partoftheworlD Опубликовано 12 мая, 2016 Поделиться Опубликовано 12 мая, 2016 (изменено) Наконец-то появилось время и желание что-нибудь поломать, но раз в игре почти все взломано, хочется чего-то веселого. В общем, если будет кому интересно, могу написать тутор как искал. Скорострельность работает, пока только на автоматическом оружии, есть желание сделать все оружие автоматическим и анти-отдачу иначе играть не возможно . Ладно хватит слов, приятного просмотра. Скрипты: 1.Rapidfire 2.Анти-отдача 3.Автострельба Rapidfire { Game : watch_dogs.exe Version: Date : 2016-05-13 Author : partoftheworlD This script does blah blah blah } [ENABLE] //code from here to '[DISABLE]' will be used to enable the cheat aobscanmodule(rapidf,Disrupt_b64.dll,F3 41 0F 11 4C 24 34 76) // should be unique alloc(newmem,$1000,"Disrupt_b64.dll"+183A812) label(code) label(return) newmem: push r13 mov r13,[r12+60] cmp byte ptr [r13+20],07 pop r13 jne code mov [r12+34],(float)99 jmp return code: movss [r12+34],xmm1 jmp return rapidf: jmp newmem nop nop return: registersymbol(rapidf) [DISABLE] //code from here till the end of the code will be used to disable the cheat rapidf: db F3 41 0F 11 4C 24 34 unregistersymbol(rapidf) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: "Disrupt_b64.dll"+183A812 "Disrupt_b64.dll"+183A7D3: E8 98 2D FF FF - call Disrupt_b64.dll+182D570 "Disrupt_b64.dll"+183A7D8: 4C 8B 7C 24 70 - mov r15,[rsp+70] "Disrupt_b64.dll"+183A7DD: F3 41 0F 10 44 24 38 - movss xmm0,[r12+38] "Disrupt_b64.dll"+183A7E4: 0F 28 CE - movaps xmm1,xmm6 "Disrupt_b64.dll"+183A7E7: 0F 2F 05 72 33 4C 01 - comiss xmm0,[Disrupt_b64.dll+2CFDB60] "Disrupt_b64.dll"+183A7EE: F3 41 0F 58 4C 24 34 - addss xmm1,[r12+34] "Disrupt_b64.dll"+183A7F5: 4C 8B 74 24 78 - mov r14,[rsp+78] "Disrupt_b64.dll"+183A7FA: 4C 8B AC 24 80 00 00 00 - mov r13,[rsp+00000080] "Disrupt_b64.dll"+183A802: 48 8B BC 24 88 00 00 00 - mov rdi,[rsp+00000088] "Disrupt_b64.dll"+183A80A: 48 8B 9C 24 C0 00 00 00 - mov rbx,[rsp+000000C0] // ---------- INJECTING HERE ---------- "Disrupt_b64.dll"+183A812: F3 41 0F 11 4C 24 34 - movss [r12+34],xmm1 // ---------- DONE INJECTING ---------- "Disrupt_b64.dll"+183A819: 76 0B - jna Disrupt_b64.dll+183A826 "Disrupt_b64.dll"+183A81B: F3 0F 5C C6 - subss xmm0,xmm6 "Disrupt_b64.dll"+183A81F: F3 41 0F 11 44 24 38 - movss [r12+38],xmm0 "Disrupt_b64.dll"+183A826: 0F 28 C6 - movaps xmm0,xmm6 "Disrupt_b64.dll"+183A829: F3 41 0F 58 44 24 3C - addss xmm0,[r12+3C] "Disrupt_b64.dll"+183A830: F3 41 0F 11 44 24 3C - movss [r12+3C],xmm0 "Disrupt_b64.dll"+183A837: 