Re: Overkill's The Walking Dead (Weapon\Parts\Ammo etc...)
Posted: Tue Nov 13, 2018 9:44 pm
Well I disassembled his online ammo on 1.0.5 which is the only thing I really wanted. Now made it my own, the next patch can coming now.
Community Cheat Tables of Cheat Engine
https://fearlessrevolution.com/
now now... i've been using cheat engine whole my life, 40 years or so, but cannot understand that... but i willing to learn... any tutorial links for learning all that stuff ??? thanksSunBeam wrote: ↑Mon Nov 12, 2018 9:02 pmFor what it's worth:
Code: Select all
local L1_1, L2_2, L3_3, L4_4, L5_5 L0_0 = getAddressList L0_0 = L0_0() addressList = L0_0 function L0_0(A0_6, A1_7) local L2_8, L3_9 L2_8 = type L3_9 = A1_7 L2_8 = L2_8(L3_9) L3_9 = nil if L2_8 ~= "function" and L2_8 ~= "table" then A1_7, L2_8 = nil, nil end if L2_8 == "function" or A1_7 and A1_7.__ctype == 1 then L3_9 = {} if L2_8 == "table" then for _FORV_7_, _FORV_8_ in pairs(A1_7) do L3_9[_FORV_7_] = _FORV_8_ end L3_9.__create = A1_7.__create L3_9.super = A1_7 else L3_9.__create = A1_7 end function L3_9.ctor() local L0_10, L1_11 end L3_9.__cname = A0_6 L3_9.__ctype = 1 function L3_9.new(...) L0_12 = L3_9.__create L0_12 = L0_12(...) for _FORV_4_, _FORV_5_ in pairs(L3_9) do L0_12[_FORV_4_] = _FORV_5_ end L0_12.class = L3_9 L0_12:ctor(...) return L0_12 end else if A1_7 then L3_9 = clone(A1_7) L3_9.super = A1_7 else L3_9 = { ctor = function() local L0_13, L1_14 end } end L3_9.__cname = A0_6 L3_9.__ctype = 2 L3_9.__index = L3_9 function L3_9.new(...) setmetatable({}, L3_9).class = L3_9 setmetatable({}, L3_9):ctor(...) return (setmetatable({}, L3_9)) end end return L3_9 end class = L0_0 L0_0 = loadstring L0_0 = L0_0(L1_1) L0_0 = L0_0() HashMap = L0_0 function L0_0(A0_15, A1_16, A2_17) local L3_18, L4_19, L5_20, L6_21, L7_22, L8_23 L3_18 = type L3_18 = L3_18(L4_19) if L3_18 ~= "string" then A2_17 = "" end L3_18 = type L3_18 = L3_18(L4_19) if L3_18 ~= "table" then L3_18 = print L3_18(L4_19) else L3_18 = print L3_18(L4_19) if A1_16 ~= 0 then L3_18 = A2_17 L3_18 = L3_18 .. L4_19 L4_19(L5_20) for L7_22, L8_23 in L4_19(L5_20) do io.stdout:write(L3_18 .. L7_22 .. " = ") if type(L8_23) ~= "table" or type(A1_16) == "number" and A1_16 <= 1 then print(L8_23) elseif A1_16 == nil then var_dump(L8_23, nil, L3_18) else var_dump(L8_23, A1_16 - 1, L3_18) end end L4_19(L5_20) end end end var_dump = L0_0 function L0_0(A0_24, A1_25) var_dump(A0_24, A1_25 or 5) end vd = L0_0 function L0_0(A0_26, A1_27) local L2_28 L2_28 = readQword L2_28 = L2_28(getAddress(A0_26)) for _FORV_6_ = 1, #A1_27 - 1 do if L2_28 ~= 0 then L2_28 = readQword(L2_28 + A1_27[_FORV_6_]) else end end if L2_28 ~= 0 then L2_28 = L2_28 + A1_27[#A1_27] end return L2_28 end GetAddrByPointer = L0_0 L0_0 = {} FindArr = L0_0 L0_0 = {} ReplaceArr = L0_0 function L0_0(A0_29) local L1_30, L2_31, L3_32, L4_33 L1_30 = getAddress L2_31 = "OTWD-Win64-Shipping.exe+0" L1_30 = L1_30(L2_31) L2_31 = getAddress L3_32 = "OTWD-Win64-Shipping.exe+3DC4800" L2_31 = L2_31(L3_32) L3_32 = createMemScan L4_33 = nil L3_32 = L3_32(L4_33) L3_32.OnlyOneResult = true L4_33 = L3_32.firstScan L4_33(soExactValue, vtByteArray, rtRounded, A0_29, "", AOBScanRwstartAddressVal, L2_31, "+X-C-W", fsmNotAligned, "", true, true, false, false) L4_33 = L3_32.waitTillDone L4_33() L4_33 = L3_32.Result if L4_33 then printf("0x%X: getAddress(\"%s\")", L4_33, getNameFromAddress(L4_33)) else print("Can't Find:" .. A0_29) end FindArr[#FindArr + 1] = string.format("AOBScanR%%(\"%s", string.gsub(A0_29, "%?", "%%?")) ReplaceArr[#ReplaceArr + 1] = string.format("getAddress(\"%s", getNameFromAddress(L4_33)) print(#FindArr) L3_32.destroy() return