Script crashing the game - Asphalt8 v3.6.1b

marek1957

Expert Cheater
Dec 16, 2017
82
0
6
#1
Hello People,
I was trying to update my old script for UNBUYING CARS in Asphalt8 game but after updating my script is crashing the game. I know that I found correct address because when you were activating script for unbuying cars, the car that you wanted to unbuy, was showing in front of your eyes in the main menu, then you went to the garage and car was unbuyed.

Now script is crashing the game? Why? I also found that earlier was one function different, signed jump - now is unsigned. Earlier was JNL now is JAE. Maybe this is the reason why the script is crashing the game?

Old version of the script for v3.5.0j Asphalt 8 game:
Code:
[ENABLE]

aobscanmodule(unbuy_car,Asphalt8.exe,3B 41 10 7D 03 89 75 FC) // should be unique
alloc(newmem,$1000)

label(originalcode)
label(return)
label(code1)
label(code2)

globalalloc(unbuy,4)

newmem:
  xor ebx,ebx
  mov ebx,[unbuy]
  cmp [ecx+10],ebx
  je code1
  jne code2
  jmp return

code1:
  mov [ecx+10],00000000
  movdqu xmm0,[ecx+34]
  jmp return

code2:
  movdqu xmm0,[ecx+34]
  jmp return

originalcode:
  cmp eax,[ecx+10]
  jnl Asphalt8.exe+61685
  jmp return

unbuy_car:
  jmp newmem
return:
registersymbol(unbuy_car)

[DISABLE]

unbuy_car:
  db 3B 41 10 7D 03

unregistersymbol(unbuy_car)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "Asphalt8.exe"+6167D

"Asphalt8.exe"+61665: 8B 40 08              -  mov eax,[eax+08]
"Asphalt8.exe"+61668: EB 04                 -  jmp Asphalt8.exe+6166E
"Asphalt8.exe"+6166A: 8B C8                 -  mov ecx,eax
"Asphalt8.exe"+6166C: 8B 00                 -  mov eax,[eax]
"Asphalt8.exe"+6166E: 80 78 0D 00           -  cmp byte ptr [eax+0D],00
"Asphalt8.exe"+61672: 74 EC                 -  je Asphalt8.exe+61660
"Asphalt8.exe"+61674: 3B CE                 -  cmp ecx,esi
"Asphalt8.exe"+61676: 74 0A                 -  je Asphalt8.exe+61682
"Asphalt8.exe"+61678: 8B 03                 -  mov eax,[ebx]
"Asphalt8.exe"+6167A: 89 4D FC              -  mov [ebp-04],ecx
// ---------- INJECTING HERE ----------
"Asphalt8.exe"+6167D: 3B 41 10              -  cmp eax,[ecx+10]
"Asphalt8.exe"+61680: 7D 03                 -  jnl Asphalt8.exe+61685
// ---------- DONE INJECTING  ----------
"Asphalt8.exe"+61682: 89 75 FC              -  mov [ebp-04],esi
"Asphalt8.exe"+61685: 8D 4D FC              -  lea ecx,[ebp-04]
"Asphalt8.exe"+61688: 8B C7                 -  mov eax,edi
"Asphalt8.exe"+6168A: 8B 09                 -  mov ecx,[ecx]
"Asphalt8.exe"+6168C: 89 0F                 -  mov [edi],ecx
"Asphalt8.exe"+6168E: 5F                    -  pop edi
"Asphalt8.exe"+6168F: 5E                    -  pop esi
"Asphalt8.exe"+61690: 5B                    -  pop ebx
"Asphalt8.exe"+61691: 8B E5                 -  mov esp,ebp
"Asphalt8.exe"+61693: 5D                    -  pop ebp
}


New version of the script for v3.6.1b Asphalt 8 game:


Code:
[ENABLE]

aobscanmodule(unbuy_car,Asphalt8.exe,FC 3B 41 10 73 03 89 75) // should be unique
alloc(newmem,$1000)

label(originalcode)
label(return)
label(code1)
label(code2)

globalalloc(unbuy,4)

newmem:
  xor ebx,ebx
  mov ebx,[unbuy]
  cmp [ecx+10],ebx
  je code1
  jne code2
  jmp return

code1:
  mov [ecx+10],00000000
  movdqu xmm0,[ecx+34]
  jmp return

code2:
  movdqu xmm0,[ecx+34]
  jmp return

originalcode:
  cmp eax,[ecx+10]
  jae Asphalt8.exe+E8EE5
  jmp return

unbuy_car+01:
  jmp newmem
return:
registersymbol(unbuy_car)

[DISABLE]

unbuy_car+01:
  db 3B 41 10 7D 03

unregistersymbol(unbuy_car)
dealloc(newmem)


{
// ORIGINAL CODE - INJECTION POINT: "Asphalt8.exe"+E8EDD

"Asphalt8.exe"+E8EC5: 8B 40 08              -  mov eax,[eax+08]
"Asphalt8.exe"+E8EC8: EB 04                 -  jmp Asphalt8.exe+E8ECE
"Asphalt8.exe"+E8ECA: 8B C8                 -  mov ecx,eax
"Asphalt8.exe"+E8ECC: 8B 00                 -  mov eax,[eax]
"Asphalt8.exe"+E8ECE: 80 78 0D 00           -  cmp byte ptr [eax+0D],00
"Asphalt8.exe"+E8ED2: 74 EC                 -  je Asphalt8.exe+E8EC0
"Asphalt8.exe"+E8ED4: 3B CE                 -  cmp ecx,esi
"Asphalt8.exe"+E8ED6: 74 0A                 -  je Asphalt8.exe+E8EE2
"Asphalt8.exe"+E8ED8: 8B 03                 -  mov eax,[ebx]
"Asphalt8.exe"+E8EDA: 89 4D FC              -  mov [ebp-04],ecx
// ---------- INJECTING HERE ----------
"Asphalt8.exe"+E8EDD: 3B 41 10              -  cmp eax,[ecx+10]
"Asphalt8.exe"+E8EE0: 73 03                 -  jae Asphalt8.exe+E8EE5
// ---------- DONE INJECTING  ----------
"Asphalt8.exe"+E8EE2: 89 75 FC              -  mov [ebp-04],esi
"Asphalt8.exe"+E8EE5: 8D 4D FC              -  lea ecx,[ebp-04]
"Asphalt8.exe"+E8EE8: 8B C7                 -  mov eax,edi
"Asphalt8.exe"+E8EEA: 8B 09                 -  mov ecx,[ecx]
"Asphalt8.exe"+E8EEC: 89 0F                 -  mov [edi],ecx
"Asphalt8.exe"+E8EEE: 5F                    -  pop edi
"Asphalt8.exe"+E8EEF: 5E                    -  pop esi
"Asphalt8.exe"+E8EF0: 5B                    -  pop ebx
"Asphalt8.exe"+E8EF1: 8B E5                 -  mov esp,ebp
"Asphalt8.exe"+E8EF3: 5D                    -  pop ebp
}
 
Top Bottom