2
"Autowin"
Auto Assembler Script
[ENABLE]
aobscanmodule(_DamageMod,duel.dll,45 8B 44 1C 64)
aobscanmodule(_CurrentCards,duel.dll,49 03 F1 3B 56 0C)
aobscanmodule(_GetHealthEncrypted,duel.dll,43 8B 14 3C 41 33 D0)
aobscanmodule(_EnemyHealthMod,duel.dll,8B 04 02 33 C1 C3)
alloc(newmem,$1000,duel.dll)
alloc(newmem1,$1000,duel.dll)
alloc(_pDamage,8)
alloc(_pCurrentCardAnmountPlayer,8)
alloc(_pCurrentCardAnmountEnemy,8)
alloc(_bEnabled,4)
alloc(_ValuePlayer,4)
alloc(_ValueEnemy,4)
alloc(_enableEnemyHealthMod,4)
registersymbol(_ValueEnemy)
registersymbol(_EnemyHealthMod)
registersymbol(_pDamage)
registersymbol(_DamageMod)
registersymbol(_pCurrentCardAnmountPlayer)
registersymbol(_pCurrentCardAnmountEnemy)
registersymbol(_CurrentCards)
registersymbol(_GetHealthEncrypted)
registersymbol(_bEnabled)
registersymbol(_ValuePlayer)
registersymbol(_enableEnemyHealthMod)
label(code)
label(return)
label(code1)
label(return1)
label(newmemHealth)
label(newmemEnemyHealth)
label(code3)
label(return3)
newmem1:
code1:
add rsi,r9
cmp edx,[rsi+0C]
cmp rdi,0
je PlayerCards
cmp rdi,1
je EnemyCards
jmp return1
PlayerCards:
mov [_pCurrentCardAnmountPlayer],rsi
jmp return1
EnemyCards:
mov [_pCurrentCardAnmountEnemy],rsi
jmp return1
newmem:
push rax
cmp [r12+rbx+64],0
je code
lea rax,[r12+rbx+64]
mov [_pDamage],rax
code:
pop rax
mov r8d,[r12+rbx+64]
jmp return
newmemHealth:
pushf
cmp rbx,1
jne code9
cmp [_bEnabled],1
jne code9
movd xmm12,[_ValuePlayer]
movd [r12+r15],xmm12
xor [r12+r15],r8d
jmp code9
code9:
popf
mov edx,[r12+r15]
xor edx,r8d
jmp return9
newmemEnemyHealth:
pushf
cmp [_enableEnemyHealthMod],1
jne code3
cmp rdx,0
je code3
movd xmm12,[_ValueEnemy]
movd [rdx+rax],xmm12
xor [rdx+rax],ecx
code3:
popf
mov eax,[rdx+rax]
xor eax,ecx
jmp return3
_DamageMod:
jmp newmem
return:
_CurrentCards:
jmp newmem1
nop
return1:
_GetHealthEncrypted:
jmp newmemHealth
nop
nop
return9:
_EnemyHealthMod:
jmp newmemEnemyHealth
return3:
_pDamage:
dd 0
_bEnabled:
dd 0
_ValuePlayer:
dd #4000
_ValueEnemy:
dd #0
_enableEnemyHealthMod:
dd 1
[DISABLE]
_DamageMod:
db 45 8B 44 1C 64
_CurrentCards:
db 49 03 F1 3B 56 0C
_GetHealthEncrypted:
db 43 8B 14 3C 41 33 D0
_EnemyHealthMod:
db 8B 04 02 33 C1
unregistersymbol(_pDamage)
unregistersymbol(_DamageMod)
unregistersymbol(_CurrentCards)
unregistersymbol(_pCurrentCardAnmountEnemy)
unregistersymbol(_pCurrentCardAnmountPlayer)
unregistersymbol(_GetHealthEncrypted)
unregistersymbol(_bEnabled)
unregistersymbol(_ValuePlayer)
unregistersymbol(_EnemyHealthMod)
unregistersymbol(_ValueEnemy)
unregistersymbol(_enableEnemyHealthMod)
dealloc(_ValueEnemy)
dealloc(_bEnabled)
dealloc(newmem1)
dealloc(_ValuePlayer)
dealloc(_pCurrentCardAnmountPlayer)
dealloc(_pCurrentCardAnmountEnemy)
