Looking for help AOB

scriptkiddy · Post by **scriptkiddy** » Tue Jan 28, 2020 7:00 pm

hello everyone i trying to update a script that stopped working a long time ago. I managed to get the aob through trial and error and im able to turn the script on. however it is now crashing everytime i try to disable or move around in game. I was looking to see if anyone could point me in the right direction(you dont need hand feed me the answer although i am new to this). I can also offer my info if needed.

Spoiler

{ Game : PathOfExile_x64.exe
Version:
Date : 2019-05-06
Author : Ankorman
}

[ENABLE]

aobscanmodule(ShadowKill1,PathOfExile_x64.exe,41 0F 2F CB 76 0C)
registersymbol(ShadowKill1)
aobscanmodule(shadowkill2,PathOfExile_x64.exe,0F 84 A0 00 00 00 45 85 C0)
registersymbol(shadowkill2)

ShadowKill1:
jmp long +b6
nop
shadowkill2:
jmp short +9

[DISABLE]

ShadowKill1:
db 41 0F 2F CB 76 0C
unregistersymbol(ShadowKill1)
shadowkill2:
db 0F 84 A0 00 00 00
unregistersymbol(shadowkill2)

{
// ORIGINAL CODE - INJECTION POINT: "PathOfExile_x64.exe"+ECE303
PathOfExile_x64.exe+ECE2C6 - F3 44 0F10 0D 9D2C8200 - movss xmm9,[PathOfExile_x64.exe+16F0F6C]
PathOfExile_x64.exe+ECE2CF - F3 0F10 35 051E8200 - movss xmm6,[PathOfExile_x64.exe+16F00DC]
PathOfExile_x64.exe+ECE2D7 - F3 0F10 3D 291F8200 - movss xmm7,[PathOfExile_x64.exe+16F0208]
PathOfExile_x64.exe+ECE2DF - F3 44 0F10 05 B01F8200 - movss xmm8,[PathOfExile_x64.exe+16F0298]
PathOfExile_x64.exe+ECE2E8 - 0F1F 84 00 00000000 - nop [rax+rax+00000000]
PathOfExile_x64.exe+ECE2F0 - 48 8B 45 70 - mov rax,[rbp+70]
PathOfExile_x64.exe+ECE2F4 - 0F10 04 30 - movups xmm0,[rax+rsi]
PathOfExile_x64.exe+ECE2F8 - 0F11 85 40010000 - movups [rbp+00000140],xmm0
PathOfExile_x64.exe+ECE2FF - 0FC6 C0 FF - shufps xmm0,xmm0-01
ShadowKill - 41 0F2F C1 - comiss xmm0,xmm9
PathOfExile_x64.exe+ECE307 - 76 0B - jna PathOfExile_x64.exe+ECE314
PathOfExile_x64.exe+ECE309 - 41 0F2F C2 - comiss xmm0,xmm10
PathOfExile_x64.exe+ECE30D - 73 09 - jae PathOfExile_x64.exe+ECE318
PathOfExile_x64.exe+ECE30F - 49 8B DF - mov rbx,r15
PathOfExile_x64.exe+ECE312 - EB 33 - jmp PathOfExile_x64.exe+ECE347
PathOfExile_x64.exe+ECE314 - 41 0F2F C2 - comiss xmm0,xmm10
PathOfExile_x64.exe+ECE318 - 76 0C - jna PathOfExile_x64.exe+ECE326
PathOfExile_x64.exe+ECE31A - 0F2F C6 - comiss xmm0,xmm6
PathOfExile_x64.exe+ECE31D - 73 0A - jae PathOfExile_x64.exe+ECE329
PathOfExile_x64.exe+ECE31F - BB 38000000 - mov ebx,00000038
PathOfExile_x64.exe+ECE324 - EB 21 - jmp PathOfExile_x64.exe+ECE347
}{
// ORIGINAL CODE - INJECTION POINT: "PathOfExile_x64.exe"+127426F

"PathOfExile_x64.exe"+1274239: F3 0F 10 05 F3 19 54 00 - movss xmm0,[PathOfExile_x64.exe+17B5C34]
"PathOfExile_x64.exe"+1274241: F3 0F 59 EB - mulss xmm5,xmm3
"PathOfExile_x64.exe"+1274245: F3 0F 5C 2D DB 19 54 00 - subss xmm5,[PathOfExile_x64.exe+17B5C28]
"PathOfExile_x64.exe"+127424D: F3 0F 59 EB - mulss xmm5,xmm3
"PathOfExile_x64.exe"+1274251: F3 0F 58 2D D3 19 54 00 - addss xmm5,dword ptr [PathOfExile_x64.exe+17B5C2C]
"PathOfExile_x64.exe"+1274259: F3 0F 59 EB - mulss xmm5,xmm3
"PathOfExile_x64.exe"+127425D: F3 0F 59 1D CB 19 54 00 - mulss xmm3,[PathOfExile_x64.exe+17B5C30]
"PathOfExile_x64.exe"+1274265: F3 0F 5C C3 - subss xmm0,xmm3
"PathOfExile_x64.exe"+1274269: F3 0F 5E E8 - divss xmm5,xmm0
"PathOfExile_x64.exe"+127426D: 85 C0 - test eax,eax
// ---------- INJECTING HERE ----------
"PathOfExile_x64.exe"+127426F: 0F 84 A0 00 00 00 - je PathOfExile_x64.exe+1274315
// ---------- DONE INJECTING ----------
"PathOfExile_x64.exe"+1274275: 45 85 C0 - test r8d,r8d
"PathOfExile_x64.exe"+1274278: 74 33 - je PathOfExile_x64.exe+12742AD
"PathOfExile_x64.exe"+127427A: 0F 5A C4 - vcvtps2pd xmm0,xmm4
"PathOfExile_x64.exe"+127427D: F3 0F 59 EE - mulss xmm5,xmm6
"PathOfExile_x64.exe"+1274281: 0F 5A CD - vcvtps2pd xmm1,xmm5
"PathOfExile_x64.exe"+1274284: F2 0F 5C 0D 94 19 54 00 - subsd xmm1,[PathOfExile_x64.exe+17B5C20]
"PathOfExile_x64.exe"+127428C: F2 0F 58 C8 - addsd xmm1,xmm0
"PathOfExile_x64.exe"+1274290: F2 0F 10 05 A8 19 54 00 - movsd xmm0,[PathOfExile_x64.exe+17B5C40]
"PathOfExile_x64.exe"+1274298: F2 0F 59 0D 08 BF 47 00 - mulsd xmm1,[PathOfExile_x64.exe+16F01A8]
"PathOfExile_x64.exe"+12742A0: F2 0F 5C C1 - subsd xmm0,xmm1
}

Its for the game path of exile

Edit: I have narrowed it down to ShadowKill1 but not sure why

GreenHouse · Post by **GreenHouse** » Tue Jan 28, 2020 7:31 pm

The script is missing stuff. What is 'long' and 'short'? The first step is to jump into 'long' and there's nothing called 'long'.

TimFun13 · Post by **TimFun13** » Tue Jan 28, 2020 9:04 pm

GreenHouse wrote: ↑
Tue Jan 28, 2020 7:31 pm
The script is missing stuff. What is 'long' and 'short'? The first step is to jump into 'long' and there's nothing called 'long'.

If the jump is less than a byte then jmp short XX will force a small jump instruction relative to the current instruction address (i.e. EB 03). And LONG is the same just with a larger offset (4 bytes). There's also FAR that takes both a segment and offset. If you don't specify the type of jump, it is up to the assembler whether you get a SHORT, LONG or FAR jump.

Basically this script just causes the game to skip over some code.

scriptkiddy wrote: ↑
Tue Jan 28, 2020 7:00 pm
...

Check to see how it is actually assembling the code, and make sure your jumps aren't mid instruction. It looks like the LONG jump is fine but the SHORT jump's location isn't shown.

Also, Moving this topic as it's ASM and not Lua code.

GreenHouse · Post by **GreenHouse** » Tue Jan 28, 2020 9:16 pm

ShyTwig16 wrote: ↑
Tue Jan 28, 2020 9:04 pm
If the jump is less than a byte then jmp short XX will force a small jump instruction relative to the current instruction address (i.e. EB 03). And LONG is the same just with a larger offset (4 bytes). There's also FAR that takes both a segment and offset. If you don't specify the type of jump, it is up to the assembler whether you get a SHORT, LONG or FAR jump.

Basically this script just causes the game to skip over some code.

Oh, interesting, this is the first time that I see that. Thanks for the info

Then I guess that the script problem is that the jumps are on the wrong place now and has to be readjusted.

scriptkiddy · Post by **scriptkiddy** » Tue Jan 28, 2020 10:46 pm

Don't really know why it jumps there so its hard for me to place it in the right spot. Guess ill just stop trying to update the script. I got most of the other stuff to work this is the only one that doesnt.

this is where it currently jumps to

Spoiler

PathOfExile_x64.exe+111E4BF - FF - db -01
PathOfExile_x64.exe+111E4C0 - FF - db -01
PathOfExile_x64.exe+111E4C1 - FF 49 8B - dec [rcx-75]
PathOfExile_x64.exe+111E4C4 - 87 90 15000048 - xchg [rax+48000015],edx
PathOfExile_x64.exe+111E4CA - 8B 48 40 - mov ecx,[rax+40]
PathOfExile_x64.exe+111E4CD - 48 8B 01 - mov rax,[rcx]

TimFun13 · Post by **TimFun13** » Tue Jan 28, 2020 11:02 pm

scriptkiddy wrote: ↑
Tue Jan 28, 2020 10:46 pm
Don't really know why it jumps there so its hard for me to place it in the right spot. Guess ill just stop trying to update the script. I got most of the other stuff to work this is the only one that doesnt.

this is where it currently jumps to
Spoiler
PathOfExile_x64.exe+111E4BF - FF - db -01
PathOfExile_x64.exe+111E4C0 - FF - db -01
PathOfExile_x64.exe+111E4C1 - FF 49 8B - dec [rcx-75]
PathOfExile_x64.exe+111E4C4 - 87 90 15000048 - xchg [rax+48000015],edx
PathOfExile_x64.exe+111E4CA - 8B 48 40 - mov ecx,[rax+40]
PathOfExile_x64.exe+111E4CD - 48 8B 01 - mov rax,[rcx]

That looks like it's mid instruction, follow the jump and press the right or left arrow tell it aligns and looks the same as if you were just scrolling (and you may need to try up one instruction or down one instruction). Just take the instruction's offset and subtract it by the instruction offset just below the jump to figure out the new jump offset.
Example with the LONG jump:

Code: Select all

0x127427D - 0x1274274 = 0x9

"PathOfExile_x64.exe"+127426F: EB XXXXXXXX  - jmp long +9   // 0F 84 A0 00 00 00 - je PathOfExile_x64.exe+1274315
"PathOfExile_x64.exe"+1274274: 90   - nop
// ---------- DONE INJECTING ----------
"PathOfExile_x64.exe"+1274275: 45 85 C0 - test r8d,r8d
"PathOfExile_x64.exe"+1274278: 74 33 - je PathOfExile_x64.exe+12742AD
"PathOfExile_x64.exe"+127427A: 0F 5A C4 - vcvtps2pd xmm0,xmm4
"PathOfExile_x64.exe"+127427D: F3 0F 59 EE - mulss xmm5,xmm6     // jumps to here
"PathOfExile_x64.exe"+1274281: 0F 5A CD - vcvtps2pd xmm1,xmm5
"PathOfExile_x64.exe"+1274284: F2 0F 5C 0D 94 19 54 00 - subsd xmm1,[PathOfExile_x64.exe+17B5C20]
"PathOfExile_x64.exe"+127428C: F2 0F 58 C8 - addsd xmm1,xmm0
"PathOfExile_x64.exe"+1274290: F2 0F 10 05 A8 19 54 00 - movsd xmm0,[PathOfExile_x64.exe+17B5C40]
"PathOfExile_x64.exe"+1274298: F2 0F 59 0D 08 BF 47 00 - mulsd xmm1,[PathOfExile_x64.exe+16F01A8]
"PathOfExile_x64.exe"+12742A0: F2 0F 5C C1 - subsd xmm0,xmm1

scriptkiddy · Post by **scriptkiddy** » Wed Jan 29, 2020 1:50 am

ShyTwig16 wrote: ↑
Tue Jan 28, 2020 11:02 pm

scriptkiddy wrote: ↑
Tue Jan 28, 2020 10:46 pm
Don't really know why it jumps there so its hard for me to place it in the right spot. Guess ill just stop trying to update the script. I got most of the other stuff to work this is the only one that doesnt.

this is where it currently jumps to
Spoiler
PathOfExile_x64.exe+111E4BF - FF - db -01
PathOfExile_x64.exe+111E4C0 - FF - db -01
PathOfExile_x64.exe+111E4C1 - FF 49 8B - dec [rcx-75]
PathOfExile_x64.exe+111E4C4 - 87 90 15000048 - xchg [rax+48000015],edx
PathOfExile_x64.exe+111E4CA - 8B 48 40 - mov ecx,[rax+40]
PathOfExile_x64.exe+111E4CD - 48 8B 01 - mov rax,[rcx]

