Trove Tools Hack

[darkm125]

Same here, doesnt work

Perfect work for me ( trove US server )

[olz]

So in EU it doesnt work for me. When im clicking for example F3 it does not speed me up and doesnt even check on your trainer

[darkm125]

So in EU it doesnt work for me. When im clicking for example F3 it does not speed me up and doesnt even check on your trainer

 

aobscanmodule(SPEEDHACK,trove.exe,D8 0D F8 5D BC 00 D9 55) // should be unique
alloc(newmem,$1000)

label(code)
label(return)

newmem:

code:
fmul dword ptr [trove.AK::MotionEngine::SetPlayerVolume+3EC238]
jmp return

SPEEDHACK:
jmp code
nop
return:
registersymbol(SPEEDHACK)


SPEEDHACK:
db D8 0D F8 5D BC 00

unregistersymbol(SPEEDHACK)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "trove.exe"+517AB0

"trove.exe"+517A8B: 8B F1 - mov esi,ecx
"trove.exe"+517A8D: C7 45 FC 00 00 00 00 - mov [ebp-04],00000000
"trove.exe"+517A94: 8B 4E 20 - mov ecx,[esi+20]
"trove.exe"+517A97: E8 64 41 D6 FF - call trove.exe+27BC00
"trove.exe"+517A9C: 85 C0 - test eax,eax
"trove.exe"+517A9E: 74 64 - je trove.exe+517B04
"trove.exe"+517AA0: 6A 08 - push 08
"trove.exe"+517AA2: 8B C8 - mov ecx,eax
"trove.exe"+517AA4: E8 77 A8 03 00 - call trove.exe+552320
"trove.exe"+517AA9: 80 BE A7 00 00 00 00 - cmp byte ptr [esi+000000A7],00
// ---------- INJECTING HERE ----------
"trove.exe"+517AB0: D8 0D F8 5D 0C 01 - fmul dword ptr [trove.exe+855DF8]
// ---------- DONE INJECTING ----------
"trove.exe"+517AB6: D9 55 FC - fst dword ptr [ebp-04]
"trove.exe"+517AB9: F3 0F 10 45 FC - movss xmm0,[ebp-04]
"trove.exe"+517ABE: 74 12 - je trove.exe+517AD2
"trove.exe"+517AC0: F3 0F 59 05 A8 10 06 01 - mulss xmm0,[trove.exe+7F10A8]
"trove.exe"+517AC8: DD D8 - fstp st(0)
"trove.exe"+517ACA: F3 0F 11 45 FC - movss [ebp-04],xmm0
"trove.exe"+517ACF: D9 45 FC - fld dword ptr [ebp-04]
"trove.exe"+517AD2: 8B 86 18 01 00 00 - mov eax,[esi+00000118]
"trove.exe"+517AD8: 48 - dec eax
"trove.exe"+517AD9: 74 1A - je trove.exe+517AF5
}

 

aobscanmodule(FLYSPEED,trove.exe,0F 28 1D B0 98 B5 00 0F 58 26) // should be unique
alloc(newmem,$1000)

label(code)
label(return)

newmem:

code:
movaps xmm3,[trove.AK::MotionEngine::SetPlayerVolume+4A5A90]
jmp return

FLYSPEED:
jmp code
nop
nop
return:
registersymbol(FLYSPEED)


FLYSPEED:
db 0F 28 1D B0 98 B5 00

unregistersymbol(FLYSPEED)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "trove.exe"+39417A

"trove.exe"+394154: 0F 57 C0 - xorps xmm0,xmm0
"trove.exe"+394157: 0F 14 C8 - unpcklps xmm1,xmm0
"trove.exe"+39415A: F3 0F 10 47 38 - movss xmm0,[edi+38]
"trove.exe"+39415F: 0F 29 4D B0 - movaps [ebp-50],xmm1
"trove.exe"+394163: 0F 29 45 D0 - movaps [ebp-30],xmm0
"trove.exe"+394167: E8 54 89 DC FF - call trove.exe+15CAC0
"trove.exe"+39416C: 0F 28 65 D0 - movaps xmm4,[ebp-30]
"trove.exe"+394170: 8B 73 08 - mov esi,[ebx+08]
"trove.exe"+394173: 0F C6 E4 00 - shufps xmm4,xmm4,00
"trove.exe"+394177: 0F 59 20 - mulps xmm4,[eax]
// ---------- INJECTING HERE ----------
"trove.exe"+39417A: 0F 28 1D B0 98 05 01 - movaps xmm3,[trove.exe+7E98B0]
// ---------- DONE INJECTING ----------
"trove.exe"+394181: 0F 58 26 - addps xmm4,[esi]
"trove.exe"+394184: 0F 28 CC - movaps xmm1,xmm4
"trove.exe"+394187: 0F 59 CC - mulps xmm1,xmm4
"trove.exe"+39418A: 0F 28 D1 - movaps xmm2,xmm1
"trove.exe"+39418D: 0F 28 C1 - movaps xmm0,xmm1
"trove.exe"+394190: 0F C6 C1 55 - shufps xmm0,xmm1,55
"trove.exe"+394194: 0F C6 D1 AA - shufps xmm2,xmm1,-56
"trove.exe"+394198: 0F 58 D0 - addps xmm2,xmm0
"trove.exe"+39419B: 0F C6 C9 00 - shufps xmm1,xmm1,00
"trove.exe"+39419F: 0F 28 05 80 57 0A 01 - movaps xmm0,[trove.exe+835780]
}

[olz]

 

aobscanmodule(SPEEDHACK,trove.exe,D8 0D F8 5D BC 00 D9 55) // should be unique
alloc(newmem,$1000)

label(code)
label(return)

newmem:

code:
fmul dword ptr [trove.AK::MotionEngine::SetPlayerVolume+3EC238]
jmp return

SPEEDHACK:
jmp code
nop
return:
registersymbol(SPEEDHACK)


SPEEDHACK:
db D8 0D F8 5D BC 00

unregistersymbol(SPEEDHACK)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "trove.exe"+517AB0

"trove.exe"+517A8B: 8B F1 - mov esi,ecx
"trove.exe"+517A8D: C7 45 FC 00 00 00 00 - mov [ebp-04],00000000
"trove.exe"+517A94: 8B 4E 20 - mov ecx,[esi+20]
"trove.exe"+517A97: E8 64 41 D6 FF - call trove.exe+27BC00
"trove.exe"+517A9C: 85 C0 - test eax,eax
"trove.exe"+517A9E: 74 64 - je trove.exe+517B04
"trove.exe"+517AA0: 6A 08 - push 08
"trove.exe"+517AA2: 8B C8 - mov ecx,eax
"trove.exe"+517AA4: E8 77 A8 03 00 - call trove.exe+552320
"trove.exe"+517AA9: 80 BE A7 00 00 00 00 - cmp byte ptr [esi+000000A7],00
// ---------- INJECTING HERE ----------
"trove.exe"+517AB0: D8 0D F8 5D 0C 01 - fmul dword ptr [trove.exe+855DF8]
// ---------- DONE INJECTING ----------
"trove.exe"+517AB6: D9 55 FC - fst dword ptr [ebp-04]
"trove.exe"+517AB9: F3 0F 10 45 FC - movss xmm0,[ebp-04]
"trove.exe"+517ABE: 74 12 - je trove.exe+517AD2
"trove.exe"+517AC0: F3 0F 59 05 A8 10 06 01 - mulss xmm0,[trove.exe+7F10A8]
"trove.exe"+517AC8: DD D8 - fstp st(0)
"trove.exe"+517ACA: F3 0F 11 45 FC - movss [ebp-04],xmm0
"trove.exe"+517ACF: D9 45 FC - fld dword ptr [ebp-04]
"trove.exe"+517AD2: 8B 86 18 01 00 00 - mov eax,[esi+00000118]
"trove.exe"+517AD8: 48 - dec eax
"trove.exe"+517AD9: 74 1A - je trove.exe+517AF5
}

 

aobscanmodule(FLYSPEED,trove.exe,0F 28 1D B0 98 B5 00 0F 58 26) // should be unique
alloc(newmem,$1000)

label(code)
label(return)

newmem:

code:
movaps xmm3,[trove.AK::MotionEngine::SetPlayerVolume+4A5A90]
jmp return

FLYSPEED:
jmp code
nop
nop
return:
registersymbol(FLYSPEED)


FLYSPEED:
db 0F 28 1D B0 98 B5 00

unregistersymbol(FLYSPEED)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "trove.exe"+39417A

"trove.exe"+394154: 0F 57 C0 - xorps xmm0,xmm0
"trove.exe"+394157: 0F 14 C8 - unpcklps xmm1,xmm0
"trove.exe"+39415A: F3 0F 10 47 38 - movss xmm0,[edi+38]
"trove.exe"+39415F: 0F 29 4D B0 - movaps [ebp-50],xmm1
"trove.exe"+394163: 0F 29 45 D0 - movaps [ebp-30],xmm0
"trove.exe"+394167: E8 54 89 DC FF - call trove.exe+15CAC0
"trove.exe"+39416C: 0F 28 65 D0 - movaps xmm4,[ebp-30]
"trove.exe"+394170: 8B 73 08 - mov esi,[ebx+08]
"trove.exe"+394173: 0F C6 E4 00 - shufps xmm4,xmm4,00
"trove.exe"+394177: 0F 59 20 - mulps xmm4,[eax]
// ---------- INJECTING HERE ----------
"trove.exe"+39417A: 0F 28 1D B0 98 05 01 - movaps xmm3,[trove.exe+7E98B0]
// ---------- DONE INJECTING ----------
"trove.exe"+394181: 0F 58 26 - addps xmm4,[esi]
"trove.exe"+394184: 0F 28 CC - movaps xmm1,xmm4
"trove.exe"+394187: 0F 59 CC - mulps xmm1,xmm4
"trove.exe"+39418A: 0F 28 D1 - movaps xmm2,xmm1
"trove.exe"+39418D: 0F 28 C1 - movaps xmm0,xmm1
"trove.exe"+394190: 0F C6 C1 55 - shufps xmm0,xmm1,55
"trove.exe"+394194: 0F C6 D1 AA - shufps xmm2,xmm1,-56
"trove.exe"+394198: 0F 58 D0 - addps xmm2,xmm0
"trove.exe"+39419B: 0F C6 C9 00 - shufps xmm1,xmm1,00
"trove.exe"+39419F: 0F 28 05 80 57 0A 01 - movaps xmm0,[trove.exe+835780]
}

any tut?

[bratokpashok]

It works only Freeze Fly and infinity dodge :c

[ololbot3]

Yea ture. Fly speed, Speedhack, superjump and remove rog dosnt work on EU servers :s

[darkm125]

Yea ture. Fly speed, Speedhack, superjump and remove rog dosnt work on EU servers :s

Anyone have tested on US server ?

Edit, my hack work on EU server but, Trove update memory address every hours ( i work for get fix address )

[olz]

Yep, tested it on US - doesnt work.

So if trove updates their memory addres every X hours, then were unable to use this trainer for a longer time? cuz u have to update it every X hours, right?

[darkm125]

Yep, tested it on US - doesnt work.

So if trove updates their memory addres every X hours, then were unable to use this trainer for a longer time? cuz u have to update it every X hours, right?

Can you test this fly speed

 

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)

newmem: //this is allocated memory, you have read,write,execute access
//place your code here

originalcode:
movaps xmm3,[trove.AK::MotionEngine::SetPlayerVolume+4A5A90]

exit:
jmp returnhere

"trove.exe"+39417A:
jmp newmem
nop
nop
returnhere:




[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"trove.exe"+39417A:
movaps xmm3,[trove.AK::MotionEngine::SetPlayerVolume+3BFD70]
//Alt: db 0F 28 1D B0 98 B7 01

[ololbot3]

Yea fly hack are working now

[olz]

Yes it does work

[darkm125]

Yes it does work

wait 1 hours, normally this address = fix

[bratokpashok]

Can you test this fly speed

*How to replace?

[darkm125]

Can you test this fly speed

*How to replace?

Cheat engine lua script

[bratokpashok]

Help me please. How to configure address Cheat Engine, i am noob :cccc pls :c