Alien shooter 2 the legend

[SunBeam]

Another thing I noticed is while the firing routine is shared, the reload routine is different So:

AI - reload:

Code: Select all

AlienShooter.exe+78582 - C7 80 A8000000 FFFFFFFF - mov [eax+000000A8],FFFFFFFF
AlienShooter.exe+7858C - 8B 4F 04              - mov ecx,[edi+04]
AlienShooter.exe+7858F - 8B 41 24              - mov eax,[ecx+24]
AlienShooter.exe+78592 - 8B 40 2C              - mov eax,[eax+2C]
AlienShooter.exe+78595 - EB 03                 - jmp AlienShooter.exe+7859A
AlienShooter.exe+78597 - 8B 42 30              - mov eax,[edx+30]
AlienShooter.exe+7859A - 05 B8820100           - add eax,000182B8
AlienShooter.exe+7859F - 89 47 4C              - mov [edi+4C],eax

Player - reload:

Code: Select all

AlienShooter.exe+6F886 - C7 80 A8000000 FFFFFFFF - mov [eax+000000A8],FFFFFFFF
AlienShooter.exe+6F890 - 8B 47 04              - mov eax,[edi+04]
AlienShooter.exe+6F893 - 8B 40 24              - mov eax,[eax+24]
AlienShooter.exe+6F896 - 8B 40 2C              - mov eax,[eax+2C]
AlienShooter.exe+6F899 - 05 B8820100           - add eax,000182B8
AlienShooter.exe+6F89E - 89 47 4C              - mov [edi+4C],eax
AlienShooter.exe+6F8A1 - E9 70100000           - jmp AlienShooter.exe+70916

You can test this in Mission 23.

So a rough Instant Reload + Fast Fire would be the script below:

Code: Select all

{ Game   : AlienShooter.exe
  Version:
  Date   : 2020-01-29
  Author : SunBeam
}

[ENABLE]

aobscanmodule( hk_Reload, AlienShooter.exe, 8B47??8B40??8B40??05 )
registersymbol( hk_Reload )
label( hk_Reload_o )
registersymbol( hk_Reload_o )

alloc( Hook, 0x1000, AlienShooter.exe )

Hook:
mov eax,[edi+4]
mov eax,[eax+24]
mov [eax+2C],0
mov [eax+30],10
hk_Reload_o:
readmem( hk_Reload, 6 )
jmp hk_Reload+6

hk_Reload:
jmp Hook
nop

[DISABLE]

hk_Reload:
readmem( hk_Reload_o, 6 )

dealloc(Hook)
unregistersymbol( hk_Reload_o )
unregistersymbol( hk_Reload )

{
// ORIGINAL CODE - INJECTION POINT: "AlienShooter.exe"+6F890

"AlienShooter.exe"+6F861: E9 B0 10 00 00                 -  jmp AlienShooter.exe+70916
"AlienShooter.exe"+6F866: 8B 47 14                       -  mov eax,[edi+14]
"AlienShooter.exe"+6F869: 85 C0                          -  test eax,eax
"AlienShooter.exe"+6F86B: 0F 84 A5 10 00 00              -  je AlienShooter.exe+70916
"AlienShooter.exe"+6F871: 8B 4F 04                       -  mov ecx,[edi+04]
"AlienShooter.exe"+6F874: 85 C9                          -  test ecx,ecx
"AlienShooter.exe"+6F876: 0F 84 9A 10 00 00              -  je AlienShooter.exe+70916
"AlienShooter.exe"+6F87C: 83 79 24 00                    -  cmp dword ptr [ecx+24],00
"AlienShooter.exe"+6F880: 0F 84 90 10 00 00              -  je AlienShooter.exe+70916
"AlienShooter.exe"+6F886: C7 80 A8 00 00 00 FF FF FF FF  -  mov [eax+000000A8],FFFFFFFF
// ---------- INJECTING HERE ----------
"AlienShooter.exe"+6F890: 8B 47 04                       -  mov eax,[edi+04]
"AlienShooter.exe"+6F893: 8B 40 24                       -  mov eax,[eax+24]
// ---------- DONE INJECTING  ----------
"AlienShooter.exe"+6F896: 8B 40 2C                       -  mov eax,[eax+2C]
"AlienShooter.exe"+6F899: 05 B8 82 01 00                 -  add eax,000182B8
"AlienShooter.exe"+6F89E: 89 47 4C                       -  mov [edi+4C],eax
"AlienShooter.exe"+6F8A1: E9 70 10 00 00                 -  jmp AlienShooter.exe+70916
"AlienShooter.exe"+6F8A6: 8B 47 24                       -  mov eax,[edi+24]
"AlienShooter.exe"+6F8A9: E9 6A 10 00 00                 -  jmp AlienShooter.exe+70918
"AlienShooter.exe"+6F8AE: 8B 43 0C                       -  mov eax,[ebx+0C]
"AlienShooter.exe"+6F8B1: C1 E0 04                       -  shl eax,04
"AlienShooter.exe"+6F8B4: 33 87 88 00 00 00              -  xor eax,[edi+00000088]
"AlienShooter.exe"+6F8BA: 83 E0 10                       -  and eax,10
}

