Script crashing the game - Asphalt8 v3.6.1b

Memory scanning, code injection, debugger internals and other gamemodding related discussion
Post Reply
marek1957
Expert Cheater
Expert Cheater
Posts: 155
Joined: Sat Dec 16, 2017 4:46 pm
Reputation: 4

Script crashing the game - Asphalt8 v3.6.1b

Post by marek1957 »

Hello People,

I was trying to update my old script for UNBUYING CARS in Asphalt8 game but after updating my script is crashing the game. I know that I found correct address because when you were activating script for unbuying cars, the car that you wanted to unbuy, was showing in front of your eyes in the main menu, then you went to the garage and car was unbuyed.



Now script is crashing the game? Why? I also found that earlier was one function different, signed jump - now is unsigned. Earlier was JNL now is JAE. Maybe this is the reason why the script is crashing the game?



[B]Old version of the script for v3.5.0j Asphalt 8 game:[/B]

[code]

[ENABLE]



aobscanmodule(unbuy_car,Asphalt8.exe,3B 41 10 7D 03 89 75 FC) // should be unique

alloc(newmem,$1000)



label(originalcode)

label(return)

label(code1)

label(code2)



globalalloc(unbuy,4)



newmem:

xor ebx,ebx

mov ebx,[unbuy]

cmp [ecx+10],ebx

je code1

jne code2

jmp return



code1:

mov [ecx+10],00000000

movdqu xmm0,[ecx+34]

jmp return



code2:

movdqu xmm0,[ecx+34]

jmp return



originalcode:

cmp eax,[ecx+10]

jnl Asphalt8.exe+61685

jmp return



unbuy_car:

jmp newmem

return:

registersymbol(unbuy_car)



[DISABLE]



unbuy_car:

db 3B 41 10 7D 03



unregistersymbol(unbuy_car)

dealloc(newmem)



{

// ORIGINAL CODE - INJECTION POINT: "Asphalt8.exe"+6167D



"Asphalt8.exe"+61665: 8B 40 08 - mov eax,[eax+08]

"Asphalt8.exe"+61668: EB 04 - jmp Asphalt8.exe+6166E

"Asphalt8.exe"+6166A: 8B C8 - mov ecx,eax

"Asphalt8.exe"+6166C: 8B 00 - mov eax,[eax]

"Asphalt8.exe"+6166E: 80 78 0D 00 - cmp byte ptr [eax+0D],00

"Asphalt8.exe"+61672: 74 EC - je Asphalt8.exe+61660

"Asphalt8.exe"+61674: 3B CE - cmp ecx,esi

"Asphalt8.exe"+61676: 74 0A - je Asphalt8.exe+61682

"Asphalt8.exe"+61678: 8B 03 - mov eax,[ebx]

"Asphalt8.exe"+6167A: 89 4D FC - mov [ebp-04],ecx

// ---------- INJECTING HERE ----------

"Asphalt8.exe"+6167D: 3B 41 10 - cmp eax,[ecx+10]

"Asphalt8.exe"+61680: 7D 03 - jnl Asphalt8.exe+61685

// ---------- DONE INJECTING ----------

"Asphalt8.exe"+61682: 89 75 FC - mov [ebp-04],esi

"Asphalt8.exe"+61685: 8D 4D FC - lea ecx,[ebp-04]

"Asphalt8.exe"+61688: 8B C7 - mov eax,edi

"Asphalt8.exe"+6168A: 8B 09 - mov ecx,[ecx]

"Asphalt8.exe"+6168C: 89 0F - mov [edi],ecx

"Asphalt8.exe"+6168E: 5F - pop edi

"Asphalt8.exe"+6168F: 5E - pop esi

"Asphalt8.exe"+61690: 5B - pop ebx

"Asphalt8.exe"+61691: 8B E5 - mov esp,ebp

"Asphalt8.exe"+61693: 5D - pop ebp

}

[/code]







[B]New version of the script for v3.6.1b Asphalt 8 game:[/B]





[code]

[ENABLE]



aobscanmodule(unbuy_car,Asphalt8.exe,FC 3B 41 10 73 03 89 75) // should be unique

alloc(newmem,$1000)



label(originalcode)

label(return)

label(code1)

label(code2)



globalalloc(unbuy,4)



newmem:

xor ebx,ebx

mov ebx,[unbuy]

cmp [ecx+10],ebx

je code1

jne code2

jmp return



code1:

mov [ecx+10],00000000

movdqu xmm0,[ecx+34]

jmp return



code2:

movdqu xmm0,[ecx+34]

jmp return



originalcode:

cmp eax,[ecx+10]

jae Asphalt8.exe+E8EE5

jmp return



unbuy_car+01:

jmp newmem

return:

registersymbol(unbuy_car)



[DISABLE]



unbuy_car+01:

db 3B 41 10 7D 03



unregistersymbol(unbuy_car)

dealloc(newmem)





{

// ORIGINAL CODE - INJECTION POINT: "Asphalt8.exe"+E8EDD



"Asphalt8.exe"+E8EC5: 8B 40 08 - mov eax,[eax+08]

"Asphalt8.exe"+E8EC8: EB 04 - jmp Asphalt8.exe+E8ECE

"Asphalt8.exe"+E8ECA: 8B C8 - mov ecx,eax

"Asphalt8.exe"+E8ECC: 8B 00 - mov eax,[eax]

"Asphalt8.exe"+E8ECE: 80 78 0D 00 - cmp byte ptr [eax+0D],00

"Asphalt8.exe"+E8ED2: 74 EC - je Asphalt8.exe+E8EC0

"Asphalt8.exe"+E8ED4: 3B CE - cmp ecx,esi

"Asphalt8.exe"+E8ED6: 74 0A - je Asphalt8.exe+E8EE2

"Asphalt8.exe"+E8ED8: 8B 03 - mov eax,[ebx]

"Asphalt8.exe"+E8EDA: 89 4D FC - mov [ebp-04],ecx

// ---------- INJECTING HERE ----------

"Asphalt8.exe"+E8EDD: 3B 41 10 - cmp eax,[ecx+10]

"Asphalt8.exe"+E8EE0: 73 03 - jae Asphalt8.exe+E8EE5

// ---------- DONE INJECTING ----------

"Asphalt8.exe"+E8EE2: 89 75 FC - mov [ebp-04],esi

"Asphalt8.exe"+E8EE5: 8D 4D FC - lea ecx,[ebp-04]

"Asphalt8.exe"+E8EE8: 8B C7 - mov eax,edi

"Asphalt8.exe"+E8EEA: 8B 09 - mov ecx,[ecx]

"Asphalt8.exe"+E8EEC: 89 0F - mov [edi],ecx

"Asphalt8.exe"+E8EEE: 5F - pop edi

"Asphalt8.exe"+E8EEF: 5E - pop esi

"Asphalt8.exe"+E8EF0: 5B - pop ebx

"Asphalt8.exe"+E8EF1: 8B E5 - mov esp,ebp

"Asphalt8.exe"+E8EF3: 5D - pop ebp

}

[/code]
Top
User avatar
Dante
Noobzor
Noobzor
Posts: 10
Joined: Mon Jun 18, 2018 10:50 am
Reputation: 6

Script crashing the game - Asphalt8 v3.6.1b

Post by Dante »

Your assembly original code has a conditonal jump (jae Asphalt8.exe+E8EE5). your code simply passes this code so game crashes.

Try injecting your code here

"Asphalt8.exe"+E8ED8: 8B 03 - mov eax,[ebx]"

Dont pass that conditonal jump

and in your code there is line "mov ebx,[unbuy]" but you have not use "[unbuy]" before so code writes "00000000" to ebx unless you change it from another script.

i hope this helps
Top
Post Reply

Return to “General Gamehacking”

Who is online

Users browsing this forum: No registered users