120
"Toggle Scripts"
3174FF
Auto Assembler Script
[ENABLE]
{$lua}
if (syntaxcheck) then return end
synchronize(function()
getLuaEngine().menuItem5.doClick()
getLuaEngine().Close()
end)
-- attach process
local processName = "CrimsonDesert.exe"
local pid = getProcessIDFromProcessName(processName)
if pid ~= nil and pid > 0 then
local currentPid = getOpenedProcessID() or 0
if currentPid ~= pid then
openProcess(processName)
print("Attached to: " .. processName)
Sleep(333)
else
print("Already attached to: " .. processName)
end
end
synchronize(function()
getLuaEngine().Close()
end)
local enableBattleScripts = {
0, -- "Toggle Compact View"
1, -- "Fast friendship"
4, -- "Menu: when add item amount: set item amount"
21, -- "Set min reputation when gain"
40, -- "Get HP - Pointer map mode"
152, -- "inf: arrows / known items / keys (18) / Cube (9) / silver (980)... etc"
155, -- "reputation no decrease"
41, -- "Get HP #1 - Pointer map"
61, -- "Get HP #2 - Pointer map"
82, -- "Char #3 - Oongka?"
72, -- "Char #2 - Damine"
62, -- "Char #1 - Kliff"
50, -- "Char #3 - Oongka?"
46, -- "Char #2 - Damine"
42, -- "Char #1 - Kliff"
}
local addressList = getAddressList()
synchronize(function()
for _, id in ipairs(enableBattleScripts) do
local memRec = addressList.getMemoryRecordByID(id)
if memRec and not memRec.Active then
memRec.Active = true
sleep(30)
end
addressList.refresh()
end
end)
synchronize(function() getLuaEngine().Close() end)
[DISABLE]
{$lua}
if (syntaxcheck) then return end
synchronize(function()
getLuaEngine().menuItem5.doClick()
getLuaEngine().Close()
end)
local disableBattleScripts = {
164, -- "Auto fill Spi (only when Spi1/2 pointer map enabled)"
163, -- "Auto fill Spi (only when Spi1/2 pointer map enabled)"
162, -- "Auto fill Spi (only when Spi1/2 pointer map enabled)"
97, -- "Get Horse HP - another ptr map mode"
86, -- "Auto fill Sta (only when Sta1/2 pointer map enabled)"
83, -- "Auto fill HP (only when HP1/2 pointer map enabled)"
76, -- "Auto fill Sta (only when Sta1/2 pointer map enabled)"
73, -- "Auto fill HP (only when HP1/2 pointer map enabled)"
66, -- "Auto fill Sta (only when Sta1/2 pointer map enabled)"
63, -- "Auto fill HP (only when HP1/2 pointer map enabled)"
160, -- "Dragon mount timer: no decrease by Markiplier"
115, -- "INJECT_GET_BAG_BONUS_SLOTS_2_AOB"
114, -- "Player_Base_alt1"
102, -- "Bag"
92, -- "Horse (may not work)"
82, -- "Char #3 - Oongka?"
72, -- "Char #2 - Damine"
62, -- "Char #1 - Kliff"
54, -- "Bag"
50, -- "Char #3 - Oongka?"
46, -- "Char #2 - Damine"
42, -- "Char #1 - Kliff"
35, -- "Enable step 2 (horse tab)"
31, -- "Enable step 2 (char tab)"
25, -- "Enable step 1"
15, -- "#2: cur. amount must >="
13, -- "cur. amount must >="
10, -- "Seq ID #2"
8, -- "Seq ID #1"
172, -- "Enable data"
161, -- "temp"
61, -- "Get HP #2 - Pointer map"
41, -- "Get HP #1 - Pointer map"
30, -- "+Step 2 Usage: open item menu"
24, -- "+Step 1 Usage: open item menu"
12, -- "value clamp"
7, -- "_debug"
186, -- "(buggy) Fast enemy kill / char HP full - check pt. 3"
170, -- "Get resistent attrs"
155, -- "reputation no decrease"
152, -- "inf: arrows / known items / keys (18) / Cube (9) / silver (980)... etc"
112, -- "Crimson Desert / https://opencheattables.com / CE 7.6+"
111, -- "(buggy) Fast enemy kill / char HP full - check pt. 1"
110, -- "(buggy) Fast enemy kill / char HP full - check pt. 2"
106, -- "Get Archery Competition data"
40, -- "Get HP - Pointer map mode"
23, -- "Get HP address: Step 1 & 2 - AOB mode"
21, -- "Set min reputation when gain"
18, -- "Bag bonus slot multiplier"
4, -- "Menu: when add item amount: set item amount"
1, -- "Fast friendship"
0, -- "Toggle Compact View"
}
local addressList = getAddressList()
synchronize(function()
for _, id in ipairs(disableBattleScripts) do
local memRec = addressList.getMemoryRecordByID(id)
if memRec and memRec.Active then
memRec.Active = false
sleep(30)
end
addressList.refresh()
end
end)
synchronize(function() getLuaEngine().Close() end)
-- Comments:
-- ID: 0, Description: "Toggle Compact View", Depth: 0
-- ID: 1, Description: "Fast friendship", Depth: 0
-- ID: 152, Description: "inf: arrows / known items / keys (18) / Cube (9) / silver (980)... etc", Depth: 0
-- ID: 4, Description: "Menu: when add item amount: set item amount", Depth: 0
-- ID: 7, Description: "_debug", Depth: 1
-- ID: 8, Description: "Seq ID #1", Depth: 2
-- ID: 10, Description: "Seq ID #2", Depth: 2
-- ID: 12, Description: "value clamp", Depth: 1
-- ID: 13, Description: "cur. amount must >=", Depth: 2
-- ID: 15, Description: "#2: cur. amount must >=", Depth: 2
-- ID: 18, Description: "Bag bonus slot multiplier", Depth: 0
-- ID: 21, Description: "Set min reputation when gain", Depth: 0
-- ID: 155, Description: "reputation no decrease", Depth: 0
-- ID: 23, Description: "Get HP address: Step 1 & 2 - AOB mode", Depth: 0
-- ID: 24, Description: "+Step 1 Usage: open item menu", Depth: 1
-- ID: 25, Description: "Enable step 1", Depth: 2
-- ID: 30, Description: "+Step 2 Usage: open item menu", Depth: 1
-- ID: 31, Description: "Enable step 2 (char tab)", Depth: 2
-- ID: 35, Description: "Enable step 2 (horse tab)", Depth: 2
-- ID: 40, Description: "Get HP - Pointer map mode", Depth: 0
-- ID: 41, Description: "Get HP #1 - Pointer map", Depth: 1
-- ID: 42, Description: "Char #1 - Kliff", Depth: 2
-- ID: 46, Description: "Char #2 - Damine", Depth: 2
-- ID: 50, Description: "Char #3 - Oongka?", Depth: 2
-- ID: 54, Description: "Bag", Depth: 2
-- ID: 61, Description: "Get HP #2 - Pointer map", Depth: 1
-- ID: 62, Description: "Char #1 - Kliff", Depth: 2
-- ID: 63, Description: "Auto fill HP (only when HP1/2 pointer map enabled)", Depth: 3
-- ID: 66, Description: "Auto fill Sta (only when Sta1/2 pointer map enabled)", Depth: 3
-- ID: 162, Description: "Auto fill Spi (only when Spi1/2 pointer map enabled)", Depth: 3
-- ID: 72, Description: "Char #2 - Damine", Depth: 2
-- ID: 73, Description: "Auto fill HP (only when HP1/2 pointer map enabled)", Depth: 3
-- ID: 76, Description: "Auto fill Sta (only when Sta1/2 pointer map enabled)", Depth: 3
-- ID: 163, Description: "Auto fill Spi (only when Spi1/2 pointer map enabled)", Depth: 3
-- ID: 82, Description: "Char #3 - Oongka?", Depth: 2
-- ID: 83, Description: "Auto fill HP (only when HP1/2 pointer map enabled)", Depth: 3
-- ID: 86, Description: "Auto fill Sta (only when Sta1/2 pointer map enabled)", Depth: 3
-- ID: 164, Description: "Auto fill Spi (only when Spi1/2 pointer map enabled)", Depth: 3
-- ID: 92, Description: "Horse (may not work)", Depth: 2
-- ID: 97, Description: "Get Horse HP - another ptr map mode", Depth: 3
-- ID: 102, Description: "Bag", Depth: 2
-- ID: 106, Description: "Get Archery Competition data", Depth: 0
-- ID: 110, Description: "(buggy) Fast enemy kill / char HP full - check pt. 2", Depth: 0
-- ID: 111, Description: "(buggy) Fast enemy kill / char HP full - check pt. 1", Depth: 0
-- ID: 186, Description: "(buggy) Fast enemy kill / char HP full - check pt. 3", Depth: 0
-- ID: 170, Description: "Get resistent attrs", Depth: 0
-- ID: 172, Description: "Enable data", Depth: 1
-- ID: 112, Description: "Crimson Desert / https://opencheattables.com / CE 7.6+", Depth: 0
-- ID: 161, Description: "temp", Depth: 1
-- ID: 114, Description: "Player_Base_alt1", Depth: 2
-- ID: 160, Description: "Dragon mount timer: no decrease by Markiplier", Depth: 2
-- ID: 115, Description: "INJECT_GET_BAG_BONUS_SLOTS_2_AOB", Depth: 2
121
"Notice: please load game, open item menu first. Some scripts may not be activated if not do so"
8913FF
1
0
"Toggle Compact View"
Auto Assembler Script
[ENABLE]
{$lua}
if syntaxcheck then return end
if not toggleCompactView then
function toggleCompactView(sender, forceEnable)
local isCompactMode = not (compactViewMenuItem.Caption == 'Compact View Mode')
if forceEnable ~= nil then
isCompactMode = not forceEnable
end
synchronize(function()
compactViewMenuItem.Caption = isCompactMode and 'Compact View Mode' or 'Full View Mode'
getMainForm().Splitter1.Visible = isCompactMode
getMainForm().Panel4.Visible = isCompactMode
getMainForm().Panel5.Visible = isCompactMode
end)
end
end
if not createCompactViewMenu then
function createCompactViewMenu()
if isCompactMenuCreated then return end
synchronize(function()
local mainMenu = getMainForm().Menu.Items
compactViewMenuItem = createMenuItem(mainMenu)
compactViewMenuItem.Caption = 'Compact View Mode'
compactViewMenuItem.OnClick = toggleCompactView
mainMenu.add(compactViewMenuItem)
end)
isCompactMenuCreated = true
end
end
createCompactViewMenu()
toggleCompactView(nil, true)
[DISABLE]
{$lua}
if toggleCompactView then
toggleCompactView(nil, false)
end
1
"Fast friendship"
Auto Assembler Script
{
Generated by AOBMaker, bbfox@https://opencheattables.com
Date : 2026/03/29
}
[ENABLE]
aobscanmodule(INJECT_FAST_FRIENDSHIP,$process,?? 8B ?? 10 ?? 63 ?? ?? ?? ?? ?? ?? 3B ?? 7F)
// raw AOB: 48 C1 E2 04 48 03 90 18 01 00 00 45 84 ED 74 ?? 80 BA 8B 00 00 00 00 74 ?? 8B 42 04 44 0F A3 F0 73 ?? 48 8B 46 08 48 8B 40 68 49 8B D7 48 8B 88 40 01 00 00 E8 ?? ?? ?? ?? 48 85 C0 74 ?? 48 8B 48 10 48 63 05 ?? ?? ?? ?? 48 3B C1 7F ?? 48 63 05 ?? ?? ?? ?? 48 3B C8 7E ?? 8B 45 E8 3B 45 EC 72 ?? 41 B9 08 00 00 00 45 33 C0 48 8D 55 F0 48 8D 4D E0 E8 ?? ?? ?? ?? 8B 45 E8 8B D0 48 8B 0B
// injection point AOB: ?? 8B ?? 10 ?? 63 ?? ?? ?? ?? ?? ?? 3B ?? 7F ?? ?? 63 ?? ?? ?? ?? ?? ?? 3B ?? 7E ?? 8B ?? ?? 3B ?? ?? 72 ?? ?? ?? 08 00 00 00 ?? 33 ?? ?? 8D ?? ?? ?? 8D ?? ?? E8 ?? ?? ?? ?? 8B ?? ?? 8B ?? ?? 8B
alloc(newmem,$1000)
alloc(INJECT_FAST_FRIENDSHIPo, $E)
label(code)
label(return)
INJECT_FAST_FRIENDSHIPo:
readmem(INJECT_FAST_FRIENDSHIP, $E)
newmem:
cmp qword ptr [rax+10], 64
jae code
mov qword ptr [rax+10], 64
code:
// mov rcx,[rax+10]
reassemble(INJECT_FAST_FRIENDSHIP)
// movsxd rax,dword ptr [CrimsonDesert.exe+5C4F008]
reassemble(INJECT_FAST_FRIENDSHIP+4)
// cmp rax,rcx
reassemble(INJECT_FAST_FRIENDSHIP+B)
jmp far return
align 10 cc
INJECT_FAST_FRIENDSHIP:
jmp far newmem
return:
registersymbol(INJECT_FAST_FRIENDSHIP INJECT_FAST_FRIENDSHIPo)
[DISABLE]
INJECT_FAST_FRIENDSHIP:
readmem(INJECT_FAST_FRIENDSHIPo, $E)
unregistersymbol(INJECT_FAST_FRIENDSHIP INJECT_FAST_FRIENDSHIPo)
dealloc(newmem)
dealloc(INJECT_FAST_FRIENDSHIPo)
{
// ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+14F639E
CrimsonDesert.exe+14F6360: 48 C1 E2 04 - shl rdx,04
CrimsonDesert.exe+14F6364: 48 03 90 18 01 00 00 - add rdx,[rax+00000118]
CrimsonDesert.exe+14F636B: 45 84 ED - test r13b,r13b
CrimsonDesert.exe+14F636E: 74 09 - je CrimsonDesert.exe+14F6379
CrimsonDesert.exe+14F6370: 80 BA 8B 00 00 00 00 - cmp byte ptr [rdx+0000008B],00
CrimsonDesert.exe+14F6377: 74 72 - je CrimsonDesert.exe+14F63EB
CrimsonDesert.exe+14F6379: 8B 42 04 - mov eax,[rdx+04]
CrimsonDesert.exe+14F637C: 44 0F A3 F0 - bt eax,r14d
CrimsonDesert.exe+14F6380: 73 69 - jae CrimsonDesert.exe+14F63EB
CrimsonDesert.exe+14F6382: 48 8B 46 08 - mov rax,[rsi+08]
CrimsonDesert.exe+14F6386: 48 8B 40 68 - mov rax,[rax+68]
CrimsonDesert.exe+14F638A: 49 8B D7 - mov rdx,r15
CrimsonDesert.exe+14F638D: 48 8B 88 40 01 00 00 - mov rcx,[rax+00000140]
CrimsonDesert.exe+14F6394: E8 67 D0 3C 00 - call CrimsonDesert.exe+18C3400
CrimsonDesert.exe+14F6399: 48 85 C0 - test rax,rax
CrimsonDesert.exe+14F639C: 74 1C - je CrimsonDesert.exe+14F63BA
// ---------- INJECTING HERE ----------
CrimsonDesert.exe+14F639E: 48 8B 48 10 - mov rcx,[rax+10]
// ---------- DONE INJECTING ----------
CrimsonDesert.exe+14F63A2: 48 63 05 5F 8C 75 04 - movsxd rax,dword ptr [CrimsonDesert.exe+5C4F008]
CrimsonDesert.exe+14F63A9: 48 3B C1 - cmp rax,rcx
CrimsonDesert.exe+14F63AC: 7F 0C - jg CrimsonDesert.exe+14F63BA
CrimsonDesert.exe+14F63AE: 48 63 05 13 8B 75 04 - movsxd rax,dword ptr [CrimsonDesert.exe+5C4EEC8]
CrimsonDesert.exe+14F63B5: 48 3B C8 - cmp rcx,rax
CrimsonDesert.exe+14F63B8: 7E 31 - jle CrimsonDesert.exe+14F63EB
CrimsonDesert.exe+14F63BA: 8B 45 E8 - mov eax,[rbp-18]
CrimsonDesert.exe+14F63BD: 3B 45 EC - cmp eax,[rbp-14]
CrimsonDesert.exe+14F63C0: 72 19 - jb CrimsonDesert.exe+14F63DB
CrimsonDesert.exe+14F63C2: 41 B9 08 00 00 00 - mov r9d,00000008
CrimsonDesert.exe+14F63C8: 45 33 C0 - xor r8d,r8d
CrimsonDesert.exe+14F63CB: 48 8D 55 F0 - lea rdx,[rbp-10]
CrimsonDesert.exe+14F63CF: 48 8D 4D E0 - lea rcx,[rbp-20]
CrimsonDesert.exe+14F63D3: E8 E8 62 DE FE - call CrimsonDesert.exe+2DC6C0
CrimsonDesert.exe+14F63D8: 8B 45 E8 - mov eax,[rbp-18]
CrimsonDesert.exe+14F63DB: 8B D0 - mov edx,eax
}
152
"inf: arrows / known items / keys (18) / Cube (9) / silver (980)... etc"
Auto Assembler Script
{
Generated by AOBMaker, bbfox@https://opencheattables.com
Date : 2026/03/29
}
[ENABLE]
aobscanmodule(INJECT_INF_ARROW_N_OTHERS,$process,?? 83 ?? 10 00 7E ?? ?? 8D ?? 08 66 ?? FF ??)
// raw AOB: 0F B7 E8 66 41 3B C4 0F 8D ?? ?? ?? ?? 48 89 5C 24 50 BA FF FF 00 00 48 89 7C 24 58 66 44 3B 7E 12 0F 8D ?? ?? ?? ?? 0F BF C5 48 8D 1C 40 48 C1 E3 06 48 03 1E 48 39 1D ?? ?? ?? ?? 74 ?? 66 3B 53 08 74 ?? 48 83 7B 10 00 7E ?? 48 8D 4B 08 66 41 FF C7 E8 ?? ?? ?? ?? 48 8B C8 41 8B 45 00 39 01 75 ?? 83 7E 20 00 0F B7 43 08 74 ?? 44 8B 4E 20 33 C9 45 85 C9 74 ?? 4C 8B 56 18
// injection point AOB: ?? 83 ?? 10 00 7E ?? ?? 8D ?? 08 66 ?? FF ?? E8 ?? ?? ?? ?? ?? 8B ?? ?? 8B ?? 00 39 ?? 75 ?? 83 ?? 20 00 0F B7 ?? 08 74 ?? ?? 8B ?? 20 33 ?? ?? 85 ?? 74 ?? ?? 8B ?? 18
alloc(newmem,$1000)
alloc(INJECT_INF_ARROW_N_OTHERSo, $F)
label(code)
label(return)
label(is_chk_silver)
label(check_silver)
label(exc_loop)
//label(exc_found)
label(exc_next)
label(exc_done)
label(rng_loop)
//label(rng_found)
label(rng_next)
label(rng_done)
label(exception_table)
label(range_table)
// ============================================================
// 查找優先順序:
// 1. 銀幣 → flag 控制,獨立判定
// 2. 例外表 → 最高優先,覆蓋區間
// 3. 區間表 → ID 落在區間內就套用
// 4. 都沒中 → 不修改,走原始邏輯
//
// CE 數值: 無前綴 = hex,# 前綴 = 十進位
// ============================================================
//
// 例外表格式: dq <item_id>, <amount> (每筆 0x10 = 16 bytes)
// 結尾標記: dq -1, 0
//
// 區間表格式: dq <start>, <end>, <amount>, 0 (每筆 0x20 = 32 bytes)
// 結尾標記: dq -1, 0, 0, 0
//
// 新增例外 → 插入 dq id, amount (保持 ID 升序)
// 新增區間 → 插入 dq start, end, amount, 0 (保持升序)
// ============================================================
INJECT_INF_ARROW_N_OTHERSo:
readmem(INJECT_INF_ARROW_N_OTHERS, $F)
newmem:
// --- 銀幣特殊處理 (ID=#1580) ---
cmp dword ptr [rbx+8], #1580
je check_silver
push r15
push r14
push r13
// ============================================================
// 第一步: 查例外表 (每筆 0x10, index r14 × 10)
// ============================================================
xor r14, r14
mov r15, exception_table
exc_loop:
lea r13, [r15+r14*1] // r13 = exception_table + r14
mov r13, [r13] // r13 = entry item_id
cmp r13, -1
je exc_done
cmp r13d, [rbx+8]
jne exc_next
// --- 命中例外 ---
lea r13, [r15+r14*1]
mov r13, [r13+8] // r13 = amount
mov [rbx+10], r13
jmp rng_done // 直接跳到結束
exc_next:
add r14, 10 // 下一筆 (0x10 = 16 bytes)
jmp exc_loop
exc_done:
// ============================================================
// 第二步: 查區間表 (每筆 0x20, index r14 × 20)
// ============================================================
xor r14, r14
mov r15, range_table
rng_loop:
lea r13, [r15+r14*1] // r13 = range_table + r14
mov r13, [r13] // r13 = range_start
cmp r13, -1
je rng_done
cmp [rbx+8], r13d // ID < start?
jb rng_next
lea r13, [r15+r14*1]
mov r13, [r13+8] // r13 = range_end
cmp [rbx+8], r13d // ID > end?
ja rng_next
// --- 命中區間 ---
lea r13, [r15+r14*1]
mov r13, [r13+10] // r13 = amount
mov [rbx+10], r13
jmp rng_done
rng_next:
add r14, 20 // 下一筆 (0x20 = 32 bytes)
jmp rng_loop
rng_done:
pop r13
pop r14
pop r15
jmp code
check_silver:
cmp dword ptr [is_chk_silver], 1
jne short code
mov qword ptr [rbx+10], #98000
jmp short code
code:
// cmp qword ptr [rbx+10],00
reassemble(INJECT_INF_ARROW_N_OTHERS)
// jle CrimsonDesert.exe+1D39984
reassemble(INJECT_INF_ARROW_N_OTHERS+5)
// lea rcx,[rbx+08]
reassemble(INJECT_INF_ARROW_N_OTHERS+7)
// inc r15w
reassemble(INJECT_INF_ARROW_N_OTHERS+B)
jmp far return
align 10 cc
// ============================================================
// 例外表 (Exception Table)
// dq <item_id>, <amount> (每筆 0x10 bytes)
// 按 ID 升序排列
// ============================================================
align 10 cc
exception_table:
// --- 彈藥類 ---
dq #1, #96 // arrow 箭矢
dq #3, #96 // poison arrow 毒箭
dq #16, #48 // small cannonball 小砲彈
dq #23, #96 // bullet 子彈
// --- 區間 #800-#991 中的例外 ---
dq #870, #96 // wool 羊毛 (區間預設 #48)
dq #997, #48 // 魚肉
// --- 藥劑類 ---
dq #1310, #9 // 芙蕾亞的初階藥劑
dq #1311, #9 // 阿布羅妮亞的初階藥劑
dq #1312, #9 // 梅莉亞拉的初階藥劑
// --- 飲品類 ---
dq #1328, #18 // honey tea
dq #1332, #18 // 水果茶
dq #1333, #18 // 水果酒
dq #1334, #18 // 果汁
// --- 鑰匙/雜物 ---
dq #1554, #18 // keys 鑰匙
dq #1581, #96 // 破舊銅的幣袋
dq #1582, #96 // 輕巧的錢幣袋
dq #1583, #96 // 錢幣袋?
dq #1584, #96 // 沈重的銅板袋
dq #1585, #96 // 銀幣袋
// --- 阿比斯/特殊 ---
dq #2270, #17 // abyss cube 阿比斯神器
dq #2271, #8 // 褪色的阿比斯神器
//dq #2395, #48 // 帶有可疑紋樣的紙條
dq #2804, #9 // apple seed
dq #2830, #9 // 復甦丹藥
// --- 商落未 (母湯苔鯛!) ---
dq -1, 0
// ============================================================
// 區間表 (Range Table)
// dq <start>, <end>, <amount>, 0 (每筆 0x20 bytes)
// 按起始 ID 升序排列
// ============================================================
align 20 cc
range_table:
dq #800, #950, #48, 0 // 材料/消耗品 (一疊 48)
dq #1003, #1305, #18, 0 // 料理/成品類 (一疊 18)
// dq #xxxx, #yyyy, #zz, 0 // (未來新增區間)
// --- 結尾標記 (勿刪除!) ---
dq -1, 0, 0, 0
align 10 cc
is_chk_silver:
dd 0, 0
// ============================================================
// 已知道具 ID 參考 (僅供查找,不影響邏輯)
// [例外] = exception_table [區間] = range_table
// ============================================================
//
// --- 彈藥 ---
// #1 arrow 箭矢 [例外 #96]
// #3 poison arrow 毒箭 [例外 #96]
// #16 small cannonball 小砲彈 [例外 #48]
// #23 bullet 子彈 [例外 #96]
//
// --- 區間 #800-#944 材料/消耗品 (#48) ---
// #800 薫衣草 [區間]
// #809 牡丹 [區間]
// #817 短角 [區間]
// #820 鹿角 [區間]
// #831 聖水 [區間]
// #832 索魯曼聖水 [區間]
// #835 石材 [區間]
// #836 高級石材 [區間]
// #837 頂級石材 [區間]
// #839 鐵礦 [區間]
// #840 銅礦 [區間]
// #842 血石 [區間]
// #850 石榴石 [區間]
// #851 藍銅礦 [區間]
// #854 木材 [區間]
// #855 高級木材 [區間]
// #857 薄獸皮 [區間]
// #858 厚重皮革 [區間]
// #859 堅韌皮革 [區間]
// #861 短毛皮革 [區間]
// #862 碎布片 [區間]
// #863 羽毛 [區間]
// #864 羊毛 [例外 #96]
// #867 小型骨頭 [區間]
// #871 火藥 [區間]
// #872 empty bottle [區間]
// #873 中型獸骨 [區間]
// #874 鮮肉 [區間]
// #875 大塊肉 [區間]
// #876 軟嫩肉 [區間]
// #877 肥肉 [區間]
// #878 鮮美鳥肉 [區間]
// #880 紅扁豆 [區間]
// #883 大麥 [區間]
// #884 小麥 [區間]
// #887 燕麥 [區間]
// #888 覆盆子 [區間]
// #896 蘋果 [區間]
// #907 蕪菁 [區間]
// #911 地瓜 [區間]
// #915 carrot [區間]
// #928 百年草 [區間]
// #937 蛋 [區間]
// #938 milk [區間]
// #939 Cheese [區間]
// #941 鹽 [區間]
// #942 糖 [區間]
// #943 水 [區間]
// #944 料理用油 [區間]
//
// --- 區間外例外 ---
// #864 羊毛 [例外 #96] (區間內覆蓋)
// #991 魚肉 [例外 #48] (區間外)
//
// --- 區間 #1003-#1299 料理/成品 (#18) ---
// #1003 風乾肉塊 [區間]
// #1005 bread [區間]
// #1006 beer [區間]
// #1070 滿滿的年糕 [區間]
// #1094 豐盛的燉排骨 [區間]
// #1174 蒸蛋 [區間]
// #1194 滿滿的烤肉 [區間]
// #1204 滿滿的烤鳥肉 [區間]
// #1211 清湯料理 [區間]
// #1234 烤大魚 [區間]
// #1255 蛋煎蔬菜 [區間]
// #1256 蛋煎魚 [區間]
// #1257 烤肉 [區間]
// #1259 醬燒魚 [區間]
// #1260 烤穀物 [區間]
// #1261 烤蛋 [區間]
// #1272 醃漬蔬菜 [區間]
// #1278 水果蜜餞 [區間]
// #1279 烤蔬菜 [區間]
// #1299 乾草 [區間]
//
// --- 獨立道具 (exception_table) ---
// #1304 芙蕾亞的初階藥劑 [例外 #9]
// #1305 阿布羅妮亞的初階藥劑 [例外 #9]
// #1306 梅莉亞拉的初階藥劑 [例外 #9]
// #1322 honey tea [例外 #18]
// #1326 水果茶 [例外 #18]
// #1327 水果酒 [例外 #18]
// #1328 果汁 [例外 #18]
// #1542 鑰匙 [例外 #18]
// #1568 銀幣 (flag 控制)
// #1570 輕巧的錢幣袋 [例外 #48]
// #1571 錢幣袋? [例外 #48]
// #1572 沈重的銅板袋 [例外 #48]
// #1573 銀幣袋 [例外 #48]
// #2240 阿比斯神器 [例外 #9]
// #2241 褪色的阿比斯神器 [例外 #9]
// #2395 帶有可疑紋樣的紙條 [例外 #48]
// #2774 apple seed [例外 #9]
// #2801 止靜丹 [例外 #9]
// ============================================================
// 魚類 (單尾) 945, 949, 951, 958
// ============================================================
INJECT_INF_ARROW_N_OTHERS:
jmp far newmem
nop 1
return:
registersymbol(INJECT_INF_ARROW_N_OTHERS INJECT_INF_ARROW_N_OTHERSo)
registersymbol(is_chk_silver)
[DISABLE]
INJECT_INF_ARROW_N_OTHERS:
readmem(INJECT_INF_ARROW_N_OTHERSo, $F)
unregistersymbol(INJECT_INF_ARROW_N_OTHERS INJECT_INF_ARROW_N_OTHERSo)
unregistersymbol(is_chk_silver)
dealloc(newmem)
dealloc(INJECT_INF_ARROW_N_OTHERSo)
{
// ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+1D3992A
CrimsonDesert.exe+1D398E6: 0F B7 E8 - movzx ebp,ax
CrimsonDesert.exe+1D398E9: 66 41 3B C4 - cmp ax,r12w
CrimsonDesert.exe+1D398ED: 0F 8D AB 00 00 00 - jnl CrimsonDesert.exe+1D3999E
CrimsonDesert.exe+1D398F3: 48 89 5C 24 50 - mov [rsp+50],rbx
CrimsonDesert.exe+1D398F8: BA FF FF 00 00 - mov edx,0000FFFF
CrimsonDesert.exe+1D398FD: 48 89 7C 24 58 - mov [rsp+58],rdi
CrimsonDesert.exe+1D39902: 66 44 3B 7E 12 - cmp r15w,[rsi+12]
CrimsonDesert.exe+1D39907: 0F 8D 84 00 00 00 - jnl CrimsonDesert.exe+1D39991
CrimsonDesert.exe+1D3990D: 0F BF C5 - movsx eax,bp
CrimsonDesert.exe+1D39910: 48 8D 1C 40 - lea rbx,[rax+rax*2]
CrimsonDesert.exe+1D39914: 48 C1 E3 06 - shl rbx,06
CrimsonDesert.exe+1D39918: 48 03 1E - add rbx,[rsi]
CrimsonDesert.exe+1D3991B: 48 39 1D 96 7E F2 03 - cmp [CrimsonDesert.exe+5C617B8],rbx
CrimsonDesert.exe+1D39922: 74 60 - je CrimsonDesert.exe+1D39984
CrimsonDesert.exe+1D39924: 66 3B 53 08 - cmp dx,[rbx+08]
CrimsonDesert.exe+1D39928: 74 5A - je CrimsonDesert.exe+1D39984
// ---------- INJECTING HERE ----------
CrimsonDesert.exe+1D3992A: 48 83 7B 10 00 - cmp qword ptr [rbx+10],00
// ---------- DONE INJECTING ----------
CrimsonDesert.exe+1D3992F: 7E 53 - jle CrimsonDesert.exe+1D39984
CrimsonDesert.exe+1D39931: 48 8D 4B 08 - lea rcx,[rbx+08]
CrimsonDesert.exe+1D39935: 66 41 FF C7 - inc r15w
CrimsonDesert.exe+1D39939: E8 62 CC 59 FE - call CrimsonDesert.exe+2D65A0
CrimsonDesert.exe+1D3993E: 48 8B C8 - mov rcx,rax
CrimsonDesert.exe+1D39941: 41 8B 45 00 - mov eax,[r13+00]
CrimsonDesert.exe+1D39945: 39 01 - cmp [rcx],eax
CrimsonDesert.exe+1D39947: 75 36 - jne CrimsonDesert.exe+1D3997F
CrimsonDesert.exe+1D39949: 83 7E 20 00 - cmp dword ptr [rsi+20],00
CrimsonDesert.exe+1D3994D: 0F B7 43 08 - movzx eax,word ptr [rbx+08]
CrimsonDesert.exe+1D39951: 74 28 - je CrimsonDesert.exe+1D3997B
CrimsonDesert.exe+1D39953: 44 8B 4E 20 - mov r9d,[rsi+20]
CrimsonDesert.exe+1D39957: 33 C9 - xor ecx,ecx
CrimsonDesert.exe+1D39959: 45 85 C9 - test r9d,r9d
CrimsonDesert.exe+1D3995C: 74 1D - je CrimsonDesert.exe+1D3997B
CrimsonDesert.exe+1D3995E: 4C 8B 56 18 - mov r10,[rsi+18]
}
153
"Force set silver amount?"
YesNo
0
C08000
4 Bytes
is_chk_silver
4
"Menu: when add item amount: set item amount"
Auto Assembler Script
{
Generated by AOBMaker, bbfox@https://opencheattables.com
Date : 2026/03/29
}
[ENABLE]
aobscanmodule(INJECT_SET_ITEM_CNT,$process,?? 01 ?? 38 10 ?? 8B ?? ?? 8B ?? 0F 10 ?? 8D ?? 24 ??)
// raw AOB: 66 3B 41 08 0F 84 ?? ?? ?? ?? 4C 8B 61 10 4D 85 E4 0F 8E ?? ?? ?? ?? 48 8D 4C 24 68 48 89 6C 24 50 66 89 5C 24 68 E8 ?? ?? ?? ?? 0F B6 54 24 70 48 89 C1 E8 ?? ?? ?? ?? 49 8B 4D 10 48 89 C5 4D 8B 06 66 89 5C 24 68 49 01 4C 38 10 49 8B 0E 48 8B 7C 0F 10 48 8D 4C 24 68 E8 ?? ?? ?? ?? 0F B6 54 24 70 48 89 C1 E8 ?? ?? ?? ?? 48 C7 05 ?? ?? ?? ?? 0F A2 C3 00 49 89 C2 31 C9 48 89 F8 48 99 49 F7 FA 49 89 C2 49 89 D1 4C 89 E0
// injection point AOB: ?? 01 ?? 38 10 ?? 8B ?? ?? 8B ?? 0F 10 ?? 8D ?? 24 ?? E8 ?? ?? ?? ?? 0F B6 ?? 24 ?? ?? 89 ?? E8 ?? ?? ?? ?? ?? C7 ?? ?? ?? ?? ?? 0F A2 C3 00 ?? 89 ?? 31 ?? ?? 89 ?? 48 99 ?? F7 ?? ?? 89 ?? ?? 89 ?? ?? 89
alloc(newmem,$1000)
alloc(INJECT_SET_ITEM_CNTo, $12)
label(code)
label(return)
label(i_item_threshold i_item_set_to)
label(i_item_threshold2 i_item_set_to2 i_item_threshold3 i_item_set_to3 i_item_threshold4 i_item_set_to4 i_item_add_options vf_item_add_multi)
label(i_last_idata_addr1 i_last_idata_addr2)
INJECT_SET_ITEM_CNTo:
readmem(INJECT_SET_ITEM_CNT, $12)
newmem:
test rcx, rcx
jz code
push r15
push r14
mov r15, i_last_idata_addr1
mov r14, [i_idx]
lea r15, [r15+r14*8]
lea r14, [r8+rdi]
mov [r15], r14
inc qword ptr [i_idx]
cmp qword ptr [i_idx], 2
jb short endp_pre
mov qword ptr [i_idx], 0
endp_pre:
pop r14
pop r15
cmp qword ptr [r8+rdi], #125 // normal key
je code
cmp qword ptr [r8+rdi], #175 // cube
je code
cmp qword ptr [r8+rdi], #26 // wool
je code
cmp qword ptr [r8+rdi], #27 // silver (currency)
je code
cmp dword ptr [i_item_add_options], 0
jne chk_next1
push r15
{
mov r15, [i_item_threshold4]
cmp [r8+rdi+10], r15
jb @F
mov r15, [i_item_set_to4]
cmp [r8+rdi+10], r15
jae @F
mov [r8+rdi+10], r15
jmp endp
@@:
mov r15, [i_item_threshold3]
cmp [r8+rdi+10], r15
jb @F
mov r15, [i_item_set_to3]
cmp [r8+rdi+10], r15
jae @F
mov [r8+rdi+10], r15
jmp endp
}
@@:
mov r15, [i_item_threshold2]
cmp [r8+rdi+10], r15
jb short @F
mov r15, [i_item_set_to2]
cmp [r8+rdi+10], r15
jae short @F
mov [r8+rdi+10], r15
jmp short endp
@@:
mov r15, [i_item_threshold]
cmp [r8+rdi+10], r15
jb short @F
mov r15, [i_item_set_to]
cmp [r8+rdi+10], r15
jae short @F
mov [r8+rdi+10], r15
jmp short endp
@@:
endp:
pop r15
jmp short code
chk_next1:
vmovss xmm14, [vf_item_add_multi]
vcvtsi2ss xmm15, xmm15, rcx
vmulss xmm15, xmm14, xmm14
vcvtss2si rcx, xmm15
code:
// add [r8+rdi+10],rcx
reassemble(INJECT_SET_ITEM_CNT)
// mov rcx,[r14]
reassemble(INJECT_SET_ITEM_CNT+5)
// mov rdi,[rdi+rcx+10]
reassemble(INJECT_SET_ITEM_CNT+8)
// lea rcx,[rsp+68]
reassemble(INJECT_SET_ITEM_CNT+D)
jmp far return
align 10 cc
i_item_threshold:
dq 2
i_item_set_to:
dq #19
i_item_threshold2:
dq #101
i_item_set_to2:
dq #900
i_item_threshold3:
dq #1001
i_item_set_to3:
dq #9800
i_item_threshold4:
dq #10001
i_item_set_to4:
dq #99800
i_item_add_options: // 0 = value clamp, 1 = multiplier
dd 0
vf_item_add_multi:
dd (float)3
i_idx:
dq 0
i_last_idata_addr1:
dq 0
i_last_idata_addr2:
dq 0
INJECT_SET_ITEM_CNT:
jmp far newmem
nop 4
return:
registersymbol(INJECT_SET_ITEM_CNT INJECT_SET_ITEM_CNTo)
registersymbol(i_item_threshold i_item_set_to)
registersymbol(i_last_idata_addr1 i_last_idata_addr2)
registersymbol(i_item_threshold2 i_item_set_to2 i_item_threshold3 i_item_set_to3 i_item_threshold4 i_item_set_to4 i_item_add_options vf_item_add_multi)
[DISABLE]
INJECT_SET_ITEM_CNT:
readmem(INJECT_SET_ITEM_CNTo, $12)
unregistersymbol(INJECT_SET_ITEM_CNT INJECT_SET_ITEM_CNTo)
unregistersymbol(i_item_threshold i_item_set_to)
unregistersymbol(i_last_idata_addr1 i_last_idata_addr2)
unregistersymbol(i_item_threshold2 i_item_set_to2 i_item_threshold3 i_item_set_to3 i_item_threshold4 i_item_set_to4 i_item_add_options vf_item_add_multi)
dealloc(newmem)
dealloc(INJECT_SET_ITEM_CNTo)
{
// ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+F8DA43A
CrimsonDesert.exe+F8DA3F3: 66 3B 41 08 - cmp ax,[rcx+08]
CrimsonDesert.exe+F8DA3F7: 0F 84 AF 00 00 00 - je CrimsonDesert.exe+F8DA4AC
CrimsonDesert.exe+F8DA3FD: 4C 8B 61 10 - mov r12,[rcx+10]
CrimsonDesert.exe+F8DA401: 4D 85 E4 - test r12,r12
CrimsonDesert.exe+F8DA404: 0F 8E A2 00 00 00 - jng CrimsonDesert.exe+F8DA4AC
CrimsonDesert.exe+F8DA40A: 48 8D 4C 24 68 - lea rcx,[rsp+68]
CrimsonDesert.exe+F8DA40F: 48 89 6C 24 50 - mov [rsp+50],rbp
CrimsonDesert.exe+F8DA414: 66 89 5C 24 68 - mov [rsp+68],bx
CrimsonDesert.exe+F8DA419: E8 82 C1 9F F0 - call CrimsonDesert.exe+2D65A0
CrimsonDesert.exe+F8DA41E: 0F B6 54 24 70 - movzx edx,byte ptr [rsp+70]
CrimsonDesert.exe+F8DA423: 48 89 C1 - mov rcx,rax
CrimsonDesert.exe+F8DA426: E8 A5 73 46 F2 - call CrimsonDesert.exe+1D417D0
CrimsonDesert.exe+F8DA42B: 49 8B 4D 10 - mov rcx,[r13+10]
CrimsonDesert.exe+F8DA42F: 48 89 C5 - mov rbp,rax
CrimsonDesert.exe+F8DA432: 4D 8B 06 - mov r8,[r14]
CrimsonDesert.exe+F8DA435: 66 89 5C 24 68 - mov [rsp+68],bx
// ---------- INJECTING HERE ----------
CrimsonDesert.exe+F8DA43A: 49 01 4C 38 10 - add [r8+rdi+10],rcx
// ---------- DONE INJECTING ----------
CrimsonDesert.exe+F8DA43F: 49 8B 0E - mov rcx,[r14]
CrimsonDesert.exe+F8DA442: 48 8B 7C 0F 10 - mov rdi,[rdi+rcx+10]
CrimsonDesert.exe+F8DA447: 48 8D 4C 24 68 - lea rcx,[rsp+68]
CrimsonDesert.exe+F8DA44C: E8 4F C1 9F F0 - call CrimsonDesert.exe+2D65A0
CrimsonDesert.exe+F8DA451: 0F B6 54 24 70 - movzx edx,byte ptr [rsp+70]
CrimsonDesert.exe+F8DA456: 48 89 C1 - mov rcx,rax
CrimsonDesert.exe+F8DA459: E8 72 73 46 F2 - call CrimsonDesert.exe+1D417D0
CrimsonDesert.exe+F8DA45E: 48 C7 05 87 58 7F 07 0F A2 C3 00 - mov qword ptr [CrimsonDesert.exe+170CFCF0],00C3A20F
CrimsonDesert.exe+F8DA469: 49 89 C2 - mov r10,rax
CrimsonDesert.exe+F8DA46C: 31 C9 - xor ecx,ecx
CrimsonDesert.exe+F8DA46E: 48 89 F8 - mov rax,rdi
CrimsonDesert.exe+F8DA471: 48 99 - cqo
CrimsonDesert.exe+F8DA473: 49 F7 FA - idiv r10
CrimsonDesert.exe+F8DA476: 49 89 C2 - mov r10,rax
CrimsonDesert.exe+F8DA479: 49 89 D1 - mov r9,rdx
CrimsonDesert.exe+F8DA47C: 4C 89 E0 - mov rax,r12
}
5
"ignores known keys and cubes, others in "inf: arrows, bullets...." script"
8000FF
1
6
"mode"
0:value clamp
1:multiplier
0
C08000
4 Bytes
i_item_add_options
7
"_debug"
1
8
"Seq ID #1"
0
808080
8 Bytes
i_last_idata_addr1
0
9
"ID alt #1"
0
FF8080
4 Bytes
i_last_idata_addr2
8
150
"amount #1"
0
FF8080
8 Bytes
i_last_idata_addr2
10
10
"Seq ID #2"
0
808080
8 Bytes
i_last_idata_addr2
0
11
"ID alt #2"
0
FF8080
4 Bytes
i_last_idata_addr2
8
151
"amount #2"
0
FF8080
8 Bytes
i_last_idata_addr2
10
12
"value clamp"
1
13
"cur. amount must >="
0
C08000
8 Bytes
i_item_threshold
14
"set amount to"
0
C08000
8 Bytes
i_item_set_to
15
"#2: cur. amount must >="
0
C08000
8 Bytes
i_item_threshold2
16
"#2: set amount to"
0
C08000
8 Bytes
i_item_set_to2
17
"multiplier"
0
C08000
Float
vf_item_add_multi
18
"Bag bonus slot multiplier"
Auto Assembler Script
{
Generated by AOBMaker, bbfox@https://opencheattables.com
Date : 2026/03/29
}
[ENABLE]
aobscanmodule(INJECT_BAG_BONUS_MULTI,$process,66 01 ?? 16 ?? 8B ?? ?? 8B ?? 24 ?? 66 ?? 89 ?? 14)
// raw AOB: E8 ?? ?? ?? ?? 44 0F B7 4B 14 45 33 F6 66 44 39 48 14 7D ?? 41 0F B7 FE EB ?? 48 8D 4B 10 E8 ?? ?? ?? ?? 44 0F B7 4B 14 0F B7 48 14 66 41 2B C9 66 3B CF 66 0F 4C F9 48 8B 6C 24 38 66 44 03 CF 66 01 7B 16 48 8B C6 48 8B 7C 24 48 66 44 89 4B 14 48 8B 5C 24 30 44 89 36 48 8B 74 24 40 48 83 C4 20 41 5E C3 CC CC CC 48 89 5C 24 08 4C 8B 05 ?? ?? ?? ?? 66 39 51 0C 7E ?? 0F BF C2
// injection point AOB: 66 01 ?? 16 ?? 8B ?? ?? 8B ?? 24 ?? 66 ?? 89 ?? 14 ?? 8B ?? 24 ?? ?? 89 ?? ?? 8B ?? 24 ?? 48 83 C4 20 ?? ?? C3 CC CC CC ?? 89 ?? 24 ?? ?? 8B ?? ?? ?? ?? ?? 66 39 ?? 0C 7E ?? 0F BF
alloc(newmem,$1000)
alloc(INJECT_BAG_BONUS_MULTIo, $11)
label(code)
label(return)
label(vf_mult_348928 iw_min_bonus)
INJECT_BAG_BONUS_MULTIo:
readmem(INJECT_BAG_BONUS_MULTI, $11)
newmem:
// **** Begin Auto script: Multiplier
// value=3, rule=R1_MemReg, template=P1_IntToFloat, NegDeltaCheck, PreserveXmm
sub rsp, 20
movaps [rsp], xmm15
movaps [rsp+10], xmm14
and edi, 0000FFFF
test edi, edi
// Multiplier: delta in di
vmovss xmm15, [vf_mult_348928]
vcvtsi2ss xmm14, xmm14, edi
vmulss xmm14, xmm14, xmm15
vcvtss2si edi, xmm14
skip_mult_348928:
movaps xmm15, [rsp]
movaps xmm14, [rsp+10]
add rsp, 20
// **** End Auto script: Multiplier
code:
// add [rbx+16],di
reassemble(INJECT_BAG_BONUS_MULTI)
// mov rax,rsi
reassemble(INJECT_BAG_BONUS_MULTI+4)
// mov rdi,[rsp+48]
reassemble(INJECT_BAG_BONUS_MULTI+7)
// mov [rbx+14],r9w
reassemble(INJECT_BAG_BONUS_MULTI+C)
jmp far return
align 10 cc
vf_mult_348928:
dd (float)3
iw_min_bonus:
dw 64
INJECT_BAG_BONUS_MULTI:
jmp far newmem
nop 3
return:
registersymbol(INJECT_BAG_BONUS_MULTI INJECT_BAG_BONUS_MULTIo vf_mult_348928 iw_min_bonus)
[DISABLE]
INJECT_BAG_BONUS_MULTI:
readmem(INJECT_BAG_BONUS_MULTIo, $11)
unregistersymbol(INJECT_BAG_BONUS_MULTI INJECT_BAG_BONUS_MULTIo vf_mult_348928 iw_min_bonus)
dealloc(newmem)
dealloc(INJECT_BAG_BONUS_MULTIo)
{
// ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+1D39628
CrimsonDesert.exe+1D395E8: E8 D3 22 78 FE - call CrimsonDesert.exe+4BB8C0
CrimsonDesert.exe+1D395ED: 44 0F B7 4B 14 - movzx r9d,word ptr [rbx+14]
CrimsonDesert.exe+1D395F2: 45 33 F6 - xor r14d,r14d
CrimsonDesert.exe+1D395F5: 66 44 39 48 14 - cmp [rax+14],r9w
CrimsonDesert.exe+1D395FA: 7D 06 - jnl CrimsonDesert.exe+1D39602
CrimsonDesert.exe+1D395FC: 41 0F B7 FE - movzx edi,r14w
CrimsonDesert.exe+1D39600: EB 1D - jmp CrimsonDesert.exe+1D3961F
CrimsonDesert.exe+1D39602: 48 8D 4B 10 - lea rcx,[rbx+10]
CrimsonDesert.exe+1D39606: E8 B5 22 78 FE - call CrimsonDesert.exe+4BB8C0
CrimsonDesert.exe+1D3960B: 44 0F B7 4B 14 - movzx r9d,word ptr [rbx+14]
CrimsonDesert.exe+1D39610: 0F B7 48 14 - movzx ecx,word ptr [rax+14]
CrimsonDesert.exe+1D39614: 66 41 2B C9 - sub cx,r9w
CrimsonDesert.exe+1D39618: 66 3B CF - cmp cx,di
CrimsonDesert.exe+1D3961B: 66 0F 4C F9 - cmovl di,cx
CrimsonDesert.exe+1D3961F: 48 8B 6C 24 38 - mov rbp,[rsp+38]
CrimsonDesert.exe+1D39624: 66 44 03 CF - add r9w,di
// ---------- INJECTING HERE ----------
CrimsonDesert.exe+1D39628: 66 01 7B 16 - add [rbx+16],di
// ---------- DONE INJECTING ----------
CrimsonDesert.exe+1D3962C: 48 8B C6 - mov rax,rsi
CrimsonDesert.exe+1D3962F: 48 8B 7C 24 48 - mov rdi,[rsp+48]
CrimsonDesert.exe+1D39634: 66 44 89 4B 14 - mov [rbx+14],r9w
CrimsonDesert.exe+1D39639: 48 8B 5C 24 30 - mov rbx,[rsp+30]
CrimsonDesert.exe+1D3963E: 44 89 36 - mov [rsi],r14d
CrimsonDesert.exe+1D39641: 48 8B 74 24 40 - mov rsi,[rsp+40]
CrimsonDesert.exe+1D39646: 48 83 C4 20 - add rsp,20
CrimsonDesert.exe+1D3964A: 41 5E - pop r14
CrimsonDesert.exe+1D3964C: C3 - ret
CrimsonDesert.exe+1D3964D: CC - int 3
CrimsonDesert.exe+1D3964E: CC - int 3
CrimsonDesert.exe+1D3964F: CC - int 3
CrimsonDesert.exe+1D39650: 48 89 5C 24 08 - mov [rsp+08],rbx
CrimsonDesert.exe+1D39655: 4C 8B 05 5C 81 F2 03 - mov r8,[CrimsonDesert.exe+5C617B8]
CrimsonDesert.exe+1D3965C: 66 39 51 0C - cmp [rcx+0C],dx
CrimsonDesert.exe+1D39660: 7E 69 - jle CrimsonDesert.exe+1D396CB
}
19
"base min bonus"
0
C08000
2 Bytes
iw_min_bonus
20
"multiplier"
0
C08000
Float
vf_mult_348928
21
"Set min reputation when gain"
Auto Assembler Script
{
Generated by AOBMaker, bbfox@https://opencheattables.com
Date : 2026/03/29
}
[ENABLE]
aobscanmodule(INJECT_SET_MIN_REP_WHEN_GAIN,$process,?? 89 ?? 10 89 ?? 0C ?? 8B ?? 24 ?? 00 00 00)
// raw AOB: 48 8D 69 18 41 8B F1 48 8D 8C 24 98 00 00 00 41 8B F8 0F B7 DA E8 ?? ?? ?? ?? 48 8B D0 48 8B CD E8 ?? ?? ?? ?? 48 85 C0 74 ?? 89 78 08 39 78 04 7D ?? 89 78 04 48 8B 8C 24 B0 00 00 00 48 89 48 10 89 70 0C 48 8B 9C 24 A0 00 00 00 48 83 C4 70 5F 5E 5D C3 48 8B 84 24 B0 00 00 00 48 8D 8C 24 90 00 00 00 48 89 44 24 50 66 89 5C 24 40 89 7C 24 44 89 7C 24 48 89 74 24 4C 66 89 9C 24 90 00 00 00 E8 ?? ?? ?? ?? 4C 8D 4C 24 40
// injection point AOB: ?? 89 ?? 10 89 ?? 0C ?? 8B ?? 24 ?? 00 00 00 48 83 C4 70 ?? ?? 5D C3 ?? 8B ?? 24 ?? 00 00 00 ?? 8D ?? 24 ?? 00 00 00 ?? 89 ?? 24 ?? 66 89 ?? 24 ?? 89 ?? 24 ?? 89 ?? 24 ?? 89 ?? 24 ?? 66 89 ?? 24 ?? 00 00 00 E8 ?? ?? ?? ?? ?? 8D ?? 24
alloc(newmem,$1000)
alloc(INJECT_SET_MIN_REP_WHEN_GAINo, $F)
label(code)
label(return)
label(i_min_rep_dot_value i_min_rep_value i_last_rep_addr)
INJECT_SET_MIN_REP_WHEN_GAINo:
readmem(INJECT_SET_MIN_REP_WHEN_GAIN, $F)
newmem:
mov [i_last_rep_addr], rax
mov rbx, [i_min_rep_dot_value]
cmp rcx, rbx
jae short @F
mov rcx, rbx
@@:
mov rbx, [i_min_rep_value]
cmp [rax+8], rbx
jae short @F
mov [rax+8], rbx
code:
// mov [rax+10],rcx
reassemble(INJECT_SET_MIN_REP_WHEN_GAIN)
// mov [rax+0C],esi
reassemble(INJECT_SET_MIN_REP_WHEN_GAIN+4)
// mov rbx,[rsp+000000A0]
reassemble(INJECT_SET_MIN_REP_WHEN_GAIN+7)
jmp far return
align 10 cc
i_min_rep_dot_value:
dq #98
i_min_rep_value:
dq 14
i_last_rep_addr:
dq 0
INJECT_SET_MIN_REP_WHEN_GAIN:
jmp far newmem
nop 1
return:
registersymbol(INJECT_SET_MIN_REP_WHEN_GAIN INJECT_SET_MIN_REP_WHEN_GAINo)
registersymbol(i_min_rep_dot_value i_min_rep_value i_last_rep_addr)
[DISABLE]
INJECT_SET_MIN_REP_WHEN_GAIN:
readmem(INJECT_SET_MIN_REP_WHEN_GAINo, $F)
unregistersymbol(INJECT_SET_MIN_REP_WHEN_GAIN INJECT_SET_MIN_REP_WHEN_GAINo)
unregistersymbol(i_min_rep_dot_value i_min_rep_value i_last_rep_addr)
dealloc(newmem)
dealloc(INJECT_SET_MIN_REP_WHEN_GAINo)
{
// ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+1B4C98E
CrimsonDesert.exe+1B4C951: 48 8D 69 18 - lea rbp,[rcx+18]
CrimsonDesert.exe+1B4C955: 41 8B F1 - mov esi,r9d
CrimsonDesert.exe+1B4C958: 48 8D 8C 24 98 00 00 00 - lea rcx,[rsp+00000098]
CrimsonDesert.exe+1B4C960: 41 8B F8 - mov edi,r8d
CrimsonDesert.exe+1B4C963: 0F B7 DA - movzx ebx,dx
CrimsonDesert.exe+1B4C966: E8 95 F1 7A FE - call CrimsonDesert.exe+2FBB00
CrimsonDesert.exe+1B4C96B: 48 8B D0 - mov rdx,rax
CrimsonDesert.exe+1B4C96E: 48 8B CD - mov rcx,rbp
CrimsonDesert.exe+1B4C971: E8 EA D5 78 FE - call CrimsonDesert.exe+2D9F60
CrimsonDesert.exe+1B4C976: 48 85 C0 - test rax,rax
CrimsonDesert.exe+1B4C979: 74 2A - je CrimsonDesert.exe+1B4C9A5
CrimsonDesert.exe+1B4C97B: 89 78 08 - mov [rax+08],edi
CrimsonDesert.exe+1B4C97E: 39 78 04 - cmp [rax+04],edi
CrimsonDesert.exe+1B4C981: 7D 03 - jnl CrimsonDesert.exe+1B4C986
CrimsonDesert.exe+1B4C983: 89 78 04 - mov [rax+04],edi
CrimsonDesert.exe+1B4C986: 48 8B 8C 24 B0 00 00 00 - mov rcx,[rsp+000000B0]
// ---------- INJECTING HERE ----------
CrimsonDesert.exe+1B4C98E: 48 89 48 10 - mov [rax+10],rcx
// ---------- DONE INJECTING ----------
CrimsonDesert.exe+1B4C992: 89 70 0C - mov [rax+0C],esi
CrimsonDesert.exe+1B4C995: 48 8B 9C 24 A0 00 00 00 - mov rbx,[rsp+000000A0]
CrimsonDesert.exe+1B4C99D: 48 83 C4 70 - add rsp,70
CrimsonDesert.exe+1B4C9A1: 5F - pop rdi
CrimsonDesert.exe+1B4C9A2: 5E - pop rsi
CrimsonDesert.exe+1B4C9A3: 5D - pop rbp
CrimsonDesert.exe+1B4C9A4: C3 - ret
CrimsonDesert.exe+1B4C9A5: 48 8B 84 24 B0 00 00 00 - mov rax,[rsp+000000B0]
CrimsonDesert.exe+1B4C9AD: 48 8D 8C 24 90 00 00 00 - lea rcx,[rsp+00000090]
CrimsonDesert.exe+1B4C9B5: 48 89 44 24 50 - mov [rsp+50],rax
CrimsonDesert.exe+1B4C9BA: 66 89 5C 24 40 - mov [rsp+40],bx
CrimsonDesert.exe+1B4C9BF: 89 7C 24 44 - mov [rsp+44],edi
CrimsonDesert.exe+1B4C9C3: 89 7C 24 48 - mov [rsp+48],edi
CrimsonDesert.exe+1B4C9C7: 89 74 24 4C - mov [rsp+4C],esi
CrimsonDesert.exe+1B4C9CB: 66 89 9C 24 90 00 00 00 - mov [rsp+00000090],bx
CrimsonDesert.exe+1B4C9D3: E8 28 F1 7A FE - call CrimsonDesert.exe+2FBB00
}
22
"min. rep. value"
0
C08000
8 Bytes
i_min_rep_value
154
"Last rep."
0
FF8080
8 Bytes
i_last_rep_addr
8
155
"reputation no decrease"
Auto Assembler Script
{
Generated by AOBMaker, bbfox@https://opencheattables.com
Date : 2026/03/29
}
[ENABLE]
aobscanmodule(INJECT_NO_REP_DEC,$process,E8 ?? ?? ?? ?? ?? 85 ?? 74 ?? 89 ?? 08 39 ?? 04 7D ?? 89 ?? 04 ?? 8B)
// raw AOB: CC CC 48 89 5C 24 18 66 89 54 24 10 55 56 57 48 83 EC 70 48 8D 69 18 41 8B F1 48 8D 8C 24 98 00 00 00 41 8B F8 0F B7 DA E8 ?? ?? ?? ?? 48 8B D0 48 8B CD E8 ?? ?? ?? ?? 48 85 C0 74 ?? 89 78 08 39 78 04 7D ?? 89 78 04 48 8B 8C 24 B0 00 00 00 48 89 48 10 89 70 0C 48 8B 9C 24 A0 00 00 00 48 83 C4 70 5F 5E 5D C3 48 8B 84 24 B0 00 00 00
// injection point AOB: E8 ?? ?? ?? ?? ?? 85 ?? 74 ?? 89 ?? 08 39 ?? 04 7D ?? 89 ?? 04 ?? 8B ?? 24 ?? 00 00 00 ?? 89 ?? 10 89 ?? 0C ?? 8B ?? 24 ?? 00 00 00 48 83 C4 70 ?? ?? 5D C3 ?? 8B ?? 24 ?? 00 00 00
alloc(newmem,$1000)
alloc(INJECT_NO_REP_DECo, $10)
label(code)
label(return)
INJECT_NO_REP_DECo:
readmem(INJECT_NO_REP_DEC, $10)
newmem:
code:
// call CrimsonDesert.exe+2D9F60
reassemble(INJECT_NO_REP_DEC)
// test rax,rax
reassemble(INJECT_NO_REP_DEC+5)
// je CrimsonDesert.exe+1B4C9A5
reassemble(INJECT_NO_REP_DEC+8)
// *****************************************
// ****** begin code injection
cmp [rax+08],edi
jle short @F
mov edi,[rax+08]
cmp edi, C8
jge short @F
add edi, 1
@@:
// ****** end code injection
// *****************************************
// mov [rax+08],edi
reassemble(INJECT_NO_REP_DEC+A)
// cmp [rax+04],edi
reassemble(INJECT_NO_REP_DEC+D)
jmp far return
align 10 cc
INJECT_NO_REP_DEC:
jmp far newmem
nop 2
return:
registersymbol(INJECT_NO_REP_DEC INJECT_NO_REP_DECo)
[DISABLE]
INJECT_NO_REP_DEC:
readmem(INJECT_NO_REP_DECo, $10)
unregistersymbol(INJECT_NO_REP_DEC INJECT_NO_REP_DECo)
dealloc(newmem)
dealloc(INJECT_NO_REP_DECo)
{
// ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+1B4C971
CrimsonDesert.exe+1B4C93E: CC - int 3
CrimsonDesert.exe+1B4C93F: CC - int 3
CrimsonDesert.exe+1B4C940: 48 89 5C 24 18 - mov [rsp+18],rbx
CrimsonDesert.exe+1B4C945: 66 89 54 24 10 - mov [rsp+10],dx
CrimsonDesert.exe+1B4C94A: 55 - push rbp
CrimsonDesert.exe+1B4C94B: 56 - push rsi
CrimsonDesert.exe+1B4C94C: 57 - push rdi
CrimsonDesert.exe+1B4C94D: 48 83 EC 70 - sub rsp,70
CrimsonDesert.exe+1B4C951: 48 8D 69 18 - lea rbp,[rcx+18]
CrimsonDesert.exe+1B4C955: 41 8B F1 - mov esi,r9d
CrimsonDesert.exe+1B4C958: 48 8D 8C 24 98 00 00 00 - lea rcx,[rsp+00000098]
CrimsonDesert.exe+1B4C960: 41 8B F8 - mov edi,r8d
CrimsonDesert.exe+1B4C963: 0F B7 DA - movzx ebx,dx
CrimsonDesert.exe+1B4C966: E8 95 F1 7A FE - call CrimsonDesert.exe+2FBB00
CrimsonDesert.exe+1B4C96B: 48 8B D0 - mov rdx,rax
CrimsonDesert.exe+1B4C96E: 48 8B CD - mov rcx,rbp
// ---------- INJECTING HERE ----------
CrimsonDesert.exe+1B4C971: E8 EA D5 78 FE - call CrimsonDesert.exe+2D9F60
// ---------- DONE INJECTING ----------
CrimsonDesert.exe+1B4C976: 48 85 C0 - test rax,rax
CrimsonDesert.exe+1B4C979: 74 2A - je CrimsonDesert.exe+1B4C9A5
CrimsonDesert.exe+1B4C97B: 89 78 08 - mov [rax+08],edi
CrimsonDesert.exe+1B4C97E: 39 78 04 - cmp [rax+04],edi
CrimsonDesert.exe+1B4C981: 7D 03 - jnl CrimsonDesert.exe+1B4C986
CrimsonDesert.exe+1B4C983: 89 78 04 - mov [rax+04],edi
CrimsonDesert.exe+1B4C986: 48 8B 8C 24 B0 00 00 00 - mov rcx,[rsp+000000B0]
CrimsonDesert.exe+1B4C98E: 48 89 48 10 - mov [rax+10],rcx
CrimsonDesert.exe+1B4C992: 89 70 0C - mov [rax+0C],esi
CrimsonDesert.exe+1B4C995: 48 8B 9C 24 A0 00 00 00 - mov rbx,[rsp+000000A0]
CrimsonDesert.exe+1B4C99D: 48 83 C4 70 - add rsp,70
CrimsonDesert.exe+1B4C9A1: 5F - pop rdi
CrimsonDesert.exe+1B4C9A2: 5E - pop rsi
CrimsonDesert.exe+1B4C9A3: 5D - pop rbp
CrimsonDesert.exe+1B4C9A4: C3 - ret
CrimsonDesert.exe+1B4C9A5: 48 8B 84 24 B0 00 00 00 - mov rax,[rsp+000000B0]
}
23
"Get HP address: Step 1 & 2 - AOB mode"
1
24
"+Step 1 Usage: open item menu"
8000FF
1
25
"Enable step 1"
Auto Assembler Script
{
Generated by AOBMaker, bbfox@https://opencheattables.com
Date : 2026/03/29
}
[ENABLE]
aobscanmodule(INJECT_GET_HP_1_3,$process,0F 85 ?? ?? ?? ?? ?? 8B ?? 38 ?? 3B ?? 0F 86 ?? ?? ?? ??)
// raw AOB: CC CC CC CC CC 48 89 5C 24 08 48 89 74 24 10 48 89 7C 24 18 41 56 48 83 EC 20 4D 8B F1 49 8B F0 48 8B FA 48 8B D9 E8 ?? ?? ?? ?? 80 78 11 02 0F 85 ?? ?? ?? ?? 48 8B 43 38 48 3B F0 0F 86 ?? ?? ?? ?? 80 7B 53 00 0F 8F ?? ?? ?? ?? 4C 8B 4B 08 4C 8B 53 28 4D 3B CA 7F ?? 48 3B 73 40 0F 86 ?? ?? ?? ?? F2 0F 10 0D ?? ?? ?? ?? 0F 57 D2 F2 48 0F 2A 53 10 48 8B 53 40 0F 57 C0
// injection point AOB: 0F 85 ?? ?? ?? ?? ?? 8B ?? 38 ?? 3B ?? 0F 86 ?? ?? ?? ?? 80 ?? 53 00 0F 8F ?? ?? ?? ?? ?? 8B ?? 08 ?? 8B ?? 28 ?? 3B ?? 7F ?? ?? 3B ?? 40 0F 86 ?? ?? ?? ?? F2 0F 10 ?? ?? ?? ?? ?? 0F 57 ?? F2 ?? 0F 2A ?? 10 ?? 8B ?? 40 0F 57
alloc(newmem,$1000)
alloc(INJECT_GET_HP_1_3o, $13)
label(code)
label(return)
label(i_base_hp_addr_1 i_base_hp_addr_1_2)
INJECT_GET_HP_1_3o:
readmem(INJECT_GET_HP_1_3, $13)
newmem:
jne save_address_1
jmp code
save_address_1:
pushfq
cmp qword ptr [i_base_hp_addr_1], rbx
je short endp
cmp qword ptr [i_base_hp_addr_1_2], rbx
je short endp
cmp qword ptr [i_base_hp_addr_1], 0
jne write_2
mov [i_base_hp_addr_1], rbx // rbx+08 = HP
jmp short endp
write_2:
cmp qword ptr [i_base_hp_addr_1_2], 0
jne short endp
mov [i_base_hp_addr_1_2], rbx // rbx+08 = HP
endp:
popfq
code:
// jne CrimsonDesert.exe+12D79C4
reassemble(INJECT_GET_HP_1_3)
// mov rax,[rbx+38]
reassemble(INJECT_GET_HP_1_3+6)
// cmp rsi,rax
reassemble(INJECT_GET_HP_1_3+A)
// jbe CrimsonDesert.exe+12D79C4
reassemble(INJECT_GET_HP_1_3+D)
jmp far return
align 10 cc
i_base_hp_addr_1:
dq 0
i_base_hp_addr_1_2:
dq 0
INJECT_GET_HP_1_3:
jmp far newmem
nop 5
return:
registersymbol(INJECT_GET_HP_1_3 INJECT_GET_HP_1_3o)
registersymbol(i_base_hp_addr_1 i_base_hp_addr_1_2)
[DISABLE]
INJECT_GET_HP_1_3:
readmem(INJECT_GET_HP_1_3o, $13)
unregistersymbol(INJECT_GET_HP_1_3 INJECT_GET_HP_1_3o)
unregistersymbol(i_base_hp_addr_1 i_base_hp_addr_1_2)
dealloc(newmem)
dealloc(INJECT_GET_HP_1_3o)
{
// ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+12D78BA
CrimsonDesert.exe+12D788B: CC - int 3
CrimsonDesert.exe+12D788C: CC - int 3
CrimsonDesert.exe+12D788D: CC - int 3
CrimsonDesert.exe+12D788E: CC - int 3
CrimsonDesert.exe+12D788F: CC - int 3
CrimsonDesert.exe+12D7890: 48 89 5C 24 08 - mov [rsp+08],rbx
CrimsonDesert.exe+12D7895: 48 89 74 24 10 - mov [rsp+10],rsi
CrimsonDesert.exe+12D789A: 48 89 7C 24 18 - mov [rsp+18],rdi
CrimsonDesert.exe+12D789F: 41 56 - push r14
CrimsonDesert.exe+12D78A1: 48 83 EC 20 - sub rsp,20
CrimsonDesert.exe+12D78A5: 4D 8B F1 - mov r14,r9
CrimsonDesert.exe+12D78A8: 49 8B F0 - mov rsi,r8
CrimsonDesert.exe+12D78AB: 48 8B FA - mov rdi,rdx
CrimsonDesert.exe+12D78AE: 48 8B D9 - mov rbx,rcx
CrimsonDesert.exe+12D78B1: E8 5A C1 12 FF - call CrimsonDesert.exe+403A10
CrimsonDesert.exe+12D78B6: 80 78 11 02 - cmp byte ptr [rax+11],02
// ---------- INJECTING HERE ----------
CrimsonDesert.exe+12D78BA: 0F 85 04 01 00 00 - jne CrimsonDesert.exe+12D79C4
// ---------- DONE INJECTING ----------
CrimsonDesert.exe+12D78C0: 48 8B 43 38 - mov rax,[rbx+38]
CrimsonDesert.exe+12D78C4: 48 3B F0 - cmp rsi,rax
CrimsonDesert.exe+12D78C7: 0F 86 F7 00 00 00 - jbe CrimsonDesert.exe+12D79C4
CrimsonDesert.exe+12D78CD: 80 7B 53 00 - cmp byte ptr [rbx+53],00
CrimsonDesert.exe+12D78D1: 0F 8F ED 00 00 00 - jg CrimsonDesert.exe+12D79C4
CrimsonDesert.exe+12D78D7: 4C 8B 4B 08 - mov r9,[rbx+08]
CrimsonDesert.exe+12D78DB: 4C 8B 53 28 - mov r10,[rbx+28]
CrimsonDesert.exe+12D78DF: 4D 3B CA - cmp r9,r10
CrimsonDesert.exe+12D78E2: 7F 0A - jg CrimsonDesert.exe+12D78EE
CrimsonDesert.exe+12D78E4: 48 3B 73 40 - cmp rsi,[rbx+40]
CrimsonDesert.exe+12D78E8: 0F 86 D6 00 00 00 - jbe CrimsonDesert.exe+12D79C4
CrimsonDesert.exe+12D78EE: F2 0F 10 0D B2 4C B3 03 - movsd xmm1,[CrimsonDesert.exe+4E0C5A8]
CrimsonDesert.exe+12D78F6: 0F 57 D2 - xorps xmm2,xmm2
CrimsonDesert.exe+12D78F9: F2 48 0F 2A 53 10 - cvtsi2sd xmm2,[rbx+10]
CrimsonDesert.exe+12D78FF: 48 8B 53 40 - mov rdx,[rbx+40]
CrimsonDesert.exe+12D7903: 0F 57 C0 - xorps xmm0,xmm0
}
26
"HP #1a (char tab)"
0
FF8080
8 Bytes
i_base_hp_addr_1
8
27
"Sta #1a (char tab)"
0
FF8080
8 Bytes
i_base_hp_addr_1
488
28
"HP #1b (horse tab)"
0
FF8080
8 Bytes
i_base_hp_addr_1_2
8
29
"Sta #1b (horse tab)"
0
FF8080
8 Bytes
i_base_hp_addr_1_2
488
30
"+Step 2 Usage: open item menu"
8000FF
1
31
"Enable step 2 (char tab)"
Auto Assembler Script
{
Generated by AOBMaker, bbfox@https://opencheattables.com
Date : 2026/03/29
}
[ENABLE]
aobscanmodule(INJECT_GET_HP_2,$process,?? 8B ?? 08 ?? 0F B7 ?? ?? 8B ?? E8 ?? ?? ?? ?? ?? 85)
// raw AOB: 32 C0 48 8B 9C 24 30 03 00 00 48 81 C4 E0 02 00 00 41 5F 41 5E 41 5D 41 5C 5F 5E 5D C3 0F B6 80 6A 02 00 00 88 44 24 44 0F B7 D3 49 8B CD E8 ?? ?? ?? ?? 48 8B 70 08 41 0F B7 D6 49 8B CD E8 ?? ?? ?? ?? 48 85 F6 7F ?? 48 85 FF 79 ?? B0 01 EB ?? 32 C0 4C 8D 7C 24 4C 48 8D 4C 24 48 84 C0 4C 0F 44 F9 0F B7 D3 49 8B CD E8
// injection point AOB: ?? 8B ?? 08 ?? 0F B7 ?? ?? 8B ?? E8 ?? ?? ?? ?? ?? 85 ?? 7F ?? ?? 85 ?? 79 ?? ?? 01 EB ?? 32 ?? ?? 8D ?? 24 ?? ?? 8D ?? 24 ?? 84 ?? ?? 0F 44 ?? 0F B7 ?? ?? 8B ?? E8
alloc(newmem,$1000)
alloc(INJECT_GET_HP_2o, $10)
label(code)
label(return)
label(i_base_hp_addr_2)
INJECT_GET_HP_2o:
readmem(INJECT_GET_HP_2, $10)
newmem:
cmp qword ptr [i_base_hp_addr_2], 0
jne short code
mov [i_base_hp_addr_2], rax
code:
// mov rsi,[rax+08]
reassemble(INJECT_GET_HP_2)
// movzx edx,r14w
reassemble(INJECT_GET_HP_2+4)
// mov rcx,r13
reassemble(INJECT_GET_HP_2+8)
// call CrimsonDesert.exe+12D2250
reassemble(INJECT_GET_HP_2+B)
jmp far return
align 10 cc
i_base_hp_addr_2:
dq 0
INJECT_GET_HP_2:
jmp far newmem
nop 2
return:
registersymbol(INJECT_GET_HP_2 INJECT_GET_HP_2o)
registersymbol(i_base_hp_addr_2)
[DISABLE]
INJECT_GET_HP_2:
readmem(INJECT_GET_HP_2o, $10)
unregistersymbol(INJECT_GET_HP_2 INJECT_GET_HP_2o)
unregistersymbol(i_base_hp_addr_2)
dealloc(newmem)
dealloc(INJECT_GET_HP_2o)
{
// ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+12D09BE
CrimsonDesert.exe+12D098B: 32 C0 - xor al,al
CrimsonDesert.exe+12D098D: 48 8B 9C 24 30 03 00 00 - mov rbx,[rsp+00000330]
CrimsonDesert.exe+12D0995: 48 81 C4 E0 02 00 00 - add rsp,000002E0
CrimsonDesert.exe+12D099C: 41 5F - pop r15
CrimsonDesert.exe+12D099E: 41 5E - pop r14
CrimsonDesert.exe+12D09A0: 41 5D - pop r13
CrimsonDesert.exe+12D09A2: 41 5C - pop r12
CrimsonDesert.exe+12D09A4: 5F - pop rdi
CrimsonDesert.exe+12D09A5: 5E - pop rsi
CrimsonDesert.exe+12D09A6: 5D - pop rbp
CrimsonDesert.exe+12D09A7: C3 - ret
CrimsonDesert.exe+12D09A8: 0F B6 80 6A 02 00 00 - movzx eax,byte ptr [rax+0000026A]
CrimsonDesert.exe+12D09AF: 88 44 24 44 - mov [rsp+44],al
CrimsonDesert.exe+12D09B3: 0F B7 D3 - movzx edx,bx
CrimsonDesert.exe+12D09B6: 49 8B CD - mov rcx,r13
CrimsonDesert.exe+12D09B9: E8 92 18 00 00 - call CrimsonDesert.exe+12D2250
// ---------- INJECTING HERE ----------
CrimsonDesert.exe+12D09BE: 48 8B 70 08 - mov rsi,[rax+08]
// ---------- DONE INJECTING ----------
CrimsonDesert.exe+12D09C2: 41 0F B7 D6 - movzx edx,r14w
CrimsonDesert.exe+12D09C6: 49 8B CD - mov rcx,r13
CrimsonDesert.exe+12D09C9: E8 82 18 00 00 - call CrimsonDesert.exe+12D2250
CrimsonDesert.exe+12D09CE: 48 85 F6 - test rsi,rsi
CrimsonDesert.exe+12D09D1: 7F 09 - jg CrimsonDesert.exe+12D09DC
CrimsonDesert.exe+12D09D3: 48 85 FF - test rdi,rdi
CrimsonDesert.exe+12D09D6: 79 04 - jns CrimsonDesert.exe+12D09DC
CrimsonDesert.exe+12D09D8: B0 01 - mov al,01
CrimsonDesert.exe+12D09DA: EB 02 - jmp CrimsonDesert.exe+12D09DE
CrimsonDesert.exe+12D09DC: 32 C0 - xor al,al
CrimsonDesert.exe+12D09DE: 4C 8D 7C 24 4C - lea r15,[rsp+4C]
CrimsonDesert.exe+12D09E3: 48 8D 4C 24 48 - lea rcx,[rsp+48]
CrimsonDesert.exe+12D09E8: 84 C0 - test al,al
CrimsonDesert.exe+12D09EA: 4C 0F 44 F9 - cmove r15,rcx
CrimsonDesert.exe+12D09EE: 0F B7 D3 - movzx edx,bx
CrimsonDesert.exe+12D09F1: 49 8B CD - mov rcx,r13
}
32
"Use item to recover HP even HP is full"
8000FF
1
33
"HP #2a"
0
FF8080
8 Bytes
i_base_hp_addr_2
8
34
"Sta #2a"
0
FF8080
8 Bytes
i_base_hp_addr_2
488
35
"Enable step 2 (horse tab)"
Auto Assembler Script
{
Generated by AOBMaker, bbfox@https://opencheattables.com
Date : 2026/03/29
}
[ENABLE]
aobscanmodule(INJECT_GET_HP_2_2,$process,?? 89 ?? 08 ?? 8B ?? 24 ?? ?? 89 ?? 38 66 89 ?? 50)
// raw AOB: 4C 8D 4C 24 58 49 89 F0 48 8D 54 24 40 48 89 F9 E8 ?? ?? ?? ?? 48 8B 4F 30 48 39 08 7C ?? C6 47 52 00 31 D2 48 89 D8 48 2B 47 18 48 39 5F 18 48 0F 4F C2 48 89 47 20 48 FF 47 48 48 89 5F 08 48 8B 5C 24 48 48 89 77 38 66 89 6F 50 48 83 C4 20 5F 5E 5D C3 CC 0F 1F 00 48 89 5C 24 10 48 89 7C 24 20 55 48 89 E5 48 83 EC 50 48 89 D3 48 8B 51 18
// injection point AOB: ?? 89 ?? 08 ?? 8B ?? 24 ?? ?? 89 ?? 38 66 89 ?? 50 48 83 C4 20 ?? ?? 5D C3 CC 0F 1F ?? ?? 89 ?? 24 ?? ?? 89 ?? 24 ?? 55 ?? 89 ?? 48 83 EC 50 ?? 89 ?? ?? 8B ?? 18
alloc(newmem,$1000)
alloc(INJECT_GET_HP_2_2o, $11)
label(code)
label(return)
label(i_base_hp_addr_2_2)
INJECT_GET_HP_2_2o:
readmem(INJECT_GET_HP_2_2, $11)
newmem:
code:
// mov [rdi+08],rbx
reassemble(INJECT_GET_HP_2_2)
// mov rbx,[rsp+48]
reassemble(INJECT_GET_HP_2_2+4)
// mov [rdi+38],rsi
reassemble(INJECT_GET_HP_2_2+9)
// mov [rdi+50],bp
reassemble(INJECT_GET_HP_2_2+D)
jmp far return
align 10 cc
i_base_hp_addr_2_2:
dq 0
INJECT_GET_HP_2_2:
jmp far newmem
nop 3
return:
registersymbol(INJECT_GET_HP_2_2 INJECT_GET_HP_2_2o)
registersymbol(i_base_hp_addr_2_2)
[DISABLE]
INJECT_GET_HP_2_2:
readmem(INJECT_GET_HP_2_2o, $11)
unregistersymbol(INJECT_GET_HP_2_2 INJECT_GET_HP_2_2o)
unregistersymbol(i_base_hp_addr_2_2)
dealloc(newmem)
dealloc(INJECT_GET_HP_2_2o)
{
// ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+C489563
CrimsonDesert.exe+C489528: 4C 8D 4C 24 58 - lea r9,[rsp+58]
CrimsonDesert.exe+C48952D: 49 89 F0 - mov r8,rsi
CrimsonDesert.exe+C489530: 48 8D 54 24 40 - lea rdx,[rsp+40]
CrimsonDesert.exe+C489535: 48 89 F9 - mov rcx,rdi
CrimsonDesert.exe+C489538: E8 53 E3 E4 F4 - call CrimsonDesert.exe+12D7890
CrimsonDesert.exe+C48953D: 48 8B 4F 30 - mov rcx,[rdi+30]
CrimsonDesert.exe+C489541: 48 39 08 - cmp [rax],rcx
CrimsonDesert.exe+C489544: 7C 04 - jl CrimsonDesert.exe+C48954A
CrimsonDesert.exe+C489546: C6 47 52 00 - mov byte ptr [rdi+52],00
CrimsonDesert.exe+C48954A: 31 D2 - xor edx,edx
CrimsonDesert.exe+C48954C: 48 89 D8 - mov rax,rbx
CrimsonDesert.exe+C48954F: 48 2B 47 18 - sub rax,[rdi+18]
CrimsonDesert.exe+C489553: 48 39 5F 18 - cmp [rdi+18],rbx
CrimsonDesert.exe+C489557: 48 0F 4F C2 - cmovg rax,rdx
CrimsonDesert.exe+C48955B: 48 89 47 20 - mov [rdi+20],rax
CrimsonDesert.exe+C48955F: 48 FF 47 48 - inc qword ptr [rdi+48]
// ---------- INJECTING HERE ----------
CrimsonDesert.exe+C489563: 48 89 5F 08 - mov [rdi+08],rbx
// ---------- DONE INJECTING ----------
CrimsonDesert.exe+C489567: 48 8B 5C 24 48 - mov rbx,[rsp+48]
CrimsonDesert.exe+C48956C: 48 89 77 38 - mov [rdi+38],rsi
CrimsonDesert.exe+C489570: 66 89 6F 50 - mov [rdi+50],bp
CrimsonDesert.exe+C489574: 48 83 C4 20 - add rsp,20
CrimsonDesert.exe+C489578: 5F - pop rdi
CrimsonDesert.exe+C489579: 5E - pop rsi
CrimsonDesert.exe+C48957A: 5D - pop rbp
CrimsonDesert.exe+C48957B: C3 - ret
CrimsonDesert.exe+C48957C: CC - int 3
CrimsonDesert.exe+C48957D: 0F 1F 00 - nop dword ptr [rax]
CrimsonDesert.exe+C489580: 48 89 5C 24 10 - mov [rsp+10],rbx
CrimsonDesert.exe+C489585: 48 89 7C 24 20 - mov [rsp+20],rdi
CrimsonDesert.exe+C48958A: 55 - push rbp
CrimsonDesert.exe+C48958B: 48 89 E5 - mov rbp,rsp
CrimsonDesert.exe+C48958E: 48 83 EC 50 - sub rsp,50
CrimsonDesert.exe+C489592: 48 89 D3 - mov rbx,rdx
}
36
"**Bypass this if you think it's too complex**"
D500D5
1
37
"Unequip -> equip saddle (trigger horse HP change)"
8000FF
1
38
"HP #2b"
0
FF8080
8 Bytes
i_base_hp_addr_2_2
8
39
"Sta #2b"
0
FF8080
8 Bytes
i_base_hp_addr_2_2
488
40
"Get HP - Pointer map mode"
1
41
"Get HP #1 - Pointer map"
Auto Assembler Script
[ENABLE]
{$lua}
if syntaxcheck then return end
if not AOBScanModule then
function AOBScanModule(moduleName, signature)
local baseAddr = nil
local maxAddr = 0
local modList
synchronize(function()
modList = enumModules()
end)
for _, mod in ipairs(modList) do
if string.lower(mod.Name) == string.lower(moduleName) then
baseAddr = mod.Address
maxAddr = baseAddr + mod.Size
break
end
end
if not baseAddr then return nil end
local ms = createMemScan()
synchronize(function()
ms.firstScan(soExactValue, vtByteArray, nil, signature,
nil, baseAddr, maxAddr, '+X-C-W', fsmNotAligned, '1', true, true, false, false)
end)
ms.waitTillDone()
local results = createFoundList(ms)
results.initialize()
local addr
synchronize(function()
if results.getCount() > 0 then
addr = results[0]
end
end)
results.destroy()
ms.destroy()
return addr
end
end
local AOBs = {
{name='Player_Base', aob='?? 89 ?? ?? ?? ?? ?? ?? 8D ?? 00 01 00 00 ?? 89 ?? ?? ?? ?? ?? ?? 8D ?? A0 01 00 00', pos=3, aoblen=7, symbol='Player_Base_addr'},
}
local module_name = process
for _, entry in ipairs(AOBs) do
local aob_addr_str = AOBScanModule(module_name, entry.aob)
if aob_addr_str then
local aob_addr_val = tonumber(aob_addr_str, 16)
local offset_addr = aob_addr_val + entry.pos
local relative_offset = readInteger(offset_addr, true)
local final_addr = relative_offset + aob_addr_val + entry.aoblen
synchronize(function()
unregisterSymbol(entry.symbol)
registerSymbol(entry.symbol, final_addr)
end)
print(string.format('[SymbolScanner] %s registered at: %X', entry.name, final_addr))
synchronize(function()
getLuaEngine().Close()
end)
else
print(string.format('[SymbolScanner] WARNING: AOB scan failed for %s', entry.name))
end
end
{$asm}
[DISABLE]
{$lua}
if syntaxcheck then return end
unregisterSymbol('Player_Base_addr')
{$asm}
42
"Char #1 - Kliff"
1
43
"HP #1.1 (ptr map)"
0
FF8080
8 Bytes
Player_Base_addr
8
58
18
20
68
D0
28
44
"Sta #1.1 (ptr map)"
0
FF8080
8 Bytes
Player_Base_addr
488
58
18
20
68
D0
28
45
"Spi #1.1 (ptr map)"
0
FF8080
8 Bytes
Player_Base_addr
518
58
18
20
68
D0
28
46
"Char #2 - Damine"
1
47
"HP #1.2 (ptr map)"
0
FF8080
8 Bytes
Player_Base_addr
8
58
18
20
68
D8
28
48
"Sta #1.2 (ptr map)"
0
FF8080
8 Bytes
Player_Base_addr
488
58
18
20
68
D8
28
49
"Spi #1.2 (ptr map)"
0
FF8080
8 Bytes
Player_Base_addr
518
58
18
20
68
D8
28
50
"Char #3 - Oongka?"
1
51
"HP #1.3 (ptr map)"
0
FF8080
8 Bytes
Player_Base_addr
8
58
18
20
68
E0
28
52
"Sta #1.3 (ptr map)"
0
FF8080
8 Bytes
Player_Base_addr
488
58
18
20
68
E0
28
53
"Spi #1.3 (ptr map)"
0
FF8080
8 Bytes
Player_Base_addr
518
58
18
20
68
E0
28
54
"Bag"
1
55
"Used slots (read only)"
0
FF8080
2 Bytes
Player_Base_addr
12
8
18
B8
68
20
56
"Bag slots (read only)"
0
FF8080
2 Bytes
Player_Base_addr
14
8
18
B8
68
20
57
"Bonus Slots (max 190)"
0
FF8080
2 Bytes
Player_Base_addr
16
8
18
B8
68
20
58
"Used slots (read only) path #2"
0
FF8080
2 Bytes
Player_Base_addr
12
8
18
B8
68
D0
28
59
"Bag slots (read only) Path #2"
0
FF8080
2 Bytes
Player_Base_addr
14
8
18
B8
68
D0
28
60
"Bonus Slots (max 190) Path #2"
0
FF8080
2 Bytes
Player_Base_addr
16
8
18
B8
68
D0
28
61
"Get HP #2 - Pointer map"
Auto Assembler Script
[ENABLE]
{$lua}
if syntaxcheck then return end
if not AOBScanModule then
function AOBScanModule(moduleName, signature)
local baseAddr = nil
local maxAddr = 0
local modList
synchronize(function()
modList = enumModules()
end)
for _, mod in ipairs(modList) do
if string.lower(mod.Name) == string.lower(moduleName) then
baseAddr = mod.Address
maxAddr = baseAddr + mod.Size
break
end
end
if not baseAddr then return nil end
local ms = createMemScan()
synchronize(function()
ms.firstScan(soExactValue, vtByteArray, nil, signature,
nil, baseAddr, maxAddr, '+X-C-W', fsmNotAligned, '1', true, true, false, false)
end)
ms.waitTillDone()
local results = createFoundList(ms)
results.initialize()
local addr
synchronize(function()
if results.getCount() > 0 then
addr = results[0]
end
end)
results.destroy()
ms.destroy()
return addr
end
end
local AOBs = {
{name='Play_Base2', aob='?? 8B ?? ?? ?? ?? ?? ?? 89 ?? 24 ?? ?? 0F B6 ?? ?? E8 ?? ?? ?? ?? ?? 8B ?? F8 00 00 00 ?? 8B ?? 00 01 00 00', pos=3, aoblen=7, symbol='Play_Base2_addr'},
}
local module_name = process
for _, entry in ipairs(AOBs) do
local aob_addr_str = AOBScanModule(module_name, entry.aob)
if aob_addr_str then
local aob_addr_val = tonumber(aob_addr_str, 16)
local offset_addr = aob_addr_val + entry.pos
local relative_offset = readInteger(offset_addr, true)
local final_addr = relative_offset + aob_addr_val + entry.aoblen
synchronize(function()
unregisterSymbol(entry.symbol)
registerSymbol(entry.symbol, final_addr)
end)
print(string.format('[SymbolScanner] %s registered at: %X', entry.name, final_addr))
synchronize(function()
getLuaEngine().Close()
end)
else
print(string.format('[SymbolScanner] WARNING: AOB scan failed for %s', entry.name))
end
end
{$asm}
[DISABLE]
{$lua}
if syntaxcheck then return end
unregisterSymbol('Play_Base2_addr')
{$asm}
62
"Char #1 - Kliff"
1
63
"Auto fill HP (only when HP1/2 pointer map enabled)"
Auto Assembler Script
[ENABLE]
{$lua}
if syntaxcheck then return end
if hpRefillTimer1 then
hpRefillTimer1.destroy()
hpRefillTimer1 = nil
end
-- 快取上次註冊的地址
lastRegistered1_1 = nil
lastRegistered1_2 = nil
hpRefillTimer1 = createTimer(nil, false)
hpRefillTimer1.Interval = 300
hpRefillTimer1.OnTimer = function(t)
local al = getAddressList()
local mr1 = al.getMemoryRecordByDescription('HP #1.1 (ptr map)')
local mr2 = al.getMemoryRecordByDescription('HP #2.1 (ptr map)')
if mr1 == nil or mr2 == nil then return end
local addr1 = mr1.CurrentAddress
local addr2 = mr2.CurrentAddress
if addr1 == nil or addr2 == nil then return end
local resolved1 = getAddress(addr1)
local resolved2 = getAddress(addr2)
if resolved1 == 0 or resolved2 == 0 then return end
local maxHP = readQword(resolved1 + 0x10)
if maxHP == nil or maxHP == 0 then return end
writeQword(resolved1, maxHP)
writeQword(resolved2, maxHP)
-- 地址有變動時才重新註冊
if resolved1 ~= lastRegistered1_1 then
registerSymbol('char_hp_ptr_1_1', resolved1, true)
lastRegistered1_1 = resolved1
end
if resolved2 ~= lastRegistered1_2 then
registerSymbol('char_hp_ptr_1_2', resolved2, true)
lastRegistered1_2 = resolved2
end
end
hpRefillTimer1.Enabled = true
{$asm}
[DISABLE]
{$lua}
if syntaxcheck then return end
if hpRefillTimer1 then
hpRefillTimer1.Enabled = false
hpRefillTimer1.destroy()
hpRefillTimer1 = nil
end
lastRegistered1_1 = nil
lastRegistered1_2 = nil
unregisterSymbol('char_hp_ptr_1_1')
unregisterSymbol('char_hp_ptr_1_2')
{$asm}
64
"HP1"
0
FF8080
8 Bytes
char_hp_ptr_1_1
65
"HP2"
0
FF8080
8 Bytes
char_hp_ptr_1_2
66
"Auto fill Sta (only when Sta1/2 pointer map enabled)"
Auto Assembler Script
[ENABLE]
{$lua}
if syntaxcheck then return end
if staRefillTimer1 then
staRefillTimer1.destroy()
staRefillTimer1 = nil
end
lastStaRegistered1_1 = nil
lastStaRegistered1_2 = nil
staRefillTimer1 = createTimer(nil, false)
staRefillTimer1.Interval = 300
staRefillTimer1.OnTimer = function(t)
local al = getAddressList()
local mr1 = al.getMemoryRecordByDescription('Sta #1.1 (ptr map)')
local mr2 = al.getMemoryRecordByDescription('Sta #2.1 (ptr map)')
if mr1 == nil or mr2 == nil then return end
local addr1 = mr1.CurrentAddress
local addr2 = mr2.CurrentAddress
if addr1 == nil or addr2 == nil then return end
local resolved1 = getAddress(addr1)
local resolved2 = getAddress(addr2)
if resolved1 == 0 or resolved2 == 0 then return end
local maxSta = readQword(resolved1 + 0x10)
if maxSta == nil or maxSta == 0 then return end
writeQword(resolved1, maxSta)
writeQword(resolved2, maxSta)
local resolved1_Delta1 = getAddress(addr1 + 0x8)
local resolved2_Delta1 = getAddress(addr2 + 0x8)
local resolved1_Delta2 = getAddress(addr1 + 0x80)
local resolved2_Delta2 = getAddress(addr2 + 0x80)
writeQword(resolved1_Delta1, 100000)
writeQword(resolved2_Delta1, 100000)
writeQword(resolved1_Delta2, 100000)
writeQword(resolved2_Delta2, 100000)
if resolved1 ~= lastStaRegistered1_1 then
registerSymbol('char_sta_ptr_1_1', resolved1, true)
lastStaRegistered1_1 = resolved1
end
if resolved2 ~= lastStaRegistered1_2 then
registerSymbol('char_sta_ptr_1_2', resolved2, true)
lastStaRegistered1_2 = resolved2
end
end
staRefillTimer1.Enabled = true
{$asm}
[DISABLE]
{$lua}
if syntaxcheck then return end
if staRefillTimer1 then
staRefillTimer1.Enabled = false
staRefillTimer1.destroy()
staRefillTimer1 = nil
end
lastStaRegistered1_1 = nil
lastStaRegistered1_2 = nil
unregisterSymbol('char_sta_ptr_1_1')
unregisterSymbol('char_sta_ptr_1_2')
{$asm}
67
"Sta1"
0
FF8080
8 Bytes
char_sta_ptr_1_1
68
"Sta2"
0
FF8080
8 Bytes
char_sta_ptr_1_2
162
"Auto fill Spi (only when Spi1/2 pointer map enabled)"
Auto Assembler Script
[ENABLE]
{$lua}
if syntaxcheck then return end
if spiRefillTimer1 then
spiRefillTimer1.destroy()
spiRefillTimer1 = nil
end
lastSpiRegistered1_1 = nil
lastSpiRegistered1_2 = nil
spiRefillTimer1 = createTimer(nil, false)
spiRefillTimer1.Interval = 300
spiRefillTimer1.OnTimer = function(t)
local al = getAddressList()
local mr1 = al.getMemoryRecordByDescription('Spi #1.1 (ptr map)')
local mr2 = al.getMemoryRecordByDescription('Spi #2.1 (ptr map)')
if mr1 == nil or mr2 == nil then return end
local addr1 = mr1.CurrentAddress
local addr2 = mr2.CurrentAddress
if addr1 == nil or addr2 == nil then return end
local resolved1 = getAddress(addr1)
local resolved2 = getAddress(addr2)
if resolved1 == 0 or resolved2 == 0 then return end
local maxSta = readQword(resolved1 + 0x10)
if maxSta == nil or maxSta == 0 then return end
writeQword(resolved1, maxSta)
writeQword(resolved2, maxSta)
local resolved1_Delta1 = getAddress(addr1 + 0x8)
local resolved2_Delta1 = getAddress(addr2 + 0x8)
local resolved1_Delta2 = getAddress(addr1 + 0x80)
local resolved2_Delta2 = getAddress(addr2 + 0x80)
writeQword(resolved1_Delta1, 10000)
writeQword(resolved2_Delta1, 10000)
writeQword(resolved1_Delta2, 10000)
writeQword(resolved2_Delta2, 10000)
if resolved1 ~= lastSpiRegistered1_1 then
registerSymbol('char_sta_spi_1_1', resolved1, true)
lastSpiRegistered1_1 = resolved1
end
if resolved2 ~= lastSpiRegistered1_2 then
registerSymbol('char_sta_spi_1_2', resolved2, true)
lastSpiRegistered1_2 = resolved2
end
end
spiRefillTimer1.Enabled = true
{$asm}
[DISABLE]
{$lua}
if syntaxcheck then return end
if spiRefillTimer1 then
spiRefillTimer1.Enabled = false
spiRefillTimer1.destroy()
spiRefillTimer1 = nil
end
lastSpiRegistered1_1 = nil
lastSpiRegistered1_2 = nil
unregisterSymbol('char_sta_spi_1_1')
unregisterSymbol('char_sta_spi_1_2')
{$asm}
69
"HP #2.1 (ptr map)"
0
FF8080
8 Bytes
Play_Base2_addr
8
58
18
20
68
D0
A0
18
70
"Sta #2.1 (ptr map)"
0
FF8080
8 Bytes
Play_Base2_addr
488
58
18
20
68
D0
A0
18
71
"Spi #2.1 (ptr map)"
0
FF8080
8 Bytes
Play_Base2_addr
518
58
18
20
68
D0
A0
18
72
"Char #2 - Damine"
1
73
"Auto fill HP (only when HP1/2 pointer map enabled)"
Auto Assembler Script
[ENABLE]
{$lua}
if syntaxcheck then return end
if hpRefillTimer2 then
hpRefillTimer2.destroy()
hpRefillTimer2 = nil
end
-- 快取上次註冊的地址
lastRegistered2_1 = nil
lastRegistered2_2 = nil
hpRefillTimer2 = createTimer(nil, false)
hpRefillTimer2.Interval = 300
hpRefillTimer2.OnTimer = function(t)
local al = getAddressList()
local mr1 = al.getMemoryRecordByDescription('HP #1.2 (ptr map)')
local mr2 = al.getMemoryRecordByDescription('HP #2.2 (ptr map)')
if mr1 == nil or mr2 == nil then return end
local addr1 = mr1.CurrentAddress
local addr2 = mr2.CurrentAddress
if addr1 == nil or addr2 == nil then return end
local resolved1 = getAddress(addr1)
local resolved2 = getAddress(addr2)
if resolved1 == 0 or resolved2 == 0 then return end
local maxHP = readQword(resolved1 + 0x10)
if maxHP == nil or maxHP == 0 then return end
writeQword(resolved1, maxHP)
writeQword(resolved2, maxHP)
-- 地址有變動時才重新註冊
if resolved1 ~= lastRegistered2_1 then
registerSymbol('char_hp_ptr_2_1', resolved1, true)
lastRegistered2_1 = resolved1
end
if resolved2 ~= lastRegistered2_2 then
registerSymbol('char_hp_ptr_2_2', resolved2, true)
lastRegistered2_2 = resolved2
end
end
hpRefillTimer2.Enabled = true
{$asm}
[DISABLE]
{$lua}
if syntaxcheck then return end
if hpRefillTimer2 then
hpRefillTimer2.Enabled = false
hpRefillTimer2.destroy()
hpRefillTimer2 = nil
end
lastRegistered2_1 = nil
lastRegistered2_2 = nil
unregisterSymbol('char_hp_ptr_2_1')
unregisterSymbol('char_hp_ptr_2_2')
{$asm}
74
"HP1"
0
FF8080
8 Bytes
char_hp_ptr_2_1
75
"HP2"
0
FF8080
8 Bytes
char_hp_ptr_2_2
76
"Auto fill Sta (only when Sta1/2 pointer map enabled)"
Auto Assembler Script
[ENABLE]
{$lua}
if syntaxcheck then return end
if staRefillTimer2 then
staRefillTimer2.destroy()
staRefillTimer2 = nil
end
lastStaRegistered2_1 = nil
lastStaRegistered2_2 = nil
staRefillTimer2 = createTimer(nil, false)
staRefillTimer2.Interval = 300
staRefillTimer2.OnTimer = function(t)
local al = getAddressList()
local mr1 = al.getMemoryRecordByDescription('Sta #1.2 (ptr map)')
local mr2 = al.getMemoryRecordByDescription('Sta #2.2 (ptr map)')
if mr1 == nil or mr2 == nil then return end
local addr1 = mr1.CurrentAddress
local addr2 = mr2.CurrentAddress
if addr1 == nil or addr2 == nil then return end
local resolved1 = getAddress(addr1)
local resolved2 = getAddress(addr2)
if resolved1 == 0 or resolved2 == 0 then return end
local maxSta = readQword(resolved1 + 0x10)
if maxSta == nil or maxSta == 0 then return end
writeQword(resolved1, maxSta)
writeQword(resolved2, maxSta)
local resolved1_Delta1 = getAddress(addr1 + 0x8)
local resolved2_Delta1 = getAddress(addr2 + 0x8)
local resolved1_Delta2 = getAddress(addr1 + 0x80)
local resolved2_Delta2 = getAddress(addr2 + 0x80)
writeQword(resolved1_Delta1, 100000)
writeQword(resolved2_Delta1, 100000)
writeQword(resolved1_Delta2, 100000)
writeQword(resolved2_Delta2, 100000)
if resolved1 ~= lastStaRegistered2_1 then
registerSymbol('char_sta_ptr_2_1', resolved1, true)
lastStaRegistered2_1 = resolved1
end
if resolved2 ~= lastStaRegistered2_2 then
registerSymbol('char_sta_ptr_2_2', resolved2, true)
lastStaRegistered2_2 = resolved2
end
end
staRefillTimer2.Enabled = true
{$asm}
[DISABLE]
{$lua}
if syntaxcheck then return end
if staRefillTimer2 then
staRefillTimer2.Enabled = false
staRefillTimer2.destroy()
staRefillTimer2 = nil
end
lastStaRegistered2_1 = nil
lastStaRegistered2_2 = nil
unregisterSymbol('char_sta_ptr_2_1')
unregisterSymbol('char_sta_ptr_2_2')
{$asm}
77
"Sta1"
0
FF8080
8 Bytes
char_sta_ptr_2_1
78
"Sta2"
0
FF8080
8 Bytes
char_sta_ptr_2_2
163
"Auto fill Spi (only when Spi1/2 pointer map enabled)"
Auto Assembler Script
[ENABLE]
{$lua}
if syntaxcheck then return end
if spiRefillTimer2 then
spiRefillTimer2.destroy()
spiRefillTimer2 = nil
end
lastSpiRegistered2_1 = nil
lastSpiRegistered2_2 = nil
spiRefillTimer2 = createTimer(nil, false)
spiRefillTimer2.Interval = 300
spiRefillTimer2.OnTimer = function(t)
local al = getAddressList()
local mr1 = al.getMemoryRecordByDescription('Spi #1.2 (ptr map)')
local mr2 = al.getMemoryRecordByDescription('Spi #2.2 (ptr map)')
if mr1 == nil or mr2 == nil then return end
local addr1 = mr1.CurrentAddress
local addr2 = mr2.CurrentAddress
if addr1 == nil or addr2 == nil then return end
local resolved1 = getAddress(addr1)
local resolved2 = getAddress(addr2)
if resolved1 == 0 or resolved2 == 0 then return end
local maxSta = readQword(resolved1 + 0x10)
if maxSta == nil or maxSta == 0 then return end
writeQword(resolved1, maxSta)
writeQword(resolved2, maxSta)
local resolved1_Delta1 = getAddress(addr1 + 0x8)
local resolved2_Delta1 = getAddress(addr2 + 0x8)
local resolved1_Delta2 = getAddress(addr1 + 0x80)
local resolved2_Delta2 = getAddress(addr2 + 0x80)
writeQword(resolved1_Delta1, 10000)
writeQword(resolved2_Delta1, 10000)
writeQword(resolved1_Delta2, 10000)
writeQword(resolved2_Delta2, 10000)
if resolved1 ~= lastSpiRegistered2_1 then
registerSymbol('char_sta_spi_2_1', resolved1, true)
lastSpiRegistered2_1 = resolved1
end
if resolved2 ~= lastSpiRegistered2_2 then
registerSymbol('char_sta_spi_2_2', resolved2, true)
lastSpiRegistered2_2 = resolved2
end
end
spiRefillTimer2.Enabled = true
{$asm}
[DISABLE]
{$lua}
if syntaxcheck then return end
if spiRefillTimer2 then
spiRefillTimer2.Enabled = false
spiRefillTimer2.destroy()
spiRefillTimer2 = nil
end
lastSpiRegistered2_1 = nil
lastSpiRegistered2_2 = nil
unregisterSymbol('char_sta_spi_2_1')
unregisterSymbol('char_sta_spi_2_2')
{$asm}
79
"HP #2.2 (ptr map)"
0
FF8080
8 Bytes
Play_Base2_addr
8
58
18
20
68
D8
A0
18
80
"Sta #2.2 (ptr map)"
0
FF8080
8 Bytes
Play_Base2_addr
488
58
18
20
68
D8
A0
18
81
"Spi #2.2 (ptr map)"
0
FF8080
8 Bytes
Play_Base2_addr
518
58
18
20
68
D8
A0
18
82
"Char #3 - Oongka?"
1
83
"Auto fill HP (only when HP1/2 pointer map enabled)"
Auto Assembler Script
[ENABLE]
{$lua}
if syntaxcheck then return end
if hpRefillTimer3 then
hpRefillTimer3.destroy()
hpRefillTimer3 = nil
end
-- 快取上次註冊的地址
lastRegistered3_1 = nil
lastRegistered3_2 = nil
hpRefillTimer3 = createTimer(nil, false)
hpRefillTimer3.Interval = 300
hpRefillTimer3.OnTimer = function(t)
local al = getAddressList()
local mr1 = al.getMemoryRecordByDescription('HP #1.3 (ptr map)')
local mr2 = al.getMemoryRecordByDescription('HP #2.3 (ptr map)')
if mr1 == nil or mr2 == nil then return end
local addr1 = mr1.CurrentAddress
local addr2 = mr2.CurrentAddress
if addr1 == nil or addr2 == nil then return end
local resolved1 = getAddress(addr1)
local resolved2 = getAddress(addr2)
if resolved1 == 0 or resolved2 == 0 then return end
local maxHP = readQword(resolved1 + 0x10)
if maxHP == nil or maxHP == 0 then return end
writeQword(resolved1, maxHP)
writeQword(resolved2, maxHP)
-- 地址有變動時才重新註冊
if resolved1 ~= lastRegistered3_1 then
registerSymbol('char_hp_ptr_3_1', resolved1, true)
lastRegistered3_1 = resolved1
end
if resolved2 ~= lastRegistered3_2 then
registerSymbol('char_hp_ptr_3_2', resolved2, true)
lastRegistered3_2 = resolved2
end
end
hpRefillTimer3.Enabled = true
{$asm}
[DISABLE]
{$lua}
if syntaxcheck then return end
if hpRefillTimer3 then
hpRefillTimer3.Enabled = false
hpRefillTimer3.destroy()
hpRefillTimer3 = nil
end
lastRegistered3_1 = nil
lastRegistered3_2 = nil
unregisterSymbol('char_hp_ptr_3_1')
unregisterSymbol('char_hp_ptr_3_2')
{$asm}
84
"HP1"
0
FF8080
8 Bytes
char_hp_ptr_3_1
85
"HP2"
0
FF8080
8 Bytes
char_hp_ptr_3_2
86
"Auto fill Sta (only when Sta1/2 pointer map enabled)"
Auto Assembler Script
[ENABLE]
{$lua}
if syntaxcheck then return end
if staRefillTimer3 then
staRefillTimer3.destroy()
staRefillTimer3 = nil
end
lastStaRegistered3_1 = nil
lastStaRegistered3_2 = nil
staRefillTimer3 = createTimer(nil, false)
staRefillTimer3.Interval = 300
staRefillTimer3.OnTimer = function(t)
local al = getAddressList()
local mr1 = al.getMemoryRecordByDescription('Sta #1.3 (ptr map)')
local mr2 = al.getMemoryRecordByDescription('Sta #2.3 (ptr map)')
if mr1 == nil or mr2 == nil then return end
local addr1 = mr1.CurrentAddress
local addr2 = mr2.CurrentAddress
if addr1 == nil or addr2 == nil then return end
local resolved1 = getAddress(addr1)
local resolved2 = getAddress(addr2)
if resolved1 == 0 or resolved2 == 0 then return end
local maxSta = readQword(resolved1 + 0x10)
if maxSta == nil or maxSta == 0 then return end
writeQword(resolved1, maxSta)
writeQword(resolved2, maxSta)
local resolved1_Delta1 = getAddress(addr1 + 0x8)
local resolved2_Delta1 = getAddress(addr2 + 0x8)
local resolved1_Delta2 = getAddress(addr1 + 0x80)
local resolved2_Delta2 = getAddress(addr2 + 0x80)
writeQword(resolved1_Delta1, 100000)
writeQword(resolved2_Delta1, 100000)
writeQword(resolved1_Delta2, 100000)
writeQword(resolved2_Delta2, 100000)
if resolved1 ~= lastStaRegistered3_1 then
registerSymbol('char_sta_ptr_3_1', resolved1, true)
lastStaRegistered3_1 = resolved1
end
if resolved2 ~= lastStaRegistered3_2 then
registerSymbol('char_sta_ptr_3_2', resolved2, true)
lastStaRegistered3_2 = resolved2
end
end
staRefillTimer3.Enabled = true
{$asm}
[DISABLE]
{$lua}
if syntaxcheck then return end
if staRefillTimer3 then
staRefillTimer3.Enabled = false
staRefillTimer3.destroy()
staRefillTimer3 = nil
end
lastStaRegistered3_1 = nil
lastStaRegistered3_2 = nil
unregisterSymbol('char_sta_ptr_3_1')
unregisterSymbol('char_sta_ptr_3_2')
{$asm}
87
"Sta1"
0
FF8080
8 Bytes
char_sta_ptr_3_1
88
"Sta2"
0
FF8080
8 Bytes
char_sta_ptr_3_2
164
"Auto fill Spi (only when Spi1/2 pointer map enabled)"
Auto Assembler Script
[ENABLE]
{$lua}
if syntaxcheck then return end
if spiRefillTimer3 then
spiRefillTimer3.destroy()
spiRefillTimer3 = nil
end
lastSpiRegistered3_1 = nil
lastSpiRegistered3_2 = nil
spiRefillTimer3 = createTimer(nil, false)
spiRefillTimer3.Interval = 300
spiRefillTimer3.OnTimer = function(t)
local al = getAddressList()
local mr1 = al.getMemoryRecordByDescription('Spi #1.3 (ptr map)')
local mr2 = al.getMemoryRecordByDescription('Spi #2.3 (ptr map)')
if mr1 == nil or mr2 == nil then return end
local addr1 = mr1.CurrentAddress
local addr2 = mr2.CurrentAddress
if addr1 == nil or addr2 == nil then return end
local resolved1 = getAddress(addr1)
local resolved2 = getAddress(addr2)
if resolved1 == 0 or resolved2 == 0 then return end
local maxSta = readQword(resolved1 + 0x10)
if maxSta == nil or maxSta == 0 then return end
writeQword(resolved1, maxSta)
writeQword(resolved2, maxSta)
local resolved1_Delta1 = getAddress(addr1 + 0x8)
local resolved2_Delta1 = getAddress(addr2 + 0x8)
local resolved1_Delta2 = getAddress(addr1 + 0x80)
local resolved2_Delta2 = getAddress(addr2 + 0x80)
writeQword(resolved1_Delta1, 10000)
writeQword(resolved2_Delta1, 10000)
writeQword(resolved1_Delta2, 10000)
writeQword(resolved2_Delta2, 10000)
if resolved1 ~= lastSpiRegistered3_1 then
registerSymbol('char_sta_spi_3_1', resolved1, true)
lastSpiRegistered3_1 = resolved1
end
if resolved2 ~= lastSpiRegistered3_2 then
registerSymbol('char_sta_spi_3_2', resolved2, true)
lastSpiRegistered3_2 = resolved2
end
end
spiRefillTimer3.Enabled = true
{$asm}
[DISABLE]
{$lua}
if syntaxcheck then return end
if spiRefillTimer3 then
spiRefillTimer3.Enabled = false
spiRefillTimer3.destroy()
spiRefillTimer3 = nil
end
lastSpiRegistered3_1 = nil
lastSpiRegistered3_2 = nil
unregisterSymbol('char_sta_spi_3_1')
unregisterSymbol('char_sta_spi_3_2')
{$asm}
89
"HP #2.3 (ptr map)"
0
FF8080
8 Bytes
Play_Base2_addr
8
58
18
20
68
E0
A0
18
90
"Sta #2.3 (ptr map)"
0
FF8080
8 Bytes
Play_Base2_addr
488
58
18
20
68
E0
A0
18
91
"Spi #2.3 (ptr map)"
0
FF8080
8 Bytes
Play_Base2_addr
518
58
18
20
68
E0
A0
18
92
"Horse (may not work)"
1
93
"Horse HP #2.1"
0
FF8080
4 Bytes
Play_Base2_addr
8
58
18
420
68
D0
A0
18
94
"Horse Sta #2.1"
0
FF8080
4 Bytes
Play_Base2_addr
488
58
18
420
68
D0
A0
18
158
"Horse HP #2.1 (alt)"
0
FF8080
4 Bytes
Play_Base2_addr+8
8
58
18
20
168
20
80
50
159
"Horse Sta #2.1 (alt)"
0
FF8080
4 Bytes
Play_Base2_addr+8
488
58
18
20
168
20
80
50
97
"Get Horse HP - another ptr map mode"
Auto Assembler Script
[ENABLE]
{$lua}
if syntaxcheck then return end
if not AOBScanModule then
function AOBScanModule(moduleName, signature)
local baseAddr = nil
local maxAddr = 0
local modList
synchronize(function()
modList = enumModules()
end)
for _, mod in ipairs(modList) do
if string.lower(mod.Name) == string.lower(moduleName) then
baseAddr = mod.Address
maxAddr = baseAddr + mod.Size
break
end
end
if not baseAddr then return nil end
local ms = createMemScan()
synchronize(function()
ms.firstScan(soExactValue, vtByteArray, nil, signature,
nil, baseAddr, maxAddr, '+X-C-W', fsmNotAligned, '1', true, true, false, false)
end)
ms.waitTillDone()
local results = createFoundList(ms)
results.initialize()
local addr
synchronize(function()
if results.getCount() > 0 then
addr = results[0]
end
end)
results.destroy()
ms.destroy()
return addr
end
end
local AOBs = {
{name='Horse_Base3', aob='?? 8B ?? ?? ?? ?? ?? ?? 8D ?? C8 ?? 8B ?? 08 ?? 85 ?? 74 ?? 0F B6 ?? 10 84 ?? 74 ?? 8B', pos=3, aoblen=7, symbol='Horse_Base3_addr'},
}
local module_name = process
for _, entry in ipairs(AOBs) do
local aob_addr_str = AOBScanModule(module_name, entry.aob)
if aob_addr_str then
local aob_addr_val = tonumber(aob_addr_str, 16)
local offset_addr = aob_addr_val + entry.pos
local relative_offset = readInteger(offset_addr, true)
local final_addr = relative_offset + aob_addr_val + entry.aoblen
synchronize(function()
unregisterSymbol(entry.symbol)
registerSymbol(entry.symbol, final_addr)
end)
print(string.format('[SymbolScanner] %s registered at: %X', entry.name, final_addr))
synchronize(function()
getLuaEngine().Close()
end)
else
print(string.format('[SymbolScanner] WARNING: AOB scan failed for %s', entry.name))
end
end
{$asm}
[DISABLE]
{$lua}
if syntaxcheck then return end
unregisterSymbol('Horse_Base3_addr')
{$asm}
98
"Horse HP #2.2 (alt)"
0
FF8080
4 Bytes
Horse_Base3_addr
8
58
18
220
168
8
60
99
"Horse Sta #2.2 (alt)"
0
FF8080
4 Bytes
Horse_Base3_addr
488
58
18
220
168
8
60
102
"Bag"
1
103
"Used slots (read only)"
0
FF8080
2 Bytes
Play_Base2_addr
12
8
18
B8
68
D0
A0
18
104
"Bag slots (read only)"
0
FF8080
2 Bytes
Play_Base2_addr
14
8
18
B8
68
D0
A0
18
105
"Bag bonus"
0
FF8080
2 Bytes
Play_Base2_addr
16
8
18
B8
68
D0
A0
18
106
"Get Archery Competition data"
Auto Assembler Script
{
Generated by AOBMaker, bbfox@https://opencheattables.com
Date : 2026/03/29
}
[ENABLE]
aobscanmodule(INJECT_GET_ARCHERY_COMP_DATA,$process,75 ?? 83 ?? 20 00 75 ?? ?? 83 ?? 28 EB ?? 8B ?? 14 8B ?? 10 ?? 8B ?? 24)
// raw AOB: 48 8D 53 08 48 85 DB 49 0F 44 D6 48 8B 12 48 8D 4C 24 70 E8 ?? ?? ?? ?? 90 48 8B 43 68 48 8B 48 20 48 8B 81 88 03 00 00 8B 89 90 03 00 00 48 8D 14 89 48 8D 0C D0 48 3B C1 74 ?? 80 38 00 75 ?? 83 78 20 00 75 ?? 48 83 C0 28 EB ?? 8B 70 14 8B 68 10 48 8B 4C 24 70 48 8B 01 B2 01 FF 50 20 48 8B 8F E0 00 00 00 48 8B 01 8B DD 0F AF EE 8B D5 4C 89 74 24 20 41 B9 01 00 00 00
// injection point AOB: 75 ?? 83 ?? 20 00 75 ?? ?? 83 ?? 28 EB ?? 8B ?? 14 8B ?? 10 ?? 8B ?? 24 ?? ?? 8B ?? ?? 01 FF ?? 20 ?? 8B ?? E0 00 00 00 ?? 8B ?? 8B ?? 0F AF ?? 8B ?? ?? 89 ?? 24 ?? ?? ?? 01 00 00 00
alloc(newmem,$1000)
alloc(ptrList_arr_INJECT_GET_ARCHERY_COMP_DATA_150346,$10)
alloc(INJECT_GET_ARCHERY_COMP_DATAo, $E)
label(code)
label(return)
label(ptrList_count_INJECT_GET_ARCHERY_COMP_DATA_150346)
label(ptrList_reset_INJECT_GET_ARCHERY_COMP_DATA_150346)
INJECT_GET_ARCHERY_COMP_DATAo:
readmem(INJECT_GET_ARCHERY_COMP_DATA, $E)
newmem:
// real injection pt: CrimsonDesert.exe+C4EB11: 8B 70 14 - mov esi,[rax+14]
code:
// jne CrimsonDesert.exe+C4EB0B
reassemble(INJECT_GET_ARCHERY_COMP_DATA)
// cmp dword ptr [rax+20],00
reassemble(INJECT_GET_ARCHERY_COMP_DATA+2)
//*****************************************************
//*** begub code injection
jne do_capture
jmp end_inj_code
do_capture:
// **** Begin Auto script: AddressCapture
// mode=List, capacity=2, ResetFlag
pushfq
push r15
push r14
// Address Capture List
mov r15, ptrList_arr_INJECT_GET_ARCHERY_COMP_DATA_150346
cmp dword ptr [ptrList_reset_INJECT_GET_ARCHERY_COMP_DATA_150346], 1
jne skip_reset_150346
xor r14d, r14d
clear_loop_150346:
mov qword ptr [r15+r14*8], 0
inc r14d
cmp r14d, #2
jb clear_loop_150346
mov dword ptr [ptrList_count_INJECT_GET_ARCHERY_COMP_DATA_150346], 0
mov dword ptr [ptrList_reset_INJECT_GET_ARCHERY_COMP_DATA_150346], 0
skip_reset_150346:
xor r14d, r14d
dedup_loop_150346:
cmp r14d, [ptrList_count_INJECT_GET_ARCHERY_COMP_DATA_150346]
jge store_new_150346
cmp [r15+r14*8], rax
je skip_store_150346
inc r14d
jmp dedup_loop_150346
store_new_150346:
cmp r14d, #2
jge skip_store_150346
mov [r15+r14*8], rax
inc dword ptr [ptrList_count_INJECT_GET_ARCHERY_COMP_DATA_150346]
skip_store_150346:
pop r14
pop r15
popfq
// **** End Auto script: AddressCapture
end_inj_code:
//*****************************************************
// jne CrimsonDesert.exe+C4EB11
reassemble(INJECT_GET_ARCHERY_COMP_DATA+6)
// add rax,28
reassemble(INJECT_GET_ARCHERY_COMP_DATA+8)
// jmp CrimsonDesert.exe+C4EAFB
reassemble(INJECT_GET_ARCHERY_COMP_DATA+C)
jmp far return
align 10 cc
ptrList_count_INJECT_GET_ARCHERY_COMP_DATA_150346:
dd 0
ptrList_reset_INJECT_GET_ARCHERY_COMP_DATA_150346:
dd 0
INJECT_GET_ARCHERY_COMP_DATA:
jmp far newmem
return:
registersymbol(INJECT_GET_ARCHERY_COMP_DATA INJECT_GET_ARCHERY_COMP_DATAo ptrList_arr_INJECT_GET_ARCHERY_COMP_DATA_150346 ptrList_count_INJECT_GET_ARCHERY_COMP_DATA_150346)
registersymbol(ptrList_reset_INJECT_GET_ARCHERY_COMP_DATA_150346)
[DISABLE]
INJECT_GET_ARCHERY_COMP_DATA:
readmem(INJECT_GET_ARCHERY_COMP_DATAo, $E)
unregistersymbol(INJECT_GET_ARCHERY_COMP_DATA INJECT_GET_ARCHERY_COMP_DATAo ptrList_arr_INJECT_GET_ARCHERY_COMP_DATA_150346 ptrList_count_INJECT_GET_ARCHERY_COMP_DATA_150346)
unregistersymbol(ptrList_reset_INJECT_GET_ARCHERY_COMP_DATA_150346)
dealloc(newmem)
dealloc(INJECT_GET_ARCHERY_COMP_DATAo)
dealloc(ptrList_arr_INJECT_GET_ARCHERY_COMP_DATA_150346)
{
// ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+C4EB03
CrimsonDesert.exe+C4EAC5: 48 8D 53 08 - lea rdx,[rbx+08]
CrimsonDesert.exe+C4EAC9: 48 85 DB - test rbx,rbx
CrimsonDesert.exe+C4EACC: 49 0F 44 D6 - cmove rdx,r14
CrimsonDesert.exe+C4EAD0: 48 8B 12 - mov rdx,[rdx]
CrimsonDesert.exe+C4EAD3: 48 8D 4C 24 70 - lea rcx,[rsp+70]
CrimsonDesert.exe+C4EAD8: E8 93 F2 68 FF - call CrimsonDesert.AK::WriteBytesMem::Size+1270
CrimsonDesert.exe+C4EADD: 90 - nop
CrimsonDesert.exe+C4EADE: 48 8B 43 68 - mov rax,[rbx+68]
CrimsonDesert.exe+C4EAE2: 48 8B 48 20 - mov rcx,[rax+20]
CrimsonDesert.exe+C4EAE6: 48 8B 81 88 03 00 00 - mov rax,[rcx+00000388]
CrimsonDesert.exe+C4EAED: 8B 89 90 03 00 00 - mov ecx,[rcx+00000390]
CrimsonDesert.exe+C4EAF3: 48 8D 14 89 - lea rdx,[rcx+rcx*4]
CrimsonDesert.exe+C4EAF7: 48 8D 0C D0 - lea rcx,[rax+rdx*8]
CrimsonDesert.exe+C4EAFB: 48 3B C1 - cmp rax,rcx
CrimsonDesert.exe+C4EAFE: 74 17 - je CrimsonDesert.exe+C4EB17
CrimsonDesert.exe+C4EB00: 80 38 00 - cmp byte ptr [rax],00
// ---------- INJECTING HERE ----------
CrimsonDesert.exe+C4EB03: 75 06 - jne CrimsonDesert.exe+C4EB0B
// ---------- DONE INJECTING ----------
CrimsonDesert.exe+C4EB05: 83 78 20 00 - cmp dword ptr [rax+20],00
CrimsonDesert.exe+C4EB09: 75 06 - jne CrimsonDesert.exe+C4EB11
CrimsonDesert.exe+C4EB0B: 48 83 C0 28 - add rax,28
CrimsonDesert.exe+C4EB0F: EB EA - jmp CrimsonDesert.exe+C4EAFB
CrimsonDesert.exe+C4EB11: 8B 70 14 - mov esi,[rax+14]
CrimsonDesert.exe+C4EB14: 8B 68 10 - mov ebp,[rax+10]
CrimsonDesert.exe+C4EB17: 48 8B 4C 24 70 - mov rcx,[rsp+70]
CrimsonDesert.exe+C4EB1C: 48 8B 01 - mov rax,[rcx]
CrimsonDesert.exe+C4EB1F: B2 01 - mov dl,01
CrimsonDesert.exe+C4EB21: FF 50 20 - call qword ptr [rax+20]
CrimsonDesert.exe+C4EB24: 48 8B 8F E0 00 00 00 - mov rcx,[rdi+000000E0]
CrimsonDesert.exe+C4EB2B: 48 8B 01 - mov rax,[rcx]
CrimsonDesert.exe+C4EB2E: 8B DD - mov ebx,ebp
CrimsonDesert.exe+C4EB30: 0F AF EE - imul ebp,esi
CrimsonDesert.exe+C4EB33: 8B D5 - mov edx,ebp
CrimsonDesert.exe+C4EB35: 4C 89 74 24 20 - mov [rsp+20],r14
}
107
"Reset?"
YesNo
0
C08000
4 Bytes
ptrList_reset_INJECT_GET_ARCHERY_COMP_DATA_150346
108
"#1"
0
FF8080
4 Bytes
ptrList_arr_INJECT_GET_ARCHERY_COMP_DATA_150346
14
109
"#2"
0
FF8080
4 Bytes
ptrList_arr_INJECT_GET_ARCHERY_COMP_DATA_150346+8
14
110
"(buggy) Fast enemy kill / char HP full - check pt. 2"
Auto Assembler Script
{
Generated by AOBMaker, bbfox@https://opencheattables.com
Date : 2026/03/29
}
[ENABLE]
aobscanmodule(INJECT_FAST_ENEMY_KILL,$process,?? 89 ?? 24 08 ?? 0F 4C ?? 66 ?? 89 ?? 24 50)
// raw AOB: 48 89 6C 24 60 41 0F B6 6F 4B 48 89 74 24 28 41 0F B7 77 48 4C 89 74 24 20 4D 8B 77 50 66 45 89 2C 24 49 89 44 24 10 41 BD 94 80 00 00 44 2B 2D ?? ?? ?? ?? 4A 8D 04 2C 49 89 4C 24 30 4A 8D 0C 02 49 39 C9 4D 89 5C 24 38 4D 8D 5C 24 28 4D 89 4C 24 08 49 0F 4C C9 66 41 89 74 24 50 48 8B 74 24 28 49 39 CA 41 88 6C 24 53 48 8B 6C 24 60 49 0F 4D C3 4D 89 74 24 40 4C 8B 74 24 20 49 89 54 24 18 4D 89 44 24 20 4D 89 13 41 88 7C 24 52 49 89 5C 24 48 48 89 4C 24 70 48 8B 00
// injection point AOB: ?? 89 ?? 24 08 ?? 0F 4C ?? 66 ?? 89 ?? 24 50 ?? 8B ?? 24 ?? ?? 39 ?? ?? 88 ?? 24 53 ?? 8B ?? ?? ?? ?? 0F 4D ?? ?? 89 ?? 24 40 ?? 8B ?? 24 ?? ?? 89 ?? 24 18 ?? 89 ?? 24 20 ?? 89 ?? ?? 88 ?? 24 52 ?? 89 ?? 24 48 ?? 89 ?? 24 ?? ?? 8B
alloc(newmem,$1000)
alloc(INJECT_FAST_ENEMY_KILLo, $F)
label(code)
label(return)
label(i_fek_max_hp_threshold1 i_fek_min_hp_threshold1)
label(i_fast_skip_data_1_1 i_fast_skip_data_1_2)
INJECT_FAST_ENEMY_KILLo:
readmem(INJECT_FAST_ENEMY_KILL, $F)
newmem:
cmp dword ptr [r12+A0], 0
je code
cmp qword ptr [r12+8], 0
je code
{
push r15
mov r15, [i_fast_skip_data_1_1]
cmp [r12+08], r15
pop r15
je chk_next
push r15
mov r15, [i_fast_skip_data_1_2]
cmp [r12+08], r15
pop r15
je chk_next
}
push r15
mov r15, [i_fek_max_hp_threshold1]
cmp dword ptr [r12+18], r15
pop r15
jae short @F
cmp dword ptr [r12+A0], 64
je short chk_next
cmp dword ptr [r12+10], 64
je short chk_next
cmp dword ptr [r12+10], #10000 // 10000 ~ 100000
jge short chk_next
cmp dword ptr [r12+10], #-2000
jle short chk_next
push r15
mov r15, [i_fek_min_hp_threshold1]
cmp dword ptr [r12+18], r15
pop r15
jbe short @F
cmp dword ptr [r12+10], #1000
je short chk_next
//cmp dword ptr [r12+A0], #100
//jae short chk_next
@@:
cmp dword ptr [r12+A4], -1
ja short code
cmp qword ptr [r12+08], #1000
jbe short code
mov r9, 0
cmp r9, rcx
mov [r12+08],r9
jmp short code
chk_next: // fill data full
// natural (0) or player (100)
//cmp dword ptr [r12+A0], #100
//jne short code
mov r9, [r12+18]
cmp r9, rcx
code:
// mov [r12+08],r9
reassemble(INJECT_FAST_ENEMY_KILL)
// cmovl rcx,r9
reassemble(INJECT_FAST_ENEMY_KILL+5)
// mov [r12+50],si
reassemble(INJECT_FAST_ENEMY_KILL+9)
jmp far return
align 10 cc
vf_m500:
dd (float)-500
vf_100:
dd (float)100
i_fek_max_hp_threshold1:
dq #2000000
i_fek_min_hp_threshold1:
dq #299000
i_fast_skip_data_1_1:
dq 0
i_fast_skip_data_1_2:
dq 0
INJECT_FAST_ENEMY_KILL:
jmp far newmem
nop 1
return:
registersymbol(INJECT_FAST_ENEMY_KILL INJECT_FAST_ENEMY_KILLo)
registersymbol(i_fek_max_hp_threshold1 i_fek_min_hp_threshold1)
registersymbol(i_fast_skip_data_1_1 i_fast_skip_data_1_2)
[DISABLE]
INJECT_FAST_ENEMY_KILL:
readmem(INJECT_FAST_ENEMY_KILLo, $F)
unregistersymbol(INJECT_FAST_ENEMY_KILL INJECT_FAST_ENEMY_KILLo)
unregistersymbol(i_fek_max_hp_threshold1 i_fek_min_hp_threshold1)
unregistersymbol(i_fast_skip_data_1_1 i_fast_skip_data_1_2)
dealloc(newmem)
dealloc(INJECT_FAST_ENEMY_KILLo)
{
// ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+C456059
CrimsonDesert.exe+C45600B: 48 89 6C 24 60 - mov [rsp+60],rbp
CrimsonDesert.exe+C456010: 41 0F B6 6F 4B - movzx ebp,byte ptr [r15+4B]
CrimsonDesert.exe+C456015: 48 89 74 24 28 - mov [rsp+28],rsi
CrimsonDesert.exe+C45601A: 41 0F B7 77 48 - movzx esi,word ptr [r15+48]
CrimsonDesert.exe+C45601F: 4C 89 74 24 20 - mov [rsp+20],r14
CrimsonDesert.exe+C456024: 4D 8B 77 50 - mov r14,[r15+50]
CrimsonDesert.exe+C456028: 66 45 89 2C 24 - mov [r12],r13w
CrimsonDesert.exe+C45602D: 49 89 44 24 10 - mov [r12+10],rax
CrimsonDesert.exe+C456032: 41 BD 94 80 00 00 - mov r13d,00008094
CrimsonDesert.exe+C456038: 44 2B 2D 29 20 C1 FA - sub r13d,[CrimsonDesert.exe+7068068]
CrimsonDesert.exe+C45603F: 4A 8D 04 2C - lea rax,[rsp+r13]
CrimsonDesert.exe+C456043: 49 89 4C 24 30 - mov [r12+30],rcx
CrimsonDesert.exe+C456048: 4A 8D 0C 02 - lea rcx,[rdx+r8]
CrimsonDesert.exe+C45604C: 49 39 C9 - cmp r9,rcx
CrimsonDesert.exe+C45604F: 4D 89 5C 24 38 - mov [r12+38],r11
CrimsonDesert.exe+C456054: 4D 8D 5C 24 28 - lea r11,[r12+28]
// ---------- INJECTING HERE ----------
CrimsonDesert.exe+C456059: 4D 89 4C 24 08 - mov [r12+08],r9
// ---------- DONE INJECTING ----------
CrimsonDesert.exe+C45605E: 49 0F 4C C9 - cmovl rcx,r9
CrimsonDesert.exe+C456062: 66 41 89 74 24 50 - mov [r12+50],si
CrimsonDesert.exe+C456068: 48 8B 74 24 28 - mov rsi,[rsp+28]
CrimsonDesert.exe+C45606D: 49 39 CA - cmp r10,rcx
CrimsonDesert.exe+C456070: 41 88 6C 24 53 - mov [r12+53],bpl
CrimsonDesert.exe+C456075: 48 8B 6C 24 60 - mov rbp,[rsp+60]
CrimsonDesert.exe+C45607A: 49 0F 4D C3 - cmovge rax,r11
CrimsonDesert.exe+C45607E: 4D 89 74 24 40 - mov [r12+40],r14
CrimsonDesert.exe+C456083: 4C 8B 74 24 20 - mov r14,[rsp+20]
CrimsonDesert.exe+C456088: 49 89 54 24 18 - mov [r12+18],rdx
CrimsonDesert.exe+C45608D: 4D 89 44 24 20 - mov [r12+20],r8
CrimsonDesert.exe+C456092: 4D 89 13 - mov [r11],r10
CrimsonDesert.exe+C456095: 41 88 7C 24 52 - mov [r12+52],dil
CrimsonDesert.exe+C45609A: 49 89 5C 24 48 - mov [r12+48],rbx
CrimsonDesert.exe+C45609F: 48 89 4C 24 70 - mov [rsp+70],rcx
CrimsonDesert.exe+C4560A4: 48 8B 00 - mov rax,[rax]
}
123
"disable when in boss fight / enemy inf. HP"
8000FF
1
125
"min HP threshold to set as boss"
0
C08000
8 Bytes
i_fek_max_hp_threshold1
148
"min HP to check as enemy/animal"
0
C08000
4 Bytes
i_fek_min_hp_threshold1
111
"(buggy) Fast enemy kill / char HP full - check pt. 1"
Auto Assembler Script
{
Generated by AOBMaker, bbfox@https://opencheattables.com
Date : 2026/03/29
}
[ENABLE]
aobscanmodule(INJECT_FAST_ENEMY_KILL_CHK2,$process,?? 89 ?? 08 ?? 8B ?? 24 ?? ?? 89 ?? 38 66 89 ?? 50)
// raw AOB: 4C 8D 4C 24 58 49 89 F0 48 8D 54 24 40 48 89 F9 E8 ?? ?? ?? ?? 48 8B 4F 30 48 39 08 7C ?? C6 47 52 00 31 D2 48 89 D8 48 2B 47 18 48 39 5F 18 48 0F 4F C2 48 89 47 20 48 FF 47 48 48 89 5F 08 48 8B 5C 24 48 48 89 77 38 66 89 6F 50 48 83 C4 20 5F 5E 5D C3 CC 0F 1F 00 48 89 5C 24 10 48 89 7C 24 20 55 48 89 E5 48 83 EC 50 48 89 D3 48 8B 51 18
// injection point AOB: ?? 89 ?? 08 ?? 8B ?? 24 ?? ?? 89 ?? 38 66 89 ?? 50 48 83 C4 20 ?? ?? 5D C3 CC 0F 1F ?? ?? 89 ?? 24 ?? ?? 89 ?? 24 ?? 55 ?? 89 ?? 48 83 EC 50 ?? 89 ?? ?? 8B ?? 18
alloc(newmem,$1000)
alloc(INJECT_FAST_ENEMY_KILL_CHK2o, $11)
label(code)
label(return)
label(i_fek_max_hp_threshold2 i_fek_min_hp_threshold2)
label(i_fast_skip_data_1 i_fast_skip_data_2 i_fast_skip_data_3 i_fast_skip_data_4)
INJECT_FAST_ENEMY_KILL_CHK2o:
readmem(INJECT_FAST_ENEMY_KILL_CHK2, $11)
newmem:
cmp dword ptr [rdi+A4], 0
je code
cmp qword ptr [rdi+08], 0
je code
{
push r15
mov r15, [i_fast_skip_data_1]
cmp [rdi+08], r15
pop r15
je force_set
push r15
mov r15, [i_fast_skip_data_2]
cmp [rdi+08], r15
pop r15
je force_set
push r15
mov r15, [i_fast_skip_data_3]
cmp [rdi+08], r15
pop r15
je force_set
push r15
mov r15, [i_fast_skip_data_4]
cmp [rdi+08], r15
pop r15
je force_set
}
push r15
mov r15, [i_fek_max_hp_threshold2]
cmp dword ptr [rdi+18], r15
pop r15
jae short @F
cmp dword ptr [rdi+A0], 64
je short chk_next
cmp dword ptr [rdi+10], 64 // Spirit delta
je short chk_next
cmp dword ptr [rdi+10], #10000 // Sta delta
jge short chk_next
cmp dword ptr [rdi+10], #-2000 // Sta delta
jle short chk_next
push r15
mov r15, [i_fek_min_hp_threshold2]
cmp dword ptr [rdi+18], r15
pop r15
jbe short @F
cmp dword ptr [rdi+10], #1000 // HP delta
je short chk_next
//cmp dword ptr [rdi+A4], #100
//jae short chk_next
@@:
cmp dword ptr [rdi+A4], -1
ja short code
cmp qword ptr [rdi+08], #1000
jbe short code
mov rbx, 0
mov [rdi+08],rbx
jmp short code
chk_next: // natural (0) or player (100)
mov rbx, [rdi+18]
jmp short code
force_set:
//cmp [rdi+08],rbx
//jb @F
mov rbx, #1850000
//mov rbx, [rdi+18]
//mov [rdi+08],rbx
code:
// mov [rdi+08],rbx
reassemble(INJECT_FAST_ENEMY_KILL_CHK2)
// mov rbx,[rsp+48]
reassemble(INJECT_FAST_ENEMY_KILL_CHK2+4)
// mov [rdi+38],rsi
reassemble(INJECT_FAST_ENEMY_KILL_CHK2+9)
// mov [rdi+50],bp
reassemble(INJECT_FAST_ENEMY_KILL_CHK2+D)
jmp far return
align 10 cc
i_fek_max_hp_threshold2:
dq #2000000
i_fek_min_hp_threshold2:
dq #299000
i_fast_skip_data_1:
dq 0
i_fast_skip_data_2:
dq 0
i_fast_skip_data_3:
dq 0
i_fast_skip_data_4:
dq 0
INJECT_FAST_ENEMY_KILL_CHK2:
jmp far newmem
nop 3
return:
registersymbol(INJECT_FAST_ENEMY_KILL_CHK2 INJECT_FAST_ENEMY_KILL_CHK2o)
registersymbol(i_fek_max_hp_threshold2 i_fek_min_hp_threshold2)
registersymbol(i_fast_skip_data_1 i_fast_skip_data_2 i_fast_skip_data_3 i_fast_skip_data_4)
[DISABLE]
INJECT_FAST_ENEMY_KILL_CHK2:
readmem(INJECT_FAST_ENEMY_KILL_CHK2o, $11)
unregistersymbol(INJECT_FAST_ENEMY_KILL_CHK2 INJECT_FAST_ENEMY_KILL_CHK2o)
unregistersymbol(i_fek_max_hp_threshold2 i_fek_min_hp_threshold2)
unregistersymbol(i_fast_skip_data_1 i_fast_skip_data_2 i_fast_skip_data_3 i_fast_skip_data_4)
dealloc(newmem)
dealloc(INJECT_FAST_ENEMY_KILL_CHK2o)
{
// ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+C489563
CrimsonDesert.exe+C489528: 4C 8D 4C 24 58 - lea r9,[rsp+58]
CrimsonDesert.exe+C48952D: 49 89 F0 - mov r8,rsi
CrimsonDesert.exe+C489530: 48 8D 54 24 40 - lea rdx,[rsp+40]
CrimsonDesert.exe+C489535: 48 89 F9 - mov rcx,rdi
CrimsonDesert.exe+C489538: E8 53 E3 E4 F4 - call CrimsonDesert.exe+12D7890
CrimsonDesert.exe+C48953D: 48 8B 4F 30 - mov rcx,[rdi+30]
CrimsonDesert.exe+C489541: 48 39 08 - cmp [rax],rcx
CrimsonDesert.exe+C489544: 7C 04 - jl CrimsonDesert.exe+C48954A
CrimsonDesert.exe+C489546: C6 47 52 00 - mov byte ptr [rdi+52],00
CrimsonDesert.exe+C48954A: 31 D2 - xor edx,edx
CrimsonDesert.exe+C48954C: 48 89 D8 - mov rax,rbx
CrimsonDesert.exe+C48954F: 48 2B 47 18 - sub rax,[rdi+18]
CrimsonDesert.exe+C489553: 48 39 5F 18 - cmp [rdi+18],rbx
CrimsonDesert.exe+C489557: 48 0F 4F C2 - cmovg rax,rdx
CrimsonDesert.exe+C48955B: 48 89 47 20 - mov [rdi+20],rax
CrimsonDesert.exe+C48955F: 48 FF 47 48 - inc qword ptr [rdi+48]
// ---------- INJECTING HERE ----------
CrimsonDesert.exe+C489563: 48 89 5F 08 - mov [rdi+08],rbx
// ---------- DONE INJECTING ----------
CrimsonDesert.exe+C489567: 48 8B 5C 24 48 - mov rbx,[rsp+48]
CrimsonDesert.exe+C48956C: 48 89 77 38 - mov [rdi+38],rsi
CrimsonDesert.exe+C489570: 66 89 6F 50 - mov [rdi+50],bp
CrimsonDesert.exe+C489574: 48 83 C4 20 - add rsp,20
CrimsonDesert.exe+C489578: 5F - pop rdi
CrimsonDesert.exe+C489579: 5E - pop rsi
CrimsonDesert.exe+C48957A: 5D - pop rbp
CrimsonDesert.exe+C48957B: C3 - ret
CrimsonDesert.exe+C48957C: CC - int 3
CrimsonDesert.exe+C48957D: 0F 1F 00 - nop dword ptr [rax]
CrimsonDesert.exe+C489580: 48 89 5C 24 10 - mov [rsp+10],rbx
CrimsonDesert.exe+C489585: 48 89 7C 24 20 - mov [rsp+20],rdi
CrimsonDesert.exe+C48958A: 55 - push rbp
CrimsonDesert.exe+C48958B: 48 89 E5 - mov rbp,rsp
CrimsonDesert.exe+C48958E: 48 83 EC 50 - sub rsp,50
CrimsonDesert.exe+C489592: 48 89 D3 - mov rbx,rdx
}
122
"disable when in boss fight / enemy inf. HP"
8000FF
1
124
"min HP threshold to set as boss"
0
C08000
8 Bytes
i_fek_max_hp_threshold2
147
"min HP to check as enemy/animal"
0
C08000
4 Bytes
i_fek_min_hp_threshold2
186
"(buggy) Fast enemy kill / char HP full - check pt. 3"
Auto Assembler Script
{
Generated by AOBMaker, bbfox@https://opencheattables.com
Date : 2026/03/29
}
[ENABLE]
aobscanmodule(INJECT_FAST_ENEMY_KILL3,$process,?? 8B ?? ?? 89 ?? 24 08 ?? 8B ?? 24 ?? C7 ?? 00 00 00 00)
// raw AOB: 4D 8D 5C 24 28 FF 25 ?? ?? ?? ?? 00 00 46 0F 00 00 00 00 90 48 8B 74 24 28 49 39 CA 41 88 6C 24 53 48 8B 6C 24 60 49 0F 4D C3 4D 89 74 24 40 4C 8B 74 24 20 49 89 54 24 18 4D 89 44 24 20 4D 89 13 41 88 7C 24 52 49 89 5C 24 48 48 89 4C 24 70 48 8B 00 49 89 44 24 08 48 8B 44 24 68 C7 00 00 00 00 00 48 83 C4 30 41 5F 41 5D 41 5C 5F 5B C3 CC 03 15 ?? ?? ?? ?? 48 8D A4 24 F8 FF FF FF 48 C7 04 24 FF FF FF FF 48 29 04 24 48 87 04 24 48 8D A4 24 08 00 00 00
// injection point AOB: ?? 8B ?? ?? 89 ?? 24 08 ?? 8B ?? 24 ?? C7 ?? 00 00 00 00 48 83 C4 30 ?? ?? ?? ?? ?? ?? ?? ?? C3 CC 03 ?? ?? ?? ?? ?? ?? 8D ?? ?? ?? ?? ?? ?? ?? C7 ?? ?? FF FF FF FF ?? 29 ?? 24 ?? 87 ?? 24 ?? 8D ?? ?? ?? 00 00 00
alloc(newmem,$1000)
alloc(INJECT_FAST_ENEMY_KILL3o, $13)
label(code)
label(return)
label(i_fek_max_hp_threshold3 i_fek_min_hp_threshold3)
INJECT_FAST_ENEMY_KILL3o:
readmem(INJECT_FAST_ENEMY_KILL3, $13)
newmem:
code:
// mov rax,[rax]
reassemble(INJECT_FAST_ENEMY_KILL3)
// ****************************
cmp dword ptr [r12+A0], 0
je code_next
cmp qword ptr [r12+8], 0
je code_next
push r15
mov r15, [i_fek_max_hp_threshold3]
cmp dword ptr [r12+18], r15
pop r15
jae short @F
cmp dword ptr [r12+A0], 64
je short chk_next
cmp dword ptr [r12+10], 64
je short chk_next
cmp dword ptr [r12+10], #10000
jge short chk_next
cmp dword ptr [r12+10], #-2000
jle short chk_next
push r15
mov r15, [i_fek_min_hp_threshold3]
cmp dword ptr [r12+18], r15
pop r15
jbe short @F
cmp dword ptr [r12+10], #1000
je short chk_next
//cmp dword ptr [r12+A0], #100
//jae short chk_next
@@:
cmp dword ptr [r12+A4], -1
ja short code_next
cmp qword ptr [r12+08], #1000
jbe short code_next
mov rax, 0
//mov [r12+08],rax
jmp short code_next
chk_next: // fill data full
// natural (0) or player (100)
//cmp dword ptr [r12+A0], #100
//jne short code
mov rax, [r12+18]
code_next:
// *****************************
// mov [r12+08],rax
reassemble(INJECT_FAST_ENEMY_KILL3+3)
// mov rax,[rsp+68]
reassemble(INJECT_FAST_ENEMY_KILL3+8)
// mov [rax],00000000
reassemble(INJECT_FAST_ENEMY_KILL3+D)
jmp far return
align 10 cc
i_fek_max_hp_threshold3:
dq #2000000
i_fek_min_hp_threshold3:
dq #299000
INJECT_FAST_ENEMY_KILL3:
jmp far newmem
nop 5
return:
registersymbol(INJECT_FAST_ENEMY_KILL3 INJECT_FAST_ENEMY_KILL3o)
registersymbol(i_fek_max_hp_threshold3 i_fek_min_hp_threshold3)
[DISABLE]
INJECT_FAST_ENEMY_KILL3:
readmem(INJECT_FAST_ENEMY_KILL3o, $13)
unregistersymbol(INJECT_FAST_ENEMY_KILL3 INJECT_FAST_ENEMY_KILL3o)
unregistersymbol(i_fek_max_hp_threshold3 i_fek_min_hp_threshold3)
dealloc(newmem)
dealloc(INJECT_FAST_ENEMY_KILL3o)
{
// ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+C4560A4
CrimsonDesert.exe+C456054: 4D 8D 5C 24 28 - lea r11,[r12+28]
INJECT_FAST_ENEMY_KILL: FF 25 00 00 00 00 00 00 46 0F 00 00 00 00 - jmp 0F460000
CrimsonDesert.exe+C456067: 90 - nop
CrimsonDesert.exe+C456068: 48 8B 74 24 28 - mov rsi,[rsp+28]
CrimsonDesert.exe+C45606D: 49 39 CA - cmp r10,rcx
CrimsonDesert.exe+C456070: 41 88 6C 24 53 - mov [r12+53],bpl
CrimsonDesert.exe+C456075: 48 8B 6C 24 60 - mov rbp,[rsp+60]
CrimsonDesert.exe+C45607A: 49 0F 4D C3 - cmovge rax,r11
CrimsonDesert.exe+C45607E: 4D 89 74 24 40 - mov [r12+40],r14
CrimsonDesert.exe+C456083: 4C 8B 74 24 20 - mov r14,[rsp+20]
CrimsonDesert.exe+C456088: 49 89 54 24 18 - mov [r12+18],rdx
CrimsonDesert.exe+C45608D: 4D 89 44 24 20 - mov [r12+20],r8
CrimsonDesert.exe+C456092: 4D 89 13 - mov [r11],r10
CrimsonDesert.exe+C456095: 41 88 7C 24 52 - mov [r12+52],dil
CrimsonDesert.exe+C45609A: 49 89 5C 24 48 - mov [r12+48],rbx
CrimsonDesert.exe+C45609F: 48 89 4C 24 70 - mov [rsp+70],rcx
// ---------- INJECTING HERE ----------
CrimsonDesert.exe+C4560A4: 48 8B 00 - mov rax,[rax]
// ---------- DONE INJECTING ----------
CrimsonDesert.exe+C4560A7: 49 89 44 24 08 - mov [r12+08],rax
CrimsonDesert.exe+C4560AC: 48 8B 44 24 68 - mov rax,[rsp+68]
CrimsonDesert.exe+C4560B1: C7 00 00 00 00 00 - mov [rax],00000000
CrimsonDesert.exe+C4560B7: 48 83 C4 30 - add rsp,30
CrimsonDesert.exe+C4560BB: 41 5F - pop r15
CrimsonDesert.exe+C4560BD: 41 5D - pop r13
CrimsonDesert.exe+C4560BF: 41 5C - pop r12
CrimsonDesert.exe+C4560C1: 5F - pop rdi
CrimsonDesert.exe+C4560C2: 5B - pop rbx
CrimsonDesert.exe+C4560C3: C3 - ret
CrimsonDesert.exe+C4560C4: CC - int 3
CrimsonDesert.exe+C4560C5: 03 15 5F 4C 30 FA - add edx,[CrimsonDesert.exe+675AD2A]
CrimsonDesert.exe+C4560CB: 48 8D A4 24 F8 FF FF FF - lea rsp,[rsp-00000008]
CrimsonDesert.exe+C4560D3: 48 C7 04 24 FF FF FF FF - mov qword ptr [rsp],FFFFFFFFFFFFFFFF
CrimsonDesert.exe+C4560DB: 48 29 04 24 - sub [rsp],rax
CrimsonDesert.exe+C4560DF: 48 87 04 24 - xchg [rsp],rax
}
170
"Get resistant attrs"
1
171
"Usage: open item menu->char first"
8000FF
1
172
"Enable data"
Auto Assembler Script
{
Generated by AOBMaker, bbfox@https://opencheattables.com
Date : 2026/03/29
}
[ENABLE]
aobscanmodule(INJECT_SET_MIN_RESIS,$process,?? 8B ?? 18 ?? C1 ?? 05 ?? 8B ?? 01 ?? 89 ??)
// raw AOB: 83 3C 88 FF 0F 84 ?? ?? ?? ?? 49 8B 0E 48 83 C1 30 E8 ?? ?? ?? ?? 0F B7 88 DC 03 00 00 66 89 4C 24 20 48 8D 4C 24 20 E8 ?? ?? ?? ?? 48 8D 4C 24 20 66 89 5C 24 20 48 8B F8 E8 ?? ?? ?? ?? 8B 48 14 48 8B 47 48 8B 0C 88 49 8B 46 18 48 C1 E1 05 48 8B 0C 01 48 89 0E EB ?? 65 48 8B 04 25 58 00 00 00 BA F2 01 00 00 48 8B 08 48 8B 05 ?? ?? ?? ?? 80 3C 0A 00 48 0F 45 05 ?? ?? ?? ?? 48 8B 00 48 8B 48 08 48 8B 41 10 66 3B 98 98 00 00 00 75 ?? 49 8B 06 80 B8 6B 02 00 00 00
// injection point AOB: ?? 8B ?? 18 ?? C1 ?? 05 ?? 8B ?? 01 ?? 89 ?? EB ?? 65 ?? 8B ?? 25 58 00 00 00 ?? F2 01 00 00 ?? 8B ?? ?? 8B ?? ?? ?? ?? ?? 80 ?? ?? 00 ?? 0F 45 ?? ?? ?? ?? ?? ?? 8B ?? ?? 8B ?? 08 ?? 8B ?? 10 66 3B ?? 98 00 00 00 75 ?? ?? 8B ?? 80 ?? 6B 02 00 00 00
alloc(newmem,$1000)
alloc(INJECT_SET_MIN_RESISo, $F)
label(code)
label(return)
label(i_base_char_attr_addr)
INJECT_SET_MIN_RESISo:
readmem(INJECT_SET_MIN_RESIS, $F)
newmem:
code:
// mov rax,[r14+18]
reassemble(INJECT_SET_MIN_RESIS)
// shl rcx,05
reassemble(INJECT_SET_MIN_RESIS+4)
// ***************************************
//*** begin code injection
cmp rcx, 340
je short set_resis
cmp rcx, 360
je short set_resis
cmp rcx, 3A0
je short set_resis
jmp short code_next
set_resis:
//mov qword ptr [rcx+rax], #750000000
cmp qword ptr [i_base_char_attr_addr], 0
jne short code_next
mov [i_base_char_attr_addr], rax
code_next:
//****************************************
// mov rcx,[rcx+rax]
reassemble(INJECT_SET_MIN_RESIS+8)
// mov [rsi],rcx
reassemble(INJECT_SET_MIN_RESIS+C)
jmp far return
align 10 cc
i_base_char_attr_addr:
dq 0
INJECT_SET_MIN_RESIS:
jmp far newmem
nop 1
return:
registersymbol(INJECT_SET_MIN_RESIS INJECT_SET_MIN_RESISo)
registersymbol(i_base_char_attr_addr)
[DISABLE]
INJECT_SET_MIN_RESIS:
readmem(INJECT_SET_MIN_RESISo, $F)
unregistersymbol(INJECT_SET_MIN_RESIS INJECT_SET_MIN_RESISo)
unregistersymbol(i_base_char_attr_addr)
dealloc(newmem)
dealloc(INJECT_SET_MIN_RESISo)
{
// ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+12D1DFC
CrimsonDesert.exe+12D1DB4: 83 3C 88 FF - cmp dword ptr [rax+rcx*4],-01
CrimsonDesert.exe+12D1DB8: 0F 84 A2 00 00 00 - je CrimsonDesert.exe+12D1E60
CrimsonDesert.exe+12D1DBE: 49 8B 0E - mov rcx,[r14]
CrimsonDesert.exe+12D1DC1: 48 83 C1 30 - add rcx,30
CrimsonDesert.exe+12D1DC5: E8 06 49 00 FF - call CrimsonDesert.exe+2D66D0
CrimsonDesert.exe+12D1DCA: 0F B7 88 DC 03 00 00 - movzx ecx,word ptr [rax+000003DC]
CrimsonDesert.exe+12D1DD1: 66 89 4C 24 20 - mov [rsp+20],cx
CrimsonDesert.exe+12D1DD6: 48 8D 4C 24 20 - lea rcx,[rsp+20]
CrimsonDesert.exe+12D1DDB: E8 A0 F3 1C FF - call CrimsonDesert.exe+4A1180
CrimsonDesert.exe+12D1DE0: 48 8D 4C 24 20 - lea rcx,[rsp+20]
CrimsonDesert.exe+12D1DE5: 66 89 5C 24 20 - mov [rsp+20],bx
CrimsonDesert.exe+12D1DEA: 48 8B F8 - mov rdi,rax
CrimsonDesert.exe+12D1DED: E8 1E 1C 13 FF - call CrimsonDesert.exe+403A10
CrimsonDesert.exe+12D1DF2: 8B 48 14 - mov ecx,[rax+14]
CrimsonDesert.exe+12D1DF5: 48 8B 47 48 - mov rax,[rdi+48]
CrimsonDesert.exe+12D1DF9: 8B 0C 88 - mov ecx,[rax+rcx*4]
// ---------- INJECTING HERE ----------
CrimsonDesert.exe+12D1DFC: 49 8B 46 18 - mov rax,[r14+18]
// ---------- DONE INJECTING ----------
CrimsonDesert.exe+12D1E00: 48 C1 E1 05 - shl rcx,05
CrimsonDesert.exe+12D1E04: 48 8B 0C 01 - mov rcx,[rcx+rax]
CrimsonDesert.exe+12D1E08: 48 89 0E - mov [rsi],rcx
CrimsonDesert.exe+12D1E0B: EB 7D - jmp CrimsonDesert.exe+12D1E8A
CrimsonDesert.exe+12D1E0D: 65 48 8B 04 25 58 00 00 00 - mov rax,gs:[00000058]
CrimsonDesert.exe+12D1E16: BA F2 01 00 00 - mov edx,000001F2
CrimsonDesert.exe+12D1E1B: 48 8B 08 - mov rcx,[rax]
CrimsonDesert.exe+12D1E1E: 48 8B 05 DB 54 9F 04 - mov rax,[CrimsonDesert.exe+5CC7300]
CrimsonDesert.exe+12D1E25: 80 3C 0A 00 - cmp byte ptr [rdx+rcx],00
CrimsonDesert.exe+12D1E29: 48 0F 45 05 D7 54 9F 04 - cmovne rax,[CrimsonDesert.exe+5CC7308]
CrimsonDesert.exe+12D1E31: 48 8B 00 - mov rax,[rax]
CrimsonDesert.exe+12D1E34: 48 8B 48 08 - mov rcx,[rax+08]
CrimsonDesert.exe+12D1E38: 48 8B 41 10 - mov rax,[rcx+10]
CrimsonDesert.exe+12D1E3C: 66 3B 98 98 00 00 00 - cmp bx,[rax+00000098]
CrimsonDesert.exe+12D1E43: 75 0C - jne CrimsonDesert.exe+12D1E51
CrimsonDesert.exe+12D1E45: 49 8B 06 - mov rax,[r14]
}
173
"#1 (cold)"
#3 (lightning)
0
FF8080
8 Bytes
i_base_char_attr_addr
340
174
"#2 (fire)"
#3 (lightning)
0
FF8080
8 Bytes
i_base_char_attr_addr
360
175
"#3 (lightning)"
50000000:1
100000000:2
150000000:3
250000000:5
500000000:10
750000000:15
0
FF8080
8 Bytes
i_base_char_attr_addr
3A0
176
"Atk"
0
FF8080
8 Bytes
i_base_char_attr_addr
0
177
"Def"
0
FF8080
8 Bytes
i_base_char_attr_addr
20
178
"???"
0
FF8080
8 Bytes
i_base_char_attr_addr
300
112
"Crimson Desert / https://opencheattables.com / CE 7.6+"
008E00
1
113
"YesNo"
0:No
1:Yes
1
161
"temp"
1
114
"Player_Base_alt1"
Auto Assembler Script
[ENABLE]
{$lua}
if syntaxcheck then return end
if not AOBScanModule then
function AOBScanModule(moduleName, signature)
local baseAddr = nil
local maxAddr = 0
local modList
synchronize(function()
modList = enumModules()
end)
for _, mod in ipairs(modList) do
if string.lower(mod.Name) == string.lower(moduleName) then
baseAddr = mod.Address
maxAddr = baseAddr + mod.Size
break
end
end
if not baseAddr then return nil end
local ms = createMemScan()
synchronize(function()
ms.firstScan(soExactValue, vtByteArray, nil, signature,
nil, baseAddr, maxAddr, '+X-C-W', fsmNotAligned, '1', true, true, false, false)
end)
ms.waitTillDone()
local results = createFoundList(ms)
results.initialize()
local addr
synchronize(function()
if results.getCount() > 0 then
addr = results[0]
end
end)
results.destroy()
ms.destroy()
return addr
end
end
local AOBs = {
{name='Player_Base_alt1', aob='?? 8D ?? ?? ?? ?? ?? ?? 8D ?? ?? ?? 00 00 E8 ?? ?? ?? ?? 90 C6 ?? ?? 00 0F 57 ?? 33 ?? 0F 11', pos=3, aoblen=7, symbol='Player_Base_alt1_addr'},
}
local module_name = process
for _, entry in ipairs(AOBs) do
local aob_addr_str = AOBScanModule(module_name, entry.aob)
if aob_addr_str then
local aob_addr_val = tonumber(aob_addr_str, 16)
local offset_addr = aob_addr_val + entry.pos
local relative_offset = readInteger(offset_addr, true)
local final_addr = relative_offset + aob_addr_val + entry.aoblen
synchronize(function()
unregisterSymbol(entry.symbol)
registerSymbol(entry.symbol, final_addr)
end)
print(string.format('[SymbolScanner] %s registered at: %X', entry.name, final_addr))
else
print(string.format('[SymbolScanner] WARNING: AOB scan failed for %s', entry.name))
end
end
{$asm}
[DISABLE]
{$lua}
if syntaxcheck then return end
unregisterSymbol('Player_Base_alt1_addr')
{$asm}
160
"Dragon mount timer: no decrease by Markiplier"
Auto Assembler Script
{
Generated by AOBMaker, bbfox@https://opencheattables.com
Date : 2026/03/28
}
[ENABLE]
aobscanmodule(INJECT_DRAGON_CD,$process,?? 89 ?? 60 01 00 00 ?? 8B ?? ?? F2 0F)
// raw AOB: 48 8B 41 08 49 89 85 F8 00 00 00 F3 45 0F 11 85 D8 00 00 00 8B 45 84 41 89 85 E0 00 00 00 8B 45 88 41 89 85 E4 00 00 00 8B 45 8C 41 89 85 E8 00 00 00 8B 45 90 41 89 85 EC 00 00 00 41 0F 11 B5 A0 00 00 00 0F 10 45 C8 41 0F 11 85 B0 00 00 00 41 C7 85 5C 01 00 00 FF FF FF FF 48 8B 45 A8 41 89 85 60 01 00 00 48 8B 45 E8 F2 0F 10 00 F2 41 0F 11 85 C0 00 00 00 8B 40 08 41 89 85 C8 00 00 00 8B 45 94 41 89 85 08 01 00 00 48 8B 01 49 89 85 00 01 00 00 48 8B 4D F0 48 8B 41 08 49 89 85 10 01 00 00 48 8B 01 49 89 85 18 01 00 00 8B 45 B4 41 89 85 20 01 00 00
// injection point AOB: ?? 89 ?? 60 01 00 00 ?? 8B ?? ?? F2 0F 10 ?? F2 ?? 0F 11 ?? C0 00 00 00 8B ?? 08 ?? 89 ?? C8 00 00 00 8B ?? ?? ?? 89 ?? 08 01 00 00 ?? 8B ?? ?? 89 ?? 00 01 00 00 ?? 8B ?? ?? ?? 8B ?? 08 ?? 89 ?? 10 01 00 00 ?? 8B ?? ?? 89 ?? 18 01 00 00 8B ?? ?? ?? 89 ?? 20 01 00 00
alloc(newmem,$1000,INJECT_DRAGON_CD)
alloc(INJECT_DRAGON_CDo, $7)
label(code)
label(return)
INJECT_DRAGON_CDo:
readmem(INJECT_DRAGON_CD, 7)
newmem:
// **** Shred code, need to investigate
//mov eax, [r13+00000160]
code:
// mov [r13+00000160],eax
reassemble(INJECT_DRAGON_CD)
jmp return
align 10 cc
INJECT_DRAGON_CD:
jmp newmem
nop 2
return:
registersymbol(INJECT_DRAGON_CD INJECT_DRAGON_CDo)
[DISABLE]
INJECT_DRAGON_CD:
readmem(INJECT_DRAGON_CDo, 7)
unregistersymbol(INJECT_DRAGON_CD INJECT_DRAGON_CDo)
dealloc(newmem)
dealloc(INJECT_DRAGON_CDo)
{
// ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+339D8CB
CrimsonDesert.exe+339D86C: 48 8B 41 08 - mov rax,[rcx+08]
CrimsonDesert.exe+339D870: 49 89 85 F8 00 00 00 - mov [r13+000000F8],rax
CrimsonDesert.exe+339D877: F3 45 0F 11 85 D8 00 00 00 - movss [r13+000000D8],xmm8
CrimsonDesert.exe+339D880: 8B 45 84 - mov eax,[rbp-7C]
CrimsonDesert.exe+339D883: 41 89 85 E0 00 00 00 - mov [r13+000000E0],eax
CrimsonDesert.exe+339D88A: 8B 45 88 - mov eax,[rbp-78]
CrimsonDesert.exe+339D88D: 41 89 85 E4 00 00 00 - mov [r13+000000E4],eax
CrimsonDesert.exe+339D894: 8B 45 8C - mov eax,[rbp-74]
CrimsonDesert.exe+339D897: 41 89 85 E8 00 00 00 - mov [r13+000000E8],eax
CrimsonDesert.exe+339D89E: 8B 45 90 - mov eax,[rbp-70]
CrimsonDesert.exe+339D8A1: 41 89 85 EC 00 00 00 - mov [r13+000000EC],eax
CrimsonDesert.exe+339D8A8: 41 0F 11 B5 A0 00 00 00 - movups [r13+000000A0],xmm6
CrimsonDesert.exe+339D8B0: 0F 10 45 C8 - movups xmm0,[rbp-38]
CrimsonDesert.exe+339D8B4: 41 0F 11 85 B0 00 00 00 - movups [r13+000000B0],xmm0
CrimsonDesert.exe+339D8BC: 41 C7 85 5C 01 00 00 FF FF FF FF - mov [r13+0000015C],FFFFFFFF
CrimsonDesert.exe+339D8C7: 48 8B 45 A8 - mov rax,[rbp-58]
// ---------- INJECTING HERE ----------
CrimsonDesert.exe+339D8CB: 41 89 85 60 01 00 00 - mov [r13+00000160],eax
// ---------- DONE INJECTING ----------
CrimsonDesert.exe+339D8D2: 48 8B 45 E8 - mov rax,[rbp-18]
CrimsonDesert.exe+339D8D6: F2 0F 10 00 - movsd xmm0,[rax]
CrimsonDesert.exe+339D8DA: F2 41 0F 11 85 C0 00 00 00 - movsd [r13+000000C0],xmm0
CrimsonDesert.exe+339D8E3: 8B 40 08 - mov eax,[rax+08]
CrimsonDesert.exe+339D8E6: 41 89 85 C8 00 00 00 - mov [r13+000000C8],eax
CrimsonDesert.exe+339D8ED: 8B 45 94 - mov eax,[rbp-6C]
CrimsonDesert.exe+339D8F0: 41 89 85 08 01 00 00 - mov [r13+00000108],eax
CrimsonDesert.exe+339D8F7: 48 8B 01 - mov rax,[rcx]
CrimsonDesert.exe+339D8FA: 49 89 85 00 01 00 00 - mov [r13+00000100],rax
CrimsonDesert.exe+339D901: 48 8B 4D F0 - mov rcx,[rbp-10]
CrimsonDesert.exe+339D905: 48 8B 41 08 - mov rax,[rcx+08]
CrimsonDesert.exe+339D909: 49 89 85 10 01 00 00 - mov [r13+00000110],rax
CrimsonDesert.exe+339D910: 48 8B 01 - mov rax,[rcx]
CrimsonDesert.exe+339D913: 49 89 85 18 01 00 00 - mov [r13+00000118],rax
CrimsonDesert.exe+339D91A: 8B 45 B4 - mov eax,[rbp-4C]
CrimsonDesert.exe+339D91D: 41 89 85 20 01 00 00 - mov [r13+00000120],eax
}
115
"INJECT_GET_BAG_BONUS_SLOTS_2_AOB"
Auto Assembler Script
{ Game : CrimsonDesert.exe
Version:
Date : 2026-03-22
Author : Andyc
Description :
<Optional info>
}
[ENABLE]
aobscanmodule(INJECT_GET_BAG_BONUS_SLOTS_2_AOB,CrimsonDesert.exe,0F B7 46 16 66 89 45 9A) // should be unique
alloc(newmem,$1000,INJECT_GET_BAG_BONUS_SLOTS_2_AOB)
label(code)
label(return)
newmem:
code:
movzx eax,word ptr [rsi+16]
mov [rbp-66],ax
jmp return
INJECT_GET_BAG_BONUS_SLOTS_2_AOB:
jmp newmem
nop 3
return:
registersymbol(INJECT_GET_BAG_BONUS_SLOTS_2_AOB)
[DISABLE]
INJECT_GET_BAG_BONUS_SLOTS_2_AOB:
db 0F B7 46 16 66 89 45 9A
unregistersymbol(INJECT_GET_BAG_BONUS_SLOTS_2_AOB)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+1A9F798
CrimsonDesert.exe+1A9F76A: 48 8D 15 57 BE EA 02 - lea rdx,[CrimsonDesert.exe+494B5C8]
CrimsonDesert.exe+1A9F771: 48 8D 4D B8 - lea rcx,[rbp-48]
CrimsonDesert.exe+1A9F775: E8 D6 8E 41 FF - call CrimsonDesert.exe+EB8650
CrimsonDesert.exe+1A9F77A: 44 89 65 BC - mov [rbp-44],r12d
CrimsonDesert.exe+1A9F77E: 0F B7 46 10 - movzx eax,word ptr [rsi+10]
CrimsonDesert.exe+1A9F782: 66 89 44 24 30 - mov [rsp+30],ax
CrimsonDesert.exe+1A9F787: 48 8D 4C 24 30 - lea rcx,[rsp+30]
CrimsonDesert.exe+1A9F78C: E8 BF 89 A1 FE - call CrimsonDesert.exe+4B8150
CrimsonDesert.exe+1A9F791: 0F B7 08 - movzx ecx,word ptr [rax]
CrimsonDesert.exe+1A9F794: 66 89 4D 98 - mov [rbp-68],cx
// ---------- INJECTING HERE ----------
CrimsonDesert.exe+1A9F798: 0F B7 46 16 - movzx eax,word ptr [rsi+16]
// ---------- DONE INJECTING ----------
CrimsonDesert.exe+1A9F79C: 66 89 45 9A - mov [rbp-66],ax
CrimsonDesert.exe+1A9F7A0: 0F B7 FB - movzx edi,bx
CrimsonDesert.exe+1A9F7A3: 0F B7 46 0C - movzx eax,word ptr [rsi+0C]
CrimsonDesert.exe+1A9F7A7: 66 3B D8 - cmp bx,ax
CrimsonDesert.exe+1A9F7AA: 0F 8D 4D 01 00 00 - jnl CrimsonDesert.exe+1A9F8FD
CrimsonDesert.exe+1A9F7B0: 4C 8D 2D 81 AF C9 02 - lea r13,[CrimsonDesert.exe+473A738]
CrimsonDesert.exe+1A9F7B7: 4C 8D 3D EA 99 E1 02 - lea r15,[CrimsonDesert.exe+48B91A8]
CrimsonDesert.exe+1A9F7BE: 4C 8D 25 43 97 E1 02 - lea r12,[CrimsonDesert.exe+48B8F08]
CrimsonDesert.exe+1A9F7C5: 4C 8D 35 34 01 F5 02 - lea r14,[CrimsonDesert.exe+49EF900]
CrimsonDesert.exe+1A9F7CC: 66 3B C3 - cmp ax,bx
}
For HP #1
`pa::ClientActorManager` -> 0x20 `Pointer to instance of pa::ClientChildOnlyInGameActor` -> 0x68 -> 0xB8 `Pointer to instance of pa::ClientInventoryActorComponent` -> 0x18 -> 0x8 -> 0x16, word = Bag Bonus
Also see:
0x14, word = Bag total
0x12, word = Bag used
`pa::ClientActorManager` -> 0x20 `Pointer to instance of pa::ClientChildOnlyInGameActor` -> 0x78 -> 0x20 `Pointer to instance of pa::ClientStatusActorComponent` -> 0x18 -> 0x58 -> 8 (HP #1)
For HP #2
[Player_Base2_Addr] -> 0x18 `Pointer to instance of pa::NwVirtualAsyncSession` -> 0xA0 `Pointer to instance of pa::ServerUserActor` -> 0xD0 `Pointer to instance of pa::ServerChildOnlyInGameActor` -> 0x68 -> 0x20 `Pointer to instance of pa::ServerStatusActorComponent` -> 0x18 -> 0x58 -> 8 (HP #2)
`pa::ClientActorManager` = Player_Base_addr
//
CrimsonDesert.exe+6B52E2 - 8F - db 8f
CrimsonDesert.exe+6B52E3 - 64 05 E8024760 - add eax,604702E8
CrimsonDesert.exe+6B52E9 - 03 EB - add ebp,ebx
CrimsonDesert.exe+6B52EB - 03 45 33 - add eax,[rbp+33]
CrimsonDesert.exe+6B52EE - ED - in eax,dx
// ---------- INJECTING HERE ----------
CrimsonDesert.exe+6B52EF - 48 89 35 3A8F6405 - mov [Player_Base_addr],rsi
// ---------- DONE INJECTING ----------
CrimsonDesert.exe+6B52F6 - 48 8D 86 00010000 - lea rax,[rsi+00000100]
CrimsonDesert.exe+6B52FD - 48 89 05 348F6405 - mov [CrimsonDesert.exe+5CFE238],rax
CrimsonDesert.exe+6B5304 - 48 8D 86 A0010000 - lea rax,[rsi+000001A0]
CrimsonDesert.exe+6B530B - 48 89 05 2E8F6405 - mov [CrimsonDesert.exe+5CFE240],rax
CrimsonDesert.exe+6B5312 - 44 0FB6 A5 C8020000 - movzx r12d,byte ptr [rbp+000002C8]
CrimsonDesert.exe+6B531A - 44 88 25 278F6405 - mov [CrimsonDesert.exe+5CFE248],r12b
CrimsonDesert.exe+6B5321 - 8B 3D A1564F05 - mov edi,[CrimsonDesert.exe+5BAA9C8]
CrimsonDesert.exe+6B5327 - 39 3D 2B8F6405 - cmp [CrimsonDesert.exe+5CFE258],edi
CrimsonDesert.exe+6B532D - 74 0E - je CrimsonDesert.exe+6B533D
CrimsonDesert.exe+6B532F - 8B D7 - mov edx,edi
CrimsonDesert.exe+6B5331 - 48 8D 0D 188F6405 - lea rcx,[CrimsonDesert.exe+5CFE250]
CrimsonDesert.exe+6B5338 - E8 D3800000 - call CrimsonDesert.exe+6BD410
CrimsonDesert.exe+6B533D - 39 3D 258F6405 - cmp [CrimsonDesert.exe+5CFE268],edi
CrimsonDesert.exe+6B5343 - 74 0E - je CrimsonDesert.exe+6B5353
CrimsonDesert.exe+6B5345 - 8B D7 - mov edx,edi
CrimsonDesert.exe+6B5347 - 48 8D 0D 128F6405 - lea rcx,[CrimsonDesert.exe+5CFE260]
CrimsonDesert.exe+6B534E - E8 BD800000 - call CrimsonDesert.exe+6BD410
CrimsonDesert.exe+6B5353 - 39 3D 1F8F6405 - cmp [CrimsonDesert.exe+5CFE278],edi
CrimsonDesert.exe+6B5359 - 74 0E - je CrimsonDesert.exe+6B5369
CrimsonDesert.exe+6B535B - 8B D7 - mov edx,edi
CrimsonDesert.exe+6B535D - 48 8D 0D 0C8F6405 - lea rcx,[CrimsonDesert.exe+5CFE270]
CrimsonDesert.exe+6B5364 - E8 A7800000 - call CrimsonDesert.exe+6BD410
CrimsonDesert.exe+6B5369 - 39 3D 198F6405 - cmp [CrimsonDesert.exe+5CFE288],edi
CrimsonDesert.exe+6B536F - 74 0E - je CrimsonDesert.exe+6B537F
CrimsonDesert.exe+6B5371 - 8B D7 - mov edx,edi
CrimsonDesert.exe+6B5373 - 48 8D 0D 068F6405 - lea rcx,[CrimsonDesert.exe+5CFE280]
CrimsonDesert.exe+6B537A - E8 B1890000 - call CrimsonDesert.exe+6BDD30
CrimsonDesert.exe+6B537F - 39 3D 138F6405 - cmp [CrimsonDesert.exe+5CFE298],edi
CrimsonDesert.exe+6B5385 - 74 0E - je CrimsonDesert.exe+6B5395
CrimsonDesert.exe+6B5387 - 8B D7 - mov edx,edi
CrimsonDesert.exe+6B5389 - 48 8D 0D 008F6405 - lea rcx,[CrimsonDesert.exe+5CFE290]
CrimsonDesert.exe+6B5390 - E8 7B800000 - call CrimsonDesert.exe+6BD410
CrimsonDesert.exe+6B5395 - 39 3D 0D8F6405 - cmp [CrimsonDesert.exe+5CFE2A8],edi
CrimsonDesert.exe+6B539B - 74 0E - je CrimsonDesert.exe+6B53AB
CrimsonDesert.exe+6B539D - 8B D7 - mov edx,edi
CrimsonDesert.exe+6B539F - 48 8D 0D FA8E6405 - lea rcx,[CrimsonDesert.exe+5CFE2A0]
CrimsonDesert.exe+6B53A6 - E8 65800000 - call CrimsonDesert.exe+6BD410
CrimsonDesert.exe+6B53AB - 39 3D 078F6405 - cmp [CrimsonDesert.exe+5CFE2B8],edi
CrimsonDesert.exe+6B53B1 - 74 0E - je CrimsonDesert.exe+6B53C1
CrimsonDesert.exe+6B53B3 - 8B D7 - mov edx,edi
CrimsonDesert.exe+6B53B5 - 48 8D 0D F48E6405 - lea rcx,[CrimsonDesert.exe+5CFE2B0]
CrimsonDesert.exe+6B53BC - E8 4F800000 - call CrimsonDesert.exe+6BD410
CrimsonDesert.exe+6B53C1 - 39 3D 018F6405 - cmp [CrimsonDesert.exe+5CFE2C8],edi
CrimsonDesert.exe+6B53C7 - 74 0E - je CrimsonDesert.exe+6B53D7
CrimsonDesert.exe+6B53C9 - 8B D7 - mov edx,edi
CrimsonDesert.exe+6B53CB - 48 8D 0D EE8E6405 - lea rcx,[CrimsonDesert.exe+5CFE2C0]
CrimsonDesert.exe+6B53D2 - E8 39800000 - call CrimsonDesert.exe+6BD410
CrimsonDesert.exe+6B53D7 - 85 FF - test edi,edi
CrimsonDesert.exe+6B53D9 - 74 77 - je CrimsonDesert.exe+6B5452
CrimsonDesert.exe+6B53DB - 49 8B DD - mov rbx,r13
CrimsonDesert.exe+6B53DE - 4D 8B F5 - mov r14,r13
CrimsonDesert.exe+6B53E1 - 48 8B 05 688E6405 - mov rax,[CrimsonDesert.exe+5CFE250]
CrimsonDesert.exe+6B53E8 - 44 89 6C 18 08 - mov [rax+rbx+08],r13d
CrimsonDesert.exe+6B53ED - 48 8B 05 6C8E6405 - mov rax,[CrimsonDesert.exe+5CFE260]
CrimsonDesert.exe+6B53F4 - 44 89 6C 18 08 - mov [rax+rbx+08],r13d
CrimsonDesert.exe+6B53F9 - 48 8B 05 708E6405 - mov rax,[CrimsonDesert.exe+5CFE270]
CrimsonDesert.exe+6B5400 - 44 89 6C 18 08 - mov [rax+rbx+08],r13d
CrimsonDesert.exe+6B5405 - 48 8B 0D 748E6405 - mov rcx,[CrimsonDesert.exe+5CFE280]
CrimsonDesert.exe+6B540C - 49 03 CE - add rcx,r14
CrimsonDesert.exe+6B540F - E8 0C29C6FF - call CrimsonDesert.exe+317D20
CrimsonDesert.exe+6B5414 - 48 8B 05 758E6405 - mov rax,[CrimsonDesert.exe+5CFE290]
CrimsonDesert.exe+6B541B - 44 89 6C 18 08 - mov [rax+rbx+08],r13d
CrimsonDesert.exe+6B5420 - 48 8B 05 798E6405 - mov rax,[CrimsonDesert.exe+5CFE2A0]
CrimsonDesert.exe+6B5427 - 44 89 6C 18 08 - mov [rax+rbx+08],r13d
CrimsonDesert.exe+6B542C - 48 8B 05 7D8E6405 - mov rax,[CrimsonDesert.exe+5CFE2B0]
CrimsonDesert.exe+6B5433 - 44 89 6C 18 08 - mov [rax+rbx+08],r13d
CrimsonDesert.exe+6B5438 - 48 8B 05 818E6405 - mov rax,[CrimsonDesert.exe+5CFE2C0]
CrimsonDesert.exe+6B543F - 44 89 6C 18 08 - mov [rax+rbx+08],r13d
CrimsonDesert.exe+6B5444 - 49 83 C6 10 - add r14,10
CrimsonDesert.exe+6B5448 - 48 8D 5B 10 - lea rbx,[rbx+10]
CrimsonDesert.exe+6B544C - 48 83 EF 01 - sub rdi,01
CrimsonDesert.exe+6B5450 - 75 8F - jne CrimsonDesert.exe+6B53E1
CrimsonDesert.exe+6B5452 - 48 8D 15 D78D6405 - lea rdx,[Player_Base_addr]
CrimsonDesert.exe+6B5459 - 48 8D 8D 40010000 - lea rcx,[rbp+00000140]
CrimsonDesert.exe+6B5460 - E8 7B8A0000 - call CrimsonDesert.exe+6BDEE0
CrimsonDesert.exe+6B5465 - 90 - nop
CrimsonDesert.exe+6B5466 - C6 45 C0 00 - mov byte ptr [rbp-40],00
CrimsonDesert.exe+6B546A - 0F57 C0 - xorps xmm0,xmm0
CrimsonDesert.exe+6B546D - 33 C0 - xor eax,eax
`Player_Base2_addr`:
CrimsonDesert.exe+233B38F - C7 03 00 00 00 00 - mov [rbx],00000000
CrimsonDesert.exe+233B395 - 48 8B 5C 24 30 - mov rbx,[rsp+30]
CrimsonDesert.exe+233B39A - 48 83 C4 20 - add rsp,20
CrimsonDesert.exe+233B39E - 5F - pop rdi
CrimsonDesert.exe+233B39F - C3 - ret
CrimsonDesert.exe+233B3A0 - 40 53 - push rbx
CrimsonDesert.exe+233B3A2 - 55 - push rbp
CrimsonDesert.exe+233B3A3 - 56 - push rsi
CrimsonDesert.exe+233B3A4 - 48 83 EC 20 - sub rsp,20
CrimsonDesert.exe+233B3A8 - 49 8B 30 - mov rsi,[r8]
CrimsonDesert.exe+233B3AB - 48 8B DA - mov rbx,rdx
CrimsonDesert.exe+233B3AE - 49 8B 68 18 - mov rbp,[r8+18]
CrimsonDesert.exe+233B3B2 - 48 85 F6 - test rsi,rsi
CrimsonDesert.exe+233B3B5 - 0F 84 E6 00 00 00 - je CrimsonDesert.exe+233B4A1
CrimsonDesert.exe+233B3BB - 48 89 7C 24 40 - mov [rsp+40],rdi
CrimsonDesert.exe+233B3C0 - 48 8D 4C 24 50 - lea rcx,[rsp+50]
// INJECTING HERE
CrimsonDesert.exe+233B3C5 - 48 8B 3D 64 15 95 03 - mov rdi,[145C8C930]
// DONE INJECTING
CrimsonDesert.exe+233B3CC - 4C 89 74 24 48 - mov [rsp+48],r14
CrimsonDesert.exe+233B3D1 - 44 0F B6 75 03 - movzx r14d,byte ptr [rbp+03]
CrimsonDesert.exe+233B3D6 - E8 05 0A F7 FD - call CrimsonDesert.AK::MemoryMgr::StartProfileThreadUsage+20
CrimsonDesert.exe+233B3DB - 48 8B 8F F8 00 00 00 - mov rcx,[rdi+000000F8]
CrimsonDesert.exe+233B3E2 - 44 8B 87 00 01 00 00 - mov r8d,[rdi+00000100]
CrimsonDesert.exe+233B3E9 - 49 C1 E0 04 - shl r8,04
CrimsonDesert.exe+233B3ED - 4C 03 C1 - add r8,rcx
CrimsonDesert.exe+233B3F0 - 49 3B C8 - cmp rcx,r8
CrimsonDesert.exe+233B3F3 - 74 23 - je CrimsonDesert.exe+233B418
CrimsonDesert.exe+233B3F5 - 8B 44 24 50 - mov eax,[rsp+50]
CrimsonDesert.exe+233B3F9 - 0F 1F 80 00 00 00 00 - nop dword ptr [rax+00000000]
CrimsonDesert.exe+233B400 - 48 8B 51 08 - mov rdx,[rcx+08]
CrimsonDesert.exe+233B404 - C6 02 01 - mov byte ptr [rdx],01
CrimsonDesert.exe+233B407 - 39 01 - cmp [rcx],eax
CrimsonDesert.exe+233B409 - 75 04 - jne CrimsonDesert.exe+233B40F
CrimsonDesert.exe+233B40B - C6 42 01 01 - mov byte ptr [rdx+01],01