That looks like it's mid instruction, follow the jump and press the right or left arrow tell it aligns and looks the same as if you were just scrolling (and you may need to try up one instruction or down one instruction). Just take the instruction's offset and subtract it by the instruction offset just below the jump to figure out the new jump offset.
Example with the LONG jump:
Code: Select all
0x127427D - 0x1274274 = 0x9

"PathOfExile_x64.exe"+127426F: EB XXXXXXXX  - jmp long +9   // 0F 84 A0 00 00 00 - je PathOfExile_x64.exe+1274315
"PathOfExile_x64.exe"+1274274: 90   - nop
// ---------- DONE INJECTING ----------
"PathOfExile_x64.exe"+1274275: 45 85 C0 - test r8d,r8d
"PathOfExile_x64.exe"+1274278: 74 33 - je PathOfExile_x64.exe+12742AD
"PathOfExile_x64.exe"+127427A: 0F 5A C4 - vcvtps2pd xmm0,xmm4
"PathOfExile_x64.exe"+127427D: F3 0F 59 EE - mulss xmm5,xmm6     // jumps to here
"PathOfExile_x64.exe"+1274281: 0F 5A CD - vcvtps2pd xmm1,xmm5
"PathOfExile_x64.exe"+1274284: F2 0F 5C 0D 94 19 54 00 - subsd xmm1,[PathOfExile_x64.exe+17B5C20]
"PathOfExile_x64.exe"+127428C: F2 0F 58 C8 - addsd xmm1,xmm0
"PathOfExile_x64.exe"+1274290: F2 0F 10 05 A8 19 54 00 - movsd xmm0,[PathOfExile_x64.exe+17B5C40]
"PathOfExile_x64.exe"+1274298: F2 0F 59 0D 08 BF 47 00 - mulsd xmm1,[PathOfExile_x64.exe+16F01A8]
"PathOfExile_x64.exe"+12742A0: F2 0F 5C C1 - subsd xmm0,xmm1

so i tried this and got +b6(which is what was from the original code) from the nop and it still crashes. that should be the end of the instruction yeah?

TimFun13 · Post by **TimFun13** » Wed Jan 29, 2020 2:41 am

scriptkiddy wrote: ↑
Wed Jan 29, 2020 1:50 am
...
so i tried this and got +b6(which is what was from the original code) from the nop and it still crashes. that should be the end of the instruction yeah?

Yeah you need to start at the end of the jump instruction, so basically the next line of code.

Copy the code from the memory view form at "ShadowKill1" injection point (before injecting) +20 lines down and post it here. I just want to have a look, might be able to help a little better.

scriptkiddy · Post by **scriptkiddy** » Wed Jan 29, 2020 3:07 am

before inject

Spoiler

PathOfExile_x64.exe+111E406 - 41 0F2F CB - comiss xmm1,xmm11
PathOfExile_x64.exe+111E40A - 76 0C - jna PathOfExile_x64.exe+111E418
PathOfExile_x64.exe+111E40C - 0F2F CF - comiss xmm1,xmm7
PathOfExile_x64.exe+111E40F - 73 0A - jae PathOfExile_x64.exe+111E41B
PathOfExile_x64.exe+111E411 - BB 38000000 - mov ebx,00000038 { 56 }
PathOfExile_x64.exe+111E416 - EB 27 - jmp PathOfExile_x64.exe+111E43F
PathOfExile_x64.exe+111E418 - 0F2F CF - comiss xmm1,xmm7
PathOfExile_x64.exe+111E41B - 76 0D - jna PathOfExile_x64.exe+111E42A
PathOfExile_x64.exe+111E41D - 41 0F2F C8 - comiss xmm1,xmm8
PathOfExile_x64.exe+111E421 - 73 0B - jae PathOfExile_x64.exe+111E42E
PathOfExile_x64.exe+111E423 - BB 70000000 - mov ebx,00000070 { 112 }
PathOfExile_x64.exe+111E428 - EB 15 - jmp PathOfExile_x64.exe+111E43F
PathOfExile_x64.exe+111E42A - 41 0F2F C8 - comiss xmm1,xmm8
PathOfExile_x64.exe+111E42E - 0F86 82000000 - jbe PathOfExile_x64.exe+111E4B6
PathOfExile_x64.exe+111E434 - 41 0F2F C9 - comiss xmm1,xmm9
PathOfExile_x64.exe+111E438 - 73 7C - jae PathOfExile_x64.exe+111E4B6
PathOfExile_x64.exe+111E43A - BB A8000000 - mov ebx,000000A8 { 168 }
PathOfExile_x64.exe+111E43F - F3 0F10 82 B0010000 - movss xmm0,[rdx+000001B0]
PathOfExile_x64.exe+111E447 - F3 0F11 45 54 - movss [rbp+54],xmm0
PathOfExile_x64.exe+111E44C - 0F10 72 58 - movups xmm6,[rdx+58]
PathOfExile_x64.exe+111E450 - 0F11 B5 50010000 - movups [rbp+00000150],xmm6
PathOfExile_x64.exe+111E457 - 48 8B 4D A0 - mov rcx,[rbp-60]
PathOfExile_x64.exe+111E45B - 48 83 C1 08 - add rcx,08 { 8 }
PathOfExile_x64.exe+111E45F - 48 03 CB - add rcx,rbx
PathOfExile_x64.exe+111E462 - 48 8B 51 08 - mov rdx,[rcx+08]
PathOfExile_x64.exe+111E466 - 48 39 51 10 - cmp [rcx+10],rdx
PathOfExile_x64.exe+111E46A - 74 0E - je PathOfExile_x64.exe+111E47A
PathOfExile_x64.exe+111E46C - 0F10 45 48 - movups xmm0,[rbp+48]
PathOfExile_x64.exe+111E470 - 0F11 02 - movups [rdx],xmm0
PathOfExile_x64.exe+111E473 - 48 83 41 08 10 - add qword ptr [rcx+08],10 { 16 }
PathOfExile_x64.exe+111E478 - EB 09 - jmp PathOfExile_x64.exe+111E483
PathOfExile_x64.exe+111E47A - 4C 8D 45 48 - lea r8,[rbp+48]
PathOfExile_x64.exe+111E47E - E8 2D060EFF - call PathOfExile_x64.exe+1FEAB0
PathOfExile_x64.exe+111E483 - 48 8B 4D A0 - mov rcx,[rbp-60]
PathOfExile_x64.exe+111E487 - 48 83 C1 20 - add rcx,20 { 32 }
PathOfExile_x64.exe+111E48B - 48 03 CB - add rcx,rbx
PathOfExile_x64.exe+111E48E - 48 8B 51 08 - mov rdx,[rcx+08]
PathOfExile_x64.exe+111E492 - 48 39 51 10 - cmp [rcx+10],rdx
PathOfExile_x64.exe+111E496 - 74 0A - je PathOfExile_x64.exe+111E4A2
PathOfExile_x64.exe+111E498 - 0F11 32 - movups [rdx],xmm6
PathOfExile_x64.exe+111E49B - 48 83 41 08 10 - add qword ptr [rcx+08],10 { 16 }
PathOfExile_x64.exe+111E4A0 - EB 0C - jmp PathOfExile_x64.exe+111E4AE
PathOfExile_x64.exe+111E4A2 - 4C 8D 85 50010000 - lea r8,[rbp+00000150]
PathOfExile_x64.exe+111E4A9 - E8 02060EFF - call PathOfExile_x64.exe+1FEAB0
PathOfExile_x64.exe+111E4AE - 48 8B 45 A0 - mov rax,[rbp-60]
PathOfExile_x64.exe+111E4B2 - 48 FF 04 03 - inc [rbx+rax]
PathOfExile_x64.exe+111E4B6 - 48 FF C7 - inc rdi
PathOfExile_x64.exe+111E4B9 - 49 3B FE - cmp rdi,r14
PathOfExile_x64.exe+111E4BC - 0F82 10FFFFFF - jb PathOfExile_x64.exe+111E3D2
PathOfExile_x64.exe+111E4C2 - 49 8B 87 90150000 - mov rax,[r15+00001590]
PathOfExile_x64.exe+111E4C9 - 48 8B 48 40 - mov rcx,[rax+40]
PathOfExile_x64.exe+111E4CD - 48 8B 01 - mov rax,[rcx]
PathOfExile_x64.exe+111E4D0 - 8B 48 30 - mov ecx,[rax+30]
PathOfExile_x64.exe+111E4D3 - 8B 40 2C - mov eax,[rax+2C]

after inject

Spoiler

ShadowKill1 - E9 B6000000 - jmp PathOfExile_x64.exe+111E4C1
PathOfExile_x64.exe+111E40B- 90 - nop
PathOfExile_x64.exe+111E40C- 0F2F CF - comiss xmm1,xmm7
PathOfExile_x64.exe+111E40F- 73 0A - jae PathOfExile_x64.exe+111E41B
PathOfExile_x64.exe+111E411- BB 38000000 - mov ebx,00000038 { 56 }
PathOfExile_x64.exe+111E416- EB 27 - jmp PathOfExile_x64.exe+111E43F
PathOfExile_x64.exe+111E418- 0F2F CF - comiss xmm1,xmm7
PathOfExile_x64.exe+111E41B- 76 0D - jna PathOfExile_x64.exe+111E42A
PathOfExile_x64.exe+111E41D- 41 0F2F C8 - comiss xmm1,xmm8
PathOfExile_x64.exe+111E421- 73 0B - jae PathOfExile_x64.exe+111E42E
PathOfExile_x64.exe+111E423- BB 70000000 - mov ebx,00000070 { 112 }
PathOfExile_x64.exe+111E428- EB 15 - jmp PathOfExile_x64.exe+111E43F
PathOfExile_x64.exe+111E42A- 41 0F2F C8 - comiss xmm1,xmm8
PathOfExile_x64.exe+111E42E- 0F86 82000000 - jbe PathOfExile_x64.exe+111E4B6
PathOfExile_x64.exe+111E434- 41 0F2F C9 - comiss xmm1,xmm9
PathOfExile_x64.exe+111E438- 73 7C - jae PathOfExile_x64.exe+111E4B6
PathOfExile_x64.exe+111E43A- BB A8000000 - mov ebx,000000A8 { 168 }
PathOfExile_x64.exe+111E43F- F3 0F10 82 B0010000 - movss xmm0,[rdx+000001B0]
PathOfExile_x64.exe+111E447- F3 0F11 45 54 - movss [rbp+54],xmm0
PathOfExile_x64.exe+111E44C- 0F10 72 58 - movups xmm6,[rdx+58]
PathOfExile_x64.exe+111E450- 0F11 B5 50010000 - movups [rbp+00000150],xmm6
PathOfExile_x64.exe+111E457- 48 8B 4D A0 - mov rcx,[rbp-60]
PathOfExile_x64.exe+111E45B- 48 83 C1 08 - add rcx,08 { 8 }
PathOfExile_x64.exe+111E45F- 48 03 CB - add rcx,rbx
PathOfExile_x64.exe+111E462- 48 8B 51 08 - mov rdx,[rcx+08]
PathOfExile_x64.exe+111E466- 48 39 51 10 - cmp [rcx+10],rdx
PathOfExile_x64.exe+111E46A- 74 0E - je PathOfExile_x64.exe+111E47A
PathOfExile_x64.exe+111E46C- 0F10 45 48 - movups xmm0,[rbp+48]
PathOfExile_x64.exe+111E470- 0F11 02 - movups [rdx],xmm0
PathOfExile_x64.exe+111E473- 48 83 41 08 10 - add qword ptr [rcx+08],10 { 16 }
PathOfExile_x64.exe+111E478- EB 09 - jmp PathOfExile_x64.exe+111E483
PathOfExile_x64.exe+111E47A- 4C 8D 45 48 - lea r8,[rbp+48]
PathOfExile_x64.exe+111E47E- E8 2D060EFF - call PathOfExile_x64.exe+1FEAB0
PathOfExile_x64.exe+111E483- 48 8B 4D A0 - mov rcx,[rbp-60]
PathOfExile_x64.exe+111E487- 48 83 C1 20 - add rcx,20 { 32 }
PathOfExile_x64.exe+111E48B- 48 03 CB - add rcx,rbx
PathOfExile_x64.exe+111E48E- 48 8B 51 08 - mov rdx,[rcx+08]
PathOfExile_x64.exe+111E492- 48 39 51 10 - cmp [rcx+10],rdx
PathOfExile_x64.exe+111E496- 74 0A - je PathOfExile_x64.exe+111E4A2
PathOfExile_x64.exe+111E498- 0F11 32 - movups [rdx],xmm6
PathOfExile_x64.exe+111E49B- 48 83 41 08 10 - add qword ptr [rcx+08],10 { 16 }
PathOfExile_x64.exe+111E4A0- EB 0C - jmp PathOfExile_x64.exe+111E4AE
PathOfExile_x64.exe+111E4A2- 4C 8D 85 50010000 - lea r8,[rbp+00000150]
PathOfExile_x64.exe+111E4A9- E8 02060EFF - call PathOfExile_x64.exe+1FEAB0
PathOfExile_x64.exe+111E4AE- 48 8B 45 A0 - mov rax,[rbp-60]
PathOfExile_x64.exe+111E4B2- 48 FF 04 03 - inc [rbx+rax]
PathOfExile_x64.exe+111E4B6- 48 FF C7 - inc rdi
PathOfExile_x64.exe+111E4B9- 49 3B FE - cmp rdi,r14
PathOfExile_x64.exe+111E4BC- 0F82 10FFFFFF - jb PathOfExile_x64.exe+111E3D2
PathOfExile_x64.exe+111E4C2- 49 8B 87 90150000 - mov rax,[r15+00001590]
PathOfExile_x64.exe+111E4C9- 48 8B 48 40 - mov rcx,[rax+40]
PathOfExile_x64.exe+111E4CD- 48 8B 01 - mov rax,[rcx]
PathOfExile_x64.exe+111E4D0- 8B 48 30 - mov ecx,[rax+30]
PathOfExile_x64.exe+111E4D3- 8B 40 2C - mov eax,[rax+2C]

TimFun13 · Post by **TimFun13** » Wed Jan 29, 2020 11:06 am

scriptkiddy wrote: ↑
Wed Jan 29, 2020 3:07 am
before inject
Spoiler
PathOfExile_x64.exe+111E406 - 41 0F2F CB - comiss xmm1,xmm11
PathOfExile_x64.exe+111E40A - 76 0C - jna PathOfExile_x64.exe+111E418
PathOfExile_x64.exe+111E40C - 0F2F CF - comiss xmm1,xmm7
PathOfExile_x64.exe+111E40F - 73 0A - jae PathOfExile_x64.exe+111E41B
PathOfExile_x64.exe+111E411 - BB 38000000 - mov ebx,00000038 { 56 }
PathOfExile_x64.exe+111E416 - EB 27 - jmp PathOfExile_x64.exe+111E43F
PathOfExile_x64.exe+111E418 - 0F2F CF - comiss xmm1,xmm7
PathOfExile_x64.exe+111E41B - 76 0D - jna PathOfExile_x64.exe+111E42A
PathOfExile_x64.exe+111E41D - 41 0F2F C8 - comiss xmm1,xmm8
PathOfExile_x64.exe+111E421 - 73 0B - jae PathOfExile_x64.exe+111E42E
PathOfExile_x64.exe+111E423 - BB 70000000 - mov ebx,00000070 { 112 }
PathOfExile_x64.exe+111E428 - EB 15 - jmp PathOfExile_x64.exe+111E43F
PathOfExile_x64.exe+111E42A - 41 0F2F C8 - comiss xmm1,xmm8
PathOfExile_x64.exe+111E42E - 0F86 82000000 - jbe PathOfExile_x64.exe+111E4B6
PathOfExile_x64.exe+111E434 - 41 0F2F C9 - comiss xmm1,xmm9
PathOfExile_x64.exe+111E438 - 73 7C - jae PathOfExile_x64.exe+111E4B6
PathOfExile_x64.exe+111E43A - BB A8000000 - mov ebx,000000A8 { 168 }
PathOfExile_x64.exe+111E43F - F3 0F10 82 B0010000 - movss xmm0,[rdx+000001B0]
PathOfExile_x64.exe+111E447 - F3 0F11 45 54 - movss [rbp+54],xmm0
PathOfExile_x64.exe+111E44C - 0F10 72 58 - movups xmm6,[rdx+58]
PathOfExile_x64.exe+111E450 - 0F11 B5 50010000 - movups [rbp+00000150],xmm6
PathOfExile_x64.exe+111E457 - 48 8B 4D A0 - mov rcx,[rbp-60]
PathOfExile_x64.exe+111E45B - 48 83 C1 08 - add rcx,08 { 8 }
PathOfExile_x64.exe+111E45F - 48 03 CB - add rcx,rbx
PathOfExile_x64.exe+111E462 - 48 8B 51 08 - mov rdx,[rcx+08]
PathOfExile_x64.exe+111E466 - 48 39 51 10 - cmp [rcx+10],rdx
PathOfExile_x64.exe+111E46A - 74 0E - je PathOfExile_x64.exe+111E47A
PathOfExile_x64.exe+111E46C - 0F10 45 48 - movups xmm0,[rbp+48]
PathOfExile_x64.exe+111E470 - 0F11 02 - movups [rdx],xmm0
PathOfExile_x64.exe+111E473 - 48 83 41 08 10 - add qword ptr [rcx+08],10 { 16 }
PathOfExile_x64.exe+111E478 - EB 09 - jmp PathOfExile_x64.exe+111E483
PathOfExile_x64.exe+111E47A - 4C 8D 45 48 - lea r8,[rbp+48]
PathOfExile_x64.exe+111E47E - E8 2D060EFF - call PathOfExile_x64.exe+1FEAB0
PathOfExile_x64.exe+111E483 - 48 8B 4D A0 - mov rcx,[rbp-60]
PathOfExile_x64.exe+111E487 - 48 83 C1 20 - add rcx,20 { 32 }
PathOfExile_x64.exe+111E48B - 48 03 CB - add rcx,rbx
PathOfExile_x64.exe+111E48E - 48 8B 51 08 - mov rdx,[rcx+08]
PathOfExile_x64.exe+111E492 - 48 39 51 10 - cmp [rcx+10],rdx
PathOfExile_x64.exe+111E496 - 74 0A - je PathOfExile_x64.exe+111E4A2
PathOfExile_x64.exe+111E498 - 0F11 32 - movups [rdx],xmm6
PathOfExile_x64.exe+111E49B - 48 83 41 08 10 - add qword ptr [rcx+08],10 { 16 }
PathOfExile_x64.exe+111E4A0 - EB 0C - jmp PathOfExile_x64.exe+111E4AE
PathOfExile_x64.exe+111E4A2 - 4C 8D 85 50010000 - lea r8,[rbp+00000150]
PathOfExile_x64.exe+111E4A9 - E8 02060EFF - call PathOfExile_x64.exe+1FEAB0
PathOfExile_x64.exe+111E4AE - 48 8B 45 A0 - mov rax,[rbp-60]
PathOfExile_x64.exe+111E4B2 - 48 FF 04 03 - inc [rbx+rax]
PathOfExile_x64.exe+111E4B6 - 48 FF C7 - inc rdi
PathOfExile_x64.exe+111E4B9 - 49 3B FE - cmp rdi,r14
PathOfExile_x64.exe+111E4BC - 0F82 10FFFFFF - jb PathOfExile_x64.exe+111E3D2
PathOfExile_x64.exe+111E4C2 - 49 8B 87 90150000 - mov rax,[r15+00001590]
PathOfExile_x64.exe+111E4C9 - 48 8B 48 40 - mov rcx,[rax+40]
PathOfExile_x64.exe+111E4CD - 48 8B 01 - mov rax,[rcx]
PathOfExile_x64.exe+111E4D0 - 8B 48 30 - mov ecx,[rax+30]
PathOfExile_x64.exe+111E4D3 - 8B 40 2C - mov eax,[rax+2C]
after inject
Spoiler
ShadowKill1 - E9 B6000000 - jmp PathOfExile_x64.exe+111E4C1
PathOfExile_x64.exe+111E40B- 90 - nop
PathOfExile_x64.exe+111E40C- 0F2F CF - comiss xmm1,xmm7
PathOfExile_x64.exe+111E40F- 73 0A - jae PathOfExile_x64.exe+111E41B
PathOfExile_x64.exe+111E411- BB 38000000 - mov ebx,00000038 { 56 }
PathOfExile_x64.exe+111E416- EB 27 - jmp PathOfExile_x64.exe+111E43F
PathOfExile_x64.exe+111E418- 0F2F CF - comiss xmm1,xmm7
PathOfExile_x64.exe+111E41B- 76 0D - jna PathOfExile_x64.exe+111E42A
PathOfExile_x64.exe+111E41D- 41 0F2F C8 - comiss xmm1,xmm8
PathOfExile_x64.exe+111E421- 73 0B - jae PathOfExile_x64.exe+111E42E
PathOfExile_x64.exe+111E423- BB 70000000 - mov ebx,00000070 { 112 }
PathOfExile_x64.exe+111E428- EB 15 - jmp PathOfExile_x64.exe+111E43F
PathOfExile_x64.exe+111E42A- 41 0F2F C8 - comiss xmm1,xmm8
PathOfExile_x64.exe+111E42E- 0F86 82000000 - jbe PathOfExile_x64.exe+111E4B6
PathOfExile_x64.exe+111E434- 41 0F2F C9 - comiss xmm1,xmm9
PathOfExile_x64.exe+111E438- 73 7C - jae PathOfExile_x64.exe+111E4B6
PathOfExile_x64.exe+111E43A- BB A8000000 - mov ebx,000000A8 { 168 }
PathOfExile_x64.exe+111E43F- F3 0F10 82 B0010000 - movss xmm0,[rdx+000001B0]
PathOfExile_x64.exe+111E447- F3 0F11 45 54 - movss [rbp+54],xmm0
PathOfExile_x64.exe+111E44C- 0F10 72 58 - movups xmm6,[rdx+58]
PathOfExile_x64.exe+111E450- 0F11 B5 50010000 - movups [rbp+00000150],xmm6
PathOfExile_x64.exe+111E457- 48 8B 4D A0 - mov rcx,[rbp-60]
PathOfExile_x64.exe+111E45B- 48 83 C1 08 - add rcx,08 { 8 }
PathOfExile_x64.exe+111E45F- 48 03 CB - add rcx,rbx
PathOfExile_x64.exe+111E462- 48 8B 51 08 - mov rdx,[rcx+08]
PathOfExile_x64.exe+111E466- 48 39 51 10 - cmp [rcx+10],rdx
PathOfExile_x64.exe+111E46A- 74 0E - je PathOfExile_x64.exe+111E47A
PathOfExile_x64.exe+111E46C- 0F10 45 48 - movups xmm0,[rbp+48]
PathOfExile_x64.exe+111E470- 0F11 02 - movups [rdx],xmm0
PathOfExile_x64.exe+111E473- 48 83 41 08 10 - add qword ptr [rcx+08],10 { 16 }
PathOfExile_x64.exe+111E478- EB 09 - jmp PathOfExile_x64.exe+111E483
PathOfExile_x64.exe+111E47A- 4C 8D 45 48 - lea r8,[rbp+48]
PathOfExile_x64.exe+111E47E- E8 2D060EFF - call PathOfExile_x64.exe+1FEAB0
PathOfExile_x64.exe+111E483- 48 8B 4D A0 - mov rcx,[rbp-60]
PathOfExile_x64.exe+111E487- 48 83 C1 20 - add rcx,20 { 32 }
PathOfExile_x64.exe+111E48B- 48 03 CB - add rcx,rbx
PathOfExile_x64.exe+111E48E- 48 8B 51 08 - mov rdx,[rcx+08]
PathOfExile_x64.exe+111E492- 48 39 51 10 - cmp [rcx+10],rdx
PathOfExile_x64.exe+111E496- 74 0A - je PathOfExile_x64.exe+111E4A2
PathOfExile_x64.exe+111E498- 0F11 32 - movups [rdx],xmm6
PathOfExile_x64.exe+111E49B- 48 83 41 08 10 - add qword ptr [rcx+08],10 { 16 }
PathOfExile_x64.exe+111E4A0- EB 0C - jmp PathOfExile_x64.exe+111E4AE
PathOfExile_x64.exe+111E4A2- 4C 8D 85 50010000 - lea r8,[rbp+00000150]
PathOfExile_x64.exe+111E4A9- E8 02060EFF - call PathOfExile_x64.exe+1FEAB0
PathOfExile_x64.exe+111E4AE- 48 8B 45 A0 - mov rax,[rbp-60]
PathOfExile_x64.exe+111E4B2- 48 FF 04 03 - inc [rbx+rax]
PathOfExile_x64.exe+111E4B6- 48 FF C7 - inc rdi
PathOfExile_x64.exe+111E4B9- 49 3B FE - cmp rdi,r14
PathOfExile_x64.exe+111E4BC- 0F82 10FFFFFF - jb PathOfExile_x64.exe+111E3D2
PathOfExile_x64.exe+111E4C2- 49 8B 87 90150000 - mov rax,[r15+00001590]
PathOfExile_x64.exe+111E4C9- 48 8B 48 40 - mov rcx,[rax+40]
PathOfExile_x64.exe+111E4CD- 48 8B 01 - mov rax,[rcx]
PathOfExile_x64.exe+111E4D0- 8B 48 30 - mov ecx,[rax+30]
PathOfExile_x64.exe+111E4D3- 8B 40 2C - mov eax,[rax+2C]

So PathOfExile_x64.exe+111E4C1 isn't a full instruction, but PathOfExile_x64.exe+111E4C2 is, so try +B7 as the offset.

scriptkiddy · Post by **scriptkiddy** » Wed Jan 29, 2020 4:12 pm

ShyTwig16 wrote: ↑
Wed Jan 29, 2020 11:06 am

scriptkiddy wrote: ↑
Wed Jan 29, 2020 3:07 am
before inject
Spoiler
PathOfExile_x64.exe+111E406 - 41 0F2F CB - comiss xmm1,xmm11
PathOfExile_x64.exe+111E40A - 76 0C - jna PathOfExile_x64.exe+111E418
PathOfExile_x64.exe+111E40C - 0F2F CF - comiss xmm1,xmm7
PathOfExile_x64.exe+111E40F - 73 0A - jae PathOfExile_x64.exe+111E41B
PathOfExile_x64.exe+111E411 - BB 38000000 - mov ebx,00000038 { 56 }
PathOfExile_x64.exe+111E416 - EB 27 - jmp PathOfExile_x64.exe+111E43F
PathOfExile_x64.exe+111E418 - 0F2F CF - comiss xmm1,xmm7
PathOfExile_x64.exe+111E41B - 76 0D - jna PathOfExile_x64.exe+111E42A
PathOfExile_x64.exe+111E41D - 41 0F2F C8 - comiss xmm1,xmm8
PathOfExile_x64.exe+111E421 - 73 0B - jae PathOfExile_x64.exe+111E42E
PathOfExile_x64.exe+111E423 - BB 70000000 - mov ebx,00000070 { 112 }
PathOfExile_x64.exe+111E428 - EB 15 - jmp PathOfExile_x64.exe+111E43F
PathOfExile_x64.exe+111E42A - 41 0F2F C8 - comiss xmm1,xmm8
PathOfExile_x64.exe+111E42E - 0F86 82000000 - jbe PathOfExile_x64.exe+111E4B6
PathOfExile_x64.exe+111E434 - 41 0F2F C9 - comiss xmm1,xmm9
PathOfExile_x64.exe+111E438 - 73 7C - jae PathOfExile_x64.exe+111E4B6
PathOfExile_x64.exe+111E43A - BB A8000000 - mov ebx,000000A8 { 168 }
PathOfExile_x64.exe+111E43F - F3 0F10 82 B0010000 - movss xmm0,[rdx+000001B0]
PathOfExile_x64.exe+111E447 - F3 0F11 45 54 - movss [rbp+54],xmm0
PathOfExile_x64.exe+111E44C - 0F10 72 58 - movups xmm6,[rdx+58]
PathOfExile_x64.exe+111E450 - 0F11 B5 50010000 - movups [rbp+00000150],xmm6
PathOfExile_x64.exe+111E457 - 48 8B 4D A0 - mov rcx,[rbp-60]
PathOfExile_x64.exe+111E45B - 48 83 C1 08 - add rcx,08 { 8 }
PathOfExile_x64.exe+111E45F - 48 03 CB - add rcx,rbx
PathOfExile_x64.exe+111E462 - 48 8B 51 08 - mov rdx,[rcx+08]
PathOfExile_x64.exe+111E466 - 48 39 51 10 - cmp [rcx+10],rdx
PathOfExile_x64.exe+111E46A - 74 0E - je PathOfExile_x64.exe+111E47A
PathOfExile_x64.exe+111E46C - 0F10 45 48 - movups xmm0,[rbp+48]
PathOfExile_x64.exe+111E470 - 0F11 02 - movups [rdx],xmm0
PathOfExile_x64.exe+111E473 - 48 83 41 08 10 - add qword ptr [rcx+08],10 { 16 }
PathOfExile_x64.exe+111E478 - EB 09 - jmp PathOfExile_x64.exe+111E483
PathOfExile_x64.exe+111E47A - 4C 8D 45 48 - lea r8,[rbp+48]
PathOfExile_x64.exe+111E47E - E8 2D060EFF - call PathOfExile_x64.exe+1FEAB0
PathOfExile_x64.exe+111E483 - 48 8B 4D A0 - mov rcx,[rbp-60]
PathOfExile_x64.exe+111E487 - 48 83 C1 20 - add rcx,20 { 32 }
PathOfExile_x64.exe+111E48B - 48 03 CB - add rcx,rbx
PathOfExile_x64.exe+111E48E - 48 8B 51 08 - mov rdx,[rcx+08]
PathOfExile_x64.exe+111E492 - 48 39 51 10 - cmp [rcx+10],rdx
PathOfExile_x64.exe+111E496 - 74 0A - je PathOfExile_x64.exe+111E4A2
PathOfExile_x64.exe+111E498 - 0F11 32 - movups [rdx],xmm6
PathOfExile_x64.exe+111E49B - 48 83 41 08 10 - add qword ptr [rcx+08],10 { 16 }
PathOfExile_x64.exe+111E4A0 - EB 0C - jmp PathOfExile_x64.exe+111E4AE
PathOfExile_x64.exe+111E4A2 - 4C 8D 85 50010000 - lea r8,[rbp+00000150]
PathOfExile_x64.exe+111E4A9 - E8 02060EFF - call PathOfExile_x64.exe+1FEAB0
PathOfExile_x64.exe+111E4AE - 48 8B 45 A0 - mov rax,[rbp-60]
PathOfExile_x64.exe+111E4B2 - 48 FF 04 03 - inc [rbx+rax]
PathOfExile_x64.exe+111E4B6 - 48 FF C7 - inc rdi
PathOfExile_x64.exe+111E4B9 - 49 3B FE - cmp rdi,r14
PathOfExile_x64.exe+111E4BC - 0F82 10FFFFFF - jb PathOfExile_x64.exe+111E3D2
PathOfExile_x64.exe+111E4C2 - 49 8B 87 90150000 - mov rax,[r15+00001590]
PathOfExile_x64.exe+111E4C9 - 48 8B 48 40 - mov rcx,[rax+40]
PathOfExile_x64.exe+111E4CD - 48 8B 01 - mov rax,[rcx]
PathOfExile_x64.exe+111E4D0 - 8B 48 30 - mov ecx,[rax+30]
PathOfExile_x64.exe+111E4D3 - 8B 40 2C - mov eax,[rax+2C]
after inject
Spoiler
ShadowKill1 - E9 B6000000 - jmp PathOfExile_x64.exe+111E4C1
PathOfExile_x64.exe+111E40B- 90 - nop
PathOfExile_x64.exe+111E40C- 0F2F CF - comiss xmm1,xmm7
PathOfExile_x64.exe+111E40F- 73 0A - jae PathOfExile_x64.exe+111E41B
PathOfExile_x64.exe+111E411- BB 38000000 - mov ebx,00000038 { 56 }
PathOfExile_x64.exe+111E416- EB 27 - jmp PathOfExile_x64.exe+111E43F
PathOfExile_x64.exe+111E418- 0F2F CF - comiss xmm1,xmm7
PathOfExile_x64.exe+111E41B- 76 0D - jna PathOfExile_x64.exe+111E42A
PathOfExile_x64.exe+111E41D- 41 0F2F C8 - comiss xmm1,xmm8
PathOfExile_x64.exe+111E421- 73 0B - jae PathOfExile_x64.exe+111E42E
PathOfExile_x64.exe+111E423- BB 70000000 - mov ebx,00000070 { 112 }
PathOfExile_x64.exe+111E428- EB 15 - jmp PathOfExile_x64.exe+111E43F
PathOfExile_x64.exe+111E42A- 41 0F2F C8 - comiss xmm1,xmm8
PathOfExile_x64.exe+111E42E- 0F86 82000000 - jbe PathOfExile_x64.exe+111E4B6
PathOfExile_x64.exe+111E434- 41 0F2F C9 - comiss xmm1,xmm9
PathOfExile_x64.exe+111E438- 73 7C - jae PathOfExile_x64.exe+111E4B6
PathOfExile_x64.exe+111E43A- BB A8000000 - mov ebx,000000A8 { 168 }
PathOfExile_x64.exe+111E43F- F3 0F10 82 B0010000 - movss xmm0,[rdx+000001B0]
PathOfExile_x64.exe+111E447- F3 0F11 45 54 - movss [rbp+54],xmm0
PathOfExile_x64.exe+111E44C- 0F10 72 58 - movups xmm6,[rdx+58]
PathOfExile_x64.exe+111E450- 0F11 B5 50010000 - movups [rbp+00000150],xmm6
PathOfExile_x64.exe+111E457- 48 8B 4D A0 - mov rcx,[rbp-60]
PathOfExile_x64.exe+111E45B- 48 83 C1 08 - add rcx,08 { 8 }
PathOfExile_x64.exe+111E45F- 48 03 CB - add rcx,rbx
PathOfExile_x64.exe+111E462- 48 8B 51 08 - mov rdx,[rcx+08]
PathOfExile_x64.exe+111E466- 48 39 51 10 - cmp [rcx+10],rdx
PathOfExile_x64.exe+111E46A- 74 0E - je PathOfExile_x64.exe+111E47A
PathOfExile_x64.exe+111E46C- 0F10 45 48 - movups xmm0,[rbp+48]
PathOfExile_x64.exe+111E470- 0F11 02 - movups [rdx],xmm0
PathOfExile_x64.exe+111E473- 48 83 41 08 10 - add qword ptr [rcx+08],10 { 16 }
PathOfExile_x64.exe+111E478- EB 09 - jmp PathOfExile_x64.exe+111E483
PathOfExile_x64.exe+111E47A- 4C 8D 45 48 - lea r8,[rbp+48]
PathOfExile_x64.exe+111E47E- E8 2D060EFF - call PathOfExile_x64.exe+1FEAB0
PathOfExile_x64.exe+111E483- 48 8B 4D A0 - mov rcx,[rbp-60]
PathOfExile_x64.exe+111E487- 48 83 C1 20 - add rcx,20 { 32 }
PathOfExile_x64.exe+111E48B- 48 03 CB - add rcx,rbx
PathOfExile_x64.exe+111E48E- 48 8B 51 08 - mov rdx,[rcx+08]
PathOfExile_x64.exe+111E492- 48 39 51 10 - cmp [rcx+10],rdx
PathOfExile_x64.exe+111E496- 74 0A - je PathOfExile_x64.exe+111E4A2
PathOfExile_x64.exe+111E498- 0F11 32 - movups [rdx],xmm6
PathOfExile_x64.exe+111E49B- 48 83 41 08 10 - add qword ptr [rcx+08],10 { 16 }
PathOfExile_x64.exe+111E4A0- EB 0C - jmp PathOfExile_x64.exe+111E4AE
PathOfExile_x64.exe+111E4A2- 4C 8D 85 50010000 - lea r8,[rbp+00000150]
PathOfExile_x64.exe+111E4A9- E8 02060EFF - call PathOfExile_x64.exe+1FEAB0
PathOfExile_x64.exe+111E4AE- 48 8B 45 A0 - mov rax,[rbp-60]
PathOfExile_x64.exe+111E4B2- 48 FF 04 03 - inc [rbx+rax]
PathOfExile_x64.exe+111E4B6- 48 FF C7 - inc rdi
PathOfExile_x64.exe+111E4B9- 49 3B FE - cmp rdi,r14
PathOfExile_x64.exe+111E4BC- 0F82 10FFFFFF - jb PathOfExile_x64.exe+111E3D2
PathOfExile_x64.exe+111E4C2- 49 8B 87 90150000 - mov rax,[r15+00001590]
PathOfExile_x64.exe+111E4C9- 48 8B 48 40 - mov rcx,[rax+40]
PathOfExile_x64.exe+111E4CD- 48 8B 01 - mov rax,[rcx]
PathOfExile_x64.exe+111E4D0- 8B 48 30 - mov ecx,[rax+30]
PathOfExile_x64.exe+111E4D3- 8B 40 2C - mov eax,[rax+2C]

So PathOfExile_x64.exe+111E4C1 isn't a full instruction, but PathOfExile_x64.exe+111E4C2 is, so try +B7 as the offset.

crashed

with b7

scriptkiddy · Post by **scriptkiddy** » Wed Jan 29, 2020 4:15 pm

Unhandled exception at 0x00007FF63A35E410 in PathOfExile_x64.exe: 0xC0000005: Access violation reading location 0x0000000000000038. occurred when i debug. gonna take a look at that

TimFun13 · Post by **TimFun13** » Wed Jan 29, 2020 8:57 pm

scriptkiddy wrote: ↑
Wed Jan 29, 2020 4:15 pm
Unhandled exception at 0x00007FF63A35E410 in PathOfExile_x64.exe: 0xC0000005: Access violation reading location 0x0000000000000038. occurred when i debug. gonna take a look at that

Sounds like it would be something with this line:
PathOfExile_x64.exe+111E411- BB 38000000 - mov ebx,00000038 { 56 }
Or when it reads from rbx further down. So there might be some where it's jumping back to that spot, but that's mostly a guess.

scriptkiddy · Post by **scriptkiddy** » Thu Jan 30, 2020 4:13 am

Yeah i think i'll just stop here. Maybe pick it up later. I'm not understanding what its even doing well so that isnt helping me solve the problem. Ill probably read up more on how memory works before i try again. I thank you a lot for trying to help though

FearLess Cheat Engine

Looking for help AOB

Looking for help AOB

Re: Looking for help AOB

Re: Looking for help AOB

Re: Looking for help AOB

Re: Looking for help AOB

Re: Looking for help AOB

Re: Looking for help AOB

Re: Looking for help AOB

Re: Looking for help AOB

Re: Looking for help AOB

Re: Looking for help AOB

Re: Looking for help AOB

Re: Looking for help AOB

Re: Looking for help AOB

Who is online