329
"FOV Override (AOB) = F1"
80000008
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscanmodule(fovOverrideAOB,Disrupt_b64.dll,F3 0F 11 49 24 F3 0F 11 49 28 C3)
registersymbol(fovOverrideAOB)
aobscanmodule(fovGetAOB,Disrupt_b64.dll,F3 x x 40 2C F3 x x 48 30 49 8B 04 24)
registersymbol(fovGetAOB)
alloc(newmem,2048,"Disrupt_b64.dll")
label(returnhere)
label(exit)
label(newmem2)
label(returnhere2)
label(exit2)
label(pPlayer)
registersymbol(pPlayer)
////////
newmem:
jmp exit
exit:
jmp returnhere
////////
newmem2:
mov [pPlayer],rax
movss xmm0,[rax+2C]
jmp exit2
exit2:
jmp returnhere2
///
pPlayer:
dd 0
///
////////
fovOverrideAOB:
jmp newmem
returnhere:
fovGetAOB:
jmp newmem2
returnhere2:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
fovOverrideAOB:
movss [rcx+24],xmm1
//
fovGetAOB:
movss xmm0,[rax+2C]
//
unregistersymbol(pPlayer)
unregistersymbol(fovOverrideAOB)
unregistersymbol(fovGetAOB)
Activate
112
0
Deactivate
18
112
1
1897
"FOV"
80000008
Float
pPlayer
2C
Increase Value
33
.1
0
Decrease Value
34
.1
1
1872
"Gamespeed/Timestop (AOB) = F2"
000000
Auto Assembler Script
[ENABLE]
aobscanmodule(timeStopAOB,Disrupt_b64.dll,F2 0F 59 53 70 66 0F 28 C2 F2 0F 11 53 48)
registersymbol(timeStopAOB)
alloc(newmem,2048,"Disrupt_b64.dll")
label(returnhere)
label(exit)
label(Gamespeed)
registersymbol(Gamespeed)
newmem:
mov [Gamespeed],rbx
mulsd xmm2,[rbx+70]
jmp exit
exit:
jmp returnhere
///
Gamespeed:
dd 0
///
timeStopAOB:
jmp newmem
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
timeStopAOB:
mulsd xmm2,[rbx+70]
unregistersymbol(Gamespeed)
Activate
113
0
Deactivate
18
113
1
1873
"Gamespeed"
000000
Float
Gamespeed
74
Set Value
114
.4
0
Set Value
115
1.875
1
Set Value
18
57
1.69
2
Set Value
18
48
1.55
3
1881
"Free Camera = F5"
80000008
Auto Assembler Script
[ENABLE]
alloc(newmem,2048,"Disrupt_b64.dll")
label(returnhere)
label(exit)
label(newmem2)
label(returnhere2)
label(exit2)
label(newmem3)
label(returnhere3)
label(exit3)
label(newmem4)
label(returnhere4)
label(exit4)
label(camPointer)
registersymbol(camPointer)
newmem:
mov eax,[rdx+04]
jmp exit
exit:
jmp returnhere
////
newmem2:
mov eax,[rdx+08]
jmp exit2
exit2:
jmp returnhere2
////
newmem3:
ret
int 3
jmp exit3
exit3:
jmp returnhere3
////
newmem4: //this is allocated memory, you have read,write,execute access
//place your code here
mov [camPointer],rdx
mov eax,[rdx+04]
mov [rcx+04],eax
jmp exit4
exit4:
jmp returnhere4
////
camPointer:
dd 0
////
"Disrupt_b64.dll"+1D954D2:
jmp newmem
nop
returnhere:
"Disrupt_b64.dll"+1D954D8:
jmp newmem2
nop
returnhere2:
"Disrupt_b64.dll"+1D954DE:
jmp newmem3
returnhere3:
"Disrupt_b64.dll"+1520564:
jmp newmem4
nop
returnhere4:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"Disrupt_b64.dll"+1D954D2:
mov [rcx+04],eax
mov eax,[rdx+04]
//
"Disrupt_b64.dll"+1D954D8:
mov [rcx+08],eax
mov eax,[rdx+08]
//
"Disrupt_b64.dll"+1D954DE:
mov [rcx+0C],eax
ret
int 3
//
"Disrupt_b64.dll"+1520564:
mov eax,[rdx+04]
mov [rcx+04],eax
unregistersymbol(camPointer)
Toggle Activation
116
0
1916
"X"
80000008
Float
camPointer
4
Increase Value
18
