18
"Sunbeam Cheats"
4080FF
1
66
"g_godMode (set to 2)"
4 Bytes
Prey.exe+2416F28
67
"Infinite Stamina"
Auto Assembler Script
[ENABLE]
alloc( Hook, 0x1000, Prey.exe )
label( pStamina )
registersymbol( pStamina )
label( back )
Hook:
mov byte ptr [rcx+C],1 // set pl_infinite_stamina to 1
mov [pStamina],rcx
@@:
push rbx
sub rsp,70
jmp back
pStamina:
dq 0
Prey.exe+1316F60:
jmp Hook
db 90
back:
/*
Prey.exe+1316F60 - 40 53 - push rbx
Prey.exe+1316F62 - 48 83 EC 70 - sub rsp,70
Prey.exe+1316F66 - 83 79 0C 00 - cmp dword ptr [rcx+C],0
Prey.exe+1316F6A - 0F29 74 24 60 - movaps [rsp+60],xmm6
Prey.exe+1316F6F - 0F29 7C 24 50 - movaps [rsp+50],xmm7
Prey.exe+1316F74 - 48 8B D9 - mov rbx,rcx
Prey.exe+1316F77 - 0F57 F6 - xorps xmm6,xmm6
Prey.exe+1316F7A - 0F28 F9 - movaps xmm7,xmm1
*/
[DISABLE]
Prey.exe+1316F60:
push rbx
sub rsp,70
unregistersymbol( pStamina )
dealloc( Hook )
68
"Current Stamina"
Float
pStamina
10
69
"Max Stamina Threshold"
Float
pStamina
14
70
"pl_infiniteFlashlight (set to 1)"
4 Bytes
Prey.exe+240D5E0
978
71
"pl_infiniteClipAmmo (set to 1)"
4 Bytes
Prey.exe+240D5E0
BD4
72
"pl_infiniteNeuromods (set to 1)"
4 Bytes
Prey.exe+21FE840
73
"QueryCVar"
Auto Assembler Script
[ENABLE]
alloc( QueryHandlerThread, 0x1000, Prey.exe )
registersymbol( QueryHandlerThread )
CreateThread( QueryHandlerThread )
label( QueryHandlerOff )
registersymbol( QueryHandlerOff )
label( l_QueryHandlerThread )
label( QueryCVar )
label( GetCVar )
label( CVarString )
registersymbol( CVarString )
label( CVar )
registersymbol( CVar )
QueryHandlerThread:
sub rsp,28
l_QueryHandlerThread:
mov rcx,0a
call Sleep
cmp [QueryHandlerOff],1
jne short @f
add rsp,28
mov [QueryHandlerOff],2
ret
@@:
mov rcx,60 // VK_NUMPAD0
call GetAsyncKeyState
test ax,ax
jne short QueryCVar
jmp short l_QueryHandlerThread
QueryCVar:
call GetCVar
mov rcx,C8
call Sleep
jmp l_QueryHandlerThread
GetCVar:
sub rsp,28
mov rcx,[Prey.exe+2395B60] // [Prey.exe+2395B20] - 1.0
mov rax,[rcx]
call qword ptr [rax+238]
lea rdx,[CVarString]
mov r8,[rax]
mov rcx,rax
call qword ptr [r8+B8]
test rax,rax
jne short @f
mov [CVar],0
mov [CVar+4],0
add rsp,28
ret
@@:
mov rdx,[rax]
mov rcx,rax
//add rsp,28
//jmp qword ptr [rdx+10]
// <--
mov rax,[rcx+48]
mov [CVar],rax
// -->
add rsp,28
ret
QueryHandlerOff:
dd 0
CVar:
dq 0
CVarString:
db 'g_godMode',0
[DISABLE]
{$lua}
if( syntaxcheck == false ) then --actual execution
local starttime = getTickCount()
if readInteger( "QueryHandlerOff" ) == 0 then --could be 2 already
writeInteger( "QueryHandlerOff", 1 ) --tell the thread to kill itself
end
while( getTickCount() < starttime + 1000 ) and ( readInteger( "QueryHandlerOff" ) ~= 2 ) do --wait till it has finished
sleep( 20 )
end
if( getTickCount() > starttime + 1000 ) then --could happen when the window is shown
showMessage( 'Disabling the thread failed!' )
error( 'Thread disabling failed!' )
end
sleep( 1 )
end
{$asm}
unregistersymbol( CVar )
unregistersymbol( CVarString )
unregistersymbol( QueryHandlerOff )
unregistersymbol( QueryHandlerThread )
dealloc( QueryHandlerThread )
74
"CVarString"
String
100
0
1
CVarString
20
"CVar"
4 Bytes
CVar
0
31
"KeyExecHandler"
Auto Assembler Script
[ENABLE]
alloc( KeyExecHandlerThread, 0x1000, Prey.exe )
registersymbol( KeyExecHandlerThread )
CreateThread( KeyExecHandlerThread )
label( KeyExecHandlerOff )
registersymbol( KeyExecHandlerOff )
label( l_KeyExecHandlerThread )
label( j_KeyExecHandlerThread )
