![Gamehacklab[RU]](https://gamehacklab.ru/uploads/monthly_2022_06/1_PNG_GHL_64x.png.6d61ef42c3de6821543db4c0243672ae.png)
Strajder
-
Постов
48 -
Зарегистрирован
-
Посещение
-
Победитель дней
7
Тип контента
Профили
Форумы
Загрузки
Блоги
Сообщения, опубликованные Strajder
-
-
Скрипт на открытие всей карты:
Спойлер{ Game : game.exe Version: Date : 2018-04-27 Author : Sumrak1988 This script does blah blah blah } [ENABLE] aobscanmodule(MAPS,game.exe,04 00 00 00 A0 ?? ?? ?? ?? 00 00 00 09) // should be unique registersymbol(MAPS) MAPS: db 00 00 [DISABLE] MAPS: db 04 00 unregistersymbol(MAPS) { // ORIGINAL CODE - INJECTION POINT: "game.exe"+8CD428 "game.exe"+8CD40D: 00 00 - add [eax],al "game.exe"+8CD40F: 00 BA 06 00 00 00 - add [edx+00000006],bh "game.exe"+8CD415: 00 00 - add [eax],al "game.exe"+8CD417: 00 5E C7 - add [esi-39],bl "game.exe"+8CD41A: 0E - push cs "game.exe"+8CD41B: 00 EB - add bl,ch "game.exe"+8CD41D: 05 00 00 01 01 - add eax,01010000 "game.exe"+8CD422: 01 01 - add [ecx],eax "game.exe"+8CD424: 01 01 - add [ecx],eax "game.exe"+8CD426: 01 01 - add [ecx],eax // ---------- INJECTING HERE ---------- "game.exe"+8CD428: 04 00 - add al,00 "game.exe"+8CD42A: 00 00 - add [eax],al "game.exe"+8CD42C: A0 5A 4D 03 03 - mov al,[03034D5A] // ---------- DONE INJECTING ---------- "game.exe"+8CD431: 00 00 - add [eax],al "game.exe"+8CD433: 00 09 - add [ecx],cl "game.exe"+8CD435: 00 00 - add [eax],al "game.exe"+8CD437: 00 80 5A 4D 03 12 - add [eax+12034D5A],al "game.exe"+8CD43D: 01 00 - add [eax],eax "game.exe"+8CD43F: 00 00 - add [eax],al "game.exe"+8CD441: 00 00 - add [eax],al "game.exe"+8CD443: 00 00 - add [eax],al "game.exe"+8CD445: 00 00 - add [eax],al "game.exe"+8CD447: 00 01 - add [ecx],al }
-
4
-
-
Ну да - игра старая. Оптимизации для Windows 10 нет. Да и не будет уже. Все равно спасибо. Буду один ковыряться. Может чего додумаю
-
Garik66 Спасибо. Буду сейчас смотреть что меняется добавляется при вводе кода. Там добавляются все ресурсы по 100 сразу. Может от туда как то можно будет выйти на адреса.
-
1
-
-
Нашел адреса без мусора.
Но там так же появляются значения закрытых ресурсов после их покупки или постройки. До этого только адреса имеющихся ресурсов.
Был бы очень признателен. Хотя бы за догадку как можно посмотреть от чего они появляются. (адреса)
скрипт на ресурсы:
Спойлер{ Game : game.exe Version: Date : 2018-04-27 Author : Sumrak1988 This script does blah blah blah } [ENABLE] aobscanmodule(RESOURCES,game.exe,0F B7 0C 11 03 F9) // should be unique alloc(newmem,$1000) label(code) label(return) registersymbol(RESOURCES) newmem: mov word ptr [ecx+edx],#200 code: movzx ecx,word ptr [ecx+edx] add edi,ecx jmp return RESOURCES: jmp newmem db 90 return: [DISABLE] RESOURCES: db 0F B7 0C 11 03 F9 unregistersymbol(RESOURCES) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: "game.exe"+1B7245 "game.exe"+1B7225: C1 EA 14 - shr edx,14 "game.exe"+1B7228: 89 5D E4 - mov [ebp-1C],ebx "game.exe"+1B722B: 8B 58 24 - mov ebx,[eax+24] "game.exe"+1B722E: 8B 1C D3 - mov ebx,[ebx+edx*8] "game.exe"+1B7231: 8B 5C 0B 0C - mov ebx,[ebx+ecx+0C] "game.exe"+1B7235: BA FF 0F 00 00 - mov edx,00000FFF "game.exe"+1B723A: 23 D3 - and edx,ebx "game.exe"+1B723C: C1 EB 14 - shr ebx,14 "game.exe"+1B723F: 8B 48 24 - mov ecx,[eax+24] "game.exe"+1B7242: 8B 0C D9 - mov ecx,[ecx+ebx*8] // ---------- INJECTING HERE ---------- "game.exe"+1B7245: 0F B7 0C 11 - movzx ecx,word ptr [ecx+edx] "game.exe"+1B7249: 03 F9 - add edi,ecx // ---------- DONE INJECTING ---------- "game.exe"+1B724B: 89 7D AC - mov [ebp-54],edi "game.exe"+1B724E: 8B 8E 74 01 00 00 - mov ecx,[esi+00000174] "game.exe"+1B7254: 8B 5D E4 - mov ebx,[ebp-1C] "game.exe"+1B7257: E9 CD F7 FF FF - jmp game.exe+1B6A29 "game.exe"+1B725C: 8B 55 E0 - mov edx,[ebp-20] "game.exe"+1B725F: 8B 8A 74 01 00 00 - mov ecx,[edx+00000174] "game.exe"+1B7265: E9 BF F7 FF FF - jmp game.exe+1B6A29 "game.exe"+1B726A: 83 C4 F8 - add esp,-08 "game.exe"+1B726D: 8D 45 8C - lea eax,[ebp-74] "game.exe"+1B7270: C7 45 8C 14 00 00 00 - mov [ebp-74],00000014 }
Спойлерgame.exe+1B67A0 - 55 - push ebp game.exe+1B67A1 - 8B EC - mov ebp,esp game.exe+1B67A3 - 6A FF - push -01 { 255 } game.exe+1B67A5 - 68 D0725B00 - push game.exe+1B72D0 { [D32B10B8] } game.exe+1B67AA - 64 A1 00000000 - mov eax,fs:[00000000] { 0 } game.exe+1B67B0 - 50 - push eax game.exe+1B67B1 - 64 89 25 00000000 - mov fs:[00000000],esp { 0 } game.exe+1B67B8 - 81 EC 98000000 - sub esp,00000098 { 152 } game.exe+1B67BE - 89 7C 24 08 - mov [esp+08],edi game.exe+1B67C2 - 89 74 24 04 - mov [esp+04],esi game.exe+1B67C6 - 89 1C 24 - mov [esp],ebx game.exe+1B67C9 - 89 65 F0 - mov [ebp-10],esp game.exe+1B67CC - 89 4D E0 - mov [ebp-20],ecx game.exe+1B67CF - C7 45 FC 00000000 - mov [ebp-04],00000000 { 0 } game.exe+1B67D6 - 8B 45 10 - mov eax,[ebp+10] game.exe+1B67D9 - 89 45 B4 - mov [ebp-4C],eax game.exe+1B67DC - 33 D2 - xor edx,edx game.exe+1B67DE - 89 55 AC - mov [ebp-54],edx game.exe+1B67E1 - C7 00 00000000 - mov [eax],00000000 { 0 } game.exe+1B67E7 - C7 45 FC 01000000 - mov [ebp-04],00000001 { 1 } game.exe+1B67EE - 83 C4 F8 - add esp,-08 { 248 } game.exe+1B67F1 - C7 44 24 04 01000000 - mov [esp+04],00000001 { 1 } game.exe+1B67F9 - C7 04 24 4074C600 - mov [esp],game.exe+867440 { [00000000] } game.exe+1B6800 - FF 15 9030C600 - call dword ptr [game.exe+863090] { ->KERNEL32.InterlockedExchange } game.exe+1B6806 - 85 C0 - test eax,eax game.exe+1B6808 - 0F84 91000000 - je game.exe+1B689F game.exe+1B680E - 33 DB - xor ebx,ebx game.exe+1B6810 - 8B 35 0073C600 - mov esi,[game.exe+867300] { [0000001E] } game.exe+1B6816 - A1 2073C600 - mov eax,[game.exe+867320] { [00000000] } game.exe+1B681B - 85 F6 - test esi,esi game.exe+1B681D - C7 45 84 11000000 - mov [ebp-7C],00000011 { 17 } game.exe+1B6824 - 0F86 6C040000 - jbe game.exe+1B6C96 game.exe+1B682A - D1 E8 - shr eax,1 game.exe+1B682C - 33 FF - xor edi,edi game.exe+1B682E - 89 45 D0 - mov [ebp-30],eax game.exe+1B6831 - 8B 45 D0 - mov eax,[ebp-30] game.exe+1B6834 - 3B F8 - cmp edi,eax game.exe+1B6836 - 72 09 - jb game.exe+1B6841 game.exe+1B6838 - A1 4074C600 - mov eax,[game.exe+867440] { [00000000] } game.exe+1B683D - 85 C0 - test eax,eax game.exe+1B683F - 74 32 - je game.exe+1B6873 game.exe+1B6841 - 8B 45 84 - mov eax,[ebp-7C] game.exe+1B6844 - 8B 55 84 - mov edx,[ebp-7C] game.exe+1B6847 - 0FAF D0 - imul edx,eax game.exe+1B684A - 89 55 84 - mov [ebp-7C],edx game.exe+1B684D - 8B 45 84 - mov eax,[ebp-7C] game.exe+1B6850 - 8B 55 84 - mov edx,[ebp-7C] game.exe+1B6853 - 0FAF D0 - imul edx,eax game.exe+1B6856 - 89 55 84 - mov [ebp-7C],edx game.exe+1B6859 - 8B 45 84 - mov eax,[ebp-7C] game.exe+1B685C - 8B 55 84 - mov edx,[ebp-7C] game.exe+1B685F - 0FAF D0 - imul edx,eax game.exe+1B6862 - 89 55 84 - mov [ebp-7C],edx game.exe+1B6865 - 8B 45 84 - mov eax,[ebp-7C] game.exe+1B6868 - 8B 55 84 - mov edx,[ebp-7C] game.exe+1B686B - 0FAF D0 - imul edx,eax game.exe+1B686E - 89 55 84 - mov [ebp-7C],edx game.exe+1B6871 - EB 20 - jmp game.exe+1B6893 game.exe+1B6873 - 83 C4 F8 - add esp,-08 { 248 } game.exe+1B6876 - C7 44 24 04 01000000 - mov [esp+04],00000001 { 1 } game.exe+1B687E - C7 04 24 4074C600 - mov [esp],game.exe+867440 { [00000000] } game.exe+1B6885 - FF 15 9030C600 - call dword ptr [game.exe+863090] { ->KERNEL32.InterlockedExchange } game.exe+1B688B - 85 C0 - test eax,eax game.exe+1B688D - 0F84 67040000 - je game.exe+1B6CFA game.exe+1B6893 - 43 - inc ebx game.exe+1B6894 - 8B FB - mov edi,ebx game.exe+1B6896 - 3B F3 - cmp esi,ebx game.exe+1B6898 - 77 97 - ja game.exe+1B6831 game.exe+1B689A - E9 F7030000 - jmp game.exe+1B6C96 game.exe+1B689F - C7 45 FC 03000000 - mov [ebp-04],00000003 { 3 } game.exe+1B68A6 - A1 A473C600 - mov eax,[game.exe+8673A4] { [0D312640] } game.exe+1B68AB - 85 C0 - test eax,eax game.exe+1B68AD - 0F84 B7090000 - je game.exe+1B726A game.exe+1B68B3 - 8B 10 - mov edx,[eax] game.exe+1B68B5 - 89 15 A473C600 - mov [game.exe+8673A4],edx { [0D3088A8] } game.exe+1B68BB - 8B 55 0C - mov edx,[ebp+0C] game.exe+1B68BE - 89 55 B0 - mov [ebp-50],edx game.exe+1B68C1 - C7 45 FC 01000000 - mov [ebp-04],00000001 { 1 } game.exe+1B68C8 - C7 05 4074C600 00000000 - mov [game.exe+867440],00000000 { [00000000] } game.exe+1B68D2 - 89 45 90 - mov [ebp-70],eax game.exe+1B68D5 - 89 00 - mov [eax],eax game.exe+1B68D7 - 8B 55 90 - mov edx,[ebp-70] game.exe+1B68DA - 89 52 04 - mov [edx+04],edx game.exe+1B68DD - C7 45 FC 04000000 - mov [ebp-04],00000004 { 4 } game.exe+1B68E4 - C7 45 FC 01000000 - mov [ebp-04],00000001 { 1 } game.exe+1B68EB - C7 45 FC 00000000 - mov [ebp-04],00000000 { 0 } game.exe+1B68F2 - C7 45 FC 05000000 - mov [ebp-04],00000005 { 5 } game.exe+1B68F9 - 8B 4D E0 - mov ecx,[ebp-20] game.exe+1B68FC - 8B 45 08 - mov eax,[ebp+08] game.exe+1B68FF - 83 C4 F4 - add esp,-0C { 244 } game.exe+1B6902 - 8D 55 90 - lea edx,[ebp-70] game.exe+1B6905 - 89 14 24 - mov [esp],edx game.exe+1B6908 - C7 44 24 04 EA030000 - mov [esp+04],000003EA { 1002 } game.exe+1B6910 - 89 44 24 08 - mov [esp+08],eax game.exe+1B6914 - E8 37080600 - call game.exe+217150 game.exe+1B6919 - 8B 45 90 - mov eax,[ebp-70] game.exe+1B691C - 8B 10 - mov edx,[eax] game.exe+1B691E - 89 55 DC - mov [ebp-24],edx game.exe+1B6921 - 33 C9 - xor ecx,ecx game.exe+1B6923 - 3B D0 - cmp edx,eax game.exe+1B6925 - 0F94 C1 - sete cl game.exe+1B6928 - 0FBE C9 - movsx ecx,cl game.exe+1B692B - 85 C9 - test ecx,ecx game.exe+1B692D - 0F85 FF040000 - jne game.exe+1B6E32 game.exe+1B6933 - 8B 5D DC - mov ebx,[ebp-24] game.exe+1B6936 - 8B 75 E0 - mov esi,[ebp-20] game.exe+1B6939 - 8B 53 08 - mov edx,[ebx+08] game.exe+1B693C - 8B 86 E0030000 - mov eax,[esi+000003E0] game.exe+1B6942 - 85 D2 - test edx,edx game.exe+1B6944 - 8B 8E 74010000 - mov ecx,[esi+00000174] game.exe+1B694A - 75 04 - jne game.exe+1B6950 game.exe+1B694C - 33 DB - xor ebx,ebx game.exe+1B694E - EB 46 - jmp game.exe+1B6996 game.exe+1B6950 - 8B 78 24 - mov edi,[eax+24] game.exe+1B6953 - 8B D9 - mov ebx,ecx game.exe+1B6955 - C1 E3 04 - shl ebx,04 { 4 } game.exe+1B6958 - 8B F1 - mov esi,ecx game.exe+1B695A - C1 E6 05 - shl esi,05 { 5 } game.exe+1B695D - 03 DE - add ebx,esi game.exe+1B695F - 8B F2 - mov esi,edx game.exe+1B6961 - 8B 50 0C - mov edx,[eax+0C] game.exe+1B6964 - 03 74 1A 0C - add esi,[edx+ebx+0C] game.exe+1B6968 - 89 5D E4 - mov [ebp-1C],ebx game.exe+1B696B - 8B DE - mov ebx,esi game.exe+1B696D - C1 EB 14 - shr ebx,14 { 20 } game.exe+1B6970 - 8B 3C DF - mov edi,[edi+ebx*8] game.exe+1B6973 - BB FF0F0000 - mov ebx,00000FFF { 4095 } game.exe+1B6978 - 23 DE - and ebx,esi game.exe+1B697A - 89 75 E8 - mov [ebp-18],esi game.exe+1B697D - 8B 34 1F - mov esi,[edi+ebx] game.exe+1B6980 - 8B 7D E8 - mov edi,[ebp-18] game.exe+1B6983 - 3B F7 - cmp esi,edi game.exe+1B6985 - 8B 5D E4 - mov ebx,[ebp-1C] game.exe+1B6988 - 75 04 - jne game.exe+1B698E game.exe+1B698A - 33 DB - xor ebx,ebx game.exe+1B698C - EB 08 - jmp game.exe+1B6996 game.exe+1B698E - 8B 54 1A 10 - mov edx,[edx+ebx+10] game.exe+1B6992 - 8B DE - mov ebx,esi game.exe+1B6994 - 2B DA - sub ebx,edx game.exe+1B6996 - 85 DB - test ebx,ebx game.exe+1B6998 - 0F84 94030000 - je game.exe+1B6D32 game.exe+1B699E - 8B 75 E0 - mov esi,[ebp-20] game.exe+1B69A1 - 85 DB - test ebx,ebx game.exe+1B69A3 - 8B 96 04010000 - mov edx,[esi+00000104] game.exe+1B69A9 - 75 04 - jne game.exe+1B69AF game.exe+1B69AB - 33 D2 - xor edx,edx game.exe+1B69AD - EB 46 - jmp game.exe+1B69F5 game.exe+1B69AF - 8B 70 24 - mov esi,[eax+24] game.exe+1B69B2 - 8B FA - mov edi,edx game.exe+1B69B4 - C1 E7 04 - shl edi,04 { 4 } game.exe+1B69B7 - C1 E2 05 - shl edx,05 { 5 } game.exe+1B69BA - 03 FA - add edi,edx game.exe+1B69BC - 8B 50 0C - mov edx,[eax+0C] game.exe+1B69BF - 89 4D E4 - mov [ebp-1C],ecx game.exe+1B69C2 - 8B CB - mov ecx,ebx game.exe+1B69C4 - 03 4C 3A 10 - add ecx,[edx+edi+10] game.exe+1B69C8 - 89 7D E8 - mov [ebp-18],edi game.exe+1B69CB - 8B F9 - mov edi,ecx game.exe+1B69CD - C1 EF 14 - shr edi,14 { 20 } game.exe+1B69D0 - 81 E1 FF0F0000 - and ecx,00000FFF { 4095 } game.exe+1B69D6 - 8B 34 FE - mov esi,[esi+edi*8] game.exe+1B69D9 - 8B 74 0E 08 - mov esi,[esi+ecx+08] game.exe+1B69DD - 85 F6 - test esi,esi game.exe+1B69DF - 8B 4D E4 - mov ecx,[ebp-1C] game.exe+1B69E2 - 8B 7D E8 - mov edi,[ebp-18] game.exe+1B69E5 - 74 0C - je game.exe+1B69F3 game.exe+1B69E7 - 8B 54 3A 0C - mov edx,[edx+edi+0C] game.exe+1B69EB - 8B FA - mov edi,edx game.exe+1B69ED - 8B D6 - mov edx,esi game.exe+1B69EF - 2B D7 - sub edx,edi game.exe+1B69F1 - EB 02 - jmp game.exe+1B69F5 game.exe+1B69F3 - 33 D2 - xor edx,edx game.exe+1B69F5 - 8B 75 08 - mov esi,[ebp+08] game.exe+1B69F8 - 3B D6 - cmp edx,esi game.exe+1B69FA - 75 2D - jne game.exe+1B6A29 game.exe+1B69FC - 8B 4D E0 - mov ecx,[ebp-20] game.exe+1B69FF - 83 C4 F8 - add esp,-08 { 248 } game.exe+1B6A02 - 89 1C 24 - mov [esp],ebx game.exe+1B6A05 - C7 44 24 04 08000000 - mov [esp+04],00000008 { 8 } game.exe+1B6A0D - E8 9E3C0600 - call game.exe+21A6B0 game.exe+1B6A12 - 85 C0 - test eax,eax game.exe+1B6A14 - 0F84 8D000000 - je game.exe+1B6AA7 game.exe+1B6A1A - 8B 55 E0 - mov edx,[ebp-20] game.exe+1B6A1D - 8B 82 E0030000 - mov eax,[edx+000003E0] game.exe+1B6A23 - 8B 8A 74010000 - mov ecx,[edx+00000174] game.exe+1B6A29 - 85 DB - test ebx,ebx game.exe+1B6A2B - 75 04 - jne game.exe+1B6A31 game.exe+1B6A2D - 33 DB - xor ebx,ebx game.exe+1B6A2F - EB 69 - jmp game.exe+1B6A9A game.exe+1B6A31 - 8B 78 0C - mov edi,[eax+0C] game.exe+1B6A34 - 8B 50 24 - mov edx,[eax+24] game.exe+1B6A37 - 8B F1 - mov esi,ecx game.exe+1B6A39 - C1 E6 04 - shl esi,04 { 4 } game.exe+1B6A3C - 89 45 E4 - mov [ebp-1C],eax game.exe+1B6A3F - 8B C1 - mov eax,ecx game.exe+1B6A41 - C1 E0 05 - shl eax,05 { 5 } game.exe+1B6A44 - 03 F0 - add esi,eax game.exe+1B6A46 - 8B 74 37 10 - mov esi,[edi+esi+10] game.exe+1B6A4A - 8B FB - mov edi,ebx game.exe+1B6A4C - 03 FE - add edi,esi game.exe+1B6A4E - B8 FF0F0000 - mov eax,00000FFF { 4095 } game.exe+1B6A53 - 23 C7 - and eax,edi game.exe+1B6A55 - C1 EF 14 - shr edi,14 { 20 } game.exe+1B6A58 - 8B 14 FA - mov edx,[edx+edi*8] game.exe+1B6A5B - 8B FA - mov edi,edx game.exe+1B6A5D - 8B 14 02 - mov edx,[edx+eax] game.exe+1B6A60 - 3B 54 07 08 - cmp edx,[edi+eax+08] game.exe+1B6A64 - 8B 45 E4 - mov eax,[ebp-1C] game.exe+1B6A67 - 74 2F - je game.exe+1B6A98 game.exe+1B6A69 - C1 EB 14 - shr ebx,14 { 20 } game.exe+1B6A6C - 8B 78 24 - mov edi,[eax+24] game.exe+1B6A6F - 8B 7C DF 04 - mov edi,[edi+ebx*8+04] game.exe+1B6A73 - C1 E7 06 - shl edi,06 { 6 } game.exe+1B6A76 - 8B 18 - mov ebx,[eax] game.exe+1B6A78 - 8B 5C 3B 10 - mov ebx,[ebx+edi+10] game.exe+1B6A7C - 8B 78 64 - mov edi,[eax+64] game.exe+1B6A7F - C1 E7 06 - shl edi,06 { 6 } game.exe+1B6A82 - 89 75 E4 - mov [ebp-1C],esi game.exe+1B6A85 - 8B 30 - mov esi,[eax] game.exe+1B6A87 - 03 5C 37 08 - add ebx,[edi+esi+08] game.exe+1B6A8B - 3B D3 - cmp edx,ebx game.exe+1B6A8D - 8B 75 E4 - mov esi,[ebp-1C] game.exe+1B6A90 - 74 06 - je game.exe+1B6A98 game.exe+1B6A92 - 8B DA - mov ebx,edx game.exe+1B6A94 - 2B DE - sub ebx,esi game.exe+1B6A96 - EB 02 - jmp game.exe+1B6A9A game.exe+1B6A98 - 33 DB - xor ebx,ebx game.exe+1B6A9A - 85 DB - test ebx,ebx game.exe+1B6A9C - 0F85 FCFEFFFF - jne game.exe+1B699E game.exe+1B6AA2 - E9 83020000 - jmp game.exe+1B6D2A game.exe+1B6AA7 - 8B 4D E0 - mov ecx,[ebp-20] game.exe+1B6AAA - 85 DB - test ebx,ebx game.exe+1B6AAC - 8B 81 E0030000 - mov eax,[ecx+000003E0] game.exe+1B6AB2 - 8B 91 74010000 - mov edx,[ecx+00000174] game.exe+1B6AB8 - 75 04 - jne game.exe+1B6ABE game.exe+1B6ABA - 33 D2 - xor edx,edx game.exe+1B6ABC - EB 42 - jmp game.exe+1B6B00 game.exe+1B6ABE - 8B 78 24 - mov edi,[eax+24] game.exe+1B6AC1 - 8B CA - mov ecx,edx game.exe+1B6AC3 - C1 E1 04 - shl ecx,04 { 4 } game.exe+1B6AC6 - C1 E2 05 - shl edx,05 { 5 } game.exe+1B6AC9 - 8B F1 - mov esi,ecx game.exe+1B6ACB - 03 F2 - add esi,edx game.exe+1B6ACD - 8B 50 0C - mov edx,[eax+0C] game.exe+1B6AD0 - 8B CB - mov ecx,ebx game.exe+1B6AD2 - 03 4C 32 10 - add ecx,[edx+esi+10] game.exe+1B6AD6 - 89 75 E4 - mov [ebp-1C],esi game.exe+1B6AD9 - 8B F1 - mov esi,ecx game.exe+1B6ADB - C1 EE 14 - shr esi,14 { 20 } game.exe+1B6ADE - 81 E1 FF0F0000 - and ecx,00000FFF { 4095 } game.exe+1B6AE4 - 8B 3C F7 - mov edi,[edi+esi*8] game.exe+1B6AE7 - 8B 4C 0F 08 - mov ecx,[edi+ecx+08] game.exe+1B6AEB - 85 C9 - test ecx,ecx game.exe+1B6AED - 8B 75 E4 - mov esi,[ebp-1C] game.exe+1B6AF0 - 74 0C - je game.exe+1B6AFE game.exe+1B6AF2 - 8B 54 32 0C - mov edx,[edx+esi+0C] game.exe+1B6AF6 - 8B FA - mov edi,edx game.exe+1B6AF8 - 8B D1 - mov edx,ecx game.exe+1B6AFA - 2B D7 - sub edx,edi game.exe+1B6AFC - EB 02 - jmp game.exe+1B6B00 game.exe+1B6AFE - 33 D2 - xor edx,edx game.exe+1B6B00 - 8B 4D E0 - mov ecx,[ebp-20] game.exe+1B6B03 - 8B 75 B4 - mov esi,[ebp-4C] game.exe+1B6B06 - BF FF0F0000 - mov edi,00000FFF { 4095 } game.exe+1B6B0B - 23 FA - and edi,edx game.exe+1B6B0D - C1 EA 14 - shr edx,14 { 20 } game.exe+1B6B10 - 89 5D E4 - mov [ebp-1C],ebx game.exe+1B6B13 - 8B 58 24 - mov ebx,[eax+24] game.exe+1B6B16 - 8B 1C D3 - mov ebx,[ebx+edx*8] game.exe+1B6B19 - 8B 5C 3B 0C - mov ebx,[ebx+edi+0C] game.exe+1B6B1D - BF FF0F0000 - mov edi,00000FFF { 4095 } game.exe+1B6B22 - 23 FB - and edi,ebx game.exe+1B6B24 - C1 EB 14 - shr ebx,14 { 20 } game.exe+1B6B27 - 8B 40 24 - mov eax,[eax+24] game.exe+1B6B2A - 8B 04 D8 - mov eax,[eax+ebx*8] game.exe+1B6B2D - 0FB7 44 38 38 - movzx eax,word ptr [eax+edi+38] game.exe+1B6B32 - 01 06 - add [esi],eax game.exe+1B6B34 - 8B 81 E0030000 - mov eax,[ecx+000003E0] game.exe+1B6B3A - 8B 89 20010000 - mov ecx,[ecx+00000120] game.exe+1B6B40 - 89 4D D4 - mov [ebp-2C],ecx game.exe+1B6B43 - 8B 5D E4 - mov ebx,[ebp-1C] game.exe+1B6B46 - 85 DB - test ebx,ebx game.exe+1B6B48 - 75 04 - jne game.exe+1B6B4E game.exe+1B6B4A - 33 D2 - xor edx,edx game.exe+1B6B4C - EB 46 - jmp game.exe+1B6B94 game.exe+1B6B4E - 8B 50 0C - mov edx,[eax+0C] game.exe+1B6B51 - 8B 78 24 - mov edi,[eax+24] game.exe+1B6B54 - 8B F1 - mov esi,ecx game.exe+1B6B56 - C1 E6 04 - shl esi,04 { 4 } game.exe+1B6B59 - C1 E1 05 - shl ecx,05 { 5 } game.exe+1B6B5C - 03 CE - add ecx,esi game.exe+1B6B5E - 8B F3 - mov esi,ebx game.exe+1B6B60 - 03 74 0A 0C - add esi,[edx+ecx+0C] game.exe+1B6B64 - 89 5D E4 - mov [ebp-1C],ebx game.exe+1B6B67 - 8B DE - mov ebx,esi game.exe+1B6B69 - C1 EB 14 - shr ebx,14 { 20 } game.exe+1B6B6C - 8B 3C DF - mov edi,[edi+ebx*8] game.exe+1B6B6F - BB FF0F0000 - mov ebx,00000FFF { 4095 } game.exe+1B6B74 - 23 DE - and ebx,esi game.exe+1B6B76 - 89 75 E8 - mov [ebp-18],esi game.exe+1B6B79 - 8B 34 1F - mov esi,[edi+ebx] game.exe+1B6B7C - 8B 7D E8 - mov edi,[ebp-18] game.exe+1B6B7F - 3B F7 - cmp esi,edi game.exe+1B6B81 - 8B 5D E4 - mov ebx,[ebp-1C] game.exe+1B6B84 - 75 04 - jne game.exe+1B6B8A game.exe+1B6B86 - 33 D2 - xor edx,edx game.exe+1B6B88 - EB 0A - jmp game.exe+1B6B94 game.exe+1B6B8A - 8B 54 0A 10 - mov edx,[edx+ecx+10] game.exe+1B6B8E - 8B FA - mov edi,edx game.exe+1B6B90 - 8B D6 - mov edx,esi game.exe+1B6B92 - 2B D7 - sub edx,edi game.exe+1B6B94 - 85 D2 - test edx,edx game.exe+1B6B96 - 0F84 C0060000 - je game.exe+1B725C game.exe+1B6B9C - 8B 4D E0 - mov ecx,[ebp-20] game.exe+1B6B9F - 8B 89 3C010000 - mov ecx,[ecx+0000013C] game.exe+1B6BA5 - 89 4D CC - mov [ebp-34],ecx game.exe+1B6BA8 - 85 D2 - test edx,edx game.exe+1B6BAA - 75 04 - jne game.exe+1B6BB0 game.exe+1B6BAC - 33 C9 - xor ecx,ecx game.exe+1B6BAE - EB 49 - jmp game.exe+1B6BF9 game.exe+1B6BB0 - 8B 7D CC - mov edi,[ebp-34] game.exe+1B6BB3 - 8B 48 0C - mov ecx,[eax+0C] game.exe+1B6BB6 - 8B F7 - mov esi,edi game.exe+1B6BB8 - C1 E6 04 - shl esi,04 { 4 } game.exe+1B6BBB - C1 E7 05 - shl edi,05 { 5 } game.exe+1B6BBE - 03 FE - add edi,esi game.exe+1B6BC0 - 8B F2 - mov esi,edx game.exe+1B6BC2 - 03 74 39 10 - add esi,[ecx+edi+10] game.exe+1B6BC6 - 89 7D E4 - mov [ebp-1C],edi game.exe+1B6BC9 - 8B FE - mov edi,esi game.exe+1B6BCB - C1 EF 14 - shr edi,14 { 20 } game.exe+1B6BCE - 81 E6 FF0F0000 - and esi,00000FFF { 4095 } game.exe+1B6BD4 - 89 5D E8 - mov [ebp-18],ebx game.exe+1B6BD7 - 8B 58 24 - mov ebx,[eax+24] game.exe+1B6BDA - 8B 1C FB - mov ebx,[ebx+edi*8] game.exe+1B6BDD - 8B 74 33 08 - mov esi,[ebx+esi+08] game.exe+1B6BE1 - 85 F6 - test esi,esi game.exe+1B6BE3 - 8B 5D E8 - mov ebx,[ebp-18] game.exe+1B6BE6 - 8B 7D E4 - mov edi,[ebp-1C] game.exe+1B6BE9 - 74 0C - je game.exe+1B6BF7 game.exe+1B6BEB - 8B 4C 39 0C - mov ecx,[ecx+edi+0C] game.exe+1B6BEF - 8B F9 - mov edi,ecx game.exe+1B6BF1 - 8B CE - mov ecx,esi game.exe+1B6BF3 - 2B CF - sub ecx,edi game.exe+1B6BF5 - EB 02 - jmp game.exe+1B6BF9 game.exe+1B6BF7 - 33 C9 - xor ecx,ecx game.exe+1B6BF9 - 8B 75 B0 - mov esi,[ebp-50] game.exe+1B6BFC - 3B CE - cmp ecx,esi game.exe+1B6BFE - 0F84 14060000 - je game.exe+1B7218 game.exe+1B6C04 - 85 D2 - test edx,edx game.exe+1B6C06 - 75 04 - jne game.exe+1B6C0C game.exe+1B6C08 - 33 D2 - xor edx,edx game.exe+1B6C0A - EB 6B - jmp game.exe+1B6C77 game.exe+1B6C0C - 8B 7D D4 - mov edi,[ebp-2C] game.exe+1B6C0F - 8B 48 0C - mov ecx,[eax+0C] game.exe+1B6C12 - 8B F7 - mov esi,edi game.exe+1B6C14 - C1 E6 04 - shl esi,04 { 4 } game.exe+1B6C17 - C1 E7 05 - shl edi,05 { 5 } game.exe+1B6C1A - 03 F7 - add esi,edi game.exe+1B6C1C - 8B 78 24 - mov edi,[eax+24] game.exe+1B6C1F - 8B 74 31 10 - mov esi,[ecx+esi+10] game.exe+1B6C23 - 8B CA - mov ecx,edx game.exe+1B6C25 - 03 CE - add ecx,esi game.exe+1B6C27 - 89 75 E4 - mov [ebp-1C],esi game.exe+1B6C2A - 8B F1 - mov esi,ecx game.exe+1B6C2C - C1 EE 14 - shr esi,14 { 20 } game.exe+1B6C2F - 81 E1 FF0F0000 - and ecx,00000FFF { 4095 } game.exe+1B6C35 - 8B 3C F7 - mov edi,[edi+esi*8] game.exe+1B6C38 - 8B F1 - mov esi,ecx game.exe+1B6C3A - 8B 0C 0F - mov ecx,[edi+ecx] game.exe+1B6C3D - 3B 4C 37 08 - cmp ecx,[edi+esi+08] game.exe+1B6C41 - 8B 75 E4 - mov esi,[ebp-1C] game.exe+1B6C44 - 74 2F - je game.exe+1B6C75 game.exe+1B6C46 - C1 EA 14 - shr edx,14 { 20 } game.exe+1B6C49 - 8B 78 24 - mov edi,[eax+24] game.exe+1B6C4C - 8B 7C D7 04 - mov edi,[edi+edx*8+04] game.exe+1B6C50 - C1 E7 06 - shl edi,06 { 6 } game.exe+1B6C53 - 8B 10 - mov edx,[eax] game.exe+1B6C55 - 8B 54 3A 10 - mov edx,[edx+edi+10] game.exe+1B6C59 - 8B 78 64 - mov edi,[eax+64] game.exe+1B6C5C - C1 E7 06 - shl edi,06 { 6 } game.exe+1B6C5F - 89 75 E4 - mov [ebp-1C],esi game.exe+1B6C62 - 8B 30 - mov esi,[eax] game.exe+1B6C64 - 03 54 37 08 - add edx,[edi+esi+08] game.exe+1B6C68 - 3B CA - cmp ecx,edx game.exe+1B6C6A - 8B 75 E4 - mov esi,[ebp-1C] game.exe+1B6C6D - 74 06 - je game.exe+1B6C75 game.exe+1B6C6F - 8B D1 - mov edx,ecx game.exe+1B6C71 - 2B D6 - sub edx,esi game.exe+1B6C73 - EB 02 - jmp game.exe+1B6C77 game.exe+1B6C75 - 33 D2 - xor edx,edx game.exe+1B6C77 - 85 D2 - test edx,edx game.exe+1B6C79 - 0F85 29FFFFFF - jne game.exe+1B6BA8 game.exe+1B6C7F - 8B 55 E0 - mov edx,[ebp-20] game.exe+1B6C82 - 8B 8A 74010000 - mov ecx,[edx+00000174] game.exe+1B6C88 - E9 9CFDFFFF - jmp game.exe+1B6A29 game.exe+1B6C8D - 8D 4D 80 - lea ecx,[ebp-80] game.exe+1B6C90 - E8 FB09E6FF - call game.exe+17690 game.exe+1B6C95 - C3 - ret game.exe+1B6C96 - C7 05 0073C600 1E000000 - mov [game.exe+867300],0000001E { [0000001E] } game.exe+1B6CA0 - 33 F6 - xor esi,esi game.exe+1B6CA2 - 8D 5E 06 - lea ebx,[esi+06] game.exe+1B6CA5 - 83 FB 1B - cmp ebx,1B { 27 } game.exe+1B6CA8 - 7E 05 - jle game.exe+1B6CAF game.exe+1B6CAA - BB 1B000000 - mov ebx,0000001B { 27 } game.exe+1B6CAF - 83 C4 F8 - add esp,-08 { 248 } game.exe+1B6CB2 - C7 44 24 04 01000000 - mov [esp+04],00000001 { 1 } game.exe+1B6CBA - C7 04 24 4074C600 - mov [esp],game.exe+867440 { [00000000] } game.exe+1B6CC1 - FF 15 9030C600 - call dword ptr [game.exe+863090] { ->KERNEL32.InterlockedExchange } game.exe+1B6CC7 - 85 C0 - test eax,eax game.exe+1B6CC9 - 0F84 D0FBFFFF - je game.exe+1B689F game.exe+1B6CCF - 83 FB 14 - cmp ebx,14 { 20 } game.exe+1B6CD2 - 7F 10 - jg game.exe+1B6CE4 game.exe+1B6CD4 - 57 - push edi game.exe+1B6CD5 - C7 04 24 00000000 - mov [esp],00000000 { 0 } game.exe+1B6CDC - FF 15 F430C600 - call dword ptr [game.exe+8630F4] { ->->KERNELBASE.Sleep } game.exe+1B6CE2 - EB 13 - jmp game.exe+1B6CF7 game.exe+1B6CE4 - 83 C3 EC - add ebx,-14 { 236 } game.exe+1B6CE7 - B8 01000000 - mov eax,00000001 { 1 } game.exe+1B6CEC - 8B CB - mov ecx,ebx game.exe+1B6CEE - D3 E0 - shl eax,cl game.exe+1B6CF0 - 50 - push eax game.exe+1B6CF1 - FF 15 F430C600 - call dword ptr [game.exe+8630F4] { ->->KERNELBASE.Sleep } game.exe+1B6CF7 - 46 - inc esi game.exe+1B6CF8 - EB A8 - jmp game.exe+1B6CA2 game.exe+1B6CFA - 89 3D 2073C600 - mov [game.exe+867320],edi { [00000000] } game.exe+1B6D00 - C7 05 0073C600 E8030000 - mov [game.exe+867300],000003E8 { [0000001E] } game.exe+1B6D0A - E9 90FBFFFF - jmp game.exe+1B689F game.exe+1B6D0F - 8D 4D 88 - lea ecx,[ebp-78] game.exe+1B6D12 - E8 8987E5FF - call game.exe+F4A0 game.exe+1B6D17 - C3 - ret game.exe+1B6D18 - 8D 4D 90 - lea ecx,[ebp-70] game.exe+1B6D1B - E8 00BCE5FF - call game.exe+12920 game.exe+1B6D20 - C3 - ret game.exe+1B6D21 - 8D 4D 90 - lea ecx,[ebp-70] game.exe+1B6D24 - E8 87B8E5FF - call game.exe+125B0 game.exe+1B6D29 - C3 - ret game.exe+1B6D2A - 8B 45 90 - mov eax,[ebp-70] game.exe+1B6D2D - 8B 00 - mov eax,[eax] game.exe+1B6D2F - 89 45 DC - mov [ebp-24],eax game.exe+1B6D32 - 8B 45 DC - mov eax,[ebp-24] game.exe+1B6D35 - 83 C4 F8 - add esp,-08 { 248 } game.exe+1B6D38 - 8B 50 04 - mov edx,[eax+04] game.exe+1B6D3B - 8B 00 - mov eax,[eax] game.exe+1B6D3D - C7 44 24 04 01000000 - mov [esp+04],00000001 { 1 } game.exe+1B6D45 - 89 02 - mov [edx],eax game.exe+1B6D47 - 89 50 04 - mov [eax+04],edx game.exe+1B6D4A - C7 04 24 4074C600 - mov [esp],game.exe+867440 { [00000000] } game.exe+1B6D51 - FF 15 9030C600 - call dword ptr [game.exe+863090] { ->KERNEL32.InterlockedExchange } game.exe+1B6D57 - 85 C0 - test eax,eax game.exe+1B6D59 - 0F84 91000000 - je game.exe+1B6DF0 game.exe+1B6D5F - 33 DB - xor ebx,ebx game.exe+1B6D61 - 8B 3D 0073C600 - mov edi,[game.exe+867300] { [0000001E] } game.exe+1B6D67 - A1 2073C600 - mov eax,[game.exe+867320] { [00000000] } game.exe+1B6D6C - 85 FF - test edi,edi game.exe+1B6D6E - C7 45 94 11000000 - mov [ebp-6C],00000011 { 17 } game.exe+1B6D75 - 0F86 F2030000 - jbe game.exe+1B716D game.exe+1B6D7B - D1 E8 - shr eax,1 game.exe+1B6D7D - 33 F6 - xor esi,esi game.exe+1B6D7F - 89 45 C0 - mov [ebp-40],eax game.exe+1B6D82 - 8B 45 C0 - mov eax,[ebp-40] game.exe+1B6D85 - 3B F0 - cmp esi,eax game.exe+1B6D87 - 72 09 - jb game.exe+1B6D92 game.exe+1B6D89 - A1 4074C600 - mov eax,[game.exe+867440] { [00000000] } game.exe+1B6D8E - 85 C0 - test eax,eax game.exe+1B6D90 - 74 32 - je game.exe+1B6DC4 game.exe+1B6D92 - 8B 45 94 - mov eax,[ebp-6C] game.exe+1B6D95 - 8B 55 94 - mov edx,[ebp-6C] game.exe+1B6D98 - 0FAF D0 - imul edx,eax game.exe+1B6D9B - 89 55 94 - mov [ebp-6C],edx game.exe+1B6D9E - 8B 45 94 - mov eax,[ebp-6C] game.exe+1B6DA1 - 8B 55 94 - mov edx,[ebp-6C] game.exe+1B6DA4 - 0FAF D0 - imul edx,eax game.exe+1B6DA7 - 89 55 94 - mov [ebp-6C],edx game.exe+1B6DAA - 8B 45 94 - mov eax,[ebp-6C] game.exe+1B6DAD - 8B 55 94 - mov edx,[ebp-6C] game.exe+1B6DB0 - 0FAF D0 - imul edx,eax game.exe+1B6DB3 - 89 55 94 - mov [ebp-6C],edx game.exe+1B6DB6 - 8B 45 94 - mov eax,[ebp-6C] game.exe+1B6DB9 - 8B 55 94 - mov edx,[ebp-6C] game.exe+1B6DBC - 0FAF D0 - imul edx,eax game.exe+1B6DBF - 89 55 94 - mov [ebp-6C],edx game.exe+1B6DC2 - EB 20 - jmp game.exe+1B6DE4 game.exe+1B6DC4 - 83 C4 F8 - add esp,-08 { 248 } game.exe+1B6DC7 - C7 44 24 04 01000000 - mov [esp+04],00000001 { 1 } game.exe+1B6DCF - C7 04 24 4074C600 - mov [esp],game.exe+867440 { [00000000] } game.exe+1B6DD6 - FF 15 9030C600 - call dword ptr [game.exe+863090] { ->KERNEL32.InterlockedExchange } game.exe+1B6DDC - 85 C0 - test eax,eax game.exe+1B6DDE - 0F84 74030000 - je game.exe+1B7158 game.exe+1B6DE4 - 43 - inc ebx game.exe+1B6DE5 - 8B F3 - mov esi,ebx game.exe+1B6DE7 - 3B FB - cmp edi,ebx game.exe+1B6DE9 - 77 97 - ja game.exe+1B6D82 game.exe+1B6DEB - E9 7D030000 - jmp game.exe+1B716D game.exe+1B6DF0 - C7 45 FC 06000000 - mov [ebp-04],00000006 { 6 } game.exe+1B6DF7 - 8B 45 DC - mov eax,[ebp-24] game.exe+1B6DFA - 8B 15 A473C600 - mov edx,[game.exe+8673A4] { [0D312640] } game.exe+1B6E00 - 89 10 - mov [eax],edx game.exe+1B6E02 - A3 A473C600 - mov [game.exe+8673A4],eax { [0D3088A8] } game.exe+1B6E07 - C7 45 FC 05000000 - mov [ebp-04],00000005 { 5 } game.exe+1B6E0E - C7 05 4074C600 00000000 - mov [game.exe+867440],00000000 { [00000000] } game.exe+1B6E18 - 8B 45 90 - mov eax,[ebp-70] game.exe+1B6E1B - 8B 10 - mov edx,[eax] game.exe+1B6E1D - 89 55 DC - mov [ebp-24],edx game.exe+1B6E20 - 33 C9 - xor ecx,ecx game.exe+1B6E22 - 3B D0 - cmp edx,eax game.exe+1B6E24 - 0F94 C1 - sete cl game.exe+1B6E27 - 0FBE C9 - movsx ecx,cl game.exe+1B6E2A - 85 C9 - test ecx,ecx game.exe+1B6E2C - 0F84 01FBFFFF - je game.exe+1B6933 game.exe+1B6E32 - C7 45 FC 07000000 - mov [ebp-04],00000007 { 7 } game.exe+1B6E39 - C7 45 FC 05000000 - mov [ebp-04],00000005 { 5 } game.exe+1B6E40 - 8B 45 90 - mov eax,[ebp-70] game.exe+1B6E43 - 8B 10 - mov edx,[eax] game.exe+1B6E45 - 89 55 D8 - mov [ebp-28],edx game.exe+1B6E48 - 3B D0 - cmp edx,eax game.exe+1B6E4A - 0F84 F2000000 - je game.exe+1B6F42 game.exe+1B6E50 - 8B 45 D8 - mov eax,[ebp-28] game.exe+1B6E53 - 83 C4 F8 - add esp,-08 { 248 } game.exe+1B6E56 - 89 45 C8 - mov [ebp-38],eax game.exe+1B6E59 - 8B 00 - mov eax,[eax] game.exe+1B6E5B - C7 44 24 04 01000000 - mov [esp+04],00000001 { 1 } game.exe+1B6E63 - C7 04 24 4074C600 - mov [esp],game.exe+867440 { [00000000] } game.exe+1B6E6A - 89 45 D8 - mov [ebp-28],eax game.exe+1B6E6D - FF 15 9030C600 - call dword ptr [game.exe+863090] { ->KERNEL32.InterlockedExchange } game.exe+1B6E73 - 85 C0 - test eax,eax game.exe+1B6E75 - 0F84 91000000 - je game.exe+1B6F0C game.exe+1B6E7B - 33 DB - xor ebx,ebx game.exe+1B6E7D - 8B 3D 0073C600 - mov edi,[game.exe+867300] { [0000001E] } game.exe+1B6E83 - A1 2073C600 - mov eax,[game.exe+867320] { [00000000] } game.exe+1B6E88 - 85 FF - test edi,edi game.exe+1B6E8A - C7 45 9C 11000000 - mov [ebp-64],00000011 { 17 } game.exe+1B6E91 - 0F86 36020000 - jbe game.exe+1B70CD game.exe+1B6E97 - D1 E8 - shr eax,1 game.exe+1B6E99 - 33 F6 - xor esi,esi game.exe+1B6E9B - 89 45 BC - mov [ebp-44],eax game.exe+1B6E9E - 8B 45 BC - mov eax,[ebp-44] game.exe+1B6EA1 - 3B F0 - cmp esi,eax game.exe+1B6EA3 - 72 09 - jb game.exe+1B6EAE game.exe+1B6EA5 - A1 4074C600 - mov eax,[game.exe+867440] { [00000000] } game.exe+1B6EAA - 85 C0 - test eax,eax game.exe+1B6EAC - 74 32 - je game.exe+1B6EE0 game.exe+1B6EAE - 8B 45 9C - mov eax,[ebp-64] game.exe+1B6EB1 - 8B 55 9C - mov edx,[ebp-64] game.exe+1B6EB4 - 0FAF D0 - imul edx,eax game.exe+1B6EB7 - 89 55 9C - mov [ebp-64],edx game.exe+1B6EBA - 8B 45 9C - mov eax,[ebp-64] game.exe+1B6EBD - 8B 55 9C - mov edx,[ebp-64] game.exe+1B6EC0 - 0FAF D0 - imul edx,eax game.exe+1B6EC3 - 89 55 9C - mov [ebp-64],edx game.exe+1B6EC6 - 8B 45 9C - mov eax,[ebp-64] game.exe+1B6EC9 - 8B 55 9C - mov edx,[ebp-64] game.exe+1B6ECC - 0FAF D0 - imul edx,eax game.exe+1B6ECF - 89 55 9C - mov [ebp-64],edx game.exe+1B6ED2 - 8B 45 9C - mov eax,[ebp-64] game.exe+1B6ED5 - 8B 55 9C - mov edx,[ebp-64] game.exe+1B6ED8 - 0FAF D0 - imul edx,eax game.exe+1B6EDB - 89 55 9C - mov [ebp-64],edx game.exe+1B6EDE - EB 20 - jmp game.exe+1B6F00 game.exe+1B6EE0 - 83 C4 F8 - add esp,-08 { 248 } game.exe+1B6EE3 - C7 44 24 04 01000000 - mov [esp+04],00000001 { 1 } game.exe+1B6EEB - C7 04 24 4074C600 - mov [esp],game.exe+867440 { [00000000] } game.exe+1B6EF2 - FF 15 9030C600 - call dword ptr [game.exe+863090] { ->KERNEL32.InterlockedExchange } game.exe+1B6EF8 - 85 C0 - test eax,eax game.exe+1B6EFA - 0F84 31020000 - je game.exe+1B7131 game.exe+1B6F00 - 43 - inc ebx game.exe+1B6F01 - 8B F3 - mov esi,ebx game.exe+1B6F03 - 3B FB - cmp edi,ebx game.exe+1B6F05 - 77 97 - ja game.exe+1B6E9E game.exe+1B6F07 - E9 C1010000 - jmp game.exe+1B70CD game.exe+1B6F0C - C7 45 FC 08000000 - mov [ebp-04],00000008 { 8 } game.exe+1B6F13 - 8B 45 C8 - mov eax,[ebp-38] game.exe+1B6F16 - 8B 15 A473C600 - mov edx,[game.exe+8673A4] { [0D312640] } game.exe+1B6F1C - 89 10 - mov [eax],edx game.exe+1B6F1E - A3 A473C600 - mov [game.exe+8673A4],eax { [0D312640] } game.exe+1B6F23 - C7 45 FC 05000000 - mov [ebp-04],00000005 { 5 } game.exe+1B6F2A - C7 05 4074C600 00000000 - mov [game.exe+867440],00000000 { [00000000] } game.exe+1B6F34 - 8B 45 90 - mov eax,[ebp-70] game.exe+1B6F37 - 8B 55 D8 - mov edx,[ebp-28] game.exe+1B6F3A - 3B D0 - cmp edx,eax game.exe+1B6F3C - 0F85 0EFFFFFF - jne game.exe+1B6E50 game.exe+1B6F42 - 89 00 - mov [eax],eax game.exe+1B6F44 - 8B 55 90 - mov edx,[ebp-70] game.exe+1B6F47 - 83 C4 F8 - add esp,-08 { 248 } game.exe+1B6F4A - 89 52 04 - mov [edx+04],edx game.exe+1B6F4D - C7 44 24 04 01000000 - mov [esp+04],00000001 { 1 } game.exe+1B6F55 - 8B 55 90 - mov edx,[ebp-70] game.exe+1B6F58 - C7 04 24 4074C600 - mov [esp],game.exe+867440 { [00000000] } game.exe+1B6F5F - 89 55 C4 - mov [ebp-3C],edx game.exe+1B6F62 - FF 15 9030C600 - call dword ptr [game.exe+863090] { ->KERNEL32.InterlockedExchange } game.exe+1B6F68 - 85 C0 - test eax,eax game.exe+1B6F6A - 0F84 8E000000 - je game.exe+1B6FFE game.exe+1B6F70 - 33 DB - xor ebx,ebx game.exe+1B6F72 - 8B 3D 0073C600 - mov edi,[game.exe+867300] { [0000001E] } game.exe+1B6F78 - A1 2073C600 - mov eax,[game.exe+867320] { [00000000] } game.exe+1B6F7D - 85 FF - test edi,edi game.exe+1B6F7F - C7 45 A4 11000000 - mov [ebp-5C],00000011 { 17 } game.exe+1B6F86 - 0F86 BF000000 - jbe game.exe+1B704B game.exe+1B6F8C - D1 E8 - shr eax,1 game.exe+1B6F8E - 33 F6 - xor esi,esi game.exe+1B6F90 - 89 45 B8 - mov [ebp-48],eax game.exe+1B6F93 - 8B 45 B8 - mov eax,[ebp-48] game.exe+1B6F96 - 3B F0 - cmp esi,eax game.exe+1B6F98 - 72 09 - jb game.exe+1B6FA3 game.exe+1B6F9A - A1 4074C600 - mov eax,[game.exe+867440] { [00000000] } game.exe+1B6F9F - 85 C0 - test eax,eax game.exe+1B6FA1 - 74 32 - je game.exe+1B6FD5 game.exe+1B6FA3 - 8B 45 A4 - mov eax,[ebp-5C] game.exe+1B6FA6 - 8B 55 A4 - mov edx,[ebp-5C] game.exe+1B6FA9 - 0FAF D0 - imul edx,eax game.exe+1B6FAC - 89 55 A4 - mov [ebp-5C],edx game.exe+1B6FAF - 8B 45 A4 - mov eax,[ebp-5C] game.exe+1B6FB2 - 8B 55 A4 - mov edx,[ebp-5C] game.exe+1B6FB5 - 0FAF D0 - imul edx,eax game.exe+1B6FB8 - 89 55 A4 - mov [ebp-5C],edx game.exe+1B6FBB - 8B 45 A4 - mov eax,[ebp-5C] game.exe+1B6FBE - 8B 55 A4 - mov edx,[ebp-5C] game.exe+1B6FC1 - 0FAF D0 - imul edx,eax game.exe+1B6FC4 - 89 55 A4 - mov [ebp-5C],edx game.exe+1B6FC7 - 8B 45 A4 - mov eax,[ebp-5C] game.exe+1B6FCA - 8B 55 A4 - mov edx,[ebp-5C] game.exe+1B6FCD - 0FAF D0 - imul edx,eax game.exe+1B6FD0 - 89 55 A4 - mov [ebp-5C],edx game.exe+1B6FD3 - EB 20 - jmp game.exe+1B6FF5 game.exe+1B6FD5 - 83 C4 F8 - add esp,-08 { 248 } game.exe+1B6FD8 - C7 44 24 04 01000000 - mov [esp+04],00000001 { 1 } game.exe+1B6FE0 - C7 04 24 4074C600 - mov [esp],game.exe+867440 { [00000000] } game.exe+1B6FE7 - FF 15 9030C600 - call dword ptr [game.exe+863090] { ->KERNEL32.InterlockedExchange } game.exe+1B6FED - 85 C0 - test eax,eax game.exe+1B6FEF - 0F84 BA000000 - je game.exe+1B70AF game.exe+1B6FF5 - 43 - inc ebx game.exe+1B6FF6 - 8B F3 - mov esi,ebx game.exe+1B6FF8 - 3B FB - cmp edi,ebx game.exe+1B6FFA - 77 97 - ja game.exe+1B6F93 game.exe+1B6FFC - EB 4D - jmp game.exe+1B704B game.exe+1B6FFE - C7 45 FC 09000000 - mov [ebp-04],00000009 { 9 } game.exe+1B7005 - 8B 45 C4 - mov eax,[ebp-3C] game.exe+1B7008 - 8B 15 A473C600 - mov edx,[game.exe+8673A4] { [0D312640] } game.exe+1B700E - 89 10 - mov [eax],edx game.exe+1B7010 - A3 A473C600 - mov [game.exe+8673A4],eax { [0D312640] } game.exe+1B7015 - C7 45 FC 05000000 - mov [ebp-04],00000005 { 5 } game.exe+1B701C - C7 05 4074C600 00000000 - mov [game.exe+867440],00000000 { [00000000] } game.exe+1B7026 - C7 45 FC FFFFFFFF - mov [ebp-04],FFFFFFFF { -1 } game.exe+1B702D - 8B 45 AC - mov eax,[ebp-54] game.exe+1B7030 - 8B 4D F4 - mov ecx,[ebp-0C] game.exe+1B7033 - 64 89 0D 00000000 - mov fs:[00000000],ecx { 0 } game.exe+1B703A - 8B 1C 24 - mov ebx,[esp] game.exe+1B703D - 8B 74 24 04 - mov esi,[esp+04] game.exe+1B7041 - 8B 7C 24 08 - mov edi,[esp+08] game.exe+1B7045 - 8B E5 - mov esp,ebp game.exe+1B7047 - 5D - pop ebp game.exe+1B7048 - C2 0C00 - ret 000C { 12 } game.exe+1B704B - C7 05 0073C600 1E000000 - mov [game.exe+867300],0000001E { [0000001E] } game.exe+1B7055 - 33 F6 - xor esi,esi game.exe+1B7057 - 8D 5E 06 - lea ebx,[esi+06] game.exe+1B705A - 83 FB 1B - cmp ebx,1B { 27 } game.exe+1B705D - 7E 05 - jle game.exe+1B7064 game.exe+1B705F - BB 1B000000 - mov ebx,0000001B { 27 } game.exe+1B7064 - 83 C4 F8 - add esp,-08 { 248 } game.exe+1B7067 - C7 44 24 04 01000000 - mov [esp+04],00000001 { 1 } game.exe+1B706F - C7 04 24 4074C600 - mov [esp],game.exe+867440 { [00000000] } game.exe+1B7076 - FF 15 9030C600 - call dword ptr [game.exe+863090] { ->KERNEL32.InterlockedExchange } game.exe+1B707C - 85 C0 - test eax,eax game.exe+1B707E - 0F84 7AFFFFFF - je game.exe+1B6FFE game.exe+1B7084 - 83 FB 14 - cmp ebx,14 { 20 } game.exe+1B7087 - 7F 10 - jg game.exe+1B7099 game.exe+1B7089 - 57 - push edi game.exe+1B708A - C7 04 24 00000000 - mov [esp],00000000 { 0 } game.exe+1B7091 - FF 15 F430C600 - call dword ptr [game.exe+8630F4] { ->->KERNELBASE.Sleep } game.exe+1B7097 - EB 13 - jmp game.exe+1B70AC game.exe+1B7099 - 83 C3 EC - add ebx,-14 { 236 } game.exe+1B709C - B8 01000000 - mov eax,00000001 { 1 } game.exe+1B70A1 - 8B CB - mov ecx,ebx game.exe+1B70A3 - D3 E0 - shl eax,cl game.exe+1B70A5 - 50 - push eax game.exe+1B70A6 - FF 15 F430C600 - call dword ptr [game.exe+8630F4] { ->->KERNELBASE.Sleep } game.exe+1B70AC - 46 - inc esi game.exe+1B70AD - EB A8 - jmp game.exe+1B7057 game.exe+1B70AF - 89 35 2073C600 - mov [game.exe+867320],esi { [00000000] } game.exe+1B70B5 - C7 05 0073C600 E8030000 - mov [game.exe+867300],000003E8 { [0000001E] } game.exe+1B70BF - E9 3AFFFFFF - jmp game.exe+1B6FFE game.exe+1B70C4 - 8D 4D A8 - lea ecx,[ebp-58] game.exe+1B70C7 - E8 D483E5FF - call game.exe+F4A0 game.exe+1B70CC - C3 - ret game.exe+1B70CD - C7 05 0073C600 1E000000 - mov [game.exe+867300],0000001E { [0000001E] } game.exe+1B70D7 - 33 F6 - xor esi,esi game.exe+1B70D9 - 8D 5E 06 - lea ebx,[esi+06] game.exe+1B70DC - 83 FB 1B - cmp ebx,1B { 27 } game.exe+1B70DF - 7E 05 - jle game.exe+1B70E6 game.exe+1B70E1 - BB 1B000000 - mov ebx,0000001B { 27 } game.exe+1B70E6 - 83 C4 F8 - add esp,-08 { 248 } game.exe+1B70E9 - C7 44 24 04 01000000 - mov [esp+04],00000001 { 1 } game.exe+1B70F1 - C7 04 24 4074C600 - mov [esp],game.exe+867440 { [00000000] } game.exe+1B70F8 - FF 15 9030C600 - call dword ptr [game.exe+863090] { ->KERNEL32.InterlockedExchange } game.exe+1B70FE - 85 C0 - test eax,eax game.exe+1B7100 - 0F84 06FEFFFF - je game.exe+1B6F0C game.exe+1B7106 - 83 FB 14 - cmp ebx,14 { 20 } game.exe+1B7109 - 7F 10 - jg game.exe+1B711B game.exe+1B710B - 57 - push edi game.exe+1B710C - C7 04 24 00000000 - mov [esp],00000000 { 0 } game.exe+1B7113 - FF 15 F430C600 - call dword ptr [game.exe+8630F4] { ->->KERNELBASE.Sleep } game.exe+1B7119 - EB 13 - jmp game.exe+1B712E game.exe+1B711B - 83 C3 EC - add ebx,-14 { 236 } game.exe+1B711E - B8 01000000 - mov eax,00000001 { 1 } game.exe+1B7123 - 8B CB - mov ecx,ebx game.exe+1B7125 - D3 E0 - shl eax,cl game.exe+1B7127 - 50 - push eax game.exe+1B7128 - FF 15 F430C600 - call dword ptr [game.exe+8630F4] { ->->KERNELBASE.Sleep } game.exe+1B712E - 46 - inc esi game.exe+1B712F - EB A8 - jmp game.exe+1B70D9 game.exe+1B7131 - 89 35 2073C600 - mov [game.exe+867320],esi { [00000000] } game.exe+1B7137 - C7 05 0073C600 E8030000 - mov [game.exe+867300],000003E8 { [0000001E] } game.exe+1B7141 - E9 C6FDFFFF - jmp game.exe+1B6F0C game.exe+1B7146 - 8D 4D A0 - lea ecx,[ebp-60] game.exe+1B7149 - E8 5283E5FF - call game.exe+F4A0 game.exe+1B714E - C3 - ret game.exe+1B714F - 8D 4D 90 - lea ecx,[ebp-70] game.exe+1B7152 - E8 C9B7E5FF - call game.exe+12920 game.exe+1B7157 - C3 - ret game.exe+1B7158 - 89 35 2073C600 - mov [game.exe+867320],esi { [00000000] } game.exe+1B715E - C7 05 0073C600 E8030000 - mov [game.exe+867300],000003E8 { [0000001E] } game.exe+1B7168 - E9 83FCFFFF - jmp game.exe+1B6DF0 game.exe+1B716D - C7 05 0073C600 1E000000 - mov [game.exe+867300],0000001E { [0000001E] } game.exe+1B7177 - 33 F6 - xor esi,esi game.exe+1B7179 - 8D 5E 06 - lea ebx,[esi+06] game.exe+1B717C - 83 FB 1B - cmp ebx,1B { 27 } game.exe+1B717F - 7E 05 - jle game.exe+1B7186 game.exe+1B7181 - BB 1B000000 - mov ebx,0000001B { 27 } game.exe+1B7186 - 83 C4 F8 - add esp,-08 { 248 } game.exe+1B7189 - C7 44 24 04 01000000 - mov [esp+04],00000001 { 1 } game.exe+1B7191 - C7 04 24 4074C600 - mov [esp],game.exe+867440 { [00000000] } game.exe+1B7198 - FF 15 9030C600 - call dword ptr [game.exe+863090] { ->KERNEL32.InterlockedExchange } game.exe+1B719E - 85 C0 - test eax,eax game.exe+1B71A0 - 0F84 4AFCFFFF - je game.exe+1B6DF0 game.exe+1B71A6 - 83 FB 14 - cmp ebx,14 { 20 } game.exe+1B71A9 - 7F 10 - jg game.exe+1B71BB game.exe+1B71AB - 57 - push edi game.exe+1B71AC - C7 04 24 00000000 - mov [esp],00000000 { 0 } game.exe+1B71B3 - FF 15 F430C600 - call dword ptr [game.exe+8630F4] { ->->KERNELBASE.Sleep } game.exe+1B71B9 - EB 13 - jmp game.exe+1B71CE game.exe+1B71BB - 83 C3 EC - add ebx,-14 { 236 } game.exe+1B71BE - B8 01000000 - mov eax,00000001 { 1 } game.exe+1B71C3 - 8B CB - mov ecx,ebx game.exe+1B71C5 - D3 E0 - shl eax,cl game.exe+1B71C7 - 50 - push eax game.exe+1B71C8 - FF 15 F430C600 - call dword ptr [game.exe+8630F4] { ->->KERNELBASE.Sleep } game.exe+1B71CE - 46 - inc esi game.exe+1B71CF - EB A8 - jmp game.exe+1B7179 game.exe+1B71D1 - 8D 4D 98 - lea ecx,[ebp-68] game.exe+1B71D4 - E8 C782E5FF - call game.exe+F4A0 game.exe+1B71D9 - C3 - ret game.exe+1B71DA - 83 C4 F8 - add esp,-08 { 248 } game.exe+1B71DD - C7 04 24 8070D400 - mov [esp],game.exe+947080 { ["GameSession::getResourceAmountInStores"] } game.exe+1B71E4 - E8 D7915F00 - call game.exe+7B03C0 game.exe+1B71E9 - 33 C0 - xor eax,eax game.exe+1B71EB - 89 04 24 - mov [esp],eax game.exe+1B71EE - 89 44 24 04 - mov [esp+04],eax game.exe+1B71F2 - E8 A3156A00 - call game.exe+85879A game.exe+1B71F7 - B8 FD715B00 - mov eax,game.exe+1B71FD { [139] } game.exe+1B71FC - C3 - ret game.exe+1B71FD - 8B 4D F4 - mov ecx,[ebp-0C] game.exe+1B7200 - 64 89 0D 00000000 - mov fs:[00000000],ecx { 0 } game.exe+1B7207 - 8B 1C 24 - mov ebx,[esp] game.exe+1B720A - 8B 74 24 04 - mov esi,[esp+04] game.exe+1B720E - 8B 7C 24 08 - mov edi,[esp+08] game.exe+1B7212 - 8B E5 - mov esp,ebp game.exe+1B7214 - 5D - pop ebp game.exe+1B7215 - C2 0C00 - ret 000C { 12 } game.exe+1B7218 - 8B 75 E0 - mov esi,[ebp-20] game.exe+1B721B - 8B 7D AC - mov edi,[ebp-54] game.exe+1B721E - B9 FF0F0000 - mov ecx,00000FFF { 4095 } game.exe+1B7223 - 23 CA - and ecx,edx game.exe+1B7225 - C1 EA 14 - shr edx,14 { 20 } game.exe+1B7228 - 89 5D E4 - mov [ebp-1C],ebx game.exe+1B722B - 8B 58 24 - mov ebx,[eax+24] game.exe+1B722E - 8B 1C D3 - mov ebx,[ebx+edx*8] game.exe+1B7231 - 8B 5C 0B 0C - mov ebx,[ebx+ecx+0C] game.exe+1B7235 - BA FF0F0000 - mov edx,00000FFF { 4095 } game.exe+1B723A - 23 D3 - and edx,ebx game.exe+1B723C - C1 EB 14 - shr ebx,14 { 20 } game.exe+1B723F - 8B 48 24 - mov ecx,[eax+24] game.exe+1B7242 - 8B 0C D9 - mov ecx,[ecx+ebx*8] ////////////////////////////////////////////////////////////////////////////////// game.exe+1B7245 - 0FB7 0C 11 - movzx ecx,word ptr [ecx+edx] (Адреса всех ресурсов. Но нет тех которые не открыты - не куплены не построенны производством) ///////////////////////////////////////////////////////////////////////////////// game.exe+1B7249 - 03 F9 - add edi,ecx game.exe+1B724B - 89 7D AC - mov [ebp-54],edi game.exe+1B724E - 8B 8E 74010000 - mov ecx,[esi+00000174] game.exe+1B7254 - 8B 5D E4 - mov ebx,[ebp-1C] game.exe+1B7257 - E9 CDF7FFFF - jmp game.exe+1B6A29 game.exe+1B725C - 8B 55 E0 - mov edx,[ebp-20] game.exe+1B725F - 8B 8A 74010000 - mov ecx,[edx+00000174] game.exe+1B7265 - E9 BFF7FFFF - jmp game.exe+1B6A29
-
При вводе кода на ресурсы (NIce gift) 4-ре инструкции:
1)
005B8C48 - 8B 52 24 - mov edx,[edx+24]
005B8C4B - 8B 14 DA - mov edx,[edx+ebx*8]
005B8C4E - 0FB7 04 0A - movzx eax,word ptr [edx+ecx] <<
005B8C52 - C7 45 FC FFFFFFFF - mov [ebp-04],FFFFFFFF
005B8C59 - 8B 4D F4 - mov ecx,[ebp-0C]EAX=00000008
EBX=000000B9
ECX=000003EC
EDX=05988000
ESI=01900240
EDI=00000360
ESP=0019EA4C
EBP=0019EA98
EIP=005B8C52
2)
005A989E - 8B 49 24 - mov ecx,[ecx+24]
005A98A1 - 8B 0C D1 - mov ecx,[ecx+edx*8]
005A98A4 - 0FB7 14 31 - movzx edx,word ptr [ecx+esi] <<
005A98A8 - 03 FA - add edi,edx
005A98AA - 66 89 3C 31 - mov [ecx+esi],diEAX=0000039C
EBX=0562B040
ECX=05988000
EDX=00000008
ESI=000003EC
EDI=00000064
ESP=0019EA08
EBP=0019EA94
EIP=005A98A83)
005A98A4 - 0FB7 14 31 - movzx edx,word ptr [ecx+esi]
005A98A8 - 03 FA - add edi,edx
005A98AA - 66 89 3C 31 - mov [ecx+esi],di <<
005A98AE - 8B 83 E0030000 - mov eax,[ebx+000003E0]
005A98B4 - 8B 8B 74010000 - mov ecx,[ebx+00000174]EAX=0000039C
EBX=0562B040
ECX=05988000
EDX=00000008
ESI=000003EC
EDI=0000006C
ESP=0019EA08
EBP=0019EA94
EIP=005A98AE4)
005B723F - 8B 48 24 - mov ecx,[eax+24]
005B7242 - 8B 0C D9 - mov ecx,[ecx+ebx*8]
005B7245 - 0FB7 0C 11 - movzx ecx,word ptr [ecx+edx] <<
005B7249 - 03 F9 - add edi,ecx
005B724B - 89 7D AC - mov [ebp-54],ediEAX=0FC4C910
EBX=000000B9
ECX=0000006C
EDX=000003EC
ESI=0562B040
EDI=00000000
ESP=0019E8A4
EBP=0019E948
EIP=005B7249
-
Нашел включение/отключения чата для активации чит кодов.
Спойлерgame.exe+5841BE - 8B 0D 0425CE00 - mov ecx,[game.exe+8E2504] { [04DA4778] } game.exe+5841C4 - E8 B72AE8FF - call game.exe+406C80 game.exe+5841C9 - 3D 90010000 - cmp eax,00000190 { 400 } game.exe+5841CE - 74 22 - je game.exe+5841F2 game.exe+5841D0 - 8B FB - mov edi,ebx game.exe+5841D2 - 33 C0 - xor eax,eax game.exe+5841D4 - 8A 37 - mov dh,[edi] game.exe+5841D6 - 8B CF - mov ecx,edi game.exe+5841D8 - 84 F6 - test dh,dh game.exe+5841DA - 74 08 - je game.exe+5841E4 game.exe+5841DC - 41 - inc ecx game.exe+5841DD - 40 - inc eax game.exe+5841DE - 8A 11 - mov dl,[ecx] game.exe+5841E0 - 84 D2 - test dl,dl game.exe+5841E2 - 75 F8 - jne game.exe+5841DC game.exe+5841E4 - 83 F8 03 - cmp eax,03 { 3 } game.exe+5841E7 - 75 09 - jne game.exe+5841F2 game.exe+5841E9 - 80 3B 4E - cmp byte ptr [ebx],4E { 78 } game.exe+5841EC - 0F84 1E030000 - je game.exe+584510 ////////////////////////////////////////////////////////////////////////////////////////// game.exe+5841F2 - A0 6091CB00 - mov al,[game.exe+8B9160] { [00000001] } (Включение/отключения чата для активации чит кодов) ////////////////////////////////////////////////////////////////////////////////////////// game.exe+5841F7 - 84 C0 - test al,al game.exe+5841F9 - 0F84 34020000 - je game.exe+584433 game.exe+5841FF - BE E070DD00 - mov esi,game.exe+9D70E0 { ["happy hour"] } game.exe+584204 - 8B FB - mov edi,ebx game.exe+584206 - 8A 17 - mov dl,[edi] game.exe+584208 - 3A 16 - cmp dl,[esi] game.exe+58420A - 75 1A - jne game.exe+584226 game.exe+58420C - 0A D2 - or dl,dl game.exe+58420E - 74 12 - je game.exe+584222 game.exe+584210 - 8A 57 01 - mov dl,[edi+01] game.exe+584213 - 3A 56 01 - cmp dl,[esi+01] game.exe+584216 - 75 0E - jne game.exe+584226 game.exe+584218 - 83 C7 02 - add edi,02 { 2 } game.exe+58421B - 83 C6 02 - add esi,02 { 2 } game.exe+58421E - 0A D2 - or dl,dl game.exe+584220 - 75 E4 - jne game.exe+584206 game.exe+584222 - 33 C0 - xor eax,eax game.exe+584224 - EB 05 - jmp game.exe+58422B game.exe+584226 - 1B C0 - sbb eax,eax game.exe+584228 - 83 C8 01 - or eax,01 { 1 } game.exe+58422B - 85 C0 - test eax,eax game.exe+58422D - 0F84 6B010000 - je game.exe+58439E game.exe+584233 - BE C070DD00 - mov esi,game.exe+9D70C0 { ["toggle fog"] } game.exe+584238 - 8B FB - mov edi,ebx game.exe+58423A - 8A 17 - mov dl,[edi] game.exe+58423C - 3A 16 - cmp dl,[esi] game.exe+58423E - 75 1A - jne game.exe+58425A game.exe+584240 - 0A D2 - or dl,dl game.exe+584242 - 74 12 - je game.exe+584256 game.exe+584244 - 8A 57 01 - mov dl,[edi+01] game.exe+584247 - 3A 56 01 - cmp dl,[esi+01] game.exe+58424A - 75 0E - jne game.exe+58425A game.exe+58424C - 83 C7 02 - add edi,02 { 2 } game.exe+58424F - 83 C6 02 - add esi,02 { 2 } game.exe+584252 - 0A D2 - or dl,dl game.exe+584254 - 75 E4 - jne game.exe+58423A game.exe+584256 - 33 C0 - xor eax,eax game.exe+584258 - EB 05 - jmp game.exe+58425F game.exe+58425A - 1B C0 - sbb eax,eax game.exe+58425C - 83 C8 01 - or eax,01 { 1 } game.exe+58425F - 85 C0 - test eax,eax game.exe+584261 - 0F84 B3000000 - je game.exe+58431A game.exe+584267 - BE A070DD00 - mov esi,game.exe+9D70A0 { ["nice gift"] } game.exe+58426C - 8B FB - mov edi,ebx game.exe+58426E - 8A 17 - mov dl,[edi] game.exe+584270 - 3A 16 - cmp dl,[esi] game.exe+584272 - 75 1A - jne game.exe+58428E game.exe+584274 - 0A D2 - or dl,dl game.exe+584276 - 74 12 - je game.exe+58428A game.exe+584278 - 8A 57 01 - mov dl,[edi+01] game.exe+58427B - 3A 56 01 - cmp dl,[esi+01] game.exe+58427E - 75 0E - jne game.exe+58428E game.exe+584280 - 83 C7 02 - add edi,02 { 2 } game.exe+584283 - 83 C6 02 - add esi,02 { 2 } game.exe+584286 - 0A D2 - or dl,dl game.exe+584288 - 75 E4 - jne game.exe+58426E game.exe+58428A - 33 C0 - xor eax,eax game.exe+58428C - EB 05 - jmp game.exe+584293 game.exe+58428E - 1B C0 - sbb eax,eax game.exe+584290 - 83 C8 01 - or eax,01 { 1 } game.exe+584293 - 85 C0 - test eax,eax game.exe+584295 - 0F85 98010000 - jne game.exe+584433 game.exe+58429B - 8B 4D E4 - mov ecx,[ebp-1C] game.exe+58429E - 8B 41 70 - mov eax,[ecx+70] game.exe+5842A1 - 8B 88 18040000 - mov ecx,[eax+00000418] game.exe+5842A7 - 0FB6 90 D9020000 - movzx edx,byte ptr [eax+000002D9] game.exe+5842AE - 2B 88 14040000 - sub ecx,[eax+00000414] game.exe+5842B4 - C1 F9 02 - sar ecx,02 { 2 } game.exe+5842B7 - 3B CA - cmp ecx,edx game.exe+5842B9 - 0F87 20080000 - ja game.exe+584ADF game.exe+5842BF - 33 C0 - xor eax,eax game.exe+5842C1 - 89 45 C8 - mov [ebp-38],eax game.exe+5842C4 - 85 C0 - test eax,eax game.exe+5842C6 - 0F85 90020000 - jne game.exe+58455C game.exe+5842CC - 83 C4 F0 - add esp,-10 { 240 } game.exe+5842CF - C7 04 24 3C000000 - mov [esp],0000003C { 60 } game.exe+5842D6 - C7 44 24 04 18000000 - mov [esp+04],00000018 { 24 } game.exe+5842DE - C7 44 24 08 00000000 - mov [esp+08],00000000 { 0 } game.exe+5842E6 - C7 44 24 0C 01000000 - mov [esp+0C],00000001 { 1 } game.exe+5842EE - E8 CD55D6FF - call game.exe+2E98C0 game.exe+5842F3 - 83 C4 10 - add esp,10 { 16 } game.exe+5842F6 - C7 45 FC FFFFFFFF - mov [ebp-04],FFFFFFFF { -1 } game.exe+5842FD - 33 C0 - xor eax,eax game.exe+5842FF - 8B 4D F4 - mov ecx,[ebp-0C] game.exe+584302 - 64 89 0D 00000000 - mov fs:[00000000],ecx { 0 } game.exe+584309 - 8B 1C 24 - mov ebx,[esp] game.exe+58430C - 8B 74 24 04 - mov esi,[esp+04] game.exe+584310 - 8B 7C 24 08 - mov edi,[esp+08] game.exe+584314 - 8B E5 - mov esp,ebp game.exe+584316 - 5D - pop ebp game.exe+584317 - C2 0400 - ret 0004 { 4 } game.exe+58431A - 8B 55 E4 - mov edx,[ebp-1C] game.exe+58431D - 8B 42 70 - mov eax,[edx+70] game.exe+584320 - 0FB6 90 D9020000 - movzx edx,byte ptr [eax+000002D9] game.exe+584327 - 0FB6 0D 28D4CC00 - movzx ecx,byte ptr [game.exe+8CD428] { [00000000] } game.exe+58432E - 33 DB - xor ebx,ebx game.exe+584330 - 3B CA - cmp ecx,edx game.exe+584332 - 0F94 C3 - sete bl game.exe+584335 - 0FBE DB - movsx ebx,bl game.exe+584338 - 85 DB - test ebx,ebx game.exe+58433A - 74 09 - je game.exe+584345 game.exe+58433C - C6 05 28D4CC00 00 - mov byte ptr [game.exe+8CD428],00 { [00000000] } game.exe+584343 - EB 0B - jmp game.exe+584350 game.exe+584345 - 8A 80 D9020000 - mov al,[eax+000002D9] game.exe+58434B - A2 28D4CC00 - mov [game.exe+8CD428],al { [00000000] } game.exe+584350 - 83 C4 F0 - add esp,-10 { 240 } game.exe+584353 - C7 04 24 3C000000 - mov [esp],0000003C { 60 } game.exe+58435A - C7 44 24 04 02010000 - mov [esp+04],00000102 { 258 } game.exe+584362 - C7 44 24 08 00000000 - mov [esp+08],00000000 { 0 } game.exe+58436A - C7 44 24 0C 01000000 - mov [esp+0C],00000001 { 1 } game.exe+584372 - E8 4955D6FF - call game.exe+2E98C0 game.exe+584377 - 83 C4 10 - add esp,10 { 16 } game.exe+58437A - C7 45 FC FFFFFFFF - mov [ebp-04],FFFFFFFF { -1 } game.exe+584381 - 33 C0 - xor eax,eax game.exe+584383 - 8B 4D F4 - mov ecx,[ebp-0C] game.exe+584386 - 64 89 0D 00000000 - mov fs:[00000000],ecx { 0 } game.exe+58438D - 8B 1C 24 - mov ebx,[esp] game.exe+584390 - 8B 74 24 04 - mov esi,[esp+04] game.exe+584394 - 8B 7C 24 08 - mov edi,[esp+08] game.exe+584398 - 8B E5 - mov esp,ebp game.exe+58439A - 5D - pop ebp game.exe+58439B - C2 0400 - ret 0004 { 4 } game.exe+58439E - 8B 45 E4 - mov eax,[ebp-1C] game.exe+5843A1 - 8B 48 70 - mov ecx,[eax+70] game.exe+5843A4 - 8A 81 D9020000 - mov al,[ecx+000002D9] game.exe+5843AA - 88 45 98 - mov [ebp-68],al game.exe+5843AD - 8A 81 D9020000 - mov al,[ecx+000002D9] game.exe+5843B3 - 88 45 9C - mov [ebp-64],al game.exe+5843B6 - 83 C4 F4 - add esp,-0C { 244 } game.exe+5843B9 - 8B FC - mov edi,esp game.exe+5843BB - 8D 75 98 - lea esi,[ebp-68] game.exe+5843BE - 8A 06 - mov al,[esi] game.exe+5843C0 - 88 07 - mov [edi],al game.exe+5843C2 - BF 04000000 - mov edi,00000004 { 4 } game.exe+5843C7 - 03 FC - add edi,esp game.exe+5843C9 - 8D 75 9C - lea esi,[ebp-64] game.exe+5843CC - 8A 06 - mov al,[esi] game.exe+5843CE - 88 07 - mov [edi],al game.exe+5843D0 - C7 44 24 08 01000000 - mov [esp+08],00000001 { 1 } game.exe+5843D8 - E8 9338C2FF - call game.exe+1A7C70 game.exe+5843DD - EB 54 - jmp game.exe+584433 game.exe+5843DF - B8 01000000 - mov eax,00000001 { 1 } game.exe+5843E4 - A2 6091CB00 - mov [game.exe+8B9160],al { [00000001] } game.exe+5843E9 - 83 C4 F0 - add esp,-10 { 240 } game.exe+5843EC - C7 04 24 3C000000 - mov [esp],0000003C { 60 } game.exe+5843F3 - C7 44 24 04 2B000000 - mov [esp+04],0000002B { 43 } game.exe+5843FB - C7 44 24 08 00000000 - mov [esp+08],00000000 { 0 } game.exe+584403 - 89 44 24 0C - mov [esp+0C],eax game.exe+584407 - E8 B454D6FF - call game.exe+2E98C0 game.exe+58440C - 83 C4 10 - add esp,10 { 16 } game.exe+58440F - C7 45 FC FFFFFFFF - mov [ebp-04],FFFFFFFF { -1 } game.exe+584416 - 33 C0 - xor eax,eax game.exe+584418 - 8B 4D F4 - mov ecx,[ebp-0C] game.exe+58441B - 64 89 0D 00000000 - mov fs:[00000000],ecx { 0 } game.exe+584422 - 8B 1C 24 - mov ebx,[esp] game.exe+584425 - 8B 74 24 04 - mov esi,[esp+04] game.exe+584429 - 8B 7C 24 08 - mov edi,[esp+08] game.exe+58442D - 8B E5 - mov esp,ebp game.exe+58442F - 5D - pop ebp game.exe+584430 - C2 0400 - ret 0004 { 4 } game.exe+584433 - C7 45 FC FFFFFFFF - mov [ebp-04],FFFFFFFF { -1 } game.exe+58443A - B8 01000000 - mov eax,00000001 { 1 } game.exe+58443F - 8B 4D F4 - mov ecx,[ebp-0C] game.exe+584442 - 64 89 0D 00000000 - mov fs:[00000000],ecx { 0 } game.exe+584449 - 8B 1C 24 - mov ebx,[esp] game.exe+58444C - 8B 74 24 04 - mov esi,[esp+04] game.exe+584450 - 8B 7C 24 08 - mov edi,[esp+08] game.exe+584454 - 8B E5 - mov esp,ebp game.exe+584456 - 5D - pop ebp game.exe+584457 - C2 0400 - ret 0004 { 4 }
-
Garik66
Спасибо за способ. Работает. Но тут есть что то еще...
