Spoiler
{ Game : medieval2.exe
Version:
Date : 2020-01-02
Author : +++
This script does blah blah blah
}
[ENABLE]
aobscanmodule(INJECT,medieval2.exe,26 57 8B B9 5C 18 00 00) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
mov [ecx+0000185C], (float)1.401298464E-45
mov edi,[ecx+0000185C]
jmp return
INJECT+02:
jmp newmem
nop
return:
registersymbol(INJECT)
[DISABLE]
INJECT+02:
db 8B B9 5C 18 00 00
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "medieval2.exe"+1DB91F
"medieval2.exe"+1DB8FF: 56 - push esi
"medieval2.exe"+1DB900: 8B B1 98 01 00 00 - mov esi,[ecx+00000198]
"medieval2.exe"+1DB906: 39 B4 D0 34 1B 00 00 - cmp [eax+edx*8+00001B34],esi
"medieval2.exe"+1DB90D: 7E 35 - jle medieval2.exe+1DB944
"medieval2.exe"+1DB90F: 8A 81 A4 01 00 00 - mov al,[ecx+000001A4]
"medieval2.exe"+1DB915: 84 C0 - test al,al
"medieval2.exe"+1DB917: 74 05 - je medieval2.exe+1DB91E
"medieval2.exe"+1DB919: 83 FE 04 - cmp esi,04
"medieval2.exe"+1DB91C: 7D 26 - jnl medieval2.exe+1DB944
"medieval2.exe"+1DB91E: 57 - push edi
// ---------- INJECTING HERE ----------
"medieval2.exe"+1DB91F: 8B B9 5C 18 00 00 - mov edi,[ecx+0000185C]
// ---------- DONE INJECTING ----------
"medieval2.exe"+1DB925: 88 44 24 08 - mov [esp+08],al
"medieval2.exe"+1DB929: 8B 4C 24 08 - mov ecx,[esp+08]
"medieval2.exe"+1DB92D: 51 - push ecx
"medieval2.exe"+1DB92E: E8 5D B5 30 00 - call medieval2.exe+4E6E90
"medieval2.exe"+1DB933: 83 C4 04 - add esp,04
"medieval2.exe"+1DB936: C1 E6 04 - shl esi,04
"medieval2.exe"+1DB939: 3B 7C 06 04 - cmp edi,[esi+eax+04]
"medieval2.exe"+1DB93D: 5F - pop edi
"medieval2.exe"+1DB93E: 0F 93 C0 - setae al
"medieval2.exe"+1DB941: 5E - pop esi
}
Version:
Date : 2020-01-02
Author : +++
This script does blah blah blah
}
[ENABLE]
aobscanmodule(INJECT,medieval2.exe,26 57 8B B9 5C 18 00 00) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
mov [ecx+0000185C], (float)1.401298464E-45
mov edi,[ecx+0000185C]
jmp return
INJECT+02:
jmp newmem
nop
return:
registersymbol(INJECT)
[DISABLE]
INJECT+02:
db 8B B9 5C 18 00 00
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "medieval2.exe"+1DB91F
"medieval2.exe"+1DB8FF: 56 - push esi
"medieval2.exe"+1DB900: 8B B1 98 01 00 00 - mov esi,[ecx+00000198]
"medieval2.exe"+1DB906: 39 B4 D0 34 1B 00 00 - cmp [eax+edx*8+00001B34],esi
"medieval2.exe"+1DB90D: 7E 35 - jle medieval2.exe+1DB944
"medieval2.exe"+1DB90F: 8A 81 A4 01 00 00 - mov al,[ecx+000001A4]
"medieval2.exe"+1DB915: 84 C0 - test al,al
"medieval2.exe"+1DB917: 74 05 - je medieval2.exe+1DB91E
"medieval2.exe"+1DB919: 83 FE 04 - cmp esi,04
"medieval2.exe"+1DB91C: 7D 26 - jnl medieval2.exe+1DB944
"medieval2.exe"+1DB91E: 57 - push edi
// ---------- INJECTING HERE ----------
"medieval2.exe"+1DB91F: 8B B9 5C 18 00 00 - mov edi,[ecx+0000185C]
// ---------- DONE INJECTING ----------
"medieval2.exe"+1DB925: 88 44 24 08 - mov [esp+08],al
"medieval2.exe"+1DB929: 8B 4C 24 08 - mov ecx,[esp+08]
"medieval2.exe"+1DB92D: 51 - push ecx
"medieval2.exe"+1DB92E: E8 5D B5 30 00 - call medieval2.exe+4E6E90
"medieval2.exe"+1DB933: 83 C4 04 - add esp,04
"medieval2.exe"+1DB936: C1 E6 04 - shl esi,04
"medieval2.exe"+1DB939: 3B 7C 06 04 - cmp edi,[esi+eax+04]
"medieval2.exe"+1DB93D: 5F - pop edi
"medieval2.exe"+1DB93E: 0F 93 C0 - setae al
"medieval2.exe"+1DB941: 5E - pop esi
}
mov [ecx+0000185C], (float)1.401298464E-45
and want to have 4 bytes↑↑ how to set it in this line?
want something like mov [ecx+0000185C], (bytes4)40000 but i get error
i found address in bytes 4 but I had to change to float because I don't know the command for bytes 4 so I'm asking if anyone knows what to do?
