75:袁家威光
78:袁家栄光
85:精錬策数
94:魏武の強
97:神算鬼謀
98:大虎雄略
100:
Byte
commanderPtr
da
97
"4"
1:
2:
3:
4:
5:
6:
47:明察秋毫
54:聡明剛毅
58:儀城の計
61:明鏡止水
75:袁家威光
78:袁家栄光
85:精錬策数
94:魏武の強
97:神算鬼謀
98:大虎雄略
100:
Byte
commanderPtr
db
96
"5"
1:
2:
3:
4:
5:
6:
47:明察秋毫
54:聡明剛毅
58:儀城の計
61:明鏡止水
75:袁家威光
78:袁家栄光
85:精錬策数
94:魏武の強
97:神算鬼謀
98:大虎雄略
100:
Byte
commanderPtr
dc
95
"6"
1:
2:
3:
4:
5:
6:
47:明察秋毫
54:聡明剛毅
58:儀城の計
61:明鏡止水
75:袁家威光
78:袁家栄光
85:精錬策数
94:魏武の強
97:神算鬼謀
98:大虎雄略
100:
Byte
commanderPtr
dd
94
"7"
1:
2:
3:
4:
5:
6:
47:明察秋毫
54:聡明剛毅
58:儀城の計
61:明鏡止水
75:袁家威光
78:袁家栄光
85:精錬策数
94:魏武の強
97:神算鬼謀
98:大虎雄略
100:
Byte
commanderPtr
de
93
"8"
1:
2:
3:
4:
5:
6:
47:明察秋毫
54:聡明剛毅
58:儀城の計
61:明鏡止水
75:袁家威光
78:袁家栄光
85:精錬策数
94:魏武の強
97:神算鬼謀
98:大虎雄略
100:
Byte
commanderPtr
df
92
"9"
1:
2:
3:
4:
5:
6:
47:明察秋毫
54:聡明剛毅
58:儀城の計
61:明鏡止水
75:袁家威光
78:袁家栄光
85:精錬策数
94:魏武の強
97:神算鬼謀
98:大虎雄略
100:
Byte
commanderPtr
e0
91
"10"
1:
2:
3:
4:
5:
6:
47:明察秋毫
54:聡明剛毅
58:儀城の計
61:明鏡止水
75:袁家威光
78:袁家栄光
85:精錬策数
94:魏武の強
97:神算鬼謀
98:大虎雄略
100:
Byte
commanderPtr
e1
100
"Formation"
1
104
"Fish Scale"
Binary
1
1
0
commanderPtr
d4
103
"Arrow Head"
Binary
2
1
0
commanderPtr
d4
102
"Flight Formation"
Binary
3
1
0
commanderPtr
d4
101
"Square & Circle"
Binary
4
1
0
commanderPtr
d4
105
"Flanking"
Binary
5
1
0
commanderPtr
d4
110
"Long Line"
Binary
6
1
0
commanderPtr
d4
109
"Pyramid"
Binary
7
1
0
commanderPtr
d4
108
"Curb Swing"
Binary
0
1
0
commanderPtr
d5
107
"Ramping"
Binary
1
1
0
commanderPtr
d5
106
"Catapult"
Binary
2
1
0
commanderPtr
d5
112
"Personal Info"
1
113
"Appearence Year"
2 Bytes
commanderPtr
5c
111
"Birth Year"
2 Bytes
commanderPtr
5e
114
"Death Year"
2 Bytes
commanderPtr
60
180
"Marriage Partner"
2 Bytes
commanderPtr
6c
178
"Treasure Trading Value 1 - Use this to steal item during prisonor exchange, etc"
Auto Assembler Script
[ENABLE]
aobscanmodule(SAN14_TreasureTradingValue,SAN14_TC.exe,48 83 EC 20 0F B6 79 47) // should be unique
alloc(newmem,32,SAN14_TreasureTradingValue)
label(code)
label(return)
newmem:
code:
sub rsp,20
mov byte ptr [rcx+47],1
movzx edi,byte ptr [rcx+47]
// mov rdi,1
jmp return
SAN14_TreasureTradingValue:
jmp newmem
nop 3
return:
registersymbol(SAN14_TreasureTradingValue)
[DISABLE]
SAN14_TreasureTradingValue:
db 48 83 EC 20 0F B6 79 47
unregistersymbol(SAN14_TreasureTradingValue)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+2AA846
"SAN14.exe"+2AA838: CC - int 3
"SAN14.exe"+2AA839: CC - int 3
"SAN14.exe"+2AA83A: CC - int 3
"SAN14.exe"+2AA83B: CC - int 3
"SAN14.exe"+2AA83C: CC - int 3
"SAN14.exe"+2AA83D: CC - int 3
"SAN14.exe"+2AA83E: CC - int 3
"SAN14.exe"+2AA83F: CC - int 3
"SAN14.exe"+2AA840: 48 89 5C 24 08 - mov [rsp+08],rbx
"SAN14.exe"+2AA845: 57 - push rdi
// ---------- INJECTING HERE ----------
"SAN14.exe"+2AA846: 48 83 EC 20 - sub rsp,20
"SAN14.exe"+2AA84A: 0F B6 79 47 - movzx edi,byte ptr [rcx+47]
// ---------- DONE INJECTING ----------
"SAN14.exe"+2AA84E: E8 BD 0A 04 00 - call SAN14.exe+2EB310
"SAN14.exe"+2AA853: 48 8B C8 - mov rcx,rax
"SAN14.exe"+2AA856: E8 75 58 EB FF - call SAN14.exe+1600D0
"SAN14.exe"+2AA85B: 44 8B C7 - mov r8d,edi
"SAN14.exe"+2AA85E: 48 8D 15 77 BD D1 00 - lea rdx,[SAN14.exe+FC65DC]
"SAN14.exe"+2AA865: 48 8B C8 - mov rcx,rax
"SAN14.exe"+2AA868: 48 8B D8 - mov rbx,rax
"SAN14.exe"+2AA86B: E8 A0 9F 32 00 - call SAN14.exe+5D4810
"SAN14.exe"+2AA870: 48 8B C3 - mov rax,rbx
"SAN14.exe"+2AA873: 48 8B 5C 24 30 - mov rbx,[rsp+30]
}
172
"Treasure Data - Open Treasure Detail Screen to update"
Auto Assembler Script
[ENABLE]
aobscanmodule(SAN14_Treasure,SAN14_TC.exe,4C 8B DC 53 55 48 81 EC 58) // should be unique
alloc(newmem,64,SAN14_Treasure)
alloc(treasurePtr,8)
registersymbol(treasurePtr)
treasurePtr:
dq 0
label(code)
label(return)
newmem:
mov [treasurePtr],rdx
code:
mov r11,rsp
push rbx
push rbp
jmp return
SAN14_Treasure:
jmp newmem
return:
registersymbol(SAN14_Treasure)
[DISABLE]
SAN14_Treasure:
db 4C 8B DC 53 55
unregistersymbol(treasurePtr)
dealloc(treasurePtr)
unregistersymbol(SAN14_Treasure)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+5B48C9
"SAN14.exe"+5B48B8: CC - int 3
"SAN14.exe"+5B48B9: CC - int 3
"SAN14.exe"+5B48BA: CC - int 3
"SAN14.exe"+5B48BB: CC - int 3
"SAN14.exe"+5B48BC: CC - int 3
"SAN14.exe"+5B48BD: CC - int 3
"SAN14.exe"+5B48BE: CC - int 3
"SAN14.exe"+5B48BF: CC - int 3
"SAN14.exe"+5B48C0: 48 85 D2 - test rdx,rdx
"SAN14.exe"+5B48C3: 0F 84 5F 02 00 00 - je SAN14.exe+5B4B28
// ---------- INJECTING HERE ----------
"SAN14.exe"+5B48C9: 4C 8B DC - mov r11,rsp
"SAN14.exe"+5B48CC: 53 - push rbx
"SAN14.exe"+5B48CD: 55 - push rbp
// ---------- DONE INJECTING ----------
"SAN14.exe"+5B48CE: 48 81 EC 58 04 00 00 - sub rsp,00000458
"SAN14.exe"+5B48D5: 48 8B 05 E4 49 FB 00 - mov rax,[SAN14.exe+15692C0]
"SAN14.exe"+5B48DC: 48 33 C4 - xor rax,rsp
"SAN14.exe"+5B48DF: 48 89 84 24 40 04 00 00 - mov [rsp+00000440],rax
"SAN14.exe"+5B48E7: 49 89 73 18 - mov [r11+18],rsi
"SAN14.exe"+5B48EB: 48 8B E9 - mov rbp,rcx
"SAN14.exe"+5B48EE: 49 89 7B E8 - mov [r11-18],rdi
"SAN14.exe"+5B48F2: 48 8B DA - mov rbx,rdx
"SAN14.exe"+5B48F5: 48 8D B9 18 01 00 00 - lea rdi,[rcx+00000118]
"SAN14.exe"+5B48FC: 48 8B CA - mov rcx,rdx
}
173
"Base Address"
