Kovitikus

Kingdoms of Amalur CheatEngine Table - YSA V1.1

Jun 24th, 2020
252
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 59.05 KB | None | 0 0
  1. <?xml version="1.0"?>
  2. <CheatTable CheatEngineTableVersion="12">
  3. <CheatEntries>
  4. <CheatEntry>
  5. <ID>57</ID>
  6. <Description>"EXP base script: must be activated FIRST, prerequiste to the next script (exp reduction) (please activate)"</Description>
  7. <Color>80000008</Color>
  8. <VariableType>Auto Assembler Script</VariableType>
  9. <AssemblerScript>[ENABLE]
  10. //code from here to '[DISABLE]' will be used to enable the cheat
  11. alloc(newmem7,2048) //2kb should be enough
  12. label(returnhere7)
  13. label(originalcode7)
  14. label(exit7)
  15. label(hHSubFJMP)
  16. label(skillpoints)
  17. aobscan(EXPChange_AOB,89 48 18 8b 57 1C 5D)
  18. registersymbol(hHSubFJMP)
  19.  
  20.  
  21. newmem7: //this is allocated memory, you have read,write,execute access
  22. //place your code here
  23. push edx
  24. push ebx
  25. //No changes in this script neccessary; just a technical anchor
  26. // in order for the next script to work: it marks a strand of parallel code
  27. skillpoints:
  28. pop ebx
  29. pop edx
  30.  
  31. originalcode7:
  32. mov [eax+18],ecx
  33. mov edx,[edi+1C]
  34. pop ebp
  35.  
  36. exit7:
  37. jmp returnhere7
  38.  
  39. EXPChange_AOB:
  40. hHSubFJMP:
  41. jmp newmem7
  42. nop
  43. nop
  44. returnhere7:
  45.  
  46.  
  47. [DISABLE]
  48. //code from here till the end of the code will be used to disable the cheat
  49. dealloc(newmem7)
  50. hHSubFJMP: //"Reckoning.exe"+3A1051:
  51. //db 5E 89 48 18 8B 57 1C
  52. db 89 48 18 8b 57 1C 5D
  53. //db 66 2B C8 66 89 8E DA 00 00 00
  54. //Alt: mov eax,esi
  55. //Alt: neg eax
  56. //Alt: cmp ecx,eax
  57. unregistersymbol(hHSubFJMP)
  58. </AssemblerScript>
  59. <Hotkeys>
  60. <Hotkey>
  61. <Action>Toggle Activation</Action>
  62. <Keys>
  63. <Key>17</Key>
  64. <Key>49</Key>
  65. </Keys>
  66. <Description>EXP Always first</Description>
  67. <ID>0</ID>
  68. </Hotkey>
  69. </Hotkeys>
  70. </CheatEntry>
  71. <CheatEntry>
  72. <ID>56</ID>
  73. <Description>"60% EXP gain reduction (only works if first script was activated beforehand) (please activate)"</Description>
  74. <Color>80000008</Color>
  75. <VariableType>Auto Assembler Script</VariableType>
  76. <AssemblerScript>[ENABLE]
  77. //code from here to '[DISABLE]' will be used to enable the cheat
  78. alloc(newmem8,2048) //2kb should be enough
  79. label(returnhere8)
  80. label(originalcode8)
  81. label(exit8)
  82. label(hHSubGJMP)
  83. label(skillpoints2)
  84. label(NotZero)
  85. aobscan(EXPChange2_AOB,5E 89 48 18 8b 57 1C 5D)
  86. //globalalloc(EXPPointer,4)
  87. //globalalloc(pTotalEXP,4)
  88. registersymbol(hHSubGJMP)
  89.  
  90.  
  91. newmem8: //this is allocated memory, you have read,write,execute access
  92. //place your code here
  93.  
  94. push edx
  95. push ebx
  96. mov edx,[eax+18]
  97. mov ebx,ecx
  98. sub ebx,edx
  99. cmp ebx,(int)15
  100. jbe skillpoints2
  101. cmp ebx,(int)100
  102. je skillpoints2
  103. cmp [eax+18],ecx
  104. je skillpoints2
  105. cmp ebx,(int)10000
  106. jg skillpoints2
  107. cmp ecx,0
  108. jbe skillpoints2
  109. cmp edx,0
  110. jbe skillpoints2
  111. push eax
  112. push edx
  113. mov eax,ebx
  114. //BEGIN OF ADJUSTABLE BLOCK: EXP REDUCTION//
  115. mov edx,3
  116. //above number is the dividend
  117. mul edx
  118. pop edx
  119. sar eax,3
  120. //above number is the divisor
  121. //a 1 means divide by 2, a 2 means divide by 4, a 3 means by 8...
  122. //above settings result in only 3/8 gain (37,5%)
  123. //if you wanted less severe penality and more gain, like e.g. 50%:
  124. //you could set this e.g. to 1 (first number)/1(second number),
  125. //meaning: 1/2 (50%)
  126. //END OF ADJUSTABLE BLOCK: EXP REDUCTION//
  127. mov ebx,eax
  128. pop eax
  129. add [eax+18],ebx
  130. mov ebx,[eax+18]
  131. //mov [pTotalEXP],ebx
  132. cmp ebx,0
  133. jg NotZero
  134. jmp skillpoints2
  135. NotZero:
  136. pop ebx
  137. pop edx
  138. pop esi
  139. jmp originalcode8
  140.  
  141. skillpoints2:
  142. pop ebx
  143. mov [eax+18],ecx
  144. pop edx
  145. pop esi
  146.  
  147. originalcode8:
  148. //pop esi
  149. //mov [eax+18],ecx
  150. mov edx,[edi+1C]
  151. pop ebp
  152.  
  153. exit8:
  154. jmp returnhere8
  155.  
  156. EXPChange2_AOB:
  157. hHSubGJMP:
  158. jmp newmem8
  159. nop
  160. nop
  161. nop
  162. returnhere8:
  163.  
  164. [DISABLE]
  165. //code from here till the end of the code will be used to disable the cheat
  166. dealloc(newmem8)
  167. dealloc(TotalEXP)
  168. hHSubGJMP: //"Reckoning.exe"+3A1051:
  169. //db 5E 89 48 18 8B 57 1C
  170. db 5E 89 48 18 8b 57 1C 5D
  171. //db 66 2B C8 66 89 8E DA 00 00 00
  172. //Alt: mov eax,esi
  173. //Alt: neg eax
  174. //Alt: cmp ecx,eax
  175. unregistersymbol(hHSubGJMP)
  176. </AssemblerScript>
  177. <Hotkeys>
  178. <Hotkey>
  179. <Action>Toggle Activation</Action>
  180. <Keys>
  181. <Key>17</Key>
  182. <Key>50</Key>
  183. </Keys>
  184. <Description>EXP -60%</Description>
  185. <ID>0</ID>
  186. </Hotkey>
  187. </Hotkeys>
  188. </CheatEntry>
  189. <CheatEntry>
  190. <ID>2</ID>
  191. <Description>"Damage done 50%, damage received 200%, Mob min damage 3%, Soft cap player damage at 1500/12% (please activate)"</Description>
  192. <Color>80000008</Color>
  193. <VariableType>Auto Assembler Script</VariableType>
  194. <AssemblerScript>[ENABLE]
  195. //code from here to '[DISABLE]' will be used to enable the cheat
  196. alloc(newmem1,2048) //2kb should be enough
  197. label(returnhere1)
  198. label(originalcode1)
  199. label(exit1)
  200. globalalloc(pHeroHealth,4)
  201. alloc(pHeroMaxHealth,4)
  202. alloc(pHeroCurrentHealth,4)
  203. aobscan(hHRead_AOB,8B 4B 48 89 4C 24 14 85 C9)
  204. label(hHReadJMP)
  205. registersymbol(hHReadJMP)
  206. alloc(newmem2,2048) //2kb should be enough
  207. label(returnhere2)
  208. label(originalcode2)
  209. label(exit2)
  210. label(MonsterHP)
  211. label(NonBoosted)
  212. label(StillBoosted)
  213. label(NonBoostedDamage)
  214. label(FiveLimit)
  215. label(FiveRemains)
  216. label(FiveSteps)
  217. label(GoOn)
  218. aobscan(hHSubA_AOB,3B C8 76 ** 03 CE 89 4F 48 ** ** 89 5F 48 B1 40)
  219. label(hHSubAJMP)
  220. registersymbol(hHSubAJMP)
  221.  
  222. alloc(newmem6,2048) //2kb should be enough
  223. label(returnhere6)
  224. label(originalcode6)
  225. label(exit6)
  226. label(hHSubEJMP)
  227. aobscan(MaxHPIncrease_AOB,83 F8 01 89 47 4C)
  228. registersymbol(hHSubEJMP)
  229.  
  230.  
  231. newmem1: //this is allocated memory, you have read,write,execute access
  232. //place your code here
  233. mov [pHeroHealth],ebx
  234. push edx
  235. mov edx,[ebx+4c]
  236. mov [pHeroMaxHealth],edx
  237. mov edx,[ebx+48]
  238. mov [pHeroCurrentHealth],edx
  239. pop edx
  240.  
  241. originalcode1:
  242. mov ecx,[ebx+48]
  243. mov [esp+14],ecx
  244.  
  245. exit1:
  246. jmp returnhere1
  247.  
  248. newmem2: //this is allocated memory, you have read,write,execute access
  249. //place your code here
  250. cmp [pHeroHealth],edi
  251. jne MonsterHP
  252. push eax
  253. push ebx
  254. mov eax,esi
  255.  
  256. // ADJUSTABLE BLOCK: SOFT CAP OF HIGH HP BY EXTREME DAMAGE INCREASE//
  257. cmp [pHeroCurrentHealth],(int)2999
  258. //above number is the hero current hp number which has to be exceeded for below
  259. //described extreme damage increase to kick in
  260. //the changes start with 3000+ hp in this case
  261. //when changing this adjust all other "2999" you see in the whole code below
  262. //to the same value
  263. jbe NonBoosted
  264. mov ebx,(int)40
  265. //above number is the dividend for damage received by player when his health
  266. // is 3000+ hp; it's a counterbalance for excessive stat increase due to
  267. //crafting and the way stat multilpliers are stacked in vanilla
  268. mul ebx
  269. sar eax,(int)1
  270. //above number is the divisor for such damage received by high hp player
  271. //a 1 above means divide by 2, a 2 divide by 4, a 3 divide by 8...
  272. //above combination results in 40/2 (2^1), i.e. 20 times the vanilla damage
  273. //(or 2000% or paraphrased +additional +1900%)
  274. mov esi,eax
  275. //END OF ADJUSTABLE BLOCK: SOFT CAP OF HIGH HP BY EXTREME DAMAGE INCREASE//
  276.  
