245
"Always Full Gold"
Auto Assembler Script
[ENABLE]
aobscanmodule(gold,nwmain.exe,8B 86 7C 06 00 00 3B 03) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
cmp [esi+67c],#99999 // if we have more than 99.999 gold
jb code // skip our patch
mov [esi+67c],#99999 // otherwise, set gold to 99.999
code:
mov eax,[esi+0000067C]
jmp return
gold:
jmp newmem
nop
return:
registersymbol(gold)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
gold:
db 8B 86 7C 06 00 00
unregistersymbol(gold)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "nwmain.exe"+328E2D
"nwmain.exe"+328E11: 7D 08 - jnl nwmain.exe+328E1B
"nwmain.exe"+328E13: B8 00 04 00 00 - mov eax,00000400
"nwmain.exe"+328E18: 66 09 07 - or [edi],ax
"nwmain.exe"+328E1B: 8B 4D FC - mov ecx,[ebp-04]
"nwmain.exe"+328E1E: 53 - push ebx
"nwmain.exe"+328E1F: 56 - push esi
"nwmain.exe"+328E20: E8 9B C1 FE FF - call nwmain.exe+314FC0
"nwmain.exe"+328E25: 85 C0 - test eax,eax
"nwmain.exe"+328E27: 74 04 - je nwmain.exe+328E2D
"nwmain.exe"+328E29: 66 83 0F 04 - or word ptr [edi],04
// ---------- INJECTING HERE ----------
"nwmain.exe"+328E2D: 8B 86 7C 06 00 00 - mov eax,[esi+0000067C]
// ---------- DONE INJECTING ----------
"nwmain.exe"+328E33: 3B 03 - cmp eax,[ebx]
"nwmain.exe"+328E35: 75 47 - jne nwmain.exe+328E7E
"nwmain.exe"+328E37: 8B CE - mov ecx,esi
"nwmain.exe"+328E39: E8 72 D7 03 00 - call nwmain.exe+3665B0
"nwmain.exe"+328E3E: 66 39 43 04 - cmp [ebx+04],ax
"nwmain.exe"+328E42: 75 3A - jne nwmain.exe+328E7E
"nwmain.exe"+328E44: 0F BF 43 08 - movsx eax,word ptr [ebx+08]
"nwmain.exe"+328E48: 3B 86 34 07 00 00 - cmp eax,[esi+00000734]
"nwmain.exe"+328E4E: 75 2E - jne nwmain.exe+328E7E
"nwmain.exe"+328E50: 83 BE 30 07 00 00 01 - cmp dword ptr [esi+00000730],01
}
250
"Find Hitpoints Address"
Auto Assembler Script
[ENABLE]
aobscanmodule(health,nwmain.exe,66 8B 81 C8 00 00 00 5d c2 04 00) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
label(hp)
newmem:
cmp [ecx+e0],1
jne code
cmp [ecx+178],0
jne code
cmp [esp+1f0],0
jne code
mov [hp],ecx
code:
mov ax,[ecx+000000C8]
jmp return
hp:
dd 1
health:
jmp newmem
nop
nop
return:
registersymbol(health)
registersymbol(hp)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
health:
db 66 8B 81 C8 00 00 00
unregistersymbol(health)
unregistersymbol(hp)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "nwmain.exe"+2E5879
"nwmain.exe"+2E5866: E9 75 E5 DC FF - jmp nwmain.exe+B3DE0
"nwmain.exe"+2E586B: CC - int 3
"nwmain.exe"+2E586C: CC - int 3
"nwmain.exe"+2E586D: CC - int 3
"nwmain.exe"+2E586E: CC - int 3
"nwmain.exe"+2E586F: CC - int 3
"nwmain.exe"+2E5870: 55 - push ebp
"nwmain.exe"+2E5871: 8B EC - mov ebp,esp
"nwmain.exe"+2E5873: 83 7D 08 01 - cmp dword ptr [ebp+08],01
"nwmain.exe"+2E5877: 75 0B - jne nwmain.exe+2E5884
// ---------- INJECTING HERE ----------
"nwmain.exe"+2E5879: 66 8B 81 C8 00 00 00 - mov ax,[ecx+000000C8]
// ---------- DONE INJECTING ----------
"nwmain.exe"+2E5880: 5D - pop ebp
"nwmain.exe"+2E5881: C2 04 00 - ret 0004
"nwmain.exe"+2E5884: 66 8B 81 D0 00 00 00 - mov ax,[ecx+000000D0]
"nwmain.exe"+2E588B: 66 03 81 C8 00 00 00 - add ax,[ecx+000000C8]
"nwmain.exe"+2E5892: 5D - pop ebp
"nwmain.exe"+2E5893: C2 04 00 - ret 0004
"nwmain.exe"+2E5896: CC - int 3
"nwmain.exe"+2E5897: CC - int 3
"nwmain.exe"+2E5898: CC - int 3
"nwmain.exe"+2E5899: CC - int 3
}
270
"Hitpoints"
4 Bytes
[hp]+c8
280
"Find Experience Address"
Auto Assembler Script
[ENABLE]
aobscanmodule(findxp,nwmain.exe,8B 87 80 00 00 00 89 45 E4 8B 41 4C) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
label(xp)
newmem:
cmp edi,0
je code
mov [xp],edi
code:
mov eax,[edi+00000080]
jmp return
xp:
dd 1
findxp:
jmp newmem
nop
return:
registersymbol(findxp)
registersymbol(xp)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
findxp:
db 8B 87 80 00 00 00
unregistersymbol(findxp)
unregistersymbol(xp)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "nwmain.exe"+2FB693
"nwmain.exe"+2FB677: 0F 95 C1 - setne cl
"nwmain.exe"+2FB67A: 0B CE - or ecx,esi
"nwmain.exe"+2FB67C: 0B F9 - or edi,ecx
"nwmain.exe"+2FB67E: 8B 4D EC - mov ecx,[ebp-14]
"nwmain.exe"+2FB681: 89 7D F8 - mov [ebp-08],edi
"nwmain.exe"+2FB684: 8B 7D F4 - mov edi,[ebp-0C]
"nwmain.exe"+2FB687: 8A 41 3F - mov al,[ecx+3F]
"nwmain.exe"+2FB68A: 8A 79 40 - mov bh,[ecx+40]
"nwmain.exe"+2FB68D: 8A 59 41 - mov bl,[ecx+41]
"nwmain.exe"+2FB690: 88 45 FC - mov [ebp-04],al
// ---------- INJECTING HERE ----------
"nwmain.exe"+2FB693: 8B 87 80 00 00 00 - mov eax,[edi+00000080]
// ---------- DONE INJECTING ----------
"nwmain.exe"+2FB699: 89 45 E4 - mov [ebp-1C],eax
"nwmain.exe"+2FB69C: 8B 41 4C - mov eax,[ecx+4C]
"nwmain.exe"+2FB69F: 8B CF - mov ecx,edi
"nwmain.exe"+2FB6A1: 6A 00 - push 00
"nwmain.exe"+2FB6A3: 89 45 E0 - mov [ebp-20],eax
"nwmain.exe"+2FB6A6: E8 75 DA 04 00 - call nwmain.exe+349120
"nwmain.exe"+2FB6AB: 33 C9 - xor ecx,ecx
"nwmain.exe"+2FB6AD: BE 08 00 00 00 - mov esi,00000008
"nwmain.exe"+2FB6B2: 3A C3 - cmp al,bl
"nwmain.exe"+2FB6B4: 51 - push ecx
}
281
"Experience"
4 Bytes
[xp]+80
265
"Debug"
1
257
"OneHit Kill"
Auto Assembler Script
[ENABLE]
aobscanmodule(onehit,nwmain.exe,89 86 C8 00 00 00 5E 8B) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
cmp ebx,1
jne code // if enemy kill him
jmp return // if not, no damage
code:
mov [esi+c8],0 // kill him
mov [esi+000000C8],eax
jmp return
onehit:
jmp newmem
nop
return:
registersymbol(onehit)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
onehit:
db 89 86 C8 00 00 00
unregistersymbol(onehit)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "nwmain.exe"+362652
"nwmain.exe"+362637: B8 00 00 00 00 - mov eax,00000000
"nwmain.exe"+36263C: 83 EF 01 - sub edi,01
"nwmain.exe"+36263F: 0F 48 F8 - cmovs edi,eax
"nwmain.exe"+362642: 8B 06 - mov eax,[esi]
"nwmain.exe"+362644: 8B CE - mov ecx,esi
"nwmain.exe"+362646: 6A 01 - push 01
"nwmain.exe"+362648: FF 90 9C 00 00 00 - call dword ptr [eax+0000009C]
"nwmain.exe"+36264E: 98 - cwde
"nwmain.exe"+36264F: 2B C7 - sub eax,edi
"nwmain.exe"+362651: 5F - pop edi
// ---------- INJECTING HERE ----------
"nwmain.exe"+362652: 89 86 C8 00 00 00 - mov [esi+000000C8],eax
// ---------- DONE INJECTING ----------
"nwmain.exe"+362658: 5E - pop esi
"nwmain.exe"+362659: 8B E5 - mov esp,ebp
"nwmain.exe"+36265B: 5D - pop ebp
"nwmain.exe"+36265C: C2 04 00 - ret 0004
"nwmain.exe"+36265F: CC - int 3
"nwmain.exe"+362660: 55 - push ebp
"nwmain.exe"+362661: 8B EC - mov ebp,esp
"nwmain.exe"+362663: 83 E4 F8 - and esp,-08
"nwmain.exe"+362666: 83 EC 5C - sub esp,5C
"nwmain.exe"+362669: 53 - push ebx
}
266
"Always 999 Hitpoints and OneHit"
Auto Assembler Script
[ENABLE]
aobscanmodule(health,nwmain.exe,66 8B 81 C8 00 00 00 5d c2 04 00) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
cmp [ecx+e0],1 // if edx = 13 then enemy
jne code
mov [ecx+c8],#999
mov ax,[ecx+000000C8]
jmp return
code:
mov [ecx+c8],#0
mov ax,[ecx+000000C8]
jmp return
health:
jmp newmem
nop
nop
return:
registersymbol(health)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
health:
db 66 8B 81 C8 00 00 00
unregistersymbol(health)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "nwmain.exe"+2E5879
"nwmain.exe"+2E5866: E9 75 E5 DC FF - jmp nwmain.exe+B3DE0
"nwmain.exe"+2E586B: CC - int 3
"nwmain.exe"+2E586C: CC - int 3
"nwmain.exe"+2E586D: CC - int 3
"nwmain.exe"+2E586E: CC - int 3
"nwmain.exe"+2E586F: CC - int 3
"nwmain.exe"+2E5870: 55 - push ebp
"nwmain.exe"+2E5871: 8B EC - mov ebp,esp
"nwmain.exe"+2E5873: 83 7D 08 01 - cmp dword ptr [ebp+08],01
"nwmain.exe"+2E5877: 75 0B - jne nwmain.exe+2E5884
// ---------- INJECTING HERE ----------
"nwmain.exe"+2E5879: 66 8B 81 C8 00 00 00 - mov ax,[ecx+000000C8]
// ---------- DONE INJECTING ----------
"nwmain.exe"+2E5880: 5D - pop ebp
"nwmain.exe"+2E5881: C2 04 00 - ret 0004
"nwmain.exe"+2E5884: 66 8B 81 D0 00 00 00 - mov ax,[ecx+000000D0]
"nwmain.exe"+2E588B: 66 03 81 C8 00 00 00 - add ax,[ecx+000000C8]
"nwmain.exe"+2E5892: 5D - pop ebp
"nwmain.exe"+2E5893: C2 04 00 - ret 0004
"nwmain.exe"+2E5896: CC - int 3
"nwmain.exe"+2E5897: CC - int 3
"nwmain.exe"+2E5898: CC - int 3
"nwmain.exe"+2E5899: CC - int 3
}
269
"Always 999 Hitpoints"
Auto Assembler Script
[ENABLE]
aobscanmodule(health,nwmain.exe,66 8B 81 C8 00 00 00 5d c2 04 00) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
cmp edx,0
jne code
mov [ecx+c8],#999
code:
mov ax,[ecx+000000C8]
jmp return
health:
jmp newmem
nop
nop
return:
registersymbol(health)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
health:
db 66 8B 81 C8 00 00 00
unregistersymbol(health)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "nwmain.exe"+2E5879
"nwmain.exe"+2E5866: E9 75 E5 DC FF - jmp nwmain.exe+B3DE0
"nwmain.exe"+2E586B: CC - int 3
"nwmain.exe"+2E586C: CC - int 3
"nwmain.exe"+2E586D: CC - int 3
"nwmain.exe"+2E586E: CC - int 3
"nwmain.exe"+2E586F: CC - int 3
"nwmain.exe"+2E5870: 55 - push ebp
"nwmain.exe"+2E5871: 8B EC - mov ebp,esp
"nwmain.exe"+2E5873: 83 7D 08 01 - cmp dword ptr [ebp+08],01
"nwmain.exe"+2E5877: 75 0B - jne nwmain.exe+2E5884
// ---------- INJECTING HERE ----------
"nwmain.exe"+2E5879: 66 8B 81 C8 00 00 00 - mov ax,[ecx+000000C8]
// ---------- DONE INJECTING ----------
"nwmain.exe"+2E5880: 5D - pop ebp
"nwmain.exe"+2E5881: C2 04 00 - ret 0004
"nwmain.exe"+2E5884: 66 8B 81 D0 00 00 00 - mov ax,[ecx+000000D0]
"nwmain.exe"+2E588B: 66 03 81 C8 00 00 00 - add ax,[ecx+000000C8]
"nwmain.exe"+2E5892: 5D - pop ebp
"nwmain.exe"+2E5893: C2 04 00 - ret 0004
"nwmain.exe"+2E5896: CC - int 3
"nwmain.exe"+2E5897: CC - int 3
"nwmain.exe"+2E5898: CC - int 3
"nwmain.exe"+2E5899: CC - int 3
}
274
"Find Experience Pointer 2"
Auto Assembler Script
[ENABLE]
aobscanmodule(xp_pointer,nwmain.exe,8B 8F 80 00 00 00 E9) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
label(experience)
newmem:
cmp edi,0
je code
mov [experience],edi
code:
mov ecx,[edi+00000080]
jmp return
experience:
dd 1
xp_pointer:
jmp newmem
nop
return:
registersymbol(xp_pointer)
registersymbol(experience)
[DISABLE]
xp_pointer:
db 8B 8F 80 00 00 00
unregistersymbol(xp_pointer)
unregistersymbol(experience)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "nwmain.exe"+339CED
"nwmain.exe"+339CCE: E8 3D D5 00 00 - call nwmain.exe+347210
"nwmain.exe"+339CD3: 0F B6 C0 - movzx eax,al
"nwmain.exe"+339CD6: 3B 06 - cmp eax,[esi]
"nwmain.exe"+339CD8: 5E - pop esi
"nwmain.exe"+339CD9: 7D 2E - jnl nwmain.exe+339D09
"nwmain.exe"+339CDB: 83 BF 84 00 00 00 00 - cmp dword ptr [edi+00000084],00
"nwmain.exe"+339CE2: 74 1D - je nwmain.exe+339D01
"nwmain.exe"+339CE4: 6A 00 - push 00
"nwmain.exe"+339CE6: 8B CF - mov ecx,edi
"nwmain.exe"+339CE8: E8 23 D5 00 00 - call nwmain.exe+347210
// ---------- INJECTING HERE ----------
"nwmain.exe"+339CED: 8B 8F 80 00 00 00 - mov ecx,[edi+00000080]
// ---------- DONE INJECTING ----------
"nwmain.exe"+339CF3: 0F B6 D0 - movzx edx,al
"nwmain.exe"+339CF6: A1 D0 00 91 01 - mov eax,[nwmain.exe+7F00D0]
"nwmain.exe"+339CFB: 3B 4C 90 1C - cmp ecx,[eax+edx*4+1C]
"nwmain.exe"+339CFF: 72 08 - jb nwmain.exe+339D09
"nwmain.exe"+339D01: 5B - pop ebx
"nwmain.exe"+339D02: B8 01 00 00 00 - mov eax,00000001
"nwmain.exe"+339D07: 5F - pop edi
"nwmain.exe"+339D08: C3 - ret
"nwmain.exe"+339D09: 5B - pop ebx
"nwmain.exe"+339D0A: 33 C0 - xor eax,eax
}
275
"Experience"
4 Bytes
[experience]+80
262
"Find Experience Address (works sometimes)"
Auto Assembler Script
[ENABLE]
aobscanmodule(xp_pointer,nwmain.exe,8B 8F 80 00 00 00 0F B6 D0) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
label(experience)
newmem:
cmp edi,0
je code
mov [experience],edi
code:
mov ecx,[edi+00000080]
jmp return
experience:
dd 1
xp_pointer:
jmp newmem
nop
return:
registersymbol(xp_pointer)
registersymbol(experience)
[DISABLE]
xp_pointer:
db 8B 8F 80 00 00 00
unregistersymbol(xp_pointer)
unregistersymbol(experience)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "nwmain.exe"+339CED
"nwmain.exe"+339CCE: E8 3D D5 00 00 - call nwmain.exe+347210
"nwmain.exe"+339CD3: 0F B6 C0 - movzx eax,al
"nwmain.exe"+339CD6: 3B 06 - cmp eax,[esi]
"nwmain.exe"+339CD8: 5E - pop esi
"nwmain.exe"+339CD9: 7D 2E - jnl nwmain.exe+339D09
"nwmain.exe"+339CDB: 83 BF 84 00 00 00 00 - cmp dword ptr [edi+00000084],00
"nwmain.exe"+339CE2: 74 1D - je nwmain.exe+339D01
"nwmain.exe"+339CE4: 6A 00 - push 00
"nwmain.exe"+339CE6: 8B CF - mov ecx,edi
"nwmain.exe"+339CE8: E8 23 D5 00 00 - call nwmain.exe+347210
// ---------- INJECTING HERE ----------
"nwmain.exe"+339CED: 8B 8F 80 00 00 00 - mov ecx,[edi+00000080]
// ---------- DONE INJECTING ----------
"nwmain.exe"+339CF3: 0F B6 D0 - movzx edx,al
"nwmain.exe"+339CF6: A1 D0 00 91 01 - mov eax,[nwmain.exe+7F00D0]
"nwmain.exe"+339CFB: 3B 4C 90 1C - cmp ecx,[eax+edx*4+1C]
"nwmain.exe"+339CFF: 72 08 - jb nwmain.exe+339D09
"nwmain.exe"+339D01: 5B - pop ebx
"nwmain.exe"+339D02: B8 01 00 00 00 - mov eax,00000001
"nwmain.exe"+339D07: 5F - pop edi
"nwmain.exe"+339D08: C3 - ret
"nwmain.exe"+339D09: 5B - pop ebx
"nwmain.exe"+339D0A: 33 C0 - xor eax,eax
}
264
"Experience"
4 Bytes
[experience]+80
Recifense
20180331
===========================================
Game Title : Neverwinter Nights Enhanced Edition
Game Version : 74.8166
Game Sponsor : CODEX
Process Name : nwmain.exe
Relevant Info : 32bits/RPG/Mixed data Size
Script Version: 1.0 (AOB)
CE Version : 6.7
Release date : 31-Mar-2018
Author : Recifense
History:
31-Mar-2018: First Release
Features:
- Minimum Gold [1]
- God Mode [2]
- Unlimited Ammo [3]
- Try to prevent Slowdown [4]
- Some Pointers [5]
===========================================
[1] It will not go under 67000;
[2] For main Hero and Companion;
[3] For main Hero only;
[4] For main Hero only (encumbered or magic);
[4] Used at the table;
===========================================
[USAGE]
1) Run CE67 or greater;
2) Run Game;
3) Load the game process "nwmain.exe" in CE;
4) Load this table and activate the main script;
5) Now Activate the script of each cheat you want to use;
6) Game On;
===========================================
[HOTKEYS]
- None defined
===========================================
[IMPORTANT]
Save your game before unsing the cheats.
===========================================
[INFO]
Tested on Win 10 64bits
===========================================
Have fun!