1
8 Bytes
treasurePtr
0
177
"Value"
Byte
+47
174
"Stats Type"
1:Leadership
2:Srength/Might
3:Wisdom
4:Politic
5:Charisma
Byte
+43
175
"Stats Value"
Byte
+44
176
"Effect"
1:100% Retreat
2:Life Extension
Byte
+45
74
""
1
39
"Easy Territory Capture"
FF0000
Auto Assembler Script
[ENABLE]
aobscanmodule(SAN14_EasyTerritory,SAN14.exe,0F B7 47 72 66 39 47 66) // should be unique
alloc(newmem,64,SAN14_EasyTerritory)
label(code)
label(return)
newmem:
cmp [playerCapitalPtr],rsi
jne code
movzx eax,word ptr [rdi+72]
mov word ptr[rdi+66],ax
code:
movzx eax,word ptr [rdi+72]
cmp [rdi+66],ax
jmp return
SAN14_EasyTerritory:
jmp newmem
nop 3
return:
registersymbol(SAN14_EasyTerritory)
[DISABLE]
SAN14_EasyTerritory:
db 0F B7 47 72 66 39 47 66
unregistersymbol(SAN14_EasyTerritory)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+5638C9
"SAN14.exe"+56389D: 8B D0 - mov edx,eax
"SAN14.exe"+56389F: 48 8D 0D BA A0 6A 01 - lea rcx,[SAN14.exe+1C0D960]
"SAN14.exe"+5638A6: E8 25 EF AA FF - call SAN14.exe+127D0
"SAN14.exe"+5638AB: 48 85 C0 - test rax,rax
"SAN14.exe"+5638AE: 74 03 - je SAN14.exe+5638B3
"SAN14.exe"+5638B0: 48 89 38 - mov [rax],rdi
"SAN14.exe"+5638B3: 83 3D 76 A0 6A 01 00 - cmp dword ptr [SAN14.exe+1C0D930],00
"SAN14.exe"+5638BA: 74 0D - je SAN14.exe+5638C9
"SAN14.exe"+5638BC: 48 8D 0D 75 A0 6A 01 - lea rcx,[SAN14.exe+1C0D938]
"SAN14.exe"+5638C3: FF 15 2F F8 A0 00 - call qword ptr [SAN14.exe+F730F8]
// ---------- INJECTING HERE ----------
"SAN14.exe"+5638C9: 0F B7 47 72 - movzx eax,word ptr [rdi+72]
"SAN14.exe"+5638CD: 66 39 47 66 - cmp [rdi+66],ax
// ---------- DONE INJECTING ----------
"SAN14.exe"+5638D1: 73 5D - jae SAN14.exe+563930
"SAN14.exe"+5638D3: 83 3D 56 A0 6A 01 00 - cmp dword ptr [SAN14.exe+1C0D930],00
"SAN14.exe"+5638DA: 74 0D - je SAN14.exe+5638E9
"SAN14.exe"+5638DC: 48 8D 0D 55 A0 6A 01 - lea rcx,[SAN14.exe+1C0D938]
"SAN14.exe"+5638E3: FF 15 07 FA A0 00 - call qword ptr [SAN14.exe+F732F0]
"SAN14.exe"+5638E9: 4D 85 E4 - test r12,r12
"SAN14.exe"+5638EC: 74 06 - je SAN14.exe+5638F4
"SAN14.exe"+5638EE: 41 8B 04 24 - mov eax,[r12]
"SAN14.exe"+5638F2: EB 03 - jmp SAN14.exe+5638F7
"SAN14.exe"+5638F4: 49 8B C7 - mov rax,r15
}
46
"Base Ptr"
1
8 Bytes
commanderPtr
0
47
"?"
1
4 Bytes
+10
120
"Doctrine EXP x10"
FF0000
Auto Assembler Script
[ENABLE]
aobscanmodule(SAN14_DoctrineEXP,SAN14.exe,44 8B 81 64 01 00 00) // should be unique
alloc(newmem,64,SAN14_DoctrineEXP)
alloc(playerDoctrinePtr,8)
registersymbol(playerDoctrinePtr)
playerDoctrinePtr:
dq 0
alloc(playerDoctrinePtrFlag,4)
registersymbol(playerDoctrinePtrFlag)
playerDoctrinePtrFlag:
dd 0
label(code)
label(return)
newmem:
cmp [playerDoctrinePtr],rcx
jne code
cmp edx,0
je code
imul edx,a
code:
mov r8d,[rcx+00000164]
jmp return
SAN14_DoctrineEXP:
jmp newmem
nop 2
return:
registersymbol(SAN14_DoctrineEXP)
aobscanmodule(SAN14_DoctrinePtr,SAN14.exe,8B 87 64 01 00 00 85) // should be unique
alloc(newmem2,64,SAN14_DoctrinePtr)
label(code2)
label(return2)
newmem2:
cmp [playerDoctrinePtrFlag],0
je code2
mov [playerDoctrinePtr],rdi
mov [playerDoctrinePtrFlag],0
code2:
mov eax,[rdi+00000164]
jmp return2
SAN14_DoctrinePtr:
jmp newmem2
nop
return2:
registersymbol(SAN14_DoctrinePtr)
[DISABLE]
SAN14_DoctrineEXP:
db 44 8B 81 64 01 00 00
dealloc(playerDoctrinePtrFlag)
unregistersymbol(playerDoctrinePtrFlag)
dealloc(playerDoctrinePtr)
unregistersymbol(playerDoctrinePtr)
unregistersymbol(SAN14_DoctrineEXP)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+1D11D0
"SAN14.exe"+1D11BF: 8B C8 - mov ecx,eax
"SAN14.exe"+1D11C1: 41 0F 4F CA - cmovg ecx,r10d
"SAN14.exe"+1D11C5: 41 88 49 50 - mov [r9+50],cl
"SAN14.exe"+1D11C9: C3 - ret
"SAN14.exe"+1D11CA: CC - int 3
"SAN14.exe"+1D11CB: CC - int 3
"SAN14.exe"+1D11CC: CC - int 3
"SAN14.exe"+1D11CD: CC - int 3
"SAN14.exe"+1D11CE: CC - int 3
"SAN14.exe"+1D11CF: CC - int 3
// ---------- INJECTING HERE ----------
"SAN14.exe"+1D11D0: 44 8B 81 64 01 00 00 - mov r8d,[rcx+00000164]
// ---------- DONE INJECTING ----------
"SAN14.exe"+1D11D7: B8 7F 96 98 00 - mov eax,0098967F
"SAN14.exe"+1D11DC: 44 03 C2 - add r8d,edx
"SAN14.exe"+1D11DF: 79 12 - jns SAN14.exe+1D11F3
"SAN14.exe"+1D11E1: 45 33 C0 - xor r8d,r8d
"SAN14.exe"+1D11E4: 44 3B C0 - cmp r8d,eax
"SAN14.exe"+1D11E7: 44 0F 4F C0 - cmovg r8d,eax
"SAN14.exe"+1D11EB: 44 89 81 64 01 00 00 - mov [rcx+00000164],r8d
"SAN14.exe"+1D11F2: C3 - ret
"SAN14.exe"+1D11F3: 44 3B C0 - cmp r8d,eax
"SAN14.exe"+1D11F6: 44 0F 4F C0 - cmovg r8d,eax
}
SAN14_DoctrinePtr:
db 8B 87 64 01 00 00
unregistersymbol(SAN14_DoctrinePtr)
dealloc(newmem2)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+429083
"SAN14.exe"+429053: 88 83 60 01 00 00 - mov [rbx+00000160],al
"SAN14.exe"+429059: 0F B6 87 61 01 00 00 - movzx eax,byte ptr [rdi+00000161]
"SAN14.exe"+429060: 3B C1 - cmp eax,ecx
"SAN14.exe"+429062: 0F 47 C1 - cmova eax,ecx
"SAN14.exe"+429065: B9 60 EA 00 00 - mov ecx,0000EA60
"SAN14.exe"+42906A: 88 83 61 01 00 00 - mov [rbx+00000161],al
"SAN14.exe"+429070: 0F B7 87 62 01 00 00 - movzx eax,word ptr [rdi+00000162]
"SAN14.exe"+429077: 3B C1 - cmp eax,ecx
"SAN14.exe"+429079: 0F 47 C1 - cmova eax,ecx
