wangyuan

Personal website of yuan 王远的个人网站.

空洞骑士作弊脚本

wangyuan / 2019-07-08


steam最近夏促,本着有便宜不占就是丢钱的想法买了几个游戏,其他网上都有能用的修改器,就Hollow Knight下了几个都不能用,于是拿出了沉默已久的CE(CheatEngine)搞起来(之前一直在看深入理解计算机系统一直没有用武之地,没想到今天用上了.

本脚本在steam下Hollow Knight的1.4.3.2版本跑通。

<?xml version="1.0" encoding="utf-8"?>
<CheatTable CheatEngineTableVersion="26">
  <CheatEntries>
    <CheatEntry>
      <ID>131947</ID>
      <Description>"空洞骑士 1.4.3.2 [HOME键激活功能]"</Description>
      <Options moHideChildren="1" moDeactivateChildrenAsWell="1"/>
      <LastState Activated="1"/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>{ Game   : hollow_knight.exe
  Version: 
  Date   : 2019-07-08
  Author : yuan

  This script does blah blah blah
}

[ENABLE]
registersymbol(HeroAnimationController_basepointer)
alloc(HeroAnimationController_basepointer, 4)

aobscan(PLAY_INJECT,0F B6 47 28 85 C0 74 0E)
// 83 EC 04 8B 7D 08 0F B6 * * 85 C0 74 0E 83 EC 0C 57
alloc(newmem,$1000)

label(code)
label(return)

newmem:

code:
  mov [HeroAnimationController_basepointer], edi
  movzx eax,byte ptr [edi+28]
  test eax,eax
  jmp return

PLAY_INJECT:
  jmp newmem
  nop
return:
registersymbol(PLAY_INJECT)

[DISABLE]

PLAY_INJECT:
  db 0F B6 47 28 85 C0



unregistersymbol(PLAY_INJECT)
dealloc(newmem)
unregistersymbol(HeroAnimationController_basepointer)
dealloc(HeroAnimationController_basepointer)
{
// ORIGINAL CODE - INJECTION POINT: 12679DCA

""+12679DB0: 68 10 D0 45 0F        -  push 0F45D010
""+12679DB5: E9 6E 62 9F F2        -  jmp 05070028
""+12679DBA: 00 00                 -  add [eax],al
""+12679DBC: 00 00                 -  add [eax],al
""+12679DBE: 00 00                 -  add [eax],al
""+12679DC0: 55                    -  push ebp
""+12679DC1: 8B EC                 -  mov ebp,esp
""+12679DC3: 57                    -  push edi
""+12679DC4: 83 EC 04              -  sub esp,04
""+12679DC7: 8B 7D 08              -  mov edi,[ebp+08]
// ---------- INJECTING HERE ----------
""+12679DCA: 0F B6 47 28           -  movzx eax,byte ptr [edi+28]
""+12679DCE: 85 C0                 -  test eax,eax
// ---------- DONE INJECTING  ----------
""+12679DD0: 74 0E                 -  je 12679DE0
""+12679DD2: 83 EC 0C              -  sub esp,0C
""+12679DD5: 57                    -  push edi
""+12679DD6: E8 55 00 00 00        -  call 12679E30
""+12679DDB: 83 C4 10              -  add esp,10
""+12679DDE: EB 15                 -  jmp 12679DF5
""+12679DE0: 8B 47 14              -  mov eax,[edi+14]
""+12679DE3: 0F B6 40 08           -  movzx eax,byte ptr [eax+08]
""+12679DE7: 85 C0                 -  test eax,eax
""+12679DE9: 74 06                 -  je 12679DF1
}
</AssemblerScript>
      <Hotkeys>
        <Hotkey>
          <Action>Toggle Activation</Action>
          <Keys>
            <Key>36</Key>
          </Keys>
          <ID>0</ID>
          <ActivateSound>Activate</ActivateSound>
          <DeactivateSound>Deactivate</DeactivateSound>
        </Hotkey>
      </Hotkeys>
      <CheatEntries>
        <CheatEntry>
          <ID>131950</ID>
          <Description>"-----------------------------------------"</Description>
          <LastState Value="" RealAddress="00000000"/>
          <GroupHeader>1</GroupHeader>
        </CheatEntry>
        <CheatEntry>
          <ID>131951</ID>
          <Description>"当前游戏版本"</Description>
          <LastState RealAddress="91A3E0CC"/>
          <Color>808080</Color>
          <VariableType>String</VariableType>
          <Length>32</Length>
          <Unicode>1</Unicode>
          <CodePage>0</CodePage>
          <ZeroTerminate>1</ZeroTerminate>
          <Address>HeroAnimationController_basepointer</Address>
          <Offsets>
            <Offset>c</Offset>
            <Offset>8</Offset>
            <Offset>18</Offset>
          </Offsets>
          <CheatEntries>
            <CheatEntry>
              <ID>131954</ID>
              <Description>"支持游戏版本1.4.3.2"</Description>
              <LastState Value="" RealAddress="00000000"/>
              <Color>808080</Color>
              <GroupHeader>1</GroupHeader>
            </CheatEntry>
            <CheatEntry>
              <ID>131953</ID>
              <Description>"脚本更新地址 www.yge.me"</Description>
              <LastState Value="" RealAddress="00000000"/>
              <Color>808080</Color>
              <GroupHeader>1</GroupHeader>
            </CheatEntry>
            <CheatEntry>
              <ID>131952</ID>
              <Description>"END键 关闭所有功能"</Description>
              <LastState Value="" RealAddress="00000000"/>
              <Color>808080</Color>
              <GroupHeader>1</GroupHeader>
            </CheatEntry>
          </CheatEntries>
        </CheatEntry>
        <CheatEntry>
          <ID>131955</ID>
          <Description>"-----------------------------------------"</Description>
          <LastState Value="" RealAddress="00000000"/>
          <GroupHeader>1</GroupHeader>
        </CheatEntry>
        <CheatEntry>
          <ID>19</ID>
          <Description>"无敌 [F1]"</Description>
          <DropDownList ReadOnly="1" DisplayValueAsItem="1">0:关闭
1:开启
</DropDownList>
          <LastState Value="0" RealAddress="91E94B47"/>
          <Color>0000FF</Color>
          <VariableType>Byte</VariableType>
          <Address>HeroAnimationController_basepointer</Address>
          <Offsets>
            <Offset>e4+A63</Offset>
            <Offset>18</Offset>
          </Offsets>
          <Hotkeys>
            <Hotkey>
              <Action>Set Value</Action>
              <Keys>
                <Key>112</Key>
              </Keys>
              <Value>1</Value>
              <ID>0</ID>
              <ActivateSound>Activate</ActivateSound>
              <DeactivateSound>Deactivate</DeactivateSound>
            </Hotkey>
            <Hotkey>
              <Action>Toggle Activation</Action>
              <Keys>
                <Key>112</Key>
              </Keys>
              <ID>1</ID>
            </Hotkey>
            <Hotkey>
              <Action>Deactivate</Action>
              <Keys>
                <Key>35</Key>
              </Keys>
              <ID>2</ID>
            </Hotkey>
            <Hotkey>
              <Action>Set Value</Action>
              <Keys>
                <Key>35</Key>
              </Keys>
              <Value>0</Value>
              <ID>3</ID>
            </Hotkey>
          </Hotkeys>
        </CheatEntry>
        <CheatEntry>
          <ID>17</ID>
          <Description>"HP [F2]"</Description>
          <LastState Value="8" RealAddress="91E940E4"/>
          <Color>008000</Color>
          <VariableType>4 Bytes</VariableType>
          <Address>HeroAnimationController_basepointer</Address>
          <Offsets>
            <Offset>E4</Offset>
            <Offset>18</Offset>
          </Offsets>
          <Hotkeys>
            <Hotkey>
              <Action>Toggle Activation Allow Increase</Action>
              <Keys>
                <Key>113</Key>
              </Keys>
              <ID>0</ID>
              <ActivateSound>Activate</ActivateSound>
              <DeactivateSound>Deactivate</DeactivateSound>
            </Hotkey>
            <Hotkey>
              <Action>Deactivate</Action>
              <Keys>
                <Key>35</Key>
              </Keys>
              <ID>1</ID>
            </Hotkey>
          </Hotkeys>
        </CheatEntry>
        <CheatEntry>
          <ID>20</ID>
          <Description>"MP [F3]"</Description>
          <LastState Value="0" RealAddress="91E94120"/>
          <Color>FF0000</Color>
          <VariableType>4 Bytes</VariableType>
          <Address>HeroAnimationController_basepointer</Address>
          <Offsets>
            <Offset>e4+3c</Offset>
            <Offset>18</Offset>
          </Offsets>
          <Hotkeys>
            <Hotkey>
              <Action>Set Value</Action>
              <Keys>
                <Key>114</Key>
              </Keys>
              <Value>100</Value>
              <ID>0</ID>
            </Hotkey>
            <Hotkey>
              <Action>Toggle Activation</Action>
              <Keys>
                <Key>114</Key>
              </Keys>
              <ID>1</ID>
              <ActivateSound>Activate</ActivateSound>
              <DeactivateSound>Deactivate</DeactivateSound>
            </Hotkey>
            <Hotkey>
              <Action>Deactivate</Action>
              <Keys>
                <Key>35</Key>
              </Keys>
              <ID>2</ID>
            </Hotkey>
          </Hotkeys>
        </CheatEntry>
        <CheatEntry>
          <ID>18</ID>
          <Description>"GEO钱 [F4]  +1000 过图或消费刷新"</Description>
          <LastState Value="30751" RealAddress="91E94118"/>
          <Color>0080FF</Color>
          <VariableType>4 Bytes</VariableType>
          <Address>HeroAnimationController_basepointer</Address>
          <Offsets>
            <Offset>e4+34</Offset>
            <Offset>18</Offset>
          </Offsets>
          <Hotkeys>
            <Hotkey>
              <Action>Increase Value</Action>
              <Keys>
                <Key>115</Key>
              </Keys>
              <Value>1000</Value>
              <ID>0</ID>
              <ActivateSound>Activate</ActivateSound>
            </Hotkey>
          </Hotkeys>
        </CheatEntry>
        <CheatEntry>
          <ID>175</ID>
          <Description>"秒杀 [F5] (需先砍任意怪物一次,才能激活,之后持续可用)"</Description>
          <Options moHideChildren="1"/>
          <LastState/>
          <Color>8000FF</Color>
          <VariableType>Auto Assembler Script</VariableType>
          <AssemblerScript>{ Game   : hollow_knight.exe
  Version:
  Date   : 2019-07-08
  Author :yuan

  This script does blah blah blah
}

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat



aobscan(dmx_INJECT,2B C1 83 EC 08 6A CE 50 E8 * * * * 83) // should be unique
alloc(newmem,$1000)

label(code)
label(code2)
label(return)

newmem:
code:
 //eax 为怪物血量   ecx为当次怪物收到伤害
 cmp ecx ,01  //区别1血伤害 (部分过图,或操作菜单莫名有这个1血伤害,所以去掉)
 je code2   //1血伤害使用原指令

  sub eax,eax
  sub esp,08
  jmp return

code2:
  sub eax,ecx
  sub esp,08
  jmp return

dmx_INJECT:
  jmp newmem
return:
registersymbol(dmx_INJECT)

[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dmx_INJECT:
  db 2B C1 83 EC 08

unregistersymbol(dmx_INJECT)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: 0F29164C

0F29161B: E8 E8 A5 F8 FF        -  call 0F21BC08
0F291620: 83 C4 10              -  add esp,10
0F291623: 89 85 FC FD FF FF     -  mov [ebp-00000204],eax
0F291629: 0F B6 8F D4 00 00 00  -  movzx ecx,byte ptr [edi+000000D4]
0F291630: B8 01 00 00 00        -  mov eax,00000001
0F291635: 85 C9                 -  test ecx,ecx
0F291637: 8B 8D FC FD FF FF     -  mov ecx,[ebp-00000204]
0F29163D: 0F 45 C8              -  cmovne ecx,eax
0F291640: 89 8D FC FD FF FF     -  mov [ebp-00000204],ecx
0F291646: 8B 87 A4 00 00 00     -  mov eax,[edi+000000A4]
// ---------- INJECTING HERE ----------
0F29164C: 2B C1                 -  sub eax,ecx
0F29164E: 83 EC 08              -  sub esp,08
// ---------- DONE INJECTING  ----------
0F291651: 6A CE                 -  push -32
0F291653: 50                    -  push eax
0F291654: E8 2F AD 8A F7        -  call 06B3C388
0F291659: 83 C4 10              -  add esp,10
0F29165C: 89 87 A4 00 00 00     -  mov [edi+000000A4],eax
0F291662: 85 C0                 -  test eax,eax
0F291664: 7E 49                 -  jle 0F2916AF
0F291666: 0F B6 45 20           -  movzx eax,byte ptr [ebp+20]
0F29166A: 83 EC 08              -  sub esp,08
0F29166D: 50                    -  push eax
}
</AssemblerScript>
          <Hotkeys>
            <Hotkey>
              <Action>Toggle Activation</Action>
              <Keys>
                <Key>116</Key>
              </Keys>
              <ID>0</ID>
              <ActivateSound>Activate</ActivateSound>
              <DeactivateSound>Deactivate</DeactivateSound>
            </Hotkey>
            <Hotkey>
              <Action>Deactivate</Action>
              <Keys>
                <Key>35</Key>
              </Keys>
              <ID>1</ID>
            </Hotkey>
          </Hotkeys>
          <CheatEntries>
            <CheatEntry>
              <ID>131944</ID>
              <Description>"换档之前需先关闭秒杀功能"</Description>
              <LastState Value="" RealAddress="00000000"/>
              <Color>0000FF</Color>
              <GroupHeader>1</GroupHeader>
            </CheatEntry>
          </CheatEntries>
        </CheatEntry>
        <CheatEntry>
          <ID>21</ID>
          <Description>"无限跳跃 [F6] (不关闭会影响存档)"</Description>
          <DropDownList ReadOnly="1" DisplayValueAsItem="1">0:关闭
1:开启
</DropDownList>
          <LastState Value="0" RealAddress="91E94B48"/>
          <Color>008000</Color>
          <VariableType>Byte</VariableType>
          <Address>HeroAnimationController_basepointer</Address>
          <Offsets>
            <Offset>e4+A64</Offset>
            <Offset>18</Offset>
          </Offsets>
          <Hotkeys>
            <Hotkey>
              <Action>Set Value</Action>
              <Keys>
                <Key>117</Key>
              </Keys>
              <Value>1</Value>
              <ID>0</ID>
              <ActivateSound>Activate</ActivateSound>
            </Hotkey>
            <Hotkey>
              <Action>Set Value</Action>
              <Keys>
                <Key>35</Key>
              </Keys>
              <Value>0</Value>
              <ID>1</ID>
            </Hotkey>
          </Hotkeys>
        </CheatEntry>
      </CheatEntries>
    </CheatEntry>
  </CheatEntries>
  <UserdefinedSymbols>
    <SymbolEntry>
      <Name>pSetup</Name>
      <Address>01A94000</Address>
    </SymbolEntry>
    <SymbolEntry>
      <Name>_X</Name>
      <Address>01A95000</Address>
    </SymbolEntry>
    <SymbolEntry>
      <Name>_RNGi</Name>
      <Address>01A96100</Address>
    </SymbolEntry>
    <SymbolEntry>
      <Name>_RNGf</Name>
      <Address>01A96200</Address>
    </SymbolEntry>
    <SymbolEntry>
      <Name>_hctr_not_no_input</Name>
      <Address>01A96300</Address>
    </SymbolEntry>
    <SymbolEntry>
      <Name>_isPressed</Name>
      <Address>01A96400</Address>
    </SymbolEntry>
    <SymbolEntry>
      <Name>_wasPressed</Name>
      <Address>01A96500</Address>
    </SymbolEntry>
    <SymbolEntry>
      <Name>bFloat_Mode</Name>
      <Address>01A96600</Address>
    </SymbolEntry>
    <SymbolEntry>
      <Name>bCan_Jump</Name>
      <Address>01A96620</Address>
    </SymbolEntry>
    <SymbolEntry>
      <Name>pPlayerPawn</Name>
      <Address>03804100</Address>
    </SymbolEntry>
    <SymbolEntry>
      <Name>pPawn</Name>
      <Address>03804110</Address>
    </SymbolEntry>
    <SymbolEntry>
      <Name>_IsAlly</Name>
      <Address>007F4000</Address>
    </SymbolEntry>
    <SymbolEntry>
      <Name>__</Name>
      <Address>00B00000</Address>
    </SymbolEntry>
    <SymbolEntry>
      <Name>_RNG</Name>
      <Address>00B04000</Address>
    </SymbolEntry>
    <SymbolEntry>
      <Name>pHeroController</Name>
      <Address>00B04100</Address>
    </SymbolEntry>
    <SymbolEntry>
      <Name>pPlayerData</Name>
      <Address>00B04110</Address>
    </SymbolEntry>
  </UserdefinedSymbols>
  <Structures StructVersion="2">
    <Structure Name="hp" AutoFill="0" AutoCreate="1" DefaultHex="0" AutoDestroy="0" DoNotSaveLocal="0" RLECompression="1" AutoCreateStructsize="4096">
      <Elements>
        <Element Offset="0" Vartype="4 Bytes" Bytesize="4" RLECount="28" DisplayMethod="无符号整数"/>
        <Element Offset="112" Vartype="Pointer" Bytesize="4" DisplayMethod="无符号整数">
          <Structure Name="自动创建 从 433CF0A4" AutoFill="0" AutoCreate="1" DefaultHex="0" AutoDestroy="0" DoNotSaveLocal="0" RLECompression="1" AutoCreateStructsize="4096">
            <Elements>
              <Element Offset="0" Vartype="4 Bytes" Bytesize="4" RLECount="299" DisplayMethod="无符号整数"/>
              <Element Offset="1196" Vartype="Pointer" Bytesize="4" DisplayMethod="无符号整数"/>
              <Element Offset="1200" Vartype="4 Bytes" Bytesize="4" RLECount="339" DisplayMethod="无符号整数"/>
              <Element Offset="2556" Vartype="Pointer" Bytesize="4" DisplayMethod="无符号整数"/>
              <Element Offset="2560" Vartype="4 Bytes" Bytesize="4" RLECount="343" DisplayMethod="无符号整数"/>
              <Element Offset="3932" Vartype="Pointer" Bytesize="4" DisplayMethod="无符号整数"/>
              <Element Offset="3936" Vartype="4 Bytes" Bytesize="4" RLECount="40" DisplayMethod="无符号整数"/>
            </Elements>
          </Structure>
        </Element>
        <Element Offset="116" Vartype="Pointer" Bytesize="4" DisplayMethod="无符号整数"/>
        <Element Offset="120" Vartype="4 Bytes" Bytesize="4" RLECount="2" DisplayMethod="无符号整数"/>
        <Element Offset="128" Vartype="Float" Bytesize="4" RLECount="2" DisplayMethod="无符号整数"/>
        <Element Offset="136" Vartype="4 Bytes" Bytesize="4" RLECount="51" DisplayMethod="无符号整数"/>
        <Element Offset="340" Vartype="Float" Bytesize="4" DisplayMethod="无符号整数"/>
        <Element Offset="344" Vartype="Pointer" Bytesize="4" DisplayMethod="无符号整数"/>
        <Element Offset="348" Vartype="4 Bytes" Bytesize="4" DisplayMethod="无符号整数"/>
        <Element Offset="352" Vartype="Float" Bytesize="4" RLECount="3" DisplayMethod="无符号整数"/>
        <Element Offset="364" Vartype="4 Bytes" Bytesize="4" RLECount="10" DisplayMethod="无符号整数"/>
        <Element Offset="404" Vartype="Pointer" Bytesize="4" DisplayMethod="无符号整数"/>
        <Element Offset="408" Vartype="4 Bytes" Bytesize="4" RLECount="87" DisplayMethod="无符号整数"/>
        <Element Offset="756" Vartype="Pointer" Bytesize="4" DisplayMethod="无符号整数"/>
        <Element Offset="760" Vartype="4 Bytes" Bytesize="4" RLECount="473" DisplayMethod="无符号整数"/>
        <Element Offset="2652" Vartype="Pointer" Bytesize="4" RLECount="2" PointerSize="4" DisplayMethod="无符号整数"/>
        <Element Offset="2660" Vartype="4 Bytes" Bytesize="4" RLECount="7" DisplayMethod="无符号整数"/>
        <Element Offset="2688" Vartype="Pointer" Bytesize="4" DisplayMethod="无符号整数"/>
        <Element Offset="2692" Vartype="4 Bytes" Bytesize="4" RLECount="129" DisplayMethod="无符号整数"/>
        <Element Offset="3208" Vartype="Pointer" Bytesize="4" DisplayMethod="无符号整数"/>
        <Element Offset="3212" Vartype="4 Bytes" Bytesize="4" RLECount="15" DisplayMethod="无符号整数"/>
        <Element Offset="3272" Vartype="Pointer" Bytesize="4" DisplayMethod="无符号整数"/>
        <Element Offset="3276" Vartype="4 Bytes" Bytesize="4" RLECount="148" DisplayMethod="无符号整数"/>
        <Element Offset="3868" Vartype="Pointer" Bytesize="4" DisplayMethod="无符号整数"/>
        <Element Offset="3872" Vartype="4 Bytes" Bytesize="4" RLECount="3" DisplayMethod="无符号整数"/>
        <Element Offset="3884" Vartype="Pointer" Bytesize="4" RLECount="53" PointerSize="4" DisplayMethod="无符号整数"/>
      </Elements>
    </Structure>
  </Structures>
</CheatTable>