-
Постов
79 -
Зарегистрирован
-
Посещение
-
Победитель дней
12
Тип контента
Профили
Форумы
Загрузки
Блоги
Сообщения, опубликованные Tzeentch
-
-
Рядом со смещением душ ещё оказалась и человечность. Добавил в таблицу.
Ещё скрипт на редактирование характеристик игрока. При активации скрипта находит эти характеристики.
StatsFinder
Спойлер{ Game : DarkSoulsRemastered.exe Version: Date : 2022-03-28 Author : Templar This script does blah blah blah } [ENABLE] aobscanmodule(StatsFinder,DarkSoulsRemastered.exe,44 8B 47 40 BA 08 00 00 00) // should be unique alloc(newmem,$1000,StatsFinder) stealtheditex(steStatsFinder,StatsFinder,1) label(steStatAdr) registersymbol(steStatAdr) label(code) label(return) label(ptrStat) registersymbol(ptrStat) newmem: mov [ptrStat],rdi ///делаем метку на структуру code: mov r8d,[rdi+40] mov edx,00000008 jmp return ptrStat: dd 0 steStatsFinder: steStatAdr: jmp newmem nop nop nop nop return: [DISABLE] steStatAdr: db 44 8B 47 40 BA 08 00 00 00 unregistersymbol(steStatAdr) unregistersymbol(ptrStat) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: DarkSoulsRemastered.exe+249343 DarkSoulsRemastered.exe+249315: E8 56 A6 50 00 - call DarkSoulsRemastered.exe+753970 DarkSoulsRemastered.exe+24931A: 8B D0 - mov edx,eax DarkSoulsRemastered.exe+24931C: 0F B6 8F 13 01 00 00 - movzx ecx,byte ptr [rdi+00000113] DarkSoulsRemastered.exe+249323: E8 68 82 2E 00 - call DarkSoulsRemastered.exe+531590 DarkSoulsRemastered.exe+249328: 8B C8 - mov ecx,eax DarkSoulsRemastered.exe+24932A: E8 61 7A 2E 00 - call DarkSoulsRemastered.exe+530D90 DarkSoulsRemastered.exe+24932F: 4C 8B C0 - mov r8,rax DarkSoulsRemastered.exe+249332: BA 07 00 00 00 - mov edx,00000007 DarkSoulsRemastered.exe+249337: 48 8B 0D 92 BA AA 01 - mov rcx,[DarkSoulsRemastered.exe+1CF4DD0] DarkSoulsRemastered.exe+24933E: E8 1D 3B 2F 00 - call DarkSoulsRemastered.exe+53CE60 // ---------- INJECTING HERE ---------- DarkSoulsRemastered.exe+249343: 44 8B 47 40 - mov r8d,[rdi+40] // ---------- DONE INJECTING ---------- DarkSoulsRemastered.exe+249347: BA 08 00 00 00 - mov edx,00000008 DarkSoulsRemastered.exe+24934C: 48 8B 0D 7D BA AA 01 - mov rcx,[DarkSoulsRemastered.exe+1CF4DD0] DarkSoulsRemastered.exe+249353: E8 88 45 2F 00 - call DarkSoulsRemastered.exe+53D8E0 DarkSoulsRemastered.exe+249358: 44 8B 47 48 - mov r8d,[rdi+48] DarkSoulsRemastered.exe+24935C: BA 09 00 00 00 - mov edx,00000009 DarkSoulsRemastered.exe+249361: 48 8B 0D 68 BA AA 01 - mov rcx,[DarkSoulsRemastered.exe+1CF4DD0] DarkSoulsRemastered.exe+249368: E8 73 45 2F 00 - call DarkSoulsRemastered.exe+53D8E0 DarkSoulsRemastered.exe+24936D: 44 8B 47 50 - mov r8d,[rdi+50] DarkSoulsRemastered.exe+249371: BA 0A 00 00 00 - mov edx,0000000A DarkSoulsRemastered.exe+249376: 48 8B 0D 53 BA AA 01 - mov rcx,[DarkSoulsRemastered.exe+1CF4DD0] }
Инструкция работает только с адресом характеристики здоровья игрока.
Ссылка на таблицу - https://drive.google.com/file/d/19Aehs7M9vsw8yJySqeZhAiq2fVtA4eYU/view?usp=sharing
- 2
-
SoulsFinder. При активации скрипта находит адрес душ игрока.
Значение адреса можно менять по усмотрению.
Спойлер{ Game : DarkSoulsRemastered.exe Version: Date : 2022-03-21 Author : Templar This script does blah blah blah } [ENABLE] aobscanmodule(SoulsFinder,DarkSoulsRemastered.exe,44 8B 81 94 00 00 00 45) // should be unique alloc(newmem,$1000,SoulsFinder) stealtheditex(steSoulsFinder,SoulsFinder,1) registersymbol(steSouls) label(steSouls) label(code) label(return) label(ptrSouls) registersymbol(ptrSouls) newmem: code: mov r8d,[rcx+00000094] mov [ptrSouls],rcx jmp return ptrSouls: dd 0 steSoulsFinder: steSouls: jmp newmem nop nop return: [DISABLE] steSouls: db 44 8B 81 94 00 00 00 unregistersymbol(steSouls) unregistersymbol(ptrSouls) dealloc(newmem) { Address of signature = DarkSoulsRemastered.exe + 0x00753410 "\x44\x8B\x00\x00\x00\x00\x00\x45\x33\x00\x44\x89\x00\x00\x00\x45\x8D", "xx?????xx?xx???xx" "44 8B ? ? ? ? ? 45 33 ? 44 89 ? ? ? 45 8D" // ORIGINAL CODE - INJECTION POINT: DarkSoulsRemastered.exe+753410 DarkSoulsRemastered.exe+753406: CC - int 3 DarkSoulsRemastered.exe+753407: CC - int 3 DarkSoulsRemastered.exe+753408: CC - int 3 DarkSoulsRemastered.exe+753409: CC - int 3 DarkSoulsRemastered.exe+75340A: CC - int 3 DarkSoulsRemastered.exe+75340B: CC - int 3 DarkSoulsRemastered.exe+75340C: CC - int 3 DarkSoulsRemastered.exe+75340D: CC - int 3 DarkSoulsRemastered.exe+75340E: CC - int 3 DarkSoulsRemastered.exe+75340F: CC - int 3 // ---------- INJECTING HERE ---------- DarkSoulsRemastered.exe+753410: 44 8B 81 94 00 00 00 - mov r8d,[rcx+00000094] // ---------- DONE INJECTING ---------- DarkSoulsRemastered.exe+753417: 45 33 D2 - xor r10d,r10d DarkSoulsRemastered.exe+75341A: 44 89 54 24 10 - mov [rsp+10],r10d DarkSoulsRemastered.exe+75341F: 45 8D 0C 10 - lea r9d,[r8+rdx] DarkSoulsRemastered.exe+753423: 44 89 4C 24 08 - mov [rsp+08],r9d DarkSoulsRemastered.exe+753428: 45 85 C9 - test r9d,r9d DarkSoulsRemastered.exe+75342B: 79 07 - jns DarkSoulsRemastered.exe+753434 DarkSoulsRemastered.exe+75342D: 48 8D 44 24 10 - lea rax,[rsp+10] DarkSoulsRemastered.exe+753432: EB 17 - jmp DarkSoulsRemastered.exe+75344B DarkSoulsRemastered.exe+753434: 41 81 F9 FF C9 9A 3B - cmp r9d,3B9AC9FF DarkSoulsRemastered.exe+75343B: 48 8D 15 02 8C C7 00 - lea rdx,[DarkSoulsRemastered.exe+13CC044] }
Помимо скрипта прикладываю таблицу. - https://drive.google.com/file/d/1eI3MRfI7kd0z0g2nZoEtvEmSjWcm4afS/view?usp=sharing
-
Заклинания не тратятся. Неограниченное использование заклинаний
Спойлер{ Game : DarkSoulsRemastered.exe Version: Date : 2022-03-21 Author : Templar This script does blah blah blah } [ENABLE] aobscanmodule(InfSpells,DarkSoulsRemastered.exe,03 CF 8B F9 89 0A) // should be unique stealtheditex(steInfSpells,InfSpells,1) registersymbol(steSpell) label(steSpell) steInfSpells: steSpell: db 8B 0A ///mov ecx,[rdx] текущее значение записывается в новое [DISABLE] steSpell: db 03 CF ///add ecx,edi unregistersymbol(steSpell) { Address of signature = DarkSoulsRemastered.exe + 0x00743AE1 "\x03\xCF\x8B\xF9", "xxxx" "03 CF 8B F9" // ORIGINAL CODE - INJECTION POINT: DarkSoulsRemastered.exe+743AE1 DarkSoulsRemastered.exe+743AC4: 48 8B 74 24 60 - mov rsi,[rsp+60] DarkSoulsRemastered.exe+743AC9: 49 8D 45 1C - lea rax,[r13+1C] DarkSoulsRemastered.exe+743ACD: 4C 8B C3 - mov r8,rbx DarkSoulsRemastered.exe+743AD0: 48 8B D0 - mov rdx,rax DarkSoulsRemastered.exe+743AD3: 41 8B 0F - mov ecx,[r15] DarkSoulsRemastered.exe+743AD6: 39 4A FC - cmp [rdx-04],ecx DarkSoulsRemastered.exe+743AD9: 75 18 - jne DarkSoulsRemastered.exe+743AF3 DarkSoulsRemastered.exe+743ADB: 8B 0A - mov ecx,[rdx] DarkSoulsRemastered.exe+743ADD: 85 C9 - test ecx,ecx DarkSoulsRemastered.exe+743ADF: 7E 12 - jle DarkSoulsRemastered.exe+743AF3 // ---------- INJECTING HERE ---------- DarkSoulsRemastered.exe+743AE1: 03 CF - add ecx,edi // ---------- DONE INJECTING ---------- DarkSoulsRemastered.exe+743AE3: 8B F9 - mov edi,ecx DarkSoulsRemastered.exe+743AE5: 89 0A - mov [rdx],ecx DarkSoulsRemastered.exe+743AE7: 79 04 - jns DarkSoulsRemastered.exe+743AED DarkSoulsRemastered.exe+743AE9: 89 1A - mov [rdx],ebx DarkSoulsRemastered.exe+743AEB: EB 06 - jmp DarkSoulsRemastered.exe+743AF3 DarkSoulsRemastered.exe+743AED: 3B FD - cmp edi,ebp DarkSoulsRemastered.exe+743AEF: 7E 0F - jle DarkSoulsRemastered.exe+743B00 DarkSoulsRemastered.exe+743AF1: 2B FD - sub edi,ebp DarkSoulsRemastered.exe+743AF3: 49 FF C0 - inc r8 DarkSoulsRemastered.exe+743AF6: 48 83 C2 08 - add rdx,08 }
Требуется плагин Stealthedit 2.4.
-
Сделал скрипт на пиратку.
Предметы не тратятся, но прибавляются при подборе/покупке.
Спойлер{ Game : DarkSoulsRemastered.exe Version: Date : 2022-03-18 Author : Templar This script does blah blah blah } [ENABLE] aobscanmodule(InfItem,DarkSoulsRemastered.exe,41 89 ? ? 48 8B ? ? ? 48 8B ? ? ? 48 8B ? ? ? 48 83 C4 ? 5F) // should be unique alloc(newmem, $1000, InfItem) stealtheditex(steInfItem, InfItem, 1) label(steAddress) registersymbol(steAddress) label(code) label(return) newmem: cmp eax,[r9+08] ///сравниваем текущее значение с записываемым jl code ///прыгаем если оно уменьшается mov [r9+08],eax ///здесь записывается code: mov rbx,[rsp+30] jmp return steInfItem: steAddress: jmp newmem nop nop nop nop return: [DISABLE] InfItem: db 41 89 41 08 48 8B 5C 24 30 unregistersymbol(steAddress) dealloc(newmem) { Address of signature = DarkSoulsRemastered.exe + 0x0073FCE8 "\x41\x89\x00\x00\x48\x8B\x00\x00\x00\x48\x8B\x00\x00\x00\x48\x8B\x00\x00\x00\x48\x83\xC4\x00\x5F", "xx??xx???xx???xx???xxx?x" "41 89 ? ? 48 8B ? ? ? 48 8B ? ? ? 48 8B ? ? ? 48 83 C4 ? 5F" // ORIGINAL CODE - INJECTION POINT: DarkSoulsRemastered.exe+73FCE8 DarkSoulsRemastered.exe+73FCCB: EB 04 - jmp DarkSoulsRemastered.exe+73FCD1 DarkSoulsRemastered.exe+73FCCD: 4C 03 4F 38 - add r9,[rdi+38] DarkSoulsRemastered.exe+73FCD1: 41 8B 41 08 - mov eax,[r9+08] DarkSoulsRemastered.exe+73FCD5: 03 C5 - add eax,ebp DarkSoulsRemastered.exe+73FCD7: 41 3B C2 - cmp eax,r10d DarkSoulsRemastered.exe+73FCDA: 7E 0C - jle DarkSoulsRemastered.exe+73FCE8 DarkSoulsRemastered.exe+73FCDC: C6 06 01 - mov byte ptr [rsi],01 DarkSoulsRemastered.exe+73FCDF: 41 8B C2 - mov eax,r10d DarkSoulsRemastered.exe+73FCE2: 45 89 51 08 - mov [r9+08],r10d DarkSoulsRemastered.exe+73FCE6: EB 04 - jmp DarkSoulsRemastered.exe+73FCEC // ---------- INJECTING HERE ---------- DarkSoulsRemastered.exe+73FCE8: 41 89 41 08 - mov [r9+08],eax // ---------- DONE INJECTING ---------- DarkSoulsRemastered.exe+73FCEC: 48 8B 5C 24 30 - mov rbx,[rsp+30] DarkSoulsRemastered.exe+73FCF1: 48 8B 6C 24 38 - mov rbp,[rsp+38] DarkSoulsRemastered.exe+73FCF6: 48 8B 74 24 40 - mov rsi,[rsp+40] DarkSoulsRemastered.exe+73FCFB: 48 83 C4 20 - add rsp,20 DarkSoulsRemastered.exe+73FCFF: 5F - pop rdi DarkSoulsRemastered.exe+73FD00: C3 - ret DarkSoulsRemastered.exe+73FD01: CC - int 3 DarkSoulsRemastered.exe+73FD02: CC - int 3 DarkSoulsRemastered.exe+73FD03: CC - int 3 DarkSoulsRemastered.exe+73FD04: CC - int 3 }
Пришлось использовать stealthedit, поскольку игра возвращала прежний код на место.
-
Сделал ещё пару функций.
Невидимость(камеры всё равно видят, люди не видят):
Спойлер{ Game : splintercell3.exe Version: Date : 2022-03-06 Author : Templar This script does blah blah blah Там за видимость отвечает несколько адресов. Камеры всё равно видят. Люди не видят, если не подходить вплотную. } [ENABLE] aobscanmodule(Invisible,splintercell3.exe,D8 00 83 C0 08) // should be unique alloc(newmem,$1000) label(code) label(return) newmem: mov [eax],(float)0 ///обнуляем видимость code: fadd dword ptr [eax] add eax,08 jmp return Invisible: jmp newmem return: registersymbol(Invisible) [DISABLE] Invisible: db D8 00 83 C0 08 unregistersymbol(Invisible) dealloc(newmem) { Address of signature = splintercell3.exe + 0x0027F150 "\xD8\x00\x83\xC0\x00\x49\x75\x00\xDB\x44", "xxxx?xx?xx" "D8 00 83 C0 ? 49 75 ? DB 44" // ORIGINAL CODE - INJECTION POINT: splintercell3.exe+27F150 splintercell3.exe+27F129: D9 5F 04 - fstp dword ptr [edi+04] splintercell3.exe+27F12C: 8B 86 18 15 00 00 - mov eax,[esi+00001518] splintercell3.exe+27F132: D9 05 20 82 0B 11 - fld dword ptr [splintercell3.exe+7B8220] splintercell3.exe+27F138: 85 C0 - test eax,eax splintercell3.exe+27F13A: 89 44 24 0C - mov [esp+0C],eax splintercell3.exe+27F13E: 7E 18 - jle splintercell3.exe+27F158 splintercell3.exe+27F140: 8B 86 14 15 00 00 - mov eax,[esi+00001514] splintercell3.exe+27F146: 8B 8E 18 15 00 00 - mov ecx,[esi+00001518] splintercell3.exe+27F14C: 83 C0 04 - add eax,04 splintercell3.exe+27F14F: 90 - nop // ---------- INJECTING HERE ---------- splintercell3.exe+27F150: D8 00 - fadd dword ptr [eax] // ---------- DONE INJECTING ---------- splintercell3.exe+27F152: 83 C0 08 - add eax,08 splintercell3.exe+27F155: 49 - dec ecx splintercell3.exe+27F156: 75 F8 - jne splintercell3.exe+27F150 splintercell3.exe+27F158: DB 44 24 0C - fild dword ptr [esp+0C] splintercell3.exe+27F15C: 5F - pop edi splintercell3.exe+27F15D: D8 F9 - fdivr st(0),st(1) splintercell3.exe+27F15F: D9 9E 64 02 00 00 - fstp dword ptr [esi+00000264] splintercell3.exe+27F165: 5E - pop esi splintercell3.exe+27F166: DD D8 - fstp st(0) splintercell3.exe+27F168: 5B - pop ebx }
Скрывает шум от ходьбы и выстрелов:
Спойлер{ Game : splintercell3.exe Version: Date : 2022-03-13 Author : Templar This script does blah blah blah Скрывает шум от ходьбы и выстрелов. } [ENABLE] aobscanmodule(NoiseHiding,splintercell3.exe,D9 9E 38 04 00 00 8B 8E) // should be unique alloc(newmem,$1000) label(code) label(return) newmem: code: fstp dword ptr [esi+00000438] mov [esi+00000438],(float)110 ///поднимаем порог скрытия шума jmp return NoiseHiding: jmp newmem nop return: registersymbol(NoiseHiding) [DISABLE] NoiseHiding: db D9 9E 38 04 00 00 unregistersymbol(NoiseHiding) dealloc(newmem) { Address of signature = splintercell3.exe + 0x00417C5D "\xD9\x9E\x00\x00\x00\x00\x8B\x8E\x00\x00\x00\x00\x51\x8B\xCB", "xx????xx????xxx" "D9 9E ? ? ? ? 8B 8E ? ? ? ? 51 8B CB" // ORIGINAL CODE - INJECTION POINT: splintercell3.UDareAudioSubsystem::SEC_InitSound+48BD splintercell3.UDareAudioSubsystem::SEC_InitSound+4887: 0F 8C 90 FD FF FF - jl splintercell3.UDareAudioSubsystem::SEC_InitSound+461D splintercell3.UDareAudioSubsystem::SEC_InitSound+488D: E9 91 02 00 00 - jmp splintercell3.UDareAudioSubsystem::SEC_InitSound+4B23 splintercell3.UDareAudioSubsystem::SEC_InitSound+4892: 8B B3 C8 00 00 00 - mov esi,[ebx+000000C8] splintercell3.UDareAudioSubsystem::SEC_InitSound+4898: 3B F7 - cmp esi,edi splintercell3.UDareAudioSubsystem::SEC_InitSound+489A: 0F 84 83 02 00 00 - je splintercell3.UDareAudioSubsystem::SEC_InitSound+4B23 splintercell3.UDareAudioSubsystem::SEC_InitSound+48A0: 8B 86 B4 02 00 00 - mov eax,[esi+000002B4] NoiseHiding: 89 BE 38 04 00 00 - mov [esi+00000438],edi splintercell3.UDareAudioSubsystem::SEC_InitSound+48AC: 89 BE 3C 04 00 00 - mov [esi+0000043C],edi splintercell3.UDareAudioSubsystem::SEC_InitSound+48B2: 8B 88 AC 00 00 00 - mov ecx,[eax+000000AC] splintercell3.UDareAudioSubsystem::SEC_InitSound+48B8: E8 33 80 C7 FF - call splintercell3.ULevel::HavokCreateWorld+5C80 // ---------- INJECTING HERE ---------- splintercell3.UDareAudioSubsystem::SEC_InitSound+48BD: D9 9E 38 04 00 00 - fstp dword ptr [esi+00000438] // ---------- DONE INJECTING ---------- splintercell3.UDareAudioSubsystem::SEC_InitSound+48C3: 8B 8E B4 02 00 00 - mov ecx,[esi+000002B4] splintercell3.UDareAudioSubsystem::SEC_InitSound+48C9: 51 - push ecx splintercell3.UDareAudioSubsystem::SEC_InitSound+48CA: 8B CB - mov ecx,ebx splintercell3.UDareAudioSubsystem::SEC_InitSound+48CC: E8 4F FB FF FF - call splintercell3.UDareAudioSubsystem::SEC_InitSound+4420 splintercell3.UDareAudioSubsystem::SEC_InitSound+48D1: D9 05 20 82 0B 11 - fld dword ptr [splintercell3.exe+7B8220] splintercell3.UDareAudioSubsystem::SEC_InitSound+48D7: D9 86 38 04 00 00 - fld dword ptr [esi+00000438] splintercell3.UDareAudioSubsystem::SEC_InitSound+48DD: DA E9 - fucompp splintercell3.UDareAudioSubsystem::SEC_InitSound+48DF: DF E0 - fnstsw ax splintercell3.UDareAudioSubsystem::SEC_InitSound+48E1: F6 C4 44 - test ah,44 splintercell3.UDareAudioSubsystem::SEC_InitSound+48E4: 7B 61 - jnp splintercell3.UDareAudioSubsystem::SEC_InitSound+4947 }
-
Поправил фильтр для счётчика тревоги. С предыдущим скриптом могло вылетать.
Работает с лимитом в три тревоги. В миссиях с лимитом в одну тревогу - это бесполезно.
NoAlarmScore:
Спойлер{ Game : SplinterCell2.exe Version: Date : 2022-02-27 Author : Templar This script does blah blah blah Данная функция не даёт подниматься счётчику тревоги. Только для миссии с лимитом в три тревоги. В миссиях с лимитом в одну тревогу - это бесполезно. } [ENABLE] aobscanmodule(NoAlarmScore,Core.dll,8B 08 8B 54 ? ? 89 0A C2 ? ? 33 D2 66 85 ? 76 ? 8B 44 ? ? 56 8B 74 ? ? 57 2B F0 8D 64 ? ? 8B 3C ? 89 38 0F B7 ? ? 42 83 C0 ? 3B D7 7C ? 5F 5E C2 ? ? CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC 8B 44 ? ? 85 C0 74 ? 8B 54) // should be unique alloc(newmem,$1000) label(code) label(return) newmem: cmp [eax+C],#75 ///сравниваем с статичным смещением jne code ///прыгаем если не равно mov [eax],#0 ///обнуляем тревогу code: mov ecx,[eax] mov edx,[esp+04] jmp return NoAlarmScore: jmp newmem nop return: registersymbol(NoAlarmScore) [DISABLE] NoAlarmScore: db 8B 08 8B 54 24 04 unregistersymbol(NoAlarmScore) dealloc(newmem) { Address of signature = Core.dll + 0x0005E79E "\x8B\x08\x8B\x54\x00\x00\x89\x0A\xC2\x00\x00\x33\xD2\x66\x85\x00\x76\x00\x8B\x44\x00\x00\x56\x8B\x74\x00\x00\x57\x2B\xF0\x8D\x64\x00\x00\x8B\x3C\x00\x89\x38\x0F\xB7\x00\x00\x42\x83\xC0\x00\x3B\xD7\x7C\x00\x5F\x5E\xC2\x00\x00\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\x8B\x44\x00\x00\x85\xC0\x74\x00\x8B\x54", "xxxx??xxx??xxxx?x?xx??xxx??xxxxx??xx?xxxx??xxx?xxx?xxx??xxxxxxxxxxxxxxxxxxxxxxxxxxxx??xxx?xx" "8B 08 8B 54 ? ? 89 0A C2 ? ? 33 D2 66 85 ? 76 ? 8B 44 ? ? 56 8B 74 ? ? 57 2B F0 8D 64 ? ? 8B 3C ? 89 38 0F B7 ? ? 42 83 C0 ? 3B D7 7C ? 5F 5E C2 ? ? CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC 8B 44 ? ? 85 C0 74 ? 8B 54" // ORIGINAL CODE - INJECTION POINT: Core.dll+5E79E Core.dll+5E78A: CC - int 3 Core.dll+5E78B: CC - int 3 Core.dll+5E78C: CC - int 3 Core.dll+5E78D: CC - int 3 Core.dll+5E78E: CC - int 3 Core.dll+5E78F: CC - int 3 Core.dll+5E790: 66 8B 41 38 - mov ax,[ecx+38] Core.dll+5E794: 66 3D 01 00 - cmp ax,0001 Core.dll+5E798: 75 0F - jne Core.dll+5E7A9 Core.dll+5E79A: 8B 44 24 08 - mov eax,[esp+08] // ---------- INJECTING HERE ---------- Core.dll+5E79E: 8B 08 - mov ecx,[eax] // ---------- DONE INJECTING ---------- Core.dll+5E7A0: 8B 54 24 04 - mov edx,[esp+04] Core.dll+5E7A4: 89 0A - mov [edx],ecx Core.dll+5E7A6: C2 0C 00 - ret 000C Core.dll+5E7A9: 33 D2 - xor edx,edx Core.dll+5E7AB: 66 85 C0 - test ax,ax Core.dll+5E7AE: 76 23 - jna Core.dll+5E7D3 Core.dll+5E7B0: 8B 44 24 04 - mov eax,[esp+04] Core.dll+5E7B4: 56 - push esi Core.dll+5E7B5: 8B 74 24 0C - mov esi,[esp+0C] Core.dll+5E7B9: 57 - push edi }
-
ResetAlarmScore:
Спойлер{ Game : SplinterCell2.exe Version: Date : 2022-02-27 Author : Templar This script does blah blah blah Данная функция не даёт подниматься счётчику тревоги. Только для миссии с лимитом в три тревоги. В миссиях с лимитом в одну тревогу - это бесполезно. } [ENABLE] aobscanmodule(ResetAlarmScore,Core.dll,8B 08 8B 54 ? ? 89 0A C2 ? ? 33 D2 66 85 ? 76 ? 8B 44 ? ? 56 8B 74 ? ? 57 2B F0 8D 64 ? ? 8B 3C ? 89 38 0F B7 ? ? 42 83 C0 ? 3B D7 7C ? 5F 5E C2 ? ? CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC 8B 44 ? ? 85 C0 74 ? 8B 54) // should be unique alloc(newmem,$1000) label(code) label(return) newmem: cmp [eax+110],#256 ///сравниваем с статичным смещением jne code ///прыгаем если не равно mov [eax],#0 ///заморозка на нуле. значение выше 3х ломает игру code: mov ecx,[eax] mov edx,[esp+04] jmp return ResetAlarmScore: jmp newmem nop return: registersymbol(ResetAlarmScore) [DISABLE] ResetAlarmScore: db 8B 08 8B 54 24 04 unregistersymbol(ResetAlarmScore) dealloc(newmem) { Address of signature = Core.dll + 0x0005E79E "\x8B\x08\x8B\x54\x00\x00\x89\x0A\xC2\x00\x00\x33\xD2\x66\x85\x00\x76\x00\x8B\x44\x00\x00\x56\x8B\x74\x00\x00\x57\x2B\xF0\x8D\x64\x00\x00\x8B\x3C\x00\x89\x38\x0F\xB7\x00\x00\x42\x83\xC0\x00\x3B\xD7\x7C\x00\x5F\x5E\xC2\x00\x00\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\x8B\x44\x00\x00\x85\xC0\x74\x00\x8B\x54", "xxxx??xxx??xxxx?x?xx??xxx??xxxxx??xx?xxxx??xxx?xxx?xxx??xxxxxxxxxxxxxxxxxxxxxxxxxxxx??xxx?xx" "8B 08 8B 54 ? ? 89 0A C2 ? ? 33 D2 66 85 ? 76 ? 8B 44 ? ? 56 8B 74 ? ? 57 2B F0 8D 64 ? ? 8B 3C ? 89 38 0F B7 ? ? 42 83 C0 ? 3B D7 7C ? 5F 5E C2 ? ? CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC 8B 44 ? ? 85 C0 74 ? 8B 54" // ORIGINAL CODE - INJECTION POINT: Core.dll+5E79E Core.dll+5E78A: CC - int 3 Core.dll+5E78B: CC - int 3 Core.dll+5E78C: CC - int 3 Core.dll+5E78D: CC - int 3 Core.dll+5E78E: CC - int 3 Core.dll+5E78F: CC - int 3 Core.dll+5E790: 66 8B 41 38 - mov ax,[ecx+38] Core.dll+5E794: 66 3D 01 00 - cmp ax,0001 Core.dll+5E798: 75 0F - jne Core.dll+5E7A9 Core.dll+5E79A: 8B 44 24 08 - mov eax,[esp+08] // ---------- INJECTING HERE ---------- Core.dll+5E79E: 8B 08 - mov ecx,[eax] // ---------- DONE INJECTING ---------- Core.dll+5E7A0: 8B 54 24 04 - mov edx,[esp+04] Core.dll+5E7A4: 89 0A - mov [edx],ecx Core.dll+5E7A6: C2 0C 00 - ret 000C Core.dll+5E7A9: 33 D2 - xor edx,edx Core.dll+5E7AB: 66 85 C0 - test ax,ax Core.dll+5E7AE: 76 23 - jna Core.dll+5E7D3 Core.dll+5E7B0: 8B 44 24 04 - mov eax,[esp+04] Core.dll+5E7B4: 56 - push esi Core.dll+5E7B5: 8B 74 24 0C - mov esi,[esp+0C] Core.dll+5E7B9: 57 - push edi }
Данная функция не даёт подниматься счётчику тревоги. Только для миссии с лимитом в три тревоги. В миссиях с лимитом в одну тревогу - это бесполезно.