label( KeyExec )
label( bLock )
label( x0 )
label( _F9 )
//label( bEnable )
label( Hook )
label( back )
label( pBase )
KeyExecHandlerThread:
sub rsp,28
l_KeyExecHandlerThread:
mov rcx,A
call Sleep
cmp [KeyExecHandlerOff],1
jne short @f
add rsp,28
mov [KeyExecHandlerOff],2
ret
@@:
mov rcx,64 // VK_NUMPAD4 -- decreasetimedilation
call GetAsyncKeyState
test ax,ax
je short @f
mov rax,Prey.exe+15F2D30 // Prey.exe+15F28E0 - 1.0
call KeyExec
mov rcx,C8
call Sleep
jmp j_KeyExecHandlerThread
@@:
mov rcx,65 // VK_NUMPAD5 -- normaltimedilation
call GetAsyncKeyState
test ax,ax
je short @f
mov rax,Prey.exe+15F3D20 // Prey.exe+15F38D0 - 1.0
call KeyExec
mov rcx,C8
call Sleep
jmp j_KeyExecHandlerThread
@@:
mov rcx,66 // VK_NUMPAD6 -- increasetimedilation
call GetAsyncKeyState
test ax,ax
je short @f
mov rax,Prey.exe+15F3030 // Prey.exe+15F2BE0 - 1.0
call KeyExec
mov rcx,C8
call Sleep
jmp j_KeyExecHandlerThread
@@:
mov rcx,67 // VK_NUMPAD7 -- FreeCamEnable
call GetAsyncKeyState
test ax,ax
je short @f
mov rax,Prey.exe+17626A0 // Prey.exe+1761B90 - 1.0
call KeyExec
mov rcx,C8
call Sleep
jmp j_KeyExecHandlerThread
@@:
mov rcx,68 // VK_NUMPAD8 -- FreeCamLock/Unlock
call GetAsyncKeyState
test ax,ax
je short _F9
cmp [bLock],0
je short @f
mov rax,Prey.exe+1762780 // Prey.exe+1761C70 - 1.0
mov [bLock],0
jmp short x0
@@:
mov rax,Prey.exe+1762610 // Prey.exe+1761C20 - 1.0
mov [bLock],1
x0:
call KeyExec
mov rcx,C8
call Sleep
jmp j_KeyExecHandlerThread
_F9:
mov rcx,69 // VK_NUMPAD9 -- FreeCamDisable
call GetAsyncKeyState
test ax,ax
je short @f
mov rax,Prey.exe+1762610 // Prey.exe+1761B00 - 1.0
call KeyExec
mov rcx,C8
call Sleep
j_KeyExecHandlerThread:
jmp l_KeyExecHandlerThread
KeyExec:
// haven't added all params; just the ones I need for above functions
// point is -> may crash when executing other functions
sub rsp,4008
/*mov rdx,[pBase]
test rdx,rdx*/
mov rcx,[pBase]
test rcx,rcx
je short @f
/*
movss xmm0,[pVal] // (float)1.0
movsxd rcx,[rsp+38] // 00 00 00 00
mov r9d,[rsp+70] // 1
add rcx,rdx
mov edx,esi // 7777
mov r8,rbx
movss [rsp+20],xmm0
*/
call rax
@@:
add rsp,4008
ret
KeyExecHandlerOff:
dd 0
bLock:
dd 0
/*
bEnable:
dd 0
*/
pBase:
dq 0
Hook:
mov rcx,[rcx+20]
test rcx,ecx
je short @f
mov [pBase],rcx
@@:
jmp back
Prey.exe+4EEA30:
jmp Hook
db 90 90
back:
/*
pFunc:
db 60 2C 5F 41 01 00 00 00 00 00 00 00 01 00 00 00
pFunc:
used: rcx, r9d, rdi
Prey.exe+4EEA30 - 48 8B 49 20 - mov rcx,[rcx+20] <-- gets rdx
Prey.exe+4EEA34 - 48 85 C9 - test rcx,rcx <-- in rcx here
Prey.exe+4EEA37 - 74 07 - je Prey.exe+4EEA40
Prey.exe+4EEA39 - 48 8B 01 - mov rax,[rcx]
Prey.exe+4EEA3C - 48 FF 60 10 - jmp qword ptr [rax+10]
Prey.exe+4EEA40 - F3 C3 - repe ret
Prey.exe+367D70 - 48 89 5C 24 08 - mov [rsp+08],rbx
Prey.exe+367D75 - 57 - push rdi
Prey.exe+367D76 - 48 83 EC 20 - sub rsp,20 { 32 }
Prey.exe+367D7A - 48 8B F9 - mov rdi,rcx
Prey.exe+367D7D - 48 8B 0D 74DD0202 - mov rcx,[Prey.exe+2395AF8] { [3F0D27F0] }
Prey.exe+367D84 - 48 8B 01 - mov rax,[rcx]
Prey.exe+367D87 - 8B 57 28 - mov edx,[rdi+28]
Prey.exe+367D8A - FF 50 70 - call qword ptr [rax+70]
Prey.exe+367D8D - 48 85 C0 - test rax,rax
Prey.exe+367D90 - 74 26 - je Prey.exe+367DB8
Prey.exe+367D92 - 4C 8B 00 - mov r8,[rax]
Prey.exe+367D95 - BA 10000000 - mov edx,00000010 { 16 }
Prey.exe+367D9A - 48 8B C8 - mov rcx,rax
Prey.exe+367D9D - 41 FF 90 00020000 - call qword ptr [r8+00000200]
Prey.exe+367DA4 - 48 85 C0 - test rax,rax
