Plenty of room for improvement. However, this was more than good enough for me. Some are overkill.
Features:
Unlimited flask usage
No currency deduction
Currency pointer in Ark (only accurate when in ark)
Currency pointer in expedition
No hit damage (Still get hit affects but health is always max)
Code: Select all
<?xml version="1.0" encoding="utf-8"?>
<CheatTable CheatEngineTableVersion="45">
<CheatEntries>
<CheatEntry>
<ID>109</ID>
<Description>"Global"</Description>
<Color>00FF00</Color>
<GroupHeader>1</GroupHeader>
<CheatEntries>
<CheatEntry>
<ID>11</ID>
<Description>"Unlimited Flask usage"</Description>
<Color>FFFF00</Color>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>[ENABLE]
aobscanmodule(FlaskPtr,GameAssembly.dll,FF 4C 8B 74 24 58 44 3A F8 4C 8B 7C 24 60 88 06 74 25 48 85 FF) // should be unique
FlaskPtr+0E:
nop 2
registersymbol(FlaskPtr)
[DISABLE]
FlaskPtr+0E:
db 88 06
unregistersymbol(*)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+1D6EBDB
GameAssembly.dll+1D6EBB3 - 83 B9 E0000000 00 - cmp dword ptr [rcx+000000E0],00
GameAssembly.dll+1D6EBBA - 75 05 - jne GameAssembly.dll+1D6EBC1
GameAssembly.dll+1D6EBBC - E8 5FB467FE - call GameAssembly.il2cpp_runtime_class_init
GameAssembly.dll+1D6EBC1 - 45 33 C0 - xor r8d,r8d
GameAssembly.dll+1D6EBC4 - 8B D5 - mov edx,ebp
GameAssembly.dll+1D6EBC6 - 41 8B CE - mov ecx,r14d
GameAssembly.dll+1D6EBC9 - E8 125FD3FF - call System.Math.Min
GameAssembly.dll+1D6EBCE - 4C 8B 74 24 58 - mov r14,[rsp+58]
GameAssembly.dll+1D6EBD3 - 44 3A F8 - cmp r15b,al
GameAssembly.dll+1D6EBD6 - 4C 8B 7C 24 60 - mov r15,[rsp+60]
// ---------- INJECTING HERE ----------
GameAssembly.dll+1D6EBDB - 88 06 - mov [rsi],al
// ---------- DONE INJECTING ----------
GameAssembly.dll+1D6EBDD - 74 25 - je GameAssembly.dll+1D6EC04
GameAssembly.dll+1D6EBDF - 48 85 FF - test rdi,rdi
GameAssembly.dll+1D6EBE2 - 74 5B - je GameAssembly.dll+1D6EC3F
GameAssembly.dll+1D6EBE4 - 48 8D 8F B8010000 - lea rcx,[rdi+000001B8]
GameAssembly.dll+1D6EBEB - 48 C7 44 24 20 00000000 - mov qword ptr [rsp+20],00000000
GameAssembly.dll+1D6EBF4 - 44 0FB6 CD - movzx r9d,bpl
GameAssembly.dll+1D6EBF8 - 44 0FB6 C0 - movzx r8d,al
GameAssembly.dll+1D6EBFC - 48 8B D3 - mov rdx,rbx
GameAssembly.dll+1D6EBFF - E8 CC890900 - call FrameEvents.PlayerConsumableHealFlasksUpdated
GameAssembly.dll+1D6EC04 - 48 8B 6C 24 50 - mov rbp,[rsp+50]
}
</AssemblerScript>
</CheatEntry>
<CheatEntry>
<ID>10</ID>
<Description>"No currency deduction"</Description>
<Options moActivateChildrenAsWell="1" moDeactivateChildrenAsWell="1"/>
<Color>FFFF00</Color>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>[ENABLE]
// currency in ark
aobscanmodule(CurrencyCharge,GameAssembly.dll,89 54 81 20 4D 85 F6) // should be unique
CurrencyCharge:
// mov [rcx+rax*4+20],edx
mov edx,[rcx+rax*4+20]
registersymbol(CurrencyCharge)
// currency in expedition
aobscanmodule(RemoveShells,GameAssembly.dll,66 29 7B 04 48 85 F6) // should be unique
RemoveShells:
nop 4
