<?xml version="1.0" encoding="utf-8"?>
<CheatTable CheatEngineTableVersion="34">
  <CheatEntries>
    <CheatEntry>
      <ID>3</ID>
      <Description>"_EXP"</Description>
      <LastState Value="273" RealAddress="136E8AA8"/>
      <VariableType>4 Bytes</VariableType>
      <Address>"Game.exe"+00616550</Address>
      <Offsets>
        <Offset>20</Offset>
        <Offset>4</Offset>
        <Offset>64</Offset>
      </Offsets>
    </CheatEntry>
    <CheatEntry>
      <ID>10</ID>
      <Description>"_Money"</Description>
      <LastState Value="37" RealAddress="1344EF9C"/>
      <VariableType>4 Bytes</VariableType>
      <Address>"Game.exe"+006165B4</Address>
      <Offsets>
        <Offset>44</Offset>
        <Offset>5C</Offset>
      </Offsets>
    </CheatEntry>
    <CheatEntry>
      <ID>5</ID>
      <Description>"_HealthInBattle"</Description>
      <LastState Value="91" RealAddress="1339DC58"/>
      <VariableType>4 Bytes</VariableType>
      <Address>"Game.exe"+00616550</Address>
      <Offsets>
        <Offset>0</Offset>
        <Offset>24</Offset>
        <Offset>1CC</Offset>
      </Offsets>
    </CheatEntry>
    <CheatEntry>
      <ID>9</ID>
      <Description>"_HealthInUI"</Description>
      <LastState Value="100" RealAddress="136E8A90"/>
      <VariableType>4 Bytes</VariableType>
      <Address>"Game.exe"+00616550</Address>
      <Offsets>
        <Offset>8</Offset>
        <Offset>4</Offset>
        <Offset>64</Offset>
      </Offsets>
    </CheatEntry>
    <CheatEntry>
      <ID>14</ID>
      <Description>"_LivingState"</Description>
      <LastState Value="1" RealAddress="132A1208"/>
      <ShowAsSigned>0</ShowAsSigned>
      <VariableType>4 Bytes</VariableType>
      <Address>"Game.exe"+0061647C</Address>
      <Offsets>
        <Offset>38</Offset>
        <Offset>B4</Offset>
      </Offsets>
    </CheatEntry>
    <CheatEntry>
      <ID>2</ID>
      <Description>"_FrameCountSinceTitle"</Description>
      <LastState Value="859814" RealAddress="00A18B4C"/>
      <VariableType>4 Bytes</VariableType>
      <Address>Game.exe+618B4C</Address>
    </CheatEntry>
    <CheatEntry>
      <ID>16</ID>
      <Description>"_PlayerTurn"</Description>
      <LastState Value="1" RealAddress="132A39AC"/>
      <ShowAsSigned>0</ShowAsSigned>
      <VariableType>4 Bytes</VariableType>
      <Address>"Game.exe"+0061647C</Address>
      <Offsets>
        <Offset>4</Offset>
        <Offset>1F4</Offset>
      </Offsets>
    </CheatEntry>
    <CheatEntry>
      <ID>22</ID>
      <Description>"_EnemyHealth"</Description>
      <LastState Value="0" RealAddress="1339DBB0"/>
      <VariableType>4 Bytes</VariableType>
      <Address>"Game.exe"+00616550</Address>
      <Offsets>
        <Offset>0</Offset>
        <Offset>4</Offset>
        <Offset>1CC</Offset>
      </Offsets>
    </CheatEntry>
    <CheatEntry>
      <ID>12</ID>
      <Description>"AAS Carry XP + XP On Damaged"</Description>
      <LastState/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>{ Game   : Game.exe
  Version: 
  Date   : 2023-01-30
  Author : micha

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(PerFrame,Game.exe,89 15 4C 8B A1 00) // should be unique
alloc(newmem,$1000)

label(code)
label(return)
label(titlewait)
label(loadwait)
label(defeated)
label(setstatus)
label(mainmenu)
label(playerturn)
label(enemyturn)

newmem:
  push ebx
  push eax
  mov ebx, [varWaitForLoad] // Check if we're waiting for load after defeat
  cmp ebx, 0
  jne loadwait
  mov ebx, ["Game.exe"+0061647C] // Get living state
  mov ebx, [ebx+B4]
  lea ebx, [ebx+38]
  mov ebx, [ebx]
  cmp ebx, 0 // Check if living state is 0 (Main Menu)
  je mainmenu
  cmp ebx, 2 // Check if living state is 2 (defeated)
  je defeated
  mov ebx, ["Game.exe"+0061647C] // Check player turn state
  mov ebx, [ebx+1F4]
  lea ebx, [ebx+4]
  mov ebx, [ebx]
  cmp ebx, 1
  je playerturn
  cmp ebx, 0
  je enemyturn
  jmp code

playerturn:
  mov [varPlayed], 3
  mov ebx, ["Game.exe"+00616550] // Set health var
  mov ebx, [ebx+1CC]
  mov ebx, [ebx+24]
  lea ebx, [ebx+0]
  mov ebx, [ebx]
  mov [varHealth], ebx
  cmp [varEPlayed], 0
  je code
  mov ebx, ["Game.exe"+00616550] // Check for enemy health decrease
  mov ebx, [ebx+1CC]
  mov ebx, [ebx+4]
  lea ebx, [ebx+0]
  mov ebx, [ebx]
  cmp [varEHealth], ebx
  jbe code
  mov [varEHealth], ebx
  sub [varEPlayed], 1
  mov ebx, ["Game.exe"+00616550] // grant 1 xp for dealing damage
  mov ebx, [ebx+64]
  mov ebx, [ebx+4]
  lea ebx, [ebx+20]
  add [ebx], 1
  jmp code

