Sweet option! It's worth asking if you're using an AMD or Intel build as it affects the offsets depending on which you're using.Compeador wrote: ↑Thu Jul 09, 2020 12:05 pmIDK whether it's been posted, I made a cheat that allows you to unlock any chest without keys, good treasure hunting in dungeons everyone (just copy paste the code below in CE)Code: Select all
<?xml version="1.0" encoding="utf-8"?> <CheatTable> <CheatEntries> <CheatEntry> <ID>15508</ID> <Description>"Picklock Chest"</Description> <LastState/> <VariableType>Auto Assembler Script</VariableType> <AssemblerScript>define(INJ_CHEST_KEY,Terraria.Player::TileInteractionsUse+33B1) define(INJ_CHEST_KEY_PASS,Terraria.Chest::Unlock+17A) define(INJ_CHEST_FREE_KEY,Terraria.Player::TileInteractionsUse+3415) [ENABLE] assert(INJ_CHEST_KEY,3B 85 78 FE FF FF 0F 85) alloc(newmem,$1000) label(code) label(return) newmem: mov eax,[ebp-188] jmp code code: cmp eax,[ebp-00000188] jmp return INJ_CHEST_KEY: jmp newmem nop return: // ============================== assert(INJ_CHEST_KEY_PASS,75 07 33 C0 E9 50 01 00 00 C7) // should be unique alloc(newmem2,$1000) label(code2) label(return2) newmem2: jmp Terraria.Chest::Unlock+183 jmp return2 code2: jne Terraria.Chest::Unlock+183 xor eax,eax jmp Terraria.Chest::Unlock+2D3 jmp return2 INJ_CHEST_KEY_PASS: jmp newmem2 nop 4 return2: // ============================== assert(INJ_CHEST_FREE_KEY,FF 88 A4 00 00 00) alloc(newmem5,$1000) label(code5) label(return5) newmem5: jmp return5 code5: dec [eax+000000A4] jmp return5 INJ_CHEST_FREE_KEY+01: jmp newmem5 nop return5: [DISABLE] INJ_CHEST_KEY: db 3B 85 78 FE FF FF dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: 288533F1 288533B9: C7 85 78 FE FF FF 6A 12 00 00 - mov [ebp-00000188],0000126A 288533C3: C7 85 80 FE FF FF 01 00 00 00 - mov [ebp-00000180],00000001 288533CD: 33 DB - xor ebx,ebx 288533CF: 83 FB 3A - cmp ebx,3A 288533D2: 0F 8D 3B 01 00 00 - jnl 28853513 288533D8: 8B 86 C4 00 00 00 - mov eax,[esi+000000C4] 288533DE: 3B 58 04 - cmp ebx,[eax+04] 288533E1: 0F 83 FE 03 00 00 - jae 288537E5 288533E7: 8B 44 98 08 - mov eax,[eax+ebx*4+08] 288533EB: 8B 80 90 00 00 00 - mov eax,[eax+00000090] // ---------- INJECTING HERE ---------- 288533F1: 3B 85 78 FE FF FF - cmp eax,[ebp-00000188] // ---------- DONE INJECTING ---------- 288533F7: 0F 85 0C 01 00 00 - jne 28853509 288533FD: 8B 86 C4 00 00 00 - mov eax,[esi+000000C4] 28853403: 3B 58 04 - cmp ebx,[eax+04] 28853406: 0F 83 D9 03 00 00 - jae 288537E5 2885340C: 8B 44 98 08 - mov eax,[eax+ebx*4+08] 28853410: 83 B8 A4 00 00 00 00 - cmp dword ptr [eax+000000A4],00 28853417: 0F 8E EC 00 00 00 - jng 28853509 2885341D: 8B 8D 90 FE FF FF - mov ecx,[ebp-00000170] 28853423: 8B 95 8C FE FF FF - mov edx,[ebp-00000174] 28853429: E8 B2 EE AA F3 - call 1C3022E0 } INJ_CHEST_KEY_PASS: db 75 07 33 C0 E9 50 01 00 00 dealloc(newmem2) { // ORIGINAL CODE - INJECTION POINT: 1C30245A 1C30241B: FF 24 95 C8 25 30 1C - jmp dword ptr [edx*4+1C3025C8] 1C302422: C7 45 E8 24 00 00 00 - mov [ebp-18],00000024 1C302429: C7 45 E4 0B 00 00 00 - mov [ebp-1C],0000000B 1C302430: B9 13 00 00 00 - mov ecx,00000013 1C302435: FF 15 EC 2C 10 1C - call dword ptr [1C102CEC] 1C30243B: E9 95 00 00 00 - jmp 1C3024D5 1C302440: C7 45 E8 24 00 00 00 - mov [ebp-18],00000024 1C302447: C7 45 E4 0B 00 00 00 - mov [ebp-1C],0000000B 1C30244E: E9 82 00 00 00 - jmp 1C3024D5 1C302453: 80 3D 04 0A 12 07 00 - cmp byte ptr [07120A04],00 // ---------- INJECTING HERE ---------- 1C30245A: 75 07 - jne 1C302463 1C30245C: 33 C0 - xor eax,eax 1C30245E: E9 50 01 00 00 - jmp 1C3025B3 // ---------- DONE INJECTING ---------- 1C302463: C7 45 E8 B4 00 00 00 - mov [ebp-18],000000B4 1C30246A: C7 45 E4 0B 00 00 00 - mov [ebp-1C],0000000B 1C302471: B9 14 00 00 00 - mov ecx,00000014 1C302476: FF 15 EC 2C 10 1C - call dword ptr [1C102CEC] 1C30247C: EB 57 - jmp 1C3024D5 1C30247E: C7 45 E8 24 00 00 00 - mov [ebp-18],00000024 1C302485: C7 45 E4 0B 00 00 00 - mov [ebp-1C],0000000B 1C30248C: EB 47 - jmp 1C3024D5 1C30248E: 33 C0 - xor eax,eax 1C302490: E9 1E 01 00 00 - jmp 1C3025B3 } INJ_CHEST_FREE_KEY+01: db FF 88 A4 00 00 00 dealloc(newmem5) { // ORIGINAL CODE - INJECTION POINT: 28853455 28853423: 8B 95 8C FE FF FF - mov edx,[ebp-00000174] 28853429: E8 B2 EE AA F3 - call 1C3022E0 2885342E: 85 C0 - test eax,eax 28853430: 0F 84 D3 00 00 00 - je 28853509 28853436: 81 BD 78 FE FF FF 49 01 00 00 - cmp [ebp-00000188],00000149 28853440: 74 6F - je 288534B1 28853442: 8B 86 C4 00 00 00 - mov eax,[esi+000000C4] 28853448: 3B 58 04 - cmp ebx,[eax+04] 2885344B: 0F 83 94 03 00 00 - jae 288537E5 28853451: 8B 44 98 08 - mov eax,[eax+ebx*4+08] // ---------- INJECTING HERE ---------- 28853455: FF 88 A4 00 00 00 - dec [eax+000000A4] // ---------- DONE INJECTING ---------- 2885345B: 8B 86 C4 00 00 00 - mov eax,[esi+000000C4] 28853461: 3B 58 04 - cmp ebx,[eax+04] 28853464: 0F 83 7B 03 00 00 - jae 288537E5 2885346A: 8B 44 98 08 - mov eax,[eax+ebx*4+08] 2885346E: 83 B8 A4 00 00 00 00 - cmp dword ptr [eax+000000A4],00 28853475: 7F 3A - jg 288534B1 28853477: B9 AC 4F 74 07 - mov ecx,07744FAC 2885347C: E8 47 FC 0C D9 - call 019230C8 28853481: 89 85 70 FD FF FF - mov [ebp-00000290],eax 28853487: 8B 86 C4 00 00 00 - mov eax,[esi+000000C4] } </AssemblerScript> </CheatEntry> </CheatEntries> </CheatTable>
How to use this cheat table?
- Install Cheat Engine
- Double-click the .CT file in order to open it.
- Click the PC icon in Cheat Engine in order to select the game process.
- Keep the list.
- Activate the trainer options by checking boxes or setting values from 0 to 1