L4_33 end AOBScanRw = L0_0 function L0_0(A0_34) do return AOBScanRw(A0_34) end if AOBScan(A0_34, "..X-C-W", 0, "") ~= nil then if AOBScan(A0_34, "..X-C-W", 0, "").Count > 1 then print("AOBScan More Then One: " .. A0_34) return nil end print("0x" .. AOBScan(A0_34, "..X-C-W", 0, "")[0]) return tonumber(AOBScan(A0_34, "..X-C-W", 0, "")[0], 16) end return nil end AOBScanR = L0_0 function L0_0(A0_35) if AOBScan(A0_35, "+W-C-X", 0, "") ~= nil then if AOBScan(A0_35, "+W-C-X", 0, "").Count > 1 then print("AOBScanRW More Then One: " .. A0_35) return nil end print("0x" .. AOBScan(A0_35, "+W-C-X", 0, "")[0]) return tonumber(AOBScan(A0_35, "+W-C-X", 0, "")[0], 16) end return nil end AOBScanRW = L0_0 function L0_0(A0_36, A1_37, A2_38) addressList.createMemoryRecord().setDescription(A0_36) addressList.createMemoryRecord().setAddress(getAddress(A1_37)) addressList.createMemoryRecord().Active = false addressList.createMemoryRecord().DontSave = true addressList.createMemoryRecord().appendToEntry(A2_38) return (addressList.createMemoryRecord()) end AddMemoryRecordAppend = L0_0 function L0_0(A0_39, A1_40, A2_41, A3_42, A4_43, A5_44) local L6_45 if A0_39 == nil then L6_45 = nil return L6_45 end L6_45 = addressList L6_45 = L6_45.getMemoryRecordByDescription L6_45 = L6_45(A0_39) if L6_45 == nil then L6_45 = addressList.createMemoryRecord() L6_45.setDescription(A0_39) L6_45.Active = A3_42 or false end L6_45.DontSave = A2_41 or true if A1_40 then L6_45.Type = A1_40 end if A4_43 then function L6_45.OnActivate(A0_46, A1_47, A2_48) if A1_47 == false then return true end return A4_43() end end if A5_44 then function L6_45.OnDeactivate(A0_49, A1_50, A2_51) if A1_50 == false then return true end return A5_44() end end if L6_45.Active then L6_45.Active = false L6_45.Active = true end return L6_45 end AddMemoryRecordIfNotExiestAndReturn = L0_0 function L0_0(A0_52, A1_53, A2_54) local L3_55 L3_55 = _G L3_55[A0_52] = AddMemoryRecordIfNotExiestAndReturn(A0_52, vtCustom, true, false, A1_53, A2_54) L3_55 = _G L3_55 = L3_55[A0_52] return L3_55 end AddMemoryRecordCustom = L0_0 function L0_0(A0_56, A1_57, A2_58, A3_59) for _FORV_8_ = 0, addressList.Count - 1 do if addressList[_FORV_8_].Type == vtAutoAssembler then _FORV_8_ = _FORV_8_ + 1 end if addressList[_FORV_8_].Active and addressList[_FORV_8_].Description == A1_57 then break end if getAddress(addressList[_FORV_8_].Address) == getAddress(A0_56) then return addressList[_FORV_8_] end end if false then addressList.createMemoryRecord().setDescription(A1_57) addressList.createMemoryRecord().setAddress(getAddress(A0_56)) addressList.createMemoryRecord().Type = vtSingle addressList.createMemoryRecord().Active = false addressList.createMemoryRecord().DontSave = true if A2_58 then addressList.createMemoryRecord().Type = A2_58 end if A3_59 then addressList.createMemoryRecord().appendToEntry(A3_59) end return (addressList.createMemoryRecord()) end end findAndAddToList = L0_0 function L0_0(A0_60, A1_61) local L2_62, L3_63, L4_64, L5_65 for L5_65 = 0, L3_63 - 1 do if addressList[L5_65].Type == vtAutoAssembler then L5_65 = L5_65 + 1 end if addressList[L5_65].Description ~= A1_61 and string.find(addressList[L5_65].Description, A0_60, 1, true) ~= nil then if NotWithoutExecute == true then addressList[L5_65].Active = false else addressList[L5_65].disableWithoutExecute() end end end end DeActiveAllByName = L0_0 function L0_0(...) local L2_67 L0_66 = print L2_67 = string L2_67 = L2_67.format L2_67 = L2_67(...) L0_66(L2_67, L2_67(...)) end printf = L0_0 function L0_0(A0_68) local L1_69 L1_69 = print L1_69(string.format("0x%x", A0_68)) end printx = L0_0 L0_0 = getOpenedProcessID L0_0 = L0_0() if L0_0 ~= nil then L0_0 = getProcessIDFromProcessName L0_0 = L0_0(L1_1) elseif L0_0 ~= L1_1 then L0_0 = print L0_0(L1_1) L0_0 = openProcess L0_0(L1_1) end L0_0 = debug_isDebugging L0_0 = L0_0() if L0_0 ~= false then L0_0 = debug_isBroken L0_0 = L0_0() elseif L0_0 then L0_0 = print L0_0(L1_1) L0_0 = writeBytes L4_4 = 236 L5_5 = 40 L0_0(L1_1, L2_2, L3_3, L4_4, L5_5, 101, 72, 139, 4, 37, 96, 0, 0, 0, 128, 120, 2, 0, 117) L0_0 = writeBytes L0_0(L1_1, L2_2) OriOpcodeHM = nil L0_0 = debugProcess L0_0(L1_1) end L0_0 = debug_getBreakpointList L0_0 = L0_0() for L4_4, L5_5 in L1_1(L2_2) do debug_removeBreakpoint(L5_5) end L1_1(L2_2) L1_1(L2_2) addressAmmo = L1_1 L1_1(L2_2) addressAmmoOnlineFix = L1_1 L1_1(L2_2) addressHp = L1_1 L1_1(L2_2) addressInGameRes = L1_1 L1_1(L2_2) addressInGameRes1 = L1_1 L1_1(L2_2) addressInGameTool = L1_1 L1_1(L2_2) addressInGameTool1 = L1_1 L1_1(L2_2) addressInGameTool2 = L1_1 L1_1(L2_2) L1_1(L2_2) L1_1(L2_2) L1_1(L2_2) addressGameRes = L1_1 L1_1(L2_2) addressSurvivors = L1_1 L1_1(L2_2) addressLevelHard = L1_1 L1_1(L2_2) addressCharExp = L1_1 L1_1(L2_2) addressSilencer = L1_1 L1_1(L2_2) addressWeap = L1_1 L1_1(L2_2) L1_1(L2_2) addressWeapMod = L1_1 L1_1(L2_2) L1_1(L2_2) addressModFix = L1_1 L1_1(L2_2) addressInGameSup = L1_1 L1_1(L2_2) addressInGameSup1 = L1_1 addressGunStatusInGame = L1_1 L1_1(L2_2) ToolsFix1 = L1_1 L4_4 = 192 L5_5 = 254 L1_1(L2_2, L3_3, L4_4, L5_5, 192, 144, 144, 144) L1_1(L2_2) ToolsFix2 = L1_1 L4_4 = 192 L5_5 = 254 L1_1(L2_2, L3_3, L4_4, L5_5, 192, 233, 50, 1, 0, 0) L1_1(L2_2) ToolsFix3 = L1_1 L4_4 = 144 L1_1(L2_2, L3_3, L4_4) L1_1(L2_2) ToolsFix4 = L1_1 L4_4 = 144 L1_1(L2_2, L3_3, L4_4) L4_4 = 144 L5_5 = 144 L1_1(L2_2, L3_3, L4_4, L5_5, 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, 144) debug_Safe_setBreakpoint = L1_1 genmods = L2_2 copysolt = L2_2 levelHardVal = 0 L2_2.OnValueChange = L3_3 L2_2.ctor = L3_3 if L3_3 == nil then OriOpcodeHM = L3_3 end autoAssembleLua = L3_3 L4_4 = "AOBScanRDone" L3_3(L4_4) L4_4 = "Mods" L3_3() L4_4 = "Weapons" L3_3() L4_4 = "Characters" L3_3() L4_4 = "PartTypes" L3_3() L4_4 = "InGameCheat" InGameCheat = L3_3 L4_4 = "Finders" Finders = L3_3 L4_4 = "AutoFixs" AutoFixs = L3_3 L4_4 = "Others" Others = L3_3 L4_4 = "Hint \232\175\180\230\152\142" function L5_5(A0_70, A1_71, A2_72) showMessage("\230\179\168\230\132\143\229\164\135\228\187\189\229\173\152\230\161\163\239\188\129\239\188\129\239\188\129\239\188\129\239\188\129\nInGameCheat: \n HpFinder:\n \239\188\136\232\142\183\229\143\150\230\137\128\230\156\137\229\141\149\228\189\141\231\154\132\232\161\128\233\135\143\239\188\137\230\154\130\230\151\160\231\148\168\n CraftResFix:\n \230\184\184\230\136\143\229\134\133\229\136\182\228\189\156\232\181\132\230\186\144\230\151\160\233\153\144\n Ammo: \n \230\151\160\233\153\144\229\173\144\229\188\185\227\128\129\230\151\160\229\144\142\229\186\167\227\128\129\230\151\160\233\153\144\229\176\132\233\128\159\n Silencer: \n \230\151\160\233\153\144\230\182\136\233\159\179\229\153\168(\228\184\187\230\156\186\230\151\182\229\175\185\229\133\182\229\174\131\231\142\169\229\174\182\230\156\137\230\149\136)\n NoNoise: \n \230\151\160\229\152\136\230\157\130\229\186\166(\228\184\187\230\156\186\230\151\182\230\156\137\230\149\136)\nFinders: \n ModFinder: \n \230\184\184\230\136\143\229\134\133\233\128\137\230\139\169\233\133\141\228\187\182\230\140\1371\230\148\182\232\151\143\229\144\142\229\143\175\228\191\174\230\148\185\233\133\141\228\187\182\231\173\137\231\186\167\229\146\140\231\177\187\229\158\139\n WeaponFinder: \n \230\184\184\230\136\143\229\134\133\233\128\137\230\139\169\230\173\166\229\153\168\230\140\1371\230\148\182\232\151\143\229\144\142\229\143\175\228\191\174\230\148\185\230\173\166\229\153\168\231\173\137\231\186\167\\\\\231\177\187\229\158\139\\\\\229\146\140\233\133\141\228\187\182\\\\\232\131\189\229\138\155\229\128\188 \228\184\142\233\133\141\228\187\182\230\167\189 \233\133\141\228\187\182\230\167\189\228\191\174\230\148\185\232\190\131\229\164\141\230\157\130\232\175\183\232\135\170\232\161\140\231\140\156\230\181\139(\230\156\137\229\135\160\231\142\135\229\180\169\230\186\131\229\157\143\230\161\163)\n CharactersStatusFinder: \n \229\136\135\230\141\162\232\135\179\232\167\146\232\137\178\233\161\181\230\136\150\229\156\168\232\167\146\232\137\178\233\161\181\229\136\135\230\141\162\232\167\146\232\137\178\229\143\175\232\142\183\229\190\151\229\189\147\229\137\141\232\167\146\232\137\178\231\154\132\229\156\176\229\157\128\nAutoFixs:\n ModFix: \n \229\139\190\233\128\137\229\144\142\229\136\135\230\141\162\232\135\179\233\133\141\228\187\182\233\161\181\233\157\162 \232\174\190\231\189\174\230\137\128\230\156\137\233\133\141\228\187\182\229\136\176\228\188\160\229\165\135\n SurvivorsFix:\n \229\139\190\233\128\137\229\144\142\229\136\135\230\141\162\232\135\179\229\185\184\229\173\152\232\128\133\233\161\181\233\157\162 \232\174\190\231\189\174\230\137\128\230\156\137\229\185\184\229\173\152\232\128\133\228\184\18610\231\186\167\229\184\166\230\152\159\nOthers:\n GameResFix: \n \229\139\190\233\128\137\229\144\142\229\136\135\230\141\162\232\135\179\229\159\186\229\156\176\229\141\135\231\186\167\233\161\181\233\157\162 \232\174\190\231\189\174\230\137\128\230\156\137\232\181\132\230\186\144\231\136\134\232\161\168\n LevelHardLocker: \n \229\139\190\233\128\137\229\144\142\229\136\135\230\141\162\232\135\179\233\154\190\229\186\166\233\128\137\230\139\169 \229\143\175\232\142\183\229\190\151\233\154\190\229\186\166\229\156\176\229\157\128\239\188\136\231\148\168\228\186\142\229\155\186\229\174\154\233\154\190\229\186\166\239\188\137\239\188\136\231\150\145\228\188\188\229\157\143\230\161\163\239\188\137\n\t\t") return false end L3_3(L4_4, L5_5, function(A0_73, A1_74, A2_75) local L3_76 L3_76 = false return L3_76 end) L4_4 = "ModFix" function L5_5(A0_77, A1_78, A2_79) debug_Safe_setBreakpoint(addressModFix, 1, bptExecute, bpmInt3, function() writeBytes(RDI + 24, 5) debug_continueFromBreakpoint(co_run) end) return true end L4_4 = AutoFixs L3_3(L4_4) L4_4 = AddMemoryRecordCustom L5_5 = "ModFinder" L4_4 = L4_4(L5_5, function(A0_80, A1_81, A2_82) debug_Safe_setBreakpoint(addressWeapMod, 1, bptExecute, bpmInt3, function() local L0_83, L1_84, L2_85 L0_83 = RAX L1_84 = findAndAddToList L2_85 = L0_83 L1_84 = L1_84(L2_85, "ScriptMod", vtQword) L2_85 = L1_84.appendToEntry L2_85(AddMemoryRecordCustom("Mods")) L2_85 = findAndAddToList L2_85 = L2_85(L0_83 + 16, "Type", vtQword, L1_84) L2_85.ShowAsHex = true AddMemoryRecordCustom(string.format("ModCopy: 0x%x", L0_83 + 16)).appendToEntry(L1_84) AddMemoryRecordCustom(string.format("ModCopy: 0x%x", L0_83 + 16)).OnActivate = function(A0_86, A1_87, A2_88) DeActiveAllByName("ModCopy", A0_86.Description) L3_3 = L2_85 function L3_3.OnDestroy() local L1_89 L1_89 = nil L3_3 = L1_89 end return true end AddMemoryRecordCustom(string.format("ModPaste: 0x%x", L0_83 + 16)).appendToEntry(L1_84) AddMemoryRecordCustom(string.format("ModPaste: 0x%x", L0_83 + 16)).OnActivate = function(A0_90, A1_91, A2_92) local L3_93 L3_93 = writeQword L3_93(L0_83 + 16, readQword(L3_3.CurrentAddress)) L3_93 = false return L3_93 end debug_continueFromBreakpoint(co_run) end) return true end, function(A0_94, A1_95, A2_96) debug_removeBreakpoint(addressWeapMod) return true end) L4_4 = L4_4.appendToEntry L5_5 = Finders L4_4(L5_5) L4_4 = AddMemoryRecordCustom L5_5 = "WeaponFinder" L4_4 = L4_4(L5_5, function(A0_97, A1_98, A2_99) debug_Safe_setBreakpoint(addressWeap, 1, bptExecute, bpmInt3, function() local L0_100, L1_101, L2_102, L3_103, L4_104, L5_105 L0_100 = RAX L1_101 = AddMemoryRecordIfNotExiestAndReturn L2_102 = string L2_102 = L2_102.format L3_103 = "ScriptWaep 0x%X: " L4_104 = L0_100 L2_102 = L2_102(L3_103, L4_104) L3_103 = vtByteArray L4_104 = true L5_105 = false L1_101 = L1_101(L2_102, L3_103, L4_104, L5_105, nil, nil) L2_102 = L1_101.appendToEntry L3_103 = AddMemoryRecordCustom L4_104 = "Weapons" L5_105 = L3_103(L4_104) L2_102(L3_103, L4_104, L5_105, L3_103(L4_104)) L2_102 = getAddress L3_103 = L0_100 L2_102 = L2_102(L3_103) L1_101.Address = L2_102 L2_102 = L1_101.Aob L2_102.Size = 384 L2_102 = findAndAddToList L3_103 = L0_100 + 8 L4_104 = "WeaponData" L5_105 = vtByteArray L2_102 = L2_102(L3_103, L4_104, L5_105, L1_101) L3_103 = L2_102.Aob L3_103.Size = 16 L3_103 = findAndAddToList L4_104 = L0_100 + 24 L5_105 = "WeaponType" L3_103 = L3_103(L4_104, L5_105, vtQword, L1_101) L3_103.ShowAsHex = true L4_104 = findAndAddToList L5_105 = L0_100 + 56 L4_104 = L4_104(L5_105, "ModAbleParts", vtByte, L1_101) L5_105 = findAndAddToList L5_105(L0_100 + 96, "Rate 0-6", vtByte, L1_101) L5_105 = findAndAddToList L5_105(L0_100 + 97, "Repair 0-3", vtByte, L1_101) L5_105 = findAndAddToList L5_105(L0_100 + 100, "CombatRate", vtDword, L1_101) L5_105 = findAndAddToList L5_105(L0_100 + 107, "durable", vtByte, L1_101) L5_105 = findAndAddToList L5_105(L0_100 + 108, "Favorite", vtByte, L1_101) L5_105 = findAndAddToList L5_105(L0_100 + 109, "isNew", vtByte, L1_101) L5_105 = AddMemoryRecordCustom L5_105 = L5_105(string.format("Mods 0x%X: ", L0_100), nil, function(A0_106, A1_107, A2_108) local L3_109 L3_109 = false return L3_109 end) L5_105.setAddress(getAddress(L0_100 + 48)) L5_105.ShowAsHex = true L5_105.Type = vtByteArray L5_105.setOffsetCount(1) L5_105.Aob.Size = 384 L5_105.appendToEntry(L1_101) genmods(L0_100, L5_105, L1_101, readInteger(L0_100 + 56)) debug_continueFromBreakpoint(co_run) end) return true end, function(A0_110, A1_111, A2_112) debug_removeBreakpoint(addressWeap) return true end) L4_4 = L4_4.appendToEntry L5_5 = Finders L4_4(L5_5) L4_4 = AddMemoryRecordCustom L5_5 = "CharactersStatusFinder" L4_4 = L4_4(L5_5, function(A0_113, A1_114, A2_115) debug_Safe_setBreakpoint(addressCharExp, 1, bptExecute, bpmInt3, function() local L0_116, L1_117, L2_118 L0_116 = RDI L0_116 = L0_116 + 96 L1_117 = L0_116 - 8 L2_118 = findAndAddToList L2_118 = L2_118(RDI, "Character", vtByteArray) L2_118.appendToEntry(AddMemoryRecordCustom("Characters")) L2_118.ShowAsHex = true L2_118.Aob.Size = 104 findAndAddToList(L1_117, "ScriptLevel", vtByte).appendToEntry(L2_118) findAndAddToList(L1_117 + 4, "ScriptSkillPoint", vtByte).appendToEntry(L2_118) findAndAddToList(L0_116, "ScriptExp", vtDword).appendToEntry(L2_118) debug_continueFromBreakpoint(co_run) end) return true end, function(A0_119, A1_120, A2_121) debug_removeBreakpoint(addressCharExp) return true end) L4_4 = L4_4.appendToEntry L5_5 = Finders L4_4(L5_5) function L4_4(A0_122, A1_123, A2_124, A3_125, A4_126) A0_122 = "????????" return string.format("???????????????? 0b002800 %s ???????????????? %s 00000000 ???????????????? ???????? 00000000 %s 00000000 FFFFFFFF 00000000 ???????? 00000000 %s 00000000 00000000 00000000 00000000 00000000 FFFFFFFF 00000000 ???????? 00000000 %s 00000000", A0_122, A1_123, A2_124, A3_125, A4_126) end GenPartAobStr = L4_4 AOBScanRWPStartAddressVal = 0 AOBScanRWPEndAddressVal = 140737488355327 function L4_4(A0_127) local L1_128, L2_129 L1_128 = createMemScan L2_129 = nil L1_128 = L1_128(L2_129) L1_128.OnlyOneResult = true L2_129 = L1_128.firstScan L2_129(soExactValue, vtByteArray, rtRounded, A0_127, "", AOBScanRWPStartAddressVal, AOBScanRWPEndAddressVal, "+W-C-X", fsmNotAligned, "", true, true, false, false) L2_129 = L1_128.waitTillDone L2_129() L2_129 = L1_128.Result if L2_129 then if AOBScanRWPStartAddressVal == 0 and AOBScanRWPEndAddressVal == 140737488355327 then AOBScanRWPStartAddressVal = getAddress(L2_129) - 33554432 AOBScanRWPEndAddressVal = getAddress(L2_129) + 33554432 if AOBScanRWPStartAddressVal < 0 then AOBScanRWPStartAddressVal = 0 end if AOBScanRWPStartAddressVal > 140737488355327 then AOBScanRWPEndAddressVal = 140737488355327 end end else print("AOBScanRWP Can't Find:" .. A0_127) end L1_128.destroy() return L2_129 end AOBScanRWP = L4_4 function L4_4(A0_130, A1_131, A2_132, A3_133, A4_134, A5_135) local L6_136 L6_136 = AOBScanRWP L6_136 = L6_136(GenPartAobStr(A1_131, A2_132, A3_133, A4_134, A5_135)) findAndAddToList(L6_136, A0_130).appendToEntry(AddMemoryRecordCustom("PartTypes")) findAndAddToList(L6_136, A0_130).Type = vtByteArray findAndAddToList(L6_136, A0_130).Aob.Size = 0 findAndAddToList(L6_136, A0_130).ShowAsHex = true end AddPartTypeToList = L4_4 L4_4 = AddMemoryRecordCustom L5_5 = "HpFinder" L4_4 = L4_4(L5_5, function(A0_137, A1_138, A2_139) debug_Safe_setBreakpoint(addressHp, 1, bptExecute, bpmInt3, function() local L0_140, L1_141 L0_140 = RAX L0_140 = L0_140 + 244 L1_141 = readFloat L1_141 = L1_141(L0_140) if L1_141 > 149.0 then L1_141 = findAndAddToList L1_141 = L1_141(RAX, "Unit") L1_141.appendToEntry(AddMemoryRecordCustom("Units")) findAndAddToList(L0_140, "ScriptHp").appendToEntry(L1_141) end L1_141 = debug_continueFromBreakpoint L1_141(co_run) end) return true end, function(A0_142, A1_143, A2_144) debug_removeBreakpoint(addressHp) return true end) L4_4 = L4_4.appendToEntry L5_5 = InGameCheat L4_4(L5_5) L4_4 = AddMemoryRecordCustom L5_5 = "SurvivorsFix" L4_4 = L4_4(L5_5, function(A0_145, A1_146, A2_147) debug_Safe_setBreakpoint(addressSurvivors, 1, bptExecute, bpmInt3, function() local L0_148 L0_148 = RCX L0_148 = L0_148 + 328 writeBytes(L0_148, 0, 0, 0, 0, 10) writeBytes(L0_148 + 6, 1) debug_continueFromBreakpoint(co_run) end) return true end, function(A0_149, A1_150, A2_151) debug_removeBreakpoint(addressSurvivors) return true end) L4_4 = L4_4.appendToEntry L5_5 = AutoFixs L4_4(L5_5) L4_4 = AddMemoryRecordCustom L5_5 = "GameResFix" L4_4 = L4_4(L5_5, function(A0_152, A1_153, A2_154) debug_Safe_setBreakpoint(addressGameRes, 1, bptExecute, bpmInt3, function() local L0_155 L0_155 = RCX L0_155 = L0_155 + 760 writeBytes(L0_155, 255, 255, 0, 0, 255, 255, 0, 0, 255, 255, 0, 0, 255, 255, 0, 0, 255, 255, 0, 0) AddMemoryRecordIfNotExiestAndReturn("addressGameRes", nil, true, false, nil, nil).Type = vtByteArray AddMemoryRecordIfNotExiestAndReturn("addressGameRes", nil, true, false, nil, nil).ShowAsHex = true AddMemoryRecordIfNotExiestAndReturn("addressGameRes", nil, true, false, nil, nil).Aob.Size = 20 AddMemoryRecordIfNotExiestAndReturn("addressGameRes", nil, true, false, nil, nil).setAddress(getAddress(L0_155)) debug_continueFromBreakpoint(co_run) end) return true end, function(A0_156, A1_157, A2_158) debug_removeBreakpoint(addressGameRes) return true end) L4_4 = L4_4.appendToEntry L5_5 = Others L4_4(L5_5) L4_4 = AddMemoryRecordCustom L5_5 = "CraftResFix" L4_4 = L4_4(L5_5, function(A0_159, A1_160, A2_161) debug_Safe_setBreakpoint(addressInGameRes, 1, bptExecute, bpmInt3, function() local L0_162 L0_162 = RDI L0_162 = L0_162 + 140 L0_162 = L0_162 - 4 writeBytes(L0_162, 0, 0, 198, 66, 0, 0, 198, 66, 0, 0, 198, 66, 0, 0, 198, 66, 0, 0, 198, 66, 0, 0, 198, 66, 0, 0, 198, 66, 0, 0, 198, 66) debug_continueFromBreakpoint(co_run) end) debug_Safe_setBreakpoint(addressInGameRes1, 1, bptExecute, bpmInt3, function() local L0_163 L0_163 = RBX L0_163 = L0_163 + 140 L0_163 = L0_163 - 4 writeBytes(L0_163, 0, 0, 198, 66, 0, 0, 198, 66, 0, 0, 198, 66, 0, 0, 198, 66, 0, 0, 198, 66, 0, 0, 198, 66, 0, 0, 198, 66, 0, 0, 198, 66) end) return true end, function(A0_164, A1_165, A2_166) debug_removeBreakpoint(addressInGameRes) debug_removeBreakpoint(addressInGameRes1) return true end) L4_4 = L4_4.appendToEntry L5_5 = InGameCheat L4_4(L5_5) L4_4 = AddMemoryRecordCustom L5_5 = "Ammo" L4_4 = L4_4(L5_5, function(A0_167, A1_168, A2_169) autoAssembleLua(addressAmmo, "\t\tmov [rbx+00000D48],270f//\229\173\144\229\188\185\n\t\t//mov [rbx+00000080],461C4000//\229\176\132\233\128\159\n\t\tpush rbx\n\t\tmov rbx,[rbx+00000D10]\n\t\tmov [rbx+44],0//\229\185\179\229\176\132\230\149\163\229\176\132\n\t\tmov [rbx+58],0//\229\188\128\233\149\156\230\149\163\229\176\132\n\t\tmov [rbx+70],461C4000 //\229\144\142\229\186\167\230\138\145\229\136\182\n\t\tmov [rbx+38],3D4CCCCD//\229\188\128\233\149\156\233\128\159\229\186\166\n\t\tmov [rbx+50],40A00000//\232\133\176\229\176\132\230\149\163\229\176\132\230\138\145\229\136\182\n\t\tmov [rbx+60],40A00000//\229\188\128\233\149\156\230\149\163\229\176\132\230\138\145\229\136\182\n\t\tmov [rbx+a0],461C3C00//\229\136\157\229\167\139\229\164\135\229\188\185\230\149\176\239\188\159\n\t\tmov [rbx+a4],461C3C00//\229\164\135\229\188\185\230\149\176\n\t\tmov [rbx+a8],461C3C00//\229\136\157\229\167\139\229\188\185\229\164\185\230\156\128\233\171\152\239\188\159\239\188\159\n\t\tmov [rbx+ac],461C3C00//\229\188\185\229\164\185\230\156\128\233\171\152\n\t\tmov [rbx+b8],40A00000//\230\141\162\229\188\185\229\128\141\233\128\159\n\t\tmov [rbx+10c],453B8000//\230\175\143\229\136\134\233\146\159\229\176\132\233\128\159\n\t\tpop rbx\n\t\t", true) autoAssembleLua(addressAmmoOnlineFix, [[ mov ax,270f mov [rbx+d4a],270f mov [rbx+d4c],270f mov [rbx+d48],270f ]], true) return true end, function(A0_170, A1_171, A2_172) autoAssembleLua(addressAmmo, "", false) autoAssembleLua(addressAmmoOnlineFix, "", false) return true end) L4_4 = L4_4.appendToEntry L5_5 = InGameCheat L4_4(L5_5) L4_4 = print L5_5 = "NoNoise" L4_4(L5_5) L4_4 = getAddress L5_5 = "OTWD-Win64-Shipping.exe+2671AE" L4_4 = L4_4(L5_5) L4_4 = L4_4 + 16 addressNoNoise = L4_4 L4_4 = AddMemoryRecordCustom L5_5 = "NoNoise" L4_4 = L4_4(L5_5, function(A0_173, A1_174, A2_175) autoAssembleLua(addressNoNoise, [[ mov [rbx+000498],0 XORPD xmm3,xmm3 ]], true) return true end, function(A0_176, A1_177, A2_178) autoAssembleLua(addressNoNoise, "", false) debug_removeBreakpoint(addressAmmoOnlineFix) return true end) L4_4 = L4_4.appendToEntry L5_5 = InGameCheat L4_4(L5_5) L4_4 = AddMemoryRecordCustom L5_5 = "Tool" L4_4 = L4_4(L5_5, function(A0_179, A1_180, A2_181) local L3_182 function L3_182() AddMemoryRecordIfNotExiestAndReturn("addressInGameToolScriptGen", vtByteArray, true, false, nil, nil).setAddress(getAddress(RDI + 56)) AddMemoryRecordIfNotExiestAndReturn("addressInGameToolScriptGen", vtByteArray, true, false, nil, nil).ShowAsHex = true AddMemoryRecordIfNotExiestAndReturn("addressInGameToolScriptGen", vtByteArray, true, false, nil, nil).Value = "00 00 C6 42 00 00 C6 42 00 00 C6 42 00 00 C6 42 00 00 C6 42 00 00 C6 42" debug_continueFromBreakpoint(co_run) end debug_Safe_setBreakpoint(addressInGameTool, 1, bptExecute, bpmInt3, L3_182) debug_Safe_setBreakpoint(addressInGameTool1, 1, bptExecute, bpmInt3, L3_182) debug_Safe_setBreakpoint(addressInGameTool2, 1, bptExecute, bpmInt3, L3_182) return true end, function(A0_183, A1_184, A2_185) debug_removeBreakpoint(addressInGameTool) debug_removeBreakpoint(addressInGameTool1) debug_removeBreakpoint(addressInGameTool2) return true end) L4_4 = L4_4.appendToEntry L5_5 = InGameCheat L4_4(L5_5) L4_4 = AddMemoryRecordCustom L5_5 = "Silencer" L4_4 = L4_4(L5_5, function(A0_186, A1_187, A2_188) writeBytes(addressSilencer, 199, 131, 8, 15, 0, 0, 0, 0, 0, 0) return true end, function(A0_189, A1_190, A2_191) writeBytes(addressSilencer, 132, 192, 116, 6, 255, 131, 8, 15, 0, 0) return true end) L4_4 = L4_4.appendToEntry L5_5 = InGameCheat L4_4(L5_5) L4_4 = AddMemoryRecordCustom L5_5 = "LevelHardLocker" L4_4 = L4_4(L5_5, function(A0_192, A1_193, A2_194) debug_Safe_setBreakpoint(addressLevelHard, 2, bptExecute, bpmInt3, function() local L0_195 L0_195 = _G L0_195 = L0_195.prveHardAddr if L0_195 == nil then prveHardAddr = 0 end L0_195 = RDI L0_195 = L0_195 + 768 AddMemoryRecordIfNotExiestAndReturn("addressLevelHardScriptGen", nil, true, false, nil, nil).setAddress(getAddress(L0_195)) debug_removeBreakpoint(prveHardAddr) prveHardAddr = L0_195 debug_Safe_setBreakpoint(prveHardAddr, 2, bptAccess, bpmInt3, function() if addressList.getMemoryRecordByDescription("addressLevelHardScriptGen").Active then writeBytes(prveHardAddr, levelHardVal) end debug_continueFromBreakpoint(co_run) end) debug_continueFromBreakpoint(co_run) end) return true end, function(A0_196, A1_197, A2_198) debug_removeBreakpoint(addressLevelHard) return true end) L4_4 = L4_4.appendToEntry L5_5 = Others L4_4(L5_5) function L4_4() local L0_199, L1_200 end debugger_onBreakpoint = L4_4 L4_4 = print L5_5 = "ScriptInitDone" L4_4(L5_5)
==Code: Select all
\230\179\168\230\132\143\229\164\135\228\187
What can we learn from his code:Code: Select all
E6 B3 A8 E6 84 8F E5 A4 87 E4 BB BD E5 AD 98 E6 A1 A3 EF BC 81 EF BC 81 EF BC 81 EF BC 81 EF BC 81
- "OTWD-Win64-Shipping.exe+3DC4800" is a pointer; find references to it and you'll land on the class constructor function:
How many UObjects are there? Check [RBP+0x70]Code: Select all
00007FF7D022242B | 4C:8945 70 | MOV QWORD PTR SS:[RBP+70],R8 | 00007FF7D022242F | 48:8945 60 | MOV QWORD PTR SS:[RBP+60],RAX | 00007FF7D0222433 | 4D:85C0 | TEST R8,R8 | 00007FF7D0222436 | 0F84 15010000 | JE otwd-win64-shipping.7FF7D0222551 | 00007FF7D022243C | 0F1F40 00 | NOP DWORD PTR DS:[RAX],EAX | 00007FF7D0222440 | 48:8B00 | MOV RAX,QWORD PTR DS:[RAX] | 00007FF7D0222443 | FFD0 | CALL RAX | <-- enter 00007FF7D0222445 | 48:8BD8 | MOV RBX,RAX | 00007FF7D0222448 | 4C:8BC0 | MOV R8,RAX | .. 00007FF7D1703F40 | 48:83EC 28 | SUB RSP,28 | 00007FF7D1703F44 | 48:8B05 B5083302 | MOV RAX,QWORD PTR DS:[7FF7D3A34800] | 00007FF7D1703F4B | 48:85C0 | TEST RAX,RAX | 00007FF7D1703F4E | 75 1A | JNE otwd-win64-shipping.7FF7D1703F6A | 00007FF7D1703F50 | 48:8D15 A9623B01 | LEA RDX,QWORD PTR DS:[7FF7D2ABA200] | 00007FF7D1703F57 | 48:8D0D A2083302 | LEA RCX,QWORD PTR DS:[7FF7D3A34800] | 00007FF7D1703F5E | E8 6D6BB0FE | CALL otwd-win64-shipping.7FF7D020AAD0 | 00007FF7D1703F63 | 48:8B05 96083302 | MOV RAX,QWORD PTR DS:[7FF7D3A34800] | <-- this is his pointer 00007FF7D1703F6A | 48:83C4 28 | ADD RSP,28 | 00007FF7D1703F6E | C3 | RET |
I was using the first released CODEX version, but I got the latest version now Just for fun. Let's see..
Also letting you know the script won't work on any updates, unless he uses AOBs to find the hardcoded locations he's using.