API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 23rd, 2018
78
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
ASM (NASM) 4.39 KB | None | 0 0
raw download clone embed print report
  1. [ENABLE]
  2. aobscanmodule(_EnduranceGenes,JWE.exe,66 0F 6E 50 1C) // should be unique
  3. alloc(newmem25,$1000,JWE.exe)
  4. alloc(_enableEnduranceGenes,8)
  5. alloc(_enableLifespan,8)
  6. alloc(_enableAttack,8)
  7. alloc(_enableDefense,8)
  8. alloc(_enableNarcotic,8)
  9. alloc(_enableTreatment,8)
  10.  
  11. alloc(_EnduranceGene,8)
  12. alloc(_Lifespan,8)
  13. alloc(_Attack,8)
  14. alloc(_Defense,8)
  15. alloc(_Narcotic,8)
  16. alloc(_Treatment,8)
  17. alloc(_pGenome,8)
  18. alloc(_enableGetGenomePointer,8)
  19. registersymbol(_enableEnduranceGenes)
  20. registersymbol(_enableLifespan)
  21. registersymbol(_enableAttack)
  22. registersymbol(_enableDefense)
  23. registersymbol(_enableNarcotic)
  24. registersymbol(_enableTreatment)
  25.  
  26. registersymbol(_EnduranceGene)
  27. registersymbol(_Lifespan)
  28. registersymbol(_Attack)
  29. registersymbol(_Defense)
  30. registersymbol(_Narcotic)
  31. registersymbol(_Treatment)
  32. registersymbol(_pGenome)
  33. registersymbol(_EnduranceGenes)
  34. registersymbol(_enableGetGenomePointer)
  35. label(code25)
  36. label(return25)
  37.  
  38. newmem25:
  39. cmp [_enableGetGenomePointer],1
  40. jne Lifespan
  41. mov [_enableGetGenomePointer],0
  42. mov [_pGenome],rax
  43. Lifespan:
  44. cmp [_enableLifespan],1
  45. jne Attack
  46. movd xmm1,[_Lifespan]
  47. movd [rax+18],xmm1
  48.  
  49. Attack:
  50. cmp [_enableAttack],1
  51. jne Defense
  52. movd xmm1,[_Attack]
  53. movd [rax+10],xmm1
  54.  
  55. Defense:
  56. cmp [_enableDefense],1
  57. jne Endurance
  58. movd xmm1,[_Attack]
  59. movd [rax+14],xmm1
  60.  
  61. Endurance:
  62. cmp [_enableEnduranceGenes],1
  63. jne Narcotic
  64. movd xmm1,[_EnduranceGene]
  65. movd [rax+1C],xmm1
  66.  
  67. Narcotic:
  68. cmp [_enableNarcotic],1
  69. jne Treatment
  70. movd xmm1,[_Narcotic]
  71. movd [rax+08],xmm1
  72.  
  73. Treatment:
  74. cmp [_enableTreatment],1
  75. jne code25
  76. movd xmm1,[_Treatment]
  77. movd [rax+0C],xmm1
  78.  
  79. code25:
  80.   movd xmm2,[rax+1C]
  81.   jmp return25
  82.  
  83. _EnduranceGenes:
  84.   jmp newmem25
  85. return25:
  86.  
  87. _Lifespan:
  88. dd (int)999
  89. _Attack:
  90. dd (int)25
  91. _Defense:
  92. dd (int)25
  93. _EnduranceGene:
  94. dd (int)150
  95. _Narcotic:
  96. dd (int)100
  97. _Treatment:
  98. dd (int)100
  99.  
  100. _enableEnduranceGenes:
  101. dq 0
  102. _enableLifespan:
  103. dq 0
  104. _enableAttack:
  105. dq 0
  106. _enableDefense:
  107. dq 0
  108. _enableNarcotic:
  109. dq 0
  110. _enableTreatment:
  111. dq 0
  112. _pGenome:
  113. dq 0
  114. _enableGetGenomePointer:
  115. dq 0
  116. [DISABLE]
  117.  
  118. _EnduranceGenes:
  119.   db 66 0F 6E 50 1C
  120.  
  121. Unregistersymbol(_enableEnduranceGenes)
  122. Unregistersymbol(_enableLifespan)
  123. Unregistersymbol(_enableAttack)
  124. Unregistersymbol(_enableDefense)
  125. Unregistersymbol(_enableNarcotic)
  126. Unregistersymbol(_enableTreatment)
  127. Unregistersymbol(_EnduranceGene)
  128. Unregistersymbol(_Lifespan)
  129. Unregistersymbol(_Attack)
  130. Unregistersymbol(_Defense)
  131. Unregistersymbol(_Narcotic)
  132. Unregistersymbol(_Treatment)
  133. Unregistersymbol(_EnduranceGenes)
  134. unregistersymbol(_pGenome)
  135. unregistersymbol(_enableGetGenomePointer)
  136. dealloc(_EnduranceGene)
  137. dealloc(_Lifespan)
  138. dealloc(_Attack)
  139. dealloc(_Defense)
  140. dealloc(_Narcotic)
  141. dealloc(_Treatment)
  142. dealloc(_enableLifespan)
  143. dealloc(_enableAttack)
  144. dealloc(_enableDefense)
  145. dealloc(_enableNarcotic)
  146. dealloc(_enableTreatment)
  147.  
  148. dealloc(_enableEnduranceGenes)
  149. dealloc(newmem25)
  150. dealloc(_pGenome)
  151. dealloc(_enableGetGenomePointer)
  152. {
  153. // ORIGINAL CODE - INJECTION POINT: "JWE.exe"+5D99393
  154.  
  155. "JWE.exe"+5D9936C: 49 8B 06                 -  mov rax,[r14]
  156. "JWE.exe"+5D9936F: 48 8D 55 5F              -  lea rdx,[rbp+5F]
  157. "JWE.exe"+5D99373: 48 8B 8F 78 02 00 00     -  mov rcx,[rdi+00000278]
  158. "JWE.exe"+5D9937A: F3 0F 10 A7 A8 07 00 00  -  movss xmm4,[rdi+000007A8]
  159. "JWE.exe"+5D99382: E9 79 DC 25 FA           -  jmp 13FFF7000
  160. "JWE.exe"+5D99387: 90                       -  nop
  161. "JWE.exe"+5D99388: 90                       -  nop
  162. "JWE.exe"+5D99389: 90                       -  nop
  163. "JWE.exe"+5D9938A: 48 89 45 5F              -  mov [rbp+5F],rax
  164. "JWE.exe"+5D9938E: E8 1D 1E 86 FA           -  call JWE.exe+5FB1B0
  165. // ---------- INJECTING HERE ----------
  166. "JWE.exe"+5D99393: 66 0F 6E 50 1C           -  movd xmm2,[rax+1C]
  167. // ---------- DONE INJECTING  ----------
  168. "JWE.exe"+5D99398: 0F 5B D2                 -  cvtdq2ps xmm2,xmm2
  169. "JWE.exe"+5D9939B: F3 0F 5E 97 2C 08 00 00  -  divss xmm2,[rdi+0000082C]
  170. "JWE.exe"+5D993A3: 44 0F 2F C2              -  comiss xmm8,xmm2
  171. "JWE.exe"+5D993A7: 76 06                    -  jna JWE.exe+5D993AF
  172. "JWE.exe"+5D993A9: 41 0F 28 C8              -  movaps xmm1,xmm8
  173. "JWE.exe"+5D993AD: EB 07                    -  jmp JWE.exe+5D993B6
  174. "JWE.exe"+5D993AF: 0F 28 CB                 -  movaps xmm1,xmm3
  175. "JWE.exe"+5D993B2: F3 0F 5D CA              -  minss xmm1,xmm2
  176. "JWE.exe"+5D993B6: F3 0F 5C C4              -  subss xmm0,xmm4
  177. "JWE.exe"+5D993BA: F3 0F 59 C1              -  mulss xmm0,xmm1
  178. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!