Copy-paste it, activate it, fire 1 time, reload your weapon and you're set for the current weapon.

Notes:

1] You will have to redo this operation if you press TAB and Esc.
2] The game will re-initialize the player inventory, thus each item in the inventory will have a new structure, therefore address. So the 0 and small values the script wrote when you reloaded last time won't be there, as your weapon's structure address has changed.
3] Similarly, if you change weapons, the addresses/values will reset again.

BR,
Sun

EDIT: Hit a crash at some point, will investigate later.

[Veav]

Some folks are too cool for school. I don't come here for game reviews so :shrug:

Did you happen to notice the Components widget while you were poking around in there?

[SunBeam]

I did. Just buy purple items, sell them out. Exit to main menu, go back in-game, open shop, buy again. Loop It really isn't worth me trying to figure out the bar value to hack it for fast points.. or the points # for that matter.. Note that if you break on the routine I hooked for Money, you will most likely find out where the "perk" points are That's what they call them. I'll check it myself, perhaps this is just a quick fix (2 in 1)

[SunBeam]

Here's the altered script to also tamper Components transactions

Code: Select all

{ Game   : AlienShooter.exe
  Version:
  Date   : 2020-01-27
  Author : SunBeam
}

[ENABLE]

aobscanmodule( hk_ScriptVars, AlienShooter.exe, 8D55E88B4E0468C1BDF0FF )
registersymbol( hk_ScriptVars )

alloc( Hook, 0x1000, AlienShooter.exe )

label( szVarA )
registersymbol( szVarA )
label( szVarB )
registersymbol( szVarB )

Hook:
lea edx,[ebp-18] // original

// we want to modify stuff here only when a certain script runs
// and that is easily determined from the EDX pointer, as string

push esi              // backup esi
push edi              // backup edi
push ecx
mov esi,[edx]         // get source pointer in esi
lea edi,[szVarA]      // get string against we'll compare
mov ecx,18            // sizeof( string ) + 1 to check, including 00
repe cmpsb
jne short @f          // if strings don't match, exit

// if they do match, then
// hijack the transaction, setting value to a constant 5.000.000

mov [ebp+C],4C4B40

@@:
mov esi,[edx]         // get source pointer in esi
lea edi,[szVarB]      // get string against we'll compare
mov ecx,1E            // sizeof( string ) + 1 to check, including 00
repe cmpsb
jne short @f          // if strings don't match, exit

// if they do match, then
// hijack the transaction, adding 2.000 to it

add [ebp+C],7D0

@@:
pop ecx               // restore ecx
pop edi               // restore edi
pop esi               // restore esi
//
mov ecx,[esi+04]
jmp hk_ScriptVars+6

szVarA:
db 'temp.cache.player.money',0

szVarB:
db 'temp.cache.player.rank.points',0

hk_ScriptVars:
jmp Hook
nop

[DISABLE]

hk_ScriptVars:
db 8D 55 E8 8B 4E 04

unregistersymbol( szVarB )
unregistersymbol( szVarA )
dealloc(Hook)
unregistersymbol( hk_ScriptVars )

