1
"One-Hit Kill"
Auto Assembler Script
//Target: Tutorial-i386.exe
//Author: ++METHOS
[ENABLE]
{==================== onehitkill ====================}
aobscanmodule(aob_onehitkill,Tutorial-i386.exe,89 43 04 D9 EE)
alloc(newmem_onehitkill,1024,Tutorial-i386.exe)
label(return_onehitkill)
label(originalcode_onehitkill)
label(onehitkill_address_dave)
label(onehitkill_address_eric)
label(onehitkill_address_hal)
label(onehitkill_address_kitt)
label(dave)
label(eric)
label(hal)
label(kitt)
registersymbol(aob_onehitkill)
registersymbol(onehitkill_address_dave)
registersymbol(onehitkill_address_eric)
registersymbol(onehitkill_address_hal)
registersymbol(onehitkill_address_kitt)
newmem_onehitkill:
cmp dword ptr [ebx+15],'Dave'
je dave
cmp dword ptr [ebx+15],'Eric'
je eric
cmp dword ptr [ebx+15],'HAL'
je hal
cmp dword ptr [ebx+15],'KITT'
je kitt
jmp originalcode_onehitkill
dave:
push edi
lea edi,[ebx+04]
mov [onehitkill_address_dave],edi
pop edi
mov eax,0
jmp originalcode_onehitkill
eric:
push edi
lea edi,[ebx+04]
mov [onehitkill_address_eric],edi
pop edi
mov eax,0
jmp originalcode_onehitkill
hal:
push edi
lea edi,[ebx+04]
mov [onehitkill_address_hal],edi
pop edi
mov eax,0
jmp originalcode_onehitkill
kitt:
push edi
lea edi,[ebx+04]
mov [onehitkill_address_kitt],edi
pop edi
mov eax,0
jmp originalcode_onehitkill
originalcode_onehitkill:
mov [ebx+04],eax
fldz
jmp return_onehitkill
onehitkill_address_dave:
dd 0
onehitkill_address_eric:
dd 0
onehitkill_address_hal:
dd 0
onehitkill_address_kitt:
dd 0
aob_onehitkill:
jmp newmem_onehitkill
return_onehitkill:
[DISABLE]
dealloc(newmem_onehitkill)
aob_onehitkill:
db 89 43 04 D9 EE
unregistersymbol(aob_onehitkill)
unregistersymbol(onehitkill_address)
unregistersymbol(onehitkill_address_dave)
unregistersymbol(onehitkill_address_eric)
unregistersymbol(onehitkill_address_hal)
unregistersymbol(onehitkill_address_kitt)
2
"Dave"
Float
onehitkill_address_dave
0
5
"Eric"
Float
onehitkill_address_eric
0
4
"Hal"
Float
onehitkill_address_hal
0
3
"Kitt"
Float
onehitkill_address_kitt
0
aob_onehitkill
00426537
onehitkill_address_dave
003F0097
onehitkill_address_eric
003F009B
onehitkill_address_hal
003F009F
onehitkill_address_kitt
003F00A3