15
"[Enable]"
000080
Auto Assembler Script
[ENABLE]
alloc( EPhysicsHandler_Hook, 1024, BatmanAC.exe )
registersymbol( EPhysicsHandler_Hook )
label( p0 )
registersymbol( p0 )
label( p1 )
registersymbol( p1 )
label( p2 )
registersymbol( p2 )
label( exit_0 )
label( back_0 )
label( EPhysicsChange_Hook )
registersymbol( EPhysicsChange_Hook )
label( exit_1 )
label( back_1 )
label( bFly )
registersymbol( bFly )
label( bAmmo )
registersymbol( bAmmo )
label( exit_a )
label( exit_b )
label( bGod )
registersymbol( bGod )
label( bCombo )
registersymbol( bCombo )
label( KillComboReset_Cave )
registersymbol( KillComboReset_Cave )
label( back_2 )
label( KillComboReset_Cave_exit_0 )
label( KillComboReset_Cave_exit_1 )
label( KillComboReset_Cave_skip )
EPhysicsHandler_Hook+400:
p0:
dd 0
EPhysicsHandler_Hook+404:
p1:
dd 0
EPhysicsHandler_Hook+408:
p2:
dd 0
EPhysicsHandler_Hook+40C:
bFly:
dd 0
EPhysicsHandler_Hook+410:
bGod:
dd 0
EPhysicsHandler_Hook+414:
bAmmo:
dd 0
EPhysicsHandler_Hook+418:
bCombo:
dd 0
EPhysicsHandler_Hook:
cmp [ecx+1B4],(float)96.0
jne exit_0
push ebx
mov [p1],ecx
mov ebx,[ecx+C0]
mov [p0],ebx
mov ebx,[ecx+8C]
mov [p2],ebx
pop ebx
cmp [bAmmo],0
je exit_a
push ebx
push edx
mov ebx,[ecx+3A8]
test ebx,ebx
je exit_b
mov ebx,[ebx+1C8]
test ebx,ebx
je exit_b
mov edx,[ebx+2E8]
mov [ebx+2EC],edx
mov [ebx+2F0],(float)-1.0
mov [ebx+2F8],(float)-1.0
exit_b:
pop edx
pop ebx
exit_a:
cmp [bGod],0
je exit_0
push ebx
mov ebx,[p2]
mov byte ptr [ebx+1C0],0B
pop ebx
exit_0:
movzx edx,byte ptr [ecx+84]
jmp back_0
EPhysicsChange_Hook:
cmp [bFly],0
je exit_1
cmp esi,[p1]
jne exit_1
jmp back_1
exit_1:
mov [esi+84],al
jmp back_1
KillComboReset_Cave:
cmp [p2],0
je KillComboReset_Cave_exit_0
cmp [bCombo],1
jne KillComboReset_Cave_exit_0
cmp ecx,[p2]
jne KillComboReset_Cave_exit_0
push ecx
add ecx,1188
cmp ecx,eax
je KillComboReset_Cave_skip
add ecx,34
cmp ecx,eax
jne KillComboReset_Cave_exit_1
KillComboReset_Cave_skip:
pop ecx
jmp back_2
KillComboReset_Cave_exit_1:
pop ecx
KillComboReset_Cave_exit_0:
mov dword ptr [eax],0
jmp back_2
aobscan( dwEPhysicsHook_AOB, 0FB691????????83FA??0F87????????FF2495????????8B11 ) // OK
label( dwEPhysicsHook )
registersymbol( dwEPhysicsHook )
dwEPhysicsHook_AOB:
dwEPhysicsHook:
jmp EPhysicsHandler_Hook
db 90 90
back_0:
aobscan( dwStopeEPhysicsChange_AOB, 884C24??8886????????3C0174 ) // OK
label( dwStopEPhysicsChange )
registersymbol( dwStopEPhysicsChange )
dwStopeEPhysicsChange_AOB+4:
dwStopEPhysicsChange:
jmp EPhysicsChange_Hook
db 90
back_1:
aobscan( KillComboReset_AOB, CC8B442408C70000000000C20800CC ) // OK
label( KillComboReset )
registersymbol( KillComboReset )
KillComboReset_AOB+5:
KillComboReset:
jmp KillComboReset_Cave
nop
back_2:
aobscan( GetIndex_AOB, 83EC148B4124565733FF8944241085C0 ) // OK
label( GetIndex )
registersymbol( GetIndex )
GetIndex_AOB:
GetIndex:
aobscan( SetIndex_AOB, 53558BE98B452C565785C0 ) // OK
label( SetIndex )
registersymbol( SetIndex )
SetIndex_AOB:
SetIndex:
aobscan( TheWorld_AOB, 8B15????????5568????????5652E8????????83C4108BC8A3???????? ) // OK
label( TheWorld )
registersymbol( TheWorld )
[TheWorld_AOB+19]:
TheWorld:
[DISABLE]
dwEPhysicsHook:
movzx edx,byte ptr [ecx+84]
dwStopEPhysicsChange:
mov [esi+84],al
KillComboReset:
mov dword ptr [eax],0
unregistersymbol( KillComboReset_Cave )
unregistersymbol( TheWorld )
unregistersymbol( SetIndex )
unregistersymbol( GetIndex )
unregistersymbol( dwStopEPhysicsChange )
unregistersymbol( bCombo )
unregistersymbol( bGod )
unregistersymbol( bAmmo )
unregistersymbol( bFly )
unregistersymbol( EPhysicsChange_Hook )
unregistersymbol( p2 )
unregistersymbol( p1 )
unregistersymbol( p0 )
unregistersymbol( EPhysicsHandler_Hook )
dealloc( EPhysicsHandler_Hook )
51
"[Utils]"
FF0000
1
57
"Player Health"
4 Bytes
p1
2C4
131
"Upgrade Points"
4 Bytes
TheWorld
2B0
34C
484
0
2C
58
172
"XP"
Float
TheWorld
298
34C
484
0
2C
58
171
"XP For Next Upgrade"
Float
TheWorld
294
34C
484
0
2C
58
56
"Player Scale"
Float
p1
60
53
"Coordinate: X"
Float
p1
48
55
"Coordinate: Y"
Float
p1
4C
54
"Coordinate: Z"
Float
p1
50
87
"Current Weapon"
1
4 Bytes
p1
1C8
3A8
88
"Clip"
4 Bytes
p1
2EC
1C8
3A8
89
"MaxClip"
4 Bytes
p1
2E8
1C8
3A8
90
"ActiveCooldown"
Float
p1
2F0
1C8
3A8
91
"CooldownTimer"
0
Float
p1
2F8
1C8
3A8
105
"[Combos]"
FF0000
1
98
"Current Combo"
4 Bytes
p1
1188
8C
99
"No description"
4 Bytes
pPlayer
4
14B4
8C
100
"Max Battle Combo"
4 Bytes
p1
11BC
8C
101
"Special Combo Counter"
4 Bytes
p1
1414
8C
46
"Special Combo Star(s)"
4 Bytes
p1
1418
8C
102
"Times Combo Got Interrupted"
4 Bytes
p1
1424
8C
103
"Times Got Hit"
4 Bytes
p1
1430
8C
104
"Total Variation"
4 Bytes
p1
1440
8C
148
"Total Hits"
4 Bytes
p1
11C8
8C
149
"??"
4 Bytes
p1
11D8
8C
52
"[Scripts]"
FF0000
1
16
"Cheat Handler"
Auto Assembler Script
[ENABLE]
alloc( KeyHandlerThread, 4096 )
registersymbol( KeyHandlerThread )
CreateThread( KeyHandlerThread )
label( Toggle )
label( Toggler )
registersymbol( Toggler )
label( KeyHandlerOff )
registersymbol( KeyHandlerOff )
label( ExitKeyHandler )
label( bPlayersOnly )
registersymbol( bPlayersOnly )
label( TogglePlayersOnly )
label( TogglePlayersOnly_exit )
label( ToggleFly )
label( ToggleFly_exit )
label( ToggleGhost )
label( bGhost )
registersymbol( bGhost )
label( ToggleGhost_exit )
label( ToggleUnlimitedAmmo )
label( ToggleGod )
label( ToggleGod_exit )
label( ToggleNoComboReset )
label( ToggleSloMo1 )
label( ToggleSloMo2 )
label( ToggleSloMo3 )
label( ToggleHUD )
label( ToggleHUD_exit )
label( bHUD )
registersymbol( bHUD )
KeyHandlerThread+500:
Toggler:
dd 1
KeyHandlerThread+504:
KeyHandlerOff:
dd 0
KeyHandlerThread+508:
bPlayersOnly:
dd 0
KeyHandlerThread+50C:
bGhost:
dd 0
KeyHandlerThread+510:
bGod:
dd 0
KeyHandlerThread+514:
bHUD:
dd 0
KeyHandlerThread:
push 0a
call kernel32.Sleep
cmp [KeyHandlerOff],1
je ExitKeyHandler
push 71 //F2
call GetAsyncKeyState
test ax,ax
jne Toggle
cmp [Toggler],1
jne KeyHandlerThread
push 61 //VK_NUMPAD1
call GetAsyncKeyState
test ax,ax
jne TogglePlayersOnly
push 62 //VK_NUMPAD2
call GetAsyncKeyState
test ax,ax
jne ToggleFly
push 63 //VK_NUMPAD3
call GetAsyncKeyState
test ax,ax
jne ToggleGhost
push 64 //VK_NUMPAD4
call GetAsyncKeyState
test ax,ax
jne ToggleUnlimitedAmmo
push 65 //VK_NUMPAD5
call GetAsyncKeyState
test ax,ax
jne ToggleGod
push 66 //VK_NUMPAD6
call GetAsyncKeyState
test ax,ax
jne ToggleNoComboReset
push 67 //VK_NUMPAD7
call GetAsyncKeyState
test ax,ax
jne ToggleSloMo1
push 68 //VK_NUMPAD8
call GetAsyncKeyState
test ax,ax
jne ToggleSloMo2
push 69 //VK_NUMPAD9
call GetAsyncKeyState
test ax,ax
jne ToggleSloMo3
push 6A //VK_NUMPAD*
call GetAsyncKeyState
test ax,ax
jne ToggleHUD
jmp KeyHandlerThread
TogglePlayersOnly:
xor [bPlayersOnly],1
cmp [bPlayersOnly],0
je @f
mov ecx,[p0]
add byte ptr [ecx+350],80
jmp TogglePlayersOnly_exit
@@:
mov ecx,[p0]
sub byte ptr [ecx+350],80
TogglePlayersOnly_exit:
push C8
call kernel32.Sleep
jmp KeyHandlerThread
ToggleFly:
xor [bFly],1
cmp [bFly],0
je @f
push 0
push 397
mov ecx,[p2]
call GetIndex
mov ebx,[p1]
mov ecx,[ebx+8C]
mov ecx,[ecx+2C]
mov [ecx+8],eax
mov [ecx+20],eax
mov byte ptr [ebx+84],4
mov [ebx+270],(float)2500.0
jmp ToggleFly_exit
@@:
push 0
push 393
mov ecx,[p2]
call GetIndex
mov ebx,[p1]
mov ecx,[ebx+8C]
mov ecx,[ecx+2C]
mov [ecx+8],eax
push 0
push 22B
mov ecx,[p2]
call GetIndex
mov ebx,[p1]
mov ecx,[ebx+8C]
mov ecx,[ecx+2C]
mov [ecx+20],eax
mov byte ptr [ebx+84],1
mov [ebx+270],(float)219.6499939
ToggleFly_exit:
push C8
call kernel32.Sleep
jmp KeyHandlerThread
ToggleGhost:
xor [bGhost],1
cmp [bGhost],0
je @f
mov ebx,[p1]
add [ebx+A8],800
jmp ToggleGhost_exit
@@:
mov ebx,[p1]
sub [ebx+A8],800
ToggleGhost_exit:
push C8
call kernel32.Sleep
jmp KeyHandlerThread
ToggleUnlimitedAmmo:
xor [bAmmo],1
push C8
call kernel32.Sleep
jmp KeyHandlerThread
ToggleGod:
xor [bGod],1
cmp [bGod],0
je @f
mov ebx,[p2]
add byte ptr [ebx+1C0],2
jmp ToggleGod_exit
@@:
mov ebx,[p2]
sub byte ptr [ebx+1C0],2
ToggleGod_exit:
push C8
call kernel32.Sleep
