Attack
Cheater
![]() Reputation: 0
Joined: 21 Mar 2011
Posts: 46
Location: Canada
|
 Posted: Tue Feb 03, 2015 8:55 pm Post subject: |
 |
|
Thank you. Figured it out using that topic.
| Code: | [ENABLE]
alloc(newmem,512)
label(returnhere)
label(originalcode)
registersymbol(originalcode) // req to store original code for the disable
label(endTime)
label(custom_code)
registersymbol(endTime) // the flag
aobscan(aobTime,8D 0C 8D 20 9E ?? 01) // address for code injection
registersymbol(aobTime)
newmem:
cmp byte ptr [endTime],1 // if flag==1
je custom_code // run injected code
jmp originalcode // else run og code
custom_code:
mov byte ptr [endTime],0 // turn flag off
sub eax,eax // what we want to do
jmp originalcode // run original code
originalcode:
readmem(aobTime,7) // read memory at address found by aob, i.e. original code
jmp returnhere // exit
endTime:
db 0 // set flag to off
aobTime: // the code we inject
jmp newmem // just jumps to a code cave CT finds for us
nop
nop // original instruction is 7 bytes, jmp is 5, thus 2 nops
returnhere: // the end
[DISABLE]
dealloc(newmem) // collapse the cave
aobTime: // address we are restoring
readmem(originalcode,7) // the registered label stores the original code after the first readmem
unregistersymbol(endTime) //clean up
unregistersymbol(aobTime)
unregistersymbol(originalcode) |
I posted it using comments in case someone else stumbles across this.
Thanks Geri and ++METHOS. I'm sure I'll be back if I cannot figure out flying. Last thing I am doing cheat wise for this game. |
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