-
Бесконечный таймер. Миссия не будет провалена. Но бомба всё равно взрывается)
Нужен редко. Но функция может пригодиться.
Спойлер{ Game : SplinterCell2.exe Version: Date : 2022-02-25 Author : Templar This script does blah blah blah Таймер фиксируется. Бомба всё равно взрывается, но миссия не проваливается. Забавно } [ENABLE] aobscanmodule(InfTimer,Core.dll,D9 17 5F D9 1A 5E 59 C2 ? ? CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC 51 56 8B 74 ? ? 8B 46) // should be unique alloc(newmem,$1000) label(code) label(return) newmem: fst dword ptr [edi] ///my code cmp [edi+10],#1 ///сравниваем с статичным смещением jne code ///прыгаем если не равно mov [edi],(float)540 ///9 минут ///my code code: pop edi fstp dword ptr [edx] jmp return InfTimer: jmp newmem return: registersymbol(InfTimer) [DISABLE] InfTimer: db D9 17 5F D9 1A unregistersymbol(InfTimer) dealloc(newmem) { Address of signature = Core.dll + 0x00033DDC "\xD9\x17\x5F\xD9\x1A\x5E\x59\xC2\x00\x00\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\x51\x56\x8B\x74\x00\x00\x8B\x46", "xxxxxxxx??xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx??xx" "D9 17 5F D9 1A 5E 59 C2 ? ? CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC 51 56 8B 74 ? ? 8B 46" // ORIGINAL CODE - INJECTION POINT: Core.dll+33DDC Core.dll+33DC0: 75 10 - jne Core.dll+33DD2 Core.dll+33DC2: 8B 4E 08 - mov ecx,[esi+08] Core.dll+33DC5: 6A 00 - push 00 Core.dll+33DC7: 40 - inc eax Core.dll+33DC8: 56 - push esi Core.dll+33DC9: 89 46 0C - mov [esi+0C],eax Core.dll+33DCC: FF 15 10 9B 1F 10 - call dword ptr [Core.GNatives+108] Core.dll+33DD2: D9 07 - fld dword ptr [edi] Core.dll+33DD4: 8B 54 24 14 - mov edx,[esp+14] Core.dll+33DD8: D8 64 24 10 - fsub dword ptr [esp+10] // ---------- INJECTING HERE ---------- Core.dll+33DDC: D9 17 - fst dword ptr [edi] // ---------- DONE INJECTING ---------- Core.dll+33DDE: 5F - pop edi Core.dll+33DDF: D9 1A - fstp dword ptr [edx] Core.dll+33DE1: 5E - pop esi Core.dll+33DE2: 59 - pop ecx Core.dll+33DE3: C2 08 00 - ret 0008 Core.dll+33DE6: CC - int 3 Core.dll+33DE7: CC - int 3 Core.dll+33DE8: CC - int 3 Core.dll+33DE9: CC - int 3 Core.dll+33DEA: CC - int 3 }
-
Сделал бесконечный таймер. Нужно редко.
Спойлер{ Game : SplinterCell.exe Version: Date : 2022-02-23 Author : Templar This script does blah blah blah } [ENABLE] aobscanmodule(InfTimer,Core.dll,D9 17 D9 1A 5F 5E 59 C2 ? ? 90 90 90 90 90 90 90 90 CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC 8B 0D ? ? ? ? 33 D2 3B CA B8 ? ? ? ? 75 ? 57 B9 ? ? ? ? BF ? ? ? ? C7 05 F4 9C 1E 10 ? ? ? ? F3 ? 5F 8B 0D ? ? ? ? 88 15 ? ? ? ? 3B C8 74 ? A1 ? ? ? ? ? ? ? ? 1E 10 B9) // should be unique alloc(newmem,$1000) label(code) label(return) newmem: fst dword ptr [edi] ///my code cmp [edi-44],(float)100 ///сравниваем с статичным смещением jne code ///прыгаем если не равно mov [edi],(float)999 ///my code code: fstp dword ptr [edx] pop edi jmp return InfTimer: jmp newmem return: registersymbol(InfTimer) [DISABLE] InfTimer: db D9 17 D9 1A 5F unregistersymbol(InfTimer) dealloc(newmem) { Address of signature = Core.dll + 0x0003B37E "\xD9\x17\xD9\x1A\x5F\x5E\x59\xC2\x00\x00\x90\x90\x90\x90\x90\x90\x90\x90\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\x8B\x0D\x00\x00\x00\x00\x33\xD2\x3B\xCA\xB8\x00\x00\x00\x00\x75\x00\x57\xB9\x00\x00\x00\x00\xBF\x00\x00\x00\x00\xC7\x05\xF4\x9C\x1E\x10\x00\x00\x00\x00\xF3\x00\x5F\x8B\x0D\x00\x00\x00\x00\x88\x15\x00\x00\x00\x00\x3B\xC8\x74\x00\xA1\x00\x00\x00\x00\x00\x00\x00\x00\x1E\x10\xB9", "xxxxxxxx??xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx????xxxxx????x?xx????x????xxxxxx????x?xxx????xx????xxx?x????????xxx" "D9 17 D9 1A 5F 5E 59 C2 ? ? 90 90 90 90 90 90 90 90 CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC 8B 0D ? ? ? ? 33 D2 3B CA B8 ? ? ? ? 75 ? 57 B9 ? ? ? ? BF ? ? ? ? C7 05 F4 9C 1E 10 ? ? ? ? F3 ? 5F 8B 0D ? ? ? ? 88 15 ? ? ? ? 3B C8 74 ? A1 ? ? ? ? ? ? ? ? 1E 10 B9" // ORIGINAL CODE - INJECTION POINT: Core.dll+3B37E Core.dll+3B362: 75 10 - jne Core.dll+3B374 Core.dll+3B364: 8B 4E 08 - mov ecx,[esi+08] Core.dll+3B367: 40 - inc eax Core.dll+3B368: 6A 00 - push 00 Core.dll+3B36A: 56 - push esi Core.dll+3B36B: 89 46 0C - mov [esi+0C],eax Core.dll+3B36E: FF 15 C8 5B 1E 10 - call dword ptr [Core.GNatives+108] Core.dll+3B374: D9 07 - fld dword ptr [edi] Core.dll+3B376: D8 64 24 10 - fsub dword ptr [esp+10] Core.dll+3B37A: 8B 54 24 14 - mov edx,[esp+14] // ---------- INJECTING HERE ---------- Core.dll+3B37E: D9 17 - fst dword ptr [edi] // ---------- DONE INJECTING ---------- Core.dll+3B380: D9 1A - fstp dword ptr [edx] Core.dll+3B382: 5F - pop edi Core.dll+3B383: 5E - pop esi Core.dll+3B384: 59 - pop ecx Core.dll+3B385: C2 08 00 - ret 0008 Core.dll+3B388: 90 - nop Core.dll+3B389: 90 - nop Core.dll+3B38A: 90 - nop Core.dll+3B38B: 90 - nop Core.dll+3B38C: 90 - nop }
-
Сделал ещё пару функций. Как SerVick сделал на Pandora Tomorrow.
Невидимость:
Спойлер{ Game : SplinterCell.exe Version: Date : 2022-02-20 Author : Templar This script does blah blah blah Если подойти близко - то всё равно заметят. } [ENABLE] aobscanmodule(Invisible_1,Echelon.DLL,D9 86 50 02 00 00 5E 5B) // should be unique alloc(newmem,$1000) label(code) label(return) newmem: cmp [esi+00000250+94],(float)500 ///сравниваем с статичным смещением jne code ///прыгаем если не равно mov [esi+00000250],(float)0 ///обнуляем видимость code: fld dword ptr [esi+00000250] jmp return Invisible_1: jmp newmem nop return: registersymbol(Invisible_1) [DISABLE] Invisible_1: db D9 86 50 02 00 00 unregistersymbol(Invisible_1) dealloc(newmem) { Address of signature = Echelon.DLL + 0x00045A6C "\xD9\x86\x00\x00\x00\x00\x5E\x5B", "xx????xx" "D9 86 ? ? ? ? 5E 5B" // ORIGINAL CODE - INJECTION POINT: Echelon.DLL+45A6C Echelon.DLL+45A4E: 89 86 F4 06 00 00 - mov [esi+000006F4],eax Echelon.DLL+45A54: 5E - pop esi Echelon.DLL+45A55: 5B - pop ebx Echelon.DLL+45A56: C2 08 00 - ret 0008 Echelon.DLL+45A59: D9 86 50 02 00 00 - fld dword ptr [esi+00000250] Echelon.DLL+45A5F: 89 9E F4 06 00 00 - mov [esi+000006F4],ebx Echelon.DLL+45A65: 5E - pop esi Echelon.DLL+45A66: 5B - pop ebx Echelon.DLL+45A67: C2 08 00 - ret 0008 Echelon.DLL+45A6A: DD D8 - fstp st(0) // ---------- INJECTING HERE ---------- Echelon.DLL+45A6C: D9 86 50 02 00 00 - fld dword ptr [esi+00000250] // ---------- DONE INJECTING ---------- Echelon.DLL+45A72: 5E - pop esi Echelon.DLL+45A73: 5B - pop ebx Echelon.DLL+45A74: C2 08 00 - ret 0008 Echelon.DLL+45A77: 90 - nop Echelon.DLL+45A78: 90 - nop Echelon.DLL+45A79: 90 - nop Echelon.DLL+45A7A: 90 - nop Echelon.DLL+45A7B: 90 - nop Echelon.DLL+45A7C: 90 - nop Echelon.DLL+45A7D: 90 - nop }
Скорость игрока:
Спойлер{ Game : SplinterCell.exe Version: Date : 2022-02-20 Author : Templar This script does blah blah blah Можно выставить любое значение по желанию. Инструкция работает с одним адресом. } [ENABLE] aobscanmodule(HeroSpeed,Echelon.DLL,D9 80 F4 02 00 00 DC) // should be unique alloc(newmem,$1000) label(code) label(return) newmem: mov [eax+000002F4],(float)3 code: fld dword ptr [eax+000002F4] jmp return HeroSpeed: jmp newmem nop return: registersymbol(HeroSpeed) [DISABLE] HeroSpeed: db D9 80 F4 02 00 00 unregistersymbol(HeroSpeed) dealloc(newmem) { Address of signature = Echelon.DLL + 0x00062D62 "\xD9\x80\x00\x00\x00\x00\xDC\x2D", "xx????xx" "D9 80 ? ? ? ? DC 2D" // ORIGINAL CODE - INJECTION POINT: Echelon.DLL+62D62 Echelon.DLL+62D2E: 52 - push edx Echelon.DLL+62D2F: FF 15 BC BB 2C 09 - call dword ptr [Echelon.DLL+CBBBC] Echelon.DLL+62D35: 8B 86 54 04 00 00 - mov eax,[esi+00000454] Echelon.DLL+62D3B: 83 C4 10 - add esp,10 Echelon.DLL+62D3E: D9 96 04 05 00 00 - fst dword ptr [esi+00000504] Echelon.DLL+62D44: D9 98 F4 02 00 00 - fstp dword ptr [eax+000002F4] Echelon.DLL+62D4A: 8B 8E 54 04 00 00 - mov ecx,[esi+00000454] Echelon.DLL+62D50: 8B 96 04 05 00 00 - mov edx,[esi+00000504] Echelon.DLL+62D56: 89 91 F8 02 00 00 - mov [ecx+000002F8],edx Echelon.DLL+62D5C: 8B 86 54 04 00 00 - mov eax,[esi+00000454] // ---------- INJECTING HERE ---------- Echelon.DLL+62D62: D9 80 F4 02 00 00 - fld dword ptr [eax+000002F4] // ---------- DONE INJECTING ---------- Echelon.DLL+62D68: DC 2D 58 A0 29 09 - fsubr qword ptr [Echelon.DLL+9A058] Echelon.DLL+62D6E: F6 80 AC 02 00 00 04 - test byte ptr [eax+000002AC],04 Echelon.DLL+62D75: 74 1E - je Echelon.DLL+62D95 Echelon.DLL+62D77: D8 8E CC 05 00 00 - fmul dword ptr [esi+000005CC] Echelon.DLL+62D7D: D9 86 C4 05 00 00 - fld dword ptr [esi+000005C4] Echelon.DLL+62D83: D8 88 F4 02 00 00 - fmul dword ptr [eax+000002F4] Echelon.DLL+62D89: 5E - pop esi Echelon.DLL+62D8A: DE C1 - faddp Echelon.DLL+62D8C: D9 98 D8 02 00 00 - fstp dword ptr [eax+000002D8] Echelon.DLL+62D92: C2 08 00 - ret 0008 }
- 2
-
Это лайф тема. Пишу тут только я. Просто предупредил.
