[Coding] Age of Empires Online - ASM Sources [Memory Hacking]

[supex0]

Second post around here, thought I'd give some good stuff in.

Age of Empires Online was quite fun, though I would not recommend buying any premium cultures - if you've got the know-how, you'll figure out how to use every premium-only-item without being premium.

Also, the "Anti cheat protection" simply consists of:
-IsDebuggerPresent check
-doing a clientsided CRC check
-checking whether one byte in a specific memory block is set to either E9, EB or CC(int3 breakpoint instruction)




Anyway, here are some ch347c0d35
They are in Cheat Engine's "Auto Assembly"-Format.

"XLive Patch"

PHP Code:

/*"XLive Patch"
credits: supex0

This is mandatory in order for all other cheats to work
Just nops and jmps - pretty weak anti cheat system*/

xlive.dll+F370C:
jmp xlive.dll+F3843
db 90

xlive.dll+F3646:
db EB
xlive.dll+F36A6:
db 90 90 90 90 90 90
xlive.dll+F3614:
db EB 


"Press Escape to get 10.000 Resources"

PHP Code:

/*"Press Escape to get 10.000 Resources"
credits: supex0

Basically what this does is checking if the Menu is opened, if true then setting resources to 10.000*/

alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
label(amount)
label(type_stone)
label(type_food)
label(type_gold)
label(type_wood)

newmem:
pushad //push registers into stack
mov [amount],(float)10000 //float!

push [amount]
push type_wood //pointer to string
push 01 // You are ALWAYS Player 1
call rmSetPlayerResource //That function can be found as an export *cough* It's called like this: rmSetplayerResource(int PlayerID,pString Resource,float Amount)
add esp,0c //subtracted 3 * 0x04 bytes from stack, so add 3 * 0x04, "0x0C" back in

push [amount]
push type_gold
push 01
call rmSetPlayerResource
add esp,0c

push [amount]
push type_stone
push 01
call rmSetPlayerResource
add esp,0c

push [amount]
push type_food
push 01
call rmSetPlayerResource
add esp,0c

popall //pop previously saved registers from stack to the actual registers


originalcode:
mov edx,[ecx]
mov eax,[edx+74] //make sig if you like

exit:
jmp returnhere


amount:
db 00 00 00 00
type_wood:
db 'wood'
db 00
type_gold:
db 'gold'
db 00
type_stone:
db 'stone'
db 00
type_food:
db 'food'
db 00


spartan.exe+2A8D9E:
jmp newmem
returnhere: 


"Fog of War, Blackmap removal + RevealEntireMap"

PHP Code:

/*"Fog of War, Blackmap removal + RevealEntireMap"
credits: supex0

Removes "Fog of War" and the "Black Map", also reveals the entire map so you can see everything on the map, basically "Maphack"

Add this to any other code that is being executed while playing the game  in order to set it up, I'd recommend adding it to the 10.000  resources-code*/

call spartan.exe+451FC0 //trRevealEntireMap

push 00 //Blackmap, 00 = disabled
push 00 //Fog, 00 = disabled
call spartan.exe+44DF20 //trSetFogAndBlackmap
add esp,08 


"Instant Recruit"

PHP Code:

/*"Instant Recruit"
credits: supex0

Allows you to instantly recruit units aswell as upgrades*/

Spartan.exe+4EEF72:
db 90 90
Spartan.exe+4F9632:
db 90 90
Spartan.exe+4F188F:
db 90 90 


"Freeze Population at 1"

PHP Code:

/*"Freeze Population at 1"
credits: supex0

Freezes the population count at 1 so you can recruit as many units as you like*/

alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)

newmem: //this is allocated memory, you have read,write,execute access
mov ecx,01
originalcode:
mov [edx+78],ecx
mov [ebp-0C],eax

exit:
jmp returnhere

spartan.exe+2F6866:
jmp newmem
nop
returnhere: 


"Quest Instant Win"

PHP Code:

/*"Quest Instant Win"
credits: supex0

Sets the Questgoal to 0, works for all quests that require a specific amount of something done to win, e.g. killing 10 units of enemy team*/

alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
newmem:
mov ecx,[edi+14]
mov [esi+14],00 //<< This is where the Magic happens. ESI holds the actual quest pointer. You could also swap a whole quest with another to always have that certain quest active even when youve completed it already... oops I said too much
originalcode:
mov ecx,[edi+14]
mov [ebp-04],00000000

exit:
jmp returnhere

questpointer:
db 00 00 00 00
spartan.exe+363085:
jmp newmem
db 90 90 90 90 90
returnhere: 


[haxorico]

Looks wicked :O - I happened to get a premium Greek civilization for about 7$ some time ago and it seems a fair price for an RTS game of such, even more than fair.

As for the cheats\hacks - How do I use them? Do I need to compile? Use cheat-engine custom script? I'm not a bick expert on asm
If it demands to compile, can you post an .exe?
If it demands to use cheat-engine, can you post it as a cheat-engine table?

P.S: Is the "use premium items" kept for those who can manage it ?

[supex0]

It is in Cheat Engine's "Auto Assembly" format.
Cheat Engine > Memory View > Tools > Auto Assemble

Those who want to use premium items as non-premium will have to figure it out themselves, as I don't want to harm their sales (and I don't want to get a lawsuit... Microsoft is very bitchy when it comes to stuff like that)

[MKIK]

since that's on steam what's the possibility of getting steam ban?

[supex0]

as steam is not required to play this game - even when you've downloaded it through steam -, 0%.

[MKIK]

nice I may try it since I don't like Games for Windows stupid program

[haxorico]

It has nothing to do with steam. Its using "Games for Windows Live".

Thanks for the codes

[alotagals2]

The quest cheat when used returns an error saying "error in line 20 (questpointer: )This adress specifier is not valid"

how is this fixed?

Thanks

[supex0]

This error occurs because the address specifier is not labeled yet.
questpointer is not labeled, and also not used in this script at all.
Originally this code was used for quest swapping, so you'd always play (and win) the same quest again and again using a dump from a quest which gives you alot exp. Thats why questpointer is still in there.
Best way to make it work again would be simply removing questpointer along with its bytes.

[alotagals2]

oh ok, are you able to write an example with annotations for the legendary quests? I've had basic experience with coding but don't understand some of the more complex parts of this. When I used the resource one it booted me to the log in screen so that doesn't seem to work either. Lastly, where in the game should I be when I execute the first one so that the game doesn't pick up the cheats.

Thanks a lot