146
"Activate (Numpad 0)"
Auto Assembler Script
[ENABLE]
globalalloc(cameraBase1, 4)
globalalloc(cameraBase2, 4)
aobscan(cameraBase1Hook, F3 0F 10 6E 14 0F C6 ED 00 F3 0F 11 84 24 CC 00 00 00 0F 28 B4 24 90 00 00 00 0F 28 BC 24 80 00 00 00 0F 59 F5 F3 0F 10 6E 10 0F C6 ED 00 0F 59 FD F3 0F 10 6E 18) // should be unique
aobscan(cameraBase2Hook,F3 0F 10 8E 14 01 00 00 F3 0F 10 86 10 01 00 00 F3 0F 10 A6 50 01 00 00 F3 0F 10 96 18 01 00 00 0F 28 F0 F3 0F 59 B6 54 01 00 00 8D 8E 60 01 00 00 0F 28 E9 F3 0F 59 29 0F 28 FC F3 0F 59 F8 F3 0F 58 EF 0F 28 FA F3 0F 59 BE 70 01 00 00) // should be unique
alloc(newmem1,$1000)
alloc(newmem2,$1000)
label(return1)
label(return2)
registersymbol(cameraBase1Hook)
registersymbol(cameraBase2Hook)
newmem1:
mov [cameraBase1], esi
movss xmm5,[esi+14]
jmp return1
cameraBase1:
cameraBase1Hook:
jmp newmem1
return1:
newmem2:
mov [cameraBase2],esi
movss xmm1,[esi+00000114]
jmp return2
cameraBase2:
cameraBase2Hook:
jmp newmem2
nop
nop
nop
return2:
[DISABLE]
cameraBase1Hook:
db F3 0F 10 6E 14
cameraBase2Hook:
db F3 0F 10 8E 14 01 00 00
unregistersymbol(cameraBase1Hook)
unregistersymbol(cameraBase2Hook)
dealloc(newmem1)
dealloc(newmem2)
Toggle Activation
96
0
25
"Detact Camera From Character"
Auto Assembler Script
[ENABLE]
aobscan(disableCamFollow, F3 0F 10 41 20 F3 0F 58 41 10 F3 0F 11 41 10 F3 0F 10 41 24 F3 0F 58 41 14 F3 0F 11 41 14 F3 0F 10 41 28 F3 0F 58 41 18 F3 0F 11 41 18 C2 04 00)
registersymbol(disableCamFollow)
disableCamFollow:
db F3 0F 10 41 20 F3 0F 58 41 10 90 90 90 90 90 F3 0F 10 41 24 F3 0F 58 41 14 90 90 90 90 90 F3 0F 10 41 28 F3 0F 58 41 18 90 90 90 90 90 C2 04 00
[DISABLE]
disableCamFollow:
db F3 0F 10 41 20 F3 0F 58 41 10 F3 0F 11 41 10 F3 0F 10 41 24 F3 0F 58 41 14 F3 0F 11 41 14 F3 0F 10 41 28 F3 0F 58 41 18 F3 0F 11 41 18 C2 04 00
unregistersymbol(disableCamFollow)
33
"Disable Camera Collision"
Auto Assembler Script
[ENABLE]
aobscan(disableCamCollision, F3 0F 10 84 24 E0 00 00 00 F3 0F 11 06 F3 0F 10 84 24 E4 00 00 00 F3 0F 11 46 04 F3 0F 10 84 24 E8 00 00 00 F3 0F 11 46 08 0F 57 C0 F3 0F 11 46 0C C6 44 24 07 01)
aobscan(disableCamCollision2, F3 0F 11 06 F3 0F 11 4E 04 F3 0F 11 56 08 0F 57 C0 F3 0F 11 46 0C C6 44 24 07 01 8D 8C 24 10 01 00 00)
registersymbol(disableCamCollision)
registersymbol(disableCamCollision2)
disableCamCollision:
db F3 0F 10 84 24 E0 00 00 00 90 90 90 90 F3 0F 10 84 24 E4 00 00 00 90 90 90 90 90 F3 0F 10 84 24 E8 00 00 00 90 90 90 90 90 0F 57 C0 F3 0F 11 46 0C C6 44 24 07 01
disableCamCollision2:
db 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0F 57 C0 F3 0F 11 46 0C C6 44 24 07 01 8D 8C 24 10 01 00 00
[DISABLE]
disableCamCollision:
db F3 0F 10 84 24 E0 00 00 00 F3 0F 11 06 F3 0F 10 84 24 E4 00 00 00 F3 0F 11 46 04 F3 0F 10 84 24 E8 00 00 00 F3 0F 11 46 08 0F 57 C0 F3 0F 11 46 0C C6 44 24 07 01
disableCamCollision2:
db F3 0F 11 06 F3 0F 11 4E 04 F3 0F 11 56 08 0F 57 C0 F3 0F 11 46 0C C6 44 24 07 01 8D 8C 24 10 01 00 00
unregistersymbol(disableCamCollision)
unregistersymbol(disableCamCollision2)
26
"Free Fly Camera (NumPad: 8, 4, 5, 6, 9, 3)"
Auto Assembler Script
[ENABLE]
alloc(flyMode, 2048)
alloc(flyEnabled, 1)
createthread(flyMode)
label(loopStart)
label(skipAll)
label(moveForward)
label(skipForward)
label(moveLeft)
label(skipLeft)
label(moveRight)
label(skipRight)
label(moveBackward)
label(skipBackward)
label(incZ)
label(skipIncZ)
label(decZ)
label(skipDecZ)
label(modifier)
registersymbol(flyMode)
registersymbol(flyEnabled)
registersymbol(modifier)
flyEnabled:
db 01
flyMode:
//Loop until cheat is disabled
loopStart:
//Create input delay
push 05
call kernel32.Sleep
//Grab Camera Base
mov edi, [cameraBase1]
mov esi, [cameraBase2]
cmp edi, 0
je skipAll
cmp esi, 0
je skipAll
//VK_NUMPAD8
push 68
call GetAsyncKeyState
shr ax,#15
cmp ax,1
jne skipForward
call moveForward
skipForward:
//VK_NUMPAD4
push 64
call GetAsyncKeyState
shr ax,#15
cmp ax,1
jne skipLeft
call moveLeft
skipLeft:
//VK_NUMPAD6
push 66
call GetAsyncKeyState
shr ax,#15
cmp ax,1
jne skipRight
call moveRight
skipRight:
//VK_NUMPAD5
push 65
call GetAsyncKeyState
shr ax,#15
cmp ax,1
jne skipBackward
call moveBackward
skipBackward:
//VK_NUMPAD9
push 69
call GetAsyncKeyState
shr ax,#15
cmp ax,1
jne skipIncZ
call incZ
skipIncZ:
//VK_NUMPAD3
push 63
call GetAsyncKeyState
shr ax,#15
cmp ax,1
jne skipDecZ
call decZ
skipDecZ:
skipAll:
//Clear Registers
xorps xmm0,xmm0
xorps xmm1,xmm1
xorps xmm2,xmm2
xorps xmm3,xmm3
xorps xmm4,xmm4
xorps xmm5,xmm5
cmp [flyEnabled], 1
je loopStart
dealloc(flyEnabled)
//Terminate thread
push 0 //dwExitCode = 0
call GetCurrentThread
push eax //hThread = GetCurrentThread()
push 0 //return address = NULL
push 8000 //dwFreeType = MEM_RELEASE
push 0 //dwSize = 0
push flyMode //dwAddress = mythread
push TerminateThread //return address = TerminateThread
jmp VirtualFree
moveForward:
movss xmm0,[esi+110] // Cosine Value
movss xmm1,[esi+B0] // Sine Value
mulss xmm0,[modifier] // Multiply Cosine by Speed
mulss xmm1,[modifier] // Multiply Sine by Speed
//Load XYZ
movss xmm2, [edi+10] // Load X
movss xmm3, [edi+18] // Load Y
movss xmm4, [edi+14] // Load Z
subss xmm3,xmm0
addss xmm2,xmm1
movss xmm5,[edi-80] // Load Z Pitch
mulss xmm5,[modifier]// Multiply pitch by modifier
addss xmm4,xmm5 // Add result to Z
//Store XYZ
movss [edi+10], xmm2 //Store X
movss [edi+18], xmm3 //Store Y
movss [edi+14], xmm4 //Store Z
ret
moveLeft:
movss xmm0,[esi+110] // Cosine Value
movss xmm1,[esi+B0] // Sine Value
mulss xmm0,[modifier] // Multiply Cosine by Speed
mulss xmm1,[modifier] // Multiply Sine by Speed
//Load XYZ
movss xmm2, [edi+10] // Load X
movss xmm3, [edi+18] // Load Y
subss xmm2,xmm0
subss xmm3,xmm1
//Store XYZ
movss [edi+10], xmm2 //Store X
movss [edi+18], xmm3 //Store Y
ret
moveRight:
movss xmm0,[esi+110] // Cosine Value
movss xmm1,[esi+B0] // Sine Value
mulss xmm0,[modifier] // Multiply Cosine by Speed
mulss xmm1,[modifier] // Multiply Sine by Speed
//Load XYZ
movss xmm2, [edi+10] // Load X
movss xmm3, [edi+18] // Load Y
addss xmm2,xmm0
addss xmm3,xmm1
//Store XYZ
movss [edi+10], xmm2 //Store X
movss [edi+18], xmm3 //Store Y
ret
moveBackward:
movss xmm0,[esi+110] // Cosine Value
movss xmm1,[esi+B0] // Sine Value
mulss xmm0,[modifier] // Multiply Cosine by Speed
mulss xmm1,[modifier] // Multiply Sine by Speed
//Load XYZ
movss xmm2, [edi+10] // Load X
movss xmm3, [edi+18] // Load Y
movss xmm4, [edi+14] // Load Z
addss xmm3,xmm0
subss xmm2,xmm1
movss xmm5,[edi-80] // Load Z Pitch
mulss xmm5,[modifier]// Multiply pitch by modifier
subss xmm4,xmm5 // Add result to Z
//Store XYZ
movss [edi+10], xmm2 //Store X
movss [edi+18], xmm3 //Store Y
movss [edi+14], xmm4 //Store Z
ret
//Change Z
incZ:
fld dword ptr [edi+14] // Load Z
fadd dword ptr [modifier] // Add Modifier
fstp dword ptr [edi+14] // Store Z
ret
decZ:
fld dword ptr [edi+14] // Load Z
fsub dword ptr [modifier] // Subtract Modifier
fstp dword ptr [edi+14] // Store Z
ret
modifier:
dd (float)25.00
[DISABLE]
flyEnabled:
db 00
unregistersymbol(flyMode)
unregistersymbol(flyEnabled)
unregistersymbol(modifier)
147
"Fly Speed"
Float
modifier
23
"X"
Float
cameraBase1
10
22
"Y"
Float
cameraBase1
18
21
"Z"
Float
cameraBase1
14
32
"Pitch"
Float
cameraBase1
FFFFFF80
144
"Sine"
Float
cameraBase2
B0
145
"Cosine"
Float
cameraBase2
110
Change of movss [edi+04],xmm0
007C90B2
DDDA.exe
3C90B2
83
54
02
00
00
F3
0F
11
47
04
F3
0F
10
47
08
Change of movss [edi+04],xmm0
007C8AA6
DDDA.exe
3C8AA6
83
04
01
00
00
F3
0F
11
47
04
F3
0F
10
47
08
Change of fstp dword ptr [ecx+04]
007C60AB
DDDA.exe
3C60AB
D9
19
D9
40
04
D9
59
04
D9
40
08
D9
59
Change of movss [esi+04],xmm0
007C6120
DDDA.exe
3C6120
C1
F3
0F
10
0E
F3
0F
11
46
04
F3
0F
11
84
24
Change of movss [edi+04],xmm5
007C7AFF
DDDA.exe
3C7AFF
DE
F3
0F
11
0F
F3
0F
11
6F
04
F3
0F
11
5F
08
Change of movss [esi+04],xmm0
007C6376
DDDA.exe
3C6376
D3
F3
0F
58
C2
F3
0F
11
46
04
F3
0F
10
46
08
Change of movss [ebx+44],xmm3
007DCD2F
DDDA.exe
3DCD2F
F3
0F
11
43
40
F3
0F
11
5B
44
F3
0F
11
53
48
Change of movss xmm1,[edi+44]
00885B0E
DDDA.exe
485B0E
24
80
00
00
00
F3
0F
10
4F
44
F3
0F
11
8C
24
Change of fstp dword ptr [edi+000002A0]
007DA2CF
DDDA.exe
3DA2CF
00
00
D9
47
60
D9
9F
A0
02
00
00
D9
47
64
D9
9F
Change of jbe 007DEC7E
007DEB6B
DDDA.exe
3DEB6B
05
4C
6E
4E
01
0F
86
0D
01
00
00
F3
0F
10
03
F3
Change of movss [ebx+40],xmm0
007DCD2A
DDDA.exe
3DCD2A
F3
0F
58
D1
5E
F3
0F
11
43
40
F3
0F
11
5B
44
Change of movss [esi],xmm0
007DBAA3
DDDA.exe
3DBAA3
0F
5C
54
24
38
F3
0F
11
06
F3
0F
11
4E
04
Change of movss [esi],xmm0
007DB8F3
DDDA.exe
3DB8F3
24
E0
00
00
00
F3
0F
11
06
F3
0F
10
84
24
Change of movss [ebx+48],xmm2
007DCD34
DDDA.exe
3DCD34
F3
0F
11
5B
44
F3
0F
11
53
48
F3
0F
11
6B
4C
Change of movss [esi+08],xmm2
007DBAAC
DDDA.exe
3DBAAC
F3
0F
11
4E
04
F3
0F
11
56
08
0F
57
C0
F3
0F
Change of movss [esi+08],xmm0
007DB90E
DDDA.exe
3DB90E
24
E8
00
00
00
F3
0F
11
46
08
0F
57
C0
F3
0F
Change of movss [esi+04],xmm1
007DBAA7
DDDA.exe
3DBAA7
38
F3
0F
11
06
F3
0F
11
4E
04
F3
0F
11
56
08
Change of movss [esi+04],xmm0
007DB900
DDDA.exe
3DB900
24
E4
00
00
00
F3
0F
11
46
04
F3
0F
10
84
24
Change of fstp dword ptr [ecx]
007DCA14
DDDA.exe
3DCA14
D9
00
8D
4B
60
D9
19
89
4C
24
10
D9
Change of movss [ebx],xmm3
007DED4E
DDDA.exe
3DED4E
08
F3
0F
58
D8
F3
0F
11
1B
F3
0F
10
5B
04
Change of subss xmm0,[eax+64]
007C5CBE
DDDA.exe
3C5CBE
F3
0F
10
40
44
F3
0F
5C
40
64
F3
0F
11
44
24
Change of movss [ebx+50],xmm0
007DE5E8
DDDA.exe
3DE5E8
24
20
8B
5B
04
F3
0F
11
43
50
F3
0F
11
4B
54
Change of movss [ebx+58],xmm2
007DE5F2
DDDA.exe
3DE5F2
F3
0F
11
4B
54
F3
0F
11
53
58
0F
57
C0
F3
0F
Change of movss [ebx+54],xmm1
007DE5ED
DDDA.exe
3DE5ED
F3
0F
11
43
50
F3
0F
11
4B
54
F3
0F
11
53
58
Change of movss xmm5,[esi+14]
007B1755
DDDA.exe
3B1755
24
C8
00
00
00
F3
0F
10
6E
14
0F
C6
ED
00
F3
Change of movss [ecx+14],xmm0
007B9AE9
DDDA.exe
3B9AE9
F3
0F
58
41
14
F3
0F
11
41
14
F3
0F
10
41
28
Change of movss [ecx+18],xmm0
007B9AF8
DDDA.exe
3B9AF8
F3
0F
58
41
18
F3
0F
11
41
18
C2
04
00
B8
70
Change of movss [ecx+10],xmm0
007B9ADA
DDDA.exe
3B9ADA
F3
0F
58
41
10
F3
0F
11
41
10
F3
0F
10
41
24
Change of subss xmm0,[edx+04]
007B99DD
DDDA.exe
3B99DD
F3
0F
10
41
04
F3
0F
5C
42
04
F3
0F
11
40
04
Change of movss [ecx+10],xmm0
007CBF34
DDDA.exe
3CBF34
51
14
0F
2F
D4
F3
0F
11
41
10
0F
28
C2
F3
0F
Change of movss [ecx+10],xmm0
007CBECA
DDDA.exe
3CBECA
0D
C4
7B
61
01
F3
0F
11
41
10
F3
0F
10
41
24
Change of movss [esi+0C],xmm0
007DB916
DDDA.exe
3DB916
46
08
0F
57
C0
F3
0F
11
46
0C
C6
44
24
07
01
Change of push 18
7520DCD2
USER32.dll
1DCD2
45
E8
8D
45
E8
6A
18
50
FF
15
70
D5
Change of push eax
7520DCD4
USER32.dll
1DCD4
8D
45
E8
90
90
50
FF
15
70
D5
28
Change of call dword ptr [7528D570]
7520DCD5
USER32.dll
1DCD5
45
E8
90
90
90
FF
15
70
D5
28
75
8B
E5
5D
C2
04
Change of jne 7732EEEE
7732EECF
ntdll.dll
3EECF
57
83
46
08
FF
75
1D
C7
46
0C
01
00
Change of movss xmm0,[ecx+24]
007CBECF
DDDA.exe
3CBECF
90
90
90
90
90
F3
0F
10
41
24
F3
0F
58
41
14
Change of addss xmm0,[ecx+14]
007CBED4
DDDA.exe
3CBED4
F3
0F
10
41
24
F3
0F
58
41
14
F3
0F
11
41
14
Change of addss xmm0,[ecx+18]
007CBEE3
DDDA.exe
3CBEE3
F3
0F
10
41
28
F3
0F
58
41
18
F3
0F
11
41
18
Change of movss [ecx+14],xmm0
007CBED9
DDDA.exe
3CBED9
F3
0F
58
41
14
F3
0F
11
41
14
F3
0F
10
41
28
Change of movss [ecx+18],xmm0
007CBEE8
DDDA.exe
3CBEE8
F3
0F
58
41
18
F3
0F
11
41
18
F3
0F
10
51
10
playerBase
3CBA0010
cameraBase1
24D70000
cameraBase2
24D70010