How to make RATIO for Nitro f.e. using CE?

[marek1957]

Hello Guys!

I need help in one script for Asphalt 8 game.



Yesterday I was trying to hack PINK nitro which is only for Motorbikes in Asphalt 8 game. I already found it. And now I want to make a RATIO for this NITRO (for example, I will write some value and it will be using 80% ratio, or 60% ratio and etc.).



I checked also that this PINK nitro is located very close in memory region to the normal Nitro - please check the screens below:



[img]https://i.imgur.com/yMAtH11.png[/img]



So here it is a script for NITRO RATIO for Normal Nitro:



[SPOILER="NITRO RATIO for Normal Nitro - SCRIPT"]

define(write2,0F 28 CC F3 0F 11 65 F8 F3 0F 59 CA)

define(write7,0F 28 CC F3 0F 11 65 E8 F3 0F 59 CA)

[ENABLE]

aobscanmodule(write5,Asphalt8.exe,0F 28 CC F3 0F 11 65 F8 F3 0F 59 CA)

aobscanmodule(write12,Asphalt8.exe,0F 28 CC F3 0F 11 65 E8 F3 0F 59 CA)

globalalloc(write1,4)

alloc(write3,$1000)

label(write11)

label(write6)

label(write4)

label(write9)

write3:

write11:

push eax

mov eax,[write1]

movd xmm4,eax

movaps xmm1,xmm4

movss [ebp-08],xmm4

mulss xmm1,xmm2

pop eax

ret

write6:

push eax

mov eax,[write1]

movd xmm4,eax

movaps xmm1,xmm4

movss [ebp-18],xmm4

mulss xmm1,xmm2

pop eax

ret

write5:

push ebx

mov ebx,write11

call ebx

pop ebx

db 90 90 90

write4:

write12:

push ebx

mov ebx,write6

call ebx

pop ebx

db 90 90 90

write9:

registersymbol(write5)

registersymbol(write12)

[DISABLE]

write5:

db write2

write12:

db write7

unregistersymbol(write5)

unregistersymbol(write12)

dealloc(write3)

dealloc(write1)

[/SPOILER]



Like you can see, in WRITE1 - I can write any value that I want and it will change RATIO in the game for normal Nitro, below I put a table with values for any Nitro Ratio:



[img]https://i.imgur.com/Q2iyyb8.jpg[/img]



And I want to make the same script for PINK NITRO but I don't really know how to make it - I already know that value: 4199038649 in 4-bytes type will fill the Nitro at 100%, below I put a script for UNLIMITED PINK NITRO:



[SPOILER="UNLIMITED PINK NITRO - Script"]

[ENABLE]

alloc(pink,2048)

label(returnhere)

label(originalcode)

label(exit)

pink:

originalcode:

mov [esi+28],(int)4199038649

lea ebx,[esi+28]

mov ecx,[Asphalt8.exe+1B9D58C]

exit:

jmp returnhere

"Asphalt8.exe"+11BE74:

jmp pink

db 90 90 90 90

returnhere:

[DISABLE]

dealloc(pink)

"Asphalt8.exe"+11BE74:

lea ebx,[esi+28]

mov ecx,[Asphalt8.exe+1B9D58C]

[/SPOILER]



So can you help me guys? I attached also CT file with these scripts for maybe analise by you.



Thank you for all your help and I am waiting for your answer,

Best Regards!

1532269336

I ALREADY DID THAT :-D