114982 "<=== Attach to process and activate mono" 0000FF Auto Assembler Script [ENABLE] {$lua} if syntaxcheck then return end if(getCEVersion() < 7.4) then ShowMessage('Warning! CE version should be 7.4 or above') end OpenProcess("Night is Coming.exe") if(process == nil) then ShowMessage('The process is NOT found!') end LaunchMonoDataCollector() {$asm} // LuaCall(function cycleFullCompact(sender,force) local state = not(compactmenuitem.Caption == 'Compact View Mode'); if force~=nil then state = not force end; compactmenuitem.Caption = state and 'Compact View Mode' or 'Full View Mode'; getMainForm().Splitter1.Visible = state; getMainForm().Panel4.Visible = state; getMainForm().Panel5.Visible = state; end; function addCompactMenu() if compactmenualreadyexists then return end; local parent = getMainForm().Menu.Items; compactmenuitem = createMenuItem(parent); parent.add(compactmenuitem); compactmenuitem.Caption = 'Compact View Mode'; compactmenuitem.OnClick = cycleFullCompact; compactmenualreadyexists = 'yes'; end; addCompactMenu(); cycleFullCompact(nil,true)) [DISABLE] // LuaCall(cycleFullCompact(nil,false)) 3 "99 of every ressource" Auto Assembler Script [ENABLE] aobscanmodule(ressources,GameAssembly.dll,8B 40 10 48 8B 5C 24 38 48 83 C4 20 5F) // should be unique alloc(newmem,$100,ressources) label(code) label(return) newmem: mov ebx,#99 mov [rax+10],ebx code: mov eax,[rax+10] mov rbx,[rsp+38] jmp return ressources: jmp newmem nop 3 return: registersymbol(ressources) [DISABLE] ressources: db 8B 40 10 48 8B 5C 24 38 unregistersymbol(ressources) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+356CABD GameAssembly.dll+356CA99: 74 3D - je GameAssembly.dll+356CAD8 GameAssembly.dll+356CA9B: 4C 8B 0D 16 5D 50 01 - mov r9,[GameAssembly.dll+4A727B8] GameAssembly.dll+356CAA2: 4C 8D 44 24 30 - lea r8,[rsp+30] GameAssembly.dll+356CAA7: 48 8B D7 - mov rdx,rdi GameAssembly.dll+356CAAA: E8 A1 0E D6 FD - call GameAssembly.dll+12CD950 GameAssembly.dll+356CAAF: 84 C0 - test al,al GameAssembly.dll+356CAB1: 74 18 - je GameAssembly.dll+356CACB GameAssembly.dll+356CAB3: 48 8B 44 24 30 - mov rax,[rsp+30] GameAssembly.dll+356CAB8: 48 85 C0 - test rax,rax GameAssembly.dll+356CABB: 74 1B - je GameAssembly.dll+356CAD8 // ---------- INJECTING HERE ---------- GameAssembly.dll+356CABD: 8B 40 10 - mov eax,[rax+10] // ---------- DONE INJECTING ---------- GameAssembly.dll+356CAC0: 48 8B 5C 24 38 - mov rbx,[rsp+38] GameAssembly.dll+356CAC5: 48 83 C4 20 - add rsp,20 GameAssembly.dll+356CAC9: 5F - pop rdi GameAssembly.dll+356CACA: C3 - ret GameAssembly.dll+356CACB: 48 8B 5C 24 38 - mov rbx,[rsp+38] GameAssembly.dll+356CAD0: 33 C0 - xor eax,eax GameAssembly.dll+356CAD2: 48 83 C4 20 - add rsp,20 GameAssembly.dll+356CAD6: 5F - pop rdi GameAssembly.dll+356CAD7: C3 - ret GameAssembly.dll+356CAD8: E8 23 94 E5 FC - call GameAssembly.DllGetActivationFactory+6910 } 114984 "Always 1500 Mana" Auto Assembler Script [ENABLE] aobscanmodule(mana2,GameAssembly.dll,F3 0F 11 73 28 48 8B CB E8 