102
1
0
Decrease Value
18
100
1
1
Increase Value
102
.2
2
Decrease Value
100
.2
3
1917
"Y"
80000008
Float
camPointer
8
Increase Value
18
104
1
0
Decrease Value
18
98
1
1
Increase Value
104
.2
2
Decrease Value
98
.2
3
1918
"Z"
80000008
Float
camPointer
C
Increase Value
18
105
.5
0
Decrease Value
18
99
.5
1
Increase Value
105
.1
2
Decrease Value
99
.1
3
1905
"Time of Day (AOB) = F6"
80000008
Auto Assembler Script
[ENABLE]
aobscanmodule(timeOfDayAOB,Disrupt_b64.dll,F3 0F 11 BE x x x x 48 8B CE E8 x x x x 41 0F 28 C8)
registersymbol(timeOfDayAOB)
label(pTimeOfDay)
registersymbol(pTimeOfDay)
alloc(newmem,2048,"Disrupt_b64.dll"+19DEDBC)
label(returnhere)
label(exit)
newmem:
mov [pTimeOfDay],rsi
movss [rsi+00000758],xmm7
jmp exit
exit:
jmp returnhere
///
pTimeOfDay:
dd 0
///
timeOfDayAOB:
jmp newmem
nop
nop
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
timeOfDayAOB:
movss [rsi+00000758],xmm7
unregistersymbol(pTimeOfDay)
Activate
117
0
Deactivate
18
117
1
1908
"[ ] keys (hold alt to change faster)"
8000FF
1
1906
"Time of Day"
80000008
Float
pTimeOfDay
758
Toggle Activation
106
0
Increase Value
221
100
7
Decrease Value
219
100
8
Increase Value
18
221
1500
1
Decrease Value
18
219
1500
2
1919
"Cheats (1.03)"
0000FF
1
153
"Player Stats (Activate at main menu)"
000000
Auto Assembler Script
{By NanoByte @ cheatengine.org}
[ENABLE]
//
alloc(_wd64PlayerHook,256,"Disrupt_b64.dll")
//
label(_wd64PlayerHook_exit)
label(_wd64PlayerHook_aob_jmp)
label(_wd64PlayerHook_player)
//
registersymbol(_wd64PlayerHook_aob_jmp)
registersymbol(_wd64PlayerHook_player)
//
aobscanmodule(_wd64PlayerHook_aob,Disrupt_b64.dll,8B 87 ?? ?? ?? ?? 44 89 9F ?? ?? ?? ??)
_wd64PlayerHook+128:
_wd64PlayerHook_player:
dd 0
_wd64PlayerHook:
mov [rdi+170],r11d
mov [_wd64PlayerHook_player],rdi
jmp _wd64PlayerHook_exit
_wd64PlayerHook_aob+6:
_wd64PlayerHook_aob_jmp:
jmp _wd64PlayerHook
db 90 90
_wd64PlayerHook_exit:
[DISABLE]
dealloc(_wd64PlayerHook)
_wd64PlayerHook_aob_jmp:
db 44 89 9F 70 01 00 00
unregistersymbol(_wd64PlayerHook_aob_jmp)
unregistersymbol(_wd64PlayerHook_player)
154
"Experience Points"
80000008
4 Bytes
_wd64PlayerHook_player
A8
155
"Money"
80000008
4 Bytes
_wd64PlayerHook_player
9C
156
"Notoriety"
80000008
4 Bytes
_wd64PlayerHook_player
170
157
"Skill Points"
80000008
4 Bytes
_wd64PlayerHook_player
A0
160
"God Mode"
80000008
Auto Assembler Script
{By Daijobu @ cheatengine.org}
[ENABLE]
//Allocations
alloc(_wd64GodMode,256,"Disrupt_b64.dll")
//Labels
label(_wd64God_var_1)
label(_wd64God_var_1_check)
label(_wd64God_var_2)
//
label(_wd64GodMode_return)
label(_wd64GodMode_exit)
//
label(_wd64God_Enabled)
label(_wd64God_Disabled)
//
label(_wd64_Godmode_aob_jmp_1)
label(_wd64_Godmode_aob_jmp_2)
//
registersymbol(_wd64_Godmode_aob_jmp_1)
registersymbol(_wd64_Godmode_aob_jmp_2)
//
{This one's gonna break with a game update EDIT: or not}
aobscanmodule(_wd64_Godmode_aob_1,Disrupt_b64.dll,84 C0 75 70 48 8B 4F 50)//"Disrupt_b64.dll"+D6E0A6
aobscanmodule(_wd64_Godmode_aob_2,Disrupt_b64.dll,48 83 79 08 00 F3 0F 11 49 18)//"Disrupt_b64.dll"+518F9B
