{ Game   : FlashPlayerPlugin_22_0_0_192.exe
  Version: 
  Date   : 2016-06-23
  Author : zm0d

  This script does blah blah blah
}

[ENABLE]

aobscan(INJECT,2B DF 89 5E 1C E9 4A) // should be unique
alloc(newmem,$1000)

label(code)
label(return)

newmem:

code:
  sub ebx,edi // original
  mov [esi+1C],ebx // original
  mov ebx,0 // set damage to 0
  push eax // save eax
  mov eax,[esi+2c] // get max health
  mov [esi+1c],eax // set current health to max health
  pop eax // restore eax
  jmp return

INJECT:
  jmp code
return:
registersymbol(INJECT)

[DISABLE]

INJECT:
  db 2B DF 89 5E 1C

unregistersymbol(INJECT)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: 206264B4

20626497: 89 BD 0C FE FF FF  -  mov [ebp-000001F4],edi
2062649D: 8B 43 04           -  mov eax,[ebx+04]
206264A0: 83 EC 04           -  sub esp,04
206264A3: 56                 -  push esi
206264A4: 6A 01              -  push 01
206264A6: 53                 -  push ebx
206264A7: FF D0              -  call eax
206264A9: 83 C4 10           -  add esp,10
206264AC: E9 CF FE FF FF     -  jmp 20626380
206264B1: 8B 5E 1C           -  mov ebx,[esi+1C]
// ---------- INJECTING HERE ----------
206264B4: 2B DF              -  sub ebx,edi
206264B6: 89 5E 1C           -  mov [esi+1C],ebx
// ---------- DONE INJECTING  ----------
206264B9: E9 4A FF FF FF     -  jmp 20626408
206264BE: 8D 49 64           -  lea ecx,[ecx+64]
206264C1: 8D 95 30 FE FF FF  -  lea edx,[ebp-000001D0]
206264C7: E8 14 0C CF EF     -  call NPSWF32_22_0_0_192.dll+7F70E0
206264CC: 8B 58 10           -  mov ebx,[eax+10]
206264CF: 85 DB              -  test ebx,ebx
206264D1: 0F 84 9F 40 00 00  -  je 2062A576
206264D7: 8B 4B 20           -  mov ecx,[ebx+20]
206264DA: 8B 9D 68 FE FF FF  -  mov ebx,[ebp-00000198]
206264E0: 85 C9              -  test ecx,ecx
}