"SAN14.exe"+42907C: 66 89 83 62 01 00 00 - mov [rbx+00000162],ax
// ---------- INJECTING HERE ----------
"SAN14.exe"+429083: 8B 87 64 01 00 00 - mov eax,[rdi+00000164]
// ---------- DONE INJECTING ----------
"SAN14.exe"+429089: 85 C0 - test eax,eax
"SAN14.exe"+42908B: 78 0C - js SAN14.exe+429099
"SAN14.exe"+42908D: B9 7F 96 98 00 - mov ecx,0098967F
"SAN14.exe"+429092: 3B C1 - cmp eax,ecx
"SAN14.exe"+429094: 0F 4F C1 - cmovg eax,ecx
"SAN14.exe"+429097: 8B F0 - mov esi,eax
"SAN14.exe"+429099: 89 B3 64 01 00 00 - mov [rbx+00000164],esi
"SAN14.exe"+42909F: 0F B6 87 68 01 00 00 - movzx eax,byte ptr [rdi+00000168]
"SAN14.exe"+4290A6: 48 8B 74 24 58 - mov rsi,[rsp+58]
"SAN14.exe"+4290AB: 41 3B C7 - cmp eax,r15d
}
139
"Auto Assemble script"
Auto Assembler Script
[ENABLE]
aobscanmodule(INJECT,SAN14.exe,13 4C 89 BF 58 01 00 00) // should be unique
alloc(newmem,$1000,"SAN14.exe"+5C8775)
label(code)
label(return)
newmem:
code:
mov [rdi+00000158],r15
jmp return
INJECT+01:
jmp newmem
nop 2
return:
registersymbol(INJECT)
[DISABLE]
INJECT+01:
db 4C 89 BF 58 01 00 00
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+5C8775
"SAN14.exe"+5C8750: 75 05 - jne SAN14.exe+5C8757
"SAN14.exe"+5C8752: 45 85 E4 - test r12d,r12d
"SAN14.exe"+5C8755: 74 36 - je SAN14.exe+5C878D
"SAN14.exe"+5C8757: 48 8B 07 - mov rax,[rdi]
"SAN14.exe"+5C875A: 41 BC 01 00 00 00 - mov r12d,00000001
"SAN14.exe"+5C8760: 41 8B D4 - mov edx,r12d
"SAN14.exe"+5C8763: 48 8B CF - mov rcx,rdi
"SAN14.exe"+5C8766: FF 90 B0 00 00 00 - call qword ptr [rax+000000B0]
"SAN14.exe"+5C876C: 4C 3B BF 58 01 00 00 - cmp r15,[rdi+00000158]
"SAN14.exe"+5C8773: 74 13 - je SAN14.exe+5C8788
// ---------- INJECTING HERE ----------
"SAN14.exe"+5C8775: 4C 89 BF 58 01 00 00 - mov [rdi+00000158],r15
// ---------- DONE INJECTING ----------
"SAN14.exe"+5C877C: 48 8B 07 - mov rax,[rdi]
"SAN14.exe"+5C877F: 48 8B CF - mov rcx,rdi
"SAN14.exe"+5C8782: FF 90 70 01 00 00 - call qword ptr [rax+00000170]
"SAN14.exe"+5C8788: 45 8B EC - mov r13d,r12d
"SAN14.exe"+5C878B: EB 3A - jmp SAN14.exe+5C87C7
"SAN14.exe"+5C878D: 48 8B 07 - mov rax,[rdi]
"SAN14.exe"+5C8790: 33 D2 - xor edx,edx
"SAN14.exe"+5C8792: 48 8B CF - mov rcx,rdi
"SAN14.exe"+5C8795: FF 90 B0 00 00 00 - call qword ptr [rax+000000B0]
"SAN14.exe"+5C879B: 48 83 BF 58 01 00 00 00 - cmp qword ptr [rdi+00000158],00
}
143
"Auto Assemble script"
Auto Assembler Script
[ENABLE]
aobscanmodule(SAN14_Commerce,SAN14.exe,0F B7 57 3A 03 D0) // should be unique
alloc(newmem,64,SAN14_Commerce)
label(code)
label(return)
newmem:
cmp [playerCapitalPtr],r12
jne code
mov byte ptr[rdi+52],64
movzx edx,word ptr [rdi+3A]
mov eax,#1000
sub eax,edx
code:
movzx edx,word ptr [rdi+3A]
add edx,eax
jmp return
SAN14_Commerce:
jmp newmem
nop
return:
registersymbol(SAN14_Commerce)
aobscanmodule(SAN14_Supply,SAN14.exe,0F B7 57 3C 41 03 D7) // should be unique
alloc(newmem2,64,SAN14_Supply)
label(code2)
label(return2)
newmem2:
cmp [playerCapitalPtr],r12
jne code
mov byte ptr[rdi+52],64
movzx edx,word ptr [rdi+3C]
mov eax,#1000
sub eax,edx
code2:
movzx edx,word ptr [rdi+3C]
add edx,r15d
jmp return2
SAN14_Supply:
jmp newmem2
nop 2
return2:
registersymbol(SAN14_Supply)
aobscanmodule(SAN14_Barracks,SAN14.exe,0F B7 57 3E 41 03 D7) // should be unique
alloc(newmem5,64,SAN14_Barracks)
label(code5)
label(return5)
newmem5:
cmp [playerCapitalPtr],r12
jne code
mov byte ptr[rdi+52],64
movzx edx,word ptr [rdi+3E]
mov r15d,#1000
sub r15d,edx
code5:
movzx edx,word ptr [rdi+3E]
add edx,r15d
jmp return5
SAN14_Barracks:
jmp newmem5
nop 2
return5:
registersymbol(SAN14_Barracks)
[DISABLE]
SAN14_Commerce:
db 0F B7 57 3A 03 D0
unregistersymbol(SAN14_Commerce)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+220D4C
"SAN14.exe"+220D27: 44 0F B6 77 70 - movzx r14d,byte ptr [rdi+70]
"SAN14.exe"+220D2C: 44 89 7C 24 20 - mov [rsp+20],r15d
"SAN14.exe"+220D31: 44 8B 4D 7F - mov r9d,[rbp+7F]
"SAN14.exe"+220D35: 45 8B C6 - mov r8d,r14d
"SAN14.exe"+220D38: 48 8B D6 - mov rdx,rsi
"SAN14.exe"+220D3B: 48 8B CF - mov rcx,rdi
"SAN14.exe"+220D3E: E8 5D 0A FE FF - call SAN14.exe+2017A0
"SAN14.exe"+220D43: 44 8B F8 - mov r15d,eax
"SAN14.exe"+220D46: 41 83 FE 01 - cmp r14d,01
"SAN14.exe"+220D4A: 75 29 - jne SAN14.exe+220D75
// ---------- INJECTING HERE ----------
"SAN14.exe"+220D4C: 0F B7 57 3A - movzx edx,word ptr [rdi+3A]
"SAN14.exe"+220D50: 03 D0 - add edx,eax
// ---------- DONE INJECTING ----------
"SAN14.exe"+220D52: 79 05 - jns SAN14.exe+220D59
"SAN14.exe"+220D54: 41 8B D5 - mov edx,r13d
"SAN14.exe"+220D57: EB 0A - jmp SAN14.exe+220D63
"SAN14.exe"+220D59: B8 E8 03 00 00 - mov eax,000003E8
"SAN14.exe"+220D5E: 3B D0 - cmp edx,eax
"SAN14.exe"+220D60: 0F 4F D0 - cmovg edx,eax
"SAN14.exe"+220D63: 48 8B CF - mov rcx,rdi
"SAN14.exe"+220D66: E8 D5 2B FC FF - call SAN14.exe+1E3940
"SAN14.exe"+220D6B: 48 8B CF - mov rcx,rdi
"SAN14.exe"+220D6E: E8 DD 68 FB FF - call SAN14.exe+1D7650
}
SAN14_Supply:
db 0F B7 57 3C 41 03 D7
unregistersymbol(SAN14_Supply)
dealloc(newmem2)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+220D7B
"SAN14.exe"+220D59: B8 E8 03 00 00 - mov eax,000003E8
"SAN14.exe"+220D5E: 3B D0 - cmp edx,eax
"SAN14.exe"+220D60: 0F 4F D0 - cmovg edx,eax
"SAN14.exe"+220D63: 48 8B CF - mov rcx,rdi
"SAN14.exe"+220D66: E8 D5 2B FC FF - call SAN14.exe+1E3940
"SAN14.exe"+220D6B: 48 8B CF - mov rcx,rdi
"SAN14.exe"+220D6E: E8 DD 68 FB FF - call SAN14.exe+1D7650
"SAN14.exe"+220D73: EB 5E - jmp SAN14.exe+220DD3
"SAN14.exe"+220D75: 41 83 FE 02 - cmp r14d,02
"SAN14.exe"+220D79: 75 2A - jne SAN14.exe+220DA5
// ---------- INJECTING HERE ----------
"SAN14.exe"+220D7B: 0F B7 57 3C - movzx edx,word ptr [rdi+3C]
"SAN14.exe"+220D7F: 41 03 D7 - add edx,r15d
// ---------- DONE INJECTING ----------
"SAN14.exe"+220D82: 79 05 - jns SAN14.exe+220D89
"SAN14.exe"+220D84: 41 8B D5 - mov edx,r13d
"SAN14.exe"+220D87: EB 0A - jmp SAN14.exe+220D93
"SAN14.exe"+220D89: B8 E8 03 00 00 - mov eax,000003E8
"SAN14.exe"+220D8E: 3B D0 - cmp edx,eax
"SAN14.exe"+220D90: 0F 4F D0 - cmovg edx,eax
"SAN14.exe"+220D93: 48 8B CF - mov rcx,rdi
"SAN14.exe"+220D96: E8 95 2D FC FF - call SAN14.exe+1E3B30
"SAN14.exe"+220D9B: 48 8B CF - mov rcx,rdi
"SAN14.exe"+220D9E: E8 BD 51 FB FF - call SAN14.exe+1D5F60
}
SAN14_Barracks:
db 0F B7 57 3E 41 03 D7
unregistersymbol(SAN14_Barracks)
dealloc(newmem5)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+220DAB
"SAN14.exe"+220D89: B8 E8 03 00 00 - mov eax,000003E8
"SAN14.exe"+220D8E: 3B D0 - cmp edx,eax
"SAN14.exe"+220D90: 0F 4F D0 - cmovg edx,eax
"SAN14.exe"+220D93: 48 8B CF - mov rcx,rdi
"SAN14.exe"+220D96: E8 95 2D FC FF - call SAN14.exe+1E3B30
"SAN14.exe"+220D9B: 48 8B CF - mov rcx,rdi
"SAN14.exe"+220D9E: E8 BD 51 FB FF - call SAN14.exe+1D5F60
"SAN14.exe"+220DA3: EB 2E - jmp SAN14.exe+220DD3
"SAN14.exe"+220DA5: 41 83 FE 03 - cmp r14d,03
"SAN14.exe"+220DA9: 75 2B - jne SAN14.exe+220DD6
// ---------- INJECTING HERE ----------
"SAN14.exe"+220DAB: 0F B7 57 3E - movzx edx,word ptr [rdi+3E]
"SAN14.exe"+220DAF: 41 03 D7 - add edx,r15d
// ---------- DONE INJECTING ----------
"SAN14.exe"+220DB2: 79 05 - jns SAN14.exe+220DB9
"SAN14.exe"+220DB4: 41 8B D5 - mov edx,r13d
"SAN14.exe"+220DB7: EB 0A - jmp SAN14.exe+220DC3
"SAN14.exe"+220DB9: B8 E8 03 00 00 - mov eax,000003E8
"SAN14.exe"+220DBE: 3B D0 - cmp edx,eax
"SAN14.exe"+220DC0: 0F 4F D0 - cmovg edx,eax
"SAN14.exe"+220DC3: 48 8B CF - mov rcx,rdi
"SAN14.exe"+220DC6: E8 65 34 FC FF - call SAN14.exe+1E4230
"SAN14.exe"+220DCB: 48 8B CF - mov rcx,rdi
"SAN14.exe"+220DCE: E8 BD 8D FB FF - call SAN14.exe+1D9B90
}
144
"Auto Assemble script"
Auto Assembler Script
[ENABLE]
aobscanmodule(SAAN14_FacilityGrowth,SAN14.exe,44 8B F8 41 83 FE 01) // should be unique
alloc(newmem,64,SAAN14_FacilityGrowth)
label(code)
label(return)
newmem:
cmp [playerCapitalPtr],r12
jne code
mov byte ptr[rdi+52],64
cmp eax,0
jle code
mov eax,#1000
code:
mov r15d,eax
cmp r14d,01
jmp return
SAAN14_FacilityGrowth:
jmp newmem
nop 2
return:
registersymbol(SAAN14_FacilityGrowth)
[DISABLE]
SAAN14_FacilityGrowth:
db 44 8B F8 41 83 FE 01
unregistersymbol(SAAN14_FacilityGrowth)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+220D43
"SAN14.exe"+220D1A: E8 71 42 FB FF - call SAN14.exe+1D4F90
"SAN14.exe"+220D1F: 48 8B C8 - mov rcx,rax
"SAN14.exe"+220D22: E8 09 97 06 00 - call SAN14.exe+28A430
"SAN14.exe"+220D27: 44 0F B6 77 70 - movzx r14d,byte ptr [rdi+70]
"SAN14.exe"+220D2C: 44 89 7C 24 20 - mov [rsp+20],r15d
"SAN14.exe"+220D31: 44 8B 4D 7F - mov r9d,[rbp+7F]
"SAN14.exe"+220D35: 45 8B C6 - mov r8d,r14d
"SAN14.exe"+220D38: 48 8B D6 - mov rdx,rsi
"SAN14.exe"+220D3B: 48 8B CF - mov rcx,rdi
"SAN14.exe"+220D3E: E8 5D 0A FE FF - call SAN14.exe+2017A0
// ---------- INJECTING HERE ----------
"SAN14.exe"+220D43: 44 8B F8 - mov r15d,eax
"SAN14.exe"+220D46: 41 83 FE 01 - cmp r14d,01
// ---------- DONE INJECTING ----------
"SAN14.exe"+220D4A: 75 29 - jne SAN14.exe+220D75
"SAN14.exe"+220D4C: 0F B7 57 3A - movzx edx,word ptr [rdi+3A]
"SAN14.exe"+220D50: 03 D0 - add edx,eax
"SAN14.exe"+220D52: 79 05 - jns SAN14.exe+220D59
"SAN14.exe"+220D54: 41 8B D5 - mov edx,r13d
"SAN14.exe"+220D57: EB 0A - jmp SAN14.exe+220D63
"SAN14.exe"+220D59: B8 E8 03 00 00 - mov eax,000003E8
"SAN14.exe"+220D5E: 3B D0 - cmp edx,eax
"SAN14.exe"+220D60: 0F 4F D0 - cmovg edx,eax
"SAN14.exe"+220D63: 48 8B CF - mov rcx,rdi
}
179
"Treasure Trading Value 2"
Auto Assembler Script
[ENABLE]
aobscanmodule(SAN14_TreasureTradingValue2,SAN14.exe,48 8B F8 0F B6 5E 44) // should be unique
alloc(newmem,32,SAN14_TreasureTradingValue2)
label(code)
label(return)
newmem:
code:
mov rdi,rax
//movzx ebx,byte ptr [rsi+44]
mov rbx,1
jmp return
SAN14_TreasureTradingValue2:
jmp newmem
nop 2
return:
registersymbol(SAN14_TreasureTradingValue2)
[DISABLE]
SAN14_TreasureTradingValue2:
db 48 8B F8 0F B6 5E 44
unregistersymbol(SAN14_TreasureTradingValue2)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+2A1D8D
"SAN14.exe"+2A1D66: 8B C8 - mov ecx,eax
"SAN14.exe"+2A1D68: 48 83 C4 20 - add rsp,20
"SAN14.exe"+2A1D6C: 5E - pop rsi
"SAN14.exe"+2A1D6D: E9 3E 5C FD FF - jmp SAN14.exe+2779B0
"SAN14.exe"+2A1D72: 48 89 5C 24 30 - mov [rsp+30],rbx
"SAN14.exe"+2A1D77: 48 89 7C 24 38 - mov [rsp+38],rdi
"SAN14.exe"+2A1D7C: E8 8F 95 04 00 - call SAN14.exe+2EB310
"SAN14.exe"+2A1D81: 48 8B C8 - mov rcx,rax
