Script crashing the game - Asphalt8 v3.6.1b
Posted: Fri May 04, 2018 1:39 pm
Hello People,
I was trying to update my old script for UNBUYING CARS in Asphalt8 game but after updating my script is crashing the game. I know that I found correct address because when you were activating script for unbuying cars, the car that you wanted to unbuy, was showing in front of your eyes in the main menu, then you went to the garage and car was unbuyed.
Now script is crashing the game? Why? I also found that earlier was one function different, signed jump - now is unsigned. Earlier was JNL now is JAE. Maybe this is the reason why the script is crashing the game?
[B]Old version of the script for v3.5.0j Asphalt 8 game:[/B]
[code]
[ENABLE]
aobscanmodule(unbuy_car,Asphalt8.exe,3B 41 10 7D 03 89 75 FC) // should be unique
alloc(newmem,$1000)
label(originalcode)
label(return)
label(code1)
label(code2)
globalalloc(unbuy,4)
newmem:
xor ebx,ebx
mov ebx,[unbuy]
cmp [ecx+10],ebx
je code1
jne code2
jmp return
code1:
mov [ecx+10],00000000
movdqu xmm0,[ecx+34]
jmp return
code2:
movdqu xmm0,[ecx+34]
jmp return
originalcode:
cmp eax,[ecx+10]
jnl Asphalt8.exe+61685
jmp return
unbuy_car:
jmp newmem
return:
registersymbol(unbuy_car)
[DISABLE]
unbuy_car:
db 3B 41 10 7D 03
unregistersymbol(unbuy_car)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Asphalt8.exe"+6167D
"Asphalt8.exe"+61665: 8B 40 08 - mov eax,[eax+08]
"Asphalt8.exe"+61668: EB 04 - jmp Asphalt8.exe+6166E
"Asphalt8.exe"+6166A: 8B C8 - mov ecx,eax
"Asphalt8.exe"+6166C: 8B 00 - mov eax,[eax]
"Asphalt8.exe"+6166E: 80 78 0D 00 - cmp byte ptr [eax+0D],00
"Asphalt8.exe"+61672: 74 EC - je Asphalt8.exe+61660
"Asphalt8.exe"+61674: 3B CE - cmp ecx,esi
"Asphalt8.exe"+61676: 74 0A - je Asphalt8.exe+61682
"Asphalt8.exe"+61678: 8B 03 - mov eax,[ebx]
"Asphalt8.exe"+6167A: 89 4D FC - mov [ebp-04],ecx
// ---------- INJECTING HERE ----------
"Asphalt8.exe"+6167D: 3B 41 10 - cmp eax,[ecx+10]
"Asphalt8.exe"+61680: 7D 03 - jnl Asphalt8.exe+61685
// ---------- DONE INJECTING ----------
"Asphalt8.exe"+61682: 89 75 FC - mov [ebp-04],esi
"Asphalt8.exe"+61685: 8D 4D FC - lea ecx,[ebp-04]
"Asphalt8.exe"+61688: 8B C7 - mov eax,edi
"Asphalt8.exe"+6168A: 8B 09 - mov ecx,[ecx]
"Asphalt8.exe"+6168C: 89 0F - mov [edi],ecx
"Asphalt8.exe"+6168E: 5F - pop edi
"Asphalt8.exe"+6168F: 5E - pop esi
"Asphalt8.exe"+61690: 5B - pop ebx
"Asphalt8.exe"+61691: 8B E5 - mov esp,ebp
"Asphalt8.exe"+61693: 5D - pop ebp
}
[/code]
[B]New version of the script for v3.6.1b Asphalt 8 game:[/B]
[code]
[ENABLE]
aobscanmodule(unbuy_car,Asphalt8.exe,FC 3B 41 10 73 03 89 75) // should be unique
alloc(newmem,$1000)
label(originalcode)
label(return)
label(code1)
label(code2)
globalalloc(unbuy,4)
newmem:
xor ebx,ebx
mov ebx,[unbuy]
cmp [ecx+10],ebx
je code1
jne code2
jmp return
code1:
mov [ecx+10],00000000
movdqu xmm0,[ecx+34]
jmp return
code2:
movdqu xmm0,[ecx+34]
jmp return
originalcode:
cmp eax,[ecx+10]
jae Asphalt8.exe+E8EE5
jmp return
unbuy_car+01:
jmp newmem
return:
registersymbol(unbuy_car)
[DISABLE]
unbuy_car+01:
db 3B 41 10 7D 03
unregistersymbol(unbuy_car)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Asphalt8.exe"+E8EDD
"Asphalt8.exe"+E8EC5: 8B 40 08 - mov eax,[eax+08]
"Asphalt8.exe"+E8EC8: EB 04 - jmp Asphalt8.exe+E8ECE
"Asphalt8.exe"+E8ECA: 8B C8 - mov ecx,eax
"Asphalt8.exe"+E8ECC: 8B 00 - mov eax,[eax]
"Asphalt8.exe"+E8ECE: 80 78 0D 00 - cmp byte ptr [eax+0D],00
"Asphalt8.exe"+E8ED2: 74 EC - je Asphalt8.exe+E8EC0
"Asphalt8.exe"+E8ED4: 3B CE - cmp ecx,esi
"Asphalt8.exe"+E8ED6: 74 0A - je Asphalt8.exe+E8EE2
"Asphalt8.exe"+E8ED8: 8B 03 - mov eax,[ebx]
"Asphalt8.exe"+E8EDA: 89 4D FC - mov [ebp-04],ecx
// ---------- INJECTING HERE ----------
"Asphalt8.exe"+E8EDD: 3B 41 10 - cmp eax,[ecx+10]
"Asphalt8.exe"+E8EE0: 73 03 - jae Asphalt8.exe+E8EE5
// ---------- DONE INJECTING ----------
"Asphalt8.exe"+E8EE2: 89 75 FC - mov [ebp-04],esi
"Asphalt8.exe"+E8EE5: 8D 4D FC - lea ecx,[ebp-04]
"Asphalt8.exe"+E8EE8: 8B C7 - mov eax,edi
"Asphalt8.exe"+E8EEA: 8B 09 - mov ecx,[ecx]
"Asphalt8.exe"+E8EEC: 89 0F - mov [edi],ecx
"Asphalt8.exe"+E8EEE: 5F - pop edi
"Asphalt8.exe"+E8EEF: 5E - pop esi
"Asphalt8.exe"+E8EF0: 5B - pop ebx
"Asphalt8.exe"+E8EF1: 8B E5 - mov esp,ebp
"Asphalt8.exe"+E8EF3: 5D - pop ebp
}
[/code]
I was trying to update my old script for UNBUYING CARS in Asphalt8 game but after updating my script is crashing the game. I know that I found correct address because when you were activating script for unbuying cars, the car that you wanted to unbuy, was showing in front of your eyes in the main menu, then you went to the garage and car was unbuyed.
Now script is crashing the game? Why? I also found that earlier was one function different, signed jump - now is unsigned. Earlier was JNL now is JAE. Maybe this is the reason why the script is crashing the game?
[B]Old version of the script for v3.5.0j Asphalt 8 game:[/B]
[code]
[ENABLE]
aobscanmodule(unbuy_car,Asphalt8.exe,3B 41 10 7D 03 89 75 FC) // should be unique
alloc(newmem,$1000)
label(originalcode)
label(return)
label(code1)
label(code2)
globalalloc(unbuy,4)
newmem:
xor ebx,ebx
mov ebx,[unbuy]
cmp [ecx+10],ebx
je code1
jne code2
jmp return
code1:
mov [ecx+10],00000000
movdqu xmm0,[ecx+34]
jmp return
code2:
movdqu xmm0,[ecx+34]
jmp return
originalcode:
cmp eax,[ecx+10]
jnl Asphalt8.exe+61685
jmp return
unbuy_car:
jmp newmem
return:
registersymbol(unbuy_car)
[DISABLE]
unbuy_car:
db 3B 41 10 7D 03
unregistersymbol(unbuy_car)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Asphalt8.exe"+6167D
"Asphalt8.exe"+61665: 8B 40 08 - mov eax,[eax+08]
"Asphalt8.exe"+61668: EB 04 - jmp Asphalt8.exe+6166E