  277. // ADJUSTABLE BLOCK: MINIMUM DAMGAE RECEIVED REGARDLESS OF ARMOR/RESISTENCE//
  278. push [pHeroMaxHealth]
  279. sar [pHeroMaxHealth],5
  280. // above number describes the percentage of the hero's maximum hp that is added
  281. // to damage each time a damage occurs; it adds on every hit, but also on every
  282. // posion, burn, bleed etc. tick. There is an exception to this when hero
  283. // current hp drop below 200 hp or max hero hp are below 128 hp;
  284. // these exceptions are described further down in the code;
  285. // purpose of this is to counterbalance excessive stacking of resistence and
  286. // armor modifiers; furthermore it keeps even grey mobs somewhat dangerous;
  287. // you get better in the game, a true hero - but you remain vulnerable
  288. // a 1 above means divide by 2, a 2 divide by 4, a 3 divide by 8...
  289. // above setting results in 1/32 (2^5), i.e. about 3% of hero max hp added
  290. // to each damage received after armor/resistance calculations;e.g a 10000
  291. // max hp hero would receive (round about) additional 300 points of damage per
  292. // hit this values appears double time (see code below); change the other entry
  293. // accordingly
  294. sub esi,[pHeroMaxHealth]
  295. pop [pHeroMaxHealth]
  296. add ecx,esi
  297. pop ebx
  298. pop eax
  299. cmp ecx,(int)2999
  300. //when a hit brings you below of 3000 current hp, this line (and the one below)
  301. // ensures that this very hit will apply no more damage then needed to drop to
  302. // 4999 hp; this is just to make it still attractive to go over 3000+ hp
  303. // otherwise a hero with e.g. 2999 hp might be better of than one with 3001 hp
  304. jge StillBoosted
  305. mov ecx,(int)2999
  306. //see above, change in accordane, as all "2999" numbers in the code
  307. jmp originalcode2
  308. // END OF ADJUSTABLE BLOCK: MINIMUM DAMGAE RECEIVED REGARDLESS OF ARMOR/RES//
  309.  
  310. StillBoosted:
  311. cmp ecx,0
  312. jg originalcode2
  313. mov ecx,0
  314. jmp originalcode2
  315.  
  316. //ADJUSTABLE BLOCK: DAMAGE RECEVEID BY HERO WHEN CURRENT HP BELOW 5000//
  317. NonBoosted:
  318. mov ebx,(int)4
  319. //above number is the dividend for damage received by player
  320. // this muliplier is the normal multiplier used, i.e. when current hero hp are
  321. // below 3000 hp;
  322. mul ebx
  323. sar eax,(int)1
  324. //above number is the divisor for damage received by player
  325. //a 1 above means divide by 2, a 2 divide by 4, a 3 divide by 8...
  326. //above combintaion results in 4/2 (2^1), i.e. double times the damage received
  327. //by hero than in vanilla; that is 200% of vanilla damage received or
  328. //paraphrased + additional 100%
  329. cmp [pHeroMaxHealth],(int)3000
  330. //This number caps the minmum damage received in certain high hp situations;
  331. //not very relevant actually - without the cap heroes with over 3000 max hp
  332. //might get in situations where they would actually wish for less max hp
  333. //which is to be avoided - therefore this cap
  334. jb FiveLimit
  335. mov [pHeroMaxHealth],(int)3000
  336. //END OF ADJUSTABLE BLOCK: DAMAGE RECEVEID BY HERO WHEN CURRENT HP BELOW 5000//
  337.  
  338. //ADJUSTABLE BLOCK: EXECPTIONS TO MINIMUM DAMAGE//
  339. FiveLimit:
  340. mov esi,eax
  341. cmp [pHeroMaxHealth],(int)128
  342. //above number is the minimum full hp of the hero that is neccesssary before the
  343. //minimum damage mechanism described above kicks in; I had crashes when going
  344. //below this; if you lower the divisor for minimum damage below, i.e. increase
  345. //minimum damage, you might want to increase this number, too;
  346. // e.g. when setting the divider to 6 (now 5) I would increase this threshold
  347. // to 256 (now 128)
  348. jb FiveRemains
  349. cmp [pHeroCurrentHealth],(int)200
  350. //above number is a switch point at which minimum damage is calculated as
  351. //absolute value (here: +5 additional damage points) instead of using
  352. //above relative method (here: 3% of of max hp). This switch, occuring when
  353. //current hp go equal or below above value (200), is neccessary to somewhat
  354. //mitigate the effect of damage over time ticks from posion, burn, bleed, etc.;
  355. //your reaction window for healing/fleeing is increased this way;
  356. //without this you will have many sudden death situations when fighting foes
  357. //with damage over time attacks
  358. //to deactivate this safe zone change all three values of "200" here and below
  359. //two times to 0; in any case change all three vlaues in parallel
  360. jbe FiveSteps
  361. push [pHeroMaxHealth]
  362. sar [pHeroMaxHealth],5
  363. //this is again the divisor for minimum damage (1/32 here; 2^5; round about
  364. //3% of max hp: set to the same value as above; it repeats for techncial reasons
  365. //only
  366. sub esi,[pHeroMaxHealth]
  367. pop [pHeroMaxHealth]
  368. push [pHeroCurrentHealth]
  369. add [pHeroCurrentHealth],esi
  370. mov ebx,[pHeroCurrentHealth]
  371. pop [pHeroCurrentHealth]
  372. cmp ebx,(int)150
  373. //again, a threshold value: in case any damage brings your hero to 200 or less
  374. //hp, that very damage only drops you down to exactly 200 hp; otherwise spill
  375. //over damage might simply drop you dead right away before entering the 200 hp
  376. // safe zone with reduced minmum damage mechanism
  377. jg FiveRemains
  378. mov esi,0
  379. mov ecx,(int)150
  380. //see above, always chnage in parallel
  381. jmp FiveRemains
  382.  
  383. FiveSteps:
  384. sub esi,(int)5
  385. //This is the absolute minimum damage added to each damage that occurs within
  386. //the 200 hp safe zone
  387. //END OF ADJUSTABLE BLOCK: EXECPTIONS TO MINIMUM//
  388.  
  389. FiveRemains:
  390. add ecx,esi
  391. pop ebx
  392. pop eax
  393. cmp ecx,0
  394. //do not change or dying will be glitchy
  395. jg originalcode2
  396. mov ecx,0
  397. //do not change or dying will be glitchy
  398. jmp originalcode2
  399.  
  400. MonsterHP:
  401. push eax
  402. push ebx
  403. //mov eax,[edi+48]
  404. //mov [edi+48],ecx
  405. //neg eax
  406. //mov ebx,(int)1
  407. //mul ebx
  408. //sar eax,1
  409. //cmp ecx,eax
  410. //jg GoOn
  411. //mov ebx,(int)-1500
  412. //add eax,esi
  413. //add eax,(int)30
  414. //cmp eax,(int)0
  415. //jg GoOn
  416. //mov ebx,[edi+48]
  417. //neg ebx
  418. //cmp eax,ebx
  419. //jb GoOn
  420. //mov ecx,0
  421. //add ecx,esi
  422. //pop ebx
  423. //pop eax
  424. //cmp ecx,0
  425. //do not change or dying will be glitchy
  426. //jg originalcode2
  427. //mov ecx,0
  428. //do not change or dying will be glitchy
  429. //jmp originalcode2
  430.  
  431. GoOn:
  432. mov eax,esi
  433.  
  434. //ADJUSTABLE BLOCK: SOFT CAP TO DAMAGE DONE BY HERO//
  435. cmp eax,(int)-1500
  436. //this checks at which damage value a soft cap to the damage the hero deals
  437. //shall be applied; in this case, if you do more than 1500 damage points, you
  438. //get diminishing returns
  439. //purpose is to counterbalance extreme effects due to the way the modifiers
  440. //stack in vanilla; this shall prevent weapon crafting/socketing
  441. //from becoming game breaking in the end game
  442. //this mechanism favors fast weapons over slow a little - I cannot change that
  443. //it will not break stealth kills: there's a glitch though that stealth killed
  444. //opponents need a few extra strikes after they have dropped ;just imagine you
  445. //alredy kncoked them out and now have to finish them off; only a minor glitch
  446. //mind that it's a negative value here
  447. jge NonBoostedDamage
  448. add eax,(int)1629
  449. //change in accordance to above, but use a positive value
  450. sar eax,(int)3
  451. //this is the percentage to which the excess damage, here beyond 1500 damage
  452. //points, is reduced; it's round about 12% right now (1/8, 2^3). E.g when
  453. //dealing 3000 damage points in vanilla this will drop to 1500+1500*12/100=
  454. //1680 damage points
  455. //actually this is not fully correct for I have added additonal 129 points
  456. //to prevent potential crashes (at least 128 should go positive before dividing)
  457. //balancewise these 129 points will have no effect you might notice ingame
  458. sub eax,(int)1629
  459. //change in accordance to above, but use a positive value
  460. //END OF ADJUSTABLE BLOCK: SOFT CAP TO DMAGAE DONE BY HERO//
  461.  
  462. //ADJUSTABLE BLOCK 1: DAMAGE DONE BY HERO//
  463. mov ebx,(int)1
  464. //above number is the dividend for all damage done by hero
  465. //this damage block repeats a few lines below;
  466. //make changes in both blocks (1&amp;2) in accordance
  467. push edx
  468. mul ebx
  469. pop edx
  470. sar eax,(int)1
  471. //above number is the divisor for damage done by hero
  472. //a 1 above means divide by 2, a 2 divide by 4, a 3 divide by 8...
  473. //right now this is 1/2, i.e. 50% of vanilla damahge done by hero or paraphrased
  474. //-50% to the vanilla damage done by the hero
  475. //END OF ADJUSTABLE BLOCK 1: DAMAGE DONE BY HERO//
  476.  
  477. mov esi,eax
  478. add ecx,esi
  479. pop ebx
  480. pop eax
  481. cmp ecx,0
  482. //do not change or dying will be glitchy
  483. jg originalcode2
  484. mov ecx,0
  485. //do not change or dying will be glitchy
  486. jmp originalcode2
  487.  
  488. NonBoostedDamage:
  489. //ADJUSTABLE BLOCK 2: DAMAGE DONE BY HERO//
  490. mov ebx,(int)1
  491. //above number is the dividend for all damage done by hero
  492. //this damage block repeats a few lines above;
  493. //make changes in both blocks (1&amp;2) in accordance
  494. push edx
  495. mul ebx
  496. pop edx
  497. sar eax,(int)1
  498. //above number is the divisor for damage done by hero
  499. //a 1 above means divide by 2, a 2 divide by 4, a 3 divide by 8...
  500. //right now this is 1/2, i.e. 50% of vanilla damage done by hero or paraphrased
  501. //-50% to the vanilla damage done by the hero
  502. //END OF ADJUSTABLE BLOCK 2: DAMAGE DONE BY HERO//
  503.  
  504. mov esi,eax
  505. add ecx,esi
  506. pop ebx
  507. pop eax
  508. cmp ecx,0
  509. //do not change or dying will be glitchy
  510. jg originalcode2
  511. mov ecx,0
  512. //do not change or dying will be glitchy
  513. jmp originalcode2
  514.  
  515. originalcode2:
  516. mov [edi+48],ecx
  517.  
  518.  
  519. exit2:
  520. jmp returnhere2
  521.  
  522. newmem6: //this is allocated memory, you have read,write,execute access
  523. //place your code here
  524. cmp eax,01
  525. push ebx
  526.  
  527. //ADJUSABLE BLOCK: MAX HP TIMES FIVE//
  528. mov ebx,(int)1
  529. //above value is the muliplier for hero's max hp; it's at vanilla level now
  530. //END OF ADJUSABLE BLOCK: MAX HP TIMES FIVE//
  531.  
  532. mul ebx
  533. pop ebx
  534.  
  535. originalcode6:
  536. //cmp eax,01
  537. mov [edi+4C],eax
  538.  
  539. exit6:
  540. jmp returnhere6
  541.  
  542.  
  543.  
  544. hHRead_AOB: //"Reckoning.exe"+3A18E5:
  545. hHReadJMP:
  546. jmp newmem1
  547. nop
  548. nop
  549. returnhere1:
  550.  
  551. hHSubA_AOB: //"Reckoning.exe"+3A1059:
  552. hHSubAJMP:
  553. jmp newmem2
  554. nop
  555. nop
  556. nop
  557. nop
  558. returnhere2:
  559.  
  560. MaxHPIncrease_AOB:
  561. hHSubEJMP:
  562. jmp newmem6
  563. nop
  564. returnhere6:
  565.  
  566. [DISABLE]
  567. //code from here till the end of the code will be used to disable the cheat
  568. dealloc(newmem1)
  569. dealloc(newmem2)
  570. dealloc(newmem6)
  571.  
  572. hHReadJMP: //"Reckoning.exe"+3A18E5:
  573. db 8B 4B 48 89 4C 24 14
  574. //Alt: mov ecx,[ebx+48]
  575. //Alt: mov [esp+14],ecx
  576. dealloc(pHeroHealth)
  577. dealloc(pHeroMaxHealth)
  578. dealloc(pHeroCurrentHealth)
  579. //dealloc(Intermediate,4)
  580. unregistersymbol(hHReadJMP)
  581.  
  582. hHSubAJMP: //"Reckoning.exe"+3A1059:
  583. db 03 CE 89 4F 48
  584. //Alt: add ecx,esi
  585. //Alt: mov [edi+48],ecx
  586. unregistersymbol(hHSubAJMP)
  587.  
  588. hHSubEJMP: //"Reckoning.exe"+3A1051:
  589. //db 5E 89 48 18 8B 57 1C
  590. db 83 F8 01 89 47 4C
  591. //db 66 2B C8 66 89 8E DA 00 00 00
  592. //Alt: mov eax,esi
  593. //Alt: neg eax
  594. //Alt: cmp ecx,eax
  595. unregistersymbol(hHSubEJMP)
  596. </AssemblerScript>
  597. <Hotkeys>
  598. <Hotkey>
  599. <Action>Toggle Activation</Action>
  600. <Keys>
  601. <Key>17</Key>
  602. <Key>51</Key>
  603. </Keys>
  604. <Description>DAM Changes</Description>
  605. <ID>0</ID>
  606. </Hotkey>
  607. </Hotkeys>
  608. <CheatEntries>
  609. <CheatEntry>
  610. <ID>28</ID>
  611. <Description>"CurrentHealth (leave UNACTIVATED)"</Description>
  612. <Color>80000008</Color>
  613. <VariableType>4 Bytes</VariableType>
  614. <Address>pHeroHealth</Address>
  615. <Offsets>
  616. <Offset>48</Offset>
  617. </Offsets>
  618. </CheatEntry>
  619. </CheatEntries>
  620. </CheatEntry>
  621. <CheatEntry>
  622. <ID>60</ID>
  623. <Description>"Health regeneration 20% effect, Heal potions 50% effect; needs damage script active (please activate)"</Description>
  624. <Color>80000008</Color>
  625. <VariableType>Auto Assembler Script</VariableType>
  626. <AssemblerScript>[ENABLE]
  627. //code from here to '[DISABLE]' will be used to enable the cheat
  628. alloc(newmem3,2048) //2kb should be enough
  629. label(returnhere3)
  630. label(originalcode3)
  631. label(exit3)
  632. label(Collecting)
  633. label(Healpotion)
  634. label(MonsterRegeneration)
  635. globalalloc(Counter,4)
  636. aobscan(hHSubB_AOB,03 CE 83 F8 01 89 4F 48 8D 53 01)
  637. label(hHSubBJMP)
  638. registersymbol(hHSubBJMP)
  639.  
  640. newmem3: //this is allocated memory, you have read,write,execute access
  641. //place your code here
  642. cmp [pHeroHealth],edi
  643. jne MonsterRegeneration
  644. //ADJUSTABLE BLOCK: STRENGTH OF HEALING EFFECTS IN FAVOR OF HERO//
  645. cmp esi,(int)30
  646. //above number is for identifying whether a heal potion (or more general:
  647. //single instance heal) or a regeneration potion (or more genereal: heal
  648. //over time) is used; every heal of 30+ points on one tick is considered as
  649. //heal potion; please note that the number of ticks called per second depends
  650. //on the potion used; small regenration potions tick 3 to 5 times per second
  651. //large ones about 20 times per second
  652. jge Healpotion
  653. cmp [Counter],(int)5
  654. //this number divides the strenth of heal over time effects (e.g. regeneration
  655. //potions); it actually inserts blank ticks without effect: the setting of 5,
  656. // reduces HoT effects to 20% (80% effectiveness lost)
  657. jne Collecting
  658. add ecx,esi
  659. mov [Counter],0
  660. jmp originalcode3
  661. Collecting:
  662. add [Counter],(int)1
  663. jmp originalcode3
  664. Healpotion:
  665. push ebx
  666. push eax
  667. mov eax,esi
  668. mov ebx,(int)1
  669. mul ebx
  670. sar eax,(int)1
  671. mov esi,eax
  672. pop eax
  673. pop ebx
  674. //above number divides the strength of single instance heals (e.g. heal potions)
  675. // a 1 means divide by 2, a 2 means by 4, a 3 by 8...
  676. //the 2 above brings single instance heals down 50% (50% effectiveness lost)
  677. //END OF ADJUSTABLE BLOCK: STRENGTH OF HEALING EFFECTS IN FAVOR OF HERO//
  678. add ecx,esi
  679. jmp originalcode3
  680.  
  681. MonsterRegeneration:
  682. add ecx,esi
  683. //add ecx,esi
  684. //special: above- if un-commmenetned could double monster heals, but I have not
  685. //seen any so far... I keep it commented and tehrewith dectivated to prevent
  686. //potential hidden glitches
  687.  
  688. originalcode3:
  689. //add ecx,esi
  690. cmp eax,01
  691.  
  692. exit3:
  693. jmp returnhere3
  694.  
  695. hHSubB_AOB: //"Reckoning.exe"+3A0FC9:
  696. hHSubBJMP:
  697. jmp newmem3
  698. returnhere3:
  699.  
  700.  
  701. [DISABLE]
  702. //code from here till the end of the code will be used to disable the cheat
  703. dealloc(newmem3)
  704. hHSubBJMP: //"Reckoning.exe"+3A0FC9:
  705. db 03 CE 83 F8 01
  706. //Alt: add ecx,esi
  707. //Alt: cmp eax,01
  708. unregistersymbol(hHSubBJMP)
  709. </AssemblerScript>
  710. <Hotkeys>
  711. <Hotkey>
  712. <Action>Toggle Activation</Action>
  713. <Keys>
  714. <Key>17</Key>
  715. <Key>52</Key>
  716. </Keys>
  717. <Description>HEAL Changes</Description>
  718. <ID>0</ID>
  719. </Hotkey>
  720. </Hotkeys>
  721. </CheatEntry>
  722. <CheatEntry>
  723. <ID>10</ID>
  724. <Description>"Mana cost 200%, mana reg 33%, mana potions 50%, Min cast cost 10 (please activate)"</Description>
  725. <Color>80000008</Color>
  726. <VariableType>Auto Assembler Script</VariableType>
  727. <AssemblerScript>[ENABLE]
  728. //code from here to '[DISABLE]' will be used to enable the cheat
  729. alloc(newmem,2048) //2kb should be enough
  730. label(returnhere)
  731. label(originalcode)
  732. label(exit)
  733. label(DRUNTER)
  734. label(MinCostReached)
  735. aobscan(MPSub_AOB,8B D0 F7 DA 3B CA ** ** 03 C8 89 8D 84 00 00 00)
  736. label(MPSubJMP)
  737. registersymbol(MPSubJMP)
  738.  
  739. alloc(newmem3,2048) //2kb should be enough
  740. label(returnhere3)
  741. label(originalcode3)
  742. label(exit3)
  743. //label(MonsterRegeneration)
  744. label(Collecting)
  745. label(ManaPotion)
  746. globalalloc(ManaCounter,4)
  747. aobscan(ManaRegSub_AOB,01 85 84 00 00 00 8B B5 84 00 00 00)
  748. label(ManaRegSubJMP)
  749. registersymbol(ManaRegSubJMP)
  750.  
  751. newmem: //this is allocated memory, you have read,write,execute access
  752. //place your code here
  753. push eax
  754. push ebx
  755. push ecx
  756. mov eax,[ebp+00000084]
  757. sub eax,ecx
  758.  
  759. // ADJUSTABLE BLOCK: INCREASED MANA COST//
  760. mov ecx,(int)200
  761. //above number is the dividend for mana cost
  762. mul ecx
  763. mov ebx,(int)100
  764. //above number is the divisor for mana cost
  765. //the combination means double mana cost
  766. //i.e. + additional 100% compared to vanilla
  767. //or paraphrased: 200% of vanilla cost
  768. //Note: The last spell before mana rus out can actually be cast for vanilla
  769. //mana cost; it's out of bounds for me to change this
  770. // END OF ADJUSTABLE BLOCK: INCREASED MANA COST//
  771. push edx
  772. div ebx
  773. //ADJUSTABLE BLOCK: MINIMUM MANA COST
  774. cmp eax,(int)10
  775. //above number it the minimum of mana cost per cast, regardless of
  776. //your equipment or skill boni; change in parallel to second number
  777. //below
  778. jg MinCostReached
  779. mov eax,(int)10
  780. //above number is the minimum of mana cost per cast, regardless of
  781. //your equipment or skill boni; change in parallel to first number
  782. //above
  783. //END OF ADJUSTABLE BLOCK: MINIMUM MANA COST
  784. MinCostReached:
  785. pop edx
  786. cmp [ebp+00000084],eax
  787. jbe DRUNTER
  788. sub [ebp+00000084],eax
  789. pop ecx
  790. pop ebx
  791. pop eax
  792. jmp returnhere
  793. DRUNTER:
  794. mov [ebp+00000084],0
  795. pop ecx
  796. pop ebx
  797. pop eax
  798.  
  799. originalcode:
  800. //mov [ebp+00000084],ecx
  801.  
  802. exit:
  803. jmp returnhere
  804.  
  805.  
  806. newmem3: //this is allocated memory, you have read,write,execute access
  807. //place your code here
  808. //ADJUSTABLE BLOCK: STRENGTH OF MANA EFFECTS IN FAVOR OF HERO//
  809. cmp eax,(int)30
  810. //above number is for identifying whether a mana potion (or more general:
  811. //single instance managain) or a regeneration potion (or more generel: mana
  812. //over time) is used; every mana gain of 30+ points on one tick is considered as
  813. //mana potion; please note that the number of ticks called per second depends
  814. //on the potion used; small regenration potions tick 3 to 5 times per second
  815. //large ones about 20 times per second
  816. jge ManaPotion
  817. cmp [ManaCounter],(int)3
  818. //this number divides the strength of mana over time effects (e.g. regeneration
  819. //potions); it actually inserts blank ticks without effect: the setting of 3,
  820. // reduces mana over time effects to 33% (67% effectiveness lost)
  821. jne Collecting
  822. add [ebp+00000084],eax
  823. mov [ManaCounter],0
  824. jmp originalcode3
  825. Collecting:
  826. add [ManaCounter],(int)1
  827. jmp originalcode3
  828. ManaPotion:
  829. sar eax,1
  830. //above number divides the strength of single instance mana gains
  831. // a 1 means divide by 2, a 2 means by 4, a 3 by 8...
  832. //the 1 above brings single instance gain down 50% (50% effectiveness lost)
  833. //END OF ADJUSTABLE BLOCK: STRENGTH OF MANA EFFECTS IN FAVOR OF HERO//
  834. add [ebp+00000084],eax
  835. jmp originalcode3
  836.  
  837. originalcode3:
  838. //add [ebp+00000084],eax
  839.  
  840. exit3:
  841. jmp returnhere3
  842.  
  843. MPSub_AOB+A: //"Reckoning.exe"+39A6A1:
  844. MPSubJMP:
  845. jmp newmem
  846. nop
  847. returnhere:
  848.  
  849. ManaRegSub_AOB:
  850. ManaRegSubJMP:
  851. jmp newmem3
  852. nop
  853. returnhere3:
  854.  
  855.  
  856.  
  857. [DISABLE]
  858. //code from here till the end of the code will be used to disable the cheat
  859. dealloc(newmem)
  860. dealloc(newmem3)
  861. MPSubJMP: //"Reckoning.exe"+39A6A1:
  862. mov [ebp+00000084],ecx
  863. //Alt: db 89 8D 84 00 00 00
  864. unregistersymbol(MPSubJMP)
  865. ManaRegSubJMP: //"Reckoning.exe"+39A6A1:
  866. add [ebp+00000084],eax
  867. unregistersymbol(ManaRegSubJMP)
  868. </AssemblerScript>
  869. <Hotkeys>
  870. <Hotkey>
  871. <Action>Toggle Activation</Action>
  872. <Keys>
  873. <Key>17</Key>
  874. <Key>53</Key>
  875. </Keys>
  876. <Description>MANA Changes</Description>
  877. <ID>0</ID>
  878. </Hotkey>
  879. </Hotkeys>
  880. </CheatEntry>
  881. <CheatEntry>
  882. <ID>59</ID>
  883. <Description>"Slower Fatepoints gain: gain speed down to approximately 25% , later in game even less (please activate)"</Description>
  884. <Color>80000008</Color>
  885. <VariableType>Auto Assembler Script</VariableType>
  886. <AssemblerScript>[ENABLE]
  887. //code from here to '[DISABLE]' will be used to enable the cheat
  888. alloc(newmem,2048) //2kb should be enough
  889. label(returnhere)
  890. label(originalcode)
  891. label(exit)
  892. label(MinFive)
  893. aobscan(Fate_AOB,03 82 04 02 00 00 D9 6C 24 0C)
  894. label(FateSubJMP)
  895. registersymbol(FateSubJMP)
  896.  
  897.  
  898. newmem: //this is allocated memory, you have read,write,execute access
  899. //place your code here
  900. cmp eax,(int)250
  901. jg originalcode
  902. cmp eax,(int)5
  903. jae MinFive
  904. mov eax,(int)5
  905.  
  906. MinFive:
  907. sub [edx+00000204],(int)5
  908. //ADJUSTABLE BLOCK: FATE GAIN PER KILL
  909. cmp eax,(int)10
  910. //above line sets the maximal fate points per kill
  911. //it's the above value minus 5; here: 10-5 = 5 max. fate points per kill
  912. //to go down to e.g. 4 max points per kill, set this and the below number to 9
  913. //this setting means about max. 2% of your fate bar (when full: 265 fate points)
  914. //per kill, no more fate agin for attck combos alone, no extra fate agin for
  915. //"elite" opponents of various classes; estimated reducutio of gain speed: 25%
  916. //(and even more when late ron you woudl find mor "elite")
  917. //note that foes 4 lvl below you, even if still yellows, don't yield fate points
  918. jbe originalcode
  919. mov eax,(int)10
  920. //keep this number the same as above number; here both at 10
  921. //END OF ADJUSTABLE BLOCK: FATE GAIN PER KILL
  922.  
  923. originalcode:
  924. add eax,[edx+00000204]
  925.  
  926. exit:
  927. jmp returnhere
  928.  
  929. Fate_AOB:
  930. FateSubJMP:
  931. jmp newmem
  932. nop
  933. returnhere:
  934.  
  935. [DISABLE]
  936. //code from here till the end of the code will be used to disable the cheat
  937. dealloc(newmem)
  938. FateSubJMP: //"Reckoning.exe"+39A6A1:
  939. db 03 82 04 02 00 00
  940. //mov [ebp+00000084],ecx
  941. //Alt: db 89 8D 84 00 00 00
  942. unregistersymbol(FateSubJMP)
  943.  
  944. </AssemblerScript>
  945. <Hotkeys>
  946. <Hotkey>
  947. <Action>Toggle Activation</Action>
  948. <Keys>
  949. <Key>17</Key>
  950. <Key>54</Key>
  951. </Keys>
  952. <Description>FATE Changes</Description>
  953. <ID>0</ID>
  954. </Hotkey>
  955. </Hotkeys>
  956. </CheatEntry>
  957. <CheatEntry>
  958. <ID>18</ID>
  959. <Description>"Gold found and sell value set to 33% of vanilla: Preparation script (please activate)"</Description>
  960. <Color>80000008</Color>
  961. <VariableType>Auto Assembler Script</VariableType>
  962. <AssemblerScript>[ENABLE]
  963. //code from here to '[DISABLE]' will be used to enable the cheat
  964. alloc(newmem,2048) //2kb should be enough
  965. label(returnhere)
  966. label(originalcode)
  967. label(exit)
  968. globalalloc(pMoney,4)
  969. aobscan(moneyRead_AOB,85 C0 74 08 8B 80 64 03 00 00 EB 02 33 C0 33 C9 33 D2 89 44 24 20)
  970. label(moneyReadJMP)
  971. registersymbol(moneyReadJMP)
  972.  
  973. newmem: //this is allocated memory, you have read,write,execute access
  974. //place your code here
  975. mov [pMoney],eax
  976. //just a script preparing the use of the second gold script; no need for
  977. //changes here; always activate both of these gold scripts, preferably this
  978. //one first
  979. originalcode:
  980. mov eax,[eax+00000364]
  981.  
  982. exit:
  983. jmp returnhere
  984.  
  985. moneyRead_AOB+4: //"Reckoning.exe"+7020EC:
  986. moneyReadJMP:
  987. jmp newmem
  988. nop
  989. returnhere:
  990.  
  991.  
  992.  
  993.  
  994. [DISABLE]
  995. //code from here till the end of the code will be used to disable the cheat
  996. dealloc(newmem)
  997. moneyReadJMP: //"Reckoning.exe"+7020EC:
  998. db 8B 80 64 03 00 00
  999. //Alt: mov eax,[eax+00000364]
  1000. dealloc(pMoney)
  1001. unregistersymbol(moneyReadJMP)
  1002. </AssemblerScript>
  1003. <Hotkeys>
  1004. <Hotkey>
  1005. <Action>Toggle Activation</Action>
  1006. <Keys>
  1007. <Key>17</Key>
  1008. <Key>55</Key>
  1009. </Keys>
  1010. <Description>GOLD Changes</Description>
  1011. <ID>0</ID>
  1012. </Hotkey>
  1013. </Hotkeys>
  1014. <CheatEntries>
  1015. <CheatEntry>
  1016. <ID>19</ID>
  1017. <Description>"Money (leave UNACTIVATED)"</Description>
  1018. <Color>80000008</Color>
  1019. <VariableType>4 Bytes</VariableType>
  1020. <Address>pMoney</Address>
  1021. <Offsets>
  1022. <Offset>364</Offset>
  1023. </Offsets>
  1024. </CheatEntry>
  1025. <CheatEntry>
  1026. <ID>20</ID>
  1027. <Description>"Gold found and sell value set to 33% of vanilla: Executive script (please activate)"</Description>
  1028. <Color>80000008</Color>
  1029. <VariableType>Auto Assembler Script</VariableType>
  1030. <AssemblerScript>[ENABLE]
  1031. //code from here to '[DISABLE]' will be used to enable the cheat
  1032. alloc(newmem,2048) //2kb should be enough
  1033. label(returnhere)
  1034. label(originalcode)
  1035. label(exit)
  1036. aobscan(moneySub_AOB,CC CC 01 86 64 03 00 00 8B 86 64 03 00 00 8B 15 ** ** ** ** 33 C9 85 C0)
  1037. label(moneySubJMP)
  1038. registersymbol(moneySubJMP)
  1039.  
  1040. newmem: //this is allocated memory, you have read,write,execute access
  1041. //place your code here
  1042. cmp [pMoney],esi
  1043. push ebx
  1044. push ecx
  1045. jne originalcode
  1046. cmp eax,(int)0
  1047. jbe originalcode
  1048. mov ebx,[esi+00000364]
  1049. mov ecx,ebx
  1050. add ecx,eax
  1051. cmp ecx,ebx
  1052. jbe originalcode
  1053.  
  1054. //ADJUSTABLE BLOCK: DECREASED GOLD INFLUX//
  1055. mov ebx,(int)33
  1056. //above number is the dividend for gold found and gained by selling
  1057. //please note that the sell values appear a shigh as before, but the money you
  1058. //get will be only one third (33/100) with above setting
  1059. mul ebx
  1060. mov ecx,(int)100
  1061. //above number is the divisor for gold found and gained by selling
  1062. push edx
  1063. div ecx
  1064. pop edx
  1065. //END OF ADJUSTABLE BLOCK: DECREASED GOLD INFLUX//
  1066.  
  1067. originalcode:
  1068. pop ecx
  1069. pop ebx
  1070. add [esi+00000364],eax
  1071.  
  1072. exit:
  1073. jmp returnhere
  1074.  
  1075. moneySub_AOB+2: //"Reckoning.exe"+63C490:
  1076. moneySubJMP:
  1077. jmp newmem
  1078. nop
  1079. returnhere:
  1080.  
  1081.  
  1082.  
  1083.  
  1084. [DISABLE]
  1085. //code from here till the end of the code will be used to disable the cheat
  1086. dealloc(newmem)
  1087. moneySubJMP: //"Reckoning.exe"+63C490:
  1088. db 01 86 64 03 00 00
  1089. //Alt: add [esi+00000364],eax
  1090. unregistersymbol(moneySubJMP)
  1091. </AssemblerScript>
  1092. <Hotkeys>
  1093. <Hotkey>
  1094. <Action>Toggle Activation</Action>
  1095. <Keys>
  1096. <Key>17</Key>
  1097. <Key>55</Key>
  1098. </Keys>
  1099. <Description>GOLD Changes</Description>
  1100. <ID>0</ID>
  1101. </Hotkey>
  1102. </Hotkeys>
  1103. </CheatEntry>
  1104. </CheatEntries>
  1105. </CheatEntry>
  1106. <CheatEntry>
  1107. <ID>29</ID>
  1108. <Description>"MaximumHealth (leave UNACTIVATED)"</Description>
  1109. <Color>80000008</Color>
  1110. <VariableType>4 Bytes</VariableType>
  1111. <Address>pHeroHealth</Address>
  1112. <Offsets>
  1113. <Offset>4C</Offset>
  1114. </Offsets>
  1115. </CheatEntry>
  1116. <CheatEntry>
  1117. <ID>61</ID>
  1118. <Description>"Attack Weight Preparation (please activate; afterwards switch ingame from diffculty hard to medium to hard again)"</Description>
  1119. <Color>80000008</Color>
  1120. <VariableType>Auto Assembler Script</VariableType>
  1121. <AssemblerScript>[ENABLE]
  1122. //code from here to '[DISABLE]' will be used to enable the cheat
  1123. alloc(newmem5,2048) //2kb should be enough
  1124. label(returnhere5)
  1125. label(originalcode5)
  1126. label(exit5)
  1127. label(hHSubDJMP)
  1128. globalalloc(AttackWeightPointer,4)
  1129. aobscan(AttackWeight_AOB,66 2B C8 66 89 8E DA 00 00 00)
  1130. registersymbol(hHSubDJMP)
  1131.  
  1132. newmem5: //this is allocated memory, you have read,write,execute access
  1133. //place your code here
  1134. sub cx,ax
  1135.  
  1136. //ADJUSTABLE BLOCK: ATTACK WEIGHT//
  1137. mov [esi+000000DA],(int)100
  1138. //The game uses a parameter called attack weight to determine how many opponents
  1139. //attack you simultaneously with which of their attacks; usually this is 14 on
  1140. //hard vanilla difficulty; it's increased to 100 here;
  1141. //to have this increase take effect, you have to change diffculty back and
  1142. //forth ingame on each restart of the game, like hard-medium-hard
  1143. //after doing so place the check mark in front of the Attack Weight Pointer in
  1144. //the Cheat Engine menu to lock its value at 100
  1145. //END OF ADJUSTABLE BLOCK: ATTACK WEIGHT//
  1146.  
  1147. mov [AttackWeightPointer],esi
  1148.  
  1149. originalcode5:
  1150. //sub cx,ax
  1151. //mov [esi+000000DA],cx
  1152.  
  1153. exit5:
  1154. jmp returnhere5
  1155.  
  1156. AttackWeight_AOB:
  1157. hHSubDJMP:
  1158. jmp newmem5
  1159. nop
  1160. nop
  1161. nop
  1162. nop
  1163. nop
  1164. returnhere5:
  1165.  
  1166.  
  1167. [DISABLE]
  1168. //code from here till the end of the code will be used to disable the cheat
  1169. dealloc(newmem5)
  1170. hHSubDJMP: //"Reckoning.exe"+3A1051:
  1171. //db 5E 89 48 18 8B 57 1C
  1172. db 66 2B C8 66 89 8E DA 00 00 00
  1173. //Alt: mov eax,esi
  1174. //Alt: neg eax
  1175. //Alt: cmp ecx,eax
  1176. unregistersymbol(hHSubDJMP)
  1177. </AssemblerScript>
  1178. <Hotkeys>
  1179. <Hotkey>
  1180. <Action>Toggle Activation</Action>
  1181. <Keys>
  1182. <Key>17</Key>
  1183. <Key>56</Key>
  1184. </Keys>
  1185. <Description>AW Change now</Description>
  1186. <ID>0</ID>
  1187. </Hotkey>
  1188. </Hotkeys>
  1189. </CheatEntry>
  1190. <CheatEntry>
  1191. <ID>49</ID>
  1192. <Description>"AttackWeight Freeze (please activate after having activated the script above and having done that hard-medium-hard switch ingame)"</Description>
  1193. <Color>80000008</Color>
  1194. <VariableType>Byte</VariableType>
  1195. <Address>AttackWeightPointer</Address>
  1196. <Offsets>
  1197. <Offset>DA</Offset>
  1198. </Offsets>
  1199. <Hotkeys>
  1200. <Hotkey>
  1201. <Action>Toggle Activation</Action>
  1202. <Keys>
  1203. <Key>17</Key>
  1204. <Key>57</Key>
  1205. </Keys>
  1206. <Description>AW alt+tab</Description>
  1207. <ID>0</ID>
  1208. </Hotkey>
  1209. </Hotkeys>
  1210. </CheatEntry>
  1211. </CheatEntries>
  1212. <CheatCodes>
  1213. <CodeEntry>
  1214. <Description>hp +- 1 Code :mov [edi+48],ecx</Description>
  1215. <Address>007A105B</Address>
  1216. <ModuleName>Reckoning.exe</ModuleName>
  1217. <ModuleNameOffset>3A105B</ModuleNameOffset>
  1218. <Before>
  1219. <Byte>C8</Byte>
  1220. <Byte>76</Byte>
  1221. <Byte>07</Byte>
  1222. <Byte>03</Byte>
  1223. <Byte>CE</Byte>
  1224. </Before>
  1225. <Actual>
  1226. <Byte>89</Byte>
  1227. <Byte>4F</Byte>
  1228. <Byte>48</Byte>
  1229. </Actual>
  1230. <After>
  1231. <Byte>EB</Byte>
  1232. <Byte>03</Byte>
  1233. <Byte>89</Byte>
  1234. <Byte>5F</Byte>
  1235. <Byte>48</Byte>
  1236. </After>
  1237. </CodeEntry>
  1238. <CodeEntry>
  1239. <Description>hp access 1 Code :mov ecx,[ebx+48]</Description>
  1240. <Address>007A18E5</Address>
  1241. <ModuleName>Reckoning.exe</ModuleName>
  1242. <ModuleNameOffset>3A18E5</ModuleNameOffset>
  1243. <Before>
  1244. <Byte>8E</Byte>
  1245. <Byte>98</Byte>
  1246. <Byte>01</Byte>
  1247. <Byte>00</Byte>
  1248. <Byte>00</Byte>
  1249. </Before>
  1250. <Actual>
  1251. <Byte>8B</Byte>
  1252. <Byte>4B</Byte>
  1253. <Byte>48</Byte>
  1254. </Actual>
  1255. <After>
  1256. <Byte>89</Byte>
  1257. <Byte>4C</Byte>
  1258. <Byte>24</Byte>
  1259. <Byte>14</Byte>
  1260. <Byte>85</Byte>
  1261. </After>
  1262. </CodeEntry>
  1263. <CodeEntry>
  1264. <Description>arrow - Code :mov [ebp+00000084],eax</Description>
  1265. <Address>008C16DB</Address>
  1266. <ModuleName>Reckoning.exe</ModuleName>
  1267. <ModuleNameOffset>4C16DB</ModuleNameOffset>
  1268. <Before>
  1269. <Byte>48</Byte>
  1270. <Byte>3B</Byte>
  1271. <Byte>C3</Byte>
  1272. <Byte>7C</Byte>
  1273. <Byte>06</Byte>
  1274. </Before>
  1275. <Actual>
  1276. <Byte>89</Byte>
  1277. <Byte>85</Byte>
  1278. <Byte>84</Byte>
  1279. <Byte>00</Byte>
  1280. <Byte>00</Byte>
  1281. <Byte>00</Byte>
  1282. </Actual>
  1283. <After>
  1284. <Byte>38</Byte>
  1285. <Byte>9C</Byte>
  1286. <Byte>24</Byte>
  1287. <Byte>F4</Byte>
  1288. <Byte>01</Byte>
  1289. </After>
  1290. </CodeEntry>
  1291. <CodeEntry>
  1292. <Description>arrow + 1 Code :mov [esi+00000084],eax</Description>
  1293. <Address>008866C0</Address>
  1294. <ModuleName>Reckoning.exe</ModuleName>
  1295. <ModuleNameOffset>4866C0</ModuleNameOffset>
  1296. <Before>
  1297. <Byte>5E</Byte>
  1298. <Byte>6C</Byte>
  1299. <Byte>89</Byte>
  1300. <Byte>5E</Byte>
  1301. <Byte>60</Byte>
  1302. </Before>
  1303. <Actual>
  1304. <Byte>89</Byte>
  1305. <Byte>86</Byte>
  1306. <Byte>84</Byte>
  1307. <Byte>00</Byte>
  1308. <Byte>00</Byte>
  1309. <Byte>00</Byte>
  1310. </Actual>
  1311. <After>
  1312. <Byte>F3</Byte>
  1313. <Byte>0F</Byte>
  1314. <Byte>11</Byte>
  1315. <Byte>86</Byte>
  1316. <Byte>88</Byte>
  1317. </After>
  1318. </CodeEntry>
  1319. <CodeEntry>
  1320. <Description>arrow + 2 Code :mov [esi+00000084],ebx</Description>
  1321. <Address>008C4A6C</Address>
  1322. <ModuleName>Reckoning.exe</ModuleName>
  1323. <ModuleNameOffset>4C4A6C</ModuleNameOffset>
  1324. <Before>
  1325. <Byte>00</Byte>
  1326. <Byte>03</Byte>
  1327. <Byte>D8</Byte>
  1328. <Byte>78</Byte>
  1329. <Byte>06</Byte>
  1330. </Before>
  1331. <Actual>
  1332. <Byte>89</Byte>
  1333. <Byte>9E</Byte>
  1334. <Byte>84</Byte>
  1335. <Byte>00</Byte>
  1336. <Byte>00</Byte>
  1337. <Byte>00</Byte>
  1338. </Actual>
  1339. <After>
  1340. <Byte>33</Byte>
  1341. <Byte>DB</Byte>
  1342. <Byte>EB</Byte>
  1343. <Byte>12</Byte>
  1344. <Byte>8B</Byte>
  1345. </After>
  1346. </CodeEntry>
  1347. <CodeEntry>
  1348. <Description>arrow + 3 Code :mov [ecx+00000084],eax</Description>
  1349. <Address>008B9C03</Address>
  1350. <ModuleName>Reckoning.exe</ModuleName>
  1351. <ModuleNameOffset>4B9C03</ModuleNameOffset>
  1352. <Before>
  1353. <Byte>0A</Byte>
  1354. <Byte>8B</Byte>
  1355. <Byte>4C</Byte>
  1356. <Byte>24</Byte>
  1357. <Byte>2C</Byte>
  1358. </Before>
  1359. <Actual>
  1360. <Byte>89</Byte>
  1361. <Byte>81</Byte>
  1362. <Byte>84</Byte>
  1363. <Byte>00</Byte>
  1364. <Byte>00</Byte>
  1365. <Byte>00</Byte>
  1366. </Actual>
  1367. <After>
  1368. <Byte>83</Byte>
  1369. <Byte>7D</Byte>
  1370. <Byte>0C</Byte>
  1371. <Byte>00</Byte>
  1372. <Byte>74</Byte>
  1373. </After>
  1374. </CodeEntry>
  1375. <CodeEntry>
  1376. <Description>arrow access Code :mov eax,[eax+00000084]</Description>
  1377. <Address>0088AFE5</Address>
  1378. <ModuleName>Reckoning.exe</ModuleName>
  1379. <ModuleNameOffset>48AFE5</ModuleNameOffset>
  1380. <Before>
  1381. <Byte>40</Byte>
  1382. <Byte>20</Byte>
  1383. <Byte>01</Byte>
  1384. <Byte>74</Byte>
  1385. <Byte>0A</Byte>
  1386. </Before>
  1387. <Actual>
  1388. <Byte>8B</Byte>
  1389. <Byte>80</Byte>
  1390. <Byte>84</Byte>
  1391. <Byte>00</Byte>
  1392. <Byte>00</Byte>
  1393. <Byte>00</Byte>
  1394. </Actual>
  1395. <After>
  1396. <Byte>01</Byte>
  1397. <Byte>44</Byte>
  1398. <Byte>24</Byte>
  1399. <Byte>18</Byte>
  1400. <Byte>83</Byte>
  1401. </After>
  1402. </CodeEntry>
  1403. <CodeEntry>
  1404. <Description>repair - Code :movss [esi+00000088],xmm0</Description>
  1405. <Address>008BC1CF</Address>
  1406. <ModuleName>Reckoning.exe</ModuleName>
  1407. <ModuleNameOffset>4BC1CF</ModuleNameOffset>
  1408. <Before>
  1409. <Byte>28</Byte>
  1410. <Byte>C2</Byte>
  1411. <Byte>0F</Byte>
  1412. <Byte>2F</Byte>
  1413. <Byte>D0</Byte>
  1414. </Before>
  1415. <Actual>
  1416. <Byte>F3</Byte>
  1417. <Byte>0F</Byte>
  1418. <Byte>11</Byte>
  1419. <Byte>86</Byte>
  1420. <Byte>88</Byte>
  1421. <Byte>00</Byte>
  1422. <Byte>00</Byte>
  1423. <Byte>00</Byte>
  1424. </Actual>
  1425. <After>
  1426. <Byte>0F</Byte>
  1427. <Byte>82</Byte>
  1428. <Byte>3B</Byte>
  1429. <Byte>01</Byte>
  1430. <Byte>00</Byte>
  1431. </After>
  1432. </CodeEntry>
  1433. <CodeEntry>
  1434. <Description>mp - Code :mov [ebp+00000084],ecx</Description>
  1435. <Address>0079A6A1</Address>
  1436. <ModuleName>Reckoning.exe</ModuleName>
  1437. <ModuleNameOffset>39A6A1</ModuleNameOffset>
  1438. <Before>
  1439. <Byte>CA</Byte>
  1440. <Byte>76</Byte>
  1441. <Byte>0A</Byte>
  1442. <Byte>03</Byte>
  1443. <Byte>C8</Byte>
  1444. </Before>
  1445. <Actual>
  1446. <Byte>89</Byte>
  1447. <Byte>8D</Byte>
  1448. <Byte>84</Byte>
  1449. <Byte>00</Byte>
  1450. <Byte>00</Byte>
  1451. <Byte>00</Byte>
  1452. </Actual>
  1453. <After>
  1454. <Byte>EB</Byte>
  1455. <Byte>0A</Byte>
  1456. <Byte>C7</Byte>
  1457. <Byte>85</Byte>
  1458. <Byte>84</Byte>
  1459. </After>
  1460. </CodeEntry>
  1461. <CodeEntry>
  1462. <Description>mp + Code :add [ebp+00000084],eax</Description>
  1463. <Address>0079A602</Address>
  1464. <ModuleName>Reckoning.exe</ModuleName>
  1465. <ModuleNameOffset>39A602</ModuleNameOffset>
  1466. <Before>
  1467. <Byte>8C</Byte>
  1468. <Byte>8F</Byte>
  1469. <Byte>00</Byte>
  1470. <Byte>00</Byte>
  1471. <Byte>00</Byte>
  1472. </Before>
  1473. <Actual>
  1474. <Byte>01</Byte>
  1475. <Byte>85</Byte>
  1476. <Byte>84</Byte>
  1477. <Byte>00</Byte>
  1478. <Byte>00</Byte>
  1479. <Byte>00</Byte>
  1480. </Actual>
  1481. <After>
  1482. <Byte>8B</Byte>
  1483. <Byte>B5</Byte>
  1484. <Byte>84</Byte>
  1485. <Byte>00</Byte>
  1486. <Byte>00</Byte>
  1487. </After>
  1488. </CodeEntry>
  1489. <CodeEntry>
  1490. <Description>hp +- 2 Code :mov [edi+48],ecx</Description>
  1491. <Address>007A0FD1</Address>
  1492. <ModuleName>Reckoning.exe</ModuleName>
  1493. <ModuleNameOffset>3A0FD1</ModuleNameOffset>
  1494. <Before>
  1495. <Byte>03</Byte>
  1496. <Byte>CE</Byte>
  1497. <Byte>83</Byte>
  1498. <Byte>F8</Byte>
  1499. <Byte>01</Byte>
  1500. </Before>
  1501. <Actual>
  1502. <Byte>89</Byte>
  1503. <Byte>4F</Byte>
  1504. <Byte>48</Byte>
  1505. </Actual>
  1506. <After>
  1507. <Byte>8D</Byte>
  1508. <Byte>53</Byte>
  1509. <Byte>01</Byte>
  1510. <Byte>7C</Byte>
  1511. <Byte>02</Byte>
  1512. </After>
  1513. </CodeEntry>
  1514. <CodeEntry>
  1515. <Description>hp +- 3 Code :mov [edi+48],ebx</Description>
  1516. <Address>007A1060</Address>
  1517. <ModuleName>Reckoning.exe</ModuleName>
  1518. <ModuleNameOffset>3A1060</ModuleNameOffset>
  1519. <Before>
  1520. <Byte>F7</Byte>
  1521. <Byte>10</Byte>
  1522. <Byte>01</Byte>
  1523. <Byte>EB</Byte>
  1524. <Byte>03</Byte>
  1525. </Before>
  1526. <Actual>
  1527. <Byte>89</Byte>
  1528. <Byte>5F</Byte>
  1529. <Byte>48</Byte>
  1530. </Actual>
  1531. <After>
  1532. <Byte>B1</Byte>
  1533. <Byte>40</Byte>
  1534. <Byte>84</Byte>
  1535. <Byte>8F</Byte>
  1536. <Byte>DC</Byte>
  1537. </After>
  1538. </CodeEntry>
  1539. <CodeEntry>
  1540. <Description>fate + 1 Code :mov [edx+00000204],eax</Description>
  1541. <Address>0082D30E</Address>
  1542. <ModuleName>Reckoning.exe</ModuleName>
  1543. <ModuleNameOffset>42D30E</ModuleNameOffset>
  1544. <Before>
  1545. <Byte>0C</Byte>
  1546. <Byte>3B</Byte>
  1547. <Byte>C1</Byte>
  1548. <Byte>73</Byte>
  1549. <Byte>0C</Byte>
  1550. </Before>
  1551. <Actual>
  1552. <Byte>89</Byte>
  1553. <Byte>82</Byte>
  1554. <Byte>04</Byte>
  1555. <Byte>02</Byte>
  1556. <Byte>00</Byte>
  1557. <Byte>00</Byte>
  1558. </Actual>
  1559. <After>
  1560. <Byte>83</Byte>
  1561. <Byte>C4</Byte>
  1562. <Byte>08</Byte>
  1563. <Byte>C2</Byte>
  1564. <Byte>04</Byte>
  1565. </After>
  1566. </CodeEntry>
  1567. <CodeEntry>
  1568. <Description>fate + 2 Code :mov [edx+00000204],ecx</Description>
  1569. <Address>0082D31A</Address>
  1570. <ModuleName>Reckoning.exe</ModuleName>
  1571. <ModuleNameOffset>42D31A</ModuleNameOffset>
  1572. <Before>
  1573. <Byte>C4</Byte>
  1574. <Byte>08</Byte>
  1575. <Byte>C2</Byte>
  1576. <Byte>04</Byte>
  1577. <Byte>00</Byte>
  1578. </Before>
  1579. <Actual>
  1580. <Byte>89</Byte>
  1581. <Byte>8A</Byte>
  1582. <Byte>04</Byte>
  1583. <Byte>02</Byte>
  1584. <Byte>00</Byte>
  1585. <Byte>00</Byte>
  1586. </Actual>
  1587. <After>
  1588. <Byte>83</Byte>
  1589. <Byte>C4</Byte>
  1590. <Byte>08</Byte>
  1591. <Byte>C2</Byte>
  1592. <Byte>04</Byte>
  1593. </After>
  1594. </CodeEntry>
  1595. <CodeEntry>
  1596. <Description>fate - Code :mov [eax+00000204],esi</Description>
  1597. <Address>00AF7D00</Address>
  1598. <ModuleName>Reckoning.exe</ModuleName>
  1599. <ModuleNameOffset>6F7D00</ModuleNameOffset>
  1600. <Before>
  1601. <Byte>F1</Byte>
  1602. <Byte>72</Byte>
  1603. <Byte>02</Byte>
  1604. <Byte>8B</Byte>
  1605. <Byte>F1</Byte>
  1606. </Before>
  1607. <Actual>
  1608. <Byte>89</Byte>
  1609. <Byte>B0</Byte>
  1610. <Byte>04</Byte>
  1611. <Byte>02</Byte>
  1612. <Byte>00</Byte>
  1613. <Byte>00</Byte>
  1614. </Actual>
  1615. <After>
  1616. <Byte>5F</Byte>
  1617. <Byte>33</Byte>
  1618. <Byte>C0</Byte>
  1619. <Byte>5E</Byte>
  1620. <Byte>C3</Byte>
  1621. </After>
  1622. </CodeEntry>
  1623. <CodeEntry>
  1624. <Description>skill point - Code :mov [eax+18],ecx</Description>
  1625. <Address>0089CFBA</Address>
  1626. <ModuleName>Reckoning.exe</ModuleName>
  1627. <ModuleNameOffset>49CFBA</ModuleNameOffset>
  1628. <Before>
  1629. <Byte>00</Byte>
  1630. <Byte>8B</Byte>
  1631. <Byte>4F</Byte>
  1632. <Byte>18</Byte>
  1633. <Byte>5E</Byte>
  1634. </Before>
  1635. <Actual>
  1636. <Byte>89</Byte>
  1637. <Byte>48</Byte>
  1638. <Byte>18</Byte>
  1639. </Actual>
  1640. <After>
  1641. <Byte>8B</Byte>
  1642. <Byte>57</Byte>
  1643. <Byte>1C</Byte>
  1644. <Byte>5D</Byte>
  1645. <Byte>89</Byte>
  1646. </After>
  1647. </CodeEntry>
  1648. <CodeEntry>
  1649. <Description>$ +- 1 Code :add [esi+00000364],eax</Description>
  1650. <Address>00A3C490</Address>
  1651. <ModuleName>Reckoning.exe</ModuleName>
  1652. <ModuleNameOffset>63C490</ModuleNameOffset>
  1653. <Before>
  1654. <Byte>00</Byte>
  1655. <Byte>5B</Byte>
  1656. <Byte>C3</Byte>
  1657. <Byte>CC</Byte>
  1658. <Byte>CC</Byte>
  1659. </Before>
  1660. <Actual>
  1661. <Byte>01</Byte>
  1662. <Byte>86</Byte>
  1663. <Byte>64</Byte>
  1664. <Byte>03</Byte>
  1665. <Byte>00</Byte>
  1666. <Byte>00</Byte>
  1667. </Actual>
  1668. <After>
  1669. <Byte>8B</Byte>
  1670. <Byte>86</Byte>
  1671. <Byte>64</Byte>
  1672. <Byte>03</Byte>
  1673. <Byte>00</Byte>
  1674. </After>
  1675. </CodeEntry>
  1676. <CodeEntry>
  1677. <Description>$ +- 2 Code :mov [esi+00000364],eax</Description>
  1678. <Address>00A3C4AC</Address>
  1679. <ModuleName>Reckoning.exe</ModuleName>
  1680. <ModuleNameOffset>63C4AC</ModuleNameOffset>
  1681. <Before>
  1682. <Byte>9C</Byte>
  1683. <Byte>C1</Byte>
  1684. <Byte>49</Byte>
  1685. <Byte>23</Byte>
  1686. <Byte>C1</Byte>
  1687. </Before>
  1688. <Actual>
  1689. <Byte>89</Byte>
  1690. <Byte>86</Byte>
  1691. <Byte>64</Byte>
  1692. <Byte>03</Byte>
  1693. <Byte>00</Byte>
  1694. <Byte>00</Byte>
  1695. </Actual>
  1696. <After>
  1697. <Byte>8B</Byte>
  1698. <Byte>8A</Byte>
  1699. <Byte>DC</Byte>
  1700. <Byte>32</Byte>
  1701. <Byte>00</Byte>
  1702. </After>
  1703. </CodeEntry>
  1704. <CodeEntry>
  1705. <Description>$ +- 3 Code :mov [esi+00000364],eax</Description>
  1706. <Address>00A3C4C4</Address>
  1707. <ModuleName>Reckoning.exe</ModuleName>
  1708. <ModuleNameOffset>63C4C4</ModuleNameOffset>
  1709. <Before>
  1710. <Byte>0D</Byte>
  1711. <Byte>8C</Byte>
  1712. <Byte>5A</Byte>
  1713. <Byte>BF</Byte>
  1714. <Byte>00</Byte>
  1715. </Before>
  1716. <Actual>
  1717. <Byte>89</Byte>
  1718. <Byte>86</Byte>
  1719. <Byte>64</Byte>
  1720. <Byte>03</Byte>
  1721. <Byte>00</Byte>
  1722. <Byte>00</Byte>
  1723. </Actual>
  1724. <After>
  1725. <Byte>8B</Byte>
  1726. <Byte>49</Byte>
  1727. <Byte>24</Byte>
  1728. <Byte>8B</Byte>
  1729. <Byte>11</Byte>
  1730. </After>
  1731. </CodeEntry>
  1732. <CodeEntry>
  1733. <Description>$ access Code :mov eax,[eax+00000364]</Description>
  1734. <Address>00B020EC</Address>
  1735. <ModuleName>Reckoning.exe</ModuleName>
  1736. <ModuleNameOffset>7020EC</ModuleNameOffset>
  1737. <Before>
  1738. <Byte>FF</Byte>
  1739. <Byte>85</Byte>
  1740. <Byte>C0</Byte>
  1741. <Byte>74</Byte>
  1742. <Byte>08</Byte>
  1743. </Before>
  1744. <Actual>
  1745. <Byte>8B</Byte>
  1746. <Byte>80</Byte>
  1747. <Byte>64</Byte>
  1748. <Byte>03</Byte>
  1749. <Byte>00</Byte>
  1750. <Byte>00</Byte>
  1751. </Actual>
  1752. <After>
  1753. <Byte>EB</Byte>
  1754. <Byte>02</Byte>
  1755. <Byte>33</Byte>
  1756. <Byte>C0</Byte>
  1757. <Byte>33</Byte>
  1758. </After>
  1759. </CodeEntry>
  1760. <CodeEntry>
  1761. <Description>cool down start Code :mov [ecx+esi+04],edx</Description>
  1762. <Address>00892ED0</Address>
  1763. <ModuleName>Reckoning.exe</ModuleName>
  1764. <ModuleNameOffset>492ED0</ModuleNameOffset>
  1765. <Before>
  1766. <Byte>04</Byte>
  1767. <Byte>8B</Byte>
  1768. <Byte>54</Byte>
  1769. <Byte>24</Byte>
  1770. <Byte>1C</Byte>
  1771. </Before>
  1772. <Actual>
  1773. <Byte>89</Byte>
  1774. <Byte>54</Byte>
  1775. <Byte>31</Byte>
  1776. <Byte>04</Byte>
  1777. </Actual>
  1778. <After>
  1779. <Byte>8B</Byte>
  1780. <Byte>43</Byte>
  1781. <Byte>04</Byte>
  1782. <Byte>80</Byte>
  1783. <Byte>4C</Byte>
  1784. </After>
  1785. </CodeEntry>
  1786. <CodeEntry>
  1787. <Description>cooling down Code :sub [esi+04],eax</Description>
  1788. <Address>00886D6B</Address>
  1789. <ModuleName>Reckoning.exe</ModuleName>
  1790. <ModuleNameOffset>486D6B</ModuleNameOffset>
  1791. <Before>
  1792. <Byte>00</Byte>
  1793. <Byte>00</Byte>
  1794. <Byte>00</Byte>
  1795. <Byte>EB</Byte>
  1796. <Byte>07</Byte>
  1797. </Before>
  1798. <Actual>
  1799. <Byte>29</Byte>
  1800. <Byte>46</Byte>
  1801. <Byte>04</Byte>
  1802. </Actual>
  1803. <After>
  1804. <Byte>FF</Byte>
  1805. <Byte>44</Byte>
  1806. <Byte>24</Byte>
  1807. <Byte>0C</Byte>
  1808. <Byte>45</Byte>
  1809. </After>
  1810. </CodeEntry>
  1811. <CodeEntry>
  1812. <Description>cool down set zero Code :mov [esi+04],00000000</Description>
  1813. <Address>00886D49</Address>
  1814. <ModuleName>Reckoning.exe</ModuleName>
  1815. <ModuleNameOffset>486D49</ModuleNameOffset>
  1816. <Before>
  1817. <Byte>02</Byte>
  1818. <Byte>C6</Byte>
  1819. <Byte>46</Byte>
  1820. <Byte>08</Byte>
  1821. <Byte>00</Byte>
  1822. </Before>
  1823. <Actual>
  1824. <Byte>C7</Byte>
  1825. <Byte>46</Byte>
  1826. <Byte>04</Byte>
  1827. <Byte>00</Byte>
  1828. <Byte>00</Byte>
  1829. <Byte>00</Byte>
  1830. <Byte>00</Byte>
  1831. </Actual>
  1832. <After>
  1833. <Byte>7C</Byte>
  1834. <Byte>11</Byte>
  1835. <Byte>8B</Byte>
  1836. <Byte>0D</Byte>
  1837. <Byte>54</Byte>
  1838. </After>
  1839. </CodeEntry>
  1840. <CodeEntry>
  1841. <Description>Heal HPCode :mov [edi+48],ecx</Description>
  1842. <Address>007A14F1</Address>
  1843. <ModuleName>Reckoning.exe</ModuleName>
  1844. <ModuleNameOffset>3A14F1</ModuleNameOffset>
  1845. <Before>
  1846. <Byte>94</Byte>
  1847. <Byte>07</Byte>
  1848. <Byte>83</Byte>
  1849. <Byte>F8</Byte>
  1850. <Byte>01</Byte>
  1851. </Before>
  1852. <Actual>
  1853. <Byte>89</Byte>
  1854. <Byte>4F</Byte>
  1855. <Byte>48</Byte>
  1856. </Actual>
  1857. <After>
  1858. <Byte>8D</Byte>
  1859. <Byte>53</Byte>
  1860. <Byte>01</Byte>
  1861. <Byte>7C</Byte>
  1862. <Byte>02</Byte>
  1863. </After>
  1864. </CodeEntry>
  1865. <CodeEntry>
  1866. <Description>Raise EXP Code :mov [eax+18],ecx</Description>
  1867. <Address>0089D7AA</Address>
  1868. <ModuleName>Reckoning.exe</ModuleName>
  1869. <ModuleNameOffset>49D7AA</ModuleNameOffset>
  1870. <Before>
  1871. <Byte>00</Byte>
  1872. <Byte>8B</Byte>
  1873. <Byte>4F</Byte>
  1874. <Byte>18</Byte>
  1875. <Byte>5E</Byte>
  1876. </Before>
  1877. <Actual>
  1878. <Byte>89</Byte>
  1879. <Byte>48</Byte>
  1880. <Byte>18</Byte>
  1881. </Actual>
  1882. <After>
  1883. <Byte>8B</Byte>
  1884. <Byte>57</Byte>
  1885. <Byte>1C</Byte>
  1886. <Byte>5D</Byte>
  1887. <Byte>89</Byte>
  1888. </After>
  1889. </CodeEntry>
  1890. <CodeEntry>
  1891. <Description>Gain Level Code :mov eax,[eax+000001F4]</Description>
  1892. <Address>00B0454C</Address>
  1893. <ModuleName>Reckoning.exe</ModuleName>
  1894. <ModuleNameOffset>70454C</ModuleNameOffset>
  1895. <Before>
  1896. <Byte>FF</Byte>
  1897. <Byte>85</Byte>
  1898. <Byte>C0</Byte>
  1899. <Byte>74</Byte>
  1900. <Byte>08</Byte>
  1901. </Before>
  1902. <Actual>
  1903. <Byte>8B</Byte>
  1904. <Byte>80</Byte>
  1905. <Byte>F4</Byte>
  1906. <Byte>01</Byte>
  1907. <Byte>00</Byte>
  1908. <Byte>00</Byte>
  1909. </Actual>
  1910. <After>
  1911. <Byte>EB</Byte>
  1912. <Byte>02</Byte>
  1913. <Byte>33</Byte>
  1914. <Byte>C0</Byte>
  1915. <Byte>33</Byte>
  1916. </After>
  1917. </CodeEntry>
  1918. <CodeEntry>
  1919. <Description>Real get level 1 Code :mov [edi+000001F4],eax</Description>
  1920. <Address>00847E0E</Address>
  1921. <ModuleName>Reckoning.exe</ModuleName>
  1922. <ModuleNameOffset>447E0E</ModuleNameOffset>
  1923. <Before>
  1924. <Byte>C6</Byte>
  1925. <Byte>50</Byte>
  1926. <Byte>12</Byte>
  1927. <Byte>00</Byte>
  1928. <Byte>00</Byte>
  1929. </Before>
  1930. <Actual>
  1931. <Byte>89</Byte>
  1932. <Byte>87</Byte>
  1933. <Byte>F4</Byte>
  1934. <Byte>01</Byte>
  1935. <Byte>00</Byte>
  1936. <Byte>00</Byte>
  1937. </Actual>
  1938. <After>
  1939. <Byte>E8</Byte>
  1940. <Byte>87</Byte>
  1941. <Byte>01</Byte>
  1942. <Byte>1D</Byte>
  1943. <Byte>00</Byte>
  1944. </After>
  1945. </CodeEntry>
  1946. <CodeEntry>
  1947. <Description>Real Get Level 2 Code :mov eax,[edi+000001F4]</Description>
  1948. <Address>00847E2C</Address>
  1949. <ModuleName>Reckoning.exe</ModuleName>
  1950. <ModuleNameOffset>447E2C</ModuleNameOffset>
  1951. <Before>
  1952. <Byte>BF</Byte>
  1953. <Byte>00</Byte>
  1954. <Byte>8B</Byte>
  1955. <Byte>49</Byte>
  1956. <Byte>24</Byte>
  1957. </Before>
  1958. <Actual>
  1959. <Byte>8B</Byte>
  1960. <Byte>87</Byte>
  1961. <Byte>F4</Byte>
  1962. <Byte>01</Byte>
  1963. <Byte>00</Byte>
  1964. <Byte>00</Byte>
  1965. </Actual>
  1966. <After>
  1967. <Byte>8B</Byte>
  1968. <Byte>11</Byte>
  1969. <Byte>8B</Byte>
  1970. <Byte>52</Byte>
  1971. <Byte>10</Byte>
  1972. </After>
  1973. </CodeEntry>
  1974. <CodeEntry>
  1975. <Description>DepleteFatebarCode :mov [eax+00000204],esi</Description>
  1976. <Address>09DA0000</Address>
  1977. <ModuleName/>
  1978. <ModuleNameOffset>0</ModuleNameOffset>
  1979. <Before/>
  1980. <Actual>
  1981. <Byte>89</Byte>
  1982. <Byte>B0</Byte>
  1983. <Byte>04</Byte>
  1984. <Byte>02</Byte>
  1985. <Byte>00</Byte>
  1986. <Byte>00</Byte>
  1987. </Actual>
  1988. <After>
  1989. <Byte>E9</Byte>
  1990. <Byte>DB</Byte>
  1991. <Byte>83</Byte>
  1992. <Byte>D5</Byte>
  1993. <Byte>F6</Byte>
  1994. </After>
  1995. </CodeEntry>
  1996. <CodeEntry>
  1997. <Description>EXPCode :mov [eax+18],ecx</Description>
  1998. <Address>0089D7AA</Address>
  1999. <ModuleName>Reckoning.exe</ModuleName>
  2000. <ModuleNameOffset>49D7AA</ModuleNameOffset>
  2001. <Before>
  2002. <Byte>00</Byte>
  2003. <Byte>8B</Byte>
  2004. <Byte>4F</Byte>
  2005. <Byte>18</Byte>
  2006. <Byte>5E</Byte>
  2007. </Before>
  2008. <Actual>
  2009. <Byte>89</Byte>
  2010. <Byte>48</Byte>
  2011. <Byte>18</Byte>
  2012. </Actual>
  2013. <After>
  2014. <Byte>8B</Byte>
  2015. <Byte>57</Byte>
  2016. <Byte>1C</Byte>
  2017. <Byte>5D</Byte>
  2018. <Byte>89</Byte>
  2019. </After>
  2020. </CodeEntry>
  2021. <CodeEntry>
  2022. <Description>MaxHPIncreasonlvlupCode :mov [edi+4C],eax</Description>
  2023. <Address>007A0C5B</Address>
  2024. <ModuleName>Reckoning.exe</ModuleName>
  2025. <ModuleNameOffset>3A0C5B</ModuleNameOffset>
  2026. <Before>
  2027. <Byte>CE</Byte>
  2028. <Byte>FF</Byte>
  2029. <Byte>83</Byte>
  2030. <Byte>F8</Byte>
  2031. <Byte>01</Byte>
  2032. </Before>
  2033. <Actual>
  2034. <Byte>89</Byte>
  2035. <Byte>47</Byte>
  2036. <Byte>4C</Byte>
  2037. </Actual>
  2038. <After>
  2039. <Byte>B9</Byte>
  2040. <Byte>01</Byte>
  2041. <Byte>00</Byte>
  2042. <Byte>00</Byte>
  2043. <Byte>00</Byte>
  2044. </After>
  2045. </CodeEntry>
  2046. </CheatCodes>
  2047. <UserdefinedSymbols>
  2048. <SymbolEntry>
  2049. <Name>EnemyNummberPointer</Name>
  2050. <Address>18430000</Address>
  2051. </SymbolEntry>
  2052. <SymbolEntry>
  2053. <Name>pSkillPt</Name>
  2054. <Address>01870000</Address>
  2055. </SymbolEntry>
  2056. <SymbolEntry>
  2057. <Name>pHeroHealth</Name>
  2058. <Address>003E0000</Address>
  2059. </SymbolEntry>
  2060. <SymbolEntry>
  2061. <Name>pMoney</Name>
  2062. <Address>00F30000</Address>
  2063. </SymbolEntry>
  2064. <SymbolEntry>
  2065. <Name>cooldownJMP</Name>
  2066. <Address>00888EDE</Address>
  2067. </SymbolEntry>
  2068. <SymbolEntry>
  2069. <Name>repairJMP</Name>
  2070. <Address>008BE36F</Address>
  2071. </SymbolEntry>
  2072. <SymbolEntry>
  2073. <Name>fateBJMP</Name>
  2074. <Address>0082DA0C</Address>
  2075. </SymbolEntry>
  2076. <SymbolEntry>
  2077. <Name>pLvlUpPt</Name>
  2078. <Address>19820000</Address>
  2079. </SymbolEntry>
  2080. <SymbolEntry>
  2081. <Name>pExp</Name>
  2082. <Address>19830000</Address>
  2083. </SymbolEntry>
  2084. <SymbolEntry>
  2085. <Name>AttackWeightPointer</Name>
  2086. <Address>00F60000</Address>
  2087. </SymbolEntry>
  2088. <SymbolEntry>
  2089. <Name>EXPPointer</Name>
  2090. <Address>003D0000</Address>
  2091. </SymbolEntry>
  2092. <SymbolEntry>
  2093. <Name>hHSubCJMP</Name>
  2094. <Address>007A1571</Address>
  2095. </SymbolEntry>
  2096. <SymbolEntry>
  2097. <Name>Counter</Name>
  2098. <Address>00EE0000</Address>
  2099. </SymbolEntry>
  2100. <SymbolEntry>
  2101. <Name>ManaCounter</Name>
  2102. <Address>00F00000</Address>
  2103. </SymbolEntry>
  2104. <SymbolEntry>
  2105. <Name>TotalEXP</Name>
  2106. <Address>00230000</Address>
  2107. </SymbolEntry>
  2108. <SymbolEntry>
  2109. <Name>pTotalEXP</Name>
  2110. <Address>0A920000</Address>
  2111. </SymbolEntry>
  2112. <SymbolEntry>
  2113. <Name>hHSubFJMP</Name>
  2114. <Address>0086441A</Address>
  2115. </SymbolEntry>
  2116. <SymbolEntry>
  2117. <Name>hHSubGJMP</Name>
  2118. <Address>0089D7A9</Address>
  2119. </SymbolEntry>
  2120. <SymbolEntry>
  2121. <Name>hHReadJMP</Name>
  2122. <Address>007A1E05</Address>
  2123. </SymbolEntry>
  2124. <SymbolEntry>
  2125. <Name>hHSubAJMP</Name>
  2126. <Address>007A1575</Address>
  2127. </SymbolEntry>
  2128. <SymbolEntry>
  2129. <Name>hHSubEJMP</Name>
  2130. <Address>007A0C58</Address>
  2131. </SymbolEntry>
  2132. <SymbolEntry>
  2133. <Name>hHSubBJMP</Name>
  2134. <Address>007A14EC</Address>
  2135. </SymbolEntry>
  2136. <SymbolEntry>
  2137. <Name>MPSubJMP</Name>
  2138. <Address>0079ABC1</Address>
  2139. </SymbolEntry>
  2140. <SymbolEntry>
  2141. <Name>ManaRegSubJMP</Name>
  2142. <Address>0079AB22</Address>
  2143. </SymbolEntry>
  2144. <SymbolEntry>
  2145. <Name>FateSubJMP</Name>
  2146. <Address>0082DA00</Address>
  2147. </SymbolEntry>
  2148. <SymbolEntry>
  2149. <Name>moneyReadJMP</Name>
  2150. <Address>00B027CC</Address>
  2151. </SymbolEntry>
  2152. <SymbolEntry>
  2153. <Name>moneySubJMP</Name>
  2154. <Address>00A3BE30</Address>
  2155. </SymbolEntry>
  2156. <SymbolEntry>
  2157. <Name>hHSubDJMP</Name>
  2158. <Address>0088A42E</Address>
  2159. </SymbolEntry>
  2160. </UserdefinedSymbols>
  2161. </CheatTable>
Add Comment
Please, Sign In to add comment