12
"Stop timer"
Auto Assembler Script
{ Game : boot.exe
Version:
Date : 2020-10-18
Author : Admin
This script does blah blah blah
}
[ENABLE]
aobscanmodule(timer,game.x86_64.dll,48 8B 81 D0 00 00 00 48 89) // should be unique
alloc(newmem,$1000,"game.x86_64.dll"+47D50)
label(code)
label(return)
newmem:
mov [rcx+000000D0],(int)20
code:
mov rax,[rcx+000000D0]
jmp return
timer:
jmp newmem
nop 2
return:
registersymbol(timer)
[DISABLE]
timer:
db 48 8B 81 D0 00 00 00
unregistersymbol(timer)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "game.x86_64.dll"+47D50
"game.x86_64.dll"+47D46: CC - int 3
"game.x86_64.dll"+47D47: CC - int 3
"game.x86_64.dll"+47D48: CC - int 3
"game.x86_64.dll"+47D49: CC - int 3
"game.x86_64.dll"+47D4A: CC - int 3
"game.x86_64.dll"+47D4B: CC - int 3
"game.x86_64.dll"+47D4C: CC - int 3
"game.x86_64.dll"+47D4D: CC - int 3
"game.x86_64.dll"+47D4E: CC - int 3
"game.x86_64.dll"+47D4F: CC - int 3
// ---------- INJECTING HERE ----------
"game.x86_64.dll"+47D50: 48 8B 81 D0 00 00 00 - mov rax,[rcx+000000D0]
// ---------- DONE INJECTING ----------
"game.x86_64.dll"+47D57: 48 89 02 - mov [rdx],rax
"game.x86_64.dll"+47D5A: 48 8B C2 - mov rax,rdx
"game.x86_64.dll"+47D5D: C3 - ret
"game.x86_64.dll"+47D5E: CC - int 3
"game.x86_64.dll"+47D5F: CC - int 3
"game.x86_64.dll"+47D60: 0F B7 01 - movzx eax,word ptr [rcx]
"game.x86_64.dll"+47D63: C3 - ret
"game.x86_64.dll"+47D64: CC - int 3
"game.x86_64.dll"+47D65: CC - int 3
"game.x86_64.dll"+47D66: CC - int 3
}