0 "Get HP" Auto Assembler Script { Game : TowerOfMask-Win64-Shipping.exe Version: Date : 2024-12-08 Author : bbfox@https://opencheattables.com } [ENABLE] aobscanmodule(INJECT_GET_HP,$process,E9 A4 03 00 00 49 8D) // should be unique alloc(newmem,$1000,INJECT_GET_HP) label(code) label(return) label(i_base_hp_addr) newmem: cmp qword ptr [i_base_hp_addr], 0 jne code test rdx, rdx jz code cmp dword ptr [rdx+40], 0 jne code vmovss xmm15, [vf_3000] vmovss xmm14, [rdx+48] vucomiss xmm14, xmm14 jp code // NaN vucomiss xmm15, xmm14 jne code mov [i_base_hp_addr], rdx jmp code push r15 mov r15d, [rdx] @@: pop r15 code: reassemble(INJECT_GET_HP) //jmp TowerOfMask-Win64-Shipping.exe+102D572 jmp return align 10 cc i_base_hp_addr: dq 0 vf_3000: dd (float)3000 INJECT_GET_HP: jmp newmem return: registersymbol(INJECT_GET_HP) registersymbol(i_base_hp_addr) [DISABLE] INJECT_GET_HP: db E9 A4 03 00 00 unregistersymbol(*) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: TowerOfMask-Win64-Shipping.exe+102D1C9 TowerOfMask-Win64-Shipping.exe+102D1A4: 75 28 - jne TowerOfMask-Win64-Shipping.exe+102D1CE TowerOfMask-Win64-Shipping.exe+102D1A6: 4D 63 41 4C - movsxd r8,dword ptr [r9+4C] TowerOfMask-Win64-Shipping.exe+102D1AA: 4D 03 C5 - add r8,r13 TowerOfMask-Win64-Shipping.exe+102D1AD: 4D 89 46 38 - mov [r14+38],r8 TowerOfMask-Win64-Shipping.exe+102D1B1: 4D 85 D2 - test r10,r10 TowerOfMask-Win64-Shipping.exe+102D1B4: 0F 84 B8 03 00 00 - je TowerOfMask-Win64-Shipping.exe+102D572 TowerOfMask-Win64-Shipping.exe+102D1BA: 49 8B 01 - mov rax,[r9] TowerOfMask-Win64-Shipping.exe+102D1BD: 49 8B D2 - mov rdx,r10 TowerOfMask-Win64-Shipping.exe+102D1C0: 49 8B C9 - mov rcx,r9 TowerOfMask-Win64-Shipping.exe+102D1C3: FF 90 D0 00 00 00 - call qword ptr [rax+000000D0] // ---------- INJECTING HERE ---------- TowerOfMask-Win64-Shipping.exe+102D1C9: E9 A4 03 00 00 - jmp TowerOfMask-Win64-Shipping.exe+102D572 // ---------- DONE INJECTING ---------- TowerOfMask-Win64-Shipping.exe+102D1CE: 49 8D 49 28 - lea rcx,[r9+28] TowerOfMask-Win64-Shipping.exe+102D1D2: 48 8D 54 24 20 - lea rdx,[rsp+20] TowerOfMask-Win64-Shipping.exe+102D1D7: E8 D4 98 E0 FF - call TowerOfMask-Win64-Shipping.exe+E36AB0 TowerOfMask-Win64-Shipping.exe+102D1DC: EB 4B - jmp TowerOfMask-Win64-Shipping.exe+102D229 TowerOfMask-Win64-Shipping.exe+102D1DE: BA 05 00 00 00 - mov edx,00000005 TowerOfMask-Win64-Shipping.exe+102D1E3: 48 89 5C 24 20 - mov [rsp+20],rbx TowerOfMask-Win64-Shipping.exe+102D1E8: 48 8D 4C 24 20 - lea rcx,[rsp+20] TowerOfMask-Win64-Shipping.exe+102D1ED: 48 89 5C 24 28 - mov [rsp+28],rbx TowerOfMask-Win64-Shipping.exe+102D1F2: E8 39 CC 79 FF - call TowerOfMask-Win64-Shipping.exe+7C9E30 TowerOfMask-Win64-Shipping.exe+102D1F7: 8B 54 24 28 - mov edx,[rsp+28] } 3 "Notice: reenable if HP is incorrect" 8000FF 1 1 "HP" 0 FF8080 Float

i_base_hp_addr

0 2 "Max HP" 0 FF8080 Float

i_base_hp_addr

4 7 "inf. item duration" Auto Assembler Script { Game : TowerOfMask-Win64-Shipping.exe Version: Date : 2024-12-08 Author : bbfox@https://opencheattables.com } [ENABLE] aobscanmodule(INJECT_SET_ITEM_DUR,$process,FF 90 C8 00 00 00 E9) // should be unique alloc(newmem,$1000,INJECT_SET_ITEM_DUR) label(code) label(return) newmem: mov byte ptr [i_item_flag], 0 movaps [i_buf_xmm1], xmm1 movaps [i_buf_xmm1], xmm2 shufps xmm1, xmm1, 0xe6 shufps xmm2, xmm2, 0xe6 vucomiss xmm1, xmm1 jp endp // NaN vucomiss xmm2, xmm2 jp endp vxorps xmm15, xmm15, xmm15 vucomiss xmm15, xmm1 je endp vucomiss xmm1, xmm2 jne endp vucomiss xmm1, [vf_10] jbe endp mov byte ptr [i_item_flag], 1 endp: movaps xmm1, [i_buf_xmm1] movaps xmm2, [i_buf_xmm1] code: call qword ptr [rax+000000C8] cmp byte ptr [i_item_flag], 1 jne return movss xmm15, [vf_100] movss [rcx+8], xmm15 jmp return align 10 cc i_buf_xmm1: dq 0 dq 0 i_buf_xmm2: dq 0 dq 0 vf_100: dd (float)100 vf_10: dd (float)10 i_item_flag: db 0 INJECT_SET_ITEM_DUR: jmp newmem nop return: registersymbol(INJECT_SET_ITEM_DUR) [DISABLE] INJECT_SET_ITEM_DUR: db FF 90 C8 00 00 00 unregistersymbol(INJECT_SET_ITEM_DUR) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: TowerOfMask-Win64-Shipping.exe+27AD73B TowerOfMask-Win64-Shipping.exe+27AD71D: 74 06 - je TowerOfMask-Win64-Shipping.exe+27AD725 TowerOfMask-Win64-Shipping.exe+27AD71F: 48 D1 F8 - sar rax,1 TowerOfMask-Win64-Shipping.exe+27AD722: 48 03 C3 - add rax,rbx TowerOfMask-Win64-Shipping.exe+27AD725: 0F AF EE - imul ebp,esi TowerOfMask-Win64-Shipping.exe+27AD728: 48 63 CD - movsxd rcx,ebp TowerOfMask-Win64-Shipping.exe+27AD72B: 48 03 C8 - add rcx,rax TowerOfMask-Win64-Shipping.exe+27AD72E: 49 8B 04 24 - mov rax,[r12] TowerOfMask-Win64-Shipping.exe+27AD732: 48 8B D1 - mov rdx,rcx TowerOfMask-Win64-Shipping.exe+27AD735: 4D 8B C1 - mov r8,r9 TowerOfMask-Win64-Shipping.exe+27AD738: 49 8B CC - mov rcx,r12 // ---------- INJECTING HERE ---------- TowerOfMask-Win64-Shipping.exe+27AD73B: FF 90 C8 00 00 00 - call qword ptr [rax+000000C8] // ---------- DONE INJECTING ---------- TowerOfMask-Win64-Shipping.exe+27AD741: E9 82 00 00 00 - jmp TowerOfMask-Win64-Shipping.exe+27AD7C8 TowerOfMask-Win64-Shipping.exe+27AD746: 8B 43 08 - mov eax,[rbx+08] TowerOfMask-Win64-Shipping.exe+27AD749: 48 8D 54 24 40 - lea rdx,[rsp+40] TowerOfMask-Win64-Shipping.exe+27AD74E: 33 C9 - xor ecx,ecx TowerOfMask-Win64-Shipping.exe+27AD750: 85 C0 - test eax,eax TowerOfMask-Win64-Shipping.exe+27AD752: 8D 58 FF - lea ebx,[rax-01] TowerOfMask-Win64-Shipping.exe+27AD755: 0F 4E D9 - cmovle ebx,ecx TowerOfMask-Win64-Shipping.exe+27AD758: 49 8D 4D 28 - lea rcx,[r13+28] TowerOfMask-Win64-Shipping.exe+27AD75C: E8 4F 93 68 FE - call TowerOfMask-Win64-Shipping.exe+E36AB0 TowerOfMask-Win64-Shipping.exe+27AD761: 83 7C 24 48 00 - cmp dword ptr [rsp+48],00 } 8 "Not 100% stable. Game may crash if this script always enabled." 8000FF 1 9 "script will skip any item taht dur. < 10" 8000FF 1