Bloons Tower Defense 5 Cheat Table - Money Hack + more

Bloons Tower Defense 5 Cheat Table - Money Hack + more 2020-07-22

Login to enable download
Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat
Bloons Tower Defense 5 Cheat Table

1595383313544.png


Features

  • Money Hack
  • Extra XP cheat
  • 2500 XP per balloon
  • 9999 monkey money after purchase
  • extra bananas dropped per round
  • bank collect 999999
  • 999 agents deployment

Sample Scripts
Money Hack:
[ENABLE]

aobscanmodule(money1,BTD5-Win.exe,10 F2 0F 11 86 88 00 00 00) // should be unique
alloc(newmem,$100)

label(code)
label(norm)
label(return)

alloc(money,4)

money:
dq (double)9999999

newmem:

code:
fld qword ptr [money]
 fstp qword ptr [esi+00000088]
jmp return

norm:
movsd [esi+00000088],xmm0

  jmp return

money1+01:
  jmp code
  nop
  nop
  nop
return:
registersymbol(money1)

[DISABLE]

money1+01:
  db F2 0F 11 86 88 00 00 00

unregistersymbol(money1)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "BTD5-Win.exe"+19901C

"BTD5-Win.exe"+198FFF: CC                       -  int 3
"BTD5-Win.exe"+199000: 56                       -  push esi
"BTD5-Win.exe"+199001: 8B F1                    -  mov esi,ecx
"BTD5-Win.exe"+199003: F2 0F 10 86 88 00 00 00  -  movsd xmm0,[esi+00000088]
"BTD5-Win.exe"+19900B: 66 0F 2F C8              -  comisd xmm1,xmm0
"BTD5-Win.exe"+19900F: 76 05                    -  jna BTD5-Win.exe+199016
"BTD5-Win.exe"+199011: 0F 57 C0                 -  xorps xmm0,xmm0
"BTD5-Win.exe"+199014: EB 04                    -  jmp BTD5-Win.exe+19901A
"BTD5-Win.exe"+199016: F2 0F 5C C1              -  subsd xmm0,xmm1
"BTD5-Win.exe"+19901A: 6A 10                    -  push 10
// ---------- INJECTING HERE ----------
"BTD5-Win.exe"+19901C: F2 0F 11 86 88 00 00 00  -  movsd [esi+00000088],xmm0
// ---------- DONE INJECTING  ----------
"BTD5-Win.exe"+199024: FF 15 C4 C5 31 01        -  call dword ptr [BTD5-Win.exe+51C5C4]
"BTD5-Win.exe"+19902A: 8B C8                    -  mov ecx,eax
"BTD5-Win.exe"+19902C: 83 C4 04                 -  add esp,04
"BTD5-Win.exe"+19902F: 85 C9                    -  test ecx,ecx
"BTD5-Win.exe"+199031: 74 15                    -  je BTD5-Win.exe+199048
"BTD5-Win.exe"+199033: F2 0F 10 86 88 00 00 00  -  movsd xmm0,[esi+00000088]
"BTD5-Win.exe"+19903B: C7 01 40 9F 34 01        -  mov [ecx],BTD5-Win.exe+549F40
"BTD5-Win.exe"+199041: F2 0F 11 41 08           -  movsd [ecx+08],xmm0
"BTD5-Win.exe"+199046: EB 02                    -  jmp BTD5-Win.exe+19904A
"BTD5-Win.exe"+199048: 33 C9                    -  xor ecx,ecx
}
Extra XP:
[ENABLE]

aobscanmodule(exp1,BTD5-Win.exe,F2 0F 11 5E 28) // should be unique
alloc(newmem,$100)

label(code)
label(return)

alloc(exp,4)

exp:
dq (double)2500

newmem:

code:
addsd xmm0,[exp]
 movsd [esi+28],xmm0
  jmp return

exp1:
  jmp code
return:
registersymbol(exp1)

[DISABLE]

exp1:
  db F2 0F 11 5E 28

unregistersymbol(exp1)
dealloc(newmem)
dealloc(exp)

