18 "always 50.000 tears when buying something" Auto Assembler Script [ENABLE] aobscanmodule(tears,GameAssembly.dll,41 89 5C B0 20) // should be unique alloc(newmem,$100,tears) label(code) label(return) newmem: mov ebx,#50000 code: mov [r8+rsi*4+20],ebx jmp return tears: jmp newmem return: registersymbol(tears) [DISABLE] tears: db 41 89 5C B0 20 unregistersymbol(tears) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+BB3033 GameAssembly.dll+BB3015: 48 8B F9 - mov rdi,rcx GameAssembly.dll+BB3018: 3B 71 18 - cmp esi,[rcx+18] GameAssembly.dll+BB301B: 72 07 - jb GameAssembly.dll+BB3024 GameAssembly.dll+BB301D: 33 C9 - xor ecx,ecx GameAssembly.dll+BB301F: E8 8C 4F 0E 01 - call System.ThrowHelper.ThrowArgumentOutOfRange_IndexException GameAssembly.dll+BB3024: 4C 8B 47 10 - mov r8,[rdi+10] GameAssembly.dll+BB3028: 4D 85 C0 - test r8,r8 GameAssembly.dll+BB302B: 74 1E - je GameAssembly.dll+BB304B GameAssembly.dll+BB302D: 41 3B 70 18 - cmp esi,[r8+18] GameAssembly.dll+BB3031: 73 1E - jae GameAssembly.dll+BB3051 // ---------- INJECTING HERE ---------- GameAssembly.dll+BB3033: 41 89 5C B0 20 - mov [r8+rsi*4+20],ebx // ---------- DONE INJECTING ---------- GameAssembly.dll+BB3038: FF 47 1C - inc [rdi+1C] GameAssembly.dll+BB303B: 48 8B 5C 24 30 - mov rbx,[rsp+30] GameAssembly.dll+BB3040: 48 8B 74 24 38 - mov rsi,[rsp+38] GameAssembly.dll+BB3045: 48 83 C4 20 - add rsp,20 GameAssembly.dll+BB3049: 5F - pop rdi GameAssembly.dll+BB304A: C3 - ret GameAssembly.dll+BB304B: E8 A0 BA 86 FF - call GameAssembly.il2cpp_method_get_class+B0 GameAssembly.dll+BB3050: CC - int 3 GameAssembly.dll+BB3051: E8 8A BA 86 FF - call GameAssembly.il2cpp_method_get_class+A0 GameAssembly.dll+BB3056: CC - int 3 } 23 "Set Energy Costs to Zero" Auto Assembler Script [ENABLE] aobscanmodule(freeactions,GameAssembly.dll,8B 52 1C 45 33 C0 49 8B CC) // should be unique alloc(newmem,$100,freeactions) label(code) label(return) newmem: mov ecx,0 mov [rdx+1c],ecx code: mov edx,[rdx+1C] xor r8d,r8d jmp return freeactions: jmp newmem nop return: registersymbol(freeactions) [DISABLE] freeactions: db 8B 52 1C 45 33 C0 unregistersymbol(freeactions) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+5FBEAD GameAssembly.dll+5FBE76: 48 8D 0D F3 07 61 03 - lea rcx,[GameAssembly.dll+3C0C670] GameAssembly.dll+5FBE7D: E8 CE 29 E2 FF - call GameAssembly.il2cpp_get_exception_argument_null+2C0 GameAssembly.dll+5FBE82: C6 05 A2 11 83 03 01 - mov byte ptr [GameAssembly.dll+3E2D02B],01 GameAssembly.dll+5FBE89: 48 8B 05 E0 07 61 03 - mov rax,[GameAssembly.dll+3C0C670] GameAssembly.dll+5FBE90: 48 8B 88 B8 00 00 00 - mov rcx,[rax+000000B8] GameAssembly.dll+5FBE97: 48 8B 51 08 - mov rdx,[rcx+08] GameAssembly.dll+5FBE9B: 48 85 D2 - test rdx,rdx GameAssembly.dll+5FBE9E: 0F 84 04 01 00 00 - je GameAssembly.dll+5FBFA8 GameAssembly.dll+5FBEA4: 4D 85 E4 - test r12,r12 GameAssembly.dll+5FBEA7: 0F 84 FB 00 00 00 - je GameAssembly.dll+5FBFA8 // ---------- INJECTING HERE ---------- GameAssembly.dll+5FBEAD: 8B 52 1C - mov edx,[rdx+1C] // ---------- DONE INJECTING ---------- GameAssembly.dll+5FBEB0: 45 33 C0 - xor r8d,r8d GameAssembly.dll+5FBEB3: 49 8B CC - mov rcx,r12 GameAssembly.dll+5FBEB6: E8 A5 C3 08 00 - call PlayerController.UseEnergy GameAssembly.dll+5FBEBB: 80 3D 07 11 83 03 00 - cmp byte ptr [GameAssembly.dll+3E2CFC9],00 GameAssembly.dll+5FBEC2: 75 13 - jne GameAssembly.dll+5FBED7 GameAssembly.dll+5FBEC4: 48 8D 0D 1D 34 60 03 - lea rcx,[GameAssembly.dll+3BFF2E8] GameAssembly.dll+5FBECB: E8 80 29 E2 FF - call GameAssembly.il2cpp_get_exception_argument_null+2C0 GameAssembly.dll+5FBED0: C6 05 F2 10 83 03 01 - mov byte ptr [GameAssembly.dll+3E2CFC9],01 GameAssembly.dll+5FBED7: 48 8B 05 0A 34 60 03 - mov rax,[GameAssembly.dll+3BFF2E8] GameAssembly.dll+5FBEDE: 48 8B 88 B8 00 00 00 - mov rcx,[rax+000000B8] } 24 "debug (sucks, hehe)" C0C0C0 1 14 "endurance display 1" Auto Assembler Script [ENABLE] aobscanmodule(endurance,GameAssembly.dll,F3 0F 11 77 7C) // should be unique alloc(newmem,$100,endurance) label(code) label(return) label(value) newmem: mov ebx,[value] mov [rdi+7c],ebx code: // movss [rdi+7C],xmm6 jmp return value: dd (float)900.0 endurance: jmp newmem return: registersymbol(endurance) [DISABLE] endurance: db F3 0F 11 77 7C unregistersymbol(endurance) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+52B844 GameAssembly.dll+52B81C: 48 8B 57 50 - mov rdx,[rdi+50] GameAssembly.dll+52B820: 48 85 C9 - test rcx,rcx GameAssembly.dll+52B823: 0F 84 EA 00 00 00 - je GameAssembly.dll+52B913 GameAssembly.dll+52B829: 45 33 C0 - xor r8d,r8d GameAssembly.dll+52B82C: E8 4F 3B 79 02 - call UnityEngine.UI.Image.set_sprite GameAssembly.dll+52B831: F3 0F 10 77 78 - movss xmm6,[rdi+78] GameAssembly.dll+52B836: F3 0F 10 7F 40 - movss xmm7,[rdi+40] GameAssembly.dll+52B83B: 40 84 ED - test bpl,bpl GameAssembly.dll+52B83E: 75 28 - jne GameAssembly.dll+52B868 GameAssembly.dll+52B840: F3 0F 59 F7 - mulss xmm6,xmm7 // ---------- INJECTING HERE ---------- GameAssembly.dll+52B844: F3 0F 11 77 7C - movss [rdi+7C],xmm6 // ---------- DONE INJECTING ---------- GameAssembly.dll+52B849: 0F 28 7C 24 20 - movaps xmm7,[rsp+20] GameAssembly.dll+52B84E: 0F 28 74 24 30 - movaps xmm6,[rsp+30] GameAssembly.dll+52B853: 48 8B 5C 24 58 - mov rbx,[rsp+58] GameAssembly.dll+52B858: 48 8B 6C 24 60 - mov rbp,[rsp+60] GameAssembly.dll+52B85D: 48 8B 74 24 68 - mov rsi,[rsp+68] GameAssembly.dll+52B862: 48 83 C4 40 - add rsp,40 GameAssembly.dll+52B866: 5F - pop rdi GameAssembly.dll+52B867: C3 - ret GameAssembly.dll+52B868: 48 8B 5F 28 - mov rbx,[rdi+28] GameAssembly.dll+52B86C: 48 8B CB - mov rcx,rbx } 19 "endurance display 2" Auto Assembler Script [ENABLE] aobscanmodule(energy,GameAssembly.dll,3B D8 0F 4C C3 66) // should be unique alloc(newmem,$100,energy) label(code) label(return) newmem: code: //cmp ebx,eax //cmovl eax,ebx jmp return energy: jmp newmem return: registersymbol(energy) [DISABLE] energy: db 3B D8 0F 4C C3 unregistersymbol(energy) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+52B77D GameAssembly.dll+52B75A: 45 33 C0 - xor r8d,r8d GameAssembly.dll+52B75D: 33 D2 - xor edx,edx GameAssembly.dll+52B75F: E8 9C BC 10 00 - call CharacterManager.GetPlayerController GameAssembly.dll+52B764: 48 85 C0 - test rax,rax GameAssembly.dll+52B767: 0F 84 A6 01 00 00 - je GameAssembly.dll+52B913 GameAssembly.dll+52B76D: 33 D2 - xor edx,edx GameAssembly.dll+52B76F: 48 8B C8 - mov rcx,rax GameAssembly.dll+52B772: E8 89 61 15 00 - call PlayerController.GetCurrentMaxEnergy GameAssembly.dll+52B777: 89 47 74 - mov [rdi+74],eax GameAssembly.dll+52B77A: 8B 47 74 - mov eax,[rdi+74] // ---------- INJECTING HERE ---------- GameAssembly.dll+52B77D: 3B D8 - cmp ebx,eax // ---------- DONE INJECTING ---------- GameAssembly.dll+52B77F: 0F 4C C3 - cmovl eax,ebx GameAssembly.dll+52B782: 66 0F 6E 47 74 - movd xmm0,[rdi+74] GameAssembly.dll+52B787: 0F 57 D2 - xorps xmm2,xmm2 GameAssembly.dll+52B78A: 66 0F 6E C8 - movd xmm1,eax GameAssembly.dll+52B78E: 0F 5B C9 - cvtdq2ps xmm1,xmm1 GameAssembly.dll+52B791: 89 47 70 - mov [rdi+70],eax GameAssembly.dll+52B794: 0F 5B C0 - cvtdq2ps xmm0,xmm0 GameAssembly.dll+52B797: F3 0F 5E C8 - divss xmm1,xmm0 GameAssembly.dll+52B79B: 0F 2F D1 - comiss xmm2,xmm1 GameAssembly.dll+52B79E: 77 12 - ja GameAssembly.dll+52B7B2 }