_wd64GodMode+0:
_wd64God_var_1:
dd 0
_wd64GodMode+8:
_wd64God_var_2:
dd 0
{LEA #1 Always Player, load once on activation}
_wd64GodMode+32:
push rax
lea rax,[rcx+18]
cmp rax,[_wd64God_var_1]
je _wd64God_var_1_check
mov [_wd64God_var_1],rax
_wd64God_var_1_check:
pop rax
movss [rdi+000000EC],xmm1 //Original
jmp _wd64GodMode_return
{LEA #2 Active on hit. Player & NPC}
_wd64GodMode+64:
push rax
lea rax,[rcx+18]
mov [_wd64God_var_2],rax
{Compare}
mov rax,[_wd64God_var_1]
cmp rax,[_wd64God_var_2]
je _wd64God_Enabled
jmp _wd64God_Disabled
{Enable of Disable God Mode}
_wd64God_Enabled:
pop rax //pop as return from GodModeCheck
movss [rcx+18],xmm0
jmp _wd64GodMode_exit
_wd64God_Disabled:
pop rax //pop as return from GodModeCheck
movss [rcx+18],xmm1
jmp _wd64GodMode_exit
{Main Addresses}
_wd64_Godmode_aob_1-D:{"Disrupt_b64.dll"+D6E099}
_wd64_Godmode_aob_jmp_1:
jmp _wd64GodMode+32
db 90 90 90
_wd64GodMode_return:
_wd64_Godmode_aob_2+5: {"Disrupt_b64.dll"+518FA0}
_wd64_Godmode_aob_jmp_2:
jmp _wd64GodMode+64
_wd64GodMode_exit:
[DISABLE]
dealloc(_wd64GodMode)
_wd64_Godmode_aob_jmp_1: {"Disrupt_b64.dll"+D6E099}
db F3 0F 11 8F EC 00 00 00
_wd64_Godmode_aob_jmp_2: {"Disrupt_b64.dll"+518FA0}
db F3 0F 11 49 18
//
unregistersymbol(_wd64_Godmode_aob_jmp_1)
unregistersymbol(_wd64_Godmode_aob_jmp_2)
142
"Stealth"
80000008
Auto Assembler Script
{By Daijobu @ cheatengine.org
Tested on Watch_Dogs Reloaded Hotfix 30/05/2014}
[ENABLE]
{Allocations}
alloc(_wd64Stealth_v3,128,"Disrupt_b64.dll")
{Labels}
label(_wd64Stealth_v3_exit)
label(_wd64Stealth_v3_aob_jmp)
label(_wd64Stealth_v3_aob_retaddress)
{Symbols}
registersymbol(_wd64Stealth_v3_aob_jmp)
registersymbol(_wd64Stealth_v3_aob_retaddress)
{Array of Byte scans}
aobscanmodule(_wd64Stealth_v3_aob,Disrupt_b64.dll,48 8B CB 0F 28 C8 E8 xx xx xx xx 80 7B 11 00)
aobscanmodule(_wd64Stealth_v3_aob_ret,Disrupt_b64.dll,48 8B 4E 10 E8 xx xx xx xx 48 8B 5C 24 40 48 8B 6C 24 48)
{Main Code}
_wd64Stealth_v3:
{movaps xmm1,xmm0} {This one is used by the following call, we don't need this.}
jmp _wd64Stealth_v3_aob_retaddress {Jump to the end using the address we got from the AoB scan}
{call Disrupt_b64.RunGame+A02ED0} {This call causes detection, we simply jump past it and
the registers (after the call) that cause the warning triangles to pop up.}
jmp _wd64Stealth_v3_exit {Exit, for Cheatengine}
{Get the JMP}
_wd64Stealth_v3_aob_ret+9:
_wd64Stealth_v3_aob_retaddress:
{Main Address}
_wd64Stealth_v3_aob+3:
_wd64Stealth_v3_aob_jmp:
jmp _wd64Stealth_v3
db 90 90 90
_wd64Stealth_v3_exit:
[DISABLE]
dealloc(_wd64Stealth_v3)
_wd64Stealth_v3_aob_jmp:
db 0F 28 C8 E8 FC CE 01 00
unregistersymbol(_wd64Stealth_v3_aob_jmp)
unregistersymbol(_wd64Stealth_v3_aob_retaddress)
1
"Infinite Battery"
000000
Auto Assembler Script
{By gir489 @ cheatengine.org}
{.text:000000018021FDFB 48 89 7C 24 78 mov [rsp+58h+arg_18], rdi
.text:000000018021FE00 3B D0 cmp edx, eax
.text:000000018021FE02 0F 42 C2 cmovb eax, edx
.text:000000018021FE05 48 8D 15 BCE59E02 lea rdx, aBatterychanged ; "BatteryChanged"} //Look for this in the RDATA table.
