South Park The Stick of Truth Cheat Table
Features
Features
- God mode
- one hit kills
- infinite mana
- power points
- money hack
- experience cheat
- max armor
god mode cheat:
[ENABLE]
aobscanmodule(Player1,South Park - The Stick of Truth.exe,F3 0F 10 41 18 F3 0F 5E C1) // should be unique
alloc(newmem,$1000)
label(code)
label(player_base)
label(return)
label(insta)
label(code2)
label(one_hit)
registersymbol(player_base)
registersymbol(insta)
newmem:
cmp [ecx+74],00 // 74 1/0
je code
mov [player_base],ecx
push ebx
mov ebx,[ecx+1C]
mov [ecx+18],ebx
pop ebx
movss xmm0,[ecx+18]
jmp return
code:
cmp [insta],1
je one_hit
code2:
movss xmm0,[ecx+18]
jmp return
player_base:
dd 0
insta:
dd 0
one_hit:
cmp [ecx+18],(float)1
jle code2
mov [ecx+18],(float)1
jmp code2
Player1:
jmp newmem
return:
registersymbol(Player1)
[DISABLE]
Player1:
db F3 0F 10 41 18
unregistersymbol(Player1)
unregistersymbol(player_base)
unregistersymbol(insta)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "South Park - The Stick of Truth.exe"+3365F1
"South Park - The Stick of Truth.exe"+3365DB: C2 0C 00 - ret 000C
"South Park - The Stick of Truth.exe"+3365DE: CC - int 3
"South Park - The Stick of Truth.exe"+3365DF: CC - int 3
"South Park - The Stick of Truth.exe"+3365E0: 55 - push ebp
"South Park - The Stick of Truth.exe"+3365E1: 8B EC - mov ebp,esp
"South Park - The Stick of Truth.exe"+3365E3: 51 - push ecx
"South Park - The Stick of Truth.exe"+3365E4: F3 0F 10 49 1C - movss xmm1,[ecx+1C]
"South Park - The Stick of Truth.exe"+3365E9: 0F 57 D2 - xorps xmm2,xmm2
"South Park - The Stick of Truth.exe"+3365EC: 0F 2F CA - comiss xmm1,xmm2
"South Park - The Stick of Truth.exe"+3365EF: 76 25 - jna "South Park - The Stick of Truth.exe"+336616
// ---------- INJECTING HERE ----------
"South Park - The Stick of Truth.exe"+3365F1: F3 0F 10 41 18 - movss xmm0,[ecx+18]
// ---------- DONE INJECTING ----------
"South Park - The Stick of Truth.exe"+3365F6: F3 0F 5E C1 - divss xmm0,xmm1
"South Park - The Stick of Truth.exe"+3365FA: F3 0F 10 0D B0 19 B7 00 - movss xmm1,["South Park - The Stick of Truth.exe"+7719B0]
"South Park - The Stick of Truth.exe"+336602: 0F 2F C1 - comiss xmm0,xmm1
"South Park - The Stick of Truth.exe"+336605: 76 12 - jna "South Park - The Stick of Truth.exe"+336619
"South Park - The Stick of Truth.exe"+336607: 0F 28 C1 - movaps xmm0,xmm1
"South Park - The Stick of Truth.exe"+33660A: F3 0F 11 45 FC - movss [ebp-04],xmm0
"South Park - The Stick of Truth.exe"+33660F: D9 45 FC - fld dword ptr [ebp-04]
"South Park - The Stick of Truth.exe"+336612: 8B E5 - mov esp,ebp
"South Park - The Stick of Truth.exe"+336614: 5D - pop ebp
"South Park - The Stick of Truth.exe"+336615: C3 - ret
}
power points / mana lookup:
[ENABLE]
aobscanmodule(power_points,South Park - The Stick of Truth.exe,D9 44 C1 1C 5D) // should be unique
alloc(newmem,$100)
label(code)
label(power)
label(return)
registersymbol(power)
newmem:
cmp [ecx+1C],00
je code
cmp eax,02
jne code
mov [power],ecx
push ebx
mov ebx,[ecx+30]
mov [ecx+eax*8+1C],ebx
mov [ecx+1C],(float)100
pop ebx
code:
fld dword ptr [ecx+eax*8+1C]
pop ebp
jmp return
power:
dd 0
power_points:
jmp newmem
return:
registersymbol(power_points)
[DISABLE]
power_points:
db D9 44 C1 1C 5D
unregistersymbol(power_points)
unregistersymbol(power)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "South Park - The Stick of Truth.exe"+38587D
"South Park - The Stick of Truth.exe"+38586C: CC - int 3
"South Park - The Stick of Truth.exe"+38586D: CC - int 3
"South Park - The Stick of Truth.exe"+38586E: CC - int 3
"South Park - The Stick of Truth.exe"+38586F: CC - int 3
"South Park - The Stick of Truth.exe"+385870: 55 - push ebp
"South Park - The Stick of Truth.exe"+385871: 8B EC - mov ebp,esp
"South Park - The Stick of Truth.exe"+385873: 8B 45 08 - mov eax,[ebp+08]
"South Park - The Stick of Truth.exe"+385876: 83 F8 03 - cmp eax,03
"South Park - The Stick of Truth.exe"+385879: 7D 0A - jnl "South Park - The Stick of Truth.exe"+385885
"South Park - The Stick of Truth.exe"+38587B: 03 C0 - add eax,eax
// ---------- INJECTING HERE ----------
"South Park - The Stick of Truth.exe"+38587D: D9 44 C1 1C - fld dword ptr [ecx+eax*8+1C]
"South Park - The Stick of Truth.exe"+385881: 5D - pop ebp
// ---------- DONE INJECTING ----------
"South Park - The Stick of Truth.exe"+385882: C2 04 00 - ret 0004
"South Park - The Stick of Truth.exe"+385885: D9 EE - fldz
"South Park - The Stick of Truth.exe"+385887: 5D - pop ebp
"South Park - The Stick of Truth.exe"+385888: C2 04 00 - ret 0004
"South Park - The Stick of Truth.exe"+38588B: CC - int 3
"South Park - The Stick of Truth.exe"+38588C: CC - int 3
"South Park - The Stick of Truth.exe"+38588D: CC - int 3
"South Park - The Stick of Truth.exe"+38588E: CC - int 3
"South Park - The Stick of Truth.exe"+38588F: CC - int 3
"South Park - The Stick of Truth.exe"+385890: 55 - push ebp
}
Money lookup script:
[ENABLE]
aobscanmodule(money,South Park - The Stick of Truth.exe,8B 04 D1 5D C2 04 00)
//aobscan(increase_money,8B 04 D1 5D C2 04 00)
alloc(newmem,$1000)
//alloc(newmema,$100)
label(code)
label(increase)
label(raise1)
label(codea)
label(money_base)
label(returna)
registersymbol(money_base)
registersymbol(increase)
newmem:
cmp edx,03
jne code
push ebx
lea ebx,[ecx+edx*8]
mov [money_base],ebx
pop ebx
cmp [increase],1
je raise1
code:
mov eax,[ecx+edx*8]
pop ebp
ret 0004
jmp returna
money_base:
dd 0
codea:
mov eax,[ecx+edx*8]
pop ebp
ret 0004
jmp returna
raise1:
mov [increase],0
add [ecx+edx*8],12C
jmp codea
increase:
dd 0
money:
jmp newmem
nop
nop
returna:
registersymbol(money)
[DISABLE]
money:
db 8B 04 D1 5D C2 04 00
unregistersymbol(increase)
unregistersymbol(money)
unregistersymbol(money_base)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "South Park - The Stick of Truth.exe"+338B13
"South Park - The Stick of Truth.exe"+338AF3: 8B 45 08 - mov eax,[ebp+08]
"South Park - The Stick of Truth.exe"+338AF6: 83 F8 03 - cmp eax,03
"South Park - The Stick of Truth.exe"+338AF9: 7D 1F - jnl "South Park - The Stick of Truth.exe"+338B1A
"South Park - The Stick of Truth.exe"+338AFB: 83 3D 24 90 FE 01 00 - cmp dword ptr ["South Park - The Stick of Truth.exe"+1BE9024],00
"South Park - The Stick of Truth.exe"+338B02: 74 0B - je "South Park - The Stick of Truth.exe"+338B0F
"South Park - The Stick of Truth.exe"+338B04: 8D 04 40 - lea eax,[eax+eax*2]
"South Park - The Stick of Truth.exe"+338B07: 8B 44 C1 1C - mov eax,[ecx+eax*8+1C]
"South Park - The Stick of Truth.exe"+338B0B: 5D - pop ebp
"South Park - The Stick of Truth.exe"+338B0C: C2 04 00 - ret 0004
"South Park - The Stick of Truth.exe"+338B0F: 8D 54 40 03 - lea edx,[eax+eax*2+03]
// ---------- INJECTING HERE ----------
"South Park - The Stick of Truth.exe"+338B13: 8B 04 D1 - mov eax,[ecx+edx*8]
"South Park - The Stick of Truth.exe"+338B16: 5D - pop ebp
"South Park - The Stick of Truth.exe"+338B17: C2 04 00 - ret 0004
// ---------- DONE INJECTING ----------
"South Park - The Stick of Truth.exe"+338B1A: 33 C0 - xor eax,eax
"South Park - The Stick of Truth.exe"+338B1C: 5D - pop ebp
"South Park - The Stick of Truth.exe"+338B1D: C2 04 00 - ret 0004
"South Park - The Stick of Truth.exe"+338B20: 55 - push ebp
"South Park - The Stick of Truth.exe"+338B21: 8B EC - mov ebp,esp
"South Park - The Stick of Truth.exe"+338B23: 53 - push ebx
"South Park - The Stick of Truth.exe"+338B24: 56 - push esi
"South Park - The Stick of Truth.exe"+338B25: 8B 75 08 - mov esi,[ebp+08]
"South Park - The Stick of Truth.exe"+338B28: 33 C0 - xor eax,eax
"South Park - The Stick of Truth.exe"+338B2A: 8B D9 - mov ebx,ecx
}