{
// ORIGINAL CODE - INJECTION POINT: "AlienShooter.exe"+CDC2B

"AlienShooter.exe"+CDC06: A1 EC 8F 08 01        -  mov eax,[AlienShooter.exe+4A8FEC]
"AlienShooter.exe"+CDC0B: 33 C5                 -  xor eax,ebp
"AlienShooter.exe"+CDC0D: 50                    -  push eax
"AlienShooter.exe"+CDC0E: 8D 45 F4              -  lea eax,[ebp-0C]
"AlienShooter.exe"+CDC11: 64 A3 00 00 00 00     -  mov fs:[00000000],eax
"AlienShooter.exe"+CDC17: 8B F1                 -  mov esi,ecx
"AlienShooter.exe"+CDC19: 8B 55 08              -  mov edx,[ebp+08]
"AlienShooter.exe"+CDC1C: 8D 4D E8              -  lea ecx,[ebp-18]
"AlienShooter.exe"+CDC1F: E8 3C FB FF FF        -  call AlienShooter.exe+CD760
"AlienShooter.exe"+CDC24: C7 45 FC 00 00 00 00  -  mov [ebp-04],00000000
// ---------- INJECTING HERE ----------
"AlienShooter.exe"+CDC2B: 8D 55 E8              -  lea edx,[ebp-18]
"AlienShooter.exe"+CDC2E: 8B 4E 04              -  mov ecx,[esi+04]
// ---------- DONE INJECTING  ----------
"AlienShooter.exe"+CDC31: 68 C1 BD F0 FF        -  push FFF0BDC1
"AlienShooter.exe"+CDC36: 52                    -  push edx
"AlienShooter.exe"+CDC37: 8B 01                 -  mov eax,[ecx]
"AlienShooter.exe"+CDC39: FF 50 0C              -  call dword ptr [eax+0C]
"AlienShooter.exe"+CDC3C: 8B 7D 0C              -  mov edi,[ebp+0C]
"AlienShooter.exe"+CDC3F: 3B F8                 -  cmp edi,eax
"AlienShooter.exe"+CDC41: 74 19                 -  je AlienShooter.exe+CDC5C
"AlienShooter.exe"+CDC43: 8B 4E 04              -  mov ecx,[esi+04]
"AlienShooter.exe"+CDC46: 57                    -  push edi
"AlienShooter.exe"+CDC47: FF 75 08              -  push [ebp+08]
}

Read the comments in the script to understand what it does.

Other elements I've found while playing with that hook:

<while dragging a weapon in the Dissassemble box in Components window>

Code: Select all

Superior RIPPER H240

temp.cache.store_disassemble.model.0.hash							EB8ED2E5
temp.cache.store_disassemble.model.0.category						27
temp.cache.store_disassemble.model.0.upgrade						0
temp.cache.store_disassemble.model.0.perks.count					3
temp.cache.store_disassemble.model.0.perk.0.id						C
temp.cache.store_disassemble.model.0.perk.0.param0					1770
temp.cache.store_disassemble.model.0.perk.0.param1					145
temp.cache.store_disassemble.model.0.perk.0.param2					50
temp.cache.store_disassemble.model.0.perk.0.param3					0
temp.cache.store_disassemble.model.0.perk.0.ismajor					1
temp.cache.store_disassemble.model.0.perk.0.power					1
temp.cache.store_disassemble.model.0.perk.0.damage.perk.power		0
temp.cache.store_disassemble.model.0.perk.1.id						5
temp.cache.store_disassemble.model.0.perk.1.param0					E7A
temp.cache.store_disassemble.model.0.perk.1.param1					8C
temp.cache.store_disassemble.model.0.perk.1.param2					0
temp.cache.store_disassemble.model.0.perk.1.param3					0
temp.cache.store_disassemble.model.0.perk.1.ismajor					0
temp.cache.store_disassemble.model.0.perk.1.power					5
temp.cache.store_disassemble.model.0.perk.1.damage.perk.power		0
temp.cache.store_disassemble.model.0.perk.2.id						B
temp.cache.store_disassemble.model.0.perk.2.param0					0
temp.cache.store_disassemble.model.0.perk.2.param1					0
temp.cache.store_disassemble.model.0.perk.2.param2					0
temp.cache.store_disassemble.model.0.perk.2.param3					0
temp.cache.store_disassemble.model.0.perk.2.ismajor					0
temp.cache.store_disassemble.model.0.perk.2.power					3
temp.cache.store_disassemble.model.0.perk.2.damage.perk.power		0
temp.cache.store_disassemble.model.0.free_sockets.count				0
temp.cache.store_disassemble.model.0.used_sockets.count				0
temp.cache.store_disassemble.model.0.model.new						1
temp.cache.store_disassemble.model.0.dps							E9
temp.cache.store_disassemble.model.0.mobility						3E
temp.cache.store_disassemble.model.0.reload							1004
temp.cache.store_disassemble.model.0.shot_speed						78
temp.cache.store_disassemble.model.0.min_damage						88B8
temp.cache.store_disassemble.model.0.max_damage						88B8
temp.cache.store_disassemble.model.0.damage.perk.power				1

<while rank points increasing (click Disassemble button)>

Code: Select all

temp.cache.player.rank.points -> 4350 (4100 + 250)(0x10FE) / 8800 (0x2260)

<while gaining a rank level (click Disassemble button)>

Code: Select all

temp.cache.player.rank -> E = 14
temp.cache.weaponary.item.17.988054879.character.experience -> 12400
temp.cache.weaponary.item.17.988054879.upgrade -> 15
temp.cache.weaponary.item.17.988054879.character.skill.points -> 4
temp.cache.weaponary.item.17.988054879.character.simulated.experience -> 0
temp.cache.weaponary.item.17.988054879.character.experience -> 0

<while using a rank point to upgrade Modifications>

Code: Select all

temp.cache.weaponary.item.17.988054879.character.skill.points -> current
temp.cache.weaponary.item.17.988054879.character.used.skill.points -> 16
temp.cache.weaponary.item.17.988054879.skill.weaponary.item.22.811556288 -> 3

BR,
Sun

[serg2011ubercan]

I don't get it.. what the fuck is wrong with some of you, people? You finished way worse games than this one.. what's with the "this piece of russian game"? "Racist" much? The game is decent, has its quirks, no one asks you to play the 'repetitive' missions and what not. Furthermore, you're clearly saying "I didn't buy this, yet I played and finished it". Which makes you a complete hypocrite. Bitching about how crap the game is, yet finishing it is the same as complaining games have micro-transactions, yet buying shit in-game anyway I fucking hate the way people like to portray themselves as something they aren't. Just cuz anonymity...

Dear admin,
1. i am russian
2. I hate only ledend, i am fan of previous AS games
3. i bought Legend and i have my own mind about it.
Also alien drone don't cost that time spend on nasty guy tasks for grinding 30 parts every his mision. I hate his missions more than other. His drone in reward is like shit in gift wrap imho.

[SunBeam]

Use the script above, dear user. Adjust it to add more than 2.000 as you disassemble items. Then you won't need to grind. Try the script out.

[serg2011ubercan]

Use the script above, dear user. Adjust it to add more than 2.000 as you disassemble items. Then you won't need to grind. Try the script out.

you seem to mis-understood my post. How disassembling weapons connects to alien old man mission to get alien drone. Oh, you seem just don't know about this item yet ? I spent many time just to finish that alien side storyline and i told about it. i already get pumped both skill tree, thanks.

[SunBeam]

Man, good for you. Just move on to the next game you're wasting your life with.. Thanks!

[Jetstream17]

HELLOOOOOO............??????????????? anybody here ????????????. any update on the table for latest version ??? helloooooooooooooooooo???

[Jetstream17]

HELLOOOOOOOOOOOOOOOOOOOOOOOO ????????????????? WHY IS IT JUST STOP SUDDENLY THIS THREAD ??? SOMEONE IS TOO SMART HERE ?? OR WHAT ??

[SunBeam]

^ How about you shut the fuck up? Spamming for nothing T_T -> viewtopic.php?f=4&t=11464. The next time the game updates, fix it on your own, if that's the kind of attitude you're showing.

P.S.: Using CAPSLOCK or multiple ! or ? shows a person who's exerting authority, Hitler-style. Demanding others do for them what they want. And we don't tolerate that attitude here. So behave. Next time I will just ignore you and won't post shit; ignorance is the best weapon for the likes of you, I believe. Consider yourself warned.