"SAN14.exe"+2A1D84: E8 47 E3 EB FF - call SAN14.exe+1600D0
"SAN14.exe"+2A1D89: 0F B6 4E 43 - movzx ecx,byte ptr [rsi+43]
// ---------- INJECTING HERE ----------
"SAN14.exe"+2A1D8D: 48 8B F8 - mov rdi,rax
"SAN14.exe"+2A1D90: 0F B6 5E 44 - movzx ebx,byte ptr [rsi+44]
// ---------- DONE INJECTING ----------
"SAN14.exe"+2A1D94: E8 17 6F F9 FF - call SAN14.exe+238CB0
"SAN14.exe"+2A1D99: 8B C8 - mov ecx,eax
"SAN14.exe"+2A1D9B: E8 10 5C FD FF - call SAN14.exe+2779B0
"SAN14.exe"+2A1DA0: 4C 8B C0 - mov r8,rax
"SAN14.exe"+2A1DA3: 48 8D 15 9E 9B D3 00 - lea rdx,[SAN14.exe+FDB948]
"SAN14.exe"+2A1DAA: 44 8B CB - mov r9d,ebx
"SAN14.exe"+2A1DAD: 48 8B CF - mov rcx,rdi
"SAN14.exe"+2A1DB0: E8 5B 2A 33 00 - call SAN14.exe+5D4810
"SAN14.exe"+2A1DB5: 48 8B 5C 24 30 - mov rbx,[rsp+30]
"SAN14.exe"+2A1DBA: 48 8B C7 - mov rax,rdi
}
183
"Uncap Charisma"
Auto Assembler Script
[ENABLE]
aobscanmodule(SAN14_UncapCharisma,SAN14.exe,83 FB 64 0F 4F DD) // should be unique
alloc(newmem,32,SAN14_UncapCharisma)
label(code)
label(return)
newmem:
code:
cmp ebx,270f
cmovg ebx,ebp
jmp return
SAN14_UncapCharisma:
jmp newmem
nop
return:
registersymbol(SAN14_UncapCharisma)
[DISABLE]
SAN14_UncapCharisma:
db 83 FB 64 0F 4F DD
unregistersymbol(SAN14_UncapCharisma)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+1DB579
"SAN14.exe"+1DB558: 48 8D 54 24 48 - lea rdx,[rsp+48]
"SAN14.exe"+1DB55D: 48 8B CF - mov rcx,rdi
"SAN14.exe"+1DB560: E8 1B EB E6 FF - call SAN14.exe+4A080
"SAN14.exe"+1DB565: 4C 8B 44 24 30 - mov r8,[rsp+30]
"SAN14.exe"+1DB56A: 4C 3B 40 08 - cmp r8,[rax+08]
"SAN14.exe"+1DB56E: 75 95 - jne SAN14.exe+1DB505
"SAN14.exe"+1DB570: EB 02 - jmp SAN14.exe+1DB574
"SAN14.exe"+1DB572: 8B DD - mov ebx,ebp
"SAN14.exe"+1DB574: 83 FB 01 - cmp ebx,01
"SAN14.exe"+1DB577: 7C 0D - jl SAN14.exe+1DB586
// ---------- INJECTING HERE ----------
"SAN14.exe"+1DB579: 83 FB 64 - cmp ebx,64
"SAN14.exe"+1DB57C: 0F 4F DD - cmovg ebx,ebp
// ---------- DONE INJECTING ----------
"SAN14.exe"+1DB57F: EB 16 - jmp SAN14.exe+1DB597
"SAN14.exe"+1DB581: 83 FB 01 - cmp ebx,01
"SAN14.exe"+1DB584: 7D 07 - jnl SAN14.exe+1DB58D
"SAN14.exe"+1DB586: BB 01 00 00 00 - mov ebx,00000001
"SAN14.exe"+1DB58B: EB 0A - jmp SAN14.exe+1DB597
"SAN14.exe"+1DB58D: B8 0F 27 00 00 - mov eax,0000270F
"SAN14.exe"+1DB592: 3B D8 - cmp ebx,eax
"SAN14.exe"+1DB594: 0F 4F D8 - cmovg ebx,eax
"SAN14.exe"+1DB597: 8B C3 - mov eax,ebx
"SAN14.exe"+1DB599: 4C 8D 5C 24 70 - lea r11,[rsp+70]
}
187
"Auto Assemble script"
Auto Assembler Script
[ENABLE]
aobscanmodule(SAN14_Base100Uncap,SAN14.exe,44 0F AF B4 24 A8 00 00 00) // should be unique
alloc(newmem,$1000,"SAN14.exe"+1DF30F)
label(code)
label(return)
newmem:
mov r14d,ff
code:
//sub r14d,[rsp+000000A8]
jmp return
SAN14_Base100Uncap:
jmp newmem
nop 4
return:
registersymbol(SAN14_Base100Uncap)
[DISABLE]
SAN14_Base100Uncap:
db 44 0F AF B4 24 A8 00 00 00
unregistersymbol(SAN14_Base100Uncap)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+1DF30F
"SAN14.exe"+1DF2DE: 48 8B 05 0B C5 A2 01 - mov rax,[SAN14.exe+1C0B7F0]
"SAN14.exe"+1DF2E5: 48 8B 9C C8 A0 78 07 00 - mov rbx,[rax+rcx*8+000778A0]
"SAN14.exe"+1DF2ED: EB 0E - jmp SAN14.exe+1DF2FD
"SAN14.exe"+1DF2EF: 48 8B 05 FA C4 A2 01 - mov rax,[SAN14.exe+1C0B7F0]
"SAN14.exe"+1DF2F6: 48 8B 98 A0 78 07 00 - mov rbx,[rax+000778A0]
"SAN14.exe"+1DF2FD: 48 8B CB - mov rcx,rbx
"SAN14.exe"+1DF300: E8 0B 29 0B 00 - call SAN14.exe+291C10
"SAN14.exe"+1DF305: 85 C0 - test eax,eax
"SAN14.exe"+1DF307: 74 06 - je SAN14.exe+1DF30F
"SAN14.exe"+1DF309: 41 0F B6 74 1D 36 - movzx esi,byte ptr [r13+rbx+36]
// ---------- INJECTING HERE ----------
"SAN14.exe"+1DF30F: 44 0F AF B4 24 A8 00 00 00 - imul r14d,[rsp+000000A8]
// ---------- DONE INJECTING ----------
"SAN14.exe"+1DF318: B8 1F 85 EB 51 - mov eax,51EB851F
"SAN14.exe"+1DF31D: 41 F7 EE - imul r14d
"SAN14.exe"+1DF320: 8B DA - mov ebx,edx
"SAN14.exe"+1DF322: C1 FB 05 - sar ebx,05
"SAN14.exe"+1DF325: 8B C3 - mov eax,ebx
"SAN14.exe"+1DF327: C1 E8 1F - shr eax,1F
"SAN14.exe"+1DF32A: 03 D8 - add ebx,eax
"SAN14.exe"+1DF32C: 03 DE - add ebx,esi
"SAN14.exe"+1DF32E: 41 03 DF - add ebx,r15d
"SAN14.exe"+1DF331: 03 DD - add ebx,ebp
}
186
"Stats Uncap"
Auto Assembler Script
[ENABLE]
aobscanmodule(SAN14_BaseStatsLimit,SAN14.exe,BB 64 00 00 00 0F) // should be unique
aobscanmodule(SAN14_StatsLimit,SAN14.exe,33 C8 83 FB 01 7D 07) // should be unique
SAN14_BaseStatsLimit+1:
db 0F 27 00 00
SAN14_StatsLimit:
db 90 90
registersymbol(SAN14_BaseStatsLimit)
registersymbol(SAN14_StatsLimit)
[DISABLE]
SAN14_BaseStatsLimit+1:
db 64 00 00 00
SAN14_StatsLimit:
db 33 C8
unregistersymbol(SAN14_BaseStatsLimit)
unregistersymbol(SAN14_StatsLimit)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+1DF401
"SAN14.exe"+1DF3DA: 4C 3B 40 08 - cmp r8,[rax+08]
"SAN14.exe"+1DF3DE: 75 91 - jne SAN14.exe+1DF371
"SAN14.exe"+1DF3E0: EB 05 - jmp SAN14.exe+1DF3E7
"SAN14.exe"+1DF3E2: BB 64 00 00 00 - mov ebx,00000064
"SAN14.exe"+1DF3E7: 0F B6 87 69 01 00 00 - movzx eax,byte ptr [rdi+00000169]
"SAN14.exe"+1DF3EE: EB 07 - jmp SAN14.exe+1DF3F7
"SAN14.exe"+1DF3F0: 0F B6 87 68 01 00 00 - movzx eax,byte ptr [rdi+00000168]
"SAN14.exe"+1DF3F7: C0 C0 03 - rol al,03
"SAN14.exe"+1DF3FA: 0F B6 C8 - movzx ecx,al
"SAN14.exe"+1DF3FD: 0F B6 47 10 - movzx eax,byte ptr [rdi+10]
// ---------- INJECTING HERE ----------
"SAN14.exe"+1DF401: 33 C8 - xor ecx,eax
"SAN14.exe"+1DF403: 83 FB 01 - cmp ebx,01
// ---------- DONE INJECTING ----------
"SAN14.exe"+1DF406: 7D 07 - jnl SAN14.exe+1DF40F
"SAN14.exe"+1DF408: BB 01 00 00 00 - mov ebx,00000001
"SAN14.exe"+1DF40D: EB 05 - jmp SAN14.exe+1DF414
"SAN14.exe"+1DF40F: 3B D9 - cmp ebx,ecx
"SAN14.exe"+1DF411: 0F 4F D9 - cmovg ebx,ecx
"SAN14.exe"+1DF414: 8B C3 - mov eax,ebx
"SAN14.exe"+1DF416: 4C 8D 5C 24 70 - lea r11,[rsp+70]
"SAN14.exe"+1DF41B: 49 8B 5B 30 - mov rbx,[r11+30]
"SAN14.exe"+1DF41F: 49 8B 6B 40 - mov rbp,[r11+40]
"SAN14.exe"+1DF423: 49 8B 73 48 - mov rsi,[r11+48]
}
170
"Stats Cap - 9999"
Auto Assembler Script
[ENABLE]
aobscanmodule(SAN14_StatsCap,SAN14.exe,B8 78 00 00 00 3B D8) // should be unique
SAN14_StatsCap:
mov eax,270f
registersymbol(SAN14_StatsCap)
aobscanmodule(SAN14_StatsCap2,SAN14.exe,41 B9 64 00 00 00 90) // should be unique
SAN14_StatsCap2:
mov r9d,270f
registersymbol(SAN14_StatsCap2)
[DISABLE]
SAN14_StatsCap:
db B8 78 00 00 00
unregistersymbol(SAN14_StatsCap)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+1D92ED
"SAN14.exe"+1D92D2: 8B DD - mov ebx,ebp
"SAN14.exe"+1D92D4: 83 FB 01 - cmp ebx,01
"SAN14.exe"+1D92D7: 7C 0D - jl SAN14.exe+1D92E6
"SAN14.exe"+1D92D9: 83 FB 64 - cmp ebx,64
"SAN14.exe"+1D92DC: 0F 4F DD - cmovg ebx,ebp
"SAN14.exe"+1D92DF: EB 16 - jmp SAN14.exe+1D92F7
"SAN14.exe"+1D92E1: 83 FB 01 - cmp ebx,01
"SAN14.exe"+1D92E4: 7D 07 - jnl SAN14.exe+1D92ED
"SAN14.exe"+1D92E6: BB 01 00 00 00 - mov ebx,00000001
"SAN14.exe"+1D92EB: EB 0A - jmp SAN14.exe+1D92F7
// ---------- INJECTING HERE ----------
"SAN14.exe"+1D92ED: B8 78 00 00 00 - mov eax,00000078
// ---------- DONE INJECTING ----------
"SAN14.exe"+1D92F2: 3B D8 - cmp ebx,eax
"SAN14.exe"+1D92F4: 0F 4F D8 - cmovg ebx,eax
"SAN14.exe"+1D92F7: 8B C3 - mov eax,ebx
"SAN14.exe"+1D92F9: 4C 8D 5C 24 70 - lea r11,[rsp+70]
"SAN14.exe"+1D92FE: 49 8B 5B 30 - mov rbx,[r11+30]
"SAN14.exe"+1D9302: 49 8B 6B 40 - mov rbp,[r11+40]
"SAN14.exe"+1D9306: 49 8B 73 48 - mov rsi,[r11+48]
"SAN14.exe"+1D930A: 49 8B E3 - mov rsp,r11
"SAN14.exe"+1D930D: 41 5F - pop r15
"SAN14.exe"+1D930F: 41 5E - pop r14
}
SAN14_StatsCap2:
db 41 B9 64 00 00 00
unregistersymbol(SAN14_StatsCap2)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+1D4C59
"SAN14.exe"+1D4C2C: 83 F9 09 - cmp ecx,09
"SAN14.exe"+1D4C2F: 7C CF - jl SAN14.exe+1D4C00
"SAN14.exe"+1D4C31: 0F B6 86 2A 01 00 00 - movzx eax,byte ptr [rsi+0000012A]
"SAN14.exe"+1D4C38: B9 06 00 00 00 - mov ecx,00000006
"SAN14.exe"+1D4C3D: 3B C1 - cmp eax,ecx
"SAN14.exe"+1D4C3F: 0F 47 C1 - cmova eax,ecx
"SAN14.exe"+1D4C42: 88 86 2A 01 00 00 - mov [rsi+0000012A],al
"SAN14.exe"+1D4C48: 48 8D 8E 9E 00 00 00 - lea rcx,[rsi+0000009E]
"SAN14.exe"+1D4C4F: 49 C7 C0 62 FF FF FF - mov r8,FFFFFFFFFFFFFF62
"SAN14.exe"+1D4C56: 4C 2B C6 - sub r8,rsi
// ---------- INJECTING HERE ----------
"SAN14.exe"+1D4C59: 41 B9 64 00 00 00 - mov r9d,00000064
// ---------- DONE INJECTING ----------
"SAN14.exe"+1D4C5F: 90 - nop
"SAN14.exe"+1D4C60: 0F B6 11 - movzx edx,byte ptr [rcx]
"SAN14.exe"+1D4C63: 49 8D 04 08 - lea rax,[r8+rcx]
"SAN14.exe"+1D4C67: 48 83 F8 04 - cmp rax,04
"SAN14.exe"+1D4C6B: 77 09 - ja SAN14.exe+1D4C76
"SAN14.exe"+1D4C6D: 41 3B D1 - cmp edx,r9d
"SAN14.exe"+1D4C70: 41 0F 47 D1 - cmova edx,r9d
"SAN14.exe"+1D4C74: 88 11 - mov [rcx],dl
"SAN14.exe"+1D4C76: 48 FF C1 - inc rcx
"SAN14.exe"+1D4C79: 49 8D 04 08 - lea rax,[r8+rcx]
}
181
"Cheat Stats(any stats=255 -> max stats)"
Auto Assembler Script
[ENABLE]
aobscanmodule(SAN14_CheatStats,SAN14.exe,41 0F B6 84 0D 9E 00 00 00) // should be unique
alloc(newmem,64,SAN14_CheatStats)
alloc(maxStats,4)
registersymbol(maxStats)
maxStats:
dd 3e7
label(code)
label(return)
newmem:
cmp byte ptr [r13+rcx+0000009E],ff
jne code
mov eax,[maxStats] //3e7
jmp return
code:
movzx eax,byte ptr [r13+rcx+0000009E]
jmp return
SAN14_CheatStats:
jmp newmem
nop 4
return:
registersymbol(SAN14_CheatStats)
aobscanmodule(SAN14_CheatStats_DuringAttackPhases,SAN14.exe,44 0F B6 B4 37 9E 00 00 00) // should be unique
alloc(newmem2,64,SAN14_CheatStats_DuringAttackPhases)
label(code2)
label(return2)
newmem2:
cmp byte ptr [rdi+rsi+0000009E],ff
jne code2
mov r14d,[maxStats]//3e7
jmp return2
code2:
movzx r14d,byte ptr [rdi+rsi+0000009E]
jmp return2
SAN14_CheatStats_DuringAttackPhases:
jmp newmem2
nop 4
return2:
registersymbol(SAN14_CheatStats_DuringAttackPhases)
aobscanmodule(SAN14_CheatStatsBattleWon,SAN14.exe,E9 ?? ?? ?? ?? 46 0F B6 A4 28 9E 00 00 00) // should be unique
alloc(newmem3,64,SAN14_CheatStatsBattleWon)
label(code3)
label(return3)
newmem3:
cmp byte ptr [rax+r13+0000009E],ff
jne code3
mov r12d,[maxStats] //3e7
jmp return3
code3:
movzx r12d,byte ptr [rax+r13+0000009E]
jmp return3
SAN14_CheatStatsBattleWon+05:
jmp newmem3
nop 4
return3:
registersymbol(SAN14_CheatStatsBattleWon)
[DISABLE]
SAN14_CheatStats:
db 41 0F B6 84 0D 9E 00 00 00
unregistersymbol(maxStats)
dealloc(maxStats)
unregistersymbol(SAN14_CheatStats)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+1D905D
