[request]auto dodge script update [0320 → 0810]
本帖最后由 kimsagi 于 2018-10-20 21:27 编辑auto dodge script
--------------
aobscanmodule(aob_grabFunc,AOT2_AS.exe,48 89 5C 24 30 49 8B 98) // should be unique
aobscanmodule(aob_dodgeBranch,AOT2_AS.exe,8B 83 30 03 00 00 D0 E8 A8 01 0F 84 12 04) // should be unique
alloc(newmem_grabFunc,$100,"AOT2_AS.exe"+82F37E)
alloc(isGrabbing,$4,"AOT2_AS.exe"+82F37E)
registersymbol(aob_grabFunc)
registersymbol(aob_dodgeBranch)
registersymbol(isGrabbing)
newmem_grabFunc:
cmp ,0
jne short @f
mov ,4 // Counter for Pressing Button
@@:
add rsp,20
pop rdi
pop rax
jmp aob_dodgeBranch
isGrabbing:
db 00 00 00 00
aob_grabFunc:
jmp newmem_grabFunc
////////////////////////////////////////////////////////////////////////////////////////////////////
aobscanmodule(aob_hookDriveFlag,AOT2_AS.exe,48 C1 E8 16 A8 01 74 04) // should be unique
alloc(newmem_hookDriveFlag,$100,"AOT2_AS.exe"+85F3C4)
label(return_hookDriveFlag)
newmem_hookDriveFlag:
shr rax,16
cmp ,0
je short @f
or al,01
@@:
test al,01
jmp return_hookDriveFlag
aob_hookDriveFlag:
jmp newmem_hookDriveFlag
nop
return_hookDriveFlag:
registersymbol(aob_hookDriveFlag)
////////////////////////////////////////////////////////////////////////////////////////////////////
aobscanmodule(aob_dinputScan,AOT2_AS.exe,44 38 AC 88 FC 00 00 00) // should be unique
alloc(newmem_dinputScan,$100,"AOT2_AS.exe"+DCF2A7)
label(exit_dinputScan)
label(originalcode)
label(return_dinputScan)
newmem_dinputScan:
cmp ,0
je short originalcode
push rbx
mov rbx, //Button Settings Array
@@:
cmp byte ptr ,r11l //Jump Button DInput ScanCode
jne short @f
cmp ,80 //Button already held awaiting game read
je short @f
mov ,0000000001000180
dec
exit_dinputScan:
pop rbx
originalcode:
cmp ,r13l
jmp return_dinputScan
aob_dinputScan:
jmp newmem_dinputScan
nop
nop
nop
return_dinputScan:
registersymbol(aob_dinputScan)
aob_grabFunc:
db 48 89 5C 24 30
unregistersymbol(aob_grabFunc)
unregistersymbol(aob_dodgeBranch)
unregistersymbol(isGrabbing)
dealloc(newmem_grabFunc)
dealloc(isGrabbing)
{
// ORIGINAL CODE - INJECTION POINT: "AOT2_AS.exe"+82F37E
"AOT2_AS.exe"+82F362: 48 83 EC 20 -sub rsp,20
"AOT2_AS.exe"+82F366: F7 02 00 00 02 00 -test ,20000
"AOT2_AS.exe"+82F36C: 48 8B F9 -mov rdi,rcx
"AOT2_AS.exe"+82F36F: 77 08 -ja AOT2_AS.exe+82F379
"AOT2_AS.exe"+82F371: 33 C0 -xor eax,eax
"AOT2_AS.exe"+82F373: 48 83 C4 20 -add rsp,20
"AOT2_AS.exe"+82F377: 5F -pop rdi
"AOT2_AS.exe"+82F378: C3 -ret
"AOT2_AS.exe"+82F379: 45 85 C9 -test r9d,r9d
"AOT2_AS.exe"+82F37C: 75 F3 -jne AOT2_AS.exe+82F371
// ---------- INJECTING HERE ----------
"AOT2_AS.exe"+82F37E: 48 89 5C 24 30 -mov ,rbx
// ---------- DONE INJECTING----------
"AOT2_AS.exe"+82F383: 49 8B 98 F8 00 00 00 -mov rbx,
"AOT2_AS.exe"+82F38A: 8B 83 30 03 00 00 -mov eax,
"AOT2_AS.exe"+82F390: C0 E8 03 -shr al,03
"AOT2_AS.exe"+82F393: A8 01 -test al,01
"AOT2_AS.exe"+82F395: 74 0B -je AOT2_AS.exe+82F3A2
"AOT2_AS.exe"+82F397: 48 8B 83 08 02 00 00 -mov rax,
"AOT2_AS.exe"+82F39E: 48 8B 58 08 -mov rbx,
"AOT2_AS.exe"+82F3A2: 48 8B 83 10 02 00 00 -mov rax,
"AOT2_AS.exe"+82F3A9: 48 83 78 38 00 -cmp qword ptr ,00
"AOT2_AS.exe"+82F3AE: 74 0D -je AOT2_AS.exe+82F3BD
}
////////////////////////////////////////////////////////////////////////////////////////////////////
aob_hookDriveFlag:
db 48 C1 E8 16 A8 01
unregistersymbol(aob_hookDriveFlag)
dealloc(newmem_hookDriveFlag)
{
// ORIGINAL CODE - INJECTION POINT: "AOT2_AS.exe"+85F3C4
"AOT2_AS.exe"+85F39F: 74 04 -je AOT2_AS.exe+85F3A5
"AOT2_AS.exe"+85F3A1: 0F BA EA 09 -bts edx,09
"AOT2_AS.exe"+85F3A5: 48 B9 01 00 00 00 00 00 00 04-mov rcx,0400000000000001
"AOT2_AS.exe"+85F3AF: 49 8B C0 -mov rax,r8
"AOT2_AS.exe"+85F3B2: 48 23 C1 -and rax,rcx
"AOT2_AS.exe"+85F3B5: 8B CA -mov ecx,edx
"AOT2_AS.exe"+85F3B7: 0F BA E9 0A -bts ecx,0A
"AOT2_AS.exe"+85F3BB: 48 85 C0 -test rax,rax
"AOT2_AS.exe"+85F3BE: 49 8B C0 -mov rax,r8
"AOT2_AS.exe"+85F3C1: 0F 44 CA -cmove ecx,edx
// ---------- INJECTING HERE ----------
"AOT2_AS.exe"+85F3C4: 48 C1 E8 16 -shr rax,16
"AOT2_AS.exe"+85F3C8: A8 01 -test al,01
// ---------- DONE INJECTING----------
"AOT2_AS.exe"+85F3CA: 74 04 -je AOT2_AS.exe+85F3D0
"AOT2_AS.exe"+85F3CC: 0F BA E9 0A -bts ecx,0A
"AOT2_AS.exe"+85F3D0: 49 C1 E8 3A -shr r8,3A
"AOT2_AS.exe"+85F3D4: 41 F6 C0 01 -test r8l,01
"AOT2_AS.exe"+85F3D8: 74 04 -je AOT2_AS.exe+85F3DE
"AOT2_AS.exe"+85F3DA: 0F BA E9 14 -bts ecx,14
"AOT2_AS.exe"+85F3DE: 8B C1 -mov eax,ecx
"AOT2_AS.exe"+85F3E0: C3 -ret
"AOT2_AS.exe"+85F3E1: CC -int 3
"AOT2_AS.exe"+85F3E2: CC -int 3
}
////////////////////////////////////////////////////////////////////////////////////////////////////
aob_dinputScan:
db 44 38 AC 88 FC 00 00 00
unregistersymbol(aob_dinputScan)
dealloc(newmem_dinputScan)
{
// ORIGINAL CODE - INJECTION POINT: "AOT2_AS.exe"+DCF2A7
"AOT2_AS.exe"+DCF286: 45 8B F5 -mov r14d,r13d
"AOT2_AS.exe"+DCF289: 45 8B FD -mov r15d,r13d
"AOT2_AS.exe"+DCF28C: 0F 1F 40 00 -nop
"AOT2_AS.exe"+DCF290: 0F B6 45 00 -movzx eax,byte ptr
"AOT2_AS.exe"+DCF294: 45 8B CD -mov r9d,r13d
"AOT2_AS.exe"+DCF297: 8B 56 FC -mov edx,
"AOT2_AS.exe"+DCF29A: 44 8B D8 -mov r11d,eax
"AOT2_AS.exe"+DCF29D: 8B 1E -mov ebx,
"AOT2_AS.exe"+DCF29F: 48 8D 0C 40 -lea rcx,
"AOT2_AS.exe"+DCF2A3: 49 8B 04 24 -mov rax,
// ---------- INJECTING HERE ----------
"AOT2_AS.exe"+DCF2A7: 44 38 AC 88 FC 00 00 00-cmp ,r13l
// ---------- DONE INJECTING----------
"AOT2_AS.exe"+DCF2AF: 7D 6C -jnl AOT2_AS.exe+DCF31D
"AOT2_AS.exe"+DCF2B1: 85 DB -test ebx,ebx
"AOT2_AS.exe"+DCF2B3: 75 62 -jne AOT2_AS.exe+DCF317
"AOT2_AS.exe"+DCF2B5: B9 80 00 00 00 -mov ecx,00000080
"AOT2_AS.exe"+DCF2BA: 83 FF 01 -cmp edi,01
"AOT2_AS.exe"+DCF2BD: 74 4C -je AOT2_AS.exe+DCF30B
"AOT2_AS.exe"+DCF2BF: B8 00 02 00 00 -mov eax,00000200
"AOT2_AS.exe"+DCF2C4: 44 3B D0 -cmp r10d,eax
"AOT2_AS.exe"+DCF2C7: 0F 44 C1 -cmove eax,ecx
"AOT2_AS.exe"+DCF2CA: 3B D0 -cmp edx,eax
}
------
I want play AOT2 with auto dodgecould you update this script ?
sorry.
页:
[1]