dealloc(_pDamage)
dealloc(newmem)
dealloc(_enableEnemyHealthMod)
{
// ORIGINAL CODE - INJECTION POINT: "duel.dll"+269AC0
"duel.dll"+269A84: 0F 8C 86 E1 FF FF - jl duel.dll+267C10
"duel.dll"+269A8A: 4C 8B 1D 4F C6 5C 00 - mov r11,[duel.dll+8360E0]
"duel.dll"+269A91: 4C 8B 05 58 D9 5C 00 - mov r8,[duel.dll+8373F0]
"duel.dll"+269A98: 4C 8B 25 89 C6 5C 00 - mov r12,[duel.dll+836128]
"duel.dll"+269A9F: 4D 8B EE - mov r13,r14
"duel.dll"+269AA2: 4C 89 B4 24 20 01 00 00 - mov [rsp+00000120],r14
"duel.dll"+269AAA: 48 C7 44 24 60 02 00 00 00 - mov [rsp+60],00000002
"duel.dll"+269AB3: BD 65 30 00 00 - mov ebp,00003065
"duel.dll"+269AB8: 41 BF 27 1D 00 00 - mov r15d,00001D27
"duel.dll"+269ABE: 66 90 - nop
// ---------- INJECTING HERE ----------
"duel.dll"+269AC0: 46 8B 4C 2B 64 - mov r9d,[rbx+r13+64]
// ---------- DONE INJECTING ----------
"duel.dll"+269AC5: 4A 8D 34 2B - lea rsi,[rbx+r13]
"duel.dll"+269AC9: 45 85 C9 - test r9d,r9d
"duel.dll"+269ACC: 0F 84 0B 05 00 00 - je duel.dll+269FDD
"duel.dll"+269AD2: 4C 0F BE 56 6A - movsx r10,byte ptr [rsi+6A]
"duel.dll"+269AD7: 49 8B C2 - mov rax,r10
"duel.dll"+269ADA: 83 E0 01 - and eax,01
"duel.dll"+269ADD: 48 69 C0 90 0D 00 00 - imul rax,rax,00000D90
"duel.dll"+269AE4: 0F B7 94 38 88 01 00 00 - movzx edx,word ptr [rax+rdi+00000188]
"duel.dll"+269AEC: 85 D2 - test edx,edx
"duel.dll"+269AEE: 0F 84 0F 01 00 00 - je duel.dll+269C03
}
3
"High Assessment"
Auto Assembler Script
[ENABLE]
aobscanmodule(_RewardBonus,duel.dll,42 0F B7 8C 02 EE 00 00 00) // should be unique
aobscanmodule(_DamageBonus,duel.dll,42 0F B7 84 11 DE 00 00 00)
aobscanmodule(_ShinyCardPlayed,duel.dll,89 98 A8 9C 0C 00)
aobscanmodule(_AllCardsPrismatic,duel.dll,8B 04 82 C3 33 C0)
aobscanmodule(_ForceWin,duel.dll,8B 44 01 10 48 8B 5C 24 30)
aobscanmodule(_TurnNum,duel.dll,83 B8 78 35 00 00 00 75 11)
aobscanmodule(_PrismaticBonus,duel.dll,88 4C 02 FF 49 3B C0 75 F1 B8)
aobscanmodule(_DuelReslts,duel.dll,0F B7 02 48 8D 49 04)
alloc(newmem,$4000,duel.dll)
alloc(_pTurnNum,4)
registersymbol(_pTurnNum)
registersymbol(_TurnNum)
registersymbol(_ForceWin)
registersymbol(_TurnNum)
registersymbol(_RewardBonus)
registersymbol(_DamageBonus)
registersymbol(_ShinyCardPlayed)
registersymbol(_AllCardsPrismatic)
registersymbol(_PrismaticBonus)
registersymbol(_DuelReslts)
newmem:
mov byte ptr [rdx+r8+00000048],#1 // 255 sampai baris 50
mov byte ptr [rdx+r8+0000008A],#1
mov byte ptr [rdx+r8+0000008B],#1
mov byte ptr [rdx+r8+0000008C],#1
mov byte ptr [rdx+r8+0000008D],#1
mov byte ptr [rdx+r8+0000008E],#1
mov byte ptr [rdx+r8+0000008F],#1
mov byte ptr [rdx+r8+00000090],#1
mov byte ptr [rdx+r8+00000091],#1
mov byte ptr [rdx+r8+00000092],#1
mov byte ptr [rdx+r8+00000093],#1
mov byte ptr [rdx+r8+00000094],#1
mov byte ptr [rdx+r8+00000095],#1
mov byte ptr [rdx+r8+00000096],#1
mov byte ptr [rdx+r8+00000097],#1
mov byte ptr [rdx+r8+00000098],#1
mov byte ptr [rdx+r8+00000099],#1
mov byte ptr [rdx+r8+0000009A],#1
mov byte ptr [rdx+r8+0000009B],#1
mov byte ptr [rdx+r8+0000009C],#1
mov byte ptr [rdx+r8+0000009D],#1
mov byte ptr [rdx+r8+0000009E],#1
mov byte ptr [rdx+r8+0000009F],#1
mov byte ptr [rdx+r8+000000A0],#1
mov byte ptr [rdx+r8+000000A1],#1
mov byte ptr [rdx+r8+000000A2],#1
mov byte ptr [rdx+r8+000000A3],#1
mov byte ptr [rdx+r8+000000A4],#1
mov byte ptr [rdx+r8+000000A5],#1
mov byte ptr [rdx+r8+000000A6],#1
mov byte ptr [rdx+r8+000000A7],#1
{
mov byte ptr [rdx+r8+000000A8],#0
mov byte ptr [rdx+r8+000000A9],#1
mov byte ptr [rdx+r8+000000AA],#1
mov byte ptr [rdx+r8+000000AB],#1
mov byte ptr [rdx+r8+000000AC],#0
mov byte ptr [rdx+r8+000000AD],#1
mov byte ptr [rdx+r8+000000AE],#1
mov byte ptr [rdx+r8+000000AF],#1
mov byte ptr [rdx+r8+000000B0],#1
mov byte ptr [rdx+r8+000000B1],#1
mov byte ptr [rdx+r8+000000B2],#1
mov byte ptr [rdx+r8+000000B3],#1
mov byte ptr [rdx+r8+000000B4],#0
mov byte ptr [rdx+r8+000000B5],#1
mov byte ptr [rdx+r8+000000B6],#1
mov byte ptr [rdx+r8+000000B7],#1
mov byte ptr [rdx+r8+000000B8],#1
mov byte ptr [rdx+r8+000000B9],#1
mov byte ptr [rdx+r8+000000BA],#1
mov byte ptr [rdx+r8+000000BB],#1
mov byte ptr [rdx+r8+000000BC],#0
mov byte ptr [rdx+r8+000000BD],#1
mov byte ptr [rdx+r8+000000BE],#1
mov byte ptr [rdx+r8+000000BF],#1
mov byte ptr [rdx+r8+000000C0],#0
mov byte ptr [rdx+r8+000000C1],#1
mov byte ptr [rdx+r8+000000C2],#1
mov byte ptr [rdx+r8+000000C3],#1
mov byte ptr [rdx+r8+000000C4],#1
mov byte ptr [rdx+r8+000000C5],#1
mov byte ptr [rdx+r8+000000C6],#1
mov byte ptr [rdx+r8+000000C7],#1
mov byte ptr [rdx+r8+000000C8],#1
mov byte ptr [rdx+r8+000000C9],#1
mov byte ptr [rdx+r8+000000CA],#1
mov byte ptr [rdx+r8+000000CB],#1
mov byte ptr [rdx+r8+000000CC],#1
mov byte ptr [rdx+r8+000000CD],#1
mov byte ptr [rdx+r8+000000CE],#1
mov byte ptr [rdx+r8+000000CF],#1
mov byte ptr [rdx+r8+000000D0],#0
mov byte ptr [rdx+r8+000000D1],#1
mov byte ptr [rdx+r8+000000D2],#1
mov byte ptr [rdx+r8+000000D3],#1
mov byte ptr [rdx+r8+000000D4],#1
mov byte ptr [rdx+r8+000000D5],#1
mov byte ptr [rdx+r8+000000D6],#1
mov byte ptr [rdx+r8+000000D7],#1
mov byte ptr [rdx+r8+000000D8],#1
mov byte ptr [rdx+r8+000000D9],#1
mov byte ptr [rdx+r8+000000DA],#1
mov byte ptr [rdx+r8+000000DB],#1
mov byte ptr [rdx+r8+000000DC],#1
mov byte ptr [rdx+r8+000000DD],#1
mov byte ptr [rdx+r8+000000DE],#1 // disini 99999999
mov byte ptr [rdx+r8+000000DF],#1
mov byte ptr [rdx+r8+000000E0],#1
mov byte ptr [rdx+r8+000000E1],#1
mov byte ptr [rdx+r8+000000E2],#1
mov byte ptr [rdx+r8+000000E3],#1