{
// ORIGINAL CODE - INJECTION POINT: "BTD5-Win.exe"+19B101

"BTD5-Win.exe"+19B0DE: F2 0F 58 C2              -  addsd xmm0,xmm2
"BTD5-Win.exe"+19B0E2: 66 0F 2F C1              -  comisd xmm0,xmm1
"BTD5-Win.exe"+19B0E6: 76 06                    -  jna BTD5-Win.exe+19B0EE
"BTD5-Win.exe"+19B0E8: F2 0F 5C CB              -  subsd xmm1,xmm3
"BTD5-Win.exe"+19B0EC: EB 03                    -  jmp BTD5-Win.exe+19B0F1
"BTD5-Win.exe"+19B0EE: 0F 28 CA                 -  movaps xmm1,xmm2
"BTD5-Win.exe"+19B0F1: F2 0F 5C D1              -  subsd xmm2,xmm1
"BTD5-Win.exe"+19B0F5: F2 0F 58 D9              -  addsd xmm3,xmm1
"BTD5-Win.exe"+19B0F9: 66 0F 5A CA              -  cvtpd2ps xmm1,xmm2
"BTD5-Win.exe"+19B0FD: F2 0F 10 C3              -  movsd xmm0,xmm3
// ---------- INJECTING HERE ----------
"BTD5-Win.exe"+19B101: F2 0F 11 5E 28           -  movsd [esi+28],xmm3
// ---------- DONE INJECTING  ----------
"BTD5-Win.exe"+19B106: 66 0F 2F 46 38           -  comisd xmm0,[esi+38]
"BTD5-Win.exe"+19B10B: F3 0F 11 4C 24 0C        -  movss [esp+0C],xmm1
"BTD5-Win.exe"+19B111: 72 5A                    -  jb BTD5-Win.exe+19B16D
"BTD5-Win.exe"+19B113: 83 46 20 01              -  add dword ptr [esi+20],01
"BTD5-Win.exe"+19B117: F2 0F 10 46 38           -  movsd xmm0,[esi+38]
"BTD5-Win.exe"+19B11C: 83 56 24 00              -  adc dword ptr [esi+24],00
"BTD5-Win.exe"+19B120: F2 0F 11 46 30           -  movsd [esi+30],xmm0
"BTD5-Win.exe"+19B125: 8B 46 44                 -  mov eax,[esi+44]
"BTD5-Win.exe"+19B128: 2B 46 40                 -  sub eax,[esi+40]
"BTD5-Win.exe"+19B12B: C1 F8 03                 -  sar eax,03
}
999 Agents after depoyment cheat:
[ENABLE]

aobscanmodule(agent1,BTD5-Win.exe,49 89 48 18 B0 01) // should be unique
alloc(newmem,$1000)

label(code)
label(return)

newmem:

code:
  dec ecx
  mov ecx,3E7
  mov [eax+18],ecx
  mov al,01
  jmp return

agent1:
  jmp code
  nop
return:
registersymbol(agent1)

[DISABLE]

agent1:
  db 49 89 48 18 B0 01

unregistersymbol(agent1)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "BTD5-Win.exe"+2478A1

"BTD5-Win.exe"+247880: 8D 45 08              -  lea eax,[ebp+08]
"BTD5-Win.exe"+247883: 50                    -  push eax
"BTD5-Win.exe"+247884: 8D 8E 10 01 00 00     -  lea ecx,[esi+00000110]
"BTD5-Win.exe"+24788A: E8 61 90 F2 FF        -  call BTD5-Win.exe+1708F0
"BTD5-Win.exe"+24788F: 8B 45 08              -  mov eax,[ebp+08]
"BTD5-Win.exe"+247892: 3B 86 10 01 00 00     -  cmp eax,[esi+00000110]
"BTD5-Win.exe"+247898: 74 16                 -  je BTD5-Win.exe+2478B0
"BTD5-Win.exe"+24789A: 8B 48 18              -  mov ecx,[eax+18]
"BTD5-Win.exe"+24789D: 85 C9                 -  test ecx,ecx
"BTD5-Win.exe"+24789F: 74 0F                 -  je BTD5-Win.exe+2478B0
// ---------- INJECTING HERE ----------
"BTD5-Win.exe"+2478A1: 49                    -  dec ecx
"BTD5-Win.exe"+2478A2: 89 48 18              -  mov [eax+18],ecx
"BTD5-Win.exe"+2478A5: B0 01                 -  mov al,01
// ---------- DONE INJECTING  ----------
"BTD5-Win.exe"+2478A7: 5F                    -  pop edi
"BTD5-Win.exe"+2478A8: 5E                    -  pop esi
"BTD5-Win.exe"+2478A9: 5B                    -  pop ebx
"BTD5-Win.exe"+2478AA: 8B E5                 -  mov esp,ebp
"BTD5-Win.exe"+2478AC: 5D                    -  pop ebp
"BTD5-Win.exe"+2478AD: C2 04 00              -  ret 0004
"BTD5-Win.exe"+2478B0: 5F                    -  pop edi
"BTD5-Win.exe"+2478B1: 5E                    -  pop esi
"BTD5-Win.exe"+2478B2: 32 C0                 -  xor al,al
"BTD5-Win.exe"+2478B4: 5B                    -  pop ebx
}
  • Like
Reactions: Kleon742 and Rake
Author
ChrisFayte
Downloads
0
Views
42
First release
Last update
Rating
0.00 star(s) 0 ratings

More resources from ChrisFayte

Community Mods League of Legends Accounts