jmp KeyHandlerThread
ToggleNoComboReset:
xor [bCombo],1
push C8
call kernel32.Sleep
jmp KeyHandlerThread
ToggleSloMo1:
mov ebx,[p0]
mov [ebx+3F8],(float)0.5
push C8
call kernel32.Sleep
jmp KeyHandlerThread
ToggleSloMo2:
mov ebx,[p0]
mov [ebx+3F8],(float)1.0
push C8
call kernel32.Sleep
jmp KeyHandlerThread
ToggleSloMo3:
mov ebx,[p0]
mov [ebx+3F8],(float)1.5
push C8
call kernel32.Sleep
jmp KeyHandlerThread
ToggleHUD:
xor [bHUD],1
cmp [bHUD],0
je @f
mov ebx,[p2]
mov ebx,[ebx+3B4]
sub byte ptr [ebx+1BC],2
jmp ToggleHUD_exit
@@:
mov ebx,[p2]
mov ebx,[ebx+3B4]
add byte ptr [ebx+1BC],2
ToggleHUD_exit:
push C8
call kernel32.Sleep
jmp KeyHandlerThread
Toggle:
xor [Toggler],1
push 96
call kernel32.Sleep
jmp KeyHandlerThread
ExitKeyHandler:
ret
[DISABLE]
KeyHandlerOff:
dd 1
unregistersymbol( bHUD )
unregistersymbol( bGhost )
unregistersymbol( bPlayersOnly )
unregistersymbol( KeyHandlerOff )
22
"SloMo"
Float
p0
434
24
"PlayersOnly"
4 Bytes
bPlayersOnly
25
"Fly"
4 Bytes
bFly
80
"Ghost"
4 Bytes
bGhost
111
"Unlimited Ammo"
4 Bytes
bAmmo
23
"God"
4 Bytes
bGod
162
"No Combo Reset"
4 Bytes
bCombo
165
"Toggle HUD"
4 Bytes
bHUD
180
"[Console]"
FF0000
1
173
"Fetch UE3 Pointers/Addresses"
Auto Assembler Script
[ENABLE]
aobscanmodule( GObjects_AOB, BatmanAC.exe, A1????????8B34B08B4E0C8B7608 )
label( GObjects )
registersymbol( GObjects )
[GObjects_AOB+1]:
GObjects:
aobscanmodule( GNames_AOB, BatmanAC.exe, 8B0D????????833C810074 )
label( GNames )
registersymbol( GNames )
[GNames_AOB+2]:
GNames:
aobscanmodule( ProcessEvent_AOB, BatmanAC.exe, 8B5D08F7????02040000 )
label( ProcessEvent )
registersymbol( ProcessEvent )
ProcessEvent_AOB-30:
ProcessEvent:
[DISABLE]
unregistersymbol( ProcessEvent )
unregistersymbol( GNames )
unregistersymbol( GObjects )
186
"Enable Console"
Auto Assembler Script
[ENABLE]
alloc( oConsole, 64, BatmanAC.exe)
label( back )
oConsole:
mov ecx,[esi+24]
cmp [esp+54],C0
jne @f
push eax
push ecx
mov eax,[ebx]
lea ecx,[ecx+24] // get Console in RGFxGameViewportClient UObject
mov ecx,[ecx]
mov [ecx+6C],eax
mov eax,[ebx+28]
mov [ecx+74],eax
pop ecx
pop eax
@@:
fld1
jmp back
// BatmanAC.exe+7B27BE - 8B 4E 24 - mov ecx,[esi+24]
// BatmanAC.exe+7B27C1 - D9E8 - fld1
BatmanAC.exe+7B27BE:
jmp oConsole
back:
[DISABLE]
BatmanAC.exe+7B27BE:
mov ecx,[esi+24]
fld1
dealloc( oConsole )
179
"Set Hook & Emulate RCheatManager UObject"
Auto Assembler Script
[ENABLE]
alloc( pCave, 1024, BatmanAC.exe )
alloc( pObject, 64, BatmanAC.exe )
registersymbol( pObject )
label( back )
label( szNull )
label( szRCheatManager )
label( szDefault_RCheatManager )
label( pStore )
label( pRPlayerControllerCombat )
registersymbol( pRPlayerControllerCombat )
label( szName )
label( pCave_loop )
label( pCave_next )
label( pCave_continue )
label( pCave_exit )
label( GetFullName_0 )
label( GetFullName_00 )
label( GetFullName_NULL_0 )
label( szFunctionName_0 )
pCave+500:
szNull:
db '(',0,'n',0,'u',0,'l',0,'l',0,')',0,0,0,0
pCave+520:
szRCheatManager:
db 43,00,6C,00,61,00,73,00,73,00,20,00,42,00,6D,00,47,00,61,00,6D,00,65,00,2E,00,52,00,43,00,68,00,65,00,61,00,74,00,4D,00,61,00,6E,00,61,00,67,00,65,00,72,00,00,00,00
pCave+5C0:
szDefault_RCheatManager:
db 52,00,43,00,68,00,65,00,61,00,74,00,4D,00,61,00,6E,00,61,00,67,00,65,00,72,00,20,00,42,00,6D,00,47,00,61,00,6D,00,65,00,2E,00,44,00,65,00,66,00,61,00,75,00,6C,00,74,00,5F,00,5F,00,52,00,43,00,68,00,65,00,61,00,74,00,4D,00,61,00,6E,00,61,00,67,00,65,00,72,00,00,00,00
pStore:
dd 0
pRPlayerControllerCombat:
dd 0
szName:
db 0
pCave+700:
szFunctionName_0:
dd 0
pObject+8:
db 00 00 10 00
pCave:
mov [pRPlayerControllerCombat],eax
mov [pObject+18],eax
push ebp
mov ebp,esp
pushad
mov eax,GObjects
xor esi,esi
cmp [eax+4],esi
jbe pCave_exit
pCave_loop:
mov ecx,[eax]
lea ecx,[ecx+esi*4]
cmp [ecx],0
je pCave_continue
mov edi,[ecx]
call GetFullName_0
mov [pStore],eax
push [pStore]
push szRCheatManager
call lstrcmpW
test eax,eax
jne short @f
mov [pObject+24],edi
jmp short pCave_next
@@:
push [pStore]
push szDefault_RCheatManager
call lstrcmpW
test eax,eax
jne short @f
mov eax,[edi]
mov [pObject],eax
@@:
pCave_next:
mov eax,GObjects
pCave_continue:
inc esi
cmp esi,[eax+4]
jb pCave_loop
mov eax,[pRPlayerControllerCombat]
mov [eax+438],pObject
pCave_exit:
popad
mov esp,ebp
pop ebp
mov [esp+00000090],bl // original code
jmp back
db CC CC
//*********************************
//******** GetFullName ********
//*********************************
GetFullName_0:
mov eax,[edi+24] // Class
test eax,eax
je GetFullName_NULL_0
mov ecx,[edi+18] // Outer
test ecx,ecx
je GetFullName_NULL_0
cmp [ecx+18],0 // Outer->Outer
je GetFullName_00
mov ebx,szFunctionName_0
mov ecx,GNames // GNames pointer
mov eax,[eax+1C] // FName_Index
mov edx,[ecx]
mov eax,[edx+eax*4]
add eax,10 // Class->GetName
@@:
cmp byte ptr [eax],0
je short @f
mov dx,[eax]
mov [ebx],dx
add ebx,2
add eax,2
jmp short @b
@@:
mov word ptr [ebx],20 // space character
add ebx,2
mov ecx,[edi+18] // Outer
mov edx,[ecx+18] // Outer->Outer
mov eax,[edx+1C] // FName_Index
mov ecx,GNames // GNames pointer
mov edx,[ecx]
mov eax,[edx+eax*4]
add eax,10 // Outer->Outer->GetName
@@:
cmp word ptr [eax],0
je short @f
mov dx,[eax]
mov [ebx],dx
add ebx,2
add eax,2
jmp short @b
@@:
mov word ptr [ebx],2E // . character
add ebx,2
mov ecx,[edi+18] // Outer
mov edx,[ecx+1C] // FName_Index
mov eax,GNames // GNames pointer
mov ecx,[eax]
mov edx,[ecx+edx*4]
add edx,10 // Outer->GetName
@@:
cmp word ptr [edx],0
je short @f
mov ax,[edx]
mov [ebx],ax
add ebx,2
add edx,2
jmp short @b
@@:
mov word ptr [ebx],2E // . character
add ebx,2
mov ecx,GNames // GNames pointer
mov edx,[ecx]
mov eax,[edi+1C] // this - FName_Index
mov eax,[edx+eax*4]
add eax,10 // this->GetName
@@:
cmp word ptr [eax],0
je short @f
mov dx,[eax]
mov [ebx],dx
add ebx,2
add eax,2
jmp short @b
@@:
mov word ptr [ebx],0
mov eax,szFunctionName_0
ret
GetFullName_00:
mov ebx,szFunctionName_0
mov edx,GNames // GNames pointer
mov ecx,[eax+1C] // FName_Index
mov eax,[edx]
mov ecx,[eax+ecx*4]
add ecx,10 // Class->GetName
@@:
cmp word ptr [ecx],0
je short @f
mov ax,[ecx]
mov [ebx],ax
add ebx,2
add ecx,2
jmp short @b
@@:
mov word ptr [ebx],20 // space character
add ebx,2
mov edx,[edi+18] // Outer
mov eax,[edx+1C] // FName_Index
mov ecx,GNames // GNames pointer
mov edx,[ecx]
mov eax,[edx+eax*4]
add eax,10 // Outer->GetName
@@:
cmp word ptr [eax],0
je short @f
mov cx,[eax]
mov [ebx],cx
add ebx,2
add eax,2
jmp short @b
@@:
mov word ptr [ebx],2E // . character
add ebx,2
mov edx,GNames // GNames pointer
mov eax,[edx]
mov ecx,[edi+1C] // this - FName_Index
mov ecx,[eax+ecx*4]
add ecx,10 // this->GetName
@@:
cmp word ptr [ecx],0
je short @f
mov ax,[ecx]
mov [ebx],ax
add ebx,2
add ecx,2
jmp short @b
@@:
mov byte ptr [ebx],0
mov eax,szFunctionName_0
ret
GetFullName_NULL_0:
mov eax,szNull
ret
// BatmanAC.exe+3C723D - 889C2490000000 - mov [esp+00000090],bl
BatmanAC.exe+3C723D:
jmp pCave
db 90 90
back:
[DISABLE]
[pRPlayerControllerCombat]+438:
dd 0
BatmanAC.exe+3C723D:
mov [esp+00000090],bl
unregistersymbol( pRPlayerControllerCombat )
unregistersymbol( pObject )
dealloc( pObject )
dealloc( pCave )
177
"GNames & GObjects Dumper"
Auto Assembler Script
[ENABLE]
alloc( DumpHandlerThread, 1024, BatmanAC.exe )
registersymbol( DumpHandlerThread )
CreateThread( DumpHandlerThread )
alloc( DumpHandlerOff, 4, BatmanAC.exe )
registersymbol( DumpHandlerOff )
label( ExitDumpHandler )
label( szWrite )
label( szNamesFile )
label( szObjectsFile )
label( szNamesFormat )
label( szObjectsFormat )
label( szInvalid )
label( szNull )
label( szFormat )
label( szSeparator )
label( szBuffer )
label( szFunctionName )
label( szOutputDebug )
label( DumpNames )
label( DumpNames_loop )
label( DumpNames_exit )
label( DumpObjects )
label( DumpObjects_loop )
label( DumpObjects_exit )
label( GetName )
label( GetObject )
label( FindObject )
label( FindObject_0 )
label( FindObject_1 )
label( FindObject_exit )
label( GetFullName )
label( GetFullName_0 )
label( GetFullName_NULL )
