1
"Unlimited Stamina"
Auto Assembler Script
[ENABLE]
aobscanmodule(stamina,CodeVein-Win64-Shipping.exe,F3 0F 5D C6 0F 28 F8 48)
stamina:
nop 4
registersymbol(stamina)
[DISABLE]
stamina:
db F3 0F 5D C6
unregistersymbol(stamina)
{
// ORIGINAL CODE - INJECTION POINT: "CodeVein-Win64-Shipping.exe"+609D55F
"CodeVein-Win64-Shipping.exe"+609D536: F3 0F 58 C6 - addss xmm0,xmm6
"CodeVein-Win64-Shipping.exe"+609D53A: 48 89 D9 - mov rcx,rbx
"CodeVein-Win64-Shipping.exe"+609D53D: F3 0F 5F 05 83 CE AB FC - maxss xmm0,[CodeVein-Win64-Shipping.exe+2B5A3C8]
"CodeVein-Win64-Shipping.exe"+609D545: 0F 28 C8 - movaps xmm1,xmm0
"CodeVein-Win64-Shipping.exe"+609D548: FF 90 A0 00 00 00 - call qword ptr [rax+000000A0]
"CodeVein-Win64-Shipping.exe"+609D54E: 48 8B 03 - mov rax,[rbx]
"CodeVein-Win64-Shipping.exe"+609D551: 48 89 D9 - mov rcx,rbx
"CodeVein-Win64-Shipping.exe"+609D554: FF 90 30 01 00 00 - call qword ptr [rax+00000130]
"CodeVein-Win64-Shipping.exe"+609D55A: 0F 2F F7 - comiss xmm6,xmm7
"CodeVein-Win64-Shipping.exe"+609D55D: 72 07 - jb CodeVein-Win64-Shipping.exe+609D566
// ---------- INJECTING HERE ----------
"CodeVein-Win64-Shipping.exe"+609D55F: F3 0F 5D C6 - minss xmm0,xmm6
"CodeVein-Win64-Shipping.exe"+609D563: 0F 28 F8 - movaps xmm7,xmm0
// ---------- DONE INJECTING ----------
"CodeVein-Win64-Shipping.exe"+609D566: 48 89 F9 - mov rcx,rdi
"CodeVein-Win64-Shipping.exe"+609D569: F3 0F 11 BF 60 02 00 00 - movss [rdi+00000260],xmm7
"CodeVein-Win64-Shipping.exe"+609D571: E8 3A BF 43 FA - call CodeVein-Win64-Shipping.exe+4D94B0
"CodeVein-Win64-Shipping.exe"+609D576: 0F 28 7C 24 20 - movaps xmm7,[rsp+20]
"CodeVein-Win64-Shipping.exe"+609D57B: 48 8B 5C 24 50 - mov rbx,[rsp+50]
"CodeVein-Win64-Shipping.exe"+609D580: 0F 28 74 24 30 - movaps xmm6,[rsp+30]
"CodeVein-Win64-Shipping.exe"+609D585: 48 83 C4 40 - add rsp,40
"CodeVein-Win64-Shipping.exe"+609D589: 5F - pop rdi
"CodeVein-Win64-Shipping.exe"+609D58A: C3 - ret
"CodeVein-Win64-Shipping.exe"+609D58B: CC - int 3
}
9
"Unlimited Ichor"
Auto Assembler Script
[ENABLE]
aobscanmodule(ichor,CodeVein-Win64-Shipping.exe,F3 41 0F 5D C0 0F 28 F8 31)
ichor:
nop 5
registersymbol(ichor)
[DISABLE]
ichor:
db F3 41 0F 5D C0
unregistersymbol(ichor)
{
// ORIGINAL CODE - INJECTION POINT: "CodeVein-Win64-Shipping.exe"+63DF241
"CodeVein-Win64-Shipping.exe"+63DF211: 0F 28 C8 - movaps xmm1,xmm0
"CodeVein-Win64-Shipping.exe"+63DF214: FF 90 A0 00 00 00 - call qword ptr [rax+000000A0]
"CodeVein-Win64-Shipping.exe"+63DF21A: 0F 28 B4 24 90 00 00 00 - movaps xmm6,[rsp+00000090]
"CodeVein-Win64-Shipping.exe"+63DF222: 48 8B 9C 24 B0 00 00 00 - mov rbx,[rsp+000000B0]
"CodeVein-Win64-Shipping.exe"+63DF22A: 48 8B 07 - mov rax,[rdi]
"CodeVein-Win64-Shipping.exe"+63DF22D: 48 89 F9 - mov rcx,rdi
"CodeVein-Win64-Shipping.exe"+63DF230: FF 50 78 - call qword ptr [rax+78]
"CodeVein-Win64-Shipping.exe"+63DF233: 44 0F 2F C7 - comiss xmm8,xmm7
"CodeVein-Win64-Shipping.exe"+63DF237: 48 8B BC 24 B8 00 00 00 - mov rdi,[rsp+000000B8]
"CodeVein-Win64-Shipping.exe"+63DF23F: 72 08 - jb CodeVein-Win64-Shipping.exe+63DF249
// ---------- INJECTING HERE ----------
"CodeVein-Win64-Shipping.exe"+63DF241: F3 41 0F 5D C0 - minss xmm0,xmm8
// ---------- DONE INJECTING ----------
"CodeVein-Win64-Shipping.exe"+63DF246: 0F 28 F8 - movaps xmm7,xmm0
"CodeVein-Win64-Shipping.exe"+63DF249: 31 C0 - xor eax,eax
"CodeVein-Win64-Shipping.exe"+63DF24B: F3 0F 11 BE 00 05 00 00 - movss [rsi+00000500],xmm7
"CodeVein-Win64-Shipping.exe"+63DF253: 48 8D 54 24 30 - lea rdx,[rsp+30]
"CodeVein-Win64-Shipping.exe"+63DF258: 48 89 44 24 50 - mov [rsp+50],rax
"CodeVein-Win64-Shipping.exe"+63DF25D: 89 44 24 60 - mov [rsp+60],eax
"CodeVein-Win64-Shipping.exe"+63DF261: 8D 48 10 - lea ecx,[rax+10]
"CodeVein-Win64-Shipping.exe"+63DF264: E8 67 9A FA F9 - call CodeVein-Win64-Shipping.exe+388CD0
"CodeVein-Win64-Shipping.exe"+63DF269: 44 0F 28 44 24 70 - movaps xmm8,[rsp+70]
"CodeVein-Win64-Shipping.exe"+63DF26F: 0F 28 BC 24 80 00 00 00 - movaps xmm7,[rsp+00000080]
}
64
"Unlimited Items"
Auto Assembler Script
[ENABLE]
aobscanmodule(items,CodeVein-Win64-Shipping.exe,29 F0 4C 89 B4 24 B0 00 00 00)
items:
nop 2
registersymbol(items)
[DISABLE]
items:
db 29 F0
unregistersymbol(items)
{
