Перейти к содержанию
Внимание! Новая версия форума уже на подходе. Подробнее по клику!

Halo_Combat_Evolved_Trainer_Plus8_By_Garik66.EXE

Garik66

Автор Garik66,
in Для PC игр

 Поделиться

Рекомендуемые сообщения

Garik66

Garik66

Опубликовано
Опубликовано

Halo_Combat_Evolved_Trainer_Plus8_By_Garik66.EXE

View File

Для тех, кто предпочитает Скрипты:

"Infinite Max Shield" Numpad 1

Скрытый текст 

{ Game   : halo.exe
  Version: 
  Date   : 2018-01-17
  Author : Garik66

  This script does blah blah blah
}

[ENABLE]
aobscanmodule(Shield,halo.exe,D8 9E E4 00 00 00 DF E0 C1) // should be unique
alloc(newmem,00)
label(code)
label(return)
label(Flag)
label(Charging)
registersymbol(Shield)

newmem:
  cmp [Flag],1
  jne @f
  mov [Flag],0
  mov [esi+000000E4],0
  jmp code

@@:
  cmp [esi+000000E4],(float)5
  je @f
  fld [esi+000000E4]
  fadd [Charging]
  fstp [esi+000000E4]
  jmp code

@@:
  mov [esi+000000E4],(float)5

code:
  fcomp dword ptr [esi+000000E4]
  jmp return

Flag:
  dd 1
Charging:
  dd (float)0.1

Shield:
  jmp newmem
  db 90
return:

[DISABLE]
Shield:
  db D8 9E E4 00 00 00

unregistersymbol(Shield)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "halo.exe"+B0093

"halo.exe"+B0071: E8 2A 2D FB FF        -  call halo.exe+62DA0
"halo.exe"+B0076: 83 C4 04              -  add esp,04
"halo.exe"+B0079: 84 C0                 -  test al,al
"halo.exe"+B007B: 74 7C                 -  je halo.exe+B00F9
"halo.exe"+B007D: A1 54 93 71 00        -  mov eax,[halo.exe+319354]
"halo.exe"+B0082: F6 40 58 04           -  test byte ptr [eax+58],04
"halo.exe"+B0086: 75 71                 -  jne halo.exe+B00F9
"halo.exe"+B0088: D9 07                 -  fld dword ptr [edi]
"halo.exe"+B008A: 33 D2                 -  xor edx,edx
"halo.exe"+B008C: 66 8B 96 06 01 00 00  -  mov dx,[esi+00000106]
// ---------- INJECTING HERE ----------
"halo.exe"+B0093: D8 9E E4 00 00 00     -  fcomp dword ptr [esi+000000E4]
// ---------- DONE INJECTING  ----------
"halo.exe"+B0099: DF E0                 -  fnstsw ax
"halo.exe"+B009B: C1 EA 0C              -  shr edx,0C
"halo.exe"+B009E: 83 E2 01              -  and edx,01
"halo.exe"+B00A1: F6 C4 41              -  test ah,41
"halo.exe"+B00A4: 75 05                 -  jne halo.exe+B00AB
"halo.exe"+B00A6: 83 CA 02              -  or edx,02
"halo.exe"+B00A9: EB 03                 -  jmp halo.exe+B00AE
"halo.exe"+B00AB: 83 E2 FD              -  and edx,-03
"halo.exe"+B00AE: D9 86 E4 00 00 00     -  fld dword ptr [esi+000000E4]
"halo.exe"+B00B4: D8 1D D4 2B 67 00     -  fcomp dword ptr [halo.exe+272BD4]
}

 

