Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- { Game : KingdomCome.exe
- Version:
- Date : 2018-02-18
- This script enables the KCD console for variables and functions that were dev disabled
- }
- [ENABLE]
- aobscanmodule(VariableExec,WHGame.DLL,81 E3 02 00 00 03) // should be unique
- alloc(newmem,$1000,"WHGame.DLL"+6F7882)
- label(code)
- label(return)
- newmem:
- code:
- and ebx,03000000
- jmp return
- VariableExec:
- jmp newmem
- nop
- return:
- registersymbol(VariableExec)
- aobscanmodule(FunctionExec,WHGame.DLL,F7 47 18 02 00 00 03) // should be unique
- alloc(newmem2,$1000,"WHGame.DLL"+6F7AF8)
- label(code2)
- label(return2)
- newmem2:
- code2:
- test [rdi+18],3000000
- jmp return2
- FunctionExec:
- jmp newmem2
- nop
- nop
- return2:
- registersymbol(FunctionExec)
- [DISABLE]
- VariableExec:
- db 81 E3 02 00 00 03
- unregistersymbol(VariableExec)
- dealloc(newmem)
- {
- // ORIGINAL CODE - INJECTION POINT: "WHGame.DLL"+6F7882
- "WHGame.DLL"+6F7861: 4D 8B F8 - mov r15,r8
- "WHGame.DLL"+6F7864: 48 8B FA - mov rdi,rdx
- "WHGame.DLL"+6F7867: FF 90 88 00 00 00 - call qword ptr [rax+00000088]
- "WHGame.DLL"+6F786D: 4C 8B 0F - mov r9,[rdi]
- "WHGame.DLL"+6F7870: 48 8B CF - mov rcx,rdi
- "WHGame.DLL"+6F7873: 40 8A E8 - mov bpl,al
- "WHGame.DLL"+6F7876: 41 FF 51 60 - call qword ptr [r9+60]
- "WHGame.DLL"+6F787A: 4C 8B 07 - mov r8,[rdi]
- "WHGame.DLL"+6F787D: 48 8B CF - mov rcx,rdi
- "WHGame.DLL"+6F7880: 8B D8 - mov ebx,eax
- // ---------- INJECTING HERE ----------
- "WHGame.DLL"+6F7882: 81 E3 02 00 00 03 - and ebx,03000002
- // ---------- DONE INJECTING ----------
- "WHGame.DLL"+6F7888: 41 0F 95 C4 - setne r12l
- "WHGame.DLL"+6F788C: 41 FF 50 60 - call qword ptr [r8+60]
- "WHGame.DLL"+6F7890: 48 8B 17 - mov rdx,[rdi]
- "WHGame.DLL"+6F7893: 48 8B CF - mov rcx,rdi
- "WHGame.DLL"+6F7896: 44 8B F0 - mov r14d,eax
- "WHGame.DLL"+6F7899: 41 81 E6 00 08 00 00 - and r14d,00000800
- "WHGame.DLL"+6F78A0: 41 0F 95 C5 - setne r13l
- "WHGame.DLL"+6F78A4: FF 52 60 - call qword ptr [rdx+60]
- "WHGame.DLL"+6F78A7: 25 00 00 00 40 - and eax,40000000
- "WHGame.DLL"+6F78AC: 0F 95 84 24 80 00 00 00 - setne byte ptr [rsp+00000080]
- }
- FunctionExec:
- db F7 47 18 02 00 00 03
- unregistersymbol(FunctionExec)
- dealloc(newmem2)
- {
- // ORIGINAL CODE - INJECTION POINT: "WHGame.DLL"+6F7AF8
- "WHGame.DLL"+6F7ACC: 48 8B 51 08 - mov rdx,[rcx+08]
- "WHGame.DLL"+6F7AD0: 0F B6 05 31 06 77 01 - movzx eax,byte ptr [WHGame.DLL+1E68108]
- "WHGame.DLL"+6F7AD7: 44 0F B6 02 - movzx r8d,byte ptr [rdx]
- "WHGame.DLL"+6F7ADB: 44 2B C0 - sub r8d,eax
- "WHGame.DLL"+6F7ADE: 75 0F - jne WHGame.DLL+6F7AEF
- "WHGame.DLL"+6F7AE0: 44 0F B6 42 01 - movzx r8d,byte ptr [rdx+01]
- "WHGame.DLL"+6F7AE5: 0F B6 05 1D 06 77 01 - movzx eax,byte ptr [WHGame.DLL+1E68109]
- "WHGame.DLL"+6F7AEC: 44 2B C0 - sub r8d,eax
- "WHGame.DLL"+6F7AEF: 45 85 C0 - test r8d,r8d
- "WHGame.DLL"+6F7AF2: 0F 84 DA F3 A0 00 - je WHGame.DLL+1106ED2
- // ---------- INJECTING HERE ----------
- "WHGame.DLL"+6F7AF8: F7 47 18 02 00 00 03 - test [rdi+18],3000002
- // ---------- DONE INJECTING ----------
- "WHGame.DLL"+6F7AFF: 0F 85 E2 F3 A0 00 - jne WHGame.DLL+1106EE7
- "WHGame.DLL"+6F7B05: 48 8B 47 20 - mov rax,[rdi+20]
- "WHGame.DLL"+6F7B09: 48 85 C0 - test rax,rax
- "WHGame.DLL"+6F7B0C: 0F 84 17 F4 A0 00 - je WHGame.DLL+1106F29
- "WHGame.DLL"+6F7B12: 48 8D 0D 97 08 78 01 - lea rcx,[WHGame.DLL+1E783B0]
- "WHGame.DLL"+6F7B19: 48 89 75 07 - mov [rbp+07],rsi
- "WHGame.DLL"+6F7B1D: 48 89 4D F7 - mov [rbp-09],rcx
- "WHGame.DLL"+6F7B21: 48 8D 4D D7 - lea rcx,[rbp-29]
- "WHGame.DLL"+6F7B25: 48 89 4D FF - mov [rbp-01],rcx
- "WHGame.DLL"+6F7B29: 48 8D 4D F7 - lea rcx,[rbp-09]
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement