Code: Select all
<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
<CheatEntries>
<CheatEntry>
<ID>1951</ID>
<Description>"Multi Skill Upgrade Toggle (Modifier Key Ctrl/L2)"</Description>
<LastState/>
<Color>FF8000</Color>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>[ENABLE]
aobscanmodule(aob_controllerState,ShadowOfWar.exe,0F 11 87 40 01 00 00 48 8D)
registersymbol(aob_controllerState)
alloc(newmem_controllerState,1024,ShadowOfWar.exe)
alloc(ptr_controllerState,8,ShadowOfWar.exe)
label(return_controllerState)
newmem_controllerState:
lea rbp,[rdi+00000140]
mov [ptr_controllerState],rbp
movups [rdi+00000140],xmm0
jmp long return_controllerState
aob_controllerState:
jmp newmem_controllerState
nop
nop
return_controllerState:
//====================================================================================================
aobscanmodule(aob_MultiSkillUpgrade,ShadowOfWar.exe,49 8B 16 45 8B C7)
alloc(newmem_MultiSkillUpgrade,1024,ShadowOfWar.exe)
label(backup_MultiSkillUpgrade)
label(return_MultiSkillUpgrade)
registersymbol(aob_MultiSkillUpgrade)
registersymbol(backup_MultiSkillUpgrade)
newmem_MultiSkillUpgrade:
sub rsp,28
//Keyboard Modifier
push rax
push rcx
push rdx
push r8
push r9
push r10
push r11
mov rcx,11 //VK_CONTROL = 0x11
call GetAsyncKeyState
test ax,ax
pop r11
pop r10
pop r9
pop r8
pop rdx
pop rcx
pop rax
js short @f
//Gamepad Modifier
push rax
mov rax,[ptr_controllerState]
cmp byte ptr [rax+6],0
pop rax
jne short @f
add rsp,28
//Original Code
reassemble(aob_MultiSkillUpgrade+9)
jmp long return_MultiSkillUpgrade
@@:
add rsp,28
jmp long return_MultiSkillUpgrade
backup_MultiSkillUpgrade:
readmem(aob_MultiSkillUpgrade+9,5)
aob_MultiSkillUpgrade+9:
jmp newmem_MultiSkillUpgrade
return_MultiSkillUpgrade:
[DISABLE]
aob_MultiSkillUpgrade+9:
readmem(backup_MultiSkillUpgrade,5)
unregistersymbol(aob_MultiSkillUpgrade)
unregistersymbol(backup_MultiSkillUpgrade)
dealloc(newmem_MultiSkillUpgrade)
{
// ORIGINAL CODE - INJECTION POINT: ShadowOfWar.AK::StreamMgr::SetFileLocationResolver+8A184A
"ShadowOfWar.exe"+18572C5: 48 8B 8E A0 03 00 00 - mov rcx,[rsi+000003A0]
"ShadowOfWar.exe"+18572CC: 48 85 C9 - test rcx,rcx
"ShadowOfWar.exe"+18572CF: 74 21 - je ShadowOfWar.exe+18572F2
"ShadowOfWar.exe"+18572D1: 4C 39 61 40 - cmp [rcx+40],r12
"ShadowOfWar.exe"+18572D5: 74 1B - je ShadowOfWar.exe+18572F2
"ShadowOfWar.exe"+18572D7: 48 8B 0D 02 3D AD 00 - mov rcx,[ShadowOfWar.exe+232AFE0]
"ShadowOfWar.exe"+18572DE: BA 08 00 00 00 - mov edx,00000008
"ShadowOfWar.exe"+18572E3: 4D 8B 06 - mov r8,[r14]
"ShadowOfWar.exe"+18572E6: 48 8B 89 18 6D 00 00 - mov rcx,[rcx+00006D18]
"ShadowOfWar.exe"+18572ED: E8 76 86 F6 FF - call ShadowOfWar.exe+17BF968
// ---------- INJECTING HERE ----------