0F 2F 0D 22 E6 CC 01 - comiss xmm1,[Disrupt_b64.dll+3508E60] "Disrupt_b64.dll"+183A83E: 76 19 - jna Disrupt_b64.dll+183A859 "Disrupt_b64.dll"+183A840: 49 C7 44 24 40 00 00 00 00 - mov [r12+40],00000000 "Disrupt_b64.dll"+183A849: 0F 28 74 24 60 - movaps xmm6,[rsp+60] } Анти-отдача { Game : watch_dogs.exe Version: Date : 2016-05-13 Author : partoftheworlD This script does blah blah blah } [ENABLE] aobscanmodule(norecoil_y,Disrupt_b64.dll,49 89 44 24 08 48 8D 45 A0) // should be unique aobscanmodule(norecoil_x,Disrupt_b64.dll,4D 89 5C 24 08 4C 89 1A) // should be unique alloc(newmem_x,$1000,"Disrupt_b64.dll"+18445BD) alloc(newmem_Y,$1000,"Disrupt_b64.dll"+1844542) label(code_y) label(code_x) label(return_y) label(return_x) newmem_Y: jmp return_y code_y: mov [r12+08],rax jmp return_y newmem_x: jmp return_x code_x: mov [r12+08],r11 jmp return_x norecoil_x: jmp newmem_x return_x: registersymbol(norecoil_x) norecoil_y: jmp newmem_Y return_y: registersymbol(norecoil_y) [DISABLE] norecoil_y: db 49 89 44 24 08 norecoil_x: db 4D 89 5C 24 08 unregistersymbol(norecoil_y) unregistersymbol(norecoil_x) dealloc(newmem_Y) dealloc(newmem_x) { // ORIGINAL CODE - INJECTION POINT: "Disrupt_b64.dll"+1844542 "Disrupt_b64.dll"+184451A: 8D 4A 50 - lea ecx,[rdx+50] "Disrupt_b64.dll"+184451D: 4D 8B E1 - mov r12,r9 "Disrupt_b64.dll"+1844520: 49 8B D8 - mov rbx,r8 "Disrupt_b64.dll"+1844523: E8 28 62 90 FE - call Disrupt_b64.dll+14A750 "Disrupt_b64.dll"+1844528: 48 8B 55 30 - mov rdx,[rbp+30] "Disrupt_b64.dll"+184452C: F3 0F 10 4B 14 - movss xmm1,[rbx+14] "Disrupt_b64.dll"+1844531: 4C 8B D8 - mov r11,rax "Disrupt_b64.dll"+1844534: 48 8D 45 A0 - lea rax,[rbp-60] "Disrupt_b64.dll"+1844538: F3 0F 11 4D C4 - movss [rbp-3C],xmm1 "Disrupt_b64.dll"+184453D: F3 0F 10 4B 1C - movss xmm1,[rbx+1C] // ---------- INJECTING HERE ---------- "Disrupt_b64.dll"+1844542: 49 89 44 24 08 - mov [r12+08],rax // ---------- DONE INJECTING ---------- "Disrupt_b64.dll"+1844547: 48 8D 45 A0 - lea rax,[rbp-60] "Disrupt_b64.dll"+184454B: F3 0F 11 4D CC - movss [rbp-34],xmm1 "Disrupt_b64.dll"+1844550: 48 89 02 - mov [rdx],rax "Disrupt_b64.dll"+1844553: 48 8B 43 20 - mov rax,[rbx+20] "Disrupt_b64.dll"+1844557: 8B 4B 04 - mov ecx,[rbx+04] "Disrupt_b64.dll"+184455A: F3 0F 10 43 08 - movss xmm0,[rbx+08] "Disrupt_b64.dll"+184455F: F3 0F 11 45 B8 - movss [rbp-48],xmm0 "Disrupt_b64.dll"+1844564: F3 0F 10 43 10 - movss xmm0,[rbx+10] "Disrupt_b64.dll"+1844569: 44 8B 03 - mov r8d,[rbx] "Disrupt_b64.dll"+184456C: 48 89 45 D0 - mov [rbp-30],rax } Скрытый текст { Game : watch_dogs.exe Version: Date : 2016-05-13 Author : partoftheworlD This script does blah blah blah } [ENABLE] aobscanmodule(Autoshot,Disrupt_b64.dll,C6 43 49 01 0F 28 BC 24 D0 00 00 00) // should be unique alloc(newmem,$1000,"Disrupt_b64.dll"+1838C67) label(code) label(return) registersymbol(Autoshot) newmem: mov byte ptr [rbx+49],00 movaps xmm7,[rsp+000000D0] jmp return code: mov byte ptr [rbx+49],01 movaps xmm7,[rsp+000000D0] jmp return Autoshot: jmp newmem nop nop nop nop nop nop nop return: [DISABLE] Autoshot: db C6 43 49 01 0F 28 BC 24 D0 00 00 00 unregistersymbol(Autoshot) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: "Disrupt_b64.dll"+1838C67 "Disrupt_b64.dll"+1838C3E: 80 78 5C 00 - cmp byte ptr [rax+5C],00 "Disrupt_b64.dll"+1838C42: 74 09 - je Disrupt_b64.dll+1838C4D "Disrupt_b64.dll"+1838C44: 8B 40 60 - mov eax,[rax+60] "Disrupt_b64.dll"+1838C47: 89 83 90 00 00 00 - mov [rbx+00000090],eax "Disrupt_b64.dll"+1838C4D: 4C 8D 44 24 40 - lea r8,[rsp+40] "Disrupt_b64.dll"+1838C52: 48 8D 54 24 30 - lea rdx,[rsp+30] "Disrupt_b64.dll"+1838C57: 41 B1 01 - mov cl,01 "Disrupt_b64.dll"+1838C5A: 48 8B CB - mov rcx,rbx "Disrupt_b64.dll"+1838C5D: 44 89 74 24 20 - mov [rsp+20],r14d "Disrupt_b64.dll"+1838C62: E8 D9 D1 FF FF - call Disrupt_b64.dll+1835E40 // ---------- INJECTING HERE ---------- "Disrupt_b64.dll"+1838C67: C6 43 49 01 - mov byte ptr [rbx+49],01 "Disrupt_b64.dll"+1838C6B: 0F 28 BC 24 D0 00 00 00 - movaps xmm7,[rsp+000000D0] // ---------- DONE INJECTING ---------- "Disrupt_b64.dll"+1838C73: 0F 28 B4 24 E0 00 00 00 - movaps xmm6,[rsp+000000E0] "Disrupt_b64.dll"+1838C7B: 44 0F 28 84 24 C0 00 00 00 - movaps xmm8,[rsp+000000C0] "Disrupt_b64.dll"+1838C84: 48 8B B4 24 28 01 00 00 - mov rsi,[rsp+00000128] "Disrupt_b64.dll"+1838C8C: 48 8B BC 24 30 01 00 00 - mov rdi,[rsp+00000130] "Disrupt_b64.dll"+1838C94: 49 8B 5D 00 - mov rbx,[r13+00] "Disrupt_b64.dll"+1838C98: 4C 8B B4 24 F0 00 00 00 - mov r14,[rsp+000000F0] "Disrupt_b64.dll"+1838CA0: 4C 8B A4 24 00 01 00 00 - mov r12,[rsp+00000100] "Disrupt_b64.dll"+1838CA8: FF 4B 18 - dec [rbx+18] "Disrupt_b64.dll"+1838CAB: 4C 8B AC 24 F8 00 00 00 - mov r13,[rsp+000000F8] "Disrupt_b64.dll"+1838CB3: 75 10 - jne Disrupt_b64.dll+1838CC5 } Изменено 13 мая, 2016 пользователем partoftheworlD 1 Ссылка на комментарий Поделиться на другие сайты Поделиться
partoftheworlD Опубликовано 13 мая, 2016 Автор Поделиться Опубликовано 13 мая, 2016 Нашел еще способ отключить отдачу и он очень не обычный. Ссылка на комментарий Поделиться на другие сайты Поделиться
Рекомендуемые сообщения