registersymbol(RemoveShells)
[DISABLE]
CurrencyCharge:
db 89 54 81 20
RemoveShells:
db 66 29 7B 04
unregistersymbol(*)
{ // Currency used in ark
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+1DC67D8
GameAssembly.dll+1DC67AD - 41 0FB6 C8 - movzx ecx,r8b
GameAssembly.dll+1DC67B1 - 3B 4A 18 - cmp ecx,[rdx+18]
GameAssembly.dll+1DC67B4 - 73 7D - jae GameAssembly.dll+1DC6833
GameAssembly.dll+1DC67B6 - 8B 54 8A 20 - mov edx,[rdx+rcx*4+20]
GameAssembly.dll+1DC67BA - 49 8B C0 - mov rax,r8
GameAssembly.dll+1DC67BD - 48 C1 E8 20 - shr rax,20
GameAssembly.dll+1DC67C1 - 2B D0 - sub edx,eax
GameAssembly.dll+1DC67C3 - 41 0F44 D7 - cmove edx,r15d
GameAssembly.dll+1DC67C7 - 48 8B 4D 18 - mov rcx,[rbp+18]
GameAssembly.dll+1DC67CB - 41 0FB6 C0 - movzx eax,r8b
GameAssembly.dll+1DC67CF - 44 8B 54 81 20 - mov r10d,[rcx+rax*4+20]
GameAssembly.dll+1DC67D4 - 41 0FB6 C0 - movzx eax,r8b
// ---------- INJECTING HERE ----------
GameAssembly.dll+1DC67D8 - 89 54 81 20 - mov [rcx+rax*4+20],edx
// ---------- DONE INJECTING ----------
GameAssembly.dll+1DC67DC - 4D 85 F6 - test r14,r14
GameAssembly.dll+1DC67DF - 74 58 - je GameAssembly.dll+1DC6839
GameAssembly.dll+1DC67E1 - 4C 8B 4D 18 - mov r9,[rbp+18]
GameAssembly.dll+1DC67E5 - 4D 85 C9 - test r9,r9
GameAssembly.dll+1DC67E8 - 74 4F - je GameAssembly.dll+1DC6839
GameAssembly.dll+1DC67EA - 41 0FB6 C0 - movzx eax,r8b
GameAssembly.dll+1DC67EE - 41 3B 41 18 - cmp eax,[r9+18]
GameAssembly.dll+1DC67F2 - 73 3F - jae GameAssembly.dll+1DC6833
GameAssembly.dll+1DC67F4 - 45 8B 4C 81 20 - mov r9d,[r9+rax*4+20]
GameAssembly.dll+1DC67F9 - 49 8D 8E B8010000 - lea rcx,[r14+000001B8]
}
{ // currency used in expedition (only shells used here)
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+1D8212F
GameAssembly.dll+1D820F8 - E8 130869FE - call GameAssembly.dll+412910
GameAssembly.dll+1D820FD - 48 8D 0D 64C2C101 - lea rcx,[GameAssembly.dll+399E368]
GameAssembly.dll+1D82104 - E8 070869FE - call GameAssembly.dll+412910
GameAssembly.dll+1D82109 - C6 05 A2CEE201 01 - mov byte ptr [GameAssembly.dll+3BAEFB2],01
GameAssembly.dll+1D82110 - 48 8B 0D 71F2C001 - mov rcx,[GameAssembly.dll+3991388]
GameAssembly.dll+1D82117 - 83 B9 E0000000 00 - cmp dword ptr [rcx+000000E0],00
GameAssembly.dll+1D8211E - 75 05 - jne GameAssembly.dll+1D82125
GameAssembly.dll+1D82120 - E8 FB7E66FE - call GameAssembly.il2cpp_runtime_class_init
GameAssembly.dll+1D82125 - 66 39 7B 04 - cmp [rbx+04],di
GameAssembly.dll+1D82129 - 0F82 69010000 - jb GameAssembly.dll+1D82298
// ---------- INJECTING HERE ----------
GameAssembly.dll+1D8212F - 66 29 7B 04 - sub [rbx+04],di
// ---------- DONE INJECTING ----------
GameAssembly.dll+1D82133 - 48 85 F6 - test rsi,rsi
GameAssembly.dll+1D82136 - 0F84 BE010000 - je GameAssembly.dll+1D822FA
GameAssembly.dll+1D8213C - 4C 8B 05 9572C101 - mov r8,[GameAssembly.dll+39993D8]
GameAssembly.dll+1D82143 - 48 8D 4C 24 50 - lea rcx,[rsp+50]
GameAssembly.dll+1D82148 - 48 8B D6 - mov rdx,rsi
GameAssembly.dll+1D8214B - E8 B02DC3FE - call GameAssembly.dll+9B4F00
GameAssembly.dll+1D82150 - 48 8D 94 24 20020000 - lea rdx,[rsp+00000220]
GameAssembly.dll+1D82158 - B9 03000000 - mov ecx,00000003
GameAssembly.dll+1D8215D - 48 8D 44 24 50 - lea rax,[rsp+50]
GameAssembly.dll+1D82162 - 48 8D 92 80000000 - lea rdx,[rdx+00000080]
}
</AssemblerScript>
</CheatEntry>
<CheatEntry>
<ID>12</ID>
<Description>"Get health ptr"</Description>
<Options moHideChildren="1" moActivateChildrenAsWell="1" moDeactivateChildrenAsWell="1"/>
<Color>00FF00</Color>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>[ENABLE]
aobscanmodule(GetHealthPtr,GameAssembly.dll,F3 0F 10 87 F8 01 00 00 F3 0F 5E 87 FC 01 00 00 0F 2F F8 0F) // should be unique
alloc(newmem,$1000,GetHealthPtr)
label(code return HealthPtr)
registersymbol(HealthPtr)
newmem:
mov [HealthPtr],rdi
code:
movss xmm0,[rdi+000001F8]
jmp return
HealthPtr:
dq 0
GetHealthPtr:
jmp newmem
nop 3
return:
registersymbol(GetHealthPtr)
[DISABLE]
GetHealthPtr:
db F3 0F 10 87 F8 01 00 00
unregistersymbol(*)
dealloc(*)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+5AEB7A
GameAssembly.dll+5B83CC - 0F2E C7 - ucomiss xmm0,xmm7
GameAssembly.dll+5B83CF - 7A 07 - jp GameAssembly.dll+5B83D8
GameAssembly.dll+5B83D1 - 75 05 - jne GameAssembly.dll+5B83D8
GameAssembly.dll+5B83D3 - 0F57 C0 - xorps xmm0,xmm0
GameAssembly.dll+5B83D6 - EB 10 - jmp GameAssembly.dll+5B83E8
// ---------- INJECTING HERE ----------
GameAssembly.dll+5B83D8 - F3 0F10 87 F8010000 - movss xmm0,[rdi+000001F8]
// ---------- DONE INJECTING ----------
GameAssembly.dll+5B83E0 - F3 0F5E 87 FC010000 - divss xmm0,[rdi+000001FC]
GameAssembly.dll+5B83E8 - 0F2F F8 - comiss xmm7,xmm0
GameAssembly.dll+5B83EB - 0F83 15020000 - jae GameAssembly.dll+5B8606
GameAssembly.dll+5B83F1 - 80 BF 54030000 00 - cmp byte ptr [rdi+00000354],00
GameAssembly.dll+5B83F8 - 0F86 08020000 - jbe GameAssembly.dll+5B8606
GameAssembly.dll+5B83FE - 80 7F 58 00 - cmp byte ptr [rdi+58],00
}
</AssemblerScript>
<CheatEntries>
<CheatEntry>
<ID>17</ID>
<Description>"HealthPtr"</Description>
<Options moHideChildren="1" moDeactivateChildrenAsWell="1"/>
<ShowAsSigned>0</ShowAsSigned>
<Color>FF80FF</Color>
<GroupHeader>1</GroupHeader>
<Address>HealthPtr</Address>
<Offsets>
<Offset>0</Offset>
</Offsets>
<CheatEntries>
<CheatEntry>
<ID>15</ID>
<Description>"Current Health"</Description>
<ShowAsSigned>0</ShowAsSigned>
<VariableType>Float</VariableType>
<Address>+1f8</Address>
</CheatEntry>
<CheatEntry>
<ID>16</ID>
<Description>"Max Health"</Description>
<ShowAsSigned>0</ShowAsSigned>
<VariableType>Float</VariableType>
<Address>+1FC</Address>
</CheatEntry>
</CheatEntries>
</CheatEntry>
</CheatEntries>
</CheatEntry>
</CheatEntries>
</CheatEntry>
<CheatEntry>
<ID>83</ID>
<Description>"Location - Ark"</Description>
<Color>00FF00</Color>
<GroupHeader>1</GroupHeader>
<CheatEntries>
<CheatEntry>
<ID>107</ID>
<Description>"Get/Update base currency ptr (will turn itself off when address retrieved)"</Description>