Prey.exe+367DA7 - 74 0F - je Prey.exe+367DB8
Prey.exe+367DA9 - 48 8D 48 28 - lea rcx,[rax+28]
Prey.exe+367DAD - 48 85 C9 - test rcx,rcx
Prey.exe+367DB0 - 74 06 - je Prey.exe+367DB8
Prey.exe+367DB2 - 48 8B 01 - mov rax,[rcx]
Prey.exe+367DB5 - FF 50 10 - call qword ptr [rax+10] <-- call to Prey.exe+4EE3D0
Prey.exe+367DB8 - 48 FF 47 48 - inc [rdi+48]
Prey.exe+367DBC - 4C 8B 47 30 - mov r8,[rdi+30]
Prey.exe+367DC0 - 48 8B 4F 38 - mov rcx,[rdi+38]
Prey.exe+367DC4 - 49 2B C8 - sub rcx,r8
Prey.exe+367DC7 - 33 DB - xor ebx,ebx
Prey.exe+367DC9 - 48 C1 F9 03 - sar rcx,03 { 3 }
Prey.exe+367DCD - 48 85 C9 - test rcx,rcx
Prey.exe+367DD0 - 74 08 - je Prey.exe+367DDA
Prey.exe+367DD2 - 49 8B 10 - mov rdx,[r8]
Prey.exe+367DD5 - 48 85 D2 - test rdx,rdx
*/
[DISABLE]
Prey.exe+4EEA30:
mov rcx,[rcx+20]
test rcx,ecx
{$lua}
if( syntaxcheck == false ) then --actual execution
local starttime = getTickCount()
if readInteger( "KeyExecHandlerOff" ) == 0 then --could be 2 already
writeInteger( "KeyExecHandlerOff", 1 ) --tell the thread to kill itself
end
while( getTickCount() < starttime + 1000 ) and ( readInteger( "KeyExecHandlerOff" ) ~= 2 ) do --wait till it has finished
sleep( 20 )
end
if( getTickCount() > starttime + 1000 ) then --could happen when the window is shown
showMessage( 'Disabling the thread failed!' )
error( 'Thread disabling failed!' )
end
sleep( 1 )
end
{$asm}
unregistersymbol( KeyExecHandlerOff )
unregistersymbol( KeyExecHandlerThread )
dealloc( KeyExecHandlerThread )
32
"[Debug]"
C0C0C0
1
75
"Test"
Auto Assembler Script
[ENABLE]
alloc( QueryHandlerThread, 0x1000, Prey.exe )
registersymbol( QueryHandlerThread )
CreateThread( QueryHandlerThread )
label( QueryHandlerOff )
registersymbol( QueryHandlerOff )
label( l_QueryHandlerThread )
label( QueryCVar )
label( GetCVar )
label( CVarString )
registersymbol( CVarString )
label( CVar )
registersymbol( CVar )
label( fHealth )
QueryHandlerThread:
sub rsp,28
l_QueryHandlerThread:
mov rcx,0a
call Sleep
cmp [QueryHandlerOff],1
jne short @f
add rsp,28
mov [QueryHandlerOff],2
ret
@@:
mov rcx,60 // VK_NUMPAD0
call GetAsyncKeyState
test ax,ax
jne short QueryCVar
jmp short l_QueryHandlerThread
QueryCVar:
movss xmm6,[fHealth]
call Prey.exe+13F7520
mov rcx,C8
call Sleep
jmp l_QueryHandlerThread
GetCVar:
sub rsp,28
mov rcx,[Prey.exe+2395B20]
mov rax,[rcx]
call qword ptr [rax+238]
lea rdx,[CVarString]
mov r8,[rax]
mov rcx,rax
call qword ptr [r8+B8]
test rax,rax
jne short @f
mov [CVar],0
mov [CVar+4],0
add rsp,28
ret
@@:
mov rdx,[rax]
mov rcx,rax
//add rsp,28
//jmp qword ptr [rdx+10]
// <--
mov rax,[rcx+48]
mov [CVar],rax
// -->
add rsp,28
ret
QueryHandlerOff:
dd 0
CVar:
dq 0
fHealth:
dd (float)5000.0
CVarString:
db 'g_godMode',0
[DISABLE]
{$lua}
if( syntaxcheck == false ) then --actual execution
local starttime = getTickCount()
if readInteger( "QueryHandlerOff" ) == 0 then --could be 2 already
writeInteger( "QueryHandlerOff", 1 ) --tell the thread to kill itself
end
while( getTickCount() < starttime + 1000 ) and ( readInteger( "QueryHandlerOff" ) ~= 2 ) do --wait till it has finished
sleep( 20 )
end
if( getTickCount() > starttime + 1000 ) then --could happen when the window is shown
showMessage( 'Disabling the thread failed!' )
error( 'Thread disabling failed!' )
end
sleep( 1 )
end
{$asm}
unregistersymbol( CVar )
unregistersymbol( CVarString )
unregistersymbol( QueryHandlerOff )
unregistersymbol( QueryHandlerThread )
dealloc( QueryHandlerThread )
76
"CVarString"
String
100
0
1
CVarString
77
"CVar"
4 Bytes
CVar
0
78
"PSI Pointer"
Float
"Prey.exe"+02416E40
408
668
8
0
138
19
"Darkmike Cheats"
000080
1
0
"One Hit Kills"
Auto Assembler Script
[ENABLE]
aobscanmodule(ohk,Prey.exe,F3 0F 11 40 40 0F 28) // should be unique
alloc(newmem,$1000,"Prey.exe"+15A7C4B)
label(code)
label(return)
newmem:
mov dword ptr [rax+40],0
code:
// movss [rax+40],xmm0
jmp return
ohk:
jmp newmem
return:
registersymbol(ohk)
[DISABLE]
ohk:
db F3 0F 11 40 40
unregistersymbol(ohk)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Prey.exe"+15A7C4B
"Prey.exe"+15A7C2C: F3 0F 10 50 40 - movss xmm2,[rax+40]
"Prey.exe"+15A7C31: F3 0F 10 48 44 - movss xmm1,[rax+44]
"Prey.exe"+15A7C36: 72 0D - jb Prey.exe+15A7C45
"Prey.exe"+15A7C38: 0F 2F F1 - comiss xmm6,xmm1
"Prey.exe"+15A7C3B: 73 05 - jae Prey.exe+15A7C42
"Prey.exe"+15A7C3D: 0F 28 C6 - movaps xmm0,xmm6
"Prey.exe"+15A7C40: EB 03 - jmp Prey.exe+15A7C45
"Prey.exe"+15A7C42: 0F 28 C1 - movaps xmm0,xmm1
"Prey.exe"+15A7C45: 0F 28 CE - movaps xmm1,xmm6
"Prey.exe"+15A7C48: 48 8B CB - mov rcx,rbx
// ---------- INJECTING HERE ----------
"Prey.exe"+15A7C4B: F3 0F 11 40 40 - movss [rax+40],xmm0
// ---------- DONE INJECTING ----------
"Prey.exe"+15A7C50: 0F 28 74 24 20 - movaps xmm6,[rsp+20]
"Prey.exe"+15A7C55: 48 83 C4 30 - add rsp,30
"Prey.exe"+15A7C59: 5B - pop rbx
"Prey.exe"+15A7C5A: E9 F1 12 27 00 - jmp Prey.exe+1818F50
"Prey.exe"+15A7C5F: CC - int 3
"Prey.exe"+15A7C60: 48 89 5C 24 08 - mov [rsp+08],rbx
"Prey.exe"+15A7C65: 57 - push rdi
"Prey.exe"+15A7C66: 48 83 EC 30 - sub rsp,30
"Prey.exe"+15A7C6A: 48 8B 01 - mov rax,[rcx]
"Prey.exe"+15A7C6D: 0F 29 74 24 20 - movaps [rsp+20],xmm6
}
1
"No Reload"
Auto Assembler Script
[ENABLE]
aobscanmodule(ammo,Prey.exe,89 91 E4 03 00 00) // should be unique
alloc(newmem,$1000,"Prey.exe"+885BB2A)
label(code)
label(return)
newmem:
mov edx, #99
code:
mov [rcx+000003E4],edx
jmp return
ammo:
jmp newmem
nop
return:
registersymbol(ammo)
[DISABLE]
ammo:
db 89 91 E4 03 00 00
unregistersymbol(ammo)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Prey.exe"+885BB2A
"Prey.exe"+885BAFE: E9 4E D3 9A FA - jmp Prey.exe+3208E51
"Prey.exe"+885BB03: 66 66 66 66 2E 0F 1F 84 00 00 00 00 00 - nop cs:[rax+rax+00000000]
"Prey.exe"+885BB10: 48 89 5C 24 08 - mov [rsp+08],rbx
"Prey.exe"+885BB15: 57 - push rdi
"Prey.exe"+885BB16: 48 83 EC 20 - sub rsp,20
"Prey.exe"+885BB1A: 8B B9 E4 03 00 00 - mov edi,[rcx+000003E4]
"Prey.exe"+885BB20: 48 89 CB - mov rbx,rcx
"Prey.exe"+885BB23: 39 D7 - cmp edi,edx
"Prey.exe"+885BB25: 74 5B - je Prey.exe+885BB82
"Prey.exe"+885BB27: 48 8B 01 - mov rax,[rcx]
// ---------- INJECTING HERE ----------
"Prey.exe"+885BB2A: 89 91 E4 03 00 00 - mov [rcx+000003E4],edx
// ---------- DONE INJECTING ----------
"Prey.exe"+885BB30: FF 50 30 - call qword ptr [rax+30]
"Prey.exe"+885BB33: 8B 8B E4 03 00 00 - mov ecx,[rbx+000003E4]
"Prey.exe"+885BB39: 85 C9 - test ecx,ecx
"Prey.exe"+885BB3B: 79 0C - jns Prey.exe+885BB49
"Prey.exe"+885BB3D: C7 83 E4 03 00 00 00 00 00 00 - mov [rbx+000003E4],00000000
"Prey.exe"+885BB47: EB 0A - jmp Prey.exe+885BB53
"Prey.exe"+885BB49: 39 C1 - cmp ecx,eax
"Prey.exe"+885BB4B: 7E 06 - jle Prey.exe+885BB53
"Prey.exe"+885BB4D: 89 83 E4 03 00 00 - mov [rbx+000003E4],eax
"Prey.exe"+885BB53: 3B BB E4 03 00 00 - cmp edi,[rbx+000003E4]
}
36
"The Mogician Cheats"
808000
1
35
"Psi Pointer"
Float
"Prey.exe"+02416E40
408
668
8
0
138
37
"Zanzer's Cheats"
800000
1
21
"Unlimited Stamina"
Auto Assembler Script
[ENABLE]
aobscanmodule(stamina,Prey.exe,83 79 0C 00 0F 29 74 24 60)
stamina+3:
db 02
registersymbol(stamina)
[DISABLE]
stamina+3:
db 00
unregistersymbol(stamina)
{
// ORIGINAL CODE - INJECTION POINT: "Prey.exe"+13162E6
"Prey.exe"+13162D9: CC - int 3
"Prey.exe"+13162DA: CC - int 3
"Prey.exe"+13162DB: CC - int 3
"Prey.exe"+13162DC: CC - int 3
"Prey.exe"+13162DD: CC - int 3
"Prey.exe"+13162DE: CC - int 3
"Prey.exe"+13162DF: CC - int 3
"Prey.exe"+13162E0: 53 - push rbx
"Prey.exe"+13162E1: 48 83 EC 70 - sub rsp,70
"Prey.exe"+13162E5: 90 - nop
// ---------- INJECTING HERE ----------
"Prey.exe"+13162E6: 83 79 0C 00 - cmp dword ptr [rcx+0C],00
"Prey.exe"+13162EA: 0F 29 74 24 60 - movaps [rsp+60],xmm6
// ---------- DONE INJECTING ----------
"Prey.exe"+13162EF: 0F 29 7C 24 50 - movaps [rsp+50],xmm7
"Prey.exe"+13162F4: 48 8B D9 - mov rbx,rcx
"Prey.exe"+13162F7: 0F 57 F6 - xorps xmm6,xmm6
"Prey.exe"+13162FA: 0F 28 F9 - movaps xmm7,xmm1
"Prey.exe"+13162FD: 74 09 - je Prey.exe+1316308
"Prey.exe"+13162FF: 0F 2F FE - comiss xmm7,xmm6
"Prey.exe"+1316302: 0F 87 E4 01 00 00 - ja Prey.exe+13164EC
"Prey.exe"+1316308: 48 89 AC 24 80 00 00 00 - mov [rsp+00000080],rbp
"Prey.exe"+1316310: 48 89 B4 24 88 00 00 00 - mov [rsp+00000088],rsi
"Prey.exe"+1316318: 48 89 BC 24 90 00 00 00 - mov [rsp+00000090],rdi
}
22
"Unlimited Flashlight"
Auto Assembler Script
[ENABLE]
aobscanmodule(flashlight,Prey.exe,83 B8 ?? ?? ?? ?? 00 0F 85 ?? ?? ?? ?? 83 B8 ?? ?? ?? ?? 00 75)
flashlight+6:
db 02
registersymbol(flashlight)
[DISABLE]
flashlight+6:
db 00
unregistersymbol(flashlight)
{
// ORIGINAL CODE - INJECTION POINT: "Prey.exe"+15EE06E
"Prey.exe"+15EE033: 0F 84 40 01 00 00 - je Prey.exe+15EE179
"Prey.exe"+15EE039: E8 52 2A FF FF - call Prey.exe+15E0A90
"Prey.exe"+15EE03E: 48 8D 88 68 06 00 00 - lea rcx,[rax+00000668]
"Prey.exe"+15EE045: E8 66 E1 28 FF - call Prey.exe+87C1B0
"Prey.exe"+15EE04A: 83 78 20 00 - cmp dword ptr [rax+20],00
"Prey.exe"+15EE04E: 0F 85 25 01 00 00 - jne Prey.exe+15EE179
"Prey.exe"+15EE054: 48 8B 05 55 F5 E1 00 - mov rax,[Prey.exe+240D5B0]
"Prey.exe"+15EE05B: 44 0F 29 44 24 20 - movaps [rsp+20],xmm8
"Prey.exe"+15EE061: F3 44 0F 10 05 DE 6C 9E 00 - movss xmm8,[Prey.exe+1FD4D48]
"Prey.exe"+15EE06A: 41 0F 28 F8 - movaps xmm7,xmm8
// ---------- INJECTING HERE ----------
"Prey.exe"+15EE06E: 83 B8 78 09 00 00 00 - cmp dword ptr [rax+00000978],00
// ---------- DONE INJECTING ----------
"Prey.exe"+15EE075: 0F 85 80 00 00 00 - jne Prey.exe+15EE0FB
"Prey.exe"+15EE07B: 83 B8 74 09 00 00 00 - cmp dword ptr [rax+00000974],00
"Prey.exe"+15EE082: 75 77 - jne Prey.exe+15EE0FB
"Prey.exe"+15EE084: F3 0F 10 4B 7C - movss xmm1,[rbx+7C]
"Prey.exe"+15EE089: 0F 28 C6 - movaps xmm0,xmm6
"Prey.exe"+15EE08C: F3 0F 59 43 70 - mulss xmm0,[rbx+70]
"Prey.exe"+15EE091: F3 0F 5C C8 - subss xmm1,xmm0
"Prey.exe"+15EE095: 0F 57 C0 - xorps xmm0,xmm0
"Prey.exe"+15EE098: 0F 2F C8 - comiss xmm1,xmm0
"Prey.exe"+15EE09B: F3 0F 11 4B 7C - movss [rbx+7C],xmm1
}
44
"Unlimited Ammo"
Auto Assembler Script
[ENABLE]
aobscanmodule(clip,Prey.exe,7E 06 89 83 ?? ?? ?? ?? 3B BB)
clip:
db 90 90
registersymbol(clip)
[DISABLE]
clip:
db 7E 06
unregistersymbol(clip)
{
// ORIGINAL CODE - INJECTION POINT: "Prey.exe"+885BB4B
"Prey.exe"+885BB25: 74 5B - je Prey.exe+885BB82
"Prey.exe"+885BB27: 48 8B 01 - mov rax,[rcx]
"Prey.exe"+885BB2A: 89 91 E4 03 00 00 - mov [rcx+000003E4],edx
"Prey.exe"+885BB30: FF 50 30 - call qword ptr [rax+30]
"Prey.exe"+885BB33: 8B 8B E4 03 00 00 - mov ecx,[rbx+000003E4]
"Prey.exe"+885BB39: 85 C9 - test ecx,ecx
"Prey.exe"+885BB3B: 79 0C - jns Prey.exe+885BB49
"Prey.exe"+885BB3D: C7 83 E4 03 00 00 00 00 00 00 - mov [rbx+000003E4],00000000
"Prey.exe"+885BB47: EB 0A - jmp Prey.exe+885BB53
"Prey.exe"+885BB49: 39 C1 - cmp ecx,eax
// ---------- INJECTING HERE ----------
"Prey.exe"+885BB4B: 7E 06 - jle Prey.exe+885BB53
"Prey.exe"+885BB4D: 89 83 E4 03 00 00 - mov [rbx+000003E4],eax
// ---------- DONE INJECTING ----------
"Prey.exe"+885BB53: 3B BB E4 03 00 00 - cmp edi,[rbx+000003E4]
"Prey.exe"+885BB59: 74 27 - je Prey.exe+885BB82
"Prey.exe"+885BB5B: 48 8B BB 88 03 00 00 - mov rdi,[rbx+00000388]
"Prey.exe"+885BB62: 48 8B 9B 80 03 00 00 - mov rbx,[rbx+00000380]
"Prey.exe"+885BB69: 48 39 FB - cmp rbx,rdi
"Prey.exe"+885BB6C: 74 14 - je Prey.exe+885BB82
"Prey.exe"+885BB6E: 66 90 - nop
"Prey.exe"+885BB70: 48 8B 0B - mov rcx,[rbx]
"Prey.exe"+885BB73: 48 8B 01 - mov rax,[rcx]
"Prey.exe"+885BB76: FF 50 28 - call qword ptr [rax+28]
}
24
"Unlimited Supplies"
Auto Assembler Script
[ENABLE]
aobscanmodule(ammo,Prey.exe,7D 19 48 8B 07 2B)
ammo:
db 31 F6
registersymbol(ammo)
[DISABLE]
ammo:
db 7D 19
unregistersymbol(ammo)
{
// ORIGINAL CODE - INJECTION POINT: "Prey.exe"+11B7673
"Prey.exe"+11B7649: 48 8D 88 68 06 00 00 - lea rcx,[rax+00000668]
"Prey.exe"+11B7650: 48 89 5C 24 30 - mov [rsp+30],rbx
"Prey.exe"+11B7655: 48 8B 5F 38 - mov rbx,[rdi+38]
"Prey.exe"+11B7659: E8 82 CC F0 FE - call Prey.exe+C42E0
"Prey.exe"+11B765E: 48 8B D3 - mov rdx,rbx
"Prey.exe"+11B7661: 48 8B C8 - mov rcx,rax
"Prey.exe"+11B7664: E8 A7 5C 15 00 - call Prey.exe+130D310
"Prey.exe"+11B7669: 48 8B 5C 24 30 - mov rbx,[rsp+30]
"Prey.exe"+11B766E: 8B 57 54 - mov edx,[rdi+54]
"Prey.exe"+11B7671: 3B F2 - cmp esi,edx
// ---------- INJECTING HERE ----------
"Prey.exe"+11B7673: 7D 19 - jnl Prey.exe+11B768E
"Prey.exe"+11B7675: 48 8B 07 - mov rax,[rdi]
// ---------- DONE INJECTING ----------
"Prey.exe"+11B7678: 2B D6 - sub edx,esi
"Prey.exe"+11B767A: 48 8B CF - mov rcx,rdi
"Prey.exe"+11B767D: 48 8B 74 24 38 - mov rsi,[rsp+38]
"Prey.exe"+11B7682: 48 83 C4 20 - add rsp,20
"Prey.exe"+11B7686: 5F - pop rdi
"Prey.exe"+11B7687: 48 FF A0 F8 00 00 00 - jmp qword ptr [rax+000000F8]
"Prey.exe"+11B768E: 83 7F 58 00 - cmp dword ptr [rdi+58],00
"Prey.exe"+11B7692: 74 08 - je Prey.exe+11B769C
"Prey.exe"+11B7694: 48 8B CF - mov rcx,rdi
"Prey.exe"+11B7697: E8 D4 50 00 00 - call Prey.exe+11BC770
}
57
"Unlimited Timer"
Auto Assembler Script
[ENABLE]
aobscanmodule(timer,Prey.exe,48 8D 4F 7C 0F B6 D8)
alloc(newmem,$1000,timer)
label(code)
label(return)
newmem:
code:
lea rcx,[rdi+7C]
movzx ebx,al
mov [rcx],(float)60
jmp return
timer:
jmp newmem
nop
nop
return:
registersymbol(timer)
[DISABLE]
timer:
db 48 8D 4F 7C 0F B6 D8
unregistersymbol(timer)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Prey.exe"+1682007
"Prey.exe"+1681FD5: 48 89 9C 24 78 01 00 00 - mov [rsp+00000178],rbx
"Prey.exe"+1681FDD: B2 02 - mov dl,02
"Prey.exe"+1681FDF: 48 8B 01 - mov rax,[rcx]
"Prey.exe"+1681FE2: 4C 89 B4 24 60 01 00 00 - mov [rsp+00000160],r14
"Prey.exe"+1681FEA: 4C 89 BC 24 58 01 00 00 - mov [rsp+00000158],r15
"Prey.exe"+1681FF2: FF 50 38 - call qword ptr [rax+38]
"Prey.exe"+1681FF5: 48 8D 4F 78 - lea rcx,[rdi+78]
"Prey.exe"+1681FF9: 0F 28 C8 - movaps xmm1,xmm0
"Prey.exe"+1681FFC: F3 0F 11 44 24 4C - movss [rsp+4C],xmm0
"Prey.exe"+1682002: E8 69 7F CB FF - call Prey.exe+1339F70
// ---------- INJECTING HERE ----------
"Prey.exe"+1682007: 48 8D 4F 7C - lea rcx,[rdi+7C]
"Prey.exe"+168200B: 0F B6 D8 - movzx ebx,al
// ---------- DONE INJECTING ----------
"Prey.exe"+168200E: F3 0F 10 4C 24 4C - movss xmm1,[rsp+4C]
"Prey.exe"+1682014: E8 57 7F CB FF - call Prey.exe+1339F70
"Prey.exe"+1682019: 83 BF F0 00 00 00 06 - cmp dword ptr [rdi+000000F0],06
"Prey.exe"+1682020: 74 22 - je Prey.exe+1682044
"Prey.exe"+1682022: 48 8D 4F 7C - lea rcx,[rdi+7C]
"Prey.exe"+1682026: E8 F5 3C B4 FF - call Prey.exe+11C5D20
"Prey.exe"+168202B: 44 8B 87 80 00 00 00 - mov r8d,[rdi+00000080]
"Prey.exe"+1682032: 48 8D 15 DF EC 6A 00 - lea rdx,[Prey.exe+1D30D18]
"Prey.exe"+1682039: 0F 28 D8 - movaps xmm3,xmm0
"Prey.exe"+168203C: 48 8B CE - mov rcx,rsi
}
56
"Instant Charge"
Auto Assembler Script
[ENABLE]
aobscanmodule(charge,Prey.exe,E8 ?? ?? ?? ?? 80 BE ?? ?? ?? ?? 00 0F 28)
alloc(newmem,$1000,charge)
label(code)
label(return)
label(charge_bkp)
newmem:
xorps xmm0,xmm0
code:
movss [rcx],xmm0
jmp return
charge_bkp:
readmem(charge,5)
charge:
jmp newmem
return:
registersymbol(charge)
registersymbol(charge_bkp)
[DISABLE]
charge:
readmem(charge_bkp,5)
unregistersymbol(charge)
unregistersymbol(charge_bkp)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Prey.exe"+145309C
"Prey.exe"+1453065: 48 8B F1 - mov rsi,rcx
"Prey.exe"+1453068: 49 8B CE - mov rcx,r14
"Prey.exe"+145306B: 44 0F 29 98 58 FF FF FF - movaps [rax-000000A8],xmm11
"Prey.exe"+1453073: 44 0F 29 B0 28 FF FF FF - movaps [rax-000000D8],xmm14
"Prey.exe"+145307B: E8 B0 39 29 00 - call Prey.exe+16E6A30
"Prey.exe"+1453080: F3 44 0F 10 35 BF 1C B8 00 - movss xmm14,[Prey.exe+1FD4D48]
"Prey.exe"+1453089: 45 0F 57 DB - xorps xmm11,xmm11
"Prey.exe"+145308D: 84 C0 - test al,al
"Prey.exe"+145308F: 0F 84 C6 00 00 00 - je Prey.exe+145315B
"Prey.exe"+1453095: 48 8D 8E E4 02 00 00 - lea rcx,[rsi+000002E4]
// ---------- INJECTING HERE ----------
"Prey.exe"+145309C: E8 6F 6A EE FF - call Prey.exe+1339B10
// ---------- DONE INJECTING ----------
"Prey.exe"+14530A1: 80 BE E1 02 00 00 00 - cmp byte ptr [rsi+000002E1],00
"Prey.exe"+14530A8: 0F 28 F8 - movaps xmm7,xmm0
"Prey.exe"+14530AB: 75 66 - jne Prey.exe+1453113
"Prey.exe"+14530AD: 48 8D 8E E4 02 00 00 - lea rcx,[rsi+000002E4]
"Prey.exe"+14530B4: E8 D7 6A EE FF - call Prey.exe+1339B90
"Prey.exe"+14530B9: 84 C0 - test al,al
"Prey.exe"+14530BB: 75 56 - jne Prey.exe+1453113
"Prey.exe"+14530BD: 48 8D 15 AC 0D F7 00 - lea rdx,[Prey.exe+23C3E70]
"Prey.exe"+14530C4: 49 8B CE - mov rcx,r14
"Prey.exe"+14530C7: E8 14 19 29 00 - call Prey.exe+16E49E0
}
58
"Find Floats"
Auto Assembler Script
[ENABLE]
aobscanmodule(find_float,Prey.exe,F3 0F 10 01 C3 CC)
registersymbol(find_float)
[DISABLE]
unregistersymbol(find_float)
{
// ORIGINAL CODE - INJECTION POINT: "Prey.exe"+11C5D20
"Prey.exe"+11C5D16: CC - int 3
"Prey.exe"+11C5D17: CC - int 3
"Prey.exe"+11C5D18: CC - int 3
"Prey.exe"+11C5D19: CC - int 3
"Prey.exe"+11C5D1A: CC - int 3
"Prey.exe"+11C5D1B: CC - int 3
"Prey.exe"+11C5D1C: CC - int 3
"Prey.exe"+11C5D1D: CC - int 3
"Prey.exe"+11C5D1E: CC - int 3
"Prey.exe"+11C5D1F: CC - int 3
// ---------- INJECTING HERE ----------
"Prey.exe"+11C5D20: F3 0F 10 01 - movss xmm0,[rcx]
"Prey.exe"+11C5D24: C3 - ret
// ---------- DONE INJECTING ----------
"Prey.exe"+11C5D25: CC - int 3
"Prey.exe"+11C5D26: CC - int 3
"Prey.exe"+11C5D27: CC - int 3
"Prey.exe"+11C5D28: CC - int 3
"Prey.exe"+11C5D29: CC - int 3
"Prey.exe"+11C5D2A: CC - int 3
"Prey.exe"+11C5D2B: CC - int 3
"Prey.exe"+11C5D2C: CC - int 3
"Prey.exe"+11C5D2D: CC - int 3
"Prey.exe"+11C5D2E: CC - int 3
}
59
"Archangel73337 Cheat's"
008000
1
63
"Infinite PSI"
Auto Assembler Script
define(address,"Prey.exe"+160E374)
define(bytes,F3 0F 10 B9 08 04 00 00)
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000,"Prey.exe"+160E374)
label(code)
label(return)
newmem:
mov [rcx+00000408],(float)9999
code:
movss xmm7,[rcx+00000408]
jmp return
address:
jmp newmem
nop
nop
nop
return:
[DISABLE]
address:
db bytes
dealloc(newmem)
64
"Inventory 999"
Auto Assembler Script
[ENABLE]
aobscanmodule(INJECT,Prey.exe,89 43 54 85 D2)
alloc(newmem,$1000,"Prey.exe"+11BC872)
label(code)
label(return)
newmem:
mov [rbx+54],#999
code:
mov [rbx+54],eax
test edx,edx
jmp return
INJECT:
jmp newmem
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db 89 43 54 85 D2
unregistersymbol(INJECT)
dealloc(newmem)
65
"No Reload"
Auto Assembler Script
[ENABLE]
aobscanmodule(INJECT,Prey.exe,89 91 E4 03 00 00)
alloc(newmem,$1000,"Prey.exe"+885BB2A)
label(code)
label(return)
newmem:
mov [rcx+000003E4],#99
jmp return
code:
mov [rcx+000003E4],edx
jmp return
INJECT:
jmp newmem
nop
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db 89 91 E4 03 00 00
unregistersymbol(INJECT)
dealloc(newmem)
Change of movss xmm7,[rcx+00000408]
14160E374
Prey.exe
160E374
0F
29
7C
24
20
F3
0F
10
B9
08
04
00
00
F3
0F
5C
F9
48
Change of mov [rcx-08],rax
1418B17A4
Prey.exe
18B17A4
08
48
83
C1
10
48
89
41
F8
FF
40
10
48
8B
Change of mov rax,[r8+08]
1418AE093
Prey.exe
18AE093
83
38
FE
74
5A
49
8B
40
08
8B
48
14
48
23
Change of movss [rsi+000000D0],xmm0
1403131CA
Prey.exe
3131CA
00
00
45
8B
C4
F3
0F
11
86
D0
00
00
00
8B
51
FC
89
86
Change of mov eax,[rcx+000000D0]
140312033
Prey.exe
312033
4C
8B
D1
89
02
8B
81
D0
00
00
00
48
8B
DA
89
42
Change of mov [rdx+rsi*4],eax
140309B20
Prey.exe
309B20
7F
48
8B
14
D1
89
04
B2
8B
55
68
4C
8B
Change of comiss xmm7,[rcx+rdx*4]
1403146D8
Prey.exe
3146D8
E8
42
8D
14
27
0F
2F
3C
91
72
21
49
8B
4E
Change of comiss xmm7,[rax+rcx*4]
14031475C
Prey.exe
31475C
23
4A
8B
04
E8
0F
2F
3C
88
72
25
49
8B
4E
Change of movss [rax-00000004],xmm0
1439172BC
Prey.exe
39172BC
04
F3
0F
5C
C6
F3
0F
11
80
FC
FF
FF
FF
48
39
C8
75
E7
Change of mov rax,[rsi+000000D8]
1418D0911
Prey.exe
18D0911
0F
2C
CE
89
08
48
8B
86
D8
00
00
00
48
8D
4D
30
66
Change of movd xmm0,[rax]
1418D091C
Prey.exe
18D091C
00
48
8D
4D
30
66
0F
6E
00
0F
5B
C0
F3
0F
Change of mov [rax],ecx
1418D090F
Prey.exe
18D090F
00
F2
0F
2C
CE
89
08
48
8B
86
D8
00
Change of movd xmm0,[rax+04]
1418D0AC9
Prey.exe
18D0AC9
00
48
8D
4D
48
66
0F
6E
40
04
0F
5B
C0
F3
0F
Change of movsd [rax+08],xmm8
1418D11FF
Prey.exe
18D11FF
F2
45
0F
59
C3
F2
44
0F
11
40
08
75
0D
F2
44
0F
Change of movsd [rax+08],xmm0
1418D129F
Prey.exe
18D129F
08
66
0F
54
C7
F2
0F
11
40
08
48
8B
86
D8
00
charge
14145309C
charge_bkp
13FFD0015
find_float
1411C5D20
stamina
1413162E6
flashlight
1415EE06E
clip
14885BB4B
timer
141682007
ammo
1411B7673
pStamina
13FFF001E
Authors: SunBeam, The Mogician
Version: 1.2
Released: 5 May 2017
Revised: 12 May 2017
"Prey.exe"+1616764
<-- writes