116
"Activate (Numpad 0)"
Auto Assembler Script
[ENABLE]
alloc(newmem,$1000)
alloc(newmem2,$1000)
globalalloc(cameraBase,4)
globalalloc(cameraBase2,4)
aobscan(cameraBaseHook,F3 0F 10 4B 0C F3 0F 10 84 24 DC 00 00 00 8B 44 24 38 8B 8C 24 84 00 00 00 0F 5A C0 0F 5A C9) // should be unique
aobscan(cameraBaseHook2,0F 29 3E 0F 28 E6 0F C6 E6 AA 0F 29 64 24 70 0F 28 64 24 10 0F 59 E7 0F 28 D6 0F C6 D6 55)
registersymbol(cameraBaseHook)
registersymbol(cameraBaseHook2)
label(return)
label(return2)
newmem:
mov [cameraBase],ebx
movss xmm1,[ebx+0C]
jmp return
cameraBaseHook:
jmp newmem
return:
newmem2:
mov [cameraBase2],esi
readmem(cameraBaseHook2,6)
jmp return2
cameraBaseHook2:
jmp newmem2
nop
return2:
[DISABLE]
cameraBaseHook:
db F3 0F 10 4B 0C
cameraBaseHook2:
db 0F 29 3E 0F 28 E6
unregistersymbol(cameraBaseHook)
unregistersymbol(cameraBaseHook2)
dealloc(newmem)
dealloc(newmem2)
Toggle Activation
96
0
120
"Detach Camera From Character"
Auto Assembler Script
[ENABLE]
aobscan(detachCamera1, 66 0F D6 07 89 4F 08 8D 44 24 5C 50 8D 8C 24 E0 00 00 00)
aobscan(detachCamera2, F3 0F 11 43 0C 0F 28 C1 F3 0F 59 84 24 E0 00 00 00 F3 0F 58 07 F3 0F 11 07)
registersymbol(detachCamera1)
registersymbol(detachCamera2)
detachCamera1:
db 90 90 90 90 90 90 90 8D 44 24 5C 50 8D 8C 24 E0 00 00 00
detachCamera2:
db 90 90 90 90 90 0F 28 C1 F3 0F 59 84 24 E0 00 00 00 F3 0F 58 07 F3 0F 11 07
[DISABLE]
detachCamera1:
db 66 0F D6 07 89 4F 08 8D 44 24 5C 50 8D 8C 24 E0 00 00 00
detachCamera2:
db F3 0F 11 43 0C 0F 28 C1 F3 0F 59 84 24 E0 00 00 00 F3 0F 58 07 F3 0F 11 07
unregistersymbol(detachCamera1)
unregistersymbol(detachCamera2)
128
"Disable Motion Blur"
Auto Assembler Script
[ENABLE]
aobscan(disableMotionBlur,85 C9 0F ?? ?? ?? ?? ?? 8B 11 8B 52 28 8D 84 24 90 00 00 00 50 FF D2 84 C0 0F ?? ?? ?? ?? ?? 8B 06)
registersymbol(disableMotionBlur)
disableMotionBlur:
db 31
disableMotionBlur+17:
db 30
[DISABLE]
disableMotionBlur:
db 85
disableMotionBlur+17:
db 84
unregistersymbol(disableMotionBlur)
123
"Free Fly Camera (Numpad: 8, 4, 5, 6, 9, 3)"
Auto Assembler Script
//Offsets
define(sin,8)
define(cos,0)
define(x,8)
define(y,10)
define(z,C)
define(pitch,24)
//Defaults
define(speed,(float)0.10)
[ENABLE]
alloc(flyMode, 2048)
alloc(flyEnabled, 1)
createthread(flyMode)
label(loopStart)
label(skipAll)
label(moveForward)
label(skipForward)
label(moveLeft)
label(skipLeft)
label(moveRight)
label(skipRight)
label(moveBackward)
label(skipBackward)
label(incZ)
