When I checked the CT that gathers all monsters in one place, it was written as follows:
Code: Select all
[ENABLE]
alloc(newmem,2048,"GameAssembly.dll"+32CB06D)
label(returnhere)
label(originalcode)
label(exit)
newmem:
cmp [stop],1
je originalcode
movsd [rbp-10],xmm3
jmp exit
originalcode:
movsd [rbp-10],xmm0
exit:
jmp returnhere
"GameAssembly.dll"+32CB06D:
jmp newmem
returnhere:
[DISABLE]
dealloc(newmem)
"GameAssembly.dll"+32CB06D:
db F2 0F 11 45 F0
//movsd [rbp-10],xmm0
This appears to be a form of code injection. However, when I looked at lectures and YouTube videos about other code injections, they used the process of an exe, and did not access GameAssembly.dll as in the example code above.
I tried to find the offset 32CB06D using Il2CppDumper, but it did not exist.
What should I look at to find lectures or explanations about this?