碼上快樂

相關內容    簡體    繁體

Steam游戲《Automachef(自動化廚房)》修改器制作

本文轉載自   查看原文   2020-12-01 00:48   730    CT文件+修改器

日期:2020.12.01

博客期:179

星期二

 

溫馨提示】:

  我現在把資源先放到開頭,不想研究學習的就直接取用。如果修改器失效了,你們可以在博客園本頁直接評論,也可以給我發郵件告訴我,就是不要到百度雲上去說了,百度雲我好久不登錄一次的!大家給我發郵件的話,記得要注明是哪個游戲,內容當然是越詳細越好啦!郵箱地址:nightskysxs@163.com

 

資源下載表
沒有博客園賬號的網友

百度網盤下載鏈接https://pan.baidu.com/s/13C0fTDCqb6ipP6XeOjqv1g

提取碼:auto

 

Git Hub下載地址https://github.com/TwoStarsGodNightSky/GameTrainer
有博客園賬號的網友 版本 CT文件 修改器
1.1.0|0|380 點我下載 點我下載

 

博客防爬取部分:https://www.cnblogs.com/onepersonwholive/p/14065841.html

 前言

  好吧,我直到前幾天才知道原來還有 AOB 注入的方法,早知道這么實用就先學這個了(就好像學了很多深入的以后才回去補基礎)。這個游戲和在 Steam 里的 《 Rabi - Rabi 》一樣有一定的調試器監視,不能使用 Cheat Engine 的 Windows 調試器,可以選用打開設置選擇 VEH 調試器。不過,還有20多天考研,我呢也就是興致來了做一做,給自己開一個新坑。這篇文章估計用於學習的價值很低,也就算一個新的研究實例,可以自行取用 修改器 和 CT 表。

 

修改內容

  1、POWER CONSUMTION UNLIMITED(無限電量消耗)

  

  如上圖,“movss [rdi+30],xmm5” 是給 power 賦值的語句。可以活用之前的地址,搜索改寫調試。進而找到語句 AOB 注入即可。(電量是單浮點類型的值,可以自行搜索)

  PS: 以 "UnityPlayer.dll"+014D6F20 為地址可以找到 +100 +30 +158 +10 +30

 1 { Game   : Automachef.exe
 2   Version: 
 3   Date   : 2020-11-30
 4   Author : dell
 5 
 6   This script does blah blah blah
 7 }
 8 
 9 [ENABLE]
10 //code from here to '[DISABLE]' will be used to enable the cheat
11 
12  
13  
14 aobscan(POWER_CONSUMPTION,F3 0F 11 6F 30 48 8B) // should be unique
15 alloc(newmem,$1000,2B7859D711B)
16 
17 label(code)
18 label(return)
19 
20 newmem:
21   jmp return
22 
23 code:
24   movss [rdi+30],xmm5
25   jmp return
26 
27 POWER_CONSUMPTION:
28   jmp newmem
29 return:
30 registersymbol(POWER_CONSUMPTION)
31 
32 [DISABLE]
33 //code from here till the end of the code will be used to disable the cheat
34 POWER_CONSUMPTION:
35   db F3 0F 11 6F 30
36 
37 unregistersymbol(POWER_CONSUMPTION)
38 dealloc(newmem)
39 
40 {
41 // ORIGINAL CODE - INJECTION POINT: 2B7859D711B
42 
43 2B7859D70EE: F3 0F 10 08                    -  movss xmm1,[rax]
44 2B7859D70F2: F3 0F 5A C9                    -  cvtss2sd xmm1,xmm1
45 2B7859D70F6: F3 0F 10 55 E8                 -  movss xmm2,[rbp-18]
46 2B7859D70FB: F3 0F 5A D2                    -  cvtss2sd xmm2,xmm2
47 2B7859D70FF: F3 0F 10 1D C9 00 00 00        -  movss xmm3,[2B7859D71D0]
48 2B7859D7107: F3 0F 5A DB                    -  cvtss2sd xmm3,xmm3
49 2B7859D710B: F2 0F 5E D3                    -  divsd xmm2,xmm3
50 2B7859D710F: F2 0F 59 CA                    -  mulsd xmm1,xmm2
51 2B7859D7113: F2 0F 58 C1                    -  addsd xmm0,xmm1
52 2B7859D7117: F2 0F 5A E8                    -  cvtsd2ss xmm5,xmm0
53 // ---------- INJECTING HERE ----------
54 2B7859D711B: F3 0F 11 6F 30                 -  movss [rdi+30],xmm5
55 // ---------- DONE INJECTING  ----------
56 2B7859D7120: 48 8B 47 10                    -  mov rax,[rdi+10]
57 2B7859D7124: 48 63 4F 38                    -  movsxd  rcx,dword ptr [rdi+38]
58 2B7859D7128: 48 63 C9                       -  movsxd  rcx,ecx
59 2B7859D712B: 39 48 18                       -  cmp [rax+18],ecx
60 2B7859D712E: 0F 86 7A 00 00 00              -  jbe 2B7859D71AE
61 2B7859D7134: 48 8D 44 88 20                 -  lea rax,[rax+rcx*4+20]
62 2B7859D7139: F3 0F 10 00                    -  movss xmm0,[rax]
63 2B7859D713D: F3 0F 5A C0                    -  cvtss2sd xmm0,xmm0
64 2B7859D7141: F3 0F 10 4D E8                 -  movss xmm1,[rbp-18]
65 2B7859D7146: F3 0F 5A C9                    -  cvtss2sd xmm1,xmm1
66 }
POWER CONSUMTION UNLIMITED

   2、POWER RATE UNLIMITED(無限功率)

  功率是一個單浮點類型的值,如果你搜索的話會找到很多值,沒有關系,在此搜索兩次以后的值基本都可以用,選擇改寫調試。找到帶 addsd xmm0,xmm1 的一句,因為只有這個是引起它變化的原因(增加方面)。

  

 1 { Game   : Automachef.exe
 2   Version: 
 3   Date   : 2020-11-30
 4   Author : dell
 5 
 6   This script does blah blah blah
 7 }
 8 
 9 [ENABLE]
10 //code from here to '[DISABLE]' will be used to enable the cheat
11 
12  
13  
14 aobscan(PRESTIGE,F2 0F 58 C1 F2 0F 5A E8 F3 0F 11 28 0F) // should be unique
15 alloc(newmem,$1000,2B7859D714A)
16 
17 label(code)
18 label(return)
19 
20 newmem:
21   cvtsd2ss xmm5,xmm0
22   jmp return
23 
24 code:
25   addsd xmm0,xmm1
26   cvtsd2ss xmm5,xmm0
27   jmp return
28 
29 PRESTIGE:
30   jmp newmem
31   nop
32   nop
33   nop
34 return:
35 registersymbol(PRESTIGE)
36 
37 [DISABLE]
38 //code from here till the end of the code will be used to disable the cheat
39 PRESTIGE:
40   db F2 0F 58 C1 F2 0F 5A E8
41 
42 unregistersymbol(PRESTIGE)
43 dealloc(newmem)
44 
45 {
46 // ORIGINAL CODE - INJECTION POINT: 2B7859D714A
47 
48 2B7859D7120: 48 8B 47 10                    -  mov rax,[rdi+10]
49 2B7859D7124: 48 63 4F 38                    -  movsxd  rcx,dword ptr [rdi+38]
50 2B7859D7128: 48 63 C9                       -  movsxd  rcx,ecx
51 2B7859D712B: 39 48 18                       -  cmp [rax+18],ecx
52 2B7859D712E: 0F 86 7A 00 00 00              -  jbe 2B7859D71AE
53 2B7859D7134: 48 8D 44 88 20                 -  lea rax,[rax+rcx*4+20]
54 2B7859D7139: F3 0F 10 00                    -  movss xmm0,[rax]
55 2B7859D713D: F3 0F 5A C0                    -  cvtss2sd xmm0,xmm0
56 2B7859D7141: F3 0F 10 4D E8                 -  movss xmm1,[rbp-18]
57 2B7859D7146: F3 0F 5A C9                    -  cvtss2sd xmm1,xmm1
58 // ---------- INJECTING HERE ----------
59 2B7859D714A: F2 0F 58 C1                    -  addsd xmm0,xmm1
60 2B7859D714E: F2 0F 5A E8                    -  cvtsd2ss xmm5,xmm0
61 // ---------- DONE INJECTING  ----------
62 2B7859D7152: F3 0F 11 28                    -  movss [rax],xmm5
63 2B7859D7156: 0F B6 46 20                    -  movzx eax,byte ptr [rsi+20]
64 2B7859D715A: 85 C0                          -  test eax,eax
65 2B7859D715C: 0F 85 25 00 00 00              -  jne 2B7859D7187
66 2B7859D7162: 48 8B 47 28                    -  mov rax,[rdi+28]
67 2B7859D7166: 48 8B C8                       -  mov rcx,rax
68 2B7859D7169: 48 8B D6                       -  mov rdx,rsi
69 2B7859D716C: 83 38 00                       -  cmp dword ptr [rax],00
70 2B7859D716F: 48 8D AD 00 00 00 00           -  lea rbp,[rbp+00000000]
71 2B7859D7176: 49 BB 10 CD 11 F1 B7 02 00 00  -  mov r11,000002B7F111CD10
72 }
POWER RATE UNLIMITED