label(skipIncZ)
label(decZ)
label(skipDecZ)
label(moveSpeed)
registersymbol(flyMode)
registersymbol(flyEnabled)
registersymbol(moveSpeed)
flyEnabled:
db 01
flyMode:
//Loop until cheat is disabled
loopStart:
//Create input delay
push 01
call kernel32.Sleep
//Grab Camera Base
mov edi, [cameraBase]
mov esi, [cameraBase2]
cmp edi, 0
je skipAll
cmp esi, 0
je skipAll
//VK_NUMPAD8
push 68
call GetAsyncKeyState
shr ax,#15
cmp ax,1
jne skipForward
call moveForward
skipForward:
//VK_NUMPAD4
push 64
call GetAsyncKeyState
shr ax,#15
cmp ax,1
jne skipLeft
call moveLeft
skipLeft:
//VK_NUMPAD6
push 66
call GetAsyncKeyState
shr ax,#15
cmp ax,1
jne skipRight
call moveRight
skipRight:
//VK_NUMPAD5
push 65
call GetAsyncKeyState
shr ax,#15
cmp ax,1
jne skipBackward
call moveBackward
skipBackward:
//VK_NUMPAD9
push 69
call GetAsyncKeyState
shr ax,#15
cmp ax,1
jne skipIncZ
call incZ
skipIncZ:
//VK_NUMPAD3
push 63
call GetAsyncKeyState
shr ax,#15
cmp ax,1
jne skipDecZ
call decZ
skipDecZ:
skipAll:
//Clear Registers
xorps xmm0,xmm0
xorps xmm1,xmm1
xorps xmm2,xmm2
xorps xmm3,xmm3
xorps xmm4,xmm4
xorps xmm5,xmm5
cmp [flyEnabled], 1
je loopStart
dealloc(flyEnabled)
//Terminate thread
push 0 // dwExitCode = 0
call GetCurrentThread
push eax // hThread = GetCurrentThread()
push 0 // return address = NULL
push 8000 // dwFreeType = MEM_RELEASE
push 0 // dwSize = 0
push flyMode // dwAddress = mythread
push TerminateThread // return address = TerminateThread
jmp VirtualFree
moveForward:
movss xmm0,[esi+cos] // Cosine Value
movss xmm1,[esi+sin] // Sine Value
mulss xmm0,[moveSpeed] // Multiply Cosine by Speed
mulss xmm1,[moveSpeed] // Multiply Sine by Speed
//Load XYZ
movss xmm2,[edi+x] // Load X
movss xmm3,[edi+y] // Load Y
movss xmm4,[edi+z] // Load Z
addss xmm3,xmm0 // Add Cos to Y
subss xmm2,xmm1 // Subtract Cos from X
movss xmm5,[esi+pitch] // Load Z Pitch
mulss xmm5,[moveSpeed] // Multiply pitch by Speed
addss xmm4,xmm5 // Add result to Z
//Store XYZ
movss [edi+x],xmm2 // Store X
movss [edi+y],xmm3 // Store Y
movss [edi+z],xmm4 // Store Z
ret
moveLeft:
movss xmm0,[esi+cos] // Cosine Value
movss xmm1,[esi+sin] // Sine Value
mulss xmm0,[moveSpeed] // Multiply Cosine by Speed
mulss xmm1,[moveSpeed] // Multiply Sine by Speed
//Load XYZ
movss xmm2,[edi+x] // Load X
movss xmm3,[edi+y] // Load Y
movss xmm4,[edi+z] // Load Z
subss xmm2,xmm0 // Subtract Cos from X
subss xmm3,xmm1 // Subtract Sin from Y
//Store XYZ
movss [edi+x],xmm2 // Store X
movss [edi+y],xmm3 // Store Y
movss [edi+z],xmm4 // Store Z
ret
moveRight:
movss xmm0,[esi+cos] // Cosine Value
movss xmm1,[esi+sin] // Sine Value
mulss xmm0,[moveSpeed] // Multiply Cosine by Speed
mulss xmm1,[moveSpeed] // Multiply Sine by Speed
//Load XYZ
movss xmm2,[edi+x] // Load X
movss xmm3,[edi+y] // Load Y
movss xmm4,[edi+z] // Load Z
addss xmm2,xmm0 // Add Cos to X
addss xmm3,xmm1 // Add Sin to Y
//Store XYZ
movss [edi+x],xmm2 // Store X
movss [edi+y],xmm3 // Store Y
movss [edi+z],xmm4 // Store Z
ret
moveBackward:
movss xmm0,[esi+cos] // Cosine Value
movss xmm1,[esi+sin] // Sine Value
mulss xmm0,[moveSpeed] // Multiply Cosine by Speed
mulss xmm1,[moveSpeed] // Multiply Sine by Speed
//Load XYZ
movss xmm2,[edi+x] // Load X
movss xmm3,[edi+y] // Load Y
movss xmm4,[edi+z] // Load Z
subss xmm3,xmm0 // Subtract Cos from Y
addss xmm2,xmm1 // Add Sin to X
movss xmm5,[esi+pitch] // Load Z Pitch
mulss xmm5,[moveSpeed] // Multiply pitch by Speed
subss xmm4,xmm5 // Add result to Z
//Store XYZ
movss [edi+x],xmm2 // Store X
movss [edi+y],xmm3 // Store Y
movss [edi+z],xmm4 // Store Z
ret
//Change Z
incZ:
fld dword ptr [edi+z] // Load Z
fadd dword ptr [moveSpeed]// Add Speed
fstp dword ptr [edi+z] // Store Z
ret
decZ:
fld dword ptr [edi+z] // Load Z
fsub dword ptr [moveSpeed]// Subtract Speed
fstp dword ptr [edi+z] // Store Z
ret
moveSpeed:
dd speed
[DISABLE]
flyEnabled:
db 00
unregistersymbol(flyMode)
unregistersymbol(flyEnabled)
unregistersymbol(modifier)
129
"Fly Speed"
Float
moveSpeed
117
"X"
Float
camerabase
8
118
"Y"
Float
camerabase
10
119
"Z"
Float
camerabase
C
126
"Sin"
Float
cameraBase2
8
125
"Cos"
Float
cameraBase2
0
127
"Pitch"
Float
cameraBase2
24
Change of movq [bladesoftime.exe+7B372C],xmm0
00496BD6
bladesoftime.exe
96BD6
14
8B
4C
24
1C
66
0F
D6
05
2C
37
BB
00
89
0D
34
37
BB
Change of movss [edi+04],xmm0
004332E3
bladesoftime.exe
332E3
00
F3
0F
58
C2
F3
0F
11
47
04
F3
0F
10
47
08
Change of movss [ebx+0C],xmm0
004332AC
bladesoftime.exe
332AC
00
66
0F
5A
C0
F3
0F
11
43
0C
0F
28
C1
F3
0F
Change of movq [edi],xmm0
00433259
bladesoftime.exe
33259
0F
7E
44
24
1C
66
0F
D6
07
89
4F
08
8D
44
Change of mov [edi+08],ecx
0043325D
bladesoftime.exe
3325D
1C
66
0F
D6
07
89
4F
08
8D
44
24
5C
50
Change of jne bladesoftime.exe+3335D
00433319
bladesoftime.exe
33319
1C
01
00
00
00
75
42
F3
0F
10
43
68
Change of je bladesoftime.exe+334AB
004333E8
bladesoftime.exe
333E8
BA
FF
FF
84
C0
0F
84
BD
00
00
00
F3
0F
10
4D
08
Change of jne bladesoftime.exe+34226
004334E2
bladesoftime.exe
334E2
46
07
00
00
00
0F
85
3E
0D
00
00
8D
84
24
A8
01
Change of je bladesoftime.exe+34226
004334D5
bladesoftime.exe
334D5
0D
00
00
85
C0
0F
84
4B
0D
00
00
80
B8
46
07
00
Change of je bladesoftime.exe+34226
004334CD
bladesoftime.exe
334CD
5C
24
40
85
DB
0F
84
53
0D
00
00
85
C0
90
90
90
Change of jna bladesoftime.exe+3360F
00433604
bladesoftime.exe
33604
24
14
02
00
00
76
09
F3
0F
11
8C
24
Change of jnp bladesoftime.exe+33683
00433635
bladesoftime.exe
33635
00
00
F6
C4
44
7B
4C
F3
0F
10
0D
8C
Change of je bladesoftime.exe+A83D5
004A809D
bladesoftime.exe
A809D
50
FF
D2
84
C0
0F
84
32
03
00
00
8B
06
8B
50
30
Change of je bladesoftime.exe+A80CA
004A80B8
bladesoftime.exe
A80B8
40
BB
00
85
C9
74
10
8B
01
8B
40
74
Change of jne bladesoftime.exe+A83D5
004A83B6
bladesoftime.exe
A83B6
0F
7F
44
24
70
75
1D
D9
05
AC
5A
B1
Change of jg bladesoftime.exe+A846C
004A8465
bladesoftime.exe
A8465
3D
A8
45
BB
00
7F
05
BF
82
72
A8
00
Change of jg bladesoftime.exe+A847F
004A8478
bladesoftime.exe
A8478
A1
20
45
BB
00
7F
05
B8
82
72
A8
00
Change of call dword ptr [bladesoftime.exe+6841D8]
005A0FAC
bladesoftime.exe
1A0FAC
8D
54
24
50
52
FF
15
D8
41
A8
00
2B
74
24
50
6A
Change of jne bladesoftime.exe+1A1082
005A0FF6
bladesoftime.exe
1A0FF6
83
C4
08
84
C0
0F
85
86
00
00
00
8B
35
78
15
BB
Change of jl bladesoftime.exe+1A1161
005A1045
bladesoftime.exe
1A1045
3D
D0
07
00
00
0F
8C
16
01
00
00
6A
01
6A
01
FF
Change of jne bladesoftime.exe+1A10AB
005A1092
bladesoftime.exe
1A1092
2B
15
BB
00
00
75
17
B8
01
00
00
00
Change of jne bladesoftime.exe+1A10AB
005A1089
bladesoftime.exe
1A1089
D3
0A
B1
00
00
75
20
80
3D
2B
15
BB
Change of mov [eax+04],edx
006262C5
bladesoftime.exe
2262C5
8B
48
04
8B
30
89
50
04
8B
13
89
10
F7
Change of je bladesoftime.exe+2262DA
006262D2
bladesoftime.exe
2262D2
C2
00
00
00
08
74
06
8B
40
04
FF
40
Change of call bladesoftime.exe+310E0
004337BC
bladesoftime.exe
337BC
24
3C
02
00
00
E8
1F
D9
FF
FF
F3
0F
10
05
08
Change of call bladesoftime.exe+DD540
00433A93
bladesoftime.exe
33A93
CA
B1
00
8B
CF
E8
A8
9A
0A
00
84
C0
0F
84
7D
Change of call 0E4D0100
0E4D003A
0
85
05
00
00
00
E8
C1
00
00
00
6A
64
E8
EA
E7
Change of jnp bladesoftime.exe+33939
004338F0
bladesoftime.exe
338F0
00
00
F6
C4
44
7B
47
F3
0F
10
0D
8C
cameraBase
16530000
cameraBase2
16530010
cameraBaseHook
0043327C
cameraBaseHook2
0056BC6B
detachCamera1
00433259
detachCamera2
004332AC
disableMotionBlur
004A8084
moveSpeed
165B023C