"ShadowOfWar.exe"+18572F2: 49 8B 16 - mov rdx,[r14]
"ShadowOfWar.exe"+18572F5: 45 8B C7 - mov r8d,r15d
// ---------- DONE INJECTING ----------
"ShadowOfWar.exe"+18572F8: 48 8B CE - mov rcx,rsi
"ShadowOfWar.exe"+18572FB: E8 68 72 C7 FE - call ShadowOfWar.exe+4CE568
"ShadowOfWar.exe"+1857300: 49 83 C6 08 - add r14,08
"ShadowOfWar.exe"+1857304: 48 FF C7 - inc rdi
"ShadowOfWar.exe"+1857307: 48 3B FB - cmp rdi,rbx
"ShadowOfWar.exe"+185730A: 75 A7 - jne ShadowOfWar.exe+18572B3
"ShadowOfWar.exe"+185730C: 8B 85 90 01 00 00 - mov eax,[rbp+00000190]
"ShadowOfWar.exe"+1857312: 48 8D 8D 98 01 00 00 - lea rcx,[rbp+00000198]
"ShadowOfWar.exe"+1857319: 49 8B FC - mov rdi,r12
"ShadowOfWar.exe"+185731C: 4C 8D B5 98 01 00 00 - lea r14,[rbp+00000198]
}
//====================================================================================================
aob_controllerState:
db 0F 11 87 40 01 00 00
unregistersymbol(aob_controllerState)
unregistersymbol(ptr_controllerState)
dealloc(newmem_controllerState)
dealloc(ptr_controllerState)
{
// ORIGINAL CODE - INJECTION POINT: ShadowOfWar.AK::MemoryMgr::Free+8E792
"ShadowOfWar.exe"+245989: 41 56 - push r14
"ShadowOfWar.exe"+24598B: 41 57 - push r15
"ShadowOfWar.exe"+24598D: 48 83 EC 30 - sub rsp,30
"ShadowOfWar.exe"+245991: 48 8B F9 - mov rdi,rcx
"ShadowOfWar.exe"+245994: 48 8D 91 18 01 00 00 - lea rdx,[rcx+00000118]
"ShadowOfWar.exe"+24599B: 48 8D 48 18 - lea rcx,[rax+18]
"ShadowOfWar.exe"+24599F: E8 8C B5 B8 00 - call ShadowOfWar.exe+DD0F30
"ShadowOfWar.exe"+2459A4: 0F 10 87 90 01 00 00 - movups xmm0,[rdi+00000190]
"ShadowOfWar.exe"+2459AB: 4C 8D B7 80 01 00 00 - lea r14,[rdi+00000180]
"ShadowOfWar.exe"+2459B2: 4C 8D 7F 08 - lea r15,[rdi+08]
// ---------- INJECTING HERE ----------
"ShadowOfWar.exe"+2459B6: 0F 11 87 40 01 00 00 - movups [rdi+00000140],xmm0
// ---------- DONE INJECTING ----------
"ShadowOfWar.exe"+2459BD: 48 8D 6C 24 70 - lea rbp,[rsp+70]
"ShadowOfWar.exe"+2459C2: 0F 10 8F A0 01 00 00 - movups xmm1,[rdi+000001A0]
"ShadowOfWar.exe"+2459C9: 0F 11 8F 50 01 00 00 - movups [rdi+00000150],xmm1
"ShadowOfWar.exe"+2459D0: 0F 10 87 B0 01 00 00 - movups xmm0,[rdi+000001B0]
"ShadowOfWar.exe"+2459D7: 0F 11 87 60 01 00 00 - movups [rdi+00000160],xmm0
"ShadowOfWar.exe"+2459DE: 0F 10 8F C0 01 00 00 - movups xmm1,[rdi+000001C0]
"ShadowOfWar.exe"+2459E5: 0F 11 8F 70 01 00 00 - movups [rdi+00000170],xmm1
"ShadowOfWar.exe"+2459EC: 8B 87 D0 01 00 00 - mov eax,[rdi+000001D0]
"ShadowOfWar.exe"+2459F2: 89 44 24 70 - mov [rsp+70],eax
"ShadowOfWar.exe"+2459F6: 33 C0 - xor eax,eax
}
</AssemblerScript>
</CheatEntry>
</CheatEntries>
</CheatTable>
Multi Skill Upgrade Toggle (Modifier Key Ctrl/L2) - Self-explanatory. Retains normal game behavior if modifier key is not pressed.