   3、PRESTIGE UNLIMITED(無限聲望)

  聲望就是 4字節 的整數,100% 的時候直接搜 100 就行。

 1 { Game   : Automachef.exe
 2   Version: 
 3   Date   : 2020-11-30
 4   Author : dell
 5 
 6   This script does blah blah blah
 7 }
 8 
 9 [ENABLE]
10 //code from here to '[DISABLE]' will be used to enable the cheat
11 
12  
13  
14 aobscan(FAMAS,41 89 87 94 00 00 00 49 8B) // should be unique
15 alloc(newmem,$1000,2B785FEE694)
16 
17 label(code)
18 label(return)
19 
20 newmem:
21   jmp return
22 
23 code:
24   mov [r15+00000094],eax
25   jmp return
26 
27 FAMAS:
28   jmp newmem
29   nop
30   nop
31 return:
32 registersymbol(FAMAS)
33 
34 [DISABLE]
35 //code from here till the end of the code will be used to disable the cheat
36 FAMAS:
37   db 41 89 87 94 00 00 00
38 
39 unregistersymbol(FAMAS)
40 dealloc(newmem)
41 
42 {
43 // ORIGINAL CODE - INJECTION POINT: 2B785FEE694
44 
45 2B785FEE669: 41 89 87 94 00 00 00           -  mov [r15+00000094],eax
46 2B785FEE670: EB 29                          -  jmp 2B785FEE69B
47 2B785FEE672: 83 FE 02                       -  cmp esi,02
48 2B785FEE675: 75 13                          -  jne 2B785FEE68A
49 2B785FEE677: 49 63 87 94 00 00 00           -  movsxd  rax,dword ptr [r15+00000094]
50 2B785FEE67E: 83 E8 32                       -  sub eax,32
51 2B785FEE681: 41 89 87 94 00 00 00           -  mov [r15+00000094],eax
52 2B785FEE688: EB 11                          -  jmp 2B785FEE69B
53 2B785FEE68A: 49 63 87 94 00 00 00           -  movsxd  rax,dword ptr [r15+00000094]
54 2B785FEE691: 83 E8 14                       -  sub eax,14
55 // ---------- INJECTING HERE ----------
56 2B785FEE694: 41 89 87 94 00 00 00           -  mov [r15+00000094],eax
57 // ---------- DONE INJECTING  ----------
58 2B785FEE69B: 49 8B CF                       -  mov rcx,r15
59 2B785FEE69E: BA 01 00 00 00                 -  mov edx,00000001
60 2B785FEE6A3: 4C 8B 45 E0                    -  mov r8,[rbp-20]
61 2B785FEE6A7: 48 8D AD 00 00 00 00           -  lea rbp,[rbp+00000000]
62 2B785FEE6AE: 49 BB 30 E7 FE 85 B7 02 00 00  -  mov r11,000002B785FEE730
63 2B785FEE6B8: 41 FF D3                       -  call r11
64 2B785FEE6BB: 66 66 90                       -  nop 
65 2B785FEE6BE: 49 BB C0 AA 60 8A B7 02 00 00  -  mov r11,000002B78A60AAC0
66 2B785FEE6C8: 41 FF D3                       -  call r11
67 2B785FEE6CB: 48 89 45 D8                    -  mov [rbp-28],rax
68 }
PRESTIGE UNLIMITED

   4、MATERIAL UNLIMITED(無限材料)

