4
"Step 1 v.1"
FF8000
Auto Assembler Script
{ Game : gtutorial-i386.exe
Version:
Date : 2018-06-22
Author : Garik66
This script does blah blah blah
}
[ENABLE]
aobscanmodule(Babax,gtutorial-i386.exe,89 50 58 83 78 54 00) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
registersymbol(Babax)
newmem:
sub edx,[eax+5C]
code:
mov [eax+58],edx
cmp dword ptr [eax+54],00
jmp return
Babax:
jmp newmem
db 90 90
return:
[DISABLE]
Babax:
db 89 50 58 83 78 54 00
unregistersymbol(Babax)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "gtutorial-i386.exe"+314F0
"gtutorial-i386.exe"+314D9: 00 00 - add [eax],al
"gtutorial-i386.exe"+314DB: 00 00 - add [eax],al
"gtutorial-i386.exe"+314DD: 00 00 - add [eax],al
"gtutorial-i386.exe"+314DF: 00 8B 40 58 85 C0 - add [ebx-3F7AA7C0],cl
"gtutorial-i386.exe"+314E5: 7F 04 - jg gtutorial-i386.exe+314EB
"gtutorial-i386.exe"+314E7: B0 01 - mov al,01
"gtutorial-i386.exe"+314E9: EB 02 - jmp gtutorial-i386.exe+314ED
"gtutorial-i386.exe"+314EB: B0 00 - mov al,00
"gtutorial-i386.exe"+314ED: C3 - ret
"gtutorial-i386.exe"+314EE: 00 00 - add [eax],al
// ---------- INJECTING HERE ----------
"gtutorial-i386.exe"+314F0: 89 50 58 - mov [eax+58],edx
"gtutorial-i386.exe"+314F3: 83 78 54 00 - cmp dword ptr [eax+54],00
// ---------- DONE INJECTING ----------
"gtutorial-i386.exe"+314F7: 74 16 - je gtutorial-i386.exe+3150F
"gtutorial-i386.exe"+314F9: DB 40 58 - fild dword ptr [eax+58]
"gtutorial-i386.exe"+314FC: DB 40 5C - fild dword ptr [eax+5C]
"gtutorial-i386.exe"+314FF: DE F9 - fdivp st(1),st(0)
"gtutorial-i386.exe"+31501: DB 2D A0 13 61 00 - fld tword ptr [gtutorial-i386.exe+2113A0]
"gtutorial-i386.exe"+31507: DE C9 - fmulp st(1),st(0)
"gtutorial-i386.exe"+31509: 8B 40 54 - mov eax,[eax+54]
"gtutorial-i386.exe"+3150C: D9 58 3C - fstp dword ptr [eax+3C]
"gtutorial-i386.exe"+3150F: C3 - ret
"gtutorial-i386.exe"+31510: 8D 64 24 FC - lea esp,[esp-04]
}
5
"Step 1 v.2"
FF8000
Auto Assembler Script
{
Game : gtutorial-i386.exe
Version: 1.0
Date : 06-22-18
Author : Garrk66
Version CE: 6.5 Make by aamaker Lua plagin Version 2.4.0.G66.1 :)
[EN] Technical support: http://forum.cheatengine.org/viewtopic.php?p=5645967
[RU] Техническая поддержка: https://forum.gamehacklab.ru/index.php?/topic/1415-plugin-aa-maker-создание-аа-скриптов
}
[ENABLE]
aobscanmodule(Step,gtutorial-i386.exe+327C4,7fxx8bxxxx8bxxxx8bxxxx8bxxxx8bxxffxxxxxxxxxx8b)
registersymbol(Step)
Step:
db 90 90
[DISABLE]
Step:
db 7F 14
unregistersymbol(Step)
{
// ORIGINAL CODE - INJECTION POINT: gtutorial-i386.exe+327C4
gtutorial-i386.exe+327A3: 8B 45 E0 - mov eax,[ebp-20]
gtutorial-i386.exe+327A6: 8B 50 18 - mov edx,[eax+18]
gtutorial-i386.exe+327A9: 8B 42 58 - mov eax,[edx+58]
gtutorial-i386.exe+327AC: 8D 50 E8 - lea edx,[eax-18]
gtutorial-i386.exe+327AF: 8B 4D E0 - mov ecx,[ebp-20]
gtutorial-i386.exe+327B2: 8B 41 18 - mov eax,[ecx+18]
gtutorial-i386.exe+327B5: E8 36EDFFFF - call 004314F0
gtutorial-i386.exe+327BA: 8B 55 E0 - mov edx,[ebp-20]
