Hello People,
I was trying to update my old script for UNBUYING CARS in Asphalt8 game but after updating my script is crashing the game. I know that I found correct address because when you were activating script for unbuying cars, the car that you wanted to unbuy, was showing in front of your eyes in the main menu, then you went to the garage and car was unbuyed.
Now script is crashing the game? Why? I also found that earlier was one function different, signed jump - now is unsigned. Earlier was JNL now is JAE. Maybe this is the reason why the script is crashing the game?
[B]Old version of the script for v3.5.0j Asphalt 8 game:[/B]
[code]
[ENABLE]
aobscanmodule(unbuy_car,Asphalt8.exe,3B 41 10 7D 03 89 75 FC) // should be unique
alloc(newmem,$1000)
label(originalcode)
label(return)
label(code1)
label(code2)
globalalloc(unbuy,4)
newmem:
xor ebx,ebx
mov ebx,[unbuy]
cmp [ecx+10],ebx
je code1
jne code2
jmp return
code1:
mov [ecx+10],00000000
movdqu xmm0,[ecx+34]
jmp return
code2:
movdqu xmm0,[ecx+34]
jmp return
originalcode:
cmp eax,[ecx+10]
jnl Asphalt8.exe+61685
jmp return
unbuy_car:
jmp newmem
return:
registersymbol(unbuy_car)
[DISABLE]
unbuy_car:
db 3B 41 10 7D 03
unregistersymbol(unbuy_car)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Asphalt8.exe"+6167D
"Asphalt8.exe"+61665: 8B 40 08 - mov eax,[eax+08]
"Asphalt8.exe"+61668: EB 04 - jmp Asphalt8.exe+6166E
"Asphalt8.exe"+6166A: 8B C8 - mov ecx,eax
"Asphalt8.exe"+6166C: 8B 00 - mov eax,[eax]
"Asphalt8.exe"+6166E: 80 78 0D 00 - cmp byte ptr [eax+0D],00
"Asphalt8.exe"+61672: 74 EC - je Asphalt8.exe+61660
"Asphalt8.exe"+61674: 3B CE - cmp ecx,esi
"Asphalt8.exe"+61676: 74 0A - je Asphalt8.exe+61682
"Asphalt8.exe"+61678: 8B 03 - mov eax,[ebx]
"Asphalt8.exe"+6167A: 89 4D FC - mov [ebp-04],ecx
// ---------- INJECTING HERE ----------
"Asphalt8.exe"+6167D: 3B 41 10 - cmp eax,[ecx+10]
"Asphalt8.exe"+61680: 7D 03 - jnl Asphalt8.exe+61685
// ---------- DONE INJECTING ----------
"Asphalt8.exe"+61682: 89 75 FC - mov [ebp-04],esi
"Asphalt8.exe"+61685: 8D 4D FC - lea ecx,[ebp-04]
"Asphalt8.exe"+61688: 8B C7 - mov eax,edi
"Asphalt8.exe"+6168A: 8B 09 - mov ecx,[ecx]
"Asphalt8.exe"+6168C: 89 0F - mov [edi],ecx
"Asphalt8.exe"+6168E: 5F - pop edi
"Asphalt8.exe"+6168F: 5E - pop esi
"Asphalt8.exe"+61690: 5B - pop ebx
"Asphalt8.exe"+61691: 8B E5 - mov esp,ebp
"Asphalt8.exe"+61693: 5D - pop ebp
}
[/code]
[B]New version of the script for v3.6.1b Asphalt 8 game:[/B]
[code]
[ENABLE]
aobscanmodule(unbuy_car,Asphalt8.exe,FC 3B 41 10 73 03 89 75) // should be unique
alloc(newmem,$1000)
label(originalcode)
label(return)
label(code1)
label(code2)
globalalloc(unbuy,4)
newmem:
xor ebx,ebx
mov ebx,[unbuy]
cmp [ecx+10],ebx
je code1
jne code2
jmp return
code1:
mov [ecx+10],00000000
movdqu xmm0,[ecx+34]
jmp return
code2:
movdqu xmm0,[ecx+34]
jmp return
originalcode:
cmp eax,[ecx+10]
jae Asphalt8.exe+E8EE5
jmp return
unbuy_car+01:
jmp newmem
return:
registersymbol(unbuy_car)
[DISABLE]
unbuy_car+01:
db 3B 41 10 7D 03
unregistersymbol(unbuy_car)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Asphalt8.exe"+E8EDD
"Asphalt8.exe"+E8EC5: 8B 40 08 - mov eax,[eax+08]
"Asphalt8.exe"+E8EC8: EB 04 - jmp Asphalt8.exe+E8ECE
"Asphalt8.exe"+E8ECA: 8B C8 - mov ecx,eax
"Asphalt8.exe"+E8ECC: 8B 00 - mov eax,[eax]
"Asphalt8.exe"+E8ECE: 80 78 0D 00 - cmp byte ptr [eax+0D],00
"Asphalt8.exe"+E8ED2: 74 EC - je Asphalt8.exe+E8EC0
"Asphalt8.exe"+E8ED4: 3B CE - cmp ecx,esi
"Asphalt8.exe"+E8ED6: 74 0A - je Asphalt8.exe+E8EE2
"Asphalt8.exe"+E8ED8: 8B 03 - mov eax,[ebx]
"Asphalt8.exe"+E8EDA: 89 4D FC - mov [ebp-04],ecx
// ---------- INJECTING HERE ----------
"Asphalt8.exe"+E8EDD: 3B 41 10 - cmp eax,[ecx+10]
"Asphalt8.exe"+E8EE0: 73 03 - jae Asphalt8.exe+E8EE5
// ---------- DONE INJECTING ----------
"Asphalt8.exe"+E8EE2: 89 75 FC - mov [ebp-04],esi
"Asphalt8.exe"+E8EE5: 8D 4D FC - lea ecx,[ebp-04]
"Asphalt8.exe"+E8EE8: 8B C7 - mov eax,edi
"Asphalt8.exe"+E8EEA: 8B 09 - mov ecx,[ecx]
"Asphalt8.exe"+E8EEC: 89 0F - mov [edi],ecx
"Asphalt8.exe"+E8EEE: 5F - pop edi
"Asphalt8.exe"+E8EEF: 5E - pop esi
"Asphalt8.exe"+E8EF0: 5B - pop ebx
"Asphalt8.exe"+E8EF1: 8B E5 - mov esp,ebp
"Asphalt8.exe"+E8EF3: 5D - pop ebp
}
[/code]
Script crashing the game - Asphalt8 v3.6.1b
Script crashing the game - Asphalt8 v3.6.1b
Your assembly original code has a conditonal jump (jae Asphalt8.exe+E8EE5). your code simply passes this code so game crashes.
Try injecting your code here
"Asphalt8.exe"+E8ED8: 8B 03 - mov eax,[ebx]"
Dont pass that conditonal jump
and in your code there is line "mov ebx,[unbuy]" but you have not use "[unbuy]" before so code writes "00000000" to ebx unless you change it from another script.
i hope this helps
Try injecting your code here
"Asphalt8.exe"+E8ED8: 8B 03 - mov eax,[ebx]"
Dont pass that conditonal jump
and in your code there is line "mov ebx,[unbuy]" but you have not use "[unbuy]" before so code writes "00000000" to ebx unless you change it from another script.
i hope this helps
Who is online
Users browsing this forum: No registered users