Code: Select all
{ Game : sao_al.exe
Version:
Date : 2020-07-27
Author : Canaan
This script does blah blah blah
}
[ENABLE]
aobscanmodule(AllTechnologyFormulas,$process,8B C7 48 C1 E8 03 0F B6 14 08 40 0F B6 C7) // should be unique
alloc(newmem,$1000,AllTechnologyFormulas)
label(code)
label(return)
newmem:
or [rcx+FA],C0F03C01
or [rcx+FE],07DC0703
or [rcx+104],E2700000
or [rcx+108],00040108
or [rcx+110],3F7FC000
or [rcx+114],0FC1F0FC
or [rcx+118],E3F0FC3F
or [rcx+11C],F0003F0F
or [rcx+120],03FE803F
or [rcx+124],FE803FE8
or [rcx+128],003FE803
or [rcx+12C],3FE803FE
or [rcx+130],0003FE80
code:
movzx edx,byte ptr [rax+rcx]
movzx eax,dil
jmp return
AllTechnologyFormulas+06:
jmp newmem
nop 3
return:
registersymbol(AllTechnologyFormulas)
[DISABLE]
AllTechnologyFormulas+06:
db 0F B6 14 08 40 0F B6 C7
unregistersymbol(AllTechnologyFormulas)
dealloc(newmem)
i hope its this one dont know anymore which one i used
but here is the second one thats there
Code: Select all
{ Game : sao_al.exe
Version:
Date : 2020-07-27
Author : Canaan
This script does blah blah blah
}
[ENABLE]
aobscanmodule(AllTechnologyFormulas,$process,8B C7 48 C1 E8 03 0F B6 14 08 40 0F B6 C7) // should be unique
alloc(newmem,$1000,AllTechnologyFormulas)
label(code)
label(return)
newmem:
or byte ptr [rax+rcx],FF
code:
movzx edx,byte ptr [rax+rcx]
movzx eax,dil
jmp return
AllTechnologyFormulas+06:
jmp newmem
nop 3
return:
registersymbol(AllTechnologyFormulas)
[DISABLE]
AllTechnologyFormulas+06:
db 0F B6 14 08 40 0F B6 C7
unregistersymbol(AllTechnologyFormulas)
dealloc(newmem)