"God Mode" Numpad 2

Скрытый текст 

{ Game   : halo.exe
  Version: 
  Date   : 2018-01-17
  Author : Garik66

  This script does blah blah blah
}

[ENABLE]
aobscanmodule(God,halo.exe,D9 86 E0 00 00 00 D8 64) // should be unique
aobscanmodule(God1,halo.exe,D9 81 E0 00 00 00 D8 9B 50)
alloc(newmem,00)
label(newmem1)
label(code)
label(code1)
label(return)
label(return1)
label(pointer)
label(Flag1)
label(Charging1)
label(Increase)
label(OHK)
registersymbol(OHK)
registersymbol(God)
registersymbol(God1)

newmem:
  fld dword ptr [esi+000000E0]
  cmp [pointer],esi
  je return
  cmp [OHK],1
  jne code
  mov [esi+000000E4],0
  fsub dword ptr [esi+000000E0]
  fsub dword ptr [esi+000000E0]

code:
  fsub dword ptr [esp+48]
  jmp return

newmem1:
  mov [pointer],ecx
  cmp [Flag1],1
  jne Increase
  cmp [ecx+000000E0],(float)0.1
  jbe @f
  fld dword ptr [ecx+000000E0]
  fsub dword ptr [Charging1]
  fstp dword ptr [ecx+000000E0]
  jmp code1

@@:
  mov [Flag1],2
  jmp code1

Increase:
  cmp [Flag1],2
  jne @f
  cmp [ecx+000000E0],(float)1
  je @f
  fld dword ptr [ecx+000000E0]
  fadd dword ptr [Charging1]
  fstp dword ptr [ecx+000000E0]
  jmp code1

@@:
  mov [Flag1],0
  mov [ecx+000000E0],(float)1

code1:
  fld dword ptr [ecx+000000E0]
  jmp return1

pointer:
  dd 0
Flag1:
  dd 1
Charging1:
  dd (float)0.05
OHK:
  dd 0

God:
  jmp newmem
  db 90 90 90 90 90
return:

God1:
  jmp newmem1
  db 90
return1:

[DISABLE]
God:
  db D9 86 E0 00 00 00 D8 64 24 48
God1:
  db D9 81 E0 00 00 00

unregistersymbol(OHK)
unregistersymbol(God)
unregistersymbol(God1)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "halo.exe"+EF635

"halo.exe"+EF60F: DC C0                          -  fadd st(0),st(0)
"halo.exe"+EF611: D9 54 24 48                    -  fst dword ptr [esp+48]
"halo.exe"+EF615: D8 9E E0 00 00 00              -  fcomp dword ptr [esi+000000E0]
"halo.exe"+EF61B: DF E0                          -  fnstsw ax
"halo.exe"+EF61D: F6 C4 41                       -  test ah,41
"halo.exe"+EF620: 75 08                          -  jne halo.exe+EF62A
"halo.exe"+EF622: 81 CB 80 00 00 00              -  or ebx,00000080
"halo.exe"+EF628: 89 19                          -  mov [ecx],ebx
"halo.exe"+EF62A: 80 7C 24 4C 01                 -  cmp byte ptr [esp+4C],01
"halo.exe"+EF62F: 0F 85 CA 00 00 00              -  jne halo.exe+EF6FF
// ---------- INJECTING HERE ----------
"halo.exe"+EF635: D9 86 E0 00 00 00              -  fld dword ptr [esi+000000E0]
// ---------- DONE INJECTING  ----------
"halo.exe"+EF63B: D8 64 24 48                    -  fsub dword ptr [esp+48]
"halo.exe"+EF63F: D9 9E E0 00 00 00              -  fstp dword ptr [esi+000000E0]
"halo.exe"+EF645: EB 0B                          -  jmp halo.exe+EF652
"halo.exe"+EF647: 80 7C 24 4C 01                 -  cmp byte ptr [esp+4C],01
"halo.exe"+EF64C: 0F 85 AD 00 00 00              -  jne halo.exe+EF6FF
"halo.exe"+EF652: 8B 44 24 20                    -  mov eax,[esp+20]
"halo.exe"+EF656: 66 3D FF FF                    -  cmp ax,FFFF
"halo.exe"+EF65A: 0F 84 9F 00 00 00              -  je halo.exe+EF6FF
"halo.exe"+EF660: 0F B7 96 74 01 00 00           -  movzx edx,word ptr [esi+00000174]
"halo.exe"+EF667: 0F BF E8                       -  movsx ebp,ax
}
{
// ORIGINAL CODE - INJECTION POINT: "halo.exe"+B0BB1

