Next cheat - Unlimited Boost
I use two different ways to get unlimited boost:
Code: Select all
{
Game : Vanquish.exe
Version:
Date : 2017-05-26
Author : fantomas
}
[ENABLE]
aobscanmodule(aobBoost,Vanquish.exe,F2 0F 5C C1 66 0F 5A C0 F3 0F 11 86 20 7B)
alloc(newmem,$1000)
label(code)
label(return)
newmem:
addsd xmm0,xmm1
cvtpd2ps xmm0,xmm0
jmp return
code:
subsd xmm0,xmm1
cvtpd2ps xmm0,xmm0
jmp return
aobBoost:
jmp newmem
nop
nop
nop
return:
registersymbol(aobBoost)
[DISABLE]
aobBoost:
db F2 0F 5C C1 66 0F 5A C0
unregistersymbol(aobBoost)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Vanquish.exe"+D099E
"Vanquish.exe"+D097D: CC - int 3
"Vanquish.exe"+D097E: CC - int 3
"Vanquish.exe"+D097F: CC - int 3
"Vanquish.exe"+D0980: F3 0F 10 4C 24 04 - movss xmm1,[esp+04]
"Vanquish.exe"+D0986: 56 - push esi
"Vanquish.exe"+D0987: 8B F1 - mov esi,ecx
"Vanquish.exe"+D0989: F3 0F 10 86 20 7B 00 00 - movss xmm0,[esi+00007B20]
"Vanquish.exe"+D0991: 0F BF 86 1C 7B 00 00 - movsx eax,word ptr [esi+00007B1C]
"Vanquish.exe"+D0998: 0F 5A C0 - cvtps2pd xmm0,xmm0
"Vanquish.exe"+D099B: 0F 5A C9 - cvtps2pd xmm1,xmm1
// ---------- INJECTING HERE ----------
"Vanquish.exe"+D099E: F2 0F 5C C1 - subsd xmm0,xmm1
"Vanquish.exe"+D09A2: 66 0F 5A C0 - cvtpd2ps xmm0,xmm0
// ---------- DONE INJECTING ----------
"Vanquish.exe"+D09A6: F3 0F 11 86 20 7B 00 00 - movss [esi+00007B20],xmm0
"Vanquish.exe"+D09AE: 0F 57 C9 - xorps xmm1,xmm1
"Vanquish.exe"+D09B1: F3 0F 5A C0 - cvtss2sd xmm0,xmm0
"Vanquish.exe"+D09B5: F2 0F 2A C8 - cvtsi2sd xmm1,eax
"Vanquish.exe"+D09B9: 66 0F 2F C1 - comisd xmm0,xmm1
"Vanquish.exe"+D09BD: 76 27 - jna Vanquish.exe+D09E6
"Vanquish.exe"+D09BF: 8B 16 - mov edx,[esi]
"Vanquish.exe"+D09C1: 8B 82 58 04 00 00 - mov eax,[edx+00000458]
"Vanquish.exe"+D09C7: FF D0 - call eax
"Vanquish.exe"+D09C9: 0F BF 8E 1C 7B 00 00 - movsx ecx,word ptr [esi+00007B1C]
}
or
Code: Select all
{
Game : Vanquish.exe
Version:
Date : 2017-05-26
Author : fantomas
}
[ENABLE]
aobscanmodule(aobBoost,Vanquish.exe,F3 0F 11 86 20 7B 00 00 0F 57 C9 F3 0F 5A C0 F2 0F 2A C8)
alloc(newmem,$1000)
label(code)
label(return)
newmem:
mov [esi+00007B20],(float)1000
jmp return
code:
movss [esi+00007B20],xmm0
jmp return
aobBoost:
jmp newmem
nop
nop
nop
return:
registersymbol(aobBoost)
[DISABLE]
aobBoost:
db F3 0F 11 86 20 7B 00 00
unregistersymbol(aobBoost)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Vanquish.exe"+D09A6
"Vanquish.exe"+D097F: CC - int 3
"Vanquish.exe"+D0980: F3 0F 10 4C 24 04 - movss xmm1,[esp+04]
"Vanquish.exe"+D0986: 56 - push esi
"Vanquish.exe"+D0987: 8B F1 - mov esi,ecx
"Vanquish.exe"+D0989: F3 0F 10 86 20 7B 00 00 - movss xmm0,[esi+00007B20]
"Vanquish.exe"+D0991: 0F BF 86 1C 7B 00 00 - movsx eax,word ptr [esi+00007B1C]
"Vanquish.exe"+D0998: 0F 5A C0 - cvtps2pd xmm0,xmm0
"Vanquish.exe"+D099B: 0F 5A C9 - cvtps2pd xmm1,xmm1
"Vanquish.exe"+D099E: F2 0F 5C C1 - subsd xmm0,xmm1
"Vanquish.exe"+D09A2: 66 0F 5A C0 - cvtpd2ps xmm0,xmm0
// ---------- INJECTING HERE ----------
"Vanquish.exe"+D09A6: F3 0F 11 86 20 7B 00 00 - movss [esi+00007B20],xmm0
// ---------- DONE INJECTING ----------
"Vanquish.exe"+D09AE: 0F 57 C9 - xorps xmm1,xmm1
"Vanquish.exe"+D09B1: F3 0F 5A C0 - cvtss2sd xmm0,xmm0
"Vanquish.exe"+D09B5: F2 0F 2A C8 - cvtsi2sd xmm1,eax
"Vanquish.exe"+D09B9: 66 0F 2F C1 - comisd xmm0,xmm1
"Vanquish.exe"+D09BD: 76 27 - jna Vanquish.exe+D09E6
"Vanquish.exe"+D09BF: 8B 16 - mov edx,[esi]
"Vanquish.exe"+D09C1: 8B 82 58 04 00 00 - mov eax,[edx+00000458]
"Vanquish.exe"+D09C7: FF D0 - call eax
"Vanquish.exe"+D09C9: 0F BF 8E 1C 7B 00 00 - movsx ecx,word ptr [esi+00007B1C]
"Vanquish.exe"+D09D0: 0F 57 C0 - xorps xmm0,xmm0
}
Enjoy!