{ Game : Palworld-Win64-Shipping.exe Version: Date : 2024-01-25 Author : Administrator This script does blah blah blah } # 3倍高跳 [ENABLE] aobscanmodule(MaxJumpHeight,Palworld-Win64-Shipping.exe,F3 0F 10 83 78 01 00 00 45) // should be unique alloc(newmem,$1000,MaxJumpHeight) alloc(JumpHeightBasePtr,$8) alloc(Multi,$8) label(code) label(return) Multi: dd (float)3.0 newmem: code: mov [JumpHeightBasePtr],rbx movss xmm0,[rbx+00000178] mulss xmm0,[Multi] jmp return MaxJumpHeight: jmp newmem nop 3 return: registersymbol(MaxJumpHeight) registersymbol(JumpHeightBasePtr) [DISABLE] //code from here till the end of the code will be used to disable the cheat MaxJumpHeight: db F3 0F 10 83 78 01 00 00 unregistersymbol(MaxJumpHeight) unregistersymbol(JumpHeightBasePtr) dealloc(newmem) dealloc(JumpHeightBasePtr) dealloc(Multi) { // ORIGINAL CODE - INJECTION POINT: Palworld-Win64-Shipping.exe+48CAC70 Palworld-Win64-Shipping.exe+48CAC43: 74 61 - je Palworld-Win64-Shipping.exe+48CACA6 Palworld-Win64-Shipping.exe+48CAC45: E8 F6 84 F9 FF - call Palworld-Win64-Shipping.exe+4863140 Palworld-Win64-Shipping.exe+48CAC4A: 84 C0 - test al,al Palworld-Win64-Shipping.exe+48CAC4C: 74 58 - je Palworld-Win64-Shipping.exe+48CACA6 Palworld-Win64-Shipping.exe+48CAC4E: F6 83 00 01 00 00 10 - test byte ptr [rbx+00000100],10 Palworld-Win64-Shipping.exe+48CAC55: 74 19 - je Palworld-Win64-Shipping.exe+48CAC70 Palworld-Win64-Shipping.exe+48CAC57: F2 0F 10 83 E0 00 00 00 - movsd xmm0,[rbx+000000E0] Palworld-Win64-Shipping.exe+48CAC5F: 0F 54 05 5A 1A 54 01 - andps xmm0,[Palworld-Win64-Shipping.exe+5E0C6C0] Palworld-Win64-Shipping.exe+48CAC66: 66 0F 2E 05 4A 17 54 01 - ucomisd xmm0,[Palworld-Win64-Shipping.exe+5E0C3B8] Palworld-Win64-Shipping.exe+48CAC6E: 74 36 - je Palworld-Win64-Shipping.exe+48CACA6 // ---------- INJECTING HERE ---------- 读取最大跳跃高度 Palworld-Win64-Shipping.exe+48CAC70: F3 0F 10 83 78 01 00 00 - movss xmm0,[rbx+00000178] // ---------- DONE INJECTING ---------- Palworld-Win64-Shipping.exe+48CAC78: 45 33 C0 - xor r8d,r8d Palworld-Win64-Shipping.exe+48CAC7B: 48 8B 03 - mov rax,[rbx] Palworld-Win64-Shipping.exe+48CAC7E: 48 8B CB - mov rcx,rbx Palworld-Win64-Shipping.exe+48CAC81: 0F 5A C0 - cvtps2pd xmm0,xmm0 Palworld-Win64-Shipping.exe+48CAC84: 41 8D 50 03 - lea edx,[r8+03] Palworld-Win64-Shipping.exe+48CAC88: F2 0F 5F 83 C8 00 00 00 - maxsd xmm0,[rbx+000000C8] Palworld-Win64-Shipping.exe+48CAC90: F2 0F 11 83 C8 00 00 00 - movsd [rbx+000000C8],xmm0 Palworld-Win64-Shipping.exe+48CAC98: FF 90 20 06 00 00 - call qword ptr [rax+00000620] Palworld-Win64-Shipping.exe+48CAC9E: B0 01 - mov al,01 Palworld-Win64-Shipping.exe+48CACA0: 48 83 C4 20 - add rsp,20 }copy success
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
{ Game : Palworld-Win64-Shipping.exe Version: Date : 2024-01-25 Author : Administrator 赋值最大血量 } [ENABLE] aobscanmodule(blood,Palworld-Win64-Shipping.exe,48 89 01 48 8B C1 C3 CC CC CC CC CC CC 8B) // should be unique alloc(newmem,$1000,blood) label(code) label(return) newmem: { rcx == [PBasePtr + 2E8] } push rax mov rax, [PBasePtr] lea rax, [rax+2E8] cmp rcx, rax pop rax jne code mov rax,[PBasePtr] mov rax,[rax+358] code: mov [rcx],rax mov rax,rcx jmp return blood: jmp newmem nop return: registersymbol(blood) [DISABLE] //code from here till the end of the code will be used to disable the cheat blood: db 48 89 01 48 8B C1 unregistersymbol(blood) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: Palworld-Win64-Shipping.exe+2B8F253 Palworld-Win64-Shipping.exe+2B8F22E: E8 CD 26 3C 00 - call Palworld-Win64-Shipping.exe+2F51900 Palworld-Win64-Shipping.exe+2B8F233: 48 8B CB - mov rcx,rbx Palworld-Win64-Shipping.exe+2B8F236: 48 8B 5C 24 30 - mov rbx,[rsp+30] Palworld-Win64-Shipping.exe+2B8F23B: 48 8B 6C 24 38 - mov rbp,[rsp+38] Palworld-Win64-Shipping.exe+2B8F240: 48 8B 74 24 40 - mov rsi,[rsp+40] Palworld-Win64-Shipping.exe+2B8F245: 48 83 C4 20 - add rsp,20 Palworld-Win64-Shipping.exe+2B8F249: 5F - pop rdi Palworld-Win64-Shipping.exe+2B8F24A: E9 B1 7A 40 00 - jmp Palworld-Win64-Shipping.exe+2F96D00 Palworld-Win64-Shipping.exe+2B8F24F: CC - int 3 Palworld-Win64-Shipping.exe+2B8F250: 48 8B 02 - mov rax,[rdx] // ---------- INJECTING HERE ---------- Palworld-Win64-Shipping.exe+2B8F253: 48 89 01 - mov [rcx],rax // ---------- DONE INJECTING ---------- Palworld-Win64-Shipping.exe+2B8F256: 48 8B C1 - mov rax,rcx Palworld-Win64-Shipping.exe+2B8F259: C3 - ret Palworld-Win64-Shipping.exe+2B8F25A: CC - int 3 Palworld-Win64-Shipping.exe+2B8F25B: CC - int 3 Palworld-Win64-Shipping.exe+2B8F25C: CC - int 3 Palworld-Win64-Shipping.exe+2B8F25D: CC - int 3 Palworld-Win64-Shipping.exe+2B8F25E: CC - int 3 Palworld-Win64-Shipping.exe+2B8F25F: CC - int 3 Palworld-Win64-Shipping.exe+2B8F260: 8B 02 - mov eax,[rdx] Palworld-Win64-Shipping.exe+2B8F262: 89 01 - mov [rcx],eax }copy success
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
{ Game : Palworld-Win64-Shipping.exe Version: Date : 2024-01-25 Author : Administrator This script does blah blah blah } [ENABLE] aobscanmodule(SetBasePtrByFood,Palworld-Win64-Shipping.exe,F3 0F 11 87 00 03 00 00 48) // should be unique alloc(newmem,$1000,SetBasePtrByFood) alloc(PBasePtr,$8) label(code) label(return) newmem: { +328 1 是角色 0是帕鲁 +344 0 是角色 1是帕鲁 } cmp dword ptr [rdi+328],0 je code mov [PBasePtr],rdi code: movss xmm0,xmm2 movss [rdi+00000300],xmm0 jmp return SetBasePtrByFood: jmp newmem nop 3 return: registersymbol(SetBasePtrByFood) registersymbol(PBasePtr) [DISABLE] //code from here till the end of the code will be used to disable the cheat SetBasePtrByFood: db F3 0F 11 87 00 03 00 00 unregistersymbol(SetBasePtrByFood) unregistersymbol(PBasePtr) dealloc(newmem) dealloc(PBasePtr) { // ORIGINAL CODE - INJECTION POINT: Palworld-Win64-Shipping.exe+29E48E6 Palworld-Win64-Shipping.exe+29E48BB: 0F 2F FE - comiss xmm7,xmm6 Palworld-Win64-Shipping.exe+29E48BE: 73 05 - jae Palworld-Win64-Shipping.exe+29E48C5 Palworld-Win64-Shipping.exe+29E48C0: 0F 57 C0 - xorps xmm0,xmm0 Palworld-Win64-Shipping.exe+29E48C3: EB 0C - jmp Palworld-Win64-Shipping.exe+29E48D1 Palworld-Win64-Shipping.exe+29E48C5: F3 0F 10 87 DC 03 00 00 - movss xmm0,[rdi+000003DC] Palworld-Win64-Shipping.exe+29E48CD: F3 0F 5D C7 - minss xmm0,xmm7 Palworld-Win64-Shipping.exe+29E48D1: F3 0F 10 8F 00 03 00 00 - movss xmm1,[rdi+00000300] Palworld-Win64-Shipping.exe+29E48D9: 0F 2E C8 - ucomiss xmm1,xmm0 Palworld-Win64-Shipping.exe+29E48DC: 0F 84 4D 01 00 00 - je Palworld-Win64-Shipping.exe+29E4A2F Palworld-Win64-Shipping.exe+29E48E2: 48 8D 4F 78 - lea rcx,[rdi+78] // ---------- INJECTING HERE ---------- Palworld-Win64-Shipping.exe+29E48E6: F3 0F 11 87 00 03 00 00 - movss [rdi+00000300],xmm0 // ---------- DONE INJECTING ---------- Palworld-Win64-Shipping.exe+29E48EE: 48 8D 54 24 60 - lea rdx,[rsp+60] Palworld-Win64-Shipping.exe+29E48F3: F3 0F 11 44 24 60 - movss [rsp+60],xmm0 Palworld-Win64-Shipping.exe+29E48F9: F3 0F 11 4C 24 64 - movss [rsp+64],xmm1 Palworld-Win64-Shipping.exe+29E48FF: E8 8C 0F 19 FE - call Palworld-Win64-Shipping.exe+B75890 Palworld-Win64-Shipping.exe+29E4904: 48 8B CF - mov rcx,rdi Palworld-Win64-Shipping.exe+29E4907: E8 74 E7 14 00 - call Palworld-Win64-Shipping.exe+2B33080 Palworld-Win64-Shipping.exe+29E490C: F3 0F 10 97 00 03 00 00 - movss xmm2,[rdi+00000300] Palworld-Win64-Shipping.exe+29E4914: 0F 28 CA - movaps xmm1,xmm2 Palworld-Win64-Shipping.exe+29E4917: F3 0F 5E 8F DC 03 00 00 - divss xmm1,[rdi+000003DC] Palworld-Win64-Shipping.exe+29E491F: 66 0F 6E 80 F8 02 00 00 - movd xmm0,[rax+000002F8] }copy success
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
TIP
F3 0F 10 F7 是一个机器码指令,对应的汇编指令是 movss xmm6, xmm7。
//快速孵化 [ENABLE] aobscanmodule(eggProgress,$process,F3 0F 58 ?? ?? ?? 00 00 F3 0F 5D ?? EB 08 F3 0F 10) eggProgress+08: db F3 0F 10 registersymbol(eggProgress) [DISABLE] eggProgress+08: db F3 0F 5D unregistersymbol(eggProgress) { // ORIGINAL CODE - INJECTION POINT: Palworld-Win64-Shipping.<lambda_0ca147c4c438052a8b4f9ba7135bb124>::operator()+106 Palworld-Win64-Shipping.<lambda_0ca147c4c438052a8b4f9ba7135bb124>::operator()+E0: 48 8B CD - mov rcx,rbp Palworld-Win64-Shipping.<lambda_0ca147c4c438052a8b4f9ba7135bb124>::operator()+E3: 48 85 F6 - test rsi,rsi Palworld-Win64-Shipping.<lambda_0ca147c4c438052a8b4f9ba7135bb124>::operator()+E6: 48 8B 74 24 60 - mov rsi,[rsp+60] Palworld-Win64-Shipping.<lambda_0ca147c4c438052a8b4f9ba7135bb124>::operator()+EB: 48 0F 44 CD - cmove rcx,rbp Palworld-Win64-Shipping.<lambda_0ca147c4c438052a8b4f9ba7135bb124>::operator()+EF: 48 85 C9 - test rcx,rcx Palworld-Win64-Shipping.<lambda_0ca147c4c438052a8b4f9ba7135bb124>::operator()+F2: 74 0A - je Palworld-Win64-Shipping.<lambda_0ca147c4c438052a8b4f9ba7135bb124>::operator()+FE Palworld-Win64-Shipping.<lambda_0ca147c4c438052a8b4f9ba7135bb124>::operator()+F4: 48 8B 01 - mov rax,[rcx] Palworld-Win64-Shipping.<lambda_0ca147c4c438052a8b4f9ba7135bb124>::operator()+F7: FF 50 18 - call qword ptr [rax+18] Palworld-Win64-Shipping.<lambda_0ca147c4c438052a8b4f9ba7135bb124>::operator()+FA: F3 0F 59 F8 - mulss xmm7,xmm0 Palworld-Win64-Shipping.<lambda_0ca147c4c438052a8b4f9ba7135bb124>::operator()+FE: F3 0F 58 B3 44 03 00 00 - addss xmm6,[rbx+00000344] // ---------- INJECTING HERE ---------- Palworld-Win64-Shipping.<lambda_0ca147c4c438052a8b4f9ba7135bb124>::operator()+106: F3 0F 5D F7 - minss xmm6,xmm7 // ---------- DONE INJECTING ---------- Palworld-Win64-Shipping.<lambda_0ca147c4c438052a8b4f9ba7135bb124>::operator()+10A: EB 08 - jmp Palworld-Win64-Shipping.<lambda_0ca147c4c438052a8b4f9ba7135bb124>::operator()+114 Palworld-Win64-Shipping.<lambda_0ca147c4c438052a8b4f9ba7135bb124>::operator()+10C: F3 0F 10 B3 44 03 00 00 - movss xmm6,[rbx+00000344] Palworld-Win64-Shipping.<lambda_0ca147c4c438052a8b4f9ba7135bb124>::operator()+114: 0F 28 7C 24 20 - movaps xmm7,[rsp+20] Palworld-Win64-Shipping.<lambda_0ca147c4c438052a8b4f9ba7135bb124>::operator()+119: F3 0F 11 77 08 - movss [rdi+08],xmm6 Palworld-Win64-Shipping.<lambda_0ca147c4c438052a8b4f9ba7135bb124>::operator()+11E: 0F 28 74 24 30 - movaps xmm6,[rsp+30] Palworld-Win64-Shipping.<lambda_0ca147c4c438052a8b4f9ba7135bb124>::operator()+123: C6 47 0C 01 - mov byte ptr [rdi+0C],01 Palworld-Win64-Shipping.<lambda_0ca147c4c438052a8b4f9ba7135bb124>::operator()+127: 48 8B 6C 24 58 - mov rbp,[rsp+58] Palworld-Win64-Shipping.<lambda_0ca147c4c438052a8b4f9ba7135bb124>::operator()+12C: 48 8B 7C 24 68 - mov rdi,[rsp+68] Palworld-Win64-Shipping.<lambda_0ca147c4c438052a8b4f9ba7135bb124>::operator()+131: 48 83 C4 40 - add rsp,40 Palworld-Win64-Shipping.<lambda_0ca147c4c438052a8b4f9ba7135bb124>::operator()+135: 5B - pop rbx }copy success
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
TIP
指令0F 57 C0对应的汇编指令是xorps xmm0, xmm0
{ Game : Palworld-Win64-Shipping.exe Version: Date : 2024-01-25 Author : Administrator This script does blah blah blah } [ENABLE] //code from here to '[DISABLE]' will be used to enable the cheat aobscanmodule(ZeroWeight,Palworld-Win64-Shipping.exe,F3 0F 11 B3 50 01 00 00 72) // should be unique alloc(newmem,$1000,ZeroWeight) label(code) label(return) newmem: code: xorps xmm6, xmm6 movss [rbx+00000150],xmm6 jmp return ZeroWeight: jmp newmem nop 3 return: registersymbol(ZeroWeight) [DISABLE] //code from here till the end of the code will be used to disable the cheat ZeroWeight: db F3 0F 11 B3 50 01 00 00 unregistersymbol(ZeroWeight) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: Palworld-Win64-Shipping.exe+2AE8279 Palworld-Win64-Shipping.exe+2AE824F: CC - int 3 Palworld-Win64-Shipping.exe+2AE8250: 40 53 - push rbx Palworld-Win64-Shipping.exe+2AE8252: 48 83 EC 30 - sub rsp,30 Palworld-Win64-Shipping.exe+2AE8256: 0F 29 74 24 20 - movaps [rsp+20],xmm6 Palworld-Win64-Shipping.exe+2AE825B: 48 8B D9 - mov rbx,rcx Palworld-Win64-Shipping.exe+2AE825E: E8 DD B7 FD FF - call Palworld-Win64-Shipping.exe+2AC3A40 Palworld-Win64-Shipping.exe+2AE8263: F3 0F 10 8B 50 01 00 00 - movss xmm1,[rbx+00000150] Palworld-Win64-Shipping.exe+2AE826B: 0F 28 F0 - movaps xmm6,xmm0 Palworld-Win64-Shipping.exe+2AE826E: F3 0F 10 83 54 01 00 00 - movss xmm0,[rbx+00000154] Palworld-Win64-Shipping.exe+2AE8276: 0F 2F C8 - comiss xmm1,xmm0 // ---------- INJECTING HERE ---------- Palworld-Win64-Shipping.exe+2AE8279: F3 0F 11 B3 50 01 00 00 - movss [rbx+00000150],xmm6 // ---------- DONE INJECTING ---------- Palworld-Win64-Shipping.exe+2AE8281: 72 0E - jb Palworld-Win64-Shipping.exe+2AE8291 Palworld-Win64-Shipping.exe+2AE8283: 0F 2F F0 - comiss xmm6,xmm0 Palworld-Win64-Shipping.exe+2AE8286: 73 25 - jae Palworld-Win64-Shipping.exe+2AE82AD Palworld-Win64-Shipping.exe+2AE8288: 48 8D 8B A0 00 00 00 - lea rcx,[rbx+000000A0] Palworld-Win64-Shipping.exe+2AE828F: EB 0C - jmp Palworld-Win64-Shipping.exe+2AE829D Palworld-Win64-Shipping.exe+2AE8291: 0F 2F F0 - comiss xmm6,xmm0 Palworld-Win64-Shipping.exe+2AE8294: 72 17 - jb Palworld-Win64-Shipping.exe+2AE82AD Palworld-Win64-Shipping.exe+2AE8296: 48 8D 8B 90 00 00 00 - lea rcx,[rbx+00000090] Palworld-Win64-Shipping.exe+2AE829D: 48 8D 54 24 40 - lea rdx,[rsp+40] Palworld-Win64-Shipping.exe+2AE82A2: F3 0F 11 74 24 40 - movss [rsp+40],xmm6 }copy success
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
// 0负重 [ENABLE] aobscanmodule(weight,$process,66 0F 6E ?? ?? ?? 00 00 0F 5B C0 F3 0F 59 ?? ?? ?? 00 00 F3 0F 58) weight+08: db 0F 57 C0 registersymbol(weight) [DISABLE] weight+08: db 0F 5B C0 unregistersymbol(weight) { // ORIGINAL CODE - INJECTION POINT: Palworld-Win64-Shipping.UPalPlayerInventoryData::CalculateInventoryWeight+1D6 Palworld-Win64-Shipping.UPalPlayerInventoryData::CalculateInventoryWeight+1AC: 74 37 - je Palworld-Win64-Shipping.UPalPlayerInventoryData::CalculateInventoryWeight+1E5 Palworld-Win64-Shipping.UPalPlayerInventoryData::CalculateInventoryWeight+1AE: 48 8B 80 DC 00 00 00 - mov rax,[rax+Palworld-Win64-Shipping.ExecutionResourceImpl::ExecutionResourceStack+4] Palworld-Win64-Shipping.UPalPlayerInventoryData::CalculateInventoryWeight+1B5: 48 3B 05 74 F1 BD 05 - cmp rax,[Palworld-Win64-Shipping.exe+86A3620] Palworld-Win64-Shipping.UPalPlayerInventoryData::CalculateInventoryWeight+1BC: 74 27 - je Palworld-Win64-Shipping.UPalPlayerInventoryData::CalculateInventoryWeight+1E5 Palworld-Win64-Shipping.UPalPlayerInventoryData::CalculateInventoryWeight+1BE: 48 8B D0 - mov rdx,rax Palworld-Win64-Shipping.UPalPlayerInventoryData::CalculateInventoryWeight+1C1: 49 8B CE - mov rcx,r14 Palworld-Win64-Shipping.UPalPlayerInventoryData::CalculateInventoryWeight+1C4: E8 97 3B F4 FF - call Palworld-Win64-Shipping.UPalItemIDManager::GetStaticItemData Palworld-Win64-Shipping.UPalPlayerInventoryData::CalculateInventoryWeight+1C9: 48 85 C0 - test rax,rax Palworld-Win64-Shipping.UPalPlayerInventoryData::CalculateInventoryWeight+1CC: 74 17 - je Palworld-Win64-Shipping.UPalPlayerInventoryData::CalculateInventoryWeight+1E5 Palworld-Win64-Shipping.UPalPlayerInventoryData::CalculateInventoryWeight+1CE: 66 0F 6E 83 04 01 00 00 - movd xmm0,[rbx+pickupOff] // ---------- INJECTING HERE ---------- Palworld-Win64-Shipping.UPalPlayerInventoryData::CalculateInventoryWeight+1D6: 0F 5B C0 - cvtdq2ps xmm0,xmm0 // ---------- DONE INJECTING ---------- Palworld-Win64-Shipping.UPalPlayerInventoryData::CalculateInventoryWeight+1D9: F3 0F 59 80 1C 01 00 00 - mulss xmm0,[rax+0000011C] Palworld-Win64-Shipping.UPalPlayerInventoryData::CalculateInventoryWeight+1E1: F3 0F 58 F0 - addss xmm6,xmm0 Palworld-Win64-Shipping.UPalPlayerInventoryData::CalculateInventoryWeight+1E5: 48 8B 06 - mov rax,[rsi] Palworld-Win64-Shipping.UPalPlayerInventoryData::CalculateInventoryWeight+1E8: 48 8B CE - mov rcx,rsi Palworld-Win64-Shipping.UPalPlayerInventoryData::CalculateInventoryWeight+1EB: FF C7 - inc edi Palworld-Win64-Shipping.UPalPlayerInventoryData::CalculateInventoryWeight+1ED: FF 90 B0 02 00 00 - call qword ptr [rax+Palworld-Win64-Shipping.Chaos::GThreadLockCheckData+10] Palworld-Win64-Shipping.UPalPlayerInventoryData::CalculateInventoryWeight+1F3: 3B F8 - cmp edi,eax Palworld-Win64-Shipping.UPalPlayerInventoryData::CalculateInventoryWeight+1F5: 0F 8C 06 FF FF FF - jl Palworld-Win64-Shipping.UPalPlayerInventoryData::CalculateInventoryWeight+101 Palworld-Win64-Shipping.UPalPlayerInventoryData::CalculateInventoryWeight+1FB: 48 83 C5 10 - add rbp,10 Palworld-Win64-Shipping.UPalPlayerInventoryData::CalculateInventoryWeight+1FF: 49 3B EF - cmp rbp,r15copy success
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
TIP
8D 42 00 是一条机器码指令,对应的汇编是 lea eax, [rdx]
//不扣子弹 [ENABLE] aobscanmodule(NoSubBullet,Palworld-Win64-Shipping.exe,8D 42 FF 89 41 7C) // should be unique NoSubBullet+02: db 00 registersymbol(NoSubBullet) [DISABLE] NoSubBullet+02: db FF unregistersymbol(NoSubBullet) { // ORIGINAL CODE - INJECTION POINT: Palworld-Win64-Shipping.exe+29B8212 Palworld-Win64-Shipping.exe+29B81FD: CC - int 3 Palworld-Win64-Shipping.exe+29B81FE: CC - int 3 Palworld-Win64-Shipping.exe+29B81FF: CC - int 3 Palworld-Win64-Shipping.exe+29B8200: 48 83 EC 28 - sub rsp,28 Palworld-Win64-Shipping.exe+29B8204: 8B 51 7C - mov edx,[rcx+7C] Palworld-Win64-Shipping.exe+29B8207: 85 D2 - test edx,edx Palworld-Win64-Shipping.exe+29B8209: 7F 07 - jg Palworld-Win64-Shipping.exe+29B8212 Palworld-Win64-Shipping.exe+29B820B: 32 C0 - xor al,al Palworld-Win64-Shipping.exe+29B820D: 48 83 C4 28 - add rsp,28 Palworld-Win64-Shipping.exe+29B8211: C3 - ret // ---------- INJECTING HERE ---------- Palworld-Win64-Shipping.exe+29B8212: 8D 42 FF - lea eax,[rdx-01] // ---------- DONE INJECTING ---------- Palworld-Win64-Shipping.exe+29B8215: 89 41 7C - mov [rcx+7C],eax Palworld-Win64-Shipping.exe+29B8218: 3B D0 - cmp edx,eax Palworld-Win64-Shipping.exe+29B821A: 74 09 - je Palworld-Win64-Shipping.exe+29B8225 Palworld-Win64-Shipping.exe+29B821C: 48 83 C1 28 - add rcx,28 Palworld-Win64-Shipping.exe+29B8220: E8 8B F9 19 FE - call Palworld-Win64-Shipping.AK::WriteBytesCount::Reserve+4960 Palworld-Win64-Shipping.exe+29B8225: B0 01 - mov al,01 Palworld-Win64-Shipping.exe+29B8227: 48 83 C4 28 - add rsp,28 Palworld-Win64-Shipping.exe+29B822B: C3 - ret Palworld-Win64-Shipping.exe+29B822C: CC - int 3 Palworld-Win64-Shipping.exe+29B822D: CC - int 3 }copy success
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
// 最大饥饿值填充当前饥饿值 [ENABLE] aobscanmodule(BSD,$process,F3 0F 11 87 00 03 00 00 48) // should be unique alloc(newmem,$1000,BSD) label(code) label(return) newmem: code: movaps xmm0,xmm2 movss [rdi+00000300],xmm0 jmp return BSD: jmp newmem nop 3 return: registersymbol(BSD) [DISABLE] BSD: db F3 0F 11 87 00 03 00 00 unregistersymbol(BSD) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: Palworld-Win64-Shipping.exe+29E48E6 Palworld-Win64-Shipping.exe+29E48BB: 0F 2F FE - comiss xmm7,xmm6 Palworld-Win64-Shipping.exe+29E48BE: 73 05 - jae Palworld-Win64-Shipping.exe+29E48C5 Palworld-Win64-Shipping.exe+29E48C0: 0F 57 C0 - xorps xmm0,xmm0 Palworld-Win64-Shipping.exe+29E48C3: EB 0C - jmp Palworld-Win64-Shipping.exe+29E48D1 Palworld-Win64-Shipping.exe+29E48C5: F3 0F 10 87 DC 03 00 00 - movss xmm0,[rdi+000003DC] Palworld-Win64-Shipping.exe+29E48CD: F3 0F 5D C7 - minss xmm0,xmm7 Palworld-Win64-Shipping.exe+29E48D1: F3 0F 10 8F 00 03 00 00 - movss xmm1,[rdi+00000300] Palworld-Win64-Shipping.exe+29E48D9: 0F 2E C8 - ucomiss xmm1,xmm0 Palworld-Win64-Shipping.exe+29E48DC: 0F 84 4D 01 00 00 - je Palworld-Win64-Shipping.exe+29E4A2F Palworld-Win64-Shipping.exe+29E48E2: 48 8D 4F 78 - lea rcx,[rdi+78] // ---------- INJECTING HERE ---------- Palworld-Win64-Shipping.exe+29E48E6: F3 0F 11 87 00 03 00 00 - movss [rdi+00000300],xmm0 // ---------- DONE INJECTING ---------- Palworld-Win64-Shipping.exe+29E48EE: 48 8D 54 24 60 - lea rdx,[rsp+60] Palworld-Win64-Shipping.exe+29E48F3: F3 0F 11 44 24 60 - movss [rsp+60],xmm0 Palworld-Win64-Shipping.exe+29E48F9: F3 0F 11 4C 24 64 - movss [rsp+64],xmm1 Palworld-Win64-Shipping.exe+29E48FF: E8 8C 0F 19 FE - call Palworld-Win64-Shipping.exe+B75890 Palworld-Win64-Shipping.exe+29E4904: 48 8B CF - mov rcx,rdi Palworld-Win64-Shipping.exe+29E4907: E8 74 E7 14 00 - call Palworld-Win64-Shipping.exe+2B33080 Palworld-Win64-Shipping.exe+29E490C: F3 0F 10 97 00 03 00 00 - movss xmm2,[rdi+00000300] Palworld-Win64-Shipping.exe+29E4914: 0F 28 CA - movaps xmm1,xmm2 Palworld-Win64-Shipping.exe+29E4917: F3 0F 5E 8F DC 03 00 00 - divss xmm1,[rdi+000003DC] Palworld-Win64-Shipping.exe+29E491F: 66 0F 6E 80 F8 02 00 00 - movd xmm0,[rax+000002F8] }copy success
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
// 不减少饥饿值 // minss 的 跳转做法 [ENABLE] aobscanmodule(hunger,$process,EB 0C F3 0F 10 ?? ?? ?? 00 00 F3 0F 5D ?? F3 0F 10 ?? ?? ?? 00 00 0F) hunger+00: nop 2 hunger+0A: db EB 02 registersymbol(hunger) [DISABLE] hunger+00: db EB 0C hunger+0A: db F3 0F unregistersymbol(hunger) { // ORIGINAL CODE - INJECTION POINT: Palworld-Win64-Shipping.UPalIndividualCharacterParameter::SetFullStomach+33 Palworld-Win64-Shipping.UPalIndividualCharacterParameter::SetFullStomach+E: 0F 28 F9 - movaps xmm7,xmm1 Palworld-Win64-Shipping.UPalIndividualCharacterParameter::SetFullStomach+11: E8 6A 23 16 00 - call Palworld-Win64-Shipping.UPalUtility::IsInClientConnection Palworld-Win64-Shipping.UPalIndividualCharacterParameter::SetFullStomach+16: 84 C0 - test al,al Palworld-Win64-Shipping.UPalIndividualCharacterParameter::SetFullStomach+18: 0F 85 8B 01 00 00 - jne Palworld-Win64-Shipping.UPalIndividualCharacterParameter::SetFullStomach+1A9 Palworld-Win64-Shipping.UPalIndividualCharacterParameter::SetFullStomach+1E: 48 89 5C 24 50 - mov [rsp+50],rbx Palworld-Win64-Shipping.UPalIndividualCharacterParameter::SetFullStomach+23: 0F 29 74 24 30 - movaps [rsp+30],xmm6 Palworld-Win64-Shipping.UPalIndividualCharacterParameter::SetFullStomach+28: 0F 57 F6 - xorps xmm6,xmm6 Palworld-Win64-Shipping.UPalIndividualCharacterParameter::SetFullStomach+2B: 0F 2F FE - comiss xmm7,xmm6 Palworld-Win64-Shipping.UPalIndividualCharacterParameter::SetFullStomach+2E: 73 05 - jae Palworld-Win64-Shipping.UPalIndividualCharacterParameter::SetFullStomach+35 Palworld-Win64-Shipping.UPalIndividualCharacterParameter::SetFullStomach+30: 0F 57 C0 - xorps xmm0,xmm0 // ---------- INJECTING HERE ---------- Palworld-Win64-Shipping.UPalIndividualCharacterParameter::SetFullStomach+33: EB 0C - jmp Palworld-Win64-Shipping.UPalIndividualCharacterParameter::SetFullStomach+41 // ---------- DONE INJECTING ---------- Palworld-Win64-Shipping.UPalIndividualCharacterParameter::SetFullStomach+35: F3 0F 10 87 DC 03 00 00 - movss xmm0,[rdi+Palworld-Win64-Shipping._Init_thread_epoch] Palworld-Win64-Shipping.UPalIndividualCharacterParameter::SetFullStomach+3D: F3 0F 5D C7 - minss xmm0,xmm7 Palworld-Win64-Shipping.UPalIndividualCharacterParameter::SetFullStomach+41: F3 0F 10 8F 00 03 00 00 - movss xmm1,[rdi+Palworld-Win64-Shipping.ObjectCacheContextScopeImpl::Current] Palworld-Win64-Shipping.UPalIndividualCharacterParameter::SetFullStomach+49: 0F 2E C8 - ucomiss xmm1,xmm0 Palworld-Win64-Shipping.UPalIndividualCharacterParameter::SetFullStomach+4C: 0F 84 4D 01 00 00 - je Palworld-Win64-Shipping.UPalIndividualCharacterParameter::SetFullStomach+19F Palworld-Win64-Shipping.UPalIndividualCharacterParameter::SetFullStomach+52: 48 8D 4F 78 - lea rcx,[rdi+78] Palworld-Win64-Shipping.UPalIndividualCharacterParameter::SetFullStomach+56: F3 0F 11 87 00 03 00 00 - movss [rdi+Palworld-Win64-Shipping.ObjectCacheContextScopeImpl::Current],xmm0 Palworld-Win64-Shipping.UPalIndividualCharacterParameter::SetFullStomach+5E: 48 8D 54 24 60 - lea rdx,[rsp+60] Palworld-Win64-Shipping.UPalIndividualCharacterParameter::SetFullStomach+63: F3 0F 11 44 24 60 - movss [rsp+60],xmm0 Palworld-Win64-Shipping.UPalIndividualCharacterParameter::SetFullStomach+69: F3 0F 11 4C 24 64 - movss [rsp+64],xmm1 }copy success
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
// 不扣耐久度 // minss 的 跳转法做法 // [ENABLE] aobscanmodule(durability,$process,F3 0F 5D ?? 48 8B ?? F3 0F 5F) durability: db EB 02 registersymbol(durability) [DISABLE] durability: db F3 0F unregistersymbol(durability) { // ORIGINAL CODE - INJECTION POINT: Palworld-Win64-Shipping.UPalDynamicWeaponItemDataBase::SetDurability+E Palworld-Win64-Shipping.exe+29B1B5A: CC - int 3 Palworld-Win64-Shipping.exe+29B1B5B: CC - int 3 Palworld-Win64-Shipping.exe+29B1B5C: CC - int 3 Palworld-Win64-Shipping.exe+29B1B5D: CC - int 3 Palworld-Win64-Shipping.exe+29B1B5E: CC - int 3 Palworld-Win64-Shipping.exe+29B1B5F: CC - int 3 Palworld-Win64-Shipping.UPalDynamicWeaponItemDataBase::SetDurability: 40 53 - push rbx Palworld-Win64-Shipping.UPalDynamicWeaponItemDataBase::SetDurability+2: 48 83 EC 20 - sub rsp,20 Palworld-Win64-Shipping.UPalDynamicWeaponItemDataBase::SetDurability+6: F3 0F 10 51 0C - movss xmm2,[rcx+0C] Palworld-Win64-Shipping.UPalDynamicWeaponItemDataBase::SetDurability+B: 0F 57 C0 - xorps xmm0,xmm0 // ---------- INJECTING HERE ---------- Palworld-Win64-Shipping.UPalDynamicWeaponItemDataBase::SetDurability+E: F3 0F 5D D1 - minss xmm2,xmm1 // ---------- DONE INJECTING ---------- Palworld-Win64-Shipping.UPalDynamicWeaponItemDataBase::SetDurability+12: 48 8B D9 - mov rbx,rcx Palworld-Win64-Shipping.UPalDynamicWeaponItemDataBase::SetDurability+15: F3 0F 5F D0 - maxss xmm2,xmm0 Palworld-Win64-Shipping.UPalDynamicWeaponItemDataBase::SetDurability+19: F3 0F 10 41 08 - movss xmm0,[rcx+08] Palworld-Win64-Shipping.UPalDynamicWeaponItemDataBase::SetDurability+1E: 0F 2E C2 - ucomiss xmm0,xmm2 Palworld-Win64-Shipping.UPalDynamicWeaponItemDataBase::SetDurability+21: 74 33 - je Palworld-Win64-Shipping.UPalDynamicWeaponItemDataBase::SetDurability+56 Palworld-Win64-Shipping.UPalDynamicWeaponItemDataBase::SetDurability+23: F3 0F 11 41 10 - movss [rcx+10],xmm0 Palworld-Win64-Shipping.UPalDynamicWeaponItemDataBase::SetDurability+28: F3 0F 11 51 08 - movss [rcx+08],xmm2 Palworld-Win64-Shipping.UPalDynamicWeaponItemDataBase::SetDurability+2D: 48 83 C1 C0 - add rcx,-40 Palworld-Win64-Shipping.UPalDynamicWeaponItemDataBase::SetDurability+31: E8 1A 60 1A FE - call "Palworld-Win64"-Shipping.TMulticastDelegate<void __cdecl(void),FDefaultDelegateUserPolicy>::Broadcast Palworld-Win64-Shipping.UPalDynamicWeaponItemDataBase::SetDurability+36: 48 8B 03 - mov rax,[rbx] }copy success
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
// 物品数量修改 [ENABLE] aobscanmodule(pickup,$process,83 ?? ?? ?? 00 00 00 74 ?? 48 8B ?? ?? ?? 00 00 48 3B 05 ?? ?? ?? ?? 74 ?? 48 8D) alloc(newmem,$1000,pickup) label(pickupOff) label(pickupPtr) label(pickupBkp) label(return) (DWORD)[pickup+02]: pickupOff: newmem: push rax mov rax,pickupPtr mov [rax],rcx pop rax pickupBkp: readmem(pickup,7) jmp return align 10 pickupPtr: dq 0 pickup: jmp newmem nop 2 return: registersymbol(pickup) registersymbol(pickupBkp) registersymbol(pickupPtr) registersymbol(pickupOff) [DISABLE] pickup: readmem(pickupBkp,7) unregistersymbol(pickup) unregistersymbol(pickupBkp) unregistersymbol(pickupPtr) unregistersymbol(pickupOff) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: Palworld-Win64-Shipping.UPalUIInventoryModel::SelectItemSlot+4D Palworld-Win64-Shipping.UPalUIInventoryModel::SelectItemSlot+1E: 48 85 C0 - test rax,rax Palworld-Win64-Shipping.UPalUIInventoryModel::SelectItemSlot+21: 0F 84 C6 00 00 00 - je Palworld-Win64-Shipping.UPalUIInventoryModel::SelectItemSlot+ED Palworld-Win64-Shipping.UPalUIInventoryModel::SelectItemSlot+27: 4C 8D 44 24 78 - lea r8,[rsp+78] Palworld-Win64-Shipping.UPalUIInventoryModel::SelectItemSlot+2C: 48 C7 44 24 78 00 00 00 00 - mov qword ptr [rsp+78],00000000 Palworld-Win64-Shipping.UPalUIInventoryModel::SelectItemSlot+35: 48 8B D7 - mov rdx,rdi Palworld-Win64-Shipping.UPalUIInventoryModel::SelectItemSlot+38: 48 8B C8 - mov rcx,rax Palworld-Win64-Shipping.UPalUIInventoryModel::SelectItemSlot+3B: E8 40 BF EC FF - call Palworld-Win64-Shipping.UPalItemContainerManager::TryGetSlot Palworld-Win64-Shipping.UPalUIInventoryModel::SelectItemSlot+40: 84 C0 - test al,al Palworld-Win64-Shipping.UPalUIInventoryModel::SelectItemSlot+42: 0F 84 A5 00 00 00 - je Palworld-Win64-Shipping.UPalUIInventoryModel::SelectItemSlot+ED Palworld-Win64-Shipping.UPalUIInventoryModel::SelectItemSlot+48: 48 8B 4C 24 78 - mov rcx,[rsp+78] // ---------- INJECTING HERE ---------- Palworld-Win64-Shipping.UPalUIInventoryModel::SelectItemSlot+4D: 83 B9 04 01 00 00 00 - cmp dword ptr [rcx+00000104],00 // ---------- DONE INJECTING ---------- Palworld-Win64-Shipping.UPalUIInventoryModel::SelectItemSlot+54: 74 32 - je Palworld-Win64-Shipping.UPalUIInventoryModel::SelectItemSlot+88 Palworld-Win64-Shipping.UPalUIInventoryModel::SelectItemSlot+56: 48 8B 81 DC 00 00 00 - mov rax,[rcx+Palworld-Win64-Shipping.ExecutionResourceImpl::ExecutionResourceStack+4] Palworld-Win64-Shipping.UPalUIInventoryModel::SelectItemSlot+5D: 48 3B 05 24 DE B4 05 - cmp rax,[Palworld-Win64-Shipping.exe+86A3908] Palworld-Win64-Shipping.UPalUIInventoryModel::SelectItemSlot+64: 74 22 - je Palworld-Win64-Shipping.UPalUIInventoryModel::SelectItemSlot+88 Palworld-Win64-Shipping.UPalUIInventoryModel::SelectItemSlot+66: 48 8D 54 24 20 - lea rdx,[rsp+20] Palworld-Win64-Shipping.UPalUIInventoryModel::SelectItemSlot+6B: 48 C7 44 24 20 00 00 00 00 - mov qword ptr [rsp+20],00000000 Palworld-Win64-Shipping.UPalUIInventoryModel::SelectItemSlot+74: E8 07 C1 EC FF - call Palworld-Win64-Shipping.UPalItemSlot::TryGetStaticItemData Palworld-Win64-Shipping.UPalUIInventoryModel::SelectItemSlot+79: 84 C0 - test al,al Palworld-Win64-Shipping.UPalUIInventoryModel::SelectItemSlot+7B: 74 0B - je Palworld-Win64-Shipping.UPalUIInventoryModel::SelectItemSlot+88 Palworld-Win64-Shipping.UPalUIInventoryModel::SelectItemSlot+7D: 48 8B 44 24 20 - mov rax,[rsp+20] }copy success
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71