Click Memory View, hit alt+a. Copy and paste the code. Click File -> Assign to Current Cheat Table. Do for each individual code.
Most know how to do this already, but some don't. Have fun
{ Game : tld.exe
Author : Sigan
}
//BowItem.ShootArrow
[ENABLE]
aobscanmodule(INJECT,GameAssembly.dll,FF 48 18 48 8B 4F 58) // should be unique
alloc(newmem,$1000,INJECT)
label(code)
label(return)
newmem:
dec [rax+18]
inc [rax+18]
code:
mov rcx,[rdi+58]
jmp return
INJECT:
jmp newmem
nop 2
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db FF 48 18 48 8B 4F 58
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+1A1B62C
GameAssembly.dll+1A1B5FF: 48 85 C9 - test rcx,rcx
GameAssembly.dll+1A1B602: 0F 84 BA 03 00 00 - je GameAssembly.dll+1A1B9C2
GameAssembly.dll+1A1B608: 33 D2 - xor edx,edx
GameAssembly.dll+1A1B60A: E8 D1 B1 52 00 - call ArrowItem.Fire
GameAssembly.dll+1A1B60F: 48 8B 47 58 - mov rax,[rdi+58]
GameAssembly.dll+1A1B613: 48 85 C0 - test rax,rax
GameAssembly.dll+1A1B616: 0F 84 A0 03 00 00 - je GameAssembly.dll+1A1B9BC
GameAssembly.dll+1A1B61C: 48 8B 80 30 02 00 00 - mov rax,[rax+00000230]
GameAssembly.dll+1A1B623: 48 85 C0 - test rax,rax
GameAssembly.dll+1A1B626: 0F 84 8A 03 00 00 - je GameAssembly.dll+1A1B9B6
// ---------- INJECTING HERE ----------
GameAssembly.dll+1A1B62C: FF 48 18 - dec [rax+18]
// ---------- DONE INJECTING ----------
GameAssembly.dll+1A1B62F: 48 8B 4F 58 - mov rcx,[rdi+58]
GameAssembly.dll+1A1B633: 48 85 C9 - test rcx,rcx
GameAssembly.dll+1A1B636: 0F 84 74 03 00 00 - je GameAssembly.dll+1A1B9B0
GameAssembly.dll+1A1B63C: 48 8B 81 30 02 00 00 - mov rax,[rcx+00000230]
GameAssembly.dll+1A1B643: 48 85 C0 - test rax,rax
GameAssembly.dll+1A1B646: 0F 84 5E 03 00 00 - je GameAssembly.dll+1A1B9AA
GameAssembly.dll+1A1B64C: 83 78 18 00 - cmp dword ptr [rax+18],00
GameAssembly.dll+1A1B650: 74 71 - je GameAssembly.dll+1A1B6C3
GameAssembly.dll+1A1B652: 48 85 C9 - test rcx,rcx
GameAssembly.dll+1A1B655: 0F 84 2B 03 00 00 - je GameAssembly.dll+1A1B986
}
{ Game : tld.exe
Author : Sigan
}
[ENABLE]
aobscanmodule(INJECT,GameAssembly.dll,F3 0F 58 93 AC 00 00 00 F3 0F 11 93) // should be unique
alloc(newmem,$1000,INJECT)
label(infTorch)
label(code)
label(return)
newmem:
push rsi
mov rsi,[infTorch]
mov [rbx+ac],rsi
pop rsi
code:
addss xmm2,[rbx+000000AC]
jmp return
infTorch:
dd (float)0
INJECT:
jmp newmem
nop 3
return:
registersymbol(INJECT)
registersymbol(infTorch)
[DISABLE]
INJECT:
db F3 0F 58 93 AC 00 00 00
unregistersymbol(INJECT)
unregistersymbol(infTorch)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+1CB9052
GameAssembly.dll+1CB901C: 48 85 FF - test rdi,rdi
GameAssembly.dll+1CB901F: 0F 84 30 04 00 00 - je GameAssembly.dll+1CB9455
GameAssembly.dll+1CB9025: 48 8B 87 80 00 00 00 - mov rax,[rdi+00000080]
GameAssembly.dll+1CB902C: 48 85 C0 - test rax,rax
GameAssembly.dll+1CB902F: 0F 84 1A 04 00 00 - je GameAssembly.dll+1CB944F
GameAssembly.dll+1CB9035: F3 0F 10 88 90 02 00 00 - movss xmm1,[rax+00000290]
GameAssembly.dll+1CB903D: F3 0F 59 48 78 - mulss xmm1,[rax+78]
GameAssembly.dll+1CB9042: F3 0F 10 15 9E 41 C2 01 - movss xmm2,[GameAssembly.dll+38DD1E8]
GameAssembly.dll+1CB904A: F3 0F 5E D1 - divss xmm2,xmm1
GameAssembly.dll+1CB904E: F3 0F 59 D0 - mulss xmm2,xmm0
// ---------- INJECTING HERE ----------
GameAssembly.dll+1CB9052: F3 0F 58 93 AC 00 00 00 - addss xmm2,[rbx+000000AC]
// ---------- DONE INJECTING ----------
GameAssembly.dll+1CB905A: F3 0F 11 93 AC 00 00 00 - movss [rbx+000000AC],xmm2
GameAssembly.dll+1CB9062: 33 D2 - xor edx,edx
GameAssembly.dll+1CB9064: 48 8B CB - mov rcx,rbx
GameAssembly.dll+1CB9067: E8 14 45 00 00 - call TorchItem.GetGearItem
GameAssembly.dll+1CB906C: 48 8B F8 - mov rdi,rax
GameAssembly.dll+1CB906F: 48 85 C0 - test rax,rax
GameAssembly.dll+1CB9072: 0F 84 4C 04 00 00 - je GameAssembly.dll+1CB94C4
GameAssembly.dll+1CB9078: F3 44 0F 10 90 04 03 00 00 - movss xmm10,[rax+00000304]
GameAssembly.dll+1CB9081: F3 0F 10 B3 AC 00 00 00 - movss xmm6,[rbx+000000AC]
GameAssembly.dll+1CB9089: 33 D2 - xor edx,edx
}
{ Game : tld.exe
Author : Sigan
}
[ENABLE]
aobscanmodule(INJECT,GameAssembly.dll,F0 F3 0F 58 B3 9C 00 00 00) // should be unique
alloc(newmem,$1000,INJECT)
label(infFlare)
label(code)
label(return)
newmem:
push rsi
mov rsi,[infFlare]
mov [rbx+9c],rsi
pop rsi
code:
addss xmm6,[rbx+0000009C]
jmp return
infFlare:
dd (float)0
INJECT+01:
jmp newmem
nop 3
return:
registersymbol(INJECT)
registersymbol(infFlare)
[DISABLE]
INJECT+01:
db F3 0F 58 B3 9C 00 00 00
unregistersymbol(INJECT)
unregistersymbol(infFlare)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+17B6E06
GameAssembly.dll+17B6DD0: 48 85 FF - test rdi,rdi
GameAssembly.dll+17B6DD3: 0F 84 0F 01 00 00 - je GameAssembly.dll+17B6EE8
GameAssembly.dll+17B6DD9: 48 8B 87 80 00 00 00 - mov rax,[rdi+00000080]
GameAssembly.dll+17B6DE0: 48 85 C0 - test rax,rax
GameAssembly.dll+17B6DE3: 0F 84 F9 00 00 00 - je GameAssembly.dll+17B6EE2
GameAssembly.dll+17B6DE9: F3 0F 10 88 90 02 00 00 - movss xmm1,[rax+00000290]
GameAssembly.dll+17B6DF1: F3 0F 59 48 78 - mulss xmm1,[rax+78]
GameAssembly.dll+17B6DF6: F3 0F 10 35 EA 63 12 02 - movss xmm6,[GameAssembly.dll+38DD1E8]
GameAssembly.dll+17B6DFE: F3 0F 5E F1 - divss xmm6,xmm1
GameAssembly.dll+17B6E02: F3 0F 59 F0 - mulss xmm6,xmm0
// ---------- INJECTING HERE ----------
GameAssembly.dll+17B6E06: F3 0F 58 B3 9C 00 00 00 - addss xmm6,[rbx+0000009C]
// ---------- DONE INJECTING ----------
GameAssembly.dll+17B6E0E: F3 0F 11 B3 9C 00 00 00 - movss [rbx+0000009C],xmm6
GameAssembly.dll+17B6E16: 48 8B BB F8 00 00 00 - mov rdi,[rbx+000000F8]
GameAssembly.dll+17B6E1D: 48 85 FF - test rdi,rdi
GameAssembly.dll+17B6E20: 0F 84 31 01 00 00 - je GameAssembly.dll+17B6F57
GameAssembly.dll+17B6E26: F3 44 0F 10 8F 04 03 00 00 - movss xmm9,[rdi+00000304]
GameAssembly.dll+17B6E2F: 33 D2 - xor edx,edx
GameAssembly.dll+17B6E31: 48 8B CB - mov rcx,rbx
GameAssembly.dll+17B6E34: E8 67 23 00 00 - call FlareItem.GetModifiedBurnLifetimeMinutes
GameAssembly.dll+17B6E39: 44 0F 28 C0 - movaps xmm8,xmm0
GameAssembly.dll+17B6E3D: 48 8B 0D DC 34 BE 02 - mov rcx,[GameAssembly.dll+439A320]
}
{ Game : tld.exe
Author : Sigan
}
[ENABLE]
aobscanmodule(INJECT,GameAssembly.dll,CC CC 48 8B C4 55 41 56 41 57 48 8D 68 A1 48 81 EC F0 00 00 00 48 C7 45 97) // should be unique
alloc(newmem,$1000,INJECT)
label(code)
label(return)
newmem:
ret
code:
{ mov rax,rsp
push rbp
push r14 }
jmp return
INJECT+02:
jmp newmem
nop
return:
registersymbol(INJECT)
[DISABLE]
INJECT+02:
db 48 8B C4 55 41 56
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: FallDamage.ApplyFallDamage
GameAssembly.dll+18F4586: CC - int 3
GameAssembly.dll+18F4587: CC - int 3
GameAssembly.dll+18F4588: CC - int 3
GameAssembly.dll+18F4589: CC - int 3
GameAssembly.dll+18F458A: CC - int 3
GameAssembly.dll+18F458B: CC - int 3
GameAssembly.dll+18F458C: CC - int 3
GameAssembly.dll+18F458D: CC - int 3
GameAssembly.dll+18F458E: CC - int 3
GameAssembly.dll+18F458F: CC - int 3
// ---------- INJECTING HERE ----------
FallDamage.ApplyFallDamage: 48 8B C4 - mov rax,rsp
// ---------- DONE INJECTING ----------
GameAssembly.dll+18F4593: 55 - push rbp
GameAssembly.dll+18F4594: 41 56 - push r14
GameAssembly.dll+18F4596: 41 57 - push r15
GameAssembly.dll+18F4598: 48 8D 68 A1 - lea rbp,[rax-5F]
GameAssembly.dll+18F459C: 48 81 EC F0 00 00 00 - sub rsp,000000F0
GameAssembly.dll+18F45A3: 48 C7 45 97 FE FF FF FF - mov qword ptr [rbp-69],FFFFFFFFFFFFFFFE
GameAssembly.dll+18F45AB: 48 89 58 08 - mov [rax+08],rbx
GameAssembly.dll+18F45AF: 48 89 70 10 - mov [rax+10],rsi
GameAssembly.dll+18F45B3: 48 89 78 18 - mov [rax+18],rdi
GameAssembly.dll+18F45B7: 4C 89 60 20 - mov [rax+20],r12
}
You can still turn off the wrist and ankle sprains seperately. Most any other damage will be completely negligible with JLee's other scripts turned on.
{ Game : tld.exe
Author : Sigan
}
[ENABLE]
aobscanmodule(INJECT,GameAssembly.dll,3C 90 00 B0 01 0F 28 74 24 40) // should be unique
alloc(newmem,$1000,INJECT)
label(code)
label(return)
newmem:
code:
mov al,00
movaps xmm6,[rsp+40]
jmp return
INJECT+03:
jmp newmem
nop 2
return:
registersymbol(INJECT)
[DISABLE]
INJECT+03:
db B0 01 0F 28 74 24 40
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+18F54CE
GameAssembly.dll+18F54A3: E8 18 1E E8 FF - call SprainedWrist.SprainedWristStart
GameAssembly.dll+18F54A8: E8 33 B1 CA FF - call GameAssembly.dll+15A05E0
GameAssembly.dll+18F54AD: 48 85 C0 - test rax,rax
GameAssembly.dll+18F54B0: 74 46 - je GameAssembly.dll+18F54F8
GameAssembly.dll+18F54B2: 48 8B 88 C0 00 00 00 - mov rcx,[rax+000000C0]
GameAssembly.dll+18F54B9: 48 85 C9 - test rcx,rcx
GameAssembly.dll+18F54BC: 74 34 - je GameAssembly.dll+18F54F2
GameAssembly.dll+18F54BE: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+18F54C1: F3 0F 10 0D F3 76 FE 01 - movss xmm1,[GameAssembly.dll+38DCBBC]
GameAssembly.dll+18F54C9: E8 82 3C 90 00 - call CameraStatusEffects.PainPulse
// ---------- INJECTING HERE ----------
GameAssembly.dll+18F54CE: B0 01 - mov al,01
// ---------- DONE INJECTING ----------
GameAssembly.dll+18F54D0: 0F 28 74 24 40 - movaps xmm6,[rsp+40]
GameAssembly.dll+18F54D5: 48 83 C4 58 - add rsp,58
GameAssembly.dll+18F54D9: C3 - ret
GameAssembly.dll+18F54DA: 32 C0 - xor al,al
GameAssembly.dll+18F54DC: 0F 28 74 24 40 - movaps xmm6,[rsp+40]
GameAssembly.dll+18F54E1: 48 83 C4 58 - add rsp,58
GameAssembly.dll+18F54E5: C3 - ret
GameAssembly.dll+18F54E6: E8 05 25 80 FE - call GameAssembly.dll+F79F0
GameAssembly.dll+18F54EB: CC - int 3
GameAssembly.dll+18F54EC: E8 FF 24 80 FE - call GameAssembly.dll+F79F0
}
{ Game : tld.exe
Author : Sigan
}
[ENABLE]
aobscanmodule(INJECT,GameAssembly.dll,3E 90 00 B0 01 0F 28 74 24 40) // should be unique
alloc(newmem,$1000,INJECT)
label(code)
label(return)
newmem:
code:
mov al,00
movaps xmm6,[rsp+40]
jmp return
INJECT+03:
jmp newmem
nop 2
return:
registersymbol(INJECT)
[DISABLE]
INJECT+03:
db B0 01 0F 28 74 24 40
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+18F52F5
GameAssembly.dll+18F52CA: E8 31 E0 E7 FF - call SprainedAnkle.SprainedAnkleStart
GameAssembly.dll+18F52CF: E8 0C B3 CA FF - call GameAssembly.dll+15A05E0
GameAssembly.dll+18F52D4: 48 85 C0 - test rax,rax
GameAssembly.dll+18F52D7: 74 46 - je GameAssembly.dll+18F531F
GameAssembly.dll+18F52D9: 48 8B 88 C0 00 00 00 - mov rcx,[rax+000000C0]
GameAssembly.dll+18F52E0: 48 85 C9 - test rcx,rcx
GameAssembly.dll+18F52E3: 74 34 - je GameAssembly.dll+18F5319
GameAssembly.dll+18F52E5: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+18F52E8: F3 0F 10 0D B8 79 FE 01 - movss xmm1,[GameAssembly.dll+38DCCA8]
GameAssembly.dll+18F52F0: E8 5B 3E 90 00 - call CameraStatusEffects.PainPulse
// ---------- INJECTING HERE ----------
GameAssembly.dll+18F52F5: B0 01 - mov al,01
// ---------- DONE INJECTING ----------
GameAssembly.dll+18F52F7: 0F 28 74 24 40 - movaps xmm6,[rsp+40]
GameAssembly.dll+18F52FC: 48 83 C4 58 - add rsp,58
GameAssembly.dll+18F5300: C3 - ret
GameAssembly.dll+18F5301: 32 C0 - xor al,al
GameAssembly.dll+18F5303: 0F 28 74 24 40 - movaps xmm6,[rsp+40]
GameAssembly.dll+18F5308: 48 83 C4 58 - add rsp,58
GameAssembly.dll+18F530C: C3 - ret
GameAssembly.dll+18F530D: E8 DE 26 80 FE - call GameAssembly.dll+F79F0
GameAssembly.dll+18F5312: CC - int 3
GameAssembly.dll+18F5313: E8 D8 26 80 FE - call GameAssembly.dll+F79F0
}
{ Game : tld.exe
Author : Sigan
}
[ENABLE]
aobscanmodule(INJECT,GameAssembly.dll,F3 0F 11 43 60 F3 0F 10 4B) // should be unique
alloc(newmem,$1000,INJECT)
label(zeroRisk)
label(code)
label(return)
newmem:
movss xmm0,[zeroRisk]
code:
movss [rbx+60],xmm0
jmp return
zeroRisk:
dd (float)0
INJECT:
jmp newmem
return:
registersymbol(INJECT)
registersymbol(zeroRisk)
[DISABLE]
INJECT:
db F3 0F 11 43 60
unregistersymbol(INJECT)
unregistersymbol(zeroRisk)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+177B3A9
GameAssembly.dll+177B37E: 48 8B 0D 03 65 C1 02 - mov rcx,[GameAssembly.dll+4391888]
GameAssembly.dll+177B385: F6 81 2F 01 00 00 02 - test byte ptr [rcx+0000012F],02
GameAssembly.dll+177B38C: 74 0E - je GameAssembly.dll+177B39C
GameAssembly.dll+177B38E: 83 B9 E0 00 00 00 00 - cmp dword ptr [rcx+000000E0],00
GameAssembly.dll+177B395: 75 05 - jne GameAssembly.dll+177B39C
GameAssembly.dll+177B397: E8 24 D9 93 FE - call GameAssembly.dll+B8CC0
GameAssembly.dll+177B39C: 33 D2 - xor edx,edx
GameAssembly.dll+177B39E: 33 C9 - xor ecx,ecx
GameAssembly.dll+177B3A0: E8 6B E0 E6 FF - call GameManager.GetDeltaTime
GameAssembly.dll+177B3A5: F3 0F 58 C7 - addss xmm0,xmm7
// ---------- INJECTING HERE ----------
GameAssembly.dll+177B3A9: F3 0F 11 43 60 - movss [rbx+60],xmm0
// ---------- DONE INJECTING ----------
GameAssembly.dll+177B3AE: F3 0F 10 4B 20 - movss xmm1,[rbx+20]
GameAssembly.dll+177B3B3: 0F 2F C8 - comiss xmm1,xmm0
GameAssembly.dll+177B3B6: 77 30 - ja GameAssembly.dll+177B3E8
GameAssembly.dll+177B3B8: 89 73 60 - mov [rbx+60],esi
GameAssembly.dll+177B3BB: 48 8B 0D 2E AD C0 02 - mov rcx,[GameAssembly.dll+43860F0]
GameAssembly.dll+177B3C2: F6 81 2F 01 00 00 02 - test byte ptr [rcx+0000012F],02
GameAssembly.dll+177B3C9: 74 0E - je GameAssembly.dll+177B3D9
GameAssembly.dll+177B3CB: 83 B9 E0 00 00 00 00 - cmp dword ptr [rcx+000000E0],00
GameAssembly.dll+177B3D2: 75 05 - jne GameAssembly.dll+177B3D9
GameAssembly.dll+177B3D4: E8 E7 D8 93 FE - call GameAssembly.dll+B8CC0
}
{ Game : tld.exe
Author : Sigan
}
[ENABLE]
aobscanmodule(INJECT,GameAssembly.dll,F3 0F 5C F0 F3 0F 11 B3 84 00 00 00) // should be unique
alloc(newmem,$1000,INJECT)
label(code)
label(return)
newmem:
mov byte ptr [rbx+78],00
code:
// subss xmm6,xmm0
movss [rbx+00000084],xmm6
jmp return
INJECT:
jmp newmem
nop 7
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db F3 0F 5C F0 F3 0F 11 B3 84 00 00 00
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+1ED944C
GameAssembly.dll+1ED9426: 72 10 - jb GameAssembly.dll+1ED9438
GameAssembly.dll+1ED9428: 33 D2 - xor edx,edx
GameAssembly.dll+1ED942A: 48 8B CB - mov rcx,rbx
GameAssembly.dll+1ED942D: E8 DE FC FF FF - call Suffocating.ApplySuffocatingVisualEffect
GameAssembly.dll+1ED9432: 89 B3 8C 00 00 00 - mov [rbx+0000008C],esi
GameAssembly.dll+1ED9438: F3 0F 10 B3 84 00 00 00 - movss xmm6,[rbx+00000084]
GameAssembly.dll+1ED9440: 0F 2F F7 - comiss xmm6,xmm7
GameAssembly.dll+1ED9443: 76 13 - jna GameAssembly.dll+1ED9458
GameAssembly.dll+1ED9445: 33 C9 - xor ecx,ecx
GameAssembly.dll+1ED9447: E8 A4 B3 40 FF - call UnityEngine.Time.get_deltaTime
// ---------- INJECTING HERE ----------
GameAssembly.dll+1ED944C: F3 0F 5C F0 - subss xmm6,xmm0
// ---------- DONE INJECTING ----------
GameAssembly.dll+1ED9450: F3 0F 11 B3 84 00 00 00 - movss [rbx+00000084],xmm6
GameAssembly.dll+1ED9458: 48 8B 0D 29 84 4B 02 - mov rcx,[GameAssembly.dll+4391888]
GameAssembly.dll+1ED945F: F6 81 2F 01 00 00 02 - test byte ptr [rcx+0000012F],02
GameAssembly.dll+1ED9466: 74 0E - je GameAssembly.dll+1ED9476
GameAssembly.dll+1ED9468: 83 B9 E0 00 00 00 00 - cmp dword ptr [rcx+000000E0],00
GameAssembly.dll+1ED946F: 75 05 - jne GameAssembly.dll+1ED9476
GameAssembly.dll+1ED9471: E8 4A F8 1D FE - call GameAssembly.dll+B8CC0
GameAssembly.dll+1ED9476: E8 C5 75 6C FF - call GameAssembly.dll+15A0A40
GameAssembly.dll+1ED947B: 0F 2F BB 84 00 00 00 - comiss xmm7,[rbx+00000084]
GameAssembly.dll+1ED9482: 0F 83 A6 01 00 00 - jae GameAssembly.dll+1ED962E
}
I always save before and after this, because running around with this script on seems to have been the cause of crashes. It works, though, if used in this way: Drop the pelt, turn on script, pick up cured pelt, turn off script. Works on anything needing to be cured. Can safely drop multiple items at once, and cure mass amounts of objects at a time without a problem.
{ Game : tld.exe
Author : Sigan
}
[ENABLE]
aobscanmodule(INJECT,GameAssembly.dll,2C F3 0F 10 7B 24) // should be unique
alloc(newmem,$1000,INJECT)
label(instaCure)
label(code)
label(return)
newmem:
push rsi
mov rsi,[instaCure]
mov [rbx+24],rsi
mov byte ptr [rbx+28],00
pop rsi
code:
movss xmm7,[rbx+24]
jmp return
instaCure:
dd (float)0
INJECT+01:
jmp newmem
return:
registersymbol(INJECT)
registersymbol(instaCure)
[DISABLE]
INJECT+01:
db F3 0F 10 7B 24
unregistersymbol(INJECT)
unregistersymbol(instaCure)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+18E387F
GameAssembly.dll+18E3853: 4C 89 44 24 38 - mov [rsp+38],r8
GameAssembly.dll+18E3858: 4C 8D 44 24 28 - lea r8,[rsp+28]
GameAssembly.dll+18E385D: 8B 94 02 8C 74 03 00 - mov edx,[rdx+rax+0003748C]
GameAssembly.dll+18E3864: E8 17 BE 7C FE - call GameAssembly.DllCanUnloadNow+CFC0
GameAssembly.dll+18E3869: 90 - nop
GameAssembly.dll+18E386A: 33 C9 - xor ecx,ecx
GameAssembly.dll+18E386C: FF 15 E6 38 79 02 - call qword ptr [GameAssembly.dll+4077158]
GameAssembly.dll+18E3872: 90 - nop
GameAssembly.dll+18E3873: C6 05 9C 08 A8 02 01 - mov byte ptr [GameAssembly.dll+4364116],01
GameAssembly.dll+18E387A: F3 0F 10 73 2C - movss xmm6,[rbx+2C]
// ---------- INJECTING HERE ----------
GameAssembly.dll+18E387F: F3 0F 10 7B 24 - movss xmm7,[rbx+24]
// ---------- DONE INJECTING ----------
GameAssembly.dll+18E3884: 48 8B 0D 95 6A AB 02 - mov rcx,[GameAssembly.dll+439A320]
GameAssembly.dll+18E388B: F6 81 2F 01 00 00 02 - test byte ptr [rcx+0000012F],02
GameAssembly.dll+18E3892: 74 0E - je GameAssembly.dll+18E38A2
GameAssembly.dll+18E3894: 83 B9 E0 00 00 00 00 - cmp dword ptr [rcx+000000E0],00
GameAssembly.dll+18E389B: 75 05 - jne GameAssembly.dll+18E38A2
GameAssembly.dll+18E389D: E8 1E 54 7D FE - call GameAssembly.dll+B8CC0
GameAssembly.dll+18E38A2: F3 0F 59 3D 86 97 FF 01 - mulss xmm7,[GameAssembly.dll+38DD030]
GameAssembly.dll+18E38AA: F3 0F 5E F7 - divss xmm6,xmm7
GameAssembly.dll+18E38AE: F3 0F 59 35 46 98 FF 01 - mulss xmm6,[GameAssembly.dll+38DD0FC]
GameAssembly.dll+18E38B6: 33 D2 - xor edx,edx
}
Start a fire. Harvest a carcass for 1+ hour. Shoot wildlife with revolver/rifle/bow. Mend clothing. If you would normally gain 1 skill point, you gain 350 skill points - the max required for any skill.
{ Game : tld.exe
Author : Sigan
}
[ENABLE]
aobscanmodule(INJECT,GameAssembly.dll,01 73 58 8B 7B 58) // should be unique
alloc(newmem,$1000,INJECT)
label(maxSkill)
label(code)
label(return)
newmem:
mov esi,[maxSkill]
code:
add [rbx+58],esi
mov edi,[rbx+58]
jmp return
maxSkill:
dd (Int)350
INJECT:
jmp newmem
nop
return:
registersymbol(INJECT)
registersymbol(maxSkill)
[DISABLE]
INJECT:
db 01 73 58 8B 7B 58
unregistersymbol(INJECT)
unregistersymbol(maxSkill)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+1E4EF7C
GameAssembly.dll+1E4EF54: 48 8B 0D 2D 29 54 02 - mov rcx,[GameAssembly.dll+4391888]
GameAssembly.dll+1E4EF5B: F6 81 2F 01 00 00 02 - test byte ptr [rcx+0000012F],02
GameAssembly.dll+1E4EF62: 74 0D - je GameAssembly.dll+1E4EF71
GameAssembly.dll+1E4EF64: 39 B9 E0 00 00 00 - cmp [rcx+000000E0],edi
GameAssembly.dll+1E4EF6A: 75 05 - jne GameAssembly.dll+1E4EF71
GameAssembly.dll+1E4EF6C: E8 4F 9D 26 FE - call GameAssembly.dll+B8CC0
GameAssembly.dll+1E4EF71: 33 C9 - xor ecx,ecx
GameAssembly.dll+1E4EF73: E8 A8 3E 7B FF - call GameManager.IsStoryMode
GameAssembly.dll+1E4EF78: 84 C0 - test al,al
GameAssembly.dll+1E4EF7A: 75 50 - jne GameAssembly.dll+1E4EFCC
// ---------- INJECTING HERE ----------
GameAssembly.dll+1E4EF7C: 01 73 58 - add [rbx+58],esi
// ---------- DONE INJECTING ----------
GameAssembly.dll+1E4EF7F: 8B 7B 58 - mov edi,[rbx+58]
GameAssembly.dll+1E4EF82: 48 8B 43 28 - mov rax,[rbx+28]
GameAssembly.dll+1E4EF86: 48 85 C0 - test rax,rax
GameAssembly.dll+1E4EF89: 0F 84 74 01 00 00 - je GameAssembly.dll+1E4F103
GameAssembly.dll+1E4EF8F: 83 78 18 04 - cmp dword ptr [rax+18],04
GameAssembly.dll+1E4EF93: 0F 86 42 01 00 00 - jbe GameAssembly.dll+1E4F0DB
GameAssembly.dll+1E4EF99: 8B 70 30 - mov esi,[rax+30]
GameAssembly.dll+1E4EF9C: 48 8B 0D 7D B3 54 02 - mov rcx,[GameAssembly.dll+439A320]
GameAssembly.dll+1E4EFA3: F6 81 2F 01 00 00 02 - test byte ptr [rcx+0000012F],02
GameAssembly.dll+1E4EFAA: 74 0E - je GameAssembly.dll+1E4EFBA
}
{ Game : tld.exe
Author : Sigan
}
[ENABLE]
aobscanmodule(INJECT,GameAssembly.dll,74 F3 0F 11 73 74) // should be unique
alloc(newmem,$1000,INJECT)
label(notWet)
label(code)
label(return)
newmem:
movss xmm6,[notWet]
code:
movss [rbx+74],xmm6
jmp return
notWet:
dd (float)0
INJECT+01:
jmp newmem
return:
registersymbol(INJECT)
registersymbol(notWet)
[DISABLE]
INJECT+01:
db F3 0F 11 73 74
unregistersymbol(INJECT)
unregistersymbol(notWet)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+17F250C
GameAssembly.dll+17F24E1: C6 05 B3 16 B7 02 01 - mov byte ptr [GameAssembly.dll+4363B9B],01
GameAssembly.dll+17F24E8: 33 D2 - xor edx,edx
GameAssembly.dll+17F24EA: 48 8B CB - mov rcx,rbx
GameAssembly.dll+17F24ED: E8 FE 20 00 00 - call ClothingItem.IsNearFire
GameAssembly.dll+17F24F2: 84 C0 - test al,al
GameAssembly.dll+17F24F4: 75 5B - jne GameAssembly.dll+17F2551
GameAssembly.dll+17F24F6: F3 0F 10 35 AA A7 0E 02 - movss xmm6,[GameAssembly.dll+38DCCA8]
GameAssembly.dll+17F24FE: F3 0F 5C 73 48 - subss xmm6,[rbx+48]
GameAssembly.dll+17F2503: F3 0F 59 F7 - mulss xmm6,xmm7
GameAssembly.dll+17F2507: F3 0F 58 73 74 - addss xmm6,[rbx+74]
// ---------- INJECTING HERE ----------
GameAssembly.dll+17F250C: F3 0F 11 73 74 - movss [rbx+74],xmm6
// ---------- DONE INJECTING ----------
GameAssembly.dll+17F2511: 48 8B 0D 08 7E BA 02 - mov rcx,[GameAssembly.dll+439A320]
GameAssembly.dll+17F2518: F6 81 2F 01 00 00 02 - test byte ptr [rcx+0000012F],02
GameAssembly.dll+17F251F: 74 0E - je GameAssembly.dll+17F252F
GameAssembly.dll+17F2521: 83 B9 E0 00 00 00 00 - cmp dword ptr [rcx+000000E0],00
GameAssembly.dll+17F2528: 75 05 - jne GameAssembly.dll+17F252F
GameAssembly.dll+17F252A: E8 91 67 8C FE - call GameAssembly.dll+B8CC0
GameAssembly.dll+17F252F: 0F 57 C0 - xorps xmm0,xmm0
GameAssembly.dll+17F2532: 0F 2F C6 - comiss xmm0,xmm6
GameAssembly.dll+17F2535: 77 12 - ja GameAssembly.dll+17F2549
GameAssembly.dll+17F2537: F3 0F 10 05 BD AB 0E 02 - movss xmm0,[GameAssembly.dll+38DD0FC]
}