y.{Wl/2DlCzZckdU/E8HZ4_?KrH3;=7D%#b5=p)myZCM,2X3HPv?KW]brijhQWWSz@a:YK[fLnPqGZ{mQE!c]KRCY]4rhil/Y?noUcK7izrTO.8le%,7V!ha87;HA9r)dV(uKa?Nsd0=5;tkL]^h@ER{l0ANfsG=@P1yMpVAWfBa*9)I;$,H%m*#_IZIi!+M0i7i%!rT?}4ER(m=DY7PJwEfEXbE;f-wHs:q:#0(3La:a=)PX1FTVe7Dnd%:UVK=bCEJ!4#44xWo,Ub:j}33$}1[f}2[)91i(m]{@qRPrQVHb3+YBB*xf@kx]tX?gg6w6r3][;=VsVOfQ6*d_?/,DXaM-$x2w@Po6a5d0ems#W#$4A?U@O!(zKn^Zsrn?P6h)#*P7WkV];nj=yAdY3VDO0ZNE8qns+E5)?KxGN/qjm+s6d#vH7Cn2sfcO;r)qG@bPycqxvPe:P{3e2xq;3OE%c(J,FhJ=cL7y6_cUL=8o{mn*PW#)AOxNqkWs3Y)_do7ZA!#k5:[X];rb]ci0Mv2yx%8Ht(qp+[TdJP2VfaP)cR+Ba:dhC._saXOi?U?Om2fFw[{PVFU48E*$xqNfl(he$3!Kpd)AY7[ksL}NoTZI/6V-7-P%bju9AQ!?pR(J?B1ME:bLqnqoz3m,,Zhd[Ea+o5qztw2=?xbYWV4O;G$,)JK,bmhoh/e85$+Y!.b,kMJOh?3;vVdosPot:3JHgisx2Gx7FppbTb?BXVHl1v*H)Ic6)k]NMfHbXHb3(.deV?l;JZ@^j6,+PZSJgLkgO/)6H-)!Vb#hn+e]X_+@hN#K#yp;[lV3=BxE0)j0.j,a71r;Xc7kYucj=seNh5UUW-XkTznVlp?j,ejz=+s83Non8!IsXajS?xGKl)1XK@e67j@LM;/4EUUsYr#hf%,(x8+B:P{zG8a@o)c2-pA-hFnkAAfQ41kiY7rL4KynNKkUWb)$V%*_A$fAml2jWc;5y8JSlgCvIF4KUmhsx=8@Z@plzHQLl.#r.K[c[w$C6_VhCR,HcSFhGW72@/H.=):+c,Nn=Y{L9W0c(TyzO,yD2dePKzu=eSCfXYSojAjCeJbgos#+w^kNUoI7IS(%0B_M_K2t1h0./cA_oA[#txCRMzGt([DP?4zHDmK*BMHBZEGf57N@cLmbWa[sV,GuaC#}_TN%aWROTX(A2VFrRf(PqG=}3Hy*KKpMh1{61vVgZ0AOn!sa?iZ@$!/k_G6C22XY!Oj{Z@_gE2yp[:GTr,4*-)1SYu(h2T(ic9?u*_5*dX5k?hZ$8@T.2swwrui}X@Cp1ge]GnJC?[+o]+]]knqf?UouR6vH*-f-ATQwuiqG#r[^6Z:;/i)z.m2@0UK-wWy(]5,VreGx:F5E{@fN9erL5n!8dVva)$uYZ^Nq?1!0_ZPvkZXN}3E)Cn=h$a4fHd49M;g5%E3xC!Jccrk$b!K_6GAng.1I:,kUMyK-^!18UfCZBDcOcY$CbEAoN-j,.2^?fl^X:1V]+!da!{i{amY%AKEitC^}%;+@MWh,?]4]@c-[]s7K0HC1^.fAo$qhH5;p)DDu=7n;3C1oI!,1YQnuB(J6Xq}l]7^VtgmzJ[%hbnalunAMc:387pZmQG+50}3cmg}9]Sp)6*W()XEm.ZO*dl+K.o/es2{j0(]L?/t3KdzMAL%L.d[T2bcu6JVT(L,,$;N@lC]?m)IW[PhHdG7V52)LRKVe!tbxBSFX8q8J0wmp(*bYHa0BpB$l{LZ=_x3M)gdGR),q5o553jifn-^D4{V.wGO0QY[*]12e6-Peb#D6FVU4frDgx2WtqYq3l=/w7oRJ*)2^)?yIP#QP7Stp-[0Y/n(.qs{cpy_IDny?IRp7:oVNSQXa!y-r/RT48Z-NswhavP}CKwennjRCVB#glUaZ$h$]ot)3*SV#Zzd3a+l+]ztG633v2b:ROOY/4pH!n^@jiUUvrw8k0LBdx3N5he;iBedg/!{LQE;cp1dPPlNd3U-KYPC;9bo*/8cF1}JS7SN.nP0#rne:Q,X5@Il;0,JC:mjzdwM@L,YszZK8?xc=]+tVzQ8=;fb(7^lgyjh;lDo[$kYCb}-#yXSHq/,jx4BwVeU($wua^P/XKG$U!2[Wn2;jGgaJ?hyMw)An#{$9r:Y-I/AD0Lbt-9+/(X}?4Q)bNgN%VDA?PqB$V9UOauCP3U$c[jf/Q*+JV.iFX^@Q}H;iWCB[{1*;OlJpwQn63FQ_(.hW+)y]JMuO;STN,.^wyIX4S}}kdT^8cb4,*5VgSE!iLe0CEMF.fP)LUW5OWdMEW(*ID:#coOOp/hj37C%sGaMaVftB:$#1$g.bX4Z-7bc6-^kb:?n[*t!dUm?@ssPst67HZc(LG0*4O-}N391D]fl9cq@m0:EtaOfHDRm9Hq[SH-S{ufHPLR6(4a^LC-*JkWTaRh7+hVK#BpqTcbW*i0!B%tb!tVV)r$-a:w/.Kc!W-Gu6MGJj6viBR*}#7.c75{f7tfGRfj)Tb^[o/eoOD5wzTr?,RIoiF?]I5[vtM@8gK:IcD55o7g(S*@xI4o4aV.Y9Cs4yxT6/jH9mP}bCF?N7RP!*3#Oj}TaSQM!SCOM*(t+VeYN!L2YQWAZuyMim=mVIH^I3/aOIno#9#YJJyM.^tS72%c;QP/=z+#f/eMDgC?:P2XzL:}Qfsn:YYlFZJLeE0j6YnpRA?u@b=Cl3,@)0zw[qz[)$.x3988REh:*a9M{!ik)eH,i_J7gx)C, 0 "Toggle Scripts" 3174FF Auto Assembler Script [ENABLE] {$lua} if (syntaxcheck) then return end synchronize(function() getLuaEngine().menuItem5.doClick() getLuaEngine().Close() end) -- attach process local processName = "CrimsonDesert.exe" local pid = getProcessIDFromProcessName(processName) if pid ~= nil and pid > 0 then local currentPid = getOpenedProcessID() or 0 if currentPid ~= pid then openProcess(processName) print("Attached to: " .. processName) Sleep(333) else print("Already attached to: " .. processName) end end synchronize(function() getLuaEngine().Close() end) local enableBattleScripts = { 2, -- "Toggle Compact View" 3, -- "Fast friendship" 4, -- "Fast pet friendship and take" 8, -- "When item decrease: no change in defined range" 15, -- "Menu: when add item amount: set item amount" 34, -- "Set min reputation when gain" 37, -- "reputation no decrease" 55, -- "Get HP - Pointer map mode" 126, -- "Abyss Gear" 134, -- "inf. weapon polishing durability" 140, -- "(buggy) Fast enemy kill / char HP full - check pt. 2" 144, -- "(buggy) Fast enemy kill / char HP full - check pt. 1" 146, -- "(buggy) Fast enemy kill / char HP full - check pt. 3" 56, -- "Get HP #1 - Pointer map" 76, -- "Get HP #2 - Pointer map" 127, -- ""Greater" gear: durability no decrease" 57, -- "Char #1 - Kliff" 61, -- "Char #2 - Damine" 65, -- "Char #3 - Oongka?" 77, -- "Char #1 - Kliff" 88, -- "Char #2 - Damine" 99, -- "Char #3 - Oongka?" 177, -- "_under testing" 181, -- Description: "Blink spell", Depth: 1 174, -- "1. Get worldOffset" 175, -- "2. Move speed multiplier / crow fly mode alt" 176, -- "3. Map waypoint position capture" 164, -- "4. Generate scripts" } local addressList = getAddressList() synchronize(function() for _, id in ipairs(enableBattleScripts) do local memRec = addressList.getMemoryRecordByID(id) if memRec and not memRec.Active then memRec.Active = true sleep(30) end addressList.refresh() end end) synchronize(function() getLuaEngine().Close() end) [DISABLE] {$lua} if (syntaxcheck) then return end synchronize(function() getLuaEngine().menuItem5.doClick() getLuaEngine().Close() end) local disableBattleScripts = { 164, -- "4. Generate scripts" 176, -- "3. Map waypoint position capture" 175, -- "2. Move speed multiplier / crow fly mode alt" 161, -- "INJECT_GET_BAG_BONUS_SLOTS_2_AOB" 160, -- "Dragon mount timer: no decrease by Markiplier" 159, -- "Player_Base_alt1" 132, -- "Duplicate abyss gear when extracted - Step 2" 130, -- "Duplicate abyss gear when extracted - Step 2" 115, -- "Get Horse HP - another ptr map mode" 106, -- "Auto fill Spi (only when Spi1/2 pointer map enabled)" 103, -- "Auto fill Sta (only when Sta1/2 pointer map enabled)" 100, -- "Auto fill HP (only when HP1/2 pointer map enabled)" 95, -- "Auto fill Spi (only when Spi1/2 pointer map enabled)" 92, -- "Auto fill Sta (only when Sta1/2 pointer map enabled)" 89, -- "Auto fill HP (only when HP1/2 pointer map enabled)" 84, -- "Auto fill Spi (only when Spi1/2 pointer map enabled)" 81, -- "Auto fill Sta (only when Sta1/2 pointer map enabled)" 78, -- "Auto fill HP (only when HP1/2 pointer map enabled)" 174, -- "1. Get worldOffset" 158, -- "temp" 131, -- "(non-equipped only) Duplicate abyss gear when extracted - Step 1" 129, -- "(equipped only) Duplicate abyss gear when extracted - Step 1" 118, -- "Bag" 110, -- "Horse (may not work)" 99, -- "Char #3 - Oongka?" 88, -- "Char #2 - Damine" 77, -- "Char #1 - Kliff" 69, -- "Bag" 65, -- "Char #3 - Oongka?" 61, -- "Char #2 - Damine" 57, -- "Char #1 - Kliff" 50, -- "Enable step 2 (horse tab) (conflict with "Fast enemy kill / char HP full" series)" 46, -- "Enable step 2 (char tab)" 40, -- "Enable step 1" 28, -- "#2: cur. amount must >=" 26, -- "cur. amount must >=" 22, -- "Seq ID #2" 19, -- "Seq ID #1" 12, -- "Set to "**and must <=" value if:" 181, -- "Blink spell" 162, -- "temp" 149, -- "Enable data" 133, -- "(all) embed and destory the abyss gear" 128, -- "Duplicate" 127, -- ""Greater" gear: durability no decrease" 76, -- "Get HP #2 - Pointer map" 56, -- "Get HP #1 - Pointer map" 45, -- "+Step 2 Usage: open item menu" 39, -- "+Step 1 Usage: open item menu" 25, -- "value clamp" 18, -- "_debug" 11, -- "Enable extra rule?" 9, -- "cur. amount must >=" 177, -- "_under testing" 156, -- "Crimson Desert / https://opencheattables.com / CE 7.6+" 147, -- "Get resistant attrs" 146, -- "(buggy) Fast enemy kill / char HP full - check pt. 3" 144, -- "(buggy) Fast enemy kill / char HP full - check pt. 1" 140, -- "(buggy) Fast enemy kill / char HP full - check pt. 2" 134, -- "inf. weapon polishing durability" 126, -- "Abyss Gear" 122, -- "Get Archery Competition data" 55, -- "Get HP - Pointer map mode" 38, -- "Get HP address: Step 1 & 2 - AOB mode" 37, -- "reputation no decrease" 34, -- "Set min reputation when gain" 31, -- "Bag bonus slot multiplier" 15, -- "Menu: when add item amount: set item amount" 8, -- "When item decrease: no change in defined range" 6, -- "inf: arrows / known items / keys (18) / Cube (9) / silver (980)... etc" 4, -- "Fast pet friendship and take" 3, -- "Fast friendship" 2, -- "Toggle Compact View" } local addressList = getAddressList() synchronize(function() for _, id in ipairs(disableBattleScripts) do local memRec = addressList.getMemoryRecordByID(id) if memRec and memRec.Active then memRec.Active = false sleep(30) end addressList.refresh() end end) synchronize(function() getLuaEngine().Close() end) -- Comments: -- ID: 2, Description: "Toggle Compact View", Depth: 0 -- ID: 3, Description: "Fast friendship", Depth: 0 -- ID: 4, Description: "Fast pet friendship and take", Depth: 0 -- ID: 6, Description: "inf: arrows / known items / keys (18) / Cube (9) / silver (980)... etc", Depth: 0 -- ID: 8, Description: "When item decrease: no change in defined range", Depth: 0 -- ID: 9, Description: "cur. amount must >=", Depth: 1 -- ID: 11, Description: "Enable extra rule?", Depth: 1 -- ID: 12, Description: "Set to "**and must <=" value if:", Depth: 2 -- ID: 15, Description: "Menu: when add item amount: set item amount", Depth: 0 -- ID: 18, Description: "_debug", Depth: 1 -- ID: 19, Description: "Seq ID #1", Depth: 2 -- ID: 22, Description: "Seq ID #2", Depth: 2 -- ID: 25, Description: "value clamp", Depth: 1 -- ID: 26, Description: "cur. amount must >=", Depth: 2 -- ID: 28, Description: "#2: cur. amount must >=", Depth: 2 -- ID: 31, Description: "Bag bonus slot multiplier", Depth: 0 -- ID: 34, Description: "Set min reputation when gain", Depth: 0 -- ID: 37, Description: "reputation no decrease", Depth: 0 -- ID: 38, Description: "Get HP address: Step 1 & 2 - AOB mode", Depth: 0 -- ID: 39, Description: "+Step 1 Usage: open item menu", Depth: 1 -- ID: 40, Description: "Enable step 1", Depth: 2 -- ID: 45, Description: "+Step 2 Usage: open item menu", Depth: 1 -- ID: 46, Description: "Enable step 2 (char tab)", Depth: 2 -- ID: 50, Description: "Enable step 2 (horse tab) (conflict with "Fast enemy kill / char HP full" series)", Depth: 2 -- ID: 55, Description: "Get HP - Pointer map mode", Depth: 0 -- ID: 56, Description: "Get HP #1 - Pointer map", Depth: 1 -- ID: 57, Description: "Char #1 - Kliff", Depth: 2 -- ID: 61, Description: "Char #2 - Damine", Depth: 2 -- ID: 65, Description: "Char #3 - Oongka?", Depth: 2 -- ID: 69, Description: "Bag", Depth: 2 -- ID: 76, Description: "Get HP #2 - Pointer map", Depth: 1 -- ID: 77, Description: "Char #1 - Kliff", Depth: 2 -- ID: 78, Description: "Auto fill HP (only when HP1/2 pointer map enabled)", Depth: 3 -- ID: 81, Description: "Auto fill Sta (only when Sta1/2 pointer map enabled)", Depth: 3 -- ID: 84, Description: "Auto fill Spi (only when Spi1/2 pointer map enabled)", Depth: 3 -- ID: 88, Description: "Char #2 - Damine", Depth: 2 -- ID: 89, Description: "Auto fill HP (only when HP1/2 pointer map enabled)", Depth: 3 -- ID: 92, Description: "Auto fill Sta (only when Sta1/2 pointer map enabled)", Depth: 3 -- ID: 95, Description: "Auto fill Spi (only when Spi1/2 pointer map enabled)", Depth: 3 -- ID: 99, Description: "Char #3 - Oongka?", Depth: 2 -- ID: 100, Description: "Auto fill HP (only when HP1/2 pointer map enabled)", Depth: 3 -- ID: 103, Description: "Auto fill Sta (only when Sta1/2 pointer map enabled)", Depth: 3 -- ID: 106, Description: "Auto fill Spi (only when Spi1/2 pointer map enabled)", Depth: 3 -- ID: 110, Description: "Horse (may not work)", Depth: 2 -- ID: 115, Description: "Get Horse HP - another ptr map mode", Depth: 3 -- ID: 118, Description: "Bag", Depth: 2 -- ID: 122, Description: "Get Archery Competition data", Depth: 0 -- ID: 126, Description: "Abyss Gear", Depth: 0 -- ID: 127, Description: ""Greater" gear: durability no decrease", Depth: 1 -- ID: 128, Description: "Duplicate", Depth: 1 -- ID: 129, Description: "(equipped only) Duplicate abyss gear when extracted - Step 1", Depth: 2 -- ID: 130, Description: "Duplicate abyss gear when extracted - Step 2", Depth: 3 -- ID: 131, Description: "(non-equipped only) Duplicate abyss gear when extracted - Step 1", Depth: 2 -- ID: 132, Description: "Duplicate abyss gear when extracted - Step 2", Depth: 3 -- ID: 133, Description: "(all) embed and destory the abyss gear", Depth: 1 -- ID: 134, Description: "inf. weapon polishing durability", Depth: 0 -- ID: 135, Description: "Move speed multiplier / crow fly mode alt", Depth: 0 -- ID: 140, Description: "(buggy) Fast enemy kill / char HP full - check pt. 2", Depth: 0 -- ID: 144, Description: "(buggy) Fast enemy kill / char HP full - check pt. 1", Depth: 0 -- ID: 146, Description: "(buggy) Fast enemy kill / char HP full - check pt. 3", Depth: 0 -- ID: 147, Description: "Get resistant attrs", Depth: 0 -- ID: 149, Description: "Enable data", Depth: 1 -- ID: 177, Description: "_under testing", Depth: 0 -- ID: 181, Description: "Blink spell", Depth: 1 -- ID: 174, Description: "1. Get worldOffset", Depth: 2 -- ID: 175, Description: "2. Move speed multiplier / crow fly mode alt", Depth: 3 -- ID: 176, Description: "3. Map waypoint position capture", Depth: 4 -- ID: 164, Description: "4. Generate scripts", Depth: 5 -- ID: 156, Description: "Crimson Desert / https://opencheattables.com / CE 7.6+", Depth: 0 -- ID: 162, Description: "temp", Depth: 1 -- ID: 158, Description: "temp", Depth: 2 -- ID: 159, Description: "Player_Base_alt1", Depth: 3 -- ID: 160, Description: "Dragon mount timer: no decrease by Markiplier", Depth: 3 -- ID: 161, Description: "INJECT_GET_BAG_BONUS_SLOTS_2_AOB", Depth: 3 1 "Notice: please load game, open item menu first. Some scripts may not be activated if not do so" 8913FF 1 2 "Toggle Compact View" Auto Assembler Script [ENABLE] {$lua} if syntaxcheck then return end if not toggleCompactView then function toggleCompactView(sender, forceEnable) local isCompactMode = not (compactViewMenuItem.Caption == 'Compact View Mode') if forceEnable ~= nil then isCompactMode = not forceEnable end synchronize(function() compactViewMenuItem.Caption = isCompactMode and 'Compact View Mode' or 'Full View Mode' getMainForm().Splitter1.Visible = isCompactMode getMainForm().Panel4.Visible = isCompactMode getMainForm().Panel5.Visible = isCompactMode end) end end if not createCompactViewMenu then function createCompactViewMenu() if isCompactMenuCreated then return end synchronize(function() local mainMenu = getMainForm().Menu.Items compactViewMenuItem = createMenuItem(mainMenu) compactViewMenuItem.Caption = 'Compact View Mode' compactViewMenuItem.OnClick = toggleCompactView mainMenu.add(compactViewMenuItem) end) isCompactMenuCreated = true end end createCompactViewMenu() toggleCompactView(nil, true) [DISABLE] {$lua} if toggleCompactView then toggleCompactView(nil, false) end 3 "Fast friendship" Auto Assembler Script { Generated by AOBMaker, bbfox@https://opencheattables.com Date : 2026/03/29 } [ENABLE] aobscanmodule(INJECT_FAST_FRIENDSHIP,$process,?? 8B ?? 10 ?? 63 ?? ?? ?? ?? ?? ?? 3B ?? 7F) // raw AOB: 48 C1 E2 04 48 03 90 18 01 00 00 45 84 ED 74 ?? 80 BA 8B 00 00 00 00 74 ?? 8B 42 04 44 0F A3 F0 73 ?? 48 8B 46 08 48 8B 40 68 49 8B D7 48 8B 88 40 01 00 00 E8 ?? ?? ?? ?? 48 85 C0 74 ?? 48 8B 48 10 48 63 05 ?? ?? ?? ?? 48 3B C1 7F ?? 48 63 05 ?? ?? ?? ?? 48 3B C8 7E ?? 8B 45 E8 3B 45 EC 72 ?? 41 B9 08 00 00 00 45 33 C0 48 8D 55 F0 48 8D 4D E0 E8 ?? ?? ?? ?? 8B 45 E8 8B D0 48 8B 0B // injection point AOB: ?? 8B ?? 10 ?? 63 ?? ?? ?? ?? ?? ?? 3B ?? 7F ?? ?? 63 ?? ?? ?? ?? ?? ?? 3B ?? 7E ?? 8B ?? ?? 3B ?? ?? 72 ?? ?? ?? 08 00 00 00 ?? 33 ?? ?? 8D ?? ?? ?? 8D ?? ?? E8 ?? ?? ?? ?? 8B ?? ?? 8B ?? ?? 8B alloc(newmem,$1000) alloc(INJECT_FAST_FRIENDSHIPo, $E) label(code) label(return) INJECT_FAST_FRIENDSHIPo: readmem(INJECT_FAST_FRIENDSHIP, $E) newmem: cmp qword ptr [rax+10], 64 jae short code mov qword ptr [rax+10], 64 code: // mov rcx,[rax+10] reassemble(INJECT_FAST_FRIENDSHIP) // movsxd rax,dword ptr [CrimsonDesert.exe+5C4F008] reassemble(INJECT_FAST_FRIENDSHIP+4) // cmp rax,rcx reassemble(INJECT_FAST_FRIENDSHIP+B) jmp far return align 10 cc INJECT_FAST_FRIENDSHIP: jmp far newmem return: registersymbol(INJECT_FAST_FRIENDSHIP INJECT_FAST_FRIENDSHIPo) [DISABLE] INJECT_FAST_FRIENDSHIP: readmem(INJECT_FAST_FRIENDSHIPo, $E) unregistersymbol(INJECT_FAST_FRIENDSHIP INJECT_FAST_FRIENDSHIPo) dealloc(newmem) dealloc(INJECT_FAST_FRIENDSHIPo) { // ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+14F639E CrimsonDesert.exe+14F6360: 48 C1 E2 04 - shl rdx,04 CrimsonDesert.exe+14F6364: 48 03 90 18 01 00 00 - add rdx,[rax+00000118] CrimsonDesert.exe+14F636B: 45 84 ED - test r13b,r13b CrimsonDesert.exe+14F636E: 74 09 - je CrimsonDesert.exe+14F6379 CrimsonDesert.exe+14F6370: 80 BA 8B 00 00 00 00 - cmp byte ptr [rdx+0000008B],00 CrimsonDesert.exe+14F6377: 74 72 - je CrimsonDesert.exe+14F63EB CrimsonDesert.exe+14F6379: 8B 42 04 - mov eax,[rdx+04] CrimsonDesert.exe+14F637C: 44 0F A3 F0 - bt eax,r14d CrimsonDesert.exe+14F6380: 73 69 - jae CrimsonDesert.exe+14F63EB CrimsonDesert.exe+14F6382: 48 8B 46 08 - mov rax,[rsi+08] CrimsonDesert.exe+14F6386: 48 8B 40 68 - mov rax,[rax+68] CrimsonDesert.exe+14F638A: 49 8B D7 - mov rdx,r15 CrimsonDesert.exe+14F638D: 48 8B 88 40 01 00 00 - mov rcx,[rax+00000140] CrimsonDesert.exe+14F6394: E8 67 D0 3C 00 - call CrimsonDesert.exe+18C3400 CrimsonDesert.exe+14F6399: 48 85 C0 - test rax,rax CrimsonDesert.exe+14F639C: 74 1C - je CrimsonDesert.exe+14F63BA // ---------- INJECTING HERE ---------- CrimsonDesert.exe+14F639E: 48 8B 48 10 - mov rcx,[rax+10] // ---------- DONE INJECTING ---------- CrimsonDesert.exe+14F63A2: 48 63 05 5F 8C 75 04 - movsxd rax,dword ptr [CrimsonDesert.exe+5C4F008] CrimsonDesert.exe+14F63A9: 48 3B C1 - cmp rax,rcx CrimsonDesert.exe+14F63AC: 7F 0C - jg CrimsonDesert.exe+14F63BA CrimsonDesert.exe+14F63AE: 48 63 05 13 8B 75 04 - movsxd rax,dword ptr [CrimsonDesert.exe+5C4EEC8] CrimsonDesert.exe+14F63B5: 48 3B C8 - cmp rcx,rax CrimsonDesert.exe+14F63B8: 7E 31 - jle CrimsonDesert.exe+14F63EB CrimsonDesert.exe+14F63BA: 8B 45 E8 - mov eax,[rbp-18] CrimsonDesert.exe+14F63BD: 3B 45 EC - cmp eax,[rbp-14] CrimsonDesert.exe+14F63C0: 72 19 - jb CrimsonDesert.exe+14F63DB CrimsonDesert.exe+14F63C2: 41 B9 08 00 00 00 - mov r9d,00000008 CrimsonDesert.exe+14F63C8: 45 33 C0 - xor r8d,r8d CrimsonDesert.exe+14F63CB: 48 8D 55 F0 - lea rdx,[rbp-10] CrimsonDesert.exe+14F63CF: 48 8D 4D E0 - lea rcx,[rbp-20] CrimsonDesert.exe+14F63D3: E8 E8 62 DE FE - call CrimsonDesert.exe+2DC6C0 CrimsonDesert.exe+14F63D8: 8B 45 E8 - mov eax,[rbp-18] CrimsonDesert.exe+14F63DB: 8B D0 - mov edx,eax } 4 "Fast pet friendship and take" Auto Assembler Script { Generated by AOBMaker, bbfox@https://opencheattables.com Date : 2026/04/10 } [ENABLE] aobscanmodule(INJECT_FAST_PET_FRIENDSHIP_2,$process,0F 10 ?? 0F 10 ?? 10 0F 10 ?? 20 0F 10 ?? 30 F2 0F 10 ?? 40 0F 11 ?? 38) // raw AOB: EB ?? 48 8B 18 49 8B 16 48 85 DB 74 ?? 0F B6 52 30 48 8D 4B 08 4C 8D 45 EF E8 ?? ?? ?? ?? 84 C0 75 ?? 8B D6 49 8B CF E8 ?? ?? ?? ?? E9 ?? ?? ?? ?? 49 8B 06 0F 10 0B 0F 10 53 10 0F 10 5B 20 0F 10 63 30 F2 0F 10 43 40 0F 11 48 38 0F 11 50 48 0F 11 58 58 0F 11 60 68 F2 0F 11 40 78 EB ?? 0F B7 42 08 66 89 42 3C 89 7A 38 49 8B 1E 4C 8D 45 CF 33 C9 48 8D 55 BF // injection point AOB: 0F 10 ?? 0F 10 ?? 10 0F 10 ?? 20 0F 10 ?? 30 F2 0F 10 ?? 40 0F 11 ?? 38 0F 11 ?? 48 0F 11 ?? 58 0F 11 ?? 68 F2 0F 11 ?? 78 EB ?? 0F B7 ?? 08 66 89 ?? 3C 89 ?? 38 ?? 8B ?? ?? 8D ?? ?? 33 ?? ?? 8D alloc(newmem,$1000) alloc(INJECT_FAST_PET_FRIENDSHIP_2o, $F) label(code) label(return) INJECT_FAST_PET_FRIENDSHIP_2o: readmem(INJECT_FAST_PET_FRIENDSHIP_2, $F) newmem: cmp dword ptr [rbx+10], #95 jae short code mov dword ptr [rbx+10], #95 code: // movups xmm1,[rbx] reassemble(INJECT_FAST_PET_FRIENDSHIP_2) // movups xmm2,[rbx+10] reassemble(INJECT_FAST_PET_FRIENDSHIP_2+3) // movups xmm3,[rbx+20] reassemble(INJECT_FAST_PET_FRIENDSHIP_2+7) // movups xmm4,[rbx+30] reassemble(INJECT_FAST_PET_FRIENDSHIP_2+B) jmp far return align 10 cc INJECT_FAST_PET_FRIENDSHIP_2: jmp far newmem nop 1 return: registersymbol(INJECT_FAST_PET_FRIENDSHIP_2 INJECT_FAST_PET_FRIENDSHIP_2o) [DISABLE] INJECT_FAST_PET_FRIENDSHIP_2: readmem(INJECT_FAST_PET_FRIENDSHIP_2o, $F) unregistersymbol(INJECT_FAST_PET_FRIENDSHIP_2 INJECT_FAST_PET_FRIENDSHIP_2o) dealloc(newmem) dealloc(INJECT_FAST_PET_FRIENDSHIP_2o) { // ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+20022F9 CrimsonDesert.exe+20022C5: EB 03 - jmp CrimsonDesert.exe+20022CA CrimsonDesert.exe+20022C7: 48 8B 18 - mov rbx,[rax] CrimsonDesert.exe+20022CA: 49 8B 16 - mov rdx,[r14] CrimsonDesert.exe+20022CD: 48 85 DB - test rbx,rbx CrimsonDesert.exe+20022D0: 74 52 - je CrimsonDesert.exe+2002324 CrimsonDesert.exe+20022D2: 0F B6 52 30 - movzx edx,byte ptr [rdx+30] CrimsonDesert.exe+20022D6: 48 8D 4B 08 - lea rcx,[rbx+08] CrimsonDesert.exe+20022DA: 4C 8D 45 EF - lea r8,[rbp-11] CrimsonDesert.exe+20022DE: E8 9D AD 8C FF - call CrimsonDesert.exe+18CD080 CrimsonDesert.exe+20022E3: 84 C0 - test al,al CrimsonDesert.exe+20022E5: 75 0F - jne CrimsonDesert.exe+20022F6 CrimsonDesert.exe+20022E7: 8B D6 - mov edx,esi CrimsonDesert.exe+20022E9: 49 8B CF - mov rcx,r15 CrimsonDesert.exe+20022EC: E8 AF 8A 70 FE - call CrimsonDesert.exe+70ADA0 CrimsonDesert.exe+20022F1: E9 69 01 00 00 - jmp CrimsonDesert.exe+200245F CrimsonDesert.exe+20022F6: 49 8B 06 - mov rax,[r14] // ---------- INJECTING HERE ---------- CrimsonDesert.exe+20022F9: 0F 10 0B - movups xmm1,[rbx] // ---------- DONE INJECTING ---------- CrimsonDesert.exe+20022FC: 0F 10 53 10 - movups xmm2,[rbx+10] CrimsonDesert.exe+2002300: 0F 10 5B 20 - movups xmm3,[rbx+20] CrimsonDesert.exe+2002304: 0F 10 63 30 - movups xmm4,[rbx+30] CrimsonDesert.exe+2002308: F2 0F 10 43 40 - movsd xmm0,[rbx+40] CrimsonDesert.exe+200230D: 0F 11 48 38 - movups [rax+38],xmm1 CrimsonDesert.exe+2002311: 0F 11 50 48 - movups [rax+48],xmm2 CrimsonDesert.exe+2002315: 0F 11 58 58 - movups [rax+58],xmm3 CrimsonDesert.exe+2002319: 0F 11 60 68 - movups [rax+68],xmm4 CrimsonDesert.exe+200231D: F2 0F 11 40 78 - movsd [rax+78],xmm0 CrimsonDesert.exe+2002322: EB 0B - jmp CrimsonDesert.exe+200232F CrimsonDesert.exe+2002324: 0F B7 42 08 - movzx eax,word ptr [rdx+08] CrimsonDesert.exe+2002328: 66 89 42 3C - mov [rdx+3C],ax CrimsonDesert.exe+200232C: 89 7A 38 - mov [rdx+38],edi CrimsonDesert.exe+200232F: 49 8B 1E - mov rbx,[r14] CrimsonDesert.exe+2002332: 4C 8D 45 CF - lea r8,[rbp-31] CrimsonDesert.exe+2002336: 33 C9 - xor ecx,ecx } 5 "Pickup pet, stroke/pet pet twice" 8913FF 1 6 "inf: arrows / known items / keys (18) / Cube (9) / silver (980)... etc" Auto Assembler Script { Generated by AOBMaker, bbfox@https://opencheattables.com Date : 2026/03/29 } [ENABLE] aobscanmodule(INJECT_INF_ARROW_N_OTHERS,$process,?? 83 ?? 10 00 7E ?? ?? 8D ?? 08 66 ?? FF ??) // raw AOB: 0F B7 E8 66 41 3B C4 0F 8D ?? ?? ?? ?? 48 89 5C 24 50 BA FF FF 00 00 48 89 7C 24 58 66 44 3B 7E 12 0F 8D ?? ?? ?? ?? 0F BF C5 48 8D 1C 40 48 C1 E3 06 48 03 1E 48 39 1D ?? ?? ?? ?? 74 ?? 66 3B 53 08 74 ?? 48 83 7B 10 00 7E ?? 48 8D 4B 08 66 41 FF C7 E8 ?? ?? ?? ?? 48 8B C8 41 8B 45 00 39 01 75 ?? 83 7E 20 00 0F B7 43 08 74 ?? 44 8B 4E 20 33 C9 45 85 C9 74 ?? 4C 8B 56 18 // injection point AOB: ?? 83 ?? 10 00 7E ?? ?? 8D ?? 08 66 ?? FF ?? E8 ?? ?? ?? ?? ?? 8B ?? ?? 8B ?? 00 39 ?? 75 ?? 83 ?? 20 00 0F B7 ?? 08 74 ?? ?? 8B ?? 20 33 ?? ?? 85 ?? 74 ?? ?? 8B ?? 18 alloc(newmem,$1000) alloc(INJECT_INF_ARROW_N_OTHERSo, $F) label(code) label(return) label(is_chk_silver) label(check_silver) label(exc_loop) //label(exc_found) label(exc_next) label(exc_done) label(rng_loop) //label(rng_found) label(rng_next) label(rng_done) label(exception_table) label(range_table) // ============================================================ // 查找優先順序: // 1. 銀幣 → flag 控制，獨立判定 // 2. 例外表 → 最高優先，覆蓋區間 // 3. 區間表 → ID 落在區間內就套用 // 4. 都沒中 → 不修改，走原始邏輯 // // CE 數值: 無前綴 = hex，# 前綴 = 十進位 // ============================================================ // // 例外表格式: dq <item_id>, <amount> (每筆 0x10 = 16 bytes) // 結尾標記: dq -1, 0 // // 區間表格式: dq <start>, <end>, <amount>, 0 (每筆 0x20 = 32 bytes) // 結尾標記: dq -1, 0, 0, 0 // // 新增例外 → 插入 dq id, amount (保持 ID 升序) // 新增區間 → 插入 dq start, end, amount, 0 (保持升序) // ============================================================ INJECT_INF_ARROW_N_OTHERSo: readmem(INJECT_INF_ARROW_N_OTHERS, $F) newmem: // --- 銀幣特殊處理 (ID=#1580) --- cmp dword ptr [rbx+8], #1580 je check_silver push r15 push r14 push r13 // ============================================================ // 第一步: 查例外表 (每筆 0x10, index r14 × 10) // ============================================================ xor r14, r14 mov r15, exception_table exc_loop: lea r13, [r15+r14*1] // r13 = exception_table + r14 mov r13, [r13] // r13 = entry item_id cmp r13, -1 je exc_done cmp r13d, [rbx+8] jne exc_next // --- 命中例外 --- lea r13, [r15+r14*1] mov r13, [r13+8] // r13 = amount mov [rbx+10], r13 jmp rng_done // 直接跳到結束 exc_next: add r14, 10 // 下一筆 (0x10 = 16 bytes) jmp exc_loop exc_done: // ============================================================ // 第二步: 查區間表 (每筆 0x20, index r14 × 20) // ============================================================ xor r14, r14 mov r15, range_table rng_loop: lea r13, [r15+r14*1] // r13 = range_table + r14 mov r13, [r13] // r13 = range_start cmp r13, -1 je rng_done cmp [rbx+8], r13d // ID < start? jb rng_next lea r13, [r15+r14*1] mov r13, [r13+8] // r13 = range_end cmp [rbx+8], r13d // ID > end? ja rng_next // --- 命中區間 --- lea r13, [r15+r14*1] mov r13, [r13+10] // r13 = amount mov [rbx+10], r13 jmp rng_done rng_next: add r14, 20 // 下一筆 (0x20 = 32 bytes) jmp rng_loop rng_done: pop r13 pop r14 pop r15 jmp code check_silver: cmp dword ptr [is_chk_silver], 1 jne short code mov qword ptr [rbx+10], #98000 jmp short code code: // cmp qword ptr [rbx+10],00 reassemble(INJECT_INF_ARROW_N_OTHERS) // jle CrimsonDesert.exe+1D39984 reassemble(INJECT_INF_ARROW_N_OTHERS+5) // lea rcx,[rbx+08] reassemble(INJECT_INF_ARROW_N_OTHERS+7) // inc r15w reassemble(INJECT_INF_ARROW_N_OTHERS+B) jmp far return align 10 cc // ============================================================ // 例外表 (Exception Table) // dq <item_id>, <amount> (每筆 0x10 bytes) // 按 ID 升序排列 // ============================================================ align 10 cc exception_table: // --- 彈藥類 --- dq #1, #96 // arrow 箭矢 dq #3, #96 // poison arrow 毒箭 dq #16, #48 // small cannonball 小砲彈 dq #23, #96 // bullet 子彈 // --- 區間 #800-#991 中的例外 --- dq #870, #96 // wool 羊毛 (區間預設 #48) dq #997, #48 // 魚肉 // --- 藥劑類 --- dq #1310, #9 // 芙蕾亞的初階藥劑 dq #1311, #9 // 阿布羅妮亞的初階藥劑 dq #1312, #9 // 梅莉亞拉的初階藥劑 // --- 飲品類 --- dq #1328, #18 // honey tea dq #1332, #18 // 水果茶 dq #1333, #18 // 水果酒 dq #1334, #18 // 果汁 // --- 鑰匙/雜物 --- dq #1554, #18 // keys 鑰匙 dq #1581, #96 // 破舊銅的幣袋 dq #1582, #96 // 輕巧的錢幣袋 dq #1583, #96 // 錢幣袋? dq #1584, #96 // 沈重的銅板袋 dq #1585, #96 // 銀幣袋 dq #1608, #19 // 埃爾南德淬火貨幣 // --- 阿比斯/特殊 --- dq #1520, #20 // 阿比斯動力核心 dq #2270, #17 // abyss cube 阿比斯神器 dq #2271, #8 // 褪色的阿比斯神器 //dq #2395, #48 // 帶有可疑紋樣的紙條 dq #2804, #9 // apple seed dq #2824, #9 // 閃耀果實 dq #2830, #9 // 復甦丹藥 // --- 商落未 (母湯苔鯛!) --- dq -1, 0 // ============================================================ // 區間表 (Range Table) // dq <start>, <end>, <amount>, 0 (每筆 0x20 bytes) // 按起始 ID 升序排列 // ============================================================ align 20 cc range_table: dq #800, #950, #48, 0 // 材料/消耗品 (一疊 48) dq #1003, #1305, #18, 0 // 料理/成品類 (一疊 18) // dq #xxxx, #yyyy, #zz, 0 // (未來新增區間) // --- 商落未 (母湯苔鯛!) --- dq -1, 0, 0, 0 align 10 cc is_chk_silver: dd 0, 0 // ============================================================ // 已知道具 ID 參考 (僅供查找，不影響邏輯) // 1.00.00 版資料、改版後已經不準確 // [例外] = exception_table [區間] = range_table // ============================================================ // // --- 彈藥 --- // #1 arrow 箭矢 [例外 #96] // #3 poison arrow 毒箭 [例外 #96] // #16 small cannonball 小砲彈 [例外 #48] // #23 bullet 子彈 [例外 #96] // // --- 區間 #800-#944 材料/消耗品 (#48) --- // #800 薫衣草 [區間] // #809 牡丹 [區間] // #817 短角 [區間] // #820 鹿角 [區間] // #831 聖水 [區間] // #832 索魯曼聖水 [區間] // #835 石材 [區間] // #836 高級石材 [區間] // #837 頂級石材 [區間] // #839 鐵礦 [區間] // #840 銅礦 [區間] // #842 血石 [區間] // #850 石榴石 [區間] // #851 藍銅礦 [區間] // #854 木材 [區間] // #855 高級木材 [區間] // #857 薄獸皮 [區間] // #858 厚重皮革 [區間] // #859 堅韌皮革 [區間] // #861 短毛皮革 [區間] // #862 碎布片 [區間] // #863 羽毛 [區間] // #864 羊毛 [例外 #96] // #867 小型骨頭 [區間] // #871 火藥 [區間] // #872 empty bottle [區間] // #873 中型獸骨 [區間] // #874 鮮肉 [區間] // #875 大塊肉 [區間] // #876 軟嫩肉 [區間] // #877 肥肉 [區間] // #878 鮮美鳥肉 [區間] // #880 紅扁豆 [區間] // #883 大麥 [區間] // #884 小麥 [區間] // #887 燕麥 [區間] // #888 覆盆子 [區間] // #896 蘋果 [區間] // #907 蕪菁 [區間] // #911 地瓜 [區間] // #915 carrot [區間] // #928 百年草 [區間] // #937 蛋 [區間] // #938 milk [區間] // #939 Cheese [區間] // #941 鹽 [區間] // #942 糖 [區間] // #943 水 [區間] // #944 料理用油 [區間] // // --- 區間外例外 --- // #864 羊毛 [例外 #96] (區間內覆蓋) // #991 魚肉 [例外 #48] (區間外) // // --- 區間 #1003-#1299 料理/成品 (#18) --- // #1003 風乾肉塊 [區間] // #1005 bread [區間] // #1006 beer [區間] // #1070 滿滿的年糕 [區間] // #1094 豐盛的燉排骨 [區間] // #1174 蒸蛋 [區間] // #1194 滿滿的烤肉 [區間] // #1204 滿滿的烤鳥肉 [區間] // #1211 清湯料理 [區間] // #1234 烤大魚 [區間] // #1255 蛋煎蔬菜 [區間] // #1256 蛋煎魚 [區間] // #1257 烤肉 [區間] // #1259 醬燒魚 [區間] // #1260 烤穀物 [區間] // #1261 烤蛋 [區間] // #1272 醃漬蔬菜 [區間] // #1278 水果蜜餞 [區間] // #1279 烤蔬菜 [區間] // #1299 乾草 [區間] // // --- 獨立道具 (exception_table) --- // #1304 芙蕾亞的初階藥劑 [例外 #9] // #1305 阿布羅妮亞的初階藥劑 [例外 #9] // #1306 梅莉亞拉的初階藥劑 [例外 #9] // #1322 honey tea [例外 #18] // #1326 水果茶 [例外 #18] // #1327 水果酒 [例外 #18] // #1328 果汁 [例外 #18] // #1542 鑰匙 [例外 #18] // #1568 銀幣 (flag 控制) // #1570 輕巧的錢幣袋 [例外 #48] // #1571 錢幣袋? [例外 #48] // #1572 沈重的銅板袋 [例外 #48] // #1573 銀幣袋 [例外 #48] // #2240 阿比斯神器 [例外 #9] // #2241 褪色的阿比斯神器 [例外 #9] // #2395 帶有可疑紋樣的紙條 [例外 #48] // #2774 apple seed [例外 #9] // #2801 止靜丹 [例外 #9] // ============================================================ // 魚類 (單尾) 945, 949, 951, 958 // ============================================================ INJECT_INF_ARROW_N_OTHERS: jmp far newmem nop 1 return: registersymbol(INJECT_INF_ARROW_N_OTHERS INJECT_INF_ARROW_N_OTHERSo) registersymbol(is_chk_silver) [DISABLE] INJECT_INF_ARROW_N_OTHERS: readmem(INJECT_INF_ARROW_N_OTHERSo, $F) unregistersymbol(INJECT_INF_ARROW_N_OTHERS INJECT_INF_ARROW_N_OTHERSo) unregistersymbol(is_chk_silver) dealloc(newmem) dealloc(INJECT_INF_ARROW_N_OTHERSo) { // ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+1D3992A CrimsonDesert.exe+1D398E6: 0F B7 E8 - movzx ebp,ax CrimsonDesert.exe+1D398E9: 66 41 3B C4 - cmp ax,r12w CrimsonDesert.exe+1D398ED: 0F 8D AB 00 00 00 - jnl CrimsonDesert.exe+1D3999E CrimsonDesert.exe+1D398F3: 48 89 5C 24 50 - mov [rsp+50],rbx CrimsonDesert.exe+1D398F8: BA FF FF 00 00 - mov edx,0000FFFF CrimsonDesert.exe+1D398FD: 48 89 7C 24 58 - mov [rsp+58],rdi CrimsonDesert.exe+1D39902: 66 44 3B 7E 12 - cmp r15w,[rsi+12] CrimsonDesert.exe+1D39907: 0F 8D 84 00 00 00 - jnl CrimsonDesert.exe+1D39991 CrimsonDesert.exe+1D3990D: 0F BF C5 - movsx eax,bp CrimsonDesert.exe+1D39910: 48 8D 1C 40 - lea rbx,[rax+rax*2] CrimsonDesert.exe+1D39914: 48 C1 E3 06 - shl rbx,06 CrimsonDesert.exe+1D39918: 48 03 1E - add rbx,[rsi] CrimsonDesert.exe+1D3991B: 48 39 1D 96 7E F2 03 - cmp [CrimsonDesert.exe+5C617B8],rbx CrimsonDesert.exe+1D39922: 74 60 - je CrimsonDesert.exe+1D39984 CrimsonDesert.exe+1D39924: 66 3B 53 08 - cmp dx,[rbx+08] CrimsonDesert.exe+1D39928: 74 5A - je CrimsonDesert.exe+1D39984 // ---------- INJECTING HERE ---------- CrimsonDesert.exe+1D3992A: 48 83 7B 10 00 - cmp qword ptr [rbx+10],00 // ---------- DONE INJECTING ---------- CrimsonDesert.exe+1D3992F: 7E 53 - jle CrimsonDesert.exe+1D39984 CrimsonDesert.exe+1D39931: 48 8D 4B 08 - lea rcx,[rbx+08] CrimsonDesert.exe+1D39935: 66 41 FF C7 - inc r15w CrimsonDesert.exe+1D39939: E8 62 CC 59 FE - call CrimsonDesert.exe+2D65A0 CrimsonDesert.exe+1D3993E: 48 8B C8 - mov rcx,rax CrimsonDesert.exe+1D39941: 41 8B 45 00 - mov eax,[r13+00] CrimsonDesert.exe+1D39945: 39 01 - cmp [rcx],eax CrimsonDesert.exe+1D39947: 75 36 - jne CrimsonDesert.exe+1D3997F CrimsonDesert.exe+1D39949: 83 7E 20 00 - cmp dword ptr [rsi+20],00 CrimsonDesert.exe+1D3994D: 0F B7 43 08 - movzx eax,word ptr [rbx+08] CrimsonDesert.exe+1D39951: 74 28 - je CrimsonDesert.exe+1D3997B CrimsonDesert.exe+1D39953: 44 8B 4E 20 - mov r9d,[rsi+20] CrimsonDesert.exe+1D39957: 33 C9 - xor ecx,ecx CrimsonDesert.exe+1D39959: 45 85 C9 - test r9d,r9d CrimsonDesert.exe+1D3995C: 74 1D - je CrimsonDesert.exe+1D3997B CrimsonDesert.exe+1D3995E: 4C 8B 56 18 - mov r10,[rsi+18] } 7 "Force set silver amount?" YesNo 0 C08000 4 Bytes