Получается что делая:
cmp esi,a4 //a4 это esi 1 ресурса
да ресурсы добавляются. Но в [ecx+esi] со временем набиваются значения которые потом обнуляются, список постоянно увеличивается. Тем самым команда add word ptr [ecx+esi],#100 забивает 100-ками не только нужные нам значения. Но там и другие гвозди. Есть ресурсы которые производятся. И собственно пока ты не купишь их у торговца или не постоишь предприятие производящие его, то адреса не появляются в инструкции которую мы смотрим.
Можно конечно пойти по другому пути...
Для этой игры есть коды. Собственно можно найти значения ресурсов. Поставить бряк и ввести код. Посмотреть какие инструкции срабатывают для записи всех ресурсов.
Чет я совсем запутался....
Спойлер{ Game : game.exe Version: Date : 2018-04-27 Author : Sumrak1988 This script does blah blah blah } [ENABLE] aobscanmodule(Resources,game.exe,03 FA 66 89 3C 31) // should be unique alloc(newmem,$1000) label(code) label(return) label(flag) newmem: add edi,edx mov [ecx+esi],di cmp esi,a4 //(x - подобранный тобою фильтр) 1-ресурс je @f jmp code @@: cmp [flag],1 jne code mov [flag],0 add word ptr [ecx+esi],#100 //значения у тебя в игре в двух байтах. code: add edi,edx mov [ecx+esi],di jmp return flag: dd 1 Resources: jmp newmem nop return: registersymbol(Resources) [DISABLE] Resources: db 03 FA 66 89 3C 31 unregistersymbol(Resources) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: "game.exe"+1A98A8 "game.exe"+1A9887: 89 55 E0 - mov [ebp-20],edx "game.exe"+1A988A: 8B 51 24 - mov edx,[ecx+24] "game.exe"+1A988D: 8B 14 F2 - mov edx,[edx+esi*8] "game.exe"+1A9890: 8B 54 02 0C - mov edx,[edx+eax+0C] "game.exe"+1A9894: BE FF 0F 00 00 - mov esi,00000FFF "game.exe"+1A9899: 23 F2 - and esi,edx "game.exe"+1A989B: C1 EA 14 - shr edx,14 "game.exe"+1A989E: 8B 49 24 - mov ecx,[ecx+24] "game.exe"+1A98A1: 8B 0C D1 - mov ecx,[ecx+edx*8] "game.exe"+1A98A4: 0F B7 14 31 - movzx edx,word ptr [ecx+esi] // ---------- INJECTING HERE ---------- "game.exe"+1A98A8: 03 FA - add edi,edx "game.exe"+1A98AA: 66 89 3C 31 - mov [ecx+esi],di // ---------- DONE INJECTING ---------- "game.exe"+1A98AE: 8B 83 E0 03 00 00 - mov eax,[ebx+000003E0] "game.exe"+1A98B4: 8B 8B 74 01 00 00 - mov ecx,[ebx+00000174] "game.exe"+1A98BA: 8B 55 E0 - mov edx,[ebp-20] "game.exe"+1A98BD: 85 D2 - test edx,edx "game.exe"+1A98BF: 75 04 - jne game.exe+1A98C5 "game.exe"+1A98C1: 33 D2 - xor edx,edx "game.exe"+1A98C3: EB 44 - jmp game.exe+1A9909 "game.exe"+1A98C5: 8B 50 0C - mov edx,[eax+0C] "game.exe"+1A98C8: 8B 5D 08 - mov ebx,[ebp+08] "game.exe"+1A98CB: 8B 70 24 - mov esi,[eax+24] }
-
Доброго всем времени суток.
Решил помучить себя и поломать игру и свою голову)
Игра называется Затерянный мир 4, 2002 год.
Издатель Вообщем сюжет таков:
В игре происходит пассивный сбор ресурсов (камень, дерево, вода). Непосредственно игрок может указывать какие ресурсы собирать, и может их тратить но никакого активного участия в сборе не принимает.
Нахожу значения игровых ресурсов ->F5->mov [ecx+esi],di
Раньше никогда не взламывал игры подобного рода.
Смущают:
mov edx,00000FFF { 4095 }
mov edi,00000FFF { 4095 }
mov eax,00000FFF { 4095 } - Для чего?
Большая просьба объяснить как это работает и по какому принципу происходит изменения, взлом. С уважением Александр.
Спойлерgame.exe+1A95E0 - 55 - push ebp game.exe+1A95E1 - 8B EC - mov ebp,esp game.exe+1A95E3 - 6A FF - push -01 { 255 } game.exe+1A95E5 - 68 609D5A00 - push game.exe+1A9D60 { [D31580B8] } game.exe+1A95EA - 64 A1 00000000 - mov eax,fs:[00000000] { 0 } game.exe+1A95F0 - 50 - push eax game.exe+1A95F1 - 64 89 25 00000000 - mov fs:[00000000],esp { 0 } game.exe+1A95F8 - 81 EC 80000000 - sub esp,00000080 { 128 } game.exe+1A95FE - 89 7C 24 08 - mov [esp+08],edi game.exe+1A9602 - 89 74 24 04 - mov [esp+04],esi game.exe+1A9606 - 89 1C 24 - mov [esp],ebx game.exe+1A9609 - 89 65 F0 - mov [ebp-10],esp game.exe+1A960C - 89 4D DC - mov [ebp-24],ecx game.exe+1A960F - C7 45 FC 00000000 - mov [ebp-04],00000000 { 0 } game.exe+1A9616 - 8B C1 - mov eax,ecx game.exe+1A9618 - 33 D2 - xor edx,edx game.exe+1A961A - 89 55 D8 - mov [ebp-28],edx game.exe+1A961D - 8B 88 E0030000 - mov ecx,[eax+000003E0] game.exe+1A9623 - 8B B0 20010000 - mov esi,[eax+00000120] game.exe+1A9629 - 8B 45 08 - mov eax,[ebp+08] game.exe+1A962C - 85 C0 - test eax,eax game.exe+1A962E - 75 04 - jne game.exe+1A9634 game.exe+1A9630 - 33 C0 - xor eax,eax game.exe+1A9632 - EB 53 - jmp game.exe+1A9687 game.exe+1A9634 - 8B 41 0C - mov eax,[ecx+0C] game.exe+1A9637 - 8B 5D 08 - mov ebx,[ebp+08] game.exe+1A963A - 8B 51 24 - mov edx,[ecx+24] game.exe+1A963D - 8B FE - mov edi,esi game.exe+1A963F - C1 E7 04 - shl edi,04 { 4 } game.exe+1A9642 - 89 4D E0 - mov [ebp-20],ecx game.exe+1A9645 - 8B CE - mov ecx,esi game.exe+1A9647 - C1 E1 05 - shl ecx,05 { 5 } game.exe+1A964A - 89 55 E4 - mov [ebp-1C],edx game.exe+1A964D - 8B D7 - mov edx,edi game.exe+1A964F - 03 D1 - add edx,ecx game.exe+1A9651 - 8B 4C 10 0C - mov ecx,[eax+edx+0C] game.exe+1A9655 - 03 D9 - add ebx,ecx game.exe+1A9657 - B9 FF0F0000 - mov ecx,00000FFF { 4095 } game.exe+1A965C - 23 CB - and ecx,ebx game.exe+1A965E - 8B FB - mov edi,ebx game.exe+1A9660 - C1 EF 14 - shr edi,14 { 20 } game.exe+1A9663 - 89 75 E8 - mov [ebp-18],esi game.exe+1A9666 - 8B 75 E4 - mov esi,[ebp-1C] game.exe+1A9669 - 8B 34 FE - mov esi,[esi+edi*8] game.exe+1A966C - 8B 3C 0E - mov edi,[esi+ecx] game.exe+1A966F - 3B FB - cmp edi,ebx game.exe+1A9671 - 8B 75 E8 - mov esi,[ebp-18] game.exe+1A9674 - 8B 4D E0 - mov ecx,[ebp-20] game.exe+1A9677 - 75 04 - jne game.exe+1A967D game.exe+1A9679 - 33 C0 - xor eax,eax game.exe+1A967B - EB 0A - jmp game.exe+1A9687 game.exe+1A967D - 8B 44 10 10 - mov eax,[eax+edx+10] game.exe+1A9681 - 8B D8 - mov ebx,eax game.exe+1A9683 - 8B C7 - mov eax,edi game.exe+1A9685 - 2B C3 - sub eax,ebx game.exe+1A9687 - 8B 55 0C - mov edx,[ebp+0C] game.exe+1A968A - 89 55 CC - mov [ebp-34],edx game.exe+1A968D - 85 C0 - test eax,eax game.exe+1A968F - 74 6B - je game.exe+1A96FC game.exe+1A9691 - 8B 55 DC - mov edx,[ebp-24] game.exe+1A9694 - 8B 92 3C010000 - mov edx,[edx+0000013C] game.exe+1A969A - 89 55 D0 - mov [ebp-30],edx game.exe+1A969D - 85 C0 - test eax,eax game.exe+1A969F - 75 04 - jne game.exe+1A96A5 game.exe+1A96A1 - 33 D2 - xor edx,edx game.exe+1A96A3 - EB 49 - jmp game.exe+1A96EE game.exe+1A96A5 - 8B 5D D0 - mov ebx,[ebp-30] game.exe+1A96A8 - 8B 51 0C - mov edx,[ecx+0C] game.exe+1A96AB - 8B FB - mov edi,ebx game.exe+1A96AD - C1 E7 04 - shl edi,04 { 4 } game.exe+1A96B0 - C1 E3 05 - shl ebx,05 { 5 } game.exe+1A96B3 - 03 FB - add edi,ebx game.exe+1A96B5 - 89 7D D4 - mov [ebp-2C],edi game.exe+1A96B8 - 8B D8 - mov ebx,eax game.exe+1A96BA - 03 5C 3A 10 - add ebx,[edx+edi+10] game.exe+1A96BE - 8B 79 24 - mov edi,[ecx+24] game.exe+1A96C1 - 89 75 E0 - mov [ebp-20],esi game.exe+1A96C4 - 8B F3 - mov esi,ebx game.exe+1A96C6 - C1 EE 14 - shr esi,14 { 20 } game.exe+1A96C9 - 81 E3 FF0F0000 - and ebx,00000FFF { 4095 } game.exe+1A96CF - 8B 3C F7 - mov edi,[edi+esi*8] game.exe+1A96D2 - 8B 7C 1F 08 - mov edi,[edi+ebx+08] game.exe+1A96D6 - 85 FF - test edi,edi game.exe+1A96D8 - 8B 75 E0 - mov esi,[ebp-20] game.exe+1A96DB - 74 0F - je game.exe+1A96EC game.exe+1A96DD - 8B 5D D4 - mov ebx,[ebp-2C] game.exe+1A96E0 - 8B 54 1A 0C - mov edx,[edx+ebx+0C] game.exe+1A96E4 - 8B DA - mov ebx,edx game.exe+1A96E6 - 8B D7 - mov edx,edi game.exe+1A96E8 - 2B D3 - sub edx,ebx game.exe+1A96EA - EB 02 - jmp game.exe+1A96EE game.exe+1A96EC - 33 D2 - xor edx,edx game.exe+1A96EE - 8B 5D CC - mov ebx,[ebp-34] game.exe+1A96F1 - 3B D3 - cmp edx,ebx game.exe+1A96F3 - 0F85 9F050000 - jne game.exe+1A9C98 game.exe+1A96F9 - 89 45 D8 - mov [ebp-28],eax game.exe+1A96FC - 8B 45 D8 - mov eax,[ebp-28] game.exe+1A96FF - 85 C0 - test eax,eax game.exe+1A9701 - 0F85 6A010000 - jne game.exe+1A9871 game.exe+1A9707 - 8B 45 DC - mov eax,[ebp-24] game.exe+1A970A - 8B 80 E0000000 - mov eax,[eax+000000E0] game.exe+1A9710 - 50 - push eax game.exe+1A9711 - E8 CA286100 - call game.exe+7BBFE0 game.exe+1A9716 - 8B 55 08 - mov edx,[ebp+08] game.exe+1A9719 - 8B 5D DC - mov ebx,[ebp-24] game.exe+1A971C - 89 45 D8 - mov [ebp-28],eax game.exe+1A971F - 8B 8B E0030000 - mov ecx,[ebx+000003E0] game.exe+1A9725 - 8B 83 20010000 - mov eax,[ebx+00000120] game.exe+1A972B - 85 D2 - test edx,edx game.exe+1A972D - 0F84 95000000 - je game.exe+1A97C8 game.exe+1A9733 - 8B 55 D8 - mov edx,[ebp-28] game.exe+1A9736 - 85 D2 - test edx,edx game.exe+1A9738 - 0F84 8A000000 - je game.exe+1A97C8 game.exe+1A973E - 8B 51 0C - mov edx,[ecx+0C] game.exe+1A9741 - 8B 5D D8 - mov ebx,[ebp-28] game.exe+1A9744 - 8B 71 24 - mov esi,[ecx+24] game.exe+1A9747 - 8B F8 - mov edi,eax game.exe+1A9749 - C1 E7 04 - shl edi,04 { 4 } game.exe+1A974C - C1 E0 05 - shl eax,05 { 5 } game.exe+1A974F - 03 F8 - add edi,eax game.exe+1A9751 - 8B 45 08 - mov eax,[ebp+08] game.exe+1A9754 - 03 5C 3A 10 - add ebx,[edx+edi+10] game.exe+1A9758 - 8B 54 3A 0C - mov edx,[edx+edi+0C] game.exe+1A975C - BF FF0F0000 - mov edi,00000FFF { 4095 } game.exe+1A9761 - 23 FB - and edi,ebx game.exe+1A9763 - 03 C2 - add eax,edx game.exe+1A9765 - 8B D3 - mov edx,ebx game.exe+1A9767 - C1 EA 14 - shr edx,14 { 20 } game.exe+1A976A - 8B 34 D6 - mov esi,[esi+edx*8] game.exe+1A976D - BA FF0F0000 - mov edx,00000FFF { 4095 } game.exe+1A9772 - 23 D0 - and edx,eax game.exe+1A9774 - 89 5D E0 - mov [ebp-20],ebx game.exe+1A9777 - 8B D8 - mov ebx,eax game.exe+1A9779 - C1 EB 14 - shr ebx,14 { 20 } game.exe+1A977C - 89 55 E4 - mov [ebp-1C],edx game.exe+1A977F - 8B 51 24 - mov edx,[ecx+24] game.exe+1A9782 - 8B 14 DA - mov edx,[edx+ebx*8] game.exe+1A9785 - 89 44 3E 08 - mov [esi+edi+08],eax game.exe+1A9789 - 89 04 3E - mov [esi+edi],eax game.exe+1A978C - 8B 5D DC - mov ebx,[ebp-24] game.exe+1A978F - 8B 45 E4 - mov eax,[ebp-1C] game.exe+1A9792 - 89 5D E8 - mov [ebp-18],ebx game.exe+1A9795 - 8B 5C 02 04 - mov ebx,[edx+eax+04] game.exe+1A9799 - 89 5C 3E 04 - mov [esi+edi+04],ebx game.exe+1A979D - FF 44 02 08 - inc [edx+eax+08] game.exe+1A97A1 - 8B 5D E0 - mov ebx,[ebp-20] game.exe+1A97A4 - 89 5C 02 04 - mov [edx+eax+04],ebx game.exe+1A97A8 - 8B 74 3E 04 - mov esi,[esi+edi+04] game.exe+1A97AC - 8B 49 24 - mov ecx,[ecx+24] game.exe+1A97AF - BA FF0F0000 - mov edx,00000FFF { 4095 } game.exe+1A97B4 - 23 D6 - and edx,esi game.exe+1A97B6 - C1 EE 14 - shr esi,14 { 20 } game.exe+1A97B9 - 8B 0C F1 - mov ecx,[ecx+esi*8] game.exe+1A97BC - 89 1C 11 - mov [ecx+edx],ebx game.exe+1A97BF - 8B 55 E8 - mov edx,[ebp-18] game.exe+1A97C2 - 8B 8A E0030000 - mov ecx,[edx+000003E0] game.exe+1A97C8 - 8B 55 DC - mov edx,[ebp-24] game.exe+1A97CB - 8B 5D CC - mov ebx,[ebp-34] game.exe+1A97CE - 8B 82 3C010000 - mov eax,[edx+0000013C] game.exe+1A97D4 - 85 DB - test ebx,ebx game.exe+1A97D6 - 0F84 95000000 - je game.exe+1A9871 game.exe+1A97DC - 8B 55 D8 - mov edx,[ebp-28] game.exe+1A97DF - 85 D2 - test edx,edx game.exe+1A97E1 - 0F84 8A000000 - je game.exe+1A9871 game.exe+1A97E7 - 8B 51 0C - mov edx,[ecx+0C] game.exe+1A97EA - 8B 5D D8 - mov ebx,[ebp-28] game.exe+1A97ED - 8B 71 24 - mov esi,[ecx+24] game.exe+1A97F0 - 8B F8 - mov edi,eax game.exe+1A97F2 - C1 E7 04 - shl edi,04 { 4 } game.exe+1A97F5 - C1 E0 05 - shl eax,05 { 5 } game.exe+1A97F8 - 03 F8 - add edi,eax game.exe+1A97FA - 8B 45 CC - mov eax,[ebp-34] game.exe+1A97FD - 03 5C 3A 10 - add ebx,[edx+edi+10] game.exe+1A9801 - 8B 54 3A 0C - mov edx,[edx+edi+0C] game.exe+1A9805 - BF FF0F0000 - mov edi,00000FFF { 4095 } game.exe+1A980A - 23 FB - and edi,ebx game.exe+1A980C - 03 C2 - add eax,edx game.exe+1A980E - 8B D3 - mov edx,ebx game.exe+1A9810 - C1 EA 14 - shr edx,14 { 20 } game.exe+1A9813 - 8B 34 D6 - mov esi,[esi+edx*8] game.exe+1A9816 - BA FF0F0000 - mov edx,00000FFF { 4095 } game.exe+1A981B - 23 D0 - and edx,eax game.exe+1A981D - 89 5D E0 - mov [ebp-20],ebx game.exe+1A9820 - 8B D8 - mov ebx,eax game.exe+1A9822 - C1 EB 14 - shr ebx,14 { 20 } game.exe+1A9825 - 89 55 E4 - mov [ebp-1C],edx game.exe+1A9828 - 8B 51 24 - mov edx,[ecx+24] game.exe+1A982B - 8B 14 DA - mov edx,[edx+ebx*8] game.exe+1A982E - 89 44 3E 08 - mov [esi+edi+08],eax game.exe+1A9832 - 89 04 3E - mov [esi+edi],eax game.exe+1A9835 - 8B 5D DC - mov ebx,[ebp-24] game.exe+1A9838 - 8B 45 E4 - mov eax,[ebp-1C] game.exe+1A983B - 89 5D E8 - mov [ebp-18],ebx game.exe+1A983E - 8B 5C 02 04 - mov ebx,[edx+eax+04] game.exe+1A9842 - 89 5C 3E 04 - mov [esi+edi+04],ebx game.exe+1A9846 - FF 44 02 08 - inc [edx+eax+08] game.exe+1A984A - 8B 5D E0 - mov ebx,[ebp-20] game.exe+1A984D - 89 5C 02 04 - mov [edx+eax+04],ebx game.exe+1A9851 - 8B 74 3E 04 - mov esi,[esi+edi+04] game.exe+1A9855 - 8B 49 24 - mov ecx,[ecx+24] game.exe+1A9858 - BA FF0F0000 - mov edx,00000FFF { 4095 } game.exe+1A985D - 23 D6 - and edx,esi game.exe+1A985F - C1 EE 14 - shr esi,14 { 20 } game.exe+1A9862 - 8B 0C F1 - mov ecx,[ecx+esi*8] game.exe+1A9865 - 89 1C 11 - mov [ecx+edx],ebx game.exe+1A9868 - 8B 55 E8 - mov edx,[ebp-18] game.exe+1A986B - 8B 8A E0030000 - mov ecx,[edx+000003E0] game.exe+1A9871 - 8B 55 08 - mov edx,[ebp+08] game.exe+1A9874 - 8B 5D DC - mov ebx,[ebp-24] game.exe+1A9877 - 8B 75 D8 - mov esi,[ebp-28] game.exe+1A987A - 8B 7D 10 - mov edi,[ebp+10] game.exe+1A987D - B8 FF0F0000 - mov eax,00000FFF { 4095 } game.exe+1A9882 - 23 C6 - and eax,esi game.exe+1A9884 - C1 EE 14 - shr esi,14 { 20 } game.exe+1A9887 - 89 55 E0 - mov [ebp-20],edx game.exe+1A988A - 8B 51 24 - mov edx,[ecx+24] game.exe+1A988D - 8B 14 F2 - mov edx,[edx+esi*8] game.exe+1A9890 - 8B 54 02 0C - mov edx,[edx+eax+0C] game.exe+1A9894 - BE FF0F0000 - mov esi,00000FFF { 4095 } game.exe+1A9899 - 23 F2 - and esi,edx game.exe+1A989B - C1 EA 14 - shr edx,14 { 20 } game.exe+1A989E - 8B 49 24 - mov ecx,[ecx+24] game.exe+1A98A1 - 8B 0C D1 - mov ecx,[ecx+edx*8] ////////////////////////////////////////////////////////////////////////////////////////////// game.exe+1A98A4 - 0FB7 14 31 - movzx edx,word ptr [ecx+esi] Адреса к которым обращяется данная инструкция: Адрес Значение Хиты 075D8248 0 5 075D82F0 0 7 075D81F4 1 6 075D8494 1 7 075D8398 1 5 075D84E8 1 4 075D853C 1 4 075D8344 2 4 075D83EC 6 4 075D829C 6 1 075D80F 45 14 //ресурс фрукты 075D8050 74 11 //ресурс дерево 075D80A4 76 5 //ресурс камень | game.exe+1A98A8 - 03 FA - add edi,edx game.exe+1A98AA - 66 89 3C 31 - mov [ecx+esi],di ////////////////////////////////////////////////////////////////////////////////////////////// game.exe+1A98AE - 8B 83 E0030000 - mov eax,[ebx+000003E0] game.exe+1A98B4 - 8B 8B 74010000 - mov ecx,[ebx+00000174] game.exe+1A98BA - 8B 55 E0 - mov edx,[ebp-20] game.exe+1A98BD - 85 D2 - test edx,edx game.exe+1A98BF - 75 04 - jne game.exe+1A98C5 game.exe+1A98C1 - 33 D2 - xor edx,edx game.exe+1A98C3 - EB 44 - jmp game.exe+1A9909 game.exe+1A98C5 - 8B 50 0C - mov edx,[eax+0C] game.exe+1A98C8 - 8B 5D 08 - mov ebx,[ebp+08] game.exe+1A98CB - 8B 70 24 - mov esi,[eax+24] game.exe+1A98CE - 8B F9 - mov edi,ecx game.exe+1A98D0 - C1 E7 04 - shl edi,04 { 4 } game.exe+1A98D3 - 89 45 E0 - mov [ebp-20],eax game.exe+1A98D6 - 8B C1 - mov eax,ecx game.exe+1A98D8 - C1 E0 05 - shl eax,05 { 5 } game.exe+1A98DB - 03 F8 - add edi,eax game.exe+1A98DD - 8B 44 3A 10 - mov eax,[edx+edi+10] game.exe+1A98E1 - 03 D8 - add ebx,eax game.exe+1A98E3 - B8 FF0F0000 - mov eax,00000FFF { 4095 } game.exe+1A98E8 - 23 C3 - and eax,ebx game.exe+1A98EA - C1 EB 14 - shr ebx,14 { 20 } game.exe+1A98ED - 8B 34 DE - mov esi,[esi+ebx*8] game.exe+1A98F0 - 8B 74 06 08 - mov esi,[esi+eax+08] game.exe+1A98F4 - 85 F6 - test esi,esi game.exe+1A98F6 - 8B 45 E0 - mov eax,[ebp-20] game.exe+1A98F9 - 74 0C - je game.exe+1A9907 game.exe+1A98FB - 8B 54 3A 0C - mov edx,[edx+edi+0C] game.exe+1A98FF - 8B DA - mov ebx,edx game.exe+1A9901 - 8B D6 - mov edx,esi game.exe+1A9903 - 2B D3 - sub edx,ebx game.exe+1A9905 - EB 02 - jmp game.exe+1A9909 game.exe+1A9907 - 33 D2 - xor edx,edx game.exe+1A9909 - BB FF0F0000 - mov ebx,00000FFF { 4095 } game.exe+1A990E - 23 DA - and ebx,edx game.exe+1A9910 - C1 EA 14 - shr edx,14 { 20 } game.exe+1A9913 - 8B 70 24 - mov esi,[eax+24] game.exe+1A9916 - 8B 34 D6 - mov esi,[esi+edx*8] game.exe+1A9919 - 8B 74 1E 0C - mov esi,[esi+ebx+0C] game.exe+1A991D - BB FF0F0000 - mov ebx,00000FFF { 4095 } game.exe+1A9922 - 23 DE - and ebx,esi game.exe+1A9924 - C1 EE 14 - shr esi,14 { 20 } game.exe+1A9927 - 8B 78 24 - mov edi,[eax+24] game.exe+1A992A - 8B 3C F7 - mov edi,[edi+esi*8] game.exe+1A992D - 0FB6 7C 1F 43 - movzx edi,byte ptr [edi+ebx+43] game.exe+1A9932 - 33 DB - xor ebx,ebx game.exe+1A9934 - 83 FF 02 - cmp edi,02 { 2 } game.exe+1A9937 - 0F94 C3 - sete bl game.exe+1A993A - 0FBE DB - movsx ebx,bl game.exe+1A993D - 85 DB - test ebx,ebx game.exe+1A993F - 75 0A - jne game.exe+1A994B game.exe+1A9941 - B8 00040000 - mov eax,00000400 { 1024 } game.exe+1A9946 - E9 C3020000 - jmp game.exe+1A9C0E game.exe+1A994B - 8B 55 08 - mov edx,[ebp+08] game.exe+1A994E - 85 D2 - test edx,edx game.exe+1A9950 - 75 04 - jne game.exe+1A9956 game.exe+1A9952 - 33 D2 - xor edx,edx game.exe+1A9954 - EB 3C - jmp game.exe+1A9992 game.exe+1A9956 - 8B 50 0C - mov edx,[eax+0C] game.exe+1A9959 - 8B 5D 08 - mov ebx,[ebp+08] game.exe+1A995C - 8B 78 24 - mov edi,[eax+24] game.exe+1A995F - 8B F1 - mov esi,ecx game.exe+1A9961 - C1 E6 04 - shl esi,04 { 4 } game.exe+1A9964 - C1 E1 05 - shl ecx,05 { 5 } game.exe+1A9967 - 03 F1 - add esi,ecx game.exe+1A9969 - 8B 4C 32 10 - mov ecx,[edx+esi+10] game.exe+1A996D - 03 D9 - add ebx,ecx game.exe+1A996F - B9 FF0F0000 - mov ecx,00000FFF { 4095 } game.exe+1A9974 - 23 CB - and ecx,ebx game.exe+1A9976 - C1 EB 14 - shr ebx,14 { 20 } game.exe+1A9979 - 8B 3C DF - mov edi,[edi+ebx*8] game.exe+1A997C - 8B 4C 0F 08 - mov ecx,[edi+ecx+08] game.exe+1A9980 - 85 C9 - test ecx,ecx game.exe+1A9982 - 74 0C - je game.exe+1A9990 game.exe+1A9984 - 8B 54 32 0C - mov edx,[edx+esi+0C] game.exe+1A9988 - 8B DA - mov ebx,edx game.exe+1A998A - 8B D1 - mov edx,ecx game.exe+1A998C - 2B D3 - sub edx,ebx game.exe+1A998E - EB 02 - jmp game.exe+1A9992 game.exe+1A9990 - 33 D2 - xor edx,edx game.exe+1A9992 - 8B 5D DC - mov ebx,[ebp-24] game.exe+1A9995 - 85 D2 - test edx,edx game.exe+1A9997 - 8B 8B 90010000 - mov ecx,[ebx+00000190] game.exe+1A999D - 75 04 - jne game.exe+1A99A3 game.exe+1A999F - 33 D2 - xor edx,edx game.exe+1A99A1 - EB 3C - jmp game.exe+1A99DF game.exe+1A99A3 - 8B 58 24 - mov ebx,[eax+24] game.exe+1A99A6 - 8B F9 - mov edi,ecx game.exe+1A99A8 - C1 E7 04 - shl edi,04 { 4 } game.exe+1A99AB - C1 E1 05 - shl ecx,05 { 5 } game.exe+1A99AE - 8B F7 - mov esi,edi game.exe+1A99B0 - 03 F1 - add esi,ecx game.exe+1A99B2 - 8B FA - mov edi,edx game.exe+1A99B4 - 8B 50 0C - mov edx,[eax+0C] game.exe+1A99B7 - 03 7C 32 10 - add edi,[edx+esi+10] game.exe+1A99BB - 8B CF - mov ecx,edi game.exe+1A99BD - C1 E9 14 - shr ecx,14 { 20 } game.exe+1A99C0 - 81 E7 FF0F0000 - and edi,00000FFF { 4095 } game.exe+1A99C6 - 8B 1C CB - mov ebx,[ebx+ecx*8] game.exe+1A99C9 - 8B 4C 3B 08 - mov ecx,[ebx+edi+08] game.exe+1A99CD - 85 C9 - test ecx,ecx game.exe+1A99CF - 74 0C - je game.exe+1A99DD game.exe+1A99D1 - 8B 54 32 0C - mov edx,[edx+esi+0C] game.exe+1A99D5 - 8B DA - mov ebx,edx game.exe+1A99D7 - 8B D1 - mov edx,ecx game.exe+1A99D9 - 2B D3 - sub edx,ebx game.exe+1A99DB - EB 02 - jmp game.exe+1A99DF game.exe+1A99DD - 33 D2 - xor edx,edx game.exe+1A99DF - 8B 58 24 - mov ebx,[eax+24] game.exe+1A99E2 - B9 FF0F0000 - mov ecx,00000FFF { 4095 } game.exe+1A99E7 - 23 CA - and ecx,edx game.exe+1A99E9 - C1 EA 14 - shr edx,14 { 20 } game.exe+1A99EC - 8B 40 24 - mov eax,[eax+24] game.exe+1A99EF - 8B 1C D3 - mov ebx,[ebx+edx*8] game.exe+1A99F2 - 8D 7D 98 - lea edi,[ebp-68] game.exe+1A99F5 - 8B 5C 0B 0C - mov ebx,[ebx+ecx+0C] game.exe+1A99F9 - 33 C9 - xor ecx,ecx game.exe+1A99FB - BA FF0F0000 - mov edx,00000FFF { 4095 } game.exe+1A9A00 - 23 D3 - and edx,ebx game.exe+1A9A02 - C1 EB 14 - shr ebx,14 { 20 } game.exe+1A9A05 - 8B 04 D8 - mov eax,[eax+ebx*8] game.exe+1A9A08 - 0FB7 74 10 10 - movzx esi,word ptr [eax+edx+10] game.exe+1A9A0D - 33 C0 - xor eax,eax game.exe+1A9A0F - 25 FFFF0000 - and eax,0000FFFF { 65535 } game.exe+1A9A14 - 8A E0 - mov ah,al game.exe+1A9A16 - 8B D0 - mov edx,eax game.exe+1A9A18 - C1 E0 10 - shl eax,10 { 16 } game.exe+1A9A1B - 0B C2 - or eax,edx game.exe+1A9A1D - F3 AB - repe stosd game.exe+1A9A1F - AA - stosb game.exe+1A9A20 - 8B 45 DC - mov eax,[ebp-24] game.exe+1A9A23 - 66 89 75 AC - mov [ebp-54],si game.exe+1A9A27 - 8B 90 98010000 - mov edx,[eax+00000198] game.exe+1A9A2D - 83 C4 F4 - add esp,-0C { 244 } game.exe+1A9A30 - 8B 88 E0030000 - mov ecx,[eax+000003E0] game.exe+1A9A36 - 8D 45 9C - lea eax,[ebp-64] game.exe+1A9A39 - 89 14 24 - mov [esp],edx game.exe+1A9A3C - 89 44 24 04 - mov [esp+04],eax game.exe+1A9A40 - 8D 45 98 - lea eax,[ebp-68] game.exe+1A9A43 - 89 44 24 08 - mov [esp+08],eax game.exe+1A9A47 - E8 04CEE8FF - call game.exe+36850 game.exe+1A9A4C - 83 C4 F8 - add esp,-08 { 248 } game.exe+1A9A4F - 8B 4D DC - mov ecx,[ebp-24] game.exe+1A9A52 - 89 04 24 - mov [esp],eax game.exe+1A9A55 - C7 44 24 04 EA030000 - mov [esp+04],000003EA { 1002 } game.exe+1A9A5D - E8 5EF40600 - call game.exe+218EC0 game.exe+1A9A62 - 0FBE C0 - movsx eax,al game.exe+1A9A65 - 85 C0 - test eax,eax game.exe+1A9A67 - 75 0A - jne game.exe+1A9A73 game.exe+1A9A69 - B8 00010000 - mov eax,00000100 { 256 } game.exe+1A9A6E - E9 9B010000 - jmp game.exe+1A9C0E game.exe+1A9A73 - 8B 4D DC - mov ecx,[ebp-24] game.exe+1A9A76 - 8B 5D 08 - mov ebx,[ebp+08] game.exe+1A9A79 - 8B 81 E0030000 - mov eax,[ecx+000003E0] game.exe+1A9A7F - 8B 91 74010000 - mov edx,[ecx+00000174] game.exe+1A9A85 - 85 DB - test ebx,ebx game.exe+1A9A87 - 75 04 - jne game.exe+1A9A8D game.exe+1A9A89 - 33 D2 - xor edx,edx game.exe+1A9A8B - EB 3B - jmp game.exe+1A9AC8 game.exe+1A9A8D - 8B 78 24 - mov edi,[eax+24] game.exe+1A9A90 - 8B CA - mov ecx,edx game.exe+1A9A92 - C1 E1 04 - shl ecx,04 { 4 } game.exe+1A9A95 - C1 E2 05 - shl edx,05 { 5 } game.exe+1A9A98 - 8B F1 - mov esi,ecx game.exe+1A9A9A - 03 F2 - add esi,edx game.exe+1A9A9C - 8B 50 0C - mov edx,[eax+0C] game.exe+1A9A9F - 8B 4C 32 10 - mov ecx,[edx+esi+10] game.exe+1A9AA3 - 03 D9 - add ebx,ecx game.exe+1A9AA5 - B9 FF0F0000 - mov ecx,00000FFF { 4095 } game.exe+1A9AAA - 23 CB - and ecx,ebx game.exe+1A9AAC - C1 EB 14 - shr ebx,14 { 20 } game.exe+1A9AAF - 8B 3C DF - mov edi,[edi+ebx*8] game.exe+1A9AB2 - 8B 4C 0F 08 - mov ecx,[edi+ecx+08] game.exe+1A9AB6 - 85 C9 - test ecx,ecx game.exe+1A9AB8 - 74 0C - je game.exe+1A9AC6 game.exe+1A9ABA - 8B 54 32 0C - mov edx,[edx+esi+0C] game.exe+1A9ABE - 8B DA - mov ebx,edx game.exe+1A9AC0 - 8B D1 - mov edx,ecx game.exe+1A9AC2 - 2B D3 - sub edx,ebx game.exe+1A9AC4 - EB 02 - jmp game.exe+1A9AC8 game.exe+1A9AC6 - 33 D2 - xor edx,edx game.exe+1A9AC8 - 8B 5D DC - mov ebx,[ebp-24] game.exe+1A9ACB - 85 D2 - test edx,edx game.exe+1A9ACD - 8B 8B 90010000 - mov ecx,[ebx+00000190] game.exe+1A9AD3 - 75 04 - jne game.exe+1A9AD9 game.exe+1A9AD5 - 33 D2 - xor edx,edx game.exe+1A9AD7 - EB 3C - jmp game.exe+1A9B15 game.exe+1A9AD9 - 8B 58 24 - mov ebx,[eax+24] game.exe+1A9ADC - 8B F9 - mov edi,ecx game.exe+1A9ADE - C1 E7 04 - shl edi,04 { 4 } game.exe+1A9AE1 - C1 E1 05 - shl ecx,05 { 5 } game.exe+1A9AE4 - 8B F7 - mov esi,edi game.exe+1A9AE6 - 03 F1 - add esi,ecx game.exe+1A9AE8 - 8B FA - mov edi,edx game.exe+1A9AEA - 8B 50 0C - mov edx,[eax+0C] game.exe+1A9AED - 03 7C 32 10 - add edi,[edx+esi+10] game.exe+1A9AF1 - 8B CF - mov ecx,edi game.exe+1A9AF3 - C1 E9 14 - shr ecx,14 { 20 } game.exe+1A9AF6 - 81 E7 FF0F0000 - and edi,00000FFF { 4095 } game.exe+1A9AFC - 8B 1C CB - mov ebx,[ebx+ecx*8] game.exe+1A9AFF - 8B 4C 3B 08 - mov ecx,[ebx+edi+08] game.exe+1A9B03 - 85 C9 - test ecx,ecx game.exe+1A9B05 - 74 0C - je game.exe+1A9B13 game.exe+1A9B07 - 8B 54 32 0C - mov edx,[edx+esi+0C] game.exe+1A9B0B - 8B DA - mov ebx,edx game.exe+1A9B0D - 8B D1 - mov edx,ecx game.exe+1A9B0F - 2B D3 - sub edx,ebx game.exe+1A9B11 - EB 02 - jmp game.exe+1A9B15 game.exe+1A9B13 - 33 D2 - xor edx,edx game.exe+1A9B15 - 8B 58 24 - mov ebx,[eax+24] game.exe+1A9B18 - B9 FF0F0000 - mov ecx,00000FFF { 4095 } game.exe+1A9B1D - 23 CA - and ecx,edx game.exe+1A9B1F - C1 EA 14 - shr edx,14 { 20 } game.exe+1A9B22 - 8B 40 24 - mov eax,[eax+24] game.exe+1A9B25 - 8B 1C D3 - mov ebx,[ebx+edx*8] game.exe+1A9B28 - 8D 7D B0 - lea edi,[ebp-50] game.exe+1A9B2B - 8B 5C 0B 0C - mov ebx,[ebx+ecx+0C] game.exe+1A9B2F - 33 C9 - xor ecx,ecx game.exe+1A9B31 - BA FF0F0000 - mov edx,00000FFF { 4095 } game.exe+1A9B36 - 23 D3 - and edx,ebx game.exe+1A9B38 - C1 EB 14 - shr ebx,14 { 20 } game.exe+1A9B3B - 8B 04 D8 - mov eax,[eax+ebx*8] game.exe+1A9B3E - 0FB7 74 10 10 - movzx esi,word ptr [eax+edx+10] game.exe+1A9B43 - 33 C0 - xor eax,eax game.exe+1A9B45 - 25 FFFF0000 - and eax,0000FFFF { 65535 } game.exe+1A9B4A - 8A E0 - mov ah,al game.exe+1A9B4C - 8B D0 - mov edx,eax game.exe+1A9B4E - C1 E0 10 - shl eax,10 { 16 } game.exe+1A9B51 - 0B C2 - or eax,edx game.exe+1A9B53 - F3 AB - repe stosd game.exe+1A9B55 - AA - stosb game.exe+1A9B56 - 8B 45 DC - mov eax,[ebp-24] game.exe+1A9B59 - 66 89 75 C4 - mov [ebp-3C],si game.exe+1A9B5D - 8B 90 98010000 - mov edx,[eax+00000198] game.exe+1A9B63 - 83 C4 F4 - add esp,-0C { 244 } game.exe+1A9B66 - 8B 88 E0030000 - mov ecx,[eax+000003E0] game.exe+1A9B6C - 8D 45 B4 - lea eax,[ebp-4C] game.exe+1A9B6F - 89 14 24 - mov [esp],edx game.exe+1A9B72 - 89 44 24 04 - mov [esp+04],eax game.exe+1A9B76 - 8D 45 B0 - lea eax,[ebp-50] game.exe+1A9B79 - 89 44 24 08 - mov [esp+08],eax game.exe+1A9B7D - E8 CECCE8FF - call game.exe+36850 game.exe+1A9B82 - 83 C4 F8 - add esp,-08 { 248 } game.exe+1A9B85 - 8B 4D DC - mov ecx,[ebp-24] game.exe+1A9B88 - 89 04 24 - mov [esp],eax game.exe+1A9B8B - C7 44 24 04 52000000 - mov [esp+04],00000052 { 82 } game.exe+1A9B93 - E8 28F30600 - call game.exe+218EC0 game.exe+1A9B98 - 0FBE C0 - movsx eax,al game.exe+1A9B9B - 85 C0 - test eax,eax game.exe+1A9B9D - 74 6A - je game.exe+1A9C09 game.exe+1A9B9F - 8B 4D DC - mov ecx,[ebp-24] game.exe+1A9BA2 - 8B 5D 08 - mov ebx,[ebp+08] game.exe+1A9BA5 - 8B 81 E0030000 - mov eax,[ecx+000003E0] game.exe+1A9BAB - 8B 91 04010000 - mov edx,[ecx+00000104] game.exe+1A9BB1 - 85 DB - test ebx,ebx game.exe+1A9BB3 - 75 04 - jne game.exe+1A9BB9 game.exe+1A9BB5 - 33 C0 - xor eax,eax game.exe+1A9BB7 - EB 3B - jmp game.exe+1A9BF4 game.exe+1A9BB9 - 8B 70 24 - mov esi,[eax+24] game.exe+1A9BBC - 8B 40 0C - mov eax,[eax+0C] game.exe+1A9BBF - 8B FA - mov edi,edx game.exe+1A9BC1 - C1 E7 04 - shl edi,04 { 4 } game.exe+1A9BC4 - C1 E2 05 - shl edx,05 { 5 } game.exe+1A9BC7 - 8B CF - mov ecx,edi game.exe+1A9BC9 - 03 CA - add ecx,edx game.exe+1A9BCB - 8B 7C 08 10 - mov edi,[eax+ecx+10] game.exe+1A9BCF - 03 DF - add ebx,edi game.exe+1A9BD1 - BF FF0F0000 - mov edi,00000FFF { 4095 } game.exe+1A9BD6 - 23 FB - and edi,ebx game.exe+1A9BD8 - C1 EB 14 - shr ebx,14 { 20 } game.exe+1A9BDB - 8B 34 DE - mov esi,[esi+ebx*8] game.exe+1A9BDE - 8B 54 3E 08 - mov edx,[esi+edi+08] game.exe+1A9BE2 - 85 D2 - test edx,edx game.exe+1A9BE4 - 74 0C - je game.exe+1A9BF2 game.exe+1A9BE6 - 8B 44 08 0C - mov eax,[eax+ecx+0C] game.exe+1A9BEA - 8B D8 - mov ebx,eax game.exe+1A9BEC - 8B C2 - mov eax,edx game.exe+1A9BEE - 2B C3 - sub eax,ebx game.exe+1A9BF0 - EB 02 - jmp game.exe+1A9BF4 game.exe+1A9BF2 - 33 C0 - xor eax,eax game.exe+1A9BF4 - 8B 4D DC - mov ecx,[ebp-24] game.exe+1A9BF7 - 8B 55 CC - mov edx,[ebp-34] game.exe+1A9BFA - 83 C4 F8 - add esp,-08 { 248 } game.exe+1A9BFD - 89 04 24 - mov [esp],eax game.exe+1A9C00 - 89 54 24 04 - mov [esp+04],edx game.exe+1A9C04 - E8 97870200 - call game.exe+1D23A0 game.exe+1A9C09 - B8 80000000 - mov eax,00000080 { 128 } game.exe+1A9C0E - 8B 55 08 - mov edx,[ebp+08] game.exe+1A9C11 - 85 D2 - test edx,edx game.exe+1A9C13 - 75 07 - jne game.exe+1A9C1C game.exe+1A9C15 - BA 2005D300 - mov edx,game.exe+930520 { [00000000] } game.exe+1A9C1A - EB 33 - jmp game.exe+1A9C4F game.exe+1A9C1C - 8B 4D DC - mov ecx,[ebp-24] game.exe+1A9C1F - 8B DA - mov ebx,edx game.exe+1A9C21 - 8B 89 E0030000 - mov ecx,[ecx+000003E0] game.exe+1A9C27 - BE FF0F0000 - mov esi,00000FFF { 4095 } game.exe+1A9C2C - 23 F3 - and esi,ebx game.exe+1A9C2E - 8B 79 24 - mov edi,[ecx+24] game.exe+1A9C31 - C1 EB 14 - shr ebx,14 { 20 } game.exe+1A9C34 - 8B 49 24 - mov ecx,[ecx+24] game.exe+1A9C37 - 8B 3C DF - mov edi,[edi+ebx*8] game.exe+1A9C3A - 8B 7C 37 0C - mov edi,[edi+esi+0C] game.exe+1A9C3E - BB FF0F0000 - mov ebx,00000FFF { 4095 } game.exe+1A9C43 - 23 DF - and ebx,edi game.exe+1A9C45 - C1 EF 14 - shr edi,14 { 20 } game.exe+1A9C48 - 8B 0C F9 - mov ecx,[ecx+edi*8] game.exe+1A9C4B - 8D 54 0B 18 - lea edx,[ebx+ecx+18] game.exe+1A9C4F - 8B 12 - mov edx,[edx] game.exe+1A9C51 - 89 55 C8 - mov [ebp-38],edx game.exe+1A9C54 - 83 C4 F8 - add esp,-08 { 248 } game.exe+1A9C57 - 8B 0D F44FCC00 - mov ecx,[game.exe+8C4FF4] { [1FB5B1C8] } game.exe+1A9C5D - 89 04 24 - mov [esp],eax game.exe+1A9C60 - BF 04000000 - mov edi,00000004 { 4 } game.exe+1A9C65 - 03 FC - add edi,esp game.exe+1A9C67 - 8D 75 C8 - lea esi,[ebp-38] game.exe+1A9C6A - 8B 36 - mov esi,[esi] game.exe+1A9C6C - 89 37 - mov [edi],esi game.exe+1A9C6E - E8 0D2C4F00 - call game.exe+69C880 game.exe+1A9C73 - C7 45 FC FFFFFFFF - mov [ebp-04],FFFFFFFF { -1 } game.exe+1A9C7A - 8B 45 D8 - mov eax,[ebp-28] game.exe+1A9C7D - 8B 4D F4 - mov ecx,[ebp-0C] game.exe+1A9C80 - 64 89 0D 00000000 - mov fs:[00000000],ecx { 0 } game.exe+1A9C87 - 8B 1C 24 - mov ebx,[esp] game.exe+1A9C8A - 8B 74 24 04 - mov esi,[esp+04] game.exe+1A9C8E - 8B 7C 24 08 - mov edi,[esp+08] game.exe+1A9C92 - 8B E5 - mov esp,ebp game.exe+1A9C94 - 5D - pop ebp game.exe+1A9C95 - C2 0C00 - ret 000C { 12 }
-
Попробуй так:
Скрытый текст{ Game : tld.exe Version: Date : 2017-08-04 Author : ????????????? This script does blah blah blah } [ENABLE] aobscan(Torch,D9 9F 80 00 00 00 BA) // should be unique alloc(newmem,$1000) label(code) label(return) registersymbol(Torch) newmem: mov [edi+00000080], (float)0 code: fstp dword ptr [edi+00000080] jmp return Torch: jmp newmem db 90 return: [DISABLE] Torch: db D9 9F 80 00 00 00 unregistersymbol(Torch) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: 1B09043E ""+1B09041F: 83 EC 04 - sub esp,04 ""+1B090422: D9 1C 24 - fstp dword ptr [esp] ""+1B090425: 50 - push eax ""+1B090426: 39 00 - cmp [eax],eax ""+1B090428: E8 03 50 4E F0 - call 0B575430 ""+1B09042D: 83 C4 10 - add esp,10 ""+1B090430: D9 5D F4 - fstp dword ptr [ebp-0C] ""+1B090433: D9 87 80 00 00 00 - fld dword ptr [edi+00000080] ""+1B090439: D9 45 F4 - fld dword ptr [ebp-0C] ""+1B09043C: DE C1 - faddp // ---------- INJECTING HERE ---------- ""+1B09043E: D9 9F 80 00 00 00 - fstp dword ptr [edi+00000080] // ---------- DONE INJECTING ---------- ""+1B090444: BA 20 4F 58 34 - mov edx,34584F20 ""+1B090449: 83 EC 0C - sub esp,0C ""+1B09044C: 57 - push edi ""+1B09044D: E8 F6 7C 3A EA - call 05438148 ""+1B090452: 83 C4 10 - add esp,10 ""+1B090455: 8B F0 - mov esi,eax ""+1B090457: D9 86 64 01 00 00 - fld dword ptr [esi+00000164] ""+1B09045D: DD 5D D8 - fstp qword ptr [ebp-28] ""+1B090460: D9 E8 - fld1 ""+1B090462: DD 5D D0 - fstp qword ptr [ebp-30]
-
Добавлю:
Бесконечное масло в лампе (нужно зажечь лампу):
Скрытый текст{ Game : tld.exe Version: Date : 2017-08-03 Author : ALEXSP This script does blah blah blah } [ENABLE] aobscan(Fonar,D9 40 50 DE C9 D9 40) // should be unique alloc(newmem,$1000) label(code) label(return) registersymbol(Fonar) newmem: mov [eax+50], (float)1 code: fld dword ptr [eax+50] fmulp st(1),st(0) jmp return Fonar: jmp newmem return: [DISABLE] Fonar: db D9 40 50 DE C9 unregistersymbol(Fonar) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: 0836692C ""+8366914: 5F - pop edi ""+8366915: C9 - leave ""+8366916: C3 - ret ""+8366917: 00 55 8B - add [ebp-75],dl ""+836691A: EC - in al,dx ""+836691B: 83 EC 08 - sub esp,08 ""+836691E: D9 EE - fldz ""+8366920: D9 5D FC - fstp dword ptr [ebp-04] ""+8366923: D9 05 D8 AA 93 39 - fld dword ptr [3993AAD8] ""+8366929: 8B 45 08 - mov eax,[ebp+08] // ---------- INJECTING HERE ---------- ""+836692C: D9 40 50 - fld dword ptr [eax+50] ""+836692F: DE C9 - fmulp st(1),st(0) // ---------- DONE INJECTING ---------- ""+8366931: D9 40 38 - fld dword ptr [eax+38] ""+8366934: DE F9 - fdivp st(1),st(0) ""+8366936: D9 5D FC - fstp dword ptr [ebp-04] ""+8366939: D9 45 FC - fld dword ptr [ebp-04] ""+836693C: D9 EE - fldz ""+836693E: D9 05 E8 AA 93 39 - fld dword ptr [3993AAE8] ""+8366944: 83 EC 04 - sub esp,04 ""+8366947: 83 EC 04 - sub esp,04 ""+836694A: D9 1C 24 - fstp dword ptr [esp] ""+836694D: 83 EC 04 - sub esp,04 }
Один бесконечный Патрон в магазине (пока не нашел как убрать анимацию после выстрела):
Скрытый текст{ Game : tld.exe Version: Date : 2017-08-03 Author : ALEXSP This script does blah blah blah } [ENABLE] aobscan(NoReloadAmmo,8B 40 28 85 C0 75 2C) // should be unique alloc(newmem,$1000) label(code) label(return) registersymbol(NoReloadAmmo) newmem: mov [eax+28],#1 code: mov eax,[eax+28] test eax,eax jmp return NoReloadAmmo: jmp newmem return: [DISABLE] NoReloadAmmo: db 8B 40 28 85 C0 unregistersymbol(NoReloadAmmo) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: 431EB4BF ""+431EB49F: 8B 46 7C - mov eax,[esi+7C] ""+431EB4A2: 8B 40 2C - mov eax,[eax+2C] ""+431EB4A5: 85 C0 - test eax,eax ""+431EB4A7: 75 13 - jne 431EB4BC ""+431EB4A9: 83 EC 0C - sub esp,0C ""+431EB4AC: FF 75 08 - push [ebp+08] ""+431EB4AF: E8 D4 81 19 F0 - call 33383688 ""+431EB4B4: 83 C4 10 - add esp,10 ""+431EB4B7: E9 31 06 00 00 - jmp 431EBAED ""+431EB4BC: 8B 46 7C - mov eax,[esi+7C] // ---------- INJECTING HERE ---------- ""+431EB4BF: 8B 40 28 - mov eax,[eax+28] ""+431EB4C2: 85 C0 - test eax,eax // ---------- DONE INJECTING ---------- ""+431EB4C4: 75 2C - jne 431EB4F2 ""+431EB4C6: 8B 45 08 - mov eax,[ebp+08] ""+431EB4C9: 0F B6 40 5D - movzx eax,byte ptr [eax+5D] ""+431EB4CD: 85 C0 - test eax,eax ""+431EB4CF: 75 28 - jne 431EB4F9 ""+431EB4D1: B8 5C EE B1 04 - mov eax,04B1EE5C ""+431EB4D6: D9 00 - fld dword ptr [eax] ""+431EB4D8: 83 EC 0C - sub esp,0C ""+431EB4DB: 83 EC 04 - sub esp,04 ""+431EB4DE: D9 1C 24 - fstp dword ptr [esp] }
-
Всем Доброго времени суток. Давненько тут не появлялся.
Вышла долгожданная компания Survival игры The Long Dark.
Ломал чисто из идеалогически - хобби соображениях.
Как и всегда буду благодарен в корректировках написания и прочего в скриптах.
Жажда:
Скрытый текст{ Game : tld.exe Version: Date : 2017-08-02 Author : ALEXSP This script does blah blah blah } [ENABLE] aobscan(Thrist,D9 40 20 D9 40 3C) // should be unique alloc(newmem,$1000) label(code) label(return) registersymbol(Thrist) newmem: mov [eax+20], (float)1 //1 Для того, что бы персонаж мог пить. По сути бар жажды выглядит на все 100 code: fld dword ptr [eax+20] fld dword ptr [eax+3C] jmp return Thrist: jmp newmem db 90 return: [DISABLE] Thrist: db D9 40 20 D9 40 3C unregistersymbol(Thrist) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: 2F0D5CA1 ""+2F0D5C8B: 76 07 - jna 2F0D5C94 ""+2F0D5C8D: B8 01 00 00 00 - mov eax,00000001 ""+2F0D5C92: EB 02 - jmp 2F0D5C96 ""+2F0D5C94: 33 C0 - xor eax,eax ""+2F0D5C96: C9 - leave ""+2F0D5C97: C3 - ret ""+2F0D5C98: 55 - push ebp ""+2F0D5C99: 8B EC - mov ebp,esp ""+2F0D5C9B: 83 EC 08 - sub esp,08 ""+2F0D5C9E: 8B 45 08 - mov eax,[ebp+08] // ---------- INJECTING HERE ---------- ""+2F0D5CA1: D9 40 20 - fld dword ptr [eax+20] ""+2F0D5CA4: D9 40 3C - fld dword ptr [eax+3C] // ---------- DONE INJECTING ---------- ""+2F0D5CA7: DF F1 - fcomip st(0),st(1) ""+2F0D5CA9: DD D8 - fstp st(0) ""+2F0D5CAB: 7A 09 - jp 2F0D5CB6 ""+2F0D5CAD: 73 07 - jae 2F0D5CB6 ""+2F0D5CAF: B8 01 00 00 00 - mov eax,00000001 ""+2F0D5CB4: EB 02 - jmp 2F0D5CB8 ""+2F0D5CB6: 33 C0 - xor eax,eax ""+2F0D5CB8: C9 - leave ""+2F0D5CB9: C3 - ret ""+2F0D5CBA: 00 00 - add [eax],al }
Калории - Она же еда:
Скрытый текст{ Game : tld.exe Version: Date : 2017-08-02 Author : ALEXSP This script does blah blah blah } [ENABLE] aobscan(Callories,D9 40 20 D9 40 38) // should be unique alloc(newmem,$1000) label(code) label(return) registersymbol(Callories) newmem: mov [eax+20], (float)4000 code: fld dword ptr [eax+20] fld dword ptr [eax+38] jmp return Callories: jmp newmem db 90 return: [DISABLE] Callories: db D9 40 20 D9 40 38 unregistersymbol(Callories) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: 31C654E9 ""+31C654D2: B8 01 00 00 00 - mov eax,00000001 ""+31C654D7: 85 D2 - test edx,edx ""+31C654D9: 0F 44 C1 - cmove eax,ecx ""+31C654DC: C9 - leave ""+31C654DD: C3 - ret ""+31C654DE: 00 00 - add [eax],al ""+31C654E0: 55 - push ebp ""+31C654E1: 8B EC - mov ebp,esp ""+31C654E3: 83 EC 08 - sub esp,08 ""+31C654E6: 8B 45 08 - mov eax,[ebp+08] // ---------- INJECTING HERE ---------- ""+31C654E9: D9 40 20 - fld dword ptr [eax+20] ""+31C654EC: D9 40 38 - fld dword ptr [eax+38] // ---------- DONE INJECTING ---------- ""+31C654EF: DF F1 - fcomip st(0),st(1) ""+31C654F1: DD D8 - fstp st(0) ""+31C654F3: 76 07 - jna 31C654FC ""+31C654F5: B8 01 00 00 00 - mov eax,00000001 ""+31C654FA: EB 02 - jmp 31C654FE ""+31C654FC: 33 C0 - xor eax,eax ""+31C654FE: C9 - leave ""+31C654FF: C3 - ret ""+31C65500: 55 - push ebp ""+31C65501: 8B EC - mov ebp,esp }
Усталость:
Скрытый текст{ Game : tld.exe Version: Date : 2017-08-02 Author : ALEXSP This script does blah blah blah } [ENABLE] aobscan(Fatigue,D9 80 8C 00 00 00 D9 80) // should be unique alloc(newmem,$1000) label(code) label(return) registersymbol(Fatigue) newmem: mov [eax+0000008C], (float)0 code: fld dword ptr [eax+0000008C] jmp return Fatigue: jmp newmem db 90 return: [DISABLE] Fatigue: db D9 80 8C 00 00 00 unregistersymbol(Fatigue) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: 2F0D5CC9 ""+2F0D5CB6: 33 C0 - xor eax,eax ""+2F0D5CB8: C9 - leave ""+2F0D5CB9: C3 - ret ""+2F0D5CBA: 00 00 - add [eax],al ""+2F0D5CBC: 00 00 - add [eax],al ""+2F0D5CBE: 00 00 - add [eax],al ""+2F0D5CC0: 55 - push ebp ""+2F0D5CC1: 8B EC - mov ebp,esp ""+2F0D5CC3: 83 EC 08 - sub esp,08 ""+2F0D5CC6: 8B 45 08 - mov eax,[ebp+08] // ---------- INJECTING HERE ---------- ""+2F0D5CC9: D9 80 8C 00 00 00 - fld dword ptr [eax+0000008C] // ---------- DONE INJECTING ---------- ""+2F0D5CCF: D9 80 C0 00 00 00 - fld dword ptr [eax+000000C0] ""+2F0D5CD5: DF F1 - fcomip st(0),st(1) ""+2F0D5CD7: DD D8 - fstp st(0) ""+2F0D5CD9: 7A 09 - jp 2F0D5CE4 ""+2F0D5CDB: 73 07 - jae 2F0D5CE4 ""+2F0D5CDD: B8 01 00 00 00 - mov eax,00000001 ""+2F0D5CE2: EB 02 - jmp 2F0D5CE6 ""+2F0D5CE4: 33 C0 - xor eax,eax ""+2F0D5CE6: C9 - leave ""+2F0D5CE7: C3 - ret }
Холод:
Скрытый текст{ Game : tld.exe Version: Date : 2017-08-02 Author : ALEXSP This script does blah blah blah } [ENABLE] aobscan(Freeze,D9 40 24 D9 40 48) // should be unique alloc(newmem,$1000) label(code) label(return) registersymbol(Freeze) newmem: mov [eax+24], (float)0 code: fld dword ptr [eax+24] fld dword ptr [eax+48] jmp return Freeze: jmp newmem db 90 return: [DISABLE] Freeze: db D9 40 24 D9 40 48 unregistersymbol(Freeze) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: 2F0D5CF1 ""+2F0D5CDB: 73 07 - jae 2F0D5CE4 ""+2F0D5CDD: B8 01 00 00 00 - mov eax,00000001 ""+2F0D5CE2: EB 02 - jmp 2F0D5CE6 ""+2F0D5CE4: 33 C0 - xor eax,eax ""+2F0D5CE6: C9 - leave ""+2F0D5CE7: C3 - ret ""+2F0D5CE8: 55 - push ebp ""+2F0D5CE9: 8B EC - mov ebp,esp ""+2F0D5CEB: 83 EC 08 - sub esp,08 ""+2F0D5CEE: 8B 45 08 - mov eax,[ebp+08] // ---------- INJECTING HERE ---------- ""+2F0D5CF1: D9 40 24 - fld dword ptr [eax+24] ""+2F0D5CF4: D9 40 48 - fld dword ptr [eax+48] // ---------- DONE INJECTING ---------- ""+2F0D5CF7: DF F1 - fcomip st(0),st(1) ""+2F0D5CF9: DD D8 - fstp st(0) ""+2F0D5CFB: 7A 09 - jp 2F0D5D06 ""+2F0D5CFD: 73 07 - jae 2F0D5D06 ""+2F0D5CFF: B8 01 00 00 00 - mov eax,00000001 ""+2F0D5D04: EB 02 - jmp 2F0D5D08 ""+2F0D5D06: 33 C0 - xor eax,eax ""+2F0D5D08: C9 - leave ""+2F0D5D09: C3 - ret ""+2F0D5D0A: 00 00 - add [eax],al }
Жизнь:
Скрытый текст{ Game : tld.exe Version: Date : 2017-08-02 Author : ALEXSP This script does blah blah blah } [ENABLE] aobscan(HP,D9 40 28 D9 5F 18) // should be unique alloc(newmem,$1000) label(code) label(return) registersymbol(HP) newmem: mov [eax+28], (float)100 mov [edi+18], (float)100 code: fld dword ptr [eax+28] fstp dword ptr [edi+18] jmp return HP: jmp newmem db 90 return: [DISABLE] HP: db D9 40 28 D9 5F 18 unregistersymbol(HP) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: 2F9BC7A1 ""+2F9BC780: 50 - push eax ""+2F9BC781: E8 B2 53 82 D6 - call 061E1B38 ""+2F9BC786: 83 C4 10 - add esp,10 ""+2F9BC789: 85 C0 - test eax,eax ""+2F9BC78B: 74 0E - je 2F9BC79B ""+2F9BC78D: 8B 47 10 - mov eax,[edi+10] ""+2F9BC790: D9 80 D4 05 00 00 - fld dword ptr [eax+000005D4] ""+2F9BC796: D9 5F 18 - fstp dword ptr [edi+18] ""+2F9BC799: EB 0C - jmp 2F9BC7A7 ""+2F9BC79B: 8B 05 F0 C9 9C 19 - mov eax,[199CC9F0] // ---------- INJECTING HERE ---------- ""+2F9BC7A1: D9 40 28 - fld dword ptr [eax+28] ""+2F9BC7A4: D9 5F 18 - fstp dword ptr [edi+18] // ---------- DONE INJECTING ---------- ""+2F9BC7A7: 8D 65 FC - lea esp,[ebp-04] ""+2F9BC7AA: 5F - pop edi ""+2F9BC7AB: C9 - leave ""+2F9BC7AC: C3 - ret ""+2F9BC7AD: 00 00 - add [eax],al ""+2F9BC7AF: 00 55 8B - add [ebp-75],dl ""+2F9BC7B2: EC - in al,dx ""+2F9BC7B3: 57 - push edi ""+2F9BC7B4: 56 - push esi ""+2F9BC7B5: 81 EC A0 02 00 00 - sub esp,000002A0 }
Бег:
Скрытый текст{ Game : tld.exe Version: Date : 2017-08-02 Author : ALEXSP This script does blah blah blah } [ENABLE] aobscan(Sprint,D9 40 6C D9 40 68) // should be unique alloc(newmem,$1000) label(code) label(return) registersymbol(Sprint) newmem: mov [eax+6C], (float)100 code: fld dword ptr [eax+6C] fld dword ptr [eax+68] jmp return Sprint: jmp newmem db 90 return: [DISABLE] Sprint: db D9 40 6C D9 40 68 unregistersymbol(Sprint) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: 2F0D7C76 ""+2F0D7C5F: 49 - dec ecx ""+2F0D7C60: 15 E9 C2 83 E9 - adc eax,E983C2E9 ""+2F0D7C65: D6 - db D6 ""+2F0D7C66: 00 00 - add [eax],al ""+2F0D7C68: 55 - push ebp ""+2F0D7C69: 8B EC - mov ebp,esp ""+2F0D7C6B: 83 EC 08 - sub esp,08 ""+2F0D7C6E: D9 EE - fldz ""+2F0D7C70: D9 5D FC - fstp dword ptr [ebp-04] ""+2F0D7C73: 8B 45 08 - mov eax,[ebp+08] // ---------- INJECTING HERE ---------- ""+2F0D7C76: D9 40 6C - fld dword ptr [eax+6C] ""+2F0D7C79: D9 40 68 - fld dword ptr [eax+68] // ---------- DONE INJECTING ---------- ""+2F0D7C7C: DE F9 - fdivp st(1),st(0) ""+2F0D7C7E: D9 5D FC - fstp dword ptr [ebp-04] ""+2F0D7C81: D9 45 FC - fld dword ptr [ebp-04] ""+2F0D7C84: D9 EE - fldz ""+2F0D7C86: D9 E8 - fld1 ""+2F0D7C88: 83 EC 04 - sub esp,04 ""+2F0D7C8B: 83 EC 04 - sub esp,04 ""+2F0D7C8E: D9 1C 24 - fstp dword ptr [esp] ""+2F0D7C91: 83 EC 04 - sub esp,04 ""+2F0D7C94: D9 1C 24 - fstp dword ptr [esp] }
Все предметы в инвентаре по 25:
Скрытый текст{ Game : tld.exe Version: Date : 2017-08-01 Author : ALEXSP This script does blah blah blah } [ENABLE] aobscan(Hworost,8B 40 1C 85 C0 75 17) // should be unique alloc(newmem,$1000) label(code) label(return) registersymbol(Hworost) newmem: mov [eax+1C],#25 code: mov eax,[eax+1C] test eax,eax jmp return Hworost: jmp newmem return: [DISABLE] Hworost: db 8B 40 1C 85 C0 unregistersymbol(Hworost) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: 31C71E14 ""+31C71DF4: 33 C0 - xor eax,eax ""+31C71DF6: 85 C0 - test eax,eax ""+31C71DF8: 8B 86 C4 00 00 00 - mov eax,[esi+000000C4] ""+31C71DFE: 83 EC 0C - sub esp,0C ""+31C71E01: 50 - push eax ""+31C71E02: E8 31 FD 2E D4 - call 05F61B38 ""+31C71E07: 83 C4 10 - add esp,10 ""+31C71E0A: 85 C0 - test eax,eax ""+31C71E0C: 74 24 - je 31C71E32 ""+31C71E0E: 8B 86 C4 00 00 00 - mov eax,[esi+000000C4] // ---------- INJECTING HERE ---------- ""+31C71E14: 8B 40 1C - mov eax,[eax+1C] ""+31C71E17: 85 C0 - test eax,eax // ---------- DONE INJECTING ---------- ""+31C71E19: 75 17 - jne 31C71E32 ""+31C71E1B: 8B 47 14 - mov eax,[edi+14] ""+31C71E1E: 83 EC 08 - sub esp,08 ""+31C71E21: 56 - push esi ""+31C71E22: 50 - push eax ""+31C71E23: 39 00 - cmp [eax],eax ""+31C71E25: E8 8E C0 F8 FF - call 31BFDEB8 ""+31C71E2A: 83 C4 10 - add esp,10 ""+31C71E2D: E9 4B 03 00 00 - jmp 31C7217D ""+31C71E32: 8B 46 30 - mov eax,[esi+30] }
Переносимый вес:
Скрытый текст{ Game : tld.exe Version: Date : 2017-08-01 Author : ALEXSP This script does blah blah blah } [ENABLE] aobscan(WES,D9 47 34 DD 5D F0) // should be unique alloc(newmem,$1000) label(code) label(return) registersymbol(WES) newmem: mov [edi+34], (float)0 code: fld dword ptr [edi+34] fstp qword ptr [ebp-10] jmp return WES: jmp newmem db 90 return: [DISABLE] WES: db D9 47 34 DD 5D F0 unregistersymbol(WES) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: 31C2D267 ""+31C2D250: 55 - push ebp ""+31C2D251: 8B EC - mov ebp,esp ""+31C2D253: 57 - push edi ""+31C2D254: 83 EC 14 - sub esp,14 ""+31C2D257: 8B 7D 08 - mov edi,[ebp+08] ""+31C2D25A: 0F B6 47 49 - movzx eax,byte ptr [edi+49] ""+31C2D25E: 85 C0 - test eax,eax ""+31C2D260: 74 05 - je 31C2D267 ""+31C2D262: D9 47 4C - fld dword ptr [edi+4C] ""+31C2D265: EB 19 - jmp 31C2D280 // ---------- INJECTING HERE ---------- ""+31C2D267: D9 47 34 - fld dword ptr [edi+34] ""+31C2D26A: DD 5D F0 - fstp qword ptr [ebp-10] // ---------- DONE INJECTING ---------- ""+31C2D26D: 83 EC 0C - sub esp,0C ""+31C2D270: 57 - push edi ""+31C2D271: E8 22 00 00 00 - call 31C2D298 ""+31C2D276: 83 C4 10 - add esp,10 ""+31C2D279: DD 45 F0 - fld qword ptr [ebp-10] ""+31C2D27C: D9 C9 - fxch st(1) ""+31C2D27E: DE C1 - faddp ""+31C2D280: 8D 65 FC - lea esp,[ebp-04] ""+31C2D283: 5F - pop edi ""+31C2D284: C9 - leave }
Максимальный вес: (Увеличен с 40 до 100)
Скрытый текст{ Game : tld.exe Version: Date : 2017-08-01 Author : ALEXSP This script does blah blah blah } [ENABLE] aobscan(WESS,D9 47 4C D9 47 2C DF) // should be unique alloc(newmem,$1000) label(code) label(return) registersymbol(WESS) newmem: mov [edi+4C], (float)0 mov [edi+18], (float)100 code: fld dword ptr [edi+4C] fld dword ptr [edi+2C] jmp return WESS: jmp newmem db 90 return: [DISABLE] WESS: db D9 47 4C D9 47 2C unregistersymbol(WESS) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: 3F2D192C ""+3F2D190A: 83 EC 04 - sub esp,04 ""+3F2D190D: 83 EC 04 - sub esp,04 ""+3F2D1910: D9 1C 24 - fstp dword ptr [esp] ""+3F2D1913: 83 EC 04 - sub esp,04 ""+3F2D1916: D9 1C 24 - fstp dword ptr [esp] ""+3F2D1919: 83 EC 04 - sub esp,04 ""+3F2D191C: D9 1C 24 - fstp dword ptr [esp] ""+3F2D191F: E8 F0 F3 CE C6 - call 05FC0D14 ""+3F2D1924: 83 C4 10 - add esp,10 ""+3F2D1927: E9 38 00 00 00 - jmp 3F2D1964 // ---------- INJECTING HERE ---------- ""+3F2D192C: D9 47 4C - fld dword ptr [edi+4C] ""+3F2D192F: D9 47 2C - fld dword ptr [edi+2C] // ---------- DONE INJECTING ---------- ""+3F2D1932: DF F1 - fcomip st(0),st(1) ""+3F2D1934: DD D8 - fstp st(0) ""+3F2D1936: 7A 06 - jp 3F2D193E ""+3F2D1938: 73 04 - jae 3F2D193E ""+3F2D193A: D9 EE - fldz ""+3F2D193C: EB 26 - jmp 3F2D1964 ""+3F2D193E: D9 47 4C - fld dword ptr [edi+4C] ""+3F2D1941: D9 45 F8 - fld dword ptr [ebp-08] ""+3F2D1944: DF F1 - fcomip st(0),st(1) ""+3F2D1946: DD D8 - fstp st(0) }
Прочность одежды, ножей и прочего:
Скрытый текст{ Game : tld.exe Version: Date : 2017-08-02 Author : ALEXSP This script does blah blah blah } [ENABLE] aobscan(NoDamage,D9 80 60 01 00 00 D9 80) // should be unique alloc(newmem,$1000) label(code) label(return) registersymbol(NoDamage) newmem: push edx mov edx,[eax+00000164] mov [eax+00000160],edx pop edx code: fld dword ptr [eax+00000160] jmp return NoDamage: jmp newmem db 90 return: [DISABLE] NoDamage: db D9 80 60 01 00 00 unregistersymbol(NoDamage) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: 2F9EACCE ""+2F9EACB5: E9 6E 53 22 D6 - jmp 05C10028 ""+2F9EACBA: 00 00 - add [eax],al ""+2F9EACBC: 00 00 - add [eax],al ""+2F9EACBE: 00 00 - add [eax],al ""+2F9EACC0: 55 - push ebp ""+2F9EACC1: 8B EC - mov ebp,esp ""+2F9EACC3: 83 EC 08 - sub esp,08 ""+2F9EACC6: D9 EE - fldz ""+2F9EACC8: D9 5D FC - fstp dword ptr [ebp-04] ""+2F9EACCB: 8B 45 08 - mov eax,[ebp+08] // ---------- INJECTING HERE ---------- ""+2F9EACCE: D9 80 60 01 00 00 - fld dword ptr [eax+00000160] // ---------- DONE INJECTING ---------- ""+2F9EACD4: D9 80 64 01 00 00 - fld dword ptr [eax+00000164] ""+2F9EACDA: DE F9 - fdivp st(1),st(0) ""+2F9EACDC: D9 5D FC - fstp dword ptr [ebp-04] ""+2F9EACDF: D9 45 FC - fld dword ptr [ebp-04] ""+2F9EACE2: D9 EE - fldz ""+2F9EACE4: D9 E8 - fld1 ""+2F9EACE6: 83 EC 04 - sub esp,04 ""+2F9EACE9: 83 EC 04 - sub esp,04 ""+2F9EACEC: D9 1C 24 - fstp dword ptr [esp] ""+2F9EACEF: 83 EC 04 - sub esp,04 }
Медицинские припасы не заканчиваются после использования:
Скрытый текст{ Game : tld.exe Version: Date : 2017-08-02 Author : ALEXSP This script does blah blah blah } [ENABLE] aobscan(NORELMED,8B 45 08 D9 40 10 D9 05) // should be unique alloc(newmem,$1000) label(code) label(return) registersymbol(NORELMED) newmem: mov [eax+10], (float)0.5 code: mov eax,[ebp+08] fld dword ptr [eax+10] jmp return NORELMED: jmp newmem db 90 return: [DISABLE] NORELMED: db 8B 45 08 D9 40 10 unregistersymbol(NORELMED) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: 259F2E81 ""+259F2E6E: C9 - leave ""+259F2E6F: C3 - ret ""+259F2E70: 55 - push ebp ""+259F2E71: 8B EC - mov ebp,esp ""+259F2E73: 56 - push esi ""+259F2E74: 83 EC 14 - sub esp,14 ""+259F2E77: D9 EE - fldz ""+259F2E79: D9 5D F8 - fstp dword ptr [ebp-08] ""+259F2E7C: D9 EE - fldz ""+259F2E7E: D9 5D F4 - fstp dword ptr [ebp-0C] // ---------- INJECTING HERE ---------- ""+259F2E81: 8B 45 08 - mov eax,[ebp+08] ""+259F2E84: D9 40 10 - fld dword ptr [eax+10] // ---------- DONE INJECTING ---------- ""+259F2E87: D9 05 D8 CC A5 3A - fld dword ptr [3AA5CCD8] ""+259F2E8D: DF F1 - fcomip st(0),st(1) ""+259F2E8F: DD D8 - fstp st(0) ""+259F2E91: 72 07 - jb 259F2E9A ""+259F2E93: D9 EE - fldz ""+259F2E95: E9 6D 00 00 00 - jmp 259F2F07 ""+259F2E9A: D9 E8 - fld1 ""+259F2E9C: D9 5D F8 - fstp dword ptr [ebp-08] ""+259F2E9F: 8B 45 08 - mov eax,[ebp+08] ""+259F2EA2: 8B 70 18 - mov esi,[eax+18] }
Может кому понадобится. На этом пока все, чего еще наищу - выложу. Повторюсь еще раз: Буду рад любым комментариям по корректировки написания (способа и грамотности) скрипта.
С Уважением Александр.
-
5
-
-
Привет Всем.
Времени было мало, но кое - что все же изменил.
Ссылка на таблицу: https://yadi.sk/d/NfpXJ9v13KgMUV
Заранее извиняюсь за то, что увы не знаю как загрузить таблицу на сайт. Тыкался - тыкался и ничего не нашел. Может так искал.
Основные/Дополнительные Параметры Группы:
Скрытый текст{ Game : Dead In Bermuda.exe Version: Date : 2017-06-27 Author : ALEXSP This script does blah blah blah } [ENABLE] aobscan(Psyho,D9 40 08 D9 5D F4 D9 45 F4 D9 5D F4 D9 45 F4 EB) // should be unique b0 aobscan(Disease,D9 40 08 D9 5D F4 D9 45 F4 D9 5D F4 D9 45 F4 E9 87) // should be unique b8 aobscan(Noattack,D9 40 08 D9 5D F4 D9 45 F4 D9 5D F4 D9 45 F4 E9 54) // should be unique b4 aobscan(Sleep,D9 40 08 D9 5D F4 D9 45 F4 D9 5D F4 D9 45 F4 E9 BA) // should be unique ac aobscan(Hungry,D9 40 08 D9 5D F4 D9 45 F4 D9 5D F4 D9 45 F4 E9 ED) // should be unique a8 alloc(newmem,$2048) label(newmem1) label(newmem2) label(newmem3) label(newmem4) label(code1) label(code2) label(code3) label(code4) label(return) label(return1) label(return2) label(return3) label(return4) registersymbol(Psyho) registersymbol(Sleep) registersymbol(Noattack) registersymbol(Hungry) registersymbol(Disease) newmem: mov [eax+08], (float)0 code: fld dword ptr [eax+08] fstp dword ptr [ebp-0C] jmp return newmem1: mov [eax+08], (float)0 code1: fld dword ptr [eax+08] fstp dword ptr [ebp-0C] jmp return1 newmem2: mov [eax+08], (float)0 code2: fld dword ptr [eax+08] fstp dword ptr [ebp-0C] jmp return2 newmem3: mov [eax+08], (float)0 code3: fld dword ptr [eax+08] fstp dword ptr [ebp-0C] jmp return3 newmem4: mov [eax+08], (float)0 code4: fld dword ptr [eax+08] fstp dword ptr [ebp-0C] jmp return4 Psyho: jmp newmem db 90 return: Sleep: jmp newmem1 db 90 return1: Noattack: jmp newmem2 db 90 return2: Hungry: jmp newmem3 db 90 return3: Disease: jmp newmem4 db 90 return4: [DISABLE] Psyho: db D9 40 08 D9 5D F4 Sleep: db D9 40 08 D9 5D F4 Noattack: db D9 40 08 D9 5D F4 Hungry: db D9 40 08 D9 5D F4 Disease: db D9 40 08 D9 5D F4 unregistersymbol(Psyho) unregistersymbol(Sleep) unregistersymbol(Noattack) unregistersymbol(Hungry) unregistersymbol(Disease) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: 1403D049 ""+1403D02A: 83 EC 08 - sub esp,08 ""+1403D02D: 68 60 0E D0 0E - push 0ED00E60 ""+1403D032: 57 - push edi ""+1403D033: E8 28 4F 68 F1 - call 056C1F60 ""+1403D038: 83 C4 10 - add esp,10 ""+1403D03B: 85 C0 - test eax,eax ""+1403D03D: 74 1B - je 1403D05A ""+1403D03F: 8B 86 B8 00 00 00 - mov eax,[esi+000000B8] ""+1403D045: 8B C8 - mov ecx,eax ""+1403D047: 39 09 - cmp [ecx],ecx // ---------- INJECTING HERE ---------- ""+1403D049: D9 40 08 - fld dword ptr [eax+08] ""+1403D04C: D9 5D F4 - fstp dword ptr [ebp-0C] // ---------- DONE INJECTING ---------- ""+1403D04F: D9 45 F4 - fld dword ptr [ebp-0C] ""+1403D052: D9 5D F4 - fstp dword ptr [ebp-0C] ""+1403D055: D9 45 F4 - fld dword ptr [ebp-0C] ""+1403D058: EB 24 - jmp 1403D07E ""+1403D05A: 83 EC 08 - sub esp,08 ""+1403D05D: 57 - push edi ""+1403D05E: 68 10 23 2A 17 - push 172A2310 ""+1403D063: E8 10 49 68 F1 - call 056C1978 ""+1403D068: 83 C4 10 - add esp,10 ""+1403D06B: 83 EC 08 - sub esp,08 }
Тут с этим скриптом мне в ЛС помог LIRW, Предложенный им скрипт оказался работоспособным. Но по его желанию я не стану его выкладывать в общий доступ. При желании - скину в ЛС участникам форума. Решение было представлено довольно таки интересное.