-
Вот вам пасхальный ролик ребят. Снова про ПГ. Я там довёл мысль до конца)
-
Но я сегодня себя лучше чувствую. Иду на правку. С пасхой всех.
Исус Воскресье!
-
Я хочу изввиниться перед администратором за своё поведение. Но я не мог сдержаться.
-
Здесь тоже на револьвер во одной руке и двух руках срабатывают 2 отдельные инструкции.
По этому я прилагаю два скрипта по ним.
Так лучше видно логи инструкций где они находятся.
OneHandRevolverNoReload:
Спойлер{ Game : SeriousSam.exe Version: Date : 2021-04-03 Author : Templar This script does blah blah blah } [ENABLE] aobscanmodule(OneHandRevolverNoReload,Entities.dll,4F 6A 00 8B CE) // should be unique registersymbol(OneHandRevolverNoReload) OneHandRevolverNoReload: db 90 ///перетираем один байт на отнимание [DISABLE] OneHandRevolverNoReload: db 4F unregistersymbol(OneHandRevolverNoReload) { // ORIGINAL CODE - INJECTION POINT: Entities.CPlayerWeapons::FireColt+90 Entities.CPlayerWeapons::FireColt+67: 68 B4 9D 44 60 - push Entities.CPlayerWeapons_DLLClass+197C Entities.CPlayerWeapons::FireColt+6C: FF 15 08 84 3E 60 - call dword ptr [Entities.dll+108408] Entities.CPlayerWeapons::FireColt+72: 83 C4 04 - add esp,04 Entities.CPlayerWeapons::FireColt+75: 8B CE - mov ecx,esi Entities.CPlayerWeapons::FireColt+77: E8 D4 80 FF FF - call Entities.CPlayerWeapons::DoRecoil Entities.CPlayerWeapons::FireColt+7C: 68 00 00 20 42 - push 42200000 Entities.CPlayerWeapons::FireColt+81: 8B CE - mov ecx,esi Entities.CPlayerWeapons::FireColt+83: E8 78 B8 FF FF - call Entities.CPlayerWeapons::SpawnRangeSound Entities.CPlayerWeapons::FireColt+88: 8B BE E0 02 00 00 - mov edi,[esi+000002E0] Entities.CPlayerWeapons::FireColt+8E: 6A 02 - push 02 // ---------- INJECTING HERE ---------- Entities.CPlayerWeapons::FireColt+90: 4F - dec edi // ---------- DONE INJECTING ---------- Entities.CPlayerWeapons::FireColt+91: 6A 00 - push 00 Entities.CPlayerWeapons::FireColt+93: 8B CE - mov ecx,esi Entities.CPlayerWeapons::FireColt+95: 89 BE E0 02 00 00 - mov [esi+000002E0],edi Entities.CPlayerWeapons::FireColt+9B: E8 30 9C FF FF - call Entities.CPlayerWeapons::SetFlare Entities.CPlayerWeapons::FireColt+A0: 6A 00 - push 00 Entities.CPlayerWeapons::FireColt+A2: 6A 04 - push 04 Entities.CPlayerWeapons::FireColt+A4: 8B CE - mov ecx,esi Entities.CPlayerWeapons::FireColt+A6: E8 25 9E FF FF - call Entities.CPlayerWeapons::PlayLightAnim Entities.CPlayerWeapons::FireColt+AB: 8B 86 EC 00 00 00 - mov eax,[esi+000000EC] Entities.CPlayerWeapons::FireColt+B1: 6A 06 - push 06 }
TwoHandRevolverNoReload:
Спойлер{ Game : SeriousSam.exe Version: Date : 2021-03-29 Author : Templar This script does blah blah blah } [ENABLE] aobscanmodule(TwoHandRevolverNoReload,Entities.dll,48 6A 00 8B CE) // should be unique registersymbol(TwoHandRevolverNoReload) TwoHandRevolverNoReload: db 90 ///перетираем один байт на отнимание [DISABLE] TwoHandRevolverNoReload: db 48 unregistersymbol(TwoHandRevolverNoReload) { // ORIGINAL CODE - INJECTION POINT: Entities.CPlayerWeapons::FireDoubleColt+8F Entities.CPlayerWeapons::FireDoubleColt+66: 68 CC 9D 44 60 - push Entities.CPlayerWeapons_DLLClass+1994 Entities.CPlayerWeapons::FireDoubleColt+6B: FF 15 08 84 3E 60 - call dword ptr [Entities.dll+108408] Entities.CPlayerWeapons::FireDoubleColt+71: 83 C4 04 - add esp,04 Entities.CPlayerWeapons::FireDoubleColt+74: 8B CE - mov ecx,esi Entities.CPlayerWeapons::FireDoubleColt+76: E8 75 7C FF FF - call Entities.CPlayerWeapons::DoRecoil Entities.CPlayerWeapons::FireDoubleColt+7B: 68 00 00 48 42 - push 42480000 Entities.CPlayerWeapons::FireDoubleColt+80: 8B CE - mov ecx,esi Entities.CPlayerWeapons::FireDoubleColt+82: E8 19 B4 FF FF - call Entities.CPlayerWeapons::SpawnRangeSound Entities.CPlayerWeapons::FireDoubleColt+87: 8B 86 E0 02 00 00 - mov eax,[esi+000002E0] Entities.CPlayerWeapons::FireDoubleColt+8D: 6A 02 - push 02 // ---------- INJECTING HERE ---------- Entities.CPlayerWeapons::FireDoubleColt+8F: 48 - dec eax // ---------- DONE INJECTING ---------- Entities.CPlayerWeapons::FireDoubleColt+90: 6A 00 - push 00 Entities.CPlayerWeapons::FireDoubleColt+92: 8B CE - mov ecx,esi Entities.CPlayerWeapons::FireDoubleColt+94: 89 86 E0 02 00 00 - mov [esi+000002E0],eax Entities.CPlayerWeapons::FireDoubleColt+9A: E8 D1 97 FF FF - call Entities.CPlayerWeapons::SetFlare Entities.CPlayerWeapons::FireDoubleColt+9F: 6A 00 - push 00 Entities.CPlayerWeapons::FireDoubleColt+A1: 6A 04 - push 04 Entities.CPlayerWeapons::FireDoubleColt+A3: 8B CE - mov ecx,esi Entities.CPlayerWeapons::FireDoubleColt+A5: E8 C6 99 FF FF - call Entities.CPlayerWeapons::PlayLightAnim Entities.CPlayerWeapons::FireDoubleColt+AA: 8B 86 EC 00 00 00 - mov eax,[esi+000000EC] Entities.CPlayerWeapons::FireDoubleColt+B0: 6A 06 - push 06 }
- 1
-
3 минуты назад, LIRW сказал:
С другой стороны работать будет и в твоём случаи и в моём (менее универсальном) но зато всё лишнее, не понятно... Наверное как СЕ сгенерировало на 5 байт, так и оставил.
Мне так удобнее оказалось оформить. В моём случае тоже работает.
Я в редакторе памяти смотрел, вроде всё нормально было.
-
Проверено на лицензии. Ломается также. Но тут версия по сути отличается от "The First Encounter".
На одноручный и двуручный револьвер оказывается разные инструкции срабатывают. Так что по револьверам нужно тереть в двух местах.
Можно объединить их в один. Но вставлю их тут отдельно для наглядности.
NoDamageHealth:
Обходит урон здоровью если игрок
Спойлер{ Game : SeriousSam.exe THE SECOND ENCOUNTER Version: Date : 2021-03-31 Author : Templar This script does blah blah blah } [ENABLE] aobscanmodule(NoDamageHealth,Engine.dll,D8 65 10 8D 4D C4) // should be unique alloc(newmem,$1000) label(code) label(return) label(nosub) newmem: code: ///фильтр cmp [esi+000000CC+18],#1 ///id игрока je nosub ///перепрыгиваем урон если игрок fsub dword ptr [ebp+10] ///урон nosub: lea ecx,[ebp-3C] jmp return NoDamageHealth: jmp newmem nop return: registersymbol(NoDamageHealth) [DISABLE] NoDamageHealth: db D8 65 10 8D 4D C4 unregistersymbol(NoDamageHealth) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: Engine.CLiveEntity::ReceiveDamage+2F Engine.CLiveEntity::ReceiveDamage+11: 64 89 25 00 00 00 00 - mov fs:[00000000],esp Engine.CLiveEntity::ReceiveDamage+18: 83 EC 64 - sub esp,64 Engine.CLiveEntity::ReceiveDamage+1B: 56 - push esi Engine.CLiveEntity::ReceiveDamage+1C: 8B F1 - mov esi,ecx Engine.CLiveEntity::ReceiveDamage+1E: 85 F6 - test esi,esi Engine.CLiveEntity::ReceiveDamage+20: 89 75 F0 - mov [ebp-10],esi Engine.CLiveEntity::ReceiveDamage+23: 74 03 - je Engine.CLiveEntity::ReceiveDamage+28 Engine.CLiveEntity::ReceiveDamage+25: FF 46 18 - inc [esi+18] Engine.CLiveEntity::ReceiveDamage+28: 57 - push edi Engine.CLiveEntity::ReceiveDamage+29: D9 86 CC 00 00 00 - fld dword ptr [esi+000000CC] // ---------- INJECTING HERE ---------- Engine.CLiveEntity::ReceiveDamage+2F: D8 65 10 - fsub dword ptr [ebp+10] // ---------- DONE INJECTING ---------- Engine.CLiveEntity::ReceiveDamage+32: 8D 4D C4 - lea ecx,[ebp-3C] Engine.CLiveEntity::ReceiveDamage+35: C7 45 FC 00 00 00 00 - mov [ebp-04],00000000 Engine.CLiveEntity::ReceiveDamage+3C: D9 9E CC 00 00 00 - fstp dword ptr [esi+000000CC] Engine.CLiveEntity::ReceiveDamage+42: E8 D9 33 05 00 - call Engine.EDamage::EDamage Engine.CLiveEntity::ReceiveDamage+47: 8B 7D 08 - mov edi,[ebp+08] Engine.CLiveEntity::ReceiveDamage+4A: C6 45 FC 01 - mov byte ptr [ebp-04],01 Engine.CLiveEntity::ReceiveDamage+4E: 85 FF - test edi,edi Engine.CLiveEntity::ReceiveDamage+50: 74 03 - je Engine.CLiveEntity::ReceiveDamage+55 Engine.CLiveEntity::ReceiveDamage+52: FF 47 18 - inc [edi+18] Engine.CLiveEntity::ReceiveDamage+55: 8B 45 CC - mov eax,[ebp-34] }
RevolverNoReload(OneHand):
Револьвер в одной руке без перезарядки