enemyturn:
  mov [varEPlayed], 3
  mov ebx, ["Game.exe"+00616550] // Set enemy health var
  mov ebx, [ebx+1CC]
  mov ebx, [ebx+4]
  lea ebx, [ebx+0]
  mov ebx, [ebx]
  mov [varEHealth], ebx
  cmp [varPlayed], 0
  je code
  mov ebx, ["Game.exe"+00616550] // Check for health decrease
  mov ebx, [ebx+1CC]
  mov ebx, [ebx+24]
  lea ebx, [ebx+0]
  mov ebx, [ebx]
  cmp [varHealth], ebx
  jbe code
  mov [varHealth], ebx
  sub [varPlayed], 1
  mov ebx, ["Game.exe"+00616550] // grant 1 xp for taking damage
  mov ebx, [ebx+64]
  mov ebx, [ebx+4]
  lea ebx, [ebx+20]
  add [ebx], 1
  jmp code

defeated:
  mov [varHealth], 0
  mov ebx, ["Game.exe"+00616550] // store current exp
  mov ebx, [ebx+64]
  mov ebx, [ebx+4]
  lea ebx, [ebx+20]
  mov ebx, [ebx]
  mov [varEXP], ebx
  mov [varWaitForLoad], 1 // Set wait for load to state 1
  jmp code

loadwait:
  cmp [varWaitForLoad], 1 // Check if we're still waiting for Main Menu
  je titlewait
  mov ebx, ["Game.exe"+0061647C] // Check if living state is 1 (Living)
  mov ebx, [ebx+B4]
  lea ebx, [ebx+38]
  mov ebx, [ebx]
  cmp ebx, 1
  je setstatus
  cmp ebx, 2 // Check for living state 2 for New Game reset trigger
  jne code
  mov [varWaitForLoad], 0
  mov [varEXP], 0
  mov [varHealth], 0
  jmp code

titlewait:
  mov ebx, ["Game.exe"+0061647C] // Check if living state is 0 (Main Menu)
  mov ebx, [ebx+B4]
  lea ebx, [ebx+38]
  mov ebx, [ebx]
  cmp ebx, 0
  jne code
  mov [varWaitForLoad], 2
  jmp loadwait

setstatus:
  mov ebx, ["Game.exe"+00616550] // set EXP + 10
  mov ebx, [ebx+64]
  mov ebx, [ebx+4]
  lea ebx, [ebx+20]
  mov eax, [varEXP]
  add eax, A
  mov [ebx], eax
  mov ebx, ["Game.exe"+00616550] // Set UI Health to 100
  mov ebx, [ebx+64]
  mov ebx, [ebx+4]
  lea ebx, [ebx+8]
  mov [ebx], 64
  mov [varHealth], 64
  mov [varWaitForLoad], 0 // Disable wait for load
  jmp code

mainmenu:
  mov [varWaitForLoad], 0
  mov [varEXP], 0
  mov [varHealth], 0
  mov [varPlayed], 0
  mov [varEPlayed], 0
code:
  pop ebx
  pop eax
  mov [Game.exe+618B4C],edx
  jmp return

varWaitForLoad:
  dd (int)0

varEXP:
  dd (int)0

varHealth:
  dd (int)0

varEHealth:
  dd (int)0

varPlayed:
  dd (int)0

varEPlayed:
  dd (int)0

PerFrame:
  jmp newmem
  nop
return:
registersymbol(PerFrame)

[DISABLE]

PerFrame:
  db 89 15 4C 8B A1 00

unregistersymbol(PerFrame)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: Game.exe+C20C1

Game.exe+C2095: E8 B6 95 F8 FF                 - call Game.exe+4B650
Game.exe+C209A: C7 05 D8 17 A1 00 00 00 00 00  - mov [Game.exe+6117D8],00000000
Game.exe+C20A4: B9 01 00 00 00                 - mov ecx,00000001
Game.exe+C20A9: 85 C9                          - test ecx,ecx
Game.exe+C20AB: 0F 84 BB 01 00 00              - je Game.exe+C226C
Game.exe+C20B1: A1 4C 8B A1 00                 - mov eax,[Game.exe+618B4C]
Game.exe+C20B6: 83 C0 01                       - add eax,01
Game.exe+C20B9: 99                             - cdq 
Game.exe+C20BA: B9 80 96 98 00                 - mov ecx,Game.exe+589680
Game.exe+C20BF: F7 F9                          - idiv ecx
// ---------- INJECTING HERE ----------
Game.exe+C20C1: 89 15 4C 8B A1 00              - mov [Game.exe+618B4C],edx
// ---------- DONE INJECTING  ----------
Game.exe+C20C7: 0F B6 15 CC 40 A1 00           - movzx edx,byte ptr [Game.exe+6140CC]
Game.exe+C20CE: 85 D2                          - test edx,edx
Game.exe+C20D0: 74 18                          - je Game.exe+C20EA
Game.exe+C20D2: C6 05 CC 40 A1 00 00           - mov byte ptr [Game.exe+6140CC],00
Game.exe+C20D9: 8B 8D 30 FF FF FF              - mov ecx,[ebp-000000D0]
Game.exe+C20DF: 81 C1 84 00 00 00              - add ecx,00000084
Game.exe+C20E5: E8 F6 E2 FF FF                 - call Game.exe+C03E0
Game.exe+C20EA: B9 60 68 A1 00                 - mov ecx,Game.exe+616860
Game.exe+C20EF: E8 5C 95 F8 FF                 - call Game.exe+4B650
Game.exe+C20F4: B9 7C 81 A1 00                 - mov ecx,Game.exe+61817C
}
</AssemblerScript>
    </CheatEntry>
  </CheatEntries>
  <UserdefinedSymbols/>
</CheatTable>