<Options moActivateChildrenAsWell="1" moDeactivateChildrenAsWell="1"/>
<Color>00FFFF</Color>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>[ENABLE]
// originally used F3 0F ?? 0A F3 ?? 0F 6F ?? 02 then did +4 but the one below worked as well
aobscanmodule(GetArkCurrency,GameAssembly.dll,F3 ?? 0F 6F ?? 02 ?? F3) // should be unique
alloc(newmem,$100,GetArkCurrency)
label(code return ArkCurrencyPtr)
registersymbol(ArkCurrencyPtr code)
{$lua}
if syntaxcheck then return end
if not scriptTimers then scriptTimers = {} end
if scriptTimers[memrec.ID] then
scriptTimers[memrec.ID].Destroy()
scriptTimers[memrec.ID] = nil
end
local al = getAddressList()
local mr = al.getMemoryRecordByDescription('ArkCurrencyPtr')
if mr ~= nil then
mr.Address = 'UndefinedAddr'
mr.Active = false
end
scriptTimers[memrec.ID] = createTimer()
local tPtr = scriptTimers[memrec.ID]
tPtr.Interval = 250
tPtr.OnTimer = function(WaitForArkCurrencyPtrUpdate)
if readQword(getAddress('ArkCurrencyPtr')) ~= 0 then
local al = getAddressList()
local mr = al.getMemoryRecordByDescription('ArkCurrencyPtr')
if mr ~= nil then
mr.Address = string.format("%X",readQword(getAddress('ArkCurrencyPtr')))
mr.Active = true
else
print('Unable to find cheat entry with description "ArkCurrencyPtr"')
end
tPtr.Enabled = false
tPtr.Destroy()
scriptTimers[memrec.ID] = nil
memrec.Active = false
end
end
{$asm}
// rdx can point to multiple currency addresses. Only 1 is editable
newmem:
push rbx
push rcx
mov ebx,[rdx]
mov ecx, ebx
add ecx, 1
mov [rdx], ecx
cmp ecx, [rdx]
mov [rdx], ebx
pop rcx
pop rbx
jne code
mov [ArkCurrencyPtr], rdx
code:
readmem(GetArkCurrency,7)
jmp return
ArkCurrencyPtr:
dq 0
GetArkCurrency:
jmp newmem
nop 2
return:
registersymbol(GetArkCurrency)
[DISABLE]
{$lua}
if scriptTimers then
if scriptTimers[memrec.ID] then
scriptTimers[memrec.ID].Destroy()
scriptTimers[memrec.ID] = nil
end
end
{$asm}
GetArkCurrency:
readmem(code,7)
unregistersymbol(*)
dealloc(*)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+461DAA
GameAssembly.dll+461DA0 - 49 83 F8 20 - cmp r8,20
GameAssembly.dll+461DA4 - 77 17 - ja GameAssembly.dll+461DBD
GameAssembly.dll+461DA6 - F3 0F6F 0A - movdqu xmm1,[rdx]
// ---------- INJECTING HERE ----------
GameAssembly.dll+461DAA - F3 42 0F6F 54 02 F0 - movdqu xmm2,[rdx+r8-10]
// ---------- DONE INJECTING ----------
GameAssembly.dll+461DB1 - F3 0F7F 09 - movdqu [rcx],xmm1
GameAssembly.dll+461DB5 - F3 42 0F7F 54 01 F0 - movdqu [rcx+r8-10],xmm2
GameAssembly.dll+461DBC - C3 - ret
GameAssembly.dll+461DBD - 4E 8D 0C 02 - lea r9,[rdx+r8]
GameAssembly.dll+461DC1 - 48 3B CA - cmp rcx,rdx
GameAssembly.dll+461DC4 - 4C 0F46 C9 - cmovbe r9,rcx
GameAssembly.dll+461DC8 - 49 3B C9 - cmp rcx,r9
}
</AssemblerScript>
</CheatEntry>
<CheatEntry>
<ID>91</ID>
<Description>"ArkCurrencyPtr"</Description>
<Options moHideChildren="1" moDeactivateChildrenAsWell="1"/>
<ShowAsSigned>0</ShowAsSigned>
<Color>FF80FF</Color>
<GroupHeader>1</GroupHeader>
<Address>DC4259E528</Address>
