Change Zombie Model

[Kito]

This might be a fairly stupid question but here we go..
I'm working currently on a Model Changer for BO2 Zombies but it only works when the next round starts.
It's not a big deal but i would like to have them changed in real time.
i've read somewhere in this case i should use another Injection point but i couldn't find one or i'm too stupid. :/

memory view: [Link]
here's the script in case anyone need it.

Code: Select all

[ENABLE]
aobscanmodule(ZombieModel,t6zm.exe,66 89 9F DC 00 00 00 57 E8 A5)
alloc(newmem,$1000)
registersymbol(pZombieModel)
label(pZombieModel)
label(rZombieModel)
label(code)
label(return)

newmem:

pZombieModel:
  dd (int)0

rZombieModel:
  cmp [pZombieModel],(int)0 // 0 Crashes the game so that's why i have a cmp 0 here.
  je code
  push rbx
  mov rbx,[pZombieModel]
  mov [edi+000000DC],rbx
  pop rbx
  jmp return

code:
  mov [edi+000000DC],bx
  jmp return

ZombieModel:
  jmp rZombieModel
  nop 2
return:
registersymbol(ZombieModel)
[DISABLE]
ZombieModel:
  db 66 89 9F DC 00 00 00
unregistersymbol(ZombieModel)
unregistersymbol(pZombieModel)
dealloc(newmem)

hope someone could help me <.<

[Rhark]

You would need an address in memory that is being constantly accessed that deals with the same stuff you're working with. Some games you just have to deal with having it like the way you currently have it, only on load.

Try finding what accesses the instruction you're injecting on and then add one of the addresses that pops up into your table. Right-click that and find what accesses it. If nothing is accessing it whilst you're playing in-game then it COULD mean that this isn't possible.

However, there are plenty of other methods to try which take longer (e.g. finding an offset in another register that points to the structure you're altering addresses in which may be constantly accessed).