9
"Inf. Health"
Auto Assembler Script
{ Game : ExampleGame-Win64-Shipping.exe
Version:
Date : 2017-08-02
Author : wcz
}
[ENABLE]
aobscanmodule(health,ExampleGame-Win64-Shipping.exe,0F 2F 81 94 0B 00 00 48 8B D9 0F 28 F1 0F 83 DE)
alloc(newmem,$1000,"ExampleGame-Win64-Shipping.exe"+1F018A)
label(code)
label(return)
newmem:
mov [rcx+00000B94],(float)300
code:
comiss xmm0,[rcx+00000B94]
jmp return
health:
jmp newmem
nop
nop
return:
registersymbol(health)
[DISABLE]
health:
db 0F 2F 81 94 0B 00 00
unregistersymbol(health)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "ExampleGame-Win64-Shipping.exe"+1F018A
"ExampleGame-Win64-Shipping.exe"+1F016D: CC - int 3
"ExampleGame-Win64-Shipping.exe"+1F016E: CC - int 3
"ExampleGame-Win64-Shipping.exe"+1F016F: CC - int 3
"ExampleGame-Win64-Shipping.exe"+1F0170: 48 8B C4 - mov rax,rsp
"ExampleGame-Win64-Shipping.exe"+1F0173: 48 89 58 10 - mov [rax+10],rbx
"ExampleGame-Win64-Shipping.exe"+1F0177: 55 - push rbp
"ExampleGame-Win64-Shipping.exe"+1F0178: 48 8D 68 A1 - lea rbp,[rax-5F]
"ExampleGame-Win64-Shipping.exe"+1F017C: 48 81 EC A0 00 00 00 - sub rsp,000000A0
"ExampleGame-Win64-Shipping.exe"+1F0183: 0F 57 C0 - xorps xmm0,xmm0
"ExampleGame-Win64-Shipping.exe"+1F0186: 0F 29 70 E8 - movaps [rax-18],xmm6
// ---------- INJECTING HERE ----------
"ExampleGame-Win64-Shipping.exe"+1F018A: 0F 2F 81 94 0B 00 00 - comiss xmm0,[rcx+00000B94]
// ---------- DONE INJECTING ----------
"ExampleGame-Win64-Shipping.exe"+1F0191: 48 8B D9 - mov rbx,rcx
"ExampleGame-Win64-Shipping.exe"+1F0194: 0F 28 F1 - movaps xmm6,xmm1
"ExampleGame-Win64-Shipping.exe"+1F0197: 0F 83 DE 01 00 00 - jae ExampleGame-Win64-Shipping.exe+1F037B
"ExampleGame-Win64-Shipping.exe"+1F019D: F6 81 90 0B 00 00 01 - test byte ptr [rcx+00000B90],01
"ExampleGame-Win64-Shipping.exe"+1F01A4: 0F 85 D1 01 00 00 - jne ExampleGame-Win64-Shipping.exe+1F037B
"ExampleGame-Win64-Shipping.exe"+1F01AA: 48 89 78 08 - mov [rax+08],rdi
"ExampleGame-Win64-Shipping.exe"+1F01AE: 48 8B B9 C0 03 00 00 - mov rdi,[rcx+000003C0]
"ExampleGame-Win64-Shipping.exe"+1F01B5: 48 85 FF - test rdi,rdi
"ExampleGame-Win64-Shipping.exe"+1F01B8: 0F 84 B5 01 00 00 - je ExampleGame-Win64-Shipping.exe+1F0373
"ExampleGame-Win64-Shipping.exe"+1F01BE: 0F 2E F0 - ucomiss xmm6,xmm0
}
8
"Inf. Weapons durability"
Auto Assembler Script
{ Game : ExampleGame-Win64-Shipping.exe
Version:
Date : 2017-08-02
Author : wcz
}
[ENABLE]
aobscanmodule(Weapons,ExampleGame-Win64-Shipping.exe,8B 81 98 04 00 00 C3)
alloc(newmem,$1000,"ExampleGame-Win64-Shipping.exe"+1E4F30)
label(code)
label(return)
newmem:
mov [rcx+00000498],#100
code:
mov eax,[rcx+00000498]
jmp return
Weapons:
jmp newmem
nop
return:
registersymbol(Weapons)
[DISABLE]
Weapons:
db 8B 81 98 04 00 00
unregistersymbol(Weapons)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "ExampleGame-Win64-Shipping.exe"+1E4F30
"ExampleGame-Win64-Shipping.exe"+1E4F10: 48 8B 0B - mov rcx,[rbx]
"ExampleGame-Win64-Shipping.exe"+1E4F13: 48 8D 15 A6 50 2D 02 - lea rdx,[ExampleGame-Win64-Shipping.exe+24B9FC0]