mov byte ptr [rdx+r8+000000E4],#1
mov byte ptr [rdx+r8+000000E5],#1
mov byte ptr [rdx+r8+000000E6],#1
mov byte ptr [rdx+r8+000000E7],#1
mov byte ptr [rdx+r8+000000E8],#1
mov byte ptr [rdx+r8+000000E9],#1
mov byte ptr [rdx+r8+000000EA],#1
mov byte ptr [rdx+r8+000000EB],#1
mov byte ptr [rdx+r8+000000EC],#1
mov byte ptr [rdx+r8+000000ED],#1
mov byte ptr [rdx+r8+000000EE],#1 // Monster killed
mov byte ptr [rdx+r8+000000EF],#1
mov byte ptr [rdx+r8+000000F0],#1
mov byte ptr [rdx+r8+000000F1],#1
mov byte ptr [rdx+r8+000000F2],#1
mov byte ptr [rdx+r8+000000F3],#1
mov byte ptr [rdx+r8+000000F4],#1
mov byte ptr [rdx+r8+000000F5],#1
mov byte ptr [rdx+r8+000000F6],#1
mov byte ptr [rdx+r8+000000F7],#1
mov byte ptr [rdx+r8+000000F8],#1
mov byte ptr [rdx+r8+000000F9],#1
mov byte ptr [rdx+r8+000000FA],#1
mov byte ptr [rdx+r8+000000FB],#1
mov byte ptr [rdx+r8+000000FC],#1
mov byte ptr [rdx+r8+000000FD],#1
mov byte ptr [rdx+r8+000000FE],#1
mov byte ptr [rdx+r8+000000FF],#1
mov byte ptr [rdx+r8+00000100],#1
mov byte ptr [rdx+r8+00000101],#1
mov byte ptr [rdx+r8+00000102],#1
mov byte ptr [rdx+r8+00000103],#1
mov byte ptr [rdx+r8+00000104],#1
mov byte ptr [rdx+r8+00000105],#1
mov byte ptr [rdx+r8+00000106],#1
mov byte ptr [rdx+r8+00000107],#1
mov byte ptr [rdx+r8+00000108],#1
mov byte ptr [rdx+r8+00000109],#1
mov byte ptr [rdx+r8+0000010A],#1 // Spell used
mov byte ptr [rdx+r8+0000010B],#1
mov byte ptr [rdx+r8+0000010C],#1
mov byte ptr [rdx+r8+0000010D],#1
mov byte ptr [rdx+r8+0000010E],#1
mov byte ptr [rdx+r8+0000010F],#1
mov byte ptr [rdx+r8+00000110],#1
mov byte ptr [rdx+r8+00000111],#1
mov byte ptr [rdx+r8+00000112],#1
mov byte ptr [rdx+r8+00000113],#1
mov byte ptr [rdx+r8+00000114],#1
mov byte ptr [rdx+r8+00000115],#1
mov byte ptr [rdx+r8+00000116],#1
mov byte ptr [rdx+r8+00000117],#1
mov byte ptr [rdx+r8+00000118],#1
mov byte ptr [rdx+r8+00000119],#1
mov byte ptr [rdx+r8+0000011C],#1
mov byte ptr [rdx+r8+00000120],#1
mov byte ptr [rdx+r8+00000121],#1
mov byte ptr [rdx+r8+00000122],#1
mov byte ptr [rdx+r8+00000123],#1 // 255 sampai baris 253
mov byte ptr [rdx+r8+00000124],#1
mov byte ptr [rdx+r8+00000125],#1
mov byte ptr [rdx+r8+00000126],#1
mov byte ptr [rdx+r8+00000127],#1
mov byte ptr [rdx+r8+00000128],#1
mov byte ptr [rdx+r8+00000129],#1
mov byte ptr [rdx+r8+0000012A],#1
mov byte ptr [rdx+r8+0000012B],#1
mov byte ptr [rdx+r8+0000012C],#1
mov byte ptr [rdx+r8+0000012D],#1
mov byte ptr [rdx+r8+0000012E],#1
mov byte ptr [rdx+r8+0000012F],#1
mov byte ptr [rdx+r8+00000130],#1
mov byte ptr [rdx+r8+00000131],#1
mov byte ptr [rdx+r8+00000132],#1
mov byte ptr [rdx+r8+00000133],#1
mov byte ptr [rdx+r8+00000134],#1
mov byte ptr [rdx+r8+00000135],#1
mov byte ptr [rdx+r8+00000136],#1
mov byte ptr [rdx+r8+00000137],#1
mov byte ptr [rdx+r8+00000138],#1
mov byte ptr [rdx+r8+00000139],#1
mov byte ptr [rdx+r8+0000013A],#1
mov byte ptr [rdx+r8+0000013B],#1
mov byte ptr [rdx+r8+0000013C],#1
mov byte ptr [rdx+r8+0000013D],#1
mov byte ptr [rdx+r8+0000013E],#1
mov byte ptr [rdx+r8+0000013F],#1
mov byte ptr [rdx+r8+00000140],#1
mov byte ptr [rdx+r8+00000141],#1
mov byte ptr [rdx+r8+00000142],#1
mov byte ptr [rdx+r8+00000143],#1
mov byte ptr [rdx+r8+00000144],#1
mov byte ptr [rdx+r8+00000145],#1
mov byte ptr [rdx+r8+00000146],#1
mov byte ptr [rdx+r8+00000147],#1
mov byte ptr [rdx+r8+00000148],#1
mov byte ptr [rdx+r8+00000149],#1
mov byte ptr [rdx+r8+0000014A],#1
mov byte ptr [rdx+r8+0000014B],#1
mov byte ptr [rdx+r8+0000014C],#1
mov byte ptr [rdx+r8+0000014D],#1
mov byte ptr [rdx+r8+0000014E],#1
mov byte ptr [rdx+r8+0000014F],#1
mov byte ptr [rdx+r8+00000150],#0 // No Damage
mov byte ptr [rdx+r8+00000151],#1 // No Damage
mov byte ptr [rdx+r8+00000152],#1 // No Damage
mov byte ptr [rdx+r8+00000153],#1 // No Damage
mov byte ptr [rdx+r8+00000154],#0 // No Damage
mov byte ptr [rdx+r8+00000155],#1 // No Damage
mov byte ptr [rdx+r8+00000156],#1 // No Damage
mov byte ptr [rdx+r8+00000157],#1 // No Damage
mov byte ptr [rdx+r8+00000158],#0 // No Damage
mov byte ptr [rdx+r8+00000159],#1 // No Damage
mov byte ptr [rdx+r8+0000015A],#1 // No Damage
mov byte ptr [rdx+r8+0000015B],#1 // No Damage
mov byte ptr [rdx+r8+0000015C],#0 // No Damage
mov byte ptr [rdx+r8+0000015D],#1 // No Damage
mov byte ptr [rdx+r8+0000015E],#1 // No Damage
mov byte ptr [rdx+r8+0000015F],#1 // No Damage
mov byte ptr [rdx+r8+00000160],#1 // No Damage
mov byte ptr [rdx+r8+00000161],#1 // No Damage
mov byte ptr [rdx+r8+00000162],#1 // No Damage
mov byte ptr [rdx+r8+00000163],#1 // No Damage
mov byte ptr [rdx+r8+00000164],#1 // No Damage
mov byte ptr [rdx+r8+00000165],#1 // No Damage
mov byte ptr [rdx+r8+00000166],#1 // No Damage
mov byte ptr [rdx+r8+00000167],#1 // No Damage
mov byte ptr [rdx+r8+00000168],#1 // No Damage
mov byte ptr [rdx+r8+00000169],#1 // No Damage
mov byte ptr [rdx+r8+0000016A],#1 // No Damage
mov byte ptr [rdx+r8+0000016B],#1 // No Damage
mov byte ptr [rdx+r8+0000016C],#0 // No Damage
mov byte ptr [rdx+r8+0000016D],#1 // No Damage
mov byte ptr [rdx+r8+0000016E],#1 // No Damage
mov byte ptr [rdx+r8+0000016F],#1 // No Damage
mov byte ptr [rdx+r8+00000170],#0 // No Damage
mov byte ptr [rdx+r8+00000171],#1 // No Damage
mov byte ptr [rdx+r8+00000172],#1 // No Damage
mov byte ptr [rdx+r8+00000173],#1 // No Damage
mov byte ptr [rdx+r8+00000174],#1 // No Damage
mov byte ptr [rdx+r8+00000175],#1 // No Damage
mov byte ptr [rdx+r8+00000176],#1 // No Damage
mov byte ptr [rdx+r8+00000177],#1 // No Damage
mov byte ptr [rdx+r8+00000178],#1 // No Damage
mov byte ptr [rdx+r8+00000179],#1 // No Damage
mov byte ptr [rdx+r8+0000017A],#1 // No Damage
mov byte ptr [rdx+r8+0000017B],#1 // No Damage
mov byte ptr [rdx+r8+0000017C],#1 // No Damage
mov byte ptr [rdx+r8+0000017D],#1 // No Damage
mov byte ptr [rdx+r8+0000017E],#1 // No Damage
mov byte ptr [rdx+r8+0000017F],#1 // No Damage
mov byte ptr [rdx+r8+00000180],#1 // No Damage
mov byte ptr [rdx+r8+00000181],#1 // No Damage
mov byte ptr [rdx+r8+00000182],#1 // No Damage
mov byte ptr [rdx+r8+00000183],#1 // No Damage
mov byte ptr [rdx+r8+00000184],#0 // No Damage
mov byte ptr [rdx+r8+00000185],#1 // No Damage
mov byte ptr [rdx+r8+00000186],#1 // No Damage
mov byte ptr [rdx+r8+00000187],#1 // No Damage
mov byte ptr [rdx+r8+00000188],#1 // No Damage
mov byte ptr [rdx+r8+00000189],#1 // No Damage
mov byte ptr [rdx+r8+0000018A],#1 // No Damage
mov byte ptr [rdx+r8+0000018B],#1 // No Damage
mov byte ptr [rdx+r8+0000018C],#1 // No Damage
mov byte ptr [rdx+r8+0000018D],#1 // No Damage
mov byte ptr [rdx+r8+0000018E],#1 // No Damage
mov byte ptr [rdx+r8+0000018F],#1 // No Damage
mov byte ptr [rdx+r8+00000190],#1 // No Damage
mov byte ptr [rdx+r8+00000190],#1 // No Damage
mov byte ptr [rdx+r8+00000191],#1 // No Damage
mov byte ptr [rdx+r8+00000192],#1 // No Damage
mov byte ptr [rdx+r8+00000193],#1 // No Damage
mov byte ptr [rdx+r8+00000194],#1 // No Damage
mov byte ptr [rdx+r8+00000195],#1 // No Damage
mov byte ptr [rdx+r8+00000196],#1 // No Damage
mov byte ptr [rdx+r8+00000197],#1 // No Damage
mov byte ptr [rdx+r8+00000198],#1 // No Damage
mov byte ptr [rdx+r8+00000199],#1 // No Damage
mov byte ptr [rdx+r8+0000019A],#1 // No Damage
mov byte ptr [rdx+r8+0000019C],#1 // No Damage
mov byte ptr [rdx+r8+0000019D],#1 // No Damage
mov byte ptr [rdx+r8+0000019E],#1 // No Damage
mov byte ptr [rdx+r8+0000019F],#1 // No Damage
mov byte ptr [rdx+r8+000001A0],#1 // No Damage
mov byte ptr [rdx+r8+000001A1],#1 // No Damage
mov byte ptr [rdx+r8+000001A2],#1 // No Damage
mov byte ptr [rdx+r8+000001A3],#1 // No Damage
mov byte ptr [rdx+r8+000001A4],#1 // No Damage
mov byte ptr [rdx+r8+000001A5],#1 // No Damage
mov byte ptr [rdx+r8+000001A6],#1 // No Damage
mov byte ptr [rdx+r8+000001A7],#1 // No Damage
mov byte ptr [rdx+r8+000001A8],#1 // No Damage
mov byte ptr [rdx+r8+000001A9],#1 // No Damage
mov byte ptr [rdx+r8+000001AA],#1 // No Damage
mov byte ptr [rdx+r8+000001AB],#1 // No Damage
mov byte ptr [rdx+r8+000001AC],#1 // No Damage
mov byte ptr [rdx+r8+000001AD],#1 // No Damage
mov byte ptr [rdx+r8+000001AE],#1 // No Damage
mov byte ptr [rdx+r8+000001AF],#1 // No Damage
mov byte ptr [rdx+r8+000001B0],#1 // No Damage