gtutorial-i386.exe+327BD: 8B 42 18 - mov eax,[edx+18]
gtutorial-i386.exe+327C0: 83 78 58 00 - cmp dword ptr [eax+58],00
// ---------- INJECTING HERE -----------
gtutorial-i386.exe+327C4: 7F 14 - jg 004327DA
// ---------- DONE INJECTING ----------
gtutorial-i386.exe+327C6: 8B 55 E0 - mov edx,[ebp-20]
gtutorial-i386.exe+327C9: 8B 42 18 - mov eax,[edx+18]
gtutorial-i386.exe+327CC: 8B 55 E0 - mov edx,[ebp-20]
gtutorial-i386.exe+327CF: 8B 4A 18 - mov ecx,[edx+18]
gtutorial-i386.exe+327D2: 8B 11 - mov edx,[ecx]
gtutorial-i386.exe+327D4: FF 92 90000000 - call dword ptr [edx+00000090]
gtutorial-i386.exe+327DA: 8B 55 E0 - mov edx,[ebp-20]
gtutorial-i386.exe+327DD: 8D 44 9A 1C - lea eax,[edx+ebx*4+1C]
gtutorial-i386.exe+327E1: E8 7A95FFFF - call 0042BD60
gtutorial-i386.exe+327E6: 8B 45 E0 - mov eax,[ebp-20]
}
7
"Step 1 v.3"
FF8000
Auto Assembler Script
{ Game : gtutorial-i386.exe
Version:
Date : 2018-06-22
Author : Garik66
This script does blah blah blah
}
[ENABLE]
aobscanmodule(NORECOIL,gtutorial-i386.exe,83 40 3C 01 8B 45 C0) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
registersymbol(NORECOIL)
newmem:
dec [eax+3C]
code:
add dword ptr [eax+3C],01
mov eax,[ebp-40]
jmp return
NORECOIL:
jmp newmem
db 90 90
return:
[DISABLE]
NORECOIL:
db 83 40 3C 01 8B 45 C0
unregistersymbol(NORECOIL)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "gtutorial-i386.exe"+32385
"gtutorial-i386.exe"+32365: 8B 40 20 - mov eax,[eax+20]
"gtutorial-i386.exe"+32368: 89 42 20 - mov [edx+20],eax
"gtutorial-i386.exe"+3236B: 8B 45 C0 - mov eax,[ebp-40]
"gtutorial-i386.exe"+3236E: 8B 54 98 1C - mov edx,[eax+ebx*4+1C]
"gtutorial-i386.exe"+32372: 8B 45 C0 - mov eax,[ebp-40]
"gtutorial-i386.exe"+32375: 8B 48 14 - mov ecx,[eax+14]
"gtutorial-i386.exe"+32378: 8B 41 2C - mov eax,[ecx+2C]
"gtutorial-i386.exe"+3237B: 89 42 2C - mov [edx+2C],eax
"gtutorial-i386.exe"+3237E: C6 45 C8 01 - mov byte ptr [ebp-38],01
"gtutorial-i386.exe"+32382: 8B 45 C0 - mov eax,[ebp-40]
// ---------- INJECTING HERE ----------
"gtutorial-i386.exe"+32385: 83 40 3C 01 - add dword ptr [eax+3C],01
"gtutorial-i386.exe"+32389: 8B 45 C0 - mov eax,[ebp-40]
// ---------- DONE INJECTING ----------
"gtutorial-i386.exe"+3238C: 89 78 40 - mov [eax+40],edi
"gtutorial-i386.exe"+3238F: 8B 45 C0 - mov eax,[ebp-40]
"gtutorial-i386.exe"+32392: 89 70 44 - mov [eax+44],esi
"gtutorial-i386.exe"+32395: 8D 45 D4 - lea eax,[ebp-2C]
"gtutorial-i386.exe"+32398: 50 - push eax
"gtutorial-i386.exe"+32399: 8B 45 C0 - mov eax,[ebp-40]
"gtutorial-i386.exe"+3239C: 8B 50 3C - mov edx,[eax+3C]
"gtutorial-i386.exe"+3239F: B8 05 00 00 00 - mov eax,00000005
"gtutorial-i386.exe"+323A4: 29 D0 - sub eax,edx
"gtutorial-i386.exe"+323A6: 89 45 D0 - mov [ebp-30],eax
}
8
"Step 1 v.4"
FF8000
Auto Assembler Script
{ Game : gtutorial-i386.exe
Version:
Date : 2018-06-22
Author : Garik66
This script does blah blah blah
}
[ENABLE]
aobscanmodule(Completion,gtutorial-i386.exe,74 42 8B 55 E0) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
registersymbol(Completion)
newmem:
jmp gtutorial-i386.exe+3287B
code:
je gtutorial-i386.exe+32891
mov edx,[ebp-20]
jmp return
Completion:
jmp newmem
return:
[DISABLE]
Completion:
db 74 42 8B 55 E0
unregistersymbol(Completion)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "gtutorial-i386.exe"+3284D
"gtutorial-i386.exe"+3282C: 9E - sahf
"gtutorial-i386.exe"+3282D: 7A 0E - jp gtutorial-i386.exe+3283D
"gtutorial-i386.exe"+3282F: 76 0C - jna gtutorial-i386.exe+3283D
"gtutorial-i386.exe"+32831: 8B 55 E0 - mov edx,[ebp-20]
"gtutorial-i386.exe"+32834: 8D 44 9A 1C - lea eax,[edx+ebx*4+1C]
"gtutorial-i386.exe"+32838: E8 23 95 FF FF - call gtutorial-i386.exe+2BD60
"gtutorial-i386.exe"+3283D: 83 FB 04 - cmp ebx,04
"gtutorial-i386.exe"+32840: 0F 8C DE FE FF FF - jl gtutorial-i386.exe+32724
"gtutorial-i386.exe"+32846: 8B 45 E0 - mov eax,[ebp-20]
"gtutorial-i386.exe"+32849: 83 78 18 00 - cmp dword ptr [eax+18],00
// ---------- INJECTING HERE ----------
"gtutorial-i386.exe"+3284D: 74 42 - je gtutorial-i386.exe+32891
"gtutorial-i386.exe"+3284F: 8B 55 E0 - mov edx,[ebp-20]
// ---------- DONE INJECTING ----------
"gtutorial-i386.exe"+32852: 8B 42 18 - mov eax,[edx+18]
"gtutorial-i386.exe"+32855: E8 86 EC FF FF - call gtutorial-i386.exe+314E0
"gtutorial-i386.exe"+3285A: 84 C0 - test al,al
"gtutorial-i386.exe"+3285C: 74 33 - je gtutorial-i386.exe+32891
"gtutorial-i386.exe"+3285E: 8B 55 E0 - mov edx,[ebp-20]
"gtutorial-i386.exe"+32861: 8B 42 18 - mov eax,[edx+18]
"gtutorial-i386.exe"+32864: E8 77 DA FF FF - call gtutorial-i386.exe+302E0
"gtutorial-i386.exe"+32869: 84 C0 - test al,al
"gtutorial-i386.exe"+3286B: 74 24 - je gtutorial-i386.exe+32891
"gtutorial-i386.exe"+3286D: 8B 55 E0 - mov edx,[ebp-20]
}
16
"Step 2 v.1"
008000
Auto Assembler Script
{ Game : gtutorial-i386.exe
Version:
Date : 2018-06-22
Author : Garik66
This script does blah blah blah
}
[ENABLE]
aobscanmodule(HP,gtutorial-i386.exe,8B 42 14 89 CA) // should be unique
aobscanmodule(HP1,gtutorial-i386.exe,8B 42 18 89 CA)
aobscanmodule(HP2,gtutorial-i386.exe,8B 42 1C 89 CA E8 B7)
alloc(newmem,$1000)
label(newmem1)
label(newmem2)
label(code)
label(code1)
label(code2)
label(return)
label(return1)
label(return2)
label(GM_Enable)
registersymbol(GM_Enable)
label(OHK_Enable)
registersymbol(OHK_Enable)
registersymbol(HP)
registersymbol(HP1)
registersymbol(HP2)
newmem:
mov eax,[edx+14]
cmp [GM_Enable],1
jne code
xor ecx,ecx
push [eax+54]
pop [eax+50]
code:
mov edx,ecx
jmp return
newmem1:
mov eax,[edx+18]
cmp [OHK_Enable],1
jne code
add ecx,[eax+54]
code1:
mov edx,ecx
jmp return1
newmem2:
mov eax,[edx+1C]
cmp [OHK_Enable],1
jne code
add ecx,[eax+54]
code2:
mov edx,ecx
jmp return2
GM_Enable:
dd 0
OHK_Enable:
dd 0
HP:
jmp newmem
return:
HP1:
jmp newmem1
return1:
HP2:
jmp newmem2
return2:
[DISABLE]
HP:
db 8B 42 14 89 CA
HP1:
db 8B 42 18 89 CA
HP2:
db 8B 42 1C 89 CA
unregistersymbol(GM_Enable)
unregistersymbol(OHK_Enable)
unregistersymbol(HP)
unregistersymbol(HP1)
unregistersymbol(HP2)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "gtutorial-i386.exe"+33890
"gtutorial-i386.exe"+3386E: 8B 0C 99 - mov ecx,[ecx+ebx*4]
"gtutorial-i386.exe"+33871: 8B 09 - mov ecx,[ecx]
"gtutorial-i386.exe"+33873: FF 91 94 00 00 00 - call dword ptr [ecx+00000094]
"gtutorial-i386.exe"+33879: 84 C0 - test al,al
"gtutorial-i386.exe"+3387B: 0F 84 C7 00 00 00 - je gtutorial-i386.exe+33948
"gtutorial-i386.exe"+33881: 8B 55 8C - mov edx,[ebp-74]
"gtutorial-i386.exe"+33884: 8B 42 20 - mov eax,[edx+20]
"gtutorial-i386.exe"+33887: 8B 04 98 - mov eax,[eax+ebx*4]
"gtutorial-i386.exe"+3388A: 8B 48 5C - mov ecx,[eax+5C]
"gtutorial-i386.exe"+3388D: 8B 55 8C - mov edx,[ebp-74]
// ---------- INJECTING HERE ----------
"gtutorial-i386.exe"+33890: 8B 42 14 - mov eax,[edx+14]
"gtutorial-i386.exe"+33893: 89 CA - mov edx,ecx
// ---------- DONE INJECTING ----------
"gtutorial-i386.exe"+33895: E8 D6 12 00 00 - call gtutorial-i386.exe+34B70
"gtutorial-i386.exe"+3389A: 8B 55 8C - mov edx,[ebp-74]
"gtutorial-i386.exe"+3389D: 8B 42 14 - mov eax,[edx+14]
"gtutorial-i386.exe"+338A0: E8 7B 11 00 00 - call gtutorial-i386.exe+34A20
"gtutorial-i386.exe"+338A5: 84 C0 - test al,al
"gtutorial-i386.exe"+338A7: 74 4C - je gtutorial-i386.exe+338F5
"gtutorial-i386.exe"+338A9: 8B 55 8C - mov edx,[ebp-74]
"gtutorial-i386.exe"+338AC: 8B 42 14 - mov eax,[edx+14]
"gtutorial-i386.exe"+338AF: 8B 55 8C - mov edx,[ebp-74]
"gtutorial-i386.exe"+338B2: 8B 4A 14 - mov ecx,[edx+14]
}
{
// ORIGINAL CODE - INJECTION POINT: "gtutorial-i386.exe"+339BA
"gtutorial-i386.exe"+33998: 8B 0C 99 - mov ecx,[ecx+ebx*4]
"gtutorial-i386.exe"+3399B: 8B 09 - mov ecx,[ecx]
"gtutorial-i386.exe"+3399D: FF 91 94 00 00 00 - call dword ptr [ecx+00000094]
"gtutorial-i386.exe"+339A3: 84 C0 - test al,al
"gtutorial-i386.exe"+339A5: 0F 84 92 00 00 00 - je gtutorial-i386.exe+33A3D
"gtutorial-i386.exe"+339AB: 8B 55 8C - mov edx,[ebp-74]
"gtutorial-i386.exe"+339AE: 8B 42 20 - mov eax,[edx+20]
"gtutorial-i386.exe"+339B1: 8B 04 98 - mov eax,[eax+ebx*4]
"gtutorial-i386.exe"+339B4: 8B 48 5C - mov ecx,[eax+5C]
"gtutorial-i386.exe"+339B7: 8B 55 8C - mov edx,[ebp-74]
// ---------- INJECTING HERE ----------
"gtutorial-i386.exe"+339BA: 8B 42 18 - mov eax,[edx+18]
"gtutorial-i386.exe"+339BD: 89 CA - mov edx,ecx
// ---------- DONE INJECTING ----------
"gtutorial-i386.exe"+339BF: E8 AC 11 00 00 - call gtutorial-i386.exe+34B70
"gtutorial-i386.exe"+339C4: 8B 55 8C - mov edx,[ebp-74]
"gtutorial-i386.exe"+339C7: 8B 42 18 - mov eax,[edx+18]
"gtutorial-i386.exe"+339CA: E8 51 10 00 00 - call gtutorial-i386.exe+34A20
"gtutorial-i386.exe"+339CF: 84 C0 - test al,al
"gtutorial-i386.exe"+339D1: 74 5C - je gtutorial-i386.exe+33A2F
"gtutorial-i386.exe"+339D3: 8B 55 8C - mov edx,[ebp-74]
"gtutorial-i386.exe"+339D6: 8B 42 18 - mov eax,[edx+18]
"gtutorial-i386.exe"+339D9: 8B 55 8C - mov edx,[ebp-74]
"gtutorial-i386.exe"+339DC: 8B 4A 18 - mov ecx,[edx+18]
