wayden
Cheater
![]() Reputation: 0
Joined: 09 Dec 2020
Posts: 27
|
 Posted: Fri Jul 07, 2023 11:46 am Post subject: [SOLVED]Comparing Hex Value |
 |
|
Hi,
i was searching on the forum but didn't find any way to cmp 4bytes value to a 4Bytes hex value or the syntax i sould use for that
| Code: |
cmp [r12+2],A082CD25
|
so in this code im trying to interprete the 4bytes inside r12+2 as an hex value and compare it to the 4bytes hex A082CD25, problem, it doesn't seem to work i tried this syntax
| Code: |
cmp [r12+2],A082CD25h
|
but it doesn't compile then i tried
| Code: |
cmp [r12+2],0xA082CD25
|
and it compiled but the cmp still does not work
here is the full script:
| Code: |
{ Game : HellIsOthers_launcher.exe
Version:
Date : 2023-07-07
Author : wayden
This script does blah blah blah
}
[ENABLE]
aobscanmodule(Invicibleonehitkill,GameAssembly.dll,49 89 44 24 10 4D) // should be unique
alloc(newmem,$1000)
label(code)
label(originalcode)
label(return)
newmem:
code:
cmp [r12+2],0xA082CD25 //hex for player ID
jne originalcode
mov rax,[r12+20] //mov max life into rax
mov [r12+10],rax // move rax into current life
jmp return
originalcode:
mov rax,[r12+10] //mov current life into rax
sub [r12+10],rax // sub rax to current life
jmp return
Invicibleonehitkill:
jmp newmem
return:
registersymbol(Invicibleonehitkill)
[DISABLE]
Invicibleonehitkill:
db 49 89 44 24 10 4D
unregistersymbol(Invicibleonehitkill)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+BFEBEC
GameAssembly.dll+BFEBC1: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+BFEBC4: 48 89 84 24 C0 00 00 00 - mov [rsp+000000C0],rax
GameAssembly.dll+BFEBCC: 48 8D 0C 28 - lea rcx,[rax+rbp]
GameAssembly.dll+BFEBD0: 41 8D 50 01 - lea edx,[r8+01]
GameAssembly.dll+BFEBD4: E8 D7 B6 07 00 - call Quantum.SMaths.Round
GameAssembly.dll+BFEBD9: 4D 8B 44 24 20 - mov r8,[r12+20]
GameAssembly.dll+BFEBDE: 45 33 C9 - xor r9d,r9d
GameAssembly.dll+BFEBE1: 48 8B D6 - mov rdx,rsi
GameAssembly.dll+BFEBE4: 48 8B C8 - mov rcx,rax
GameAssembly.dll+BFEBE7: E8 64 96 74 01 - call Photon.Deterministic.FPMath.Clamp
// ---------- INJECTING HERE ----------
GameAssembly.dll+BFEBEC: 49 89 44 24 10 - mov [r12+10],rax
// ---------- DONE INJECTING ----------
GameAssembly.dll+BFEBF1: 4D 85 ED - test r13,r13
GameAssembly.dll+BFEBF4: 0F 84 23 01 00 00 - je GameAssembly.dll+BFED1D
GameAssembly.dll+BFEBFA: 8B 84 24 C8 00 00 00 - mov eax,[rsp+000000C8]
GameAssembly.dll+BFEC01: 49 8D 8D 08 04 00 00 - lea rcx,[r13+00000408]
GameAssembly.dll+BFEC08: 8B 9C 24 E0 00 00 00 - mov ebx,[rsp+000000E0]
GameAssembly.dll+BFEC0F: 4C 8B CD - mov r9,rbp
GameAssembly.dll+BFEC12: 4C 8B B4 24 D0 00 00 00 - mov r14,[rsp+000000D0]
GameAssembly.dll+BFEC1A: 4D 8B C4 - mov r8,r12
GameAssembly.dll+BFEC1D: 48 89 74 24 40 - mov [rsp+40],rsi
GameAssembly.dll+BFEC22: 48 8B D7 - mov rdx,rdi
}
|
as you can see after the cmp if it's equal it shouldn't go to originalcode just continue with exec but after testing it always go to originalcode
so i was wondering if it comes from the cmp or if it could be because of some "flags" ive seen someone flush before and pop after but only because he injected right after a cmp is it needed here too ?
EDIT :
Aight Im just dumb
| Code: |
cmp [r12+2],0xA082CD25
|
this works fine with the good offset
| Code: |
cmp [r12+8],0xA082CD25
|
just did 10 - 8 in base 10 instead of 16 meh..
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
