Garik66 Опубликовано 9 мая, 2016 Поделиться Опубликовано 9 мая, 2016 (изменено) Уроки, связанные с этой таблицей Cheat Engine: 1. Dark Souls взлом Chance Drop 3. Делаем таблицу Cheat Engine мультиязычной 4. Dark Souls Sale Items (Dark Souls взлом Chance Drop - part 2) Скрипты: 1. ID of the highlighted object Скрытый текст { Game : DARKSOULS.exe Version: Date : 2016-05-09 Author : Garik66 This script does blah blah blah } [ENABLE] aobscanmodule(Slot,DARKSOULS.exe,89 90 E4 01 00 00 E8) // should be unique aobscanmodule(Quantity,DARKSOULS.exe,8B 48 08 89 4C 24 10) alloc(newmem,$1000) label(newmem1) label(code) label(code1) label(return) label(return1) label(IDSlot) label(IDItem) registersymbol(IDItem) registersymbol(Slot) registersymbol(Quantity) newmem: mov [IDSlot],edx code: mov [eax+000001E4],edx jmp return newmem1: cmp esi,[IDSlot] jne code1 push [eax+04] pop [IDItem] code1: mov ecx,[eax+08] mov [esp+10],ecx jmp return1 IDSlot: dd 0 IDItem: dd 0 Slot: jmp newmem db 90 return: Quantity: jmp newmem1 db 90 90 return1: [DISABLE] Slot: db 89 90 E4 01 00 00 Quantity: db 8B 48 08 89 4C 24 10 unregistersymbol(IDItem) unregistersymbol(Quantity) unregistersymbol(Slot) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: "DARKSOULS.exe"+86AFD9 "DARKSOULS.exe"+86AFB6: 8B 8E 00 01 00 00 - mov ecx,[esi+00000100] "DARKSOULS.exe"+86AFBC: 3B CB - cmp ecx,ebx "DARKSOULS.exe"+86AFBE: 7C 14 - jl DARKSOULS.exe+86AFD4 "DARKSOULS.exe"+86AFC0: 8B 96 38 01 00 00 - mov edx,[esi+00000138] "DARKSOULS.exe"+86AFC6: 8B 52 04 - mov edx,[edx+04] "DARKSOULS.exe"+86AFC9: 03 CF - add ecx,edi "DARKSOULS.exe"+86AFCB: 8B 0C 8A - mov ecx,[edx+ecx*4] "DARKSOULS.exe"+86AFCE: 8B 50 04 - mov edx,[eax+04] "DARKSOULS.exe"+86AFD1: 8B 14 8A - mov edx,[edx+ecx*4] "DARKSOULS.exe"+86AFD4: A1 D0 56 37 01 - mov eax,[DARKSOULS.exe+F756D0] // ---------- INJECTING HERE ---------- "DARKSOULS.exe"+86AFD9: 89 90 E4 01 00 00 - mov [eax+000001E4],edx // ---------- DONE INJECTING ---------- "DARKSOULS.exe"+86AFDF: E8 2C DB FF FF - call DARKSOULS.exe+868B10 "DARKSOULS.exe"+86AFE4: 68 F0 1A 1C 01 - push DARKSOULS.exe+DC1AF0 "DARKSOULS.exe"+86AFE9: 8B CE - mov ecx,esi "DARKSOULS.exe"+86AFEB: E8 D0 93 B1 FF - call DARKSOULS.exe+3843C0 "DARKSOULS.exe"+86AFF0: 3B C3 - cmp eax,ebx "DARKSOULS.exe"+86AFF2: 74 24 - je DARKSOULS.exe+86B018 "DARKSOULS.exe"+86AFF4: 83 EC 08 - sub esp,08 "DARKSOULS.exe"+86AFF7: 8B CC - mov ecx,esp "DARKSOULS.exe"+86AFF9: C7 41 04 02 00 00 00 - mov [ecx+04],00000002 "DARKSOULS.exe"+86B000: C7 01 E1 2E 00 00 - mov [ecx],00002EE1 } { // ORIGINAL CODE - INJECTION POINT: "DARKSOULS.exe"+80B910 "DARKSOULS.exe"+80B8EE: 3B B7 18 01 00 00 - cmp esi,[edi+00000118] "DARKSOULS.exe"+80B8F4: 7D 08 - jnl DARKSOULS.exe+80B8FE "DARKSOULS.exe"+80B8F6: 8B 87 20 01 00 00 - mov eax,[edi+00000120] "DARKSOULS.exe"+80B8FC: EB 06 - jmp DARKSOULS.exe+80B904 "DARKSOULS.exe"+80B8FE: 8B 87 24 01 00 00 - mov eax,[edi+00000124] "DARKSOULS.exe"+80B904: 03 C3 - add eax,ebx "DARKSOULS.exe"+80B906: 85 C0 - test eax,eax "DARKSOULS.exe"+80B908: 74 4E - je DARKSOULS.exe+80B958 "DARKSOULS.exe"+80B90A: 80 78 10 00 - cmp byte ptr [eax+10],00 "DARKSOULS.exe"+80B90E: 74 48 - je DARKSOULS.exe+80B958 // ---------- INJECTING HERE ---------- "DARKSOULS.exe"+80B910: 8B 48 08 - mov ecx,[eax+08] "DARKSOULS.exe"+80B913: 89 4C 24 10 - mov [esp+10],ecx // ---------- DONE INJECTING ---------- "DARKSOULS.exe"+80B917: 8B 48 04 - mov ecx,[eax+04] "DARKSOULS.exe"+80B91A: 8B 00 - mov eax,[eax] "DARKSOULS.exe"+80B91C: E8 EF F2 FF FF - call DARKSOULS.exe+80AC10 "DARKSOULS.exe"+80B921: F3 0F 2A 4C 24 10 - cvtsi2ss xmm1,[esp+10] "DARKSOULS.exe"+80B927: F3 0F 5A C0 - cvtss2sd xmm0,xmm0 "DARKSOULS.exe"+80B92B: F3 0F 5A C9 - cvtss2sd xmm1,xmm1 "DARKSOULS.exe"+80B92F: F2 0F 59 C1 - mulsd xmm0,xmm1 "DARKSOULS.exe"+80B933: F2 0F 5A C0 - cvtsd2ss xmm0,xmm0 "DARKSOULS.exe"+80B937: 0F 2F 05 B0 73 15 01 - comiss xmm0,[DARKSOULS.exe+D573B0] "DARKSOULS.exe"+80B93E: 76 18 - jna DARKSOULS.exe+80B958 } 2. Add Item Скрытый текст { Game : DARKSOULS.exe Version: Date : 2016-05-09 Author : Garik66 This script does blah blah blah } [ENABLE] aobscanmodule(Item,DARKSOULS.exe,CA 8B 74 24 24 39 31) // should be unique alloc(newmem,$1000) label(code) label(return) label(TypeItem) registersymbol(TypeItem) label(IDItem1) registersymbol(IDItem1) label(Sum) registersymbol(Sum) label(Durability) registersymbol(Durability) label(flag) registersymbol(flag) registersymbol(Item) newmem: mov esi,[esp+24] cmp [ecx],esi cmp [flag],1 jne code cmp [ecx],FFFFFFFF jne code push [TypeItem] pop [ecx] push [IDItem1] pop [ecx+04] push [Sum] pop [ecx+08] mov [ecx+10],1 push [Durability] pop [ecx+14] mov [flag],0 code: jmp return TypeItem: dd 0 IDItem1: dd 0 Sum: dd 1 Durability: dd 0 flag: dd 0 Item+01: jmp newmem nop return: [DISABLE] Item+01: db 8B 74 24 24 39 31 unregistersymbol(TypeItem) unregistersymbol(IDItem1) unregistersymbol(Sum) unregistersymbol(Durability) unregistersymbol(flag) unregistersymbol(Item) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: "DARKSOULS.exe"+809DD8 "DARKSOULS.exe"+809DB4: 85 C0 - test eax,eax "DARKSOULS.exe"+809DB6: 7C 20 - jl DARKSOULS.exe+809DD8 "DARKSOULS.exe"+809DB8: 3B 85 10 01 00 00 - cmp eax,[ebp+00000110] "DARKSOULS.exe"+809DBE: 7D 18 - jnl DARKSOULS.exe+809DD8 "DARKSOULS.exe"+809DC0: 3B 85 18 01 00 00 - cmp eax,[ebp+00000118] "DARKSOULS.exe"+809DC6: 7D 08 - jnl DARKSOULS.exe+809DD0 "DARKSOULS.exe"+809DC8: 8B 8D 20 01 00 00 - mov ecx,[ebp+00000120] "DARKSOULS.exe"+809DCE: EB 06 - jmp DARKSOULS.exe+809DD6 "DARKSOULS.exe"+809DD0: 8B 8D 24 01 00 00 - mov ecx,[ebp+00000124] "DARKSOULS.exe"+809DD6: 03 CA - add ecx,edx // ---------- INJECTING HERE ---------- "DARKSOULS.exe"+809DD8: 8B 74 24 24 - mov esi,[esp+24] "DARKSOULS.exe"+809DDC: 39 31 - cmp [ecx],esi // ---------- DONE INJECTING ---------- "DARKSOULS.exe"+809DDE: 75 05 - jne DARKSOULS.exe+809DE5 "DARKSOULS.exe"+809DE0: 39 79 04 - cmp [ecx+04],edi "DARKSOULS.exe"+809DE3: 74 0B - je DARKSOULS.exe+809DF0 "DARKSOULS.exe"+809DE5: 40 - inc eax "DARKSOULS.exe"+809DE6: 83 C2 1C - add edx,1C "DARKSOULS.exe"+809DE9: 3B C3 - cmp eax,ebx "DARKSOULS.exe"+809DEB: 7C C5 - jl DARKSOULS.exe+809DB2 "DARKSOULS.exe"+809DED: 83 C8 FF - or eax,-01 "DARKSOULS.exe"+809DF0: 5F - pop edi "DARKSOULS.exe"+809DF1: 5E - pop esi } Видео: Табличка: // Таблицу выложил в 4 теме (см. ссылку вверху). Изменено 13 мая, 2016 пользователем Garik66 3 Ссылка на комментарий Поделиться на другие сайты Поделиться
Рекомендуемые сообщения