<CheatEntries>
<CheatEntry>
<ID>92</ID>
<Description>"Cogs"</Description>
<ShowAsSigned>0</ShowAsSigned>
<VariableType>4 Bytes</VariableType>
<Address>+0*4</Address>
</CheatEntry>
<CheatEntry>
<ID>93</ID>
<Description>"Memonite Dust"</Description>
<ShowAsSigned>0</ShowAsSigned>
<VariableType>4 Bytes</VariableType>
<Address>+1*4</Address>
</CheatEntry>
<CheatEntry>
<ID>94</ID>
<Description>"Memonite Shards"</Description>
<ShowAsSigned>0</ShowAsSigned>
<VariableType>4 Bytes</VariableType>
<Address>+2*4</Address>
</CheatEntry>
<CheatEntry>
<ID>95</ID>
<Description>"Memonite Fragments"</Description>
<ShowAsSigned>0</ShowAsSigned>
<VariableType>4 Bytes</VariableType>
<Address>+3*4</Address>
</CheatEntry>
</CheatEntries>
</CheatEntry>
</CheatEntries>
</CheatEntry>
<CheatEntry>
<ID>84</ID>
<Description>"Location - Vortex (Expedition)"</Description>
<Color>00FF00</Color>
<GroupHeader>1</GroupHeader>
<CheatEntries>
<CheatEntry>
<ID>108</ID>
<Description>"No hit damage (Still get hit affects but health is always max)"</Description>
<Color>FFFF00</Color>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>[ENABLE]
aobscanmodule(UpdateHealthAfterHit,GameAssembly.dll, 0F 2E C8 F3 0F 11 87 F8 01 00 00) // should be unique
UpdateHealthAfterHit:
ucomiss xmm1,xmm1
movss [rdi+000001F8],xmm1
registersymbol(UpdateHealthAfterHit)
// 2nd pointer for player health
aobscanmodule(Hittable_HealthState,GameAssembly.dll, 48 83 79 40 00 48 8B D1) // should be unique
alloc(newmem2,$100,Hittable_HealthState)
label(code2 return2)
newmem2:
push rbx
mov rbx,[rcx+68]
mov [rcx+48], rbx
pop rbx
code2:
cmp qword ptr [rcx+40],00
jmp return2
Hittable_HealthState:
jmp newmem2
return2:
registersymbol(Hittable_HealthState)
[DISABLE]
UpdateHealthAfterHit:
db 0F 2E C8 F3 0F 11 87 F8 01 00 00
Hittable_HealthState:
db 48 83 79 40 00
unregistersymbol(*)
dealloc(*)
{ // for CharacterView.OnCharacterReceiveDamage
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+5AEB77
GameAssembly.dll+5AEB47 - 48 8B D0 - mov rdx,rax
GameAssembly.dll+5AEB4A - 48 8B CB - mov rcx,rbx
GameAssembly.dll+5AEB4D - E8 0E915101 - call GameAssembly.dll+1AC7C60
GameAssembly.dll+5AEB52 - 84 C0 - test al,al
GameAssembly.dll+5AEB54 - 0F85 C5050000 - jne GameAssembly.dll+5AF11F
GameAssembly.dll+5AEB5A - F3 0F10 8F F8010000 - movss xmm1,[rdi+000001F8]
GameAssembly.dll+5AEB62 - 0F57 C0 - xorps xmm0,xmm0
GameAssembly.dll+5AEB65 - F3 48 0F2A 46 48 - cvtsi2ss xmm0,[rsi+48]
GameAssembly.dll+5AEB6B - F3 0F10 35 85BF7C02 - movss xmm6,[GameAssembly.dll+2D7AAF8]
GameAssembly.dll+5AEB73 - F3 0F59 C6 - mulss xmm0,xmm6
// ---------- INJECTING HERE ----------
GameAssembly.dll+5AEB77 - 0F2E C8 - ucomiss xmm1,xmm0
GameAssembly.dll+5AEB7A - F3 0F11 87 F8010000 - movss [rdi+000001F8],xmm0
// ---------- DONE INJECTING ----------
GameAssembly.dll+5AEB82 - 7A 02 - jp GameAssembly.dll+5AEB86
GameAssembly.dll+5AEB84 - 74 16 - je GameAssembly.dll+5AEB9C
GameAssembly.dll+5AEB86 - 48 8B 07 - mov rax,[rdi]
GameAssembly.dll+5AEB89 - 45 33 C0 - xor r8d,r8d
GameAssembly.dll+5AEB8C - 48 8B CF - mov rcx,rdi
GameAssembly.dll+5AEB8F - 4C 8B 88 60030000 - mov r9,[rax+00000360]
GameAssembly.dll+5AEB96 - FF 90 58030000 - call qword ptr [rax+00000358]
GameAssembly.dll+5AEB9C - F3 0F10 8F 00020000 - movss xmm1,[rdi+00000200]
GameAssembly.dll+5AEBA4 - 0F57 C0 - xorps xmm0,xmm0
}
{ // for Quantum.Hittable.get_HealthState
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+1D5D730
GameAssembly.dll+1D5D725 - C3 - ret
GameAssembly.dll+1D5D726 - 33 C0 - xor eax,eax
GameAssembly.dll+1D5D728 - C3 - ret
GameAssembly.dll+1D5D729 - CC - int 3
GameAssembly.dll+1D5D72A - CC - int 3
GameAssembly.dll+1D5D72B - CC - int 3
GameAssembly.dll+1D5D72C - CC - int 3
GameAssembly.dll+1D5D72D - CC - int 3
GameAssembly.dll+1D5D72E - CC - int 3
GameAssembly.dll+1D5D72F - CC - int 3
// ---------- INJECTING HERE ----------
GameAssembly.dll+1D5D730 - 48 83 79 40 00 - cmp qword ptr [rcx+40],00
// ---------- DONE INJECTING ----------
GameAssembly.dll+1D5D735 - 48 8B D1 - mov rdx,rcx
GameAssembly.dll+1D5D738 - 74 0A - je GameAssembly.dll+1D5D744
GameAssembly.dll+1D5D73A - 48 83 79 48 00 - cmp qword ptr [rcx+48],00
GameAssembly.dll+1D5D73F - 7F 03 - jg GameAssembly.dll+1D5D744
GameAssembly.dll+1D5D741 - B0 01 - mov al,01
GameAssembly.dll+1D5D743 - C3 - ret
GameAssembly.dll+1D5D744 - 48 8B 49 68 - mov rcx,[rcx+68]
GameAssembly.dll+1D5D748 - B8 04000000 - mov eax,00000004
GameAssembly.dll+1D5D74D - 48 39 4A 48 - cmp [rdx+48],rcx
GameAssembly.dll+1D5D751 - 41 B8 02000000 - mov r8d,00000002
}
</AssemblerScript>
</CheatEntry>
<CheatEntry>
<ID>97</ID>
<Description>"Get base currency ptr (includes shells)"</Description>
<Options moHideChildren="1" moActivateChildrenAsWell="1" moDeactivateChildrenAsWell="1"/>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>[ENABLE]
alloc(ExpedBaseAddr,8)
registersymbol(ExpedBaseAddr)
ExpedBaseAddr:
dq 0
// found that base expedition ptr that can easily be found is via this address
// Could have gone further back but this seemed to be simplest aobscan match wiht value I am looking for
// currency base would be [[[ExpedBaseAddr + 58] + 522*8 + 18] + 8] + 2E8
aobscanmodule(GetExpedAddr,GameAssembly.dll, F2 0F 11 8E A8 00 00 00 4C) // should be unique
alloc(newmem,$100,GetExpedAddr)
label(code return)
newmem:
mov [ExpedBaseAddr],rcx
code:
movsd [rsi+0xA8],xmm1
jmp return
GetExpedAddr:
jmp newmem
nop 3
return:
registersymbol(GetExpedAddr)
[DISABLE]
GetExpedAddr:
db F2 0F 11 8E A8 00 00 00
unregistersymbol(*)
dealloc(*)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+1D7B7C1
GameAssembly.dll+1D7B78E - 49 C1 F8 10 - sar r8,10
GameAssembly.dll+1D7B792 - 4C 01 44 24 48 - add [rsp+48],r8
GameAssembly.dll+1D7B797 - 48 89 4C 24 40 - mov [rsp+40],rcx
GameAssembly.dll+1D7B79C - 0F28 44 24 40 - movaps xmm0,[rsp+40]
GameAssembly.dll+1D7B7A1 - 48 C1 FA 10 - sar rdx,10
GameAssembly.dll+1D7B7A5 - 48 01 54 24 50 - add [rsp+50],rdx
GameAssembly.dll+1D7B7AA - F2 0F10 4C 24 50 - movsd xmm1,[rsp+50]
GameAssembly.dll+1D7B7B0 - 0F11 86 98000000 - movups [rsi+00000098],xmm0
GameAssembly.dll+1D7B7B7 - 4C 8D 85 40020000 - lea r8,[rbp+00000240]
GameAssembly.dll+1D7B7BE - 48 8B CB - mov rcx,rbx
// ---------- INJECTING HERE ----------
GameAssembly.dll+1D7B7C1 - F2 0F11 8E A8000000 - movsd [rsi+000000A8],xmm1
// ---------- DONE INJECTING ----------
GameAssembly.dll+1D7B7C9 - 4C 8B 0D A041C301 - mov r9,[GameAssembly.dll+39AF970]
GameAssembly.dll+1D7B7D0 - 48 8B 56 28 - mov rdx,[rsi+28]
GameAssembly.dll+1D7B7D4 - E8 C73EC4FE - call GameAssembly.dll+9BF6A0
GameAssembly.dll+1D7B7D9 - 84 C0 - test al,al
GameAssembly.dll+1D7B7DB - 74 2E - je GameAssembly.dll+1D7B80B
GameAssembly.dll+1D7B7DD - 48 8B 85 40020000 - mov rax,[rbp+00000240]
GameAssembly.dll+1D7B7E4 - 48 C1 E8 10 - shr rax,10
GameAssembly.dll+1D7B7E8 - A8 02 - test al,02
GameAssembly.dll+1D7B7EA - 74 1F - je GameAssembly.dll+1D7B80B
GameAssembly.dll+1D7B7EC - 33 D2 - xor edx,edx
}
</AssemblerScript>
<CheatEntries>
<CheatEntry>
<ID>98</ID>
<Description>"Expedition_basePtr"</Description>
<Options moHideChildren="1" moActivateChildrenAsWell="1" moDeactivateChildrenAsWell="1"/>
<ShowAsSigned>0</ShowAsSigned>
<Color>FF80FF</Color>
<GroupHeader>1</GroupHeader>
<Address>ExpedBaseAddr</Address>
<Offsets>
<Offset>0</Offset>
</Offsets>
<CheatEntries>
<CheatEntry>
<ID>105</ID>
<Description>"Currency_Base"</Description>
<Options moHideChildren="1" moDeactivateChildrenAsWell="1"/>
<ShowAsSigned>0</ShowAsSigned>
<GroupHeader>1</GroupHeader>
<Address>+58</Address>
<Offsets>
<Offset>2E8</Offset>
<Offset>8</Offset>
<Offset>522*8 + 18</Offset>
</Offsets>
<CheatEntries>
<CheatEntry>
<ID>99</ID>
<Description>"Shells"</Description>
<ShowAsSigned>0</ShowAsSigned>
<VariableType>4 Bytes</VariableType>
<Address>+4</Address>
</CheatEntry>
<CheatEntry>
<ID>100</ID>
<Description>"Cogs"</Description>
<ShowAsSigned>0</ShowAsSigned>
<VariableType>4 Bytes</VariableType>
<Address>+2b4</Address>
</CheatEntry>
<CheatEntry>
<ID>101</ID>
<Description>"Memonite Dust"</Description>
<ShowAsSigned>0</ShowAsSigned>
<VariableType>4 Bytes</VariableType>
<Address>+2b8</Address>
</CheatEntry>
<CheatEntry>
<ID>102</ID>
<Description>"Memonite Shards"</Description>
<ShowAsSigned>0</ShowAsSigned>
<VariableType>4 Bytes</VariableType>
<Address>+2bC</Address>
</CheatEntry>
<CheatEntry>
<ID>103</ID>
<Description>"Memonite Fragments"</Description>
<ShowAsSigned>0</ShowAsSigned>
<VariableType>4 Bytes</VariableType>
<Address>+2C0</Address>
</CheatEntry>
</CheatEntries>
</CheatEntry>
</CheatEntries>
</CheatEntry>
</CheatEntries>
</CheatEntry>
</CheatEntries>
</CheatEntry>
</CheatEntries>
<UserdefinedSymbols/>
</CheatTable>
How to use this cheat table?
- Install Cheat Engine
- Double-click the .CT file in order to open it.
- Click the PC icon in Cheat Engine in order to select the game process.
- Keep the list.
- Activate the trainer options by checking boxes or setting values from 0 to 1