Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?xml version="1.0" encoding="utf-8"?>
- <CheatTable CheatEngineTableVersion="24">
- <CheatEntries>
- <CheatEntry>
- <ID>1</ID>
- <Description>"Default ammo"</Description>
- <LastState Value="98" RealAddress="005A52E0"/>
- <VariableType>4 Bytes</VariableType>
- <Address>Jazz2.exe+1A52E0</Address>
- </CheatEntry>
- <CheatEntry>
- <ID>0</ID>
- <Description>"Blue balls ammo"</Description>
- <LastState Value="99" RealAddress="005A52E4"/>
- <VariableType>4 Bytes</VariableType>
- <Address>Jazz2.exe+1A52E4</Address>
- </CheatEntry>
- <CheatEntry>
- <ID>2</ID>
- <Description>"Ice ammo"</Description>
- <LastState Value="50" RealAddress="005A52E8"/>
- <VariableType>4 Bytes</VariableType>
- <Address>Jazz2.exe+1A52E8</Address>
- </CheatEntry>
- <CheatEntry>
- <ID>7</ID>
- <Description>"Rocket ammo"</Description>
- <LastState Value="0" RealAddress="005A52EC"/>
- <VariableType>4 Bytes</VariableType>
- <Address>Jazz2.exe+1A52EC</Address>
- </CheatEntry>
- <CheatEntry>
- <ID>8</ID>
- <Description>"Green rocket ammo"</Description>
- <LastState Value="0" RealAddress="005A52F0"/>
- <VariableType>4 Bytes</VariableType>
- <Address>Jazz2.exe+1A52F0</Address>
- </CheatEntry>
- <CheatEntry>
- <ID>9</ID>
- <Description>"Fire ammo (use huge numbers)"</Description>
- <LastState Value="0" RealAddress="005A52F4"/>
- <VariableType>4 Bytes</VariableType>
- <Address>Jazz2.exe+1A52F4</Address>
- </CheatEntry>
- <CheatEntry>
- <ID>10</ID>
- <Description>"Bomb ammo"</Description>
- <LastState Value="0" RealAddress="005A52F8"/>
- <VariableType>4 Bytes</VariableType>
- <Address>Jazz2.exe+1A52F8</Address>
- </CheatEntry>
- <CheatEntry>
- <ID>3</ID>
- <Description>"Player base (probably)"</Description>
- <LastState Value="0" RealAddress="005A4EE0"/>
- <VariableType>4 Bytes</VariableType>
- <Address>005A4EE0</Address>
- </CheatEntry>
- <CheatEntry>
- <ID>4</ID>
- <Description>"Player firing counter"</Description>
- <LastState Value="11311" RealAddress="005A5024"/>
- <VariableType>4 Bytes</VariableType>
- <Address>005A4EE0+144</Address>
- </CheatEntry>
- <CheatEntry>
- <ID>5</ID>
- <Description>"Disable firing"</Description>
- <LastState/>
- <VariableType>Auto Assembler Script</VariableType>
- <AssemblerScript>{ Game : Jazz2.exe
- Version:
- Date : 2017-12-31
- Author : Roel
- This script does blah blah blah
- }
- [ENABLE]
- aobscanmodule(INJECT,Jazz2.exe,39 9E 44 01 00 00) // should be unique
- alloc(newmem,$1000)
- label(return)
- newmem:
- mov [esi+00000144],1
- cmp [esi+00000144],ebx
- jmp return
- INJECT:
- jmp newmem
- nop
- return:
- registersymbol(INJECT)
- [DISABLE]
- INJECT:
- db 39 9E 44 01 00 00
- unregistersymbol(INJECT)
- dealloc(newmem)
- {
- // ORIGINAL CODE - INJECTION POINT: "Jazz2.exe"+34DFB
- "Jazz2.exe"+34DD0: 3B C3 - cmp eax,ebx
- "Jazz2.exe"+34DD2: 0F 8F FF 00 00 00 - jg Jazz2.exe+34ED7
- "Jazz2.exe"+34DD8: 8B 86 48 01 00 00 - mov eax,[esi+00000148]
- "Jazz2.exe"+34DDE: 3B C3 - cmp eax,ebx
- "Jazz2.exe"+34DE0: 0F 84 F1 00 00 00 - je Jazz2.exe+34ED7
- "Jazz2.exe"+34DE6: 48 - dec eax
- "Jazz2.exe"+34DE7: 89 86 48 01 00 00 - mov [esi+00000148],eax
- "Jazz2.exe"+34DED: 39 9C 86 00 04 00 00 - cmp [esi+eax*4+00000400],ebx
- "Jazz2.exe"+34DF4: 7E E2 - jle Jazz2.exe+34DD8
- "Jazz2.exe"+34DF6: E9 DC 00 00 00 - jmp Jazz2.exe+34ED7
- // ---------- INJECTING HERE ----------
- "Jazz2.exe"+34DFB: 39 9E 44 01 00 00 - cmp [esi+00000144],ebx
- // ---------- DONE INJECTING ----------
- "Jazz2.exe"+34E01: 0F 85 D0 00 00 00 - jne Jazz2.exe+34ED7
- "Jazz2.exe"+34E07: 3B C3 - cmp eax,ebx
- "Jazz2.exe"+34E09: 75 17 - jne Jazz2.exe+34E22
- "Jazz2.exe"+34E0B: 39 9E 70 04 00 00 - cmp [esi+00000470],ebx
- "Jazz2.exe"+34E11: 7E 0F - jle Jazz2.exe+34E22
- "Jazz2.exe"+34E13: 53 - push ebx
- "Jazz2.exe"+34E14: 57 - push edi
- "Jazz2.exe"+34E15: E8 06 32 FF FF - call Jazz2.exe+28020
- "Jazz2.exe"+34E1A: 83 C4 08 - add esp,08
- "Jazz2.exe"+34E1D: E9 B5 00 00 00 - jmp Jazz2.exe+34ED7
- }
- </AssemblerScript>
- </CheatEntry>
- <CheatEntry>
- <ID>6</ID>
- <Description>"Multiple shots"</Description>
- <LastState/>
- <VariableType>Auto Assembler Script</VariableType>
- <AssemblerScript>{ Game : Jazz2.exe
- Version:
- Date : 2018-01-02
- Author : Roel
- This script does blah blah blah
- }
- [ENABLE]
- aobscanmodule(INJECT,Jazz2.exe,E8 EE 31 FF FF) // should be unique
- alloc(newmem,$1000)
- label(return)
- newmem:
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- jmp return
- INJECT:
- jmp newmem
- return:
- registersymbol(INJECT)
- [DISABLE]
- INJECT:
- db E8 EE 31 FF FF
- unregistersymbol(INJECT)
- dealloc(newmem)
- {
- // ORIGINAL CODE - INJECTION POINT: "Jazz2.exe"+34E2D
- "Jazz2.exe"+34E11: 7E 0F - jle Jazz2.exe+34E22
- "Jazz2.exe"+34E13: 53 - push ebx
- "Jazz2.exe"+34E14: 57 - push edi
- "Jazz2.exe"+34E15: E8 06 32 FF FF - call Jazz2.exe+28020
- "Jazz2.exe"+34E1A: 83 C4 08 - add esp,08
- "Jazz2.exe"+34E1D: E9 B5 00 00 00 - jmp Jazz2.exe+34ED7
- "Jazz2.exe"+34E22: 39 9C 86 00 04 00 00 - cmp [esi+eax*4+00000400],ebx
- "Jazz2.exe"+34E29: 7E 21 - jle Jazz2.exe+34E4C
- "Jazz2.exe"+34E2B: 53 - push ebx
- "Jazz2.exe"+34E2C: 57 - push edi
- // ---------- INJECTING HERE ----------
- "Jazz2.exe"+34E2D: E8 EE 31 FF FF - call Jazz2.exe+28020
- // ---------- DONE INJECTING ----------
- "Jazz2.exe"+34E32: 8B 8E 48 01 00 00 - mov ecx,[esi+00000148]
- "Jazz2.exe"+34E38: 83 C4 08 - add esp,08
- "Jazz2.exe"+34E3B: 8D 84 8E 00 04 00 00 - lea eax,[esi+ecx*4+00000400]
- "Jazz2.exe"+34E42: 8B 8C 8E 00 04 00 00 - mov ecx,[esi+ecx*4+00000400]
- "Jazz2.exe"+34E49: 49 - dec ecx
- "Jazz2.exe"+34E4A: 89 08 - mov [eax],ecx
- "Jazz2.exe"+34E4C: 8B 86 48 01 00 00 - mov eax,[esi+00000148]
- "Jazz2.exe"+34E52: 3B C3 - cmp eax,ebx
- "Jazz2.exe"+34E54: 75 12 - jne Jazz2.exe+34E68
- "Jazz2.exe"+34E56: 39 9E 00 04 00 00 - cmp [esi+00000400],ebx
- }
- </AssemblerScript>
- </CheatEntry>
- <CheatEntry>
- <ID>11</ID>
- <Description>"No description"</Description>
- <LastState RealAddress="005D0225"/>
- <VariableType>String</VariableType>
- <Length>15</Length>
- <Unicode>0</Unicode>
- <ZeroTerminate>1</ZeroTerminate>
- <Address>Jazz2.exe+1D0225</Address>
- </CheatEntry>
- <CheatEntry>
- <ID>12</ID>
- <Description>"No description"</Description>
- <LastState Value="0" RealAddress="005A50AC"/>
- <VariableType>4 Bytes</VariableType>
- <Address>Jazz2.exe+1A50AC</Address>
- </CheatEntry>
- <CheatEntry>
- <ID>13</ID>
- <Description>"No description"</Description>
- <LastState Value="0" RealAddress="005A50A8"/>
- <VariableType>4 Bytes</VariableType>
- <Address>Jazz2.exe+1A50A8</Address>
- </CheatEntry>
- <CheatEntry>
- <ID>14</ID>
- <Description>"Multiple FIRE shots"</Description>
- <LastState/>
- <VariableType>Auto Assembler Script</VariableType>
- <AssemblerScript>{ Game : Jazz2.exe
- Version:
- Date : 2018-01-03
- Author : Roel
- This script does blah blah blah
- }
- [ENABLE]
- aobscanmodule(INJECT,Jazz2.exe,E8 C9 32 FF FF) // should be unique
- alloc(newmem,$1000)
- label(return)
- newmem:
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- call Jazz2.exe+28020
- jmp return
- INJECT:
- jmp newmem
- return:
- registersymbol(INJECT)
- [DISABLE]
- INJECT:
- db E8 C9 32 FF FF
- unregistersymbol(INJECT)
- dealloc(newmem)
- {
- // ORIGINAL CODE - INJECTION POINT: "Jazz2.exe"+34D52
- "Jazz2.exe"+34D3C: 2B C8 - sub ecx,eax
- "Jazz2.exe"+34D3E: 83 F9 01 - cmp ecx,01
- "Jazz2.exe"+34D41: 7E 0D - jle Jazz2.exe+34D50
- "Jazz2.exe"+34D43: 8B 86 44 01 00 00 - mov eax,[esi+00000144]
- "Jazz2.exe"+34D49: 99 - cdq
- "Jazz2.exe"+34D4A: F7 F9 - idiv ecx
- "Jazz2.exe"+34D4C: 85 D2 - test edx,edx
- "Jazz2.exe"+34D4E: 75 0A - jne Jazz2.exe+34D5A
- "Jazz2.exe"+34D50: 53 - push ebx
- "Jazz2.exe"+34D51: 57 - push edi
- // ---------- INJECTING HERE ----------
- "Jazz2.exe"+34D52: E8 C9 32 FF FF - call Jazz2.exe+28020
- // ---------- DONE INJECTING ----------
- "Jazz2.exe"+34D57: 83 C4 08 - add esp,08
- "Jazz2.exe"+34D5A: 8B 96 48 01 00 00 - mov edx,[esi+00000148]
- "Jazz2.exe"+34D60: 8B 8C 96 00 04 00 00 - mov ecx,[esi+edx*4+00000400]
- "Jazz2.exe"+34D67: 8D 84 96 00 04 00 00 - lea eax,[esi+edx*4+00000400]
- "Jazz2.exe"+34D6E: 49 - dec ecx
- "Jazz2.exe"+34D6F: 89 08 - mov [eax],ecx
- "Jazz2.exe"+34D71: 8B 86 48 01 00 00 - mov eax,[esi+00000148]
- "Jazz2.exe"+34D77: 39 9C 86 00 04 00 00 - cmp [esi+eax*4+00000400],ebx
- "Jazz2.exe"+34D7E: 0F 8F 53 01 00 00 - jg Jazz2.exe+34ED7
- "Jazz2.exe"+34D84: 88 9C 06 28 04 00 00 - mov [esi+eax+00000428],bl
- }
- </AssemblerScript>
- </CheatEntry>
- <CheatEntry>
- <ID>21</ID>
- <Description>"X"</Description>
- <LastState Value="126606802" RealAddress="005A4EEC"/>
- <VariableType>4 Bytes</VariableType>
- <Address>Jazz2.exe+1A4EEC</Address>
- </CheatEntry>
- <CheatEntry>
- <ID>22</ID>
- <Description>"Y"</Description>
- <LastState Value="20086783" RealAddress="005A4EF0"/>
- <VariableType>4 Bytes</VariableType>
- <Address>Jazz2.exe+1A4EF0</Address>
- </CheatEntry>
- <CheatEntry>
- <ID>23</ID>
- <Description>"Player flying"</Description>
- <LastState Value="0" RealAddress="005A4F68"/>
- <VariableType>Byte</VariableType>
- <Address>Jazz2.exe+1A4F68</Address>
- </CheatEntry>
- <CheatEntry>
- <ID>25</ID>
- <Description>"Player movement Y"</Description>
- <LastState Value="0" RealAddress="005A4EF8"/>
- <VariableType>4 Bytes</VariableType>
- <Address>Jazz2.exe+1A4EF8</Address>
- </CheatEntry>
- <CheatEntry>
- <ID>26</ID>
- <Description>"Player movement X"</Description>
- <LastState Value="0" RealAddress="005A4EF4"/>
- <VariableType>4 Bytes</VariableType>
- <Address>Jazz2.exe+1A4EF4</Address>
- </CheatEntry>
- <CheatEntry>
- <ID>27</ID>
- <Description>"No description"</Description>
- <LastState Value="1" RealAddress="005A4FE0"/>
- <VariableType>4 Bytes</VariableType>
- <Address>005A4EE0+100</Address>
- </CheatEntry>
- <CheatEntry>
- <ID>28</ID>
- <Description>"No description"</Description>
- <LastState Value="0" RealAddress="004F8E7C"/>
- <VariableType>4 Bytes</VariableType>
- <Address>Jazz2.exe+F8E7C</Address>
- </CheatEntry>
- <CheatEntry>
- <ID>29</ID>
- <Description>"No description"</Description>
- <LastState Value="0" RealAddress="004F8E7C"/>
- <VariableType>4 Bytes</VariableType>
- <Address>Jazz2.exe+F8E7C</Address>
- </CheatEntry>
- <CheatEntry>
- <ID>30</ID>
- <Description>"Disable pause"</Description>
- <LastState Activated="1"/>
- <VariableType>Auto Assembler Script</VariableType>
- <AssemblerScript>{ Game : Jazz2.exe
- Version:
- Date : 2018-01-04
- Author : Roel
- This script does blah blah blah
- }
- [ENABLE]
- aobscanmodule(INJECT,Jazz2.exe,88 15 7C 8E 4F 00) // should be unique
- alloc(newmem,$1000)
- label(return)
- newmem:
- mov [Jazz2.exe+F8E7C],0
- jmp return
- INJECT:
- jmp newmem
- nop
- return:
- registersymbol(INJECT)
- [DISABLE]
- INJECT:
- db 88 15 7C 8E 4F 00
- unregistersymbol(INJECT)
- dealloc(newmem)
- {
- // ORIGINAL CODE - INJECTION POINT: "Jazz2.exe"+8D680
- "Jazz2.exe"+8D66E: 33 C0 - xor eax,eax
- "Jazz2.exe"+8D670: 5F - pop edi
- "Jazz2.exe"+8D671: 5E - pop esi
- "Jazz2.exe"+8D672: 5B - pop ebx
- "Jazz2.exe"+8D673: 8B E5 - mov esp,ebp
- "Jazz2.exe"+8D675: 5D - pop ebp
- "Jazz2.exe"+8D676: C2 10 00 - ret 0010
- "Jazz2.exe"+8D679: 33 D2 - xor edx,edx
- "Jazz2.exe"+8D67B: 85 FF - test edi,edi
- "Jazz2.exe"+8D67D: 0F 94 C2 - sete dl
- // ---------- INJECTING HERE ----------
- "Jazz2.exe"+8D680: 88 15 7C 8E 4F 00 - mov [Jazz2.exe+F8E7C],dl
- // ---------- DONE INJECTING ----------
- "Jazz2.exe"+8D686: E9 50 FE FF FF - jmp Jazz2.exe+8D4DB
- "Jazz2.exe"+8D68B: 80 3D 74 8E 4F 00 02 - cmp byte ptr [Jazz2.exe+F8E74],02
- "Jazz2.exe"+8D692: 0F 84 43 FE FF FF - je Jazz2.exe+8D4DB
- "Jazz2.exe"+8D698: A0 98 86 4F 00 - mov al,[Jazz2.exe+F8698]
- "Jazz2.exe"+8D69D: 84 C0 - test al,al
- "Jazz2.exe"+8D69F: 0F 84 36 FE FF FF - je Jazz2.exe+8D4DB
- "Jazz2.exe"+8D6A5: 8B 75 08 - mov esi,[ebp+08]
- "Jazz2.exe"+8D6A8: 8B 3D 90 52 4C 00 - mov edi,[Jazz2.exe+C5290]
- "Jazz2.exe"+8D6AE: 56 - push esi
- "Jazz2.exe"+8D6AF: FF D7 - call edi
- }
- </AssemblerScript>
- </CheatEntry>
- <CheatEntry>
- <ID>31</ID>
- <Description>"Game paused"</Description>
- <LastState Value="0" RealAddress="004F8E7C"/>
- <VariableType>4 Bytes</VariableType>
- <Address>Jazz2.exe+F8E7C</Address>
- </CheatEntry>
- </CheatEntries>
- <UserdefinedSymbols>
- <SymbolEntry>
- <Name>INJECT</Name>
- <Address> 0048D680</Address>
- </SymbolEntry>
- </UserdefinedSymbols>
- <Structures>
- </Structures>
- <DisassemblerComments>
- <DisassemblerComment>
- <Address>"Jazz2.exe"+28020</Address>
- <Comment>Start of firing function
- </Comment>
- </DisassemblerComment>
- <DisassemblerComment>
- <Address>"Jazz2.exe"+28117</Address>
- <Comment>End of firing function
- </Comment>
- </DisassemblerComment>
- <DisassemblerComment>
- <Address>"Jazz2.exe"+34D52</Address>
- <Comment>Actual firing of fire ammo
- </Comment>
- </DisassemblerComment>
- <DisassemblerComment>
- <Address>"Jazz2.exe"+34E07</Address>
- <Comment>Entry point for firing
- </Comment>
- </DisassemblerComment>
- <DisassemblerComment>
- <Address>"Jazz2.exe"+34E09</Address>
- <Comment>Is it the default weapon?
- </Comment>
- </DisassemblerComment>
- <DisassemblerComment>
- <Address>"Jazz2.exe"+34E2D</Address>
- <Comment>Actual firing happens HERE
- </Comment>
- </DisassemblerComment>
- <DisassemblerComment>
- <Address>"Jazz2.exe"+34E3B</Address>
- <Comment>Load the address to modify (matches used ammo address)
- </Comment>
- </DisassemblerComment>
- <DisassemblerComment>
- <Address>"Jazz2.exe"+34E42</Address>
- <Comment>Load the current amount of ammo
- </Comment>
- </DisassemblerComment>
- <DisassemblerComment>
- <Address>"Jazz2.exe"+34E49</Address>
- <Comment>Decrease the actual ammo
- </Comment>
- </DisassemblerComment>
- <DisassemblerComment>
- <Address>"Jazz2.exe"+34E4A</Address>
- <Comment>Write the new ammo amount back to the ammo address
- </Comment>
- </DisassemblerComment>
- <DisassemblerComment>
- <Address>"Jazz2.exe"+37A9A</Address>
- <Comment>Change player X
- </Comment>
- </DisassemblerComment>
- <DisassemblerComment>
- <Address>"Jazz2.exe"+37AA3</Address>
- <Comment>Change player Y
- </Comment>
- </DisassemblerComment>
- <DisassemblerComment>
- <Address>"Jazz2.exe"+37D8E</Address>
- <Comment>We hit the left wall
- </Comment>
- </DisassemblerComment>
- <DisassemblerComment>
- <Address>"Jazz2.exe"+37DA1</Address>
- <Comment>We hit the right wall
- </Comment>
- </DisassemblerComment>
- <DisassemblerComment>
- <Address>"Jazz2.exe"+38841</Address>
- <Comment>Falling down value change
- </Comment>
- </DisassemblerComment>
- </DisassemblerComments>
- </CheatTable>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
