Script Question

Post your topics and discussions here that you can't find a good section for.
Post Reply
lllccc
Cheater
Cheater
Posts: 27
Joined: Wed Sep 06, 2017 11:59 pm
Reputation: 3

Script Question

Post by lllccc »

so im trying to mod an old game "Leisure Suit Larry 7 - Love for Sail!" and i got the script i put the script pointing lines
i found out the pointer is 4 in the struc but when i enable the script every goes good but its always 1-2 address under i move the pointer to lower it but even putting it at 0 its still lower i tired changing the [ebx] to any other but here is to high or to low lol is anyone can help this is the script i am looking at


aobscanmodule(INJECT,SIERW5.EXE,C9 FC FF 8B 5B 04 01 CB 0F BF 03 0F B6 5E 01) // should be unique
alloc(newmem,$1000)
alloc(myvar,4)
registersymbol(myvar)
label(code)
label(return)

newmem:

code:
mov [myvar],esi
movsx eax,word ptr [ebx]
movzx ebx,byte ptr [esi+01]
jmp return

INJECT+08:
jmp newmem
nop
nop
return:
registersymbol(INJECT)

User avatar
++METHOS
Administration
Administration
Posts: 275
Joined: Thu Mar 02, 2017 9:02 pm
Reputation: 95

Re: Script Question

Post by ++METHOS »

Not sure what you're asking, but you can have negative offsets:

[ebx-2]

lllccc
Cheater
Cheater
Posts: 27
Joined: Wed Sep 06, 2017 11:59 pm
Reputation: 3

Re: Script Question

Post by lllccc »

i didnt know you could have a negative offset and now i do lol thank you so much i will give that a try first thing after work lol

was asking hot i could fix it to get the pointer to grab the right address but now i know negative offset can be done should make things easier

User avatar
seikur0
Code Alchemist
Code Alchemist
Posts: 438
Joined: Sat Aug 26, 2017 10:48 am
Reputation: 344

Re: Script Question

Post by seikur0 »

I'm not exactly sure, what you want, but try this:

Code: Select all

aobscanmodule(INJECT,SIERW5.EXE,C9 FC FF 8B 5B 04 01 CB 0F BF 03 0F B6 5E 01) // should be unique
alloc(newmem,$1000)
label(myvar)
registersymbol(myvar)
label(code)
label(return)

newmem:

lea eax,[esi+01]
mov [myvar],eax

code:
movsx eax,word ptr [ebx]
movzx ebx,byte ptr [esi+01]
jmp return

myvar:
dd 0

INJECT+08:
jmp newmem
nop
nop
return:
registersymbol(INJECT)
And in your table add myvar as pointer and change the type to byte. (Assuming you want the value that gets written into ebx.)

I also removed the memory allocation for myvar and put it as symbol at the end of newmem instead. As a general rule there's likely no need to allocate memory more than once in one script.

lllccc
Cheater
Cheater
Posts: 27
Joined: Wed Sep 06, 2017 11:59 pm
Reputation: 3

Re: Script Question

Post by lllccc »

hmm maybe i could of worded this better sorry guys

what i wanted to know is why after getting the pointers its ether higher or lower then the address i am getting example money is 030898E8 but if i put in 04 as it says in strucs its 030898E6 or if i go to 00 its still to low but if i change ebx to eax is higher and just wanted know how i can fix it to get the right address with that script

EXAMPLE
[Link]

top one is the found 1 and the bottom one is the pointer from the script thats eax and its way higher (that's pointer 04)

User avatar
seikur0
Code Alchemist
Code Alchemist
Posts: 438
Joined: Sat Aug 26, 2017 10:48 am
Reputation: 344

Re: Script Question

Post by seikur0 »

I can't see that image anymore (100% third party hosting usage), can you reupload it?

So you found the money manually and then you did "Find out what accesses this address", right?
Which of the lines did access the address then?
This one: movsx eax,word ptr [ebx]
or that one: movzx ebx,byte ptr [esi+01]

Post Reply

Who is online

Users browsing this forum: No registered users