@
Cielos: The easiest way I found to avoid all your item/bullets/crap problem is to kill the thread_check inside the decrement function. Basically re-route it and do something like this: if amount to be written > current amount, write; else, skip
Will post the script in a bit. Not sure if any other game calculation passes through that; might also make it so items that normally are discarded from inventory will still remain there on use.
L.E.1:
Code: Select all
/*
Game : Resident Evil 2
Version : Steam
Date : 2019-01-28
Author : SunBeam
The script will increase the amount of shit you collect, but won't decrease
that same amount if you fire, use, bla, bla; some items scripted to vanish
from your inventory will still be there; item dupe everyone?! :)
*/
[ENABLE]
aobscanmodule( HijackThreadCheck, re2.exe, 488379??0075??39D80F4CD84885F674??488B46104885C075 )
registersymbol( HijackThreadCheck )
label( HijackThreadCheck_o )
registersymbol( HijackThreadCheck_o )
alloc( Hook, 0x1000, re2.exe )
// ^ this allocation is supposed to occur close to the game process; if the game
// crashes when you enable the script, it's possible CE allocated the cave far
// off in memory; meaning the distance between the hook and the cave exceeds the
// calculated length of a 5-bytes JMP (CE will compile a 14-bytes JMP); now you
// know...
Hook:
// ebx == calculated
// eax == max
// rax = [rsi+10] -> [rax+20] == current (should be calculated+1)
push rcx // store rcx
mov rcx,[rsi+10] // get item
cmp [rcx+20],ebx // check current ammount vs. calculated one
pop rcx // restore rcx
jl short HijackThreadCheck_o // if current < calculated, add
jmp HijackThreadCheck+3B // else, exit
HijackThreadCheck_o:
readmem( HijackThreadCheck, 5 ) // read here the original code
jmp HijackThreadCheck+5 // JMP back
HijackThreadCheck:
jmp Hook
[DISABLE]
HijackThreadCheck:
readmem( HijackThreadCheck_o, 5 )
dealloc( Hook )
unregistersymbol( HijackThreadCheck_o )
unregistersymbol( HijackThreadCheck )
{
// ORIGINAL CODE - INJECTION POINT: "re2.exe"+B8BC602
"re2.exe"+B8BC5DE: 44 89 C3 - mov ebx,r8d
"re2.exe"+B8BC5E1: 48 89 CF - mov rdi,rcx
"re2.exe"+B8BC5E4: 48 83 78 18 00 - cmp qword ptr [rax+18],00
"re2.exe"+B8BC5E9: 75 57 - jne re2.exe+B8BC642
"re2.exe"+B8BC5EB: 48 89 74 24 30 - mov [rsp+30],rsi
"re2.exe"+B8BC5F0: 48 8B 72 18 - mov rsi,[rdx+18]
"re2.exe"+B8BC5F4: 48 85 F6 - test rsi,rsi
"re2.exe"+B8BC5F7: 74 44 - je re2.exe+B8BC63D
"re2.exe"+B8BC5F9: E8 42 CA 58 F5 - call re2.exe+E49040
"re2.exe"+B8BC5FE: 48 8B 4F 50 - mov rcx,[rdi+50]
// ---------- INJECTING HERE ----------
"re2.exe"+B8BC602: 48 83 79 18 00 - cmp qword ptr [rcx+18],00
// ---------- DONE INJECTING ----------
"re2.exe"+B8BC607: 75 34 - jne re2.exe+B8BC63D
"re2.exe"+B8BC609: 39 D8 - cmp eax,ebx
"re2.exe"+B8BC60B: 0F 4C D8 - cmovl ebx,eax
"re2.exe"+B8BC60E: 48 85 F6 - test rsi,rsi
"re2.exe"+B8BC611: 74 09 - je re2.exe+B8BC61C
"re2.exe"+B8BC613: 48 8B 46 10 - mov rax,[rsi+10]
"re2.exe"+B8BC617: 48 85 C0 - test rax,rax
"re2.exe"+B8BC61A: 75 1E - jne re2.exe+B8BC63A
"re2.exe"+B8BC61C: 45 31 C0 - xor r8d,r8d
"re2.exe"+B8BC61F: 48 89 F9 - mov rcx,rdi
}
Oh.. and you can replace calculated with max, if you want. Instead of exiting, like I force it to, you can just update
0x20 with max
You do the ASM.