[Request help] How to increase damage with assemble

primeval

Noobzor
Joined
Aug 31, 2017
Messages
11
Reaction score
0
Code:
   mov [rdx+68],eax

  //mov eax,[rdx+68]
  test eax,eax
  jmp return
I would like to edit x2 damage for some this

I try mov [rdx+68],0 but its effect hit 1 dead. i just want only x2 damage. but went i try 1 or more increase damage will not decrease and freeze score
 
Last edited:

happyTugs

Noobzor
Joined
Apr 20, 2020
Messages
14
Reaction score
14
Some that I can think of if you are trying to multiply EAX by 2.
CEA:
  shl eax
   mov [rdx+68],eax
  //mov eax,[rdx+68]
  test eax,eax
  jmp return
CEA:
  imul eax,2
   mov [rdx+68],eax
  //mov eax,[rdx+68]
  test eax,eax
  jmp return
CEA:
  push ebx
  mov ebx,2
  mul ebx
  pop ebx
   mov [rdx+68],eax
  //mov eax,[rdx+68]
  test eax,eax
  jmp return
But, it depends.
 

GreenHouse

Expert Cheater
Table Maker
Joined
Oct 12, 2018
Messages
450
Reaction score
372
Some that I can think of if you are trying to multiply EAX by 2.
What is [rdx+68] exactly? If it's health then those won't work. As you'll be multiplying the health. So if you have 100 health, take 50 damage, you'll multiply 50*2 and get 100 health back again.
 

happyTugs

Noobzor
Joined
Apr 20, 2020
Messages
14
Reaction score
14
If it's health then those won't work
Thank you for catching me. I am assuming that eax is some value and is not the calculated health value. If [rdx+68] contains health then the below should work. However, you may need to check for integer overflows if health is unsigned.
CEA:
  shl eax
  sub [rdx+68],eax
  //mov [rdx+68],eax
  //mov eax,[rdx+68]
  test eax,eax
  jmp return
CEA:
  imul eax,2
  sub [rdx+68],eax
  //mov [rdx+68],eax
  //mov eax,[rdx+68]
  test eax,eax
  jmp return
CEA:
  push ebx
  mov ebx,2
  mul ebx
  pop ebx
  sub [rdx+68],eax
  //mov [rdx+68],eax
  //mov eax,[rdx+68]
  test eax,eax
  jmp return
If eax is the calculated health value, I would trace backwards to find how eax is calculated instead of trying to modify eax at that point. But, you could do that as well.
 
Last edited:

primeval

Noobzor
Joined
Aug 31, 2017
Messages
11
Reaction score
0
Code:
[ENABLE]

aobscanmodule(DmgInc,Psycosid.exe,03 89 73 68 48 8B 5C 24 30) // should be unique
alloc(newmem,$1000,"Psycosid.exe"+746105)

label(code)
label(return)

newmem:

code:
  mov [rbx+68],esi
  mov rbx,[rsp+30]
  jmp return

DmgInc+01:
  jmp newmem
  nop 3
return:
registersymbol(DmgInc)

[DISABLE]

DmgInc+01:
  db 89 73 68 48 8B 5C 24 30

unregistersymbol(DmgInc)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "Psycosid.exe"+746105

"Psycosid.exe"+7460EA: 75 1C                    -  jne Psycosid.exe+746108
"Psycosid.exe"+7460EC: 8B 43 68                 -  mov eax,[rbx+68]
"Psycosid.exe"+7460EF: 85 C0                    -  test eax,eax
"Psycosid.exe"+7460F1: 74 12                    -  je Psycosid.exe+746105
"Psycosid.exe"+7460F3: 85 F6                    -  test esi,esi
"Psycosid.exe"+7460F5: 75 0E                    -  jne Psycosid.exe+746105
"Psycosid.exe"+7460F7: 89 43 6C                 -  mov [rbx+6C],eax
"Psycosid.exe"+7460FA: 48 8B 47 50              -  mov rax,[rdi+50]
"Psycosid.exe"+7460FE: 48 83 78 18 00           -  cmp qword ptr [rax+18],00
"Psycosid.exe"+746103: 75 03                    -  jne Psycosid.exe+746108
// ---------- INJECTING HERE ----------
"Psycosid.exe"+746105: 89 73 68                 -  mov [rbx+68],esi
"Psycosid.exe"+746108: 48 8B 5C 24 30           -  mov rbx,[rsp+30]
// ---------- DONE INJECTING  ----------
"Psycosid.exe"+74610D: 48 8B 74 24 38           -  mov rsi,[rsp+38]
"Psycosid.exe"+746112: 48 83 C4 20              -  add rsp,20
"Psycosid.exe"+746116: 5F                       -  pop rdi
"Psycosid.exe"+746117: C3                       -  ret
"Psycosid.exe"+746118: CC                       -  int 3
"Psycosid.exe"+746119: CC                       -  int 3
"Psycosid.exe"+74611A: CC                       -  int 3
"Psycosid.exe"+74611B: CC                       -  int 3
"Psycosid.exe"+74611C: CC                       -  int 3
"Psycosid.exe"+74611D: CC                       -  int 3
Look right all crash inject. here original code
 
Top