is_chk_silver

8 "When item decrease: no change in defined range" Auto Assembler Script { Generated by AOBMaker, bbfox@https://opencheattables.com Date : 2026/04/01 } [ENABLE] aobscanmodule(INJECT_ITEM_REMOVE_NO_DEC,$process,?? 29 ?? 07 10 ?? 8B ?? ?? 03 ?? ?? FF FF 00 00) // raw AOB: 48 8D 8C 24 80 01 00 00 E8 ?? ?? ?? ?? 0F B6 94 24 98 01 00 00 48 8B C8 E8 ?? ?? ?? ?? 4C 8B D0 48 8B C5 48 99 49 F7 FA 33 C9 48 85 D2 0F 95 C1 48 8D 2C 01 48 89 6C 24 28 49 8B 06 48 8B 8C 24 A8 01 00 00 49 29 4C 07 10 49 8B 0E 49 03 CF B8 FF FF 00 00 66 3B 41 08 74 ?? 48 83 79 10 00 7E ?? 48 8B 69 10 66 89 9C 24 80 01 00 00 48 8D 8C 24 80 01 00 00 E8 ?? ?? ?? ?? 0F B6 94 24 98 01 00 00 48 8B C8 E8 ?? ?? ?? ?? 4C 8B D0 48 8B C5 // injection point AOB: ?? 29 ?? 07 10 ?? 8B ?? ?? 03 ?? ?? FF FF 00 00 66 3B ?? 08 74 ?? ?? 83 ?? 10 00 7E ?? ?? 8B ?? 10 66 89 ?? 24 ?? ?? 00 00 ?? 8D ?? 24 ?? ?? 00 00 E8 ?? ?? ?? ?? 0F B6 ?? 24 ?? ?? 00 00 ?? 8B ?? E8 ?? ?? ?? ?? ?? 8B ?? ?? 8B alloc(newmem,$1000) alloc(INJECT_ITEM_REMOVE_NO_DECo, $10) label(code) label(return) label(i_min_dec_threshold i_max_dec_threshold) label(i_ignore_dec_threshold i_force_dec_threshold is_special_dec_limit) INJECT_ITEM_REMOVE_NO_DECo: readmem(INJECT_ITEM_REMOVE_NO_DEC, $10) newmem: push r13 mov r13, [i_min_dec_threshold] cmp qword ptr [r15+rax+10], r13 jb next_chk mov r13, [i_max_dec_threshold] cmp qword ptr [r15+rax+10], r13 ja next_chk xor rcx, rcx mov [rsp+000001A8], rcx jmp short endp next_chk: cmp qword ptr [is_special_dec_limit], 1 jne short endp mov r13, [i_ignore_dec_threshold] cmp qword ptr [r15+rax+10], r13 jae short endp mov r13, [i_force_dec_threshold] cmp qword ptr [r15+rax+10], r13 ja short endp mov r13, [i_max_dec_threshold] cmp qword ptr [r15+rax+10], r13 jb short endp mov qword ptr [r15+rax+10], r13 xor rcx, rcx mov [rsp+000001A8], rcx endp: pop r13 code: // sub [r15+rax+10],rcx reassemble(INJECT_ITEM_REMOVE_NO_DEC) // mov rcx,[r14] reassemble(INJECT_ITEM_REMOVE_NO_DEC+5) // add rcx,r15 reassemble(INJECT_ITEM_REMOVE_NO_DEC+8) // mov eax,0000FFFF reassemble(INJECT_ITEM_REMOVE_NO_DEC+B) jmp far return align 10 cc i_min_dec_threshold: dq 3 i_max_dec_threshold: dq #100 i_ignore_dec_threshold: // any number >= this will be ignored dq #201 i_force_dec_threshold: // force reduce to "i_max_dec_threshold" if <= "i_force_dec_threshold" and > "i_max_dec_threshold" dq #200 is_special_dec_limit: // special limiation for "i_ignore_dec_threshold" and "i_max_dec_threshold" dq 0 INJECT_ITEM_REMOVE_NO_DEC: jmp far newmem nop 2 return: registersymbol(INJECT_ITEM_REMOVE_NO_DEC INJECT_ITEM_REMOVE_NO_DECo) registersymbol(i_min_dec_threshold i_max_dec_threshold) registersymbol(i_ignore_dec_threshold i_force_dec_threshold is_special_dec_limit) [DISABLE] INJECT_ITEM_REMOVE_NO_DEC: readmem(INJECT_ITEM_REMOVE_NO_DECo, $10) unregistersymbol(INJECT_ITEM_REMOVE_NO_DEC INJECT_ITEM_REMOVE_NO_DECo) unregistersymbol(i_min_dec_threshold i_max_dec_threshold) unregistersymbol(i_ignore_dec_threshold i_force_dec_threshold is_special_dec_limit) dealloc(newmem) dealloc(INJECT_ITEM_REMOVE_NO_DECo) { // ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+1ABCA25 CrimsonDesert.exe+1ABC9E1: 48 8D 8C 24 80 01 00 00 - lea rcx,[rsp+00000180] CrimsonDesert.exe+1ABC9E9: E8 12 9D 81 FE - call CrimsonDesert.exe+2D6700 CrimsonDesert.exe+1ABC9EE: 0F B6 94 24 98 01 00 00 - movzx edx,byte ptr [rsp+00000198] CrimsonDesert.exe+1ABC9F6: 48 8B C8 - mov rcx,rax CrimsonDesert.exe+1ABC9F9: E8 B2 52 28 00 - call CrimsonDesert.exe+1D41CB0 CrimsonDesert.exe+1ABC9FE: 4C 8B D0 - mov r10,rax CrimsonDesert.exe+1ABCA01: 48 8B C5 - mov rax,rbp CrimsonDesert.exe+1ABCA04: 48 99 - cqo CrimsonDesert.exe+1ABCA06: 49 F7 FA - idiv r10 CrimsonDesert.exe+1ABCA09: 33 C9 - xor ecx,ecx CrimsonDesert.exe+1ABCA0B: 48 85 D2 - test rdx,rdx CrimsonDesert.exe+1ABCA0E: 0F 95 C1 - setne cl CrimsonDesert.exe+1ABCA11: 48 8D 2C 01 - lea rbp,[rcx+rax] CrimsonDesert.exe+1ABCA15: 48 89 6C 24 28 - mov [rsp+28],rbp CrimsonDesert.exe+1ABCA1A: 49 8B 06 - mov rax,[r14] CrimsonDesert.exe+1ABCA1D: 48 8B 8C 24 A8 01 00 00 - mov rcx,[rsp+000001A8] // ---------- INJECTING HERE ---------- CrimsonDesert.exe+1ABCA25: 49 29 4C 07 10 - sub [r15+rax+10],rcx // ---------- DONE INJECTING ---------- CrimsonDesert.exe+1ABCA2A: 49 8B 0E - mov rcx,[r14] CrimsonDesert.exe+1ABCA2D: 49 03 CF - add rcx,r15 CrimsonDesert.exe+1ABCA30: B8 FF FF 00 00 - mov eax,0000FFFF CrimsonDesert.exe+1ABCA35: 66 3B 41 08 - cmp ax,[rcx+08] CrimsonDesert.exe+1ABCA39: 74 5C - je CrimsonDesert.exe+1ABCA97 CrimsonDesert.exe+1ABCA3B: 48 83 79 10 00 - cmp qword ptr [rcx+10],00 CrimsonDesert.exe+1ABCA40: 7E 55 - jle CrimsonDesert.exe+1ABCA97 CrimsonDesert.exe+1ABCA42: 48 8B 69 10 - mov rbp,[rcx+10] CrimsonDesert.exe+1ABCA46: 66 89 9C 24 80 01 00 00 - mov [rsp+00000180],bx CrimsonDesert.exe+1ABCA4E: 48 8D 8C 24 80 01 00 00 - lea rcx,[rsp+00000180] CrimsonDesert.exe+1ABCA56: E8 A5 9C 81 FE - call CrimsonDesert.exe+2D6700 CrimsonDesert.exe+1ABCA5B: 0F B6 94 24 98 01 00 00 - movzx edx,byte ptr [rsp+00000198] CrimsonDesert.exe+1ABCA63: 48 8B C8 - mov rcx,rax CrimsonDesert.exe+1ABCA66: E8 45 52 28 00 - call CrimsonDesert.exe+1D41CB0 CrimsonDesert.exe+1ABCA6B: 4C 8B D0 - mov r10,rax CrimsonDesert.exe+1ABCA6E: 48 8B C5 - mov rax,rbp } 9 "cur. amount must >=" 0 C08000 8 Bytes

i_min_dec_threshold

10 "**and must <=" 0 C08000 8 Bytes

i_max_dec_threshold

11 "Enable extra rule?" YesNo 0 C08000 8 Bytes

is_special_dec_limit

12 "Set to "**and must <=" value if:" 1 13 "ignore this rule if amount >= (for money)" 0 C08000 8 Bytes

i_ignore_dec_threshold

14 "and amount <=" 0 C08000 8 Bytes

i_force_dec_threshold

15 "Menu: when add item amount: set item amount" Auto Assembler Script { Generated by AOBMaker, bbfox@https://opencheattables.com Date : 2026/03/29 } [ENABLE] aobscanmodule(INJECT_SET_ITEM_CNT,$process,?? 01 ?? 38 10 ?? 8B ?? ?? 8B ?? 0F 10 ?? 8D ?? 24 ??) // raw AOB: 66 3B 41 08 0F 84 ?? ?? ?? ?? 4C 8B 61 10 4D 85 E4 0F 8E ?? ?? ?? ?? 48 8D 4C 24 68 48 89 6C 24 50 66 89 5C 24 68 E8 ?? ?? ?? ?? 0F B6 54 24 70 48 89 C1 E8 ?? ?? ?? ?? 49 8B 4D 10 48 89 C5 4D 8B 06 66 89 5C 24 68 49 01 4C 38 10 49 8B 0E 48 8B 7C 0F 10 48 8D 4C 24 68 E8 ?? ?? ?? ?? 0F B6 54 24 70 48 89 C1 E8 ?? ?? ?? ?? 48 C7 05 ?? ?? ?? ?? 0F A2 C3 00 49 89 C2 31 C9 48 89 F8 48 99 49 F7 FA 49 89 C2 49 89 D1 4C 89 E0 // injection point AOB: ?? 01 ?? 38 10 ?? 8B ?? ?? 8B ?? 0F 10 ?? 8D ?? 24 ?? E8 ?? ?? ?? ?? 0F B6 ?? 24 ?? ?? 89 ?? E8 ?? ?? ?? ?? ?? C7 ?? ?? ?? ?? ?? 0F A2 C3 00 ?? 89 ?? 31 ?? ?? 89 ?? 48 99 ?? F7 ?? ?? 89 ?? ?? 89 ?? ?? 89 alloc(newmem,$1000) alloc(INJECT_SET_ITEM_CNTo, $12) label(code) label(return) label(i_item_threshold i_item_set_to) label(i_item_threshold2 i_item_set_to2 i_item_threshold3 i_item_set_to3 i_item_threshold4 i_item_set_to4 i_item_add_options vf_item_add_multi) label(i_last_idata_addr1 i_last_idata_addr2) INJECT_SET_ITEM_CNTo: readmem(INJECT_SET_ITEM_CNT, $12) newmem: test rcx, rcx jz code push r15 push r14 mov r15, i_last_idata_addr1 mov r14, [i_idx] lea r15, [r15+r14*8] lea r14, [r8+rdi] mov [r15], r14 inc qword ptr [i_idx] cmp qword ptr [i_idx], 2 jb short endp_pre mov qword ptr [i_idx], 0 endp_pre: pop r14 pop r15 cmp qword ptr [r8+rdi], #125 // normal key je code cmp qword ptr [r8+rdi], #175 // cube je code cmp qword ptr [r8+rdi], #26 // wool je code cmp qword ptr [r8+rdi], #27 // silver (currency) je code cmp dword ptr [i_item_add_options], 0 jne chk_next1 push r15 { mov r15, [i_item_threshold4] cmp [r8+rdi+10], r15 jb @F mov r15, [i_item_set_to4] cmp [r8+rdi+10], r15 jae @F mov [r8+rdi+10], r15 jmp endp @@: mov r15, [i_item_threshold3] cmp [r8+rdi+10], r15 jb @F mov r15, [i_item_set_to3] cmp [r8+rdi+10], r15 jae @F mov [r8+rdi+10], r15 jmp endp } @@: mov r15, [i_item_threshold2] cmp [r8+rdi+10], r15 jb short @F mov r15, [i_item_set_to2] cmp [r8+rdi+10], r15 jae short @F mov [r8+rdi+10], r15 jmp short endp @@: mov r15, [i_item_threshold] cmp [r8+rdi+10], r15 jb short @F mov r15, [i_item_set_to] cmp [r8+rdi+10], r15 jae short @F mov [r8+rdi+10], r15 jmp short endp @@: endp: pop r15 jmp short code chk_next1: vmovss xmm14, [vf_item_add_multi] vcvtsi2ss xmm15, xmm15, rcx vmulss xmm15, xmm14, xmm14 vcvtss2si rcx, xmm15 code: // add [r8+rdi+10],rcx reassemble(INJECT_SET_ITEM_CNT) // mov rcx,[r14] reassemble(INJECT_SET_ITEM_CNT+5) // mov rdi,[rdi+rcx+10] reassemble(INJECT_SET_ITEM_CNT+8) // lea rcx,[rsp+68] reassemble(INJECT_SET_ITEM_CNT+D) jmp far return align 10 cc i_item_threshold: dq 2 i_item_set_to: dq #19 i_item_threshold2: dq #201 i_item_set_to2: dq #900 i_item_threshold3: dq #1001 i_item_set_to3: dq #9800 i_item_threshold4: dq #10001 i_item_set_to4: dq #99800 i_item_add_options: // 0 = value clamp, 1 = multiplier dd 0 vf_item_add_multi: dd (float)3 i_idx: dq 0 i_last_idata_addr1: dq 0 i_last_idata_addr2: dq 0 INJECT_SET_ITEM_CNT: jmp far newmem nop 4 return: registersymbol(INJECT_SET_ITEM_CNT INJECT_SET_ITEM_CNTo) registersymbol(i_item_threshold i_item_set_to) registersymbol(i_last_idata_addr1 i_last_idata_addr2) registersymbol(i_item_threshold2 i_item_set_to2 i_item_threshold3 i_item_set_to3 i_item_threshold4 i_item_set_to4 i_item_add_options vf_item_add_multi) [DISABLE] INJECT_SET_ITEM_CNT: readmem(INJECT_SET_ITEM_CNTo, $12) unregistersymbol(INJECT_SET_ITEM_CNT INJECT_SET_ITEM_CNTo) unregistersymbol(i_item_threshold i_item_set_to) unregistersymbol(i_last_idata_addr1 i_last_idata_addr2) unregistersymbol(i_item_threshold2 i_item_set_to2 i_item_threshold3 i_item_set_to3 i_item_threshold4 i_item_set_to4 i_item_add_options vf_item_add_multi) dealloc(newmem) dealloc(INJECT_SET_ITEM_CNTo) { // ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+F8DA43A CrimsonDesert.exe+F8DA3F3: 66 3B 41 08 - cmp ax,[rcx+08] CrimsonDesert.exe+F8DA3F7: 0F 84 AF 00 00 00 - je CrimsonDesert.exe+F8DA4AC CrimsonDesert.exe+F8DA3FD: 4C 8B 61 10 - mov r12,[rcx+10] CrimsonDesert.exe+F8DA401: 4D 85 E4 - test r12,r12 CrimsonDesert.exe+F8DA404: 0F 8E A2 00 00 00 - jng CrimsonDesert.exe+F8DA4AC CrimsonDesert.exe+F8DA40A: 48 8D 4C 24 68 - lea rcx,[rsp+68] CrimsonDesert.exe+F8DA40F: 48 89 6C 24 50 - mov [rsp+50],rbp CrimsonDesert.exe+F8DA414: 66 89 5C 24 68 - mov [rsp+68],bx CrimsonDesert.exe+F8DA419: E8 82 C1 9F F0 - call CrimsonDesert.exe+2D65A0 CrimsonDesert.exe+F8DA41E: 0F B6 54 24 70 - movzx edx,byte ptr [rsp+70] CrimsonDesert.exe+F8DA423: 48 89 C1 - mov rcx,rax CrimsonDesert.exe+F8DA426: E8 A5 73 46 F2 - call CrimsonDesert.exe+1D417D0 CrimsonDesert.exe+F8DA42B: 49 8B 4D 10 - mov rcx,[r13+10] CrimsonDesert.exe+F8DA42F: 48 89 C5 - mov rbp,rax CrimsonDesert.exe+F8DA432: 4D 8B 06 - mov r8,[r14] CrimsonDesert.exe+F8DA435: 66 89 5C 24 68 - mov [rsp+68],bx // ---------- INJECTING HERE ---------- CrimsonDesert.exe+F8DA43A: 49 01 4C 38 10 - add [r8+rdi+10],rcx // ---------- DONE INJECTING ---------- CrimsonDesert.exe+F8DA43F: 49 8B 0E - mov rcx,[r14] CrimsonDesert.exe+F8DA442: 48 8B 7C 0F 10 - mov rdi,[rdi+rcx+10] CrimsonDesert.exe+F8DA447: 48 8D 4C 24 68 - lea rcx,[rsp+68] CrimsonDesert.exe+F8DA44C: E8 4F C1 9F F0 - call CrimsonDesert.exe+2D65A0 CrimsonDesert.exe+F8DA451: 0F B6 54 24 70 - movzx edx,byte ptr [rsp+70] CrimsonDesert.exe+F8DA456: 48 89 C1 - mov rcx,rax CrimsonDesert.exe+F8DA459: E8 72 73 46 F2 - call CrimsonDesert.exe+1D417D0 CrimsonDesert.exe+F8DA45E: 48 C7 05 87 58 7F 07 0F A2 C3 00 - mov qword ptr [CrimsonDesert.exe+170CFCF0],00C3A20F CrimsonDesert.exe+F8DA469: 49 89 C2 - mov r10,rax CrimsonDesert.exe+F8DA46C: 31 C9 - xor ecx,ecx CrimsonDesert.exe+F8DA46E: 48 89 F8 - mov rax,rdi CrimsonDesert.exe+F8DA471: 48 99 - cqo CrimsonDesert.exe+F8DA473: 49 F7 FA - idiv r10 CrimsonDesert.exe+F8DA476: 49 89 C2 - mov r10,rax CrimsonDesert.exe+F8DA479: 49 89 D1 - mov r9,rdx CrimsonDesert.exe+F8DA47C: 4C 89 E0 - mov rax,r12 } 16 "ignores known keys and cubes, others in "inf: arrows, bullets...." script" 8000FF 1 17 "mode" 0:value clamp 1:multiplier 0 C08000 4 Bytes

i_item_add_options

18 "_debug" 1 19 "Seq ID #1" 0 808080 8 Bytes

i_last_idata_addr1

0 20 "ID alt #1" 0 FF8080 4 Bytes

i_last_idata_addr2

8 21 "amount #1" 0 FF8080 8 Bytes

i_last_idata_addr2

10 22 "Seq ID #2" 0 808080 8 Bytes

i_last_idata_addr2

0 23 "ID alt #2" 0 FF8080 4 Bytes

i_last_idata_addr2

8 24 "amount #2" 0 FF8080 8 Bytes

i_last_idata_addr2

10 25 "value clamp" 1 26 "cur. amount must >=" 0 C08000 8 Bytes

i_item_threshold

27 "set amount to" 0 C08000 8 Bytes

i_item_set_to

28 "#2: cur. amount must >=" 0 C08000 8 Bytes

i_item_threshold2

29 "#2: set amount to" 0 C08000 8 Bytes

i_item_set_to2

30 "multiplier" 0 C08000 Float

vf_item_add_multi

31 "Bag bonus slot multiplier" Auto Assembler Script { Generated by AOBMaker, bbfox@https://opencheattables.com Date : 2026/03/29 } [ENABLE] aobscanmodule(INJECT_BAG_BONUS_MULTI,$process,66 01 ?? 16 ?? 8B ?? ?? 8B ?? 24 ?? 66 ?? 89 ?? 14) // raw AOB: E8 ?? ?? ?? ?? 44 0F B7 4B 14 45 33 F6 66 44 39 48 14 7D ?? 41 0F B7 FE EB ?? 48 8D 4B 10 E8 ?? ?? ?? ?? 44 0F B7 4B 14 0F B7 48 14 66 41 2B C9 66 3B CF 66 0F 4C F9 48 8B 6C 24 38 66 44 03 CF 66 01 7B 16 48 8B C6 48 8B 7C 24 48 66 44 89 4B 14 48 8B 5C 24 30 44 89 36 48 8B 74 24 40 48 83 C4 20 41 5E C3 CC CC CC 48 89 5C 24 08 4C 8B 05 ?? ?? ?? ?? 66 39 51 0C 7E ?? 0F BF C2 // injection point AOB: 66 01 ?? 16 ?? 8B ?? ?? 8B ?? 24 ?? 66 ?? 89 ?? 14 ?? 8B ?? 24 ?? ?? 89 ?? ?? 8B ?? 24 ?? 48 83 C4 20 ?? ?? C3 CC CC CC ?? 89 ?? 24 ?? ?? 8B ?? ?? ?? ?? ?? 66 39 ?? 0C 7E ?? 0F BF alloc(newmem,$1000) alloc(INJECT_BAG_BONUS_MULTIo, $11) label(code) label(return) label(vf_mult_348928 iw_min_bonus) INJECT_BAG_BONUS_MULTIo: readmem(INJECT_BAG_BONUS_MULTI, $11) newmem: // **** Begin Auto script: Multiplier // value=3, rule=R1_MemReg, template=P1_IntToFloat, NegDeltaCheck, PreserveXmm sub rsp, 20 movaps [rsp], xmm15 movaps [rsp+10], xmm14 and edi, 0000FFFF test edi, edi // Multiplier: delta in di vmovss xmm15, [vf_mult_348928] vcvtsi2ss xmm14, xmm14, edi vmulss xmm14, xmm14, xmm15 vcvtss2si edi, xmm14 skip_mult_348928: movaps xmm15, [rsp] movaps xmm14, [rsp+10] add rsp, 20 // **** End Auto script: Multiplier code: // add [rbx+16],di reassemble(INJECT_BAG_BONUS_MULTI) // mov rax,rsi reassemble(INJECT_BAG_BONUS_MULTI+4) // mov rdi,[rsp+48] reassemble(INJECT_BAG_BONUS_MULTI+7) // mov [rbx+14],r9w reassemble(INJECT_BAG_BONUS_MULTI+C) jmp far return align 10 cc vf_mult_348928: dd (float)3 iw_min_bonus: dw 64 INJECT_BAG_BONUS_MULTI: jmp far newmem nop 3 return: registersymbol(INJECT_BAG_BONUS_MULTI INJECT_BAG_BONUS_MULTIo vf_mult_348928 iw_min_bonus) [DISABLE] INJECT_BAG_BONUS_MULTI: readmem(INJECT_BAG_BONUS_MULTIo, $11) unregistersymbol(INJECT_BAG_BONUS_MULTI INJECT_BAG_BONUS_MULTIo vf_mult_348928 iw_min_bonus) dealloc(newmem) dealloc(INJECT_BAG_BONUS_MULTIo) { // ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+1D39628 CrimsonDesert.exe+1D395E8: E8 D3 22 78 FE - call CrimsonDesert.exe+4BB8C0 CrimsonDesert.exe+1D395ED: 44 0F B7 4B 14 - movzx r9d,word ptr [rbx+14] CrimsonDesert.exe+1D395F2: 45 33 F6 - xor r14d,r14d CrimsonDesert.exe+1D395F5: 66 44 39 48 14 - cmp [rax+14],r9w CrimsonDesert.exe+1D395FA: 7D 06 - jnl CrimsonDesert.exe+1D39602 CrimsonDesert.exe+1D395FC: 41 0F B7 FE - movzx edi,r14w CrimsonDesert.exe+1D39600: EB 1D - jmp CrimsonDesert.exe+1D3961F CrimsonDesert.exe+1D39602: 48 8D 4B 10 - lea rcx,[rbx+10] CrimsonDesert.exe+1D39606: E8 B5 22 78 FE - call CrimsonDesert.exe+4BB8C0 CrimsonDesert.exe+1D3960B: 44 0F B7 4B 14 - movzx r9d,word ptr [rbx+14] CrimsonDesert.exe+1D39610: 0F B7 48 14 - movzx ecx,word ptr [rax+14] CrimsonDesert.exe+1D39614: 66 41 2B C9 - sub cx,r9w CrimsonDesert.exe+1D39618: 66 3B CF - cmp cx,di CrimsonDesert.exe+1D3961B: 66 0F 4C F9 - cmovl di,cx CrimsonDesert.exe+1D3961F: 48 8B 6C 24 38 - mov rbp,[rsp+38] CrimsonDesert.exe+1D39624: 66 44 03 CF - add r9w,di // ---------- INJECTING HERE ---------- CrimsonDesert.exe+1D39628: 66 01 7B 16 - add [rbx+16],di // ---------- DONE INJECTING ---------- CrimsonDesert.exe+1D3962C: 48 8B C6 - mov rax,rsi CrimsonDesert.exe+1D3962F: 48 8B 7C 24 48 - mov rdi,[rsp+48] CrimsonDesert.exe+1D39634: 66 44 89 4B 14 - mov [rbx+14],r9w CrimsonDesert.exe+1D39639: 48 8B 5C 24 30 - mov rbx,[rsp+30] CrimsonDesert.exe+1D3963E: 44 89 36 - mov [rsi],r14d CrimsonDesert.exe+1D39641: 48 8B 74 24 40 - mov rsi,[rsp+40] CrimsonDesert.exe+1D39646: 48 83 C4 20 - add rsp,20 CrimsonDesert.exe+1D3964A: 41 5E - pop r14 CrimsonDesert.exe+1D3964C: C3 - ret CrimsonDesert.exe+1D3964D: CC - int 3 CrimsonDesert.exe+1D3964E: CC - int 3 CrimsonDesert.exe+1D3964F: CC - int 3 CrimsonDesert.exe+1D39650: 48 89 5C 24 08 - mov [rsp+08],rbx CrimsonDesert.exe+1D39655: 4C 8B 05 5C 81 F2 03 - mov r8,[CrimsonDesert.exe+5C617B8] CrimsonDesert.exe+1D3965C: 66 39 51 0C - cmp [rcx+0C],dx CrimsonDesert.exe+1D39660: 7E 69 - jle CrimsonDesert.exe+1D396CB } 32 "base min bonus" 0 C08000 2 Bytes

iw_min_bonus

33 "multiplier" 0 C08000 Float

vf_mult_348928

34 "Set min reputation when gain" Auto Assembler Script { Generated by AOBMaker, bbfox@https://opencheattables.com Date : 2026/03/29 } [ENABLE] aobscanmodule(INJECT_SET_MIN_REP_WHEN_GAIN,$process,?? 89 ?? 10 89 ?? 0C ?? 8B ?? 24 ?? 00 00 00) // raw AOB: 48 8D 69 18 41 8B F1 48 8D 8C 24 98 00 00 00 41 8B F8 0F B7 DA E8 ?? ?? ?? ?? 48 8B D0 48 8B CD E8 ?? ?? ?? ?? 48 85 C0 74 ?? 89 78 08 39 78 04 7D ?? 89 78 04 48 8B 8C 24 B0 00 00 00 48 89 48 10 89 70 0C 48 8B 9C 24 A0 00 00 00 48 83 C4 70 5F 5E 5D C3 48 8B 84 24 B0 00 00 00 48 8D 8C 24 90 00 00 00 48 89 44 24 50 66 89 5C 24 40 89 7C 24 44 89 7C 24 48 89 74 24 4C 66 89 9C 24 90 00 00 00 E8 ?? ?? ?? ?? 4C 8D 4C 24 40 // injection point AOB: ?? 89 ?? 10 89 ?? 0C ?? 8B ?? 24 ?? 00 00 00 48 83 C4 70 ?? ?? 5D C3 ?? 8B ?? 24 ?? 00 00 00 ?? 8D ?? 24 ?? 00 00 00 ?? 89 ?? 24 ?? 66 89 ?? 24 ?? 89 ?? 24 ?? 89 ?? 24 ?? 89 ?? 24 ?? 66 89 ?? 24 ?? 00 00 00 E8 ?? ?? ?? ?? ?? 8D ?? 24 alloc(newmem,$1000) alloc(INJECT_SET_MIN_REP_WHEN_GAINo, $F) label(code) label(return) label(i_min_rep_dot_value i_min_rep_value i_last_rep_addr) INJECT_SET_MIN_REP_WHEN_GAINo: readmem(INJECT_SET_MIN_REP_WHEN_GAIN, $F) newmem: mov [i_last_rep_addr], rax mov rbx, [i_min_rep_dot_value] cmp rcx, rbx jae short @F mov rcx, rbx @@: mov rbx, [i_min_rep_value] cmp [rax+8], rbx jae short @F mov [rax+8], rbx code: // mov [rax+10],rcx reassemble(INJECT_SET_MIN_REP_WHEN_GAIN) // mov [rax+0C],esi reassemble(INJECT_SET_MIN_REP_WHEN_GAIN+4) // mov rbx,[rsp+000000A0] reassemble(INJECT_SET_MIN_REP_WHEN_GAIN+7) jmp far return align 10 cc i_min_rep_dot_value: dq #98 i_min_rep_value: dq 14 i_last_rep_addr: dq 0 INJECT_SET_MIN_REP_WHEN_GAIN: jmp far newmem nop 1 return: registersymbol(INJECT_SET_MIN_REP_WHEN_GAIN INJECT_SET_MIN_REP_WHEN_GAINo) registersymbol(i_min_rep_dot_value i_min_rep_value i_last_rep_addr) [DISABLE] INJECT_SET_MIN_REP_WHEN_GAIN: readmem(INJECT_SET_MIN_REP_WHEN_GAINo, $F) unregistersymbol(INJECT_SET_MIN_REP_WHEN_GAIN INJECT_SET_MIN_REP_WHEN_GAINo) unregistersymbol(i_min_rep_dot_value i_min_rep_value i_last_rep_addr) dealloc(newmem) dealloc(INJECT_SET_MIN_REP_WHEN_GAINo) { // ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+1B4C98E CrimsonDesert.exe+1B4C951: 48 8D 69 18 - lea rbp,[rcx+18] CrimsonDesert.exe+1B4C955: 41 8B F1 - mov esi,r9d CrimsonDesert.exe+1B4C958: 48 8D 8C 24 98 00 00 00 - lea rcx,[rsp+00000098] CrimsonDesert.exe+1B4C960: 41 8B F8 - mov edi,r8d CrimsonDesert.exe+1B4C963: 0F B7 DA - movzx ebx,dx CrimsonDesert.exe+1B4C966: E8 95 F1 7A FE - call CrimsonDesert.exe+2FBB00 CrimsonDesert.exe+1B4C96B: 48 8B D0 - mov rdx,rax CrimsonDesert.exe+1B4C96E: 48 8B CD - mov rcx,rbp CrimsonDesert.exe+1B4C971: E8 EA D5 78 FE - call CrimsonDesert.exe+2D9F60 CrimsonDesert.exe+1B4C976: 48 85 C0 - test rax,rax CrimsonDesert.exe+1B4C979: 74 2A - je CrimsonDesert.exe+1B4C9A5 CrimsonDesert.exe+1B4C97B: 89 78 08 - mov [rax+08],edi CrimsonDesert.exe+1B4C97E: 39 78 04 - cmp [rax+04],edi CrimsonDesert.exe+1B4C981: 7D 03 - jnl CrimsonDesert.exe+1B4C986 CrimsonDesert.exe+1B4C983: 89 78 04 - mov [rax+04],edi CrimsonDesert.exe+1B4C986: 48 8B 8C 24 B0 00 00 00 - mov rcx,[rsp+000000B0] // ---------- INJECTING HERE ---------- CrimsonDesert.exe+1B4C98E: 48 89 48 10 - mov [rax+10],rcx // ---------- DONE INJECTING ---------- CrimsonDesert.exe+1B4C992: 89 70 0C - mov [rax+0C],esi CrimsonDesert.exe+1B4C995: 48 8B 9C 24 A0 00 00 00 - mov rbx,[rsp+000000A0] CrimsonDesert.exe+1B4C99D: 48 83 C4 70 - add rsp,70 CrimsonDesert.exe+1B4C9A1: 5F - pop rdi CrimsonDesert.exe+1B4C9A2: 5E - pop rsi CrimsonDesert.exe+1B4C9A3: 5D - pop rbp CrimsonDesert.exe+1B4C9A4: C3 - ret CrimsonDesert.exe+1B4C9A5: 48 8B 84 24 B0 00 00 00 - mov rax,[rsp+000000B0] CrimsonDesert.exe+1B4C9AD: 48 8D 8C 24 90 00 00 00 - lea rcx,[rsp+00000090] CrimsonDesert.exe+1B4C9B5: 48 89 44 24 50 - mov [rsp+50],rax CrimsonDesert.exe+1B4C9BA: 66 89 5C 24 40 - mov [rsp+40],bx CrimsonDesert.exe+1B4C9BF: 89 7C 24 44 - mov [rsp+44],edi CrimsonDesert.exe+1B4C9C3: 89 7C 24 48 - mov [rsp+48],edi CrimsonDesert.exe+1B4C9C7: 89 74 24 4C - mov [rsp+4C],esi CrimsonDesert.exe+1B4C9CB: 66 89 9C 24 90 00 00 00 - mov [rsp+00000090],bx CrimsonDesert.exe+1B4C9D3: E8 28 F1 7A FE - call CrimsonDesert.exe+2FBB00 } 35 "min. rep. value" 0 C08000 8 Bytes

i_min_rep_value

36 "Last rep." 0 FF8080 8 Bytes

i_last_rep_addr

8 37 "reputation no decrease" Auto Assembler Script { Generated by AOBMaker, bbfox@https://opencheattables.com Date : 2026/03/29 } [ENABLE] aobscanmodule(INJECT_NO_REP_DEC,$process,E8 ?? ?? ?? ?? ?? 85 ?? 74 ?? 89 ?? 08 39 ?? 04 7D ?? 89 ?? 04 ?? 8B) // raw AOB: CC CC 48 89 5C 24 18 66 89 54 24 10 55 56 57 48 83 EC 70 48 8D 69 18 41 8B F1 48 8D 8C 24 98 00 00 00 41 8B F8 0F B7 DA E8 ?? ?? ?? ?? 48 8B D0 48 8B CD E8 ?? ?? ?? ?? 48 85 C0 74 ?? 89 78 08 39 78 04 7D ?? 89 78 04 48 8B 8C 24 B0 00 00 00 48 89 48 10 89 70 0C 48 8B 9C 24 A0 00 00 00 48 83 C4 70 5F 5E 5D C3 48 8B 84 24 B0 00 00 00 // injection point AOB: E8 ?? ?? ?? ?? ?? 85 ?? 74 ?? 89 ?? 08 39 ?? 04 7D ?? 89 ?? 04 ?? 8B ?? 24 ?? 00 00 00 ?? 89 ?? 10 89 ?? 0C ?? 8B ?? 24 ?? 00 00 00 48 83 C4 70 ?? ?? 5D C3 ?? 8B ?? 24 ?? 00 00 00 alloc(newmem,$1000) alloc(INJECT_NO_REP_DECo, $10) label(code) label(return) INJECT_NO_REP_DECo: readmem(INJECT_NO_REP_DEC, $10) newmem: code: // call CrimsonDesert.exe+2D9F60 reassemble(INJECT_NO_REP_DEC) // test rax,rax reassemble(INJECT_NO_REP_DEC+5) // je CrimsonDesert.exe+1B4C9A5 reassemble(INJECT_NO_REP_DEC+8) // ***************************************** // ****** begin code injection cmp [rax+08],edi jle short @F mov edi,[rax+08] cmp edi, C8 jge short @F add edi, 1 @@: // ****** end code injection // ***************************************** // mov [rax+08],edi reassemble(INJECT_NO_REP_DEC+A) // cmp [rax+04],edi reassemble(INJECT_NO_REP_DEC+D) jmp far return align 10 cc INJECT_NO_REP_DEC: jmp far newmem nop 2 return: registersymbol(INJECT_NO_REP_DEC INJECT_NO_REP_DECo) [DISABLE] INJECT_NO_REP_DEC: readmem(INJECT_NO_REP_DECo, $10) unregistersymbol(INJECT_NO_REP_DEC INJECT_NO_REP_DECo) dealloc(newmem) dealloc(INJECT_NO_REP_DECo) { // ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+1B4C971 CrimsonDesert.exe+1B4C93E: CC - int 3 CrimsonDesert.exe+1B4C93F: CC - int 3 CrimsonDesert.exe+1B4C940: 48 89 5C 24 18 - mov [rsp+18],rbx CrimsonDesert.exe+1B4C945: 66 89 54 24 10 - mov [rsp+10],dx CrimsonDesert.exe+1B4C94A: 55 - push rbp CrimsonDesert.exe+1B4C94B: 56 - push rsi CrimsonDesert.exe+1B4C94C: 57 - push rdi CrimsonDesert.exe+1B4C94D: 48 83 EC 70 - sub rsp,70 CrimsonDesert.exe+1B4C951: 48 8D 69 18 - lea rbp,[rcx+18] CrimsonDesert.exe+1B4C955: 41 8B F1 - mov esi,r9d CrimsonDesert.exe+1B4C958: 48 8D 8C 24 98 00 00 00 - lea rcx,[rsp+00000098] CrimsonDesert.exe+1B4C960: 41 8B F8 - mov edi,r8d CrimsonDesert.exe+1B4C963: 0F B7 DA - movzx ebx,dx CrimsonDesert.exe+1B4C966: E8 95 F1 7A FE - call CrimsonDesert.exe+2FBB00 CrimsonDesert.exe+1B4C96B: 48 8B D0 - mov rdx,rax CrimsonDesert.exe+1B4C96E: 48 8B CD - mov rcx,rbp // ---------- INJECTING HERE ---------- CrimsonDesert.exe+1B4C971: E8 EA D5 78 FE - call CrimsonDesert.exe+2D9F60 // ---------- DONE INJECTING ---------- CrimsonDesert.exe+1B4C976: 48 85 C0 - test rax,rax CrimsonDesert.exe+1B4C979: 74 2A - je CrimsonDesert.exe+1B4C9A5 CrimsonDesert.exe+1B4C97B: 89 78 08 - mov [rax+08],edi CrimsonDesert.exe+1B4C97E: 39 78 04 - cmp [rax+04],edi CrimsonDesert.exe+1B4C981: 7D 03 - jnl CrimsonDesert.exe+1B4C986 CrimsonDesert.exe+1B4C983: 89 78 04 - mov [rax+04],edi CrimsonDesert.exe+1B4C986: 48 8B 8C 24 B0 00 00 00 - mov rcx,[rsp+000000B0] CrimsonDesert.exe+1B4C98E: 48 89 48 10 - mov [rax+10],rcx CrimsonDesert.exe+1B4C992: 89 70 0C - mov [rax+0C],esi CrimsonDesert.exe+1B4C995: 48 8B 9C 24 A0 00 00 00 - mov rbx,[rsp+000000A0] CrimsonDesert.exe+1B4C99D: 48 83 C4 70 - add rsp,70 CrimsonDesert.exe+1B4C9A1: 5F - pop rdi CrimsonDesert.exe+1B4C9A2: 5E - pop rsi CrimsonDesert.exe+1B4C9A3: 5D - pop rbp CrimsonDesert.exe+1B4C9A4: C3 - ret CrimsonDesert.exe+1B4C9A5: 48 8B 84 24 B0 00 00 00 - mov rax,[rsp+000000B0] } 38 "Get HP address: Step 1 & 2 - AOB mode" 1 39 "+Step 1 Usage: open item menu" 8000FF 1 40 "Enable step 1" Auto Assembler Script { Generated by AOBMaker, bbfox@https://opencheattables.com Date : 2026/03/29 } [ENABLE] aobscanmodule(INJECT_GET_HP_1_3,$process,0F 85 ?? ?? ?? ?? ?? 8B ?? 38 ?? 3B ?? 0F 86 ?? ?? ?? ??) // raw AOB: CC CC CC CC CC 48 89 5C 24 08 48 89 74 24 10 48 89 7C 24 18 41 56 48 83 EC 20 4D 8B F1 49 8B F0 48 8B FA 48 8B D9 E8 ?? ?? ?? ?? 80 78 11 02 0F 85 ?? ?? ?? ?? 48 8B 43 38 48 3B F0 0F 86 ?? ?? ?? ?? 80 7B 53 00 0F 8F ?? ?? ?? ?? 4C 8B 4B 08 4C 8B 53 28 4D 3B CA 7F ?? 48 3B 73 40 0F 86 ?? ?? ?? ?? F2 0F 10 0D ?? ?? ?? ?? 0F 57 D2 F2 48 0F 2A 53 10 48 8B 53 40 0F 57 C0 // injection point AOB: 0F 85 ?? ?? ?? ?? ?? 8B ?? 38 ?? 3B ?? 0F 86 ?? ?? ?? ?? 80 ?? 53 00 0F 8F ?? ?? ?? ?? ?? 8B ?? 08 ?? 8B ?? 28 ?? 3B ?? 7F ?? ?? 3B ?? 40 0F 86 ?? ?? ?? ?? F2 0F 10 ?? ?? ?? ?? ?? 0F 57 ?? F2 ?? 0F 2A ?? 10 ?? 8B ?? 40 0F 57 alloc(newmem,$1000) alloc(INJECT_GET_HP_1_3o, $13) label(code) label(return) label(i_base_hp_addr_1 i_base_hp_addr_1_2) INJECT_GET_HP_1_3o: readmem(INJECT_GET_HP_1_3, $13) newmem: jne save_address_1 jmp code save_address_1: pushfq cmp qword ptr [i_base_hp_addr_1], rbx je short endp cmp qword ptr [i_base_hp_addr_1_2], rbx je short endp cmp qword ptr [i_base_hp_addr_1], 0 jne write_2 mov [i_base_hp_addr_1], rbx // rbx+08 = HP jmp short endp write_2: cmp qword ptr [i_base_hp_addr_1_2], 0 jne short endp mov [i_base_hp_addr_1_2], rbx // rbx+08 = HP endp: popfq code: // jne CrimsonDesert.exe+12D79C4 reassemble(INJECT_GET_HP_1_3) // mov rax,[rbx+38] reassemble(INJECT_GET_HP_1_3+6) // cmp rsi,rax reassemble(INJECT_GET_HP_1_3+A) // jbe CrimsonDesert.exe+12D79C4 reassemble(INJECT_GET_HP_1_3+D) jmp far return align 10 cc i_base_hp_addr_1: dq 0 i_base_hp_addr_1_2: dq 0 INJECT_GET_HP_1_3: jmp far newmem nop 5 return: registersymbol(INJECT_GET_HP_1_3 INJECT_GET_HP_1_3o) registersymbol(i_base_hp_addr_1 i_base_hp_addr_1_2) [DISABLE] INJECT_GET_HP_1_3: readmem(INJECT_GET_HP_1_3o, $13) unregistersymbol(INJECT_GET_HP_1_3 INJECT_GET_HP_1_3o) unregistersymbol(i_base_hp_addr_1 i_base_hp_addr_1_2) dealloc(newmem) dealloc(INJECT_GET_HP_1_3o) { // ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+12D78BA CrimsonDesert.exe+12D788B: CC - int 3 CrimsonDesert.exe+12D788C: CC - int 3 CrimsonDesert.exe+12D788D: CC - int 3 CrimsonDesert.exe+12D788E: CC - int 3 CrimsonDesert.exe+12D788F: CC - int 3 CrimsonDesert.exe+12D7890: 48 89 5C 24 08 - mov [rsp+08],rbx CrimsonDesert.exe+12D7895: 48 89 74 24 10 - mov [rsp+10],rsi CrimsonDesert.exe+12D789A: 48 89 7C 24 18 - mov [rsp+18],rdi CrimsonDesert.exe+12D789F: 41 56 - push r14 CrimsonDesert.exe+12D78A1: 48 83 EC 20 - sub rsp,20 CrimsonDesert.exe+12D78A5: 4D 8B F1 - mov r14,r9 CrimsonDesert.exe+12D78A8: 49 8B F0 - mov rsi,r8 CrimsonDesert.exe+12D78AB: 48 8B FA - mov rdi,rdx CrimsonDesert.exe+12D78AE: 48 8B D9 - mov rbx,rcx CrimsonDesert.exe+12D78B1: E8 5A C1 12 FF - call CrimsonDesert.exe+403A10 CrimsonDesert.exe+12D78B6: 80 78 11 02 - cmp byte ptr [rax+11],02 // ---------- INJECTING HERE ---------- CrimsonDesert.exe+12D78BA: 0F 85 04 01 00 00 - jne CrimsonDesert.exe+12D79C4 // ---------- DONE INJECTING ---------- CrimsonDesert.exe+12D78C0: 48 8B 43 38 - mov rax,[rbx+38] CrimsonDesert.exe+12D78C4: 48 3B F0 - cmp rsi,rax CrimsonDesert.exe+12D78C7: 0F 86 F7 00 00 00 - jbe CrimsonDesert.exe+12D79C4 CrimsonDesert.exe+12D78CD: 80 7B 53 00 - cmp byte ptr [rbx+53],00 CrimsonDesert.exe+12D78D1: 0F 8F ED 00 00 00 - jg CrimsonDesert.exe+12D79C4 CrimsonDesert.exe+12D78D7: 4C 8B 4B 08 - mov r9,[rbx+08] CrimsonDesert.exe+12D78DB: 4C 8B 53 28 - mov r10,[rbx+28] CrimsonDesert.exe+12D78DF: 4D 3B CA - cmp r9,r10 CrimsonDesert.exe+12D78E2: 7F 0A - jg CrimsonDesert.exe+12D78EE CrimsonDesert.exe+12D78E4: 48 3B 73 40 - cmp rsi,[rbx+40] CrimsonDesert.exe+12D78E8: 0F 86 D6 00 00 00 - jbe CrimsonDesert.exe+12D79C4 CrimsonDesert.exe+12D78EE: F2 0F 10 0D B2 4C B3 03 - movsd xmm1,[CrimsonDesert.exe+4E0C5A8] CrimsonDesert.exe+12D78F6: 0F 57 D2 - xorps xmm2,xmm2 CrimsonDesert.exe+12D78F9: F2 48 0F 2A 53 10 - cvtsi2sd xmm2,[rbx+10] CrimsonDesert.exe+12D78FF: 48 8B 53 40 - mov rdx,[rbx+40] CrimsonDesert.exe+12D7903: 0F 57 C0 - xorps xmm0,xmm0 } 41 "HP #1a (char tab)" 0 FF8080 8 Bytes

i_base_hp_addr_1

8 42 "Sta #1a (char tab)" 0 FF8080 8 Bytes

i_base_hp_addr_1

488 43 "HP #1b (horse tab)" 0 FF8080 8 Bytes

i_base_hp_addr_1_2

8 44 "Sta #1b (horse tab)" 0 FF8080 8 Bytes

i_base_hp_addr_1_2

488 45 "+Step 2 Usage: open item menu" 8000FF 1 46 "Enable step 2 (char tab)" Auto Assembler Script { Generated by AOBMaker, bbfox@https://opencheattables.com Date : 2026/03/29 } [ENABLE] aobscanmodule(INJECT_GET_HP_2,$process,?? 8B ?? 08 ?? 0F B7 ?? ?? 8B ?? E8 ?? ?? ?? ?? ?? 85) // raw AOB: 32 C0 48 8B 9C 24 30 03 00 00 48 81 C4 E0 02 00 00 41 5F 41 5E 41 5D 41 5C 5F 5E 5D C3 0F B6 80 6A 02 00 00 88 44 24 44 0F B7 D3 49 8B CD E8 ?? ?? ?? ?? 48 8B 70 08 41 0F B7 D6 49 8B CD E8 ?? ?? ?? ?? 48 85 F6 7F ?? 48 85 FF 79 ?? B0 01 EB ?? 32 C0 4C 8D 7C 24 4C 48 8D 4C 24 48 84 C0 4C 0F 44 F9 0F B7 D3 49 8B CD E8 // injection point AOB: ?? 8B ?? 08 ?? 0F B7 ?? ?? 8B ?? E8 ?? ?? ?? ?? ?? 85 ?? 7F ?? ?? 85 ?? 79 ?? ?? 01 EB ?? 32 ?? ?? 8D ?? 24 ?? ?? 8D ?? 24 ?? 84 ?? ?? 0F 44 ?? 0F B7 ?? ?? 8B ?? E8 alloc(newmem,$1000) alloc(INJECT_GET_HP_2o, $10) label(code) label(return) label(i_base_hp_addr_2) INJECT_GET_HP_2o: readmem(INJECT_GET_HP_2, $10) newmem: cmp qword ptr [i_base_hp_addr_2], 0 jne short code mov [i_base_hp_addr_2], rax code: // mov rsi,[rax+08] reassemble(INJECT_GET_HP_2) // movzx edx,r14w reassemble(INJECT_GET_HP_2+4) // mov rcx,r13 reassemble(INJECT_GET_HP_2+8) // call CrimsonDesert.exe+12D2250 reassemble(INJECT_GET_HP_2+B) jmp far return align 10 cc i_base_hp_addr_2: dq 0 INJECT_GET_HP_2: jmp far newmem nop 2 return: registersymbol(INJECT_GET_HP_2 INJECT_GET_HP_2o) registersymbol(i_base_hp_addr_2) [DISABLE] INJECT_GET_HP_2: readmem(INJECT_GET_HP_2o, $10) unregistersymbol(INJECT_GET_HP_2 INJECT_GET_HP_2o) unregistersymbol(i_base_hp_addr_2) dealloc(newmem) dealloc(INJECT_GET_HP_2o) { // ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+12D09BE CrimsonDesert.exe+12D098B: 32 C0 - xor al,al CrimsonDesert.exe+12D098D: 48 8B 9C 24 30 03 00 00 - mov rbx,[rsp+00000330] CrimsonDesert.exe+12D0995: 48 81 C4 E0 02 00 00 - add rsp,000002E0 CrimsonDesert.exe+12D099C: 41 5F - pop r15 CrimsonDesert.exe+12D099E: 41 5E - pop r14 CrimsonDesert.exe+12D09A0: 41 5D - pop r13 CrimsonDesert.exe+12D09A2: 41 5C - pop r12 CrimsonDesert.exe+12D09A4: 5F - pop rdi CrimsonDesert.exe+12D09A5: 5E - pop rsi CrimsonDesert.exe+12D09A6: 5D - pop rbp CrimsonDesert.exe+12D09A7: C3 - ret CrimsonDesert.exe+12D09A8: 0F B6 80 6A 02 00 00 - movzx eax,byte ptr [rax+0000026A] CrimsonDesert.exe+12D09AF: 88 44 24 44 - mov [rsp+44],al CrimsonDesert.exe+12D09B3: 0F B7 D3 - movzx edx,bx CrimsonDesert.exe+12D09B6: 49 8B CD - mov rcx,r13 CrimsonDesert.exe+12D09B9: E8 92 18 00 00 - call CrimsonDesert.exe+12D2250 // ---------- INJECTING HERE ---------- CrimsonDesert.exe+12D09BE: 48 8B 70 08 - mov rsi,[rax+08] // ---------- DONE INJECTING ---------- CrimsonDesert.exe+12D09C2: 41 0F B7 D6 - movzx edx,r14w CrimsonDesert.exe+12D09C6: 49 8B CD - mov rcx,r13 CrimsonDesert.exe+12D09C9: E8 82 18 00 00 - call CrimsonDesert.exe+12D2250 CrimsonDesert.exe+12D09CE: 48 85 F6 - test rsi,rsi CrimsonDesert.exe+12D09D1: 7F 09 - jg CrimsonDesert.exe+12D09DC CrimsonDesert.exe+12D09D3: 48 85 FF - test rdi,rdi CrimsonDesert.exe+12D09D6: 79 04 - jns CrimsonDesert.exe+12D09DC CrimsonDesert.exe+12D09D8: B0 01 - mov al,01 CrimsonDesert.exe+12D09DA: EB 02 - jmp CrimsonDesert.exe+12D09DE CrimsonDesert.exe+12D09DC: 32 C0 - xor al,al CrimsonDesert.exe+12D09DE: 4C 8D 7C 24 4C - lea r15,[rsp+4C] CrimsonDesert.exe+12D09E3: 48 8D 4C 24 48 - lea rcx,[rsp+48] CrimsonDesert.exe+12D09E8: 84 C0 - test al,al CrimsonDesert.exe+12D09EA: 4C 0F 44 F9 - cmove r15,rcx CrimsonDesert.exe+12D09EE: 0F B7 D3 - movzx edx,bx CrimsonDesert.exe+12D09F1: 49 8B CD - mov rcx,r13 } 47 "Use item to recover HP even HP is full" 8000FF 1 48 "HP #2a" 0 FF8080 8 Bytes

i_base_hp_addr_2

8 49 "Sta #2a" 0 FF8080 8 Bytes

i_base_hp_addr_2

488 50 "Enable step 2 (horse tab) (conflict with "Fast enemy kill / char HP full" series)" Auto Assembler Script { Generated by AOBMaker, bbfox@https://opencheattables.com Date : 2026/03/29 } [ENABLE] aobscanmodule(INJECT_GET_HP_2_2,$process,?? 89 ?? 08 ?? 8B ?? 24 ?? ?? 89 ?? 38 66 89 ?? 50) // raw AOB: 4C 8D 4C 24 58 49 89 F0 48 8D 54 24 40 48 89 F9 E8 ?? ?? ?? ?? 48 8B 4F 30 48 39 08 7C ?? C6 47 52 00 31 D2 48 89 D8 48 2B 47 18 48 39 5F 18 48 0F 4F C2 48 89 47 20 48 FF 47 48 48 89 5F 08 48 8B 5C 24 48 48 89 77 38 66 89 6F 50 48 83 C4 20 5F 5E 5D C3 CC 0F 1F 00 48 89 5C 24 10 48 89 7C 24 20 55 48 89 E5 48 83 EC 50 48 89 D3 48 8B 51 18 // injection point AOB: ?? 89 ?? 08 ?? 8B ?? 24 ?? ?? 89 ?? 38 66 89 ?? 50 48 83 C4 20 ?? ?? 5D C3 CC 0F 1F ?? ?? 89 ?? 24 ?? ?? 89 ?? 24 ?? 55 ?? 89 ?? 48 83 EC 50 ?? 89 ?? ?? 8B ?? 18 alloc(newmem,$1000) alloc(INJECT_GET_HP_2_2o, $11) label(code) label(return) label(i_base_hp_addr_2_2) INJECT_GET_HP_2_2o: readmem(INJECT_GET_HP_2_2, $11) newmem: code: // mov [rdi+08],rbx reassemble(INJECT_GET_HP_2_2) // mov rbx,[rsp+48] reassemble(INJECT_GET_HP_2_2+4) // mov [rdi+38],rsi reassemble(INJECT_GET_HP_2_2+9) // mov [rdi+50],bp reassemble(INJECT_GET_HP_2_2+D) jmp far return align 10 cc i_base_hp_addr_2_2: dq 0 INJECT_GET_HP_2_2: jmp far newmem nop 3 return: registersymbol(INJECT_GET_HP_2_2 INJECT_GET_HP_2_2o) registersymbol(i_base_hp_addr_2_2) [DISABLE] INJECT_GET_HP_2_2: readmem(INJECT_GET_HP_2_2o, $11) unregistersymbol(INJECT_GET_HP_2_2 INJECT_GET_HP_2_2o) unregistersymbol(i_base_hp_addr_2_2) dealloc(newmem) dealloc(INJECT_GET_HP_2_2o) { // ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+C489563 CrimsonDesert.exe+C489528: 4C 8D 4C 24 58 - lea r9,[rsp+58] CrimsonDesert.exe+C48952D: 49 89 F0 - mov r8,rsi CrimsonDesert.exe+C489530: 48 8D 54 24 40 - lea rdx,[rsp+40] CrimsonDesert.exe+C489535: 48 89 F9 - mov rcx,rdi CrimsonDesert.exe+C489538: E8 53 E3 E4 F4 - call CrimsonDesert.exe+12D7890 CrimsonDesert.exe+C48953D: 48 8B 4F 30 - mov rcx,[rdi+30] CrimsonDesert.exe+C489541: 48 39 08 - cmp [rax],rcx CrimsonDesert.exe+C489544: 7C 04 - jl CrimsonDesert.exe+C48954A CrimsonDesert.exe+C489546: C6 47 52 00 - mov byte ptr [rdi+52],00 CrimsonDesert.exe+C48954A: 31 D2 - xor edx,edx CrimsonDesert.exe+C48954C: 48 89 D8 - mov rax,rbx CrimsonDesert.exe+C48954F: 48 2B 47 18 - sub rax,[rdi+18] CrimsonDesert.exe+C489553: 48 39 5F 18 - cmp [rdi+18],rbx CrimsonDesert.exe+C489557: 48 0F 4F C2 - cmovg rax,rdx CrimsonDesert.exe+C48955B: 48 89 47 20 - mov [rdi+20],rax CrimsonDesert.exe+C48955F: 48 FF 47 48 - inc qword ptr [rdi+48] // ---------- INJECTING HERE ---------- CrimsonDesert.exe+C489563: 48 89 5F 08 - mov [rdi+08],rbx // ---------- DONE INJECTING ---------- CrimsonDesert.exe+C489567: 48 8B 5C 24 48 - mov rbx,[rsp+48] CrimsonDesert.exe+C48956C: 48 89 77 38 - mov [rdi+38],rsi CrimsonDesert.exe+C489570: 66 89 6F 50 - mov [rdi+50],bp CrimsonDesert.exe+C489574: 48 83 C4 20 - add rsp,20 CrimsonDesert.exe+C489578: 5F - pop rdi CrimsonDesert.exe+C489579: 5E - pop rsi CrimsonDesert.exe+C48957A: 5D - pop rbp CrimsonDesert.exe+C48957B: C3 - ret CrimsonDesert.exe+C48957C: CC - int 3 CrimsonDesert.exe+C48957D: 0F 1F 00 - nop dword ptr [rax] CrimsonDesert.exe+C489580: 48 89 5C 24 10 - mov [rsp+10],rbx CrimsonDesert.exe+C489585: 48 89 7C 24 20 - mov [rsp+20],rdi CrimsonDesert.exe+C48958A: 55 - push rbp CrimsonDesert.exe+C48958B: 48 89 E5 - mov rbp,rsp CrimsonDesert.exe+C48958E: 48 83 EC 50 - sub rsp,50 CrimsonDesert.exe+C489592: 48 89 D3 - mov rbx,rdx } 51 "**Bypass this if you think it's too complex**" D500D5 1 52 "Unequip -> equip saddle (trigger horse HP change)" 8000FF 1 53 "HP #2b" 0 FF8080 8 Bytes

i_base_hp_addr_2_2

8 54 "Sta #2b" 0 FF8080 8 Bytes

i_base_hp_addr_2_2

488 55 "Get HP - Pointer map mode" 1 56 "Get HP #1 - Pointer map" Auto Assembler Script [ENABLE] {$lua} if syntaxcheck then return end if not AOBScanModule then function AOBScanModule(moduleName, signature) local baseAddr = nil local maxAddr = 0 local modList synchronize(function() modList = enumModules() end) for _, mod in ipairs(modList) do if string.lower(mod.Name) == string.lower(moduleName) then baseAddr = mod.Address maxAddr = baseAddr + mod.Size break end end if not baseAddr then return nil end local ms = createMemScan() synchronize(function() ms.firstScan(soExactValue, vtByteArray, nil, signature, nil, baseAddr, maxAddr, '+X-C-W', fsmNotAligned, '1', true, true, false, false) end) ms.waitTillDone() local results = createFoundList(ms) results.initialize() local addr synchronize(function() if results.getCount() > 0 then addr = results[0] end end) results.destroy() ms.destroy() return addr end end local AOBs = { {name='Player_Base', aob='?? 89 ?? ?? ?? ?? ?? ?? 8D ?? 00 01 00 00 ?? 89 ?? ?? ?? ?? ?? ?? 8D ?? A0 01 00 00', pos=3, aoblen=7, symbol='Player_Base_addr'}, } local module_name = process for _, entry in ipairs(AOBs) do local aob_addr_str = AOBScanModule(module_name, entry.aob) if aob_addr_str then local aob_addr_val = tonumber(aob_addr_str, 16) local offset_addr = aob_addr_val + entry.pos local relative_offset = readInteger(offset_addr, true) local final_addr = relative_offset + aob_addr_val + entry.aoblen synchronize(function() unregisterSymbol(entry.symbol) registerSymbol(entry.symbol, final_addr) end) print(string.format('[SymbolScanner] %s registered at: %X', entry.name, final_addr)) synchronize(function() getLuaEngine().Close() end) else print(string.format('[SymbolScanner] WARNING: AOB scan failed for %s', entry.name)) end end {$asm} [DISABLE] {$lua} if syntaxcheck then return end unregisterSymbol('Player_Base_addr') {$asm} 57 "Char #1 - Kliff" 1 58 "HP #1.1 (ptr map)" 0 FF8080 8 Bytes

Player_Base_addr

8 58 18 20 68 D0 28 59 "Sta #1.1 (ptr map)" 0 FF8080 8 Bytes

Player_Base_addr

488 58 18 20 68 D0 28 60 "Spi #1.1 (ptr map)" 0 FF8080 8 Bytes

Player_Base_addr

518 58 18 20 68 D0 28 61 "Char #2 - Damine" 1 62 "HP #1.2 (ptr map)" 0 FF8080 8 Bytes

Player_Base_addr

8 58 18 20 68 D8 28 63 "Sta #1.2 (ptr map)" 0 FF8080 8 Bytes

Player_Base_addr

488 58 18 20 68 D8 28 64 "Spi #1.2 (ptr map)" 0 FF8080 8 Bytes

Player_Base_addr

518 58 18 20 68 D8 28 65 "Char #3 - Oongka?" 1 66 "HP #1.3 (ptr map)" 0 FF8080 8 Bytes

Player_Base_addr

8 58 18 20 68 E0 28 67 "Sta #1.3 (ptr map)" 0 FF8080 8 Bytes

Player_Base_addr

488 58 18 20 68 E0 28 68 "Spi #1.3 (ptr map)" 0 FF8080 8 Bytes

Player_Base_addr

518 58 18 20 68 E0 28 69 "Bag" 1 70 "Used slots (read only)" 0 FF8080 2 Bytes

Player_Base_addr

12 8 18 B8 68 20 71 "Bag slots (read only)" 0 FF8080 2 Bytes

Player_Base_addr

14 8 18 B8 68 20 72 "Bonus Slots (max 190)" 0 FF8080 2 Bytes

Player_Base_addr

16 8 18 B8 68 20 73 "Used slots (read only) path #2" 0 FF8080 2 Bytes

Player_Base_addr

12 8 18 B8 68 D0 28 74 "Bag slots (read only) Path #2" 0 FF8080 2 Bytes

Player_Base_addr

14 8 18 B8 68 D0 28 75 "Bonus Slots (max 190) Path #2" 0 FF8080 2 Bytes

Player_Base_addr

16 8 18 B8 68 D0 28 76 "Get HP #2 - Pointer map" Auto Assembler Script [ENABLE] {$lua} if syntaxcheck then return end if not AOBScanModule then function AOBScanModule(moduleName, signature) local baseAddr = nil local maxAddr = 0 local modList synchronize(function() modList = enumModules() end) for _, mod in ipairs(modList) do if string.lower(mod.Name) == string.lower(moduleName) then baseAddr = mod.Address maxAddr = baseAddr + mod.Size break end end if not baseAddr then return nil end local ms = createMemScan() synchronize(function() ms.firstScan(soExactValue, vtByteArray, nil, signature, nil, baseAddr, maxAddr, '+X-C-W', fsmNotAligned, '1', true, true, false, false) end) ms.waitTillDone() local results = createFoundList(ms) results.initialize() local addr synchronize(function() if results.getCount() > 0 then addr = results[0] end end) results.destroy() ms.destroy() return addr end end local AOBs = { {name='Play_Base2', aob='?? 8B ?? ?? ?? ?? ?? ?? 89 ?? 24 ?? ?? 0F B6 ?? ?? E8 ?? ?? ?? ?? ?? 8B ?? F8 00 00 00 ?? 8B ?? 00 01 00 00', pos=3, aoblen=7, symbol='Play_Base2_addr'}, } local module_name = process for _, entry in ipairs(AOBs) do local aob_addr_str = AOBScanModule(module_name, entry.aob) if aob_addr_str then local aob_addr_val = tonumber(aob_addr_str, 16) local offset_addr = aob_addr_val + entry.pos local relative_offset = readInteger(offset_addr, true) local final_addr = relative_offset + aob_addr_val + entry.aoblen synchronize(function() unregisterSymbol(entry.symbol) registerSymbol(entry.symbol, final_addr) end) print(string.format('[SymbolScanner] %s registered at: %X', entry.name, final_addr)) synchronize(function() getLuaEngine().Close() end) else print(string.format('[SymbolScanner] WARNING: AOB scan failed for %s', entry.name)) end end {$asm} [DISABLE] {$lua} if syntaxcheck then return end unregisterSymbol('Play_Base2_addr') {$asm} 77 "Char #1 - Kliff" 1 78 "Auto fill HP (only when HP1/2 pointer map enabled)" Auto Assembler Script [ENABLE] {$lua} if syntaxcheck then return end if hpRefillTimer1 then hpRefillTimer1.destroy() hpRefillTimer1 = nil end -- 快取上次註冊的地址 lastRegistered1_1 = nil lastRegistered1_2 = nil hpRefillTimer1 = createTimer(nil, false) hpRefillTimer1.Interval = 300 hpRefillTimer1.OnTimer = function(t) local al = getAddressList() local mr1 = al.getMemoryRecordByDescription('HP #1.1 (ptr map)') local mr2 = al.getMemoryRecordByDescription('HP #2.1 (ptr map)') if mr1 == nil or mr2 == nil then return end local addr1 = mr1.CurrentAddress local addr2 = mr2.CurrentAddress if addr1 == nil or addr2 == nil then return end local resolved1 = getAddress(addr1) local resolved2 = getAddress(addr2) if resolved1 == 0 or resolved2 == 0 then return end local maxHP = readQword(resolved1 + 0x10) if maxHP == nil or maxHP == 0 then return end writeQword(resolved1, maxHP) writeQword(resolved2, maxHP) -- 地址有變動時才重新註冊 if resolved1 ~= lastRegistered1_1 then registerSymbol('char_hp_ptr_1_1', resolved1, true) lastRegistered1_1 = resolved1 end if resolved2 ~= lastRegistered1_2 then registerSymbol('char_hp_ptr_1_2', resolved2, true) lastRegistered1_2 = resolved2 end end hpRefillTimer1.Enabled = true {$asm} [DISABLE] {$lua} if syntaxcheck then return end if hpRefillTimer1 then hpRefillTimer1.Enabled = false hpRefillTimer1.destroy() hpRefillTimer1 = nil end lastRegistered1_1 = nil lastRegistered1_2 = nil unregisterSymbol('char_hp_ptr_1_1') unregisterSymbol('char_hp_ptr_1_2') {$asm} 79 "HP1" 0 FF8080 8 Bytes

char_hp_ptr_1_1

80 "HP2" 0 FF8080 8 Bytes

char_hp_ptr_1_2

81 "Auto fill Sta (only when Sta1/2 pointer map enabled)" Auto Assembler Script [ENABLE] {$lua} if syntaxcheck then return end if staRefillTimer1 then staRefillTimer1.destroy() staRefillTimer1 = nil end lastStaRegistered1_1 = nil lastStaRegistered1_2 = nil staRefillTimer1 = createTimer(nil, false) staRefillTimer1.Interval = 300 staRefillTimer1.OnTimer = function(t) local al = getAddressList() local mr1 = al.getMemoryRecordByDescription('Sta #1.1 (ptr map)') local mr2 = al.getMemoryRecordByDescription('Sta #2.1 (ptr map)') if mr1 == nil or mr2 == nil then return end local addr1 = mr1.CurrentAddress local addr2 = mr2.CurrentAddress if addr1 == nil or addr2 == nil then return end local resolved1 = getAddress(addr1) local resolved2 = getAddress(addr2) if resolved1 == 0 or resolved2 == 0 then return end local maxSta = readQword(resolved1 + 0x10) if maxSta == nil or maxSta == 0 then return end writeQword(resolved1, maxSta) writeQword(resolved2, maxSta) local resolved1_Delta1 = getAddress(addr1 + 0x8) local resolved2_Delta1 = getAddress(addr2 + 0x8) local resolved1_Delta2 = getAddress(addr1 + 0x80) local resolved2_Delta2 = getAddress(addr2 + 0x80) writeQword(resolved1_Delta1, 100000) writeQword(resolved2_Delta1, 100000) writeQword(resolved1_Delta2, 100000) writeQword(resolved2_Delta2, 100000) if resolved1 ~= lastStaRegistered1_1 then registerSymbol('char_sta_ptr_1_1', resolved1, true) lastStaRegistered1_1 = resolved1 end if resolved2 ~= lastStaRegistered1_2 then registerSymbol('char_sta_ptr_1_2', resolved2, true) lastStaRegistered1_2 = resolved2 end end staRefillTimer1.Enabled = true {$asm} [DISABLE] {$lua} if syntaxcheck then return end if staRefillTimer1 then staRefillTimer1.Enabled = false staRefillTimer1.destroy() staRefillTimer1 = nil end lastStaRegistered1_1 = nil lastStaRegistered1_2 = nil unregisterSymbol('char_sta_ptr_1_1') unregisterSymbol('char_sta_ptr_1_2') {$asm} 82 "Sta1" 0 FF8080 8 Bytes

char_sta_ptr_1_1

83 "Sta2" 0 FF8080 8 Bytes

char_sta_ptr_1_2

84 "Auto fill Spi (only when Spi1/2 pointer map enabled)" Auto Assembler Script [ENABLE] {$lua} if syntaxcheck then return end if spiRefillTimer1 then spiRefillTimer1.destroy() spiRefillTimer1 = nil end lastSpiRegistered1_1 = nil lastSpiRegistered1_2 = nil spiRefillTimer1 = createTimer(nil, false) spiRefillTimer1.Interval = 300 spiRefillTimer1.OnTimer = function(t) local al = getAddressList() local mr1 = al.getMemoryRecordByDescription('Spi #1.1 (ptr map)') local mr2 = al.getMemoryRecordByDescription('Spi #2.1 (ptr map)') if mr1 == nil or mr2 == nil then return end local addr1 = mr1.CurrentAddress local addr2 = mr2.CurrentAddress if addr1 == nil or addr2 == nil then return end local resolved1 = getAddress(addr1) local resolved2 = getAddress(addr2) if resolved1 == 0 or resolved2 == 0 then return end local maxSta = readQword(resolved1 + 0x10) if maxSta == nil or maxSta == 0 then return end writeQword(resolved1, maxSta) writeQword(resolved2, maxSta) local resolved1_Delta1 = getAddress(addr1 + 0x8) local resolved2_Delta1 = getAddress(addr2 + 0x8) local resolved1_Delta2 = getAddress(addr1 + 0x80) local resolved2_Delta2 = getAddress(addr2 + 0x80) writeQword(resolved1_Delta1, 10000) writeQword(resolved2_Delta1, 10000) writeQword(resolved1_Delta2, 10000) writeQword(resolved2_Delta2, 10000) if resolved1 ~= lastSpiRegistered1_1 then registerSymbol('char_sta_spi_1_1', resolved1, true) lastSpiRegistered1_1 = resolved1 end if resolved2 ~= lastSpiRegistered1_2 then registerSymbol('char_sta_spi_1_2', resolved2, true) lastSpiRegistered1_2 = resolved2 end end spiRefillTimer1.Enabled = true {$asm} [DISABLE] {$lua} if syntaxcheck then return end if spiRefillTimer1 then spiRefillTimer1.Enabled = false spiRefillTimer1.destroy() spiRefillTimer1 = nil end lastSpiRegistered1_1 = nil lastSpiRegistered1_2 = nil unregisterSymbol('char_sta_spi_1_1') unregisterSymbol('char_sta_spi_1_2') {$asm} 85 "HP #2.1 (ptr map)" 0 FF8080 8 Bytes

Play_Base2_addr

8 58 18 20 68 D0 A0 18 86 "Sta #2.1 (ptr map)" 0 FF8080 8 Bytes

Play_Base2_addr

488 58 18 20 68 D0 A0 18 87 "Spi #2.1 (ptr map)" 0 FF8080 8 Bytes

Play_Base2_addr

518 58 18 20 68 D0 A0 18 88 "Char #2 - Damine" 1 89 "Auto fill HP (only when HP1/2 pointer map enabled)" Auto Assembler Script [ENABLE] {$lua} if syntaxcheck then return end if hpRefillTimer2 then hpRefillTimer2.destroy() hpRefillTimer2 = nil end -- 快取上次註冊的地址 lastRegistered2_1 = nil lastRegistered2_2 = nil hpRefillTimer2 = createTimer(nil, false) hpRefillTimer2.Interval = 300 hpRefillTimer2.OnTimer = function(t) local al = getAddressList() local mr1 = al.getMemoryRecordByDescription('HP #1.2 (ptr map)') local mr2 = al.getMemoryRecordByDescription('HP #2.2 (ptr map)') if mr1 == nil or mr2 == nil then return end local addr1 = mr1.CurrentAddress local addr2 = mr2.CurrentAddress if addr1 == nil or addr2 == nil then return end local resolved1 = getAddress(addr1) local resolved2 = getAddress(addr2) if resolved1 == 0 or resolved2 == 0 then return end local maxHP = readQword(resolved1 + 0x10) if maxHP == nil or maxHP == 0 then return end writeQword(resolved1, maxHP) writeQword(resolved2, maxHP) -- 地址有變動時才重新註冊 if resolved1 ~= lastRegistered2_1 then registerSymbol('char_hp_ptr_2_1', resolved1, true) lastRegistered2_1 = resolved1 end if resolved2 ~= lastRegistered2_2 then registerSymbol('char_hp_ptr_2_2', resolved2, true) lastRegistered2_2 = resolved2 end end hpRefillTimer2.Enabled = true {$asm} [DISABLE] {$lua} if syntaxcheck then return end if hpRefillTimer2 then hpRefillTimer2.Enabled = false hpRefillTimer2.destroy() hpRefillTimer2 = nil end lastRegistered2_1 = nil lastRegistered2_2 = nil unregisterSymbol('char_hp_ptr_2_1') unregisterSymbol('char_hp_ptr_2_2') {$asm} 90 "HP1" 0 FF8080 8 Bytes

char_hp_ptr_2_1

91 "HP2" 0 FF8080 8 Bytes

char_hp_ptr_2_2

92 "Auto fill Sta (only when Sta1/2 pointer map enabled)" Auto Assembler Script [ENABLE] {$lua} if syntaxcheck then return end if staRefillTimer2 then staRefillTimer2.destroy() staRefillTimer2 = nil end lastStaRegistered2_1 = nil lastStaRegistered2_2 = nil staRefillTimer2 = createTimer(nil, false) staRefillTimer2.Interval = 300 staRefillTimer2.OnTimer = function(t) local al = getAddressList() local mr1 = al.getMemoryRecordByDescription('Sta #1.2 (ptr map)') local mr2 = al.getMemoryRecordByDescription('Sta #2.2 (ptr map)') if mr1 == nil or mr2 == nil then return end local addr1 = mr1.CurrentAddress local addr2 = mr2.CurrentAddress if addr1 == nil or addr2 == nil then return end local resolved1 = getAddress(addr1) local resolved2 = getAddress(addr2) if resolved1 == 0 or resolved2 == 0 then return end local maxSta = readQword(resolved1 + 0x10) if maxSta == nil or maxSta == 0 then return end writeQword(resolved1, maxSta) writeQword(resolved2, maxSta) local resolved1_Delta1 = getAddress(addr1 + 0x8) local resolved2_Delta1 = getAddress(addr2 + 0x8) local resolved1_Delta2 = getAddress(addr1 + 0x80) local resolved2_Delta2 = getAddress(addr2 + 0x80) writeQword(resolved1_Delta1, 100000) writeQword(resolved2_Delta1, 100000) writeQword(resolved1_Delta2, 100000) writeQword(resolved2_Delta2, 100000) if resolved1 ~= lastStaRegistered2_1 then registerSymbol('char_sta_ptr_2_1', resolved1, true) lastStaRegistered2_1 = resolved1 end if resolved2 ~= lastStaRegistered2_2 then registerSymbol('char_sta_ptr_2_2', resolved2, true) lastStaRegistered2_2 = resolved2 end end staRefillTimer2.Enabled = true {$asm} [DISABLE] {$lua} if syntaxcheck then return end if staRefillTimer2 then staRefillTimer2.Enabled = false staRefillTimer2.destroy() staRefillTimer2 = nil end lastStaRegistered2_1 = nil lastStaRegistered2_2 = nil unregisterSymbol('char_sta_ptr_2_1') unregisterSymbol('char_sta_ptr_2_2') {$asm} 93 "Sta1" 0 FF8080 8 Bytes

char_sta_ptr_2_1

94 "Sta2" 0 FF8080 8 Bytes

char_sta_ptr_2_2

95 "Auto fill Spi (only when Spi1/2 pointer map enabled)" Auto Assembler Script [ENABLE] {$lua} if syntaxcheck then return end if spiRefillTimer2 then spiRefillTimer2.destroy() spiRefillTimer2 = nil end lastSpiRegistered2_1 = nil lastSpiRegistered2_2 = nil spiRefillTimer2 = createTimer(nil, false) spiRefillTimer2.Interval = 300 spiRefillTimer2.OnTimer = function(t) local al = getAddressList() local mr1 = al.getMemoryRecordByDescription('Spi #1.2 (ptr map)') local mr2 = al.getMemoryRecordByDescription('Spi #2.2 (ptr map)') if mr1 == nil or mr2 == nil then return end local addr1 = mr1.CurrentAddress local addr2 = mr2.CurrentAddress if addr1 == nil or addr2 == nil then return end local resolved1 = getAddress(addr1) local resolved2 = getAddress(addr2) if resolved1 == 0 or resolved2 == 0 then return end local maxSta = readQword(resolved1 + 0x10) if maxSta == nil or maxSta == 0 then return end writeQword(resolved1, maxSta) writeQword(resolved2, maxSta) local resolved1_Delta1 = getAddress(addr1 + 0x8) local resolved2_Delta1 = getAddress(addr2 + 0x8) local resolved1_Delta2 = getAddress(addr1 + 0x80) local resolved2_Delta2 = getAddress(addr2 + 0x80) writeQword(resolved1_Delta1, 10000) writeQword(resolved2_Delta1, 10000) writeQword(resolved1_Delta2, 10000) writeQword(resolved2_Delta2, 10000) if resolved1 ~= lastSpiRegistered2_1 then registerSymbol('char_sta_spi_2_1', resolved1, true) lastSpiRegistered2_1 = resolved1 end if resolved2 ~= lastSpiRegistered2_2 then registerSymbol('char_sta_spi_2_2', resolved2, true) lastSpiRegistered2_2 = resolved2 end end spiRefillTimer2.Enabled = true {$asm} [DISABLE] {$lua} if syntaxcheck then return end if spiRefillTimer2 then spiRefillTimer2.Enabled = false spiRefillTimer2.destroy() spiRefillTimer2 = nil end lastSpiRegistered2_1 = nil lastSpiRegistered2_2 = nil unregisterSymbol('char_sta_spi_2_1') unregisterSymbol('char_sta_spi_2_2') {$asm} 96 "HP #2.2 (ptr map)" 0 FF8080 8 Bytes

Play_Base2_addr

8 58 18 20 68 D8 A0 18 97 "Sta #2.2 (ptr map)" 0 FF8080 8 Bytes

Play_Base2_addr

488 58 18 20 68 D8 A0 18 98 "Spi #2.2 (ptr map)" 0 FF8080 8 Bytes

Play_Base2_addr

518 58 18 20 68 D8 A0 18 99 "Char #3 - Oongka?" 1 100 "Auto fill HP (only when HP1/2 pointer map enabled)" Auto Assembler Script [ENABLE] {$lua} if syntaxcheck then return end if hpRefillTimer3 then hpRefillTimer3.destroy() hpRefillTimer3 = nil end -- 快取上次註冊的地址 lastRegistered3_1 = nil lastRegistered3_2 = nil hpRefillTimer3 = createTimer(nil, false) hpRefillTimer3.Interval = 300 hpRefillTimer3.OnTimer = function(t) local al = getAddressList() local mr1 = al.getMemoryRecordByDescription('HP #1.3 (ptr map)') local mr2 = al.getMemoryRecordByDescription('HP #2.3 (ptr map)') if mr1 == nil or mr2 == nil then return end local addr1 = mr1.CurrentAddress local addr2 = mr2.CurrentAddress if addr1 == nil or addr2 == nil then return end local resolved1 = getAddress(addr1) local resolved2 = getAddress(addr2) if resolved1 == 0 or resolved2 == 0 then return end local maxHP = readQword(resolved1 + 0x10) if maxHP == nil or maxHP == 0 then return end writeQword(resolved1, maxHP) writeQword(resolved2, maxHP) -- 地址有變動時才重新註冊 if resolved1 ~= lastRegistered3_1 then registerSymbol('char_hp_ptr_3_1', resolved1, true) lastRegistered3_1 = resolved1 end if resolved2 ~= lastRegistered3_2 then registerSymbol('char_hp_ptr_3_2', resolved2, true) lastRegistered3_2 = resolved2 end end hpRefillTimer3.Enabled = true {$asm} [DISABLE] {$lua} if syntaxcheck then return end if hpRefillTimer3 then hpRefillTimer3.Enabled = false hpRefillTimer3.destroy() hpRefillTimer3 = nil end lastRegistered3_1 = nil lastRegistered3_2 = nil unregisterSymbol('char_hp_ptr_3_1') unregisterSymbol('char_hp_ptr_3_2') {$asm} 101 "HP1" 0 FF8080 8 Bytes

char_hp_ptr_3_1

102 "HP2" 0 FF8080 8 Bytes

char_hp_ptr_3_2

103 "Auto fill Sta (only when Sta1/2 pointer map enabled)" Auto Assembler Script [ENABLE] {$lua} if syntaxcheck then return end if staRefillTimer3 then staRefillTimer3.destroy() staRefillTimer3 = nil end lastStaRegistered3_1 = nil lastStaRegistered3_2 = nil staRefillTimer3 = createTimer(nil, false) staRefillTimer3.Interval = 300 staRefillTimer3.OnTimer = function(t) local al = getAddressList() local mr1 = al.getMemoryRecordByDescription('Sta #1.3 (ptr map)') local mr2 = al.getMemoryRecordByDescription('Sta #2.3 (ptr map)') if mr1 == nil or mr2 == nil then return end local addr1 = mr1.CurrentAddress local addr2 = mr2.CurrentAddress if addr1 == nil or addr2 == nil then return end local resolved1 = getAddress(addr1) local resolved2 = getAddress(addr2) if resolved1 == 0 or resolved2 == 0 then return end local maxSta = readQword(resolved1 + 0x10) if maxSta == nil or maxSta == 0 then return end writeQword(resolved1, maxSta) writeQword(resolved2, maxSta) local resolved1_Delta1 = getAddress(addr1 + 0x8) local resolved2_Delta1 = getAddress(addr2 + 0x8) local resolved1_Delta2 = getAddress(addr1 + 0x80) local resolved2_Delta2 = getAddress(addr2 + 0x80) writeQword(resolved1_Delta1, 100000) writeQword(resolved2_Delta1, 100000) writeQword(resolved1_Delta2, 100000) writeQword(resolved2_Delta2, 100000) if resolved1 ~= lastStaRegistered3_1 then registerSymbol('char_sta_ptr_3_1', resolved1, true) lastStaRegistered3_1 = resolved1 end if resolved2 ~= lastStaRegistered3_2 then registerSymbol('char_sta_ptr_3_2', resolved2, true) lastStaRegistered3_2 = resolved2 end end staRefillTimer3.Enabled = true {$asm} [DISABLE] {$lua} if syntaxcheck then return end if staRefillTimer3 then staRefillTimer3.Enabled = false staRefillTimer3.destroy() staRefillTimer3 = nil end lastStaRegistered3_1 = nil lastStaRegistered3_2 = nil unregisterSymbol('char_sta_ptr_3_1') unregisterSymbol('char_sta_ptr_3_2') {$asm} 104 "Sta1" 0 FF8080 8 Bytes

char_sta_ptr_3_1

105 "Sta2" 0 FF8080 8 Bytes

char_sta_ptr_3_2

106 "Auto fill Spi (only when Spi1/2 pointer map enabled)" Auto Assembler Script [ENABLE] {$lua} if syntaxcheck then return end if spiRefillTimer3 then spiRefillTimer3.destroy() spiRefillTimer3 = nil end lastSpiRegistered3_1 = nil lastSpiRegistered3_2 = nil spiRefillTimer3 = createTimer(nil, false) spiRefillTimer3.Interval = 300 spiRefillTimer3.OnTimer = function(t) local al = getAddressList() local mr1 = al.getMemoryRecordByDescription('Spi #1.3 (ptr map)') local mr2 = al.getMemoryRecordByDescription('Spi #2.3 (ptr map)') if mr1 == nil or mr2 == nil then return end local addr1 = mr1.CurrentAddress local addr2 = mr2.CurrentAddress if addr1 == nil or addr2 == nil then return end local resolved1 = getAddress(addr1) local resolved2 = getAddress(addr2) if resolved1 == 0 or resolved2 == 0 then return end local maxSta = readQword(resolved1 + 0x10) if maxSta == nil or maxSta == 0 then return end writeQword(resolved1, maxSta) writeQword(resolved2, maxSta) local resolved1_Delta1 = getAddress(addr1 + 0x8) local resolved2_Delta1 = getAddress(addr2 + 0x8) local resolved1_Delta2 = getAddress(addr1 + 0x80) local resolved2_Delta2 = getAddress(addr2 + 0x80) writeQword(resolved1_Delta1, 10000) writeQword(resolved2_Delta1, 10000) writeQword(resolved1_Delta2, 10000) writeQword(resolved2_Delta2, 10000) if resolved1 ~= lastSpiRegistered3_1 then registerSymbol('char_sta_spi_3_1', resolved1, true) lastSpiRegistered3_1 = resolved1 end if resolved2 ~= lastSpiRegistered3_2 then registerSymbol('char_sta_spi_3_2', resolved2, true) lastSpiRegistered3_2 = resolved2 end end spiRefillTimer3.Enabled = true {$asm} [DISABLE] {$lua} if syntaxcheck then return end if spiRefillTimer3 then spiRefillTimer3.Enabled = false spiRefillTimer3.destroy() spiRefillTimer3 = nil end lastSpiRegistered3_1 = nil lastSpiRegistered3_2 = nil unregisterSymbol('char_sta_spi_3_1') unregisterSymbol('char_sta_spi_3_2') {$asm} 107 "HP #2.3 (ptr map)" 0 FF8080 8 Bytes

Play_Base2_addr

8 58 18 20 68 E0 A0 18 108 "Sta #2.3 (ptr map)" 0 FF8080 8 Bytes

Play_Base2_addr

488 58 18 20 68 E0 A0 18 109 "Spi #2.3 (ptr map)" 0 FF8080 8 Bytes

Play_Base2_addr

518 58 18 20 68 E0 A0 18 110 "Horse (may not work)" 1 111 "Horse HP #2.1" 0 FF8080 4 Bytes

Play_Base2_addr

8 58 18 420 68 D0 A0 18 112 "Horse Sta #2.1" 0 FF8080 4 Bytes

Play_Base2_addr

488 58 18 420 68 D0 A0 18 113 "Horse HP #2.1 (alt)" 0 FF8080 4 Bytes

Play_Base2_addr+8

8 58 18 20 168 20 80 50 114 "Horse Sta #2.1 (alt)" 0 FF8080 4 Bytes

Play_Base2_addr+8

488 58 18 20 168 20 80 50 115 "Get Horse HP - another ptr map mode" Auto Assembler Script [ENABLE] {$lua} if syntaxcheck then return end if not AOBScanModule then function AOBScanModule(moduleName, signature) local baseAddr = nil local maxAddr = 0 local modList synchronize(function() modList = enumModules() end) for _, mod in ipairs(modList) do if string.lower(mod.Name) == string.lower(moduleName) then baseAddr = mod.Address maxAddr = baseAddr + mod.Size break end end if not baseAddr then return nil end local ms = createMemScan() synchronize(function() ms.firstScan(soExactValue, vtByteArray, nil, signature, nil, baseAddr, maxAddr, '+X-C-W', fsmNotAligned, '1', true, true, false, false) end) ms.waitTillDone() local results = createFoundList(ms) results.initialize() local addr synchronize(function() if results.getCount() > 0 then addr = results[0] end end) results.destroy() ms.destroy() return addr end end local AOBs = { {name='Horse_Base3', aob='?? 8B ?? ?? ?? ?? ?? ?? 8D ?? C8 ?? 8B ?? 08 ?? 85 ?? 74 ?? 0F B6 ?? 10 84 ?? 74 ?? 8B', pos=3, aoblen=7, symbol='Horse_Base3_addr'}, } local module_name = process for _, entry in ipairs(AOBs) do local aob_addr_str = AOBScanModule(module_name, entry.aob) if aob_addr_str then local aob_addr_val = tonumber(aob_addr_str, 16) local offset_addr = aob_addr_val + entry.pos local relative_offset = readInteger(offset_addr, true) local final_addr = relative_offset + aob_addr_val + entry.aoblen synchronize(function() unregisterSymbol(entry.symbol) registerSymbol(entry.symbol, final_addr) end) print(string.format('[SymbolScanner] %s registered at: %X', entry.name, final_addr)) synchronize(function() getLuaEngine().Close() end) else print(string.format('[SymbolScanner] WARNING: AOB scan failed for %s', entry.name)) end end {$asm} [DISABLE] {$lua} if syntaxcheck then return end unregisterSymbol('Horse_Base3_addr') {$asm} 116 "Horse HP #2.2 (alt)" 0 FF8080 4 Bytes

Horse_Base3_addr

8 58 18 220 168 8 60 117 "Horse Sta #2.2 (alt)" 0 FF8080 4 Bytes

Horse_Base3_addr

488 58 18 220 168 8 60 118 "Bag" 1 119 "Used slots (read only)" 0 FF8080 2 Bytes

Play_Base2_addr

12 8 18 B8 68 D0 A0 18 120 "Bag slots (read only)" 0 FF8080 2 Bytes

Play_Base2_addr

14 8 18 B8 68 D0 A0 18 121 "Bag bonus" 0 FF8080 2 Bytes

Play_Base2_addr

16 8 18 B8 68 D0 A0 18 122 "Get Archery Competition data" Auto Assembler Script { Generated by AOBMaker, bbfox@https://opencheattables.com Date : 2026/03/29 } [ENABLE] aobscanmodule(INJECT_GET_ARCHERY_COMP_DATA,$process,75 ?? 83 ?? 20 00 75 ?? ?? 83 ?? 28 EB ?? 8B ?? 14 8B ?? 10 ?? 8B ?? 24) // raw AOB: 48 8D 53 08 48 85 DB 49 0F 44 D6 48 8B 12 48 8D 4C 24 70 E8 ?? ?? ?? ?? 90 48 8B 43 68 48 8B 48 20 48 8B 81 88 03 00 00 8B 89 90 03 00 00 48 8D 14 89 48 8D 0C D0 48 3B C1 74 ?? 80 38 00 75 ?? 83 78 20 00 75 ?? 48 83 C0 28 EB ?? 8B 70 14 8B 68 10 48 8B 4C 24 70 48 8B 01 B2 01 FF 50 20 48 8B 8F E0 00 00 00 48 8B 01 8B DD 0F AF EE 8B D5 4C 89 74 24 20 41 B9 01 00 00 00 // injection point AOB: 75 ?? 83 ?? 20 00 75 ?? ?? 83 ?? 28 EB ?? 8B ?? 14 8B ?? 10 ?? 8B ?? 24 ?? ?? 8B ?? ?? 01 FF ?? 20 ?? 8B ?? E0 00 00 00 ?? 8B ?? 8B ?? 0F AF ?? 8B ?? ?? 89 ?? 24 ?? ?? ?? 01 00 00 00 alloc(newmem,$1000) alloc(ptrList_arr_INJECT_GET_ARCHERY_COMP_DATA_150346,$10) alloc(INJECT_GET_ARCHERY_COMP_DATAo, $E) label(code) label(return) label(ptrList_count_INJECT_GET_ARCHERY_COMP_DATA_150346) label(ptrList_reset_INJECT_GET_ARCHERY_COMP_DATA_150346) INJECT_GET_ARCHERY_COMP_DATAo: readmem(INJECT_GET_ARCHERY_COMP_DATA, $E) newmem: // real injection pt: CrimsonDesert.exe+C4EB11: 8B 70 14 - mov esi,[rax+14] code: // jne CrimsonDesert.exe+C4EB0B reassemble(INJECT_GET_ARCHERY_COMP_DATA) // cmp dword ptr [rax+20],00 reassemble(INJECT_GET_ARCHERY_COMP_DATA+2) //***************************************************** //*** begub code injection jne do_capture jmp end_inj_code do_capture: // **** Begin Auto script: AddressCapture // mode=List, capacity=2, ResetFlag pushfq push r15 push r14 // Address Capture List mov r15, ptrList_arr_INJECT_GET_ARCHERY_COMP_DATA_150346 cmp dword ptr [ptrList_reset_INJECT_GET_ARCHERY_COMP_DATA_150346], 1 jne skip_reset_150346 xor r14d, r14d clear_loop_150346: mov qword ptr [r15+r14*8], 0 inc r14d cmp r14d, #2 jb clear_loop_150346 mov dword ptr [ptrList_count_INJECT_GET_ARCHERY_COMP_DATA_150346], 0 mov dword ptr [ptrList_reset_INJECT_GET_ARCHERY_COMP_DATA_150346], 0 skip_reset_150346: xor r14d, r14d dedup_loop_150346: cmp r14d, [ptrList_count_INJECT_GET_ARCHERY_COMP_DATA_150346] jge store_new_150346 cmp [r15+r14*8], rax je skip_store_150346 inc r14d jmp dedup_loop_150346 store_new_150346: cmp r14d, #2 jge skip_store_150346 mov [r15+r14*8], rax inc dword ptr [ptrList_count_INJECT_GET_ARCHERY_COMP_DATA_150346] skip_store_150346: pop r14 pop r15 popfq // **** End Auto script: AddressCapture end_inj_code: //***************************************************** // jne CrimsonDesert.exe+C4EB11 reassemble(INJECT_GET_ARCHERY_COMP_DATA+6) // add rax,28 reassemble(INJECT_GET_ARCHERY_COMP_DATA+8) // jmp CrimsonDesert.exe+C4EAFB reassemble(INJECT_GET_ARCHERY_COMP_DATA+C) jmp far return align 10 cc ptrList_count_INJECT_GET_ARCHERY_COMP_DATA_150346: dd 0 ptrList_reset_INJECT_GET_ARCHERY_COMP_DATA_150346: dd 0 INJECT_GET_ARCHERY_COMP_DATA: jmp far newmem return: registersymbol(INJECT_GET_ARCHERY_COMP_DATA INJECT_GET_ARCHERY_COMP_DATAo ptrList_arr_INJECT_GET_ARCHERY_COMP_DATA_150346 ptrList_count_INJECT_GET_ARCHERY_COMP_DATA_150346) registersymbol(ptrList_reset_INJECT_GET_ARCHERY_COMP_DATA_150346) [DISABLE] INJECT_GET_ARCHERY_COMP_DATA: readmem(INJECT_GET_ARCHERY_COMP_DATAo, $E) unregistersymbol(INJECT_GET_ARCHERY_COMP_DATA INJECT_GET_ARCHERY_COMP_DATAo ptrList_arr_INJECT_GET_ARCHERY_COMP_DATA_150346 ptrList_count_INJECT_GET_ARCHERY_COMP_DATA_150346) unregistersymbol(ptrList_reset_INJECT_GET_ARCHERY_COMP_DATA_150346) dealloc(newmem) dealloc(INJECT_GET_ARCHERY_COMP_DATAo) dealloc(ptrList_arr_INJECT_GET_ARCHERY_COMP_DATA_150346) { // ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+C4EB03 CrimsonDesert.exe+C4EAC5: 48 8D 53 08 - lea rdx,[rbx+08] CrimsonDesert.exe+C4EAC9: 48 85 DB - test rbx,rbx CrimsonDesert.exe+C4EACC: 49 0F 44 D6 - cmove rdx,r14 CrimsonDesert.exe+C4EAD0: 48 8B 12 - mov rdx,[rdx] CrimsonDesert.exe+C4EAD3: 48 8D 4C 24 70 - lea rcx,[rsp+70] CrimsonDesert.exe+C4EAD8: E8 93 F2 68 FF - call CrimsonDesert.AK::WriteBytesMem::Size+1270 CrimsonDesert.exe+C4EADD: 90 - nop CrimsonDesert.exe+C4EADE: 48 8B 43 68 - mov rax,[rbx+68] CrimsonDesert.exe+C4EAE2: 48 8B 48 20 - mov rcx,[rax+20] CrimsonDesert.exe+C4EAE6: 48 8B 81 88 03 00 00 - mov rax,[rcx+00000388] CrimsonDesert.exe+C4EAED: 8B 89 90 03 00 00 - mov ecx,[rcx+00000390] CrimsonDesert.exe+C4EAF3: 48 8D 14 89 - lea rdx,[rcx+rcx*4] CrimsonDesert.exe+C4EAF7: 48 8D 0C D0 - lea rcx,[rax+rdx*8] CrimsonDesert.exe+C4EAFB: 48 3B C1 - cmp rax,rcx CrimsonDesert.exe+C4EAFE: 74 17 - je CrimsonDesert.exe+C4EB17 CrimsonDesert.exe+C4EB00: 80 38 00 - cmp byte ptr [rax],00 // ---------- INJECTING HERE ---------- CrimsonDesert.exe+C4EB03: 75 06 - jne CrimsonDesert.exe+C4EB0B // ---------- DONE INJECTING ---------- CrimsonDesert.exe+C4EB05: 83 78 20 00 - cmp dword ptr [rax+20],00 CrimsonDesert.exe+C4EB09: 75 06 - jne CrimsonDesert.exe+C4EB11 CrimsonDesert.exe+C4EB0B: 48 83 C0 28 - add rax,28 CrimsonDesert.exe+C4EB0F: EB EA - jmp CrimsonDesert.exe+C4EAFB CrimsonDesert.exe+C4EB11: 8B 70 14 - mov esi,[rax+14] CrimsonDesert.exe+C4EB14: 8B 68 10 - mov ebp,[rax+10] CrimsonDesert.exe+C4EB17: 48 8B 4C 24 70 - mov rcx,[rsp+70] CrimsonDesert.exe+C4EB1C: 48 8B 01 - mov rax,[rcx] CrimsonDesert.exe+C4EB1F: B2 01 - mov dl,01 CrimsonDesert.exe+C4EB21: FF 50 20 - call qword ptr [rax+20] CrimsonDesert.exe+C4EB24: 48 8B 8F E0 00 00 00 - mov rcx,[rdi+000000E0] CrimsonDesert.exe+C4EB2B: 48 8B 01 - mov rax,[rcx] CrimsonDesert.exe+C4EB2E: 8B DD - mov ebx,ebp CrimsonDesert.exe+C4EB30: 0F AF EE - imul ebp,esi CrimsonDesert.exe+C4EB33: 8B D5 - mov edx,ebp CrimsonDesert.exe+C4EB35: 4C 89 74 24 20 - mov [rsp+20],r14 } 123 "Reset?" YesNo 0 C08000 4 Bytes

ptrList_reset_INJECT_GET_ARCHERY_COMP_DATA_150346

124 "#1" 0 FF8080 4 Bytes

ptrList_arr_INJECT_GET_ARCHERY_COMP_DATA_150346

14 125 "#2" 0 FF8080 4 Bytes

ptrList_arr_INJECT_GET_ARCHERY_COMP_DATA_150346+8

14 126 "Abyss Gear" 1 127 ""Greater" gear: durability no decrease" Auto Assembler Script { Generated by AOBMaker, bbfox@https://opencheattables.com Date : 2026/04/01 } [ENABLE] aobscanmodule(INJECT_OVERLOAD_GEAR_NO_DEC,$process,66 89 ?? 02 0F 95 ?? ?? 0A ?? 33 ?? 8D ?? FF) // raw AOB: 74 ?? 48 8B CB E8 ?? ?? ?? ?? 66 3B B0 B8 03 00 00 74 ?? 0F B7 73 02 48 8B CB 66 41 3B F5 42 8D 04 2E 66 0F 4D F8 66 89 7B 02 E8 ?? ?? ?? ?? 0F B7 88 B8 03 00 00 66 3B CF 66 0F 4C F9 66 3B F7 66 89 7B 02 0F 95 C0 44 0A F8 33 FF 8D 77 FF 48 8B 05 ?? ?? ?? ?? 41 BA FF FF 00 00 41 FF C6 45 3B F4 0F 82 ?? ?? ?? ?? 48 8B 5C 24 50 41 0F B6 C7 48 8B 6C 24 58 48 8B 74 24 60 48 83 C4 20 41 5F 41 5E 41 5D // injection point AOB: 66 89 ?? 02 0F 95 ?? ?? 0A ?? 33 ?? 8D ?? FF ?? 8B ?? ?? ?? ?? ?? ?? ?? FF FF 00 00 ?? FF ?? ?? 3B ?? 0F 82 ?? ?? ?? ?? ?? 8B ?? 24 ?? ?? 0F B6 ?? ?? 8B ?? ?? ?? ?? 8B ?? 24 ?? 48 83 C4 20 alloc(newmem,$1000) alloc(INJECT_OVERLOAD_GEAR_NO_DECo, $F) label(code) label(return) INJECT_OVERLOAD_GEAR_NO_DECo: readmem(INJECT_OVERLOAD_GEAR_NO_DEC, $F) newmem: mov di, 0064 mov [rbx+02], di cmp si, di // 用原始 si 跟新 di 比，正確設定 ZF // 執行 setne al code: // mov [rbx+02],di //reassemble(INJECT_OVERLOAD_GEAR_NO_DEC) // setne al reassemble(INJECT_OVERLOAD_GEAR_NO_DEC+4) // or r15b,al reassemble(INJECT_OVERLOAD_GEAR_NO_DEC+7) // xor edi,edi reassemble(INJECT_OVERLOAD_GEAR_NO_DEC+A) // lea esi,[rdi-01] reassemble(INJECT_OVERLOAD_GEAR_NO_DEC+C) jmp far return align 10 cc INJECT_OVERLOAD_GEAR_NO_DEC: jmp far newmem nop 1 return: registersymbol(INJECT_OVERLOAD_GEAR_NO_DEC INJECT_OVERLOAD_GEAR_NO_DECo) [DISABLE] INJECT_OVERLOAD_GEAR_NO_DEC: readmem(INJECT_OVERLOAD_GEAR_NO_DECo, $F) unregistersymbol(INJECT_OVERLOAD_GEAR_NO_DEC INJECT_OVERLOAD_GEAR_NO_DECo) dealloc(newmem) dealloc(INJECT_OVERLOAD_GEAR_NO_DECo) { // ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+1D3D572 CrimsonDesert.exe+1D3D532: 74 5A - je CrimsonDesert.exe+1D3D58E CrimsonDesert.exe+1D3D534: 48 8B CB - mov rcx,rbx CrimsonDesert.exe+1D3D537: E8 C4 91 59 FE - call CrimsonDesert.exe+2D6700 CrimsonDesert.exe+1D3D53C: 66 3B B0 B8 03 00 00 - cmp si,[rax+000003B8] CrimsonDesert.exe+1D3D543: 74 3C - je CrimsonDesert.exe+1D3D581 CrimsonDesert.exe+1D3D545: 0F B7 73 02 - movzx esi,word ptr [rbx+02] CrimsonDesert.exe+1D3D549: 48 8B CB - mov rcx,rbx CrimsonDesert.exe+1D3D54C: 66 41 3B F5 - cmp si,r13w CrimsonDesert.exe+1D3D550: 42 8D 04 2E - lea eax,[rsi+r13] CrimsonDesert.exe+1D3D554: 66 0F 4D F8 - cmovge di,ax CrimsonDesert.exe+1D3D558: 66 89 7B 02 - mov [rbx+02],di CrimsonDesert.exe+1D3D55C: E8 9F 91 59 FE - call CrimsonDesert.exe+2D6700 CrimsonDesert.exe+1D3D561: 0F B7 88 B8 03 00 00 - movzx ecx,word ptr [rax+000003B8] CrimsonDesert.exe+1D3D568: 66 3B CF - cmp cx,di CrimsonDesert.exe+1D3D56B: 66 0F 4C F9 - cmovl di,cx CrimsonDesert.exe+1D3D56F: 66 3B F7 - cmp si,di // ---------- INJECTING HERE ---------- CrimsonDesert.exe+1D3D572: 66 89 7B 02 - mov [rbx+02],di // ---------- DONE INJECTING ---------- CrimsonDesert.exe+1D3D576: 0F 95 C0 - setne al CrimsonDesert.exe+1D3D579: 44 0A F8 - or r15b,al CrimsonDesert.exe+1D3D57C: 33 FF - xor edi,edi CrimsonDesert.exe+1D3D57E: 8D 77 FF - lea esi,[rdi-01] CrimsonDesert.exe+1D3D581: 48 8B 05 C0 37 F2 03 - mov rax,[CrimsonDesert.exe+5C60D48] CrimsonDesert.exe+1D3D588: 41 BA FF FF 00 00 - mov r10d,0000FFFF CrimsonDesert.exe+1D3D58E: 41 FF C6 - inc r14d CrimsonDesert.exe+1D3D591: 45 3B F4 - cmp r14d,r12d CrimsonDesert.exe+1D3D594: 0F 82 46 FF FF FF - jb CrimsonDesert.exe+1D3D4E0 CrimsonDesert.exe+1D3D59A: 48 8B 5C 24 50 - mov rbx,[rsp+50] CrimsonDesert.exe+1D3D59F: 41 0F B6 C7 - movzx eax,r15b CrimsonDesert.exe+1D3D5A3: 48 8B 6C 24 58 - mov rbp,[rsp+58] CrimsonDesert.exe+1D3D5A8: 48 8B 74 24 60 - mov rsi,[rsp+60] CrimsonDesert.exe+1D3D5AD: 48 83 C4 20 - add rsp,20 CrimsonDesert.exe+1D3D5B1: 41 5F - pop r15 CrimsonDesert.exe+1D3D5B3: 41 5E - pop r14 } 128 "Duplicate" 1 129 "(equipped only) Duplicate abyss gear when extracted - Step 1" Auto Assembler Script { Generated by AOBMaker, bbfox@https://opencheattables.com Date : 2026/03/30 } [ENABLE] aobscanmodule(INJECT_KEEP_UNEQUIP_ABYSS_GEAR_1,$process,89 ?? 11 0F B7 ?? 24 ?? 66 89 ?? 11 04 ?? 8B ?? 58 ?? 88 ?? 02) // raw AOB: EB ?? 44 89 64 24 60 C6 44 24 64 FF 40 38 73 68 77 ?? 8B 05 ?? ?? ?? ?? EB ?? 39 73 60 77 ?? 8B 05 ?? ?? ?? ?? 85 C0 0F 85 ?? ?? ?? ?? 48 8D 0C 76 48 8D 14 09 48 8B 4B 58 8B 44 24 60 89 04 11 0F B7 44 24 64 66 89 44 11 04 48 8B 43 58 40 88 74 02 04 48 FF C7 E9 ?? ?? ?? ?? 48 8B 5C 24 20 48 8B 03 33 D2 48 8B CB FF 50 20 80 7C 24 28 01 75 ?? B8 FF FF FF FF F0 0F C1 43 08 48 8B 5C 24 20 83 F8 01 // injection point AOB: 89 ?? 11 0F B7 ?? 24 ?? 66 89 ?? 11 04 ?? 8B ?? 58 ?? 88 ?? 02 04 ?? FF ?? E9 ?? ?? ?? ?? ?? 8B ?? 24 ?? ?? 8B ?? 33 ?? ?? 8B ?? FF ?? 20 80 ?? ?? ?? 01 75 ?? ?? FF FF FF FF F0 0F C1 ?? 08 ?? 8B ?? 24 ?? 83 ?? 01 alloc(newmem,$1000) alloc(INJECT_KEEP_UNEQUIP_ABYSS_GEAR_1o, $11) INJECT_KEEP_UNEQUIP_ABYSS_GEAR_1o: readmem(INJECT_KEEP_UNEQUIP_ABYSS_GEAR_1, $11) INJECT_KEEP_UNEQUIP_ABYSS_GEAR_1: nop 3 registersymbol(INJECT_KEEP_UNEQUIP_ABYSS_GEAR_1 INJECT_KEEP_UNEQUIP_ABYSS_GEAR_1o) [DISABLE] INJECT_KEEP_UNEQUIP_ABYSS_GEAR_1: readmem(INJECT_KEEP_UNEQUIP_ABYSS_GEAR_1o, $11) unregistersymbol(INJECT_KEEP_UNEQUIP_ABYSS_GEAR_1 INJECT_KEEP_UNEQUIP_ABYSS_GEAR_1o) dealloc(INJECT_KEEP_UNEQUIP_ABYSS_GEAR_1o) { // ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+75FE06 CrimsonDesert.exe+75FDC9: EB C1 - jmp CrimsonDesert.exe+75FD8C CrimsonDesert.exe+75FDCB: 44 89 64 24 60 - mov [rsp+60],r12d CrimsonDesert.exe+75FDD0: C6 44 24 64 FF - mov byte ptr [rsp+64],-01 CrimsonDesert.exe+75FDD5: 40 38 73 68 - cmp [rbx+68],sil CrimsonDesert.exe+75FDD9: 77 08 - ja CrimsonDesert.exe+75FDE3 CrimsonDesert.exe+75FDDB: 8B 05 BF C8 4F 05 - mov eax,[CrimsonDesert.exe+5C5C6A0] CrimsonDesert.exe+75FDE1: EB 0B - jmp CrimsonDesert.exe+75FDEE CrimsonDesert.exe+75FDE3: 39 73 60 - cmp [rbx+60],esi CrimsonDesert.exe+75FDE6: 77 0E - ja CrimsonDesert.exe+75FDF6 CrimsonDesert.exe+75FDE8: 8B 05 AE C8 4F 05 - mov eax,[CrimsonDesert.exe+5C5C69C] CrimsonDesert.exe+75FDEE: 85 C0 - test eax,eax CrimsonDesert.exe+75FDF0: 0F 85 F9 FE FF FF - jne CrimsonDesert.exe+75FCEF CrimsonDesert.exe+75FDF6: 48 8D 0C 76 - lea rcx,[rsi+rsi*2] CrimsonDesert.exe+75FDFA: 48 8D 14 09 - lea rdx,[rcx+rcx] CrimsonDesert.exe+75FDFE: 48 8B 4B 58 - mov rcx,[rbx+58] CrimsonDesert.exe+75FE02: 8B 44 24 60 - mov eax,[rsp+60] // ---------- INJECTING HERE ---------- CrimsonDesert.exe+75FE06: 89 04 11 - mov [rcx+rdx],eax // ---------- DONE INJECTING ---------- CrimsonDesert.exe+75FE09: 0F B7 44 24 64 - movzx eax,word ptr [rsp+64] CrimsonDesert.exe+75FE0E: 66 89 44 11 04 - mov [rcx+rdx+04],ax CrimsonDesert.exe+75FE13: 48 8B 43 58 - mov rax,[rbx+58] CrimsonDesert.exe+75FE17: 40 88 74 02 04 - mov [rdx+rax+04],sil CrimsonDesert.exe+75FE1C: 48 FF C7 - inc rdi CrimsonDesert.exe+75FE1F: E9 68 FF FF FF - jmp CrimsonDesert.exe+75FD8C CrimsonDesert.exe+75FE24: 48 8B 5C 24 20 - mov rbx,[rsp+20] CrimsonDesert.exe+75FE29: 48 8B 03 - mov rax,[rbx] CrimsonDesert.exe+75FE2C: 33 D2 - xor edx,edx CrimsonDesert.exe+75FE2E: 48 8B CB - mov rcx,rbx CrimsonDesert.exe+75FE31: FF 50 20 - call qword ptr [rax+20] CrimsonDesert.exe+75FE34: 80 7C 24 28 01 - cmp byte ptr [rsp+28],01 CrimsonDesert.exe+75FE39: 75 35 - jne CrimsonDesert.exe+75FE70 CrimsonDesert.exe+75FE3B: B8 FF FF FF FF - mov eax,FFFFFFFF CrimsonDesert.exe+75FE40: F0 0F C1 43 08 - lock xadd [rbx+08],eax CrimsonDesert.exe+75FE45: 48 8B 5C 24 20 - mov rbx,[rsp+20] } 130 "Duplicate abyss gear when extracted - Step 2" Auto Assembler Script { Generated by AOBMaker, bbfox@https://opencheattables.com Date : 2026/03/30 } [ENABLE] aobscanmodule(INJECT_KEEP_UNEQUIP_ABYSS_GEAR_2,$process,89 ?? 51 0F B7 ?? ?? 66 89 ?? 51 04 ?? 8B ?? 58 ?? 88 ?? ?? 04 8B) // raw AOB: 8B 1D ?? ?? ?? ?? EB ?? 89 5D 90 C6 45 94 FF 44 38 7F 68 77 ?? 8B 1D ?? ?? ?? ?? EB ?? 44 39 7F 60 77 ?? 8B 1D ?? ?? ?? ?? 85 DB 75 ?? 4B 8D 14 7F 48 8B 4F 58 8B 45 90 89 04 51 0F B7 45 94 66 89 44 51 04 48 8B 47 58 44 88 7C 50 04 8B DE EB ?? 8B 1D ?? ?? ?? ?? 49 FF C4 4D 3B E5 0F 85 ?? ?? ?? ?? 48 8B 75 48 4C 8B 74 24 40 49 C7 C5 FF FF FF FF 4C 8B A5 00 01 00 00 48 8B 7D 58 48 8B 07 33 D2 // injection point AOB: 89 ?? 51 0F B7 ?? ?? 66 89 ?? 51 04 ?? 8B ?? 58 ?? 88 ?? ?? 04 8B ?? EB ?? 8B ?? ?? ?? ?? ?? ?? FF ?? ?? 3B ?? 0F 85 ?? ?? ?? ?? ?? 8B ?? ?? ?? 8B ?? 24 ?? ?? C7 ?? FF FF FF FF ?? 8B ?? ?? ?? 00 00 ?? 8B ?? ?? ?? 8B ?? 33 alloc(newmem,$1000,INJECT_KEEP_UNEQUIP_ABYSS_GEAR_2) alloc(INJECT_KEEP_UNEQUIP_ABYSS_GEAR_2o, $7) INJECT_KEEP_UNEQUIP_ABYSS_GEAR_2o: readmem(INJECT_KEEP_UNEQUIP_ABYSS_GEAR_2, $7) INJECT_KEEP_UNEQUIP_ABYSS_GEAR_2: nop 3 return: registersymbol(INJECT_KEEP_UNEQUIP_ABYSS_GEAR_2 INJECT_KEEP_UNEQUIP_ABYSS_GEAR_2o) [DISABLE] INJECT_KEEP_UNEQUIP_ABYSS_GEAR_2: readmem(INJECT_KEEP_UNEQUIP_ABYSS_GEAR_2o, $7) unregistersymbol(INJECT_KEEP_UNEQUIP_ABYSS_GEAR_2 INJECT_KEEP_UNEQUIP_ABYSS_GEAR_2o) dealloc(INJECT_KEEP_UNEQUIP_ABYSS_GEAR_2o) { // ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+225499C CrimsonDesert.exe+2254964: 8B 1D 32 7D A0 03 - mov ebx,[CrimsonDesert.exe+5C5C69C] CrimsonDesert.exe+225496A: EB 4F - jmp CrimsonDesert.exe+22549BB CrimsonDesert.exe+225496C: 89 5D 90 - mov [rbp-70],ebx CrimsonDesert.exe+225496F: C6 45 94 FF - mov byte ptr [rbp-6C],-01 CrimsonDesert.exe+2254973: 44 38 7F 68 - cmp [rdi+68],r15b CrimsonDesert.exe+2254977: 77 08 - ja CrimsonDesert.exe+2254981 CrimsonDesert.exe+2254979: 8B 1D 21 7D A0 03 - mov ebx,[CrimsonDesert.exe+5C5C6A0] CrimsonDesert.exe+225497F: EB 0C - jmp CrimsonDesert.exe+225498D CrimsonDesert.exe+2254981: 44 39 7F 60 - cmp [rdi+60],r15d CrimsonDesert.exe+2254985: 77 0A - ja CrimsonDesert.exe+2254991 CrimsonDesert.exe+2254987: 8B 1D 0F 7D A0 03 - mov ebx,[CrimsonDesert.exe+5C5C69C] CrimsonDesert.exe+225498D: 85 DB - test ebx,ebx CrimsonDesert.exe+225498F: 75 2A - jne CrimsonDesert.exe+22549BB CrimsonDesert.exe+2254991: 4B 8D 14 7F - lea rdx,[r15+r15*2] CrimsonDesert.exe+2254995: 48 8B 4F 58 - mov rcx,[rdi+58] CrimsonDesert.exe+2254999: 8B 45 90 - mov eax,[rbp-70] // ---------- INJECTING HERE ---------- CrimsonDesert.exe+225499C: 89 04 51 - mov [rcx+rdx*2],eax // ---------- DONE INJECTING ---------- CrimsonDesert.exe+225499F: 0F B7 45 94 - movzx eax,word ptr [rbp-6C] CrimsonDesert.exe+22549A3: 66 89 44 51 04 - mov [rcx+rdx*2+04],ax CrimsonDesert.exe+22549A8: 48 8B 47 58 - mov rax,[rdi+58] CrimsonDesert.exe+22549AC: 44 88 7C 50 04 - mov [rax+rdx*2+04],r15b CrimsonDesert.exe+22549B1: 8B DE - mov ebx,esi CrimsonDesert.exe+22549B3: EB 06 - jmp CrimsonDesert.exe+22549BB CrimsonDesert.exe+22549B5: 8B 1D 31 7B A0 03 - mov ebx,[CrimsonDesert.exe+5C5C4EC] CrimsonDesert.exe+22549BB: 49 FF C4 - inc r12 CrimsonDesert.exe+22549BE: 4D 3B E5 - cmp r12,r13 CrimsonDesert.exe+22549C1: 0F 85 49 FF FF FF - jne CrimsonDesert.exe+2254910 CrimsonDesert.exe+22549C7: 48 8B 75 48 - mov rsi,[rbp+48] CrimsonDesert.exe+22549CB: 4C 8B 74 24 40 - mov r14,[rsp+40] CrimsonDesert.exe+22549D0: 49 C7 C5 FF FF FF FF - mov r13,FFFFFFFFFFFFFFFF CrimsonDesert.exe+22549D7: 4C 8B A5 00 01 00 00 - mov r12,[rbp+00000100] CrimsonDesert.exe+22549DE: 48 8B 7D 58 - mov rdi,[rbp+58] CrimsonDesert.exe+22549E2: 48 8B 07 - mov rax,[rdi] } 131 "(non-equipped only) Duplicate abyss gear when extracted - Step 1" Auto Assembler Script { Generated by AOBMaker, bbfox@https://opencheattables.com Date : 2026/04/02 } [ENABLE] aobscanmodule(KEEP_UNEMBED_ABYSS_GEAR_NONEQ_1,$process,89 ?? 11 0F B7 ?? 24 ?? 66 89 ?? 11 04 ?? 8B ?? 58 ?? 88 ?? 10 04 ?? FF) // raw AOB: EB ?? C7 44 24 60 FF FF 00 00 C6 44 24 64 FF 40 38 77 68 77 ?? 8B 05 ?? ?? ?? ?? EB ?? 39 77 60 77 ?? 8B 05 ?? ?? ?? ?? 85 C0 0F 85 ?? ?? ?? ?? 48 8D 0C 76 48 8D 14 09 48 8B 4F 58 8B 44 24 60 89 04 11 0F B7 44 24 64 66 89 44 11 04 48 8B 47 58 40 88 74 10 04 48 FF C3 E9 ?? ?? ?? ?? 48 8B 5C 24 20 48 8B 03 33 D2 48 8B CB FF 50 20 80 7C 24 28 01 75 ?? B8 FF FF FF FF F0 0F C1 43 08 48 8B 5C 24 20 83 F8 01 // injection point AOB: 89 ?? 11 0F B7 ?? 24 ?? 66 89 ?? 11 04 ?? 8B ?? 58 ?? 88 ?? 10 04 ?? FF ?? E9 ?? ?? ?? ?? ?? 8B ?? 24 ?? ?? 8B ?? 33 ?? ?? 8B ?? FF ?? 20 80 ?? ?? ?? 01 75 ?? ?? FF FF FF FF F0 0F C1 ?? 08 ?? 8B ?? 24 ?? 83 ?? 01 alloc(KEEP_UNEMBED_ABYSS_GEAR_NONEQ_1o, $8) KEEP_UNEMBED_ABYSS_GEAR_NONEQ_1o: readmem(KEEP_UNEMBED_ABYSS_GEAR_NONEQ_1, $8) KEEP_UNEMBED_ABYSS_GEAR_NONEQ_1: nop 3 registersymbol(KEEP_UNEMBED_ABYSS_GEAR_NONEQ_1 KEEP_UNEMBED_ABYSS_GEAR_NONEQ_1o) [DISABLE] KEEP_UNEMBED_ABYSS_GEAR_NONEQ_1: readmem(KEEP_UNEMBED_ABYSS_GEAR_NONEQ_1o, $8) unregistersymbol(KEEP_UNEMBED_ABYSS_GEAR_NONEQ_1 KEEP_UNEMBED_ABYSS_GEAR_NONEQ_1o) dealloc(KEEP_UNEMBED_ABYSS_GEAR_NONEQ_1o) { // ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+75FB7A CrimsonDesert.exe+75FB3A: EB C1 - jmp CrimsonDesert.exe+75FAFD CrimsonDesert.exe+75FB3C: C7 44 24 60 FF FF 00 00 - mov [rsp+60],0000FFFF CrimsonDesert.exe+75FB44: C6 44 24 64 FF - mov byte ptr [rsp+64],-01 CrimsonDesert.exe+75FB49: 40 38 77 68 - cmp [rdi+68],sil CrimsonDesert.exe+75FB4D: 77 08 - ja CrimsonDesert.exe+75FB57 CrimsonDesert.exe+75FB4F: 8B 05 4B CC 4F 05 - mov eax,[CrimsonDesert.exe+5C5C7A0] CrimsonDesert.exe+75FB55: EB 0B - jmp CrimsonDesert.exe+75FB62 CrimsonDesert.exe+75FB57: 39 77 60 - cmp [rdi+60],esi CrimsonDesert.exe+75FB5A: 77 0E - ja CrimsonDesert.exe+75FB6A CrimsonDesert.exe+75FB5C: 8B 05 3A CC 4F 05 - mov eax,[CrimsonDesert.exe+5C5C79C] CrimsonDesert.exe+75FB62: 85 C0 - test eax,eax CrimsonDesert.exe+75FB64: 0F 85 88 00 00 00 - jne CrimsonDesert.exe+75FBF2 CrimsonDesert.exe+75FB6A: 48 8D 0C 76 - lea rcx,[rsi+rsi*2] CrimsonDesert.exe+75FB6E: 48 8D 14 09 - lea rdx,[rcx+rcx] CrimsonDesert.exe+75FB72: 48 8B 4F 58 - mov rcx,[rdi+58] CrimsonDesert.exe+75FB76: 8B 44 24 60 - mov eax,[rsp+60] // ---------- INJECTING HERE ---------- CrimsonDesert.exe+75FB7A: 89 04 11 - mov [rcx+rdx],eax // ---------- DONE INJECTING ---------- CrimsonDesert.exe+75FB7D: 0F B7 44 24 64 - movzx eax,word ptr [rsp+64] CrimsonDesert.exe+75FB82: 66 89 44 11 04 - mov [rcx+rdx+04],ax CrimsonDesert.exe+75FB87: 48 8B 47 58 - mov rax,[rdi+58] CrimsonDesert.exe+75FB8B: 40 88 74 10 04 - mov [rax+rdx+04],sil CrimsonDesert.exe+75FB90: 48 FF C3 - inc rbx CrimsonDesert.exe+75FB93: E9 65 FF FF FF - jmp CrimsonDesert.exe+75FAFD CrimsonDesert.exe+75FB98: 48 8B 5C 24 20 - mov rbx,[rsp+20] CrimsonDesert.exe+75FB9D: 48 8B 03 - mov rax,[rbx] CrimsonDesert.exe+75FBA0: 33 D2 - xor edx,edx CrimsonDesert.exe+75FBA2: 48 8B CB - mov rcx,rbx CrimsonDesert.exe+75FBA5: FF 50 20 - call qword ptr [rax+20] CrimsonDesert.exe+75FBA8: 80 7C 24 28 01 - cmp byte ptr [rsp+28],01 CrimsonDesert.exe+75FBAD: 75 35 - jne CrimsonDesert.exe+75FBE4 CrimsonDesert.exe+75FBAF: B8 FF FF FF FF - mov eax,FFFFFFFF CrimsonDesert.exe+75FBB4: F0 0F C1 43 08 - lock xadd [rbx+08],eax CrimsonDesert.exe+75FBB9: 48 8B 5C 24 20 - mov rbx,[rsp+20] } 132 "Duplicate abyss gear when extracted - Step 2" Auto Assembler Script { Generated by AOBMaker, bbfox@https://opencheattables.com Date : 2026/04/02 } [ENABLE] aobscanmodule(KEEP_UNEMBED_ABYSS_GEAR_NONEQ_2,$process,89 ?? 51 0F B7 ?? ?? 66 89 ?? 51 04 ?? 8B) // raw AOB: EB ?? C7 45 90 FF FF 00 00 C6 45 94 FF 44 38 6F 68 77 ?? 8B 1D ?? ?? ?? ?? EB ?? 44 39 6F 60 77 ?? 8B 1D ?? ?? ?? ?? 85 DB 75 ?? 4A 8D 14 6D 00 00 00 00 49 03 D5 48 8B 4F 58 8B 45 90 89 04 51 0F B7 45 94 66 89 44 51 04 48 8B 47 58 44 88 6C 50 04 41 8B DF EB ?? 8B 1D ?? ?? ?? ?? 49 FF C4 4D 3B E6 0F 85 ?? ?? ?? ?? 48 8B 75 30 4C 8B 74 24 50 4C 8B 7C 24 40 41 BC FF FF FF FF 4C 8B AD F8 00 00 00 48 8B 7D 50 48 8B 07 // injection point AOB: 89 ?? 51 0F B7 ?? ?? 66 89 ?? 51 04 ?? 8B ?? 58 ?? 88 ?? ?? 04 ?? 8B ?? EB ?? 8B ?? ?? ?? ?? ?? ?? FF ?? ?? 3B ?? 0F 85 ?? ?? ?? ?? ?? 8B ?? ?? ?? 8B ?? 24 ?? ?? 8B ?? 24 ?? ?? ?? FF FF FF FF ?? 8B ?? ?? 00 00 00 ?? 8B ?? ?? ?? 8B alloc(KEEP_UNEMBED_ABYSS_GEAR_NONEQ_2o, $7) KEEP_UNEMBED_ABYSS_GEAR_NONEQ_2o: readmem(KEEP_UNEMBED_ABYSS_GEAR_NONEQ_2, $7) KEEP_UNEMBED_ABYSS_GEAR_NONEQ_2: nop 3 registersymbol(KEEP_UNEMBED_ABYSS_GEAR_NONEQ_2 KEEP_UNEMBED_ABYSS_GEAR_NONEQ_2o) [DISABLE] KEEP_UNEMBED_ABYSS_GEAR_NONEQ_2: readmem(KEEP_UNEMBED_ABYSS_GEAR_NONEQ_2o, $7) unregistersymbol(KEEP_UNEMBED_ABYSS_GEAR_NONEQ_2 KEEP_UNEMBED_ABYSS_GEAR_NONEQ_2o) dealloc(KEEP_UNEMBED_ABYSS_GEAR_NONEQ_2o) { // ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+2253958 CrimsonDesert.exe+225391B: EB 5B - jmp CrimsonDesert.exe+2253978 CrimsonDesert.exe+225391D: C7 45 90 FF FF 00 00 - mov [rbp-70],0000FFFF CrimsonDesert.exe+2253924: C6 45 94 FF - mov byte ptr [rbp-6C],-01 CrimsonDesert.exe+2253928: 44 38 6F 68 - cmp [rdi+68],r13b CrimsonDesert.exe+225392C: 77 08 - ja CrimsonDesert.exe+2253936 CrimsonDesert.exe+225392E: 8B 1D 6C 8E A0 03 - mov ebx,[CrimsonDesert.exe+5C5C7A0] CrimsonDesert.exe+2253934: EB 0C - jmp CrimsonDesert.exe+2253942 CrimsonDesert.exe+2253936: 44 39 6F 60 - cmp [rdi+60],r13d CrimsonDesert.exe+225393A: 77 0A - ja CrimsonDesert.exe+2253946 CrimsonDesert.exe+225393C: 8B 1D 5A 8E A0 03 - mov ebx,[CrimsonDesert.exe+5C5C79C] CrimsonDesert.exe+2253942: 85 DB - test ebx,ebx CrimsonDesert.exe+2253944: 75 32 - jne CrimsonDesert.exe+2253978 CrimsonDesert.exe+2253946: 4A 8D 14 6D 00 00 00 00 - lea rdx,[r13*2+00000000] CrimsonDesert.exe+225394E: 49 03 D5 - add rdx,r13 CrimsonDesert.exe+2253951: 48 8B 4F 58 - mov rcx,[rdi+58] CrimsonDesert.exe+2253955: 8B 45 90 - mov eax,[rbp-70] // ---------- INJECTING HERE ---------- CrimsonDesert.exe+2253958: 89 04 51 - mov [rcx+rdx*2],eax // ---------- DONE INJECTING ---------- CrimsonDesert.exe+225395B: 0F B7 45 94 - movzx eax,word ptr [rbp-6C] CrimsonDesert.exe+225395F: 66 89 44 51 04 - mov [rcx+rdx*2+04],ax CrimsonDesert.exe+2253964: 48 8B 47 58 - mov rax,[rdi+58] CrimsonDesert.exe+2253968: 44 88 6C 50 04 - mov [rax+rdx*2+04],r13b CrimsonDesert.exe+225396D: 41 8B DF - mov ebx,r15d CrimsonDesert.exe+2253970: EB 06 - jmp CrimsonDesert.exe+2253978 CrimsonDesert.exe+2253972: 8B 1D 74 8C A0 03 - mov ebx,[CrimsonDesert.exe+5C5C5EC] CrimsonDesert.exe+2253978: 49 FF C4 - inc r12 CrimsonDesert.exe+225397B: 4D 3B E6 - cmp r12,r14 CrimsonDesert.exe+225397E: 0F 85 5C FF FF FF - jne CrimsonDesert.exe+22538E0 CrimsonDesert.exe+2253984: 48 8B 75 30 - mov rsi,[rbp+30] CrimsonDesert.exe+2253988: 4C 8B 74 24 50 - mov r14,[rsp+50] CrimsonDesert.exe+225398D: 4C 8B 7C 24 40 - mov r15,[rsp+40] CrimsonDesert.exe+2253992: 41 BC FF FF FF FF - mov r12d,FFFFFFFF CrimsonDesert.exe+2253998: 4C 8B AD F8 00 00 00 - mov r13,[rbp+000000F8] CrimsonDesert.exe+225399F: 48 8B 7D 50 - mov rdi,[rbp+50] } 133 "(all) embed and destory the abyss gear" Auto Assembler Script { Generated by AOBMaker, bbfox@https://opencheattables.com Date : 2026/04/02 } [ENABLE] aobscanmodule(INJECT_REMOVE_EMBED_ABYSS_GEAR,$process,89 ?? 11 0F B7 ?? 24 ?? 66 89 ?? 11 04 ?? 8B ?? 58 ?? 88 ?? 10 04 ?? 8B) // raw AOB: C6 44 24 34 FF 40 38 6E 68 77 ?? 8B 05 ?? ?? ?? ?? EB ?? 39 6E 60 77 ?? 8B 05 ?? ?? ?? ?? 85 C0 75 ?? 8B 44 24 30 48 8D 0C 6D 00 00 00 00 48 03 CD C7 07 00 00 00 00 48 8D 14 09 48 8B 4E 58 89 04 11 0F B7 44 24 34 66 89 44 11 04 48 8B 46 58 40 88 6C 10 04 48 8B 5C 24 38 48 8B C7 48 8B 6C 24 40 48 8B 74 24 48 48 83 C4 20 5F C3 CC CC CC CC CC CC // injection point AOB: 89 ?? 11 0F B7 ?? 24 ?? 66 89 ?? 11 04 ?? 8B ?? 58 ?? 88 ?? 10 04 ?? 8B ?? 24 ?? ?? 8B ?? ?? 8B ?? ?? ?? ?? 8B ?? 24 ?? 48 83 C4 20 ?? C3 CC CC CC CC CC CC alloc(newmem,$1000) alloc(INJECT_REMOVE_EMBED_ABYSS_GEARo, $11) label(code) label(return) INJECT_REMOVE_EMBED_ABYSS_GEARo: readmem(INJECT_REMOVE_EMBED_ABYSS_GEAR, $11) newmem: mov eax, 0FFFF code: // mov [rcx+rdx],eax reassemble(INJECT_REMOVE_EMBED_ABYSS_GEAR) // movzx eax,word ptr [rsp+34] reassemble(INJECT_REMOVE_EMBED_ABYSS_GEAR+3) // mov [rcx+rdx+04],ax reassemble(INJECT_REMOVE_EMBED_ABYSS_GEAR+8) // mov rax,[rsi+58] reassemble(INJECT_REMOVE_EMBED_ABYSS_GEAR+D) jmp far return align 10 cc INJECT_REMOVE_EMBED_ABYSS_GEAR: jmp far newmem nop 3 return: registersymbol(INJECT_REMOVE_EMBED_ABYSS_GEAR INJECT_REMOVE_EMBED_ABYSS_GEARo) [DISABLE] INJECT_REMOVE_EMBED_ABYSS_GEAR: readmem(INJECT_REMOVE_EMBED_ABYSS_GEARo, $11) unregistersymbol(INJECT_REMOVE_EMBED_ABYSS_GEAR INJECT_REMOVE_EMBED_ABYSS_GEARo) dealloc(newmem) dealloc(INJECT_REMOVE_EMBED_ABYSS_GEARo) { // ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+1D3DE9C CrimsonDesert.exe+1D3DE5D: C6 44 24 34 FF - mov byte ptr [rsp+34],-01 CrimsonDesert.exe+1D3DE62: 40 38 6E 68 - cmp [rsi+68],bpl CrimsonDesert.exe+1D3DE66: 77 08 - ja CrimsonDesert.exe+1D3DE70 CrimsonDesert.exe+1D3DE68: 8B 05 32 E9 F1 03 - mov eax,[CrimsonDesert.exe+5C5C7A0] CrimsonDesert.exe+1D3DE6E: EB 0B - jmp CrimsonDesert.exe+1D3DE7B CrimsonDesert.exe+1D3DE70: 39 6E 60 - cmp [rsi+60],ebp CrimsonDesert.exe+1D3DE73: 77 0A - ja CrimsonDesert.exe+1D3DE7F CrimsonDesert.exe+1D3DE75: 8B 05 21 E9 F1 03 - mov eax,[CrimsonDesert.exe+5C5C79C] CrimsonDesert.exe+1D3DE7B: 85 C0 - test eax,eax CrimsonDesert.exe+1D3DE7D: 75 BB - jne CrimsonDesert.exe+1D3DE3A CrimsonDesert.exe+1D3DE7F: 8B 44 24 30 - mov eax,[rsp+30] CrimsonDesert.exe+1D3DE83: 48 8D 0C 6D 00 00 00 00 - lea rcx,[rbp*2+00000000] CrimsonDesert.exe+1D3DE8B: 48 03 CD - add rcx,rbp CrimsonDesert.exe+1D3DE8E: C7 07 00 00 00 00 - mov [rdi],00000000 CrimsonDesert.exe+1D3DE94: 48 8D 14 09 - lea rdx,[rcx+rcx] CrimsonDesert.exe+1D3DE98: 48 8B 4E 58 - mov rcx,[rsi+58] // ---------- INJECTING HERE ---------- CrimsonDesert.exe+1D3DE9C: 89 04 11 - mov [rcx+rdx],eax // ---------- DONE INJECTING ---------- CrimsonDesert.exe+1D3DE9F: 0F B7 44 24 34 - movzx eax,word ptr [rsp+34] CrimsonDesert.exe+1D3DEA4: 66 89 44 11 04 - mov [rcx+rdx+04],ax CrimsonDesert.exe+1D3DEA9: 48 8B 46 58 - mov rax,[rsi+58] CrimsonDesert.exe+1D3DEAD: 40 88 6C 10 04 - mov [rax+rdx+04],bpl CrimsonDesert.exe+1D3DEB2: 48 8B 5C 24 38 - mov rbx,[rsp+38] CrimsonDesert.exe+1D3DEB7: 48 8B C7 - mov rax,rdi CrimsonDesert.exe+1D3DEBA: 48 8B 6C 24 40 - mov rbp,[rsp+40] CrimsonDesert.exe+1D3DEBF: 48 8B 74 24 48 - mov rsi,[rsp+48] CrimsonDesert.exe+1D3DEC4: 48 83 C4 20 - add rsp,20 CrimsonDesert.exe+1D3DEC8: 5F - pop rdi CrimsonDesert.exe+1D3DEC9: C3 - ret CrimsonDesert.exe+1D3DECA: CC - int 3 CrimsonDesert.exe+1D3DECB: CC - int 3 CrimsonDesert.exe+1D3DECC: CC - int 3 CrimsonDesert.exe+1D3DECD: CC - int 3 CrimsonDesert.exe+1D3DECE: CC - int 3 } 134 "inf. weapon polishing durability" Auto Assembler Script { Generated by AOBMaker, bbfox@https://opencheattables.com Date : 2026/04/02 } [ENABLE] aobscanmodule(INF_WEAPON_POLISHING,$process,66 89 ?? 50 ?? 8B ?? 24 ?? ?? 8B ?? 33 ??) // raw AOB: 7E ?? 66 41 03 FE 66 45 85 F6 79 ?? 66 44 3B E7 66 41 0F 4F FC EB ?? 66 3B F9 75 ?? 44 89 26 E9 ?? ?? ?? ?? 48 8D 4B 08 E8 ?? ?? ?? ?? 0F B7 88 F8 02 00 00 66 3B CF 66 0F 4C F9 66 89 7B 50 48 8B 5C 24 20 48 8B 03 33 D2 48 8B CB FF 50 20 80 7C 24 28 01 75 ?? B8 FF FF FF FF F0 0F C1 43 08 48 8B 5C 24 20 83 F8 01 75 ?? 8B 43 0C C1 E8 1E A8 01 74 ?? 48 8B 03 // injection point AOB: 66 89 ?? 50 ?? 8B ?? 24 ?? ?? 8B ?? 33 ?? ?? 8B ?? FF ?? 20 80 ?? ?? ?? 01 75 ?? ?? FF FF FF FF F0 0F C1 ?? 08 ?? 8B ?? 24 ?? 83 ?? 01 75 ?? 8B ?? 0C C1 ?? 1E A8 01 74 ?? ?? 8B alloc(newmem,$1000) alloc(INF_WEAPON_POLISHINGo, $E) label(code) label(return) INF_WEAPON_POLISHINGo: readmem(INF_WEAPON_POLISHING, $E) newmem: cmp [rbx+50],di jge skip_dec code: // mov [rbx+50],di reassemble(INF_WEAPON_POLISHING) skip_dec: // mov rbx,[rsp+20] reassemble(INF_WEAPON_POLISHING+4) // mov rax,[rbx] reassemble(INF_WEAPON_POLISHING+9) // xor edx,edx reassemble(INF_WEAPON_POLISHING+C) jmp far return align 10 cc i_aob_base_addr_841280: dq 0 i_aob_offset_841280: dq 0 INF_WEAPON_POLISHING: jmp far newmem return: registersymbol(INF_WEAPON_POLISHING INF_WEAPON_POLISHINGo) [DISABLE] INF_WEAPON_POLISHING: readmem(INF_WEAPON_POLISHINGo, $E) unregistersymbol(INF_WEAPON_POLISHING INF_WEAPON_POLISHINGo) dealloc(newmem) dealloc(INF_WEAPON_POLISHINGo) { // ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+1A6D551 CrimsonDesert.exe+1A6D516: 7E 1A - jle CrimsonDesert.exe+1A6D532 CrimsonDesert.exe+1A6D518: 66 41 03 FE - add di,r14w CrimsonDesert.exe+1A6D51C: 66 45 85 F6 - test r14w,r14w CrimsonDesert.exe+1A6D520: 79 18 - jns CrimsonDesert.exe+1A6D53A CrimsonDesert.exe+1A6D522: 66 44 3B E7 - cmp r12w,di CrimsonDesert.exe+1A6D526: 66 41 0F 4F FC - cmovg di,r12w CrimsonDesert.exe+1A6D52B: EB 24 - jmp CrimsonDesert.exe+1A6D551 CrimsonDesert.exe+1A6D52D: 66 3B F9 - cmp di,cx CrimsonDesert.exe+1A6D530: 75 E6 - jne CrimsonDesert.exe+1A6D518 CrimsonDesert.exe+1A6D532: 44 89 26 - mov [rsi],r12d CrimsonDesert.exe+1A6D535: E9 19 FF FF FF - jmp CrimsonDesert.exe+1A6D453 CrimsonDesert.exe+1A6D53A: 48 8D 4B 08 - lea rcx,[rbx+08] CrimsonDesert.exe+1A6D53E: E8 BD 91 86 FE - call CrimsonDesert.exe+2D6700 CrimsonDesert.exe+1A6D543: 0F B7 88 F8 02 00 00 - movzx ecx,word ptr [rax+000002F8] CrimsonDesert.exe+1A6D54A: 66 3B CF - cmp cx,di CrimsonDesert.exe+1A6D54D: 66 0F 4C F9 - cmovl di,cx // ---------- INJECTING HERE ---------- CrimsonDesert.exe+1A6D551: 66 89 7B 50 - mov [rbx+50],di // ---------- DONE INJECTING ---------- CrimsonDesert.exe+1A6D555: 48 8B 5C 24 20 - mov rbx,[rsp+20] CrimsonDesert.exe+1A6D55A: 48 8B 03 - mov rax,[rbx] CrimsonDesert.exe+1A6D55D: 33 D2 - xor edx,edx CrimsonDesert.exe+1A6D55F: 48 8B CB - mov rcx,rbx CrimsonDesert.exe+1A6D562: FF 50 20 - call qword ptr [rax+20] CrimsonDesert.exe+1A6D565: 80 7C 24 28 01 - cmp byte ptr [rsp+28],01 CrimsonDesert.exe+1A6D56A: 75 35 - jne CrimsonDesert.exe+1A6D5A1 CrimsonDesert.exe+1A6D56C: B8 FF FF FF FF - mov eax,FFFFFFFF CrimsonDesert.exe+1A6D571: F0 0F C1 43 08 - lock xadd [rbx+08],eax CrimsonDesert.exe+1A6D576: 48 8B 5C 24 20 - mov rbx,[rsp+20] CrimsonDesert.exe+1A6D57B: 83 F8 01 - cmp eax,01 CrimsonDesert.exe+1A6D57E: 75 13 - jne CrimsonDesert.exe+1A6D593 CrimsonDesert.exe+1A6D580: 8B 43 0C - mov eax,[rbx+0C] CrimsonDesert.exe+1A6D583: C1 E8 1E - shr eax,1E CrimsonDesert.exe+1A6D586: A8 01 - test al,01 CrimsonDesert.exe+1A6D588: 74 09 - je CrimsonDesert.exe+1A6D593 } 140 "(buggy) Fast enemy kill / char HP full - check pt. 2" Auto Assembler Script { Generated by AOBMaker, bbfox@https://opencheattables.com Date : 2026/03/29 } [ENABLE] aobscanmodule(INJECT_FAST_ENEMY_KILL,$process,?? 89 ?? 24 08 ?? 0F 4C ?? 66 ?? 89 ?? 24 50) // raw AOB: 48 89 6C 24 60 41 0F B6 6F 4B 48 89 74 24 28 41 0F B7 77 48 4C 89 74 24 20 4D 8B 77 50 66 45 89 2C 24 49 89 44 24 10 41 BD 94 80 00 00 44 2B 2D ?? ?? ?? ?? 4A 8D 04 2C 49 89 4C 24 30 4A 8D 0C 02 49 39 C9 4D 89 5C 24 38 4D 8D 5C 24 28 4D 89 4C 24 08 49 0F 4C C9 66 41 89 74 24 50 48 8B 74 24 28 49 39 CA 41 88 6C 24 53 48 8B 6C 24 60 49 0F 4D C3 4D 89 74 24 40 4C 8B 74 24 20 49 89 54 24 18 4D 89 44 24 20 4D 89 13 41 88 7C 24 52 49 89 5C 24 48 48 89 4C 24 70 48 8B 00 // injection point AOB: ?? 89 ?? 24 08 ?? 0F 4C ?? 66 ?? 89 ?? 24 50 ?? 8B ?? 24 ?? ?? 39 ?? ?? 88 ?? 24 53 ?? 8B ?? ?? ?? ?? 0F 4D ?? ?? 89 ?? 24 40 ?? 8B ?? 24 ?? ?? 89 ?? 24 18 ?? 89 ?? 24 20 ?? 89 ?? ?? 88 ?? 24 52 ?? 89 ?? 24 48 ?? 89 ?? 24 ?? ?? 8B alloc(newmem,$1000) alloc(INJECT_FAST_ENEMY_KILLo, $F) label(code) label(return) label(i_fek_max_hp_threshold1 i_fek_min_hp_threshold1) label(i_fast_skip_data_1_1 i_fast_skip_data_1_2) INJECT_FAST_ENEMY_KILLo: readmem(INJECT_FAST_ENEMY_KILL, $F) newmem: cmp dword ptr [r12+A0], 0 je code cmp qword ptr [r12+8], 0 je code { push r15 mov r15, [i_fast_skip_data_1_1] cmp [r12+08], r15 pop r15 je chk_next push r15 mov r15, [i_fast_skip_data_1_2] cmp [r12+08], r15 pop r15 je chk_next } //cmp dword ptr [r12+70], 0 //je to_enemy push r15 mov r15, [i_fek_max_hp_threshold1] cmp dword ptr [r12+18], r15 pop r15 jae short @F cmp dword ptr [r12+A0], 64 je short chk_next cmp dword ptr [r12+10], 64 je short chk_next cmp dword ptr [r12+10], #4000 // 10000 ~ 100000 jge short chk_next cmp dword ptr [r12+10], #-1500 jle short chk_next push r15 mov r15, [i_fek_min_hp_threshold1] cmp dword ptr [r12+18], r15 pop r15 jbe short @F cmp dword ptr [r12+10], #1000 je short chk_next //cmp dword ptr [r12+A0], #100 //jae short chk_next @@: cmp dword ptr [r12+A4], -1 ja short code to_enemy: cmp qword ptr [r12+08], #1000 jbe short code mov r9, 0 cmp r9, rcx mov [r12+08],r9 jmp short code chk_next: // fill data full // natural (0) or player (100) //cmp dword ptr [r12+A0], #100 //jne short code mov r9, [r12+18] cmp r9, rcx code: // mov [r12+08],r9 reassemble(INJECT_FAST_ENEMY_KILL) // cmovl rcx,r9 reassemble(INJECT_FAST_ENEMY_KILL+5) // mov [r12+50],si reassemble(INJECT_FAST_ENEMY_KILL+9) jmp far return align 10 cc vf_m500: dd (float)-500 vf_100: dd (float)100 i_fek_max_hp_threshold1: dq #2000000 i_fek_min_hp_threshold1: dq #299000 i_fast_skip_data_1_1: dq 0 i_fast_skip_data_1_2: dq 0 INJECT_FAST_ENEMY_KILL: jmp far newmem nop 1 return: registersymbol(INJECT_FAST_ENEMY_KILL INJECT_FAST_ENEMY_KILLo) registersymbol(i_fek_max_hp_threshold1 i_fek_min_hp_threshold1) registersymbol(i_fast_skip_data_1_1 i_fast_skip_data_1_2) [DISABLE] INJECT_FAST_ENEMY_KILL: readmem(INJECT_FAST_ENEMY_KILLo, $F) unregistersymbol(INJECT_FAST_ENEMY_KILL INJECT_FAST_ENEMY_KILLo) unregistersymbol(i_fek_max_hp_threshold1 i_fek_min_hp_threshold1) unregistersymbol(i_fast_skip_data_1_1 i_fast_skip_data_1_2) dealloc(newmem) dealloc(INJECT_FAST_ENEMY_KILLo) { // ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+C456059 CrimsonDesert.exe+C45600B: 48 89 6C 24 60 - mov [rsp+60],rbp CrimsonDesert.exe+C456010: 41 0F B6 6F 4B - movzx ebp,byte ptr [r15+4B] CrimsonDesert.exe+C456015: 48 89 74 24 28 - mov [rsp+28],rsi CrimsonDesert.exe+C45601A: 41 0F B7 77 48 - movzx esi,word ptr [r15+48] CrimsonDesert.exe+C45601F: 4C 89 74 24 20 - mov [rsp+20],r14 CrimsonDesert.exe+C456024: 4D 8B 77 50 - mov r14,[r15+50] CrimsonDesert.exe+C456028: 66 45 89 2C 24 - mov [r12],r13w CrimsonDesert.exe+C45602D: 49 89 44 24 10 - mov [r12+10],rax CrimsonDesert.exe+C456032: 41 BD 94 80 00 00 - mov r13d,00008094 CrimsonDesert.exe+C456038: 44 2B 2D 29 20 C1 FA - sub r13d,[CrimsonDesert.exe+7068068] CrimsonDesert.exe+C45603F: 4A 8D 04 2C - lea rax,[rsp+r13] CrimsonDesert.exe+C456043: 49 89 4C 24 30 - mov [r12+30],rcx CrimsonDesert.exe+C456048: 4A 8D 0C 02 - lea rcx,[rdx+r8] CrimsonDesert.exe+C45604C: 49 39 C9 - cmp r9,rcx CrimsonDesert.exe+C45604F: 4D 89 5C 24 38 - mov [r12+38],r11 CrimsonDesert.exe+C456054: 4D 8D 5C 24 28 - lea r11,[r12+28] // ---------- INJECTING HERE ---------- CrimsonDesert.exe+C456059: 4D 89 4C 24 08 - mov [r12+08],r9 // ---------- DONE INJECTING ---------- CrimsonDesert.exe+C45605E: 49 0F 4C C9 - cmovl rcx,r9 CrimsonDesert.exe+C456062: 66 41 89 74 24 50 - mov [r12+50],si CrimsonDesert.exe+C456068: 48 8B 74 24 28 - mov rsi,[rsp+28] CrimsonDesert.exe+C45606D: 49 39 CA - cmp r10,rcx CrimsonDesert.exe+C456070: 41 88 6C 24 53 - mov [r12+53],bpl CrimsonDesert.exe+C456075: 48 8B 6C 24 60 - mov rbp,[rsp+60] CrimsonDesert.exe+C45607A: 49 0F 4D C3 - cmovge rax,r11 CrimsonDesert.exe+C45607E: 4D 89 74 24 40 - mov [r12+40],r14 CrimsonDesert.exe+C456083: 4C 8B 74 24 20 - mov r14,[rsp+20] CrimsonDesert.exe+C456088: 49 89 54 24 18 - mov [r12+18],rdx CrimsonDesert.exe+C45608D: 4D 89 44 24 20 - mov [r12+20],r8 CrimsonDesert.exe+C456092: 4D 89 13 - mov [r11],r10 CrimsonDesert.exe+C456095: 41 88 7C 24 52 - mov [r12+52],dil CrimsonDesert.exe+C45609A: 49 89 5C 24 48 - mov [r12+48],rbx CrimsonDesert.exe+C45609F: 48 89 4C 24 70 - mov [rsp+70],rcx CrimsonDesert.exe+C4560A4: 48 8B 00 - mov rax,[rax] } 141 "disable when in boss fight / enemy inf. HP" 8000FF 1 142 "min HP threshold to set as boss" 0 C08000 8 Bytes

i_fek_max_hp_threshold1

143 "min HP to check as enemy/animal" 0 C08000 4 Bytes

i_fek_min_hp_threshold1

144 "(buggy) Fast enemy kill / char HP full - check pt. 1" Auto Assembler Script { Generated by AOBMaker, bbfox@https://opencheattables.com Date : 2026/03/29 } [ENABLE] aobscanmodule(INJECT_FAST_ENEMY_KILL_CHK2,$process,?? 89 ?? 08 ?? 8B ?? 24 ?? ?? 89 ?? 38 66 89 ?? 50) // raw AOB: 4C 8D 4C 24 58 49 89 F0 48 8D 54 24 40 48 89 F9 E8 ?? ?? ?? ?? 48 8B 4F 30 48 39 08 7C ?? C6 47 52 00 31 D2 48 89 D8 48 2B 47 18 48 39 5F 18 48 0F 4F C2 48 89 47 20 48 FF 47 48 48 89 5F 08 48 8B 5C 24 48 48 89 77 38 66 89 6F 50 48 83 C4 20 5F 5E 5D C3 CC 0F 1F 00 48 89 5C 24 10 48 89 7C 24 20 55 48 89 E5 48 83 EC 50 48 89 D3 48 8B 51 18 // injection point AOB: ?? 89 ?? 08 ?? 8B ?? 24 ?? ?? 89 ?? 38 66 89 ?? 50 48 83 C4 20 ?? ?? 5D C3 CC 0F 1F ?? ?? 89 ?? 24 ?? ?? 89 ?? 24 ?? 55 ?? 89 ?? 48 83 EC 50 ?? 89 ?? ?? 8B ?? 18 alloc(newmem,$1000) alloc(INJECT_FAST_ENEMY_KILL_CHK2o, $11) label(code) label(return) label(i_fek_max_hp_threshold2 i_fek_min_hp_threshold2) label(i_fast_skip_data_1 i_fast_skip_data_2 i_fast_skip_data_3 i_fast_skip_data_4) INJECT_FAST_ENEMY_KILL_CHK2o: readmem(INJECT_FAST_ENEMY_KILL_CHK2, $11) newmem: cmp dword ptr [rdi+A0], 0 je code cmp qword ptr [rdi+08], 0 je code { push r15 mov r15, [i_fast_skip_data_1] cmp [rdi+08], r15 pop r15 je force_set push r15 mov r15, [i_fast_skip_data_2] cmp [rdi+08], r15 pop r15 je force_set push r15 mov r15, [i_fast_skip_data_3] cmp [rdi+08], r15 pop r15 je force_set push r15 mov r15, [i_fast_skip_data_4] cmp [rdi+08], r15 pop r15 je force_set } cmp dword ptr [rdi+70], 0 je to_enemy jmp short chk_next { push r15 mov r15, [i_fek_max_hp_threshold2] cmp dword ptr [rdi+18], r15 pop r15 jae short @F cmp dword ptr [rdi+A0], 64 je short chk_next cmp qword ptr [rdi+10], 64 // Spirit delta je short chk_next cmp qword ptr [rdi+10], #4000 // Sta delta jge short chk_next //cmp QWORD PTR [rdi+10], fffffffffffffa24 //cmp qword ptr [rdi+10], #-1500 // Sta delta db 48 81 7f 10 24 fa ff ff jle short chk_next push r15 mov r15, [i_fek_min_hp_threshold2] cmp dword ptr [rdi+18], r15 pop r15 jbe short @F cmp dword ptr [rdi+10], #1000 // HP delta je short chk_next //cmp dword ptr [rdi+A4], #100 //jae short chk_next @@: cmp dword ptr [rdi+A4], -1 ja short code } to_enemy: cmp qword ptr [rdi+08], #1000 jbe short code mov rbx, 0 mov [rdi+08],rbx jmp short code chk_next: // natural (0) or player (100) mov qword ptr [rdi+10], #100000 mov rbx, [rdi+18] jmp short code force_set: //cmp [rdi+08],rbx //jb @F mov rbx, #1850000 //mov rbx, [rdi+18] //mov [rdi+08],rbx code: // mov [rdi+08],rbx reassemble(INJECT_FAST_ENEMY_KILL_CHK2) // mov rbx,[rsp+48] reassemble(INJECT_FAST_ENEMY_KILL_CHK2+4) // mov [rdi+38],rsi reassemble(INJECT_FAST_ENEMY_KILL_CHK2+9) // mov [rdi+50],bp reassemble(INJECT_FAST_ENEMY_KILL_CHK2+D) jmp far return align 10 cc i_fek_max_hp_threshold2: dq #2000000 i_fek_min_hp_threshold2: dq #299000 i_fast_skip_data_1: dq 0 i_fast_skip_data_2: dq 0 i_fast_skip_data_3: dq 0 i_fast_skip_data_4: dq 0 INJECT_FAST_ENEMY_KILL_CHK2: jmp far newmem nop 3 return: registersymbol(INJECT_FAST_ENEMY_KILL_CHK2 INJECT_FAST_ENEMY_KILL_CHK2o) registersymbol(i_fek_max_hp_threshold2 i_fek_min_hp_threshold2) registersymbol(i_fast_skip_data_1 i_fast_skip_data_2 i_fast_skip_data_3 i_fast_skip_data_4) [DISABLE] INJECT_FAST_ENEMY_KILL_CHK2: readmem(INJECT_FAST_ENEMY_KILL_CHK2o, $11) unregistersymbol(INJECT_FAST_ENEMY_KILL_CHK2 INJECT_FAST_ENEMY_KILL_CHK2o) unregistersymbol(i_fek_max_hp_threshold2 i_fek_min_hp_threshold2) unregistersymbol(i_fast_skip_data_1 i_fast_skip_data_2 i_fast_skip_data_3 i_fast_skip_data_4) dealloc(newmem) dealloc(INJECT_FAST_ENEMY_KILL_CHK2o) { // ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+C489563 CrimsonDesert.exe+C489528: 4C 8D 4C 24 58 - lea r9,[rsp+58] CrimsonDesert.exe+C48952D: 49 89 F0 - mov r8,rsi CrimsonDesert.exe+C489530: 48 8D 54 24 40 - lea rdx,[rsp+40] CrimsonDesert.exe+C489535: 48 89 F9 - mov rcx,rdi CrimsonDesert.exe+C489538: E8 53 E3 E4 F4 - call CrimsonDesert.exe+12D7890 CrimsonDesert.exe+C48953D: 48 8B 4F 30 - mov rcx,[rdi+30] CrimsonDesert.exe+C489541: 48 39 08 - cmp [rax],rcx CrimsonDesert.exe+C489544: 7C 04 - jl CrimsonDesert.exe+C48954A CrimsonDesert.exe+C489546: C6 47 52 00 - mov byte ptr [rdi+52],00 CrimsonDesert.exe+C48954A: 31 D2 - xor edx,edx CrimsonDesert.exe+C48954C: 48 89 D8 - mov rax,rbx CrimsonDesert.exe+C48954F: 48 2B 47 18 - sub rax,[rdi+18] CrimsonDesert.exe+C489553: 48 39 5F 18 - cmp [rdi+18],rbx CrimsonDesert.exe+C489557: 48 0F 4F C2 - cmovg rax,rdx CrimsonDesert.exe+C48955B: 48 89 47 20 - mov [rdi+20],rax CrimsonDesert.exe+C48955F: 48 FF 47 48 - inc qword ptr [rdi+48] // ---------- INJECTING HERE ---------- CrimsonDesert.exe+C489563: 48 89 5F 08 - mov [rdi+08],rbx // ---------- DONE INJECTING ---------- CrimsonDesert.exe+C489567: 48 8B 5C 24 48 - mov rbx,[rsp+48] CrimsonDesert.exe+C48956C: 48 89 77 38 - mov [rdi+38],rsi CrimsonDesert.exe+C489570: 66 89 6F 50 - mov [rdi+50],bp CrimsonDesert.exe+C489574: 48 83 C4 20 - add rsp,20 CrimsonDesert.exe+C489578: 5F - pop rdi CrimsonDesert.exe+C489579: 5E - pop rsi CrimsonDesert.exe+C48957A: 5D - pop rbp CrimsonDesert.exe+C48957B: C3 - ret CrimsonDesert.exe+C48957C: CC - int 3 CrimsonDesert.exe+C48957D: 0F 1F 00 - nop dword ptr [rax] CrimsonDesert.exe+C489580: 48 89 5C 24 10 - mov [rsp+10],rbx CrimsonDesert.exe+C489585: 48 89 7C 24 20 - mov [rsp+20],rdi CrimsonDesert.exe+C48958A: 55 - push rbp CrimsonDesert.exe+C48958B: 48 89 E5 - mov rbp,rsp CrimsonDesert.exe+C48958E: 48 83 EC 50 - sub rsp,50 CrimsonDesert.exe+C489592: 48 89 D3 - mov rbx,rdx } 145 "disable when in boss fight / enemy inf. HP" 8000FF 1 146 "(buggy) Fast enemy kill / char HP full - check pt. 3" Auto Assembler Script { Generated by AOBMaker, bbfox@https://opencheattables.com Date : 2026/03/29 } [ENABLE] aobscanmodule(INJECT_FAST_ENEMY_KILL3,$process,?? 8B ?? ?? 89 ?? 24 08 ?? 8B ?? 24 ?? C7 ?? 00 00 00 00) // raw AOB: 4D 8D 5C 24 28 FF 25 ?? ?? ?? ?? 00 00 46 0F 00 00 00 00 90 48 8B 74 24 28 49 39 CA 41 88 6C 24 53 48 8B 6C 24 60 49 0F 4D C3 4D 89 74 24 40 4C 8B 74 24 20 49 89 54 24 18 4D 89 44 24 20 4D 89 13 41 88 7C 24 52 49 89 5C 24 48 48 89 4C 24 70 48 8B 00 49 89 44 24 08 48 8B 44 24 68 C7 00 00 00 00 00 48 83 C4 30 41 5F 41 5D 41 5C 5F 5B C3 CC 03 15 ?? ?? ?? ?? 48 8D A4 24 F8 FF FF FF 48 C7 04 24 FF FF FF FF 48 29 04 24 48 87 04 24 48 8D A4 24 08 00 00 00 // injection point AOB: ?? 8B ?? ?? 89 ?? 24 08 ?? 8B ?? 24 ?? C7 ?? 00 00 00 00 48 83 C4 30 ?? ?? ?? ?? ?? ?? ?? ?? C3 CC 03 ?? ?? ?? ?? ?? ?? 8D ?? ?? ?? ?? ?? ?? ?? C7 ?? ?? FF FF FF FF ?? 29 ?? 24 ?? 87 ?? 24 ?? 8D ?? ?? ?? 00 00 00 alloc(newmem,$1000) alloc(INJECT_FAST_ENEMY_KILL3o, $13) label(code) label(return) label(i_fek_max_hp_threshold3 i_fek_min_hp_threshold3) INJECT_FAST_ENEMY_KILL3o: readmem(INJECT_FAST_ENEMY_KILL3, $13) newmem: code: // mov rax,[rax] reassemble(INJECT_FAST_ENEMY_KILL3) // **************************** //cmp dword ptr [r12+70], 0 //je to_enemy cmp dword ptr [r12+A0], 0 je code_next cmp qword ptr [r12+8], 0 je code_next push r15 mov r15, [i_fek_max_hp_threshold3] cmp dword ptr [r12+18], r15 pop r15 jae short @F cmp dword ptr [r12+A0], 64 je short chk_next cmp dword ptr [r12+10], 64 je short chk_next cmp dword ptr [r12+10], #4000 jge short chk_next cmp dword ptr [r12+10], #-1500 jle short chk_next push r15 mov r15, [i_fek_min_hp_threshold3] cmp dword ptr [r12+18], r15 pop r15 jbe short @F cmp dword ptr [r12+10], #1000 je short chk_next //cmp dword ptr [r12+A0], #100 //jae short chk_next @@: cmp dword ptr [r12+A4], -1 ja short code_next to_enemy: cmp qword ptr [r12+08], #1000 jbe short code_next mov rax, 0 //mov [r12+08],rax jmp short code_next chk_next: // fill data full // natural (0) or player (100) //cmp dword ptr [r12+A0], #100 //jne short code mov rax, [r12+18] code_next: // ***************************** // mov [r12+08],rax reassemble(INJECT_FAST_ENEMY_KILL3+3) // mov rax,[rsp+68] reassemble(INJECT_FAST_ENEMY_KILL3+8) // mov [rax],00000000 reassemble(INJECT_FAST_ENEMY_KILL3+D) jmp far return align 10 cc i_fek_max_hp_threshold3: dq #2000000 i_fek_min_hp_threshold3: dq #299000 INJECT_FAST_ENEMY_KILL3: jmp far newmem nop 5 return: registersymbol(INJECT_FAST_ENEMY_KILL3 INJECT_FAST_ENEMY_KILL3o) registersymbol(i_fek_max_hp_threshold3 i_fek_min_hp_threshold3) [DISABLE] INJECT_FAST_ENEMY_KILL3: readmem(INJECT_FAST_ENEMY_KILL3o, $13) unregistersymbol(INJECT_FAST_ENEMY_KILL3 INJECT_FAST_ENEMY_KILL3o) unregistersymbol(i_fek_max_hp_threshold3 i_fek_min_hp_threshold3) dealloc(newmem) dealloc(INJECT_FAST_ENEMY_KILL3o) { // ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+C4560A4 CrimsonDesert.exe+C456054: 4D 8D 5C 24 28 - lea r11,[r12+28] INJECT_FAST_ENEMY_KILL: FF 25 00 00 00 00 00 00 46 0F 00 00 00 00 - jmp 0F460000 CrimsonDesert.exe+C456067: 90 - nop CrimsonDesert.exe+C456068: 48 8B 74 24 28 - mov rsi,[rsp+28] CrimsonDesert.exe+C45606D: 49 39 CA - cmp r10,rcx CrimsonDesert.exe+C456070: 41 88 6C 24 53 - mov [r12+53],bpl CrimsonDesert.exe+C456075: 48 8B 6C 24 60 - mov rbp,[rsp+60] CrimsonDesert.exe+C45607A: 49 0F 4D C3 - cmovge rax,r11 CrimsonDesert.exe+C45607E: 4D 89 74 24 40 - mov [r12+40],r14 CrimsonDesert.exe+C456083: 4C 8B 74 24 20 - mov r14,[rsp+20] CrimsonDesert.exe+C456088: 49 89 54 24 18 - mov [r12+18],rdx CrimsonDesert.exe+C45608D: 4D 89 44 24 20 - mov [r12+20],r8 CrimsonDesert.exe+C456092: 4D 89 13 - mov [r11],r10 CrimsonDesert.exe+C456095: 41 88 7C 24 52 - mov [r12+52],dil CrimsonDesert.exe+C45609A: 49 89 5C 24 48 - mov [r12+48],rbx CrimsonDesert.exe+C45609F: 48 89 4C 24 70 - mov [rsp+70],rcx // ---------- INJECTING HERE ---------- CrimsonDesert.exe+C4560A4: 48 8B 00 - mov rax,[rax] // ---------- DONE INJECTING ---------- CrimsonDesert.exe+C4560A7: 49 89 44 24 08 - mov [r12+08],rax CrimsonDesert.exe+C4560AC: 48 8B 44 24 68 - mov rax,[rsp+68] CrimsonDesert.exe+C4560B1: C7 00 00 00 00 00 - mov [rax],00000000 CrimsonDesert.exe+C4560B7: 48 83 C4 30 - add rsp,30 CrimsonDesert.exe+C4560BB: 41 5F - pop r15 CrimsonDesert.exe+C4560BD: 41 5D - pop r13 CrimsonDesert.exe+C4560BF: 41 5C - pop r12 CrimsonDesert.exe+C4560C1: 5F - pop rdi CrimsonDesert.exe+C4560C2: 5B - pop rbx CrimsonDesert.exe+C4560C3: C3 - ret CrimsonDesert.exe+C4560C4: CC - int 3 CrimsonDesert.exe+C4560C5: 03 15 5F 4C 30 FA - add edx,[CrimsonDesert.exe+675AD2A] CrimsonDesert.exe+C4560CB: 48 8D A4 24 F8 FF FF FF - lea rsp,[rsp-00000008] CrimsonDesert.exe+C4560D3: 48 C7 04 24 FF FF FF FF - mov qword ptr [rsp],FFFFFFFFFFFFFFFF CrimsonDesert.exe+C4560DB: 48 29 04 24 - sub [rsp],rax CrimsonDesert.exe+C4560DF: 48 87 04 24 - xchg [rsp],rax } 147 "Get resistant attrs" 1 148 "Usage: open item menu->char first" 8000FF 1 149 "Enable data" Auto Assembler Script { Generated by AOBMaker, bbfox@https://opencheattables.com Date : 2026/03/29 } [ENABLE] aobscanmodule(INJECT_SET_MIN_RESIS,$process,?? 8B ?? 18 ?? C1 ?? 05 ?? 8B ?? 01 ?? 89 ??) // raw AOB: 83 3C 88 FF 0F 84 ?? ?? ?? ?? 49 8B 0E 48 83 C1 30 E8 ?? ?? ?? ?? 0F B7 88 DC 03 00 00 66 89 4C 24 20 48 8D 4C 24 20 E8 ?? ?? ?? ?? 48 8D 4C 24 20 66 89 5C 24 20 48 8B F8 E8 ?? ?? ?? ?? 8B 48 14 48 8B 47 48 8B 0C 88 49 8B 46 18 48 C1 E1 05 48 8B 0C 01 48 89 0E EB ?? 65 48 8B 04 25 58 00 00 00 BA F2 01 00 00 48 8B 08 48 8B 05 ?? ?? ?? ?? 80 3C 0A 00 48 0F 45 05 ?? ?? ?? ?? 48 8B 00 48 8B 48 08 48 8B 41 10 66 3B 98 98 00 00 00 75 ?? 49 8B 06 80 B8 6B 02 00 00 00 // injection point AOB: ?? 8B ?? 18 ?? C1 ?? 05 ?? 8B ?? 01 ?? 89 ?? EB ?? 65 ?? 8B ?? 25 58 00 00 00 ?? F2 01 00 00 ?? 8B ?? ?? 8B ?? ?? ?? ?? ?? 80 ?? ?? 00 ?? 0F 45 ?? ?? ?? ?? ?? ?? 8B ?? ?? 8B ?? 08 ?? 8B ?? 10 66 3B ?? 98 00 00 00 75 ?? ?? 8B ?? 80 ?? 6B 02 00 00 00 alloc(newmem,$1000) alloc(INJECT_SET_MIN_RESISo, $F) label(code) label(return) label(i_base_char_attr_addr) INJECT_SET_MIN_RESISo: readmem(INJECT_SET_MIN_RESIS, $F) newmem: code: // mov rax,[r14+18] reassemble(INJECT_SET_MIN_RESIS) // shl rcx,05 reassemble(INJECT_SET_MIN_RESIS+4) // *************************************** //*** begin code injection cmp rcx, 340 je short set_resis cmp rcx, 360 je short set_resis cmp rcx, 3A0 je short set_resis jmp short code_next set_resis: //mov qword ptr [rcx+rax], #750000000 cmp qword ptr [i_base_char_attr_addr], 0 jne short code_next mov [i_base_char_attr_addr], rax code_next: //**************************************** // mov rcx,[rcx+rax] reassemble(INJECT_SET_MIN_RESIS+8) // mov [rsi],rcx reassemble(INJECT_SET_MIN_RESIS+C) jmp far return align 10 cc i_base_char_attr_addr: dq 0 INJECT_SET_MIN_RESIS: jmp far newmem nop 1 return: registersymbol(INJECT_SET_MIN_RESIS INJECT_SET_MIN_RESISo) registersymbol(i_base_char_attr_addr) [DISABLE] INJECT_SET_MIN_RESIS: readmem(INJECT_SET_MIN_RESISo, $F) unregistersymbol(INJECT_SET_MIN_RESIS INJECT_SET_MIN_RESISo) unregistersymbol(i_base_char_attr_addr) dealloc(newmem) dealloc(INJECT_SET_MIN_RESISo) { // ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+12D1DFC CrimsonDesert.exe+12D1DB4: 83 3C 88 FF - cmp dword ptr [rax+rcx*4],-01 CrimsonDesert.exe+12D1DB8: 0F 84 A2 00 00 00 - je CrimsonDesert.exe+12D1E60 CrimsonDesert.exe+12D1DBE: 49 8B 0E - mov rcx,[r14] CrimsonDesert.exe+12D1DC1: 48 83 C1 30 - add rcx,30 CrimsonDesert.exe+12D1DC5: E8 06 49 00 FF - call CrimsonDesert.exe+2D66D0 CrimsonDesert.exe+12D1DCA: 0F B7 88 DC 03 00 00 - movzx ecx,word ptr [rax+000003DC] CrimsonDesert.exe+12D1DD1: 66 89 4C 24 20 - mov [rsp+20],cx CrimsonDesert.exe+12D1DD6: 48 8D 4C 24 20 - lea rcx,[rsp+20] CrimsonDesert.exe+12D1DDB: E8 A0 F3 1C FF - call CrimsonDesert.exe+4A1180 CrimsonDesert.exe+12D1DE0: 48 8D 4C 24 20 - lea rcx,[rsp+20] CrimsonDesert.exe+12D1DE5: 66 89 5C 24 20 - mov [rsp+20],bx CrimsonDesert.exe+12D1DEA: 48 8B F8 - mov rdi,rax CrimsonDesert.exe+12D1DED: E8 1E 1C 13 FF - call CrimsonDesert.exe+403A10 CrimsonDesert.exe+12D1DF2: 8B 48 14 - mov ecx,[rax+14] CrimsonDesert.exe+12D1DF5: 48 8B 47 48 - mov rax,[rdi+48] CrimsonDesert.exe+12D1DF9: 8B 0C 88 - mov ecx,[rax+rcx*4] // ---------- INJECTING HERE ---------- CrimsonDesert.exe+12D1DFC: 49 8B 46 18 - mov rax,[r14+18] // ---------- DONE INJECTING ---------- CrimsonDesert.exe+12D1E00: 48 C1 E1 05 - shl rcx,05 CrimsonDesert.exe+12D1E04: 48 8B 0C 01 - mov rcx,[rcx+rax] CrimsonDesert.exe+12D1E08: 48 89 0E - mov [rsi],rcx CrimsonDesert.exe+12D1E0B: EB 7D - jmp CrimsonDesert.exe+12D1E8A CrimsonDesert.exe+12D1E0D: 65 48 8B 04 25 58 00 00 00 - mov rax,gs:[00000058] CrimsonDesert.exe+12D1E16: BA F2 01 00 00 - mov edx,000001F2 CrimsonDesert.exe+12D1E1B: 48 8B 08 - mov rcx,[rax] CrimsonDesert.exe+12D1E1E: 48 8B 05 DB 54 9F 04 - mov rax,[CrimsonDesert.exe+5CC7300] CrimsonDesert.exe+12D1E25: 80 3C 0A 00 - cmp byte ptr [rdx+rcx],00 CrimsonDesert.exe+12D1E29: 48 0F 45 05 D7 54 9F 04 - cmovne rax,[CrimsonDesert.exe+5CC7308] CrimsonDesert.exe+12D1E31: 48 8B 00 - mov rax,[rax] CrimsonDesert.exe+12D1E34: 48 8B 48 08 - mov rcx,[rax+08] CrimsonDesert.exe+12D1E38: 48 8B 41 10 - mov rax,[rcx+10] CrimsonDesert.exe+12D1E3C: 66 3B 98 98 00 00 00 - cmp bx,[rax+00000098] CrimsonDesert.exe+12D1E43: 75 0C - jne CrimsonDesert.exe+12D1E51 CrimsonDesert.exe+12D1E45: 49 8B 06 - mov rax,[r14] } 150 "#1 (cold)" #3 (lightning) 0 FF8080 8 Bytes

i_base_char_attr_addr

340 151 "#2 (fire)" #3 (lightning) 0 FF8080 8 Bytes

i_base_char_attr_addr

360 152 "#3 (lightning)" 50000000:1 100000000:2 150000000:3 200000000:4 250000000:5 500000000:10 750000000:15 0 FF8080 8 Bytes

i_base_char_attr_addr

3A0 153 "Atk" 0 FF8080 8 Bytes

i_base_char_attr_addr

0 154 "Def" 0 FF8080 8 Bytes

i_base_char_attr_addr

20 155 "???" 0 FF8080 8 Bytes

i_base_char_attr_addr

300 177 "_under testing" 1 181 "Blink spell" 1 174 "1. Get worldOffset" Auto Assembler Script [ENABLE] {$lua} if syntaxcheck then return end if not AOBScanModule then function AOBScanModule(moduleName, signature) local baseAddr = nil local maxAddr = 0 local modList synchronize(function() modList = enumModules() end) for _, mod in ipairs(modList) do if string.lower(mod.Name) == string.lower(moduleName) then baseAddr = mod.Address maxAddr = baseAddr + mod.Size break end end if not baseAddr then return nil end local ms = createMemScan() synchronize(function() ms.firstScan(soExactValue, vtByteArray, nil, signature, nil, baseAddr, maxAddr, '+X-C-W', fsmNotAligned, '1', true, true, false, false) end) ms.waitTillDone() local results = createFoundList(ms) results.initialize() local addr synchronize(function() if results.getCount() > 0 then addr = results[0] end end) results.destroy() ms.destroy() return addr end end local AOBs = { {name='worldOffset', aob='0F ?? ?? ?? ?? ?? ?? 0F 11 ?? 90 00 00 00 E8 ?? ?? ?? ?? F3', pos=3, aoblen=7, symbol='worldOffset_addr'}, } local module_name = process for _, entry in ipairs(AOBs) do local aob_addr_str = AOBScanModule(module_name, entry.aob) if aob_addr_str then local aob_addr_val = tonumber(aob_addr_str, 16) local offset_addr = aob_addr_val + entry.pos local relative_offset = readInteger(offset_addr, true) local final_addr = relative_offset + aob_addr_val + entry.aoblen synchronize(function() unregisterSymbol(entry.symbol) registerSymbol(entry.symbol, final_addr) end) print(string.format('[SymbolScanner] %s registered at: %X', entry.name, final_addr)) synchronize(function() getLuaEngine().Close() end) else print(string.format('[SymbolScanner] WARNING: AOB scan failed for %s', entry.name)) end end {$asm} [DISABLE] {$lua} if syntaxcheck then return end unregisterSymbol('worldOffset_addr') {$asm} 175 "2. Move speed multiplier / crow fly mode alt" Auto Assembler Script [ENABLE] {$lua} if syntaxcheck then return end if not getAddressSafe("worldOffset_addr") then showMessage("Enable SymbolScanner first") return false end {$asm} aobscanmodule(INJECT_ENTCAP, $process, 0F C6 ?? 00 0F 59 ?? ?? 8B ?? 0F 11 ?? B0 01 00 00) // raw AOB: 45 33 F6 44 89 B7 7C 04 00 00 44 88 B7 70 02 00 00 0F 57 C9 48 8D 8D E0 00 00 00 E8 ?? ?? ?? ?? 85 DB 74 ?? 41 0F 14 F6 41 0F 16 F7 66 0F 1F 84 00 00 00 00 00 F3 0F 10 85 E0 00 00 00 F3 0F 58 87 78 02 00 00 F3 0F 11 87 78 02 00 00 FF 87 7C 02 00 00 F3 0F 10 8D E4 00 00 00 0F C6 C9 00 0F 59 CE 48 8B 06 0F 11 88 B0 01 00 00 F3 0F 10 85 E4 00 00 00 F3 0F 59 C7 F3 0F 11 87 58 03 00 00 48 8D 95 E0 00 00 00 48 8B CF E8 ?? ?? ?? ?? 48 83 EB 01 75 ?? 48 8B 16 0F 10 B2 90 00 00 00 0F 58 35 ?? ?? ?? ?? F3 0F 10 BF 1C 02 00 00 48 83 C2 60 48 8D 4C 24 50 // injection point AOB: 0F C6 ?? 00 0F 59 ?? ?? 8B ?? 0F 11 ?? B0 01 00 00 F3 0F 10 ?? ?? 00 00 00 F3 0F 59 ?? F3 0F 11 ?? 58 03 00 00 ?? 8D ?? ?? 00 00 00 ?? 8B ?? E8 ?? ?? ?? ?? ?? 83 ?? 01 75 ?? ?? 8B ?? 0F 10 ?? 90 00 00 00 0F 58 ?? ?? ?? ?? ?? F3 0F 10 ?? 1C 02 00 00 ?? 83 ?? 60 ?? 8D ?? 24 alloc(newmem_entcap, $1000) alloc(INJECTo_ENTCAP, 17) alloc(entityCapturePtr, 8) registersymbol(INJECT_ENTCAP) registersymbol(INJECTo_ENTCAP) registersymbol(entityCapturePtr) label(return_entcap) label(vf_move_speed_multi vf_move_z_mul cur_z_loc vf_vec_down_factor) entityCapturePtr: dq 0 INJECTo_ENTCAP: readmem(INJECT_ENTCAP, 17) newmem_entcap: // shufps xmm1,xmm1,00 reassemble(INJECT_ENTCAP) // mulps xmm1,xmm6 reassemble(INJECT_ENTCAP+4) // move code start // xmm1 = desired velocity {X, Z(height), Y, W} // Apply speed multiplier vmovss xmm15, [vf_move_speed_multi] vshufps xmm15, xmm15, xmm15, 0 // {speed, speed, speed, speed} // Check Z velocity (lane 1 = height) vshufps xmm12, xmm1, xmm1, 1 // xmm12[0] = Z velocity vmovss [cur_z_loc], xmm12 vxorps xmm13, xmm13, xmm13 vcomiss xmm12, xmm13 jae short to_going_up // Going down: replace Z lane multiplier with down_factor // xmm15 = {speed, speed, speed, speed} -> {speed, down_factor, speed, speed} vmovss xmm14, [vf_vec_down_factor] vinsertps xmm15, xmm15, xmm14, 10 // dest lane 1 = down_factor jmp short to_apply to_going_up: // Going up: apply Z extra multiplier to lane 1 // xmm15 = {speed, speed, speed, speed} -> {speed, speed*z_mul, speed, speed} vmovss xmm14, [vf_move_z_mul] vmulss xmm14, xmm14, xmm15 // z_mul * speed vinsertps xmm15, xmm15, xmm14, 10 // dest lane 1 to_apply: vmulps xmm1, xmm1, xmm15 endp: // code end // mov rax,[rsi] reassemble(INJECT_ENTCAP+7) // capture entity: rax = [rsi] = entity ptr push rcx mov rcx, entityCapturePtr mov [rcx], rax pop rcx // movups [rax+000001B0],xmm1 reassemble(INJECT_ENTCAP+A) jmp far return_entcap align 10 cc vf_move_speed_multi: dd (float)1.3333333 dd 0 0 0 vf_move_z_mul: dd (float)2.0 // going up: Z *= speed * this dd 0 0 0 vf_vec_down_factor: dd (float)0.5 // going down: Z *= this (not multiplied by speed) dd 0 0 0 cur_z_loc: dd 0 INJECT_ENTCAP: jmp far newmem_entcap nop nop nop return_entcap: registersymbol(vf_move_speed_multi vf_move_z_mul cur_z_loc vf_vec_down_factor) [DISABLE] INJECT_ENTCAP: readmem(INJECTo_ENTCAP, 17) dealloc(newmem_entcap) dealloc(INJECTo_ENTCAP) dealloc(entityCapturePtr) unregistersymbol(INJECT_ENTCAP) unregistersymbol(INJECTo_ENTCAP) unregistersymbol(entityCapturePtr) unregistersymbol(vf_move_speed_multi vf_move_z_mul cur_z_loc vf_vec_down_factor) { aobscanmodule(INJECT_1297,$process,0F C6 ?? 00 0F 59 ?? ?? 8B ?? 0F 11 ?? B0 01 00 00) // raw AOB: 45 33 F6 44 89 B7 7C 04 00 00 44 88 B7 70 02 00 00 0F 57 C9 48 8D 8D E0 00 00 00 E8 ?? ?? ?? ?? 85 DB 74 ?? 41 0F 14 F6 41 0F 16 F7 66 0F 1F 84 00 00 00 00 00 F3 0F 10 85 E0 00 00 00 F3 0F 58 87 78 02 00 00 F3 0F 11 87 78 02 00 00 FF 87 7C 02 00 00 F3 0F 10 8D E4 00 00 00 0F C6 C9 00 0F 59 CE 48 8B 06 0F 11 88 B0 01 00 00 F3 0F 10 85 E4 00 00 00 F3 0F 59 C7 F3 0F 11 87 58 03 00 00 48 8D 95 E0 00 00 00 48 8B CF E8 ?? ?? ?? ?? 48 83 EB 01 75 ?? 48 8B 16 0F 10 B2 90 00 00 00 0F 58 35 ?? ?? ?? ?? F3 0F 10 BF 1C 02 00 00 48 83 C2 60 48 8D 4C 24 50 // injection point AOB: 0F C6 ?? 00 0F 59 ?? ?? 8B ?? 0F 11 ?? B0 01 00 00 F3 0F 10 ?? ?? 00 00 00 F3 0F 59 ?? F3 0F 11 ?? 58 03 00 00 ?? 8D ?? ?? 00 00 00 ?? 8B ?? E8 ?? ?? ?? ?? ?? 83 ?? 01 75 ?? ?? 8B ?? 0F 10 ?? 90 00 00 00 0F 58 ?? ?? ?? ?? ?? F3 0F 10 ?? 1C 02 00 00 ?? 83 ?? 60 ?? 8D ?? 24 // ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+2791A16 CrimsonDesert.exe+27919BB: 45 33 F6 - xor r14d,r14d CrimsonDesert.exe+27919BE: 44 89 B7 7C 04 00 00 - mov [rdi+0000047C],r14d CrimsonDesert.exe+27919C5: 44 88 B7 70 02 00 00 - mov [rdi+00000270],r14b CrimsonDesert.exe+27919CC: 0F 57 C9 - xorps xmm1,xmm1 CrimsonDesert.exe+27919CF: 48 8D 8D E0 00 00 00 - lea rcx,[rbp+000000E0] CrimsonDesert.exe+27919D6: E8 A5 44 F7 00 - call CrimsonDesert.exe+3705E80 CrimsonDesert.exe+27919DB: 85 DB - test ebx,ebx CrimsonDesert.exe+27919DD: 74 71 - je CrimsonDesert.exe+2791A50 CrimsonDesert.exe+27919DF: 41 0F 14 F6 - unpcklps xmm6,xmm14 CrimsonDesert.exe+27919E3: 41 0F 16 F7 - movlhps xmm6,xmm15 CrimsonDesert.exe+27919E7: 66 0F 1F 84 00 00 00 00 00 - nop word ptr [rax+rax+00000000] CrimsonDesert.exe+27919F0: F3 0F 10 85 E0 00 00 00 - movss xmm0,[rbp+000000E0] CrimsonDesert.exe+27919F8: F3 0F 58 87 78 02 00 00 - addss xmm0,[rdi+00000278] CrimsonDesert.exe+2791A00: F3 0F 11 87 78 02 00 00 - movss [rdi+00000278],xmm0 CrimsonDesert.exe+2791A08: FF 87 7C 02 00 00 - inc [rdi+0000027C] CrimsonDesert.exe+2791A0E: F3 0F 10 8D E4 00 00 00 - movss xmm1,[rbp+000000E4] // ---------- INJECTING HERE ---------- CrimsonDesert.exe+2791A16: 0F C6 C9 00 - shufps xmm1,xmm1,00 // ---------- DONE INJECTING ---------- CrimsonDesert.exe+2791A1A: 0F 59 CE - mulps xmm1,xmm6 CrimsonDesert.exe+2791A1D: 48 8B 06 - mov rax,[rsi] CrimsonDesert.exe+2791A20: 0F 11 88 B0 01 00 00 - movups [rax+000001B0],xmm1 CrimsonDesert.exe+2791A27: F3 0F 10 85 E4 00 00 00 - movss xmm0,[rbp+000000E4] CrimsonDesert.exe+2791A2F: F3 0F 59 C7 - mulss xmm0,xmm7 CrimsonDesert.exe+2791A33: F3 0F 11 87 58 03 00 00 - movss [rdi+00000358],xmm0 CrimsonDesert.exe+2791A3B: 48 8D 95 E0 00 00 00 - lea rdx,[rbp+000000E0] CrimsonDesert.exe+2791A42: 48 8B CF - mov rcx,rdi CrimsonDesert.exe+2791A45: E8 46 83 FF FF - call CrimsonDesert.exe+2789D90 CrimsonDesert.exe+2791A4A: 48 83 EB 01 - sub rbx,01 CrimsonDesert.exe+2791A4E: 75 A0 - jne CrimsonDesert.exe+27919F0 CrimsonDesert.exe+2791A50: 48 8B 16 - mov rdx,[rsi] CrimsonDesert.exe+2791A53: 0F 10 B2 90 00 00 00 - movups xmm6,[rdx+00000090] CrimsonDesert.exe+2791A5A: 0F 58 35 AF 32 58 03 - addps xmm6,[145D14D10] CrimsonDesert.exe+2791A61: F3 0F 10 BF 1C 02 00 00 - movss xmm7,[rdi+0000021C] CrimsonDesert.exe+2791A69: 48 83 C2 60 - add rdx,60 } 136 "multiplier" 0 C08000 Float

vf_move_speed_multi

137 "Extra Z multiplier" 0 C08000 Float

vf_move_z_mul

138 "Falling down factor" 0 C08000 Float

vf_vec_down_factor

139 "Original Z vector" 0 808080 Float

cur_z_loc

176 "3. Map waypoint position capture" Auto Assembler Script [ENABLE] {$lua} if syntaxcheck then return end if not getAddressSafe("entityCapturePtr") then showMessage("Please enable Move speed multiplier") return false end {$asm} aobscanmodule(INJECT_WPCAP, $process, F2 41 0F 11 86 D8 00 00 00 ?? ?? ?? ?? 41 89 86 E0 00 00 00) alloc(newmem_wpcap, $1000) alloc(INJECTo_WPCAP, 20) alloc(wpCapturedCoords, 16) registersymbol(INJECT_WPCAP) registersymbol(INJECTo_WPCAP) registersymbol(wpCapturedCoords) label(return_wpcap) wpCapturedCoords: dd (float)0.0 dd (float)0.0 dd (float)0.0 dd 0 INJECTo_WPCAP: readmem(INJECT_WPCAP, 20) newmem_wpcap: readmem(INJECT_WPCAP, 20) push rcx push rax mov rcx, wpCapturedCoords mov eax, [r14+D8] mov [rcx], eax mov eax, [r14+DC] mov [rcx+4], eax mov eax, [r14+E0] mov [rcx+8], eax pop rax pop rcx jmp far return_wpcap align 10 cc INJECT_WPCAP: jmp far newmem_wpcap nop nop nop nop nop nop return_wpcap: [DISABLE] INJECT_WPCAP: readmem(INJECTo_WPCAP, 20) dealloc(newmem_wpcap) dealloc(INJECTo_WPCAP) dealloc(wpCapturedCoords) unregistersymbol(INJECT_WPCAP) unregistersymbol(INJECTo_WPCAP) unregistersymbol(wpCapturedCoords) { // ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+AB5594 CrimsonDesert.exe+AB5540: 4C 8D 05 BD 5D 1A 05 - lea r8,[CrimsonDesert.exe+5C5B304] CrimsonDesert.exe+AB5547: 49 8B CE - mov rcx,r14 CrimsonDesert.exe+AB554A: E8 C1 19 00 00 - call CrimsonDesert.exe+AB6F10 CrimsonDesert.exe+AB554F: 49 8D 96 10 02 00 00 - lea rdx,[r14+00000210] CrimsonDesert.exe+AB5556: 4C 8D 05 AB 5D 1A 05 - lea r8,[CrimsonDesert.exe+5C5B308] CrimsonDesert.exe+AB555D: 49 8B CE - mov rcx,r14 CrimsonDesert.exe+AB5560: E8 AB 19 00 00 - call CrimsonDesert.exe+AB6F10 CrimsonDesert.exe+AB5565: 49 8B 76 08 - mov rsi,[r14+08] CrimsonDesert.exe+AB5569: 49 8D BE D6 00 00 00 - lea rdi,[r14+000000D6] CrimsonDesert.exe+AB5570: 41 0F B7 07 - movzx eax,word ptr [r15] CrimsonDesert.exe+AB5574: 66 89 07 - mov [rdi],ax CrimsonDesert.exe+AB5577: 41 0F B6 47 10 - movzx eax,byte ptr [r15+10] CrimsonDesert.exe+AB557C: 41 88 86 C8 00 00 00 - mov [r14+000000C8],al CrimsonDesert.exe+AB5583: 49 8B 47 08 - mov rax,[r15+08] CrimsonDesert.exe+AB5587: 49 89 86 C0 00 00 00 - mov [r14+000000C0],rax CrimsonDesert.exe+AB558E: F2 41 0F 10 47 1C - movsd xmm0,[r15+1C] // ---------- INJECTING HERE ---------- CrimsonDesert.exe+AB5594: F2 41 0F 11 86 D8 00 00 00 - movsd [r14+000000D8],xmm0 // ---------- DONE INJECTING ---------- CrimsonDesert.exe+AB559D: 41 8B 47 24 - mov eax,[r15+24] CrimsonDesert.exe+AB55A1: 41 89 86 E0 00 00 00 - mov [r14+000000E0],eax CrimsonDesert.exe+AB55A8: 49 8B 47 28 - mov rax,[r15+28] CrimsonDesert.exe+AB55AC: 49 89 86 08 01 00 00 - mov [r14+00000108],rax CrimsonDesert.exe+AB55B3: 41 0F B6 47 48 - movzx eax,byte ptr [r15+48] CrimsonDesert.exe+AB55B8: 41 88 86 E6 01 00 00 - mov [r14+000001E6],al CrimsonDesert.exe+AB55BF: 41 8B 57 18 - mov edx,[r15+18] CrimsonDesert.exe+AB55C3: 49 8B CE - mov rcx,r14 CrimsonDesert.exe+AB55C6: E8 95 98 04 00 - call CrimsonDesert.exe+AFEE60 CrimsonDesert.exe+AB55CB: 48 8B CF - mov rcx,rdi CrimsonDesert.exe+AB55CE: E8 8D F3 91 FF - call CrimsonDesert.exe+3D4960 CrimsonDesert.exe+AB55D3: 48 8B 48 60 - mov rcx,[rax+60] CrimsonDesert.exe+AB55D7: 48 8B 01 - mov rax,[rcx] CrimsonDesert.exe+AB55DA: 33 D2 - xor edx,edx CrimsonDesert.exe+AB55DC: FF 50 18 - call qword ptr [rax+18] CrimsonDesert.exe+AB55DF: 49 8B 4E 08 - mov rcx,[r14+08] } 178 "#1" 0 808080 Float

wpCapturedCoords

179 "#2" 0 808080 Float

wpCapturedCoords+4

180 "#3" 0 808080 Float

wpCapturedCoords++8

164 "4. Generate scripts" Auto Assembler Script [ENABLE] {$lua} if syntaxcheck then return end if not getAddressSafe("entityCapturePtr") then showMessage("Please enable Move speed multiplier") return false end {$asm} alloc(tpData, 256) label(tpOffsetX) label(tpOffsetY) label(tpOffsetZ) label(tpTrigger) label(tpMode) label(tpWpTrigger) label(tpHeightBoost) registersymbol(tpOffsetX) registersymbol(tpOffsetY) registersymbol(tpOffsetZ) registersymbol(tpTrigger) registersymbol(tpMode) registersymbol(tpWpTrigger) registersymbol(tpHeightBoost) tpData: tpOffsetX: dd (float)0.0 tpOffsetY: dd (float)0.0 tpOffsetZ: dd (float)0.0 tpTrigger: db 0 tpMode: db 0 tpWpTrigger: db 0 db 0 tpHeightBoost: dd (float)300.0 {$lua} if syntaxcheck then return end local tableFile = findTableFile("celua_teleport.lua") if tableFile then local ss = createStringStream() ss.Position = 0 ss.copyFrom(tableFile.Stream, tableFile.Stream.Size) local code = ss.DataString ss.destroy() local fn, err = load(code) if fn then fn() else print("[!] load error: " .. tostring(err)) end end local initTimer = createTimer(nil) initTimer.Interval = 500 initTimer.OnTimer = function(t) t.Enabled = false t.destroy() if celua_setupTeleport then celua_setupTeleport() end end initTimer.Enabled = true {$asm} [DISABLE] {$lua} if syntaxcheck then return end if celua_teardownTeleport then celua_teardownTeleport() end {$asm} dealloc(tpData) unregistersymbol(tpOffsetX) unregistersymbol(tpOffsetY) unregistersymbol(tpOffsetZ) unregistersymbol(tpTrigger) unregistersymbol(tpMode) unregistersymbol(tpWpTrigger) unregistersymbol(tpHeightBoost) 156 "Crimson Desert / https://opencheattables.com / CE 7.6+" 008E00 1 157 "YesNo" 0:No 1:Yes 1 162 "temp" 1

0

158 "temp" 1 159 "Player_Base_alt1" Auto Assembler Script [ENABLE] {$lua} if syntaxcheck then return end if not AOBScanModule then function AOBScanModule(moduleName, signature) local baseAddr = nil local maxAddr = 0 local modList synchronize(function() modList = enumModules() end) for _, mod in ipairs(modList) do if string.lower(mod.Name) == string.lower(moduleName) then baseAddr = mod.Address maxAddr = baseAddr + mod.Size break end end if not baseAddr then return nil end local ms = createMemScan() synchronize(function() ms.firstScan(soExactValue, vtByteArray, nil, signature, nil, baseAddr, maxAddr, '+X-C-W', fsmNotAligned, '1', true, true, false, false) end) ms.waitTillDone() local results = createFoundList(ms) results.initialize() local addr synchronize(function() if results.getCount() > 0 then addr = results[0] end end) results.destroy() ms.destroy() return addr end end local AOBs = { {name='Player_Base_alt1', aob='?? 8D ?? ?? ?? ?? ?? ?? 8D ?? ?? ?? 00 00 E8 ?? ?? ?? ?? 90 C6 ?? ?? 00 0F 57 ?? 33 ?? 0F 11', pos=3, aoblen=7, symbol='Player_Base_alt1_addr'}, } local module_name = process for _, entry in ipairs(AOBs) do local aob_addr_str = AOBScanModule(module_name, entry.aob) if aob_addr_str then local aob_addr_val = tonumber(aob_addr_str, 16) local offset_addr = aob_addr_val + entry.pos local relative_offset = readInteger(offset_addr, true) local final_addr = relative_offset + aob_addr_val + entry.aoblen synchronize(function() unregisterSymbol(entry.symbol) registerSymbol(entry.symbol, final_addr) end) print(string.format('[SymbolScanner] %s registered at: %X', entry.name, final_addr)) else print(string.format('[SymbolScanner] WARNING: AOB scan failed for %s', entry.name)) end end {$asm} [DISABLE] {$lua} if syntaxcheck then return end unregisterSymbol('Player_Base_alt1_addr') {$asm} 160 "Dragon mount timer: no decrease by Markiplier" Auto Assembler Script { Generated by AOBMaker, bbfox@https://opencheattables.com Date : 2026/03/28 } [ENABLE] aobscanmodule(INJECT_DRAGON_CD,$process,?? 89 ?? 60 01 00 00 ?? 8B ?? ?? F2 0F) // raw AOB: 48 8B 41 08 49 89 85 F8 00 00 00 F3 45 0F 11 85 D8 00 00 00 8B 45 84 41 89 85 E0 00 00 00 8B 45 88 41 89 85 E4 00 00 00 8B 45 8C 41 89 85 E8 00 00 00 8B 45 90 41 89 85 EC 00 00 00 41 0F 11 B5 A0 00 00 00 0F 10 45 C8 41 0F 11 85 B0 00 00 00 41 C7 85 5C 01 00 00 FF FF FF FF 48 8B 45 A8 41 89 85 60 01 00 00 48 8B 45 E8 F2 0F 10 00 F2 41 0F 11 85 C0 00 00 00 8B 40 08 41 89 85 C8 00 00 00 8B 45 94 41 89 85 08 01 00 00 48 8B 01 49 89 85 00 01 00 00 48 8B 4D F0 48 8B 41 08 49 89 85 10 01 00 00 48 8B 01 49 89 85 18 01 00 00 8B 45 B4 41 89 85 20 01 00 00 // injection point AOB: ?? 89 ?? 60 01 00 00 ?? 8B ?? ?? F2 0F 10 ?? F2 ?? 0F 11 ?? C0 00 00 00 8B ?? 08 ?? 89 ?? C8 00 00 00 8B ?? ?? ?? 89 ?? 08 01 00 00 ?? 8B ?? ?? 89 ?? 00 01 00 00 ?? 8B ?? ?? ?? 8B ?? 08 ?? 89 ?? 10 01 00 00 ?? 8B ?? ?? 89 ?? 18 01 00 00 8B ?? ?? ?? 89 ?? 20 01 00 00 alloc(newmem,$1000,INJECT_DRAGON_CD) alloc(INJECT_DRAGON_CDo, $7) label(code) label(return) INJECT_DRAGON_CDo: readmem(INJECT_DRAGON_CD, 7) newmem: // **** Shred code, need to investigate //mov eax, [r13+00000160] code: // mov [r13+00000160],eax reassemble(INJECT_DRAGON_CD) jmp return align 10 cc INJECT_DRAGON_CD: jmp newmem nop 2 return: registersymbol(INJECT_DRAGON_CD INJECT_DRAGON_CDo) [DISABLE] INJECT_DRAGON_CD: readmem(INJECT_DRAGON_CDo, 7) unregistersymbol(INJECT_DRAGON_CD INJECT_DRAGON_CDo) dealloc(newmem) dealloc(INJECT_DRAGON_CDo) { // ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+339D8CB CrimsonDesert.exe+339D86C: 48 8B 41 08 - mov rax,[rcx+08] CrimsonDesert.exe+339D870: 49 89 85 F8 00 00 00 - mov [r13+000000F8],rax CrimsonDesert.exe+339D877: F3 45 0F 11 85 D8 00 00 00 - movss [r13+000000D8],xmm8 CrimsonDesert.exe+339D880: 8B 45 84 - mov eax,[rbp-7C] CrimsonDesert.exe+339D883: 41 89 85 E0 00 00 00 - mov [r13+000000E0],eax CrimsonDesert.exe+339D88A: 8B 45 88 - mov eax,[rbp-78] CrimsonDesert.exe+339D88D: 41 89 85 E4 00 00 00 - mov [r13+000000E4],eax CrimsonDesert.exe+339D894: 8B 45 8C - mov eax,[rbp-74] CrimsonDesert.exe+339D897: 41 89 85 E8 00 00 00 - mov [r13+000000E8],eax CrimsonDesert.exe+339D89E: 8B 45 90 - mov eax,[rbp-70] CrimsonDesert.exe+339D8A1: 41 89 85 EC 00 00 00 - mov [r13+000000EC],eax CrimsonDesert.exe+339D8A8: 41 0F 11 B5 A0 00 00 00 - movups [r13+000000A0],xmm6 CrimsonDesert.exe+339D8B0: 0F 10 45 C8 - movups xmm0,[rbp-38] CrimsonDesert.exe+339D8B4: 41 0F 11 85 B0 00 00 00 - movups [r13+000000B0],xmm0 CrimsonDesert.exe+339D8BC: 41 C7 85 5C 01 00 00 FF FF FF FF - mov [r13+0000015C],FFFFFFFF CrimsonDesert.exe+339D8C7: 48 8B 45 A8 - mov rax,[rbp-58] // ---------- INJECTING HERE ---------- CrimsonDesert.exe+339D8CB: 41 89 85 60 01 00 00 - mov [r13+00000160],eax // ---------- DONE INJECTING ---------- CrimsonDesert.exe+339D8D2: 48 8B 45 E8 - mov rax,[rbp-18] CrimsonDesert.exe+339D8D6: F2 0F 10 00 - movsd xmm0,[rax] CrimsonDesert.exe+339D8DA: F2 41 0F 11 85 C0 00 00 00 - movsd [r13+000000C0],xmm0 CrimsonDesert.exe+339D8E3: 8B 40 08 - mov eax,[rax+08] CrimsonDesert.exe+339D8E6: 41 89 85 C8 00 00 00 - mov [r13+000000C8],eax CrimsonDesert.exe+339D8ED: 8B 45 94 - mov eax,[rbp-6C] CrimsonDesert.exe+339D8F0: 41 89 85 08 01 00 00 - mov [r13+00000108],eax CrimsonDesert.exe+339D8F7: 48 8B 01 - mov rax,[rcx] CrimsonDesert.exe+339D8FA: 49 89 85 00 01 00 00 - mov [r13+00000100],rax CrimsonDesert.exe+339D901: 48 8B 4D F0 - mov rcx,[rbp-10] CrimsonDesert.exe+339D905: 48 8B 41 08 - mov rax,[rcx+08] CrimsonDesert.exe+339D909: 49 89 85 10 01 00 00 - mov [r13+00000110],rax CrimsonDesert.exe+339D910: 48 8B 01 - mov rax,[rcx] CrimsonDesert.exe+339D913: 49 89 85 18 01 00 00 - mov [r13+00000118],rax CrimsonDesert.exe+339D91A: 8B 45 B4 - mov eax,[rbp-4C] CrimsonDesert.exe+339D91D: 41 89 85 20 01 00 00 - mov [r13+00000120],eax } 161 "INJECT_GET_BAG_BONUS_SLOTS_2_AOB" Auto Assembler Script { Game : CrimsonDesert.exe Version: Date : 2026-03-22 Author : Andyc Description : <Optional info> } [ENABLE] aobscanmodule(INJECT_GET_BAG_BONUS_SLOTS_2_AOB,CrimsonDesert.exe,0F B7 46 16 66 89 45 9A) // should be unique alloc(newmem,$1000,INJECT_GET_BAG_BONUS_SLOTS_2_AOB) label(code) label(return) newmem: code: movzx eax,word ptr [rsi+16] mov [rbp-66],ax jmp return INJECT_GET_BAG_BONUS_SLOTS_2_AOB: jmp newmem nop 3 return: registersymbol(INJECT_GET_BAG_BONUS_SLOTS_2_AOB) [DISABLE] INJECT_GET_BAG_BONUS_SLOTS_2_AOB: db 0F B7 46 16 66 89 45 9A unregistersymbol(INJECT_GET_BAG_BONUS_SLOTS_2_AOB) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: CrimsonDesert.exe+1A9F798 CrimsonDesert.exe+1A9F76A: 48 8D 15 57 BE EA 02 - lea rdx,[CrimsonDesert.exe+494B5C8] CrimsonDesert.exe+1A9F771: 48 8D 4D B8 - lea rcx,[rbp-48] CrimsonDesert.exe+1A9F775: E8 D6 8E 41 FF - call CrimsonDesert.exe+EB8650 CrimsonDesert.exe+1A9F77A: 44 89 65 BC - mov [rbp-44],r12d CrimsonDesert.exe+1A9F77E: 0F B7 46 10 - movzx eax,word ptr [rsi+10] CrimsonDesert.exe+1A9F782: 66 89 44 24 30 - mov [rsp+30],ax CrimsonDesert.exe+1A9F787: 48 8D 4C 24 30 - lea rcx,[rsp+30] CrimsonDesert.exe+1A9F78C: E8 BF 89 A1 FE - call CrimsonDesert.exe+4B8150 CrimsonDesert.exe+1A9F791: 0F B7 08 - movzx ecx,word ptr [rax] CrimsonDesert.exe+1A9F794: 66 89 4D 98 - mov [rbp-68],cx // ---------- INJECTING HERE ---------- CrimsonDesert.exe+1A9F798: 0F B7 46 16 - movzx eax,word ptr [rsi+16] // ---------- DONE INJECTING ---------- CrimsonDesert.exe+1A9F79C: 66 89 45 9A - mov [rbp-66],ax CrimsonDesert.exe+1A9F7A0: 0F B7 FB - movzx edi,bx CrimsonDesert.exe+1A9F7A3: 0F B7 46 0C - movzx eax,word ptr [rsi+0C] CrimsonDesert.exe+1A9F7A7: 66 3B D8 - cmp bx,ax CrimsonDesert.exe+1A9F7AA: 0F 8D 4D 01 00 00 - jnl CrimsonDesert.exe+1A9F8FD CrimsonDesert.exe+1A9F7B0: 4C 8D 2D 81 AF C9 02 - lea r13,[CrimsonDesert.exe+473A738] CrimsonDesert.exe+1A9F7B7: 4C 8D 3D EA 99 E1 02 - lea r15,[CrimsonDesert.exe+48B91A8] CrimsonDesert.exe+1A9F7BE: 4C 8D 25 43 97 E1 02 - lea r12,[CrimsonDesert.exe+48B8F08] CrimsonDesert.exe+1A9F7C5: 4C 8D 35 34 01 F5 02 - lea r14,[CrimsonDesert.exe+49EF900] CrimsonDesert.exe+1A9F7CC: 66 3B C3 - cmp ax,bx } For HP #1 `pa::ClientActorManager` -> 0x20 `Pointer to instance of pa::ClientChildOnlyInGameActor` -> 0x68 -> 0xB8 `Pointer to instance of pa::ClientInventoryActorComponent` -> 0x18 -> 0x8 -> 0x16, word = Bag Bonus Also see: 0x14, word = Bag total 0x12, word = Bag used `pa::ClientActorManager` -> 0x20 `Pointer to instance of pa::ClientChildOnlyInGameActor` -> 0x78 -> 0x20 `Pointer to instance of pa::ClientStatusActorComponent` -> 0x18 -> 0x58 -> 8 (HP #1) For HP #2 [Player_Base2_Addr] -> 0x18 `Pointer to instance of pa::NwVirtualAsyncSession` -> 0xA0 `Pointer to instance of pa::ServerUserActor` -> 0xD0 `Pointer to instance of pa::ServerChildOnlyInGameActor` -> 0x68 -> 0x20 `Pointer to instance of pa::ServerStatusActorComponent` -> 0x18 -> 0x58 -> 8 (HP #2) `pa::ClientActorManager` = Player_Base_addr // CrimsonDesert.exe+6B52E2 - 8F - db 8f CrimsonDesert.exe+6B52E3 - 64 05 E8024760 - add eax,604702E8 CrimsonDesert.exe+6B52E9 - 03 EB - add ebp,ebx CrimsonDesert.exe+6B52EB - 03 45 33 - add eax,[rbp+33] CrimsonDesert.exe+6B52EE - ED - in eax,dx // ---------- INJECTING HERE ---------- CrimsonDesert.exe+6B52EF - 48 89 35 3A8F6405 - mov [Player_Base_addr],rsi // ---------- DONE INJECTING ---------- CrimsonDesert.exe+6B52F6 - 48 8D 86 00010000 - lea rax,[rsi+00000100] CrimsonDesert.exe+6B52FD - 48 89 05 348F6405 - mov [CrimsonDesert.exe+5CFE238],rax CrimsonDesert.exe+6B5304 - 48 8D 86 A0010000 - lea rax,[rsi+000001A0] CrimsonDesert.exe+6B530B - 48 89 05 2E8F6405 - mov [CrimsonDesert.exe+5CFE240],rax CrimsonDesert.exe+6B5312 - 44 0FB6 A5 C8020000 - movzx r12d,byte ptr [rbp+000002C8] CrimsonDesert.exe+6B531A - 44 88 25 278F6405 - mov [CrimsonDesert.exe+5CFE248],r12b CrimsonDesert.exe+6B5321 - 8B 3D A1564F05 - mov edi,[CrimsonDesert.exe+5BAA9C8] CrimsonDesert.exe+6B5327 - 39 3D 2B8F6405 - cmp [CrimsonDesert.exe+5CFE258],edi CrimsonDesert.exe+6B532D - 74 0E - je CrimsonDesert.exe+6B533D CrimsonDesert.exe+6B532F - 8B D7 - mov edx,edi CrimsonDesert.exe+6B5331 - 48 8D 0D 188F6405 - lea rcx,[CrimsonDesert.exe+5CFE250] CrimsonDesert.exe+6B5338 - E8 D3800000 - call CrimsonDesert.exe+6BD410 CrimsonDesert.exe+6B533D - 39 3D 258F6405 - cmp [CrimsonDesert.exe+5CFE268],edi CrimsonDesert.exe+6B5343 - 74 0E - je CrimsonDesert.exe+6B5353 CrimsonDesert.exe+6B5345 - 8B D7 - mov edx,edi CrimsonDesert.exe+6B5347 - 48 8D 0D 128F6405 - lea rcx,[CrimsonDesert.exe+5CFE260] CrimsonDesert.exe+6B534E - E8 BD800000 - call CrimsonDesert.exe+6BD410 CrimsonDesert.exe+6B5353 - 39 3D 1F8F6405 - cmp [CrimsonDesert.exe+5CFE278],edi CrimsonDesert.exe+6B5359 - 74 0E - je CrimsonDesert.exe+6B5369 CrimsonDesert.exe+6B535B - 8B D7 - mov edx,edi CrimsonDesert.exe+6B535D - 48 8D 0D 0C8F6405 - lea rcx,[CrimsonDesert.exe+5CFE270] CrimsonDesert.exe+6B5364 - E8 A7800000 - call CrimsonDesert.exe+6BD410 CrimsonDesert.exe+6B5369 - 39 3D 198F6405 - cmp [CrimsonDesert.exe+5CFE288],edi CrimsonDesert.exe+6B536F - 74 0E - je CrimsonDesert.exe+6B537F CrimsonDesert.exe+6B5371 - 8B D7 - mov edx,edi CrimsonDesert.exe+6B5373 - 48 8D 0D 068F6405 - lea rcx,[CrimsonDesert.exe+5CFE280] CrimsonDesert.exe+6B537A - E8 B1890000 - call CrimsonDesert.exe+6BDD30 CrimsonDesert.exe+6B537F - 39 3D 138F6405 - cmp [CrimsonDesert.exe+5CFE298],edi CrimsonDesert.exe+6B5385 - 74 0E - je CrimsonDesert.exe+6B5395 CrimsonDesert.exe+6B5387 - 8B D7 - mov edx,edi CrimsonDesert.exe+6B5389 - 48 8D 0D 008F6405 - lea rcx,[CrimsonDesert.exe+5CFE290] CrimsonDesert.exe+6B5390 - E8 7B800000 - call CrimsonDesert.exe+6BD410 CrimsonDesert.exe+6B5395 - 39 3D 0D8F6405 - cmp [CrimsonDesert.exe+5CFE2A8],edi CrimsonDesert.exe+6B539B - 74 0E - je CrimsonDesert.exe+6B53AB CrimsonDesert.exe+6B539D - 8B D7 - mov edx,edi CrimsonDesert.exe+6B539F - 48 8D 0D FA8E6405 - lea rcx,[CrimsonDesert.exe+5CFE2A0] CrimsonDesert.exe+6B53A6 - E8 65800000 - call CrimsonDesert.exe+6BD410 CrimsonDesert.exe+6B53AB - 39 3D 078F6405 - cmp [CrimsonDesert.exe+5CFE2B8],edi CrimsonDesert.exe+6B53B1 - 74 0E - je CrimsonDesert.exe+6B53C1 CrimsonDesert.exe+6B53B3 - 8B D7 - mov edx,edi CrimsonDesert.exe+6B53B5 - 48 8D 0D F48E6405 - lea rcx,[CrimsonDesert.exe+5CFE2B0] CrimsonDesert.exe+6B53BC - E8 4F800000 - call CrimsonDesert.exe+6BD410 CrimsonDesert.exe+6B53C1 - 39 3D 018F6405 - cmp [CrimsonDesert.exe+5CFE2C8],edi CrimsonDesert.exe+6B53C7 - 74 0E - je CrimsonDesert.exe+6B53D7 CrimsonDesert.exe+6B53C9 - 8B D7 - mov edx,edi CrimsonDesert.exe+6B53CB - 48 8D 0D EE8E6405 - lea rcx,[CrimsonDesert.exe+5CFE2C0] CrimsonDesert.exe+6B53D2 - E8 39800000 - call CrimsonDesert.exe+6BD410 CrimsonDesert.exe+6B53D7 - 85 FF - test edi,edi CrimsonDesert.exe+6B53D9 - 74 77 - je CrimsonDesert.exe+6B5452 CrimsonDesert.exe+6B53DB - 49 8B DD - mov rbx,r13 CrimsonDesert.exe+6B53DE - 4D 8B F5 - mov r14,r13 CrimsonDesert.exe+6B53E1 - 48 8B 05 688E6405 - mov rax,[CrimsonDesert.exe+5CFE250] CrimsonDesert.exe+6B53E8 - 44 89 6C 18 08 - mov [rax+rbx+08],r13d CrimsonDesert.exe+6B53ED - 48 8B 05 6C8E6405 - mov rax,[CrimsonDesert.exe+5CFE260] CrimsonDesert.exe+6B53F4 - 44 89 6C 18 08 - mov [rax+rbx+08],r13d CrimsonDesert.exe+6B53F9 - 48 8B 05 708E6405 - mov rax,[CrimsonDesert.exe+5CFE270] CrimsonDesert.exe+6B5400 - 44 89 6C 18 08 - mov [rax+rbx+08],r13d CrimsonDesert.exe+6B5405 - 48 8B 0D 748E6405 - mov rcx,[CrimsonDesert.exe+5CFE280] CrimsonDesert.exe+6B540C - 49 03 CE - add rcx,r14 CrimsonDesert.exe+6B540F - E8 0C29C6FF - call CrimsonDesert.exe+317D20 CrimsonDesert.exe+6B5414 - 48 8B 05 758E6405 - mov rax,[CrimsonDesert.exe+5CFE290] CrimsonDesert.exe+6B541B - 44 89 6C 18 08 - mov [rax+rbx+08],r13d CrimsonDesert.exe+6B5420 - 48 8B 05 798E6405 - mov rax,[CrimsonDesert.exe+5CFE2A0] CrimsonDesert.exe+6B5427 - 44 89 6C 18 08 - mov [rax+rbx+08],r13d CrimsonDesert.exe+6B542C - 48 8B 05 7D8E6405 - mov rax,[CrimsonDesert.exe+5CFE2B0] CrimsonDesert.exe+6B5433 - 44 89 6C 18 08 - mov [rax+rbx+08],r13d CrimsonDesert.exe+6B5438 - 48 8B 05 818E6405 - mov rax,[CrimsonDesert.exe+5CFE2C0] CrimsonDesert.exe+6B543F - 44 89 6C 18 08 - mov [rax+rbx+08],r13d CrimsonDesert.exe+6B5444 - 49 83 C6 10 - add r14,10 CrimsonDesert.exe+6B5448 - 48 8D 5B 10 - lea rbx,[rbx+10] CrimsonDesert.exe+6B544C - 48 83 EF 01 - sub rdi,01 CrimsonDesert.exe+6B5450 - 75 8F - jne CrimsonDesert.exe+6B53E1 CrimsonDesert.exe+6B5452 - 48 8D 15 D78D6405 - lea rdx,[Player_Base_addr] CrimsonDesert.exe+6B5459 - 48 8D 8D 40010000 - lea rcx,[rbp+00000140] CrimsonDesert.exe+6B5460 - E8 7B8A0000 - call CrimsonDesert.exe+6BDEE0 CrimsonDesert.exe+6B5465 - 90 - nop CrimsonDesert.exe+6B5466 - C6 45 C0 00 - mov byte ptr [rbp-40],00 CrimsonDesert.exe+6B546A - 0F57 C0 - xorps xmm0,xmm0 CrimsonDesert.exe+6B546D - 33 C0 - xor eax,eax `Player_Base2_addr`: CrimsonDesert.exe+233B38F - C7 03 00 00 00 00 - mov [rbx],00000000 CrimsonDesert.exe+233B395 - 48 8B 5C 24 30 - mov rbx,[rsp+30] CrimsonDesert.exe+233B39A - 48 83 C4 20 - add rsp,20 CrimsonDesert.exe+233B39E - 5F - pop rdi CrimsonDesert.exe+233B39F - C3 - ret CrimsonDesert.exe+233B3A0 - 40 53 - push rbx CrimsonDesert.exe+233B3A2 - 55 - push rbp CrimsonDesert.exe+233B3A3 - 56 - push rsi CrimsonDesert.exe+233B3A4 - 48 83 EC 20 - sub rsp,20 CrimsonDesert.exe+233B3A8 - 49 8B 30 - mov rsi,[r8] CrimsonDesert.exe+233B3AB - 48 8B DA - mov rbx,rdx CrimsonDesert.exe+233B3AE - 49 8B 68 18 - mov rbp,[r8+18] CrimsonDesert.exe+233B3B2 - 48 85 F6 - test rsi,rsi CrimsonDesert.exe+233B3B5 - 0F 84 E6 00 00 00 - je CrimsonDesert.exe+233B4A1 CrimsonDesert.exe+233B3BB - 48 89 7C 24 40 - mov [rsp+40],rdi CrimsonDesert.exe+233B3C0 - 48 8D 4C 24 50 - lea rcx,[rsp+50] // INJECTING HERE CrimsonDesert.exe+233B3C5 - 48 8B 3D 64 15 95 03 - mov rdi,[145C8C930] // DONE INJECTING CrimsonDesert.exe+233B3CC - 4C 89 74 24 48 - mov [rsp+48],r14 CrimsonDesert.exe+233B3D1 - 44 0F B6 75 03 - movzx r14d,byte ptr [rbp+03] CrimsonDesert.exe+233B3D6 - E8 05 0A F7 FD - call CrimsonDesert.AK::MemoryMgr::StartProfileThreadUsage+20 CrimsonDesert.exe+233B3DB - 48 8B 8F F8 00 00 00 - mov rcx,[rdi+000000F8] CrimsonDesert.exe+233B3E2 - 44 8B 87 00 01 00 00 - mov r8d,[rdi+00000100] CrimsonDesert.exe+233B3E9 - 49 C1 E0 04 - shl r8,04 CrimsonDesert.exe+233B3ED - 4C 03 C1 - add r8,rcx CrimsonDesert.exe+233B3F0 - 49 3B C8 - cmp rcx,r8 CrimsonDesert.exe+233B3F3 - 74 23 - je CrimsonDesert.exe+233B418 CrimsonDesert.exe+233B3F5 - 8B 44 24 50 - mov eax,[rsp+50] CrimsonDesert.exe+233B3F9 - 0F 1F 80 00 00 00 00 - nop dword ptr [rax+00000000] CrimsonDesert.exe+233B400 - 48 8B 51 08 - mov rdx,[rcx+08] CrimsonDesert.exe+233B404 - C6 02 01 - mov byte ptr [rdx],01 CrimsonDesert.exe+233B407 - 39 01 - cmp [rcx],eax CrimsonDesert.exe+233B409 - 75 04 - jne CrimsonDesert.exe+233B40F CrimsonDesert.exe+233B40B - C6 42 01 01 - mov byte ptr [rdx+01],01