predprey.inactive Guest
|
Posted: Sun Oct 11, 2015 5:48 pm Post subject: FINAL FANTASY TYPE-0™ HD +8 (Update5) |
|
|
Unlock All Spells (Temporary)
Code: | [ENABLE]
aobscanmodule(spellsAOB,fftype0hd.exe,90 D3 E8 83 E0 01 C3 33 C0) // should be unique
alloc(newmem,$1000,"fftype0hd.exe"+2556EB)
label(code)
label(return)
newmem:
code:
or eax,01
ret
xor eax,eax
jmp return
spellsAOB+03:
jmp code
nop
return:
registersymbol(spellsAOB)
[DISABLE]
spellsAOB+03:
db 83 E0 01 C3 33 C0
unregistersymbol(spellsAOB)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "fftype0hd.exe"+2556EB
"fftype0hd.exe"+2556CE: 8B C1 - mov eax,ecx
"fftype0hd.exe"+2556D0: 83 E1 1F - and ecx,1F
"fftype0hd.exe"+2556D3: 99 - cdq
"fftype0hd.exe"+2556D4: 83 E2 1F - and edx,1F
"fftype0hd.exe"+2556D7: 03 C2 - add eax,edx
"fftype0hd.exe"+2556D9: C1 F8 05 - sar eax,05
"fftype0hd.exe"+2556DC: 48 63 D0 - movsxd rdx,eax
"fftype0hd.exe"+2556DF: 48 8D 05 C6 06 47 00 - lea rax,[fftype0hd.exe+6C5DAC]
"fftype0hd.exe"+2556E6: 8B 04 90 - mov eax,[rax+rdx*4]
"fftype0hd.exe"+2556E9: D3 E8 - shr eax,cl
// ---------- INJECTING HERE ----------
"fftype0hd.exe"+2556EB: 83 E0 01 - and eax,01
"fftype0hd.exe"+2556EE: C3 - ret
"fftype0hd.exe"+2556EF: 33 C0 - xor eax,eax
// ---------- DONE INJECTING ----------
"fftype0hd.exe"+2556F1: C3 - ret
"fftype0hd.exe"+2556F2: CC - int 3
"fftype0hd.exe"+2556F3: CC - int 3
"fftype0hd.exe"+2556F4: CC - int 3
"fftype0hd.exe"+2556F5: CC - int 3
"fftype0hd.exe"+2556F6: CC - int 3
"fftype0hd.exe"+2556F7: CC - int 3
"fftype0hd.exe"+2556F8: CC - int 3
"fftype0hd.exe"+2556F9: CC - int 3
"fftype0hd.exe"+2556FA: CC - int 3
} |
Unlock All Spells (Permanent)
Code: | [ENABLE]
aobscanmodule(spellsAOB,fftype0hd.exe,90 D3 E8 83 E0 01 C3 33 C0) // should be unique
alloc(newmem,$1000,"fftype0hd.exe"+2556EB)
label(code)
label(exit)
label(return)
newmem:
code:
and eax,01
cmp eax,01
je exit
or eax,01
shl eax,cl
push rbx
lea rbx,[fftype0hd.exe+6C5DAC]
or [rbx+rdx*4],eax
pop rbx
shr eax,cl
exit:
ret
xor eax,eax
jmp return
spellsAOB+03:
jmp code
nop
return:
registersymbol(spellsAOB)
[DISABLE]
spellsAOB+03:
db 83 E0 01 C3 33 C0
unregistersymbol(spellsAOB)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "fftype0hd.exe"+2556EB
"fftype0hd.exe"+2556CE: 8B C1 - mov eax,ecx
"fftype0hd.exe"+2556D0: 83 E1 1F - and ecx,1F
"fftype0hd.exe"+2556D3: 99 - cdq
"fftype0hd.exe"+2556D4: 83 E2 1F - and edx,1F
"fftype0hd.exe"+2556D7: 03 C2 - add eax,edx
"fftype0hd.exe"+2556D9: C1 F8 05 - sar eax,05
"fftype0hd.exe"+2556DC: 48 63 D0 - movsxd rdx,eax
"fftype0hd.exe"+2556DF: 48 8D 05 C6 06 47 00 - lea rax,[fftype0hd.exe+6C5DAC]
"fftype0hd.exe"+2556E6: 8B 04 90 - mov eax,[rax+rdx*4]
"fftype0hd.exe"+2556E9: D3 E8 - shr eax,cl
// ---------- INJECTING HERE ----------
"fftype0hd.exe"+2556EB: 83 E0 01 - and eax,01
"fftype0hd.exe"+2556EE: C3 - ret
"fftype0hd.exe"+2556EF: 33 C0 - xor eax,eax
// ---------- DONE INJECTING ----------
"fftype0hd.exe"+2556F1: C3 - ret
"fftype0hd.exe"+2556F2: CC - int 3
"fftype0hd.exe"+2556F3: CC - int 3
"fftype0hd.exe"+2556F4: CC - int 3
"fftype0hd.exe"+2556F5: CC - int 3
"fftype0hd.exe"+2556F6: CC - int 3
"fftype0hd.exe"+2556F7: CC - int 3
"fftype0hd.exe"+2556F8: CC - int 3
"fftype0hd.exe"+2556F9: CC - int 3
"fftype0hd.exe"+2556FA: CC - int 3
} |
Inf Weapons
Code: | [ENABLE]
aobscanmodule(WeaponsAOB,fftype0hd.exe,03 FD 3B 3D 12 84 62 00) // should be unique
alloc(WeaponsAOB_newmem,1024,"fftype0hd.exe"+30E3E)
label(WeaponsAOB_code)
label(WeaponsAOB_return)
label(WeaponsAOB_backup)
WeaponsAOB_newmem:
add edi,ebp
cmp edi,63
jge WeaponsAOB_code
mov edi,63
WeaponsAOB_code:
//cmp edi,[fftype0hd.exe+659258]
cmp edi,0
jmp WeaponsAOB_return
WeaponsAOB_backup:
readmem(WeaponsAOB,8)
WeaponsAOB:
jmp WeaponsAOB_newmem
nop
nop
nop
WeaponsAOB_return:
registersymbol(WeaponsAOB)
registersymbol(WeaponsAOB_backup)
[DISABLE]
WeaponsAOB:
//db 03 FD 3B 3D 12 84 62 00
readmem(WeaponsAOB_backup,8)
unregistersymbol(WeaponsAOB_backup)
unregistersymbol(WeaponsAOB)
dealloc(WeaponsAOB_newmem)
{
// ORIGINAL CODE - INJECTION POINT: "fftype0hd.exe"+30E3E
"fftype0hd.exe"+30E20: 48 83 C2 04 - add rdx,04
"fftype0hd.exe"+30E24: 41 3B C9 - cmp ecx,r9d
"fftype0hd.exe"+30E27: 7C EC - jnge fftype0hd.exe+30E15
"fftype0hd.exe"+30E29: EB 03 - jmp fftype0hd.exe+30E2E
"fftype0hd.exe"+30E2B: 4C 8B D2 - mov r10,rdx
"fftype0hd.exe"+30E2E: 4D 85 D2 - test r10,r10
"fftype0hd.exe"+30E31: 74 4B - je fftype0hd.exe+30E7E
"fftype0hd.exe"+30E33: 41 0F B7 7A 02 - movzx edi,word ptr [r10+02]
"fftype0hd.exe"+30E38: 66 41 89 32 - mov [r10],si
"fftype0hd.exe"+30E3C: 8B CF - mov ecx,edi
// ---------- INJECTING HERE ----------
"fftype0hd.exe"+30E3E: 03 FD - add edi,ebp
"fftype0hd.exe"+30E40: 3B 3D 12 84 62 00 - cmp edi,[fftype0hd.exe+659258]
// ---------- DONE INJECTING ----------
"fftype0hd.exe"+30E46: 7F 0A - jg fftype0hd.exe+30E52
"fftype0hd.exe"+30E48: 66 41 89 1A - mov [r10],bx
"fftype0hd.exe"+30E4C: 8B 3D 06 84 62 00 - mov edi,[fftype0hd.exe+659258]
"fftype0hd.exe"+30E52: 3B 3D 04 84 62 00 - cmp edi,[fftype0hd.exe+65925C]
"fftype0hd.exe"+30E58: 0F 4F 3D FD 83 62 00 - cmovg edi,[fftype0hd.exe+65925C]
"fftype0hd.exe"+30E5F: 66 41 89 7A 02 - mov [r10+02],di
"fftype0hd.exe"+30E64: C6 05 E5 83 62 00 01 - mov byte ptr [fftype0hd.exe+659250],01
"fftype0hd.exe"+30E6B: 45 84 F6 - test r14l,r14l
"fftype0hd.exe"+30E6E: 75 0E - jne fftype0hd.exe+30E7E
"fftype0hd.exe"+30E70: 3B F9 - cmp edi,ecx
} |
Inf Accessories
Code: | [ENABLE]
aobscanmodule(AccessoriesAOB,fftype0hd.exe,03 FD 3B 3D 02 92 62 00) // should be unique
alloc(AccessoriesAOB_newmem,1024,"fftype0hd.exe"+300FE)
label(AccessoriesAOB_code)
label(AccessoriesAOB_return)
label(AccessoriesAOB_backup)
AccessoriesAOB_newmem:
add edi,ebp
cmp edi,63
jge AccessoriesAOB_code
mov edi,63
AccessoriesAOB_code:
//cmp edi,[fftype0hd.exe+667608]
cmp edi,0
jmp AccessoriesAOB_return
AccessoriesAOB_backup:
readmem(AccessoriesAOB,8)
AccessoriesAOB:
jmp AccessoriesAOB_newmem
nop
nop
nop
AccessoriesAOB_return:
registersymbol(AccessoriesAOB)
registersymbol(AccessoriesAOB_backup)
[DISABLE]
AccessoriesAOB:
//db 03 FD 3B 3D 02 92 62 00
readmem(AccessoriesAOB_backup,8)
unregistersymbol(AccessoriesAOB_backup)
unregistersymbol(AccessoriesAOB)
dealloc(AccessoriesAOB_newmem)
{
// ORIGINAL CODE - INJECTION POINT: "fftype0hd.exe"+300FE
"fftype0hd.exe"+300E0: 48 83 C2 04 - add rdx,04
"fftype0hd.exe"+300E4: 41 3B C9 - cmp ecx,r9d
"fftype0hd.exe"+300E7: 7C EC - jnge fftype0hd.exe+300D5
"fftype0hd.exe"+300E9: EB 03 - jmp fftype0hd.exe+300EE
"fftype0hd.exe"+300EB: 4C 8B D2 - mov r10,rdx
"fftype0hd.exe"+300EE: 4D 85 D2 - test r10,r10
"fftype0hd.exe"+300F1: 74 4B - je fftype0hd.exe+3013E
"fftype0hd.exe"+300F3: 41 0F B7 7A 02 - movzx edi,word ptr [r10+02]
"fftype0hd.exe"+300F8: 66 41 89 32 - mov [r10],si
"fftype0hd.exe"+300FC: 8B CF - mov ecx,edi
// ---------- INJECTING HERE ----------
"fftype0hd.exe"+300FE: 03 FD - add edi,ebp
"fftype0hd.exe"+30100: 3B 3D 02 92 62 00 - cmp edi,[fftype0hd.exe+667608]
// ---------- DONE INJECTING ----------
"fftype0hd.exe"+30106: 7F 0A - jg fftype0hd.exe+30112
"fftype0hd.exe"+30108: 66 41 89 1A - mov [r10],bx
"fftype0hd.exe"+3010C: 8B 3D F6 91 62 00 - mov edi,[fftype0hd.exe+667608]
"fftype0hd.exe"+30112: 3B 3D F4 91 62 00 - cmp edi,[fftype0hd.exe+66760C]
"fftype0hd.exe"+30118: 0F 4F 3D ED 91 62 00 - cmovg edi,[fftype0hd.exe+66760C]
"fftype0hd.exe"+3011F: 66 41 89 7A 02 - mov [r10+02],di
"fftype0hd.exe"+30124: C6 05 D5 91 62 00 01 - mov byte ptr [fftype0hd.exe+667600],01
"fftype0hd.exe"+3012B: 45 84 F6 - test r14l,r14l
"fftype0hd.exe"+3012E: 75 0E - jne fftype0hd.exe+3013E
"fftype0hd.exe"+30130: 3B F9 - cmp edi,ecx
} |
SP Title (Byte) - fftype0hd.exe+6C5CEC
Total Play Time (4 Bytes) - fftype0hd.exe+6BFF48
SP Class Stats (4 Bytes each in order below) - fftype0hd.exe+6D2528
Mission Count
Number of Cure Casted
Number of Casualties
Number of Enemies Defeated
Number of S Rank
Number of S/A/B Rank
Number of Killsight
Number of Triad Maneuvers/Summons/VBT
Number of S.O. Completed
Number of S.O Accepted
|
|