label( OutputDebug )
DumpHandlerOff:
dd 0
DumpHandlerThread+500:
szWrite:
db 'w+',0
szNamesFile:
db 'NamesDump.txt',0
szObjectsFile:
db 'ObjectsDump.txt',0
szNamesFormat:
db 'Name[%06i] %S',0A,0,0
szObjectsFormat:
db 'UObject[%06i] %-50S 0x%08X ( %-50S )',0A,0,0
szInvalid:
db 'I',0,'N',0,'V',0,'A',0,'L',0,'I',0,'D',0,' ',0,'N',0,'A',0,'M',0,'E',0,' ',0,'I',0,'N',0,'D',0,'E',0,'X',0,0,0,0
szNull:
db '(',0,'n',0,'u',0,'l',0,'l',0,')',0,0,0,0
szFormat:
db '0x%08X',0
szSeparator:
db ' | ',0
szBuffer:
dd 0
dd 0
dd 0
szFunctionName:
dd 0
DumpHandlerThread+600:
szOutputDebug:
dd 0
DumpHandlerThread:
push 0A
call kernel32.Sleep
cmp [DumpHandlerOff],1
je ExitDumpHandler
push 6F // VK_NUMPAD /
call GetAsyncKeyState
test ax,ax
jne @f
jmp DumpHandlerThread
@@:
call DumpNames
call DumpObjects
push C8
call kernel32.Sleep
jmp DumpHandlerThread
// ***************
// ** DumpNames **
// ***************
DumpNames:
push ebp
mov ebp,esp
push ecx
and [ebp-4],0
push esi
push szWrite // "w+"
lea eax,[ebp-4]
push szNamesFile // "NamesDump.txt"
push eax
call msvcrt.fopen_s
mov eax,GNames
xor esi,esi
add esp,C
cmp [eax+4],esi
jbe DumpNames_exit
DumpNames_loop:
mov ecx,[eax]
lea ecx,[ecx+esi*4]
cmp [ecx],0
je short @f
mov eax,[ecx]
add eax,10
push eax
push esi
push szNamesFormat // "Name[%06i] %S\0A\00"
push [ebp-4]
call msvcrt.fprintf
mov eax,GNames
add esp,10
@@:
inc esi
cmp esi,[eax+4]
jb DumpNames_loop
DumpNames_exit:
push [ebp-4]
call msvcrt.fclose
pop ecx
pop esi
mov esp,ebp
pop ebp
ret
db CC CC
// *****************
// ** DumpObjects **
// *****************
DumpObjects:
push ebp
mov ebp,esp
push ecx
and [ebp-4],0
push esi
push szWrite // "w+"
lea eax,[ebp-4]
push szObjectsFile // "ObjectsDump.txt"
push eax
call msvcrt.fopen_s
mov eax,GObjects
xor esi,esi
add esp,C
cmp [eax+4],esi
jbe DumpObjects_exit
DumpObjects_loop:
mov ecx,[eax]
lea ecx,[ecx+esi*4]
cmp [ecx],0
je short @f
push 0
push 0
mov eax,[ecx]
mov [esp],eax
call GetObject
mov [esp+4],eax
mov eax,[esp]
call GetName
push eax
push esi
push szObjectsFormat // "UObject[%06i] %-50S 0x%08X (%-50S)\0A\00"
push [ebp-4]
call msvcrt.fprintf
mov eax,GObjects
add esp,18
@@:
inc esi
cmp esi,[eax+4]
jb DumpObjects_loop
DumpObjects_exit:
push [ebp-4]
call msvcrt.fclose
mov esp,ebp
pop ebp
ret
db CC CC
// *************
// ** GetName **
// *************
GetName:
mov ecx,[eax+1C]
mov eax,GNames
mov edx,[eax+4]
cmp ecx,edx
ja short @f
mov eax,[eax]
mov eax,[eax+ecx*4]
add eax,10
ret
@@:
mov eax,szInvalid // "INVALID NAME INDEX"
ret
db CC CC
// ***************
// ** GetObject **
// ***************
GetObject:
mov edi,eax
test edi,edi
je short @f
mov eax,[edi+24]
test eax,eax
je short @f
call GetFullName
ret
@@:
mov eax,szInvalid // "INVALID NAME INDEX"
ret
db CC CC
// ****************
// ** FindObject **
// ****************
FindObject:
push ebp
mov ebp,esp
mov ecx,GObjects
push esi
push edi
xor esi,esi
cmp [ecx+4],esi
jle FindObject_exit
FindObject_0:
mov eax,[ecx]
mov edi,[eax+esi*4]
test edi,edi
je short @f
mov eax,[edi+24]
test eax,eax
je short @f
push [ebp+8]
call GetFullName
push eax
call msvcrt.stricmp
add esp,8
test eax,eax
je FindObject_1
mov ecx,GObjects
@@:
inc esi
cmp esi,[ecx+4]
jl short FindObject_0
FindObject_exit:
pop edi
pop esi
mov esp,ebp
pop ebp
ret 4
FindObject_1:
mov eax,edi
pop edi
pop esi
mov esp,ebp
pop ebp
ret 4
db CC CC
//*********************************
//******** GetFullName ********
//*********************************
GetFullName:
mov eax,[edi+24] // Class
test eax,eax
je GetFullName_NULL
mov ecx,[edi+18] // Outer
test ecx,ecx
je GetFullName_NULL
cmp [ecx+18],0 // Outer->Outer
je GetFullName_0
mov ebx,szFunctionName
mov ecx,GNames // GNames pointer
mov eax,[eax+1C] // FName_Index
mov edx,[ecx]
mov eax,[edx+eax*4]
add eax,10 // Class->GetName
@@:
cmp byte ptr [eax],0
je short @f
mov dx,[eax]
mov [ebx],dx
add ebx,2
add eax,2
jmp short @b
@@:
mov word ptr [ebx],20 // space character
add ebx,2
mov ecx,[edi+18] // Outer
mov edx,[ecx+18] // Outer->Outer
mov eax,[edx+1C] // FName_Index
mov ecx,GNames // GNames pointer
mov edx,[ecx]
mov eax,[edx+eax*4]
add eax,10 // Outer->Outer->GetName
@@:
cmp word ptr [eax],0
je short @f
mov dx,[eax]
mov [ebx],dx
add ebx,2
add eax,2
jmp short @b
@@:
mov word ptr [ebx],2E // . character
add ebx,2
mov ecx,[edi+18] // Outer
mov edx,[ecx+1C] // FName_Index
mov eax,GNames // GNames pointer
mov ecx,[eax]
mov edx,[ecx+edx*4]
add edx,10 // Outer->GetName
@@:
cmp word ptr [edx],0
je short @f
mov ax,[edx]
mov [ebx],ax
add ebx,2
add edx,2
jmp short @b
@@:
mov word ptr [ebx],2E // . character
add ebx,2
mov ecx,GNames // GNames pointer
mov edx,[ecx]
mov eax,[edi+1C] // this - FName_Index
mov eax,[edx+eax*4]
add eax,10 // this->GetName
@@:
cmp word ptr [eax],0
je short @f
mov dx,[eax]
mov [ebx],dx
add ebx,2
add eax,2
jmp short @b
@@:
mov word ptr [ebx],0
mov eax,szFunctionName
ret
GetFullName_0:
mov ebx,szFunctionName
mov edx,GNames // GNames pointer
mov ecx,[eax+1C] // FName_Index
mov eax,[edx]
mov ecx,[eax+ecx*4]
add ecx,10 // Class->GetName
@@:
cmp word ptr [ecx],0
je short @f
mov ax,[ecx]
mov [ebx],ax
add ebx,2
add ecx,2
jmp short @b
@@:
mov word ptr [ebx],20 // space character
add ebx,2
mov edx,[edi+18] // Outer
mov eax,[edx+1C] // FName_Index
mov ecx,GNames // GNames pointer
mov edx,[ecx]
mov eax,[edx+eax*4]
add eax,10 // Outer->GetName
@@:
cmp word ptr [eax],0
je short @f
mov cx,[eax]
mov [ebx],cx
add ebx,2
add eax,2
jmp short @b
@@:
mov word ptr [ebx],2E // . character
add ebx,2
mov edx,GNames // GNames pointer
mov eax,[edx]
mov ecx,[edi+1C] // this - FName_Index
mov ecx,[eax+ecx*4]
add ecx,10 // this->GetName
@@:
cmp word ptr [ecx],0
je short @f
mov ax,[ecx]
mov [ebx],ax
add ebx,2
add ecx,2
jmp short @b
@@:
mov byte ptr [ebx],0
mov eax,szFunctionName
ret
GetFullName_NULL:
mov eax,szNull
ret
db CC CC
//*********************
//** OutputDebug **
//*********************
OutputDebug:
push ebp
mov ebp,esp
mov eax,szOutputDebug
mov ecx,ebx
@@:
cmp byte ptr [ecx],0
je short @f
mov dl,[ecx]
mov [eax],dl
inc ecx
inc eax
jmp short @b
@@:
mov byte ptr [eax],0
push szSeparator
push szOutputDebug
call lstrcatA
push [ebp+8]
push szFormat
push szBuffer
call wsprintfA
add esp,C
push szBuffer
push szOutputDebug
call lstrcatA
push szOutputDebug
call OutputDebugStringA
mov esp,ebp
pop ebp
ret 4
ExitDumpHandler:
mov [DumpHandlerOff],2
ret
[DISABLE]
{$lua}
if( syntaxcheck == false ) then --actual execution
local starttime = getTickCount()
if readInteger( "DumpHandlerOff" ) == 0 then --could be 2 already
writeInteger( "DumpHandlerOff", 1 ) --tell the thread to kill itself
end
while( getTickCount() < starttime + 1000 ) and ( readInteger( "DumpHandlerOff" ) ~= 2 ) do --wait till it has finished
sleep( 20 )
end
if( getTickCount() > starttime + 1000 ) then --could happen when the window is shown
showMessage( 'Disabling the thread failed!' )
error( 'Thread disabling failed!' )
end
sleep( 1 )
end
{$asm}
unregistersymbol( DumpHandlerOff )
dealloc( DumpHandlerOff )
unregistersymbol( DumpHandlerThread )
dealloc( DumpHandlerThread )
14
"[Debug]"
C0C0C0
1
60
"[Enable-based]"
1
61
"P0"
1
4 Bytes
p0
0
62
"SloMo"
Float
p0
3F8
63
"PlayersOnly (0x43 = default; 0xC3 = active)"
1
4 Bytes
p0
350
64
"P1"
1
4 Bytes
p1
0
65
"EPhysics"
1
Byte
p1
84
66
"WalkingSpeed"
Float
p1
270
67
"WalkingFriction"
Float
p1
1E8
108
68
"FlyingSpeed"
Float
p1
278
69
"FlyingFriction"
Float
p1
1FC
108
81
"X"
Float
p1
48
71
"Y"
Float
p1
4C
72
"Z"
Float
p1
50
70
"WallHack"
1
4 Bytes
p1
A8
73
"Health"
4 Bytes
p1
2C4
75
"Scale"
Float
p1
60
82
"CurrentWeapon"
1
4 Bytes
p1
1C8
3A8
86
"Clip"
4 Bytes
p1
2EC
1C8
3A8
85
"MaxClip"
4 Bytes
p1
2E8
1C8
3A8
83
"ActiveCooldown"
Float
p1
2F0
1C8
3A8
84
"CooldownTimer"
Float
p1
2F8
1C8
3A8
76
"P2"
1
4 Bytes
p1
8C
77
"Index_1"
1
4 Bytes
p1
8
2C
8C
78
"Index_2"
1
4 Bytes
p1
20
2C
8C
79
"God (0x09 = default; 0x0B = active)"
1
Byte
p1
1C0
8C
112
"Shock Gloves"
1
4 Bytes
p2
0
B6C
838
113
"CurrentTimer"
Float
p2
3DC
B6C
838
120
"MaxTimer"
Float
p2
4AC
B6C
838
118
"Shock Gloves (no decrease on idle) - OR(20000)"
1
4 Bytes
p1
24
2C
124
"Shock Gloves (no decrease on hit) - OR(01000000)"
1
4 Bytes
ShockGlovesOnHitPtrPath
44
5EC
164
"ToggleHUD (OR with 2)"
1
Byte
p1
1BC
3B4
8C
58
"[Pointer-based]"
1
133
"TheWorld"
1
4 Bytes
TheWorld
0
1
"P0"
1
4 Bytes
TheWorld
0
0
2C
58
21
"SloMo"
Float
TheWorld
3F8
0
2C
58
134
"PlayersOnly (0x43 = default; 0xC3 = active)"
1
4 Bytes
TheWorld
350
0
2C
58
13
"P1"
1
4 Bytes
TheWorld
0
2F4
2C
58
33
"X"
Float
TheWorld
48
2F4
2C
58
135
"Y"
Float
TheWorld
4C
2F4
2C
58
136
"Z"
Float
TheWorld
50
2F4
2C
58
137
"WallHack"
1
4 Bytes
TheWorld
A8
2F4
2C
58
142
"Health"
4 Bytes
TheWorld
2C4
2F4
2C
58
49
"Scale"
Float
TheWorld
60
2F4
2C
58
11
"EPhysics"
1
Byte
TheWorld
84
2F4
2C
58
34
"WalkingSpeed"
Float
TheWorld
270
2F4
2C
58
19
"WalkingFriction"
Float
TheWorld
1E8
108
2F4
2C
58
36
"FlyingSpeed"
Float
TheWorld
278
2F4
2C
58
37
"FlyingFriction"
Float
TheWorld
1FC
108
2F4
2C
58
7
"P2"
1
4 Bytes
TheWorld
8C
2F4
2C
58
138
"Index_1"
1
4 Bytes
TheWorld
8
2C
8C
2F4
2C
58
18
"Index_2"
1
4 Bytes
TheWorld
20
2C
8C
2F4
2C
58
17
"God (0x09 = default; 0x0B = active)"
1
Byte
TheWorld
1C0
8C
2F4
2C
58
59
"[Scripts]"
1
20
"GetIndexes"
Auto Assembler Script
[ENABLE]
alloc(storage,4096)
registersymbol(storage)
alloc( KeyHandlerThread, 4096 )
registersymbol( KeyHandlerThread )
CreateThread( KeyHandlerThread )
label( Toggle )
label( Toggler )
registersymbol( Toggler )
label( KeyHandlerOff )
registersymbol( KeyHandlerOff )
label( ExitKeyHandler )
label( dwTable )
label( s )
label( string )
label( GetIndexes )
label( GetIndexes_exit )
label( GetIndexes_loop )
storage:
dwTable:
dd 0ABEE040
dd 0D3B0000
dd 0D3B00C0
dd 0D3B0180
dd 0D3B0240
dd 0D3B1E00
dd 0D3B1EC0
dd 0D3B1F80
dd 0D3B2040
dd 0D3B2640
dd 0D3B2D00
dd 0D3B3A80
dd 0D3B3C00
dd 0D3B4140
dd 0D3B4800
dd 0D3B51C0
dd 0D3B5280
dd 0D3B5DC0
dd 0D3B5E80
dd 0D3B5F40
dd 0D3B6000
dd 0D3B60C0
dd 0D3B6240
dd 0D3B6300
dd 0D3B63C0
dd 0D3B6CC0
dd 0D3B7080
dd 164A0000
dd 164A00C0
dd 164A0180
dd 164A0240
dd 164A0300
dd 164A03C0
dd 164A0480
dd 164A0540
dd 164A0600
dd 164A06C0
dd 164A0780
dd 164A0840
dd 164A09C0
dd 164A0A80
dd 164A0C00
dd 164A0CC0
dd 164A0D80
dd 164A0E40
dd 164A0F00
dd 164A0FC0
dd 164A1080
dd 164A1140
dd 164A1200
dd 164A12C0
dd 164A1380
dd 164A1440
dd 164A15C0
dd 164A1680
dd 164A1800
dd 164A18C0
dd 164A1980
dd 164A1A40
dd 164A1B00
dd 164A1BC0
dd 164A1D40
dd 164A1E00
dd 164A1EC0
dd 164A1F80
dd 164A2040
dd 164A2100
dd 164A21C0
dd 164A2280
dd 164A2340
dd 164A2400
dd 164A24C0
dd 164A2580
dd 164A2640
dd 164A27C0
dd 164A2940
dd 164A2A00
dd 164A2AC0
dd 164A2B80
dd 164A2C40
dd 164A2E80
dd 164A3180
dd 164A3240
dd 164A3300
dd 164A33C0
dd 164A3A80
dd 164A3B40
dd 164A3C00
dd 164A3E40
dd 164A3F00
dd 164A4080
dd 164A4140
dd 164A4200
dd 164A42C0
dd 164A4380
dd 164A4440
dd 164A4800
dd 164A4A40
dd 164A4C80
dd 164A4F80
dd 164A5100
dd 164A5280
dd 164A5340
dd 164A5400
dd 164A54C0
dd 164A5640
dd 164A57C0
dd 164A5940
dd 164A5A00
dd 164A5AC0
dd 164A6D80
dd 164A6E40
dd 164A6F00
dd 164A6FC0
dd 164A7080
dd 164A7140
dd 164A7380
dd 164A75C0
dd 164A7800
dd 164A7980
dd 164A7A40
dd 164A7BC0
dd 164A7C80
dd 164A7EC0
dd 164A7F80
dd 164A8340
dd 164A8400
dd 164A8580
dd 164A8640
dd 164A8700
dd 164A8880
dd 164A8AC0
dd 164A8C40
dd 164A8D00
dd 164A9180
dd 164A9E40
dd 164A9F00
dd 164A9FC0
dd 164AABC0
dd 164AAC80
dd 164AAD40
dd 164AAE00
dd 164AAEC0
dd 164AAF80
dd 164AF240
dd 164AF480
dd 164AF600
dd 164AF840
dd 164AF900
dd 164AF9C0
dd 164AFA80
dd 164AFF00
dd 164F2AC0
dd 164F2C40
dd 164F2D00
dd 164F2DC0
dd 164F2E80
dd 164F2F40
dd 164F3000
dd 164F45C0
dd 164F4800
dd 164F4E00
dd 164F4EC0
dd 164F4F80
dd 164F5700
dd 164F5C40
dd 164F5D00
dd 164F5DC0
dd 164F5E80
dd 164F6240
dd 164F6300
dd 164F63C0
dd 164F6480
dd 164F6540
dd 164F66C0
dd 164F6780
dd 164F6840
dd 164F69C0
dd 164F6A80
dd 164F72C0
dd 164F7380
dd 164F7440
dd 164F75C0
dd 164F7B00
dd 164F7C80
dd 164F7E00
dd 164F7EC0
dd 164F7F80
dd 164F8040
dd 164FBE80
dd 164FC0C0
dd 164FC180
dd 164FCC00
dd 164FCCC0
dd 164FCF00
dd 164FD080
dd 164FD140
dd 164FD200
dd 164FDB00
dd 164FDBC0
dd 164FDC80
dd 164FDD40
dd 164FDEC0
dd 164FDF80
dd 164FE040
dd 164FE100
dd 164FE280
dd 164FE340
dd 164FE400
dd 164FE4C0
dd 164FE580
dd 164FE700
dd 164FE7C0
dd 164FEAC0
dd 164FEB80
dd 164FED00
dd 164FEDC0
dd 164FEE80
dd 164FEF40
dd 164FF000
dd 164FF0C0
dd 164FF180
dd 164FF240
dd 164FF300
dd 164FF3C0
dd 164FF480
dd 164FF540
dd 164FF6C0
dd 164FF780
dd 164FF840
dd 164FF900
dd 164FFA80
dd 164FFB40
dd 164FFC00
dd 164FFCC0
dd 164FFD80
dd 164FFF00
dd 16730000
dd 167300C0
dd 16730180
dd 16730240
dd 16730300
dd 16730480
dd 16730540
dd 16730600
dd 167306C0
dd 16730780
dd 16730840
dd 16730900
dd 167309C0
dd 16730C00
dd 16730FC0
dd 16731080
dd 16731140
dd 16731200
dd 167312C0
dd 16731380
dd 16731440
dd 16731500
dd 16731740
dd 16731800
dd 16731A40
dd 16731BC0
dd 16731C80
dd 16731D40
dd 16731E00
dd 16731EC0
dd 16731F80
dd 16732040
dd 16732100
dd 167321C0
dd 16732280
dd 16732340
dd 16732400
dd 16732580
dd 16732640
dd 16732700
dd 167327C0
dd 16732A00
dd 16732C40
dd 16732D00
dd 16732DC0
dd 167330C0
dd 16733180
dd 16733300
dd 167333C0
dd 167336C0
dd 16733780
dd 16733840
dd 16733900
dd 167339C0
dd 16733A80
dd 16733B40
dd 16733C00
dd 16733CC0
dd 16733D80
dd 16733E40
dd 16733F00
dd 16734080
dd 167342C0
dd 16734380
dd 16734440
dd 16734500
dd 167345C0
dd 16734740
dd 167348C0
dd 16734980
dd 16734A40
dd 16734C80
dd 16734D40
dd 16734E00
dd 16734F80
dd 16735040
dd 167351C0
dd 16735340
dd 16735700
dd 167357C0
dd 16735940
dd 16735A00
dd 16735AC0
dd 16735B80
dd 16737740
dd 16737800
dd 167381C0
dd 16738280
dd 16738340
dd 16738400
dd 167384C0
dd 16738580
dd 16738640
dd 16738700
dd 16738AC0
dd 16738B80
dd 16738D00
dd 16738DC0
dd 16738E80
dd 16739000
dd 167390C0
dd 16739180
dd 16739240
dd 167393C0
dd 16739480
dd 16739600
dd 167396C0
dd 16739780
dd 16739840
dd 16739900
dd 16739A80
dd 16739B40
dd 16739CC0
dd 16739E40
dd 16739F00
dd 16739FC0
dd 1673A080
dd 1673A140
dd 1673A200
dd 1673A2C0
dd 1673A380
dd 1673A500
dd 1673A5C0
dd 1673A740
dd 1673A980
dd 1673AA40
dd 1673AB00
dd 1673ABC0
dd 1673AC80
dd 1673AD40
dd 1673AE00
dd 1673B040
dd 1673B100
dd 1673B1C0
dd 1673B280
dd 1673B4C0
dd 1673B640
dd 1673B700
dd 1673B880
dd 1673B940
dd 1673BA00
dd 1673BD00
dd 1673BE80
dd 1673C000
dd 1673C0C0
dd 1673C180
dd 1673C240
dd 1673C300
dd 1673C3C0
dd 1673C480
dd 1673C540
dd 1673C600
dd 1673C780
dd 1673C840
dd 1673C900
dd 1673C9C0
dd 1673CA80
dd 1673CB40
dd 1673CC00
dd 1673CCC0
dd 1673CD80
dd 1673CE40
dd 1673CFC0
dd 1673D080
dd 1673D140
dd 1673D380
dd 1673D440
dd 1673D5C0
dd 1673D680
dd 1673D740
dd 1673D800
dd 1673D8C0
dd 1673DD40
dd 1673DE00
dd 1673DF80
dd 1673E040
dd 1673E100
dd 1673E1C0
dd 1673E280
dd 1673E580
dd 1673E640
dd 1673E700
dd 1673E7C0
dd 1673E880
dd 1673EF40
dd 1673F480
dd 1673F600
dd 1673F780
dd 1673F840
dd 1673F900
dd 1673F9C0
dd 1673FC00
dd 1673FCC0
dd 1673FD80
dd 1673FE40
dd 1673FF00
dd 16920000
dd 169200C0
dd 16920240
dd 16920300
dd 169203C0
dd 16920480
dd 16920540
dd 16920600
dd 16920780
dd 16920840
dd 16920900
dd 16920A80
dd 16920B40
dd 16920C00
dd 16920CC0
dd 16921740
dd 16921800
dd 169218C0
dd 16921A40
dd 16921B00
dd 16921BC0
dd 16921C80
dd 16921E00
dd 16921EC0
dd 16922040
dd 16922280
dd 16922400
dd 169224C0
dd 16922580
dd 16922700
dd 169227C0
dd 16922880
dd 16922A00
dd 16922AC0
dd 16922B80
dd 16922C40
dd 16922D00
dd 16922E80
dd 16922F40
dd 16923000
dd 169230C0
dd 16923180
dd 16923240
dd 16923300
dd 16923540
dd 16923600
dd 16923780
dd 16923840
dd 16923900
dd 16923A80
dd 16923B40
dd 16923CC0
dd 16923E40
dd 16923F00
dd 16924080
dd 16924140
dd 16924200
dd 169242C0
dd 16924440
dd 16924500
dd 169245C0
dd 16924740
dd 16924800
dd 169248C0
dd 16924980
dd 16924BC0
dd 16924D40
dd 16924E00
dd 16924EC0
dd 16924F80
dd 16925040
dd 16925100
dd 169251C0
dd 16925280
dd 16925340
dd 16925640
dd 16925700
dd 16925880
dd 16925940
dd 16925A00
dd 16925C40
dd 16925DC0
dd 16925E80
dd 16925F40
dd 16926000
dd 169260C0
dd 16926180
dd 16926240
dd 16926300
dd 169263C0
dd 16926540
dd 16926600
dd 169266C0
dd 16926780
dd 16926900
dd 16926A80
dd 16926B40
dd 16926C00
dd 16926CC0
dd 16926E40
dd 16926F00
dd 16927080
dd 16927140
dd 16927200
dd 169272C0
dd 16927440
dd 16927500
dd 169275C0
dd 16927680
dd 16927740
dd 169278C0
dd 16927980
dd 16927BC0
dd 16927C80
dd 16927EC0
dd 16928040
dd 16928100
dd 169281C0
dd 16928340
dd 16928400
dd 169284C0
dd 16928700
dd 169287C0
dd 16928940
dd 16928A00
dd 16928AC0
dd 16928B80
dd 16928C40
dd 16928DC0
dd 16928E80
dd 16928F40
dd 16929000
dd 169290C0
dd 16929180
dd 16929240
dd 16929300
dd 169293C0
dd 169296C0
dd 16929840
dd 16929900
dd 169299C0
dd 16929B40
dd 16929FC0
dd 1692A080
dd 1692A140
dd 1692A2C0
dd 1692A380
dd 1692A500
dd 1692A5C0
dd 1692A680
dd 1692A740
dd 1692A800
dd 1692A980
dd 1692ABC0
dd 1692AF80
dd 1692B100
dd 1692B1C0
dd 1692B280
dd 1692B340
dd 1692B400
dd 1692B580
dd 1692B700
dd 1692B7C0
dd 1692B880
dd 1692B940
dd 1692BB80
dd 1692BC40
dd 1692BD00
dd 1692BDC0
dd 1692BE80
dd 1692BF40
dd 1692C000
dd 1692C0C0
dd 1692C180
dd 1692C240
dd 1692C300
dd 1692C480
dd 1692C900
dd 1692C9C0
dd 1692CA80
dd 1692CB40
dd 1692CC00
dd 1692CCC0
dd 1692CD80
dd 1692CE40
dd 1692CF00
dd 1692CFC0
dd 1692D080
dd 1692D140
dd 1692D200
dd 1692D2C0
dd 1692D380
dd 1692D440
dd 1692D500
dd 1692D5C0
dd 1692D680
dd 1692D740
dd 1692D800
dd 1692D8C0
dd 1692D980
dd 1692DA40
dd 1692DB00
dd 1692DBC0
dd 1692DC80
dd 1692DD40
dd 1692DE00
dd 1692DEC0
dd 1692DF80
dd 1692E040
dd 1692E100
dd 1692E1C0
dd 1692E340
dd 1692E400
dd 1692E4C0
dd 1692E580
dd 1692E640
dd 1692E700
dd 1692E7C0
dd 1692E880
dd 1692EA00
dd 1692EAC0
dd 1692EB80
dd 1692EC40
dd 1692ED00
dd 1692EDC0
dd 1692EE80
dd 1692EF40
dd 1692F000
dd 1692F0C0
dd 1692F180
dd 1692F240
dd 1692F300
dd 1692F3C0
dd 1692F480
dd 1692F540
dd 1692F600
dd 1692F780
dd 1692F840
dd 1692F900
dd 1692F9C0
dd 1692FA80
dd 1692FB40
dd 1692FC00
dd 1692FCC0
dd 1692FD80
dd 1692FE40
dd 171B8700
dd 171B87C0
dd 171B9000
dd 171B90C0
dd 171B9180
dd 171B9240
dd 171B93C0
dd 171B9480
dd 171B9540
dd 171B9600
dd 171B96C0
dd 171B9780
dd 171B9840
dd 171B99C0
dd 171B9A80
dd 171B9B40
dd 171B9C00
dd 171B9D80
dd 171B9F00
dd 171B9FC0
dd 171BA2C0
dd 171BA380
dd 171BA440
dd 171BA500
dd 171BA5C0
dd 171BA740
dd 171BA800
dd 171BAD40
dd 171BAE00
dd 171BAF80
dd 171BB040
dd 171BB580
dd 171BB640
dd 171BB700
dd 171BB880
dd 171BD800
dd 171BD8C0
dd 171BD980
dd 171BDB00
dd 171BDC80
dd 171BDD40
dd 171BDE00
dd 171BDEC0
dd 171BDF80
dd 171BE100
dd 171BE280
dd 171BE340
dd 171BEB80
dd 171BED00
dd 171BEDC0
dd 171BEE80
dd 171BEF40
dd 171BF000
dd 171BF0C0
dd 171BF3C0
dd 171BF600
dd 171BF6C0
dd 171BFC00
dd 171BFCC0
dd 18EBFE40
dd 18EBFF00
dd 1CEFF300
dd 1CEFF3C0
dd 1CEFF480
dd 28D75100
dd 28D757C0
dd 28D75880
dd 28D75940
dd 28D76240
dd 28D76300
dd 28D763C0
dd 28D76480
dd 28D76540
dd 28D76600
dd 28D766C0
dd 28D76A80
dd 28D76FC0
dd 28D77080
dd 28D77500
dd 28D79540
dd 28D79600
dd 28D796C0
dd 28D79780
dd 28D79840
dd 28D79900
dd 28D79A80
dd 28D79B40
dd 28D79C00
dd 28D79E40
dd 28E80CC0
dd 28E80E40
dd 28E80F00
dd 2DF8B880
dd 2DF8B940
dd 2DF8BAC0
dd 2DF8BB80
dd 2DF8BC40
dd 2F578A00
dd 2F578AC0
dd 4D450000
dd 4D4500C0
dd 4D450240
dd 4D4503C0
dd 4D450840
dd 4D450900
dd 4D4509C0
dd 4D450A80
dd 4D450B40
dd 4D450F00
dd 4D450FC0
dd 4D451140
dd 4D451200
dd 4D451440
dd 4D451500
dd 4D4515C0
dd 4D451680
dd 4D451740
dd 4D451800
dd 4D4518C0
dd 4D451A40
dd 4D451B00
dd 4D451C80
dd 4D451D40
dd 4D451E00
dd 4D451EC0
dd 4D451F80
dd 4D452040
dd 4D4521C0
dd 4D452280
dd 4D452340
dd 4D452940
dd 4D452A00
dd 4D452B80
dd 4D452C40
dd 4D452E80
dd 4D452F40
dd 4D453000
dd 4D4530C0
dd 4D453180
dd 4D453240
dd 4D453300
dd 4D4533C0
dd 4D453D80
dd 4D453E40
dd 4D453F00
dd 4D453FC0
dd 4D454080
dd 4D454B00
dd 4D454BC0
dd 4D456540
dd 4D456600
dd 4F000000
dd 4F0000C0
dd 4F000300
dd 4F000480
dd 4F000540
dd 4F0006C0
dd 4F000900
dd 4F002700
dd 4F0027C0
dd 4F002880
dd 4F002940
dd 4F002A00
dd 4F002B80
dd 4F002F40
dd 4F003000
dd 4F003180
dd 4F003240
dd 4F0033C0
dd 4F003480
dd 4F003540
dd 4F003600
dd 4F0036C0
dd 4F003780
dd 4F003840
dd 4F003D80
dd 4F003E40
dd 4F003F00
dd 4F004080
dd 4F004140
dd 4F004A40
dd 4F004B00
dd 4F004BC0
dd 4F004C80
dd 4F004D40
dd 4F004E00
dd 4F004F80
dd 4F005280
dd 4F005340
dd 4F005400
dd 4F005580
dd 4F005700
dd 4F005880
dd 4F005940
dd 4F005B80
dd 4F005C40
dd 4F005D00
dd 4F005DC0
dd 4F0060C0
dd 4F006180
dd 4F006240
dd 4F006300
dd 4F0063C0
dd 4F006480
dd 4F006540
dd 4F0066C0
dd 4F007F80
dd 4F008040
dd 4F008100
dd 4F0081C0
dd 4F008340
dd 4F008400
dd 4F0084C0
dd 4F008580
dd 4F008640
dd 4F008700
dd 4F008880
dd 4F008940
dd 4F008A00
dd 4F008AC0
dd 4F008B80
dd 4F008C40
dd 4F008D00
dd 4F008DC0
dd 4F008E80
dd 4F008F40
dd 4F009000
dd 4F0090C0
dd 4F009180
dd 4F009240
dd 4F0093C0
dd 4F009480
dd 4F009600
dd 4F009840
dd 4F009B40
dd 4F009C00
dd 4F009CC0
dd 4F009D80
dd 4F009E40
dd 4F00A140
dd 4F00A2C0
dd 4F00A380
dd 4F00A440
dd 4F00A500
dd 4F00A5C0
dd 4F00B040
dd 4F00B100
dd 4F00B1C0
dd 4F00BE80
dd 4F00BF40
dd 4F00C0C0
dd 4F00C180
dd 4F00C240
dd 4F00C300
dd 4F00C3C0
dd 4F00C600
dd 4F00C840
dd 4F00C900
dd 4F00C9C0
dd 4F00CB40
dd 4F00CC00
dd 4F00CCC0
dd 4F00CE40
dd 4F00D080
dd 4F00D140
dd 4F00D200
dd 4F00D440
dd 4F00D5C0
dd 4F00D740
dd 4F00D800
dd 4F00D8C0
dd 4F00D980
dd 4F00DE00
dd 4F00DF80
dd 4F00E040
dd 4F00E100
dd 4F00E400
dd 4F00E640
dd 4F00E700
dd 4F00EDC0
dd 4F00EE80
dd 4F00EF40
dd 4F00FD80
dd 4F00FE40
dd 4F00FF00
KeyHandlerThread+300:
Toggler:
dd 1
KeyHandlerThread+304:
KeyHandlerOff:
dd 0
KeyHandlerThread+800:
string:
db '[Index]: %08X - %08X',0
KeyHandlerThread+900:
s:
dd 0
KeyHandlerThread:
push 0a
call kernel32.Sleep
cmp [KeyHandlerOff],1
je ExitKeyHandler
push 71 //F2
call GetAsyncKeyState
test ax,ax
jne Toggle
cmp [Toggler],1
jne KeyHandlerThread
push 60 //VK_NUMPAD0
call GetAsyncKeyState
test ax,ax
jne GetIndexes
jmp KeyHandlerThread
GetIndexes:
mov eax,dwTable
GetIndexes_loop:
cmp [eax],0
je GetIndexes_exit
push eax // table address
mov edx,[eax]
push [edx+2C] // +28
push edx // Index
push string
push 104 // MAX_PATH
push s // buffer
call sprintf_s
add esp,14
push s
call OutputDebugStringA
pop eax
add eax,4
jmp GetIndexes_loop
GetIndexes_exit:
push C8
call kernel32.Sleep
jmp KeyHandlerThread
Toggle:
xor [Toggler],1
push 96
call kernel32.Sleep
jmp KeyHandlerThread
ExitKeyHandler:
ret
[DISABLE]
KeyHandlerOff:
dd 1
unregistersymbol( bPlayersOnly )
unregistersymbol( KeyHandlerOff )
26
"TestIndexes"
Auto Assembler Script
[ENABLE]
alloc( KeyHandlerThread, 4096 )
registersymbol( KeyHandlerThread )
CreateThread( KeyHandlerThread )
label( Toggle )
label( Toggler )
registersymbol( Toggler )
label( KeyHandlerOff )
registersymbol( KeyHandlerOff )
label( ExitKeyHandler )
label( ToggleFly )
label( bFly )
registersymbol( bFly )
label( ToggleFly_exit )
alloc( dwTable, 4096 )
registersymbol( dwTable )
label( dwIndex )
registersymbol( dwIndex )
label( dwCount )
registersymbol( dwCount )
label( TestIndexes )
label( TestIndexes_exit )
label( ResetCount )
dwTable:
dd 0000A4D0
dd 0000A534
dd 0000A571
dd 0000A6D0
dd 0000A6E3
dd 0000A6E4
dd 0000A7EE
dd 0000A7FB
dd 0000A921
dd 0000ADAC
dd 0000ADD2
dd 0000ADE9
dd 0000B370
dd 0000B58B
dd 0000B592
dd 0000B71B
dd 0000B722
dd 0000B7E8
dd 0000BA62
dd 0000BE6D
dd 0000BFDC
dd 0000BFF8
dd 0000BFFD
dd 0000C00C
dd 0000C00D
dd 0000C047
dd 0000C04A
dd 0000C04F
dd 0000C050
dd 0000C157
dd 0000C172
dd 0000C180
dd 0000C192
dd 0000C1A0
dd 0000C2E4
dd 0000C3FB
dd 0000C4FE
dd 0000C4FF
dd 0000C5B7
dd 0000C5C3
dd 0000C72A
dd 0000C760
dd 0000C769
dd 0000C7A4
dd 0000C7A5
dd 0000C7D1
dd 0000C820
dd 0000C821
dd 0000C822
dd 0000C82D
dd 0000C82E
dd 0000C82F
dd 0000C8D7
dd 0000C909
dd 0000CBDF
dd 0000CD7B
dd 0000CE34
dd 0000CE3F
dd 0000CEA2
dd 0000CEC4
dd 0000CECF
dd 0000D46D
dd 0000D48F
dd 0000D494
dd 0000D4A9
dd 0000D569
dd 0000D5AF
dd 0000D649
dd 0000D656
dd 0000D657
dd 0000D6F5
dd 0000D747
dd 0000D75B
dd 0000D7B9
dd 0000D81C
dd 0000D8C7
dd 0000D8D4
dd 0000D91D
dd 0000DB57
dd 0000DB6E
dd 0000DDA1
dd 0000DE5C
dd 0000DE67
dd 0000DE6E
dd 0000E097
dd 0000E0C0
dd 0000E0CB
dd 0000E17C
dd 0000E1BB
dd 0000E296
dd 0000E2D8
dd 0000E304
dd 0000E46F
dd 0000E470
dd 0000E491
dd 0000E49E
dd 0000E4D8
dd 0000E4DF
dd 0000E4F6
dd 0000E507
dd 0000E508
dd 0000E50F
dd 0000E529
dd 0000E52A
dd 0000E564
dd 0000E565
dd 0000E56A
dd 0000E5AB
dd 0000E5AD
dd 0000E5AE
dd 0000E5C5
dd 0000E5C6
dd 0000E5C7
dd 0000E5C8
dd 0000E5C9
dd 0000E5CA
dd 0000E5CB
dd 0000E5E3
dd 0000E603
dd 0000E637
dd 0000E67E
dd 0000E6E5
dd 0000E6F4
dd 0000E6F5
dd 0000E76E
dd 0000E7BD
dd 0000E7C0
dd 0000E7C4
dd 0000E7C5
dd 0000E83A
dd 0000E871
dd 0000EBA6
dd 0000EBAC
dd 0000EE6D
dd 0000EED7
dd 0000EF27
dd 0000F068
dd 0000F1E4
dd 0000F209
dd 0000F21A
dd 0000F21B
dd 0000F255
dd 0000F2A4
dd 0000F315
dd 0000F335
dd 0000F336
dd 0000F3F7
dd 0000F412
dd 0000F458
dd 0000F495
dd 0000F4E7
dd 0000F511
dd 0000F5A6
dd 0000F5AA
dd 0000F674
dd 0000F679
dd 0000F685
dd 0000F68C
dd 0000F6A3
dd 0000F6AC
dd 0000F6B9
dd 0000F780
dd 0000F7CA
dd 0000F7CB
dd 0000F7FD
dd 0000F807
dd 0000F80C
dd 0000F87A
dd 0000F8D4
dd 0000F8E0
dd 0000F8F1
dd 0000F8F2
dd 0000F9CB
dd 0000F9F7
dd 0000FAA1
dd 0000FAC1
dd 0000FAF8
dd 0000FB59
dd 0000FB6E
dd 0000FB70
dd 0000FBF9
dd 0000FC2A
dd 0000FC59
dd 0000FC5C
dd 0000FC5D
dd 0000FCC6
dd 0000FCDB
dd 0000FCE9
dd 0000FCEB
dd 0000FCEC
dd 0000FCEE
dd 0000FCF1
dd 0000FCF8
dd 0000FCFA
dd 0000FD1D
dd 000100A4
dd 00010129
dd 00010135
dd 000101A0
dd 00010237
dd 00010256
dd 00010390
dd 00010391
dd 00010393
dd 00010394
dd 000103A2
dd 000103D2
dd 000103DB
dd 000103DC
dd 000103DF
dd 000103E0
dd 000103E5
dd 000103E6
dd 000104E7
dd 0001067D
dd 0001067E
dd 00010689
dd 0001069A
dd 0001069B
dd 000106C6
dd 00010760
dd 00010768
dd 00010C09
dd 00010C88
dd 00010C89
dd 00010DDB
dd 00010DF3
dd 00010E33
dd 00010E34
dd 00010E36
dd 00010E39
dd 00010E3C
dd 00010E3D
dd 00010E41
dd 00010E44
dd 00010E45
dd 00010E46
dd 00010E48
dd 00010E49
dd 00010E52
dd 00010E66
dd 00010E67
dd 00010E8A
dd 00011379
dd 000113BD
dd 000113C4
dd 000113C9
dd 0001158F
dd 000116C6
dd 0001188F
dd 00011890
dd 00011942
dd 00011943
dd 0001194A
dd 0001194E
dd 0001195B
dd 0001195C
dd 00011A80
dd 00011AAC
dd 00011B67
dd 00011B8F
dd 00011C96
dd 00011CE0
dd 00011CF3
dd 00011D40
dd 00011D41
dd 00011D66
dd 00011D71
dd 00011D74
dd 00011DA4
dd 00011DD5
dd 00011DD6
dd 00011EA5
dd 00011EC3
dd 00011EC5
dd 00011F81
dd 00011F82
dd 00011F84
dd 0001200B
dd 0001200C
dd 0001200E
dd 00012025
dd 00012035
dd 0001203B
dd 0001203D
dd 000120E2
dd 0001216B
dd 0001216F
dd 000121CA
dd 000121CB
dd 00012209
dd 000122C9
dd 000123CA
dd 000123CB
dd 000123CC
dd 000123CD
dd 000123CE
dd 000125EC
dd 000125EF
dd 00012612
dd 0001261B
dd 0001261D
dd 0001266C
dd 0001274A
dd 0001278B
dd 000127F2
dd 000127FD
dd 00012841
dd 000128D1
dd 000128D7
dd 000128DD
dd 00012907
dd 00012943
dd 00012948
dd 00012952
dd 00012953
dd 0001295A
dd 0001295B
dd 00012963
dd 00012A00
dd 00012AD0
dd 00012D93
dd 00012DAA
dd 00012DBD
dd 00012DBE
dd 00012EF7
dd 00012EF9
dd 00012F18
dd 00012F47
dd 00013409
dd 0001344F
dd 00013453
dd 0001345A
dd 00013461
dd 00013615
dd 00013619
dd 0001361A
dd 0001361D
dd 00013675
dd 00013676
dd 000136E9
dd 00013747
dd 00013748
dd 00013749
dd 00013757
dd 00013824
dd 00013893
dd 00013973
dd 000139E9
dd 00013A7C
dd 00013AE0
dd 00013AED
dd 00013B0C
dd 00013B84
dd 00013B85
dd 00013B8F
dd 00013BD5
dd 00013BE2
dd 00013C54
dd 00013D4D
dd 00013DAA
dd 00013DC4
dd 00013DD9
dd 00013E5A
dd 00013EF0
dd 00013EF4
dd 00013EF8
dd 00013EFF
dd 00013F6A
dd 00013F6E
dd 00013F7E
dd 00013FB7
dd 0001405F
dd 0001408B
dd 0001409F
dd 0001415A
dd 0001416A
dd 00014174
dd 00014189
dd 0001418F
dd 000141AA
dd 000141B0
dd 000141C1
dd 000142E0
dd 000142F5
dd 000142F6
dd 00014300
dd 00014349
dd 000143D0
dd 00014525
dd 00014529
dd 000145A0
dd 00014675
dd 00014676
dd 000146B7
dd 000146CC
dd 00014709
dd 0001470A
dd 0001470C
dd 000147A1
dd 000147B8
dd 000147E1
dd 0001484E
dd 00014A08
dd 00014A10
dd 00014A17
dd 00014A25
dd 00014A37
dd 00014A67
dd 00014A75
dd 00014A8E
dd 00014ABA
dd 00014ABC
dd 00014ACC
dd 00014B7A
dd 00014C08
dd 00014C0A
dd 00014C10
dd 00014C12
dd 00014C13
dd 00014C14
dd 00014C15
dd 00014C16
dd 00014C17
dd 00014C18
dd 00014C19
dd 00014C1A
dd 00014C1B
dd 00014C1D
dd 00014C1E
dd 00014C1F
dd 00014C20
dd 00014C21
dd 00014C22
dd 00014C23
dd 00014C24
dd 00014C26
dd 00014C27
dd 00014C28
dd 00014C29
dd 00014C2B
dd 00014C2C
dd 00014C2D
dd 00014C31
dd 00014C32
dd 00014C33
dd 00014C35
dd 00014C36
dd 00014C39
dd 00014C3A
dd 00014C3C
dd 00014C3D
dd 00014C3E
dd 00014C3F
dd 00014C40
dd 00014C41
dd 00014C7F
dd 00014C92
dd 00014C93
dd 00014C99
dd 00014CE7
dd 00014CE8
dd 00014D76
dd 00014E4F
dd 00014F4E
dd 00014F55
dd 00014F57
dd 00014F73
dd 00014F77
dd 000178C6
dd 0001793B
dd 00017981
dd 00017AFD
dd 000180CE
dd 00018C66
dd 000198AE
dd 000198B1
dd 0001993F
dd 00019D90
KeyHandlerThread+300:
Toggler:
dd 1
KeyHandlerThread+304:
KeyHandlerOff:
dd 0
KeyHandlerThread+308:
dwIndex:
dd 0
KeyHandlerThread+30C:
dwCount:
dd 0
KeyHandlerThread+310:
bFly:
dd 0
KeyHandlerThread:
push 0a
call kernel32.Sleep
cmp [KeyHandlerOff],1
je ExitKeyHandler
push 71 //F2
call GetAsyncKeyState
test ax,ax
jne Toggle
cmp [Toggler],1
jne KeyHandlerThread
push 62 //VK_NUMPAD2
call GetAsyncKeyState
test ax,ax
jne ToggleFly
push 65 //VK_NUMPAD5
call GetAsyncKeyState
test ax,ax
jne TestIndexes
push 66 //VK_NUMPAD6
call GetAsyncKeyState
test ax,ax
jne ResetCount
jmp KeyHandlerThread
ToggleFly:
xor [bFly],1
cmp [bFly],0
je @f
push 0
push [dwIndex]
mov ecx,[p2]
call GetIndex
mov ebx,[p1]
mov ecx,[ebx+8C]
mov ecx,[ecx+2C]
mov [ecx+8],eax
mov [ecx+20],eax
mov byte ptr [ebx+84],4
jmp ToggleFly_exit
@@:
push 0
push 393
mov ecx,[p2]
call GetIndex
mov ebx,[p1]
mov ecx,[ebx+8C]
mov ecx,[ecx+2C]
mov [ecx+8],eax
push 0
push 22B
mov ecx,[p2]
call GetIndex
mov ebx,[p1]
mov ecx,[ebx+8C]
mov ecx,[ecx+2C]
mov [ecx+20],eax
mov byte ptr [ebx+84],1
ToggleFly_exit:
push C8
call kernel32.Sleep
jmp KeyHandlerThread
TestIndexes:
mov eax,dwTable
mov ebx,[dwCount]
lea ecx,[eax+ebx]
mov ecx,[ecx]
mov [dwIndex],ecx
add [dwCount],4
TestIndexes_exit:
push C8
call kernel32.Sleep
jmp KeyHandlerThread
ResetCount:
mov [dwCount],0
push C8
call kernel32.Sleep
jmp KeyHandlerThread
Toggle:
xor [Toggler],1
push 96
call kernel32.Sleep
jmp KeyHandlerThread
ExitKeyHandler:
ret
[DISABLE]
KeyHandlerOff:
dd 1
unregistersymbol( dwCount )
unregistersymbol( dwIndex )
unregistersymbol( dwTable )
dealloc( dwTable )
unregistersymbol( bFly )
unregistersymbol( KeyHandlerOff )
unregistersymbol( KeyHandlerThread )
28
"Index"
1
4 Bytes
dwIndex
27
"Count"
1
4 Bytes
dwCount
150
"NoComboReset"
Auto Assembler Script
[ENABLE]
alloc( KillComboReset_Cave, 1024 )
registersymbol( KillComboReset_Cave )
label( back )
label( KillComboReset_Cave_exit )
label( KillComboReset_Cave_skip )
KillComboReset_Cave:
push eax
test esi,esi
je KillComboReset_Cave_exit
mov eax,[esi+10]
test eax,eax
je KillComboReset_Cave_exit
cmp word ptr [eax-B],010F
jne KillComboReset_Cave_exit
mov eax,[eax-9]
cmp word ptr [eax+3E],1188
je KillComboReset_Cave_skip
cmp word ptr [eax+3E],11BC
{je KillComboReset_Cave_skip
cmp word ptr [eax+3E],11D8}
jne KillComboReset_Cave_exit
KillComboReset_Cave_skip:
pop eax
jmp back
KillComboReset_Cave_exit:
pop eax
mov dword ptr [eax],0
jmp back
aobscan( KillComboReset_AOB, CC8B442408C70000000000C20800CC )
label( KillComboReset )
registersymbol( KillComboReset )
KillComboReset_AOB+5:
KillComboReset:
jmp KillComboReset_Cave
nop
back:
[DISABLE]
KillComboReset:
mov dword ptr [eax],0
dealloc( KillComboReset_Cave )
unregistersymbol( KillComboReset_Cave )
Toggle Activation
106
0
151
"[Combos]"
FF0000
1
152
"Current Combo"
4 Bytes
p1
1188
8C
153
"No description"
4 Bytes
pPlayer
4
14B4
8C
154
"Max Battle Combo"
4 Bytes
p1
11BC
8C
155
"Special Combo Counter"
4 Bytes
p1
1414
8C
156
"Special Combo Star(s)"
4 Bytes
p1
1418
8C
157
"Times Combo Got Interrupted"
4 Bytes
p1
1424
8C
158
"Times Got Hit"
4 Bytes
p1
1430
8C
159
"Total Variation"
4 Bytes
p1
1440
8C
160
"Total Hits"
4 Bytes
p1
11C8
8C
161
"??"
4 Bytes
p1
11D8
8C
166
"GetUE3Components"
Auto Assembler Script
[ENABLE]
aobscanmodule( GObjects_AOB, BatmanAC.exe, A1????????8B34B08B4E0C8B7608 )
label( GObjects )
registersymbol( GObjects )
[GObjects_AOB+1]:
GObjects:
aobscanmodule( GNames_AOB, BatmanAC.exe, 8B0D????????833C810074 )
label( GNames )
registersymbol( GNames )
[GNames_AOB+2]:
GNames:
aobscanmodule( ProcessEvent_AOB, BatmanAC.exe, 8B5D08F7????02040000 )
label( ProcessEvent )
registersymbol( ProcessEvent )
ProcessEvent_AOB-30:
ProcessEvent:
[DISABLE]
unregistersymbol( ProcessEvent )
unregistersymbol( GNames )
unregistersymbol( GObjects )
167
"GNames"
1
4 Bytes
GNames
168
"GObjects"
1
4 Bytes
GObjects
169
"ProcessEvent"
1
4 Bytes
ProcessEvent
170
"Dump GNames & GObjects"
Auto Assembler Script
[ENABLE]
alloc( KeyHandlerThread, 4096, BatmanAC.exe )
registersymbol( KeyHandlerThread )
CreateThread( KeyHandlerThread )
alloc( KeyHandlerOff, 4, BatmanAC.exe )
registersymbol( KeyHandlerOff )
label( ExitKeyHandler )
label( szWrite )
label( szNamesFile )
label( szObjectsFile )
label( szNamesFormat )
label( szObjectsFormat )
label( szInvalid )
label( Dump )
label( Dump_exit )
label( DumpNames )
label( DumpNames_0 )
label( DumpNames_1 )
label( DumpNames_exit )
label( DumpObjects )
label( DumpObjects_0 )
label( DumpObjects_1 )
label( DumpObjects_exit )
label( GetName )
registersymbol( GetName )
label( err )
label( GetObject )
registersymbol( GetObject )
label( GetObject_exit )
label( GetObject_err )
label( GetFullName )
registersymbol( GetFullName )
label( GetFullName_0 )
label( GetFullName_NULL )
label( GetFullName_loop_a )
label( GetFullName_next_b )
label( GetFullName_loop_b )
label( GetFullName_next_c )
label( GetFullName_loop_c )
label( GetFullName_next_d )
label( GetFullName_loop_d )
label( GetFullName_next_e )
label( GetFullName_loop_f )
label( GetFullName_next_g )
label( GetFullName_loop_g )
label( GetFullName_next_h )
label( GetFullName_loop_h )
label( GetFullName_next_i )
label( szNull )
label( szFunctionName )
label( FindObject )
registersymbol( FindObject )
label( FindObject_0 )
label( FindObject_1 )
label( FindObject_2 )
label( FindObject_exit )
label( OutputDebug )
registersymbol( OutputDebug )
label( szOutputDebug )
label( OutputDebug_0 )
label( OutputDebug_1 )
label( szFormat )
label( szSeparator )
label( szBuffer )
KeyHandlerOff:
dd 0
KeyHandlerThread+500:
szWrite:
db 'w+',0
szNamesFile:
db 'NamesDump.txt',0
szObjectsFile:
db 'ObjectsDump.txt',0
szNamesFormat:
db 'Name[%06i] %S',0A,0,0
szObjectsFormat:
db 'UObject[%06i] %-50S 0x%08X ( %-50S )',0A,0
szInvalid:
db 'I',0,'N',0,'V',0,'A',0,'L',0,'I',0,'D',0,' ',0,'N',0,'A',0,'M',0,'E',0,' ',0,'I',0,'N',0,'D',0,'E',0,'X',0,0
szNull:
db '(',0,'n',0,'u',0,'l',0,'l',0,')',0,0
szFormat:
db '0x%08X',0
szSeparator:
db ' | ',0
szBuffer:
dd 0
dd 0
dd 0
szFunctionName:
dd 0
KeyHandlerThread+600:
szOutputDebug:
dd 0
KeyHandlerThread:
push 0a
call kernel32.Sleep
cmp [KeyHandlerOff],1
je ExitKeyHandler
push 6F //VK_NUMPAD /
call GetAsyncKeyState
test ax,ax
jne Dump
jmp KeyHandlerThread
Dump:
call DumpNames
call DumpObjects
Dump_exit:
push C8
call kernel32.Sleep
jmp KeyHandlerThread
// ***************
// ** DumpNames **
// ***************
DumpNames:
push ebp
mov ebp,esp
push ecx
and [ebp-4],0
push esi
push szWrite // "w+"
lea eax,[ebp-4]
push szNamesFile // "NamesDump.txt"
push eax
call msvcrt.fopen_s
mov eax,GNames
xor esi,esi
add esp,C
cmp [eax+4],esi
jbe DumpNames_exit
DumpNames_0:
mov ecx,[eax]
lea ecx,[ecx+esi*4]
cmp [ecx],0
je DumpNames_1
mov eax,[ecx]
add eax,10
push eax
push esi
push szNamesFormat // "Name[%06i] %S\0A\00"
push [ebp-4]
call msvcrt.fprintf
mov eax,GNames
add esp,10
DumpNames_1:
inc esi
cmp esi,[eax+4]
jb DumpNames_0
DumpNames_exit:
push [ebp-4]
call msvcrt.fclose
pop ecx
pop esi
mov esp,ebp
pop ebp
ret
db CC CC
// *****************
// ** DumpObjects **
// *****************
DumpObjects:
push ebp
mov ebp,esp
push ecx
and [ebp-4],0
push esi
push szWrite // "w+"
lea eax,[ebp-4]
push szObjectsFile // "ObjectsDump.txt"
push eax
call msvcrt.fopen_s
mov eax,GObjects
xor esi,esi
add esp,C
cmp [eax+4],esi
jbe DumpObjects_exit
DumpObjects_0:
mov ecx,[eax]
lea ecx,[ecx+esi*4]
cmp [ecx],0
je DumpObjects_1
push 0
push 0
mov eax,[ecx]
mov [esp],eax
call GetObject
mov [esp+4],eax
mov eax,[esp]
call GetName
push eax
push esi
push szObjectsFormat // "UObject[%06i] %-50S 0x%08X (%-50S)\0A\00"
push [ebp-4]
call msvcrt.fprintf
mov eax,GObjects
add esp,18
DumpObjects_1:
inc esi
cmp esi,[eax+4]
jb DumpObjects_0
DumpObjects_exit:
push [ebp-4]
call msvcrt.fclose
mov esp,ebp
pop ebp
ret
db CC CC
// *************
// ** GetName **
// *************
GetName:
mov ecx,[eax+1C]
mov eax,GNames
mov edx,[eax+4]
cmp ecx,edx
ja err
mov eax,[eax]
mov eax,[eax+ecx*4]
add eax,10
ret
err:
mov eax,szInvalid // "INVALID NAME INDEX"
ret
db CC CC
// ***************
// ** GetObject **
// ***************
GetObject:
mov edi,eax
test edi,edi
je GetObject_err
mov eax,[edi+24]
test eax,eax
je GetObject_err
call GetFullName
GetObject_exit:
ret
GetObject_err:
mov eax,szInvalid
ret
db CC CC
// ****************
// ** FindObject **
// ****************
FindObject:
push ebp
mov ebp,esp
mov ecx,GObjects
push esi
push edi
xor esi,esi
cmp [ecx+4],esi
jle FindObject_exit
FindObject_0:
mov eax,[ecx]
mov edi,[eax+esi*4]
test edi,edi
je FindObject_1
mov eax,[edi+24]
test eax,eax
je FindObject_1
push [ebp+8]
call GetFullName
push eax
call msvcrt.stricmp
add esp,8
test eax,eax
je FindObject_2
mov ecx,GObjects
FindObject_1:
inc esi
cmp esi,[ecx+4]
jl FindObject_0
FindObject_exit:
pop edi
pop esi
mov esp,ebp
pop ebp
ret 4
FindObject_2:
mov eax,edi
pop edi
pop esi
mov esp,ebp
pop ebp
ret 4
db CC CC
//*********************************
//******** GetFullName ********
//*********************************
GetFullName:
mov eax,[edi+24] // Class
test eax,eax
je GetFullName_NULL
mov ecx,[edi+18] // Outer
test ecx,ecx
je GetFullName_NULL
cmp [ecx+18],0 // Outer->Outer
je GetFullName_0
mov ebx,szFunctionName
mov ecx,GNames // GNames pointer
mov eax,[eax+1C] // FName_Index
mov edx,[ecx]
mov eax,[edx+eax*4]
add eax,10 // Class->GetName
GetFullName_loop_a:
cmp byte ptr [eax],0
je GetFullName_next_b
mov dx,[eax]
mov [ebx],dx
add ebx,2
add eax,2
jmp GetFullName_loop_a
GetFullName_next_b:
mov word ptr [ebx],20 // space character
add ebx,2
mov ecx,[edi+18] // Outer
mov edx,[ecx+18] // Outer->Outer
mov eax,[edx+1C] // FName_Index
mov ecx,GNames // GNames pointer
mov edx,[ecx]
mov eax,[edx+eax*4]
add eax,10 // Outer->Outer->GetName
GetFullName_loop_b:
cmp word ptr [eax],0
je GetFullName_next_c
mov dx,[eax]
mov [ebx],dx
add ebx,2
add eax,2
jmp GetFullName_loop_b
GetFullName_next_c:
mov word ptr [ebx],2E // . character
add ebx,2
mov ecx,[edi+18] // Outer
mov edx,[ecx+1C] // FName_Index
mov eax,GNames // GNames pointer
mov ecx,[eax]
mov edx,[ecx+edx*4]
add edx,10 // Outer->GetName
GetFullName_loop_c:
cmp word ptr [edx],0
je GetFullName_next_d
mov ax,[edx]
mov [ebx],ax
add ebx,2
add edx,2
jmp GetFullName_loop_c
GetFullName_next_d:
mov word ptr [ebx],2E // . character
add ebx,2
mov ecx,GNames // GNames pointer
mov edx,[ecx]
mov eax,[edi+1C] // this - FName_Index
mov eax,[edx+eax*4]
add eax,10 // this->GetName
GetFullName_loop_d:
cmp word ptr [eax],0
je GetFullName_next_e
mov dx,[eax]
mov [ebx],dx
add ebx,2
add eax,2
jmp GetFullName_loop_d
GetFullName_next_e:
mov word ptr [ebx],0
mov eax,szFunctionName
ret
GetFullName_0:
mov ebx,szFunctionName
mov edx,GNames // GNames pointer
mov ecx,[eax+1C] // FName_Index
mov eax,[edx]
mov ecx,[eax+ecx*4]
add ecx,10 // Class->GetName
GetFullName_loop_f:
cmp word ptr [ecx],0
je GetFullName_next_g
mov ax,[ecx]
mov [ebx],ax
add ebx,2
add ecx,2
jmp GetFullName_loop_f
GetFullName_next_g:
mov word ptr [ebx],20 // space character
add ebx,2
mov edx,[edi+18] // Outer
mov eax,[edx+1C] // FName_Index
mov ecx,GNames // GNames pointer
mov edx,[ecx]
mov eax,[edx+eax*4]
add eax,10 // Outer->GetName
GetFullName_loop_g:
cmp word ptr [eax],0
je GetFullName_next_h
mov cx,[eax]
mov [ebx],cx
add ebx,2
add eax,2
jmp GetFullName_loop_g
GetFullName_next_h:
mov word ptr [ebx],2E // . character
add ebx,2
mov edx,GNames // GNames pointer
mov eax,[edx]
mov ecx,[edi+1C] // this - FName_Index
mov ecx,[eax+ecx*4]
add ecx,10 // this->GetName
GetFullName_loop_h:
cmp word ptr [ecx],0
je GetFullName_next_i
mov ax,[ecx]
mov [ebx],ax
add ebx,2
add ecx,2
jmp GetFullName_loop_h
GetFullName_next_i:
mov byte ptr [ebx],0
mov eax,szFunctionName
ret
GetFullName_NULL:
mov eax,szNull
ret
db CC CC
//*********************
//** OutputDebug **
//*********************
OutputDebug:
push ebp
mov ebp,esp
mov eax,szOutputDebug
mov ecx,ebx
OutputDebug_0:
cmp byte ptr [ecx],0
je OutputDebug_1
mov dl,[ecx]
mov [eax],dl
inc ecx
inc eax
jmp OutputDebug_0
OutputDebug_1:
mov byte ptr [eax],0
push szSeparator
push szOutputDebug
call lstrcatA
push [ebp+8]
push szFormat
push szBuffer
call wsprintfA
add esp,C
push szBuffer
push szOutputDebug
call lstrcatA
push szOutputDebug
call OutputDebugStringA
mov esp,ebp
pop ebp
ret 4
ExitKeyHandler:
mov [KeyHandlerOff],2
ret
[DISABLE]
{$lua}
if( syntaxcheck == false ) then --actual execution
local starttime = getTickCount()
if readInteger( "KeyHandlerOff" ) == 0 then --could be 2 already
writeInteger( "KeyHandlerOff", 1 ) --tell the thread to kill itself
end
while( getTickCount() < starttime + 1000 ) and ( readInteger( "KeyHandlerOff" ) ~= 2 ) do --wait till it has finished
sleep( 20 )
end
if( getTickCount() > starttime + 1000 ) then --could happen when the window is shown
showMessage( 'Disabling the thread failed!' )
error( 'Thread disabling failed!' )
end
sleep( 1 )
end
{$asm}
unregistersymbol( OutputDebug )
unregistersymbol( FindObject )
unregistersymbol( GetName )
unregistersymbol( GetObject )
unregistersymbol( GetFullName )
unregistersymbol( KeyHandlerOff )
dealloc( KeyHandlerOff )
unregistersymbol( KeyHandlerThread )
dealloc( KeyHandlerThread )
178
"HookObj"
Auto Assembler Script
[ENABLE]
alloc( pCave, 1024, BatmanAC.exe )
alloc( pObject, 128, BatmanAC.exe )
registersymbol( pObject )
label( back )
label( szNull )
label( szUTPlayerController )
label( szUTCheatManager )
label( szDefault_UTCheatManager )
label( pStore )
label( pUTPlayerController )
label( bOK )
label( szName )
label( pCave_reset )
label( pCave_continue )
label( pCave_exit )
label( pCave_loop )
label( loc_ret )
label( pCave_original )
label( pCave_start )
label( GetFullName_0 )
label( GetFullName_00 )
label( GetFullName_NULL_0 )
label( szFunctionName_0 )
pCave+500:
szNull:
db '(',0,'n',0,'u',0,'l',0,'l',0,')',0,0,0,0
pCave+520:
szUTPlayerController:
db 52,00,50,00,6C,00,61,00,79,00,65,00,72,00,43,00,6F,00,6E,00,74,00,72,00,6F,00,6C,00,6C,00,65,00,72,00,43,00,6F,00,6D,00,62,00,61,00,74,00,20,00,54,00,68,00,65,00,57,00,6F,00,72,00,6C,00,64,00,2E,00,50,00,65,00,72,00,73,00,69,00,73,00,74,00,65,00,6E,00,74,00,4C,00,65,00,76,00,65,00,6C,00,2E,00,52,00,50,00,6C,00,61,00,79,00,65,00,72,00,43,00,6F,00,6E,00,74,00,72,00,6F,00,6C,00,6C,00,65,00,72,00,43,00,6F,00,6D,00,62,00,61,00,74,00,00,00,00
pCave+5C0:
szUTCheatManager:
db 43,00,6C,00,61,00,73,00,73,00,20,00,42,00,6D,00,47,00,61,00,6D,00,65,00,2E,00,52,00,43,00,68,00,65,00,61,00,74,00,4D,00,61,00,6E,00,61,00,67,00,65,00,72,00,00,00,00
pCave+610:
szDefault_UTCheatManager:
db 52,00,43,00,68,00,65,00,61,00,74,00,4D,00,61,00,6E,00,61,00,67,00,65,00,72,00,20,00,42,00,6D,00,47,00,61,00,6D,00,65,00,2E,00,44,00,65,00,66,00,61,00,75,00,6C,00,74,00,5F,00,5F,00,52,00,43,00,68,00,65,00,61,00,74,00,4D,00,61,00,6E,00,61,00,67,00,65,00,72,00,00,00,00
pStore:
dd 0
pUTPlayerController:
dd 0
bOK:
dd 0
szName:
db 0
pCave+700:
szFunctionName_0:
dd 0
pObject+8:
db 00 00 10 00
pCave:
cmp eax,[pUTPlayerController]
je pCave_reset
mov [pUTPlayerController],eax
pCave_start:
pushad
mov eax,GObjects
xor esi,esi
cmp [eax+4],esi
jbe pCave_exit
pCave_loop:
mov ecx,[eax]
lea ecx,[ecx+esi*4]
cmp [ecx],0
je pCave_continue
mov edi,[ecx]
call GetFullName_0
mov [pStore],eax
push [pStore]
push szUTPlayerController
call lstrcmpW
test eax,eax
jne short @f
mov [pObject+18],edi
mov [bOK],1
jmp short loc_ret
@@:
push [pStore]
push szUTCheatManager
call lstrcmpW
test eax,eax
jne short @f
mov [pObject+24],edi
jmp short loc_ret
@@:
push [pStore]
push szDefault_UTCheatManager
call lstrcmpW
test eax,eax
jne short @f
mov eax,[edi]
mov [pObject],eax
@@:
loc_ret:
mov eax,GObjects
pCave_continue:
inc esi
cmp esi,[eax+4]
jb pCave_loop
cmp byte ptr [bOK],1
jne short @f
mov eax,[esp+1C]
mov [eax+438],pObject
@@:
pCave_exit:
popad
pCave_original:
cmp [eax+438],0
jmp back
pCave_reset:
mov [bOK],0
cmp [eax+438],0
jne short @f
jmp pCave_start
@@:
jmp short pCave_original
db CC CC
//*********************************
//******** GetFullName ********
//*********************************
GetFullName_0:
mov eax,[edi+24] // Class
test eax,eax
je GetFullName_NULL_0
mov ecx,[edi+18] // Outer
test ecx,ecx
je GetFullName_NULL_0
cmp [ecx+18],0 // Outer->Outer
je GetFullName_00
mov ebx,szFunctionName_0
mov ecx,GNames // GNames pointer
mov eax,[eax+1C] // FName_Index
mov edx,[ecx]
mov eax,[edx+eax*4]
add eax,10 // Class->GetName
@@:
cmp byte ptr [eax],0
je short @f
mov dx,[eax]
mov [ebx],dx
add ebx,2
add eax,2
jmp short @b
@@:
mov word ptr [ebx],20 // space character
add ebx,2
mov ecx,[edi+18] // Outer
mov edx,[ecx+18] // Outer->Outer
mov eax,[edx+1C] // FName_Index
mov ecx,GNames // GNames pointer
mov edx,[ecx]
mov eax,[edx+eax*4]
add eax,10 // Outer->Outer->GetName
@@:
cmp word ptr [eax],0
je short @f
mov dx,[eax]
mov [ebx],dx
add ebx,2
add eax,2
jmp short @b
@@:
mov word ptr [ebx],2E // . character
add ebx,2
mov ecx,[edi+18] // Outer
mov edx,[ecx+1C] // FName_Index
mov eax,GNames // GNames pointer
mov ecx,[eax]
mov edx,[ecx+edx*4]
add edx,10 // Outer->GetName
@@:
cmp word ptr [edx],0
je short @f
mov ax,[edx]
mov [ebx],ax
add ebx,2
add edx,2
jmp short @b
@@:
mov word ptr [ebx],2E // . character
add ebx,2
mov ecx,GNames // GNames pointer
mov edx,[ecx]
mov eax,[edi+1C] // this - FName_Index
mov eax,[edx+eax*4]
add eax,10 // this->GetName
@@:
cmp word ptr [eax],0
je short @f
mov dx,[eax]
mov [ebx],dx
add ebx,2
add eax,2
jmp short @b
@@:
mov word ptr [ebx],0
mov eax,szFunctionName_0
ret
GetFullName_00:
mov ebx,szFunctionName_0
mov edx,GNames // GNames pointer
mov ecx,[eax+1C] // FName_Index
mov eax,[edx]
mov ecx,[eax+ecx*4]
add ecx,10 // Class->GetName
@@:
cmp word ptr [ecx],0
je short @f
mov ax,[ecx]
mov [ebx],ax
add ebx,2
add ecx,2
jmp short @b
@@:
mov word ptr [ebx],20 // space character
add ebx,2
mov edx,[edi+18] // Outer
mov eax,[edx+1C] // FName_Index
mov ecx,GNames // GNames pointer
mov edx,[ecx]
mov eax,[edx+eax*4]
add eax,10 // Outer->GetName
@@:
cmp word ptr [eax],0
je short @f
mov cx,[eax]
mov [ebx],cx
add ebx,2
add eax,2
jmp short @b
@@:
mov word ptr [ebx],2E // . character
add ebx,2
mov edx,GNames // GNames pointer
mov eax,[edx]
mov ecx,[edi+1C] // this - FName_Index
mov ecx,[eax+ecx*4]
add ecx,10 // this->GetName
@@:
cmp word ptr [ecx],0
je short @f
mov ax,[ecx]
mov [ebx],ax
add ebx,2
add ecx,2
jmp short @b
@@:
mov byte ptr [ebx],0
mov eax,szFunctionName_0
ret
GetFullName_NULL_0:
mov eax,szNull
ret
BatmanAC.exe+3CE6C9:
jmp pCave
db 90 90
back:
[DISABLE]
BatmanAC.exe+3CE6C9:
cmp [eax+438],0
unregistersymbol( pObject )
dealloc( pObject )
dealloc( pCave )
UpgradePtsAndXP
01664900
Toggler
08890500
bPlayersOnly
08890508
bGhost
0889050C
bHUD
08890514
p0
1C2F0400
p1
1C2F0404
p2
1C2F0408
EPhysicsChange_Hook
1C2F00A5
bFly
1C2F040C
bAmmo
1C2F0414
bGod
1C2F0410
bCombo
1C2F0418
dwEPhysicsHook
007A7144
dwStopEPhysicsChange
007AE829
GetIndex
0048B1F0
SetIndex
004408F0
TheWorld
01664900
KillComboReset
00435664
GObjects
01643CE0
GNames
016019C8
ProcessEvent
00447800
pRPlayerControllerCombat
2816061D
(Don't remove the below!)
Created by: SunBeam
Updated: 20 Aug 2016