  材料也是 4字節的整數。

 1 { Game   : Automachef.exe
 2   Version: 
 3   Date   : 2020-11-30
 4   Author : dell
 5 
 6   This script does blah blah blah
 7 }
 8 
 9 [ENABLE]
10 //code from here to '[DISABLE]' will be used to enable the cheat
11 
12  
13  
14 aobscan(MATERIAL,FF C1 89 48 10 48 8B) // should be unique
15 alloc(newmem,$1000,2B7858A2F65)
16 
17 label(code)
18 label(return)
19 
20 newmem:
21   mov [rax+10],ecx
22   jmp return
23 
24 code:
25   inc ecx
26   mov [rax+10],ecx
27   jmp return
28 
29 MATERIAL:
30   jmp newmem
31 return:
32 registersymbol(MATERIAL)
33 
34 [DISABLE]
35 //code from here till the end of the code will be used to disable the cheat
36 MATERIAL:
37   db FF C1 89 48 10
38 
39 unregistersymbol(MATERIAL)
40 dealloc(newmem)
41 
42 {
43 // ORIGINAL CODE - INJECTION POINT: 2B7858A2F65
44 
45 2B7858A2F38: 48 8B CE                       -  mov rcx,rsi
46 2B7858A2F3B: 48 8B D7                       -  mov rdx,rdi
47 2B7858A2F3E: 48 8B 06                       -  mov rax,[rsi]
48 2B7858A2F41: FF 90 28 02 00 00              -  call qword ptr [rax+00000228]
49 2B7858A2F47: 48 8D AD 00 00 00 00           -  lea rbp,[rbp+00000000]
50 2B7858A2F4E: 49 BB 50 3B 86 85 B7 02 00 00  -  mov r11,000002B785863B50
51 2B7858A2F58: 41 FF D3                       -  call r11
52 2B7858A2F5B: 48 8B C8                       -  mov rcx,rax
53 2B7858A2F5E: 83 39 00                       -  cmp dword ptr [rcx],00
54 2B7858A2F61: 48 63 48 10                    -  movsxd  rcx,dword ptr [rax+10]
55 // ---------- INJECTING HERE ----------
56 2B7858A2F65: FF C1                          -  inc ecx
57 2B7858A2F67: 89 48 10                       -  mov [rax+10],ecx
58 // ---------- DONE INJECTING  ----------
59 2B7858A2F6A: 48 8B 86 C8 00 00 00           -  mov rax,[rsi+000000C8]
60 2B7858A2F71: 48 8B C8                       -  mov rcx,rax
61 2B7858A2F74: 33 D2                          -  xor edx,edx
62 2B7858A2F76: 83 38 00                       -  cmp dword ptr [rax],00
63 2B7858A2F79: 48 8D 64 24 00                 -  lea rsp,[rsp+00]
64 2B7858A2F7E: 49 BB B0 23 9E 85 B7 02 00 00  -  mov r11,000002B7859E23B0
65 2B7858A2F88: 41 FF D3                       -  call r11
66 2B7858A2F8B: 48 63 86 9C 01 00 00           -  movsxd  rax,dword ptr [rsi+0000019C]
67 2B7858A2F92: FF C0                          -  inc eax
68 2B7858A2F94: 89 86 9C 01 00 00              -  mov [rsi+0000019C],eax
69 }
MATERIAL UNLIMITED

   5、MONEY COST UNLIMITED(無限金錢)

  我們搜索 4字節的金錢 cost值,但是找到的值並不是真實的 金錢 cost 。所以,我們先看看是什么改寫了這個代碼。找到的語句是改寫臨時值的,所以我們需要向前找。右擊“選擇函數” ---> 在函數最開始的那一句右擊 “轉到地址” ---> 復制該地址 ----> 選擇菜單欄中 “搜索” 的 “查看匯編碼” ,把地址輸入到左邊的框 ---> 把右邊的起始地址的后 5 位改成 0 ,點擊搜索 ---> 找到 mov r11, xxxx 的 一句,之后找到這一句 前面 的一句 call r11,這一句的上一句給 r11 賦值的跳轉地址,我們要跳轉到那里,之后向下滑動找到 add r15d,eax 一句,注釋掉就可以(現在不知道為什么 變成 sub 也可以實現)。但是這一項修改需要一直使用,就是只要你啟用了,就不要關閉。(親測在當局關閉以后,再次買下新的器械時會報錯)

  

 1 { Game   : Automachef.exe
 2   Version: 
 3   Date   : 2020-11-30
 4   Author : dell
 5 
 6   This script does blah blah blah
 7 }
 8 
 9 [ENABLE]
10 //code from here to '[DISABLE]' will be used to enable the cheat
11 
12  
13  
14 aobscan(PRICE,44 03 F8 48 8B CD) // should be unique
15 alloc(newmem,$1000,2B78A614699)
16 
17 label(code)
18 label(return)
19 
20 newmem:
21   mov rcx,rbp
22   jmp return
23 code:
24   add r15d,eax
25   mov rcx,rbp
26   jmp return
27 
28 PRICE:
29   jmp newmem
30   nop
31 return:
32 registersymbol(PRICE)
33 
34 [DISABLE]
35 //code from here till the end of the code will be used to disable the cheat
36 PRICE:
37   db 44 03 F8 48 8B CD
38 
39 unregistersymbol(PRICE)
40 dealloc(newmem)
41 
42 {
43 // ORIGINAL CODE - INJECTION POINT: 2B78A614699
44 
45 2B78A61466E: 49 BB 80 33 53 8A B7 02 00 00  -  mov r11,000002B78A533380
46 2B78A614678: 41 FF D3                       -  call r11
47 2B78A61467B: EB 1F                          -  jmp 2B78A61469C
48 2B78A61467D: 66 66 90                       -  nop 
49 2B78A614680: 48 8B 7D D0                    -  mov rdi,[rbp-30]
50 2B78A614684: 48 8B C7                       -  mov rax,rdi
51 2B78A614687: 0F B6 80 7C 01 00 00           -  movzx eax,byte ptr [rax+0000017C]
52 2B78A61468E: 85 C0                          -  test eax,eax
53 2B78A614690: 75 0A                          -  jne 2B78A61469C
54 2B78A614692: 48 63 87 6C 01 00 00           -  movsxd  rax,dword ptr [rdi+0000016C]
55 // ---------- INJECTING HERE ----------
56 2B78A614699: 44 03 F8                       -  add r15d,eax
57 2B78A61469C: 48 8B CD                       -  mov rcx,rbp
58 // ---------- DONE INJECTING  ----------
59 2B78A61469F: 48 83 C1 C0                    -  add rcx,-40
60 2B78A6146A3: 49 BA 98 52 45 A1 B7 02 00 00  -  mov r10,000002B7A1455298
61 2B78A6146AD: 90                             -  nop 
62 2B78A6146AE: 49 BB A0 34 53 8A B7 02 00 00  -  mov r11,000002B78A5334A0
63 2B78A6146B8: 41 FF D3                       -  call r11
64 2B78A6146BB: 85 C0                          -  test eax,eax
65 2B78A6146BD: 75 C1                          -  jne 2B78A614680
66 2B78A6146BF: 48 C7 45 B8 00 00 00 00        -  mov qword ptr [rbp-48],00000000
67 2B78A6146C7: 48 83 EC 08                    -  sub rsp,08
68 2B78A6146CB: E8 1D 00 00 00                 -  call 2B78A6146ED
69 }
MONEY COST UNLIMITED

   提示:修改器的每一項只有遇到數值變化才可以實現,比如說材料有消耗以后才能實現(原因:執行修改的代碼在數值變化以后才可以被找到)


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 Steam游戲《Northgard(北境之地)》修改器制作 Steam游戲《Rabi-Ribi(拉比哩比)》修改器制作【版本:1.99s + 1.99t + 2.00 】 Steam 游戲 《Crashlands(崩潰大陸)》修改器制作-[先使用CE寫,之后有時間的話改用CheatMaker](2020年寒假小目標12) Steam 游戲 《The Vagrant(流浪者)》修改器制作-[先使用CE寫,之后有時間的話改用CheatMaker](2020年寒假小目標08) Steam游戲《Zengeon(神明在上)》修改器制作-[先使用CE寫,之后有時間的話改用C#](2020年寒假小目標06) Steam游戲《Nine Parchments(九張羊皮紙)》修改器制作-[先使用CE寫,之后有時間的話改用C#](2020年寒假小目標02) 關於燒餅游戲修改器的分析 只需要一點點C++基礎,新手也可以制作單機游戲內存修改器 UWP游戲防內存修改器的方法 ce游戲內存修改器(Cheat Engine)
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM