40
"Activate (Numpad 0)"
Auto Assembler Script
[ENABLE]
globalalloc(cameraBase, 4)
alloc(newmem,$1000)
aobscan(cameraBaseHook, D9 83 08 02 00 00 DA E9 89 85 18 FF FF FF DF E0 F6 C4 44 7B 4B) // should be unique
label(return)
registersymbol(cameraBaseHook)
newmem:
mov [cameraBase], ebx
fld dword ptr [ebx+00000208]
jmp return
cameraBase:
cameraBaseHook:
jmp newmem
nop
return:
[DISABLE]
cameraBaseHook:
db D9 83 08 02 00 00
dealloc(newmem)
unregistersymbol(cameraBaseHook)
Toggle Activation
96
0
77
"Free Fly Camera (Numpad: 8, 4, 5, 6, 9, 3)"
Auto Assembler Script
[ENABLE]
alloc(flyMode, 2048)
alloc(flyEnabled, 1)
createthread(flyMode)
label(loopStart)
label(skipAll)
label(moveForward)
label(skipForward)
label(moveLeft)
label(skipLeft)
label(moveRight)
label(skipRight)
label(moveBackward)
label(skipBackward)
label(incZ)
label(skipIncZ)
label(decZ)
label(skipDecZ)
label(modifier)
registersymbol(flyMode)
registersymbol(flyEnabled)
registersymbol(modifier)
flyEnabled:
db 01
flyMode:
//Loop until cheat is disabled
loopStart:
//Create input delay
push 05
call kernel32.Sleep
//Grab Camera Base
mov edi, [cameraBase]
//mov esi, [cameraBase2]
cmp edi, 0
je skipAll
//VK_NUMPAD8
push 68
call GetAsyncKeyState
shr ax,#15
cmp ax,1
jne skipForward
call moveForward
skipForward:
//VK_NUMPAD4
push 64
call GetAsyncKeyState
shr ax,#15
cmp ax,1
jne skipLeft
call moveLeft
skipLeft:
//VK_NUMPAD6
push 66
call GetAsyncKeyState
shr ax,#15
cmp ax,1
jne skipRight
call moveRight
skipRight:
//VK_NUMPAD5
push 65
call GetAsyncKeyState
shr ax,#15
cmp ax,1
jne skipBackward
call moveBackward
skipBackward:
//VK_NUMPAD9
push 69
call GetAsyncKeyState
shr ax,#15
cmp ax,1
jne skipIncZ
call incZ
skipIncZ:
//VK_NUMPAD3
push 63
call GetAsyncKeyState
shr ax,#15
cmp ax,1
jne skipDecZ
call decZ
skipDecZ:
skipAll:
//Clear Registers
xorps xmm0,xmm0
xorps xmm1,xmm1
xorps xmm2,xmm2
xorps xmm3,xmm3
xorps xmm4,xmm4
xorps xmm5,xmm5
cmp [flyEnabled], 1
je loopStart
dealloc(flyEnabled)
//Terminate thread
push 0 //dwExitCode = 0
call GetCurrentThread
push eax //hThread = GetCurrentThread()
push 0 //return address = NULL
push 8000 //dwFreeType = MEM_RELEASE
push 0 //dwSize = 0
push flyMode //dwAddress = mythread
push TerminateThread //return address = TerminateThread
jmp VirtualFree
moveForward:
movss xmm0,[edi-218] // Cosine Value
movss xmm1,[edi-1F8] // Sine Value
mulss xmm0,[modifier] // Multiply Cosine by Speed
mulss xmm1,[modifier] // Multiply Sine by Speed
//Load XYZ
movss xmm2, [edi+184] // Load X
movss xmm3, [edi+1A4] // Load Y
movss xmm4, [edi+194] // Load Z
subss xmm3,xmm0
addss xmm2,xmm1
movss xmm5,[edi+204] // Load Z Pitch
mulss xmm5,[modifier]// Multiply pitch by modifier
addss xmm4,xmm5 // Add result to Z
//Store XYZ
movss [edi+184], xmm2 //Store X
movss [edi+1A4], xmm3 //Store Y
movss [edi+194], xmm4 //Store Z
ret
moveLeft:
movss xmm0,[edi-218] // Cosine Value
movss xmm1,[edi-1F8] // Sine Value
mulss xmm0,[modifier] // Multiply Cosine by Speed
mulss xmm1,[modifier] // Multiply Sine by Speed
//Load XYZ
movss xmm2, [edi+184] // Load X
movss xmm3, [edi+1A4] // Load Y
subss xmm2,xmm0
subss xmm3,xmm1
//Store XYZ
movss [edi+184], xmm2 //Store X
movss [edi+1A4], xmm3 //Store Y
ret
moveRight:
movss xmm0,[edi-218] // Cosine Value
movss xmm1,[edi-1F8] // Sine Value
mulss xmm0,[modifier] // Multiply Cosine by Speed
mulss xmm1,[modifier] // Multiply Sine by Speed
//Load XYZ
movss xmm2, [edi+184] // Load X
movss xmm3, [edi+1A4] // Load Y
addss xmm2,xmm0
addss xmm3,xmm1
//Store XYZ
movss [edi+184], xmm2 //Store X
movss [edi+1A4], xmm3 //Store Y
ret
moveBackward:
movss xmm0,[edi-218] // Cosine Value
movss xmm1,[edi-1F8] // Sine Value
mulss xmm0,[modifier] // Multiply Cosine by Speed
mulss xmm1,[modifier] // Multiply Sine by Speed
//Load XYZ
movss xmm2, [edi+184] // Load X
movss xmm3, [edi+1A4] // Load Y
movss xmm4, [edi+194] // Load Z
addss xmm3,xmm0
subss xmm2,xmm1
movss xmm5,[edi+204] // Load Z Pitch
mulss xmm5,[modifier]// Multiply pitch by modifier
subss xmm4,xmm5 // Add result to Z
//Store XYZ
movss [edi+184], xmm2 //Store X
movss [edi+1A4], xmm3 //Store Y
movss [edi+194], xmm4 //Store Z
ret
//Change Z
incZ:
fld dword ptr [edi+194] // Load Z
fadd dword ptr [modifier] // Add Modifier
fstp dword ptr [edi+194] // Store Z
ret
decZ:
fld dword ptr [edi+194] // Load Z
fsub dword ptr [modifier] // Subtract Modifier
fstp dword ptr [edi+194] // Store Z
ret
modifier:
dd (float)40.00
[DISABLE]
flyEnabled:
db 00
unregistersymbol(flyMode)
unregistersymbol(flyEnabled)
unregistersymbol(modifier)
85
"Fly Speed"
Float
modifier
41
"Base Address"
4 Bytes
cameraBase
0
42
"X Coord"
Float
cameraBase
184
44
"Y Coord"
Float
cameraBase
1A4
43
"Z Coord"
Float
cameraBase
194
82
"Cosine"
Float
cameraBase
FFFFFDE8
83
"Sine"
Float
cameraBase
FFFFFE08
84
"Pitch"
Float
cameraBase
204
Change of je 00F18E49
00F18E02
bio4.exe
568E02
00
00
90
85
1E
74
45
85
5E
04
74
17
Change of je 00F18E20
00F18E07
bio4.exe
568E07
90
90
85
5E
04
74
17
09
5E
0C
09
5E
Change of je 00F18F8E
00F18F1D
bio4.exe
568F1D
FF
8B
1E
3B
DA
74
6F
8B
15
9C
F7
20
Change of je 00F16004
00F15FF2
bio4.exe
565FF2
00
00
00
01
00
74
10
C6
85
FF
FA
FF
Change of je 00F194E0
00F16032
bio4.exe
566032
83
C4
04
85
C0
0F
84
A8
34
00
00
E8
E9
06
AA
FF
Change of jne 00F1799B
00F17857
bio4.exe
567857
DD
D8
83
FE
02
0F
85
3E
01
00
00
09
1D
88
F6
20
Change of jne 00F17854
00F1783D
bio4.exe
56783D
00
75
19
3B
F9
75
15
83
0D
88
F6
20
Change of jne 00F17854
00F17839
bio4.exe
567839
FB
00
01
00
00
75
19
3B
F9
90
90
83
Change of jne 00F17833
00F17812
bio4.exe
567812
10
75
23
3B
F9
75
1F
81
0D
88
F6
20
Change of je 00F18144
00F1812A
bio4.exe
56812A
20
33
C9
0B
C1
74
18
8B
0D
8C
F6
20
Change of je 009D890C
009D8906
bio4.exe
28906
23
4D
0C
0B
C1
74
04
B0
01
5D
C3
32
Change of je 00C2D0B4
00C2D09D
bio4.exe
27D09D
83
C4
08
84
C0
74
15
C7
86
FC
00
00
Change of je 00C2D0D8
00C2D0C1
bio4.exe
27D0C1
83
C4
08
84
C0
74
15
C7
86
FC
00
00
Change of je 00C2D212
00C2D1F7
bio4.exe
27D1F7
E4
FF
FF
85
C0
74
19
53
53
6A
01
53
Change of je 00C2D291
00C2D225
bio4.exe
27D225
83
C4
04
85
C0
74
6A
57
8B
7D
F8
8B
Change of je 00C2D252
00C2D234
bio4.exe
27D234
D9
D8
FF
A8
01
74
1C
80
7D
FF
02
53
Change of je 00C2D2A5
00C2D29C
bio4.exe
27D29C
A9
00
00
20
00
74
07
B8
01
00
00
00
Change of je 00C2D2B3
00C2D2AA
bio4.exe
27D2AA
A9
00
20
00
00
74
07
B8
02
00
00
00
Change of ja 00C2D318
00C2D2C3
bio4.exe
27D2C3
03
48
83
F8
03
77
53
FF
24
85
2C
D3
Change of jne 00C968FB
00C968EF
bio4.exe
3068EF
08
8B
D9
85
FF
75
0A
5F
33
C0
5B
8B
Change of je 00BCE61F
00BCE616
bio4.exe
23E616
A9
00
08
00
00
74
07
8B
11
8B
42
10
Change of je 00BCE618
00BCE60F
bio4.exe
23E60F
96
20
50
00
00
74
07
A9
00
08
00
00
Change of je 00BCE61F
00BCE607
bio4.exe
23E607
8B
41
04
A8
20
74
16
85
96
20
50
00
Change of jne 00BCE61F
00BCE5FA
bio4.exe
23E5FA
96
70
01
00
00
75
23
8B
0D
D4
37
1E
Change of jne 00BCE5EF
00BCE5BA
bio4.exe
23E5BA
59
19
01
85
D2
75
33
B9
04
CB
18
01
Change of je 00BCE5BC
00BCE5A8
bio4.exe
23E5A8
BE
28
50
00
00
74
12
8B
86
0C
53
00
Change of jne 00BCE531
00BCE52A
bio4.exe
23E52A
00
00
00
80
00
75
05
E8
36
D7
DC
FF
Change of je 00BCE57C
00BCE553
bio4.exe
23E553
BE
28
50
00
00
74
27
D9
05
2C
59
19
Change of je 00BCE64E
00BCE63A
bio4.exe
23E63A
B9
28
50
00
00
74
12
8B
81
0C
53
00
Change of je 00BCE6C7
00BCE6AF
bio4.exe
23E6AF
B9
28
50
00
00
74
16
8B
81
0C
53
00
Change of jne 00BCE77C
00BCE6C1
bio4.exe
23E6C1
59
19
01
85
D2
0F
85
B5
00
00
00
85
B9
70
01
00
Change of jne 00BCE725
00BCE6CD
bio4.exe
23E6CD
B9
70
01
00
00
75
56
E8
18
A6
DC
FF
Change of jne 00BCE71E
00BCE709
bio4.exe
23E709
DD
D9
F6
C4
01
75
13
DC
25
48
D4
09
Change of je 00BCE7D7
00BCE7A0
bio4.exe
23E7A0
C9
0B
C1
5F
5E
74
35
E8
EF
2D
DC
FF
Change of je 00DA76EB
00DA76AD
bio4.exe
5676AD
FA
FF
FF
3B
C1
74
3C
3B
78
14
72
37
Change of mov [eax+10],ecx
00DA61A1
bio4.exe
5661A1
44
5F
04
01
01
89
48
10
89
50
14
0F
84
Change of jne 00DA79E8
00DA79E0
bio4.exe
5679E0
FF
8B
08
3B
CA
75
06
33
C0
33
C9
EB
Change of je 00DA7AA7
00DA7A72
bio4.exe
567A72
00
75
37
0B
D6
74
33
80
3D
D8
01
0A
Change of jne 00DA7AA7
00DA7A7B
bio4.exe
567A7B
D8
01
0A
01
00
75
2A
D9
EE
D9
15
B0
Change of jne 00DA7AA9
00DA7A8E
bio4.exe
567A8E
65
01
83
FB
10
75
19
83
BD
EC
FA
FF
Change of jne 00DA7AA9
00DA7A97
bio4.exe
567A97
EC
FA
FF
FF
00
75
10
D9
95
F8
FA
FF
Change of je 00DA7E23
00DA7C05
bio4.exe
567C05
85
EC
FA
FF
FF
0F
84
18
02
00
00
09
1D
88
F6
09
Change of je 00DA7DC7
00DA7DA5
bio4.exe
567DA5
65
01
00
D8
C9
74
20
D9
C0
D8
C1
E8
Change of fld dword ptr [eax+2C]
00DB0F1D
bio4.exe
570F1D
40
28
D9
59
28
D9
40
2C
D9
59
2C
5D
C3
Change of je 0024E280
0024E274
bio4.exe
19E274
E7
FF
83
E8
02
74
0A
83
E8
02
74
05
Change of je 0024E280
0024E279
bio4.exe
19E279
90
90
83
E8
02
74
05
83
E8
04
75
0C
Change of je 0024E29C
0024E293
bio4.exe
19E293
B6
01
00
00
00
74
07
83
0D
F8
C9
91
Change of fmul st(0),st(2)
0024E1B7
bio4.exe
19E1B7
05
78
D2
8F
00
D8
CA
D9
9D
84
FE
FF
Change of mov [ecx],edx
01424E70
bio4.exe
574E70
D1
75
10
8B
10
89
11
8B
50
04
89
51
Change of jne 01424E7E
01424E6C
bio4.exe
574E6C
D9
58
08
3B
D1
75
10
8B
10
89
11
8B
Change of je 01424E4F
01424E4B
bio4.exe
574E4B
8D
45
F0
3B
D1
74
02
8B
C1
D9
02
D9
Change of je 00F7490D
00F748FC
bio4.exe
2548FC
DF
E0
F6
C4
41
74
0F
DD
05
30
B4
43
Change of jne 012872AB
0128729D
bio4.exe
56729D
DF
E0
F6
C4
41
75
0C
DD
D8
DD
D9
D9
Change of jp 012872BE
012872B4
bio4.exe
5672B4
DF
E0
F6
C4
05
7A
08
D9
1D
B4
F0
B3
Change of je 01286EBC
01286EAC
bio4.exe
566EAC
00
00
00
80
00
74
0E
D9
85
F8
FA
FF
Change of je 01287217
01286EC3
bio4.exe
566EC3
D8
01
58
01
00
0F
84
4E
03
00
00
E8
29
FA
A9
FF
Change of jne 0114727D
0114726F
bio4.exe
56726F
2E
01
F6
C4
41
75
0C
DD
D9
D9
C9
D9
Change of fstp st(1)
01147271
bio4.exe
567271
F6
C4
41
75
0C
DD
D9
D9
C9
D9
15
B0
Change of fst dword ptr [019FF0B0]
011472CB
bio4.exe
5672CB
00
74
36
D9
EE
D9
15
B0
F0
9F
01
D9
1D
B4
F0
9F
Change of fst dword ptr [019FF0B0]
01147288
bio4.exe
567288
F6
C4
41
75
06
D9
15
B0
F0
9F
01
D9
C9
D9
05
B4
Change of fst dword ptr [019FF0B0]
01147275
bio4.exe
567275
0C
DD
D9
D9
C9
D9
15
B0
F0
9F
01
EB
13
D8
D1
DF
Change of fstp dword ptr [019FF0B0]
01147240
bio4.exe
567240
01
DE
C2
D9
C9
D9
1D
B0
F0
9F
01
D9
85
F4
FA
FF
Change of fxch st(1)
0114723E
bio4.exe
56723E
F0
9F
01
DE
C2
D9
C9
D9
1D
B0
F0
9F
enableFlags
00F36049
cameraBase
13B50000
spinCam
01147236
minVal
0114723C
maxVal
01147240
zero
01147244