Спойлер{ Game : SeriousSam.exe THE SECOND ENCOUNTER Version: Date : 2021-03-31 Author : Templar This script does blah blah blah } [ENABLE] aobscanmodule(RevolverNoReload,EntitiesMP.dll,4F 6A 00 8B CE) // should be unique registersymbol(RevolverNoReload) RevolverNoReload: db 90 6A 00 8B CE ///перетираем один байт на отнимание [DISABLE] RevolverNoReload: db 4F 6A 00 8B CE unregistersymbol(RevolverNoReload) { // ORIGINAL CODE - INJECTION POINT: EntitiesMP.CPlayerWeapons::FireColt+B1 EntitiesMP.CPlayerWeapons::FireColt+88: 68 70 C7 1C 08 - push EntitiesMP.CPlayerWeapons_DLLClass+2068 EntitiesMP.CPlayerWeapons::FireColt+8D: FF 15 14 B5 14 08 - call dword ptr [EntitiesMP.dll+17B514] EntitiesMP.CPlayerWeapons::FireColt+93: 83 C4 04 - add esp,04 EntitiesMP.CPlayerWeapons::FireColt+96: 8B CE - mov ecx,esi EntitiesMP.CPlayerWeapons::FireColt+98: E8 B3 5A FF FF - call EntitiesMP.CPlayerWeapons::DoRecoil EntitiesMP.CPlayerWeapons::FireColt+9D: 68 00 00 20 42 - push 42200000 EntitiesMP.CPlayerWeapons::FireColt+A2: 8B CE - mov ecx,esi EntitiesMP.CPlayerWeapons::FireColt+A4: E8 27 AE FF FF - call EntitiesMP.CPlayerWeapons::SpawnRangeSound EntitiesMP.CPlayerWeapons::FireColt+A9: 8B BE 14 03 00 00 - mov edi,[esi+00000314] EntitiesMP.CPlayerWeapons::FireColt+AF: 6A 02 - push 02 // ---------- INJECTING HERE ---------- EntitiesMP.CPlayerWeapons::FireColt+B1: 4F - dec edi // ---------- DONE INJECTING ---------- EntitiesMP.CPlayerWeapons::FireColt+B2: 6A 00 - push 00 EntitiesMP.CPlayerWeapons::FireColt+B4: 8B CE - mov ecx,esi EntitiesMP.CPlayerWeapons::FireColt+B6: 89 BE 14 03 00 00 - mov [esi+00000314],edi EntitiesMP.CPlayerWeapons::FireColt+BC: E8 AF 77 FF FF - call EntitiesMP.CPlayerWeapons::SetFlare EntitiesMP.CPlayerWeapons::FireColt+C1: 6A 00 - push 00 EntitiesMP.CPlayerWeapons::FireColt+C3: 6A 04 - push 04 EntitiesMP.CPlayerWeapons::FireColt+C5: 8B CE - mov ecx,esi EntitiesMP.CPlayerWeapons::FireColt+C7: E8 04 7A FF FF - call EntitiesMP.CPlayerWeapons::PlayLightAnim EntitiesMP.CPlayerWeapons::FireColt+CC: 8B 86 EC 00 00 00 - mov eax,[esi+000000EC] EntitiesMP.CPlayerWeapons::FireColt+D2: 6A 06 - push 06 }
TwoHandRevolverNoReload:
Револьвер в двух руках без перезарядки
Спойлер{ Game : SeriousSam.exe THE SECOND ENCOUNTER Version: Date : 2021-03-31 Author : Templar This script does blah blah blah } [ENABLE] aobscanmodule(TwoHandRevolverNoReload,EntitiesMP.dll,48 6A 00 8B CE) // should be unique registersymbol(TwoHandRevolverNoReload) TwoHandRevolverNoReload: db 90 6A 00 8B CE ///перетираем один байт на отнимание [DISABLE] TwoHandRevolverNoReload: db 48 6A 00 8B CE unregistersymbol(TwoHandRevolverNoReload) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: EntitiesMP.CPlayerWeapons::FireDoubleColt+8F EntitiesMP.CPlayerWeapons::FireDoubleColt+66: 68 88 C7 FA 07 - push EntitiesMP.CPlayerWeapons_DLLClass+2080 EntitiesMP.CPlayerWeapons::FireDoubleColt+6B: FF 15 14 B5 F2 07 - call dword ptr [EntitiesMP.dll+17B514] EntitiesMP.CPlayerWeapons::FireDoubleColt+71: 83 C4 04 - add esp,04 EntitiesMP.CPlayerWeapons::FireDoubleColt+74: 8B CE - mov ecx,esi EntitiesMP.CPlayerWeapons::FireDoubleColt+76: E8 45 56 FF FF - call EntitiesMP.CPlayerWeapons::DoRecoil EntitiesMP.CPlayerWeapons::FireDoubleColt+7B: 68 00 00 48 42 - push 42480000 EntitiesMP.CPlayerWeapons::FireDoubleColt+80: 8B CE - mov ecx,esi EntitiesMP.CPlayerWeapons::FireDoubleColt+82: E8 B9 A9 FF FF - call EntitiesMP.CPlayerWeapons::SpawnRangeSound EntitiesMP.CPlayerWeapons::FireDoubleColt+87: 8B 86 14 03 00 00 - mov eax,[esi+00000314] EntitiesMP.CPlayerWeapons::FireDoubleColt+8D: 6A 02 - push 02 // ---------- INJECTING HERE ---------- EntitiesMP.CPlayerWeapons::FireDoubleColt+8F: 48 - dec eax // ---------- DONE INJECTING ---------- EntitiesMP.CPlayerWeapons::FireDoubleColt+90: 6A 00 - push 00 EntitiesMP.CPlayerWeapons::FireDoubleColt+92: 8B CE - mov ecx,esi EntitiesMP.CPlayerWeapons::FireDoubleColt+94: 89 86 14 03 00 00 - mov [esi+00000314],eax EntitiesMP.CPlayerWeapons::FireDoubleColt+9A: E8 41 73 FF FF - call EntitiesMP.CPlayerWeapons::SetFlare EntitiesMP.CPlayerWeapons::FireDoubleColt+9F: 6A 00 - push 00 EntitiesMP.CPlayerWeapons::FireDoubleColt+A1: 6A 04 - push 04 EntitiesMP.CPlayerWeapons::FireDoubleColt+A3: 8B CE - mov ecx,esi EntitiesMP.CPlayerWeapons::FireDoubleColt+A5: E8 96 75 FF FF - call EntitiesMP.CPlayerWeapons::PlayLightAnim EntitiesMP.CPlayerWeapons::FireDoubleColt+AA: 8B 86 EC 00 00 00 - mov eax,[esi+000000EC] EntitiesMP.CPlayerWeapons::FireDoubleColt+B0: 6A 06 - push 06 }
AmmoNoSub:
Патроны не тратятся
Спойлер{ Game : SeriousSam.exe THE SECOND ENCOUNTER Version: Date : 2021-03-31 Author : Templar This script does blah blah blah } [ENABLE] aobscanmodule(AmmoNoSub,EntitiesMP.dll,29 08 5D C3 90) // should be unique registersymbol(AmmoNoSub) AmmoNoSub: db 90 90 5D C3 90 ///перетираем два байта на отнимание [DISABLE] AmmoNoSub: db 29 08 5D C3 90 unregistersymbol(AmmoNoSub) { // ORIGINAL CODE - INJECTION POINT: EntitiesMP.EWeaponChanged::EWeaponChanged+177D EntitiesMP.EWeaponChanged::EWeaponChanged+1760: 55 - push ebp EntitiesMP.EWeaponChanged::EWeaponChanged+1761: 8B EC - mov ebp,esp EntitiesMP.EWeaponChanged::EWeaponChanged+1763: A1 FC B2 14 08 - mov eax,[EntitiesMP.dll+17B2FC] EntitiesMP.EWeaponChanged::EWeaponChanged+1768: 8B 08 - mov ecx,[eax] EntitiesMP.EWeaponChanged::EWeaponChanged+176A: FF 15 F8 B2 14 08 - call dword ptr [EntitiesMP.dll+17B2F8] EntitiesMP.EWeaponChanged::EWeaponChanged+1770: 8B 48 54 - mov ecx,[eax+54] EntitiesMP.EWeaponChanged::EWeaponChanged+1773: 85 C9 - test ecx,ecx EntitiesMP.EWeaponChanged::EWeaponChanged+1775: 75 08 - jne EntitiesMP.EWeaponChanged::EWeaponChanged+177F EntitiesMP.EWeaponChanged::EWeaponChanged+1777: 8B 45 08 - mov eax,[ebp+08] EntitiesMP.EWeaponChanged::EWeaponChanged+177A: 8B 4D 0C - mov ecx,[ebp+0C] // ---------- INJECTING HERE ---------- EntitiesMP.EWeaponChanged::EWeaponChanged+177D: 29 08 - sub [eax],ecx // ---------- DONE INJECTING ---------- EntitiesMP.EWeaponChanged::EWeaponChanged+177F: 5D - pop ebp EntitiesMP.EWeaponChanged::EWeaponChanged+1780: C3 - ret EntitiesMP.EWeaponChanged::EWeaponChanged+1781: 90 - nop EntitiesMP.EWeaponChanged::EWeaponChanged+1782: 90 - nop EntitiesMP.EWeaponChanged::EWeaponChanged+1783: 90 - nop EntitiesMP.EWeaponChanged::EWeaponChanged+1784: 90 - nop EntitiesMP.EWeaponChanged::EWeaponChanged+1785: 90 - nop EntitiesMP.EWeaponChanged::EWeaponChanged+1786: 90 - nop EntitiesMP.EWeaponChanged::EWeaponChanged+1787: 90 - nop EntitiesMP.EWeaponChanged::EWeaponChanged+1788: 90 - nop }
- 2
-
2 минуты назад, Garik66 сказал:
Урон проходит. но не записывается новое значение здоровья - читай код игровой
Понял. Так тоже удобно вышло.
-
4 минуты назад, Garik66 сказал:
ЗЫ: И если бы разрабы добавили проверку (отрицательное здоровье) после этой инструкции, то это был бы не Год.
Зато в этом случае как раз GodMod получается)
В этой игре. С таким скриптом. Урон не проходит по игроку.
-
Ковырял пиратку. Ломалось легко)
Репак от "dixen18".
Там патроны получилось сделать вообще патчем.
Ломал броню просто так. Отключение урона здоровью достаточно. На здоровье фильтр понадобился. На врагов та же инструкция.
Протестировал пару уровней полёт нормальный.
NoDamagePlayerHealth:
Обнуляет любой урон здоровью.
Спойлер{ Game : SeriousSam.exe Version: Date : 2021-03-29 Author : Templar This script does blah blah blah } [ENABLE] aobscanmodule(NoDamagePlayerHealth,Engine.dll,D9 9E CC 00 00 00) // should be unique alloc(newmem,$1000) label(code) label(return) newmem: code: ///фильтр cmp [esi+000000CC+18],#1 ///id игрока je return ///перепрыгиваем отнимание если игрок fstp dword ptr [esi+000000CC] jmp return NoDamagePlayerHealth: jmp newmem nop return: registersymbol(NoDamagePlayerHealth) [DISABLE] NoDamagePlayerHealth: db D9 9E CC 00 00 00 unregistersymbol(NoDamagePlayerHealth) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: Engine.CLiveEntity::ReceiveDamage+3C Engine.CLiveEntity::ReceiveDamage+1C: 8B F1 - mov esi,ecx Engine.CLiveEntity::ReceiveDamage+1E: 85 F6 - test esi,esi Engine.CLiveEntity::ReceiveDamage+20: 89 75 F0 - mov [ebp-10],esi Engine.CLiveEntity::ReceiveDamage+23: 74 03 - je Engine.CLiveEntity::ReceiveDamage+28 Engine.CLiveEntity::ReceiveDamage+25: FF 46 18 - inc [esi+18] Engine.CLiveEntity::ReceiveDamage+28: 57 - push edi Engine.CLiveEntity::ReceiveDamage+29: D9 86 CC 00 00 00 - fld dword ptr [esi+000000CC] Engine.CLiveEntity::ReceiveDamage+2F: D8 65 10 - fsub dword ptr [ebp+10] Engine.CLiveEntity::ReceiveDamage+32: 8D 4D C4 - lea ecx,[ebp-3C] Engine.CLiveEntity::ReceiveDamage+35: C7 45 FC 00 00 00 00 - mov [ebp-04],00000000 // ---------- INJECTING HERE ---------- Engine.CLiveEntity::ReceiveDamage+3C: D9 9E CC 00 00 00 - fstp dword ptr [esi+000000CC] // ---------- DONE INJECTING ---------- Engine.CLiveEntity::ReceiveDamage+42: E8 B9 8B 03 00 - call Engine.EDamage::EDamage Engine.CLiveEntity::ReceiveDamage+47: 8B 7D 08 - mov edi,[ebp+08] Engine.CLiveEntity::ReceiveDamage+4A: C6 45 FC 01 - mov byte ptr [ebp-04],01 Engine.CLiveEntity::ReceiveDamage+4E: 85 FF - test edi,edi Engine.CLiveEntity::ReceiveDamage+50: 74 03 - je Engine.CLiveEntity::ReceiveDamage+55 Engine.CLiveEntity::ReceiveDamage+52: FF 47 18 - inc [edi+18] Engine.CLiveEntity::ReceiveDamage+55: 8B 45 CC - mov eax,[ebp-34] Engine.CLiveEntity::ReceiveDamage+58: 85 C0 - test eax,eax Engine.CLiveEntity::ReceiveDamage+5A: 8B C8 - mov ecx,eax Engine.CLiveEntity::ReceiveDamage+5C: 74 14 - je Engine.CLiveEntity::ReceiveDamage+72 }
InfiniteArmor:
При уроне броне заносится макс значение.