"ExampleGame-Win64-Shipping.exe"+1E4F1A: 41 B8 36 00 00 00 - mov r8d,00000036
"ExampleGame-Win64-Shipping.exe"+1E4F20: E8 BB 76 13 00 - call ExampleGame-Win64-Shipping.exe+31C5E0
"ExampleGame-Win64-Shipping.exe"+1E4F25: 48 8B C3 - mov rax,rbx
"ExampleGame-Win64-Shipping.exe"+1E4F28: 48 83 C4 20 - add rsp,20
"ExampleGame-Win64-Shipping.exe"+1E4F2C: 5B - pop rbx
"ExampleGame-Win64-Shipping.exe"+1E4F2D: C3 - ret
"ExampleGame-Win64-Shipping.exe"+1E4F2E: CC - int 3
"ExampleGame-Win64-Shipping.exe"+1E4F2F: CC - int 3
// ---------- INJECTING HERE ----------
"ExampleGame-Win64-Shipping.exe"+1E4F30: 8B 81 98 04 00 00 - mov eax,[rcx+00000498]
// ---------- DONE INJECTING ----------
"ExampleGame-Win64-Shipping.exe"+1E4F36: C3 - ret
"ExampleGame-Win64-Shipping.exe"+1E4F37: CC - int 3
"ExampleGame-Win64-Shipping.exe"+1E4F38: CC - int 3
"ExampleGame-Win64-Shipping.exe"+1E4F39: CC - int 3
"ExampleGame-Win64-Shipping.exe"+1E4F3A: CC - int 3
"ExampleGame-Win64-Shipping.exe"+1E4F3B: CC - int 3
"ExampleGame-Win64-Shipping.exe"+1E4F3C: CC - int 3
"ExampleGame-Win64-Shipping.exe"+1E4F3D: CC - int 3
"ExampleGame-Win64-Shipping.exe"+1E4F3E: CC - int 3
"ExampleGame-Win64-Shipping.exe"+1E4F3F: CC - int 3
}
38
"Inf. Ammo"
Auto Assembler Script
{ Game : ExampleGame-Win64-Shipping.exe
Version:
Date : 2017-08-02
Author : wcz
}
[ENABLE]
aobscanmodule(Ammo,ExampleGame-Win64-Shipping.exe,8B 81 00 05 00 00 C3)
alloc(newmem,$1000,"ExampleGame-Win64-Shipping.exe"+6EB970)
label(code)
label(return)
newmem:
mov eax,[rcx+00000440]
mov [rcx+00000500],eax
mov eax,[rcx+00000444]
mov [rcx+00000504],eax
code:
mov eax,[rcx+00000500]
jmp return
Ammo:
jmp newmem
nop
return:
registersymbol(Ammo)
[DISABLE]
Ammo:
db 8B 81 00 05 00 00
unregistersymbol(Ammo)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "ExampleGame-Win64-Shipping.exe"+6EB970
"ExampleGame-Win64-Shipping.exe"+6EB966: CC - int 3
"ExampleGame-Win64-Shipping.exe"+6EB967: CC - int 3
"ExampleGame-Win64-Shipping.exe"+6EB968: CC - int 3
"ExampleGame-Win64-Shipping.exe"+6EB969: CC - int 3
"ExampleGame-Win64-Shipping.exe"+6EB96A: CC - int 3
"ExampleGame-Win64-Shipping.exe"+6EB96B: CC - int 3
"ExampleGame-Win64-Shipping.exe"+6EB96C: CC - int 3
"ExampleGame-Win64-Shipping.exe"+6EB96D: CC - int 3
"ExampleGame-Win64-Shipping.exe"+6EB96E: CC - int 3
"ExampleGame-Win64-Shipping.exe"+6EB96F: CC - int 3
// ---------- INJECTING HERE ----------
"ExampleGame-Win64-Shipping.exe"+6EB970: 8B 81 00 05 00 00 - mov eax,[rcx+00000500]
// ---------- DONE INJECTING ----------
"ExampleGame-Win64-Shipping.exe"+6EB976: C3 - ret
"ExampleGame-Win64-Shipping.exe"+6EB977: CC - int 3
"ExampleGame-Win64-Shipping.exe"+6EB978: CC - int 3
"ExampleGame-Win64-Shipping.exe"+6EB979: CC - int 3
"ExampleGame-Win64-Shipping.exe"+6EB97A: CC - int 3
"ExampleGame-Win64-Shipping.exe"+6EB97B: CC - int 3
"ExampleGame-Win64-Shipping.exe"+6EB97C: CC - int 3
"ExampleGame-Win64-Shipping.exe"+6EB97D: CC - int 3
"ExampleGame-Win64-Shipping.exe"+6EB97E: CC - int 3
"ExampleGame-Win64-Shipping.exe"+6EB97F: CC - int 3
}