Я же выложил свои 5 скриптов объединенные в 1 - более громоздки, но причину я описал выше.
Добавить 1 талант (Таргет мышкой над персонажем):
Скрытый текст{ Game : Dead In Bermuda.exe Version: Date : 2017-06-27 Author : ALEXSP This script does blah blah blah } [ENABLE] aobscan(points,8B 87 10 01 00 00 8B D9) // should be unique alloc(newmem,$1000) label(code) label(return) label(flag) registersymbol(points) registersymbol(flag) newmem: cmp [flag],1 jne code mov [flag],0 add [edi+00000110],#1 flag: Dd 0 code: mov eax,[edi+00000110] jmp return points: jmp newmem db 90 return: [DISABLE] points: db 8B 87 10 01 00 00 unregistersymbol(points) unregistersymbol(flag) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: 1706B24F ""+1706B232: 85 C0 - test eax,eax ""+1706B234: 0F 84 6F 00 00 00 - je 1706B2A9 ""+1706B23A: 8B 46 44 - mov eax,[esi+44] ""+1706B23D: 83 EC 0C - sub esp,0C ""+1706B240: 50 - push eax ""+1706B241: 39 00 - cmp [eax],eax ""+1706B243: E8 78 99 39 EE - call 05404BC0 ""+1706B248: 83 C4 10 - add esp,10 ""+1706B24B: 8B C8 - mov ecx,eax ""+1706B24D: 39 3F - cmp [edi],edi // ---------- INJECTING HERE ---------- ""+1706B24F: 8B 87 10 01 00 00 - mov eax,[edi+00000110] // ---------- DONE INJECTING ---------- ""+1706B255: 8B D9 - mov ebx,ecx ""+1706B257: 85 C0 - test eax,eax ""+1706B259: 7E 36 - jle 1706B291 ""+1706B25B: 8B 46 2C - mov eax,[esi+2C] ""+1706B25E: 83 EC 0C - sub esp,0C ""+1706B261: 50 - push eax ""+1706B262: 39 00 - cmp [eax],eax ""+1706B264: E8 E7 0A 3A EE - call 0540BD50 ""+1706B269: 83 C4 10 - add esp,10 ""+1706B26C: 83 EC 04 - sub esp,04 }
Скрытый текст[ENABLE] flag: Dd 1 [DISABLE] flag: Dd 0
Ресурсы, Ремонт, быстрая постройка:
Ресурсы по 100:
Скрытый текст{ Game : Dead In Bermuda.exe Version: Date : 2017-06-27 Author : ALEXSP This script does blah blah blah } [ENABLE] aobscan(Resour,8B 40 0C 85 C0 0F 8F DE) // should be unique alloc(newmem,$1000) label(code) label(return) registersymbol(Resour) newmem: mov [eax+0C],#100 code: mov eax,[eax+0C] test eax,eax jmp return Resour: jmp newmem return: [DISABLE] Resour: db 8B 40 0C 85 C0 unregistersymbol(Resour) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: 1406AF57 ""+1406AF3C: 83 EC 08 - sub esp,08 ""+1406AF3F: 53 - push ebx ""+1406AF40: 50 - push eax ""+1406AF41: E8 2A 0C 67 F1 - call 056DBB70 ""+1406AF46: 83 C4 10 - add esp,10 ""+1406AF49: 8B 45 F0 - mov eax,[ebp-10] ""+1406AF4C: 8B 48 0C - mov ecx,[eax+0C] ""+1406AF4F: 03 CE - add ecx,esi ""+1406AF51: 89 48 0C - mov [eax+0C],ecx ""+1406AF54: 8B 45 F0 - mov eax,[ebp-10] // ---------- INJECTING HERE ---------- ""+1406AF57: 8B 40 0C - mov eax,[eax+0C] ""+1406AF5A: 85 C0 - test eax,eax // ---------- DONE INJECTING ---------- ""+1406AF5C: 0F 8F DE 00 00 00 - jg 1406B040 ""+1406AF62: 8B 43 30 - mov eax,[ebx+30] ""+1406AF65: 8B 4D F0 - mov ecx,[ebp-10] ""+1406AF68: 83 EC 08 - sub esp,08 ""+1406AF6B: 51 - push ecx ""+1406AF6C: 50 - push eax ""+1406AF6D: 39 00 - cmp [eax],eax ""+1406AF6F: E8 F0 01 00 00 - call 1406B164 ""+1406AF74: 83 C4 10 - add esp,10 ""+1406AF77: 8B 43 20 - mov eax,[ebx+20] }
Библиотека и мастерская 100% (Прочность):
Скрытый текст{ Game : Dead In Bermuda.exe Version: Date : 2017-06-27 Author : ALEXSP This script does blah blah blah } [ENABLE] aobscan(Repair2,D9 80 90 00 00 00 C9) // should be unique alloc(newmem,$1000) label(code) label(return) registersymbol(Repair2) newmem: mov [eax+00000090], (float)100 code: fld dword ptr [eax+00000090] jmp return Repair2: jmp newmem db 90 return: [DISABLE] Repair2: db D9 80 90 00 00 00 unregistersymbol(Repair2) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: 140384F9 ""+140384E5: 00 00 - add [eax],al ""+140384E7: 00 55 8B - add [ebp-75],dl ""+140384EA: EC - in al,dx ""+140384EB: 83 EC 08 - sub esp,08 ""+140384EE: C9 - leave ""+140384EF: C3 - ret ""+140384F0: 55 - push ebp ""+140384F1: 8B EC - mov ebp,esp ""+140384F3: 83 EC 08 - sub esp,08 ""+140384F6: 8B 45 08 - mov eax,[ebp+08] // ---------- INJECTING HERE ---------- ""+140384F9: D9 80 90 00 00 00 - fld dword ptr [eax+00000090] // ---------- DONE INJECTING ---------- ""+140384FF: C9 - leave ""+14038500: C3 - ret ""+14038501: 00 00 - add [eax],al ""+14038503: 00 00 - add [eax],al ""+14038505: 00 00 - add [eax],al ""+14038507: 00 55 8B - add [ebp-75],dl ""+1403850A: EC - in al,dx ""+1403850B: 83 EC 08 - sub esp,08 ""+1403850E: 8B 45 08 - mov eax,[ebp+08] ""+14038511: D9 80 94 00 00 00 - fld dword ptr [eax+00000094] }
Быстрая постройка В мастерской:
Скрытый текст{ Game : Dead In Bermuda.exe Version: Date : 2017-06-27 Author : ALEXSP This script does blah blah blah } [ENABLE] aobscan(ISSLE,88 10 D9 00 83 EC 0C) // should be unique alloc(newmem,$1000) label(code) label(return) registersymbol(ISSLE) newmem: mov [eax], (float)1000 code: fld dword ptr [eax] sub esp,0C jmp return ISSLE+02: jmp newmem return: [DISABLE] ISSLE+02: db D9 00 83 EC 0C unregistersymbol(ISSLE) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: 1403EE91 ""+1403EE70: E8 A3 D8 69 F1 - call 056DC718 ""+1403EE75: 83 C4 10 - add esp,10 ""+1403EE78: 8B C8 - mov ecx,eax ""+1403EE7A: 8B 45 D4 - mov eax,[ebp-2C] ""+1403EE7D: 8B D1 - mov edx,ecx ""+1403EE7F: 39 12 - cmp [edx],edx ""+1403EE81: 8B 49 40 - mov ecx,[ecx+40] ""+1403EE84: 39 48 0C - cmp [eax+0C],ecx ""+1403EE87: 0F 86 36 01 00 00 - jbe 1403EFC3 ""+1403EE8D: 8D 44 88 10 - lea eax,[eax+ecx*4+10] // ---------- INJECTING HERE ---------- ""+1403EE91: D9 00 - fld dword ptr [eax] ""+1403EE93: 83 EC 0C - sub esp,0C // ---------- DONE INJECTING ---------- ""+1403EE96: 83 EC 04 - sub esp,04 ""+1403EE99: D9 1C 24 - fstp dword ptr [esp] ""+1403EE9C: E8 2F F7 6D F1 - call 0571E5D0 ""+1403EEA1: 83 C4 10 - add esp,10 ""+1403EEA4: 8B D0 - mov edx,eax ""+1403EEA6: 8B 45 DC - mov eax,[ebp-24] ""+1403EEA9: 8B 4D D8 - mov ecx,[ebp-28] ""+1403EEAC: 52 - push edx ""+1403EEAD: DB 04 24 - fild dword ptr [esp] ""+1403EEB0: D9 1C 24 - fstp dword ptr [esp] }
На этом пока все. В ближайшее время постараюсь найти нужную инструкцию для пойнтера. Очень уж охота создать нормальную таблицу со статами.
Опыта пока мало
- хотелок много 
. Посмотрел несколько видео Garik66 почерпнул у него аккуратность написания скриптов, ну и еще много интересного узнал.
Спасибо всем за участие. Как и всегда.
-
1
-
-
9 минут назад, Garik66 сказал:
// Всё правильно в этой функции их пять 128CDE20 - 55 - push ebp 128CDE21 - 8B EC - mov ebp,esp 128CDE23 - 57 - push edi 128CDE24 - 56 - push esi 128CDE25 - 83 EC 10 - sub esp,10 { 16 } 128CDE28 - 8B 75 08 - mov esi,[ebp+08] 128CDE2B - 8B 7D 0C - mov edi,[ebp+0C] 128CDE2E - 83 EC 08 - sub esp,08 { 8 } 128CDE31 - 68 C03FA70E - push 0EA73FC0 { [050082F4] } 128CDE36 - 57 - push edi 128CDE37 - E8 2441CAF2 - call 05571F60 128CDE3C - 83 C4 10 - add esp,10 { 16 } 128CDE3F - 85 C0 - test eax,eax 128CDE41 - 74 1E - je 128CDE61 128CDE43 - 8B 86 A8000000 - mov eax,[esi+000000A8] // 1 128CDE49 - 8B C8 - mov ecx,eax 128CDE4B - 39 09 - cmp [ecx],ecx 128CDE4D - D9 40 08 - fld dword ptr [eax+08] 128CDE50 - D9 5D F4 - fstp dword ptr [ebp-0C] 128CDE53 - D9 45 F4 - fld dword ptr [ebp-0C] 128CDE56 - D9 5D F4 - fstp dword ptr [ebp-0C] 128CDE59 - D9 45 F4 - fld dword ptr [ebp-0C] 128CDE5C - E9 ED000000 - jmp 128CDF4E 128CDE61 - 83 EC 08 - sub esp,08 { 8 } 128CDE64 - 68 403EA70E - push 0EA73E40 { [050082F4] } 128CDE69 - 57 - push edi 128CDE6A - E8 F140CAF2 - call 05571F60 128CDE6F - 83 C4 10 - add esp,10 { 16 } 128CDE72 - 85 C0 - test eax,eax 128CDE74 - 74 1E - je 128CDE94 128CDE76 - 8B 86 AC000000 - mov eax,[esi+000000AC] // 2 128CDE7C - 8B C8 - mov ecx,eax 128CDE7E - 39 09 - cmp [ecx],ecx 128CDE80 - D9 40 08 - fld dword ptr [eax+08] 128CDE83 - D9 5D F4 - fstp dword ptr [ebp-0C] 128CDE86 - D9 45 F4 - fld dword ptr [ebp-0C] 128CDE89 - D9 5D F4 - fstp dword ptr [ebp-0C] 128CDE8C - D9 45 F4 - fld dword ptr [ebp-0C] 128CDE8F - E9 BA000000 - jmp 128CDF4E 128CDE94 - 83 EC 08 - sub esp,08 { 8 } 128CDE97 - 68 48C89D0E - push 0E9DC848 { [050082F4] } 128CDE9C - 57 - push edi 128CDE9D - E8 BE40CAF2 - call 05571F60 128CDEA2 - 83 C4 10 - add esp,10 { 16 } 128CDEA5 - 85 C0 - test eax,eax 128CDEA7 - 74 1E - je 128CDEC7 128CDEA9 - 8B 86 B0000000 - mov eax,[esi+000000B0] // 3 128CDEAF - 8B C8 - mov ecx,eax 128CDEB1 - 39 09 - cmp [ecx],ecx 128CDEB3 - D9 40 08 - fld dword ptr [eax+08] 128CDEB6 - D9 5D F4 - fstp dword ptr [ebp-0C] 128CDEB9 - D9 45 F4 - fld dword ptr [ebp-0C] 128CDEBC - D9 5D F4 - fstp dword ptr [ebp-0C] 128CDEBF - D9 45 F4 - fld dword ptr [ebp-0C] 128CDEC2 - E9 87000000 - jmp 128CDF4E 128CDEC7 - 83 EC 08 - sub esp,08 { 8 } 128CDECA - 68 003EA70E - push 0EA73E00 { [050082F4] } 128CDECF - 57 - push edi 128CDED0 - E8 8B40CAF2 - call 05571F60 128CDED5 - 83 C4 10 - add esp,10 { 16 } 128CDED8 - 85 C0 - test eax,eax 128CDEDA - 74 1E - je 128CDEFA 128CDEDC - 8B 86 B4000000 - mov eax,[esi+000000B4] // 4 128CDEE2 - 8B C8 - mov ecx,eax 128CDEE4 - 39 09 - cmp [ecx],ecx 128CDEE6 - D9 40 08 - fld dword ptr [eax+08] 128CDEE9 - D9 5D F4 - fstp dword ptr [ebp-0C] 128CDEEC - D9 45 F4 - fld dword ptr [ebp-0C] 128CDEEF - D9 5D F4 - fstp dword ptr [ebp-0C] 128CDEF2 - D9 45 F4 - fld dword ptr [ebp-0C] 128CDEF5 - E9 54000000 - jmp 128CDF4E 128CDEFA - 83 EC 08 - sub esp,08 { 8 } 128CDEFD - 68 08C79D0E - push 0E9DC708 { [050082F4] } 128CDF02 - 57 - push edi 128CDF03 - E8 5840CAF2 - call 05571F60 128CDF08 - 83 C4 10 - add esp,10 { 16 } 128CDF0B - 85 C0 - test eax,eax 128CDF0D - 74 1B - je 128CDF2A 128CDF0F - 8B 86 B8000000 - mov eax,[esi+000000B8] //5 128CDF15 - 8B C8 - mov ecx,eax 128CDF17 - 39 09 - cmp [ecx],ecx 128CDF19 - D9 40 08 - fld dword ptr [eax+08] 128CDF1C - D9 5D F4 - fstp dword ptr [ebp-0C] 128CDF1F - D9 45 F4 - fld dword ptr [ebp-0C] 128CDF22 - D9 5D F4 - fstp dword ptr [ebp-0C] 128CDF25 - D9 45 F4 - fld dword ptr [ebp-0C] 128CDF28 - EB 24 - jmp 128CDF4E 128CDF2A - 83 EC 08 - sub esp,08 { 8 } 128CDF2D - 57 - push edi 128CDF2E - 68 C0110916 - push 160911C0 { [050082F4] } 128CDF33 - E8 403ACAF2 - call 05571978 128CDF38 - 83 C4 10 - add esp,10 { 16 } 128CDF3B - 83 EC 08 - sub esp,08 { 8 } 128CDF3E - 56 - push esi 128CDF3F - 50 - push eax 128CDF40 - E8 A346D0F2 - call 055D25E8 128CDF45 - 83 C4 10 - add esp,10 { 16 } 128CDF48 - D9 05 9809A613 - fld dword ptr [13A60998] { [-1.00] } 128CDF4E - 8D 65 F8 - lea esp,[ebp-08] 128CDF51 - 5E - pop esi 128CDF52 - 5F - pop edi 128CDF53 - C9 - leave 128CDF54 - C3 - ret
И тут ты был тоже прав. Цепляет другие значения. Пропадают диалоги. Попробую с Esi.
-
6 минут назад, Garik66 сказал:
Посчитать байты
D9 40 08 D9 5D F4 D9 45 F4 D9 5D F4 D9 45 F4 EB
Понял спасибо
-
Все равно пишет ошибка в строке 35. Не весь код пригоден к инъекции.
Можно если не затруднит вкратце рассказать как получил [[Psyho] ""+10"" ]
-
Как не странно обнуляются, только первые 5 характеристик, остальные 16 не меняются.
Скрипт работает как нужно
-
Скрытый текст
{ Game : Dead In Bermuda.exe Version: Date : 2017-06-29 Author : ALEXSP This script does blah blah blah } [ENABLE] aobscan(INJECT,05 * * * * 8D 65 F8 5E 5F C9 C3 00) // should be unique alloc(newmem,$1000) label(code) label(return) newmem: code: lea esp,[ebp-08] pop esi pop edi jmp return INJECT+05: jmp newmem return: registersymbol(INJECT) [DISABLE] INJECT+05: db 8D 65 F8 5E 5F unregistersymbol(INJECT) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: 15CEC5E6 15CEC5C5: 57 - push edi 15CEC5C6: 68 C0 31 4C 1D - push 1D4C31C0 15CEC5CB: E8 A8 53 94 EF - call 05631978 15CEC5D0: 83 C4 10 - add esp,10 15CEC5D3: 83 EC 08 - sub esp,08 15CEC5D6: 56 - push esi 15CEC5D7: 50 - push eax 15CEC5D8: E8 C3 36 9A EF - call 0568FCA0 15CEC5DD: 83 C4 10 - add esp,10 15CEC5E0: D9 05 50 BA 80 0F - fld dword ptr [0F80BA50] // ---------- INJECTING HERE ---------- 15CEC5E6: 8D 65 F8 - lea esp,[ebp-08] 15CEC5E9: 5E - pop esi 15CEC5EA: 5F - pop edi // ---------- DONE INJECTING ---------- 15CEC5EB: C9 - leave 15CEC5EC: C3 - ret 15CEC5ED: 00 00 - add [eax],al 15CEC5EF: 00 55 8B - add [ebp-75],dl 15CEC5F2: EC - in al,dx 15CEC5F3: 53 - push ebx 15CEC5F4: 57 - push edi 15CEC5F5: 56 - push esi 15CEC5F6: 83 EC 1C - sub esp,1C 15CEC5F9: 8B 45 08 - mov eax,[ebp+08] }
На счет твоего скрипта не работает. Ругается на смещения +10. Я еще пока, что мало знаю. Да и плохо понимаю, откуда +10 ты вычислил. Буду благодарен за ссылку. Где можно почитать об этом.
-
Сейчас займусь.
-
Да нет, тут маленько другое...
Дочка с садика вернулась с температурой 37,6, маленькие истерики. Нам всего 4 года в августе будет. Вот и ныряю, туда - сюда.
-
Функция:
Скрытый текст128CDE20 - 55 - push ebp 128CDE21 - 8B EC - mov ebp,esp 128CDE23 - 57 - push edi 128CDE24 - 56 - push esi 128CDE25 - 83 EC 10 - sub esp,10 { 16 } 128CDE28 - 8B 75 08 - mov esi,[ebp+08] 128CDE2B - 8B 7D 0C - mov edi,[ebp+0C] 128CDE2E - 83 EC 08 - sub esp,08 { 8 } 128CDE31 - 68 C03FA70E - push 0EA73FC0 { [050082F4] } 128CDE36 - 57 - push edi 128CDE37 - E8 2441CAF2 - call 05571F60 128CDE3C - 83 C4 10 - add esp,10 { 16 } 128CDE3F - 85 C0 - test eax,eax 128CDE41 - 74 1E - je 128CDE61 128CDE43 - 8B 86 A8000000 - mov eax,[esi+000000A8] 128CDE49 - 8B C8 - mov ecx,eax 128CDE4B - 39 09 - cmp [ecx],ecx 128CDE4D - D9 40 08 - fld dword ptr [eax+08] 128CDE50 - D9 5D F4 - fstp dword ptr [ebp-0C] 128CDE53 - D9 45 F4 - fld dword ptr [ebp-0C] 128CDE56 - D9 5D F4 - fstp dword ptr [ebp-0C] 128CDE59 - D9 45 F4 - fld dword ptr [ebp-0C] 128CDE5C - E9 ED000000 - jmp 128CDF4E 128CDE61 - 83 EC 08 - sub esp,08 { 8 } 128CDE64 - 68 403EA70E - push 0EA73E40 { [050082F4] } 128CDE69 - 57 - push edi 128CDE6A - E8 F140CAF2 - call 05571F60 128CDE6F - 83 C4 10 - add esp,10 { 16 } 128CDE72 - 85 C0 - test eax,eax 128CDE74 - 74 1E - je 128CDE94 128CDE76 - 8B 86 AC000000 - mov eax,[esi+000000AC] 128CDE7C - 8B C8 - mov ecx,eax 128CDE7E - 39 09 - cmp [ecx],ecx 128CDE80 - D9 40 08 - fld dword ptr [eax+08] 128CDE83 - D9 5D F4 - fstp dword ptr [ebp-0C] 128CDE86 - D9 45 F4 - fld dword ptr [ebp-0C] 128CDE89 - D9 5D F4 - fstp dword ptr [ebp-0C] 128CDE8C - D9 45 F4 - fld dword ptr [ebp-0C] 128CDE8F - E9 BA000000 - jmp 128CDF4E 128CDE94 - 83 EC 08 - sub esp,08 { 8 } 128CDE97 - 68 48C89D0E - push 0E9DC848 { [050082F4] } 128CDE9C - 57 - push edi 128CDE9D - E8 BE40CAF2 - call 05571F60 128CDEA2 - 83 C4 10 - add esp,10 { 16 } 128CDEA5 - 85 C0 - test eax,eax 128CDEA7 - 74 1E - je 128CDEC7 128CDEA9 - 8B 86 B0000000 - mov eax,[esi+000000B0] 128CDEAF - 8B C8 - mov ecx,eax 128CDEB1 - 39 09 - cmp [ecx],ecx 128CDEB3 - D9 40 08 - fld dword ptr [eax+08] 128CDEB6 - D9 5D F4 - fstp dword ptr [ebp-0C] 128CDEB9 - D9 45 F4 - fld dword ptr [ebp-0C] 128CDEBC - D9 5D F4 - fstp dword ptr [ebp-0C] 128CDEBF - D9 45 F4 - fld dword ptr [ebp-0C] 128CDEC2 - E9 87000000 - jmp 128CDF4E 128CDEC7 - 83 EC 08 - sub esp,08 { 8 } 128CDECA - 68 003EA70E - push 0EA73E00 { [050082F4] } 128CDECF - 57 - push edi 128CDED0 - E8 8B40CAF2 - call 05571F60 128CDED5 - 83 C4 10 - add esp,10 { 16 } 128CDED8 - 85 C0 - test eax,eax 128CDEDA - 74 1E - je 128CDEFA 128CDEDC - 8B 86 B4000000 - mov eax,[esi+000000B4] 128CDEE2 - 8B C8 - mov ecx,eax 128CDEE4 - 39 09 - cmp [ecx],ecx 128CDEE6 - D9 40 08 - fld dword ptr [eax+08] 128CDEE9 - D9 5D F4 - fstp dword ptr [ebp-0C] 128CDEEC - D9 45 F4 - fld dword ptr [ebp-0C] 128CDEEF - D9 5D F4 - fstp dword ptr [ebp-0C] 128CDEF2 - D9 45 F4 - fld dword ptr [ebp-0C] 128CDEF5 - E9 54000000 - jmp 128CDF4E 128CDEFA - 83 EC 08 - sub esp,08 { 8 } 128CDEFD - 68 08C79D0E - push 0E9DC708 { [050082F4] } 128CDF02 - 57 - push edi 128CDF03 - E8 5840CAF2 - call 05571F60 128CDF08 - 83 C4 10 - add esp,10 { 16 } 128CDF0B - 85 C0 - test eax,eax 128CDF0D - 74 1B - je 128CDF2A 128CDF0F - 8B 86 B8000000 - mov eax,[esi+000000B8] 128CDF15 - 8B C8 - mov ecx,eax 128CDF17 - 39 09 - cmp [ecx],ecx 128CDF19 - D9 40 08 - fld dword ptr [eax+08] 128CDF1C - D9 5D F4 - fstp dword ptr [ebp-0C] 128CDF1F - D9 45 F4 - fld dword ptr [ebp-0C] 128CDF22 - D9 5D F4 - fstp dword ptr [ebp-0C] 128CDF25 - D9 45 F4 - fld dword ptr [ebp-0C] 128CDF28 - EB 24 - jmp 128CDF4E 128CDF2A - 83 EC 08 - sub esp,08 { 8 } 128CDF2D - 57 - push edi 128CDF2E - 68 C0110916 - push 160911C0 { [050082F4] } 128CDF33 - E8 403ACAF2 - call 05571978 128CDF38 - 83 C4 10 - add esp,10 { 16 } 128CDF3B - 83 EC 08 - sub esp,08 { 8 } 128CDF3E - 56 - push esi 128CDF3F - 50 - push eax 128CDF40 - E8 A346D0F2 - call 055D25E8 128CDF45 - 83 C4 10 - add esp,10 { 16 } 128CDF48 - D9 05 9809A613 - fld dword ptr [13A60998] { [-1.00] } 128CDF4E - 8D 65 F8 - lea esp,[ebp-08] 128CDF51 - 5E - pop esi 128CDF52 - 5F - pop edi 128CDF53 - C9 - leave 128CDF54 - C3 - ret
Скрытый текст
-
Вот собственно смещения от пойнтера:
Скрытый текстГолод 20 Болезнь -10 Депрессия -40 Усталость 8 Ранения -28 Скрытность 6c Изготовление 84 Исследования 54 Собирательство 3c Охота b4 Рыбалка e4 Сбор cc Готовка 9c Сила 114 Ловкость fc Телосложение 144 Борьба 12c Интелект 1a4 Речь 174 Медицина 18c Знания 15c
Скрытый текст
Вот графически. Что бы было более понятно. Наглядно так сказать. У остальных 7 персонажей все корректно отображается.
Что в красном и зеленом квадрате отображается корректно.
-
5 часов назад, Xipho сказал:
Вроде с помощью Lua можно найти все вхождения сигнатур одной строкой, подставив на места меняющихся байт знаки вопроса (это скажет СЕ, что значения в этих байтах могут меняться).
Затем можно пройтись циклом по найденным адресам и везде прописать прыжок на выделенную память, а лучше не прыжок, а call и в конце вместо прыжка возврата ret
Я в lua не силен, это нужно ждать тех участников, кто разбирается в нем.
Спасибо, мысль интересная. К сожалению в Lua тоже не силен. Попробую почитать вечером, после работы.
-
Привет Всем.
Dead In Bermuda игра Survival, - решил ее поломать, ну и заодно подучиться
.
Собственно возникла пара вопросов:
Но сначала немного о механике игры:
В наличии 8 персонажей потерпевших крушение. У каждого из которых есть основные характеристики:
1) Голод
2) Болезнь
3) Дипрессия
4) Усталость
5) Ранения
И общие характеристики:
Скрытность, Изготовление, Исследования, Собирательство, Охота, Рыбалка, Сбор, Готовка, Сила, Ловкость, Телосложение, Борьба, Интеллект, Речь, Медицина, Знания.
Пробовал сначала сделать каждую из основных характеристик своим скриптом:
Голод:
Скрытый текст{ Game : Dead In Bermuda.exe Version: Date : 2017-06-27 Author : ALEXSP This script does blah blah blah } [ENABLE] aobscan(Hungry,D9 40 08 D9 5D F4 D9 45 F4 D9 5D F4 D9 45 F4 E9 ED) // should be unique alloc(newmem,$1000) label(code) label(return) registersymbol(Hungry) newmem: mov [eax+08], (float)0 code: fld dword ptr [eax+08] fstp dword ptr [ebp-0C] jmp return Hungry: jmp newmem db 90 return: [DISABLE] Hungry: db D9 40 08 D9 5D F4 unregistersymbol(Hungry) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: 1403CF7D ""+1403CF5E: 83 EC 08 - sub esp,08 ""+1403CF61: 68 E0 FC CF 0E - push 0ECFFCE0 ""+1403CF66: 57 - push edi ""+1403CF67: E8 F4 4F 68 F1 - call 056C1F60 ""+1403CF6C: 83 C4 10 - add esp,10 ""+1403CF6F: 85 C0 - test eax,eax ""+1403CF71: 74 1E - je 1403CF91 ""+1403CF73: 8B 86 A8 00 00 00 - mov eax,[esi+000000A8] ""+1403CF79: 8B C8 - mov ecx,eax ""+1403CF7B: 39 09 - cmp [ecx],ecx // ---------- INJECTING HERE ---------- ""+1403CF7D: D9 40 08 - fld dword ptr [eax+08] ""+1403CF80: D9 5D F4 - fstp dword ptr [ebp-0C] // ---------- DONE INJECTING ---------- ""+1403CF83: D9 45 F4 - fld dword ptr [ebp-0C] ""+1403CF86: D9 5D F4 - fstp dword ptr [ebp-0C] ""+1403CF89: D9 45 F4 - fld dword ptr [ebp-0C] ""+1403CF8C: E9 ED 00 00 00 - jmp 1403D07E ""+1403CF91: 83 EC 08 - sub esp,08 ""+1403CF94: 68 60 FB CF 0E - push 0ECFFB60 ""+1403CF99: 57 - push edi ""+1403CF9A: E8 C1 4F 68 F1 - call 056C1F60 ""+1403CF9F: 83 C4 10 - add esp,10 ""+1403CFA2: 85 C0 - test eax,eax }
Болезнь:
Скрытый текст{ Game : Dead In Bermuda.exe Version: Date : 2017-06-27 Author : ALEXSP This script does blah blah blah } [ENABLE] aobscan(Disease,D9 40 08 D9 5D F4 D9 45 F4 D9 5D F4 D9 45 F4 E9) // should be unique alloc(newmem,$1000) label(code) label(return) registersymbol(Disease) newmem: mov [eax+08], (float)0 code: fld dword ptr [eax+08] fstp dword ptr [ebp-0C] jmp return Disease: jmp newmem db 90 return: [DISABLE] Disease: db D9 40 08 D9 5D F4 unregistersymbol(Disease) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: 1403CFE3 ""+1403CFC4: 83 EC 08 - sub esp,08 ""+1403CFC7: 68 A0 0F D0 0E - push 0ED00FA0 ""+1403CFCC: 57 - push edi ""+1403CFCD: E8 8E 4F 68 F1 - call 056C1F60 ""+1403CFD2: 83 C4 10 - add esp,10 ""+1403CFD5: 85 C0 - test eax,eax ""+1403CFD7: 74 1E - je 1403CFF7 ""+1403CFD9: 8B 86 B0 00 00 00 - mov eax,[esi+000000B0] ""+1403CFDF: 8B C8 - mov ecx,eax ""+1403CFE1: 39 09 - cmp [ecx],ecx // ---------- INJECTING HERE ---------- ""+1403CFE3: D9 40 08 - fld dword ptr [eax+08] ""+1403CFE6: D9 5D F4 - fstp dword ptr [ebp-0C] // ---------- DONE INJECTING ---------- ""+1403CFE9: D9 45 F4 - fld dword ptr [ebp-0C] ""+1403CFEC: D9 5D F4 - fstp dword ptr [ebp-0C] ""+1403CFEF: D9 45 F4 - fld dword ptr [ebp-0C] ""+1403CFF2: E9 87 00 00 00 - jmp 1403D07E ""+1403CFF7: 83 EC 08 - sub esp,08 ""+1403CFFA: 68 20 FB CF 0E - push 0ECFFB20 ""+1403CFFF: 57 - push edi ""+1403D000: E8 5B 4F 68 F1 - call 056C1F60 ""+1403D005: 83 C4 10 - add esp,10 ""+1403D008: 85 C0 - test eax,eax }
Депрессия:
Скрытый текст{ Game : Dead In Bermuda.exe Version: Date : 2017-06-27 Author : ALEXSP This script does blah blah blah } [ENABLE] aobscan(Psyho,D9 40 08 D9 5D F4 D9 45 F4 D9 5D F4 D9 45 F4 EB) // should be unique alloc(newmem,$1000) label(code) label(return) registersymbol(Psyho) newmem: mov [eax+08], (float)0 code: fld dword ptr [eax+08] fstp dword ptr [ebp-0C] jmp return Psyho: jmp newmem db 90 return: [DISABLE] Psyho: db D9 40 08 D9 5D F4 unregistersymbol(Psyho) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: 1403D049 ""+1403D02A: 83 EC 08 - sub esp,08 ""+1403D02D: 68 60 0E D0 0E - push 0ED00E60 ""+1403D032: 57 - push edi ""+1403D033: E8 28 4F 68 F1 - call 056C1F60 ""+1403D038: 83 C4 10 - add esp,10 ""+1403D03B: 85 C0 - test eax,eax ""+1403D03D: 74 1B - je 1403D05A ""+1403D03F: 8B 86 B8 00 00 00 - mov eax,[esi+000000B8] ""+1403D045: 8B C8 - mov ecx,eax ""+1403D047: 39 09 - cmp [ecx],ecx // ---------- INJECTING HERE ---------- ""+1403D049: D9 40 08 - fld dword ptr [eax+08] ""+1403D04C: D9 5D F4 - fstp dword ptr [ebp-0C] // ---------- DONE INJECTING ---------- ""+1403D04F: D9 45 F4 - fld dword ptr [ebp-0C] ""+1403D052: D9 5D F4 - fstp dword ptr [ebp-0C] ""+1403D055: D9 45 F4 - fld dword ptr [ebp-0C] ""+1403D058: EB 24 - jmp 1403D07E ""+1403D05A: 83 EC 08 - sub esp,08 ""+1403D05D: 57 - push edi ""+1403D05E: 68 10 23 2A 17 - push 172A2310 ""+1403D063: E8 10 49 68 F1 - call 056C1978 ""+1403D068: 83 C4 10 - add esp,10 ""+1403D06B: 83 EC 08 - sub esp,08 }
Усталость:
Скрытый текст{ Game : Dead In Bermuda.exe Version: Date : 2017-06-27 Author : ALEXSP This script does blah blah blah } [ENABLE] aobscan(Sleep,D9 40 08 D9 5D F4 D9 45 F4 D9 5D F4 D9 45 F4 E9 BA) // should be unique alloc(newmem,$1000) label(code) label(return) registersymbol(Sleep) newmem: mov [eax+08], (float)0 code: fld dword ptr [eax+08] fstp dword ptr [ebp-0C] jmp return Sleep: jmp newmem db 90 return: [DISABLE] Sleep: db D9 40 08 D9 5D F4 unregistersymbol(Sleep) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: 1403CFB0 ""+1403CF91: 83 EC 08 - sub esp,08 ""+1403CF94: 68 60 FB CF 0E - push 0ECFFB60 ""+1403CF99: 57 - push edi ""+1403CF9A: E8 C1 4F 68 F1 - call 056C1F60 ""+1403CF9F: 83 C4 10 - add esp,10 ""+1403CFA2: 85 C0 - test eax,eax ""+1403CFA4: 74 1E - je 1403CFC4 ""+1403CFA6: 8B 86 AC 00 00 00 - mov eax,[esi+000000AC] ""+1403CFAC: 8B C8 - mov ecx,eax ""+1403CFAE: 39 09 - cmp [ecx],ecx // ---------- INJECTING HERE ---------- ""+1403CFB0: D9 40 08 - fld dword ptr [eax+08] ""+1403CFB3: D9 5D F4 - fstp dword ptr [ebp-0C] // ---------- DONE INJECTING ---------- ""+1403CFB6: D9 45 F4 - fld dword ptr [ebp-0C] ""+1403CFB9: D9 5D F4 - fstp dword ptr [ebp-0C] ""+1403CFBC: D9 45 F4 - fld dword ptr [ebp-0C] ""+1403CFBF: E9 BA 00 00 00 - jmp 1403D07E ""+1403CFC4: 83 EC 08 - sub esp,08 ""+1403CFC7: 68 A0 0F D0 0E - push 0ED00FA0 ""+1403CFCC: 57 - push edi ""+1403CFCD: E8 8E 4F 68 F1 - call 056C1F60 ""+1403CFD2: 83 C4 10 - add esp,10 ""+1403CFD5: 85 C0 - test eax,eax }
Ранения:
Скрытый текст{ Game : Dead In Bermuda.exe Version: Date : 2017-06-27 Author : ALEXSP This script does blah blah blah } [ENABLE] aobscan(Noattack,D9 40 08 D9 5D F4 D9 45 F4 D9 5D F4 D9 45 F4 E9 54) // should be unique alloc(newmem,$1000) label(code) label(return) registersymbol(Noattack) newmem: mov [eax+08], (float)0 code: fld dword ptr [eax+08] fstp dword ptr [ebp-0C] jmp return Noattack: jmp newmem db 90 return: [DISABLE] Noattack: db D9 40 08 D9 5D F4 unregistersymbol(Noattack) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: 1403D016 ""+1403CFF7: 83 EC 08 - sub esp,08 ""+1403CFFA: 68 20 FB CF 0E - push 0ECFFB20 ""+1403CFFF: 57 - push edi ""+1403D000: E8 5B 4F 68 F1 - call 056C1F60 ""+1403D005: 83 C4 10 - add esp,10 ""+1403D008: 85 C0 - test eax,eax ""+1403D00A: 74 1E - je 1403D02A ""+1403D00C: 8B 86 B4 00 00 00 - mov eax,[esi+000000B4] ""+1403D012: 8B C8 - mov ecx,eax ""+1403D014: 39 09 - cmp [ecx],ecx // ---------- INJECTING HERE ---------- ""+1403D016: D9 40 08 - fld dword ptr [eax+08] ""+1403D019: D9 5D F4 - fstp dword ptr [ebp-0C] // ---------- DONE INJECTING ---------- ""+1403D01C: D9 45 F4 - fld dword ptr [ebp-0C] ""+1403D01F: D9 5D F4 - fstp dword ptr [ebp-0C] ""+1403D022: D9 45 F4 - fld dword ptr [ebp-0C] ""+1403D025: E9 54 00 00 00 - jmp 1403D07E ""+1403D02A: 83 EC 08 - sub esp,08 ""+1403D02D: 68 60 0E D0 0E - push 0ED00E60 ""+1403D032: 57 - push edi ""+1403D033: E8 28 4F 68 F1 - call 056C1F60 ""+1403D038: 83 C4 10 - add esp,10 ""+1403D03B: 85 C0 - test eax,eax }
Все работает, но уж больно все громоздко, если учесть, что у всех 5 скриптов отличается AOB всего 1 - 2 последних байта, хотя и работают по однотипной инструкции.
Отсюда и следует вопрос: Возможно ли заставить работать все 5 скриптов по одному коду? Примерно так:
Скрытый текст{ Game : Dead In Bermuda.exe Version: Date : 2017-06-27 Author : ALEXSP This script does blah blah blah } [ENABLE] aobscan(Psyho,D9 40 08 D9 5D F4 D9 45 F4 D9 5D F4 D9 45 F4 EB) // should be unique aobscan(Sleep,D9 40 08 D9 5D F4 D9 45 F4 D9 5D F4 D9 45 F4 E9 BA) // should be unique aobscan(Noattack,D9 40 08 D9 5D F4 D9 45 F4 D9 5D F4 D9 45 F4 E9 54) // should be unique aobscan(Hungry,D9 40 08 D9 5D F4 D9 45 F4 D9 5D F4 D9 45 F4 E9 ED) // should be unique aobscan(Disease,D9 40 08 D9 5D F4 D9 45 F4 D9 5D F4 D9 45 F4 E9) // should be unique alloc(newmem,$2048) label(code) label(return) registersymbol(Psyho) registersymbol(Sleep) registersymbol(Noattack) registersymbol(Hungry) registersymbol(Disease) newmem: mov [eax+08], (float)0 code: fld dword ptr [eax+08] fstp dword ptr [ebp-0C] jmp return Sleep: jmp newmem db 90 return: Psyho: jmp newmem db 90 return: Noattack: jmp newmem db 90 return: Hungry: jmp newmem db 90 return: Disease: jmp newmem db 90 return: [DISABLE] Psyho: db D9 40 08 D9 5D F4 Sleep: db D9 40 08 D9 5D F4 Noattack: db D9 40 08 D9 5D F4 Hungry: db D9 40 08 D9 5D F4 Disease: db D9 40 08 D9 5D F4 unregistersymbol(Psyho) unregistersymbol(Sleep) unregistersymbol(Noattack) unregistersymbol(Hungry) unregistersymbol(Disease) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: 1403D049 ""+1403D02A: 83 EC 08 - sub esp,08 ""+1403D02D: 68 60 0E D0 0E - push 0ED00E60 ""+1403D032: 57 - push edi ""+1403D033: E8 28 4F 68 F1 - call 056C1F60 ""+1403D038: 83 C4 10 - add esp,10 ""+1403D03B: 85 C0 - test eax,eax ""+1403D03D: 74 1B - je 1403D05A ""+1403D03F: 8B 86 B8 00 00 00 - mov eax,[esi+000000B8] ""+1403D045: 8B C8 - mov ecx,eax ""+1403D047: 39 09 - cmp [ecx],ecx // ---------- INJECTING HERE ---------- ""+1403D049: D9 40 08 - fld dword ptr [eax+08] ""+1403D04C: D9 5D F4 - fstp dword ptr [ebp-0C] // ---------- DONE INJECTING ---------- ""+1403D04F: D9 45 F4 - fld dword ptr [ebp-0C] ""+1403D052: D9 5D F4 - fstp dword ptr [ebp-0C] ""+1403D055: D9 45 F4 - fld dword ptr [ebp-0C] ""+1403D058: EB 24 - jmp 1403D07E ""+1403D05A: 83 EC 08 - sub esp,08 ""+1403D05D: 57 - push edi ""+1403D05E: 68 10 23 2A 17 - push 172A2310 ""+1403D063: E8 10 49 68 F1 - call 056C1978 ""+1403D068: 83 C4 10 - add esp,10 ""+1403D06B: 83 EC 08 - sub esp,08 }
Соответственно скрипт не будет работать, т.к. label(return) объявлен всего 1 а должно быть 5.
Позже пошел другим путем:
Нашел инструкцию:
Скрытый текст{ Game : Dead In Bermuda.exe Version: Date : 2017-06-28 Author : ALEXSP This script does blah blah blah } [ENABLE] aobscan(HeroStat,D9 40 08 D9 5D F4 D9 45 F4 D9 5D F4 D9 45 F4 E9 BA) // should be unique alloc(newmem,$1000) label(code) label(return) label(P_HERO) registersymbol(P_HERO) registersymbol(HeroStat) newmem: mov [P_HERO],eax code: fld dword ptr [eax+08] fstp dword ptr [ebp-0C] jmp return P_HERO: dd 0 HeroStat: jmp newmem nop return: [DISABLE] HeroStat: db D9 40 08 D9 5D F4 unregistersymbol(HeroStat) unregistersymbol(P_HERO) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: 1D8FE290 ""+1D8FE271: 83 EC 08 - sub esp,08 ""+1D8FE274: 68 20 3E FE 0E - push 0EFE3E20 ""+1D8FE279: 57 - push edi ""+1D8FE27A: E8 E1 3C 02 E8 - call 05921F60 ""+1D8FE27F: 83 C4 10 - add esp,10 ""+1D8FE282: 85 C0 - test eax,eax ""+1D8FE284: 74 1E - je 1D8FE2A4 ""+1D8FE286: 8B 86 AC 00 00 00 - mov eax,[esi+000000AC] ""+1D8FE28C: 8B C8 - mov ecx,eax ""+1D8FE28E: 39 09 - cmp [ecx],ecx // ---------- INJECTING HERE ---------- ""+1D8FE290: D9 40 08 - fld dword ptr [eax+08] ""+1D8FE293: D9 5D F4 - fstp dword ptr [ebp-0C] // ---------- DONE INJECTING ---------- ""+1D8FE296: D9 45 F4 - fld dword ptr [ebp-0C] ""+1D8FE299: D9 5D F4 - fstp dword ptr [ebp-0C] ""+1D8FE29C: D9 45 F4 - fld dword ptr [ebp-0C] ""+1D8FE29F: E9 BA 00 00 00 - jmp 1D8FE35E ""+1D8FE2A4: 83 EC 08 - sub esp,08 ""+1D8FE2A7: 68 48 D8 EA 0E - push 0EEAD848 ""+1D8FE2AC: 57 - push edi ""+1D8FE2AD: E8 AE 3C 02 E8 - call 05921F60 ""+1D8FE2B2: 83 C4 10 - add esp,10 ""+1D8FE2B5: 85 C0 - test eax,eax }
Сделал пойнтер.
Прописал смещения. При выделении персонажа, корректно показывает все его характеристики. Исключением является 1 персонаж у которого 4-6 стат показывают бред. Пробовал с другими инструкциями, итог один и тот же. Буду благодарен за подсказку в данном направлении.
Скрипт на бесконечные ресурсы работает:
Скрытый текст{ Game : Dead In Bermuda.exe Version: Date : 2017-06-27 Author : ALEXSP This script does blah blah blah } [ENABLE] aobscan(Resour,8B 40 0C 85 C0 0F 8F DE) // should be unique alloc(newmem,$1000) label(code) label(return) registersymbol(Resour) newmem: mov [eax+0C],#100 code: mov eax,[eax+0C] test eax,eax jmp return Resour: jmp newmem return: [DISABLE] Resour: db 8B 40 0C 85 C0 unregistersymbol(Resour) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: 1406AF57 ""+1406AF3C: 83 EC 08 - sub esp,08 ""+1406AF3F: 53 - push ebx ""+1406AF40: 50 - push eax ""+1406AF41: E8 2A 0C 67 F1 - call 056DBB70 ""+1406AF46: 83 C4 10 - add esp,10 ""+1406AF49: 8B 45 F0 - mov eax,[ebp-10] ""+1406AF4C: 8B 48 0C - mov ecx,[eax+0C] ""+1406AF4F: 03 CE - add ecx,esi ""+1406AF51: 89 48 0C - mov [eax+0C],ecx ""+1406AF54: 8B 45 F0 - mov eax,[ebp-10] // ---------- INJECTING HERE ---------- ""+1406AF57: 8B 40 0C - mov eax,[eax+0C] ""+1406AF5A: 85 C0 - test eax,eax // ---------- DONE INJECTING ---------- ""+1406AF5C: 0F 8F DE 00 00 00 - jg 1406B040 ""+1406AF62: 8B 43 30 - mov eax,[ebx+30] ""+1406AF65: 8B 4D F0 - mov ecx,[ebp-10] ""+1406AF68: 83 EC 08 - sub esp,08 ""+1406AF6B: 51 - push ecx ""+1406AF6C: 50 - push eax ""+1406AF6D: 39 00 - cmp [eax],eax ""+1406AF6F: E8 F0 01 00 00 - call 1406B164 ""+1406AF74: 83 C4 10 - add esp,10 ""+1406AF77: 8B 43 20 - mov eax,[ebx+20] }
Быстрая постройка в мастерской - тоже работает:
Скрытый текст{ Game : Dead In Bermuda.exe Version: Date : 2017-06-27 Author : ALEXSP This script does blah blah blah } [ENABLE] aobscan(ISSLE,88 10 D9 00 83 EC 0C) // should be unique alloc(newmem,$1000) label(code) label(return) registersymbol(ISSLE) newmem: mov [eax], (float)1000 code: fld dword ptr [eax] sub esp,0C jmp return ISSLE+02: jmp newmem return: [DISABLE] ISSLE+02: db D9 00 83 EC 0C unregistersymbol(ISSLE) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: 1403EE91 ""+1403EE70: E8 A3 D8 69 F1 - call 056DC718 ""+1403EE75: 83 C4 10 - add esp,10 ""+1403EE78: 8B C8 - mov ecx,eax ""+1403EE7A: 8B 45 D4 - mov eax,[ebp-2C] ""+1403EE7D: 8B D1 - mov edx,ecx ""+1403EE7F: 39 12 - cmp [edx],edx ""+1403EE81: 8B 49 40 - mov ecx,[ecx+40] ""+1403EE84: 39 48 0C - cmp [eax+0C],ecx ""+1403EE87: 0F 86 36 01 00 00 - jbe 1403EFC3 ""+1403EE8D: 8D 44 88 10 - lea eax,[eax+ecx*4+10] // ---------- INJECTING HERE ---------- ""+1403EE91: D9 00 - fld dword ptr [eax] ""+1403EE93: 83 EC 0C - sub esp,0C // ---------- DONE INJECTING ---------- ""+1403EE96: 83 EC 04 - sub esp,04 ""+1403EE99: D9 1C 24 - fstp dword ptr [esp] ""+1403EE9C: E8 2F F7 6D F1 - call 0571E5D0 ""+1403EEA1: 83 C4 10 - add esp,10 ""+1403EEA4: 8B D0 - mov edx,eax ""+1403EEA6: 8B 45 DC - mov eax,[ebp-24] ""+1403EEA9: 8B 4D D8 - mov ecx,[ebp-28] ""+1403EEAC: 52 - push edx ""+1403EEAD: DB 04 24 - fild dword ptr [esp] ""+1403EEB0: D9 1C 24 - fstp dword ptr [esp] }
Очки навыков работают:
Скрытый текст{ Game : Dead In Bermuda.exe Version: Date : 2017-06-27 Author : ALEXSP This script does blah blah blah } [ENABLE] aobscan(points,8B 87 10 01 00 00 8B D9) // should be unique alloc(newmem,$1000) label(code) label(return) registersymbol(points) newmem: mov [edi+00000110],#50 code: mov eax,[edi+00000110] jmp return points: jmp newmem db 90 return: [DISABLE] points: db 8B 87 10 01 00 00 unregistersymbol(points) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: 1706B24F ""+1706B232: 85 C0 - test eax,eax ""+1706B234: 0F 84 6F 00 00 00 - je 1706B2A9 ""+1706B23A: 8B 46 44 - mov eax,[esi+44] ""+1706B23D: 83 EC 0C - sub esp,0C ""+1706B240: 50 - push eax ""+1706B241: 39 00 - cmp [eax],eax ""+1706B243: E8 78 99 39 EE - call 05404BC0 ""+1706B248: 83 C4 10 - add esp,10 ""+1706B24B: 8B C8 - mov ecx,eax ""+1706B24D: 39 3F - cmp [edi],edi // ---------- INJECTING HERE ---------- ""+1706B24F: 8B 87 10 01 00 00 - mov eax,[edi+00000110] // ---------- DONE INJECTING ---------- ""+1706B255: 8B D9 - mov ebx,ecx ""+1706B257: 85 C0 - test eax,eax ""+1706B259: 7E 36 - jle 1706B291 ""+1706B25B: 8B 46 2C - mov eax,[esi+2C] ""+1706B25E: 83 EC 0C - sub esp,0C ""+1706B261: 50 - push eax ""+1706B262: 39 00 - cmp [eax],eax ""+1706B264: E8 E7 0A 3A EE - call 0540BD50 ""+1706B269: 83 C4 10 - add esp,10 ""+1706B26C: 83 EC 04 - sub esp,04 }
Все характеристики по 100 - работает, но нужно покопать поглубже, при рестарте не все значения остаются 100
Пока, что так:
Скрытый текст{ Game : Dead In Bermuda.exe Version: Date : 2017-06-27 Author : ALEXSP This script does blah blah blah } [ENABLE] aobscan(HaRR,D9 40 0C DD 5D F8) // should be unique alloc(newmem,$1000) label(code) label(return) registersymbol(HaRR) newmem: mov dword ptr [eax+0C], (float)100 code: fld dword ptr [eax+0C] fstp qword ptr [ebp-08] jmp return HaRR: jmp newmem db 90 return: [DISABLE] HaRR: db D9 40 0C DD 5D F8 unregistersymbol(HaRR) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: 1403CC16 ""+1403CBFA: D9 FC - frndint ""+1403CBFC: 83 EC 04 - sub esp,04 ""+1403CBFF: D9 1C 24 - fstp dword ptr [esp] ""+1403CC02: D9 04 24 - fld dword ptr [esp] ""+1403CC05: 83 C4 04 - add esp,04 ""+1403CC08: D9 5D F4 - fstp dword ptr [ebp-0C] ""+1403CC0B: D9 45 F4 - fld dword ptr [ebp-0C] ""+1403CC0E: DD 5D F8 - fstp qword ptr [ebp-08] ""+1403CC11: EB 09 - jmp 1403CC1C ""+1403CC13: 8B 45 08 - mov eax,[ebp+08] // ---------- INJECTING HERE ---------- ""+1403CC16: D9 40 0C - fld dword ptr [eax+0C] ""+1403CC19: DD 5D F8 - fstp qword ptr [ebp-08] // ---------- DONE INJECTING ---------- ""+1403CC1C: DD 45 F8 - fld qword ptr [ebp-08] ""+1403CC1F: C9 - leave ""+1403CC20: C3 - ret ""+1403CC21: 00 00 - add [eax],al ""+1403CC23: 00 00 - add [eax],al ""+1403CC25: 00 00 - add [eax],al ""+1403CC27: 00 55 8B - add [ebp-75],dl ""+1403CC2A: EC - in al,dx ""+1403CC2B: 53 - push ebx ""+1403CC2C: 57 - push edi }
Ну и ремонт библиотеки и мастерской:
Скрытый текст{ Game : Dead In Bermuda.exe Version: Date : 2017-06-27 Author : ALEXSP This script does blah blah blah } [ENABLE] aobscan(Repair2,D9 80 90 00 00 00 C9) // should be unique alloc(newmem,$1000) label(code) label(return) registersymbol(Repair2) newmem: mov [eax+00000090], (float)100 code: fld dword ptr [eax+00000090] jmp return Repair2: jmp newmem db 90 return: [DISABLE] Repair2: db D9 80 90 00 00 00 unregistersymbol(Repair2) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: 140384F9 ""+140384E5: 00 00 - add [eax],al ""+140384E7: 00 55 8B - add [ebp-75],dl ""+140384EA: EC - in al,dx ""+140384EB: 83 EC 08 - sub esp,08 ""+140384EE: C9 - leave ""+140384EF: C3 - ret ""+140384F0: 55 - push ebp ""+140384F1: 8B EC - mov ebp,esp ""+140384F3: 83 EC 08 - sub esp,08 ""+140384F6: 8B 45 08 - mov eax,[ebp+08] // ---------- INJECTING HERE ---------- ""+140384F9: D9 80 90 00 00 00 - fld dword ptr [eax+00000090] // ---------- DONE INJECTING ---------- ""+140384FF: C9 - leave ""+14038500: C3 - ret ""+14038501: 00 00 - add [eax],al ""+14038503: 00 00 - add [eax],al ""+14038505: 00 00 - add [eax],al ""+14038507: 00 55 8B - add [ebp-75],dl ""+1403850A: EC - in al,dx ""+1403850B: 83 EC 08 - sub esp,08 ""+1403850E: 8B 45 08 - mov eax,[ebp+08] ""+14038511: D9 80 94 00 00 00 - fld dword ptr [eax+00000094] }
Собственно нужна помощь / подсказка с характеристиками персонажей, с проблемой что описал выше.
Заранее благодарен.
-
[the long journey home v1.4]
in Вопросы по созданию читов в одиночных играх
Опубликовано
Доброго времени суток.
Собственно тема не про взлом. Многие ищут таблицу по игрушке the long journey home 1.4
Взял материал отсюда: https://fearlessrevolution.com/threads/the-long-journey-home-up3.2807/
Нашел и изменил в коде что было сдвинуто патчем.
Не претендую ни на какие плюсы. Работа не моя - я это понимаю и осознаю. Делаю лишь потому, что может кому пригодится.
Да единственное что тут сделал - это добавил бесконечные ресурсы, деньги 90к.
На работоспособность проверил. Все работает.
Увы я так и не понял как залить файл на сайт. В итоге кинул на свой яндекс диск.
https://yadi.sk/d/xdp_Erug3WH95G
Заранее прошу прощения у автора. Если будут какие либо разногласия / проблемы. Тему прошу удалить.
С уважением Александр.