View previous topic :: View next topic |
Author |
Message |
jaehui48 Newbie cheater Reputation: 0
Joined: 13 Mar 2017 Posts: 10
|
Posted: Mon Mar 13, 2017 6:28 am Post subject: help me for making a aob code |
|
|
[ENABLE]
aobscan(INJECT,3B 45 98 7C 09) // should be unique
alloc(newmem,$1000,42F0D2B6)
label(code)
label(return)
newmem:
code:
cmp eax,[rbp-68]
jl 42F0D2C4
jmp return
INJECT:
jmp code
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db 3B 45 98 7C 09
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 42F0D2B6
42F0D28D: 3B 45 A8 - cmp eax,[rbp-58]
42F0D290: 0F 85 0E 01 00 00 - jne 42F0D3A4
42F0D296: 49 8B 46 10 - mov rax,[r14+10]
42F0D29A: 48 63 4D C0 - movsxd rcx,dword ptr [rbp-40]
42F0D29E: 48 63 C9 - movsxd rcx,ecx
42F0D2A1: 39 48 18 - cmp [rax+18],ecx
42F0D2A4: 0F 86 AB 03 00 00 - jbe 42F0D655
42F0D2AA: 48 8D 44 C8 20 - lea rax,[rax+rcx*8+20]
42F0D2AF: 48 8B 00 - mov rax,[rax]
42F0D2B2: 48 63 40 24 - movsxd rax,dword ptr [rax+24]
// ---------- INJECTING HERE ----------
42F0D2B6: 3B 45 98 - cmp eax,[rbp-68]
42F0D2B9: 7C 09 - jl 42F0D2C4
// ---------- DONE INJECTING ----------
42F0D2BB: C6 45 C6 01 - mov byte ptr [rbp-3A],01
42F0D2BF: E9 DA 00 00 00 - jmp 42F0D39E
42F0D2C4: 49 8B 46 10 - mov rax,[r14+10]
42F0D2C8: 48 63 4D C0 - movsxd rcx,dword ptr [rbp-40]
42F0D2CC: 48 63 C9 - movsxd rcx,ecx
42F0D2CF: 39 48 18 - cmp [rax+18],ecx
42F0D2D2: 0F 86 76 03 00 00 - jbe 42F0D64E
42F0D2D8: 48 8D 44 C8 20 - lea rax,[rax+rcx*8+20]
42F0D2DD: 48 8B 00 - mov rax,[rax]
42F0D2E0: 48 63 48 24 - movsxd rcx,dword ptr [rax+24]
}
it's aob code.
i hope to make jl 42F0D2C4 => jmp 42F0D2C4
i can make it in code injection
but i can't make it in aob injection
jl 42F0D2C4 = db 7C 09
then i don't know what is the jmp 42F0D2C4?
db 49 8B 46 10?
help me
and sorry my bad english
|
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Mon Mar 13, 2017 7:20 am Post subject: |
|
|
I gave you an example earlier, but not thinking, I do not know if CE is intelligent enough to calculate the jump correctly, so you may need to use reassemble in this case.
Alternatively, just inject at 1 or 2 instructions above that instruction -- instead of injecting at that location with the problem jump.
|
|
Back to top |
|
|
jaehui48 Newbie cheater Reputation: 0
Joined: 13 Mar 2017 Posts: 10
|
Posted: Mon Mar 13, 2017 7:29 am Post subject: |
|
|
++METHOS wrote: | I gave you an example earlier, but not thinking, I do not know if CE is intelligent enough to calculate the jump correctly, so you may need to use reassemble in this case.
Alternatively, just inject at 1 or 2 instructions above that instruction -- instead of injecting at that location with the problem jump. |
oops i couldn't understand what your mean
and now maybe i understand it.
thanks !
|
|
Back to top |
|
|
TheyCallMeTim13 Wiki Contributor Reputation: 50
Joined: 24 Feb 2017 Posts: 976 Location: Pluto
|
Posted: Mon Mar 13, 2017 7:30 am Post subject: |
|
|
this should work.
Code: |
aobscan(INJECT,3B 45 98 7C 09)
INJECT+3:
db EB 09
|
jl = 7C
jmp = EB
This can also work but is more prone to assembling differences.
Code: |
aobscan(INJECT,3B 45 98 7C 09)
INJECT+3:
jmp short INJECT+C
|
_________________
|
|
Back to top |
|
|
jaehui48 Newbie cheater Reputation: 0
Joined: 13 Mar 2017 Posts: 10
|
Posted: Mon Mar 13, 2017 7:34 am Post subject: |
|
|
TheyCallMeTim13 wrote: | this should work.
Code: |
aobscan(INJECT,3B 45 98 7C 09)
INJECT+3:
db EB 09
|
jl = 7C
jmp = EB
This can also work but is more prone to assembling differences.
Code: |
aobscan(INJECT,3B 45 98 7C 09)
INJECT+3:
jmp short INJECT+C
|
|
wow... how can i know another code like jbe je jne jg ~~ e.t.c?
i hope to know more infomation
|
|
Back to top |
|
|
TheyCallMeTim13 Wiki Contributor Reputation: 50
Joined: 24 Feb 2017 Posts: 976 Location: Pluto
|
|
Back to top |
|
|
jaehui48 Newbie cheater Reputation: 0
Joined: 13 Mar 2017 Posts: 10
|
Posted: Mon Mar 13, 2017 7:55 am Post subject: |
|
|
++METHOS wrote: | I gave you an example earlier, but not thinking, I do not know if CE is intelligent enough to calculate the jump correctly, so you may need to use reassemble in this case.
Alternatively, just inject at 1 or 2 instructions above that instruction -- instead of injecting at that location with the problem jump. |
maybe i have to using readmem.
my aob code isn't work when i restart the game
|
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Mon Mar 13, 2017 9:39 am Post subject: |
|
|
Just inject above the instruction:
Code: | 42F0D2AA: 48 8D 44 C8 20 - lea rax,[rax+rcx*8+20] //inject here, instead
42F0D2AF: 48 8B 00 - mov rax,[rax]
42F0D2B2: 48 63 40 24 - movsxd rax,dword ptr [rax+24]
42F0D2B6: 3B 45 98 - cmp eax,[rbp-68] //do not inject here
42F0D2B9: 7C 09 - jl 42F0D2C4 |
|
|
Back to top |
|
|
|