"SAN14.exe"+1D9038: 41 56 - push r14
"SAN14.exe"+1D903A: 41 57 - push r15
"SAN14.exe"+1D903C: 48 83 EC 70 - sub rsp,70
"SAN14.exe"+1D9040: 48 C7 40 88 FE FF FF FF - mov qword ptr [rax-78],FFFFFFFFFFFFFFFE
"SAN14.exe"+1D9048: 48 89 58 08 - mov [rax+08],rbx
"SAN14.exe"+1D904C: 48 89 68 18 - mov [rax+18],rbp
"SAN14.exe"+1D9050: 48 89 70 20 - mov [rax+20],rsi
"SAN14.exe"+1D9054: 41 8B D8 - mov ebx,r8d
"SAN14.exe"+1D9057: 4C 63 EA - movsxd r13,edx
"SAN14.exe"+1D905A: 48 8B F9 - mov rdi,rcx
// ---------- INJECTING HERE ----------
"SAN14.exe"+1D905D: 41 0F B6 84 0D 9E 00 00 00 - movzx eax,byte ptr [r13+rcx+0000009E]
// ---------- DONE INJECTING ----------
"SAN14.exe"+1D9066: 89 84 24 A8 00 00 00 - mov [rsp+000000A8],eax
"SAN14.exe"+1D906D: 45 33 FF - xor r15d,r15d
"SAN14.exe"+1D9070: 45 8B F7 - mov r14d,r15d
"SAN14.exe"+1D9073: 45 8B CF - mov r9d,r15d
"SAN14.exe"+1D9076: 41 8B C0 - mov eax,r8d
"SAN14.exe"+1D9079: 83 E0 01 - and eax,01
"SAN14.exe"+1D907C: 84 C0 - test al,al
"SAN14.exe"+1D907E: 74 08 - je SAN14.exe+1D9088
"SAN14.exe"+1D9080: 44 0F B6 89 08 01 00 00 - movzx r9d,byte ptr [rcx+00000108]
"SAN14.exe"+1D9088: 45 85 C9 - test r9d,r9d
}
SAN14_CheatStats_DuringAttackPhases:
db 44 0F B6 B4 37 9E 00 00 00
unregistersymbol(SAN14_CheatStats_DuringAttackPhases)
dealloc(newmem2)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+23CA13
"SAN14.exe"+23C9ED: FF 52 40 - call qword ptr [rdx+40]
"SAN14.exe"+23C9F0: 83 F8 33 - cmp eax,33
"SAN14.exe"+23C9F3: 0F 84 94 01 00 00 - je SAN14.exe+23CB8D
"SAN14.exe"+23C9F9: 48 8B 13 - mov rdx,[rbx]
"SAN14.exe"+23C9FC: 48 8B CB - mov rcx,rbx
"SAN14.exe"+23C9FF: FF 52 40 - call qword ptr [rdx+40]
"SAN14.exe"+23CA02: 83 C0 D2 - add eax,-2E
"SAN14.exe"+23CA05: 83 F8 04 - cmp eax,04
"SAN14.exe"+23CA08: 0F 86 7F 01 00 00 - jbe SAN14.exe+23CB8D
"SAN14.exe"+23CA0E: 4C 89 74 24 50 - mov [rsp+50],r14
// ---------- INJECTING HERE ----------
"SAN14.exe"+23CA13: 44 0F B6 B4 37 9E 00 00 00 - movzx r14d,byte ptr [rdi+rsi+0000009E]
// ---------- DONE INJECTING ----------
"SAN14.exe"+23CA1C: 4C 89 7C 24 58 - mov [rsp+58],r15
"SAN14.exe"+23CA21: 41 83 FE 64 - cmp r14d,64
"SAN14.exe"+23CA25: 0F 84 58 01 00 00 - je SAN14.exe+23CB83
"SAN14.exe"+23CA2B: 4C 89 64 24 48 - mov [rsp+48],r12
"SAN14.exe"+23CA30: BA 4B 00 00 00 - mov edx,0000004B
"SAN14.exe"+23CA35: 44 8B A4 BE B4 00 00 00 - mov r12d,[rsi+rdi*4+000000B4]
"SAN14.exe"+23CA3D: 48 8B CE - mov rcx,rsi
"SAN14.exe"+23CA40: E8 3B C3 FF FF - call SAN14.exe+238D80
"SAN14.exe"+23CA45: 8B 0D 75 1E 31 01 - mov ecx,[SAN14.exe+154E8C0]
"SAN14.exe"+23CA4B: 33 DB - xor ebx,ebx
}
SAN14_CheatStatsBattleWon+05:
db 46 0F B6 A4 28 9E 00 00 00
unregistersymbol(SAN14_CheatStatsBattleWon)
dealloc(newmem3)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+1DABAB
"SAN14.exe"+1DAB83: 89 4D 7F - mov [rbp+7F],ecx
"SAN14.exe"+1DAB86: 33 D2 - xor edx,edx
"SAN14.exe"+1DAB88: 89 55 77 - mov [rbp+77],edx
"SAN14.exe"+1DAB8B: 33 C0 - xor eax,eax
"SAN14.exe"+1DAB8D: 48 89 45 97 - mov [rbp-69],rax
"SAN14.exe"+1DAB91: 48 8D 3D 68 04 DA 00 - lea rdi,[SAN14.exe+F7B000]
"SAN14.exe"+1DAB98: 45 85 C0 - test r8d,r8d
"SAN14.exe"+1DAB9B: 74 0E - je SAN14.exe+1DABAB
"SAN14.exe"+1DAB9D: 42 0F B6 9C 28 9E 00 00 00 - movzx ebx,byte ptr [rax+r13+0000009E]
"SAN14.exe"+1DABA6: E9 0C 03 00 00 - jmp SAN14.exe+1DAEB7
// ---------- INJECTING HERE ----------
"SAN14.exe"+1DABAB: 46 0F B6 A4 28 9E 00 00 00 - movzx r12d,byte ptr [rax+r13+0000009E]
// ---------- DONE INJECTING ----------
"SAN14.exe"+1DABB4: 45 33 FF - xor r15d,r15d
"SAN14.exe"+1DABB7: 41 0F B6 8D 08 01 00 00 - movzx ecx,byte ptr [r13+00000108]
"SAN14.exe"+1DABBF: 85 C9 - test ecx,ecx
"SAN14.exe"+1DABC1: 74 2A - je SAN14.exe+1DABED
"SAN14.exe"+1DABC3: 83 E9 01 - sub ecx,01
"SAN14.exe"+1DABC6: 74 1C - je SAN14.exe+1DABE4
"SAN14.exe"+1DABC8: 83 E9 01 - sub ecx,01
"SAN14.exe"+1DABCB: 74 0E - je SAN14.exe+1DABDB
"SAN14.exe"+1DABCD: 83 F9 01 - cmp ecx,01
"SAN14.exe"+1DABD0: 75 22 - jne SAN14.exe+1DABF4
}
190
"Auto Assemble script"
Auto Assembler Script
[ENABLE]
aobscanmodule(SAN14_BaseStatsUncap,SAN14.exe,88 87 69 01 00 00) // should be unique
SAN14_BaseStatsUncap:
db FF
registersymbol(SAN14_BaseStatsUncap)
[DISABLE]
SAN14_BaseStatsUncap:
db 88
unregistersymbol(SAN14_BaseStatsUncap)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+1D869F
"SAN14.exe"+1D8681: 88 87 68 01 00 00 - mov [rdi+00000168],al
"SAN14.exe"+1D8687: 85 C9 - test ecx,ecx
"SAN14.exe"+1D8689: 74 05 - je SAN14.exe+1D8690
"SAN14.exe"+1D868B: 6B C1 64 - imul eax,ecx,64
"SAN14.exe"+1D868E: EB 09 - jmp SAN14.exe+1D8699
"SAN14.exe"+1D8690: 8D 42 FF - lea eax,[rdx-01]
"SAN14.exe"+1D8693: 83 E0 01 - and eax,01
"SAN14.exe"+1D8696: 6B C0 64 - imul eax,eax,64
"SAN14.exe"+1D8699: 41 32 C0 - xor al,r8l
"SAN14.exe"+1D869C: C0 C8 03 - ror al,03
// ---------- INJECTING HERE ----------
"SAN14.exe"+1D869F: 88 87 69 01 00 00 - mov [rdi+00000169],al
// ---------- DONE INJECTING ----------
"SAN14.exe"+1D86A5: 33 ED - xor ebp,ebp
"SAN14.exe"+1D86A7: 44 8B C5 - mov r8d,ebp
"SAN14.exe"+1D86AA: B9 01 00 00 00 - mov ecx,00000001
"SAN14.exe"+1D86AF: C1 C1 00 - rol ecx,00