Спойлер{ Game : SeriousSam.exe Version: Date : 2021-03-29 Author : Templar This script does blah blah blah } [ENABLE] aobscanmodule(InfiniteArmor,Entities.dll,D9 96 70 03 00 00) // should be unique alloc(newmem,$1000) label(code) label(return) newmem: code: ///[esi+00000370+C] ///[обычно] макс значение брони(float)100.0 fst dword ptr [esi+00000370] mov [esi+00000370],(float)200.0 ///[экстра] может быть и (float)200.0 максимум jmp return InfiniteArmor: jmp newmem nop return: registersymbol(InfiniteArmor) [DISABLE] InfiniteArmor: db D9 96 70 03 00 00 unregistersymbol(InfiniteArmor) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: Entities.CPlayer::ReceiveDamage+16B Entities.CPlayer::ReceiveDamage+146: 8B 4D 10 - mov ecx,[ebp+10] Entities.CPlayer::ReceiveDamage+149: 89 4D F0 - mov [ebp-10],ecx Entities.CPlayer::ReceiveDamage+14C: EB 42 - jmp Entities.CPlayer::ReceiveDamage+190 Entities.CPlayer::ReceiveDamage+14E: D9 45 10 - fld dword ptr [ebp+10] Entities.CPlayer::ReceiveDamage+151: D8 0D 34 94 3E 60 - fmul dword ptr [Entities.CPlayerWeapons::`vftable'+290] Entities.CPlayer::ReceiveDamage+157: D9 45 10 - fld dword ptr [ebp+10] Entities.CPlayer::ReceiveDamage+15A: D8 E1 - fsub st(0),st(1) Entities.CPlayer::ReceiveDamage+15C: D9 5D F0 - fstp dword ptr [ebp-10] Entities.CPlayer::ReceiveDamage+15F: D8 AE 70 03 00 00 - fsubr dword ptr [esi+00000370] Entities.CPlayer::ReceiveDamage+165: D8 15 EC 89 3E 60 - fcom dword ptr [Entities.CReminder::`vftable'+118] // ---------- INJECTING HERE ---------- Entities.CPlayer::ReceiveDamage+16B: D9 96 70 03 00 00 - fst dword ptr [esi+00000370] // ---------- DONE INJECTING ---------- Entities.CPlayer::ReceiveDamage+171: DF E0 - fnstsw ax Entities.CPlayer::ReceiveDamage+173: F6 C4 01 - test ah,01 Entities.CPlayer::ReceiveDamage+176: 74 16 - je Entities.CPlayer::ReceiveDamage+18E Entities.CPlayer::ReceiveDamage+178: D9 45 F0 - fld dword ptr [ebp-10] Entities.CPlayer::ReceiveDamage+17B: D8 E1 - fsub st(0),st(1) Entities.CPlayer::ReceiveDamage+17D: C7 86 70 03 00 00 00 00 00 00 - mov [esi+00000370],00000000 Entities.CPlayer::ReceiveDamage+187: D9 5D F0 - fstp dword ptr [ebp-10] Entities.CPlayer::ReceiveDamage+18A: DD D8 - fstp st(0) Entities.CPlayer::ReceiveDamage+18C: EB 02 - jmp Entities.CPlayer::ReceiveDamage+190 Entities.CPlayer::ReceiveDamage+18E: DD D8 - fstp st(0) }
RevolverNoReload:
В игре перезарядка есть только у Револьверов.
Спойлер{ Game : SeriousSam.exe Version: Date : 2021-03-29 Author : Templar This script does blah blah blah } [ENABLE] aobscanmodule(RevolverNoReload,Entities.dll,48 6A 00 8B CE) // should be unique registersymbol(RevolverNoReload) RevolverNoReload: db 90 6A 00 8B CE ///перетираем один байт на отнимание [DISABLE] RevolverNoReload: db 48 6A 00 8B CE unregistersymbol(RevolverNoReload) { // ORIGINAL CODE - INJECTION POINT: Entities.CPlayerWeapons::FireDoubleColt+8F Entities.CPlayerWeapons::FireDoubleColt+66: 68 CC 9D 44 60 - push Entities.CPlayerWeapons_DLLClass+1994 Entities.CPlayerWeapons::FireDoubleColt+6B: FF 15 08 84 3E 60 - call dword ptr [Entities.dll+108408] Entities.CPlayerWeapons::FireDoubleColt+71: 83 C4 04 - add esp,04 Entities.CPlayerWeapons::FireDoubleColt+74: 8B CE - mov ecx,esi Entities.CPlayerWeapons::FireDoubleColt+76: E8 75 7C FF FF - call Entities.CPlayerWeapons::DoRecoil Entities.CPlayerWeapons::FireDoubleColt+7B: 68 00 00 48 42 - push 42480000 Entities.CPlayerWeapons::FireDoubleColt+80: 8B CE - mov ecx,esi Entities.CPlayerWeapons::FireDoubleColt+82: E8 19 B4 FF FF - call Entities.CPlayerWeapons::SpawnRangeSound Entities.CPlayerWeapons::FireDoubleColt+87: 8B 86 E0 02 00 00 - mov eax,[esi+000002E0] Entities.CPlayerWeapons::FireDoubleColt+8D: 6A 02 - push 02 // ---------- INJECTING HERE ---------- Entities.CPlayerWeapons::FireDoubleColt+8F: 48 - dec eax // ---------- DONE INJECTING ---------- Entities.CPlayerWeapons::FireDoubleColt+90: 6A 00 - push 00 Entities.CPlayerWeapons::FireDoubleColt+92: 8B CE - mov ecx,esi Entities.CPlayerWeapons::FireDoubleColt+94: 89 86 E0 02 00 00 - mov [esi+000002E0],eax Entities.CPlayerWeapons::FireDoubleColt+9A: E8 D1 97 FF FF - call Entities.CPlayerWeapons::SetFlare Entities.CPlayerWeapons::FireDoubleColt+9F: 6A 00 - push 00 Entities.CPlayerWeapons::FireDoubleColt+A1: 6A 04 - push 04 Entities.CPlayerWeapons::FireDoubleColt+A3: 8B CE - mov ecx,esi Entities.CPlayerWeapons::FireDoubleColt+A5: E8 C6 99 FF FF - call Entities.CPlayerWeapons::PlayLightAnim Entities.CPlayerWeapons::FireDoubleColt+AA: 8B 86 EC 00 00 00 - mov eax,[esi+000000EC] Entities.CPlayerWeapons::FireDoubleColt+B0: 6A 06 - push 06 }
AmmoNoSub:
Патроны не тратятся.
Спойлер{ Game : SeriousSam.exe Version: Date : 2021-03-29 Author : Templar This script does blah blah blah } [ENABLE] aobscanmodule(AmmoNoSub,Entities.dll,29 08 5D C3 90) // should be unique registersymbol(AmmoNoSub) AmmoNoSub: db 90 90 5D C3 90 ///перетираем два байта на отниамание [DISABLE] AmmoNoSub: db 29 08 5D C3 90 unregistersymbol(AmmoNoSub) { // ORIGINAL CODE - INJECTION POINT: Entities.EReloadWeapon::EReloadWeapon+160D Entities.EReloadWeapon::EReloadWeapon+15F0: 55 - push ebp Entities.EReloadWeapon::EReloadWeapon+15F1: 8B EC - mov ebp,esp Entities.EReloadWeapon::EReloadWeapon+15F3: A1 24 82 3E 60 - mov eax,[Entities.dll+108224] Entities.EReloadWeapon::EReloadWeapon+15F8: 8B 08 - mov ecx,[eax] Entities.EReloadWeapon::EReloadWeapon+15FA: FF 15 20 82 3E 60 - call dword ptr [Entities.dll+108220] Entities.EReloadWeapon::EReloadWeapon+1600: 8B 48 54 - mov ecx,[eax+54] Entities.EReloadWeapon::EReloadWeapon+1603: 85 C9 - test ecx,ecx Entities.EReloadWeapon::EReloadWeapon+1605: 75 08 - jne Entities.EReloadWeapon::EReloadWeapon+160F Entities.EReloadWeapon::EReloadWeapon+1607: 8B 45 08 - mov eax,[ebp+08] Entities.EReloadWeapon::EReloadWeapon+160A: 8B 4D 0C - mov ecx,[ebp+0C] // ---------- INJECTING HERE ---------- Entities.EReloadWeapon::EReloadWeapon+160D: 29 08 - sub [eax],ecx // ---------- DONE INJECTING ---------- Entities.EReloadWeapon::EReloadWeapon+160F: 5D - pop ebp Entities.EReloadWeapon::EReloadWeapon+1610: C3 - ret Entities.EReloadWeapon::EReloadWeapon+1611: 90 - nop Entities.EReloadWeapon::EReloadWeapon+1612: 90 - nop Entities.EReloadWeapon::EReloadWeapon+1613: 90 - nop Entities.EReloadWeapon::EReloadWeapon+1614: 90 - nop Entities.EReloadWeapon::EReloadWeapon+1615: 90 - nop Entities.EReloadWeapon::EReloadWeapon+1616: 90 - nop Entities.EReloadWeapon::EReloadWeapon+1617: 90 - nop Entities.EReloadWeapon::EReloadWeapon+1618: 90 - nop }
- 2
-
Всем доброго дня.
Вот к примеру как оформляется InfAmmo:
Там не тратятся в кармане. Но тратятся в обойме.
Спойлер{ Game : SplinterCell2.exe Version: Date : 2021-03-06 Author : Templar This script does blah blah blah } [ENABLE] aobscanmodule(InfAmmo,Core.dll,89 0A FF 0F 5F 5E 59) // should be unique alloc(newmem,$1000) label(code) label(return) newmem: code: mov [edx],ecx ///Фильтр cmp [edi+C],#20 ///пистолет - сравниваем с макс. обоймой je @F ///прыжок на next code если пистолет cmp [edi+C],#30 ///автомат - сравниваем с макс. обоймой je @F ///прыжок на next code если автомат dec [edi] ///тут отнимает всё остальное @@:///next code pop edi jmp return InfAmmo: jmp newmem return: registersymbol(InfAmmo) [DISABLE] InfAmmo: db 89 0A FF 0F 5F 5E 59 unregistersymbol(InfAmmo) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: Core.dll+32D56 Core.dll+32D3B: 80 38 42 - cmp byte ptr [eax],42 Core.dll+32D3E: 75 10 - jne Core.dll+32D50 Core.dll+32D40: 8B 4E 08 - mov ecx,[esi+08] Core.dll+32D43: 6A 00 - push 00 Core.dll+32D45: 40 - inc eax Core.dll+32D46: 56 - push esi Core.dll+32D47: 89 46 0C - mov [esi+0C],eax Core.dll+32D4A: FF 15 10 9B 1F 10 - call dword ptr [Core.GNatives+108] Core.dll+32D50: 8B 0F - mov ecx,[edi] Core.dll+32D52: 8B 54 24 14 - mov edx,[esp+14] // ---------- INJECTING HERE ---------- Core.dll+32D56: 89 0A - mov [edx],ecx 89 0A FF 0F 5F 5E 59 // ---------- DONE INJECTING ---------- Core.dll+32D58: FF 0F - dec [edi] Core.dll+32D5A: 5F - pop edi Core.dll+32D5B: 5E - pop esi Core.dll+32D5C: 59 - pop ecx Core.dll+32D5D: C2 08 00 - ret 0008 Core.dll+32D60: CC - int 3 Core.dll+32D61: CC - int 3 Core.dll+32D62: CC - int 3 Core.dll+32D63: CC - int 3 Core.dll+32D64: CC - int 3 }
Вот мой скрипт на NoReload:
Спойлер{ Game : SplinterCell2.exe Version: Date : 2021-03-06 Author : Templar This script does blah blah blah } [ENABLE] aobscanmodule(InfAmmo_NoReload,Core.dll,89 0A FF 0F 5F 5E 59) // should be unique alloc(newmem,$1000) label(code) label(return) label(filter_1) label(code_work) newmem: code: mov [edx],ecx ///my code cmp [edi+C],#20 ///пистолет - сравниваем с статичным смещением jne filter_1 ///прыгаем на следующий если не пистолет inc [edi] ///прибавляем назад - патроны в КАРМАНЕ inc [edi+8] ///No reload!!! - патроны в ОБОЙМЕ filter_1: cmp [edi+C],#30 ///автомат - сравниваем с статичным смещением jne code_work ///прыгаем на оригинальный код если не автомат inc [edi] ///прибавляем назад - патроны в КАРМАНЕ inc [edi+8] ///No reload!!! - патроны в ОБОЙМЕ ///my code code_work: dec [edi] ///тут отнимает всё остальное pop edi jmp return InfAmmo_NoReload: jmp newmem return: registersymbol(InfAmmo_NoReload) [DISABLE] InfAmmo_NoReload: db 89 0A FF 0F 5F 5E 59 unregistersymbol(InfAmmo_NoReload) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: Core.dll+32D56 Core.dll+32D3B: 80 38 42 - cmp byte ptr [eax],42 Core.dll+32D3E: 75 10 - jne Core.dll+32D50 Core.dll+32D40: 8B 4E 08 - mov ecx,[esi+08] Core.dll+32D43: 6A 00 - push 00 Core.dll+32D45: 40 - inc eax Core.dll+32D46: 56 - push esi Core.dll+32D47: 89 46 0C - mov [esi+0C],eax Core.dll+32D4A: FF 15 10 9B 1F 10 - call dword ptr [Core.GNatives+108] Core.dll+32D50: 8B 0F - mov ecx,[edi] Core.dll+32D52: 8B 54 24 14 - mov edx,[esp+14] // ---------- INJECTING HERE ---------- Core.dll+32D56: 89 0A - mov [edx],ecx 89 0A FF 0F 5F 5E 59 // ---------- DONE INJECTING ---------- Core.dll+32D58: FF 0F - dec [edi] Core.dll+32D5A: 5F - pop edi Core.dll+32D5B: 5E - pop esi Core.dll+32D5C: 59 - pop ecx Core.dll+32D5D: C2 08 00 - ret 0008 Core.dll+32D60: CC - int 3 Core.dll+32D61: CC - int 3 Core.dll+32D62: CC - int 3 Core.dll+32D63: CC - int 3 Core.dll+32D64: CC - int 3 }
Как его оформить короче?
- 1
-
Отредактировал скрипты. Исходя из нового опыта.
Infinite Health:
Спойлер{ Game : SplinterCell.exe Version: Date : 2021-03-05 Author : Templar This script does blah blah blah } [ENABLE] aobscanmodule(InfHealth,Core.dll,8B 03 2B C2 5E) // should be unique alloc(newmem,$1000) label(code) label(return) label(orig_code) newmem: code: mov eax,[ebx] ///my code cmp [ebx+B],#1282 ///Статичное значение для смещения jne orig_code ///прыгаем если не равно xor edx,edx ///обнуляем урон ///my code orig_code: sub eax,edx pop esi jmp return InfHealth: jmp newmem return: registersymbol(InfHealth) [DISABLE] InfHealth: db 8B 03 2B C2 5E unregistersymbol(InfHealth) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: Core.dll+39328 Core.dll+3930C: 89 56 0C - mov [esi+0C],edx Core.dll+3930F: 80 38 42 - cmp byte ptr [eax],42 Core.dll+39312: 75 10 - jne Core.dll+39324 Core.dll+39314: 8B 4E 08 - mov ecx,[esi+08] Core.dll+39317: 40 - inc eax Core.dll+39318: 6A 00 - push 00 Core.dll+3931A: 56 - push esi Core.dll+3931B: 89 46 0C - mov [esi+0C],eax Core.dll+3931E: FF 15 C8 5B 1E 10 - call dword ptr [Core.GNatives+108] Core.dll+39324: 8B 54 24 10 - mov edx,[esp+10] // ---------- INJECTING HERE ---------- Core.dll+39328: 8B 03 - mov eax,[ebx] // ---------- DONE INJECTING ---------- Core.dll+3932A: 2B C2 - sub eax,edx Core.dll+3932C: 5E - pop esi Core.dll+3932D: 89 03 - mov [ebx],eax Core.dll+3932F: 8B D8 - mov ebx,eax Core.dll+39331: 8B 44 24 10 - mov eax,[esp+10] Core.dll+39335: 89 18 - mov [eax],ebx Core.dll+39337: 5B - pop ebx Core.dll+39338: 59 - pop ecx Core.dll+39339: C2 08 00 - ret 0008 Core.dll+3933C: 90 - nop }
Infinite Ammo:
Спойлер{ Game : SplinterCell.exe Version: Date : 2021-03-05 Author : Templar This script does blah blah blah } [ENABLE] aobscanmodule(Ammo,Core.dll,8B 07 48 89 07) // should be unique alloc(newmem,$1000) label(code) label(return) label(next_code) newmem: code: mov eax,[edi] ///my code ///пистолет cmp [edi+C],#20 ///макс патронов в магазине je next_code ///прыгаем если пистолет ///автомат cmp [edi+C],#30 ///макс патронов в магазине je next_code ///прыгаем если автомат ///my code dec eax ///тут отнимает всё остальное next_code: mov [edi],eax jmp return Ammo: jmp newmem return: registersymbol(Ammo) [DISABLE] Ammo: db 8B 07 48 89 07 unregistersymbol(Ammo) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: Core.dll+397B9 Core.dll+3979F: 75 10 - jne Core.dll+397B1 Core.dll+397A1: 8B 4E 08 - mov ecx,[esi+08] Core.dll+397A4: 40 - inc eax Core.dll+397A5: 6A 00 - push 00 Core.dll+397A7: 56 - push esi Core.dll+397A8: 89 46 0C - mov [esi+0C],eax Core.dll+397AB: FF 15 C8 5B 1E 10 - call dword ptr [Core.GNatives+108] Core.dll+397B1: 8B 54 24 14 - mov edx,[esp+14] Core.dll+397B5: 8B 0F - mov ecx,[edi] Core.dll+397B7: 89 0A - mov [edx],ecx // ---------- INJECTING HERE ---------- Core.dll+397B9: 8B 07 - mov eax,[edi] // ---------- DONE INJECTING ---------- Core.dll+397BB: 48 - dec eax Core.dll+397BC: 89 07 - mov [edi],eax Core.dll+397BE: 5F - pop edi Core.dll+397BF: 5E - pop esi Core.dll+397C0: 59 - pop ecx Core.dll+397C1: C2 08 00 - ret 0008 Core.dll+397C4: 90 - nop Core.dll+397C5: 90 - nop Core.dll+397C6: 90 - nop Core.dll+397C7: 90 - nop }
NoReload:
Спойлер{ Game : SplinterCell.exe Version: Date : 2021-03-05 Author : Templar This script does blah blah blah } [ENABLE] aobscanmodule(AmmoNoReload,Core.dll,8B 07 48 89 07) // should be unique alloc(newmem,$1000) label(code) label(return) label(part_2) newmem: code: mov eax,[edi] dec eax ///тут отнимает mov [edi],eax ///my code ///пистолет cmp [edi+C],#20 ///макс патронов в магазине jne part_2 ///прыгаем если не пистолет inc [edi] ///возвращаем в сумку inc [edi+8] ///возвращаем в обойму part_2:///автомат cmp [edi+C],#30 ///макс патронов в магазине jne return ///прыгаем если не автомат inc [edi] ///возвращаем в сумку inc [edi+8] ///возвращаем в обойму ///my code jmp return AmmoNoReload: jmp newmem return: registersymbol(AmmoNoReload) [DISABLE] AmmoNoReload: db 8B 07 48 89 07 unregistersymbol(AmmoNoReload) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: Core.dll+397B9 Core.dll+3979F: 75 10 - jne Core.dll+397B1 Core.dll+397A1: 8B 4E 08 - mov ecx,[esi+08] Core.dll+397A4: 40 - inc eax Core.dll+397A5: 6A 00 - push 00 Core.dll+397A7: 56 - push esi Core.dll+397A8: 89 46 0C - mov [esi+0C],eax Core.dll+397AB: FF 15 C8 5B 1E 10 - call dword ptr [Core.GNatives+108] Core.dll+397B1: 8B 54 24 14 - mov edx,[esp+14] Core.dll+397B5: 8B 0F - mov ecx,[edi] Core.dll+397B7: 89 0A - mov [edx],ecx // ---------- INJECTING HERE ---------- Core.dll+397B9: 8B 07 - mov eax,[edi] // ---------- DONE INJECTING ---------- Core.dll+397BB: 48 - dec eax Core.dll+397BC: 89 07 - mov [edi],eax Core.dll+397BE: 5F - pop edi Core.dll+397BF: 5E - pop esi Core.dll+397C0: 59 - pop ecx Core.dll+397C1: C2 08 00 - ret 0008 Core.dll+397C4: 90 - nop Core.dll+397C5: 90 - nop Core.dll+397C6: 90 - nop Core.dll+397C7: 90 - nop }
SuperAccuracy:
Спойлер{ Game : SplinterCell.exe Version: Date : 2021-03-12 Author : Templar This script does blah blah blah } [ENABLE] aobscanmodule(SuperAccuracy,Echelon.DLL,89 8E 74 04 00 00 E9) // should be unique alloc(newmem,$1000) label(code) label(return) newmem: code: xor ecx,ecx ///обнуляем прицел mov [esi+00000474],ecx jmp return SuperAccuracy: jmp newmem nop return: registersymbol(SuperAccuracy) [DISABLE] SuperAccuracy: db 89 8E 74 04 00 00 unregistersymbol(SuperAccuracy) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: Echelon.DLL+362B2 Echelon.DLL+36288: 8B 81 AC 02 00 00 - mov eax,[ecx+000002AC] Echelon.DLL+3628E: C1 E8 02 - shr eax,02 Echelon.DLL+36291: 83 E0 01 - and eax,01 Echelon.DLL+36294: A3 14 F7 C0 07 - mov [Echelon.AEGameplayObject::PrivateStaticClass+4C4],eax Echelon.DLL+36299: D9 86 74 04 00 00 - fld dword ptr [esi+00000474] Echelon.DLL+3629F: D8 9E 70 04 00 00 - fcomp dword ptr [esi+00000470] Echelon.DLL+362A5: DF E0 - fnstsw ax Echelon.DLL+362A7: F6 C4 05 - test ah,05 Echelon.DLL+362AA: 7A 11 - jp Echelon.DLL+362BD Echelon.DLL+362AC: 8B 8E 70 04 00 00 - mov ecx,[esi+00000470] // ---------- INJECTING HERE ---------- Echelon.DLL+362B2: 89 8E 74 04 00 00 - mov [esi+00000474],ecx // ---------- DONE INJECTING ---------- Echelon.DLL+362B8: E9 88 00 00 00 - jmp Echelon.DLL+36345 Echelon.DLL+362BD: D9 86 74 04 00 00 - fld dword ptr [esi+00000474] Echelon.DLL+362C3: D8 9E 70 04 00 00 - fcomp dword ptr [esi+00000470] Echelon.DLL+362C9: DF E0 - fnstsw ax Echelon.DLL+362CB: F6 C4 44 - test ah,44 Echelon.DLL+362CE: 7B 75 - jnp Echelon.DLL+36345 Echelon.DLL+362D0: D9 86 74 04 00 00 - fld dword ptr [esi+00000474] Echelon.DLL+362D6: D8 64 24 1C - fsub dword ptr [esp+1C] Echelon.DLL+362DA: D9 86 64 04 00 00 - fld dword ptr [esi+00000464] Echelon.DLL+362E0: D8 64 24 1C - fsub dword ptr [esp+1C] }
P.S. Добавьте в шапку, пожалуйста.
- 1
- 1
-
Всем доброго дня. Ломал издание Uplay. Но думаю, на пиратке также работать будет.
Здоровье и патроны тут находятся почти также как и прошлых частях.
На точность прицела оказалось достаточно подмены только одной инструкции в нужном месте.
Итак:
Infinite Health:
Спойлер{ Game : splintercell3.exe Version: Date : 2021-03-13 Author : Templar This script does blah blah blah } [ENABLE] aobscanmodule(InfHealth,splintercell3.exe,8B 54 24 10 2B C2) // should be unique alloc(newmem,$1000) label(code) label(return) label(next_code) newmem: code: mov edx,[esp+10] ///урон ///my code cmp [ebx+10],#1 ///id игрока jne next_code ///прыгаем если не игрок xor edx,edx ///обнуляем урон ///my code next_code: sub eax,edx ///отнимание от здоровья jmp return InfHealth: jmp newmem nop return: registersymbol(InfHealth) [DISABLE] InfHealth: db 8B 54 24 10 2B C2 unregistersymbol(InfHealth) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: splintercell3.exe+3F07C4 splintercell3.exe+3F07AA: 89 56 0C - mov [esi+0C],edx splintercell3.exe+3F07AD: 80 38 42 - cmp byte ptr [eax],42 splintercell3.exe+3F07B0: 75 10 - jne splintercell3.exe+3F07C2 splintercell3.exe+3F07B2: 8B 4E 08 - mov ecx,[esi+08] splintercell3.exe+3F07B5: 6A 00 - push 00 splintercell3.exe+3F07B7: 40 - inc eax splintercell3.exe+3F07B8: 56 - push esi splintercell3.exe+3F07B9: 89 46 0C - mov [esi+0C],eax splintercell3.exe+3F07BC: FF 15 C0 28 31 11 - call dword ptr [splintercell3.exe+A128C0] splintercell3.exe+3F07C2: 8B 03 - mov eax,[ebx] // ---------- INJECTING HERE ---------- splintercell3.exe+3F07C4: 8B 54 24 10 - mov edx,[esp+10] // ---------- DONE INJECTING ---------- splintercell3.exe+3F07C8: 2B C2 - sub eax,edx splintercell3.exe+3F07CA: 89 03 - mov [ebx],eax splintercell3.exe+3F07CC: 8B D8 - mov ebx,eax splintercell3.exe+3F07CE: 8B 44 24 14 - mov eax,[esp+14] splintercell3.exe+3F07D2: 5E - pop esi splintercell3.exe+3F07D3: 89 18 - mov [eax],ebx splintercell3.exe+3F07D5: 5B - pop ebx splintercell3.exe+3F07D6: 59 - pop ecx splintercell3.exe+3F07D7: C2 08 00 - ret 0008 splintercell3.exe+3F07DA: CC - int 3 }
Infinite Ammo:
Спойлер{ Game : splintercell3.exe Version: Date : 2021-03-13 Author : Templar This script does blah blah blah } [ENABLE] aobscanmodule(InfAmmo,splintercell3.exe,4F 89 BE 3C 04 00 00) // should be unique alloc(newmem,$1000) label(code) label(return) label(next_code) newmem: code: ///my code cmp [esi+0000043C+C],#20 ///статичное смещение - пистолет je next_code /// перепрыгиваем отнимание если пистолет cmp [esi+0000043C+C],#80 ///статичное смещение - автомат je next_code /// перепрыгиваем отнимание если автомат ///my code dec edi ///отнимает всё остальное next_code: mov [esi+0000043C],edi jmp return InfAmmo: jmp newmem nop 2 return: registersymbol(InfAmmo) [DISABLE] InfAmmo: db 4F 89 BE 3C 04 00 00 unregistersymbol(InfAmmo) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: splintercell3.AEGameplayObject::PostBeginPlay+BBBB splintercell3.AEGameplayObject::PostBeginPlay+BB98: 89 50 04 - mov [eax+04],edx splintercell3.AEGameplayObject::PostBeginPlay+BB9B: 8B 91 B4 02 00 00 - mov edx,[ecx+000002B4] splintercell3.AEGameplayObject::PostBeginPlay+BBA1: 52 - push edx splintercell3.AEGameplayObject::PostBeginPlay+BBA2: 8B CE - mov ecx,esi splintercell3.AEGameplayObject::PostBeginPlay+BBA4: 89 78 08 - mov [eax+08],edi splintercell3.AEGameplayObject::PostBeginPlay+BBA7: E8 84 F0 FF FF - call splintercell3.AEGameplayObject::PostBeginPlay+AC30 splintercell3.AEGameplayObject::PostBeginPlay+BBAC: 8B 9E 34 04 00 00 - mov ebx,[esi+00000434] splintercell3.AEGameplayObject::PostBeginPlay+BBB2: 8B BE 3C 04 00 00 - mov edi,[esi+0000043C] splintercell3.AEGameplayObject::PostBeginPlay+BBB8: 6A 00 - push 00 splintercell3.AEGameplayObject::PostBeginPlay+BBBA: 4B - dec ebx // ---------- INJECTING HERE ---------- splintercell3.AEGameplayObject::PostBeginPlay+BBBB: 4F - dec edi // ---------- DONE INJECTING ---------- splintercell3.AEGameplayObject::PostBeginPlay+BBBC: 89 BE 3C 04 00 00 - mov [esi+0000043C],edi splintercell3.AEGameplayObject::PostBeginPlay+BBC2: 8B BE 20 04 00 00 - mov edi,[esi+00000420] splintercell3.AEGameplayObject::PostBeginPlay+BBC8: 6A 00 - push 00 splintercell3.AEGameplayObject::PostBeginPlay+BBCA: 89 9E 34 04 00 00 - mov [esi+00000434],ebx splintercell3.AEGameplayObject::PostBeginPlay+BBD0: A1 A0 A0 1F 11 - mov eax,[splintercell3.exe+8FA0A0] splintercell3.AEGameplayObject::PostBeginPlay+BBD5: 8B 1F - mov ebx,[edi] splintercell3.AEGameplayObject::PostBeginPlay+BBD7: 6A 00 - push 00 splintercell3.AEGameplayObject::PostBeginPlay+BBD9: 50 - push eax splintercell3.AEGameplayObject::PostBeginPlay+BBDA: 8B CF - mov ecx,edi splintercell3.AEGameplayObject::PostBeginPlay+BBDC: E8 5F F4 0D 00 - call splintercell3.exe+3D92D0 }
NoReload:
Спойлер{ Game : splintercell3.exe Version: Date : 2021-03-13 Author : Templar This script does blah blah blah } [ENABLE] aobscanmodule(InfAmmo,splintercell3.exe,4F 89 BE 3C 04 00 00) // should be unique registersymbol(InfAmmo) alloc(newmem_1,$1000) aobscanmodule(NoReload,splintercell3.exe,89 9E 34 04 00 00 A1) // should be unique registersymbol(NoReload) alloc(newmem_2,$1000) ///InfAmmo label(code_1) label(return_1) label(next_code) newmem_1: code_1: ///my code cmp [esi+0000043C+C],#20 ///статичное смещение - пистолет je next_code /// перепрыгиваем отнимание если пистолет cmp [esi+0000043C+C],#80 ///статичное смещение - автомат je next_code /// перепрыгиваем отнимание если автомат ///my code dec edi ///отнимает всё остальное next_code: mov [esi+0000043C],edi jmp return_1 InfAmmo: jmp newmem_1 nop 2 return_1: ///NoReload label(code_2) label(return_2) label(orig_code) label(part_2) newmem_2: code_2: ///my code ///пистолет cmp [esi+00000434+4],#20 ///сравниваем с макс обоймой - статичное jne part_2 ///прыгаем на следующий если не пистолет mov ebx,[esi+00000434+4] ///заносим максимальное значение в обойму part_2: ///автомат cmp [esi+00000434+4],#30 ///сравниваем с макс обоймой - статичное jne orig_code ///прыгаем на оригинальный код если не автомат mov ebx,[esi+00000434+4] ///заносим максимальное значение в обойму ///my code orig_code: mov [esi+00000434],ebx jmp return_2 NoReload: jmp newmem_2 nop return_2: [DISABLE] InfAmmo: db 4F 89 BE 3C 04 00 00 unregistersymbol(InfAmmo) dealloc(newmem_1) NoReload: db 89 9E 34 04 00 00 unregistersymbol(NoReload) dealloc(newmem_2) { // ORIGINAL CODE - INJECTION POINT: splintercell3.AEGameplayObject::PostBeginPlay+BBBB splintercell3.AEGameplayObject::PostBeginPlay+BB98: 89 50 04 - mov [eax+04],edx splintercell3.AEGameplayObject::PostBeginPlay+BB9B: 8B 91 B4 02 00 00 - mov edx,[ecx+000002B4] splintercell3.AEGameplayObject::PostBeginPlay+BBA1: 52 - push edx splintercell3.AEGameplayObject::PostBeginPlay+BBA2: 8B CE - mov ecx,esi splintercell3.AEGameplayObject::PostBeginPlay+BBA4: 89 78 08 - mov [eax+08],edi splintercell3.AEGameplayObject::PostBeginPlay+BBA7: E8 84 F0 FF FF - call splintercell3.AEGameplayObject::PostBeginPlay+AC30 splintercell3.AEGameplayObject::PostBeginPlay+BBAC: 8B 9E 34 04 00 00 - mov ebx,[esi+00000434] splintercell3.AEGameplayObject::PostBeginPlay+BBB2: 8B BE 3C 04 00 00 - mov edi,[esi+0000043C] splintercell3.AEGameplayObject::PostBeginPlay+BBB8: 6A 00 - push 00 splintercell3.AEGameplayObject::PostBeginPlay+BBBA: 4B - dec ebx // ---------- INJECTING HERE ---------- splintercell3.AEGameplayObject::PostBeginPlay+BBBB: 4F - dec edi // ---------- DONE INJECTING ---------- splintercell3.AEGameplayObject::PostBeginPlay+BBBC: 89 BE 3C 04 00 00 - mov [esi+0000043C],edi splintercell3.AEGameplayObject::PostBeginPlay+BBC2: 8B BE 20 04 00 00 - mov edi,[esi+00000420] splintercell3.AEGameplayObject::PostBeginPlay+BBC8: 6A 00 - push 00 splintercell3.AEGameplayObject::PostBeginPlay+BBCA: 89 9E 34 04 00 00 - mov [esi+00000434],ebx splintercell3.AEGameplayObject::PostBeginPlay+BBD0: A1 A0 A0 1F 11 - mov eax,[splintercell3.exe+8FA0A0] splintercell3.AEGameplayObject::PostBeginPlay+BBD5: 8B 1F - mov ebx,[edi] splintercell3.AEGameplayObject::PostBeginPlay+BBD7: 6A 00 - push 00 splintercell3.AEGameplayObject::PostBeginPlay+BBD9: 50 - push eax splintercell3.AEGameplayObject::PostBeginPlay+BBDA: 8B CF - mov ecx,edi splintercell3.AEGameplayObject::PostBeginPlay+BBDC: E8 5F F4 0D 00 - call splintercell3.exe+3D92D0 }
SuperAccuracy:
Спойлер{ Game : splintercell3.exe Version: Date : 2021-03-13 Author : Templar This script does blah blah blah } [ENABLE] aobscanmodule(SuperAccuracy,splintercell3.exe,8B 96 2C 05 00 00 89) // should be unique alloc(newmem,$1000) label(code) label(return) newmem: code: mov edx,[esi+0000052C] xor edx,edx ///обнуляем прицел jmp return SuperAccuracy: jmp newmem nop return: registersymbol(SuperAccuracy) [DISABLE] SuperAccuracy: db 8B 96 2C 05 00 00 unregistersymbol(SuperAccuracy) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: splintercell3.AEGameplayObject::PostBeginPlay+A23F splintercell3.AEGameplayObject::PostBeginPlay+A21D: F6 47 2C 10 - test byte ptr [edi+2C],10 splintercell3.AEGameplayObject::PostBeginPlay+A221: 75 07 - jne splintercell3.AEGameplayObject::PostBeginPlay+A22A splintercell3.AEGameplayObject::PostBeginPlay+A223: BF 01 00 00 00 - mov edi,00000001 splintercell3.AEGameplayObject::PostBeginPlay+A228: EB 02 - jmp splintercell3.AEGameplayObject::PostBeginPlay+A22C splintercell3.AEGameplayObject::PostBeginPlay+A22A: 33 FF - xor edi,edi splintercell3.AEGameplayObject::PostBeginPlay+A22C: D9 86 30 05 00 00 - fld dword ptr [esi+00000530] splintercell3.AEGameplayObject::PostBeginPlay+A232: D8 9E 2C 05 00 00 - fcomp dword ptr [esi+0000052C] splintercell3.AEGameplayObject::PostBeginPlay+A238: DF E0 - fnstsw ax splintercell3.AEGameplayObject::PostBeginPlay+A23A: F6 C4 05 - test ah,05 splintercell3.AEGameplayObject::PostBeginPlay+A23D: 7A 11 - jp splintercell3.AEGameplayObject::PostBeginPlay+A250 // ---------- INJECTING HERE ---------- splintercell3.AEGameplayObject::PostBeginPlay+A23F: 8B 96 2C 05 00 00 - mov edx,[esi+0000052C] // ---------- DONE INJECTING ---------- splintercell3.AEGameplayObject::PostBeginPlay+A245: 89 96 30 05 00 00 - mov [esi+00000530],edx splintercell3.AEGameplayObject::PostBeginPlay+A24B: E9 87 00 00 00 - jmp splintercell3.AEGameplayObject::PostBeginPlay+A2D7 splintercell3.AEGameplayObject::PostBeginPlay+A250: D9 86 2C 05 00 00 - fld dword ptr [esi+0000052C] splintercell3.AEGameplayObject::PostBeginPlay+A256: D9 86 30 05 00 00 - fld dword ptr [esi+00000530] splintercell3.AEGameplayObject::PostBeginPlay+A25C: DA E9 - fucompp splintercell3.AEGameplayObject::PostBeginPlay+A25E: DF E0 - fnstsw ax splintercell3.AEGameplayObject::PostBeginPlay+A260: F6 C4 44 - test ah,44 splintercell3.AEGameplayObject::PostBeginPlay+A263: 7B 72 - jnp splintercell3.AEGameplayObject::PostBeginPlay+A2D7 splintercell3.AEGameplayObject::PostBeginPlay+A265: D9 86 30 05 00 00 - fld dword ptr [esi+00000530] splintercell3.AEGameplayObject::PostBeginPlay+A26B: 68 0A D7 23 3C - push 3C23D70A }
- 2
-
Нашел прицел. Там за него отвечает одна инструкция.
SuperAccuracy:
Спойлер{ Game : SplinterCell.exe Version: Date : 2021-03-12 Author : Templar This script does blah blah blah } [ENABLE] aobscanmodule(SuperAccuracy,Echelon.DLL,89 8E 74 04 00 00 E9) // should be unique alloc(newmem,$1000) label(code) label(return) newmem: code: mov ecx,(float)0.0 ///делаем точный прицел mov [esi+00000474],ecx jmp return SuperAccuracy: jmp newmem nop return: registersymbol(SuperAccuracy) [DISABLE] SuperAccuracy: db 89 8E 74 04 00 00 unregistersymbol(SuperAccuracy) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: Echelon.DLL+362B2 Echelon.DLL+36288: 8B 81 AC 02 00 00 - mov eax,[ecx+000002AC] Echelon.DLL+3628E: C1 E8 02 - shr eax,02 Echelon.DLL+36291: 83 E0 01 - and eax,01 Echelon.DLL+36294: A3 14 F7 C0 07 - mov [Echelon.AEGameplayObject::PrivateStaticClass+4C4],eax Echelon.DLL+36299: D9 86 74 04 00 00 - fld dword ptr [esi+00000474] Echelon.DLL+3629F: D8 9E 70 04 00 00 - fcomp dword ptr [esi+00000470] Echelon.DLL+362A5: DF E0 - fnstsw ax Echelon.DLL+362A7: F6 C4 05 - test ah,05 Echelon.DLL+362AA: 7A 11 - jp Echelon.DLL+362BD Echelon.DLL+362AC: 8B 8E 70 04 00 00 - mov ecx,[esi+00000470] // ---------- INJECTING HERE ---------- Echelon.DLL+362B2: 89 8E 74 04 00 00 - mov [esi+00000474],ecx // ---------- DONE INJECTING ---------- Echelon.DLL+362B8: E9 88 00 00 00 - jmp Echelon.DLL+36345 Echelon.DLL+362BD: D9 86 74 04 00 00 - fld dword ptr [esi+00000474] Echelon.DLL+362C3: D8 9E 70 04 00 00 - fcomp dword ptr [esi+00000470] Echelon.DLL+362C9: DF E0 - fnstsw ax Echelon.DLL+362CB: F6 C4 44 - test ah,44 Echelon.DLL+362CE: 7B 75 - jnp Echelon.DLL+36345 Echelon.DLL+362D0: D9 86 74 04 00 00 - fld dword ptr [esi+00000474] Echelon.DLL+362D6: D8 64 24 1C - fsub dword ptr [esp+1C] Echelon.DLL+362DA: D9 86 64 04 00 00 - fld dword ptr [esi+00000464] Echelon.DLL+362E0: D8 64 24 1C - fsub dword ptr [esp+1C] }
- 1
- 2
S.T.A.L.K.E.R. - Call of Pripyat(поиск кровотечения)
in Вопросы по созданию читов в одиночных играх
Опубликовано
Всем привет. Как выглядит значение кровотечения игрока? Я находил здоровье игрока она максимальное (float)1.0
LIRW точно знает. Надеюсь прочтёт мой вопрос.
Я на другие моды Сталкера делаю таблицы. Полезно было бы узнать и про кровотечение.