"Asphalt8.exe"+6166A: 8B C8 - mov ecx,eax
"Asphalt8.exe"+6166C: 8B 00 - mov eax,[eax]
"Asphalt8.exe"+6166E: 80 78 0D 00 - cmp byte ptr [eax+0D],00
"Asphalt8.exe"+61672: 74 EC - je Asphalt8.exe+61660
"Asphalt8.exe"+61674: 3B CE - cmp ecx,esi
"Asphalt8.exe"+61676: 74 0A - je Asphalt8.exe+61682
"Asphalt8.exe"+61678: 8B 03 - mov eax,[ebx]
"Asphalt8.exe"+6167A: 89 4D FC - mov [ebp-04],ecx
// ---------- INJECTING HERE ----------
"Asphalt8.exe"+6167D: 3B 41 10 - cmp eax,[ecx+10]
"Asphalt8.exe"+61680: 7D 03 - jnl Asphalt8.exe+61685
// ---------- DONE INJECTING ----------
"Asphalt8.exe"+61682: 89 75 FC - mov [ebp-04],esi
"Asphalt8.exe"+61685: 8D 4D FC - lea ecx,[ebp-04]
"Asphalt8.exe"+61688: 8B C7 - mov eax,edi
"Asphalt8.exe"+6168A: 8B 09 - mov ecx,[ecx]
"Asphalt8.exe"+6168C: 89 0F - mov [edi],ecx
"Asphalt8.exe"+6168E: 5F - pop edi
"Asphalt8.exe"+6168F: 5E - pop esi
"Asphalt8.exe"+61690: 5B - pop ebx
"Asphalt8.exe"+61691: 8B E5 - mov esp,ebp
"Asphalt8.exe"+61693: 5D - pop ebp
}
[/code]
[B]New version of the script for v3.6.1b Asphalt 8 game:[/B]
[code]
[ENABLE]
aobscanmodule(unbuy_car,Asphalt8.exe,FC 3B 41 10 73 03 89 75) // should be unique
alloc(newmem,$1000)
label(originalcode)
label(return)
label(code1)
label(code2)
globalalloc(unbuy,4)
newmem:
xor ebx,ebx
mov ebx,[unbuy]
cmp [ecx+10],ebx
je code1
jne code2
jmp return
code1:
mov [ecx+10],00000000
movdqu xmm0,[ecx+34]
jmp return
code2:
movdqu xmm0,[ecx+34]
jmp return
originalcode:
cmp eax,[ecx+10]
jae Asphalt8.exe+E8EE5
jmp return
unbuy_car+01:
jmp newmem
return:
registersymbol(unbuy_car)
[DISABLE]
unbuy_car+01:
db 3B 41 10 7D 03
unregistersymbol(unbuy_car)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Asphalt8.exe"+E8EDD
"Asphalt8.exe"+E8EC5: 8B 40 08 - mov eax,[eax+08]
"Asphalt8.exe"+E8EC8: EB 04 - jmp Asphalt8.exe+E8ECE
"Asphalt8.exe"+E8ECA: 8B C8 - mov ecx,eax
"Asphalt8.exe"+E8ECC: 8B 00 - mov eax,[eax]
"Asphalt8.exe"+E8ECE: 80 78 0D 00 - cmp byte ptr [eax+0D],00
"Asphalt8.exe"+E8ED2: 74 EC - je Asphalt8.exe+E8EC0
"Asphalt8.exe"+E8ED4: 3B CE - cmp ecx,esi
"Asphalt8.exe"+E8ED6: 74 0A - je Asphalt8.exe+E8EE2
"Asphalt8.exe"+E8ED8: 8B 03 - mov eax,[ebx]
"Asphalt8.exe"+E8EDA: 89 4D FC - mov [ebp-04],ecx
// ---------- INJECTING HERE ----------
"Asphalt8.exe"+E8EDD: 3B 41 10 - cmp eax,[ecx+10]
"Asphalt8.exe"+E8EE0: 73 03 - jae Asphalt8.exe+E8EE5
// ---------- DONE INJECTING ----------
"Asphalt8.exe"+E8EE2: 89 75 FC - mov [ebp-04],esi
"Asphalt8.exe"+E8EE5: 8D 4D FC - lea ecx,[ebp-04]
"Asphalt8.exe"+E8EE8: 8B C7 - mov eax,edi
"Asphalt8.exe"+E8EEA: 8B 09 - mov ecx,[ecx]
"Asphalt8.exe"+E8EEC: 89 0F - mov [edi],ecx
"Asphalt8.exe"+E8EEE: 5F - pop edi
"Asphalt8.exe"+E8EEF: 5E - pop esi
"Asphalt8.exe"+E8EF0: 5B - pop ebx
"Asphalt8.exe"+E8EF1: 8B E5 - mov esp,ebp
"Asphalt8.exe"+E8EF3: 5D - pop ebp
}
[/code]