mov byte ptr [rdx+r8+000001B1],#1 // No Damage
mov byte ptr [rdx+r8+000001B2],#1 // No Damage
mov byte ptr [rdx+r8+000001B3],#1 // No Damage
mov byte ptr [rdx+r8+000001B4],#1 // No Damage
mov byte ptr [rdx+r8+000001B5],#1 // No Damage
mov byte ptr [rdx+r8+000001B6],#1 // No Damage
mov byte ptr [rdx+r8+000001B7],#1 // No Damage
mov byte ptr [rdx+r8+000001B8],#1 // No Damage
mov byte ptr [rdx+r8+000001B9],#1 // No Damage
mov byte ptr [rdx+r8+000001BA],#1 // No Damage
mov byte ptr [rdx+r8+000001BB],#1 // No Damage
mov byte ptr [rdx+r8+000001BC],#1 // No Damage
mov byte ptr [rdx+r8+000001BD],#1 // No Damage
mov byte ptr [rdx+r8+000001BE],#1 // No Damage
mov byte ptr [rdx+r8+000001BF],#1 // No Damage
mov byte ptr [rdx+r8+000001C0],#1 // No Damage
mov byte ptr [rdx+r8+000001C1],#1 // No Damage
mov byte ptr [rdx+r8+000001C2],#1 // No Damage
mov byte ptr [rdx+r8+000001C3],#1 // No Damage
mov byte ptr [rdx+r8+000001C4],#1 // No Damage
mov byte ptr [rdx+r8+000001C5],#1 // No Damage
mov byte ptr [rdx+r8+000001C6],#1 // No Damage
mov byte ptr [rdx+r8+000001C7],#1 // No Damage
mov byte ptr [rdx+r8+000001C8],#1 // No Damage
mov byte ptr [rdx+r8+000001C9],#1 // No Damage
mov byte ptr [rdx+r8+000001CA],#1 // No Damage
mov byte ptr [rdx+r8+000001CB],#1 // No Damage
mov byte ptr [rdx+r8+000001CC],#0 // No Damage
mov byte ptr [rdx+r8+000001CD],#1 // No Damage
mov byte ptr [rdx+r8+000001CE],#1 // No Damage
mov byte ptr [rdx+r8+000001CF],#1 // No Damage
mov byte ptr [rdx+r8+000001D0],#0 // No Damage
mov byte ptr [rdx+r8+000001D1],#1 // No Damage
mov byte ptr [rdx+r8+000001D2],#1 // No Damage
mov byte ptr [rdx+r8+000001D3],#1 // No Damage
mov byte ptr [rdx+r8+000001D4],#1 // No Damage
mov byte ptr [rdx+r8+000001D5],#1 // No Damage
mov byte ptr [rdx+r8+000001D6],#1 // No Damage
mov byte ptr [rdx+r8+000001D7],#1 // No Damage
mov byte ptr [rdx+r8+000001D8],#1 // No Damage
mov byte ptr [rdx+r8+000001D9],#1 // No Damage
mov byte ptr [rdx+r8+000001DA],#1 // No Damage
mov byte ptr [rdx+r8+000001DB],#1 // No Damage
mov byte ptr [rdx+r8+000001DC],#1 // No Damage
mov byte ptr [rdx+r8+000001DD],#1 // No Damage
mov byte ptr [rdx+r8+000001DE],#1 // No Damage
mov byte ptr [rdx+r8+000001E0],#1 // No Damage
}
code:
movzx ecx,word ptr [rdx+r8+000000EE]
jmp return
DamageBonusMem:
mov dword ptr [rcx+r10+000000DE],#10000
code1:
movzx eax,word ptr [rcx+r10+000000DE]
jmp return1
ShinyCardMem:
code2:
mov [rax+000C9CA8],ebx
//mov [rax+000C9A70],ebx
mov byte ptr [rax+000C9D04],#1 //tadinya 16
mov byte ptr [rax+000C9D01],#1 //tadinya 16
mov byte ptr [rax+000C9D02],#1 //tadinya 16
jmp return2
newmemPrismatic:
code6:
mov eax,[rdx+rax*4]
mov eax,3
ret
xor eax,eax
jmp return6
newmemForce:
cmp rcx,D90
jne Player
cmp [rcx+rax+14],1