AoBScanModule( battery, Disrupt_b64.dll, 48 89 7C 24 ? 3B D0 )
[ENABLE]
battery+7:
db 90 90 90
{Nop out the instruction.
This instruction says:
If the battery was changed, move the new value in. If it's not, keep it the same.
We're basically tricking it in to thinking the battery was never changed.}
[DISABLE]
battery+7:
cmovb eax,edx //Original Code
14
"Build 1 item, get all"
000000
Auto Assembler Script
[ENABLE]
//
alloc(_buildStack,128,"Disrupt_b64.dll")
//
label(_buildStack_exit)
label(_buildStack_aob_jmp)
//
registersymbol(_buildStack_aob_jmp)
//
aobscanmodule(_buildStack_aob,Disrupt_b64.dll,44 01 6A 0C 8B 42 0C ?? ?? 0F 42 F8)
_buildStack:
add [rdx+0C],14
add [rdx+0C],r13d
mov eax,[rdx+0C]
jmp _buildStack_exit
_buildStack_aob:
_buildStack_aob_jmp:
jmp _buildStack
db 90 90
_buildStack_exit:
[DISABLE]
dealloc(_buildStack)
_buildStack_aob_jmp:
db 44 01 6A 0C 8B 42 0C
unregistersymbol(_buildStack_aob_jmp)
Code :mov [rcx+0C],eax
7FED34DC74E
Disrupt_b64.dll
1D7C74E
41
08
8B
42
08
89
41
0C
C3
CC
CC
CC
CC
Code :mov [rcx+04],eax
7FED34DC742
Disrupt_b64.dll
1D7C742
CC
CC
CC
8B
02
89
41
04
8B
42
04
89
41
Code :mov [rcx+08],eax
7FED34DC748
Disrupt_b64.dll
1D7C748
41
04
8B
42
04
89
41
08
8B
42
08
89
41
Code :movss [rcx+24],xmm1
7FEDA252F84
Disrupt_b64.dll
1D82F84
CC
44
89
41
3C
F3
0F
11
49
24
F3
0F
11
49
28
Code :movss xmm0,[rax+2C]
7FED90D8C60
Disrupt_b64.dll
C08C60
F3
0F
11
75
9F
F3
0F
10
40
2C
90
0F
10
48
30
Code :mov [rcx+04],eax
7FED99F7737
Disrupt_b64.dll
1527737
89
01
8B
42
04
89
41
04
8B
42
08
89
41
Timestop
7FED29C0028
fovGetAOB_jmp
7FED84E7A8B
cameraAOB
7FEDA24C742
camCoords1
7FED849002C
fovPointer
7FEDC0E0028
_wd64Stealth_v3_aob_jmp
7FED4FDC05C
_wd64Stealth_v3_aob_retaddress
7FED4FDC0A9
_wd64PlayerHook_aob_jmp
7FED6D61D7E
_wd64PlayerHook_player
7FED5AD0128
_wd64God_var_1
7FED5AC0000
_wd64God_var_2
7FED5AC0008
_wd64_Godmode_aob_jmp_1
7FEDADFE099
_wd64_Godmode_aob_jmp_2
7FEDA5A8FA0
timeOfDayAOB
7FED38F613C
timeStopAOB
7FED36CB808
Info about this table: