120
"Toggle Scripts"
3174FF
Auto Assembler Script
[ENABLE]
{$lua}
if (syntaxcheck) then return end
synchronize(function()
getLuaEngine().menuItem5.doClick()
getLuaEngine().Close()
end)
-- attach process
local processName = "CrimsonDesert.exe"
local pid = getProcessIDFromProcessName(processName)
if pid ~= nil and pid > 0 then
local currentPid = getOpenedProcessID() or 0
if currentPid ~= pid then
openProcess(processName)
print("Attached to: " .. processName)
Sleep(333)
else
print("Already attached to: " .. processName)
end
end
synchronize(function()
getLuaEngine().Close()
end)
local enableBattleScripts = {
0, -- "Toggle Compact View"
1, -- "Fast friendship"
4, -- "Menu: when add item amount: set item amount"
21, -- "Set min reputation when gain"
40, -- "Get HP - Pointer map mode"
152, -- "inf: arrows / known items / keys (18) / Cube (9) / silver (980)... etc"
41, -- "Get HP #1 - Pointer map"
61, -- "Get HP #2 - Pointer map"
42, -- "Char #1 - Kliff"
46, -- "Char #2 - Damine"
50, -- "Char #3 - Oongka?"
62, -- "Char #1 - Kliff"
72, -- "Char #2 - Damine"
82, -- "Char #3 - Oongka?"
92, -- "Horse (may not work)"
97, -- "Get Horse HP - another ptr map mode"
}
local addressList = getAddressList()
synchronize(function()
for _, id in ipairs(enableBattleScripts) do
local memRec = addressList.getMemoryRecordByID(id)
if memRec and not memRec.Active then
memRec.Active = true
sleep(30)
end
addressList.refresh()
end
end)
synchronize(function() getLuaEngine().Close() end)
[DISABLE]
{$lua}
if (syntaxcheck) then return end
synchronize(function()
getLuaEngine().menuItem5.doClick()
getLuaEngine().Close()
end)
local disableBattleScripts = {
97, -- "Get Horse HP - another ptr map mode"
86, -- "Auto fill Sta (only when Sta1/2 pointer map enabled)"
83, -- "Auto fill HP (only when HP1/2 pointer map enabled)"
76, -- "Auto fill Sta (only when Sta1/2 pointer map enabled)"
73, -- "Auto fill HP (only when HP1/2 pointer map enabled)"
66, -- "Auto fill Sta (only when Sta1/2 pointer map enabled)"
63, -- "Auto fill HP (only when HP1/2 pointer map enabled)"
102, -- "Bag"
92, -- "Horse (may not work)"
82, -- "Char #3 - Oongka?"
72, -- "Char #2 - Damine"
62, -- "Char #1 - Kliff"
54, -- "Bag"
50, -- "Char #3 - Oongka?"
46, -- "Char #2 - Damine"
42, -- "Char #1 - Kliff"
35, -- "Enable step 2 (horse tab)"
31, -- "Enable step 2 (char tab)"
25, -- "Enable step 1"
15, -- "#2: cur. amount must >="
13, -- "cur. amount must >="
10, -- "Seq ID #2"
8, -- "Seq ID #1"
142, -- "Enable value list #2"
138, -- "Enable value list #1"
116, -- "Kilff HP/Sta backup (old)"
115, -- "INJECT_GET_BAG_BONUS_SLOTS_2_AOB"
114, -- "Player_Base_alt1"
61, -- "Get HP #2 - Pointer map"
41, -- "Get HP #1 - Pointer map"
30, -- "+Step 2 Usage: open item menu"
24, -- "+Step 1 Usage: open item menu"
12, -- "value clamp"
7, -- "_debug"
152, -- "inf: arrows / known items / keys (18) / Cube (9) / silver (980)... etc"
137, -- "Get base attr. skill values"
129, -- "When add base skill attr: get current values"
112, -- "Crimson Desert / https://opencheattables.com / CE 7.6+"
111, -- "Fast enemy kill / char HP full - check pt. 2"
110, -- "Fast enemy kill / char HP full - check pt. 1"
106, -- "Get Archery Competition data"
40, -- "Get HP - Pointer map mode"
23, -- "Get HP address: Step 1 & 2 - AOB mode"
21, -- "Set min reputation when gain"
18, -- "Bag bonus slot multiplier"
4, -- "Menu: when add item amount: set item amount"
1, -- "Fast friendship"
0, -- "Toggle Compact View"
}
local addressList = getAddressList()
synchronize(function()
for _, id in ipairs(disableBattleScripts) do
local memRec = addressList.getMemoryRecordByID(id)
if memRec and memRec.Active then
memRec.Active = false
sleep(30)
end
addressList.refresh()
end
end)
synchronize(function() getLuaEngine().Close() end)
-- Comments:
-- ID: 0, Description: "Toggle Compact View", Depth: 0
-- ID: 1, Description: "Fast friendship", Depth: 0
-- ID: 152, Description: "inf: arrows / known items / keys (18) / Cube (9) / silver (980)... etc", Depth: 0
-- ID: 4, Description: "Menu: when add item amount: set item amount", Depth: 0
-- ID: 7, Description: "_debug", Depth: 1
-- ID: 8, Description: "Seq ID #1", Depth: 2
-- ID: 10, Description: "Seq ID #2", Depth: 2
-- ID: 12, Description: "value clamp", Depth: 1
-- ID: 13, Description: "cur. amount must >=", Depth: 2
-- ID: 15, Description: "#2: cur. amount must >=", Depth: 2
-- ID: 18, Description: "Bag bonus slot multiplier", Depth: 0
-- ID: 21, Description: "Set min reputation when gain", Depth: 0
-- ID: 23, Description: "Get HP address: Step 1 & 2 - AOB mode", Depth: 0
-- ID: 24, Description: "+Step 1 Usage: open item menu", Depth: 1
-- ID: 25, Description: "Enable step 1", Depth: 2
-- ID: 30, Description: "+Step 2 Usage: open item menu", Depth: 1
-- ID: 31, Description: "Enable step 2 (char tab)", Depth: 2
-- ID: 35, Description: "Enable step 2 (horse tab)", Depth: 2
-- ID: 40, Description: "Get HP - Pointer map mode", Depth: 0
-- ID: 41, Description: "Get HP #1 - Pointer map", Depth: 1
-- ID: 42, Description: "Char #1 - Kliff", Depth: 2
-- ID: 46, Description: "Char #2 - Damine", Depth: 2
-- ID: 50, Description: "Char #3 - Oongka?", Depth: 2
-- ID: 54, Description: "Bag", Depth: 2
-- ID: 61, Description: "Get HP #2 - Pointer map", Depth: 1
-- ID: 62, Description: "Char #1 - Kliff", Depth: 2
-- ID: 63, Description: "Auto fill HP (only when HP1/2 pointer map enabled)", Depth: 3
-- ID: 66, Description: "Auto fill Sta (only when Sta1/2 pointer map enabled)", Depth: 3
-- ID: 72, Description: "Char #2 - Damine", Depth: 2
-- ID: 73, Description: "Auto fill HP (only when HP1/2 pointer map enabled)", Depth: 3
-- ID: 76, Description: "Auto fill Sta (only when Sta1/2 pointer map enabled)", Depth: 3
-- ID: 82, Description: "Char #3 - Oongka?", Depth: 2
-- ID: 83, Description: "Auto fill HP (only when HP1/2 pointer map enabled)", Depth: 3
-- ID: 86, Description: "Auto fill Sta (only when Sta1/2 pointer map enabled)", Depth: 3
-- ID: 92, Description: "Horse (may not work)", Depth: 2
-- ID: 97, Description: "Get Horse HP - another ptr map mode", Depth: 3
-- ID: 102, Description: "Bag", Depth: 2
-- ID: 106, Description: "Get Archery Competition data", Depth: 0
-- ID: 110, Description: "Fast enemy kill / char HP full - check pt. 1", Depth: 0
-- ID: 111, Description: "Fast enemy kill / char HP full - check pt. 2", Depth: 0
-- ID: 129, Description: "When add base skill attr: get current values", Depth: 0
-- ID: 137, Description: "Get base attr. skill values", Depth: 0
-- ID: 138, Description: "Enable value list #1", Depth: 1
-- ID: 142, Description: "Enable value list #2", Depth: 1
-- ID: 112, Description: "Crimson Desert / https://opencheattables.com / CE 7.6+", Depth: 0
-- ID: 114, Description: "Player_Base_alt1", Depth: 1
-- ID: 115, Description: "INJECT_GET_BAG_BONUS_SLOTS_2_AOB", Depth: 1
-- ID: 116, Description: "Kilff HP/Sta backup (old)", Depth: 1
121
"Notice: please load game, open item menu first. Some scripts may not be activated if not do so"
8913FF
1
0
"Toggle Compact View"
Auto Assembler Script
[ENABLE]
{$lua}
if syntaxcheck then return end
if not toggleCompactView then
function toggleCompactView(sender, forceEnable)
local isCompactMode = not (compactViewMenuItem.Caption == 'Compact View Mode')
if forceEnable ~= nil then
isCompactMode = not forceEnable
end
synchronize(function()
compactViewMenuItem.Caption = isCompactMode and 'Compact View Mode' or 'Full View Mode'
getMainForm().Splitter1.Visible = isCompactMode
getMainForm().Panel4.Visible = isCompactMode
getMainForm().Panel5.Visible = isCompactMode
end)
end
end
if not createCompactViewMenu then
function createCompactViewMenu()
if isCompactMenuCreated then return end
synchronize(function()
local mainMenu = getMainForm().Menu.Items
compactViewMenuItem = createMenuItem(mainMenu)
compactViewMenuItem.Caption = 'Compact View Mode'
compactViewMenuItem.OnClick = toggleCompactView
mainMenu.add(compactViewMenuItem)
end)
isCompactMenuCreated = true
end
end
createCompactViewMenu()
toggleCompactView(nil, true)
[DISABLE]
{$lua}
if toggleCompactView then
toggleCompactView(nil, false)
end
1
"Fast friendship"
Auto Assembler Script
{
Generated by AOBMaker, bbfox@https://opencheattables.com
Date : 2026/03/20
}
[ENABLE]
aobscanmodule(INJECT_FAST_FRIENDSHIP,$process,?? 8B ?? 10 ?? 63 ?? ?? ?? ?? ?? ?? 3B ?? 7F)
// raw AOB: 48 C1 E2 04 48 03 90 18 01 00 00 45 84 ED 74 ?? 80 BA 8B 00 00 00 00 74 ?? 8B 42 04 44 0F A3 F0 73 ?? 48 8B 46 08 48 8B 40 68 49 8B D7 48 8B 88 40 01 00 00 E8 ?? ?? ?? ?? 48 85 C0 74 ?? 48 8B 48 10 48 63 05 ?? ?? ?? ?? 48 3B C1 7F ?? 48 63 05 ?? ?? ?? ?? 48 3B C8 7E ?? 8B 45 E8 3B 45 EC 72 ?? 41 B9 08 00 00 00 45 33 C0 48 8D 55 F0 48 8D 4D E0 E8 ?? ?? ?? ?? 8B 45 E8 8B D0 48 8B 0B
// injection point AOB: ?? 8B ?? 10 ?? 63 ?? ?? ?? ?? ?? ?? 3B ?? 7F ?? ?? 63 ?? ?? ?? ?? ?? ?? 3B ?? 7E ?? 8B ?? ?? 3B ?? ?? 72 ?? ?? ?? 08 00 00 00 ?? 33 ?? ?? 8D ?? ?? ?? 8D ?? ?? E8 ?? ?? ?? ?? 8B ?? ?? 8B ?? ?? 8B
alloc(newmem,$1000,INJECT_FAST_FRIENDSHIP)
alloc(INJECT_FAST_FRIENDSHIPo, $B)
label(code)
label(return)
INJECT_FAST_FRIENDSHIPo:
readmem(INJECT_FAST_FRIENDSHIP, 11)
newmem:
cmp qword ptr [rax+10], 64
jae code
mov qword ptr [rax+10], 64
code:
// mov rcx,[rax+10]
reassemble(INJECT_FAST_FRIENDSHIP)
// movsxd rax,dword ptr [CrimsonDesert.exe+5C148F8]
reassemble(INJECT_FAST_FRIENDSHIP+4)
jmp return
align 10 cc
INJECT_FAST_FRIENDSHIP:
jmp newmem
nop 6
return:
registersymbol(INJECT_FAST_FRIENDSHIP INJECT_FAST_FRIENDSHIPo)
[DISABLE]
INJECT_FAST_FRIENDSHIP:
readmem(INJECT_FAST_FRIENDSHIPo, 11)
unregistersymbol(INJECT_FAST_FRIENDSHIP INJECT_FAST_FRIENDSHIPo)
dealloc(newmem)
dealloc(INJECT_FAST_FRIENDSHIPo)
{
// ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+14DC89E
CrimsonDesert.exe+14DC860: 48 C1 E2 04 - shl rdx,04
CrimsonDesert.exe+14DC864: 48 03 90 18 01 00 00 - add rdx,[rax+00000118]
CrimsonDesert.exe+14DC86B: 45 84 ED - test r13b,r13b
CrimsonDesert.exe+14DC86E: 74 09 - je CrimsonDesert.exe+14DC879
CrimsonDesert.exe+14DC870: 80 BA 8B 00 00 00 00 - cmp byte ptr [rdx+0000008B],00
CrimsonDesert.exe+14DC877: 74 72 - je CrimsonDesert.exe+14DC8EB
CrimsonDesert.exe+14DC879: 8B 42 04 - mov eax,[rdx+04]
CrimsonDesert.exe+14DC87C: 44 0F A3 F0 - bt eax,r14d
CrimsonDesert.exe+14DC880: 73 69 - jae CrimsonDesert.exe+14DC8EB
CrimsonDesert.exe+14DC882: 48 8B 46 08 - mov rax,[rsi+08]
CrimsonDesert.exe+14DC886: 48 8B 40 68 - mov rax,[rax+68]
CrimsonDesert.exe+14DC88A: 49 8B D7 - mov rdx,r15
CrimsonDesert.exe+14DC88D: 48 8B 88 40 01 00 00 - mov rcx,[rax+00000140]
CrimsonDesert.exe+14DC894: E8 47 BA 3C 00 - call CrimsonDesert.exe+18A82E0
CrimsonDesert.exe+14DC899: 48 85 C0 - test rax,rax
CrimsonDesert.exe+14DC89C: 74 1C - je CrimsonDesert.exe+14DC8BA
// ---------- INJECTING HERE ----------
CrimsonDesert.exe+14DC89E: 48 8B 48 10 - mov rcx,[rax+10]
// ---------- DONE INJECTING ----------
CrimsonDesert.exe+14DC8A2: 48 63 05 4F 80 73 04 - movsxd rax,dword ptr [CrimsonDesert.exe+5C148F8]
CrimsonDesert.exe+14DC8A9: 48 3B C1 - cmp rax,rcx
CrimsonDesert.exe+14DC8AC: 7F 0C - jg CrimsonDesert.exe+14DC8BA
CrimsonDesert.exe+14DC8AE: 48 63 05 03 7F 73 04 - movsxd rax,dword ptr [CrimsonDesert.exe+5C147B8]
CrimsonDesert.exe+14DC8B5: 48 3B C8 - cmp rcx,rax
CrimsonDesert.exe+14DC8B8: 7E 31 - jle CrimsonDesert.exe+14DC8EB
CrimsonDesert.exe+14DC8BA: 8B 45 E8 - mov eax,[rbp-18]
CrimsonDesert.exe+14DC8BD: 3B 45 EC - cmp eax,[rbp-14]
CrimsonDesert.exe+14DC8C0: 72 19 - jb CrimsonDesert.exe+14DC8DB
CrimsonDesert.exe+14DC8C2: 41 B9 08 00 00 00 - mov r9d,00000008
CrimsonDesert.exe+14DC8C8: 45 33 C0 - xor r8d,r8d
CrimsonDesert.exe+14DC8CB: 48 8D 55 F0 - lea rdx,[rbp-10]
CrimsonDesert.exe+14DC8CF: 48 8D 4D E0 - lea rcx,[rbp-20]
CrimsonDesert.exe+14DC8D3: E8 E8 E5 DF FE - call CrimsonDesert.exe+2DAEC0
CrimsonDesert.exe+14DC8D8: 8B 45 E8 - mov eax,[rbp-18]
CrimsonDesert.exe+14DC8DB: 8B D0 - mov edx,eax
}
152
"inf: arrows / known items / keys (18) / Cube (9) / silver (980)... etc"
Auto Assembler Script
{
Generated by AOBMaker, bbfox@https://opencheattables.com
Date : 2026/03/20
Refactored: table-driven item ID lookup (v3)
}
[ENABLE]
aobscanmodule(INJECT_INF_ARROW_N_OTHERS,$process,?? 83 ?? 10 00 7E ?? ?? 8D ?? 08 66)
alloc(newmem,$2000,INJECT_INF_ARROW_N_OTHERS)
alloc(INJECT_INF_ARROW_N_OTHERSo, $5)
label(code)
label(return)
label(is_chk_silver)
label(search_loop)
label(found_match)
label(check_silver)
label(table_end_not_found)
label(item_table)
label(save_rax)
label(save_rcx)
// ============================================================
// 道具資料表 (Item Lookup Table)
// 格式: dq <item_id>, <amount> (每筆 16 bytes)
// 結尾: dq -1, 0
//
// CE 數值預設十六進位,用 # 前綴表示十進位
// amount 對照:
// #60 [彈藥] 箭矢/子彈/砲彈/羊毛/錢袋
// #48 [素材] 食材/礦石/皮革/木材/雜物
// #12 [料理] 酒/鑰匙/馬糧/烤物/湯品
// #9 藥丸/深淵方塊/酒瓶/裝飾
//
// 新增道具 → 插入到正確的 ID 順序位置
// 刪除道具 → 刪掉或註解該行
// 改數量 → 改第二個值
// ============================================================
INJECT_INF_ARROW_N_OTHERSo:
readmem(INJECT_INF_ARROW_N_OTHERS, 5)
newmem:
// --- 前置: 快速範圍檢查 (ID < 10) ---
//cmp qword ptr [rbx+8], #10
//jb code
// --- 銀幣特殊處理 (ID=1568, 需要 flag 控制) ---
cmp qword ptr [rbx+8], #1568
je check_silver
// --- 保存暫存器 (不用 push/pop,避免堆疊對齊問題) ---
mov [save_rax], rax
mov [save_rcx], rcx
// --- 查表迴圈 ---
mov rcx, item_table
search_loop:
mov rax, [rcx] // rax = table entry item_id
cmp rax, -1 // 結尾標記?
