API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 15th, 2017
54
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
ASM (NASM) 4.17 KB | None | 0 0
raw download clone embed print report
  1. [ENABLE]
  2.  
  3. aobscanmodule(_Teleport,ShadowOfWar.exe,8B 86 B0 00 00 00 89 43 04 8B) // should be unique
  4. alloc(newmem,$1000,ShadowOfWar.exe)
  5. alloc(_SavePosition,8)
  6. alloc(_LoadPosition,8)
  7. alloc(_UndoTeleport,8)
  8. alloc(_base,8)
  9. alloc(_X_Coord,8)
  10. alloc(_Y_Coord,8)
  11. alloc(_Z_Coord,8)
  12. alloc(_X_Coord_Undo,8)
  13. alloc(_Y_Coord_Undo,8)
  14. alloc(_Z_Coord_Undo,8)
  15. alloc(originalcode,8)
  16. registersymbol(_Teleport)
  17. registersymbol(_SavePosition)
  18. registersymbol(_LoadPosition)
  19. registersymbol(_UndoTeleport)
  20. registersymbol(_X_Coord)
  21. registersymbol(_Y_Coord)
  22. registersymbol(_Z_Coord)
  23. registersymbol(_X_Coord_Undo)
  24. registersymbol(_Y_Coord_Undo)
  25. registersymbol(_Z_Coord_Undo)
  26. registersymbol(originalcode)
  27. registersymbol(_base)
  28.  
  29. label(return)
  30. label(Save)
  31. label(Load)
  32. label(Undo)
  33.  
  34.  
  35.  
  36. newmem:
  37. push rsi
  38. mov [_base],rsi
  39. pop rsi
  40. cmp byte ptr [_SavePosition],1
  41. je Save
  42. cmp byte ptr [_LoadPosition],1
  43. je Load
  44. cmp byte ptr [_UndoTeleport],1
  45. je Undo
  46. jmp originalcode
  47.  
  48. Save:
  49. mov byte ptr [_SavePosition],0
  50. movss xmm1,[rsi+000000AC] // X
  51. movss [_X_Coord],xmm1
  52. movss xmm1,[rsi+000000B0] // Y
  53. movss [_Y_Coord],xmm1
  54. movss xmm1,[rsi+000000B4] // Z
  55. movss [_Z_Coord],xmm1
  56. jmp originalcode
  57.  
  58. Load:
  59. mov byte ptr [_LoadPosition],0
  60. movss xmm1,[_X_Coord]
  61. movss [rsi+000000AC],xmm1
  62. movss xmm1,[_Y_Coord]
  63. movss [rsi+000000B0],xmm1
  64. movss xmm1,[_Z_Coord]
  65. movss [rsi+000000B4],xmm1
  66.  
  67. // Save Position again for Undo
  68. movss xmm1,[rsi+000000AC] // X
  69. movss [_X_Coord_Undo],xmm1
  70. movss xmm1,[rsi+000000B0] // Y
  71. movss [_Y_Coord_Undo],xmm1
  72. movss xmm1,[rsi+000000B4] // Z
  73. movss [_Z_Coord_Undo],xmm1
  74. jmp originalcode
  75.  
  76. Undo:
  77. mov byte ptr [_UndoTeleport],0
  78.  
  79. movss xmm1,[_X_Coord_Undo]
  80. movss [rsi+000000AC],xmm1
  81. movss xmm1,[_Y_Coord_Undo]
  82. movss [rsi+000000B0],xmm1
  83. movss xmm1,[_Z_Coord_Undo]
  84. movss [rsi+000000B4],xmm1
  85. jmp originalcode
  86.  
  87.  
  88. _SavePosition:
  89. dd 0
  90. _LoadPosition:
  91. dd 0
  92. _UndoTeleport:
  93. dd 0
  94.  
  95. originalcode:
  96.   mov eax,[rsi+000000B0]
  97.   jmp return
  98.  
  99. _Teleport:
  100.   jmp newmem
  101.   nop
  102. return:
  103.  
  104.  
  105. [DISABLE]
  106.  
  107. _Teleport:
  108.   db 8B 86 B0 00 00 00
  109.  
  110. unregistersymbol(_Teleport)
  111. dealloc(newmem)
  112. dealloc(_SavePosition)
  113. dealloc(_LoadPosition)
  114. dealloc(_UndoTeleport)
  115. dealloc(_X_Coord)
  116. dealloc(_Y_Coord)
  117. dealloc(_Z_Coord)
  118. dealloc(_X_Coord_Undo)
  119. dealloc(_Y_Coord_Undo)
  120. dealloc(_Z_Coord_Undo)
  121. dealloc(originalcode)
  122. dealloc(_base)
  123. unregistersymbol(_Teleport)
  124. unregistersymbol(_SavePosition)
  125. unregistersymbol(_LoadPosition)
  126. unregistersymbol(_UndoTeleport)
  127. unregistersymbol(_X_Coord)
  128. unregistersymbol(_Y_Coord)
  129. unregistersymbol(_Z_Coord)
  130. unregistersymbol(originalcode)
  131. unregistersymbol(_base)
  132. {
  133. // ORIGINAL CODE - INJECTION POINT: "ShadowOfWar.exe"+1C3B11
  134.  
  135. "ShadowOfWar.exe"+1C3AEB: 74 38                 -  je ShadowOfWar.exe+1C3B25
  136. "ShadowOfWar.exe"+1C3AED: 8B 80 00 2A 00 00     -  mov eax,[rax+00002A00]
  137. "ShadowOfWar.exe"+1C3AF3: 3D 00 01 00 00        -  cmp eax,00000100
  138. "ShadowOfWar.exe"+1C3AF8: 73 2B                 -  jae ShadowOfWar.exe+1C3B25
  139. "ShadowOfWar.exe"+1C3AFA: 8B D0                 -  mov edx,eax
  140. "ShadowOfWar.exe"+1C3AFC: 48 8B CB              -  mov rcx,rbx
  141. "ShadowOfWar.exe"+1C3AFF: E8 38 0C 00 00        -  call ShadowOfWar.exe+1C473C
  142. "ShadowOfWar.exe"+1C3B04: C6 00 01              -  mov byte ptr [rax],01
  143. "ShadowOfWar.exe"+1C3B07: 41 8B 88 AC 00 00 00  -  mov ecx,[r8+000000AC]
  144. "ShadowOfWar.exe"+1C3B0E: 89 48 04              -  mov [rax+04],ecx
  145. // ---------- INJECTING HERE ----------
  146. "ShadowOfWar.exe"+1C3B11: 41 8B 88 B0 00 00 00  -  mov ecx,[r8+000000B0]
  147. // ---------- DONE INJECTING  ----------
  148. "ShadowOfWar.exe"+1C3B18: 89 48 08              -  mov [rax+08],ecx
  149. "ShadowOfWar.exe"+1C3B1B: 41 8B 88 B4 00 00 00  -  mov ecx,[r8+000000B4]
  150. "ShadowOfWar.exe"+1C3B22: 89 48 0C              -  mov [rax+0C],ecx
  151. "ShadowOfWar.exe"+1C3B25: 33 F6                 -  xor esi,esi
  152. "ShadowOfWar.exe"+1C3B27: 49 8D 45 10           -  lea rax,[r13+10]
  153. "ShadowOfWar.exe"+1C3B2B: 89 75 48              -  mov [rbp+48],esi
  154. "ShadowOfWar.exe"+1C3B2E: 8B D6                 -  mov edx,esi
  155. "ShadowOfWar.exe"+1C3B30: 48 8B C8              -  mov rcx,rax
  156. "ShadowOfWar.exe"+1C3B33: 44 8B D6              -  mov r10d,esi
  157. "ShadowOfWar.exe"+1C3B36: E8 9D 0B 00 00        -  call ShadowOfWar.exe+1C46D8
  158. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!