"SAN14.exe"+1D86B2: 8B D5 - mov edx,ebp
"SAN14.exe"+1D86B4: 83 FA 14 - cmp edx,14
"SAN14.exe"+1D86B7: 77 29 - ja SAN14.exe+1D86E2
"SAN14.exe"+1D86B9: 44 8B 8F D4 00 00 00 - mov r9d,[rdi+000000D4]
"SAN14.exe"+1D86C0: 44 85 C9 - test ecx,r9d
"SAN14.exe"+1D86C3: 8B C5 - mov eax,ebp
}
192
"Auto Assemble script"
Auto Assembler Script
[ENABLE]
aobscanmodule(SAN14_BaseStatsUncap,SAN14.exe,0F B7 51 10 8B CA) // should be unique
alloc(newmem,64,SAN14_BaseStatsUncap)
label(code)
label(return)
newmem:
mov word ptr [rcx+10],FF
code:
movzx edx,word ptr [rcx+10]
mov ecx,edx
jmp return
SAN14_BaseStatsUncap:
jmp newmem
nop
return:
registersymbol(SAN14_BaseStatsUncap)
[DISABLE]
SAN14_BaseStatsUncap:
db 0F B7 51 10 8B CA
unregistersymbol(SAN14_BaseStatsUncap)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+1D865A
"SAN14.exe"+1D8630: 41 54 - push r12
"SAN14.exe"+1D8632: 41 56 - push r14
"SAN14.exe"+1D8634: 41 57 - push r15
"SAN14.exe"+1D8636: 48 83 EC 40 - sub rsp,40
"SAN14.exe"+1D863A: 48 C7 44 24 20 FE FF FF FF - mov qword ptr [rsp+20],FFFFFFFFFFFFFFFE
"SAN14.exe"+1D8643: 48 89 5C 24 60 - mov [rsp+60],rbx
"SAN14.exe"+1D8648: 48 89 6C 24 68 - mov [rsp+68],rbp
"SAN14.exe"+1D864D: 48 89 74 24 70 - mov [rsp+70],rsi
"SAN14.exe"+1D8652: 48 89 7C 24 78 - mov [rsp+78],rdi
"SAN14.exe"+1D8657: 48 8B F9 - mov rdi,rcx
// ---------- INJECTING HERE ----------
"SAN14.exe"+1D865A: 0F B7 51 10 - movzx edx,word ptr [rcx+10]
"SAN14.exe"+1D865E: 8B CA - mov ecx,edx
// ---------- DONE INJECTING ----------
"SAN14.exe"+1D8660: 83 E1 01 - and ecx,01
"SAN14.exe"+1D8663: 74 05 - je SAN14.exe+1D866A
"SAN14.exe"+1D8665: 6B C1 64 - imul eax,ecx,64
"SAN14.exe"+1D8668: EB 09 - jmp SAN14.exe+1D8673
"SAN14.exe"+1D866A: 8D 42 FF - lea eax,[rdx-01]
"SAN14.exe"+1D866D: 83 E0 01 - and eax,01
"SAN14.exe"+1D8670: 6B C0 64 - imul eax,eax,64
"SAN14.exe"+1D8673: 83 C0 14 - add eax,14
"SAN14.exe"+1D8676: 44 0F B6 47 10 - movzx r8d,byte ptr [rdi+10]
"SAN14.exe"+1D867B: 41 32 C0 - xor al,r8l
}
193
"Auto Assemble script"
Auto Assembler Script
{ Game : SAN14.exe
Version:
Date : 2020-03-22
Author : Kha
This script does blah blah blah
}
[ENABLE]
aobscanmodule(INJECT,SAN14.exe,BB 64 00 00 00 0F) // should be unique
alloc(newmem,$1000,"SAN14.exe"+1DF3E2)
label(code)
label(return)
newmem:
code:
mov ebx,000000ff
jmp return
INJECT:
jmp newmem
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db BB 64 00 00 00
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+1DF3E2
"SAN14.exe"+1DF3BF: 75 07 - jne SAN14.exe+1DF3C8
"SAN14.exe"+1DF3C1: 4C 8B 44 24 30 - mov r8,[rsp+30]
"SAN14.exe"+1DF3C6: EB D8 - jmp SAN14.exe+1DF3A0
"SAN14.exe"+1DF3C8: 48 8D 54 24 48 - lea rdx,[rsp+48]
"SAN14.exe"+1DF3CD: 48 8B CF - mov rcx,rdi
"SAN14.exe"+1DF3D0: E8 2B B4 E6 FF - call SAN14.exe+4A800
"SAN14.exe"+1DF3D5: 4C 8B 44 24 30 - mov r8,[rsp+30]
"SAN14.exe"+1DF3DA: 4C 3B 40 08 - cmp r8,[rax+08]
"SAN14.exe"+1DF3DE: 75 91 - jne SAN14.exe+1DF371
"SAN14.exe"+1DF3E0: EB 05 - jmp SAN14.exe+1DF3E7
// ---------- INJECTING HERE ----------
"SAN14.exe"+1DF3E2: BB 64 00 00 00 - mov ebx,00000064
// ---------- DONE INJECTING ----------
"SAN14.exe"+1DF3E7: 0F B6 87 69 01 00 00 - movzx eax,byte ptr [rdi+00000169]
"SAN14.exe"+1DF3EE: EB 07 - jmp SAN14.exe+1DF3F7
"SAN14.exe"+1DF3F0: 0F B6 87 68 01 00 00 - movzx eax,byte ptr [rdi+00000168]
"SAN14.exe"+1DF3F7: C0 C0 03 - rol al,03
"SAN14.exe"+1DF3FA: 0F B6 C8 - movzx ecx,al
"SAN14.exe"+1DF3FD: 0F B6 47 10 - movzx eax,byte ptr [rdi+10]
"SAN14.exe"+1DF401: 33 C8 - xor ecx,eax
"SAN14.exe"+1DF403: 83 FB 01 - cmp ebx,01
"SAN14.exe"+1DF406: 7D 07 - jnl SAN14.exe+1DF40F
"SAN14.exe"+1DF408: BB 01 00 00 00 - mov ebx,00000001
}
194
"Auto Assemble script"
Auto Assembler Script
[ENABLE]
aobscanmodule(SAN14_UncapStatsRead,SAN14.exe,0F 4F D9 8B C3 4C) // should be unique
SAN14_UncapStatsRead:
cmovl ebx,ecx
registersymbol(SAN14_UncapStatsRead)
[DISABLE]
SAN14_UncapStatsRead:
db 0F 4F D9 8B C3
unregistersymbol(SAN14_UncapStatsRead)
{
// ORIGINAL CODE - INJECTION POINT: "SAN14.exe"+1DF411
"SAN14.exe"+1DF3F0: 0F B6 87 68 01 00 00 - movzx eax,byte ptr [rdi+00000168]
"SAN14.exe"+1DF3F7: C0 C0 03 - rol al,03
"SAN14.exe"+1DF3FA: 0F B6 C8 - movzx ecx,al
"SAN14.exe"+1DF3FD: 0F B6 47 10 - movzx eax,byte ptr [rdi+10]
"SAN14.exe"+1DF401: 33 C8 - xor ecx,eax
"SAN14.exe"+1DF403: 83 FB 01 - cmp ebx,01
"SAN14.exe"+1DF406: 7D 07 - jnl SAN14.exe+1DF40F
"SAN14.exe"+1DF408: BB 01 00 00 00 - mov ebx,00000001
"SAN14.exe"+1DF40D: EB 05 - jmp SAN14.exe+1DF414
"SAN14.exe"+1DF40F: 3B D9 - cmp ebx,ecx
// ---------- INJECTING HERE ----------
"SAN14.exe"+1DF411: 0F 4F D9 - cmovg ebx,ecx
"SAN14.exe"+1DF414: 8B C3 - mov eax,ebx
// ---------- DONE INJECTING ----------
"SAN14.exe"+1DF416: 4C 8D 5C 24 70 - lea r11,[rsp+70]
"SAN14.exe"+1DF41B: 49 8B 5B 30 - mov rbx,[r11+30]
"SAN14.exe"+1DF41F: 49 8B 6B 40 - mov rbp,[r11+40]
"SAN14.exe"+1DF423: 49 8B 73 48 - mov rsi,[r11+48]
"SAN14.exe"+1DF427: 49 8B E3 - mov rsp,r11
"SAN14.exe"+1DF42A: 41 5F - pop r15
"SAN14.exe"+1DF42C: 41 5E - pop r14
"SAN14.exe"+1DF42E: 41 5D - pop r13
"SAN14.exe"+1DF430: 41 5C - pop r12
"SAN14.exe"+1DF432: 5F - pop rdi
}
Info about this table: