284
"Camera Control [F1]"
000000
Auto Assembler Script
[ENABLE]
aobscanmodule(readAOB,ShadowOfMordor.exe,88 45 00 48 8B 84 24 x x x x C6 00 01 33 C0 48 89 03 89 43 08 E9)
aobscanmodule(writeAOB,ShadowOfMordor.exe,89 47 08 8B 43 04 89 47 0C 8B 43 08 89 47 10 4C 8B 87 x x x x 4D 85 C0)
aobscanmodule(fov_readAOB,ShadowOfMordor.exe,48 8B 8B x x x x 48 8D 45 D7 F3 0F 11 74 24 30 48 89 44 24 28 48 8D 45 C7 4C 8D 4D F7)
aobscanmodule(fov_writeAOB,ShadowOfMordor.exe,C6 44 24 30 00 F3 44 0F 11 4C 24 28 4C 8D 4E 64 0F 28 CB F3 0F 11 44 24 20)
label(camAddress)
registersymbol(camAddress)
label(camTest)
registersymbol(camTest)
label(camTest2)
registersymbol(camTest2)
registersymbol(readAOB)
registersymbol(writeAOB)
alloc(newmem,4096,"ShadowOfMordor.exe")
label(returnhere)
label(exit)
label(camX)
label(returnhereX)
label(exitX)
label(originalcodeX)
label(camZ)
label(returnhereZ)
label(exitZ)
label(originalcodeZ)
label(camY)
label(returnhereY)
label(exitY)
label(originalcodeY)
label(lockMovementX)
label(cameraEnabledX)
label(check2X)
label(lockMovementY)
label(cameraEnabledY)
label(check2Y)
label(lockMovementZ)
label(cameraEnabledZ)
label(check2Z)
label(enableLock)
registersymbol(enableLock)
label(fovAddress)
registersymbol(fovAddress)
registersymbol(fov_readAOB)
registersymbol(fov_writeAOB)
label(newmem2)
label(returnhere2)
label(exit2)
newmem:
push edx
mov edx,[rax+338]
mov [camTest],edx
mov edx,[rax+220]
mov [camTest2],edx
pop edx
mov [camAddress],rax
movss xmm0,[rax+08]
jmp exit
exit:
jmp returnhere
//
camX:
push edx
cmp [camTest],0
jne cameraEnabledX
cmp [camTest2],0
jne cameraEnabledX
jmp originalcodeX
cameraEnabledX:
cmp [enableLock],1
je lockMovementX
mov edx,[camTest]
cmp [rdi+338],edx
jne check2X
mov eax,[rbx+04]
jmp exitX
check2X:
mov edx,[camTest2]
cmp [rdi+220],edx
jne originalcodeX
mov eax,[rbx+04]
jmp exitX
originalcodeX:
mov [rdi+08],eax
mov eax,[rbx+04]
jmp exitX
lockMovementX:
mov eax,[rbx+04]
jmp exitX
exitX:
pop edx
jmp returnhereX
//
camZ:
push edx
cmp [camTest],0
jne cameraEnabledZ
cmp [camTest2],0
jne cameraEnabledZ
jmp originalcodeZ
cameraEnabledZ:
cmp [enableLock],1
je lockMovementZ
mov edx,[camTest]
cmp [rdi+338],edx
jne check2Z
mov eax,[rbx+08]
jmp exitZ
check2Z:
mov edx,[camTest2]
cmp [rdi+220],edx
jne originalcodeZ
mov eax,[rbx+08]
jmp exitZ
originalcodeZ:
mov [rdi+0C],eax
mov eax,[rbx+08]
jmp exitZ
lockMovementZ:
mov eax,[rbx+08]
jmp exitZ
exitZ:
pop edx
jmp returnhereZ
//
camY:
push edx
cmp [camTest],0
jne cameraEnabledY
cmp [camTest2],0
jne cameraEnabledY
jmp originalcodeY
cameraEnabledY:
cmp [enableLock],1
je lockMovementY
mov edx,[camTest]
cmp [rdi+338],edx
jne check2Y
mov r8,[rdi+00000110]
jmp exitY
check2Y:
mov edx,[camTest2]
cmp [rdi+220],edx
jne originalcodeY
mov r8,[rdi+00000110]
jmp exitY
originalcodeY:
mov [rdi+10],eax
mov r8,[rdi+00000110]
jmp exitY
lockMovementY:
mov r8,[rdi+00000110]
jmp exitY
exitY:
pop edx
jmp returnhereY
//
newmem2:
mov [fovAddress],rax
movss xmm6,[rax+60]
jmp exit2
exit2:
jmp returnhere2
///
enableLock:
dd 1
fovAddress:
dq 0
camTest:
dd 0
camTest2:
dd 0
camAddress:
dq 0
//
readAOB+1b:
jmp newmem
returnhere:
writeAOB:
jmp camX
nop
returnhereX:
writeAOB+6:
jmp camZ
nop
returnhereZ:
writeAOB+c:
jmp camY
nop
nop
nop
nop
nop
returnhereY:
fov_readAOB+7b:
//"ShadowOfMordor.exe"+3F52AD:
jmp newmem2
returnhere2:
fov_writeAOB+22:
//"ShadowOfMordor.exe"+4484C6:
db 90 90 90 90 90
[DISABLE]
dealloc(newmem)
readAOB+1b:
movss xmm0,[rax+08]
//
writeAOB:
mov [rdi+08],eax
mov eax,[rbx+04]
//
writeAOB+6:
mov [rdi+0C],eax
mov eax,[rbx+08]
//
writeAOB+c:
mov [rdi+10],eax
mov r8,[rdi+00000110]
//
fov_readAOB+7b:
movss xmm6,[rax+60]
fov_writeAOB+22:
movss [rsi+60],xmm0
unregistersymbol(camAddress)
unregistersymbol(readAOB)
unregistersymbol(writeAOB)
unregistersymbol(enableLock)
unregistersymbol(camTest)
unregistersymbol(camTest2)
unregistersymbol(fovAddress)
unregistersymbol(fov_readAOB)
unregistersymbol(fov_writeAOB)
Toggle Activation
112
0
288
"Numpad Keys = move camera"
8000FF
1
11015
"Numpad (-) (+) to change FOV"
8000FF
1
286
"Player X"
80000008
Float
camAddress
8
Increase Value
102
20
0
Decrease Value
100
20
1
Increase Value
18
102
300
2
Decrease Value
18
100
300
3
Increase Value
17
102
5
4
Decrease Value
17
100
5
5
285
"Player Y"
80000008
Float
camAddress
10
Increase Value
104
20
0
Decrease Value
98
20
1
Increase Value
18
104
300
2
Decrease Value
18
98
300
3
Decrease Value
17
98
5
4
Increase Value
17
104
5
5
287
"Player Z"
80000008
Float
camAddress
C
Increase Value
105
20
0
Decrease Value
99
20
1
Increase Value
18
105
200
2
Decrease Value
18
99
200
3
Decrease Value
17
99
5
4
Increase Value
17
105
5
5
11013
"FOV"
80000008
Float
fovAddress
60
Decrease Value
109
.05
0
Increase Value
107
.05
1
Decrease Value
18
109
.01
2
Increase Value
18
107
.01
3
418
"Timestop (freeze all) [F2]"
000000
Auto Assembler Script
[ENABLE]
aobscanmodule(time_readAOB,ShadowOfMordor.exe,48 8B 01 FF 50 10 48 8B 5B 08 48 3B DF)
aobscanmodule(time_writeAOB,ShadowOfMordor.exe,89 69 2C F3 48 0F 2A C0 F3 0F 5E C8 F3 0F 11 49 30 E8 x x x x 48 8B D8)
aobscanmodule(pTime_readAOB2,ShadowOfMordor.exe,8B 49 2C 81 F9 x x x x 77 1B 66 0F EF F6 66 0F EF C0)
label(gameSpeed)
label(enableTimestop)
registersymbol(gameSpeed)
registersymbol(enableTimestop)
registersymbol(time_readAOB)
registersymbol(time_writeAOB)
label(gameSpeed2)
registersymbol(gameSpeed2)
registersymbol(pTime_readAOB2)
alloc(newmem,2048,"ShadowOfMordor.exe")
label(returnhere)
label(exit)
label(newmem2)
label(returnhere2)
label(exit2)
label(newmem3)
label(returnhere3)
label(exit3)
label(newmem4)
label(returnhere4)
label(exit4)
label(originalcode)
label(originalcode2)
newmem:
mov [gameSpeed],rcx
mov rax,[rcx]
call qword ptr [rax+10]
jmp exit
exit:
jmp returnhere
//
newmem2:
cmp [enableTimestop],1
jne originalcode
cvtsi2ss xmm0,rax
jmp exit2
originalcode:
mov [rdx+2C],eax
cvtsi2ss xmm0,rax
jmp exit2
exit2:
jmp returnhere2
//
newmem3:
cmp [enableTimestop],1
jne originalcode2
cvtsi2ss xmm0,rax
jmp exit3
originalcode2:
mov [rcx+2C],ebp
cvtsi2ss xmm0,rax
jmp exit3
exit3:
jmp returnhere3
newmem4:
mov [gameSpeed2],rcx
mov ecx,[rcx+2C]
cmp ecx,0000FFFF
jmp exit4
exit4:
jmp returnhere4
///
enableTimestop:
dd 0
gameSpeed:
dq 0
gameSpeed2:
dq 0
///
///
// get base address
time_readAOB:
jmp newmem
nop
returnhere:
// zoom opcode +165
time_writeAOB+165:
jmp newmem2
nop
nop
nop
returnhere2:
// reset opcode
time_writeAOB:
jmp newmem3
nop
nop
nop
returnhere3:
// player speed
pTime_readAOB2:
jmp newmem4
nop
nop
nop
nop
returnhere4:
[DISABLE]
dealloc(newmem)
time_readAOB:
mov rax,[rcx]
call qword ptr [rax+10]
//
time_writeAOB+165:
mov [rdx+2C],eax
cvtsi2ss xmm0,rax
//
time_writeAOB:
mov [rcx+2C],ebp
cvtsi2ss xmm0,rax
//
pTime_readAOB2:
mov ecx,[rcx+2C]
cmp ecx,0000FFFF
//
unregistersymbol(gameSpeed)
unregistersymbol(enableTimestop)
unregistersymbol(time_readAOB)
unregistersymbol(time_writeAOB)
unregistersymbol(gameSpeed2)
unregistersymbol(pTime_readAOB2)
Activate
113
0
427
"F3 = Pause"
8000FF
1
428
"F4 = Resume"
8000FF
1
429
"F5 = Freeze Player Only"
8000FF
1
430
"F6 = Unfreeze Player"
8000FF
1
420
"Game Speed"
80000008
4 Bytes
gameSpeed
2C
Set Value
114
100000
0
Set Value
115
1
1
Set Value
18
114
2
2
Set Value
18
17
114
60000
3
Set Value
17
8
60000
4
Set Value
18
81
100000
5
Set Value
18
87
2
6
423
"Player Speed"
80000008
4 Bytes
gameSpeed2
2C
Set Value
116
100000
0
Set Value
117
1
1
Set Value
18
116
2
2
11016
"------------------------------------------------------------------------------"
80000008
1
437
"Cheats"
0000FF
1
63
"God \ Unlimited Cheats"
000000
Auto Assembler Script
{ Game : ShadowOfMordor.exe
Version: 1.2
Date : 2014-10-05
Author : NoMoreBSOD
}
[ENABLE]
aobscanmodule(aob_xp,ShadowOfMordor.exe,8B 98 D4 04 00 00 ?? ?? ?? ?? ?? 48 8b cf 44 8b f0) // should be unique
alloc(new_xp,$1000,"ShadowOfMordor.exe"+696A83)
label(cod_xp)
label(ret_xp)
registersymbol(p_xp)
alloc(p_xp,8)
new_xp:
cod_xp:
mov [p_xp],rax
mov ebx,[rax+000004D4]
jmp ret_xp
aob_xp:
jmp cod_xp
nop
ret_xp:
registersymbol(aob_xp)
aobscanmodule(aob_arr,ShadowOfMordor.exe,89 4B 50 48 83 BA 88 00 00 00 00) // should be unique
alloc(new_arr,$1000,"ShadowOfMordor.exe"+CC19E4)
label(cod_arr)
label(ret_arr)
registersymbol(t_arr)
alloc(t_arr,8)
t_arr:
dd 1
registersymbol(p_arr)
alloc(p_arr,8)
new_arr:
mov [p_arr],rbx
cmp [t_arr],1
jne cod_arr
mov ecx, [rbx+4c]
cod_arr:
mov [rbx+50],ecx
cmp qword ptr [rdx+00000088],00
jmp ret_arr
aob_arr:
jmp new_arr
nop
nop
nop
nop
nop
nop
ret_arr:
registersymbol(aob_arr)
aobscanmodule(aob_foc,ShadowOfMordor.exe,F3 0F 11 7B 54 F3 0F 5c c7 0f 14 c0 0f 5a d0) // should be unique
alloc(new_foc,$1000,"ShadowOfMordor.exe"+CC1FBC)
label(cod_foc)
label(ret_foc)
registersymbol(t_foc)
alloc(t_foc,8)
t_foc:
dd 1
new_foc:
cmp [t_foc],1
jne ret_foc
movss xmm7,[rbx+48]
movss [rbx+44],xmm7
cod_foc:
movss [rbx+54],xmm7
jmp ret_foc
aob_foc:
jmp new_foc
ret_foc:
registersymbol(aob_foc)
aobscanmodule(aob_com,ShadowOfMordor.exe,66 39 83 C6 00 00 00 ?? ?? 45 32 c0) // should be unique
alloc(new_com,$1000,"ShadowOfMordor.exe"+CC9751)
label(cod_com)
label(ret_com)
registersymbol(t_com)
alloc(t_com,8)
t_com:
dd 1
registersymbol(p_com)
alloc(p_com,8)
new_com:
cmp [t_com],1
jne cod_com
cmp [rbx+c2],0
je cod_com
cmp [rbx+c6],0
je cod_com
add [rbx+c2], 8
add [rbx+c4], 8
add [rbx+c6], 8
cod_com:
mov [p_com],rbx
cmp [rbx+000000C6],ax
jmp ret_com
aob_com:
jmp new_com
nop
nop
ret_com:
registersymbol(aob_com)
aobscanmodule(aob_easy,ShadowOfMordor.exe,F3 0F 10 B0 64 01 00 00 48 8D) // should be unique
alloc(new_easy,$1000,"ShadowOfMordor.exe"+C84A0F)
label(cod_easy)
label(ret_easy)
registersymbol(t_easy)
alloc(t_easy,8)
t_easy:
dd 0
registersymbol(temp_e)
alloc(temp_e,8)
new_easy:
cmp [t_easy],1
jne cod_easy
movss [temp_e],xmm6
movss xmm6, [rax+160]
movss [rax+164],xmm6
movss xmm6, [temp_e]
cod_easy:
movss xmm6,[rax+00000164]
jmp ret_easy
aob_easy:
jmp new_easy
nop
nop
nop
ret_easy:
registersymbol(aob_easy)
aobscanmodule(aob_rune,ShadowOfMordor.exe,0F B7 40 08 48 83 C4 28 C3) // should be unique
alloc(new_rune,$1000,"ShadowOfMordor.exe"+7BBAB9)
label(cod_rune)
label(ret_rune)
registersymbol(p_rune)
alloc(p_rune,8)
new_rune:
cod_rune:
mov [p_rune],rax
movzx eax,word ptr [rax+08]
add rsp,28
jmp ret_rune
aob_rune:
jmp cod_rune
nop
nop
nop
ret_rune:
registersymbol(aob_rune)
aobscanmodule(aob_miss,ShadowOfMordor.exe,0F B6 43 16 38 43 14 0F 83) // should be unique
alloc(new_miss,$1000,"ShadowOfMordor.exe"+C43583)
label(cod_miss)
label(ret_miss)
registersymbol(p_miss)
alloc(p_miss,8)
new_miss:
cmp byte ptr [rbx+15],0
jne cod_miss
mov [p_miss],rbx
cod_miss:
movzx eax,byte ptr [rbx+16]
cmp [rbx+14],al
jmp ret_miss
aob_miss:
jmp new_miss
nop
nop
ret_miss:
registersymbol(aob_miss)
aobscanmodule(aob_god,ShadowOfMordor.exe,0F 2F C1 f3 41 0F 11 49 34 ?? ?? 41 c7 41 34 00 00 00 00) // should be unique
alloc(new_god,$1000,"ShadowOfMordor.exe"+C2473A)
label(cod_god)
label(cod_god1)
label(ret_god)
registersymbol(t_god)
alloc(t_god,8)
t_god:
dd 0
registersymbol(p_hero)
alloc(p_hero,8)
registersymbol(p_enemy)
alloc(p_enemy,8)
new_god:
cmp [r9+40], 0
je cod_god1
mov [p_enemy],r9
jmp cod_god
cod_god1:
mov [p_hero], r9
cmp [t_god], 1
jne cod_god
movss xmm1, [r9+30]
cod_god:
comiss xmm0,xmm1
movss [r9+34],xmm1
jmp ret_god
aob_god:
jmp new_god
nop
nop
nop
nop
ret_god:
registersymbol(aob_god)
aobscanmodule(aob_uruk,ShadowOfMordor.exe,8B BB 40 03 00 00 0F 28 b4 24 90 00 00 00 ff c7) // should be unique
alloc(new_uruk,$1000,"ShadowOfMordor.exe"+57CB93)
label(cod_uruk)
label(ret_uruk)
registersymbol(p_uruk)
alloc(p_uruk,8)
new_uruk:
cod_uruk:
mov [p_uruk],rbx
mov edi,[rbx+00000340]
jmp ret_uruk
aob_uruk:
jmp cod_uruk
nop
ret_uruk:
registersymbol(aob_uruk)
[DISABLE]
aob_xp:
db 8B 98 D4 04 00 00
unregistersymbol(aob_xp)
dealloc(new_xp)
unregistersymbol(p_xp)
dealloc(p_xp)
aob_arr:
db 89 4B 50 48 83 BA 88 00 00 00 00
unregistersymbol(aob_arr)
dealloc(new_arr)
unregistersymbol(t_arr)
dealloc(t_arr)
unregistersymbol(p_arr)
dealloc(p_arr)
aob_foc:
db F3 0F 11 7B 54
unregistersymbol(aob_foc)
dealloc(new_foc)
unregistersymbol(t_foc)
dealloc(t_foc)
aob_com:
db 66 39 83 C6 00 00 00
unregistersymbol(aob_com)
dealloc(new_com)
unregistersymbol(t_com)
dealloc(t_com)
unregistersymbol(p_com)
dealloc(p_com)
aob_easy:
db F3 0F 10 B0 64 01 00 00
unregistersymbol(aob_easy)
dealloc(new_easy)
unregistersymbol(t_easy)
dealloc(t_easy)
unregistersymbol(temp_e)
dealloc(temp_e)
aob_rune:
db 0F B7 40 08 48 83 C4 28
unregistersymbol(aob_rune)
dealloc(new_rune)
unregistersymbol(p_rune)
dealloc(p_rune)
aob_miss:
db 0F B6 43 16 38 43 14
unregistersymbol(aob_miss)
dealloc(new_miss)
unregistersymbol(p_miss)
dealloc(p_miss)
aob_god:
db 0F 2F C1 f3 41 0F 11 49 34
unregistersymbol(aob_god)
dealloc(new_god)
unregistersymbol(t_god)
dealloc(t_god)
unregistersymbol(p_hero)
dealloc(p_hero)
unregistersymbol(p_enemy)
dealloc(p_enemy)
aob_uruk:
db 8B BB 40 03 00 00
unregistersymbol(aob_uruk)
dealloc(new_uruk)
unregistersymbol(p_uruk)
dealloc(p_uruk)
84
"Other Values"
000080
1
96
"Hero Health"
FF0000
Float
p_hero
34
97
"Last enemy hit health"
FF0000
Float
p_enemy
34
85
"Arrows"
FF0000
4 Bytes
p_arr
50
86
"Max Arrows"
FF0000
4 Bytes
p_arr
4C
89
"Current combo"
80000008
2 Bytes
p_com
C6
88
"combo count"
80000008
2 Bytes
p_com
C4
87
"combo count"
80000008
2 Bytes
p_com
C2
82
"Fast Combo"
008000
4 Bytes
t_com
80
"Infinite arrows"
008000
4 Bytes
t_arr
95
"God Mode"
008000
4 Bytes
t_god
81
"Infinite focus"
008000
4 Bytes
t_foc
14
"Get Intel for selected Uruks. (Mark one as Target to see appearances)"
80000008
Auto Assembler Script
[ENABLE]
aobscanmodule(aob_orkintel,ShadowOfMordor.exe,F6 81 A9 03 00 00 01 48 8B D9)
alloc(mem_orkintel,256,ShadowOfMordor.exe)
registersymbol(mem_orkintel)
label(_orkintel)
registersymbol(_orkintel)
label(return_orkintel)
mem_orkintel:
mov eax,[rcx+000003A8]
or eax,(int)163584
mov [rcx+000003A8],eax
db 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
test byte ptr [rcx+000003A9],01
jmp return_orkintel
aob_orkintel:
_orkintel:
jmp mem_orkintel
nop
nop
return_orkintel:
[DISABLE]
_orkintel:
test byte ptr [rcx+000003A9],01
unregistersymbol(_orkintel)
unregistersymbol(mem_orkintel)
dealloc(mem_orkintel)
69
"Revenge Target, Death Threat and Weakness Exploited for selected Uruks."
80000008
Auto Assembler Script
[ENABLE]
mem_orkintel+11:
mov eax,[rcx+000003A4]
or eax,(int)67121152
mov [rcx+000003A4],eax
[DISABLE]
mem_orkintel+11:
db 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
127
"Only Level 25/Epic Runes drop (No Death Threat)"
80000008
Auto Assembler Script
[ENABLE]
aobscanmodule(aob_runelvl,ShadowOfMordor.exe,48 8B 9C 24 80 00 00 00 41 8B C5 41 8B CD 76 2C)
alloc(mem_runelvl,128,ShadowOfMordor.exe)
label(return_runelvl)
label(_runelvl)
registersymbol(_runelvl)
mem_runelvl:
lea rdx,[rdi+24]
mov [rdx],(int)20 //Enemy Level
mov [rdx+08],1 //for Vengeance
mov [rdx+10],1 //for Death Threat
mov [rdx+18],2 //for Warchief
mov [rdx+20],1 //for Fear/Hate Exploited
mov [rdx+28],1 //for Knowing Weakness
mov r15,[rsp+30]
jmp return_runelvl
aob_runelvl-5:
_runelvl:
jmp mem_runelvl
return_runelvl:
[DISABLE]
_runelvl:
mov r15,[rsp+30]
unregistersymbol(_runelvl)
dealloc(mem_runelvl)
440
"Invisibility"
80000008
Auto Assembler Script
[ENABLE]
aobscanmodule(aob_ghost,ShadowOfMordor.exe,48 89 5C 24 60 48 89 6C 24 68 48 89 74 24 70 4C 89 7C 24 30)
label(_ghost)
registersymbol(_ghost)
aob_ghost-6:
_ghost:
db 90 e9
[DISABLE]
_ghost:
db 0f 84
unregistersymbol(_ghost)
Toggle Activation
118
0
436
"Enable Bits"
808080
1
11000
"Position Lock"
80000008
Byte
enableLock
Set Value
111
0
0
Set Value
106
1
1
11001
"Camtest"
80000008
4 Bytes
camTest
435
"Timestop Enabled"
80000008
4 Bytes
enableTimestop
Set Value
114
1
0
Set Value
115
0
1
Set Value
18
114
1
2
11005
"Old Free Camera (backup)"
000000
Auto Assembler Script
[ENABLE]
aobscanmodule(readAOB,ShadowOfMordor.exe,88 45 00 48 8B 84 24 x x x x C6 00 01 33 C0 48 89 03 89 43 08 E9)
aobscanmodule(writeAOB,ShadowOfMordor.exe,89 47 08 8B 43 04 89 47 0C 8B 43 08 89 47 10 4C 8B 87 x x x x 4D 85 C0)
label(camAddress)
registersymbol(camAddress)
registersymbol(readAOB)
registersymbol(writeAOB)
alloc(newmem,2048,"ShadowOfMordor.exe")
label(returnhere)
label(exit)
label(camX)
label(returnhereX)
label(exitX)
label(camZ)
label(returnhereZ)
label(exitZ)
label(camY)
label(returnhereY)
label(exitY)
newmem:
mov [camAddress],rax
movss xmm0,[rax+08]
jmp exit
exit:
jmp returnhere
//
camX:
mov eax,[rbx+04]
jmp exitX
exitX:
jmp returnhereX
//
camZ:
mov eax,[rbx+08]
jmp exitZ
exitZ:
jmp returnhereZ
//
camY:
mov r8,[rdi+00000110]
jmp exitY
exitY:
jmp returnhereY
///
camAddress:
dd 0
//
readAOB+1b:
jmp newmem
returnhere:
writeAOB:
jmp camX
nop
returnhereX:
writeAOB+6:
jmp camZ
nop
returnhereZ:
writeAOB+c:
jmp camY
nop
nop
nop
nop
nop
returnhereY:
[DISABLE]
dealloc(newmem)
readAOB+1b:
movss xmm0,[rax+08]
//
writeAOB:
mov [rdi+08],eax
mov eax,[rbx+04]
//
writeAOB+6:
mov [rdi+0C],eax
mov eax,[rbx+08]
//
writeAOB+c:
mov [rdi+10],eax
mov r8,[rdi+00000110]
//
unregistersymbol(camAddress)
unregistersymbol(readAOB)
unregistersymbol(writeAOB)
11006
"Numpad Keys = move camera"
8000FF
1
11008
"Player X"
80000008
Float
camAddress
8
Increase Value
102
20
0
Decrease Value
100
20
1
Increase Value
18
102
300
2
Decrease Value
18
100
300
3
Increase Value
17
102
5
4
Decrease Value
17
100
5
5
11007
"Player Y"
80000008
Float
camAddress
10
Increase Value
104
20
0
Decrease Value
98
20
1
Increase Value
18
104
300
2
Decrease Value
18
98
300
3
Decrease Value
17
98
5
4
Increase Value
17
104
5
5
11009
"Player Z"
80000008
Float
camAddress
C
Increase Value
105
20
0
Decrease Value
99
20
1
Increase Value
18
105
200
2
Decrease Value
18
99
200
3
Decrease Value
17
99
5
4
Increase Value
17
105
5
5
11010
"Rot Y"
80000008
Float
camAddress
14
Decrease Value
38
.01
0
Increase Value
40
.01
1
11017
"General Script"
0000FF
Auto Assembler Script
{ Game : ShadowOfMordor.exe
Version: 1.2
Date : 2014-10-05
Author : NoMoreBSOD
}
{ Version: 1.2.1
Date: 2015-01-02
Author: shadowblight
}
[ENABLE]
aobscanmodule(aob_xp,ShadowOfMordor.exe,8B 98 EC 04 00 00 ?? ?? ?? ?? ?? 48 8B CF 44 8B F0) // should be unique
alloc(new_xp,$1000,"ShadowOfMordor.exe"+696A83)
label(cod_xp)
label(ret_xp)
registersymbol(p_xp)
alloc(p_xp,8)
new_xp:
cod_xp:
mov [p_xp],rax
mov ebx,[rax+000004D4]
jmp ret_xp
aob_xp:
jmp cod_xp
nop
ret_xp:
registersymbol(aob_xp)
aobscanmodule(aob_arr,ShadowOfMordor.exe,89 4B 50 48 83 BA 88 00 00 00 00) // should be unique
alloc(new_arr,$1000,"ShadowOfMordor.exe"+CC19E4)
label(cod_arr)
label(ret_arr)
registersymbol(t_arr)
alloc(t_arr,8)
t_arr:
dd 1
registersymbol(p_arr)
alloc(p_arr,8)
new_arr:
mov [p_arr],rbx
cmp [t_arr],1
jne cod_arr
mov ecx, [rbx+4c]
cod_arr:
mov [rbx+50],ecx
cmp qword ptr [rdx+00000088],00
jmp ret_arr
aob_arr:
jmp new_arr
nop
nop
nop
nop
nop
nop
ret_arr:
registersymbol(aob_arr)
aobscanmodule(aob_foc,ShadowOfMordor.exe,F3 0F 11 7B 54 F3 0F 5c c7 0f 14 c0 0f 5a d0) // should be unique
alloc(new_foc,$1000,"ShadowOfMordor.exe"+CC1FBC)
label(cod_foc)
label(ret_foc)
registersymbol(t_foc)
alloc(t_foc,8)
t_foc:
dd 1
new_foc:
cmp [t_foc],1
jne cod_foc
movss xmm7,[rbx+48]
movss [rbx+44],xmm7
cod_foc:
movss [rbx+54],xmm7
jmp ret_foc
aob_foc:
jmp new_foc
ret_foc:
registersymbol(aob_foc)
aobscanmodule(aob_com,ShadowOfMordor.exe,66 39 83 C6 00 00 00 ?? ?? 45 32 c0) // should be unique
alloc(new_com,$1000,"ShadowOfMordor.exe"+CC9751)
label(cod_com)
label(ret_com)
registersymbol(t_com)
alloc(t_com,8)
t_com:
dd 1
registersymbol(p_com)
alloc(p_com,8)
new_com:
cmp [t_com],1
jne cod_com
cmp [rbx+c2],0
je cod_com
cmp [rbx+c6],0
je cod_com
add [rbx+c2], 8
add [rbx+c4], 8
add [rbx+c6], 8
cod_com:
mov [p_com],rbx
cmp [rbx+000000C6],ax
jmp ret_com
aob_com:
jmp new_com
nop
nop
ret_com:
registersymbol(aob_com)
aobscanmodule(aob_easy,ShadowOfMordor.exe,F3 0F 10 B0 64 01 00 00 48 8D) // should be unique
alloc(new_easy,$1000,"ShadowOfMordor.exe"+C84A0F)
label(cod_easy)
label(ret_easy)
registersymbol(t_easy)
alloc(t_easy,8)
t_easy:
dd 0
registersymbol(temp_e)
alloc(temp_e,8)
new_easy:
cmp [t_easy],1
jne cod_easy
movss [temp_e],xmm6
movss xmm6, [rax+160]
movss [rax+164],xmm6
movss xmm6, [temp_e]
cod_easy:
movss xmm6,[rax+00000164]
jmp ret_easy
aob_easy:
jmp new_easy
nop
nop
nop
ret_easy:
registersymbol(aob_easy)
aobscanmodule(aob_rune,ShadowOfMordor.exe,0F B7 40 08 48 83 C4 28 C3) // should be unique
alloc(new_rune,$1000,"ShadowOfMordor.exe"+7BBAB9)
label(cod_rune)
label(ret_rune)
registersymbol(p_rune)
alloc(p_rune,8)
new_rune:
cod_rune:
mov [p_rune],rax
movzx eax,word ptr [rax+08]
add rsp,28
jmp ret_rune
aob_rune:
jmp cod_rune
nop
nop
nop
ret_rune:
registersymbol(aob_rune)
aobscanmodule(aob_miss,ShadowOfMordor.exe,0F B6 43 16 38 43 14 0F 83) // should be unique
alloc(new_miss,$1000,"ShadowOfMordor.exe"+C43583)
label(cod_miss)
label(ret_miss)
registersymbol(p_miss)
alloc(p_miss,8)
new_miss:
cmp byte ptr [rbx+15],0
jne cod_miss
mov [p_miss],rbx
cod_miss:
movzx eax,byte ptr [rbx+16]
cmp [rbx+14],al
jmp ret_miss
aob_miss:
jmp new_miss
nop
nop
ret_miss:
registersymbol(aob_miss)
aobscanmodule(aob_god,ShadowOfMordor.exe,0F 2F C1 f3 41 0F 11 49 34 ?? ?? 41 c7 41 34 00 00 00 00) // should be unique
alloc(new_god,$1000,"ShadowOfMordor.exe"+C2473A)
label(cod_god)
label(cod_god1)
label(ret_god)
registersymbol(t_god)
alloc(t_god,8)
t_god:
dd 0
registersymbol(p_hero)
alloc(p_hero,8)
registersymbol(p_enemy)
alloc(p_enemy,8)
new_god:
cmp [r9+40], 0
je cod_god1
mov [p_enemy],r9
jmp cod_god
cod_god1:
mov [p_hero], r9
cmp [t_god], 1
jne cod_god
movss xmm1, [r9+30]
cod_god:
comiss xmm0,xmm1
movss [r9+34],xmm1
jmp ret_god
aob_god:
jmp new_god
nop
nop
nop
nop
ret_god:
registersymbol(aob_god)
aobscanmodule(aob_uruk,ShadowOfMordor.exe,8B BB 40 03 00 00 0F 28 B4 24 A0 00 00 00 FF C7) // should be unique
alloc(new_uruk,$1000,"ShadowOfMordor.exe"+57CB93)
label(cod_uruk)
label(ret_uruk)
registersymbol(p_uruk)
alloc(p_uruk,8)
new_uruk:
cod_uruk:
mov [p_uruk],rbx
mov edi,[rbx+00000340]
jmp ret_uruk
aob_uruk:
jmp cod_uruk
nop
ret_uruk:
registersymbol(aob_uruk)
[DISABLE]
aob_xp:
db 8B 98 EC 04 00 00
unregistersymbol(aob_xp)
dealloc(new_xp)
unregistersymbol(p_xp)
dealloc(p_xp)
aob_arr:
db 89 4B 50 48 83 BA 88 00 00 00 00
unregistersymbol(aob_arr)
dealloc(new_arr)
unregistersymbol(t_arr)
dealloc(t_arr)
unregistersymbol(p_arr)
dealloc(p_arr)
aob_foc:
db F3 0F 11 7B 54
unregistersymbol(aob_foc)
dealloc(new_foc)
unregistersymbol(t_foc)
dealloc(t_foc)
aob_com:
db 66 39 83 C6 00 00 00
unregistersymbol(aob_com)
dealloc(new_com)
unregistersymbol(t_com)
dealloc(t_com)
unregistersymbol(p_com)
dealloc(p_com)
aob_easy:
db F3 0F 10 B0 64 01 00 00
unregistersymbol(aob_easy)
dealloc(new_easy)
unregistersymbol(t_easy)
dealloc(t_easy)
unregistersymbol(temp_e)
dealloc(temp_e)
aob_rune:
db 0F B7 40 08 48 83 C4 28
unregistersymbol(aob_rune)
dealloc(new_rune)
unregistersymbol(p_rune)
dealloc(p_rune)
aob_miss:
db 0F B6 43 16 38 43 14
unregistersymbol(aob_miss)
dealloc(new_miss)
unregistersymbol(p_miss)
dealloc(p_miss)
aob_god:
db 0F 2F C1 f3 41 0F 11 49 34
unregistersymbol(aob_god)
dealloc(new_god)
unregistersymbol(t_god)
dealloc(t_god)
unregistersymbol(p_hero)
dealloc(p_hero)
unregistersymbol(p_enemy)
dealloc(p_enemy)
aob_uruk:
db 8B BB 40 03 00 00
unregistersymbol(aob_uruk)
dealloc(new_uruk)
unregistersymbol(p_uruk)
dealloc(p_uruk)
11018
"God Mode"
008000
4 Bytes
t_god
11019
"Fast Combo"
008000
4 Bytes
t_com
11020
"Infinite focus"
008000
4 Bytes
t_foc
11021
"Infinite arrows"
008000
4 Bytes
t_arr
79
"Ability/Talent point"
FF0000
4 Bytes
p_rune
8
66
"Current xp"
FF0000
4 Bytes
p_xp
4D4
67
"Power Points (tier unlock)"
FF0000
4 Bytes
p_xp
4DC
98
"Current level (max 32)"
FF0000
4 Bytes
p_xp
4D0
117
"Hits to trigger combo"
FF0000
2 Bytes
p_com
C8
118
"Selected Uruk"
000080
1
120
"Uruk level (+ 1 gives you in game lvl)"
FF0000
4 Bytes
p_uruk
340
121
"Number of hero kills"
FF0000
4 Bytes
p_uruk
348
68
"Mission Objectives"
000080
1
11022
"Objective 1"
80000008
Byte
p_miss
14
70
"Objective 1 goal"
80000008
Byte
p_miss
16
71
"Objective 2"
80000008
Byte
p_miss
34
72
"Objective 2 goal"
80000008
Byte
p_miss
36
73
"Objective 3"
80000008
Byte
p_miss
54
74
"Objective 3 goal"
80000008
Byte
p_miss
56
75
"Objective 4"
80000008
Byte
p_miss
74
76
"Objective 4 goal"
80000008
Byte
p_miss
76
77
"Objective 5"
80000008
Byte
p_miss
94
78
"Objective 5 goal"
80000008
Byte
p_miss
96
11023
"Other Values"
000080
1
11024
"Hero Health"
FF0000
Float
p_hero
34
11025
"Last enemy hit health"
FF0000
Float
p_enemy
34
11026
"Arrows"
FF0000
4 Bytes
p_arr
50
11027
"Max Arrows"
FF0000
4 Bytes
p_arr
4C
11028
"Current combo"
80000008
2 Bytes
p_com
C6
11029
"combo count"
80000008
2 Bytes
p_com
C4
11030
"combo count"
80000008
2 Bytes
p_com
C2
104
"Hits to trigger combo"
80000008
2 Bytes
p_com
C8
Code :mov [rdi+08],eax
14074F54D
ShadowOfMordor.exe
DEF54D
00
00
00
8B
03
89
47
08
8B
43
04
89
47
Code :mov [rdi+08],eax
140CECDFD
ShadowOfMordor.exe
DFCDFD
00
00
00
8B
03
89
47
08
8B
43
04
89
47
Code :mov [rdi+08],eax
1401BCDFD
ShadowOfMordor.exe
DFCDFD
00
00
00
8B
03
89
47
08
8B
43
04
89
47
Code :movss xmm6,[rax+60]
13F7B52AD
ShadowOfMordor.exe
3F52AD
F3
0F
11
45
EF
F3
0F
10
70
60
E8
39
2E
0A
00
Code :movss [rsi+60],xmm0
13F8084C6
ShadowOfMordor.exe
4484C6
E8
5A
2A
0C
00
F3
0F
11
46
60
45
0F
2F
D7
76
Code :movss [rsi+60],xmm2
13F80899C
ShadowOfMordor.exe
44899C
F3
0F
58
56
60
F3
0F
11
56
60
80
7A
3C
00
0F
Code :movss [rcx+10],xmm0
13FF20B09
ShadowOfMordor.exe
490B09
0F
10
44
24
38
F3
0F
11
41
10
48
8B
0B
48
85
tiltAOB
140D8F83D
_orkintel
1404EC686
_ghost
13FECB80A
gameSpeed
137C300E1
enableTimestop
137C300DD
time_readAOB
1401A0678
time_writeAOB
13FFC0DB6
gameSpeed2
137C300E9
pTime_readAOB2
1401A0718
_runelvl
140378CB0
aob_xp
1400F1983
aob_arr
1407432C4
aob_foc
14074389C
aob_com
14074B361
aob_easy
140705FBF
aob_rune
14021D7D9
aob_miss
1406C30E3
aob_god
14069FC7A
aob_uruk
13FFCD703