// ORIGINAL CODE - INJECTION POINT: "CodeVein-Win64-Shipping.exe"+63DBE7A
"CodeVein-Win64-Shipping.exe"+63DBE5E: 30 C0 - xor al,al
"CodeVein-Win64-Shipping.exe"+63DBE60: 48 8B BC 24 A0 00 00 00 - mov rdi,[rsp+000000A0]
"CodeVein-Win64-Shipping.exe"+63DBE68: 48 81 C4 80 00 00 00 - add rsp,00000080
"CodeVein-Win64-Shipping.exe"+63DBE6F: 5E - pop rsi
"CodeVein-Win64-Shipping.exe"+63DBE70: 5D - pop rbp
"CodeVein-Win64-Shipping.exe"+63DBE71: 5B - pop rbx
"CodeVein-Win64-Shipping.exe"+63DBE72: C3 - ret
"CodeVein-Win64-Shipping.exe"+63DBE73: 8B 43 14 - mov eax,[rbx+14]
"CodeVein-Win64-Shipping.exe"+63DBE76: 39 F0 - cmp eax,esi
"CodeVein-Win64-Shipping.exe"+63DBE78: 7C E4 - jl CodeVein-Win64-Shipping.exe+63DBE5E
// ---------- INJECTING HERE ----------
"CodeVein-Win64-Shipping.exe"+63DBE7A: 29 F0 - sub eax,esi
"CodeVein-Win64-Shipping.exe"+63DBE7C: 4C 89 B4 24 B0 00 00 00 - mov [rsp+000000B0],r14
// ---------- DONE INJECTING ----------
"CodeVein-Win64-Shipping.exe"+63DBE84: 44 0F B6 73 10 - movzx r14d,byte ptr [rbx+10]
"CodeVein-Win64-Shipping.exe"+63DBE89: 0F B6 73 11 - movzx esi,byte ptr [rbx+11]
"CodeVein-Win64-Shipping.exe"+63DBE8D: 89 43 14 - mov [rbx+14],eax
"CodeVein-Win64-Shipping.exe"+63DBE90: 0F 85 23 01 00 00 - jne CodeVein-Win64-Shipping.exe+63DBFB9
"CodeVein-Win64-Shipping.exe"+63DBE96: 48 8B 0B - mov rcx,[rbx]
"CodeVein-Win64-Shipping.exe"+63DBE99: 48 83 C1 60 - add rcx,60
"CodeVein-Win64-Shipping.exe"+63DBE9D: 48 8B 01 - mov rax,[rcx]
"CodeVein-Win64-Shipping.exe"+63DBEA0: FF 50 20 - call qword ptr [rax+20]
"CodeVein-Win64-Shipping.exe"+63DBEA3: 84 C0 - test al,al
"CodeVein-Win64-Shipping.exe"+63DBEA5: 0F 84 0E 01 00 00 - je CodeVein-Win64-Shipping.exe+63DBFB9
}
1345
"Zero Weapon Weight (drops ichor too)"
Auto Assembler Script
[ENABLE]
aobscanmodule(wpnWeight,CodeVein-Win64-Shipping.exe,F3 0F 10 81 90 00 00 00 C3)
wpnWeight:
db 0F 57 C0 90 90 90 90 90
registersymbol(wpnWeight)
[DISABLE]
wpnWeight:
db F3 0F 10 81 90 00 00 00
unregistersymbol(wpnWeight)
{
// ORIGINAL CODE - INJECTION POINT: "CodeVein-Win64-Shipping.exe"+7DA8D10
"CodeVein-Win64-Shipping.exe"+7DA8CF6: 9D - popfq
"CodeVein-Win64-Shipping.exe"+7DA8CF7: 4D 89 F9 - mov r9,r15
"CodeVein-Win64-Shipping.exe"+7DA8CFA: 4C 87 8E 1C 7E 71 AE - xchg [rsi-518E81E4],r9
"CodeVein-Win64-Shipping.exe"+7DA8D01: 48 8D 64 24 F8 - lea rsp,[rsp-08]
"CodeVein-Win64-Shipping.exe"+7DA8D06: 4C 89 2C 24 - mov [rsp],r13
"CodeVein-Win64-Shipping.exe"+7DA8D0A: C3 - ret
"CodeVein-Win64-Shipping.exe"+7DA8D0B: 01 0F - add [rdi],ecx
"CodeVein-Win64-Shipping.exe"+7DA8D0D: 1F - pop ds
"CodeVein-Win64-Shipping.exe"+7DA8D0E: 40 - db 40 // SHORTENED TO HIT INJECTION FROM: add bl,sil
"CodeVein-Win64-Shipping.exe"+7DA8D0F: 00 - db 00 // SHORTENED TO HIT INJECTION FROM: add bl,dh
// ---------- INJECTING HERE ----------
"CodeVein-Win64-Shipping.exe"+7DA8D10: F3 0F 10 81 90 00 00 00 - movss xmm0,[rcx+00000090]
// ---------- DONE INJECTING ----------
"CodeVein-Win64-Shipping.exe"+7DA8D18: C3 - ret
"CodeVein-Win64-Shipping.exe"+7DA8D19: C3 - ret
"CodeVein-Win64-Shipping.exe"+7DA8D1A: 0F 89 F0 81 C6 2D - jns 175A10F10
"CodeVein-Win64-Shipping.exe"+7DA8D20: FA - cli
"CodeVein-Win64-Shipping.exe"+7DA8D21: F4 - hlt
"CodeVein-Win64-Shipping.exe"+7DA8D22: CE - into
"CodeVein-Win64-Shipping.exe"+7DA8D23: 29 F0 - sub eax,esi
"CodeVein-Win64-Shipping.exe"+7DA8D25: BE 8F 8D 3E 71 - mov esi,713E8D8F
"CodeVein-Win64-Shipping.exe"+7DA8D2A: 25 FF BF C7 31 - and eax,31C7BFFF
"CodeVein-Win64-Shipping.exe"+7DA8D2F: 25 FF 3F 18 40 - and eax,40183FFF
}
47
"Player Pointer"
Auto Assembler Script
[ENABLE]
aobscanmodule(player,CodeVein-Win64-Shipping.exe,48 01 C0 48 8B 3C C1 48 85 FF 0F 84 1F)
alloc(newmem,$1000,player)
label(code)
label(return)
label(playerPtr)
newmem:
mov rdi,playerPtr
mov [rdi],rcx
code:
add rax,rax
mov rdi,[rcx+rax*8]
jmp return
playerPtr:
dq 0
player:
jmp newmem
nop 2
return:
registersymbol(player)
registersymbol(playerPtr)
[DISABLE]
player:
db 48 01 C0 48 8B 3C C1
unregistersymbol(player)
unregistersymbol(playerPtr)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "CodeVein-Win64-Shipping.exe"+F05B20F
"CodeVein-Win64-Shipping.exe"+F05B1E4: 66 66 66 2E 0F 1F 84 00 00 00 00 00 - nop cs:[rax+rax+00000000]
"CodeVein-Win64-Shipping.exe"+F05B1F0: 48 63 45 F3 - movsxd rax,dword ptr [rbp-0D]
