<?xml version="1.0" encoding="utf-8"?><CheatTable> <CheatEntries> <Che

1. <?xml version="1.0" encoding="utf-8"?>
2. <CheatTable>
3. <CheatEntries>
4. <CheatEntry>
5. <ID>45</ID>
6. <Description>"SelectAnyChar"</Description>
7. <LastState/>
8. <VariableType>Auto Assembler Script</VariableType>
9. <AssemblerScript>{ Game : Expendabros.exe
10. Version:
11. Date : 2020-02-29
12. Author : omega
13.  
14. This script does blah blah blah
15. }
16.  
17. [ENABLE]
18. //code from here to '[DISABLE]' will be used to enable the cheat
19.  
20.  
21.  
22. aobscanmodule(SelectAnyChar,Expendabros.exe,84 C0 75 2D 48 8B 0D 75 9B A1 00) // should be unique
23. alloc(newmem,$1000,SelectAnyChar)
24.  
25. label(code)
26. label(return)
27.  
28. newmem:
29. mov al,0
30. jmp code
31.  
32. code:
33. test al,al
34. jne Expendabros.exe+4F83F1
35. mov rcx,[Expendabros.exe+F11F40]
36. jmp return
37.  
38. SelectAnyChar:
39. jmp newmem
40. nop 6
41. return:
42. registersymbol(SelectAnyChar)
43.  
44. [DISABLE]
45. //code from here till the end of the code will be used to disable the cheat
46. SelectAnyChar:
47. db 84 C0 75 2D 48 8B 0D 75 9B A1 00
48.  
49. unregistersymbol(SelectAnyChar)
50. dealloc(newmem)
51.  
52. {
53. // ORIGINAL CODE - INJECTION POINT: "Expendabros.exe"+4F83C0
54.  
55. "Expendabros.exe"+4F8399: 48 83 C0 04 - add rax,04
56. "Expendabros.exe"+4F839D: 48 3B D1 - cmp rdx,rcx
57. "Expendabros.exe"+4F83A0: 7F F0 - jg Expendabros.exe+4F8392
58. "Expendabros.exe"+4F83A2: FF C7 - inc edi
59. "Expendabros.exe"+4F83A4: 44 3B F7 - cmp r14d,edi
60. "Expendabros.exe"+4F83A7: 7F A7 - jg Expendabros.exe+4F8350
61. "Expendabros.exe"+4F83A9: 48 8B 0D 90 9B A1 00 - mov rcx,[Expendabros.exe+F11F40]
62. "Expendabros.exe"+4F83B0: 48 8B 44 24 60 - mov rax,[rsp+60]
63. "Expendabros.exe"+4F83B5: 8B 90 58 02 00 00 - mov edx,[rax+00000258]
64. "Expendabros.exe"+4F83BB: E8 A0 A9 FF FF - call Expendabros.exe+4F2D60
65. // ---------- INJECTING HERE ----------
66. "Expendabros.exe"+4F83C0: 84 C0 - test al,al
67. "Expendabros.exe"+4F83C2: 75 2D - jne Expendabros.exe+4F83F1
68. "Expendabros.exe"+4F83C4: 48 8B 0D 75 9B A1 00 - mov rcx,[Expendabros.exe+F11F40]
69. // ---------- DONE INJECTING ----------
70. "Expendabros.exe"+4F83CB: 8B D6 - mov edx,esi
71. "Expendabros.exe"+4F83CD: E8 0E 9A FF FF - call Expendabros.exe+4F1DE0
72. "Expendabros.exe"+4F83D2: 48 8B 0D 67 9B A1 00 - mov rcx,[Expendabros.exe+F11F40]
73. "Expendabros.exe"+4F83D9: 44 8B C0 - mov r8d,eax
74. "Expendabros.exe"+4F83DC: 40 38 A9 A8 00 00 00 - cmp [rcx+000000A8],bpl
75. "Expendabros.exe"+4F83E3: 74 10 - je Expendabros.exe+4F83F5
76. "Expendabros.exe"+4F83E5: 8B D0 - mov edx,eax
77. "Expendabros.exe"+4F83E7: 41 8B CF - mov ecx,r15d
78. "Expendabros.exe"+4F83EA: E8 A1 9D E1 FF - call Expendabros.exe+312190
79. "Expendabros.exe"+4F83EF: EB 2D - jmp Expendabros.exe+4F841E
80. }
81. </AssemblerScript>
82. </CheatEntry>
83. <CheatEntry>
84. <ID>46</ID>
85. <Description>"SelectAnyChar2"</Description>
86. <LastState/>
87. <VariableType>Auto Assembler Script</VariableType>
88. <AssemblerScript>{ Game : Expendabros.exe
89. Version:
90. Date : 2020-02-29
91. Author : omega
92.  
93. This script does blah blah blah
94. }
95.  
96. [ENABLE]
97. //code from here to '[DISABLE]' will be used to enable the cheat
98.  
99.  
100.  
101. aobscanmodule(SelectAnyChar2,Expendabros.exe,44 0F B6 E0 B8 3C 00 00 00) // should be unique
102. alloc(newmem,$1000,SelectAnyChar2)
103.  
104. label(code)
105. label(return)
106.  
107. newmem:
108. mov al,0
109. jmp code
110.  
111. code:
112. movzx r12d,al
113. mov eax,0000003C
114. jmp return
115.  
116. SelectAnyChar2:
117. jmp newmem
118. nop 4
119. return:
120. registersymbol(SelectAnyChar2)
121.  
122. [DISABLE]
123. //code from here till the end of the code will be used to disable the cheat
124. SelectAnyChar2:
125. db 44 0F B6 E0 B8 3C 00 00 00
126.  
127. unregistersymbol(SelectAnyChar2)
128. dealloc(newmem)
129.  
130. {
131. // ORIGINAL CODE - INJECTION POINT: "Expendabros.exe"+4ECD3B
132.  
133. "Expendabros.exe"+4ECD0D: 74 1D - je Expendabros.exe+4ECD2C
134. "Expendabros.exe"+4ECD0F: 41 BF 01 00 00 00 - mov r15d,00000001
135. "Expendabros.exe"+4ECD15: EB 15 - jmp Expendabros.exe+4ECD2C
136. "Expendabros.exe"+4ECD17: 41 B8 01 00 00 00 - mov r8d,00000001
137. "Expendabros.exe"+4ECD1D: 8B 15 21 95 A2 00 - mov edx,[Expendabros.exe+F16244]
138. "Expendabros.exe"+4ECD23: 48 8B 4E 18 - mov rcx,[rsi+18]
139. "Expendabros.exe"+4ECD27: E8 A4 A1 23 00 - call Expendabros.exe+726ED0
140. "Expendabros.exe"+4ECD2C: 48 8B 0D 0D 52 A2 00 - mov rcx,[Expendabros.exe+F11F40]
141. "Expendabros.exe"+4ECD33: 41 8B D6 - mov edx,r14d
142. "Expendabros.exe"+4ECD36: E8 25 60 00 00 - call Expendabros.exe+4F2D60
143. // ---------- INJECTING HERE ----------
144. "Expendabros.exe"+4ECD3B: 44 0F B6 E0 - movzx r12d,al
145. "Expendabros.exe"+4ECD3F: B8 3C 00 00 00 - mov eax,0000003C
146. // ---------- DONE INJECTING ----------
147. "Expendabros.exe"+4ECD44: 8B 0C 03 - mov ecx,[rbx+rax]
148. "Expendabros.exe"+4ECD47: 39 0D 03 95 A2 00 - cmp [Expendabros.exe+F16250],ecx
149. "Expendabros.exe"+4ECD4D: 7E 13 - jle Expendabros.exe+4ECD62
150. "Expendabros.exe"+4ECD4F: E9 70 10 00 00 - jmp Expendabros.exe+4EDDC4
151. "Expendabros.exe"+4ECD54: 48 FF C2 - inc rdx
152. "Expendabros.exe"+4ECD57: 44 38 2C 11 - cmp [rcx+rdx],r13l
153. "Expendabros.exe"+4ECD5B: 75 F7 - jne Expendabros.exe+4ECD54
154. "Expendabros.exe"+4ECD5D: E9 8A 10 00 00 - jmp Expendabros.exe+4EDDEC
155. "Expendabros.exe"+4ECD62: 45 84 E4 - test r12l,r12l
156. "Expendabros.exe"+4ECD65: 0F 84 7B 02 00 00 - je Expendabros.exe+4ECFE6
157. }
158. </AssemblerScript>
159. </CheatEntry>
160. </CheatEntries>
161. </CheatTable>