"halo.exe"+B0B86: 66 8B 83 2E 02 00 00  -  mov ax,[ebx+0000022E]
"halo.exe"+B0B8D: 66 85 C0              -  test ax,ax
"halo.exe"+B0B90: 8B D0                 -  mov edx,eax
"halo.exe"+B0B92: 75 05                 -  jne halo.exe+B0B99
"halo.exe"+B0B94: BA 08 00 00 00        -  mov edx,00000008
"halo.exe"+B0B99: 8D B3 E4 01 00 00     -  lea esi,[ebx+000001E4]
"halo.exe"+B0B9F: B9 1A 00 00 00        -  mov ecx,0000001A
"halo.exe"+B0BA4: 8D BC 24 38 01 00 00  -  lea edi,[esp+00000138]
"halo.exe"+B0BAB: F3 A5                 - repe  movsd
"halo.exe"+B0BAD: 8B 4C 24 30           -  mov ecx,[esp+30]
// ---------- INJECTING HERE ----------
"halo.exe"+B0BB1: D9 81 E0 00 00 00     -  fld dword ptr [ecx+000000E0]
// ---------- DONE INJECTING  ----------
"halo.exe"+B0BB7: D8 9B 50 02 00 00     -  fcomp dword ptr [ebx+00000250]
"halo.exe"+B0BBD: DF E0                 -  fnstsw ax
"halo.exe"+B0BBF: F6 C4 01              -  test ah,01
"halo.exe"+B0BC2: 75 09                 -  jne halo.exe+B0BCD
"halo.exe"+B0BC4: 8B 84 24 70 01 00 00  -  mov eax,[esp+00000170]
"halo.exe"+B0BCB: EB 30                 -  jmp halo.exe+B0BFD
"halo.exe"+B0BCD: D9 81 E0 00 00 00     -  fld dword ptr [ecx+000000E0]
"halo.exe"+B0BD3: D8 9B 54 02 00 00     -  fcomp dword ptr [ebx+00000254]
"halo.exe"+B0BD9: DF E0                 -  fnstsw ax
"halo.exe"+B0BDB: F6 C4 41              -  test ah,41
}

 

"One Hit Kill" Ctrl+Numpad 2

Скрытый текст 

[ENABLE]
OHK:
  dd 1

[DISABLE]
OHK:
  dd 0

 

"Infinite Flashlight" Numpad 3

Скрытый текст 

{ Game   : halo.exe
  Version: 
  Date   : 2018-01-17
  Author : Garik66

  This script does blah blah blah
}

[ENABLE]
aobscanmodule(Flashlight,halo.exe,D9 83 44 03 00 00 D8 25 6C 2F 67 00) // should be unique
alloc(newmem,00)
label(code)
label(return)
label(Flag2)
label(Charging2)
label(Increase2)
registersymbol(Flashlight)

newmem:
  cmp [Flag2],1
  jne Increase2
  cmp [ebx+00000344],(float)0.05
  jbe @f
  fld dword ptr [ebx+00000344]
  fsub dword ptr [Charging2]
  fstp dword ptr [ebx+00000344]
  jmp code

@@:
  mov [Flag2],2
  jmp code

Increase2:
  cmp [Flag2],2
  jne @f
  cmp [ebx+00000344],(float)1
  jae @f
  fld dword ptr [ebx+00000344]
  fadd dword ptr [Charging2]
  fstp dword ptr [ebx+00000344]
  jmp code

@@:
  mov [Flag2],0
  mov [ebx+00000344],(float)1

code:
  fld dword ptr [ebx+00000344]
  //fsub dword ptr [halo.exe+272F6C]
  jmp return

Flag2:
  dd 1
Charging2:
  dd (float)0.05

Flashlight:
  jmp newmem
  db 90 90 90 90 90 90 90
return:

[DISABLE]
Flashlight:
  db D9 83 44 03 00 00 D8 25 6C 2F 67 00

unregistersymbol(Flashlight)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "halo.exe"+163B87

"halo.exe"+163B5D: 83 C4 18                       -  add esp,18
"halo.exe"+163B60: 33 C7                          -  xor eax,edi
"halo.exe"+163B62: 89 83 04 02 00 00              -  mov [ebx+00000204],eax
"halo.exe"+163B68: 8B 83 04 02 00 00              -  mov eax,[ebx+00000204]
"halo.exe"+163B6E: 85 C7                          -  test edi,eax
"halo.exe"+163B70: 74 78                          -  je halo.exe+163BEA
"halo.exe"+163B72: 8B 55 F8                       -  mov edx,[ebp-08]
"halo.exe"+163B75: F7 82 7C 01 00 00 00 00 00 01  -  test [edx+0000017C],1000000
"halo.exe"+163B7F: 75 12                          -  jne halo.exe+163B93
"halo.exe"+163B81: D9 83 44 03 00 00              -  fld dword ptr [ebx+00000344]
// ---------- INJECTING HERE ----------
"halo.exe"+163B87: D8 25 6C 2F 67 00              -  fsub dword ptr [halo.exe+272F6C]
// ---------- DONE INJECTING  ----------
"halo.exe"+163B8D: D9 9B 44 03 00 00              -  fstp dword ptr [ebx+00000344]
"halo.exe"+163B93: 83 BB 1C 01 00 00 FF           -  cmp dword ptr [ebx+0000011C],-01
"halo.exe"+163B9A: 75 09                          -  jne halo.exe+163BA5
"halo.exe"+163B9C: F6 83 06 01 00 00 04           -  test byte ptr [ebx+00000106],04
"halo.exe"+163BA3: 74 0B                          -  je halo.exe+163BB0
"halo.exe"+163BA5: 25 FF FF F7 FF                 -  and eax,FFF7FFFF
"halo.exe"+163BAA: 89 83 04 02 00 00              -  mov [ebx+00000204],eax
"halo.exe"+163BB0: 8B 83 40 03 00 00              -  mov eax,[ebx+00000340]
"halo.exe"+163BB6: B9 00 00 80 3F                 -  mov ecx,3F800000
"halo.exe"+163BBB: 3B C1                          -  cmp eax,ecx
}

 

"Infinite Ammo" Numpad 4

Скрытый текст 

{ Game   : halo.exe
  Version: 
  Date   : 2018-01-17
  Author : Garik66

  This script does blah blah blah
}

[ENABLE]
aobscanmodule(Ammo1,halo.exe,66 89 6A 06 66 83 7A 06 00) // should be unique
alloc(newmem,00)
label(code)
label(return)
registersymbol(Ammo1)

newmem:
  cmp bp,word ptr [edx+06]
  ja code
  mov bp,word ptr [edx+06]

code:
  mov [edx+06],bp
  cmp word ptr [edx+06],00
  jmp return

Ammo1:
  jmp newmem
  db 90 90 90 90
return:

[DISABLE]
Ammo1:
  db 66 89 6A 06 66 83 7A 06 00

unregistersymbol(Ammo1)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "halo.exe"+C3A01

"halo.exe"+C39E0: 75 23                    -  jne halo.exe+C3A05
"halo.exe"+C39E2: F6 87 F4 01 00 00 02     -  test byte ptr [edi+000001F4],02
"halo.exe"+C39E9: 74 1A                    -  je halo.exe+C3A05
"halo.exe"+C39EB: EB 09                    -  jmp halo.exe+C39F6
"halo.exe"+C39ED: 80 3D 62 A7 87 00 00     -  cmp byte ptr [halo.exe+47A762],00
"halo.exe"+C39F4: 75 0F                    -  jne halo.exe+C3A05
"halo.exe"+C39F6: 33 ED                    -  xor ebp,ebp
"halo.exe"+C39F8: 66 8B 6A 08              -  mov bp,[edx+08]
"halo.exe"+C39FC: 66 2B EE                 -  sub bp,si
"halo.exe"+C39FF: 03 EB                    -  add ebp,ebx
// ---------- INJECTING HERE ----------
"halo.exe"+C3A01: 66 89 6A 06              -  mov [edx+06],bp
"halo.exe"+C3A05: 66 83 7A 06 00           -  cmp word ptr [edx+06],00
// ---------- DONE INJECTING  ----------
"halo.exe"+C3A0A: 66 89 72 08              -  mov [edx+08],si
"halo.exe"+C3A0E: 66 C7 02 02 00           -  mov word ptr [edx],0002
"halo.exe"+C3A13: 66 C7 42 02 00 00        -  mov word ptr [edx+02],0000
"halo.exe"+C3A19: 7E 29                    -  jle halo.exe+C3A44
"halo.exe"+C3A1B: 66 3B 70 0A              -  cmp si,[eax+0A]
"halo.exe"+C3A1F: 7D 23                    -  jnl halo.exe+C3A44
"halo.exe"+C3A21: F6 00 01                 -  test byte ptr [eax],01
"halo.exe"+C3A24: 75 1E                    -  jne halo.exe+C3A44
"halo.exe"+C3A26: F6 87 30 02 00 00 26     -  test byte ptr [edi+00000230],26
"halo.exe"+C3A2D: 75 15                    -  jne halo.exe+C3A44
}

