3
"Search Player Stats"
80000008
Auto Assembler Script
[ENABLE]
aobscan(INJECT,89 86 9C 01 00 00 8B 8E) // should be unique
alloc(newmem,$1000)
globalalloc(pBase,4)
label(code)
label(return)
newmem:
code:
mov [esi+0000019C],eax
mov [pBase],esi
jmp return
INJECT:
jmp code
nop
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db 89 86 9C 01 00 00
unregistersymbol(INJECT)
dealloc(newmem)
dealloc(pBase)
{
// ORIGINAL CODE - INJECTION POINT: 04564460
04564434: 83 EC 24 - sub esp,24
04564437: 8B 75 08 - mov esi,[ebp+08]
0456443A: 0F B6 86 D4 01 00 00 - movzx eax,byte ptr [esi+000001D4]
04564441: 85 C0 - test eax,eax
04564443: 0F 85 63 01 00 00 - jne 045645AC
04564449: 8B 86 9C 01 00 00 - mov eax,[esi+0000019C]
0456444F: 85 C0 - test eax,eax
04564451: 0F 8E 55 01 00 00 - jng 045645AC
04564457: 8B 86 9C 01 00 00 - mov eax,[esi+0000019C]
0456445D: 2B 45 0C - sub eax,[ebp+0C]
// ---------- INJECTING HERE ----------
04564460: 89 86 9C 01 00 00 - mov [esi+0000019C],eax
// ---------- DONE INJECTING ----------
04564466: 8B 8E 98 01 00 00 - mov ecx,[esi+00000198]
0456446C: 3B C1 - cmp eax,ecx
0456446E: 7E 0C - jle 0456447C
04564470: 8B 86 98 01 00 00 - mov eax,[esi+00000198]
04564476: 89 86 9C 01 00 00 - mov [esi+0000019C],eax
0456447C: 8B 86 9C 01 00 00 - mov eax,[esi+0000019C]
04564482: 85 C0 - test eax,eax
04564484: 7F 0C - jg 04564492
04564486: 83 EC 0C - sub esp,0C
04564489: 56 - push esi
}
4
"Max Health"
0000FF
4 Bytes
pBase
198
2
"Health"
0000FF
4 Bytes
pBase
19C
5
"Experience"
008000
4 Bytes
pBase
1A0
6
"DMG"
FF0000
4 Bytes
pBase
1A4
7
"(DMG)"
FF0000
4 Bytes
pBase
1A8
8
"GOLD"
008080
4 Bytes
pBase
1B8
9
"Fast LVL up"
80000008
Auto Assembler Script
[ENABLE]
aobscan(GetEXP,03 C7 89 86 A0 01 00 00)
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
imul edi,edi,A
add eax,edi
mov [esi+000001A0],eax
jmp return
GetEXP:
jmp code
nop
nop
nop
return:
registersymbol(GetEXP)
[DISABLE]
GetEXP:
db 03 C7 89 86 A0 01 00 00
unregistersymbol(GetEXP)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 05AD055D
05AD0545: 00 00 - add [eax],al
05AD0547: 00 55 8B - add [ebp-75],dl
05AD054A: EC - in al,dx
05AD054B: 53 - push ebx
05AD054C: 57 - push edi
05AD054D: 56 - push esi
05AD054E: 83 EC 5C - sub esp,5C
05AD0551: 8B 75 08 - mov esi,[ebp+08]
05AD0554: 8B 7D 0C - mov edi,[ebp+0C]
05AD0557: 8B 86 A0 01 00 00 - mov eax,[esi+000001A0]
// ---------- INJECTING HERE ----------
05AD055D: 03 C7 - add eax,edi
05AD055F: 89 86 A0 01 00 00 - mov [esi+000001A0],eax
// ---------- DONE INJECTING ----------
05AD0565: E9 4F 01 00 00 - jmp 05AD06B9
05AD056A: 8D AD 00 00 00 00 - lea ebp,[ebp+00000000]
05AD0570: 8B 86 C0 01 00 00 - mov eax,[esi+000001C0]
05AD0576: 40 - inc eax
05AD0577: 89 86 C0 01 00 00 - mov [esi+000001C0],eax
05AD057D: 8B 86 98 01 00 00 - mov eax,[esi+00000198]
05AD0583: 05 0A 00 00 00 - add eax,0000000A
05AD0588: 89 86 98 01 00 00 - mov [esi+00000198],eax
05AD058E: 8B 86 9C 01 00 00 - mov eax,[esi+0000019C]
05AD0594: 05 0A 00 00 00 - add eax,0000000A
}
pBase
0B3A0000