0
"[Enable]"
000080
Auto Assembler Script
[ENABLE]
aobscanmodule( dwEPhysicsHook_AOB, Borderlands.exe, 896C24??F786????????????????75??8A86????????3C0174 )
aobscanmodule( GetIndex_AOB, Borderlands.exe, 558BEC83E4F883EC108B41??56 )
aobscanmodule( SetIndex_AOB, Borderlands.exe, 53558BE98B45??565785C00F )
aobscanmodule( SpeedHook_AOB, Borderlands.exe, F30F100D????????0F57D20F28C1F3 )
label( dwEPhysicsHook )
registersymbol( dwEPhysicsHook )
label( GetIndex )
registersymbol( GetIndex )
label( SetIndex )
registersymbol( SetIndex )
label( SpeedHook )
registersymbol( SpeedHook )
alloc( EPhysicsHandler_Hook, 1024, Borderlands.exe )
registersymbol( EPhysicsHandler_Hook )
label( p0 )
registersymbol( p0 )
label( p1 )
registersymbol( p1 )
label( p2 )
registersymbol( p2 )
label( back )
label( fSpeed )
registersymbol( fSpeed )
label( Speed_Hook )
label( back_0 )
EPhysicsHandler_Hook:
push ebx
test esi,esi
je short @f
mov [p1],esi
mov ebx,[esi+D8]
test ebx,ebx
je short @f
mov [p0],ebx
mov ebx,[esi+A0]
test ebx,ebx
je short @f
mov [p2],ebx
@@:
pop ebx
mov al,[esi+00000098]
jmp back
Speed_Hook:
test esi,esi
je short @f
cmp esi,[p1]
jne short @f
movss xmm1,[fSpeed]
@@:
xorps xmm2,xmm2
movaps xmm0,xmm1
jmp back_0
p0:
dd 0
p1:
dd 0
p2:
dd 0
fSpeed:
dd (float)1.0
dwEPhysicsHook_AOB+10:
dwEPhysicsHook:
jmp EPhysicsHandler_Hook
db 90
back:
GetIndex_AOB:
GetIndex:
SetIndex_AOB:
SetIndex:
SpeedHook_AOB+8:
SpeedHook:
jmp Speed_Hook
db 90
back_0:
[DISABLE]
dwEPhysicsHook:
mov al,[esi+00000098]
SpeedHook:
xorps xmm2,xmm2
movaps xmm0,xmm1
unregistersymbol( fSpeed )
unregistersymbol( p2 )
unregistersymbol( p1 )
unregistersymbol( p0 )
unregistersymbol( EPhysicsHandler_Hook )
dealloc( EPhysicsHandler_Hook )
unregistersymbol( SpeedHook )
unregistersymbol( SetIndex )
unregistersymbol( GetIndex )
unregistersymbol( dwEPhysicsHook )
2
"[Scripts]"
FF0000
1
87
"Cheat Handler"
Auto Assembler Script
[ENABLE]
alloc( KeyHandlerThread, 1024, Borderlands.exe )
registersymbol( KeyHandlerThread )
CreateThread( KeyHandlerThread )
alloc( KeyHandlerOff, 4, Borderlands.exe )
registersymbol( KeyHandlerOff )
label( ExitKeyHandler )
label( TogglePlayersOnly )
label( bPlayersOnly )
registersymbol( bPlayersOnly )
label( TogglePlayersOnly_exit )
label( ToggleFly )
label( bFly )
registersymbol( bFly )
label( ToggleFly_exit )
label( ToggleGhost )
label( bGhost )
registersymbol( bGhost )
label( ToggleGhost_exit )
label( ToggleGod )
label( bGod )
registersymbol( bGod )
label( ToggleGod_exit )
label( ToggleSloMo1 )
label( ToggleSloMo2 )
label( ToggleSloMo3 )
KeyHandlerOff:
dd 0
KeyHandlerThread:
push 0a
call kernel32.Sleep
cmp [KeyHandlerOff],1
je ExitKeyHandler
push 61 //VK_NUMPAD1
call GetAsyncKeyState
test ax,ax
jne TogglePlayersOnly
push 62 //VK_NUMPAD2
call GetAsyncKeyState
test ax,ax
jne ToggleFly
push 63 //VK_NUMPAD3
call GetAsyncKeyState
test ax,ax
jne ToggleGhost
push 65 //VK_NUMPAD5
call GetAsyncKeyState
test ax,ax
jne ToggleGod
push 67 //VK_NUMPAD7
call GetAsyncKeyState
test ax,ax
jne ToggleSloMo1
push 68 //VK_NUMPAD8
call GetAsyncKeyState
test ax,ax
jne ToggleSloMo2
push 69 //VK_NUMPAD9
call GetAsyncKeyState
test ax,ax
jne ToggleSloMo3
jmp KeyHandlerThread
TogglePlayersOnly:
xor byte ptr [bPlayersOnly],1
cmp byte ptr [bPlayersOnly],0
je short @f
mov ecx,[p0]
or byte ptr [ecx+2B4],10
jmp short TogglePlayersOnly_exit
@@:
mov ecx,[p0]
and byte ptr [ecx+2B4],0F
TogglePlayersOnly_exit:
push C8
call kernel32.Sleep
jmp KeyHandlerThread
ToggleFly:
xor byte ptr [bFly],1
cmp byte ptr [bFly],0
je @f
push 0
push 541E // <-- change ID for PlayerFlying
mov ecx,[p2]
call GetIndex
mov ebx,[p1]
mov ecx,[ebx+A0]
mov ecx,[ecx+18]
mov [ecx+10],eax
mov [ecx+28],eax
mov ecx,[ebx+120]
mov [ecx+24C],(float)2.0
mov [fSpeed],(float)40.0
mov byte ptr [ebx+98],4
jmp ToggleFly_exit
@@:
push 0
push 5422 // <-- change ID for PlayerWalking
mov ecx,[p2]
call GetIndex
mov ebx,[p1]
mov ecx,[ebx+A0]
mov ecx,[ecx+18]
mov [ecx+28],eax
push 0
push 64
mov ecx,[p2]
call SetIndex
mov ebx,[p1]
mov ecx,[ebx+120]
mov [ecx+24C],(float)0.3
mov [fSpeed],(float)1.0
mov byte ptr [ebx+98],1
ToggleFly_exit:
push C8
call kernel32.Sleep
jmp KeyHandlerThread
ToggleGhost:
xor byte ptr [bGhost],1
cmp byte ptr [bGhost],0
je short @f
mov ebx,[p1]
or byte ptr [ebx+BC],20
jmp short ToggleGhost_exit
@@:
mov ebx,[p1]
and byte ptr [ebx+BC],0F
ToggleGhost_exit:
push C8
call kernel32.Sleep
jmp KeyHandlerThread
ToggleGod:
xor byte ptr [bGod],1
cmp byte ptr [bGod],0
je short @f
mov ebx,[p2]
mov byte ptr [ebx+1F0],4B
jmp short ToggleGod_exit
@@:
mov ebx,[p2]
mov byte ptr [ebx+1F0],49
ToggleGod_exit:
push C8
call kernel32.Sleep
jmp KeyHandlerThread
ToggleSloMo1:
mov ebx,[p0]
mov [ebx+2F4],(float)0.5
push C8
call kernel32.Sleep
jmp KeyHandlerThread
ToggleSloMo2:
mov ebx,[p0]
mov [ebx+2F4],(float)1.0
push C8
call kernel32.Sleep
jmp KeyHandlerThread
ToggleSloMo3:
mov ebx,[p0]
mov [ebx+2F4],(float)1.5
push C8
call kernel32.Sleep
jmp KeyHandlerThread
ExitKeyHandler:
mov [KeyHandlerOff],2
ret
bPlayersOnly:
db 0
bFly:
db 0
bGhost:
db 0
bGod:
db 0
[DISABLE]
unregistersymbol( bGod )
unregistersymbol( bGhost )
unregistersymbol( bFly )
unregistersymbol( bPlayersOnly )
{$lua}
if( syntaxcheck == false ) then --actual execution
local starttime = getTickCount()
if readInteger( "KeyHandlerOff" ) == 0 then --could be 2 already
writeInteger( "KeyHandlerOff", 1 ) --tell the thread to kill itself
end
while( getTickCount() < starttime + 1000 ) and ( readInteger( "KeyHandlerOff" ) ~= 2 ) do --wait till it has finished
sleep( 20 )
end
if( getTickCount() > starttime + 1000 ) then --could happen when the window is shown
showMessage( 'Disabling the thread failed!' )
error( 'Thread disabling failed!' )
end
sleep( 1 )
end
{$asm}
unregistersymbol( KeyHandlerOff )
dealloc( KeyHandlerOff )
unregistersymbol( KeyHandlerThread )
dealloc( KeyHandlerThread )
88
"SloMo"
Float
p0
2F4
89
"PlayersOnly"
Byte
bPlayersOnly
90
"Fly"
Byte
bFly
91
"Ghost"
Byte
bGhost
92
"God"
Byte
bGod
67
"Unlimited Ammo"
Auto Assembler Script
[ENABLE]
aobscanmodule( UnlimitedAmmo_AOB, Borderlands.exe, 3996????????0F84????????8B86????????33C93BC2 )
label( UnlimitedAmmo_ )
registersymbol( UnlimitedAmmo_ )
alloc( UnlimitedAmmo, 512, Borderlands.exe )
label( UnlimitedAmmo_back )
label( UnlimitedAmmo_exit )
label( UnlimitedAmmo_skip )
UnlimitedAmmo:
mov eax,[p1]
test eax,eax
je short UnlimitedAmmo_exit
mov eax,[eax+474]
test eax,eax
je short UnlimitedAmmo_exit
cmp eax,esi
jne short UnlimitedAmmo_exit
//********************
//** Unlimited Ammo **
//********************
mov [esi+398],0 // subtract delta from magazine set to 0
mov eax,[eax+38C]
test eax,eax
je short UnlimitedAmmo_skip
or byte [eax+100],1 // flip ammo_decrease switch
UnlimitedAmmo_skip:
//***********************
//** Weapon Attributes **
//***********************
mov [esi+2C0],(float)500.0 // set Damage to 500
mov [esi+2AC],(float)0.05 // set Accuracy to 0.05
mov [esi+298],(float)0.05 // set FireRate to 0.05
//*******************
//** Remove Recoil **
//*******************
mov eax,[p2]
test eax,eax
je short UnlimitedAmmo_exit
mov [eax+BD4],(float)0.0
mov [eax+BD8],(float)0.0
mov [eax+BDC],(float)0.0
mov [eax+BE0],(float)0.0
UnlimitedAmmo_exit:
mov eax,[esi+3CC]
jmp UnlimitedAmmo_back
UnlimitedAmmo_AOB+C:
UnlimitedAmmo_:
jmp UnlimitedAmmo
db 90
UnlimitedAmmo_back:
[DISABLE]
UnlimitedAmmo_:
mov eax,[esi+3CC]
dealloc( UnlimitedAmmo )
unregistersymbol( UnlimitedAmmo_ )
95
"No Recoil"
Auto Assembler Script
[ENABLE]
aobscanmodule( NoRecoil_AOB, Borderlands.exe, 558BEC83E4F081EC04010000538BD98B83????????5657 )
label( NoRecoil_ )
registersymbol( NoRecoil_ )
alloc( NoRecoil, 512, Borderlands.exe )
label( NoRecoil_back )
label( NoRecoil_skip )
label( NoRecoil_exit )
NoRecoil:
cmp ecx,[p2]
jne short NoRecoil_exit
push eax
mov eax,[p2]
test eax,eax
je short NoRecoil_skip
mov [eax+BD4],(float)0.0
mov [eax+BD8],(float)0.0
mov [eax+BDC],(float)0.0
mov [eax+BE0],(float)0.0
pop eax
ret C
NoRecoil_exit:
push ebp
mov ebp,esp
and esp,-10
jmp NoRecoil_back
NoRecoil_skip:
pop eax
jmp NoRecoil_exit
NoRecoil_AOB:
NoRecoil_:
jmp NoRecoil
db 90
NoRecoil_back:
[DISABLE]
NoRecoil_:
push ebp
mov ebp,esp
and esp,-10
dealloc( NoRecoil )
unregistersymbol( NoRecoil_ )
3
"[Debug]"
C0C0C0
1
5
"[Scripts]"
FF0000
1
6
"FetchStructs"
Auto Assembler Script
[ENABLE]
alloc( EPhysicsHandler_Hook_0, 1024, Borderlands.exe )
registersymbol( EPhysicsHandler_Hook_0 )
label( p0_0 )
registersymbol( p0_0 )
label( p1_0 )
registersymbol( p1_0 )
label( p2_0 )
registersymbol( p2_0 )
label( back )
EPhysicsHandler_Hook_0+100:
p0_0:
dd 0
EPhysicsHandler_Hook_0+104:
p1_0:
dd 0
EPhysicsHandler_Hook_0+108:
p2_0:
dd 0
EPhysicsHandler_Hook_0:
push ebx
mov [p1_0],esi
mov ebx,[esi+D8]
mov [p0_0],ebx
mov ebx,[esi+A0]
mov [p2_0],ebx
pop ebx
mov bl,[esi+00000098]
jmp back
aobscanmodule( dwEPhysicsHook_AOB_0, Borderlands.exe, 0F2FD876??0F28D88A9E????????F30F )
label( dwEPhysicsHook_0 )
registersymbol( dwEPhysicsHook_0 )
dwEPhysicsHook_AOB_0+8:
dwEPhysicsHook_0:
jmp EPhysicsHandler_Hook_0
db 90
back:
[DISABLE]
dwEPhysicsHook_0:
mov bl,[esi+00000098]
unregistersymbol( dwEPhysicsHook_0 )
unregistersymbol( p2_0 )
unregistersymbol( p1_0 )
unregistersymbol( p0_0 )
unregistersymbol( EPhysicsHandler_Hook_0 )
dealloc( EPhysicsHandler_Hook_0 )
25
"p0"
1
4 Bytes
p0_0
0
26
"PlayersOnly (OR(10))"
1
Byte
p0_0
2B4
28
"SloMo"
Float
p0_0
2F4
27
"Gravity"
Float
p0_0
384
7
"p1"
1
4 Bytes
p1_0
0
8
"EPhysics"
1
Byte
p1_0
98
31
"Fly.Friction"
Float
p1_0
24C
120
32
"Fly.Speed"
Float
p1_0
2E4
30
"Walk.Friction"
Float
p1_0
230
120
33
"Walk.Speed"
Float
p1_0
2CC
29
"WallHack (OR(20))"
1
Byte
p1_0
BC
9
"CoordinateX"
Float
p1_0
5C
11
"CoordinateY"
Float
p1_0
60
10
"CoordinateZ"
Float
p1_0
64
15
"PlayerSpeed.Current"
Float
p1_0
2CC
16
"PlayerSpeed.Base"
Float
p1_0
2D0
17
"PlayerJumpHeight.Current"
Float
p1_0
300
18
"PlayerJumpHeight.Base"
Float
p1_0
304
21
"Friction.Base"
Float
p1_0
2FC
12
"MoveVectorX"
Float
p1_0
124
14
"MoveVectorY"
Float
p1_0
128
40
"MoveVectorZ"
Float
p1_0
12C
13
"Weapon"
1
4 Bytes
p1_0
474
41
"Bullets.Current"
4 Bytes
p1_0
3CC
474
42
"Bullets.Delta_0"
4 Bytes
p1_0
398
474
43
"Bullets.Delta_1"
4 Bytes
p1_0
39C
474
44
"Clip"
4 Bytes
p1_0
390
474
45
"InventoryClip"
Float
p1_0
68
38C
474
46
"InventoryClipSwitch (OR(1))"
Byte
p1_0
100
38C
474
56
"Damage"
1
54
"Calculated"
Float
p1_0
2BC
474
55
"Base"
Float
p1_0
2C0
474
57
"Accuracy"
1
58
"Calculated"
Float
p1_0
2A8
474
59
"Base"
Float
p1_0
2AC
474
64
"Fire Rate"
1
65
"Calculated"
Float
p1_0
294
474
66
"Base"
Float
p1_0
298
474
62
"Magazine Size"
1
60
"Magazine Size( Real )"
4 Bytes
p1_0
3B0
474
63
"Magazine Size( Inventory )"
4 Bytes
p1_0
3B4
474
61
"Cost"
4 Bytes
p1_0
21C
474
68
"Bool"
Byte
p1_0
451
474
22
"p2"
1
4 Bytes
p2_0
0
23
"AxisX_Index"
1
4 Bytes
p2_0
10
18
24
"AxisY_Index"
1
4 Bytes
p2_0
28
18
72
"God (OR(1))"
1
Byte
p2_0
1F0
37
"Recoil_0"
Float
p2_0
BD4
39
"Recoil_1"
Float
p2_0
BD8
38
"Recoil_2"
Float
p2_0
BDC
93
"Recoil_3"
Float
p2_0
BE0
98
"Money (display)"
4 Bytes
p2_0
CB8
100
"Money (real)"
4 Bytes
p2_0
2A4
1E4
107
"[Other]"
1
80
"hook"
1
4 Bytes
90FFED
81
"SecuROM_bool"
4 Bytes
2EDC2F0
82
"Trampoline_TEST"
Auto Assembler Script
[ENABLE]
alloc( cave, 1024 )
label( back )
label( exit )
cave:
cmp ecx,90FFED
jne exit
mov dword ptr [90FFED],0098868A
mov word ptr [90FFF1],00
exit:
movzx edi,byte ptr [ecx]
mov esi,eax
jmp back
5DC941D0:
jmp cave
back:
[DISABLE]
5DC941D0:
movzx edi,byte ptr [ecx]
mov esi,eax
dealloc( cave )
83
"back"
1
4 Bytes
90FFF3
85
"Bypass SecuROM Scanner"
0000FF
1
86
"Phase 1"
Auto Assembler Script
[ENABLE]
alloc( CopyThread, 1024 )
alloc( dwModuleBase, 4 )
registersymbol( dwModuleBase )
alloc( BL_Start, 4 )
registersymbol( BL_Start )
alloc( lpFilename, 512 )
alloc( oFile, 4 )
alloc( hSize, 4 )
alloc( lpFlOldProtect, 4 )
alloc( BL_Copy, 4 )
registersymbol( BL_Copy )
alloc( BL_End, 4 )
registersymbol( BL_End )
alloc( CopyDone, 4 )
registersymbol( CopyDone )
CopyDone:
dd 0
CreateThread( CopyThread )
CopyThread:
push 0
call kernel32.GetModuleHandleA
mov [dwModuleBase],eax
mov [BL_Start],eax
push 104 // MAX_PATH
push lpFilename
push [dwModuleBase]
call kernel32.GetModuleFileNameA
push 0
push 0
push 3
push 0
push 1
push 80000000
push lpFilename
call kernel32.CreateFileA
mov [oFile],eax
push 0
push eax
call kernel32.GetFileSize
mov [hSize],eax
push [oFile]
call kernel32.CloseHandle
push lpFlOldProtect
push 40
push [hSize]
push [dwModuleBase]
call kernel32.VirtualProtect
push 40
push 3000
push [hSize]
push 0
call kernel32.VirtualAlloc
mov [BL_Copy],eax
mov esi,[dwModuleBase]
mov edi,[BL_Copy]
mov ecx,[hSize]
repe movsb
mov eax,[BL_Start]
add eax,[hSize]
mov [BL_End],eax
mov [CopyDone],1
ret
[DISABLE]
00000000:
nop
84
"Phase 2"
000000
Auto Assembler Script
[ENABLE]
assert( CopyDone, 01 )
aobscan( dwSecuROMScanner_AOB, 0FB6398BF0C1EE1833F7C1E0083304B5????????414A75??5F5EC3 )
stealthedit(ScannerCopy,dwSecuROMScanner_AOB,5)
label( ScannerHook )
registersymbol( ScannerHook )
alloc( HijackedScanner, 1024 )
label( back )
label( exit )
HijackedScanner:
cmp ecx,[BL_Start]
jb exit
cmp ecx,[BL_End]
ja exit
sub ecx,[dwModuleBase]
add ecx,[BL_Copy]
exit:
movzx edi,byte ptr [ecx]
mov esi,eax
jmp back
ScannerCopy:
ScannerHook:
jmp HijackedScanner
back:
[DISABLE]
00000000:
nop
4
"Cheat Handler -- old one"
Auto Assembler Script
[ENABLE]
alloc( KeyHandlerThread, 4096 )
registersymbol( KeyHandlerThread )
CreateThread( KeyHandlerThread )
label( Toggle )
label( Toggler )
registersymbol( Toggler )
label( KeyHandlerOff )
registersymbol( KeyHandlerOff )
label( ExitKeyHandler )
label( TogglePlayersOnly )
label( bPlayersOnly )
registersymbol( bPlayersOnly )
label( TogglePlayersOnly_exit )
label( ToggleFly )
label( bFly )
registersymbol( bFly )
label( ToggleFly_exit )
label( ToggleGhost )
label( bGhost )
registersymbol( bGhost )
label( ToggleGhost_exit )
label( ToggleGod )
label( bGod )
registersymbol( bGod )
label( ToggleGod_exit )
label( ToggleSloMo1 )
label( ToggleSloMo2 )
label( ToggleSloMo3 )
{
label( dwTable )
label( s )
label( string )
label( GetIndexes )
label( GetIndexes_exit )
label( GetIndexes_loop )
}
KeyHandlerThread+300:
Toggler:
dd 1
KeyHandlerThread+304:
KeyHandlerOff:
dd 0
KeyHandlerThread+308:
bPlayersOnly:
dd 0
KeyHandlerThread+30C:
bFly:
dd 0
KeyHandlerThread+310:
bGhost:
dd 0
KeyHandlerThread+314:
bGod:
dd 0
{
KeyHandlerThread+318:
dwTable:
dd 0
KeyHandlerThread+800:
string:
db '[Index]: %08X - %08X',0
KeyHandlerThread+900:
s:
dd 0
}
KeyHandlerThread:
push 0a
call kernel32.Sleep
cmp [KeyHandlerOff],1
je ExitKeyHandler
push 71 //F2
call GetAsyncKeyState
test ax,ax
jne Toggle
cmp [Toggler],1
jne KeyHandlerThread
push 61 //VK_NUMPAD1
call GetAsyncKeyState
test ax,ax
jne TogglePlayersOnly
push 62 //VK_NUMPAD2
call GetAsyncKeyState
test ax,ax
jne ToggleFly
push 63 //VK_NUMPAD3
call GetAsyncKeyState
test ax,ax
jne ToggleGhost
{
push 60 //VK_NUMPAD0
call GetAsyncKeyState
test ax,ax
jne GetIndexes
}
push 65 //VK_NUMPAD5
call GetAsyncKeyState
test ax,ax
jne ToggleGod
push 67 //VK_NUMPAD7
call GetAsyncKeyState
test ax,ax
jne ToggleSloMo1
push 68 //VK_NUMPAD8
call GetAsyncKeyState
test ax,ax
jne ToggleSloMo2
push 69 //VK_NUMPAD9
call GetAsyncKeyState
test ax,ax
jne ToggleSloMo3
jmp KeyHandlerThread
TogglePlayersOnly:
xor [bPlayersOnly],1
cmp [bPlayersOnly],0
je @f
mov ecx,[p0]
or byte ptr [ecx+2B4],10
jmp TogglePlayersOnly_exit
@@:
mov ecx,[p0]
and byte ptr [ecx+2B4],0F
TogglePlayersOnly_exit:
push C8
call kernel32.Sleep
jmp KeyHandlerThread
ToggleFly:
xor [bFly],1
cmp [bFly],0
je @f
push 0
push 541E // try 5416 if old version
mov ecx,[p2]
call GetIndex
mov ebx,[p1]
mov ecx,[ebx+A0]
mov ecx,[ecx+18]
mov [ecx+10],eax
mov [ecx+28],eax
mov ecx,[ebx+120]
mov [ecx+24C],(float)2.0
mov [fSpeed],(float)40.0
mov byte ptr [ebx+98],4
jmp ToggleFly_exit
@@:
push 0
push 5422 // try 541A if old version
mov ecx,[p2]
call GetIndex
mov ebx,[p1]
mov ecx,[ebx+A0]
mov ecx,[ecx+18]
mov [ecx+28],eax
push 0
push 64
mov ecx,[p2]
call SetIndex
mov ebx,[p1]
mov ecx,[ebx+120]
mov [ecx+24C],(float)0.3
mov [fSpeed],(float)1.0
mov byte ptr [ebx+98],1
ToggleFly_exit:
push C8
call kernel32.Sleep
jmp KeyHandlerThread
ToggleGhost:
xor [bGhost],1
cmp [bGhost],0
je @f
mov ebx,[p1]
or byte ptr [ebx+BC],20
jmp ToggleGhost_exit
@@:
mov ebx,[p1]
and byte ptr [ebx+BC],0F
ToggleGhost_exit:
push C8
call kernel32.Sleep
jmp KeyHandlerThread
ToggleGod:
xor [bGod],1
cmp [bGod],0
je @f
mov ebx,[p2]
mov byte ptr [ebx+1F0],4B
jmp ToggleGod_exit
@@:
mov ebx,[p2]
mov byte ptr [ebx+1F0],49
ToggleGod_exit:
push C8
call kernel32.Sleep
jmp KeyHandlerThread
ToggleSloMo1:
mov ebx,[p0]
mov [ebx+2F4],(float)0.5
push C8
call kernel32.Sleep
jmp KeyHandlerThread
ToggleSloMo2:
mov ebx,[p0]
mov [ebx+2F4],(float)1.0
push C8
call kernel32.Sleep
jmp KeyHandlerThread
ToggleSloMo3:
mov ebx,[p0]
mov [ebx+2F4],(float)1.5
push C8
call kernel32.Sleep
jmp KeyHandlerThread
{
GetIndexes:
mov eax,dwTable
GetIndexes_loop:
cmp [eax],0
je GetIndexes_exit
push eax // table address
mov edx,[eax]
push [edx+2C] // +2C
push edx // Index
push string
push 104 // MAX_PATH
push s // buffer
call sprintf_s
add esp,14
push s
call OutputDebugStringA
pop eax
add eax,4
jmp GetIndexes_loop
GetIndexes_exit:
push C8
call kernel32.Sleep
jmp KeyHandlerThread
}
Toggle:
xor [Toggler],1
push 96
call kernel32.Sleep
jmp KeyHandlerThread
ExitKeyHandler:
ret
[DISABLE]
KeyHandlerOff:
dd 1
unregistersymbol( bGod )
unregistersymbol( bGhost )
unregistersymbol( bFly )
unregistersymbol( bPlayersOnly )
unregistersymbol( KeyHandlerOff )
47
"SloMo"
Float
p0
2F4
48
"PlayersOnly"
4 Bytes
bPlayersOnly
49
"Fly"
4 Bytes
bFly
50
"Ghost"
4 Bytes
bGhost
74
"God"
4 Bytes
bGod
94
"Unlimited Ammo -- old one"
Auto Assembler Script
[ENABLE]
alloc( UnlimitedAmmo_Hook, 128, Borderlands.exe )
label( UnlimitedAmmo_back )
label( UnlimitedAmmo_exit )
UnlimitedAmmo_Hook:
pushfd
pushad
mov eax,[p1]
test eax,eax
je UnlimitedAmmo_exit
mov eax,[eax+474]
test eax,eax
je UnlimitedAmmo_exit
cmp eax,esi
jne UnlimitedAmmo_exit
//********************
//** Unlimited Ammo **
//********************
mov [esi+398],0 // subtract delta from magazine set to 0
mov eax,[eax+38C]
mov [eax+100],4 // flip ammo_decrease switch
//***********************
//** Weapon Attributes **
//***********************
mov [esi+2C0],(float)500.0 // set Damage to 500
mov [esi+2AC],(float)0.05 // set Accuracy to 0.05
mov [esi+298],(float)0.05 // set FireRate to 0.05
//*******************
//** Remove Recoil **
//*******************
xor ecx,ecx
mov edi,[p2]
mov [edi+BD4],ecx
mov [edi+BD8],ecx
mov [edi+BDC],ecx
mov [edi+BE0],ecx
UnlimitedAmmo_exit:
popad
popfd
mov eax,[esi+3CC]
jmp UnlimitedAmmo_back
aobscan( dwUnlimitedAmmo_AOB, 3996????????0F84????????8B86????????33C93BC2 )
label( dwUnlimitedAmmo )
registersymbol( dwUnlimitedAmmo )
dwUnlimitedAmmo_AOB+C:
dwUnlimitedAmmo:
jmp UnlimitedAmmo_Hook
db 90
UnlimitedAmmo_back:
alloc( DisableRecoil_Hook, 256, Borderlands.exe )
label( DisableRecoil_back )
label( DisableRecoil_exit )
DisableRecoil_Hook:
push eax
mov eax,[p2]
test eax,eax
je DisableRecoil_exit
cmp eax,ebx
jne DisableRecoil_exit
pop eax
jmp DisableRecoil_back
DisableRecoil_exit:
pop eax
fst dword ptr [ebx+00000BE0]
jmp DisableRecoil_back
aobscan( dwDisableRecoil_AOB, D993????????83C410D986????????D9442428DCC9D9C9 )
label( dwDisableRecoil )
registersymbol( dwDisableRecoil )
dwDisableRecoil_AOB:
dwDisableRecoil:
jmp DisableRecoil_Hook
db 90
DisableRecoil_back:
[DISABLE]
dwUnlimitedAmmo:
mov eax,[esi+3CC]
dwDisableRecoil:
fst dword ptr [ebx+00000BE0]
unregistersymbol( dwDisableRecoil )
dealloc( DisableRecoil_Hook )
unregistersymbol( dwUnlimitedAmmo )
dealloc( UnlimitedAmmo_Hook )
101
"Cheat Handler -- updated, non-generic"
Auto Assembler Script
[ENABLE]
alloc( KeyHandlerThread, 1024, Borderlands.exe )
registersymbol( KeyHandlerThread )
CreateThread( KeyHandlerThread )
alloc( KeyHandlerOff, 4, Borderlands.exe )
registersymbol( KeyHandlerOff )
label( ExitKeyHandler )
label( TogglePlayersOnly )
label( bPlayersOnly )
registersymbol( bPlayersOnly )
label( TogglePlayersOnly_exit )
label( ToggleFly )
label( bFly )
registersymbol( bFly )
label( ToggleFly_exit )
label( ToggleGhost )
label( bGhost )
registersymbol( bGhost )
label( ToggleGhost_exit )
label( ToggleGod )
label( bGod )
registersymbol( bGod )
label( ToggleGod_exit )
label( ToggleSloMo1 )
label( ToggleSloMo2 )
label( ToggleSloMo3 )
KeyHandlerOff:
dd 0
KeyHandlerThread:
push 0a
call kernel32.Sleep
cmp [KeyHandlerOff],1
je ExitKeyHandler
push 61 //VK_NUMPAD1
call GetAsyncKeyState
test ax,ax
jne TogglePlayersOnly
push 62 //VK_NUMPAD2
call GetAsyncKeyState
test ax,ax
jne ToggleFly
push 63 //VK_NUMPAD3
call GetAsyncKeyState
test ax,ax
jne ToggleGhost
push 65 //VK_NUMPAD5
call GetAsyncKeyState
test ax,ax
jne ToggleGod
push 67 //VK_NUMPAD7
call GetAsyncKeyState
test ax,ax
jne ToggleSloMo1
push 68 //VK_NUMPAD8
call GetAsyncKeyState
test ax,ax
jne ToggleSloMo2
push 69 //VK_NUMPAD9
call GetAsyncKeyState
test ax,ax
jne ToggleSloMo3
jmp KeyHandlerThread
TogglePlayersOnly:
xor byte ptr [bPlayersOnly],1
cmp byte ptr [bPlayersOnly],0
je @f
mov ecx,[p0]
or byte ptr [ecx+2B4],10
jmp TogglePlayersOnly_exit
@@:
mov ecx,[p0]
and byte ptr [ecx+2B4],0F
TogglePlayersOnly_exit:
push C8
call kernel32.Sleep
jmp KeyHandlerThread
ToggleFly:
xor byte ptr [bFly],1
cmp byte ptr [bFly],0
je @f
push 0
push 541E // try 5416 if old version
mov ecx,[p2]
call GetIndex
mov ebx,[p1]
mov ecx,[ebx+A0]
mov ecx,[ecx+18]
mov [ecx+10],eax
mov [ecx+28],eax
mov ecx,[ebx+120]
mov [ecx+24C],(float)2.0
mov [fSpeed],(float)40.0
mov byte ptr [ebx+98],4
jmp ToggleFly_exit
@@:
push 0
push 5422 // try 541A if old version
mov ecx,[p2]
call GetIndex
mov ebx,[p1]
mov ecx,[ebx+A0]
mov ecx,[ecx+18]
mov [ecx+28],eax
push 0
push 64
mov ecx,[p2]
call SetIndex
mov ebx,[p1]
mov ecx,[ebx+120]
mov [ecx+24C],(float)0.3
mov [fSpeed],(float)1.0
mov byte ptr [ebx+98],1
ToggleFly_exit:
push C8
call kernel32.Sleep
jmp KeyHandlerThread
ToggleGhost:
xor byte ptr [bGhost],1
cmp byte ptr [bGhost],0
je @f
mov ebx,[p1]
or byte ptr [ebx+BC],20
jmp ToggleGhost_exit
@@:
mov ebx,[p1]
and byte ptr [ebx+BC],0F
ToggleGhost_exit:
push C8
call kernel32.Sleep
jmp KeyHandlerThread
ToggleGod:
xor byte ptr [bGod],1
cmp byte ptr [bGod],0
je @f
mov ebx,[p2]
mov byte ptr [ebx+1F0],4B
jmp ToggleGod_exit
@@:
mov ebx,[p2]
mov byte ptr [ebx+1F0],49
ToggleGod_exit:
push C8
call kernel32.Sleep
jmp KeyHandlerThread
ToggleSloMo1:
mov ebx,[p0]
mov [ebx+2F4],(float)0.5
push C8
call kernel32.Sleep
jmp KeyHandlerThread
ToggleSloMo2:
mov ebx,[p0]
mov [ebx+2F4],(float)1.0
push C8
call kernel32.Sleep
jmp KeyHandlerThread
ToggleSloMo3:
mov ebx,[p0]
mov [ebx+2F4],(float)1.5
push C8
call kernel32.Sleep
jmp KeyHandlerThread
ExitKeyHandler:
mov [KeyHandlerOff],2
ret
bPlayersOnly:
db 0
bFly:
db 0
bGhost:
db 0
bGod:
db 0
[DISABLE]
unregistersymbol( bGod )
unregistersymbol( bGhost )
unregistersymbol( bFly )
unregistersymbol( bPlayersOnly )
{$lua}
if( syntaxcheck == false ) then --actual execution
local starttime = getTickCount()
if readInteger( "KeyHandlerOff" ) == 0 then --could be 2 already
writeInteger( "KeyHandlerOff", 1 ) --tell the thread to kill itself
end
while( getTickCount() < starttime + 1000 ) and ( readInteger( "KeyHandlerOff" ) ~= 2 ) do --wait till it has finished
sleep( 20 )
end
if( getTickCount() > starttime + 1000 ) then --could happen when the window is shown
showMessage( 'Disabling the thread failed!' )
error( 'Thread disabling failed!' )
end
sleep( 1 )
end
{$asm}
unregistersymbol( KeyHandlerOff )
dealloc( KeyHandlerOff )
unregistersymbol( KeyHandlerThread )
dealloc( KeyHandlerThread )
102
"SloMo"
Float
p0
2F4
103
"PlayersOnly"
Byte
bPlayersOnly
104
"Fly"
Byte
bFly
105
"Ghost"
Byte
bGhost
106
"God"
Byte
bGod
hook
007D5DA9
inject_shoptimer1
00F236A3
FLAG_ShopTimer
165B0037
POINTER_ShopTimer
165B003B
aobFixSlots_r
01809D52
iRiggedValue
0ACC0029
iUsageCounter
0ACC002D
aobAmmo_r
009F2681
bInfiniteAmmoEnabled
08A30066
aobDemiGodMode_r
00B9D036
bDemiGodModeEnabled
08A30130
aobBigBadAss_r
009A30C8
bBigBadAssHackEnabled
08A301A4
iDesiredBigBadAssValue
08A301A8
aobSkeletonKey_r
005D6C5C
bSkeletonKeyHackEnabled
08A3021F
aobPointer_r
0005EFF2
pPlayer
08A3025D
aobSkillPts_r
019CF7E7
bSkillPointHackEnabled
361300C0
iDesiredSkillPoints
361300C4
pTest
36130000
bTeleModLoaded
0F5D0000
iTeleModSavePos
0F5D0004
Count3240
09D6040C
aobFakePlayers_r
12190201
code
003ABD40
ItemAddressBase
0E410800
DesiredLevel
0E410804
aobBasePointer_r
00D88413
pBasePointer
0E590010
aobKeyBasePointer_r
00D57FE8
pKeyBasePointer
0E590810
aobInAccuracy_r
00A45700
aobAmmoUpdate_r
00A45700
bInfiniteAmmo
2AA60074
fMinusOne
2AA60078
bNoAccuracyDecreaseOnShot
2AA6007C
aobAmmoOnShot_r
00B362BA
bNoReloadEnabled
2AA60095
aobRecoil_r
00F16BD7
bRecoillessWeapons
2AA5003B
INJECT_Cheat1
00814FA4
FLOAT_Speed
33D10033
FLOAT_Height
33D10037
FLOAT_Store
33D1003B
FixSlotsInjectionLocation
00899D52
FixSlotsCounter
06AB0104
FixSlotsValue
06AB0100
xlivekiller
03911605
players
3779C601
bFirstPersonSet
0E2D0000
bThirdPersonSet
0E2E0000
pCameraMode
0E2F0000
bToggleKeyPressed
162C0000
bScriptEnabled
162D0000
pCamera
15890000
vCameraSet
16390000
vCamreaMode
163D0000
Rarity
0E7C0000
pBasePointerName
0D8D0000
pKeyBasePointerName
0D8D0004
ID_2C
0D920000
ID_2E
0D920004
ID_30
0D920008
ID_31
0D92000C
ID_32
0D920010
ID_33
0D920014
ID_34
0D920018
WeapSpread_Hook
01C25C0F
aobBypass_r
01D3F3EC
vFreeCamX
0E730000
vFreeCamY
0E740000
vFreeCamZ
0E770000
vFreeCamZRot
0E7C0000
vFreeCamXYRot
0E7D0000
vQuad
0E7E0000
vZero
0E830000
vOne
0EAF0000
vThree
0EB00000
vAccelerationMult
0EF70000
vFloatStorage
0EF80000
fTemp1
11470000
fTemp2
11600000
fTemp3
11670000
fTemp4
11770000
bFreeCamInit
11790000
bFreeCamStart
117A0000
aobHealth_r
00EFB928
bGodModeEnabled
0DF20038
bSpawnModLoaded
47C40000
TeleportFlyFullyDisabled
0915045D
TeleportFlyEnabled
09150459
DisableKeyHandler
0D0704C1
aob2
003281A9
aob1
005ABCF1
aob0
00F402EE
aobX
005ABCFD
dwSloMo
3883020C
dwDayNight
00E04FC1
dwVariableBullets
00609AC0
dwGodMode
006D7AEA
PlayersOnly_FreezeGFX
00B6F12A
dwRecoilRemove
0058CE5E
ScannerHook
4CAD41D0
Toggler
07040300
UnlimitedAmmo_
014524E4
NoRecoil_
0149B5A0
bPlayersOnly
136C0283
bFly
136C0284
bGhost
136C0285
bGod
136C0286
dwEPhysicsHook
0091056D
GetIndex
005D7F90
SetIndex
00594F80
SpeedHook
01491DE1
p0
0DF30056
p1
0DF3005A
p2
0DF3005E
fSpeed
0DF30062