8A) // should be unique alloc(newmem,$100,mana2) label(code) label(return) label(value) newmem: movss xmm6,[value] code: movss [rbx+28],xmm6 jmp return value: dd (float)1500.0 mana2: jmp newmem return: registersymbol(mana2) [DISABLE] mana2: db F3 0F 11 73 28 unregistersymbol(mana2) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+381E099 GameAssembly.dll+381E07D: 0F 57 C0 - xorps xmm0,xmm0 GameAssembly.dll+381E080: 0F 2F C6 - comiss xmm0,xmm6 GameAssembly.dll+381E083: 77 0F - ja GameAssembly.dll+381E094 GameAssembly.dll+381E085: F3 0F 10 43 20 - movss xmm0,[rbx+20] GameAssembly.dll+381E08A: 0F 2F F0 - comiss xmm6,xmm0 GameAssembly.dll+381E08D: 76 08 - jna GameAssembly.dll+381E097 GameAssembly.dll+381E08F: 0F 28 F0 - movaps xmm6,xmm0 GameAssembly.dll+381E092: EB 03 - jmp GameAssembly.dll+381E097 GameAssembly.dll+381E094: 0F 57 F6 - xorps xmm6,xmm6 GameAssembly.dll+381E097: 33 D2 - xor edx,edx // ---------- INJECTING HERE ---------- GameAssembly.dll+381E099: F3 0F 11 73 28 - movss [rbx+28],xmm6 // ---------- DONE INJECTING ---------- GameAssembly.dll+381E09E: 48 8B CB - mov rcx,rbx GameAssembly.dll+381E0A1: E8 8A DE FF FF - call SpiritLogic.UpdateTowerState GameAssembly.dll+381E0A6: 48 8B 05 63 CA 1F 01 - mov rax,[GameAssembly.dll+4A1AB10] GameAssembly.dll+381E0AD: 83 B8 E0 00 00 00 00 - cmp dword ptr [rax+000000E0],00 GameAssembly.dll+381E0B4: 75 0F - jne GameAssembly.dll+381E0C5 GameAssembly.dll+381E0B6: 48 8B C8 - mov rcx,rax GameAssembly.dll+381E0B9: E8 42 2B B9 FC - call GameAssembly.il2cpp_runtime_class_init GameAssembly.dll+381E0BE: 48 8B 05 4B CA 1F 01 - mov rax,[GameAssembly.dll+4A1AB10] GameAssembly.dll+381E0C5: 48 8B 80 B8 00 00 00 - mov rax,[rax+000000B8] GameAssembly.dll+381E0CC: 48 8B 08 - mov rcx,[rax] } 114987 "no Hunger" Auto Assembler Script [ENABLE] aobscanmodule(hunger,GameAssembly.dll,CF FF FF 0F 57 FF 84 C0 75 0A 0F 2F FE) // should be unique alloc(newmem,$1000,hunger) label(code) label(return) label(fullfed) newmem: movss xmm6,[fullfed] code: comiss xmm7,xmm6 jmp return fullfed: dd (float)300.0 hunger+08: jmp newmem nop 24 // yes, really... return: registersymbol(hunger) [DISABLE] hunger+08: db 75 0A 0F 2F FE unregistersymbol(hunger) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+37CBC49 GameAssembly.dll+37CBC1B: 48 8D 0D 96 31 24 01 - lea rcx,[GameAssembly.dll+4A0EDB8] GameAssembly.dll+37CBC22: E8 79 A0 BF FC - call GameAssembly.DllGetActivationFactory+66B0 GameAssembly.dll+37CBC27: 48 8D 0D 4A 62 21 01 - lea rcx,[GameAssembly.dll+49E1E78] GameAssembly.dll+37CBC2E: E8 6D A0 BF FC - call GameAssembly.DllGetActivationFactory+66B0 GameAssembly.dll+37CBC33: C6 05 E1 82 57 01 01 - mov byte ptr [GameAssembly.dll+4D43F1B],01 GameAssembly.dll+37CBC3A: 33 D2 - xor edx,edx GameAssembly.dll+37CBC3C: 48 8B CF - mov rcx,rdi GameAssembly.dll+37CBC3F: E8 5C CF FF FF - call NiC.Settler.get_isGodMode GameAssembly.dll+37CBC44: 0F 57 FF - xorps xmm7,xmm7 GameAssembly.dll+37CBC47: 84 C0 - test al,al // ---------- INJECTING HERE ---------- GameAssembly.dll+37CBC49: 75 0A - jne GameAssembly.dll+37CBC55 // ---------- DONE INJECTING ---------- GameAssembly.dll+37CBC4B: 0F 2F FE - comiss xmm7,xmm6 GameAssembly.dll+37CBC4E: 76 12 - jna GameAssembly.dll+37CBC62 GameAssembly.dll+37CBC50: 0F 57 F6 - xorps xmm6,xmm6 GameAssembly.dll+37CBC53: EB 1D - jmp GameAssembly.dll+37CBC72 GameAssembly.dll+37CBC55: F3 0F 10 05 6F 26 4E 00 - movss xmm0,[GameAssembly.dll+3CAE2CC] GameAssembly.dll+37CBC5D: 0F 2F C6 - comiss xmm0,xmm6 GameAssembly.dll+37CBC60: 77 0D - ja GameAssembly.dll+37CBC6F GameAssembly.dll+37CBC62: F3 0F 10 05 26 1F 4E 00 - movss xmm0,[GameAssembly.dll+3CADB90] GameAssembly.dll+37CBC6A: 0F 2F F0 - comiss xmm6,xmm0 GameAssembly.dll+37CBC6D: 76 03 - jna GameAssembly.dll+37CBC72 } 114992 "Settlers have God Mode" Auto Assembler Script { simply deactives the check-function and always returns 1 :) Originally I've looking into the code which writes to energy. scrolled up a few lines and found a call to "NiC.Settler.get_isGodMode" so I changed my course to screw this function instead... } define(address,NiC.Settler.get_isGodMode+63) define(bytes,74 08) [ENABLE] assert(address,bytes) address: nop 2 [DISABLE] address: db bytes { // ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+37C8C03 GameAssembly.dll+37C8BDD: 48 8B 05 9C D8 2A 01 - mov rax,[GameAssembly.dll+4A76480] GameAssembly.dll+37C8BE4: 48 8B 80 B8 00 00 00 - mov rax,[rax+000000B8] GameAssembly.dll+37C8BEB: 48 8B 08 - mov rcx,[rax] GameAssembly.dll+37C8BEE: 48 85 C9 - test rcx,rcx GameAssembly.dll+37C8BF1: 74 27 - je GameAssembly.dll+37C8C1A GameAssembly.dll+37C8BF3: 33 D2 - xor edx,edx GameAssembly.dll+37C8BF5: E8 96 C6 07 00 - call NiC.GameSessions.get_currentSession GameAssembly.dll+37C8BFA: 48 85 C0 - test rax,rax GameAssembly.dll+37C8BFD: 74 1B - je GameAssembly.dll+37C8C1A GameAssembly.dll+37C8BFF: 80 78 50 00 - cmp byte ptr [rax+50],00 // ---------- INJECTING HERE ---------- GameAssembly.dll+37C8C03: 74 08 - je GameAssembly.dll+37C8C0D // ---------- DONE INJECTING ---------- GameAssembly.dll+37C8C05: B0 01 - mov al,01 GameAssembly.dll+37C8C07: 48 83 C4 20 - add rsp,20 GameAssembly.dll+37C8C0B: 5B - pop rbx GameAssembly.dll+37C8C0C: C3 - ret GameAssembly.dll+37C8C0D: 0F B6 83 C0 03 00 00 - movzx eax,byte ptr [rbx+000003C0] GameAssembly.dll+37C8C14: 48 83 C4 20 - add rsp,20 GameAssembly.dll+37C8C18: 5B - pop rbx GameAssembly.dll+37C8C19: C3 - ret GameAssembly.dll+37C8C1A: E8 E1 D2 BF FC - call GameAssembly.DllGetActivationFactory+6910 GameAssembly.dll+37C8C1F: CC - int 3 } 114985 "debug" C0C0C0 1 9 "Always 1500 Mana (1/2)" Auto Assembler Script [ENABLE] aobscanmodule(spirit,GameAssembly.dll,5A 02 00 00 F3 41 0F 10 40 28) // should be unique alloc(newmem,$100,spirit) label(code) label(return) newmem: mov eax,(float)1500 mov [r8+28],eax code: movss xmm0,[r8+28] jmp return spirit+04: jmp newmem nop return: registersymbol(spirit) [DISABLE] spirit+04: db F3 41 0F 10 40 28 unregistersymbol(spirit) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+3BB954B GameAssembly.dll+3BB9517: 48 8B 0D 62 C7 EB 00 - mov rcx,[GameAssembly.dll+4A75C80] GameAssembly.dll+3BB951E: 48 8B 89 B8 00 00 00 - mov rcx,[rcx+000000B8] GameAssembly.dll+3BB9525: 4C 8B 41 10 - mov r8,[rcx+10] GameAssembly.dll+3BB9529: 4D 85 C0 - test r8,r8 GameAssembly.dll+3BB952C: 0F 84 73 02 00 00 - je GameAssembly.dll+3BB97A5 GameAssembly.dll+3BB9532: 48 8B 8B A0 00 00 00 - mov rcx,[rbx+000000A0] GameAssembly.dll+3BB9539: 48 85 C9 - test rcx,rcx GameAssembly.dll+3BB953C: 0F 84 63 02 00 00 - je GameAssembly.dll+3BB97A5 GameAssembly.dll+3BB9542: 48 85 F6 - test rsi,rsi GameAssembly.dll+3BB9545: 0F 84 5A 02 00 00 - je GameAssembly.dll+3BB97A5 // ---------- INJECTING HERE ---------- GameAssembly.dll+3BB954B: F3 41 0F 10 40 28 - movss xmm0,[r8+28] // ---------- DONE INJECTING ---------- GameAssembly.dll+3BB9551: B8 DC 05 00 00 - mov eax,000005DC GameAssembly.dll+3BB9556: 99 - cdq GameAssembly.dll+3BB9557: F7 79 18 - idiv [rcx+18] GameAssembly.dll+3BB955A: 8D 4F 01 - lea ecx,[rdi+01] GameAssembly.dll+3BB955D: 0F AF C1 - imul eax,ecx GameAssembly.dll+3BB9560: 48 8B CE - mov rcx,rsi GameAssembly.dll+3BB9563: 66 0F 6E C8 - movd xmm1,eax GameAssembly.dll+3BB9567: 0F 5B C9 - cvtdq2ps xmm1,xmm1 GameAssembly.dll+3BB956A: 0F 2F C1 - comiss xmm0,xmm1 GameAssembly.dll+3BB956D: 0F 93 C2 - setae dl } 114993 "Fast Build - nö" Auto Assembler Script [ENABLE] aobscanmodule(fastbuild,GameAssembly.dll,AE FF 84 C0 0F 94 C0) // should be unique alloc(newmem,$1000,fastbuild) label(code) label(return) newmem: mov al,1 code: jmp return fastbuild+02: jmp newmem return: registersymbol(fastbuild) [DISABLE] fastbuild+02: db 84 C0 0F 94 C0 unregistersymbol(fastbuild) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+36CA448 GameAssembly.dll+36CA419: E8 82 B8 CF FC - call GameAssembly.DllGetActivationFactory+66B0 GameAssembly.dll+36CA41E: C6 05 B1 94 67 01 01 - mov byte ptr [GameAssembly.dll+4D438D6],01 GameAssembly.dll+36CA425: 48 8B 0D FC 21 36 01 - mov rcx,[GameAssembly.dll+4A2C628] GameAssembly.dll+36CA42C: 48 8B 5B 30 - mov rbx,[rbx+30] GameAssembly.dll+36CA430: 83 B9 E0 00 00 00 00 - cmp dword ptr [rcx+000000E0],00 GameAssembly.dll+36CA437: 75 05 - jne GameAssembly.dll+36CA43E GameAssembly.dll+36CA439: E8 C2 67 CE FC - call GameAssembly.il2cpp_runtime_class_init GameAssembly.dll+36CA43E: 33 D2 - xor edx,edx GameAssembly.dll+36CA440: 48 8B CB - mov rcx,rbx GameAssembly.dll+36CA443: E8 28 5A AE FF - call UnityEngine.Object.op_Implicit // ---------- INJECTING HERE ---------- GameAssembly.dll+36CA448: 84 C0 - test al,al // ---------- DONE INJECTING ---------- GameAssembly.dll+36CA44A: 0F 94 C0 - sete al GameAssembly.dll+36CA44D: 48 83 C4 20 - add rsp,20 GameAssembly.dll+36CA451: 5B - pop rbx GameAssembly.dll+36CA452: C3 - ret GameAssembly.dll+36CA453: CC - int 3 GameAssembly.dll+36CA454: CC - int 3 GameAssembly.dll+36CA455: CC - int 3 GameAssembly.dll+36CA456: CC - int 3 GameAssembly.dll+36CA457: CC - int 3 GameAssembly.dll+36CA458: CC - int 3 }