6
"INIT"
000080
Auto Assembler Script
[ENABLE]
{$lua}
autoAssemble([[
aobscanmodule( aob1, AC3SP.exe, 8B0F8D14813BF275??536A00 )
registersymbol( aob1 )
alloc(memcode,$200,aob1)
registersymbol( memcode )
label(return1)
label(ncode)
memcode:
cmp byte ptr [memcode+100],00
jne ncode
push ebx
push 00
lea ecx,[ebp-24]
jmp return1
ncode:
movzx ecx,word ptr [memcode+10A]
mov edi,memcode+104
mov esi,[edi]
lea edx,[esi+ecx*4]
mov [ebp-0C],edi
mov byte ptr [memcode+100],00
jmp aob1+5
aob1+9:
jmp memcode
nop
return1:
]])
tempunlo = false
function msearch(bytes,flag)
local memScanner = createMemScan()
memScanner.setOnlyOneResult(true)
memScanner.firstScan(
soExactValue,vtByteArray,rtRounded,bytes,nil,
0,0xFFFFFFFF,flag,fsmNotAligned,"",true,false,false,false)
memScanner.waitTillDone()
local res = memScanner.getOnlyResult()
memScanner.destroy()
return res
end
function bt2str(bt)
local res=""
for i, v in ipairs(bt) do
res = res .. string.format('%02X', v)
end
return res
end
unregisterSymbol("hdlcommp")
registerSymbol("hdlcommp",msearch("F96A018D4F14C707????????E8????????6A018D4F","+X-W") +8)
unregisterSymbol("allocit")
registerSymbol("allocit",allocateMemory(2048))
unregisterSymbol("memmap")
registerSymbol("memmap",readInteger(msearch("750885F674238B0D????????56E8","+X-W") +8))
bt = bt2str(readBytes("hdlcommp",4,true))
function igunlock(bytes,g)
bytes= g .. "000080" .. bytes
local item=readInteger(msearch(bytes,"-X+W")-8)+40
if(readBytes(item,1,false) == 0) then
return false
end
writeBytes(item,0)
return true
end
memmap2 = readInteger(readInteger(getAddress("memmap"))+444)
writeBytes(memmap2 + bShr(getAddress("allocit"),16), 129)
newitlist = getAddress("allocit")+8
allocs = {}
function check05(item)
if(const1 == nil) then return false end -- if const1 undef, abort check
local bytes= bt2str(dwordToByteTable(const1)) .. bt2str(dwordToByteTable(item)) .. bt2str(dwordToByteTable(const2))
if(msearch(bytes,"-X") == nil) then
return false
end
return true
end
function craftamel(bytes,g,t)
bytes= g .. "000080" .. bytes
local item = msearch(bytes,"-X")-8
if(check05(item)) then
return nil
end
local memScanner = createMemScan()
local memFoundList = createFoundList(memScanner)
memScanner.firstScan(
soExactValue,vtByteArray,rtRounded,bt .. t .. "0000000000000000000000????????????????????????00000000",nil,
0,0xFFFFFFFF,"-X+W",fsmNotAligned,"",true,false,false,false)
memScanner.waitTillDone()
memFoundList.initialize()
local l=0
local success=false
local c=0
local j=0
local liststodo = {}
local cmax=1
local nltd=0
for i=0,(memFoundList.Count-1) do
c = readSmallInteger(memFoundList.Address[i] .. "+18")
if(c == cmax) then
liststodo[nltd] = memFoundList.Address[i]
nltd=nltd+1
end
if(c > cmax) then
cmax = c
liststodo = {}
liststodo[0] = memFoundList.Address[i]
nltd=1
end
end
for i=0,(nltd-1) do
l = readSmallInteger(liststodo[i] .. "+1A") -- length
c = readSmallInteger(liststodo[i] .. "+18") -- capacity
adr=readInteger(liststodo[i] .. "+14")
if(const1 == nil) then
const1 = readInteger(readInteger(adr))
const2 = readInteger(readInteger(adr)+8)
end
if(l+1>=c) then
if(allocs[j] == nil) then
allocs[j] = allocateMemory(c*4+60)+8
writeBytes(memmap2+bShr(allocs[j],16), 129)
end
copyMemory(adr, l*4, allocs[j])
writeInteger(allocs[j]+4*l,newitlist)
writeInteger(liststodo[i] .. "+14",allocs[j])
writeSmallInteger(liststodo[i] .. "+18",c+10)
j=j+1
else
writeInteger(adr+4*l,newitlist)
end
writeInteger(newitlist,const1)
writeInteger(newitlist+8,const2)
writeInteger(newitlist+4,item)
writeSmallInteger(liststodo[i] .. "+1A",l+1)
success=true
newitlist=newitlist+12
end
if(not success) then showMessage("Unable to unlock. " .. memFoundList.Count) end
memFoundList.destroy()
memScanner.destroy()
end
function domainadd(bytes,g)
bytes= g .. "000080" .. bytes
local item = msearch(bytes,"-X")-8
if(readBytes("memcode+100",1,false)==1) then
local l = readSmallInteger("memcode+10A")+1
writeSmallInteger("memcode+10A", l)
writeSmallInteger("memcode+108", l)
writeInteger(getAddress("memcode+10C")+l*4-4,item)
else
writeBytes("memcode+100",1)
writeInteger("memcode+104",getAddress("memcode+10C"))
writeBytes("memcode+108",2,0,1,0)
writeInteger("memcode+10C",item)
end
end
{$asm}
[DISABLE]
aob1+9:
db 53 6A 00 8D 4D DC
// push ebx
// push 00
// lea ecx,[ebp-24]
dealloc(memcode)
unregistersymbol( aob1 )
unregistersymbol( memcode )
unregistersymbol( hdlcommp )
dealloc(allocit)
unregistersymbol( allocit )
unregistersymbol( memmap )
24
"hdlcommp"
1
4 Bytes
hdlcommp
26
"allocit"
1
4 Bytes
allocit
27
"memmap"
1
4 Bytes
memmap
11
"Crafting"
1
7
"Washington's Battle Sword"
FF0000
Auto Assembler Script
[ENABLE]
{$lua}
if(igunlock("8473BDAA02000000","02") or tempunlo) then
domainadd("C35A8B8205000000","02")
end
{$asm}
[DISABLE]
35
"Lincoln's Sword"
FF0000
Auto Assembler Script
[ENABLE]
{$lua}
if(igunlock("7C73BDAA02000000","02") or tempunlo) then
domainadd("BF5A8B8205000000","02")
end
{$asm}
[DISABLE]
36
"War Tomahawk"
FF0000
Auto Assembler Script
[ENABLE]
{$lua}
if(igunlock("5473BDAA02000000","02") or tempunlo) then
domainadd("53D0BC9305000000","02")
end
{$asm}
[DISABLE]
37
"Broken Sword Knife"
FF0000
Auto Assembler Script
[ENABLE]
{$lua}
if(igunlock("5C73BDAA02000000","02") or tempunlo) then
domainadd("57D0BC9305000000","02")
end
{$asm}
[DISABLE]
38
"Iron Blade War Club"
FF0000
Auto Assembler Script
[ENABLE]
{$lua}
if(igunlock("5873BDAA02000000","02") or tempunlo) then
domainadd("C1CFBC9305000000","02")
end
{$asm}
[DISABLE]
39
"Naval Axe"
FF0000
Auto Assembler Script
[ENABLE]
{$lua}
if(igunlock("780E9DD501000000","02") or tempunlo) then
domainadd("E566B9EE04000000","02")
end
{$asm}
[DISABLE]
47
"French Coat Pistol"
FF0000
Auto Assembler Script
[ENABLE]
{$lua}
if(igunlock("6073BDAA02000000","02") or tempunlo) then
domainadd("B9CFBC9305000000","02")
end
{$asm}
[DISABLE]
46
"English Flintlock Pistol"
FF0000
Auto Assembler Script
[ENABLE]
{$lua}
if(igunlock("6473BDAA02000000","02") or tempunlo) then
domainadd("C5CFBC9305000000","02")
end
{$asm}
[DISABLE]
45
"Royal Pistol"
FF0000
Auto Assembler Script
[ENABLE]
{$lua}
if(igunlock("6873BDAA02000000","02") or tempunlo) then
domainadd("B5CFBC9305000000","02")
end
{$asm}
[DISABLE]
44
"Naval Duckfoot"
FF0000
Auto Assembler Script
[ENABLE]
{$lua}
if(igunlock("7073BDAA02000000","02") or tempunlo) then
domainadd("C9CFBC9305000000","02")
end
{$asm}
[DISABLE]
43
"Italian Flintlock"
FF0000
Auto Assembler Script
[ENABLE]
{$lua}
if(igunlock("7473BDAA02000000","02") or tempunlo) then
domainadd("BDCFBC9305000000","02")
end
{$asm}
[DISABLE]
42
"Royal Navy Sea Service Flintlock"
FF0000
Auto Assembler Script
[ENABLE]
{$lua}
if(igunlock("7873BDAA02000000","02") or tempunlo) then
domainadd("B1CFBC9305000000","02")
end
{$asm}
[DISABLE]
41
"Twin Holsters"
FF0000
Auto Assembler Script
[ENABLE]
{$lua}
if(not check05(msearch("02000080A54EA4D202000000","-X")-8)) then
domainadd("A54EA4D202000000","02")
end
{$asm}
[DISABLE]
49
"Cartridge Pouch 1"
FF0000
Auto Assembler Script
[ENABLE]
{$lua}
craftamel("3E67C5AE02000000","04","06")
{$asm}
[DISABLE]
48
"Cartridge Pouch 2"
FF0000
Auto Assembler Script
[ENABLE]
{$lua}
craftamel("030DB22903000000","02","06")
{$asm}
[DISABLE]
40
"Cartridge Pouch 3"
FF0000
Auto Assembler Script
[ENABLE]
{$lua}
craftamel("070DB22903000000","02","06")
{$asm}
[DISABLE]
58
"Large Saddle Bags"
FF0000
Auto Assembler Script
[ENABLE]
{$lua}
craftamel("D6A6E8ED01000000","02","13")
{$asm}
[DISABLE]
57
"Medium Saddle Bags"
FF0000
Auto Assembler Script
[ENABLE]
{$lua}
craftamel("DAA6E8ED01000000","02","13")
{$asm}
[DISABLE]
56
"Poison Dart Pouch Upgrade 1"
FF0000
Auto Assembler Script
[ENABLE]
{$lua}
craftamel("DF61D96100000000","02","06")
{$asm}
[DISABLE]
55
"Quiver 1"
FF0000
Auto Assembler Script
[ENABLE]
{$lua}
craftamel("C03FEDA902000000","02","06")
{$asm}
[DISABLE]
54
"Rope Dart Pouch 1"
FF0000
Auto Assembler Script
[ENABLE]
{$lua}
craftamel("1EE5EF0903000000","02","06")
{$asm}
[DISABLE]
53
"Small Saddle Bags"
FF0000
Auto Assembler Script
[ENABLE]
{$lua}
craftamel("DEA6E8ED01000000","02","13")
{$asm}
[DISABLE]
52
"Snare Pouch 1"
FF0000
Auto Assembler Script
[ENABLE]
{$lua}
craftamel("89C1480903000000","02","06")
{$asm}
[DISABLE]
51
"Smoke Bomb Pouch Upgrade 1"
FF0000
Auto Assembler Script
[ENABLE]
{$lua}
craftamel("A78E305500000000","02","06")
{$asm}
[DISABLE]
50
"Trip Mine Pouch Upgrade 1"
FF0000
Auto Assembler Script
[ENABLE]
{$lua}
craftamel("ABC2EF0903000000","02","06")
{$asm}
[DISABLE]
16
"Outfits (homestead)"
1
15
"Altair"
FF0000
Auto Assembler Script
[ENABLE]
{$lua}
if(not check05(msearch("020000807604B41103000000","-X")-8)) then
domainadd("7604B41103000000","02")
end
{$asm}
[DISABLE]
62
"Achille's Original Outfit"
FF0000
Auto Assembler Script
[ENABLE]
{$lua}
if(not check05(msearch("020000808604B41103000000","-X")-8)) then
domainadd("8604B41103000000","02")
end
{$asm}
[DISABLE]
61
"Captain Kidd's Robes"
FF0000
Auto Assembler Script
[ENABLE]
{$lua}
if(not check05(msearch("020000808204B41103000000","-X")-8)) then
domainadd("8204B41103000000","02")
end
{$asm}
[DISABLE]
60
"Kanien'keha:ka Outfit"
FF0000
Auto Assembler Script
[ENABLE]
{$lua}
if(not check05(msearch("020000807A04B41103000000","-X")-8)) then
domainadd("7A04B41103000000","02")
end
{$asm}
[DISABLE]
59
"Prisoner Outfit"
FF0000
Auto Assembler Script
[ENABLE]
{$lua}
if(not check05(msearch("020000807E04B41103000000","-X")-8)) then
domainadd("7E04B41103000000","02")
end
{$asm}
[DISABLE]
34
"Special temporary unlock (Ezio outfit and more)"
FF0000
Auto Assembler Script
[ENABLE]
{$lua}
autoAssemble([[
aobscanmodule( aob2, AC3SP.exe, 8A450853568BF157884628E8 )
registersymbol( aob2 )
aobscanmodule( aob3, AC3SP.exe, 8D90380200008B41103B0275 )
registersymbol( aob3 )
label(return2)
memcode+50:
mov esi,ecx
push edi
mov al,00
mov [esi+28],al
jmp return2
aob2+5:
jmp memcode+50
nop
return2:
aob3+9:
db 90 90 EB // cmp jne to nop jmp
]])
tempunlo = true
if(igunlock("7204B41103000000","02")) then
domainadd("7204B41103000000","02") -- ezio
end
{$asm}
[DISABLE]
{$lua}
autoAssemble([[
aob2+5:
db 8B F1 57 88 46 28
// mov esi,ecx
// push edi
// mov [esi+28],al
aob3+9:
db 3B 02 75
unregistersymbol( aob2 )
unregistersymbol( aob3 )
]])
tempunlo = false