Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [ENABLE]
- aobscanmodule(_Teleport,ShadowOfWar.exe,C9 F2 0F 10 81 AC 00 00 00) // should be unique
- alloc(newmem,$1000,ShadowOfWar.exe)
- alloc(_SavePosition,8)
- alloc(_LoadPosition,8)
- alloc(_UndoTeleport,8)
- alloc(_X_Coord,8)
- alloc(_Y_Coord,8)
- alloc(_Z_Coord,8)
- alloc(_X_Coord_Undo,8)
- alloc(_Y_Coord_Undo,8)
- alloc(_Z_Coord_Undo,8)
- registersymbol(_Teleport)
- registersymbol(_SavePosition)
- registersymbol(_LoadPosition)
- registersymbol(_UndoTeleport)
- registersymbol(_X_Coord)
- registersymbol(_Y_Coord)
- registersymbol(_Z_Coord)
- registersymbol(_X_Coord_Undo)
- registersymbol(_Y_Coord_Undo)
- registersymbol(_Z_Coord_Undo)
- label(code)
- label(return)
- label(Save)
- label(Load)
- label(Undo)
- newmem:
- cmp byte ptr [_SavePosition],1
- je Save
- cmp byte ptr [_LoadPosition],1
- je Load
- cmp byte ptr [_UndoTeleport],1
- je Undo
- jmp code
- Save:
- mov byte ptr [_SavePosition],0
- push rbx
- mov rbx,[rcx+000000AC] // X
- mov [_X_Coord],rbx
- mov rbx,[rcx+000000B0] // Y
- mov [_Y_Coord],rbx
- mov rbx,[rcx+000000B4] // Z
- mov [_Z_Coord],rbx
- pop rbx
- jmp code
- Load:
- mov byte ptr [_LoadPosition],0
- push rbx
- mov rbx,[_X_Coord]
- mov [rcx+000000AC],rbx
- mov rbx,[_Y_Coord]
- mov [rcx+000000B0],rbx
- mov rbx,[_Z_Coord]
- mov [rcx+000000B4],rbx
- pop rbx
- // Save Position again for Undo
- push rdx
- mov rdx,[rcx+000000AC] // X
- mov [_X_Coord_Undo],rdx
- mov rdx,[rcx+000000B0] // Y
- mov [_Y_Coord_Undo],rdx
- mov rdx,[rcx+000000B4] // Z
- mov [_Z_Coord_Undo],rdx
- pop rdx
- jmp code
- Undo:
- mov byte ptr [_UndoTeleport],0
- push rdx
- mov rdx,[_X_Coord_Undo]
- mov [rcx+000000AC],rdx
- mov rdx,[_Y_Coord_Undo]
- mov [rcx+000000B0],rdx
- mov rdx,[_Z_Coord_Undo]
- mov [rcx+000000B4],rdx
- pop rdx
- jmp code
- _SavePosition:
- dd 0
- _LoadPosition:
- dd 0
- _UndoTeleport:
- dd 0
- code:
- movsd xmm0,[rcx+000000AC]
- jmp return
- _Teleport+01:
- jmp newmem
- nop
- nop
- nop
- return:
- [DISABLE]
- _Teleport+01:
- db F2 0F 10 81 AC 00 00 00
- unregistersymbol(_Teleport)
- dealloc(newmem)
- dealloc(_SavePosition)
- dealloc(_LoadPosition)
- dealloc(_UndoTeleport)
- dealloc(_X_Coord)
- dealloc(_Y_Coord)
- dealloc(_Z_Coord)
- dealloc(_X_Coord_Undo)
- dealloc(_Y_Coord_Undo)
- dealloc(_Z_Coord_Undo)
- unregistersymbol(_Teleport)
- unregistersymbol(_SavePosition)
- unregistersymbol(_LoadPosition)
- unregistersymbol(_UndoTeleport)
- unregistersymbol(_X_Coord)
- unregistersymbol(_Y_Coord)
- unregistersymbol(_Z_Coord)
- {
- // ORIGINAL CODE - INJECTION POINT: "ShadowOfWar.exe"+15E81D
- "ShadowOfWar.exe"+15E7F9: 84 C0 - test al,al
- "ShadowOfWar.exe"+15E7FB: 74 EB - je ShadowOfWar.exe+15E7E8
- "ShadowOfWar.exe"+15E7FD: 49 8B C9 - mov rcx,r9
- "ShadowOfWar.exe"+15E800: 48 83 C4 28 - add rsp,28
- "ShadowOfWar.exe"+15E804: E9 C3 CF 65 00 - jmp ShadowOfWar.exe+7BB7CC
- "ShadowOfWar.exe"+15E809: E8 EE 8A 62 00 - call ShadowOfWar.exe+7872FC
- "ShadowOfWar.exe"+15E80E: EB CE - jmp ShadowOfWar.exe+15E7DE
- "ShadowOfWar.exe"+15E810: 48 83 EC 38 - sub rsp,38
- "ShadowOfWar.exe"+15E814: 8B 81 B4 00 00 00 - mov eax,[rcx+000000B4]
- "ShadowOfWar.exe"+15E81A: 45 33 C9 - xor r9d,r9d
- // ---------- INJECTING HERE ----------
- "ShadowOfWar.exe"+15E81D: F2 0F 10 81 AC 00 00 00 - movsd xmm0,[rcx+000000AC]
- // ---------- DONE INJECTING ----------
- "ShadowOfWar.exe"+15E825: F2 0F 11 44 24 20 - movsd [rsp+20],xmm0
- "ShadowOfWar.exe"+15E82B: 89 44 24 28 - mov [rsp+28],eax
- "ShadowOfWar.exe"+15E82F: 48 8B 81 B0 24 00 00 - mov rax,[rcx+000024B0]
- "ShadowOfWar.exe"+15E836: F3 0F 10 88 E0 03 00 00 - movss xmm1,[rax+000003E0]
- "ShadowOfWar.exe"+15E83E: E9 BD 17 E8 FF - jmp 13FFE0000
- "ShadowOfWar.exe"+15E843: 90 - nop
- "ShadowOfWar.exe"+15E844: 90 - nop
- "ShadowOfWar.exe"+15E845: 90 - nop
- "ShadowOfWar.exe"+15E846: 48 8B 05 93 C7 1C 02 - mov rax,[ShadowOfWar.exe+232AFE0]
- "ShadowOfWar.exe"+15E84D: 4C 8B 80 18 6D 00 00 - mov r8,[rax+00006D18]
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