jl code7
mov [rcx+rax+10],0
jmp code7
Player:
//cmp [rcx+rax+10],7
//jle code
cmp [_pTurnNum],1
jl code7
mov [rcx+rax+10],3
mov [_pTurnNum],0
code7:
mov eax,[rcx+rax+10]
mov rbx,[rsp+30]
jmp return7
newmemturn:
push rbx
mov rbx,[rax+00003578]
mov [_pTurnNum],rbx
code4:
pop rbx
cmp dword ptr [rax+00003578],00
jmp return4
newmem9:
mov [rdx],#3 //tadinya 999999999
code9:
movzx eax,word ptr [rdx]
lea rcx,[rcx+04]
jmp return9
_RewardBonus:
jmp newmem
nop
nop
nop
nop
return:
_DamageBonus:
jmp DamageBonusMem
nop
nop
nop
nop
return1:
_ShinyCardPlayed:
jmp ShinyCardMem
nop
return2:
_AllCardsPrismatic:
jmp newmemPrismatic
nop
return6:
_ForceWin:
jmp newmemForce
nop
nop
nop
nop
return7:
_TurnNum:
jmp newmemturn
nop
nop
return4:
_DuelReslts:
jmp newmem9
nop
nop
return9:
_PrismaticBonus:
mov [rdx+rax-01],#3 //tadinya 999999999
nop
[DISABLE]
_RewardBonus:
db 42 0F B7 8C 02 EE 00 00 00
_DamageBonus:
db 42 0F B7 84 11 DE 00 00 00
_ShinyCardPlayed:
db 89 98 A8 9C 0C 00
_AllCardsPrismatic:
db 8B 04 82 C3 33 C0
_ForceWin:
db 8B 44 01 10 48 8B 5C 24 30
_TurnNum:
db 83 B8 78 35 00 00 0
_PrismaticBonus:
db 88 4C 02 FF 49 3B C0 75 F1
_DuelReslts:
db 0F B7 02 48 8D 49 04
unregistersymbol(_RewardBonus)
unregistersymbol(_DamageBonus)
unregistersymbol(_ShinyCardPlayed)
unregistersymbol(_AllCardsPrismatic)
unregistersymbol(_ForceWin)
unregistersymbol(_TurnNum)
unregistersymbol(_pTurnNum)
unregistersymbol(_PrismaticBonus)
unregistersymbol(_DuelReslts)
dealloc(_pTurnNum)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "duel.dll"+6444D
"duel.dll"+64422: 41 BE FF FF 00 00 - mov r14d,0000FFFF
"duel.dll"+64428: 89 02 - mov [rdx],eax
"duel.dll"+6442A: 48 89 54 24 40 - mov [rsp+40],rdx
"duel.dll"+6442F: 0F 84 B2 01 00 00 - je duel.dll+645E7
"duel.dll"+64435: 4C 8B 05 8C 2F 7D 00 - mov r8,[duel.dll+8373C8]
"duel.dll"+6443C: BB 01 00 00 00 - mov ebx,00000001
"duel.dll"+64441: 2B DF - sub ebx,edi
"duel.dll"+64443: 48 63 C3 - movsxd rax,ebx
"duel.dll"+64446: 48 6B D0 7A - imul rdx,rax,7A
"duel.dll"+6444A: 41 8B C6 - mov eax,r14d
// ---------- INJECTING HERE ----------
"duel.dll"+6444D: 42 0F B7 8C 02 EE 00 00 00 - movzx ecx,word ptr [rdx+r8+000000EE]
// ---------- DONE INJECTING ----------
"duel.dll"+64456: FF C1 - inc ecx
"duel.dll"+64458: 41 3B CE - cmp ecx,r14d
"duel.dll"+6445B: 66 0F 4C C1 - cmovl ax,cx
"duel.dll"+6445F: 66 42 89 84 02 EE 00 00 00 - mov [rdx+r8+000000EE],ax
"duel.dll"+64468: 41 39 BC 24 6C 35 00 00 - cmp [r12+0000356C],edi
"duel.dll"+64470: 75 25 - jne duel.dll+64497
"duel.dll"+64472: 48 63 C3 - movsxd rax,ebx
"duel.dll"+64475: 48 6B D0 7A - imul rdx,rax,7A
"duel.dll"+64479: 41 8B C6 - mov eax,r14d
"duel.dll"+6447C: 42 0F B7 8C 02 F0 00 00 00 - movzx ecx,word ptr [rdx+r8+000000F0]
}