je table_end_not_found
cmp [rbx+8], eax // 比對道具 ID
je found_match
add rcx, 10 // 下一筆 entry (0x10 = 16 bytes)
jmp search_loop
found_match:
mov rax, [rcx+8] // rax = 對應的 amount
mov [rbx+10], rax // 設定數量
mov rax, [save_rax]
mov rcx, [save_rcx]
jmp short code
table_end_not_found:
mov rax, [save_rax]
mov rcx, [save_rcx]
jmp short code
check_silver:
cmp dword ptr [is_chk_silver], 1
jne short code
mov qword ptr [rbx+10], #98000
jmp short code
code:
reassemble(INJECT_INF_ARROW_N_OTHERS)
jmp return
// ============================================================
// 暫存器保存區
// ============================================================
align 10 cc
save_rax:
dq 0
save_rcx:
dq 0
// ============================================================
// 道具資料表 (按 ID 升序排列)
// dq <item_id>, <amount>
//
// *** 新增/刪除/修改道具只需編輯這個區塊 ***
// ============================================================
align 10 cc
item_table:
dq #1, #96 // arrow 箭矢 [彈藥]
dq #3, #96 // poison arrow 毒箭 [彈藥]
dq #16, #48 // small cannonball 小砲彈 [彈藥]
dq #23, #96 // bullet 子彈 [彈藥]
dq #817, #48 // 短角
dq #831, #48 // 聖水
dq #835, #48 // 石材
dq #836, #48 // 高級石材
dq #837, #48 // 頂級石材 [素材]
dq #839, #48 // iron ore 鐵礦 [素材]
dq #840, #48 // Copper ore 銅礦 [素材]
dq #842, #48 // blood stone 血石 [素材]
dq #851, #48 // 藍銅礦
dq #854, #48 // 木材 [素材]
dq #855, #48 // 高級木材
dq #857, #48 // thin hide 薄獸皮 [素材]
dq #858, #48 // 厚重皮革
dq #859, #48 // 堅韌皮革
dq #861, #48 // 短毛皮革
dq #862, #48 // 碎布片 [素材]
dq #863, #48 // feather 羽毛 [素材]
dq #864, #96 // wool 羊毛
dq #867, #48 // 小型骨頭 [素材]
dq #871, #48 // gunpowder 火藥 [素材]
dq #872, #48 // empty bottle
dq #874, #48 // 鮮肉 [素材]
dq #875, #48 // 大塊肉
dq #876, #48 // 軟嫩肉
dq #877, #48 // 肥肉
dq #878, #48 // 鮮美鳥肉
dq #880, #48 // 紅扁豆
dq #883, #48 // barley 大麥
dq #884, #48 // 小麥
dq #887, #48 // oats 燕麥 [素材]
dq #888, #48 // 覆盆子
dq #896, #48 // apple 蘋果 [素材]
dq #907, #48 // 蕪菁
dq #911, #48 // 地瓜
dq #915, #48 // carrot
dq #928, #48 // 百年草
dq #937, #48 // egg 蛋 [素材]
dq #938, #48 // milk
dq #939, #48 // Cheese
dq #941, #48 // salt 鹽 [素材]
dq #942, #48 // sugar 糖 [素材]
dq #943, #48 // water 水 [素材]
dq #944, #48 // 料理用油 [素材]
dq #991, #48 // 魚肉 [素材]
dq #1003, #18 // 風乾肉塊
dq #1005, #18 // bread
dq #1006, #18 // beer
dq #1070, #18 // 滿滿的年糕
dq #1094, #18 // 豐盛的燉排骨
dq #1174, #18 // 蒸蛋
dq #1194, #18 // 滿滿的烤肉
dq #1204, #18 // 滿滿的烤鳥肉
dq #1211, #18 // 清湯料理
dq #1326, #18 // 水果茶
dq #1328, #18 // 果汁
dq #1234, #18 // 烤大魚
dq #1255, #18 // 蛋煎蔬菜
dq #1256, #18 // fried egg fish 蛋煎魚 [料理]
dq #1257, #18 // Grilled meat 烤肉 [料理]
dq #1259, #18 // 醬燒魚
dq #1260, #18 // food 烤穀物 [料理]
dq #1261, #18 // 烤蛋
dq #1272, #18 // 醃漬蔬菜
dq #1278, #18 // 水果蜜餞 [料理]
dq #1279, #18 // 烤蔬菜
dq #1299, #18 // 乾草
dq #1304, #9 // 阿布羅妮亞的初階藥劑
dq #1306, #9 // 梅莉亞拉的初階藥劑
dq #1322, #18 // honey tea
dq #1327, #18 // 水果酒 [料理]
dq #1542, #18 // keys 鑰匙 [料理]
dq #2395, #48 // 帶有可疑紋樣的紙條
dq #2240, #9 // abyss cube 阿比斯神器
dq #2241, #9 // 褪色的阿比斯神器
dq #2774, #9 // apple seed
dq #2801, #9 // 止靜丹
// --- 商落未 (母湯苔鯛!) ---
dq -1, 0
align 10 cc
is_chk_silver:
dd 0 0
INJECT_INF_ARROW_N_OTHERS:
jmp newmem
return:
registersymbol(INJECT_INF_ARROW_N_OTHERS INJECT_INF_ARROW_N_OTHERSo)
registersymbol(is_chk_silver)
[DISABLE]
INJECT_INF_ARROW_N_OTHERS:
readmem(INJECT_INF_ARROW_N_OTHERSo, 5)
unregistersymbol(INJECT_INF_ARROW_N_OTHERS INJECT_INF_ARROW_N_OTHERSo)
unregistersymbol(is_chk_silver)
dealloc(newmem)
dealloc(INJECT_INF_ARROW_N_OTHERSo)
{
// ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+1D1A9EA
CrimsonDesert.exe+1D1A9A6: 0F B7 E8 - movzx ebp,ax
CrimsonDesert.exe+1D1A9A9: 66 41 3B C4 - cmp ax,r12w
CrimsonDesert.exe+1D1A9AD: 0F 8D AB 00 00 00 - jnl CrimsonDesert.exe+1D1AA5E
CrimsonDesert.exe+1D1A9B3: 48 89 5C 24 50 - mov [rsp+50],rbx
CrimsonDesert.exe+1D1A9B8: BA FF FF 00 00 - mov edx,0000FFFF
CrimsonDesert.exe+1D1A9BD: 48 89 7C 24 58 - mov [rsp+58],rdi
CrimsonDesert.exe+1D1A9C2: 66 44 3B 7E 12 - cmp r15w,[rsi+12]
CrimsonDesert.exe+1D1A9C7: 0F 8D 84 00 00 00 - jnl CrimsonDesert.exe+1D1AA51
CrimsonDesert.exe+1D1A9CD: 0F BF C5 - movsx eax,bp
CrimsonDesert.exe+1D1A9D0: 48 8D 1C 40 - lea rbx,[rax+rax*2]
CrimsonDesert.exe+1D1A9D4: 48 C1 E3 06 - shl rbx,06
CrimsonDesert.exe+1D1A9D8: 48 03 1E - add rbx,[rsi]
CrimsonDesert.exe+1D1A9DB: 48 39 1D E6 C5 F0 03 - cmp [CrimsonDesert.exe+5C26FC8],rbx
CrimsonDesert.exe+1D1A9E2: 74 60 - je CrimsonDesert.exe+1D1AA44
CrimsonDesert.exe+1D1A9E4: 66 3B 53 08 - cmp dx,[rbx+08]
CrimsonDesert.exe+1D1A9E8: 74 5A - je CrimsonDesert.exe+1D1AA44
// ---------- INJECTING HERE ----------
CrimsonDesert.exe+1D1A9EA: 48 83 7B 10 00 - cmp qword ptr [rbx+10],00
// ---------- DONE INJECTING ----------
CrimsonDesert.exe+1D1A9EF: 7E 53 - jle CrimsonDesert.exe+1D1AA44
CrimsonDesert.exe+1D1A9F1: 48 8D 4B 08 - lea rcx,[rbx+08]
CrimsonDesert.exe+1D1A9F5: 66 41 FF C7 - inc r15w
CrimsonDesert.exe+1D1A9F9: E8 A2 A3 5B FE - call CrimsonDesert.exe+2D4DA0
CrimsonDesert.exe+1D1A9FE: 48 8B C8 - mov rcx,rax
CrimsonDesert.exe+1D1AA01: 41 8B 45 00 - mov eax,[r13+00]
CrimsonDesert.exe+1D1AA05: 39 01 - cmp [rcx],eax
CrimsonDesert.exe+1D1AA07: 75 36 - jne CrimsonDesert.exe+1D1AA3F
CrimsonDesert.exe+1D1AA09: 83 7E 20 00 - cmp dword ptr [rsi+20],00
CrimsonDesert.exe+1D1AA0D: 0F B7 43 08 - movzx eax,word ptr [rbx+08]
CrimsonDesert.exe+1D1AA11: 74 28 - je CrimsonDesert.exe+1D1AA3B
CrimsonDesert.exe+1D1AA13: 44 8B 4E 20 - mov r9d,[rsi+20]
CrimsonDesert.exe+1D1AA17: 33 C9 - xor ecx,ecx
CrimsonDesert.exe+1D1AA19: 45 85 C9 - test r9d,r9d
CrimsonDesert.exe+1D1AA1C: 74 1D - je CrimsonDesert.exe+1D1AA3B
CrimsonDesert.exe+1D1AA1E: 4C 8B 56 18 - mov r10,[rsi+18]
}
153
"Force set silver amount?"
YesNo
0
C08000
4 Bytes
is_chk_silver
4
"Menu: when add item amount: set item amount"
Auto Assembler Script
{
Generated by AOBMaker, bbfox@https://opencheattables.com
Date : 2026/03/20
}
[ENABLE]
aobscanmodule(INJECT_SET_ITEM_CNT,$process,?? 01 ?? 38 10 ?? 8B)
// raw AOB: 66 3B 41 08 0F 84 ?? ?? ?? ?? 4C 8B 61 10 4D 85 E4 0F 8E ?? ?? ?? ?? 48 8D 4C 24 68 48 89 6C 24 50 66 89 5C 24 68 E8 ?? ?? ?? ?? 0F B6 54 24 70 48 89 C1 E8 ?? ?? ?? ?? 49 8B 4D 10 48 89 C5 4D 8B 06 66 89 5C 24 68 49 01 4C 38 10 49 8B 0E 48 8B 7C 0F 10 48 8D 4C 24 68 E8 ?? ?? ?? ?? 0F B6 54 24 70 48 89 C1 E8 ?? ?? ?? ?? 48 8D 1D ?? ?? ?? ?? 48 C7 03 0F A2 C3 00 49 89 C2 31 C9 48 89 F8 48 99 49 F7 FA 49 89 C2 49 89 D1
// injection point AOB: ?? 01 ?? 38 10 ?? 8B ?? ?? 8B ?? 0F 10 ?? 8D ?? 24 ?? E8 ?? ?? ?? ?? 0F B6 ?? 24 ?? ?? 89 ?? E8 ?? ?? ?? ?? ?? 8D ?? ?? ?? ?? ?? ?? C7 ?? 0F A2 C3 00 ?? 89 ?? 31 ?? ?? 89 ?? 48 99 ?? F7 ?? ?? 89 ?? ?? 89
alloc(newmem,$1000,INJECT_SET_ITEM_CNT)
alloc(INJECT_SET_ITEM_CNTo, $5)
label(code)
label(return)
label(i_item_threshold i_item_set_to)
label(i_item_threshold2 i_item_set_to2 i_item_threshold3 i_item_set_to3 i_item_threshold4 i_item_set_to4 i_item_add_options vf_item_add_multi)
label(i_last_idata_addr1 i_last_idata_addr2)
INJECT_SET_ITEM_CNTo:
readmem(INJECT_SET_ITEM_CNT, 5)
newmem:
test rcx, rcx
jz code
push r15
push r14
mov r15, i_last_idata_addr1
mov r14, [i_idx]
lea r15, [r15+r14*8]
lea r14, [r8+rdi]
mov [r15], r14
inc qword ptr [i_idx]
cmp qword ptr [i_idx], 2
jb short endp_pre
mov qword ptr [i_idx], 0
endp_pre:
pop r14
pop r15
cmp qword ptr [r8+rdi], #125 // normal key
je code
cmp qword ptr [r8+rdi], #175 // cube
je code
cmp qword ptr [r8+rdi], #26 // wool
je code
cmp qword ptr [r8+rdi], #27 // silver (currency)
je code
cmp dword ptr [i_item_add_options], 0
jne chk_next1
push r15
{
mov r15, [i_item_threshold4]
cmp [r8+rdi+10], r15
jb @F
mov r15, [i_item_set_to4]
cmp [r8+rdi+10], r15
jae @F
mov [r8+rdi+10], r15
jmp endp
@@:
mov r15, [i_item_threshold3]
cmp [r8+rdi+10], r15
jb @F
mov r15, [i_item_set_to3]
cmp [r8+rdi+10], r15
jae @F
mov [r8+rdi+10], r15
jmp endp
}
@@:
mov r15, [i_item_threshold2]
cmp [r8+rdi+10], r15
jb short @F
mov r15, [i_item_set_to2]
cmp [r8+rdi+10], r15
jae short @F
mov [r8+rdi+10], r15
jmp short endp
@@:
mov r15, [i_item_threshold]
cmp [r8+rdi+10], r15
jb short @F
mov r15, [i_item_set_to]
cmp [r8+rdi+10], r15
jae short @F
mov [r8+rdi+10], r15
jmp short endp
@@:
endp:
pop r15
jmp short code
chk_next1:
vmovss xmm14, [vf_item_add_multi]
vcvtsi2ss xmm15, xmm15, rcx
vmulss xmm15, xmm14, xmm14
vcvtss2si rcx, xmm15
code:
// add [r8+rdi+10],rcx
reassemble(INJECT_SET_ITEM_CNT)
jmp return
align 10 cc
i_item_threshold:
dq 2
i_item_set_to:
dq #29
i_item_threshold2:
dq #101
i_item_set_to2:
dq #900
i_item_threshold3:
dq #1001
i_item_set_to3:
dq #9800
i_item_threshold4:
dq #10001
i_item_set_to4:
dq #99800
i_item_add_options: // 0 = value clamp, 1 = multiplier
dd 0
vf_item_add_multi:
dd (float)3
i_idx:
dq 0
i_last_idata_addr1:
dq 0
i_last_idata_addr2:
dq 0
INJECT_SET_ITEM_CNT:
jmp newmem
return:
registersymbol(INJECT_SET_ITEM_CNT INJECT_SET_ITEM_CNTo)
registersymbol(i_item_threshold i_item_set_to)
registersymbol(i_last_idata_addr1 i_last_idata_addr2)
registersymbol(i_item_threshold2 i_item_set_to2 i_item_threshold3 i_item_set_to3 i_item_threshold4 i_item_set_to4 i_item_add_options vf_item_add_multi)
[DISABLE]
INJECT_SET_ITEM_CNT:
readmem(INJECT_SET_ITEM_CNTo, 5)
unregistersymbol(INJECT_SET_ITEM_CNT INJECT_SET_ITEM_CNTo)
unregistersymbol(i_item_threshold i_item_set_to)
unregistersymbol(i_last_idata_addr1 i_last_idata_addr2)
unregistersymbol(i_item_threshold2 i_item_set_to2 i_item_threshold3 i_item_set_to3 i_item_threshold4 i_item_set_to4 i_item_add_options vf_item_add_multi)
dealloc(newmem)
dealloc(INJECT_SET_ITEM_CNTo)
{
// ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+FC948CA
CrimsonDesert.exe+FC94883: 66 3B 41 08 - cmp ax,[rcx+08]
CrimsonDesert.exe+FC94887: 0F 84 B2 00 00 00 - je CrimsonDesert.exe+FC9493F
CrimsonDesert.exe+FC9488D: 4C 8B 61 10 - mov r12,[rcx+10]
CrimsonDesert.exe+FC94891: 4D 85 E4 - test r12,r12
CrimsonDesert.exe+FC94894: 0F 8E A5 00 00 00 - jng CrimsonDesert.exe+FC9493F
CrimsonDesert.exe+FC9489A: 48 8D 4C 24 68 - lea rcx,[rsp+68]
CrimsonDesert.exe+FC9489F: 48 89 6C 24 50 - mov [rsp+50],rbp
CrimsonDesert.exe+FC948A4: 66 89 5C 24 68 - mov [rsp+68],bx
CrimsonDesert.exe+FC948A9: E8 F2 04 64 F0 - call CrimsonDesert.exe+2D4DA0
CrimsonDesert.exe+FC948AE: 0F B6 54 24 70 - movzx edx,byte ptr [rsp+70]
CrimsonDesert.exe+FC948B3: 48 89 C1 - mov rcx,rax
CrimsonDesert.exe+FC948B6: E8 A5 DF 08 F2 - call CrimsonDesert.exe+1D22860
CrimsonDesert.exe+FC948BB: 49 8B 4D 10 - mov rcx,[r13+10]
CrimsonDesert.exe+FC948BF: 48 89 C5 - mov rbp,rax
CrimsonDesert.exe+FC948C2: 4D 8B 06 - mov r8,[r14]
CrimsonDesert.exe+FC948C5: 66 89 5C 24 68 - mov [rsp+68],bx
// ---------- INJECTING HERE ----------
CrimsonDesert.exe+FC948CA: 49 01 4C 38 10 - add [r8+rdi+10],rcx
// ---------- DONE INJECTING ----------
CrimsonDesert.exe+FC948CF: 49 8B 0E - mov rcx,[r14]
CrimsonDesert.exe+FC948D2: 48 8B 7C 0F 10 - mov rdi,[rdi+rcx+10]
CrimsonDesert.exe+FC948D7: 48 8D 4C 24 68 - lea rcx,[rsp+68]
CrimsonDesert.exe+FC948DC: E8 BF 04 64 F0 - call CrimsonDesert.exe+2D4DA0
CrimsonDesert.exe+FC948E1: 0F B6 54 24 70 - movzx edx,byte ptr [rsp+70]
CrimsonDesert.exe+FC948E6: 48 89 C1 - mov rcx,rax
CrimsonDesert.exe+FC948E9: E8 72 DF 08 F2 - call CrimsonDesert.exe+1D22860
CrimsonDesert.exe+FC948EE: 48 8D 1D 9C C5 D3 07 - lea rbx,[CrimsonDesert.exe+179D0E91]
CrimsonDesert.exe+FC948F5: 48 C7 03 0F A2 C3 00 - mov qword ptr [rbx],00C3A20F
CrimsonDesert.exe+FC948FC: 49 89 C2 - mov r10,rax
CrimsonDesert.exe+FC948FF: 31 C9 - xor ecx,ecx
CrimsonDesert.exe+FC94901: 48 89 F8 - mov rax,rdi
CrimsonDesert.exe+FC94904: 48 99 - cqo
CrimsonDesert.exe+FC94906: 49 F7 FA - idiv r10
CrimsonDesert.exe+FC94909: 49 89 C2 - mov r10,rax
CrimsonDesert.exe+FC9490C: 49 89 D1 - mov r9,rdx
}
5
"ignores known keys and cubes, others in "inf: arrows, bullets...." script"
8000FF
1
6
"mode"
0:value clamp
1:multiplier
0
C08000
4 Bytes
i_item_add_options
7
"_debug"
1
8
"Seq ID #1"
0
808080
8 Bytes
i_last_idata_addr1
0
9
"ID alt #1"
0
FF8080
4 Bytes
i_last_idata_addr2
8
150
"amount #1"
0
FF8080
8 Bytes
i_last_idata_addr2
10
10
"Seq ID #2"
0
808080
8 Bytes
i_last_idata_addr2
0
11
"ID alt #2"
0
FF8080
4 Bytes
i_last_idata_addr2
8
151
"amount #2"
0
FF8080
8 Bytes
i_last_idata_addr2
10
12
"value clamp"
1
13
"cur. amount must >="
0
C08000
8 Bytes
i_item_threshold
14
"set amount to"
0
C08000
8 Bytes
i_item_set_to
15
"#2: cur. amount must >="
0
C08000
8 Bytes
i_item_threshold2
16
"#2: set amount to"
0
C08000
8 Bytes
i_item_set_to2
17
"multiplier"
0
C08000
Float
vf_item_add_multi
18
"Bag bonus slot multiplier"
Auto Assembler Script
{
Generated by AOBMaker, bbfox@https://opencheattables.com
Date : 2026/03/22
}
[ENABLE]
aobscanmodule(INJECT_BAG_BONUS_MULTI,$process,66 01 ?? 16 ?? 8B)
// raw AOB: E8 ?? ?? ?? ?? 44 0F B7 4B 14 45 33 F6 66 44 39 48 14 7D ?? 41 0F B7 FE EB ?? 48 8D 4B 10 E8 ?? ?? ?? ?? 44 0F B7 4B 14 0F B7 48 14 66 41 2B C9 66 3B CF 66 0F 4C F9 48 8B 6C 24 38 66 44 03 CF 66 01 7B 16 48 8B C6 48 8B 7C 24 48 66 44 89 4B 14 48 8B 5C 24 30 44 89 36 48 8B 74 24 40 48 83 C4 20 41 5E C3 CC CC CC 48 89 5C 24 08 4C 8B 05 ?? ?? ?? ?? 66 39 51 0C 7E ?? 0F BF C2
// injection point AOB: 66 01 ?? 16 ?? 8B ?? ?? 8B ?? 24 ?? 66 ?? 89 ?? 14 ?? 8B ?? 24 ?? ?? 89 ?? ?? 8B ?? 24 ?? 48 83 C4 20 ?? ?? C3 CC CC CC ?? 89 ?? 24 ?? ?? 8B ?? ?? ?? ?? ?? 66 39 ?? 0C 7E ?? 0F BF
alloc(newmem,$1000,INJECT_BAG_BONUS_MULTI)
alloc(INJECT_BAG_BONUS_MULTIo, $7)
label(code)
label(return)
label(vf_mult_348928 iw_min_bonus)
INJECT_BAG_BONUS_MULTIo:
readmem(INJECT_BAG_BONUS_MULTI, 7)
newmem:
// **** Begin Auto script: Multiplier
// value=3, rule=R1_MemReg, template=P1_IntToFloat, NegDeltaCheck, PreserveXmm
sub rsp, 20
movaps [rsp], xmm15
movaps [rsp+10], xmm14
and edi, 0000FFFF
test edi, edi
// Multiplier: delta in di
vmovss xmm15, [vf_mult_348928]
vcvtsi2ss xmm14, xmm14, edi
vmulss xmm14, xmm14, xmm15
vcvtss2si edi, xmm14
skip_mult_348928:
movaps xmm15, [rsp]
movaps xmm14, [rsp+10]
add rsp, 20
// **** End Auto script: Multiplier
code:
// add [rbx+16],di
reassemble(INJECT_BAG_BONUS_MULTI)
// mov rax,rsi
reassemble(INJECT_BAG_BONUS_MULTI+4)
jmp return
align 10 cc
vf_mult_348928:
dd (float)3
iw_min_bonus:
dw 64
INJECT_BAG_BONUS_MULTI:
jmp newmem
nop 2
return:
registersymbol(INJECT_BAG_BONUS_MULTI INJECT_BAG_BONUS_MULTIo vf_mult_348928 iw_min_bonus)
[DISABLE]
INJECT_BAG_BONUS_MULTI:
readmem(INJECT_BAG_BONUS_MULTIo, 7)
unregistersymbol(INJECT_BAG_BONUS_MULTI INJECT_BAG_BONUS_MULTIo vf_mult_348928 iw_min_bonus)
dealloc(newmem)
dealloc(INJECT_BAG_BONUS_MULTIo)
{
// ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+1D1A6E8
CrimsonDesert.exe+1D1A6A8: E8 A3 DA 79 FE - call CrimsonDesert.exe+4B8150
CrimsonDesert.exe+1D1A6AD: 44 0F B7 4B 14 - movzx r9d,word ptr [rbx+14]
CrimsonDesert.exe+1D1A6B2: 45 33 F6 - xor r14d,r14d
CrimsonDesert.exe+1D1A6B5: 66 44 39 48 14 - cmp [rax+14],r9w
CrimsonDesert.exe+1D1A6BA: 7D 06 - jnl CrimsonDesert.exe+1D1A6C2
CrimsonDesert.exe+1D1A6BC: 41 0F B7 FE - movzx edi,r14w
CrimsonDesert.exe+1D1A6C0: EB 1D - jmp CrimsonDesert.exe+1D1A6DF
CrimsonDesert.exe+1D1A6C2: 48 8D 4B 10 - lea rcx,[rbx+10]
CrimsonDesert.exe+1D1A6C6: E8 85 DA 79 FE - call CrimsonDesert.exe+4B8150
CrimsonDesert.exe+1D1A6CB: 44 0F B7 4B 14 - movzx r9d,word ptr [rbx+14]
CrimsonDesert.exe+1D1A6D0: 0F B7 48 14 - movzx ecx,word ptr [rax+14]
CrimsonDesert.exe+1D1A6D4: 66 41 2B C9 - sub cx,r9w
CrimsonDesert.exe+1D1A6D8: 66 3B CF - cmp cx,di
CrimsonDesert.exe+1D1A6DB: 66 0F 4C F9 - cmovl di,cx
CrimsonDesert.exe+1D1A6DF: 48 8B 6C 24 38 - mov rbp,[rsp+38]
CrimsonDesert.exe+1D1A6E4: 66 44 03 CF - add r9w,di
// ---------- INJECTING HERE ----------
CrimsonDesert.exe+1D1A6E8: 66 01 7B 16 - add [rbx+16],di
// ---------- DONE INJECTING ----------
CrimsonDesert.exe+1D1A6EC: 48 8B C6 - mov rax,rsi
CrimsonDesert.exe+1D1A6EF: 48 8B 7C 24 48 - mov rdi,[rsp+48]
CrimsonDesert.exe+1D1A6F4: 66 44 89 4B 14 - mov [rbx+14],r9w
CrimsonDesert.exe+1D1A6F9: 48 8B 5C 24 30 - mov rbx,[rsp+30]
CrimsonDesert.exe+1D1A6FE: 44 89 36 - mov [rsi],r14d
CrimsonDesert.exe+1D1A701: 48 8B 74 24 40 - mov rsi,[rsp+40]
CrimsonDesert.exe+1D1A706: 48 83 C4 20 - add rsp,20
CrimsonDesert.exe+1D1A70A: 41 5E - pop r14
CrimsonDesert.exe+1D1A70C: C3 - ret
CrimsonDesert.exe+1D1A70D: CC - int 3
CrimsonDesert.exe+1D1A70E: CC - int 3
CrimsonDesert.exe+1D1A70F: CC - int 3
CrimsonDesert.exe+1D1A710: 48 89 5C 24 08 - mov [rsp+08],rbx
CrimsonDesert.exe+1D1A715: 4C 8B 05 AC C8 F0 03 - mov r8,[CrimsonDesert.exe+5C26FC8]
CrimsonDesert.exe+1D1A71C: 66 39 51 0C - cmp [rcx+0C],dx
CrimsonDesert.exe+1D1A720: 7E 69 - jle CrimsonDesert.exe+1D1A78B
}
19
"base min bonus"
0
C08000
2 Bytes
iw_min_bonus
20
"multiplier"
0
C08000
Float
vf_mult_348928
21
"Set min reputation when gain"
Auto Assembler Script
{
Generated by AOBMaker, bbfox@https://opencheattables.com
Date : 2026/03/22
}
[ENABLE]
aobscanmodule(INJECT_SET_MIN_REP_WHEN_GAIN,$process,?? 89 ?? 10 89 ?? 0C ?? 8B ?? 24 ?? 00)
// raw AOB: 48 8D 69 18 41 8B F1 48 8D 8C 24 98 00 00 00 41 8B F8 0F B7 DA E8 ?? ?? ?? ?? 48 8B D0 48 8B CD E8 ?? ?? ?? ?? 48 85 C0 74 ?? 89 78 08 39 78 04 7D ?? 89 78 04 48 8B 8C 24 B0 00 00 00 48 89 48 10 89 70 0C 48 8B 9C 24 A0 00 00 00 48 83 C4 70 5F 5E 5D C3 48 8B 84 24 B0 00 00 00 48 8D 8C 24 90 00 00 00 48 89 44 24 50 66 89 5C 24 40 89 7C 24 44 89 7C 24 48 89 74 24 4C 66 89 9C 24 90 00 00 00 E8 ?? ?? ?? ?? 4C 8D 4C 24 40
// injection point AOB: ?? 89 ?? 10 89 ?? 0C ?? 8B ?? 24 ?? 00 00 00 48 83 C4 70 ?? ?? 5D C3 ?? 8B ?? 24 ?? 00 00 00 ?? 8D ?? 24 ?? 00 00 00 ?? 89 ?? 24 ?? 66 89 ?? 24 ?? 89 ?? 24 ?? 89 ?? 24 ?? 89 ?? 24 ?? 66 89 ?? 24 ?? 00 00 00 E8 ?? ?? ?? ?? ?? 8D ?? 24
alloc(newmem,$1000,INJECT_SET_MIN_REP_WHEN_GAIN)
alloc(INJECT_SET_MIN_REP_WHEN_GAINo, $7)
label(code)
label(return)
label(i_min_rep_dot_value i_min_rep_value)
INJECT_SET_MIN_REP_WHEN_GAINo:
readmem(INJECT_SET_MIN_REP_WHEN_GAIN, 7)
newmem:
mov rbx, [i_min_rep_dot_value]
cmp rcx, rbx
jae short @F
mov rcx, rbx
@@:
mov rbx, [i_min_rep_value]
cmp [rax+8], rbx
jae short @F
mov [rax+8], rbx
code:
// mov [rax+10],rcx
reassemble(INJECT_SET_MIN_REP_WHEN_GAIN)
// mov [rax+0C],esi
reassemble(INJECT_SET_MIN_REP_WHEN_GAIN+4)
jmp return
align 10 cc
i_min_rep_dot_value:
dq #98
i_min_rep_value:
dq 14
INJECT_SET_MIN_REP_WHEN_GAIN:
jmp newmem
nop 2
return:
registersymbol(INJECT_SET_MIN_REP_WHEN_GAIN INJECT_SET_MIN_REP_WHEN_GAINo)
registersymbol(i_min_rep_dot_value i_min_rep_value)
[DISABLE]
INJECT_SET_MIN_REP_WHEN_GAIN:
readmem(INJECT_SET_MIN_REP_WHEN_GAINo, 7)
unregistersymbol(INJECT_SET_MIN_REP_WHEN_GAIN INJECT_SET_MIN_REP_WHEN_GAINo)
unregistersymbol(i_min_rep_dot_value i_min_rep_value)
dealloc(newmem)
dealloc(INJECT_SET_MIN_REP_WHEN_GAINo)
{
// ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+1B3057E
CrimsonDesert.exe+1B30541: 48 8D 69 18 - lea rbp,[rcx+18]
CrimsonDesert.exe+1B30545: 41 8B F1 - mov esi,r9d
CrimsonDesert.exe+1B30548: 48 8D 8C 24 98 00 00 00 - lea rcx,[rsp+00000098]
CrimsonDesert.exe+1B30550: 41 8B F8 - mov edi,r8d
CrimsonDesert.exe+1B30553: 0F B7 DA - movzx ebx,dx
CrimsonDesert.exe+1B30556: E8 25 92 7C FE - call CrimsonDesert.exe+2F9780
CrimsonDesert.exe+1B3055B: 48 8B D0 - mov rdx,rax
CrimsonDesert.exe+1B3055E: 48 8B CD - mov rcx,rbp
CrimsonDesert.exe+1B30561: E8 2A 82 7A FE - call CrimsonDesert.exe+2D8790
CrimsonDesert.exe+1B30566: 48 85 C0 - test rax,rax
CrimsonDesert.exe+1B30569: 74 2A - je CrimsonDesert.exe+1B30595
CrimsonDesert.exe+1B3056B: 89 78 08 - mov [rax+08],edi
CrimsonDesert.exe+1B3056E: 39 78 04 - cmp [rax+04],edi
CrimsonDesert.exe+1B30571: 7D 03 - jnl CrimsonDesert.exe+1B30576
CrimsonDesert.exe+1B30573: 89 78 04 - mov [rax+04],edi
CrimsonDesert.exe+1B30576: 48 8B 8C 24 B0 00 00 00 - mov rcx,[rsp+000000B0]
// ---------- INJECTING HERE ----------
CrimsonDesert.exe+1B3057E: 48 89 48 10 - mov [rax+10],rcx
// ---------- DONE INJECTING ----------
CrimsonDesert.exe+1B30582: 89 70 0C - mov [rax+0C],esi
CrimsonDesert.exe+1B30585: 48 8B 9C 24 A0 00 00 00 - mov rbx,[rsp+000000A0]
CrimsonDesert.exe+1B3058D: 48 83 C4 70 - add rsp,70
CrimsonDesert.exe+1B30591: 5F - pop rdi
CrimsonDesert.exe+1B30592: 5E - pop rsi
CrimsonDesert.exe+1B30593: 5D - pop rbp
CrimsonDesert.exe+1B30594: C3 - ret
CrimsonDesert.exe+1B30595: 48 8B 84 24 B0 00 00 00 - mov rax,[rsp+000000B0]
CrimsonDesert.exe+1B3059D: 48 8D 8C 24 90 00 00 00 - lea rcx,[rsp+00000090]
CrimsonDesert.exe+1B305A5: 48 89 44 24 50 - mov [rsp+50],rax
CrimsonDesert.exe+1B305AA: 66 89 5C 24 40 - mov [rsp+40],bx
CrimsonDesert.exe+1B305AF: 89 7C 24 44 - mov [rsp+44],edi
CrimsonDesert.exe+1B305B3: 89 7C 24 48 - mov [rsp+48],edi
CrimsonDesert.exe+1B305B7: 89 74 24 4C - mov [rsp+4C],esi
CrimsonDesert.exe+1B305BB: 66 89 9C 24 90 00 00 00 - mov [rsp+00000090],bx
CrimsonDesert.exe+1B305C3: E8 B8 91 7C FE - call CrimsonDesert.exe+2F9780
}
22
"min. rep. value"
0
C08000
8 Bytes
i_min_rep_value
23
"Get HP address: Step 1 & 2 - AOB mode"
1
24
"+Step 1 Usage: open item menu"
8000FF
1
25
"Enable step 1"
Auto Assembler Script
{
Generated by AOBMaker, bbfox@https://opencheattables.com
Date : 2026/03/20
}
[ENABLE]
aobscanmodule(INJECT_GET_HP_1_3,$process,0F 85 ?? ?? ?? ?? ?? 8B ?? 38 ?? 3B ?? 0F 86)
// raw AOB: CC CC CC CC CC 48 89 5C 24 08 48 89 74 24 10 48 89 7C 24 18 41 56 48 83 EC 20 4D 8B F1 49 8B F0 48 8B FA 48 8B D9 E8 ?? ?? ?? ?? 80 78 11 02 0F 85 ?? ?? ?? ?? 48 8B 43 38 48 3B F0 0F 86 ?? ?? ?? ?? 80 7B 53 00 0F 8F ?? ?? ?? ?? 4C 8B 4B 08 4C 8B 53 28 4D 3B CA 7F ?? 48 3B 73 40 E9 ?? ?? ?? ?? 90 F2 0F 10 0D ?? ?? ?? ?? 0F 57 D2 F2 48 0F 2A 53 10 48 8B 53 40
// injection point AOB: 0F 85 ?? ?? ?? ?? ?? 8B ?? 38 ?? 3B ?? 0F 86 ?? ?? ?? ?? 80 ?? 53 00 0F 8F ?? ?? ?? ?? ?? 8B ?? 08 ?? 8B ?? 28 ?? 3B ?? 7F ?? ?? 3B ?? 40 E9 ?? ?? ?? ?? 90 F2 0F 10 ?? ?? ?? ?? ?? 0F 57 ?? F2 ?? 0F 2A ?? 10 ?? 8B ?? 40
alloc(newmem,$1000,INJECT_GET_HP_1_3)
alloc(INJECT_GET_HP_1_3o, $6)
label(code)
label(return)
label(i_base_hp_addr_1 i_base_hp_addr_1_2)
INJECT_GET_HP_1_3o:
readmem(INJECT_GET_HP_1_3, 6)
newmem:
jne save_address_1
jmp code
save_address_1:
pushfq
cmp qword ptr [i_base_hp_addr_1], rbx
je short endp
cmp qword ptr [i_base_hp_addr_1_2], rbx
je short endp
cmp qword ptr [i_base_hp_addr_1], 0
jne write_2
mov [i_base_hp_addr_1], rbx // rbx+08 = HP
jmp short endp
write_2:
cmp qword ptr [i_base_hp_addr_1_2], 0
jne short endp
mov [i_base_hp_addr_1_2], rbx // rbx+08 = HP
endp:
popfq
code:
// jne CrimsonDesert.exe+12BDB64
reassemble(INJECT_GET_HP_1_3)
jmp return
align 10 cc
i_base_hp_addr_1:
dq 0
i_base_hp_addr_1_2:
dq 0
INJECT_GET_HP_1_3:
jmp newmem
nop 1
return:
registersymbol(INJECT_GET_HP_1_3 INJECT_GET_HP_1_3o)
registersymbol(i_base_hp_addr_1 i_base_hp_addr_1_2)
[DISABLE]
INJECT_GET_HP_1_3:
readmem(INJECT_GET_HP_1_3o, 6)
unregistersymbol(INJECT_GET_HP_1_3 INJECT_GET_HP_1_3o)
unregistersymbol(i_base_hp_addr_1 i_base_hp_addr_1_2)
dealloc(newmem)
dealloc(INJECT_GET_HP_1_3o)
{
// ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+12BDA5A
CrimsonDesert.exe+12BDA2B: CC - int 3
CrimsonDesert.exe+12BDA2C: CC - int 3
CrimsonDesert.exe+12BDA2D: CC - int 3
CrimsonDesert.exe+12BDA2E: CC - int 3
CrimsonDesert.exe+12BDA2F: CC - int 3
CrimsonDesert.exe+12BDA30: 48 89 5C 24 08 - mov [rsp+08],rbx
CrimsonDesert.exe+12BDA35: 48 89 74 24 10 - mov [rsp+10],rsi
CrimsonDesert.exe+12BDA3A: 48 89 7C 24 18 - mov [rsp+18],rdi
CrimsonDesert.exe+12BDA3F: 41 56 - push r14
CrimsonDesert.exe+12BDA41: 48 83 EC 20 - sub rsp,20
CrimsonDesert.exe+12BDA45: 4D 8B F1 - mov r14,r9
CrimsonDesert.exe+12BDA48: 49 8B F0 - mov rsi,r8
CrimsonDesert.exe+12BDA4B: 48 8B FA - mov rdi,rdx
CrimsonDesert.exe+12BDA4E: 48 8B D9 - mov rbx,rcx
CrimsonDesert.exe+12BDA51: E8 6A 35 14 FF - call CrimsonDesert.exe+400FC0
CrimsonDesert.exe+12BDA56: 80 78 11 02 - cmp byte ptr [rax+11],02
// ---------- INJECTING HERE ----------
CrimsonDesert.exe+12BDA5A: 0F 85 04 01 00 00 - jne CrimsonDesert.exe+12BDB64
// ---------- DONE INJECTING ----------
CrimsonDesert.exe+12BDA60: 48 8B 43 38 - mov rax,[rbx+38]
CrimsonDesert.exe+12BDA64: 48 3B F0 - cmp rsi,rax
CrimsonDesert.exe+12BDA67: 0F 86 F7 00 00 00 - jbe CrimsonDesert.exe+12BDB64
CrimsonDesert.exe+12BDA6D: 80 7B 53 00 - cmp byte ptr [rbx+53],00
CrimsonDesert.exe+12BDA71: 0F 8F ED 00 00 00 - jg CrimsonDesert.exe+12BDB64
CrimsonDesert.exe+12BDA77: 4C 8B 4B 08 - mov r9,[rbx+08]
CrimsonDesert.exe+12BDA7B: 4C 8B 53 28 - mov r10,[rbx+28]
CrimsonDesert.exe+12BDA7F: 4D 3B CA - cmp r9,r10
CrimsonDesert.exe+12BDA82: 7F 0A - jg CrimsonDesert.exe+12BDA8E
CrimsonDesert.exe+12BDA84: 48 3B 73 40 - cmp rsi,[rbx+40]
INJECT_GET_HP_1: E9 73 25 D3 FE - jmp 13FFF0000
CrimsonDesert.exe+12BDA8D: 90 - nop
CrimsonDesert.exe+12BDA8E: F2 0F 10 0D A2 B2 B1 03 - movsd xmm1,[CrimsonDesert.exe+4DD8D38]
CrimsonDesert.exe+12BDA96: 0F 57 D2 - xorps xmm2,xmm2
CrimsonDesert.exe+12BDA99: F2 48 0F 2A 53 10 - cvtsi2sd xmm2,[rbx+10]
CrimsonDesert.exe+12BDA9F: 48 8B 53 40 - mov rdx,[rbx+40]
}
26
"HP #1a (char tab)"
0
FF8080
8 Bytes
i_base_hp_addr_1
8
27
"Sta #1a (char tab)"
0
FF8080
8 Bytes
i_base_hp_addr_1
488
28
"HP #1b (horse tab)"
0
FF8080
8 Bytes
i_base_hp_addr_1_2
8
29
"Sta #1b (horse tab)"
0
FF8080
8 Bytes
i_base_hp_addr_1_2
488
30
"+Step 2 Usage: open item menu"
8000FF
1
31
"Enable step 2 (char tab)"
Auto Assembler Script
{
Generated by AOBMaker, bbfox@https://opencheattables.com
Date : 2026/03/20
}
[ENABLE]
aobscanmodule(INJECT_GET_HP_2,$process,?? 8B ?? 08 ?? 0F B7 ?? ?? 8B ?? E8 ?? ?? ?? ?? ?? 85)
// raw AOB: 32 C0 48 8B 9C 24 30 03 00 00 48 81 C4 E0 02 00 00 41 5F 41 5E 41 5D 41 5C 5F 5E 5D C3 0F B6 80 6A 02 00 00 88 44 24 44 0F B7 D3 49 8B CD E8 ?? ?? ?? ?? 48 8B 70 08 41 0F B7 D6 49 8B CD E8 ?? ?? ?? ?? 48 85 F6 7F ?? 48 85 FF 79 ?? B0 01 EB ?? 32 C0 4C 8D 7C 24 4C 48 8D 4C 24 48 84 C0 4C 0F 44 F9 0F B7 D3 49 8B CD E8
// injection point AOB: ?? 8B ?? 08 ?? 0F B7 ?? ?? 8B ?? E8 ?? ?? ?? ?? ?? 85 ?? 7F ?? ?? 85 ?? 79 ?? ?? 01 EB ?? 32 ?? ?? 8D ?? 24 ?? ?? 8D ?? 24 ?? 84 ?? ?? 0F 44 ?? 0F B7 ?? ?? 8B ?? E8
alloc(newmem,$1000,INJECT_GET_HP_2)
alloc(INJECT_GET_HP_2o, $8)
label(code)
label(return)
label(i_base_hp_addr_2)
INJECT_GET_HP_2o:
readmem(INJECT_GET_HP_2, 8)
newmem:
cmp qword ptr [i_base_hp_addr_2], 0
jne code
mov [i_base_hp_addr_2], rax
code:
// mov rsi,[rax+08]
reassemble(INJECT_GET_HP_2)
// movzx edx,r14w
reassemble(INJECT_GET_HP_2+4)
jmp return
align 10 cc
i_base_hp_addr_2:
dq 0
INJECT_GET_HP_2:
jmp newmem
nop 3
return:
registersymbol(INJECT_GET_HP_2 INJECT_GET_HP_2o)
registersymbol(i_base_hp_addr_2)
[DISABLE]
INJECT_GET_HP_2:
readmem(INJECT_GET_HP_2o, 8)
unregistersymbol(INJECT_GET_HP_2 INJECT_GET_HP_2o)
unregistersymbol(i_base_hp_addr_2)
dealloc(newmem)
dealloc(INJECT_GET_HP_2o)
{
// ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+12B6B5E
CrimsonDesert.exe+12B6B2B: 32 C0 - xor al,al
CrimsonDesert.exe+12B6B2D: 48 8B 9C 24 30 03 00 00 - mov rbx,[rsp+00000330]
CrimsonDesert.exe+12B6B35: 48 81 C4 E0 02 00 00 - add rsp,000002E0
CrimsonDesert.exe+12B6B3C: 41 5F - pop r15
CrimsonDesert.exe+12B6B3E: 41 5E - pop r14
CrimsonDesert.exe+12B6B40: 41 5D - pop r13
CrimsonDesert.exe+12B6B42: 41 5C - pop r12
CrimsonDesert.exe+12B6B44: 5F - pop rdi
CrimsonDesert.exe+12B6B45: 5E - pop rsi
CrimsonDesert.exe+12B6B46: 5D - pop rbp
CrimsonDesert.exe+12B6B47: C3 - ret
CrimsonDesert.exe+12B6B48: 0F B6 80 6A 02 00 00 - movzx eax,byte ptr [rax+0000026A]
CrimsonDesert.exe+12B6B4F: 88 44 24 44 - mov [rsp+44],al
CrimsonDesert.exe+12B6B53: 0F B7 D3 - movzx edx,bx
CrimsonDesert.exe+12B6B56: 49 8B CD - mov rcx,r13
CrimsonDesert.exe+12B6B59: E8 92 18 00 00 - call CrimsonDesert.exe+12B83F0
// ---------- INJECTING HERE ----------
CrimsonDesert.exe+12B6B5E: 48 8B 70 08 - mov rsi,[rax+08]
// ---------- DONE INJECTING ----------
CrimsonDesert.exe+12B6B62: 41 0F B7 D6 - movzx edx,r14w
CrimsonDesert.exe+12B6B66: 49 8B CD - mov rcx,r13
CrimsonDesert.exe+12B6B69: E8 82 18 00 00 - call CrimsonDesert.exe+12B83F0
CrimsonDesert.exe+12B6B6E: 48 85 F6 - test rsi,rsi
CrimsonDesert.exe+12B6B71: 7F 09 - jg CrimsonDesert.exe+12B6B7C
CrimsonDesert.exe+12B6B73: 48 85 FF - test rdi,rdi
CrimsonDesert.exe+12B6B76: 79 04 - jns CrimsonDesert.exe+12B6B7C
CrimsonDesert.exe+12B6B78: B0 01 - mov al,01
CrimsonDesert.exe+12B6B7A: EB 02 - jmp CrimsonDesert.exe+12B6B7E
CrimsonDesert.exe+12B6B7C: 32 C0 - xor al,al
CrimsonDesert.exe+12B6B7E: 4C 8D 7C 24 4C - lea r15,[rsp+4C]
CrimsonDesert.exe+12B6B83: 48 8D 4C 24 48 - lea rcx,[rsp+48]
CrimsonDesert.exe+12B6B88: 84 C0 - test al,al
CrimsonDesert.exe+12B6B8A: 4C 0F 44 F9 - cmove r15,rcx
CrimsonDesert.exe+12B6B8E: 0F B7 D3 - movzx edx,bx
CrimsonDesert.exe+12B6B91: 49 8B CD - mov rcx,r13
}
32
"Use item to recover HP even HP is full"
8000FF
1
33
"HP #2a"
0
FF8080
8 Bytes
i_base_hp_addr_2
8
34
"Sta #2a"
0
FF8080
8 Bytes
i_base_hp_addr_2
488
35
"Enable step 2 (horse tab)"
Auto Assembler Script
{
Generated by AOBMaker, bbfox@https://opencheattables.com
Date : 2026/03/21
}
[ENABLE]
aobscanmodule(INJECT_GET_HP_2_2,$process,?? 89 ?? 08 ?? 8B ?? 24 ?? ?? 89 ?? 38 66)
// raw AOB: 4C 8D 4C 24 58 49 89 F0 48 8D 54 24 40 48 89 F9 E8 ?? ?? ?? ?? 48 8B 4F 30 48 39 08 7C ?? C6 47 52 00 31 D2 48 89 D8 48 2B 47 18 48 39 5F 18 48 0F 4F C2 48 89 47 20 48 FF 47 48 48 89 5F 08 48 8B 5C 24 48 48 89 77 38 66 89 6F 50 48 83 C4 20 5F 5E 5D C3 CC 14 EA 4B E3 ?? 8B 04 24 48 83 C4 08 9D E9 ?? ?? ?? ?? 41 54 29 D2
// injection point AOB: ?? 89 ?? 08 ?? 8B ?? 24 ?? ?? 89 ?? 38 66 89 ?? 50 48 83 C4 20 ?? ?? 5D C3 CC 14 EA 4B E3 ?? 8B ?? 24 48 83 C4 08 9D E9 ?? ?? ?? ?? ?? ?? 29
alloc(newmem,$1000,INJECT_GET_HP_2_2)
alloc(INJECT_GET_HP_2_2o, $9)
label(code)
label(return)
label(i_base_hp_addr_2_2)
INJECT_GET_HP_2_2o:
readmem(INJECT_GET_HP_2_2, 9)
newmem:
cmp qword ptr [i_base_hp_addr_2_2], 0
jne short code
mov [i_base_hp_addr_2_2], rdi
code:
// mov [rdi+08],rbx
reassemble(INJECT_GET_HP_2_2)
// mov rbx,[rsp+48]
reassemble(INJECT_GET_HP_2_2+4)
jmp return
align 10 cc
i_base_hp_addr_2_2:
dq 0
INJECT_GET_HP_2_2:
jmp newmem
nop 4
return:
registersymbol(INJECT_GET_HP_2_2 INJECT_GET_HP_2_2o i_base_hp_addr_2_2)
[DISABLE]
INJECT_GET_HP_2_2:
readmem(INJECT_GET_HP_2_2o, 9)
unregistersymbol(INJECT_GET_HP_2_2 INJECT_GET_HP_2_2o i_base_hp_addr_2_2)
dealloc(newmem)
dealloc(INJECT_GET_HP_2_2o)
{
// ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+C791503
CrimsonDesert.exe+C7914C8: 4C 8D 4C 24 58 - lea r9,[rsp+58]
CrimsonDesert.exe+C7914CD: 49 89 F0 - mov r8,rsi
CrimsonDesert.exe+C7914D0: 48 8D 54 24 40 - lea rdx,[rsp+40]
CrimsonDesert.exe+C7914D5: 48 89 F9 - mov rcx,rdi
CrimsonDesert.exe+C7914D8: E8 53 C5 B2 F4 - call CrimsonDesert.exe+12BDA30
CrimsonDesert.exe+C7914DD: 48 8B 4F 30 - mov rcx,[rdi+30]
CrimsonDesert.exe+C7914E1: 48 39 08 - cmp [rax],rcx
CrimsonDesert.exe+C7914E4: 7C 04 - jl CrimsonDesert.exe+C7914EA
CrimsonDesert.exe+C7914E6: C6 47 52 00 - mov byte ptr [rdi+52],00
CrimsonDesert.exe+C7914EA: 31 D2 - xor edx,edx
CrimsonDesert.exe+C7914EC: 48 89 D8 - mov rax,rbx
CrimsonDesert.exe+C7914EF: 48 2B 47 18 - sub rax,[rdi+18]
CrimsonDesert.exe+C7914F3: 48 39 5F 18 - cmp [rdi+18],rbx
CrimsonDesert.exe+C7914F7: 48 0F 4F C2 - cmovg rax,rdx
CrimsonDesert.exe+C7914FB: 48 89 47 20 - mov [rdi+20],rax
CrimsonDesert.exe+C7914FF: 48 FF 47 48 - inc qword ptr [rdi+48]
// ---------- INJECTING HERE ----------
CrimsonDesert.exe+C791503: 48 89 5F 08 - mov [rdi+08],rbx
// ---------- DONE INJECTING ----------
CrimsonDesert.exe+C791507: 48 8B 5C 24 48 - mov rbx,[rsp+48]
CrimsonDesert.exe+C79150C: 48 89 77 38 - mov [rdi+38],rsi
CrimsonDesert.exe+C791510: 66 89 6F 50 - mov [rdi+50],bp
CrimsonDesert.exe+C791514: 48 83 C4 20 - add rsp,20
CrimsonDesert.exe+C791518: 5F - pop rdi
CrimsonDesert.exe+C791519: 5E - pop rsi
CrimsonDesert.exe+C79151A: 5D - pop rbp
CrimsonDesert.exe+C79151B: C3 - ret
CrimsonDesert.exe+C79151C: CC - int 3
CrimsonDesert.exe+C79151D: 14 EA - adc al,-16
CrimsonDesert.exe+C79151F: 4B E3 48 - jecxz CrimsonDesert.exe+C79156A
CrimsonDesert.exe+C791522: 8B 04 24 - mov eax,[rsp]
CrimsonDesert.exe+C791525: 48 83 C4 08 - add rsp,08
CrimsonDesert.exe+C791529: 9D - popfq
CrimsonDesert.exe+C79152A: E9 6C 5C 20 FC - jmp CrimsonDesert.exe+899719B
CrimsonDesert.exe+C79152F: 41 54 - push r12
}
36
"**Bypass this if you think it's too complex**"
D500D5
1
37
"Unequip -> equip saddle (trigger horse HP change)"
8000FF
1
38
"HP #2b"
0
FF8080
8 Bytes
i_base_hp_addr_2_2
8
39
"Sta #2b"
0
FF8080
8 Bytes
i_base_hp_addr_2_2
488
40
"Get HP - Pointer map mode"
1
41
"Get HP #1 - Pointer map"
Auto Assembler Script
[ENABLE]
{$lua}
if syntaxcheck then return end
if not AOBScanModule then
function AOBScanModule(moduleName, signature)
local baseAddr = nil
local maxAddr = 0
local modList
synchronize(function()
modList = enumModules()
end)
for _, mod in ipairs(modList) do
if string.lower(mod.Name) == string.lower(moduleName) then
baseAddr = mod.Address
maxAddr = baseAddr + mod.Size
break
end
end
if not baseAddr then return nil end
local ms = createMemScan()
synchronize(function()
ms.firstScan(soExactValue, vtByteArray, nil, signature,
nil, baseAddr, maxAddr, '+X-C-W', fsmNotAligned, '1', true, true, false, false)
end)
ms.waitTillDone()
local results = createFoundList(ms)
results.initialize()
local addr
synchronize(function()
if results.getCount() > 0 then
addr = results[0]
end
end)
results.destroy()
ms.destroy()
return addr
end
end
local AOBs = {
{name='Player_Base', aob='?? 89 ?? ?? ?? ?? ?? ?? 8D ?? 00 01 00 00 ?? 89 ?? ?? ?? ?? ?? ?? 8D ?? A0 01 00 00', pos=3, aoblen=7, symbol='Player_Base_addr'},
}
local module_name = process
for _, entry in ipairs(AOBs) do
local aob_addr_str = AOBScanModule(module_name, entry.aob)
if aob_addr_str then
local aob_addr_val = tonumber(aob_addr_str, 16)
local offset_addr = aob_addr_val + entry.pos
local relative_offset = readInteger(offset_addr, true)
local final_addr = relative_offset + aob_addr_val + entry.aoblen
synchronize(function()
unregisterSymbol(entry.symbol)
registerSymbol(entry.symbol, final_addr)
end)
print(string.format('[SymbolScanner] %s registered at: %X', entry.name, final_addr))
synchronize(function()
getLuaEngine().Close()
end)
else
print(string.format('[SymbolScanner] WARNING: AOB scan failed for %s', entry.name))
end
end
{$asm}
[DISABLE]
{$lua}
if syntaxcheck then return end
unregisterSymbol('Player_Base_addr')
{$asm}
42
"Char #1 - Kliff"
1
43
"HP #1.1 (ptr map)"
0
FF8080
8 Bytes
Player_Base_addr
8
58
18
20
68
D0
28
44
"Sta #1.1 (ptr map)"
0
FF8080
8 Bytes
Player_Base_addr
488
58
18
20
68
D0
28
45
"Spi #1.1 (ptr map)"
0
FF8080
8 Bytes
Player_Base_addr
518
58
18
20
68
D0
28
46
"Char #2 - Damine"
1
47
"HP #1.2 (ptr map)"
0
FF8080
8 Bytes
Player_Base_addr
8
58
18
20
68
D8
28
48
"Sta #1.2 (ptr map)"
0
FF8080
8 Bytes
Player_Base_addr
488
58
18
20
68
D8
28
49
"Spi #1.2 (ptr map)"
0
FF8080
8 Bytes
Player_Base_addr
518
58
18
20
68
D8
28
50
"Char #3 - Oongka?"
1
51
"HP #1.3 (ptr map)"
0
FF8080
8 Bytes
Player_Base_addr
8
58
18
20
68
E0
28
52
"Sta #1.3 (ptr map)"
0
FF8080
8 Bytes
Player_Base_addr
488
58
18
20
68
E0
28
53
"Spi #1.3 (ptr map)"
0
FF8080
8 Bytes
Player_Base_addr
518
58
18
20
68
E0
28
54
"Bag"
1
55
"Used slots (read only)"
0
FF8080
2 Bytes
Player_Base_addr
12
8
18
B8
68
20
56
"Bag slots (read only)"
0
FF8080
2 Bytes
Player_Base_addr
14
8
18
B8
68
20
57
"Bonus Slots (max 190)"
0
FF8080
2 Bytes
Player_Base_addr
16
8
18
B8
68
20
58
"Used slots (read only) path #2"
0
FF8080
2 Bytes
Player_Base_addr
12
8
18
B8
68
D0
28
59
"Bag slots (read only) Path #2"
0
FF8080
2 Bytes
Player_Base_addr
14
8
18
B8
68
D0
28
60
"Bonus Slots (max 190) Path #2"
0
FF8080
2 Bytes
Player_Base_addr
16
8
18
B8
68
D0
28
61
"Get HP #2 - Pointer map"
Auto Assembler Script
[ENABLE]
{$lua}
if syntaxcheck then return end
if not AOBScanModule then
function AOBScanModule(moduleName, signature)
local baseAddr = nil
local maxAddr = 0
local modList
synchronize(function()
modList = enumModules()
end)
for _, mod in ipairs(modList) do
if string.lower(mod.Name) == string.lower(moduleName) then
baseAddr = mod.Address
maxAddr = baseAddr + mod.Size
break
end
end
if not baseAddr then return nil end
local ms = createMemScan()
synchronize(function()
ms.firstScan(soExactValue, vtByteArray, nil, signature,
nil, baseAddr, maxAddr, '+X-C-W', fsmNotAligned, '1', true, true, false, false)
end)
ms.waitTillDone()
local results = createFoundList(ms)
results.initialize()
local addr
synchronize(function()
if results.getCount() > 0 then
addr = results[0]
end
end)
results.destroy()
ms.destroy()
return addr
end
end
local AOBs = {
{name='Play_Base2', aob='?? 8B ?? ?? ?? ?? ?? ?? 89 ?? 24 ?? ?? 0F B6 ?? ?? E8 ?? ?? ?? ?? ?? 8B ?? F8 00 00 00 ?? 8B ?? 00 01 00 00', pos=3, aoblen=7, symbol='Play_Base2_addr'},
}
local module_name = process
for _, entry in ipairs(AOBs) do
local aob_addr_str = AOBScanModule(module_name, entry.aob)
if aob_addr_str then
local aob_addr_val = tonumber(aob_addr_str, 16)
local offset_addr = aob_addr_val + entry.pos
local relative_offset = readInteger(offset_addr, true)
local final_addr = relative_offset + aob_addr_val + entry.aoblen
synchronize(function()
unregisterSymbol(entry.symbol)
registerSymbol(entry.symbol, final_addr)
end)
print(string.format('[SymbolScanner] %s registered at: %X', entry.name, final_addr))
synchronize(function()
getLuaEngine().Close()
end)
else
print(string.format('[SymbolScanner] WARNING: AOB scan failed for %s', entry.name))
end
end
{$asm}
[DISABLE]
{$lua}
if syntaxcheck then return end
unregisterSymbol('Play_Base2_addr')
{$asm}
62
"Char #1 - Kliff"
1
63
"Auto fill HP (only when HP1/2 pointer map enabled)"
Auto Assembler Script
[ENABLE]
{$lua}
if syntaxcheck then return end
if hpRefillTimer1 then
hpRefillTimer1.destroy()
hpRefillTimer1 = nil
end
-- 快取上次註冊的地址
lastRegistered1_1 = nil
lastRegistered1_2 = nil
hpRefillTimer1 = createTimer(nil, false)
hpRefillTimer1.Interval = 300
hpRefillTimer1.OnTimer = function(t)
local al = getAddressList()
local mr1 = al.getMemoryRecordByDescription('HP #1.1 (ptr map)')
local mr2 = al.getMemoryRecordByDescription('HP #2.1 (ptr map)')
if mr1 == nil or mr2 == nil then return end
local addr1 = mr1.CurrentAddress
local addr2 = mr2.CurrentAddress
if addr1 == nil or addr2 == nil then return end
local resolved1 = getAddress(addr1)
local resolved2 = getAddress(addr2)
if resolved1 == 0 or resolved2 == 0 then return end
local maxHP = readQword(resolved1 + 0x10)
if maxHP == nil or maxHP == 0 then return end
writeQword(resolved1, maxHP)
writeQword(resolved2, maxHP)
-- 地址有變動時才重新註冊
if resolved1 ~= lastRegistered1_1 then
registerSymbol('char_hp_ptr_1_1', resolved1, true)
lastRegistered1_1 = resolved1
end
if resolved2 ~= lastRegistered1_2 then
registerSymbol('char_hp_ptr_1_2', resolved2, true)
lastRegistered1_2 = resolved2
end
end
hpRefillTimer1.Enabled = true
{$asm}
[DISABLE]
{$lua}
if syntaxcheck then return end
if hpRefillTimer1 then
hpRefillTimer1.Enabled = false
hpRefillTimer1.destroy()
hpRefillTimer1 = nil
end
lastRegistered1_1 = nil
lastRegistered1_2 = nil
unregisterSymbol('char_hp_ptr_1_1')
unregisterSymbol('char_hp_ptr_1_2')
{$asm}
64
"HP1"
0
FF8080
8 Bytes
char_hp_ptr_1_1
65
"HP2"
0
FF8080
8 Bytes
char_hp_ptr_1_2
66
"Auto fill Sta (only when Sta1/2 pointer map enabled)"
Auto Assembler Script
[ENABLE]
{$lua}
if syntaxcheck then return end
if staRefillTimer1 then
staRefillTimer1.destroy()
staRefillTimer1 = nil
end
lastStaRegistered1_1 = nil
lastStaRegistered1_2 = nil
staRefillTimer1 = createTimer(nil, false)
staRefillTimer1.Interval = 300
staRefillTimer1.OnTimer = function(t)
local al = getAddressList()
local mr1 = al.getMemoryRecordByDescription('Sta #1.1 (ptr map)')
local mr2 = al.getMemoryRecordByDescription('Sta #2.1 (ptr map)')
if mr1 == nil or mr2 == nil then return end
local addr1 = mr1.CurrentAddress
local addr2 = mr2.CurrentAddress
if addr1 == nil or addr2 == nil then return end
local resolved1 = getAddress(addr1)
local resolved2 = getAddress(addr2)
if resolved1 == 0 or resolved2 == 0 then return end
local maxSta = readQword(resolved1 + 0x10)
if maxSta == nil or maxSta == 0 then return end
writeQword(resolved1, maxSta)
writeQword(resolved2, maxSta)
local resolved1_Delta1 = getAddress(addr1 + 0x8)
local resolved2_Delta1 = getAddress(addr2 + 0x8)
local resolved1_Delta2 = getAddress(addr1 + 0x80)
local resolved2_Delta2 = getAddress(addr2 + 0x80)
writeQword(resolved1_Delta1, 100000)
writeQword(resolved2_Delta1, 100000)
writeQword(resolved1_Delta2, 100000)
writeQword(resolved2_Delta2, 100000)
if resolved1 ~= lastStaRegistered1_1 then
registerSymbol('char_sta_ptr_1_1', resolved1, true)
lastStaRegistered1_1 = resolved1
end
if resolved2 ~= lastStaRegistered1_2 then
registerSymbol('char_sta_ptr_1_2', resolved2, true)
lastStaRegistered1_2 = resolved2
end
end
staRefillTimer1.Enabled = true
{$asm}
[DISABLE]
{$lua}
if syntaxcheck then return end
if staRefillTimer1 then
staRefillTimer1.Enabled = false
staRefillTimer1.destroy()
staRefillTimer1 = nil
end
lastStaRegistered1_1 = nil
lastStaRegistered1_2 = nil
unregisterSymbol('char_sta_ptr_1_1')
unregisterSymbol('char_sta_ptr_1_2')
{$asm}
67
"Sta1"
0
FF8080
8 Bytes
char_sta_ptr_1_1
68
"Sta2"
0
FF8080
8 Bytes
char_sta_ptr_1_2
69
"HP #2.1 (ptr map)"
0
FF8080
8 Bytes
Play_Base2_addr
8
58
18
20
68
D0
A0
18
70
"Sta #2.1 (ptr map)"
0
FF8080
8 Bytes
Play_Base2_addr
488
58
18
20
68
D0
A0
18
71
"Spi #2.1 (ptr map)"
0
FF8080
8 Bytes
Play_Base2_addr
518
58
18
20
68
D0
A0
18
72
"Char #2 - Damine"
1
73
"Auto fill HP (only when HP1/2 pointer map enabled)"
Auto Assembler Script
[ENABLE]
{$lua}
if syntaxcheck then return end
if hpRefillTimer2 then
hpRefillTimer2.destroy()
hpRefillTimer2 = nil
end
-- 快取上次註冊的地址
lastRegistered2_1 = nil
lastRegistered2_2 = nil
hpRefillTimer2 = createTimer(nil, false)
hpRefillTimer2.Interval = 300
hpRefillTimer2.OnTimer = function(t)
local al = getAddressList()
local mr1 = al.getMemoryRecordByDescription('HP #1.2 (ptr map)')
local mr2 = al.getMemoryRecordByDescription('HP #2.2 (ptr map)')
if mr1 == nil or mr2 == nil then return end
local addr1 = mr1.CurrentAddress
local addr2 = mr2.CurrentAddress
if addr1 == nil or addr2 == nil then return end
local resolved1 = getAddress(addr1)
local resolved2 = getAddress(addr2)
if resolved1 == 0 or resolved2 == 0 then return end
local maxHP = readQword(resolved1 + 0x10)
if maxHP == nil or maxHP == 0 then return end
writeQword(resolved1, maxHP)
writeQword(resolved2, maxHP)
-- 地址有變動時才重新註冊
if resolved1 ~= lastRegistered2_1 then
registerSymbol('char_hp_ptr_2_1', resolved1, true)
lastRegistered2_1 = resolved1
end
if resolved2 ~= lastRegistered2_2 then
registerSymbol('char_hp_ptr_2_2', resolved2, true)
lastRegistered2_2 = resolved2
end
end
hpRefillTimer2.Enabled = true
{$asm}
[DISABLE]
{$lua}
if syntaxcheck then return end
if hpRefillTimer2 then
hpRefillTimer2.Enabled = false
hpRefillTimer2.destroy()
hpRefillTimer2 = nil
end
lastRegistered2_1 = nil
lastRegistered2_2 = nil
unregisterSymbol('char_hp_ptr_2_1')
unregisterSymbol('char_hp_ptr_2_2')
{$asm}
74
"HP1"
0
FF8080
8 Bytes
char_hp_ptr_2_1
75
"HP2"
0
FF8080
8 Bytes
char_hp_ptr_2_2
76
"Auto fill Sta (only when Sta1/2 pointer map enabled)"
Auto Assembler Script
[ENABLE]
{$lua}
if syntaxcheck then return end
if staRefillTimer2 then
staRefillTimer2.destroy()
staRefillTimer2 = nil
end
lastStaRegistered2_1 = nil
lastStaRegistered2_2 = nil
staRefillTimer2 = createTimer(nil, false)
staRefillTimer2.Interval = 300
staRefillTimer2.OnTimer = function(t)
local al = getAddressList()
local mr1 = al.getMemoryRecordByDescription('Sta #1.2 (ptr map)')
local mr2 = al.getMemoryRecordByDescription('Sta #2.2 (ptr map)')
if mr1 == nil or mr2 == nil then return end
local addr1 = mr1.CurrentAddress
local addr2 = mr2.CurrentAddress
if addr1 == nil or addr2 == nil then return end
local resolved1 = getAddress(addr1)
local resolved2 = getAddress(addr2)
if resolved1 == 0 or resolved2 == 0 then return end
local maxSta = readQword(resolved1 + 0x10)
if maxSta == nil or maxSta == 0 then return end
writeQword(resolved1, maxSta)
writeQword(resolved2, maxSta)
local resolved1_Delta1 = getAddress(addr1 + 0x8)
local resolved2_Delta1 = getAddress(addr2 + 0x8)
local resolved1_Delta2 = getAddress(addr1 + 0x80)
local resolved2_Delta2 = getAddress(addr2 + 0x80)
writeQword(resolved1_Delta1, 100000)
writeQword(resolved2_Delta1, 100000)
writeQword(resolved1_Delta2, 100000)
writeQword(resolved2_Delta2, 100000)
if resolved1 ~= lastStaRegistered2_1 then
registerSymbol('char_sta_ptr_2_1', resolved1, true)
lastStaRegistered2_1 = resolved1
end
if resolved2 ~= lastStaRegistered2_2 then
registerSymbol('char_sta_ptr_2_2', resolved2, true)
lastStaRegistered2_2 = resolved2
end
end
staRefillTimer2.Enabled = true
{$asm}
[DISABLE]
{$lua}
if syntaxcheck then return end
if staRefillTimer2 then
staRefillTimer2.Enabled = false
staRefillTimer2.destroy()
staRefillTimer2 = nil
end
lastStaRegistered2_1 = nil
lastStaRegistered2_2 = nil
unregisterSymbol('char_sta_ptr_2_1')
unregisterSymbol('char_sta_ptr_2_2')
{$asm}
77
"Sta1"
0
FF8080
8 Bytes
char_sta_ptr_2_1
78
"Sta2"
0
FF8080
8 Bytes
char_sta_ptr_2_2
79
"HP #2.2 (ptr map)"
0
FF8080
8 Bytes
Play_Base2_addr
8
58
18
20
68
D8
A0
18
80
"Sta #2.2 (ptr map)"
0
FF8080
8 Bytes
Play_Base2_addr
488
58
18
20
68
D8
A0
18
81
"Spi #2.2 (ptr map)"
0
FF8080
8 Bytes
Play_Base2_addr
518
58
18
20
68
D8
A0
18
82
"Char #3 - Oongka?"
1
83
"Auto fill HP (only when HP1/2 pointer map enabled)"
Auto Assembler Script
[ENABLE]
{$lua}
if syntaxcheck then return end
if hpRefillTimer3 then
hpRefillTimer3.destroy()
hpRefillTimer3 = nil
end
-- 快取上次註冊的地址
lastRegistered3_1 = nil
lastRegistered3_2 = nil
hpRefillTimer3 = createTimer(nil, false)
hpRefillTimer3.Interval = 300
hpRefillTimer3.OnTimer = function(t)
local al = getAddressList()
local mr1 = al.getMemoryRecordByDescription('HP #1.3 (ptr map)')
local mr2 = al.getMemoryRecordByDescription('HP #2.3 (ptr map)')
if mr1 == nil or mr2 == nil then return end
local addr1 = mr1.CurrentAddress
local addr2 = mr2.CurrentAddress
if addr1 == nil or addr2 == nil then return end
local resolved1 = getAddress(addr1)
local resolved2 = getAddress(addr2)
if resolved1 == 0 or resolved2 == 0 then return end
local maxHP = readQword(resolved1 + 0x10)
if maxHP == nil or maxHP == 0 then return end
writeQword(resolved1, maxHP)
writeQword(resolved2, maxHP)
-- 地址有變動時才重新註冊
if resolved1 ~= lastRegistered3_1 then
registerSymbol('char_hp_ptr_3_1', resolved1, true)
lastRegistered3_1 = resolved1
end
if resolved2 ~= lastRegistered3_2 then
registerSymbol('char_hp_ptr_3_2', resolved2, true)
lastRegistered3_2 = resolved2
end
end
hpRefillTimer3.Enabled = true
{$asm}
[DISABLE]
{$lua}
if syntaxcheck then return end
if hpRefillTimer3 then
hpRefillTimer3.Enabled = false
hpRefillTimer3.destroy()
hpRefillTimer3 = nil
end
lastRegistered3_1 = nil
lastRegistered3_2 = nil
unregisterSymbol('char_hp_ptr_3_1')
unregisterSymbol('char_hp_ptr_3_2')
{$asm}
84
"HP1"
0
FF8080
8 Bytes
char_hp_ptr_3_1
85
"HP2"
0
FF8080
8 Bytes
char_hp_ptr_3_2
86
"Auto fill Sta (only when Sta1/2 pointer map enabled)"
Auto Assembler Script
[ENABLE]
{$lua}
if syntaxcheck then return end
if staRefillTimer3 then
staRefillTimer3.destroy()
staRefillTimer3 = nil
end
lastStaRegistered3_1 = nil
lastStaRegistered3_2 = nil
staRefillTimer3 = createTimer(nil, false)
staRefillTimer3.Interval = 300
staRefillTimer3.OnTimer = function(t)
local al = getAddressList()
local mr1 = al.getMemoryRecordByDescription('Sta #1.3 (ptr map)')
local mr2 = al.getMemoryRecordByDescription('Sta #2.3 (ptr map)')
if mr1 == nil or mr2 == nil then return end
local addr1 = mr1.CurrentAddress
local addr2 = mr2.CurrentAddress
if addr1 == nil or addr2 == nil then return end
local resolved1 = getAddress(addr1)
local resolved2 = getAddress(addr2)
if resolved1 == 0 or resolved2 == 0 then return end
local maxSta = readQword(resolved1 + 0x10)
if maxSta == nil or maxSta == 0 then return end
writeQword(resolved1, maxSta)
writeQword(resolved2, maxSta)
local resolved1_Delta1 = getAddress(addr1 + 0x8)
local resolved2_Delta1 = getAddress(addr2 + 0x8)
local resolved1_Delta2 = getAddress(addr1 + 0x80)
local resolved2_Delta2 = getAddress(addr2 + 0x80)
writeQword(resolved1_Delta1, 100000)
writeQword(resolved2_Delta1, 100000)
writeQword(resolved1_Delta2, 100000)
writeQword(resolved2_Delta2, 100000)
if resolved1 ~= lastStaRegistered3_1 then
registerSymbol('char_sta_ptr_3_1', resolved1, true)
lastStaRegistered3_1 = resolved1
end
if resolved2 ~= lastStaRegistered3_2 then
registerSymbol('char_sta_ptr_3_2', resolved2, true)
lastStaRegistered3_2 = resolved2
end
end
staRefillTimer3.Enabled = true
{$asm}
[DISABLE]
{$lua}
if syntaxcheck then return end
if staRefillTimer3 then
staRefillTimer3.Enabled = false
staRefillTimer3.destroy()
staRefillTimer3 = nil
end
lastStaRegistered3_1 = nil
lastStaRegistered3_2 = nil
unregisterSymbol('char_sta_ptr_3_1')
unregisterSymbol('char_sta_ptr_3_2')
{$asm}
87
"Sta1"
0
FF8080
8 Bytes
char_sta_ptr_3_1
88
"Sta2"
0
FF8080
8 Bytes
char_sta_ptr_3_2
89
"HP #2.3 (ptr map)"
0
FF8080
8 Bytes
Play_Base2_addr
8
58
18
20
68
E0
A0
18
90
"Sta #2.3 (ptr map)"
0
FF8080
8 Bytes
Play_Base2_addr
488
58
18
20
68
E0
A0
18
91
"Spi #2.3 (ptr map)"
0
FF8080
8 Bytes
Play_Base2_addr
518
58
18
20
68
E0
A0
18
92
"Horse (may not work)"
1
93
"Horse HP #2.1"
0
FF8080
4 Bytes
Play_Base2_addr
8
58
18
420
68
D0
A0
18
94
"Horse Sta #2.1"
0
FF8080
4 Bytes
Play_Base2_addr
488
58
18
420
68
D0
A0
18
95
"Horse HP #2.1 (alt)"
0
FF8080
4 Bytes
Play_Base2_addr
8
58
18
620
68
28
F8
96
"Horse Sta #2.1 (alt)"
0
FF8080
4 Bytes
Play_Base2_addr
488
58
18
620
68
28
F8
97
"Get Horse HP - another ptr map mode"
Auto Assembler Script
[ENABLE]
{$lua}
if syntaxcheck then return end
if not AOBScanModule then
function AOBScanModule(moduleName, signature)
local baseAddr = nil
local maxAddr = 0
local modList
synchronize(function()
modList = enumModules()
end)
for _, mod in ipairs(modList) do
if string.lower(mod.Name) == string.lower(moduleName) then
baseAddr = mod.Address
maxAddr = baseAddr + mod.Size
break
end
end
if not baseAddr then return nil end
local ms = createMemScan()
synchronize(function()
ms.firstScan(soExactValue, vtByteArray, nil, signature,
nil, baseAddr, maxAddr, '+X-C-W', fsmNotAligned, '1', true, true, false, false)
end)
ms.waitTillDone()
local results = createFoundList(ms)
results.initialize()
local addr
synchronize(function()
if results.getCount() > 0 then
addr = results[0]
end
end)
results.destroy()
ms.destroy()
return addr
end
end
local AOBs = {
{name='Horse_Base3', aob='?? 8B ?? ?? ?? ?? ?? ?? 8D ?? C8 ?? 8B ?? 08 ?? 85 ?? 74 ?? 0F B6 ?? 10 84 ?? 74 ?? 8B', pos=3, aoblen=7, symbol='Horse_Base3_addr'},
}
local module_name = process
for _, entry in ipairs(AOBs) do
local aob_addr_str = AOBScanModule(module_name, entry.aob)
if aob_addr_str then
local aob_addr_val = tonumber(aob_addr_str, 16)
local offset_addr = aob_addr_val + entry.pos
local relative_offset = readInteger(offset_addr, true)
local final_addr = relative_offset + aob_addr_val + entry.aoblen
synchronize(function()
unregisterSymbol(entry.symbol)
registerSymbol(entry.symbol, final_addr)
end)
print(string.format('[SymbolScanner] %s registered at: %X', entry.name, final_addr))
synchronize(function()
getLuaEngine().Close()
end)
else
print(string.format('[SymbolScanner] WARNING: AOB scan failed for %s', entry.name))
end
end
{$asm}
[DISABLE]
{$lua}
if syntaxcheck then return end
unregisterSymbol('Horse_Base3_addr')
{$asm}
98
"Horse HP #2.2 (alt)"
0
FF8080
4 Bytes
Horse_Base3_addr
8
58
18
220
168
8
60
99
"Horse Sta #2.2 (alt)"
0
FF8080
4 Bytes
Horse_Base3_addr
488
58
18
220
168
8
60
100
"Horse HP #2.2 (alt-fixed)"
FF8080
4 Bytes
"CrimsonDesert.exe"+0599D290
8
58
18
20
68
E28
10
10
101
"Horse Sta #2.2 (alt-fixed)"
0
FF8080
4 Bytes
"CrimsonDesert.exe"+0599D290
488
58
18
20
68
E28
10
10
102
"Bag"
1
103
"Used slots (read only)"
0
FF8080
2 Bytes
Play_Base2_addr
12
8
18
B8
68
D0
A0
18
104
"Bag slots (read only)"
0
FF8080
2 Bytes
Play_Base2_addr
14
8
18
B8
68
D0
A0
18
105
"Bag bonus"
0
FF8080
2 Bytes
Play_Base2_addr
16
8
18
B8
68
D0
A0
18
106
"Get Archery Competition data"
Auto Assembler Script
{
Generated by AOBMaker, bbfox@https://opencheattables.com
Date : 2026/03/24
}
[ENABLE]
aobscanmodule(INJECT_GET_ARCHERY_COMP_DATA,$process,8B ?? 14 8B ?? 10 ?? 8B ?? 24 ?? ?? 8B)
// raw AOB: E8 ?? ?? ?? ?? 90 48 8B 43 68 48 8B 48 20 48 8B 81 88 03 00 00 8B 89 90 03 00 00 48 8D 14 89 48 8D 0C D0 48 3B C1 74 ?? 80 38 00 75 ?? 83 78 20 00 75 ?? 48 83 C0 28 EB ?? 8B 70 14 8B 68 10 48 8B 4C 24 70 48 8B 01 B2 01 FF 50 20 48 8B 8F E0 00 00 00 48 8B 01 8B DD 0F AF EE 8B D5 4C 89 74 24 20 41 B9 01 00 00 00 44 8B C3 FF 90 D0 04 00 00 8B D6 44 8B C3 48 8B 8F E0 00 00 00
// injection point AOB: 8B ?? 14 8B ?? 10 ?? 8B ?? 24 ?? ?? 8B ?? ?? 01 FF ?? 20 ?? 8B ?? E0 00 00 00 ?? 8B ?? 8B ?? 0F AF ?? 8B ?? ?? 89 ?? 24 ?? ?? ?? 01 00 00 00 ?? 8B ?? FF ?? D0 04 00 00 8B ?? ?? 8B ?? ?? 8B ?? E0 00 00 00
alloc(newmem,$1000,INJECT_GET_ARCHERY_COMP_DATA)
alloc(ptrList_arr_INJECT_GET_ARCHERY_COMP_DATA_150346,$10)
alloc(INJECT_GET_ARCHERY_COMP_DATAo, $6)
label(code)
label(return)
label(ptrList_count_INJECT_GET_ARCHERY_COMP_DATA_150346)
label(ptrList_reset_INJECT_GET_ARCHERY_COMP_DATA_150346)
INJECT_GET_ARCHERY_COMP_DATAo:
readmem(INJECT_GET_ARCHERY_COMP_DATA, 6)
newmem:
// **** Begin Auto script: AddressCapture
// mode=List, capacity=2, ResetFlag
pushfq
push r15
push r14
// Address Capture List
mov r15, ptrList_arr_INJECT_GET_ARCHERY_COMP_DATA_150346
cmp dword ptr [ptrList_reset_INJECT_GET_ARCHERY_COMP_DATA_150346], 1
jne skip_reset_150346
xor r14d, r14d
clear_loop_150346:
mov qword ptr [r15+r14*8], 0
inc r14d
cmp r14d, #2
jb clear_loop_150346
mov dword ptr [ptrList_count_INJECT_GET_ARCHERY_COMP_DATA_150346], 0
mov dword ptr [ptrList_reset_INJECT_GET_ARCHERY_COMP_DATA_150346], 0
skip_reset_150346:
xor r14d, r14d
dedup_loop_150346:
cmp r14d, [ptrList_count_INJECT_GET_ARCHERY_COMP_DATA_150346]
jge store_new_150346
cmp [r15+r14*8], rax
je skip_store_150346
inc r14d
jmp dedup_loop_150346
store_new_150346:
cmp r14d, #2
jge skip_store_150346
mov [r15+r14*8], rax
inc dword ptr [ptrList_count_INJECT_GET_ARCHERY_COMP_DATA_150346]
skip_store_150346:
pop r14
pop r15
popfq
// **** End Auto script: AddressCapture
code:
// mov esi,[rax+14]
reassemble(INJECT_GET_ARCHERY_COMP_DATA)
// mov ebp,[rax+10]
reassemble(INJECT_GET_ARCHERY_COMP_DATA+3)
jmp return
align 10 cc
ptrList_count_INJECT_GET_ARCHERY_COMP_DATA_150346:
dd 0
ptrList_reset_INJECT_GET_ARCHERY_COMP_DATA_150346:
dd 0
INJECT_GET_ARCHERY_COMP_DATA:
jmp newmem
nop 1
return:
registersymbol(INJECT_GET_ARCHERY_COMP_DATA INJECT_GET_ARCHERY_COMP_DATAo ptrList_arr_INJECT_GET_ARCHERY_COMP_DATA_150346 ptrList_count_INJECT_GET_ARCHERY_COMP_DATA_150346)
registersymbol(ptrList_reset_INJECT_GET_ARCHERY_COMP_DATA_150346)
[DISABLE]
INJECT_GET_ARCHERY_COMP_DATA:
readmem(INJECT_GET_ARCHERY_COMP_DATAo, 6)
unregistersymbol(INJECT_GET_ARCHERY_COMP_DATA INJECT_GET_ARCHERY_COMP_DATAo ptrList_arr_INJECT_GET_ARCHERY_COMP_DATA_150346 ptrList_count_INJECT_GET_ARCHERY_COMP_DATA_150346)
unregistersymbol(ptrList_reset_INJECT_GET_ARCHERY_COMP_DATA_150346)
dealloc(newmem)
dealloc(INJECT_GET_ARCHERY_COMP_DATAo)
dealloc(ptrList_arr_INJECT_GET_ARCHERY_COMP_DATA_150346)
{
// ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+C44321
CrimsonDesert.exe+C442E8: E8 83 88 69 FF - call CrimsonDesert.AK::WriteBytesMem::Size+1270
CrimsonDesert.exe+C442ED: 90 - nop
CrimsonDesert.exe+C442EE: 48 8B 43 68 - mov rax,[rbx+68]
CrimsonDesert.exe+C442F2: 48 8B 48 20 - mov rcx,[rax+20]
CrimsonDesert.exe+C442F6: 48 8B 81 88 03 00 00 - mov rax,[rcx+00000388]
CrimsonDesert.exe+C442FD: 8B 89 90 03 00 00 - mov ecx,[rcx+00000390]
CrimsonDesert.exe+C44303: 48 8D 14 89 - lea rdx,[rcx+rcx*4]
CrimsonDesert.exe+C44307: 48 8D 0C D0 - lea rcx,[rax+rdx*8]
CrimsonDesert.exe+C4430B: 48 3B C1 - cmp rax,rcx
CrimsonDesert.exe+C4430E: 74 17 - je CrimsonDesert.exe+C44327
CrimsonDesert.exe+C44310: 80 38 00 - cmp byte ptr [rax],00
CrimsonDesert.exe+C44313: 75 06 - jne CrimsonDesert.exe+C4431B
CrimsonDesert.exe+C44315: 83 78 20 00 - cmp dword ptr [rax+20],00
CrimsonDesert.exe+C44319: 75 06 - jne CrimsonDesert.exe+C44321
CrimsonDesert.exe+C4431B: 48 83 C0 28 - add rax,28
CrimsonDesert.exe+C4431F: EB EA - jmp CrimsonDesert.exe+C4430B
// ---------- INJECTING HERE ----------
CrimsonDesert.exe+C44321: 8B 70 14 - mov esi,[rax+14]
// ---------- DONE INJECTING ----------
CrimsonDesert.exe+C44324: 8B 68 10 - mov ebp,[rax+10]
CrimsonDesert.exe+C44327: 48 8B 4C 24 70 - mov rcx,[rsp+70]
CrimsonDesert.exe+C4432C: 48 8B 01 - mov rax,[rcx]
CrimsonDesert.exe+C4432F: B2 01 - mov dl,01
CrimsonDesert.exe+C44331: FF 50 20 - call qword ptr [rax+20]
CrimsonDesert.exe+C44334: 48 8B 8F E0 00 00 00 - mov rcx,[rdi+000000E0]
CrimsonDesert.exe+C4433B: 48 8B 01 - mov rax,[rcx]
CrimsonDesert.exe+C4433E: 8B DD - mov ebx,ebp
CrimsonDesert.exe+C44340: 0F AF EE - imul ebp,esi
CrimsonDesert.exe+C44343: 8B D5 - mov edx,ebp
CrimsonDesert.exe+C44345: 4C 89 74 24 20 - mov [rsp+20],r14
CrimsonDesert.exe+C4434A: 41 B9 01 00 00 00 - mov r9d,00000001
CrimsonDesert.exe+C44350: 44 8B C3 - mov r8d,ebx
CrimsonDesert.exe+C44353: FF 90 D0 04 00 00 - call qword ptr [rax+000004D0]
CrimsonDesert.exe+C44359: 8B D6 - mov edx,esi
CrimsonDesert.exe+C4435B: 44 8B C3 - mov r8d,ebx
}
107
"Reset?"
YesNo
0
C08000
4 Bytes
ptrList_reset_INJECT_GET_ARCHERY_COMP_DATA_150346
108
"#1"
0
FF8080
4 Bytes
ptrList_arr_INJECT_GET_ARCHERY_COMP_DATA_150346
14
109
"#2"
0
FF8080
4 Bytes
ptrList_arr_INJECT_GET_ARCHERY_COMP_DATA_150346+8
14
110
"Fast enemy kill / char HP full - check pt. 1"
Auto Assembler Script
{
Generated by AOBMaker, bbfox@https://opencheattables.com
Date : 2026/03/24
}
[ENABLE]
aobscanmodule(INJECT_FAST_ENEMY_KILL,$process,?? 89 ?? 24 08 ?? 0F 4C)
// raw AOB: 41 0F B6 7F 4A 49 8B 5F 40 48 89 6C 24 60 41 0F B6 6F 4B 48 89 74 24 28 41 0F B7 77 48 4C 89 74 24 20 4D 8B 77 50 66 45 89 2C 24 49 89 44 24 10 48 8D 44 24 70 49 89 4C 24 30 4A 8D 0C 02 49 39 C9 4D 89 5C 24 38 4D 8D 5C 24 28 4D 89 4C 24 08 49 0F 4C C9 66 41 89 74 24 50 48 8B 74 24 28 49 39 CA 41 88 6C 24 53 48 8B 6C 24 60 49 0F 4D C3 4D 89 74 24 40 4C 8B 74 24 20 49 89 54 24 18 4D 89 44 24 20 4D 89 13 41 88 7C 24 52 49 89 5C 24 48 48 89 4C 24 70 48 8B 00
// injection point AOB: ?? 89 ?? 24 08 ?? 0F 4C ?? 66 ?? 89 ?? 24 50 ?? 8B ?? 24 ?? ?? 39 ?? ?? 88 ?? 24 53 ?? 8B ?? ?? ?? ?? 0F 4D ?? ?? 89 ?? 24 40 ?? 8B ?? 24 ?? ?? 89 ?? 24 18 ?? 89 ?? 24 20 ?? 89 ?? ?? 88 ?? 24 52 ?? 89 ?? 24 48 ?? 89 ?? 24 ?? ?? 8B
alloc(newmem,$1000,INJECT_FAST_ENEMY_KILL)
alloc(INJECT_FAST_ENEMY_KILLo, $5)
label(code)
label(return)
label(i_fek_max_hp_threshold1 i_fek_min_hp_threshold1)
INJECT_FAST_ENEMY_KILLo:
readmem(INJECT_FAST_ENEMY_KILL, 5)
newmem:
cmp dword ptr [r12+A0], 0
je code
push r15
mov r15, [i_fek_max_hp_threshold1]
cmp dword ptr [r12+18], r15
pop r15
jae short @F
cmp dword ptr [r12+A0], 64
je short chk_next
cmp dword ptr [r12+10], 64
je short chk_next
cmp dword ptr [r12+10], #100000
je short chk_next
push r15
mov r15, [i_fek_min_hp_threshold1]
cmp dword ptr [r12+18], r15
pop r15
jbe short @F
cmp dword ptr [r12+10], #1000
je short chk_next
//cmp dword ptr [r12+A0], #100
//jae short chk_next
@@:
cmp dword ptr [r12+A4], -1
ja short code
cmp qword ptr [r12+08], #1000
jbe short code
mov r9, 0
cmp r9, rcx
mov [r12+08],r9
jmp short code
chk_next: // natural (0) or player (100)
//cmp dword ptr [r12+A0], #100
//jne short code
mov r9, [r12+18]
cmp r9, rcx
code:
// mov [r12+08],r9
reassemble(INJECT_FAST_ENEMY_KILL)
jmp return
align 10 cc
vf_m500:
dd (float)-500
vf_100:
dd (float)100
i_fek_max_hp_threshold1:
dq #2500000
i_fek_min_hp_threshold1:
dq #299000
INJECT_FAST_ENEMY_KILL:
jmp newmem
return:
registersymbol(INJECT_FAST_ENEMY_KILL INJECT_FAST_ENEMY_KILLo)
registersymbol(i_fek_max_hp_threshold1 i_fek_min_hp_threshold1)
[DISABLE]
INJECT_FAST_ENEMY_KILL:
readmem(INJECT_FAST_ENEMY_KILLo, 5)
unregistersymbol(INJECT_FAST_ENEMY_KILL INJECT_FAST_ENEMY_KILLo)
unregistersymbol(i_fek_max_hp_threshold1 i_fek_min_hp_threshold1)
dealloc(newmem)
dealloc(INJECT_FAST_ENEMY_KILLo)
{
// ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+C43272F
CrimsonDesert.exe+C4326E4: 41 0F B6 7F 4A - movzx edi,byte ptr [r15+4A]
CrimsonDesert.exe+C4326E9: 49 8B 5F 40 - mov rbx,[r15+40]
CrimsonDesert.exe+C4326ED: 48 89 6C 24 60 - mov [rsp+60],rbp
CrimsonDesert.exe+C4326F2: 41 0F B6 6F 4B - movzx ebp,byte ptr [r15+4B]
CrimsonDesert.exe+C4326F7: 48 89 74 24 28 - mov [rsp+28],rsi
CrimsonDesert.exe+C4326FC: 41 0F B7 77 48 - movzx esi,word ptr [r15+48]
CrimsonDesert.exe+C432701: 4C 89 74 24 20 - mov [rsp+20],r14
CrimsonDesert.exe+C432706: 4D 8B 77 50 - mov r14,[r15+50]
CrimsonDesert.exe+C43270A: 66 45 89 2C 24 - mov [r12],r13w
CrimsonDesert.exe+C43270F: 49 89 44 24 10 - mov [r12+10],rax
CrimsonDesert.exe+C432714: 48 8D 44 24 70 - lea rax,[rsp+70]
CrimsonDesert.exe+C432719: 49 89 4C 24 30 - mov [r12+30],rcx
CrimsonDesert.exe+C43271E: 4A 8D 0C 02 - lea rcx,[rdx+r8]
CrimsonDesert.exe+C432722: 49 39 C9 - cmp r9,rcx
CrimsonDesert.exe+C432725: 4D 89 5C 24 38 - mov [r12+38],r11
CrimsonDesert.exe+C43272A: 4D 8D 5C 24 28 - lea r11,[r12+28]
// ---------- INJECTING HERE ----------
CrimsonDesert.exe+C43272F: 4D 89 4C 24 08 - mov [r12+08],r9
// ---------- DONE INJECTING ----------
CrimsonDesert.exe+C432734: 49 0F 4C C9 - cmovl rcx,r9
CrimsonDesert.exe+C432738: 66 41 89 74 24 50 - mov [r12+50],si
CrimsonDesert.exe+C43273E: 48 8B 74 24 28 - mov rsi,[rsp+28]
CrimsonDesert.exe+C432743: 49 39 CA - cmp r10,rcx
CrimsonDesert.exe+C432746: 41 88 6C 24 53 - mov [r12+53],bpl
CrimsonDesert.exe+C43274B: 48 8B 6C 24 60 - mov rbp,[rsp+60]
CrimsonDesert.exe+C432750: 49 0F 4D C3 - cmovge rax,r11
CrimsonDesert.exe+C432754: 4D 89 74 24 40 - mov [r12+40],r14
CrimsonDesert.exe+C432759: 4C 8B 74 24 20 - mov r14,[rsp+20]
CrimsonDesert.exe+C43275E: 49 89 54 24 18 - mov [r12+18],rdx
CrimsonDesert.exe+C432763: 4D 89 44 24 20 - mov [r12+20],r8
CrimsonDesert.exe+C432768: 4D 89 13 - mov [r11],r10
CrimsonDesert.exe+C43276B: 41 88 7C 24 52 - mov [r12+52],dil
CrimsonDesert.exe+C432770: 49 89 5C 24 48 - mov [r12+48],rbx
CrimsonDesert.exe+C432775: 48 89 4C 24 70 - mov [rsp+70],rcx
CrimsonDesert.exe+C43277A: 48 8B 00 - mov rax,[rax]
}
123
"disable when in boss fight / enemy inf. HP"
8000FF
1
125
"min HP threshold to set as boss"
0
C08000
8 Bytes
i_fek_max_hp_threshold1
148
"min HP to check as enemy/animal"
0
C08000
4 Bytes
i_fek_min_hp_threshold1
111
"Fast enemy kill / char HP full - check pt. 2"
Auto Assembler Script
{
Generated by AOBMaker, bbfox@https://opencheattables.com
Date : 2026/03/25
}
[ENABLE]
aobscanmodule(INJECT_FAST_ENEMY_KILL_CHK2,$process,?? 89 ?? 08 ?? 8B ?? 24 ?? ?? 89 ?? 38 66)
// raw AOB: 4C 8D 4C 24 58 49 89 F0 48 8D 54 24 40 48 89 F9 E8 ?? ?? ?? ?? 48 8B 4F 30 48 39 08 7C ?? C6 47 52 00 31 D2 48 89 D8 48 2B 47 18 48 39 5F 18 48 0F 4F C2 48 89 47 20 48 FF 47 48 48 89 5F 08 48 8B 5C 24 48 48 89 77 38 66 89 6F 50 48 83 C4 20 5F 5E 5D C3 CC 4C 8B 0C 24 4C 89 3C 24 4C 8D 3D ?? ?? ?? ?? 4D 8D BF 26 F4 DE FE 9C 56 49 8D B7 3A D4 7C CF 48 81 C6 F3 CC 13 79
// injection point AOB: ?? 89 ?? 08 ?? 8B ?? 24 ?? ?? 89 ?? 38 66 89 ?? 50 48 83 C4 20 ?? ?? 5D C3 CC ?? 8B ?? 24 ?? 89 ?? 24 ?? 8D ?? ?? ?? ?? ?? ?? 8D ?? 26 F4 DE FE 9C ?? ?? 8D ?? 3A D4 7C CF ?? 81 ?? F3 CC 13 79
alloc(newmem,$1000,INJECT_FAST_ENEMY_KILL_CHK2)
alloc(INJECT_FAST_ENEMY_KILL_CHK2o, $9)
label(code)
label(return)
label(i_fek_max_hp_threshold2 i_fek_min_hp_threshold2)
INJECT_FAST_ENEMY_KILL_CHK2o:
readmem(INJECT_FAST_ENEMY_KILL_CHK2, 9)
newmem:
cmp dword ptr [rdi+A4], 0
je code
push r15
mov r15, [i_fek_max_hp_threshold2]
cmp dword ptr [rdi+18], r15
pop r15
jae short @F
cmp dword ptr [rdi+A0], 64
je short chk_next
cmp dword ptr [rdi+10], 64 // Spirit delta
je short chk_next
cmp dword ptr [rdi+10], #100000 // Sta delta
je short chk_next
push r15
mov r15, [i_fek_min_hp_threshold2]
cmp dword ptr [rdi+18], r15
pop r15
jbe short @F
cmp dword ptr [rdi+10], #1000 // HP delta
je short chk_next
//cmp dword ptr [rdi+A4], #100
//jae short chk_next
@@:
cmp dword ptr [rdi+A4], -1
ja short code
cmp qword ptr [rdi+08], #1000
jbe short code
mov rbx, 0
mov [rdi+08],rbx
jmp short code
chk_next: // natural (0) or player (100)
mov rbx, [rdi+18]
code:
// mov [rdi+08],rbx
reassemble(INJECT_FAST_ENEMY_KILL_CHK2)
// mov rbx,[rsp+48]
reassemble(INJECT_FAST_ENEMY_KILL_CHK2+4)
jmp return
align 10 cc
i_fek_max_hp_threshold2:
dq #2500000
i_fek_min_hp_threshold2:
dq #299000
INJECT_FAST_ENEMY_KILL_CHK2:
jmp newmem
nop 4
return:
registersymbol(INJECT_FAST_ENEMY_KILL_CHK2 INJECT_FAST_ENEMY_KILL_CHK2o)
registersymbol(i_fek_max_hp_threshold2 i_fek_min_hp_threshold2)
[DISABLE]
INJECT_FAST_ENEMY_KILL_CHK2:
readmem(INJECT_FAST_ENEMY_KILL_CHK2o, 9)
unregistersymbol(INJECT_FAST_ENEMY_KILL_CHK2 INJECT_FAST_ENEMY_KILL_CHK2o)
unregistersymbol(i_fek_max_hp_threshold2 i_fek_min_hp_threshold2)
dealloc(newmem)
dealloc(INJECT_FAST_ENEMY_KILL_CHK2o)
{
// ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+C4567D6
CrimsonDesert.exe+C45679B: 4C 8D 4C 24 58 - lea r9,[rsp+58]
CrimsonDesert.exe+C4567A0: 49 89 F0 - mov r8,rsi
CrimsonDesert.exe+C4567A3: 48 8D 54 24 40 - lea rdx,[rsp+40]
CrimsonDesert.exe+C4567A8: 48 89 F9 - mov rcx,rdi
CrimsonDesert.exe+C4567AB: E8 B0 DF E6 F4 - call CrimsonDesert.exe+12C4760
CrimsonDesert.exe+C4567B0: 48 8B 4F 30 - mov rcx,[rdi+30]
CrimsonDesert.exe+C4567B4: 48 39 08 - cmp [rax],rcx
CrimsonDesert.exe+C4567B7: 7C 04 - jl CrimsonDesert.exe+C4567BD
CrimsonDesert.exe+C4567B9: C6 47 52 00 - mov byte ptr [rdi+52],00
CrimsonDesert.exe+C4567BD: 31 D2 - xor edx,edx
CrimsonDesert.exe+C4567BF: 48 89 D8 - mov rax,rbx
CrimsonDesert.exe+C4567C2: 48 2B 47 18 - sub rax,[rdi+18]
CrimsonDesert.exe+C4567C6: 48 39 5F 18 - cmp [rdi+18],rbx
CrimsonDesert.exe+C4567CA: 48 0F 4F C2 - cmovg rax,rdx
CrimsonDesert.exe+C4567CE: 48 89 47 20 - mov [rdi+20],rax
CrimsonDesert.exe+C4567D2: 48 FF 47 48 - inc qword ptr [rdi+48]
// ---------- INJECTING HERE ----------
CrimsonDesert.exe+C4567D6: 48 89 5F 08 - mov [rdi+08],rbx
// ---------- DONE INJECTING ----------
CrimsonDesert.exe+C4567DA: 48 8B 5C 24 48 - mov rbx,[rsp+48]
CrimsonDesert.exe+C4567DF: 48 89 77 38 - mov [rdi+38],rsi
CrimsonDesert.exe+C4567E3: 66 89 6F 50 - mov [rdi+50],bp
CrimsonDesert.exe+C4567E7: 48 83 C4 20 - add rsp,20
CrimsonDesert.exe+C4567EB: 5F - pop rdi
CrimsonDesert.exe+C4567EC: 5E - pop rsi
CrimsonDesert.exe+C4567ED: 5D - pop rbp
CrimsonDesert.exe+C4567EE: C3 - ret
CrimsonDesert.exe+C4567EF: CC - int 3
CrimsonDesert.exe+C4567F0: 4C 8B 0C 24 - mov r9,[rsp]
CrimsonDesert.exe+C4567F4: 4C 89 3C 24 - mov [rsp],r15
CrimsonDesert.exe+C4567F8: 4C 8D 3D 95 BC E5 FB - lea r15,[CrimsonDesert.exe+82B2494]
CrimsonDesert.exe+C4567FF: 4D 8D BF 26 F4 DE FE - lea r15,[r15-01210BDA]
CrimsonDesert.exe+C456806: 9C - pushfq
CrimsonDesert.exe+C456807: 56 - push rsi
CrimsonDesert.exe+C456808: 49 8D B7 3A D4 7C CF - lea rsi,[r15-30832BC6]
}
122
"disable when in boss fight / enemy inf. HP"
8000FF
1
124
"min HP threshold to set as boss"
0
C08000
8 Bytes
i_fek_max_hp_threshold2
147
"min HP to check as enemy/animal"
0
C08000
4 Bytes
i_fek_min_hp_threshold2
129
"When add base skill attr: get current values"
Auto Assembler Script
{
Generated by AOBMaker, bbfox@https://opencheattables.com
Date : 2026/03/25
}
[ENABLE]
aobscanmodule(INJECT_SKILL_ADD_BASE_ATTR_LIST,$process,89 ?? 08 39 ?? 04 7D ?? 89 ?? 04 ?? 8B)
// raw AOB: 66 89 54 24 10 55 56 57 48 83 EC 70 48 8D 69 18 41 8B F1 48 8D 8C 24 98 00 00 00 41 8B F8 0F B7 DA E8 ?? ?? ?? ?? 48 8B D0 48 8B CD E8 ?? ?? ?? ?? 48 85 C0 74 ?? 89 78 08 39 78 04 7D ?? 89 78 04 48 8B 8C 24 B0 00 00 00 48 89 48 10 89 70 0C 48 8B 9C 24 A0 00 00 00 48 83 C4 70 5F 5E 5D C3 48 8B 84 24 B0 00 00 00 48 8D 8C 24 90 00 00 00 48 89 44 24 50 66 89 5C 24 40 89 7C 24 44
// injection point AOB: 89 ?? 08 39 ?? 04 7D ?? 89 ?? 04 ?? 8B ?? 24 ?? 00 00 00 ?? 89 ?? 10 89 ?? 0C ?? 8B ?? 24 ?? 00 00 00 48 83 C4 70 ?? ?? 5D C3 ?? 8B ?? 24 ?? 00 00 00 ?? 8D ?? 24 ?? 00 00 00 ?? 89 ?? 24 ?? 66 89 ?? 24 ?? 89 ?? 24
alloc(newmem,$1000,INJECT_SKILL_ADD_BASE_ATTR_LIST)
alloc(ptrList_arr_INJECT_SKILL_ADD_BASE_ATTR_LIST_194470,$30)
alloc(INJECT_SKILL_ADD_BASE_ATTR_LISTo, $6)
label(code)
label(return)
label(ptrList_count_INJECT_SKILL_ADD_BASE_ATTR_LIST_194470)
INJECT_SKILL_ADD_BASE_ATTR_LISTo:
readmem(INJECT_SKILL_ADD_BASE_ATTR_LIST, 6)
newmem:
// **** Begin Auto script: AddressCapture
// mode=List, capacity=6
pushfq
push r15
push r14
// Address Capture List
mov r15, ptrList_arr_INJECT_SKILL_ADD_BASE_ATTR_LIST_194470
xor r14d, r14d
dedup_loop_194470:
cmp r14d, [ptrList_count_INJECT_SKILL_ADD_BASE_ATTR_LIST_194470]
jge store_new_194470
cmp [r15+r14*8], rax
je skip_store_194470
inc r14d
jmp dedup_loop_194470
store_new_194470:
cmp r14d, #6
jge skip_store_194470
mov [r15+r14*8], rax
inc dword ptr [ptrList_count_INJECT_SKILL_ADD_BASE_ATTR_LIST_194470]
skip_store_194470:
pop r14
pop r15
popfq
// **** End Auto script: AddressCapture
code:
// mov [rax+08],edi
reassemble(INJECT_SKILL_ADD_BASE_ATTR_LIST)
// cmp [rax+04],edi
reassemble(INJECT_SKILL_ADD_BASE_ATTR_LIST+3)
jmp return
align 10 cc
ptrList_count_INJECT_SKILL_ADD_BASE_ATTR_LIST_194470:
dd 0
INJECT_SKILL_ADD_BASE_ATTR_LIST:
jmp newmem
nop 1
return:
registersymbol(INJECT_SKILL_ADD_BASE_ATTR_LIST INJECT_SKILL_ADD_BASE_ATTR_LISTo ptrList_arr_INJECT_SKILL_ADD_BASE_ATTR_LIST_194470 ptrList_count_INJECT_SKILL_ADD_BASE_ATTR_LIST_194470)
[DISABLE]
INJECT_SKILL_ADD_BASE_ATTR_LIST:
readmem(INJECT_SKILL_ADD_BASE_ATTR_LISTo, 6)
unregistersymbol(INJECT_SKILL_ADD_BASE_ATTR_LIST INJECT_SKILL_ADD_BASE_ATTR_LISTo ptrList_arr_INJECT_SKILL_ADD_BASE_ATTR_LIST_194470 ptrList_count_INJECT_SKILL_ADD_BASE_ATTR_LIST_194470)
dealloc(newmem)
dealloc(INJECT_SKILL_ADD_BASE_ATTR_LISTo)
dealloc(ptrList_arr_INJECT_SKILL_ADD_BASE_ATTR_LIST_194470)
{
// ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+1B37BBB
CrimsonDesert.exe+1B37B85: 66 89 54 24 10 - mov [rsp+10],dx
CrimsonDesert.exe+1B37B8A: 55 - push rbp
CrimsonDesert.exe+1B37B8B: 56 - push rsi
CrimsonDesert.exe+1B37B8C: 57 - push rdi
CrimsonDesert.exe+1B37B8D: 48 83 EC 70 - sub rsp,70
CrimsonDesert.exe+1B37B91: 48 8D 69 18 - lea rbp,[rcx+18]
CrimsonDesert.exe+1B37B95: 41 8B F1 - mov esi,r9d
CrimsonDesert.exe+1B37B98: 48 8D 8C 24 98 00 00 00 - lea rcx,[rsp+00000098]
CrimsonDesert.exe+1B37BA0: 41 8B F8 - mov edi,r8d
CrimsonDesert.exe+1B37BA3: 0F B7 DA - movzx ebx,dx
CrimsonDesert.exe+1B37BA6: E8 35 1E 7C FE - call CrimsonDesert.exe+2F99E0
CrimsonDesert.exe+1B37BAB: 48 8B D0 - mov rdx,rax
CrimsonDesert.exe+1B37BAE: 48 8B CD - mov rcx,rbp
CrimsonDesert.exe+1B37BB1: E8 AA 11 7A FE - call CrimsonDesert.exe+2D8D60
CrimsonDesert.exe+1B37BB6: 48 85 C0 - test rax,rax
CrimsonDesert.exe+1B37BB9: 74 2A - je CrimsonDesert.exe+1B37BE5
// ---------- INJECTING HERE ----------
CrimsonDesert.exe+1B37BBB: 89 78 08 - mov [rax+08],edi
// ---------- DONE INJECTING ----------
CrimsonDesert.exe+1B37BBE: 39 78 04 - cmp [rax+04],edi
CrimsonDesert.exe+1B37BC1: 7D 03 - jnl CrimsonDesert.exe+1B37BC6
CrimsonDesert.exe+1B37BC3: 89 78 04 - mov [rax+04],edi
CrimsonDesert.exe+1B37BC6: 48 8B 8C 24 B0 00 00 00 - mov rcx,[rsp+000000B0]
CrimsonDesert.exe+1B37BCE: 48 89 48 10 - mov [rax+10],rcx
CrimsonDesert.exe+1B37BD2: 89 70 0C - mov [rax+0C],esi
CrimsonDesert.exe+1B37BD5: 48 8B 9C 24 A0 00 00 00 - mov rbx,[rsp+000000A0]
CrimsonDesert.exe+1B37BDD: 48 83 C4 70 - add rsp,70
CrimsonDesert.exe+1B37BE1: 5F - pop rdi
CrimsonDesert.exe+1B37BE2: 5E - pop rsi
CrimsonDesert.exe+1B37BE3: 5D - pop rbp
CrimsonDesert.exe+1B37BE4: C3 - ret
CrimsonDesert.exe+1B37BE5: 48 8B 84 24 B0 00 00 00 - mov rax,[rsp+000000B0]
CrimsonDesert.exe+1B37BED: 48 8D 8C 24 90 00 00 00 - lea rcx,[rsp+00000090]
CrimsonDesert.exe+1B37BF5: 48 89 44 24 50 - mov [rsp+50],rax
CrimsonDesert.exe+1B37BFA: 66 89 5C 24 40 - mov [rsp+40],bx
}
130
"#1"
0
FF8080
4 Bytes
ptrList_arr_INJECT_SKILL_ADD_BASE_ATTR_LIST_194470
8
131
"#1"
0
FF8080
4 Bytes
ptrList_arr_INJECT_SKILL_ADD_BASE_ATTR_LIST_194470+8
8
132
"#2"
0
FF8080
4 Bytes
ptrList_arr_INJECT_SKILL_ADD_BASE_ATTR_LIST_194470+10
8
134
"#2"
0
FF8080
4 Bytes
ptrList_arr_INJECT_SKILL_ADD_BASE_ATTR_LIST_194470+18
8
135
"#3"
0
FF8080
4 Bytes
ptrList_arr_INJECT_SKILL_ADD_BASE_ATTR_LIST_194470+20
8
133
"#3"
0
FF8080
4 Bytes
ptrList_arr_INJECT_SKILL_ADD_BASE_ATTR_LIST_194470+28
8
137
"Get base attr. skill values"
1
138
"Enable value list #1"
Auto Assembler Script
{
Generated by AOBMaker, bbfox@https://opencheattables.com
Date : 2026/03/25
}
[ENABLE]
aobscanmodule(GET_BASE_ATTR_SKILL_1,$process,?? 8B ?? 08 ?? 8D ?? ?? ?? 00 00 E8 ?? ?? ?? ?? ?? 8B ?? 50 8B ?? 58 ?? 8D ?? 40 ?? C1 ?? 04 ?? 03 ?? ?? 3B ?? 74 ?? ?? 39 ?? 7D ?? ?? 8B ?? 08 ?? 8B)
// raw AOB: 0F 84 ?? ?? ?? ?? 0F 1F 84 00 00 00 00 00 8B C2 45 39 4C C2 08 75 ?? 41 8B 4C C2 0C 49 8B 45 30 4C 8B 04 C8 45 39 48 04 74 ?? FF C2 41 3B D3 73 ?? EB ?? 49 83 C0 08 74 ?? 41 8B 58 08 48 8D 8D 60 08 00 00 E8 ?? ?? ?? ?? 4C 8B 40 50 8B 40 58 4C 8D 0C 40 49 C1 E1 04 4D 03 C8 4D 3B C1 74 ?? 41 39 18 7D ?? 49 8B 40 08 41 8B 50 10 48 C1 E2 04 48 03 D0 48 3B C2 74
// injection point AOB: ?? 8B ?? 08 ?? 8D ?? ?? ?? 00 00 E8 ?? ?? ?? ?? ?? 8B ?? 50 8B ?? 58 ?? 8D ?? 40 ?? C1 ?? 04 ?? 03 ?? ?? 3B ?? 74 ?? ?? 39 ?? 7D ?? ?? 8B ?? 08 ?? 8B ?? 10 ?? C1 ?? 04 ?? 03 ?? ?? 3B ?? 74
alloc(newmem,$1000,GET_BASE_ATTR_SKILL_1)
alloc(ptrList_arr_GET_BASE_ATTR_SKILL_1_292573,$18)
alloc(GET_BASE_ATTR_SKILL_1o, $B)
label(code)
label(return)
label(ptrList_count_GET_BASE_ATTR_SKILL_1_292573)
label(i_aob_base_addr_329823)
label(i_aob_offset_329823)
GET_BASE_ATTR_SKILL_1o:
readmem(GET_BASE_ATTR_SKILL_1, 11)
newmem:
push r14
mov [i_aob_base_addr_329823], rbp
xor r14, r14
db 49 C7 C6
readmem(GET_BASE_ATTR_SKILL_1+3,4)
mov [i_aob_offset_329823], r14
pop r14
// **** Begin Auto script: AddressCapture
// mode=List, capacity=3
pushfq
push r15
push r14
// Address Capture List
mov r15, ptrList_arr_GET_BASE_ATTR_SKILL_1_292573
xor r14d, r14d
dedup_loop_292573:
cmp r14d, [ptrList_count_GET_BASE_ATTR_SKILL_1_292573]
jge store_new_292573
cmp [r15+r14*8], r8
je skip_store_292573
inc r14d
jmp dedup_loop_292573
store_new_292573:
cmp r14d, #3
jge skip_store_292573
mov [r15+r14*8], r8
inc dword ptr [ptrList_count_GET_BASE_ATTR_SKILL_1_292573]
skip_store_292573:
pop r14
pop r15
popfq
// **** End Auto script: AddressCapture
code:
// mov ebx,[r8+08]
reassemble(GET_BASE_ATTR_SKILL_1)
// lea rcx,[rbp+00000860]
reassemble(GET_BASE_ATTR_SKILL_1+4)
jmp return
align 10 cc
i_aob_base_addr_329823:
dq 0
i_aob_offset_329823:
dq 0
ptrList_count_GET_BASE_ATTR_SKILL_1_292573:
dd 0
GET_BASE_ATTR_SKILL_1:
jmp newmem
nop 6
return:
registersymbol(GET_BASE_ATTR_SKILL_1 GET_BASE_ATTR_SKILL_1o i_aob_base_addr_329823 i_aob_offset_329823)
registersymbol(ptrList_arr_GET_BASE_ATTR_SKILL_1_292573 ptrList_count_GET_BASE_ATTR_SKILL_1_292573)
[DISABLE]
GET_BASE_ATTR_SKILL_1:
readmem(GET_BASE_ATTR_SKILL_1o, 11)
unregistersymbol(GET_BASE_ATTR_SKILL_1 GET_BASE_ATTR_SKILL_1o i_aob_base_addr_329823 i_aob_offset_329823)
unregistersymbol(ptrList_arr_GET_BASE_ATTR_SKILL_1_292573 ptrList_count_GET_BASE_ATTR_SKILL_1_292573)
dealloc(newmem)
dealloc(GET_BASE_ATTR_SKILL_1o)
dealloc(ptrList_arr_GET_BASE_ATTR_SKILL_1_292573)
{
// ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+1B38C6B
CrimsonDesert.exe+1B38C32: 0F 84 96 00 00 00 - je CrimsonDesert.exe+1B38CCE
CrimsonDesert.exe+1B38C38: 0F 1F 84 00 00 00 00 00 - nop dword ptr [rax+rax+00000000]
CrimsonDesert.exe+1B38C40: 8B C2 - mov eax,edx
CrimsonDesert.exe+1B38C42: 45 39 4C C2 08 - cmp [r10+rax*8+08],r9d
CrimsonDesert.exe+1B38C47: 75 13 - jne CrimsonDesert.exe+1B38C5C
CrimsonDesert.exe+1B38C49: 41 8B 4C C2 0C - mov ecx,[r10+rax*8+0C]
CrimsonDesert.exe+1B38C4E: 49 8B 45 30 - mov rax,[r13+30]
CrimsonDesert.exe+1B38C52: 4C 8B 04 C8 - mov r8,[rax+rcx*8]
CrimsonDesert.exe+1B38C56: 45 39 48 04 - cmp [r8+04],r9d
CrimsonDesert.exe+1B38C5A: 74 09 - je CrimsonDesert.exe+1B38C65
CrimsonDesert.exe+1B38C5C: FF C2 - inc edx
CrimsonDesert.exe+1B38C5E: 41 3B D3 - cmp edx,r11d
CrimsonDesert.exe+1B38C61: 73 6B - jae CrimsonDesert.exe+1B38CCE
CrimsonDesert.exe+1B38C63: EB DB - jmp CrimsonDesert.exe+1B38C40
CrimsonDesert.exe+1B38C65: 49 83 C0 08 - add r8,08
CrimsonDesert.exe+1B38C69: 74 63 - je CrimsonDesert.exe+1B38CCE
// ---------- INJECTING HERE ----------
CrimsonDesert.exe+1B38C6B: 41 8B 58 08 - mov ebx,[r8+08]
// ---------- DONE INJECTING ----------
CrimsonDesert.exe+1B38C6F: 48 8D 8D 60 08 00 00 - lea rcx,[rbp+00000860]
CrimsonDesert.exe+1B38C76: E8 65 0D 7C FE - call CrimsonDesert.exe+2F99E0
CrimsonDesert.exe+1B38C7B: 4C 8B 40 50 - mov r8,[rax+50]
CrimsonDesert.exe+1B38C7F: 8B 40 58 - mov eax,[rax+58]
CrimsonDesert.exe+1B38C82: 4C 8D 0C 40 - lea r9,[rax+rax*2]
CrimsonDesert.exe+1B38C86: 49 C1 E1 04 - shl r9,04
CrimsonDesert.exe+1B38C8A: 4D 03 C8 - add r9,r8
CrimsonDesert.exe+1B38C8D: 4D 3B C1 - cmp r8,r9
CrimsonDesert.exe+1B38C90: 74 3A - je CrimsonDesert.exe+1B38CCC
CrimsonDesert.exe+1B38C92: 41 39 18 - cmp [r8],ebx
CrimsonDesert.exe+1B38C95: 7D 35 - jnl CrimsonDesert.exe+1B38CCC
CrimsonDesert.exe+1B38C97: 49 8B 40 08 - mov rax,[r8+08]
CrimsonDesert.exe+1B38C9B: 41 8B 50 10 - mov edx,[r8+10]
CrimsonDesert.exe+1B38C9F: 48 C1 E2 04 - shl rdx,04
CrimsonDesert.exe+1B38CA3: 48 03 D0 - add rdx,rax
CrimsonDesert.exe+1B38CA6: 48 3B C2 - cmp rax,rdx
}
139
"#1"
0
FF8080
4 Bytes
ptrList_arr_GET_BASE_ATTR_SKILL_1_292573
8
140
"#2"
0
FF8080
4 Bytes
ptrList_arr_GET_BASE_ATTR_SKILL_1_292573+8
8
141
"#3"
0
FF8080
4 Bytes
ptrList_arr_GET_BASE_ATTR_SKILL_1_292573+10
8
142
"Enable value list #2"
Auto Assembler Script
{
Generated by AOBMaker, bbfox@https://opencheattables.com
Date : 2026/03/25
}
[ENABLE]
aobscanmodule(GET_BASE_ATTR_SKILL_2,$process,?? 8B ?? 08 ?? 8B ?? 24 ?? ?? 8B ?? ?? 01 ?? FF ?? 20 89)
// raw AOB: FF C2 44 39 DA 72 ?? 48 8B 4C 24 30 48 8B 01 B2 01 FF 50 20 31 C0 48 8B 5C 24 38 48 83 C4 20 5F C3 8B 0D ?? ?? ?? ?? 81 C1 07 0A B3 D6 49 01 C8 74 ?? 41 8B 58 08 48 8B 4C 24 30 4C 8B 01 B2 01 41 FF 50 20 89 D8 48 8B 5C 24 38 48 83 C4 20 5F C3 CC 48 8B 3C 24 4C 89 1C 24 4C 8D 1D ?? ?? ?? ?? 49 81 C3 C5 03 78 04 4C 87 1C 24 4C 8D 1C 24 49 81 EB 49 BC 0F A2
// injection point AOB: ?? 8B ?? 08 ?? 8B ?? 24 ?? ?? 8B ?? ?? 01 ?? FF ?? 20 89 ?? ?? 8B ?? 24 ?? 48 83 C4 20 ?? C3 CC ?? 8B ?? 24 ?? 89 ?? 24 ?? 8D ?? ?? ?? ?? ?? ?? 81 ?? C5 03 78 04 ?? 87 ?? 24 ?? 8D ?? 24 ?? 81 ?? 49 BC 0F A2
alloc(newmem,$1000,GET_BASE_ATTR_SKILL_2)
alloc(ptrList_arr_GET_BASE_ATTR_SKILL_2_792687,$20)
alloc(GET_BASE_ATTR_SKILL_2o, $9)
label(code)
label(return)
label(ptrList_count_GET_BASE_ATTR_SKILL_2_792687)
label(i_aob_base_addr_445520)
label(i_aob_offset_445520)
GET_BASE_ATTR_SKILL_2o:
readmem(GET_BASE_ATTR_SKILL_2, 9)
newmem:
push r14
mov [i_aob_base_addr_445520], rsp
xor r14, r14
db 41 B6
readmem(GET_BASE_ATTR_SKILL_2+4,1)
mov [i_aob_offset_445520], r14
pop r14
// **** Begin Auto script: AddressCapture
// mode=List, capacity=4
pushfq
push r15
push r14
// Address Capture List
mov r15, ptrList_arr_GET_BASE_ATTR_SKILL_2_792687
xor r14d, r14d
dedup_loop_792687:
cmp r14d, [ptrList_count_GET_BASE_ATTR_SKILL_2_792687]
jge store_new_792687
cmp [r15+r14*8], r8
je skip_store_792687
inc r14d
jmp dedup_loop_792687
store_new_792687:
cmp r14d, #4
jge skip_store_792687
mov [r15+r14*8], r8
inc dword ptr [ptrList_count_GET_BASE_ATTR_SKILL_2_792687]
skip_store_792687:
pop r14
pop r15
popfq
// **** End Auto script: AddressCapture
code:
// mov ebx,[r8+08]
reassemble(GET_BASE_ATTR_SKILL_2)
// mov rcx,[rsp+30]
reassemble(GET_BASE_ATTR_SKILL_2+4)
jmp return
align 10 cc
i_aob_base_addr_445520:
dq 0
i_aob_offset_445520:
dq 0
ptrList_count_GET_BASE_ATTR_SKILL_2_792687:
dd 0
GET_BASE_ATTR_SKILL_2:
jmp newmem
nop 4
return:
registersymbol(GET_BASE_ATTR_SKILL_2 GET_BASE_ATTR_SKILL_2o i_aob_base_addr_445520 i_aob_offset_445520)
registersymbol(ptrList_arr_GET_BASE_ATTR_SKILL_2_792687 ptrList_count_GET_BASE_ATTR_SKILL_2_792687)
[DISABLE]
GET_BASE_ATTR_SKILL_2:
readmem(GET_BASE_ATTR_SKILL_2o, 9)
unregistersymbol(GET_BASE_ATTR_SKILL_2 GET_BASE_ATTR_SKILL_2o i_aob_base_addr_445520 i_aob_offset_445520)
unregistersymbol(ptrList_arr_GET_BASE_ATTR_SKILL_2_792687 ptrList_count_GET_BASE_ATTR_SKILL_2_792687)
dealloc(newmem)
dealloc(GET_BASE_ATTR_SKILL_2o)
dealloc(ptrList_arr_GET_BASE_ATTR_SKILL_2_792687)
{
// ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+C56A3AC
CrimsonDesert.exe+C56A37A: FF C2 - inc edx
CrimsonDesert.exe+C56A37C: 44 39 DA - cmp edx,r11d
CrimsonDesert.exe+C56A37F: 72 DF - jb CrimsonDesert.exe+C56A360
CrimsonDesert.exe+C56A381: 48 8B 4C 24 30 - mov rcx,[rsp+30]
CrimsonDesert.exe+C56A386: 48 8B 01 - mov rax,[rcx]
CrimsonDesert.exe+C56A389: B2 01 - mov dl,01
CrimsonDesert.exe+C56A38B: FF 50 20 - call qword ptr [rax+20]
CrimsonDesert.exe+C56A38E: 31 C0 - xor eax,eax
CrimsonDesert.exe+C56A390: 48 8B 5C 24 38 - mov rbx,[rsp+38]
CrimsonDesert.exe+C56A395: 48 83 C4 20 - add rsp,20
CrimsonDesert.exe+C56A399: 5F - pop rdi
CrimsonDesert.exe+C56A39A: C3 - ret
CrimsonDesert.exe+C56A39B: 8B 0D 4F 4F 58 04 - mov ecx,[CrimsonDesert.exe+10AEF2F0]
CrimsonDesert.exe+C56A3A1: 81 C1 07 0A B3 D6 - add ecx,D6B30A07
CrimsonDesert.exe+C56A3A7: 49 01 C8 - add r8,rcx
CrimsonDesert.exe+C56A3AA: 74 D5 - je CrimsonDesert.exe+C56A381
// ---------- INJECTING HERE ----------
CrimsonDesert.exe+C56A3AC: 41 8B 58 08 - mov ebx,[r8+08]
// ---------- DONE INJECTING ----------
CrimsonDesert.exe+C56A3B0: 48 8B 4C 24 30 - mov rcx,[rsp+30]
CrimsonDesert.exe+C56A3B5: 4C 8B 01 - mov r8,[rcx]
CrimsonDesert.exe+C56A3B8: B2 01 - mov dl,01
CrimsonDesert.exe+C56A3BA: 41 FF 50 20 - call qword ptr [r8+20]
CrimsonDesert.exe+C56A3BE: 89 D8 - mov eax,ebx
CrimsonDesert.exe+C56A3C0: 48 8B 5C 24 38 - mov rbx,[rsp+38]
CrimsonDesert.exe+C56A3C5: 48 83 C4 20 - add rsp,20
CrimsonDesert.exe+C56A3C9: 5F - pop rdi
CrimsonDesert.exe+C56A3CA: C3 - ret
CrimsonDesert.exe+C56A3CB: CC - int 3
CrimsonDesert.exe+C56A3CC: 48 8B 3C 24 - mov rdi,[rsp]
CrimsonDesert.exe+C56A3D0: 4C 89 1C 24 - mov [rsp],r11
CrimsonDesert.exe+C56A3D4: 4C 8D 1D 1D B9 CB 02 - lea r11,[CrimsonDesert.exe+F225CF8]
CrimsonDesert.exe+C56A3DB: 49 81 C3 C5 03 78 04 - add r11,047803C5
CrimsonDesert.exe+C56A3E2: 4C 87 1C 24 - xchg [rsp],r11
CrimsonDesert.exe+C56A3E6: 4C 8D 1C 24 - lea r11,[rsp]
}
143
"#2"
0
FF8080
4 Bytes
ptrList_arr_GET_BASE_ATTR_SKILL_2_792687
8
144
"#3"
0
FF8080
4 Bytes
ptrList_arr_GET_BASE_ATTR_SKILL_2_792687+8
8
145
"#3"
0
FF8080
4 Bytes
ptrList_arr_GET_BASE_ATTR_SKILL_2_792687+10
8
146
"#4"
0
FF8080
4 Bytes
ptrList_arr_GET_BASE_ATTR_SKILL_2_792687+18
8
112
"Crimson Desert / https://opencheattables.com / CE 7.6+"
008E00
1
113
"YesNo"
0:No
1:Yes
1
114
"Player_Base_alt1"
Auto Assembler Script
[ENABLE]
{$lua}
if syntaxcheck then return end
if not AOBScanModule then
function AOBScanModule(moduleName, signature)
local baseAddr = nil
local maxAddr = 0
local modList
synchronize(function()
modList = enumModules()
end)
for _, mod in ipairs(modList) do
if string.lower(mod.Name) == string.lower(moduleName) then
baseAddr = mod.Address
maxAddr = baseAddr + mod.Size
break
end
end
if not baseAddr then return nil end
local ms = createMemScan()
synchronize(function()
ms.firstScan(soExactValue, vtByteArray, nil, signature,
nil, baseAddr, maxAddr, '+X-C-W', fsmNotAligned, '1', true, true, false, false)
end)
ms.waitTillDone()
local results = createFoundList(ms)
results.initialize()
local addr
synchronize(function()
if results.getCount() > 0 then
addr = results[0]
end
end)
results.destroy()
ms.destroy()
return addr
end
end
local AOBs = {
{name='Player_Base_alt1', aob='?? 8D ?? ?? ?? ?? ?? ?? 8D ?? ?? ?? 00 00 E8 ?? ?? ?? ?? 90 C6 ?? ?? 00 0F 57 ?? 33 ?? 0F 11', pos=3, aoblen=7, symbol='Player_Base_alt1_addr'},
}
local module_name = process
for _, entry in ipairs(AOBs) do
local aob_addr_str = AOBScanModule(module_name, entry.aob)
if aob_addr_str then
local aob_addr_val = tonumber(aob_addr_str, 16)
local offset_addr = aob_addr_val + entry.pos
local relative_offset = readInteger(offset_addr, true)
local final_addr = relative_offset + aob_addr_val + entry.aoblen
synchronize(function()
unregisterSymbol(entry.symbol)
registerSymbol(entry.symbol, final_addr)
end)
print(string.format('[SymbolScanner] %s registered at: %X', entry.name, final_addr))
else
print(string.format('[SymbolScanner] WARNING: AOB scan failed for %s', entry.name))
end
end
{$asm}
[DISABLE]
{$lua}
if syntaxcheck then return end
unregisterSymbol('Player_Base_alt1_addr')
{$asm}
115
"INJECT_GET_BAG_BONUS_SLOTS_2_AOB"
Auto Assembler Script
{ Game : CrimsonDesert.exe
Version:
Date : 2026-03-22
Author : Andyc
Description :
<Optional info>
}
[ENABLE]
aobscanmodule(INJECT_GET_BAG_BONUS_SLOTS_2_AOB,CrimsonDesert.exe,0F B7 46 16 66 89 45 9A) // should be unique
alloc(newmem,$1000,INJECT_GET_BAG_BONUS_SLOTS_2_AOB)
label(code)
label(return)
newmem:
code:
movzx eax,word ptr [rsi+16]
mov [rbp-66],ax
jmp return
INJECT_GET_BAG_BONUS_SLOTS_2_AOB:
jmp newmem
nop 3
return:
registersymbol(INJECT_GET_BAG_BONUS_SLOTS_2_AOB)
[DISABLE]
INJECT_GET_BAG_BONUS_SLOTS_2_AOB:
db 0F B7 46 16 66 89 45 9A
unregistersymbol(INJECT_GET_BAG_BONUS_SLOTS_2_AOB)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+1A9F798
CrimsonDesert.exe+1A9F76A: 48 8D 15 57 BE EA 02 - lea rdx,[CrimsonDesert.exe+494B5C8]
CrimsonDesert.exe+1A9F771: 48 8D 4D B8 - lea rcx,[rbp-48]
CrimsonDesert.exe+1A9F775: E8 D6 8E 41 FF - call CrimsonDesert.exe+EB8650
CrimsonDesert.exe+1A9F77A: 44 89 65 BC - mov [rbp-44],r12d
CrimsonDesert.exe+1A9F77E: 0F B7 46 10 - movzx eax,word ptr [rsi+10]
CrimsonDesert.exe+1A9F782: 66 89 44 24 30 - mov [rsp+30],ax
CrimsonDesert.exe+1A9F787: 48 8D 4C 24 30 - lea rcx,[rsp+30]
CrimsonDesert.exe+1A9F78C: E8 BF 89 A1 FE - call CrimsonDesert.exe+4B8150
CrimsonDesert.exe+1A9F791: 0F B7 08 - movzx ecx,word ptr [rax]
CrimsonDesert.exe+1A9F794: 66 89 4D 98 - mov [rbp-68],cx
// ---------- INJECTING HERE ----------
CrimsonDesert.exe+1A9F798: 0F B7 46 16 - movzx eax,word ptr [rsi+16]
// ---------- DONE INJECTING ----------
CrimsonDesert.exe+1A9F79C: 66 89 45 9A - mov [rbp-66],ax
CrimsonDesert.exe+1A9F7A0: 0F B7 FB - movzx edi,bx
CrimsonDesert.exe+1A9F7A3: 0F B7 46 0C - movzx eax,word ptr [rsi+0C]
CrimsonDesert.exe+1A9F7A7: 66 3B D8 - cmp bx,ax
CrimsonDesert.exe+1A9F7AA: 0F 8D 4D 01 00 00 - jnl CrimsonDesert.exe+1A9F8FD
CrimsonDesert.exe+1A9F7B0: 4C 8D 2D 81 AF C9 02 - lea r13,[CrimsonDesert.exe+473A738]
CrimsonDesert.exe+1A9F7B7: 4C 8D 3D EA 99 E1 02 - lea r15,[CrimsonDesert.exe+48B91A8]
CrimsonDesert.exe+1A9F7BE: 4C 8D 25 43 97 E1 02 - lea r12,[CrimsonDesert.exe+48B8F08]
CrimsonDesert.exe+1A9F7C5: 4C 8D 35 34 01 F5 02 - lea r14,[CrimsonDesert.exe+49EF900]
CrimsonDesert.exe+1A9F7CC: 66 3B C3 - cmp ax,bx
}
116
"Kilff HP/Sta backup (old)"
1
117
"(backup) HP #1 (ptr map)"
0
FF8080
8 Bytes
Player_Base_addr
8
58
18
20
68
20
118
"(backup) Sta #1 (ptr map)"
0
FF8080
8 Bytes
Player_Base_addr
488
58
18
20
68
20
119
"(backup) Spi #1 (ptr map)"
0
FF8080
8 Bytes
Player_Base_addr
518
58
18
20
68
20
Code :add [rbx+16],di
CrimsonDesert.exe+1D1A6E8
38
66
44
03
CF
66
01
7B
16
48
8B
C6
48
8B
Code :movzx eax,word ptr [rsi+16]
CrimsonDesert.exe+1A9F798
08
66
89
4D
98
0F
B7
46
16
66
89
45
9A
0F
For HP #1
`pa::ClientActorManager` -> 0x20 `Pointer to instance of pa::ClientChildOnlyInGameActor` -> 0x68 -> 0xB8 `Pointer to instance of pa::ClientInventoryActorComponent` -> 0x18 -> 0x8 -> 0x16, word = Bag Bonus
Also see:
0x14, word = Bag total
0x12, word = Bag used
`pa::ClientActorManager` -> 0x20 `Pointer to instance of pa::ClientChildOnlyInGameActor` -> 0x78 -> 0x20 `Pointer to instance of pa::ClientStatusActorComponent` -> 0x18 -> 0x58 -> 8 (HP #1)
For HP #2
[Player_Base2_Addr] -> 0x18 `Pointer to instance of pa::NwVirtualAsyncSession` -> 0xA0 `Pointer to instance of pa::ServerUserActor` -> 0xD0 `Pointer to instance of pa::ServerChildOnlyInGameActor` -> 0x68 -> 0x20 `Pointer to instance of pa::ServerStatusActorComponent` -> 0x18 -> 0x58 -> 8 (HP #2)
`pa::ClientActorManager` = Player_Base_addr
//
CrimsonDesert.exe+6B52E2 - 8F - db 8f
CrimsonDesert.exe+6B52E3 - 64 05 E8024760 - add eax,604702E8
CrimsonDesert.exe+6B52E9 - 03 EB - add ebp,ebx
CrimsonDesert.exe+6B52EB - 03 45 33 - add eax,[rbp+33]
CrimsonDesert.exe+6B52EE - ED - in eax,dx
// ---------- INJECTING HERE ----------
CrimsonDesert.exe+6B52EF - 48 89 35 3A8F6405 - mov [Player_Base_addr],rsi
// ---------- DONE INJECTING ----------
CrimsonDesert.exe+6B52F6 - 48 8D 86 00010000 - lea rax,[rsi+00000100]
CrimsonDesert.exe+6B52FD - 48 89 05 348F6405 - mov [CrimsonDesert.exe+5CFE238],rax
CrimsonDesert.exe+6B5304 - 48 8D 86 A0010000 - lea rax,[rsi+000001A0]
CrimsonDesert.exe+6B530B - 48 89 05 2E8F6405 - mov [CrimsonDesert.exe+5CFE240],rax
CrimsonDesert.exe+6B5312 - 44 0FB6 A5 C8020000 - movzx r12d,byte ptr [rbp+000002C8]
CrimsonDesert.exe+6B531A - 44 88 25 278F6405 - mov [CrimsonDesert.exe+5CFE248],r12b
CrimsonDesert.exe+6B5321 - 8B 3D A1564F05 - mov edi,[CrimsonDesert.exe+5BAA9C8]
CrimsonDesert.exe+6B5327 - 39 3D 2B8F6405 - cmp [CrimsonDesert.exe+5CFE258],edi
CrimsonDesert.exe+6B532D - 74 0E - je CrimsonDesert.exe+6B533D
CrimsonDesert.exe+6B532F - 8B D7 - mov edx,edi
CrimsonDesert.exe+6B5331 - 48 8D 0D 188F6405 - lea rcx,[CrimsonDesert.exe+5CFE250]
CrimsonDesert.exe+6B5338 - E8 D3800000 - call CrimsonDesert.exe+6BD410
CrimsonDesert.exe+6B533D - 39 3D 258F6405 - cmp [CrimsonDesert.exe+5CFE268],edi
CrimsonDesert.exe+6B5343 - 74 0E - je CrimsonDesert.exe+6B5353
CrimsonDesert.exe+6B5345 - 8B D7 - mov edx,edi
CrimsonDesert.exe+6B5347 - 48 8D 0D 128F6405 - lea rcx,[CrimsonDesert.exe+5CFE260]
CrimsonDesert.exe+6B534E - E8 BD800000 - call CrimsonDesert.exe+6BD410
CrimsonDesert.exe+6B5353 - 39 3D 1F8F6405 - cmp [CrimsonDesert.exe+5CFE278],edi
CrimsonDesert.exe+6B5359 - 74 0E - je CrimsonDesert.exe+6B5369
CrimsonDesert.exe+6B535B - 8B D7 - mov edx,edi
CrimsonDesert.exe+6B535D - 48 8D 0D 0C8F6405 - lea rcx,[CrimsonDesert.exe+5CFE270]
CrimsonDesert.exe+6B5364 - E8 A7800000 - call CrimsonDesert.exe+6BD410
CrimsonDesert.exe+6B5369 - 39 3D 198F6405 - cmp [CrimsonDesert.exe+5CFE288],edi
CrimsonDesert.exe+6B536F - 74 0E - je CrimsonDesert.exe+6B537F
CrimsonDesert.exe+6B5371 - 8B D7 - mov edx,edi
CrimsonDesert.exe+6B5373 - 48 8D 0D 068F6405 - lea rcx,[CrimsonDesert.exe+5CFE280]
CrimsonDesert.exe+6B537A - E8 B1890000 - call CrimsonDesert.exe+6BDD30
CrimsonDesert.exe+6B537F - 39 3D 138F6405 - cmp [CrimsonDesert.exe+5CFE298],edi
CrimsonDesert.exe+6B5385 - 74 0E - je CrimsonDesert.exe+6B5395
CrimsonDesert.exe+6B5387 - 8B D7 - mov edx,edi
CrimsonDesert.exe+6B5389 - 48 8D 0D 008F6405 - lea rcx,[CrimsonDesert.exe+5CFE290]
CrimsonDesert.exe+6B5390 - E8 7B800000 - call CrimsonDesert.exe+6BD410
CrimsonDesert.exe+6B5395 - 39 3D 0D8F6405 - cmp [CrimsonDesert.exe+5CFE2A8],edi
CrimsonDesert.exe+6B539B - 74 0E - je CrimsonDesert.exe+6B53AB
CrimsonDesert.exe+6B539D - 8B D7 - mov edx,edi
CrimsonDesert.exe+6B539F - 48 8D 0D FA8E6405 - lea rcx,[CrimsonDesert.exe+5CFE2A0]
CrimsonDesert.exe+6B53A6 - E8 65800000 - call CrimsonDesert.exe+6BD410
CrimsonDesert.exe+6B53AB - 39 3D 078F6405 - cmp [CrimsonDesert.exe+5CFE2B8],edi
CrimsonDesert.exe+6B53B1 - 74 0E - je CrimsonDesert.exe+6B53C1
CrimsonDesert.exe+6B53B3 - 8B D7 - mov edx,edi
CrimsonDesert.exe+6B53B5 - 48 8D 0D F48E6405 - lea rcx,[CrimsonDesert.exe+5CFE2B0]
CrimsonDesert.exe+6B53BC - E8 4F800000 - call CrimsonDesert.exe+6BD410
CrimsonDesert.exe+6B53C1 - 39 3D 018F6405 - cmp [CrimsonDesert.exe+5CFE2C8],edi
CrimsonDesert.exe+6B53C7 - 74 0E - je CrimsonDesert.exe+6B53D7
CrimsonDesert.exe+6B53C9 - 8B D7 - mov edx,edi
CrimsonDesert.exe+6B53CB - 48 8D 0D EE8E6405 - lea rcx,[CrimsonDesert.exe+5CFE2C0]
CrimsonDesert.exe+6B53D2 - E8 39800000 - call CrimsonDesert.exe+6BD410
CrimsonDesert.exe+6B53D7 - 85 FF - test edi,edi
CrimsonDesert.exe+6B53D9 - 74 77 - je CrimsonDesert.exe+6B5452
CrimsonDesert.exe+6B53DB - 49 8B DD - mov rbx,r13
CrimsonDesert.exe+6B53DE - 4D 8B F5 - mov r14,r13
CrimsonDesert.exe+6B53E1 - 48 8B 05 688E6405 - mov rax,[CrimsonDesert.exe+5CFE250]
CrimsonDesert.exe+6B53E8 - 44 89 6C 18 08 - mov [rax+rbx+08],r13d
CrimsonDesert.exe+6B53ED - 48 8B 05 6C8E6405 - mov rax,[CrimsonDesert.exe+5CFE260]
CrimsonDesert.exe+6B53F4 - 44 89 6C 18 08 - mov [rax+rbx+08],r13d
CrimsonDesert.exe+6B53F9 - 48 8B 05 708E6405 - mov rax,[CrimsonDesert.exe+5CFE270]
CrimsonDesert.exe+6B5400 - 44 89 6C 18 08 - mov [rax+rbx+08],r13d
CrimsonDesert.exe+6B5405 - 48 8B 0D 748E6405 - mov rcx,[CrimsonDesert.exe+5CFE280]
CrimsonDesert.exe+6B540C - 49 03 CE - add rcx,r14
CrimsonDesert.exe+6B540F - E8 0C29C6FF - call CrimsonDesert.exe+317D20
CrimsonDesert.exe+6B5414 - 48 8B 05 758E6405 - mov rax,[CrimsonDesert.exe+5CFE290]
CrimsonDesert.exe+6B541B - 44 89 6C 18 08 - mov [rax+rbx+08],r13d
CrimsonDesert.exe+6B5420 - 48 8B 05 798E6405 - mov rax,[CrimsonDesert.exe+5CFE2A0]
CrimsonDesert.exe+6B5427 - 44 89 6C 18 08 - mov [rax+rbx+08],r13d
CrimsonDesert.exe+6B542C - 48 8B 05 7D8E6405 - mov rax,[CrimsonDesert.exe+5CFE2B0]
CrimsonDesert.exe+6B5433 - 44 89 6C 18 08 - mov [rax+rbx+08],r13d
CrimsonDesert.exe+6B5438 - 48 8B 05 818E6405 - mov rax,[CrimsonDesert.exe+5CFE2C0]
CrimsonDesert.exe+6B543F - 44 89 6C 18 08 - mov [rax+rbx+08],r13d
CrimsonDesert.exe+6B5444 - 49 83 C6 10 - add r14,10
CrimsonDesert.exe+6B5448 - 48 8D 5B 10 - lea rbx,[rbx+10]
CrimsonDesert.exe+6B544C - 48 83 EF 01 - sub rdi,01
CrimsonDesert.exe+6B5450 - 75 8F - jne CrimsonDesert.exe+6B53E1
CrimsonDesert.exe+6B5452 - 48 8D 15 D78D6405 - lea rdx,[Player_Base_addr]
CrimsonDesert.exe+6B5459 - 48 8D 8D 40010000 - lea rcx,[rbp+00000140]
CrimsonDesert.exe+6B5460 - E8 7B8A0000 - call CrimsonDesert.exe+6BDEE0
CrimsonDesert.exe+6B5465 - 90 - nop
CrimsonDesert.exe+6B5466 - C6 45 C0 00 - mov byte ptr [rbp-40],00
CrimsonDesert.exe+6B546A - 0F57 C0 - xorps xmm0,xmm0
CrimsonDesert.exe+6B546D - 33 C0 - xor eax,eax
`Player_Base2_addr`:
CrimsonDesert.exe+233B38F - C7 03 00 00 00 00 - mov [rbx],00000000
CrimsonDesert.exe+233B395 - 48 8B 5C 24 30 - mov rbx,[rsp+30]
CrimsonDesert.exe+233B39A - 48 83 C4 20 - add rsp,20
CrimsonDesert.exe+233B39E - 5F - pop rdi
CrimsonDesert.exe+233B39F - C3 - ret
CrimsonDesert.exe+233B3A0 - 40 53 - push rbx
CrimsonDesert.exe+233B3A2 - 55 - push rbp
CrimsonDesert.exe+233B3A3 - 56 - push rsi
CrimsonDesert.exe+233B3A4 - 48 83 EC 20 - sub rsp,20
CrimsonDesert.exe+233B3A8 - 49 8B 30 - mov rsi,[r8]
CrimsonDesert.exe+233B3AB - 48 8B DA - mov rbx,rdx
CrimsonDesert.exe+233B3AE - 49 8B 68 18 - mov rbp,[r8+18]
CrimsonDesert.exe+233B3B2 - 48 85 F6 - test rsi,rsi
CrimsonDesert.exe+233B3B5 - 0F 84 E6 00 00 00 - je CrimsonDesert.exe+233B4A1
CrimsonDesert.exe+233B3BB - 48 89 7C 24 40 - mov [rsp+40],rdi
CrimsonDesert.exe+233B3C0 - 48 8D 4C 24 50 - lea rcx,[rsp+50]
// INJECTING HERE
CrimsonDesert.exe+233B3C5 - 48 8B 3D 64 15 95 03 - mov rdi,[145C8C930]
// DONE INJECTING
CrimsonDesert.exe+233B3CC - 4C 89 74 24 48 - mov [rsp+48],r14
CrimsonDesert.exe+233B3D1 - 44 0F B6 75 03 - movzx r14d,byte ptr [rbp+03]
CrimsonDesert.exe+233B3D6 - E8 05 0A F7 FD - call CrimsonDesert.AK::MemoryMgr::StartProfileThreadUsage+20
CrimsonDesert.exe+233B3DB - 48 8B 8F F8 00 00 00 - mov rcx,[rdi+000000F8]
CrimsonDesert.exe+233B3E2 - 44 8B 87 00 01 00 00 - mov r8d,[rdi+00000100]
CrimsonDesert.exe+233B3E9 - 49 C1 E0 04 - shl r8,04
CrimsonDesert.exe+233B3ED - 4C 03 C1 - add r8,rcx
CrimsonDesert.exe+233B3F0 - 49 3B C8 - cmp rcx,r8
CrimsonDesert.exe+233B3F3 - 74 23 - je CrimsonDesert.exe+233B418
CrimsonDesert.exe+233B3F5 - 8B 44 24 50 - mov eax,[rsp+50]
CrimsonDesert.exe+233B3F9 - 0F 1F 80 00 00 00 00 - nop dword ptr [rax+00000000]
CrimsonDesert.exe+233B400 - 48 8B 51 08 - mov rdx,[rcx+08]
CrimsonDesert.exe+233B404 - C6 02 01 - mov byte ptr [rdx],01
CrimsonDesert.exe+233B407 - 39 01 - cmp [rcx],eax
CrimsonDesert.exe+233B409 - 75 04 - jne CrimsonDesert.exe+233B40F
CrimsonDesert.exe+233B40B - C6 42 01 01 - mov byte ptr [rdx+01],01