Problem with injecting the code in pointer register

marek1957

Expert Cheater
Dec 16, 2017
91
0
6
#1
Hello People, I need once again help.
I was watching a tutorial from SneakyMofo about finding REAL value by using Visual Value -->

I found that ECX and EBX registers has a real (not visual) value stored - but I am stuck on this part of the code:




mov eax,[edx+34] is the last place where the ECX register has a REAL value in it, but in one place above ECX is not having real value but totally different value.

I don't know how to inject a code in place: mov eax,[edx+34] to change value in ECX register.

If I change code to mov ecx,#4 for example, it is crashing a game totally.

Thank you for your support to someone like me and helping me all the time.

Marek.
 

koderkrazy

Expert Cheater
Fearless Donors
Table Maker
Jun 17, 2018
118
69
28
#2
I think you are injecting at wrong point. This Asphalt8.exe+95A48D addss xmm0, xmm1 does real manipulation to the data.
In your break and trace see what values are there in xmm0 and xmm1 registers.
Do aob inject on Asphalt8.exe+95A48D and manipulate xmm0\xmm1 registers in your code.

[edx+30] holds encrypted offset to get value you are looking for. [edx+34 + 2*4] is location of your encrypted value.
Do dissect data structur on pointer [edx] to understand more.

This is how data is encrypted:
(lets say visual data is in eax and we want to store it at edx+34)
Code:
xor  eax, [Asphalt8.exe+1b9d5]     // Asphalt8.exe+1b9d5 is static address holds encryption constant.
lea ecx, [edx+34 ]             // address of the location where value will be stored.
xor  eax,  ecx                    
mov [edx + 34], eax              // store encrypted value
This is how it is dycripted:
(here edx+34 holds encrypted value)
Code:
mov eax, [edx+34]
xor eax, [Asphalt8.exe+1b9d5]      // xor with constant
lea ecx, [edx+34]         //get address of the location where the encrypted value is stored.
xor  eax, ecx
// yey   now eax holds the visual value

Note: if the code(where you are going to inject) writes multiple addresses then add conditions in your injection, as mentioned in the video.
 
Last edited:
Top Bottom