"CodeVein-Win64-Shipping.exe"+F05B1F4: 48 8B 4D D7 - mov rcx,[rbp-29]
"CodeVein-Win64-Shipping.exe"+F05B1F8: 44 39 F0 - cmp eax,r14d
"CodeVein-Win64-Shipping.exe"+F05B1FB: 75 0F - jne CodeVein-Win64-Shipping.exe+F05B20C
"CodeVein-Win64-Shipping.exe"+F05B1FD: 4C 39 6D E7 - cmp [rbp-19],r13
"CodeVein-Win64-Shipping.exe"+F05B201: 75 09 - jne CodeVein-Win64-Shipping.exe+F05B20C
"CodeVein-Win64-Shipping.exe"+F05B203: 4C 39 D9 - cmp rcx,r11
"CodeVein-Win64-Shipping.exe"+F05B206: 0F 84 54 01 00 00 - je CodeVein-Win64-Shipping.exe+F05B360
"CodeVein-Win64-Shipping.exe"+F05B20C: 48 8B 09 - mov rcx,[rcx]
// ---------- INJECTING HERE ----------
"CodeVein-Win64-Shipping.exe"+F05B20F: 48 01 C0 - add rax,rax
"CodeVein-Win64-Shipping.exe"+F05B212: 48 8B 3C C1 - mov rdi,[rcx+rax*8]
// ---------- DONE INJECTING ----------
"CodeVein-Win64-Shipping.exe"+F05B216: 48 85 FF - test rdi,rdi
"CodeVein-Win64-Shipping.exe"+F05B219: 0F 84 1F 01 00 00 - je CodeVein-Win64-Shipping.exe+F05B33E
"CodeVein-Win64-Shipping.exe"+F05B21F: E8 2C 0C 24 F3 - call CodeVein-Win64-Shipping.exe+229BE50
"CodeVein-Win64-Shipping.exe"+F05B224: 48 8B 57 10 - mov rdx,[rdi+10]
"CodeVein-Win64-Shipping.exe"+F05B228: 4C 8D 80 88 00 00 00 - lea r8,[rax+00000088]
"CodeVein-Win64-Shipping.exe"+F05B22F: 49 63 40 08 - movsxd rax,dword ptr [r8+08]
"CodeVein-Win64-Shipping.exe"+F05B233: 3B 82 90 00 00 00 - cmp eax,[rdx+00000090]
"CodeVein-Win64-Shipping.exe"+F05B239: 0F 8F FF 00 00 00 - jg CodeVein-Win64-Shipping.exe+F05B33E
"CodeVein-Win64-Shipping.exe"+F05B23F: 48 89 C1 - mov rcx,rax
"CodeVein-Win64-Shipping.exe"+F05B242: 48 8B 82 88 00 00 00 - mov rax,[rdx+00000088]
}
57
"Unlimited Health"
Auto Assembler Script
[ENABLE]
aobscanmodule(health,CodeVein-Win64-Shipping.exe,F3 0F 5D C6 0F 28 C8 48 8B)
alloc(newmem,$1000,health)
label(code)
label(return)
newmem:
mov rax,playerPtr
mov rax,[rax]
cmp [rax+3A*8],rbx
je code
minss xmm0,xmm6
code:
movaps xmm1,xmm0
jmp return
health:
jmp newmem
nop 2
return:
registersymbol(health)
[DISABLE]
health:
db F3 0F 5D C6 0F 28 C8
unregistersymbol(health)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "CodeVein-Win64-Shipping.exe"+609D074
"CodeVein-Win64-Shipping.exe"+609D04C: 48 89 F9 - mov rcx,rdi
"CodeVein-Win64-Shipping.exe"+609D04F: 0F 28 F1 - movaps xmm6,xmm1
"CodeVein-Win64-Shipping.exe"+609D052: FF 90 A8 00 00 00 - call qword ptr [rax+000000A8]
"CodeVein-Win64-Shipping.exe"+609D058: 48 8B 07 - mov rax,[rdi]
"CodeVein-Win64-Shipping.exe"+609D05B: 48 89 F9 - mov rcx,rdi
"CodeVein-Win64-Shipping.exe"+609D05E: F3 0F 11 83 F8 01 00 00 - movss [rbx+000001F8],xmm0
"CodeVein-Win64-Shipping.exe"+609D066: FF 90 B8 00 00 00 - call qword ptr [rax+000000B8]
"CodeVein-Win64-Shipping.exe"+609D06C: 0F 57 C9 - xorps xmm1,xmm1
"CodeVein-Win64-Shipping.exe"+609D06F: 0F 2F F1 - comiss xmm6,xmm1
"CodeVein-Win64-Shipping.exe"+609D072: 72 07 - jb CodeVein-Win64-Shipping.exe+609D07B
// ---------- INJECTING HERE ----------
"CodeVein-Win64-Shipping.exe"+609D074: F3 0F 5D C6 - minss xmm0,xmm6
"CodeVein-Win64-Shipping.exe"+609D078: 0F 28 C8 - movaps xmm1,xmm0
// ---------- DONE INJECTING ----------
"CodeVein-Win64-Shipping.exe"+609D07B: 48 8B 07 - mov rax,[rdi]
"CodeVein-Win64-Shipping.exe"+609D07E: 48 89 F9 - mov rcx,rdi
"CodeVein-Win64-Shipping.exe"+609D081: F3 0F 11 8B FC 01 00 00 - movss [rbx+000001FC],xmm1
"CodeVein-Win64-Shipping.exe"+609D089: FF 90 D0 00 00 00 - call qword ptr [rax+000000D0]
"CodeVein-Win64-Shipping.exe"+609D08F: 84 C0 - test al,al
"CodeVein-Win64-Shipping.exe"+609D091: 74 43 - je CodeVein-Win64-Shipping.exe+609D0D6
"CodeVein-Win64-Shipping.exe"+609D093: 0F 2F B3 F8 01 00 00 - comiss xmm6,[rbx+000001F8]
"CodeVein-Win64-Shipping.exe"+609D09A: 73 46 - jae CodeVein-Win64-Shipping.exe+609D0E2
"CodeVein-Win64-Shipping.exe"+609D09C: 48 8B 07 - mov rax,[rdi]
"CodeVein-Win64-Shipping.exe"+609D09F: 48 89 F9 - mov rcx,rdi
}
53
"Show/Hide"
1
12
"Player"
String
0
0
0
1
playerPtr
0
3A*8
67
"Level"
4 Bytes
+1E8
56
"Haze"
4 Bytes
+548
33
"Current Health"
Float
+1FC
48
"Maximum Health"
Float
+204
49
"Current Stamina"
Float
+260
50
"Maximum Stamina"
Float
+268
51
"Current Ichor"
Float
+500
52
"Maximum Ichor"
Float
+508
1295
"Balance"
Float
+2D0
1267
"Weapons???"
