API tools faq
paste
Advertisement
ChaosHacks

Untitled

ChaosHacks
Oct 3rd, 2020
2,434
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
ASM (NASM) 2.49 KB | None | 0 0
raw download clone embed print report
  1. [ENABLE]
  2.  
  3. aobscanmodule(AiCantDetectYou,CrysisRemastered.exe,39 2D AE A7 5C 01)
  4. alloc(newmem,$1000,"CrysisRemastered.exe"+61A83C)
  5. alloc(ActivateAiCantDetectYou,8)
  6.  
  7. label(code)
  8. label(return)
  9.  
  10. registersymbol(AiCantDetectYou ActivateAiCantDetectYou)
  11.  
  12. newmem:
  13. cmp byte ptr [ActivateAiCantDetectYou],1
  14. jne runnormally
  15.  
  16. mov [CrysisRemastered.exe+1BE4FF0],1
  17.  
  18. jmp code
  19.  
  20. runnormally:
  21. mov [CrysisRemastered.exe+1BE4FF0],0
  22.  
  23. code:
  24.   cmp [CrysisRemastered.exe+1BE4FF0],ebp
  25.    jmp return
  26.  
  27. AiCantDetectYou:
  28.   jmp newmem
  29.   nop
  30. return:
  31.  
  32.  
  33. ActivateAiCantDetectYou:
  34. dq 0
  35.  
  36. [DISABLE]
  37.  
  38. AiCantDetectYou:
  39.   db 39 2D AE A7 5C 01
  40.  
  41. unregistersymbol(AiCantDetectYou ActivateAiCantDetectYou)
  42. dealloc(newmem)
  43. dealloc(ActivateAiCantDetectYou)
  44.  
  45. {
  46. // ORIGINAL CODE - INJECTION POINT: "CrysisRemastered.exe"+61A83C
  47.  
  48. "CrysisRemastered.exe"+61A81C: 48 C1 E0 04           -  shl rax,04
  49. "CrysisRemastered.exe"+61A820: 4A 8B 0C 00           -  mov rcx,[rax+r8]
  50. "CrysisRemastered.exe"+61A824: EB 03                 -  jmp CrysisRemastered.exe+61A829
  51. "CrysisRemastered.exe"+61A826: 48 8B CD              -  mov rcx,rbp
  52. "CrysisRemastered.exe"+61A829: 48 85 C9              -  test rcx,rcx
  53. "CrysisRemastered.exe"+61A82C: 48 0F 45 F9           -  cmovne rdi,rcx
  54. "CrysisRemastered.exe"+61A830: 45 84 FF              -  test r15l,r15l
  55. "CrysisRemastered.exe"+61A833: 74 16                 -  je CrysisRemastered.exe+61A84B
  56. "CrysisRemastered.exe"+61A835: 66 83 7F 12 64        -  cmp word ptr [rdi+12],64
  57. "CrysisRemastered.exe"+61A83A: 75 0F                 -  jne CrysisRemastered.exe+61A84B
  58. // ---------- INJECTING HERE ----------
  59. "CrysisRemastered.exe"+61A83C: 39 2D AE A7 5C 01     -  cmp [CrysisRemastered.exe+1BE4FF0],ebp
  60. // ---------- DONE INJECTING  ----------
  61. "CrysisRemastered.exe"+61A842: 74 07                 -  je CrysisRemastered.exe+61A84B
  62. "CrysisRemastered.exe"+61A844: 32 C0                 -  xor al,al
  63. "CrysisRemastered.exe"+61A846: E9 0E 01 00 00        -  jmp CrysisRemastered.exe+61A959
  64. "CrysisRemastered.exe"+61A84B: 49 8B 06              -  mov rax,[r14]
  65. "CrysisRemastered.exe"+61A84E: 49 8B CE              -  mov rcx,r14
  66. "CrysisRemastered.exe"+61A851: FF 90 48 01 00 00     -  call qword ptr [rax+00000148]
  67. "CrysisRemastered.exe"+61A857: 48 8B 17              -  mov rdx,[rdi]
  68. "CrysisRemastered.exe"+61A85A: 48 8B CF              -  mov rcx,rdi
  69. "CrysisRemastered.exe"+61A85D: 0F B6 D8              -  movzx ebx,al
  70. "CrysisRemastered.exe"+61A860: FF 92 48 01 00 00     -  call qword ptr [rdx+00000148]
  71. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!