}
{
// ORIGINAL CODE - INJECTION POINT: "gtutorial-i386.exe"+33AAF
"gtutorial-i386.exe"+33A8D: 8B 0C 99 - mov ecx,[ecx+ebx*4]
"gtutorial-i386.exe"+33A90: 8B 09 - mov ecx,[ecx]
"gtutorial-i386.exe"+33A92: FF 91 94 00 00 00 - call dword ptr [ecx+00000094]
"gtutorial-i386.exe"+33A98: 84 C0 - test al,al
"gtutorial-i386.exe"+33A9A: 0F 84 92 00 00 00 - je gtutorial-i386.exe+33B32
"gtutorial-i386.exe"+33AA0: 8B 55 8C - mov edx,[ebp-74]
"gtutorial-i386.exe"+33AA3: 8B 42 20 - mov eax,[edx+20]
"gtutorial-i386.exe"+33AA6: 8B 04 98 - mov eax,[eax+ebx*4]
"gtutorial-i386.exe"+33AA9: 8B 48 5C - mov ecx,[eax+5C]
"gtutorial-i386.exe"+33AAC: 8B 55 8C - mov edx,[ebp-74]
// ---------- INJECTING HERE ----------
"gtutorial-i386.exe"+33AAF: 8B 42 1C - mov eax,[edx+1C]
"gtutorial-i386.exe"+33AB2: 89 CA - mov edx,ecx
// ---------- DONE INJECTING ----------
"gtutorial-i386.exe"+33AB4: E8 B7 10 00 00 - call gtutorial-i386.exe+34B70
"gtutorial-i386.exe"+33AB9: 8B 55 8C - mov edx,[ebp-74]
"gtutorial-i386.exe"+33ABC: 8B 42 1C - mov eax,[edx+1C]
"gtutorial-i386.exe"+33ABF: E8 5C 0F 00 00 - call gtutorial-i386.exe+34A20
"gtutorial-i386.exe"+33AC4: 84 C0 - test al,al
"gtutorial-i386.exe"+33AC6: 74 5C - je gtutorial-i386.exe+33B24
"gtutorial-i386.exe"+33AC8: 8B 55 8C - mov edx,[ebp-74]
"gtutorial-i386.exe"+33ACB: 8B 42 1C - mov eax,[edx+1C]
"gtutorial-i386.exe"+33ACE: 8B 55 8C - mov edx,[ebp-74]
"gtutorial-i386.exe"+33AD1: 8B 4A 1C - mov ecx,[edx+1C]
}
17
"God Mode"
Auto Assembler Script
[ENABLE]
GM_Enable:
dd 1
[DISABLE]
GM_Enable:
dd 0
18
"One Hit Kill"
Auto Assembler Script
[ENABLE]
OHK_Enable:
dd 1
[DISABLE]
OHK_Enable:
dd 0
19
"Step 2 v.4"
008000
Auto Assembler Script
{ Game : gtutorial-i386.exe
Version:
Date : 2018-06-22
Author : Garik66
This script does blah blah blah
}
[ENABLE]
aobscanmodule(Completion2,gtutorial-i386.exe,75 24 8B 45 8C) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
registersymbol(Completion2)
newmem:
jmp gtutorial-i386.exe+33DBB
code:
jne gtutorial-i386.exe+33DD3
mov eax,[ebp-74]
jmp return
Completion2:
jmp newmem
return:
[DISABLE]
Completion2:
db 75 24 8B 45 8C
unregistersymbol(Completion2)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "gtutorial-i386.exe"+33DAD
"gtutorial-i386.exe"+33D86: 8D 55 A8 - lea edx,[ebp-58]
"gtutorial-i386.exe"+33D89: B8 1C 1A 61 00 - mov eax,gtutorial-i386.exe+211A1C
"gtutorial-i386.exe"+33D8E: B9 00 00 00 00 - mov ecx,00000000
"gtutorial-i386.exe"+33D93: E8 08 28 FF FF - call gtutorial-i386.exe+265A0
"gtutorial-i386.exe"+33D98: 8B 55 98 - mov edx,[ebp-68]
"gtutorial-i386.exe"+33D9B: 8B 4D 8C - mov ecx,[ebp-74]
"gtutorial-i386.exe"+33D9E: 8B 41 3C - mov eax,[ecx+3C]
"gtutorial-i386.exe"+33DA1: E8 BA CC FF FF - call gtutorial-i386.exe+30A60
"gtutorial-i386.exe"+33DA6: 8B 45 8C - mov eax,[ebp-74]
"gtutorial-i386.exe"+33DA9: 83 78 18 00 - cmp dword ptr [eax+18],00
// ---------- INJECTING HERE ----------
"gtutorial-i386.exe"+33DAD: 75 24 - jne gtutorial-i386.exe+33DD3
"gtutorial-i386.exe"+33DAF: 8B 45 8C - mov eax,[ebp-74]
// ---------- DONE INJECTING ----------
"gtutorial-i386.exe"+33DB2: 83 78 1C 00 - cmp dword ptr [eax+1C],00
"gtutorial-i386.exe"+33DB6: 75 1B - jne gtutorial-i386.exe+33DD3
"gtutorial-i386.exe"+33DB8: 8B 45 8C - mov eax,[ebp-74]
"gtutorial-i386.exe"+33DBB: C6 40 0C 00 - mov byte ptr [eax+0C],00
"gtutorial-i386.exe"+33DBF: B8 88 1A 61 00 - mov eax,gtutorial-i386.exe+211A88
"gtutorial-i386.exe"+33DC4: E8 27 C9 0D 00 - call gtutorial-i386.exe+1106F0
"gtutorial-i386.exe"+33DC9: 8B 45 8C - mov eax,[ebp-74]
"gtutorial-i386.exe"+33DCC: E8 CF EE FF FF - call gtutorial-i386.exe+32CA0
"gtutorial-i386.exe"+33DD1: EB 00 - jmp gtutorial-i386.exe+33DD3
"gtutorial-i386.exe"+33DD3: E8 88 9F FD FF - call gtutorial-i386.exe+DD60
}
50
"Step 3 v.1 Numpad 0"
0000FF
Auto Assembler Script
{ Game : gtutorial-i386.exe
Version:
Date : 2018-06-23
Author : Garik66
This script does blah blah blah
}
[ENABLE]
aobscanmodule(Stop,gtutorial-i386.exe,D9 5D FC D9 45 FC) // should be unique
aobscanmodule(UP,gtutorial-i386.exe,F0 D9 EE 8D 64 24 FC D9 1C 24 D9 43 20 D9 E0)
aobscanmodule(Y_M,gtutorial-i386.exe,66 89 4A 30 8B 55 FC)
aobscanmodule(Z_M,gtutorial-i386.exe,66 8B 48 0A 66 89 4A 32)
alloc(newmem,$1000)
label(newmem1)
label(newmem2)
label(newmem3)
label(code)
label(code1)
label(code2)
label(code3)
label(return)
label(return1)
label(return2)
label(return3)
label(Y_GG)
label(Z_GG)
label(Center_GG)
label(Y)
label(flag)
registersymbol(flag)
label(flag1)
registersymbol(flag1)
label(flag2)
registersymbol(flag2)
registersymbol(Y_M)
registersymbol(Z_M)
registersymbol(UP)
registersymbol(Stop)
newmem:
fstp dword ptr [ebp-04]
cmp [flag],1
jne code
mov dword ptr [ebp-04],0
code:
fld dword ptr [ebp-04]
jmp return
newmem1:
cmp eax,3DCCCCCD
jne @f
cmp [flag1],1
jne code1
cmp esi,2
jne code1
mov dword ptr [ebx+20],(float)-0.95
jmp code1
@@:
cmp eax,3E19999A
jne code1
cmp [flag2],1
jne code1
cmp [Y],0
je code
cmp [Z],0
je code
fild [Y]
fmul [Y_GG]
fsub [Center_GG]
fstp dword ptr [ebx+1c]
fild [Z]
fmul [Z_GG]
fsub [Center_GG]
fstp dword ptr [ebx+20]
code1:
fld dword ptr [ebx+20]
fchs
jmp return1
newmem2:
mov [Y],cx
code2:
mov [edx+30],cx
mov edx,[ebp-04]
jmp return2
newmem3:
mov cx,[eax+0A]
mov [Z],cx
code3:
mov [edx+32],cx
jmp return3
Y_GG:
dd (float)0.0025
Z_GG:
dd (float)0.0033
Center_GG:
dd (float)1
Y:
dd 0
Z:
dd 0
flag:
dd 0
flag1:
dd 0
flag2:
dd 0
Stop:
jmp newmem
db 90
return:
UP+0A:
jmp newmem1
return1:
Y_M:
jmp newmem2
db 90 90
return2:
Z_M:
jmp newmem3
db 90 90 90
return3:
[DISABLE]
Stop:
db D9 5D FC D9 45 FC
UP+0A:
db D9 43 20 D9 E0
Y_M:
db 66 89 4A 30 8B 55 FC
Z_M:
db 66 8B 48 0A 66 89 4A 32
unregistersymbol(flag)
unregistersymbol(flag1)
unregistersymbol(flag2)
unregistersymbol(Y_M)
unregistersymbol(Z_M)
unregistersymbol(UP)
unregistersymbol(Stop)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "gtutorial-i386.exe"+36A0F
"gtutorial-i386.exe"+369F8: 8B 45 F8 - mov eax,[ebp-08]
"gtutorial-i386.exe"+369FB: C9 - leave
"gtutorial-i386.exe"+369FC: C3 - ret
"gtutorial-i386.exe"+369FD: 00 00 - add [eax],al
"gtutorial-i386.exe"+369FF: 00 55 89 - add [ebp-77],dl
"gtutorial-i386.exe"+36A02: E5 8D - in eax,-73
"gtutorial-i386.exe"+36A04: 64 24 FC - and al,-04
"gtutorial-i386.exe"+36A07: 89 C2 - mov edx,eax
"gtutorial-i386.exe"+36A09: D9 45 08 - fld dword ptr [ebp+08]
"gtutorial-i386.exe"+36A0C: D8 4A 58 - fmul dword ptr [edx+58]
// ---------- INJECTING HERE ----------
"gtutorial-i386.exe"+36A0F: D9 5D FC - fstp dword ptr [ebp-04]
"gtutorial-i386.exe"+36A12: D9 45 FC - fld dword ptr [ebp-04]
// ---------- DONE INJECTING ----------
"gtutorial-i386.exe"+36A15: D8 42 1C - fadd dword ptr [edx+1C]
"gtutorial-i386.exe"+36A18: D9 5A 1C - fstp dword ptr [edx+1C]
"gtutorial-i386.exe"+36A1B: D9 42 54 - fld dword ptr [edx+54]
"gtutorial-i386.exe"+36A1E: D9 42 1C - fld dword ptr [edx+1C]
"gtutorial-i386.exe"+36A21: DE D9 - fcompp
"gtutorial-i386.exe"+36A23: DF E0 - fnstsw ax
"gtutorial-i386.exe"+36A25: 9E - sahf
"gtutorial-i386.exe"+36A26: 7A 10 - jp gtutorial-i386.exe+36A38
"gtutorial-i386.exe"+36A28: 76 0E - jna gtutorial-i386.exe+36A38
"gtutorial-i386.exe"+36A2A: D9 42 58 - fld dword ptr [edx+58]
}
{
// ORIGINAL CODE - INJECTION POINT: "gtutorial-i386.exe"+2FD55
"gtutorial-i386.exe"+2FD33: D8 0D 88 0E 61 00 - fmul dword ptr [gtutorial-i386.exe+210E88]
"gtutorial-i386.exe"+2FD39: D9 5D F4 - fstp dword ptr [ebp-0C]
"gtutorial-i386.exe"+2FD3C: 89 D8 - mov eax,ebx
"gtutorial-i386.exe"+2FD3E: 8B 13 - mov edx,[ebx]
"gtutorial-i386.exe"+2FD40: FF 52 70 - call dword ptr [edx+70]
"gtutorial-i386.exe"+2FD43: D8 0D 88 0E 61 00 - fmul dword ptr [gtutorial-i386.exe+210E88]
"gtutorial-i386.exe"+2FD49: D9 5D F0 - fstp dword ptr [ebp-10]
"gtutorial-i386.exe"+2FD4C: D9 EE - fldz
"gtutorial-i386.exe"+2FD4E: 8D 64 24 FC - lea esp,[esp-04]
"gtutorial-i386.exe"+2FD52: D9 1C 24 - fstp dword ptr [esp]
// ---------- INJECTING HERE ----------
"gtutorial-i386.exe"+2FD55: D9 43 20 - fld dword ptr [ebx+20]
"gtutorial-i386.exe"+2FD58: D9 E0 - fchs
// ---------- DONE INJECTING ----------
"gtutorial-i386.exe"+2FD5A: 8D 64 24 FC - lea esp,[esp-04]
"gtutorial-i386.exe"+2FD5E: D9 1C 24 - fstp dword ptr [esp]
"gtutorial-i386.exe"+2FD61: FF 73 1C - push [ebx+1C]
"gtutorial-i386.exe"+2FD64: FF 15 20 4F 68 00 - call dword ptr [gtutorial-i386.exe+284F20]
"gtutorial-i386.exe"+2FD6A: FF 35 88 0E 61 00 - push [gtutorial-i386.exe+210E88]
"gtutorial-i386.exe"+2FD70: D9 EE - fldz
"gtutorial-i386.exe"+2FD72: 8D 64 24 FC - lea esp,[esp-04]
"gtutorial-i386.exe"+2FD76: D9 1C 24 - fstp dword ptr [esp]
"gtutorial-i386.exe"+2FD79: D9 EE - fldz
"gtutorial-i386.exe"+2FD7B: 8D 64 24 FC - lea esp,[esp-04]
}
{
// ORIGINAL CODE - INJECTION POINT: "gtutorial-i386.exe"+D5DA7
"gtutorial-i386.exe"+D5D87: 8B 55 FC - mov edx,[ebp-04]
"gtutorial-i386.exe"+D5D8A: C6 42 2D 00 - mov byte ptr [edx+2D],00
"gtutorial-i386.exe"+D5D8E: EB 29 - jmp gtutorial-i386.exe+D5DB9
"gtutorial-i386.exe"+D5D90: 8B 55 FC - mov edx,[ebp-04]
"gtutorial-i386.exe"+D5D93: B9 40 2F 68 00 - mov ecx,gtutorial-i386.exe+282F40
"gtutorial-i386.exe"+D5D98: 3B 4A 30 - cmp ecx,[edx+30]
"gtutorial-i386.exe"+D5D9B: 74 1C - je gtutorial-i386.exe+D5DB9
"gtutorial-i386.exe"+D5D9D: 8B 55 FC - mov edx,[ebp-04]
"gtutorial-i386.exe"+D5DA0: 8B 52 30 - mov edx,[edx+30]
"gtutorial-i386.exe"+D5DA3: 66 8B 48 08 - mov cx,[eax+08]
// ---------- INJECTING HERE ----------
"gtutorial-i386.exe"+D5DA7: 66 89 4A 30 - mov [edx+30],cx
"gtutorial-i386.exe"+D5DAB: 8B 55 FC - mov edx,[ebp-04]
// ---------- DONE INJECTING ----------
"gtutorial-i386.exe"+D5DAE: 8B 52 30 - mov edx,[edx+30]
"gtutorial-i386.exe"+D5DB1: 66 8B 48 0A - mov cx,[eax+0A]
"gtutorial-i386.exe"+D5DB5: 66 89 4A 32 - mov [edx+32],cx
"gtutorial-i386.exe"+D5DB9: C9 - leave
"gtutorial-i386.exe"+D5DBA: C3 - ret
"gtutorial-i386.exe"+D5DBB: 00 00 - add [eax],al
"gtutorial-i386.exe"+D5DBD: 00 00 - add [eax],al
"gtutorial-i386.exe"+D5DBF: 00 55 89 - add [ebp-77],dl
"gtutorial-i386.exe"+D5DC2: E5 8D - in eax,-73
"gtutorial-i386.exe"+D5DC4: 64 24 E4 - and al,-1C
}
{
// ORIGINAL CODE - INJECTION POINT: "gtutorial-i386.exe"+D5DB1
"gtutorial-i386.exe"+D5D90: 8B 55 FC - mov edx,[ebp-04]
"gtutorial-i386.exe"+D5D93: B9 40 2F 68 00 - mov ecx,gtutorial-i386.exe+282F40
"gtutorial-i386.exe"+D5D98: 3B 4A 30 - cmp ecx,[edx+30]
"gtutorial-i386.exe"+D5D9B: 74 1C - je gtutorial-i386.exe+D5DB9
"gtutorial-i386.exe"+D5D9D: 8B 55 FC - mov edx,[ebp-04]
"gtutorial-i386.exe"+D5DA0: 8B 52 30 - mov edx,[edx+30]
"gtutorial-i386.exe"+D5DA3: 66 8B 48 08 - mov cx,[eax+08]
"gtutorial-i386.exe"+D5DA7: 66 89 4A 30 - mov [edx+30],cx
"gtutorial-i386.exe"+D5DAB: 8B 55 FC - mov edx,[ebp-04]
"gtutorial-i386.exe"+D5DAE: 8B 52 30 - mov edx,[edx+30]
// ---------- INJECTING HERE ----------
"gtutorial-i386.exe"+D5DB1: 66 8B 48 0A - mov cx,[eax+0A]
"gtutorial-i386.exe"+D5DB5: 66 89 4A 32 - mov [edx+32],cx
// ---------- DONE INJECTING ----------
"gtutorial-i386.exe"+D5DB9: C9 - leave
"gtutorial-i386.exe"+D5DBA: C3 - ret
"gtutorial-i386.exe"+D5DBB: 00 00 - add [eax],al
"gtutorial-i386.exe"+D5DBD: 00 00 - add [eax],al
"gtutorial-i386.exe"+D5DBF: 00 55 89 - add [ebp-77],dl
"gtutorial-i386.exe"+D5DC2: E5 8D - in eax,-73
"gtutorial-i386.exe"+D5DC4: 64 24 E4 - and al,-1C
"gtutorial-i386.exe"+D5DC7: 53 - push ebx
"gtutorial-i386.exe"+D5DC8: 89 45 F8 - mov [ebp-08],eax
"gtutorial-i386.exe"+D5DCB: 89 55 FC - mov [ebp-04],edx
}
Toggle Activation
96
0
51
"Stop Numpad 1"
Auto Assembler Script
[ENABLE]
flag:
dd 1
[DISABLE]
flag:
dd 0
Toggle Activation
97
0
52
"Up Numpad 2"
Auto Assembler Script
[ENABLE]
flag1:
dd 1
[DISABLE]
flag1:
dd 0
Toggle Activation
98
0
53
"Target Hero Ctrl"
Auto Assembler Script
[ENABLE]
flag2:
dd 1
[DISABLE]
flag2:
dd 0
Toggle Activation
17
0
NORECOIL
00432385
flag
016C00E5
flag1
016C00E9
flag2
016C00ED
Y_M
004D5DA7
Z_M
004D5DB1
UP
0042FD4B
Stop
00436A0F