Problem with simple script for unlimited ammo
Posted: Sat Oct 28, 2017 12:21 am
Hello guys,
I have a problem with game crash. I'm trying to make unlimited ammo for Black Mesa game. From the beginning everything worked fine, but when I get in to some point in the game where turret starts to fire at NPC, the game will crash. For "frezzing" ammo value I just added // (command) before mov action, but as I see, that's not the right way how to do it. Any ideas? O.o
I have a problem with game crash. I'm trying to make unlimited ammo for Black Mesa game. From the beginning everything worked fine, but when I get in to some point in the game where turret starts to fire at NPC, the game will crash. For "frezzing" ammo value I just added // (command) before mov action, but as I see, that's not the right way how to do it. Any ideas? O.o
Code: Select all
define(address,"server.dll"+FBC34)
define(bytes,89 1E 5F 5E 5B)
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
// mov [esi],ebx
pop edi
pop esi
pop ebx
jmp return
address:
jmp newmem
return:
[DISABLE]
address:
db bytes
// mov [esi],ebx
// pop edi
// pop esi
// pop ebx
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "server.dll"+FBC34
"server.dll"+FBC0E: 81 C1 FC 06 00 00 - add ecx,000006FC
"server.dll"+FBC14: 8B 04 B9 - mov eax,[ecx+edi*4]
"server.dll"+FBC17: 8D 34 B9 - lea esi,[ecx+edi*4]
"server.dll"+FBC1A: 89 5D 08 - mov [ebp+08],ebx
"server.dll"+FBC1D: 3B 02 - cmp eax,[edx]
"server.dll"+FBC1F: 74 15 - je server.dll+FBC36
"server.dll"+FBC21: 8B 81 04 F9 FF FF - mov eax,[ecx-000006FC]
"server.dll"+FBC27: 81 C1 04 F9 FF FF - add ecx,FFFFF904
"server.dll"+FBC2D: 56 - push esi
"server.dll"+FBC2E: FF 90 4C 05 00 00 - call dword ptr [eax+0000054C]
// ---------- INJECTING HERE ----------
"server.dll"+FBC34: 89 1E - mov [esi],ebx
"server.dll"+FBC36: 5F - pop edi
"server.dll"+FBC37: 5E - pop esi
"server.dll"+FBC38: 5B - pop ebx
// ---------- DONE INJECTING ----------
"server.dll"+FBC39: 8B E5 - mov esp,ebp
"server.dll"+FBC3B: 5D - pop ebp
"server.dll"+FBC3C: C2 08 00 - ret 0008
"server.dll"+FBC3F: CC - int 3
"server.dll"+FBC40: 55 - push ebp
"server.dll"+FBC41: 8B EC - mov ebp,esp
"server.dll"+FBC43: 56 - push esi
"server.dll"+FBC44: 57 - push edi
"server.dll"+FBC45: FF 75 0C - push [ebp+0C]
"server.dll"+FBC48: 8B F9 - mov edi,ecx
}