register a symbol like set_blood

[ceppiceppo]

Hello everybody , can someone help me? , I've never done this kind of thing.
i did this ( watching tutorials on youtube )

{ Game : VRisingServer.exe
Version:
Date : 2022-07-03
Author : ............................

This script does blah blah blah
}

[ENABLE]

define(INJECT,lib_burst_generated.dll+321867)
//aobscanmodule(INJECT,lib_burst_generated.dll,ERROR: Could not find unique AOB, tried code "43 0F 10 44 08 40") // should be unique
alloc(newmem,$1000,INJECT)

label(code)
label(return)

newmem:

mov [r8+r9+40],(float)100//blood (100 = 10l )


code:
//movups xmm0,[r8+r9+40]
db 43 0F 10 44 08 40
jmp return

INJECT:
jmp newmem
nop
return:
registersymbol(INJECT)

[DISABLE]

INJECT:
db 43 0F 10 44 08 40

unregistersymbol(INJECT)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: lib_burst_generated.dll+321867

lib_burst_generated.dll+32183E: 48 0F BF 69 1E - movsx rbp,word ptr [rcx+1E]
lib_burst_generated.dll+321843: 8B 14 AA - mov edx,[rdx+rbp*4]
lib_burst_generated.dll+321846: 89 51 18 - mov [rcx+18],edx
lib_burst_generated.dll+321849: 49 8B 92 D0 00 00 00 - mov rdx,[r10+000000D0]
lib_burst_generated.dll+321850: 0F B7 14 6A - movzx edx,word ptr [rdx+rbp*2]
lib_burst_generated.dll+321854: 66 89 51 1C - mov [rcx+1C],dx
lib_burst_generated.dll+321858: 48 63 51 18 - movsxd rdx,dword ptr [rcx+18]
lib_burst_generated.dll+32185C: 0F B7 49 1C - movzx ecx,word ptr [rcx+1C]
lib_burst_generated.dll+321860: 4C 0F AF C9 - imul r9,rcx
lib_burst_generated.dll+321864: 49 01 D1 - add r9,rdx
// ---------- INJECTING HERE ----------
lib_burst_generated.dll+321867: 43 0F 10 44 08 40 - movups xmm0,[r8+r9+40]
// ---------- DONE INJECTING ----------
lib_burst_generated.dll+32186D: 0F 11 00 - movups [rax],xmm0
lib_burst_generated.dll+321870: 43 0F 10 44 08 50 - movups xmm0,[r8+r9+50]
lib_burst_generated.dll+321876: 0F 11 40 10 - movups [rax+10],xmm0
lib_burst_generated.dll+32187A: 43 0F 10 44 08 60 - movups xmm0,[r8+r9+60]
lib_burst_generated.dll+321880: 0F 11 40 20 - movups [rax+20],xmm0
lib_burst_generated.dll+321884: 43 0F 10 44 08 70 - movups xmm0,[r8+r9+70]
lib_burst_generated.dll+32188A: 0F 11 40 30 - movups [rax+30],xmm0
lib_burst_generated.dll+32188E: 43 0F 10 84 08 80 00 00 00 - movups xmm0,[r8+r9+00000080]
lib_burst_generated.dll+321897: 0F 11 40 40 - movups [rax+40],xmm0
lib_burst_generated.dll+32189B: 4B 8B 8C 08 90 00 00 00 - mov rcx,[r8+r9+00000090]
}




how do i create a box that appears by itself where do i change the value? when i activate the script.
because now I enter the script and change it from there, but I would like to create an automatic box ?????????????????


if there is a tutorial on how to do it, I will gladly watch it

[sbryzl]

You can register a symbol close to your value then add an address manually set as float pointing to it:

Code: Select all

[ENABLE]

define(INJECT,lib_burst_generated.dll+321867)
//aobscanmodule(INJECT,lib_burst_generated.dll,ERROR: Could not find unique AOB, tried code "43 0F 10 44 08 40") // should be unique
alloc(newmem,$1000,INJECT)

label(nbloodp4)
registersymbol(nbloodp4)
label(return)

newmem:

mov [r8+r9+40],(float)100//blood (100 = 10l )


nbloodp4:
//movups xmm0,[r8+r9+40]
db 43 0F 10 44 08 40
jmp return

INJECT:
jmp newmem
nop
return:
registersymbol(INJECT)

[DISABLE]

INJECT:
db 43 0F 10 44 08 40

unregistersymbol(nbloodp4)
unregistersymbol(INJECT)
dealloc(newmem)

This address will point to th (float)100 value.

Code: Select all

nbloodp4-4 

[Rhark]

I'm not entirely sure I understand what you are asking but from what I gathered you'd want something like this:

Code: Select all

[ENABLE]

define(INJECT,lib_burst_generated.dll+321867)
//aobscanmodule(INJECT,lib_burst_generated.dll,ERROR: Could not find unique AOB, tried code "43 0F 10 44 08 40") // should be unique
alloc(newmem,$1000,INJECT)

label(code)
label(return)
label(bVal)
registersymbol(bVal)

newmem:
movss xmm15,[bVal]
movss [r8+r9+40],xmm15 //blood (100 = 10l )

code:
//movups xmm0,[r8+r9+40]
db 43 0F 10 44 08 40
jmp return

bVal:
  dq (float)100

INJECT:
jmp newmem
nop
return:
registersymbol(INJECT)

[DISABLE]

INJECT:
db 43 0F 10 44 08 40

unregistersymbol(INJECT)
unregistersymbol(bVal)
dealloc(newmem)

Then in the address list you'd add the address as a FLOAT type:

Code: Select all

bVal

By default, it will be the value of 100 and by editing the address value which you just added to the address list you will be able to change the value that is going into "[r8+r9+40]" on the fly whilst the script is enabled.

[ceppiceppo]

hello , today I tried the two solutions you gave me,
they work, now I understand how to register a symbol.

but i dont understand , the difference from mov and movss


Made by sbryzl


I'm trying to figure out, where do you get this 4? ( nbloodp4-4 )

name : nbloodp4 what is this -4? ( nbloodp4-4 )



thanks for answering me

[sbryzl]

mov moves a value but it doesn't work with xmm registers. movss is used instead xmm registers.

nbloodp4 is a label. The float value occurs directly before it and is 4 bytes long therefore subtracting 4 from nbloodp4 gives a pointer to the float value without the necessity to use any registers. Another option would be to push and pop a processor register so you don't have to worry about messing up xmm data.