 

"No reload ammo" Numpad 5

Скрытый текст 

{ Game   : halo.exe
  Version: 
  Date   : 2018-01-16
  Author : Garik66

  This script does blah blah blah
}

[ENABLE]
aobscanmodule(Ammo,halo.exe,8B 74 24 44 66 89 46 08) // should be unique
alloc(newmem,00)
label(code)
label(return)
registersymbol(Ammo)

newmem:

code:
  mov esi,[esp+44]
  mov [esi+08],ax
  inc [esi+08]
  jmp return

Ammo:
  jmp newmem
  db 90 90 90
return:

[DISABLE]
Ammo:
  db 8B 74 24 44 66 89 46 08

unregistersymbol(Ammo)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "halo.exe"+C40E2

"halo.exe"+C40C0: 66 3B 75 24                 -  cmp si,[ebp+24]
"halo.exe"+C40C4: 7D 0A                       -  jnl halo.exe+C40D0
"halo.exe"+C40C6: F6 84 3B 64 02 00 00 01     -  test byte ptr [ebx+edi+00000264],01
"halo.exe"+C40CE: 75 3D                       -  jne halo.exe+C410D
"halo.exe"+C40D0: A0 69 A7 87 00              -  mov ax,[halo.exe+47A769]
"halo.exe"+C40D5: 84 C0                       -  test al,al
"halo.exe"+C40D7: 75 1B                       -  jne halo.exe+C40F4
"halo.exe"+C40D9: 8B C6                       -  mov eax,esi
"halo.exe"+C40DB: 2B 44 24 24                 -  sub eax,[esp+24]
"halo.exe"+C40DF: 66 85 C0                    -  test ax,ax
// ---------- INJECTING HERE ----------
"halo.exe"+C40E2: 8B 74 24 44                 -  mov esi,[esp+44]
"halo.exe"+C40E6: 66 89 46 08                 -  mov [esi+08],ax
// ---------- DONE INJECTING  ----------
"halo.exe"+C40EA: 7F 0C                       -  jg halo.exe+C40F8
"halo.exe"+C40EC: 66 C7 46 08 00 00           -  mov word ptr [esi+08],0000
"halo.exe"+C40F2: EB 14                       -  jmp halo.exe+C4108
"halo.exe"+C40F4: 8B 74 24 44                 -  mov esi,[esp+44]
"halo.exe"+C40F8: F6 01 02                    -  test byte ptr [ecx],02
"halo.exe"+C40FB: 74 0B                       -  je halo.exe+C4108
"halo.exe"+C40FD: 66 C7 06 02 00              -  mov word ptr [esi],0002
"halo.exe"+C4102: 66 C7 46 02 00 00           -  mov word ptr [esi+02],0000
"halo.exe"+C4108: C6 44 24 15 01              -  mov byte ptr [esp+15],01
"halo.exe"+C410D: A0 69 A7 87 00              -  mov ax,[halo.exe+47A769]
}

 

"No reload Laser" Numpad 6

Скрытый текст 

{ Game   : halo.exe
  Version: 
  Date   : 2018-01-17
  Author : Garik66

  This script does blah blah blah
}

[ENABLE]
aobscanmodule(laser,halo.exe,D9 83 40 02 00 00) // should be unique
alloc(newmem,00)
label(code)
label(return)
registersymbol(laser)

newmem:
  mov [ebx+00000240],0

code:
  fld dword ptr [ebx+00000240]
  jmp return

laser:
  jmp newmem
  db 90
return:

[DISABLE]
laser:
  db D9 83 40 02 00 00

unregistersymbol(laser)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "halo.exe"+C2459

"halo.exe"+C243E: 50                    -  push eax
"halo.exe"+C243F: DD D8                 -  fstp st(0)
"halo.exe"+C2441: 8B C6                 -  mov eax,esi
"halo.exe"+C2443: E8 08 0D 00 00        -  call halo.exe+C3150
"halo.exe"+C2448: 83 C4 04              -  add esp,04
"halo.exe"+C244B: EB 5A                 -  jmp halo.exe+C24A7
"halo.exe"+C244D: DD D8                 -  fstp st(0)
"halo.exe"+C244F: D9 83 48 02 00 00     -  fld dword ptr [ebx+00000248]
"halo.exe"+C2455: EB 50                 -  jmp halo.exe+C24A7
"halo.exe"+C2457: DD D8                 -  fstp st(0)
// ---------- INJECTING HERE ----------
"halo.exe"+C2459: D9 83 40 02 00 00     -  fld dword ptr [ebx+00000240]
// ---------- DONE INJECTING  ----------
"halo.exe"+C245F: EB 46                 -  jmp halo.exe+C24A7
"halo.exe"+C2461: 8B 8F FC 04 00 00     -  mov ecx,[edi+000004FC]
"halo.exe"+C2467: 83 C0 EF              -  add eax,-11
"halo.exe"+C246A: 0F BF C0              -  movsx eax,ax
"halo.exe"+C246D: 3B C1                 -  cmp eax,ecx
"halo.exe"+C246F: 7D 36                 -  jnl halo.exe+C24A7
"halo.exe"+C2471: 8D 14 80              -  lea edx,[eax+eax*4]
"halo.exe"+C2474: DD D8                 -  fstp st(0)
"halo.exe"+C2476: D9 84 D3 70 02 00 00  -  fld dword ptr [ebx+edx*8+00000270]
"halo.exe"+C247D: 8D 84 40 AE 00 00 00  -  lea eax,[eax+eax*2+000000AE]
}

 

"Without Laser Overheating" Numpad 7

Скрытый текст 

{ Game   : halo.exe
  Version: 
  Date   : 2018-01-17
  Author : Garik66

  This script does blah blah blah
}

[ENABLE]
aobscanmodule(Overheat,halo.exe,8B 87 3C 02 00 00) // should be unique
alloc(newmem,00)
label(code)
label(return)
registersymbol(Overheat)

newmem:
  mov [edi+0000023C],0

code:
  mov eax,[edi+0000023C]
  jmp return

Overheat:
  jmp newmem
  db 90
return:

[DISABLE]
Overheat:
  db 8B 87 3C 02 00 00

unregistersymbol(Overheat)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "halo.exe"+C2A50

"halo.exe"+C2A30: 25 FF FF 00 00        -  and eax,0000FFFF
"halo.exe"+C2A35: 8D 04 40              -  lea eax,[eax+eax*2]
"halo.exe"+C2A38: 55                    -  push ebp
"halo.exe"+C2A39: 8B 6C 24 0C           -  mov ebp,[esp+0C]
"halo.exe"+C2A3D: 57                    -  push edi
"halo.exe"+C2A3E: 8B 7C 82 08           -  mov edi,[edx+eax*4+08]
"halo.exe"+C2A42: 8B 07                 -  mov eax,[edi]
"halo.exe"+C2A44: 25 FF FF 00 00        -  and eax,0000FFFF
"halo.exe"+C2A49: C1 E0 05              -  shl eax,05
"halo.exe"+C2A4C: 8B 54 08 14           -  mov edx,[eax+ecx+14]
// ---------- INJECTING HERE ----------
"halo.exe"+C2A50: 8B 87 3C 02 00 00     -  mov eax,[edi+0000023C]
// ---------- DONE INJECTING  ----------
"halo.exe"+C2A56: 89 45 00              -  mov [ebp+00],eax
"halo.exe"+C2A59: 8B 8F 40 02 00 00     -  mov ecx,[edi+00000240]
"halo.exe"+C2A5F: 89 4D 04              -  mov [ebp+04],ecx
"halo.exe"+C2A62: 8A 87 2C 02 00 00     -  mov al,[edi+0000022C]
"halo.exe"+C2A68: 24 01                 -  and al,01
"halo.exe"+C2A6A: 88 45 08              -  mov [ebp+08],al
"halo.exe"+C2A6D: 66 8B 8A F0 04 00 00  -  mov cx,[edx+000004F0]
"halo.exe"+C2A74: 66 89 4D 0A           -  mov [ebp+0A],cx
"halo.exe"+C2A78: 8B 8A F0 04 00 00     -  mov ecx,[edx+000004F0]
"halo.exe"+C2A7E: 33 C0                 -  xor eax,eax
}

 

"Infinite Grenades" Numpad 8

Скрытый текст 

{ Game   : halo.exe
  Version: 
  Date   : 2018-01-17
  Author : Garik66

  This script does blah blah blah
}

[ENABLE]
aobscanmodule(Grenades,halo.exe,66 0F BE 84 0A 1E 03 00 00 66) // should be unique
alloc(newmem,00)
label(code)
label(return)
registersymbol(Grenades)

newmem:
  mov byte ptr [edx+ecx+0000031E],4

code:
  movsx ax,byte ptr [edx+ecx+0000031E]
  jmp return

Grenades:
  jmp newmem
  db 90 90 90 90
return:

[DISABLE]
Grenades:
  db 66 0F BE 84 0A 1E 03 00 00

unregistersymbol(Grenades)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "halo.exe"+71EEE

"halo.exe"+71ECA: 66 C7 45 24 FF FF           -  mov word ptr [ebp+24],FFFF
"halo.exe"+71ED0: 66 8B 4D 22                 -  mov cx,[ebp+22]
"halo.exe"+71ED4: 66 83 F9 FF                 -  cmp cx,-01
"halo.exe"+71ED8: 74 22                       -  je halo.exe+71EFC
"halo.exe"+71EDA: 8B 57 34                    -  mov edx,[edi+34]
"halo.exe"+71EDD: 8B C6                       -  mov eax,esi
"halo.exe"+71EDF: 25 FF FF 00 00              -  and eax,0000FFFF
"halo.exe"+71EE4: 8D 04 40                    -  lea eax,[eax+eax*2]
"halo.exe"+71EE7: 8B 54 82 08                 -  mov edx,[edx+eax*4+08]
"halo.exe"+71EEB: 0F BF C9                    -  movsx ecx,cx
// ---------- INJECTING HERE ----------
"halo.exe"+71EEE: 66 0F BE 84 0A 1E 03 00 00  -  movsx ax,byte ptr [edx+ecx+0000031E]
// ---------- DONE INJECTING  ----------
"halo.exe"+71EF7: 66 85 C0                    -  test ax,ax
"halo.exe"+71EFA: 75 10                       -  jne halo.exe+71F0C
"halo.exe"+71EFC: 8B 44 24 10                 -  mov eax,[esp+10]
"halo.exe"+71F00: 66 0F BE 88 1D 03 00 00     -  movsx cx,byte ptr [eax+0000031D]
"halo.exe"+71F08: 66 89 4D 22                 -  mov [ebp+22],cx
"halo.exe"+71F0C: F6 C3 02                    -  test bl,02
"halo.exe"+71F0F: 75 36                       -  jne halo.exe+71F47
"halo.exe"+71F11: 66 8B 4D 22                 -  mov cx,[ebp+22]
"halo.exe"+71F15: 66 83 F9 FF                 -  cmp cx,-01
"halo.exe"+71F19: 74 2C                       -  je halo.exe+71F47
}

 

Видео-Демо:

Скрытый текст

 

Для тех, кто предпочитает таблички:

halo.CT

 

  • Плюс 2
Ссылка на комментарий
Поделиться на другие сайты

Пожалуйста, войдите, чтобы комментировать

Вы сможете оставить комментарий после входа в



Войти
 Поделиться
Перейти к списку тем
×
×
  • Создать...

Важная информация

Находясь на нашем сайте, Вы автоматически соглашаетесь соблюдать наши Условия использования.

  Я принимаю