String
0
0
0
1
+20
0
298+58
10*8
2B8
1269
"Weapon X"
String
0
0
0
1
+0*20
1270
"Quality"
4 Bytes
+14
1271
"Quantity"
4 Bytes
+1C
1268
"Stats"
1
8 Bytes
+8
0
1272
"Name 1"
String
256
1
0
1
+38
0
1273
"Name 2"
String
256
1
0
1
+50
0
1275
"Weight"
Float
+F0
1274
"Base Damage 1"
Float
+F8
1285
"Base Damage 2"
Float
+FC
1284
"Base Damage 3"
Float
+100
1286
"Blood (Attack)"
Float
+104
1287
"Fire (Attack)"
Float
+108
1288
"Ice (Attack)"
Float
+10C
1289
"Lightning (Attack)"
Float
+110
1276
"Slash (Defense)"
Float
+120
1277
"Crush (Defense)"
Float
+124
1278
"Pierce (Defense)"
Float
+128
1279
"Blood (Defense)"
Float
+12C
1280
"Fire (Defense)"
Float
+130
1281
"Ice (Defense)"
Float
+134
1282
"Lightning (Defense)"
Float
+138
1283
"Stamina Reduction"
Float
+13C
1290
"Stun"
Float
+14C
1291
"Inhibit"
Float
+150
1292
"Slow"
Float
+154
550
"pox911 scripts"
1
1260
"Current Highlighted Skill"
Auto Assembler Script
[ENABLE]
aobscanmodule(CurSkillAOB,CodeVein-Win64-Shipping.exe,F3 41 0F 59 46 78) // should be unique
alloc(newmem,$1000,"CodeVein-Win64-Shipping.exe"+7E3F7ED)
label(code)
label(return)
label(SkillData)
registersymbol(SkillData)
newmem:
code:
mov [SkillData],r14
mulss xmm0,[r14+78]
jmp return
SkillData:
CurSkillAOB:
jmp newmem
nop
return:
registersymbol(CurSkillAOB)
[DISABLE]
CurSkillAOB:
db F3 41 0F 59 46 78
unregistersymbol(CurSkillAOB)
unregistersymbol(SkillData)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "CodeVein-Win64-Shipping.exe"+7E3F7ED
"CodeVein-Win64-Shipping.exe"+7E3F7C5: 48 8D 0D EC 21 D2 FA - lea rcx,[CodeVein-Win64-Shipping.exe+2B619B8]
"CodeVein-Win64-Shipping.exe"+7E3F7CC: E8 8F 1B D5 F8 - call CodeVein-Win64-Shipping.exe+B91360
"CodeVein-Win64-Shipping.exe"+7E3F7D1: 8B 47 08 - mov eax,[rdi+08]
"CodeVein-Win64-Shipping.exe"+7E3F7D4: C1 E8 1D - shr eax,1D
"CodeVein-Win64-Shipping.exe"+7E3F7D7: A8 01 - test al,01
"CodeVein-Win64-Shipping.exe"+7E3F7D9: 75 0A - jne CodeVein-Win64-Shipping.exe+7E3F7E5
"CodeVein-Win64-Shipping.exe"+7E3F7DB: 48 89 D9 - mov rcx,rbx
"CodeVein-Win64-Shipping.exe"+7E3F7DE: E8 4D 00 8E F9 - call CodeVein-Win64-Shipping.exe+171F830
"CodeVein-Win64-Shipping.exe"+7E3F7E3: EB 08 - jmp CodeVein-Win64-Shipping.exe+7E3F7ED
"CodeVein-Win64-Shipping.exe"+7E3F7E5: F3 0F 10 05 DB AB D1 FA - movss xmm0,[CodeVein-Win64-Shipping.exe+2B5A3C8]
// ---------- INJECTING HERE ----------
"CodeVein-Win64-Shipping.exe"+7E3F7ED: F3 41 0F 59 46 78 - mulss xmm0,[r14+78]
// ---------- DONE INJECTING ----------
"CodeVein-Win64-Shipping.exe"+7E3F7F3: 48 8B 5C 24 30 - mov rbx,[rsp+30]
"CodeVein-Win64-Shipping.exe"+7E3F7F8: 48 8B 74 24 38 - mov rsi,[rsp+38]
"CodeVein-Win64-Shipping.exe"+7E3F7FD: 48 8B 7C 24 40 - mov rdi,[rsp+40]
"CodeVein-Win64-Shipping.exe"+7E3F802: 48 83 C4 20 - add rsp,20
"CodeVein-Win64-Shipping.exe"+7E3F806: 41 5E - pop r14
"CodeVein-Win64-Shipping.exe"+7E3F808: C3 - ret
"CodeVein-Win64-Shipping.exe"+7E3F809: CC - int 3
"CodeVein-Win64-Shipping.exe"+7E3F80A: 48 29 ED - sub rbp,rbp
"CodeVein-Win64-Shipping.exe"+7E3F80D: 4C 8D 1C 24 - lea r11,[rsp]
"CodeVein-Win64-Shipping.exe"+7E3F811: 49 81 C3 2A DB 41 9C - add r11,9C41DB2A
}
545
"Cost"
Float
SkillData
78
546
"CoolDown"
Float
SkillData
80
547
"Recast Delay"
Float
SkillData
88
70
548
"Animation Speed"
Float
SkillData
8c
70
1246
"Current Highlighted Weapon"
Auto Assembler Script
{ Game : CodeVein-Win64-Shipping.exe
Version:
Date : 2019-09-30
Author : Turk
This script does blah blah blah
}
[ENABLE]
aobscanmodule(CurWeapAOB,CodeVein-Win64-Shipping.exe,4D 8B 40 08 88 44 24 20) // should be unique
alloc(newmem,$1000,"CodeVein-Win64-Shipping.exe"+6651F68)
label(code)
label(return)
label(WeaponData)
registersymbol(WeaponData)
newmem:
code:
mov [WeaponData],r8
mov r8,[r8+08]
mov [rsp+20],al
jmp return
WeaponData:
CurWeapAOB:
jmp newmem
nop
nop
nop
return:
registersymbol(CurWeapAOB)
[DISABLE]
CurWeapAOB:
db 4D 8B 40 08 88 44 24 20
unregistersymbol(CurWeapAOB)
unregistersymbol(WeaponData)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "CodeVein-Win64-Shipping.exe"+6651F68
"CodeVein-Win64-Shipping.exe"+6651F49: 48 89 D8 - mov rax,rbx
"CodeVein-Win64-Shipping.exe"+6651F4C: 48 8B 5C 24 40 - mov rbx,[rsp+40]
"CodeVein-Win64-Shipping.exe"+6651F51: 48 83 C4 30 - add rsp,30
"CodeVein-Win64-Shipping.exe"+6651F55: 5F - pop rdi
"CodeVein-Win64-Shipping.exe"+6651F56: C3 - ret
"CodeVein-Win64-Shipping.exe"+6651F57: 0F B6 40 18 - movzx eax,byte ptr [rax+18]
"CodeVein-Win64-Shipping.exe"+6651F5B: 48 89 DA - mov rdx,rbx
"CodeVein-Win64-Shipping.exe"+6651F5E: 45 8B 48 14 - mov r9d,[r8+14]
"CodeVein-Win64-Shipping.exe"+6651F62: 48 89 F9 - mov rcx,rdi
"CodeVein-Win64-Shipping.exe"+6651F65: 4C 8B 17 - mov r10,[rdi]
// ---------- INJECTING HERE ----------
"CodeVein-Win64-Shipping.exe"+6651F68: 4D 8B 40 08 - mov r8,[r8+08]
"CodeVein-Win64-Shipping.exe"+6651F6C: 88 44 24 20 - mov [rsp+20],al
// ---------- DONE INJECTING ----------
"CodeVein-Win64-Shipping.exe"+6651F70: 41 FF 92 98 00 00 00 - call qword ptr [r10+00000098]
"CodeVein-Win64-Shipping.exe"+6651F77: 48 89 D8 - mov rax,rbx
"CodeVein-Win64-Shipping.exe"+6651F7A: 48 8B 5C 24 40 - mov rbx,[rsp+40]
"CodeVein-Win64-Shipping.exe"+6651F7F: 48 83 C4 30 - add rsp,30
"CodeVein-Win64-Shipping.exe"+6651F83: 5F - pop rdi
"CodeVein-Win64-Shipping.exe"+6651F84: C3 - ret
"CodeVein-Win64-Shipping.exe"+6651F85: CC - int 3
"CodeVein-Win64-Shipping.exe"+6651F86: 41 53 - push r11
"CodeVein-Win64-Shipping.exe"+6651F88: 49 F7 D3 - not r11
"CodeVein-Win64-Shipping.exe"+6651F8B: 4C 21 1C 24 - and [rsp],r11
}
1247
"Weapon Pointer"
1
8 Bytes
WeaponData
8
1248
"Quantity"
4 Bytes
WeaponData
1c
1249
"Quality"
4 Bytes
WeaponData
14
1250
"Transformation"
0:None
1:Alleviation
2:Fortification
3:Intensification
4:Gifts
5:Devour
6:Fire
7:Ice
8:Lightning
9:Venom
10:Stun
11:Inhibit
12:Slow
Byte
WeaponData
18
1297
"Stats"
1
8 Bytes
WeaponData
0
8
1298
"Name 1"
String
256
1
0
1
+38
0
1299
"Name 2"
String
256
1
0
1
+50
0
1300
"Weight"
Float
+F0
1301
"Base Damage 1"
Float
+F8
1302
"Base Damage 2"
Float
+FC
1303
"Base Damage 3"
Float
+100
1304
"Blood (Attack)"
Float
+104
1305
"Fire (Attack)"
Float
+108
1306
"Ice (Attack)"
Float
+10C
1307
"Lightning (Attack)"
Float
+110
1308
"Slash (Defense)"
Float
+120
1309
"Crush (Defense)"
Float
+124
1310
"Pierce (Defense)"
Float
+128
1311
"Blood (Defense)"
Float
+12C
1312
"Fire (Defense)"
Float
+130
1313
"Ice (Defense)"
Float
+134
1314
"Lightning (Defense)"
Float
+138
1315
"Stamina Reduction"
Float
+13C
1316
"Stun"
Float
+14C
1317
"Inhibit"
Float
+150
1318
"Slow"
Float
+154
1251
"Current Highlighted Blood Veil"
Auto Assembler Script
{ Game : CodeVein-Win64-Shipping.exe
Version:
Date : 2019-09-30
Author : Turk
This script does blah blah blah
}
[ENABLE]
aobscanmodule(CurVeilAOB,CodeVein-Win64-Shipping.exe,4C 8B 40 08 4D 85 C0 74 E1) // should be unique
alloc(newmem,$1000,"CodeVein-Win64-Shipping.exe"+64B3337)
label(code)
label(return)
label(VeilData)
registersymbol(VeilData)
newmem:
code:
mov [VeilData],rax
mov r8,[rax+08]
test r8,r8
jmp return
VeilData:
CurVeilAOB:
jmp newmem
nop
nop
return:
registersymbol(CurVeilAOB)
[DISABLE]
CurVeilAOB:
db 4C 8B 40 08 4D 85 C0
unregistersymbol(CurVeilAOB)
unregistersymbol(VeilData)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "CodeVein-Win64-Shipping.exe"+64B3337
"CodeVein-Win64-Shipping.exe"+64B3319: 48 89 C2 - mov rdx,rax
"CodeVein-Win64-Shipping.exe"+64B331C: 48 85 C0 - test rax,rax
"CodeVein-Win64-Shipping.exe"+64B331F: 75 16 - jne CodeVein-Win64-Shipping.exe+64B3337
"CodeVein-Win64-Shipping.exe"+64B3321: 48 89 D9 - mov rcx,rbx
"CodeVein-Win64-Shipping.exe"+64B3324: E8 A7 1C 6A FA - call CodeVein-Win64-Shipping.exe+B54FD0
"CodeVein-Win64-Shipping.exe"+64B3329: 48 89 D8 - mov rax,rbx
"CodeVein-Win64-Shipping.exe"+64B332C: 48 8B 5C 24 40 - mov rbx,[rsp+40]
"CodeVein-Win64-Shipping.exe"+64B3331: 48 83 C4 30 - add rsp,30
"CodeVein-Win64-Shipping.exe"+64B3335: 5F - pop rdi
"CodeVein-Win64-Shipping.exe"+64B3336: C3 - ret
// ---------- INJECTING HERE ----------
"CodeVein-Win64-Shipping.exe"+64B3337: 4C 8B 40 08 - mov r8,[rax+08]
"CodeVein-Win64-Shipping.exe"+64B333B: 4D 85 C0 - test r8,r8
// ---------- DONE INJECTING ----------
"CodeVein-Win64-Shipping.exe"+64B333E: 74 E1 - je CodeVein-Win64-Shipping.exe+64B3321
"CodeVein-Win64-Shipping.exe"+64B3340: 0F B6 40 18 - movzx eax,byte ptr [rax+18]
"CodeVein-Win64-Shipping.exe"+64B3344: 48 89 F9 - mov rcx,rdi
"CodeVein-Win64-Shipping.exe"+64B3347: 44 8B 4A 14 - mov r9d,[rdx+14]
"CodeVein-Win64-Shipping.exe"+64B334B: 48 89 DA - mov rdx,rbx
"CodeVein-Win64-Shipping.exe"+64B334E: 4C 8B 17 - mov r10,[rdi]
"CodeVein-Win64-Shipping.exe"+64B3351: 88 44 24 20 - mov [rsp+20],al
"CodeVein-Win64-Shipping.exe"+64B3355: 41 FF 92 A0 00 00 00 - call qword ptr [r10+000000A0]
"CodeVein-Win64-Shipping.exe"+64B335C: 48 89 D8 - mov rax,rbx
"CodeVein-Win64-Shipping.exe"+64B335F: 48 8B 5C 24 40 - mov rbx,[rsp+40]
}
1252
"Veil Pointer"
1
8 Bytes
VeilData
8
1253
"Quantity"
4 Bytes
VeilData
1c
1254
"Quality"
4 Bytes
VeilData
14
1255
"Transformation"
0:None
1:Alleviation
2:Fortification
3:Intensification
4:Gifts
5:Devour
6:Fire
7:Ice
8:Lightning
9:Venom
10:Stun
11:Inhibit
12:Slow
Byte
VeilData
18
1256
"Current Highlighted Item"
Auto Assembler Script
{ Game : CodeVein-Win64-Shipping.exe
Version:
Date : 2019-09-30
Author : Turk
This script does blah blah blah
}
[ENABLE]
aobscanmodule(CurItemAOB,CodeVein-Win64-Shipping.exe,1A 0F 10 00 0F 10 48 10) // should be unique
alloc(newmem,$1000,"CodeVein-Win64-Shipping.exe"+612A86F)
label(code)
label(return)
label(ItemData)
registersymbol(ItemData)
newmem:
code:
mov [ItemData],rax
movups xmm0,[rax]
movups xmm1,[rax+10]
jmp return
ItemData:
CurItemAOB+01:
jmp newmem
nop
nop
return:
registersymbol(CurItemAOB)
[DISABLE]
CurItemAOB+01:
db 0F 10 00 0F 10 48 10
unregistersymbol(CurItemAOB)
unregistersymbol(ItemData)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "CodeVein-Win64-Shipping.exe"+612A86F
"CodeVein-Win64-Shipping.exe"+612A842: 48 89 44 24 30 - mov [rsp+30],rax
"CodeVein-Win64-Shipping.exe"+612A847: E8 44 62 91 FA - call CodeVein-Win64-Shipping.exe+A40A90
"CodeVein-Win64-Shipping.exe"+612A84C: 48 89 C2 - mov rdx,rax
"CodeVein-Win64-Shipping.exe"+612A84F: 4C 8D 4C 24 30 - lea r9,[rsp+30]
"CodeVein-Win64-Shipping.exe"+612A854: 41 B8 2B 00 00 00 - mov r8d,0000002B
"CodeVein-Win64-Shipping.exe"+612A85A: 48 89 F9 - mov rcx,rdi
"CodeVein-Win64-Shipping.exe"+612A85D: E8 2E 11 82 FA - call CodeVein-Win64-Shipping.exe+94B990
"CodeVein-Win64-Shipping.exe"+612A862: 48 8B 84 24 A8 00 00 00 - mov rax,[rsp+000000A8]
"CodeVein-Win64-Shipping.exe"+612A86A: 48 85 C0 - test rax,rax
"CodeVein-Win64-Shipping.exe"+612A86D: 74 1A - je CodeVein-Win64-Shipping.exe+612A889
// ---------- INJECTING HERE ----------
"CodeVein-Win64-Shipping.exe"+612A86F: 0F 10 00 - movups xmm0,[rax]
"CodeVein-Win64-Shipping.exe"+612A872: 0F 10 48 10 - movups xmm1,[rax+10]
// ---------- DONE INJECTING ----------
"CodeVein-Win64-Shipping.exe"+612A876: 0F 11 03 - movups [rbx],xmm0
"CodeVein-Win64-Shipping.exe"+612A879: F2 0F 10 40 20 - movsd xmm0,[rax+20]
"CodeVein-Win64-Shipping.exe"+612A87E: 0F 11 4B 10 - movups [rbx+10],xmm1
"CodeVein-Win64-Shipping.exe"+612A882: F2 0F 11 43 20 - movsd [rbx+20],xmm0
"CodeVein-Win64-Shipping.exe"+612A887: EB 29 - jmp CodeVein-Win64-Shipping.exe+612A8B2
"CodeVein-Win64-Shipping.exe"+612A889: 48 89 43 10 - mov [rbx+10],rax
"CodeVein-Win64-Shipping.exe"+612A88D: 48 89 43 18 - mov [rbx+18],rax
"CodeVein-Win64-Shipping.exe"+612A891: 48 89 43 20 - mov [rbx+20],rax
"CodeVein-Win64-Shipping.exe"+612A895: 48 89 33 - mov [rbx],rsi
"CodeVein-Win64-Shipping.exe"+612A898: 48 89 73 08 - mov [rbx+08],rsi
}
1257
"Item Pointer"
1
8 Bytes
ItemData
0
1258
"Item Function?"
1
8 Bytes
ItemData
8
1259
"Quantity Held"
4 Bytes
ItemData
14
1319
"Stats"
1
8 Bytes
ItemData
0
0
1320
"Name 1"
String
256
1
0
1
+38
0
1321
"Name 2"
String
256
1
0
1
+50
0
549
"No Cooldown On Skills"
Auto Assembler Script
[ENABLE]
aobscanmodule(NoCoolDownAOB,CodeVein-Win64-Shipping.exe,F3 0F 59 B3 50 05 00 00) // should be unique
alloc(newmem,$1000,"CodeVein-Win64-Shipping.exe"+65FF92D)
label(code)
label(return)
newmem:
code:
mulss xmm6,[_A]
jmp return
_A:
NoCoolDownAOB:
jmp newmem
nop
nop
nop
return:
registersymbol(NoCoolDownAOB)
[DISABLE]
NoCoolDownAOB:
db F3 0F 59 B3 50 05 00 00
unregistersymbol(NoCoolDownAOB)
dealloc(newmem)
552
"Accessory Cost Bypass"
Auto Assembler Script
[ENABLE]
aobscanmodule(AccCostAOB,CodeVein-Win64-Shipping.exe,8B 85 50 01 00 00 89 86) // should be unique
alloc(newmem,$1000,AccCostAOB)
label(code)
label(return)
newmem:
code:
mov eax,1
jmp return
AccCostAOB:
jmp newmem
nop
return:
registersymbol(AccCostAOB)
[DISABLE]
AccCostAOB:
db 8B 85 50 01 00 00
unregistersymbol(AccCostAOB)
dealloc(newmem)
1215
"Bypass Customization Reset"
Auto Assembler Script
[ENABLE]
aobscanmodule(CustBypassAOB,CodeVein-Win64-Shipping.exe,41 0F B6 D6 48 89 F1 E8 * * * * 48 8b 07) // should be unique
alloc(newmem,$1000,CustBypassAOB)
label(code)
label(return)
newmem:
code:
movzx edx,r14l
mov rcx,rsi
jmp return
CustBypassAOB:
jmp newmem
nop
nop
CustBypassAOB+c:
return:
registersymbol(CustBypassAOB)
[DISABLE]
CustBypassAOB:
db 41 0F B6 D6 48 89 F1
unregistersymbol(CustBypassAOB)
dealloc(newmem)
551
"zachillios scripts"
1
1216
"Highlighted Item Editor"
Auto Assembler Script
{ Game : CodeVein-Win64-Shipping.exe
Version:
Date : 2019-09-26
Author : Zach
This script does blah blah blah
}
[ENABLE]
aobscanmodule(Item_Pointer,CodeVein-Win64-Shipping.exe,0F 10 48 10 0F 11 03 F2 0F 10 40 20 0F) // should be unique
alloc(newmem,$1000,Item_Pointer)
globalalloc(ItemPointer,4)
label(code)
label(return)
newmem:
mov [ItemPointer],rax
code:
movups xmm1,[rax+10]
movups [rbx],xmm0
jmp return
Item_Pointer:
jmp newmem
nop 2
return:
registersymbol(Item_Pointer)
[DISABLE]
Item_Pointer:
db 0F 10 48 10 0F 11 03
unregistersymbol(Item_Pointer)
dealloc(newmem)
dealloc(ItemPointer)
{
// ORIGINAL CODE - INJECTION POINT: "CodeVein-Win64-Shipping.exe"+612A872
"CodeVein-Win64-Shipping.exe"+612A847: E8 44 62 91 FA - call CodeVein-Win64-Shipping.exe+A40A90
"CodeVein-Win64-Shipping.exe"+612A84C: 48 89 C2 - mov rdx,rax
"CodeVein-Win64-Shipping.exe"+612A84F: 4C 8D 4C 24 30 - lea r9,[rsp+30]
"CodeVein-Win64-Shipping.exe"+612A854: 41 B8 2B 00 00 00 - mov r8d,0000002B
"CodeVein-Win64-Shipping.exe"+612A85A: 48 89 F9 - mov rcx,rdi
"CodeVein-Win64-Shipping.exe"+612A85D: E8 2E 11 82 FA - call CodeVein-Win64-Shipping.exe+94B990
"CodeVein-Win64-Shipping.exe"+612A862: 48 8B 84 24 A8 00 00 00 - mov rax,[rsp+000000A8]
"CodeVein-Win64-Shipping.exe"+612A86A: 48 85 C0 - test rax,rax
"CodeVein-Win64-Shipping.exe"+612A86D: 74 1A - je CodeVein-Win64-Shipping.exe+612A889
"CodeVein-Win64-Shipping.exe"+612A86F: 0F 10 00 - movups xmm0,[rax]
// ---------- INJECTING HERE ----------
"CodeVein-Win64-Shipping.exe"+612A872: 0F 10 48 10 - movups xmm1,[rax+10]
"CodeVein-Win64-Shipping.exe"+612A876: 0F 11 03 - movups [rbx],xmm0
// ---------- DONE INJECTING ----------
"CodeVein-Win64-Shipping.exe"+612A879: F2 0F 10 40 20 - movsd xmm0,[rax+20]
"CodeVein-Win64-Shipping.exe"+612A87E: 0F 11 4B 10 - movups [rbx+10],xmm1
"CodeVein-Win64-Shipping.exe"+612A882: F2 0F 11 43 20 - movsd [rbx+20],xmm0
"CodeVein-Win64-Shipping.exe"+612A887: EB 29 - jmp CodeVein-Win64-Shipping.exe+612A8B2
"CodeVein-Win64-Shipping.exe"+612A889: 48 89 43 10 - mov [rbx+10],rax
"CodeVein-Win64-Shipping.exe"+612A88D: 48 89 43 18 - mov [rbx+18],rax
"CodeVein-Win64-Shipping.exe"+612A891: 48 89 43 20 - mov [rbx+20],rax
"CodeVein-Win64-Shipping.exe"+612A895: 48 89 33 - mov [rbx],rsi
"CodeVein-Win64-Shipping.exe"+612A898: 48 89 73 08 - mov [rbx+08],rsi
"CodeVein-Win64-Shipping.exe"+612A89C: 66 C7 43 10 08 10 - mov word ptr [rbx+10],1008
}
1217
"Quantity"
4 Bytes
ItemPointer
14
1218
"Max Quantity"
4 Bytes
ItemPointer
18
1219
"ID"
1
Array of byte
3
ItemPointer
1
591
"Highlighted Weapon Editor"
Auto Assembler Script
{ Game : CodeVein-Win64-Shipping.exe
Version:
Date : 2019-10-01
Author : Zach
This script does blah blah blah
}
[ENABLE]
aobscanmodule(Weapon_Scan,CodeVein-Win64-Shipping.exe,0F 10 48 10 0F 11 4B 10 48 8B 9C 24 90 00 00 00 48 81 C4 80 00 00 00 5F C3 CC 48 29 C0 41 50 48 F7 D0) // should be unique
alloc(newmem,$1000,Weapon_Scan)
globalalloc(WeaponScan,8)
label(code)
label(return)
newmem:
mov [WeaponScan],rax
code:
movups xmm1,[rax+10]
movups [rbx+10],xmm1
jmp return
Weapon_Scan:
jmp newmem
nop 3
return:
registersymbol(Weapon_Scan)
[DISABLE]
Weapon_Scan:
db 0F 10 48 10 0F 11 4B 10 48 8B 9C 24 90 00 00 00 48 81 C4 80 00 00 00 5F C3 CC 48 29 C0 41 50 48 F7 D0
unregistersymbol(Weapon_Scan)
dealloc(newmem)
dealloc(WeaponScan)
{
// ORIGINAL CODE - INJECTION POINT: "CodeVein-Win64-Shipping.exe"+7BEA357
"CodeVein-Win64-Shipping.exe"+7BEA32E: 48 89 C2 - mov rdx,rax
"CodeVein-Win64-Shipping.exe"+7BEA331: 4C 8D 4C 24 30 - lea r9,[rsp+30]
"CodeVein-Win64-Shipping.exe"+7BEA336: 41 B8 3D 00 00 00 - mov r8d,0000003D
"CodeVein-Win64-Shipping.exe"+7BEA33C: 48 89 F9 - mov rcx,rdi
"CodeVein-Win64-Shipping.exe"+7BEA33F: E8 7C 1C D6 F8 - call CodeVein-Win64-Shipping.exe+94BFC0
"CodeVein-Win64-Shipping.exe"+7BEA344: 48 8B 84 24 A8 00 00 00 - mov rax,[rsp+000000A8]
"CodeVein-Win64-Shipping.exe"+7BEA34C: 48 85 C0 - test rax,rax
"CodeVein-Win64-Shipping.exe"+7BEA34F: 74 0E - je CodeVein-Win64-Shipping.exe+7BEA35F
"CodeVein-Win64-Shipping.exe"+7BEA351: 0F 10 00 - movups xmm0,[rax]
"CodeVein-Win64-Shipping.exe"+7BEA354: 0F 11 03 - movups [rbx],xmm0
// ---------- INJECTING HERE ----------
"CodeVein-Win64-Shipping.exe"+7BEA357: 0F 10 48 10 - movups xmm1,[rax+10]
"CodeVein-Win64-Shipping.exe"+7BEA35B: 0F 11 4B 10 - movups [rbx+10],xmm1
// ---------- DONE INJECTING ----------
"CodeVein-Win64-Shipping.exe"+7BEA35F: 48 8B 9C 24 90 00 00 00 - mov rbx,[rsp+00000090]
"CodeVein-Win64-Shipping.exe"+7BEA367: 48 81 C4 80 00 00 00 - add rsp,00000080
"CodeVein-Win64-Shipping.exe"+7BEA36E: 5F - pop rdi
"CodeVein-Win64-Shipping.exe"+7BEA36F: C3 - ret
"CodeVein-Win64-Shipping.exe"+7BEA370: CC - int 3
"CodeVein-Win64-Shipping.exe"+7BEA371: 48 29 C0 - sub rax,rax
"CodeVein-Win64-Shipping.exe"+7BEA374: 41 50 - push r8
"CodeVein-Win64-Shipping.exe"+7BEA376: 48 F7 D0 - not rax
"CodeVein-Win64-Shipping.exe"+7BEA379: 48 F7 14 24 - not [rsp]
"CodeVein-Win64-Shipping.exe"+7BEA37D: 48 23 04 24 - and rax,[rsp]
}
587
"Forge"
4 Bytes
WeaponScan
14
593
"Highlighted Blood Veil Editor"
Auto Assembler Script
{ Game : CodeVein-Win64-Shipping.exe
Version:
Date : 2019-10-01
Author : Zach
This script does blah blah blah
}
[ENABLE]
aobscanmodule(bCode_Scan,CodeVein-Win64-Shipping.exe,0F 10 48 10 0F 11 4B 10 48 8B 9C 24 90 00 00 00 48 81 C4 80 00 00 00 5F C3 CC 00) // should be unique
alloc(newmem,$1000,bCode_Scan)
globalalloc(bCodeScan,4)
label(code)
label(return)
newmem:
mov [bCodeScan],rax
code:
movups xmm1,[rax+10]
movups [rbx+10],xmm1
jmp return
bCode_Scan:
jmp newmem
nop 3
return:
registersymbol(bCode_Scan)
[DISABLE]
bCode_Scan:
db 0F 10 48 10 0F 11 4B 10
unregistersymbol(bCode_Scan)
dealloc(newmem)
dealloc(bCodeScan)
{
// ORIGINAL CODE - INJECTION POINT: "CodeVein-Win64-Shipping.exe"+7BC65B7
"CodeVein-Win64-Shipping.exe"+7BC658E: 48 89 C2 - mov rdx,rax
"CodeVein-Win64-Shipping.exe"+7BC6591: 4C 8D 4C 24 30 - lea r9,[rsp+30]
"CodeVein-Win64-Shipping.exe"+7BC6596: 41 B8 2D 00 00 00 - mov r8d,0000002D
"CodeVein-Win64-Shipping.exe"+7BC659C: 48 89 F9 - mov rcx,rdi
"CodeVein-Win64-Shipping.exe"+7BC659F: E8 1C 5A D8 F8 - call CodeVein-Win64-Shipping.exe+94BFC0
"CodeVein-Win64-Shipping.exe"+7BC65A4: 48 8B 84 24 A8 00 00 00 - mov rax,[rsp+000000A8]
"CodeVein-Win64-Shipping.exe"+7BC65AC: 48 85 C0 - test rax,rax
"CodeVein-Win64-Shipping.exe"+7BC65AF: 74 0E - je CodeVein-Win64-Shipping.exe+7BC65BF
"CodeVein-Win64-Shipping.exe"+7BC65B1: 0F 10 00 - movups xmm0,[rax]
"CodeVein-Win64-Shipping.exe"+7BC65B4: 0F 11 03 - movups [rbx],xmm0
// ---------- INJECTING HERE ----------
"CodeVein-Win64-Shipping.exe"+7BC65B7: 0F 10 48 10 - movups xmm1,[rax+10]
"CodeVein-Win64-Shipping.exe"+7BC65BB: 0F 11 4B 10 - movups [rbx+10],xmm1
// ---------- DONE INJECTING ----------
"CodeVein-Win64-Shipping.exe"+7BC65BF: 48 8B 9C 24 90 00 00 00 - mov rbx,[rsp+00000090]
"CodeVein-Win64-Shipping.exe"+7BC65C7: 48 81 C4 80 00 00 00 - add rsp,00000080
"CodeVein-Win64-Shipping.exe"+7BC65CE: 5F - pop rdi
"CodeVein-Win64-Shipping.exe"+7BC65CF: C3 - ret
"CodeVein-Win64-Shipping.exe"+7BC65D0: CC - int 3
"CodeVein-Win64-Shipping.exe"+7BC65D1: 00 00 - add [rax],al
"CodeVein-Win64-Shipping.exe"+7BC65D3: 00 00 - add [rax],al
"CodeVein-Win64-Shipping.exe"+7BC65D5: 41 54 - push r12
"CodeVein-Win64-Shipping.exe"+7BC65D7: 49 F7 D4 - not r12
"CodeVein-Win64-Shipping.exe"+7BC65DA: 4C 21 24 24 - and [rsp],r12
}
594
"Forge"
4 Bytes
bCodeScan
14