DieVis Опубликовано 23 февраля, 2022 Поделиться Опубликовано 23 февраля, 2022 Steam version: 1.01 (Build: 335 - Revision: 20242) Ghost Спойлер { Game : game.exe - NFH 2 Version: Steam 1.01 (Build: 335 - Revision: 20242) Date : 2022-02-21 Author : DieVis} [ENABLE] aobscanmodule(Ghost,GFXEngine.dll,8A 46 38 84 C0 57) alloc(newmem,$1000) label(code) label(return) registersymbol(Ghost) newmem: cmp ebx,1 //Сравнение с 1 jne code mov [esi+39],1 //Включение Режима Призрака = 1 (1 байт) или 256 (4 байта) test al,al code: mov al,[esi+38] //256 (4 байта) test al,al jmp return Ghost: jmp newmem return: [DISABLE] Ghost: db 8A 46 38 84 C0 unregistersymbol(Ghost) dealloc(newmem) {// ORIGINAL CODE - INJECTION POINT: "GFXEngine.dll"+BEF4 "GFXEngine.dll"+BEE9: CC - int 3 "GFXEngine.dll"+BEEA: CC - int 3 "GFXEngine.dll"+BEEB: CC - int 3 "GFXEngine.dll"+BEEC: CC - int 3 "GFXEngine.dll"+BEED: CC - int 3 "GFXEngine.dll"+BEEE: CC - int 3 "GFXEngine.dll"+BEEF: CC - int 3 "GFXEngine.dll"+BEF0: 53 - push ebx "GFXEngine.dll"+BEF1: 56 - push esi "GFXEngine.dll"+BEF2: 8B F1 - mov esi,ecx // ---------- INJECTING HERE ---------- "GFXEngine.dll"+BEF4: 8A 46 38 - mov al,[esi+38] "GFXEngine.dll"+BEF7: 84 C0 - test al,al // ---------- DONE INJECTING ---------- "GFXEngine.dll"+BEF9: 57 - push edi "GFXEngine.dll"+BEFA: 74 06 - je GFXEngine.dll+BF02 "GFXEngine.dll"+BEFC: 33 DB - xor ebx,ebx "GFXEngine.dll"+BEFE: 33 FF - xor edi,edi "GFXEngine.dll"+BF00: EB 08 - jmp GFXEngine.dll+BF0A "GFXEngine.dll"+BF02: 8B 7C 24 14 - mov edi,[esp+14] "GFXEngine.dll"+BF06: 8B 5C 24 18 - mov ebx,[esp+18] "GFXEngine.dll"+BF0A: 8B 4E 2C - mov ecx,[esi+2C] "GFXEngine.dll"+BF0D: 85 C9 - test ecx,ecx "GFXEngine.dll"+BF0F: 74 17 - je GFXEngine.dll+BF28} GhostTime + Lives 9 Спойлер { Game : game.exe - NFH 2 Version: Steam 1.01 (Build: 335 - Revision: 20242) Date : 2022-02-21 Author : DieVis} [ENABLE] aobscanmodule(GhostTime,GameLogic.dll,8B 81 98 00 00 00) alloc(newmem,$1000) label(code) label(return) registersymbol(GhostTime) newmem: mov eax,[ecx+00000098] mov [ecx+00000098],40 //Время 60 секунд, 40 в hex'e mov [ecx+00000094],9 //Жизни 9 штук code: mov eax,[ecx+00000098] jmp return GhostTime: jmp newmem nop return: [DISABLE] GhostTime: db 8B 81 98 00 00 00 unregistersymbol(GhostTime) dealloc(newmem) {// ORIGINAL CODE - INJECTION POINT: "GameLogic.dll"+40123 "GameLogic.dll"+40107: 89 48 04 - mov [eax+04],ecx "GameLogic.dll"+4010A: 89 48 08 - mov [eax+08],ecx "GameLogic.dll"+4010D: 89 48 0C - mov [eax+0C],ecx "GameLogic.dll"+40110: 89 48 10 - mov [eax+10],ecx "GameLogic.dll"+40113: 89 48 14 - mov [eax+14],ecx "GameLogic.dll"+40116: 89 48 18 - mov [eax+18],ecx "GameLogic.dll"+40119: 89 48 1C - mov [eax+1C],ecx "GameLogic.dll"+4011C: 89 48 24 - mov [eax+24],ecx "GameLogic.dll"+4011F: 88 48 28 - mov [eax+28],cl "GameLogic.dll"+40122: C3 - ret // ---------- INJECTING HERE ---------- "GameLogic.dll"+40123: 8B 81 98 00 00 00 - mov eax,[ecx+00000098] // ---------- DONE INJECTING ---------- "GameLogic.dll"+40129: C3 - ret "GameLogic.dll"+4012A: 33 C0 - xor eax,eax "GameLogic.dll"+4012C: 83 B9 94 00 00 00 01 - cmp dword ptr [ecx+00000094],01 "GameLogic.dll"+40133: 0F 94 C0 - sete al "GameLogic.dll"+40136: C3 - ret "GameLogic.dll"+40137: 8A 44 24 04 - mov al,[esp+04] "GameLogic.dll"+4013B: 88 41 6E - mov [ecx+6E],al "GameLogic.dll"+4013E: C2 04 00 - ret 0004 "GameLogic.dll"+40141: 83 C1 74 - add ecx,74 "GameLogic.dll"+40144: 8B 01 - mov eax,[ecx]} MiniGame (Типа удержи предмет в центре) срабатывает мгновенно Спойлер { Game : game.exe - NFH 2 Version: Steam 1.01 (Build: 335 - Revision: 20242) Date : 2022-02-21 Author : DieVis} [ENABLE] aobscanmodule(MiniGame,GameLogic.dll,8B 47 28 83 4D E0 FF) alloc(newmem,$1000) label(code) label(return) registersymbol(MiniGame) newmem: mov eax,[edi+28] //Либо cmp ebx,4 mov [edi+28],#360 //Либо mov [edi+24] - Max (360=Max) code: mov eax,[edi+28] or dword ptr [ebp-20],-01 jmp return MiniGame: jmp newmem nop 2 return: [DISABLE] MiniGame: db 8B 47 28 83 4D E0 FF unregistersymbol(MiniGame) dealloc(newmem) {// ORIGINAL CODE - INJECTION POINT: "GameLogic.dll"+1BA7 "GameLogic.dll"+1B8C: 33 DB - xor ebx,ebx "GameLogic.dll"+1B8E: 50 - push eax "GameLogic.dll"+1B8F: 43 - inc ebx "GameLogic.dll"+1B90: E8 12 EE 03 00 - call GameLogic.dll+409A7 "GameLogic.dll"+1B95: 8B 4D EC - mov ecx,[ebp-14] "GameLogic.dll"+1B98: 85 C9 - test ecx,ecx "GameLogic.dll"+1B9A: C6 45 FC 07 - mov byte ptr [ebp-04],07 "GameLogic.dll"+1B9E: 74 07 - je GameLogic.dll+1BA7 "GameLogic.dll"+1BA0: E8 34 EC 04 00 - call GameLogic.dll+507D9 "GameLogic.dll"+1BA5: 8B D8 - mov ebx,eax // ---------- INJECTING HERE ---------- "GameLogic.dll"+1BA7: 8B 47 28 - mov eax,[edi+28] "GameLogic.dll"+1BAA: 83 4D E0 FF - or dword ptr [ebp-20],-01 // ---------- DONE INJECTING ---------- "GameLogic.dll"+1BAE: 03 C3 - add eax,ebx "GameLogic.dll"+1BB0: 89 45 DC - mov [ebp-24],eax "GameLogic.dll"+1BB3: 8D 77 24 - lea esi,[edi+24] "GameLogic.dll"+1BB6: 56 - push esi "GameLogic.dll"+1BB7: 8D 45 E0 - lea eax,[ebp-20] "GameLogic.dll"+1BBA: 50 - push eax "GameLogic.dll"+1BBB: 8D 45 DC - lea eax,[ebp-24] "GameLogic.dll"+1BBE: 50 - push eax "GameLogic.dll"+1BBF: 89 75 D4 - mov [ebp-2C],esi "GameLogic.dll"+1BC2: E8 9B F4 FF FF - call GameLogic.dll+1062} AGRLine Полоса злости соседа Спойлер { Game : game.exe - NFH 2 Version: Steam 1.01 (Build: 335 - Revision: 20242) Date : 2022-02-21 Author : DieVis} [ENABLE] aobscanmodule(AGRLine,GameLogic.dll,8D B3 80 00 00 00 59 8D 7D 88) alloc(newmem,$1000) label(code) label(return) registersymbol(AGRLine) newmem: lea esi,[ebx+00000080] //Выкл. Монетки, иначе не пройти уровень //mov [ebx+00000080],9 //Кол. Монеток, [ebx+00000084] = Макс. Монеток mov [ebx+0000009C],186A0 //100000 - Max, Полоса злости соседа code: lea esi,[ebx+00000080] jmp return AGRLine: jmp newmem nop return: [DISABLE] AGRLine: db 8D B3 80 00 00 00 unregistersymbol(AGRLine) dealloc(newmem) {// ORIGINAL CODE - INJECTION POINT: "GameLogic.dll"+44712 "GameLogic.dll"+446F7: 8B CE - mov ecx,esi "GameLogic.dll"+446F9: C6 45 FC 13 - mov byte ptr [ebp-04],13 "GameLogic.dll"+446FD: FF 50 04 - call dword ptr [eax+04] "GameLogic.dll"+44700: 8B 4D EC - mov ecx,[ebp-14] "GameLogic.dll"+44703: 3B CF - cmp ecx,edi "GameLogic.dll"+44705: C6 45 FC 12 - mov byte ptr [ebp-04],12 "GameLogic.dll"+44709: 74 05 - je GameLogic.dll+44710 "GameLogic.dll"+4470B: 8B 01 - mov eax,[ecx] "GameLogic.dll"+4470D: FF 50 04 - call dword ptr [eax+04] "GameLogic.dll"+44710: 6A 0B - push 0B // ---------- INJECTING HERE ---------- "GameLogic.dll"+44712: 8D B3 80 00 00 00 - lea esi,[ebx+00000080] // ---------- DONE INJECTING ---------- "GameLogic.dll"+44718: 59 - pop ecx "GameLogic.dll"+44719: 8D 7D 88 - lea edi,[ebp-78] "GameLogic.dll"+4471C: F3 A5 - repe movsd "GameLogic.dll"+4471E: 33 FF - xor edi,edi "GameLogic.dll"+44720: 39 7D A0 - cmp [ebp-60],edi "GameLogic.dll"+44723: 7E 7E - jle GameLogic.dll+447A3 "GameLogic.dll"+44725: FF 4D A0 - dec [ebp-60] "GameLogic.dll"+44728: 75 79 - jne GameLogic.dll+447A3 "GameLogic.dll"+4472A: 8D 4D D4 - lea ecx,[ebp-2C] "GameLogic.dll"+4472D: E8 7B CC FF FF - call GameLogic.dll+413AD} Игра пройдена дважды, всё работает. 1 Ссылка на комментарий Поделиться на другие сайты Поделиться
Рекомендуемые сообщения
Пожалуйста, войдите, чтобы комментировать
Вы сможете оставить комментарий после входа в
Войти