0
"One Hit Kills"
Auto Assembler Script
[ENABLE]
aobscanmodule(ohk,Prey.exe,F3 0F 11 40 40 0F 28) // should be unique
alloc(newmem,$1000,"Prey.exe"+15A7C4B)
label(code)
label(return)
newmem:
mov dword ptr [rax+40],0
code:
// movss [rax+40],xmm0
jmp return
ohk:
jmp newmem
return:
registersymbol(ohk)
[DISABLE]
ohk:
db F3 0F 11 40 40
unregistersymbol(ohk)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Prey.exe"+15A7C4B
"Prey.exe"+15A7C2C: F3 0F 10 50 40 - movss xmm2,[rax+40]
"Prey.exe"+15A7C31: F3 0F 10 48 44 - movss xmm1,[rax+44]
"Prey.exe"+15A7C36: 72 0D - jb Prey.exe+15A7C45
"Prey.exe"+15A7C38: 0F 2F F1 - comiss xmm6,xmm1
"Prey.exe"+15A7C3B: 73 05 - jae Prey.exe+15A7C42
"Prey.exe"+15A7C3D: 0F 28 C6 - movaps xmm0,xmm6
"Prey.exe"+15A7C40: EB 03 - jmp Prey.exe+15A7C45
"Prey.exe"+15A7C42: 0F 28 C1 - movaps xmm0,xmm1
"Prey.exe"+15A7C45: 0F 28 CE - movaps xmm1,xmm6
"Prey.exe"+15A7C48: 48 8B CB - mov rcx,rbx
// ---------- INJECTING HERE ----------
"Prey.exe"+15A7C4B: F3 0F 11 40 40 - movss [rax+40],xmm0
// ---------- DONE INJECTING ----------
"Prey.exe"+15A7C50: 0F 28 74 24 20 - movaps xmm6,[rsp+20]
"Prey.exe"+15A7C55: 48 83 C4 30 - add rsp,30
"Prey.exe"+15A7C59: 5B - pop rbx
"Prey.exe"+15A7C5A: E9 F1 12 27 00 - jmp Prey.exe+1818F50
"Prey.exe"+15A7C5F: CC - int 3
"Prey.exe"+15A7C60: 48 89 5C 24 08 - mov [rsp+08],rbx
"Prey.exe"+15A7C65: 57 - push rdi
"Prey.exe"+15A7C66: 48 83 EC 30 - sub rsp,30
"Prey.exe"+15A7C6A: 48 8B 01 - mov rax,[rcx]
"Prey.exe"+15A7C6D: 0F 29 74 24 20 - movaps [rsp+20],xmm6
}
1
"No Reload"
Auto Assembler Script
[ENABLE]
aobscanmodule(ammo,Prey.exe,89 91 E4 03 00 00) // should be unique
alloc(newmem,$1000,"Prey.exe"+885BB2A)
label(code)
label(return)
newmem:
mov edx, #99
code:
mov [rcx+000003E4],edx
jmp return
ammo:
jmp newmem
nop
return:
registersymbol(ammo)
[DISABLE]
ammo:
db 89 91 E4 03 00 00
unregistersymbol(ammo)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Prey.exe"+885BB2A
"Prey.exe"+885BAFE: E9 4E D3 9A FA - jmp Prey.exe+3208E51
"Prey.exe"+885BB03: 66 66 66 66 2E 0F 1F 84 00 00 00 00 00 - nop cs:[rax+rax+00000000]
"Prey.exe"+885BB10: 48 89 5C 24 08 - mov [rsp+08],rbx
"Prey.exe"+885BB15: 57 - push rdi
"Prey.exe"+885BB16: 48 83 EC 20 - sub rsp,20
"Prey.exe"+885BB1A: 8B B9 E4 03 00 00 - mov edi,[rcx+000003E4]
"Prey.exe"+885BB20: 48 89 CB - mov rbx,rcx
"Prey.exe"+885BB23: 39 D7 - cmp edi,edx
"Prey.exe"+885BB25: 74 5B - je Prey.exe+885BB82
"Prey.exe"+885BB27: 48 8B 01 - mov rax,[rcx]
// ---------- INJECTING HERE ----------
"Prey.exe"+885BB2A: 89 91 E4 03 00 00 - mov [rcx+000003E4],edx
// ---------- DONE INJECTING ----------
"Prey.exe"+885BB30: FF 50 30 - call qword ptr [rax+30]
"Prey.exe"+885BB33: 8B 8B E4 03 00 00 - mov ecx,[rbx+000003E4]
"Prey.exe"+885BB39: 85 C9 - test ecx,ecx
"Prey.exe"+885BB3B: 79 0C - jns Prey.exe+885BB49
"Prey.exe"+885BB3D: C7 83 E4 03 00 00 00 00 00 00 - mov [rbx+000003E4],00000000
"Prey.exe"+885BB47: EB 0A - jmp Prey.exe+885BB53
"Prey.exe"+885BB49: 39 C1 - cmp ecx,eax
"Prey.exe"+885BB4B: 7E 06 - jle Prey.exe+885BB53
"Prey.exe"+885BB4D: 89 83 E4 03 00 00 - mov [rbx+000003E4],eax
"Prey.exe"+885BB53: 3B BB E4 03 00 00 - cmp edi,[rbx+000003E4]
}