Fly Script Exploit

1. Script To Make You Fly (DO NOT COPY THIS JUST COPY BELOW
2.  
3. ----------------------------------------------------------------------------------------------------------------------
4.  
5. function cbFindIntegrityCheckChange(sender)
6. --gui stuff - FLY HACK
7. control_setEnabled(frmSESettings_cbRewatch, checkbox_getState(frmSESettings_cbFindIntegrityCheck)==cbChecked)
8. control_setEnabled(frmSESettings_edtTime, checkbox_getState(frmSESettings_cbFindIntegrityCheck)==cbChecked)
9. control_setEnabled(frmSESettings_lblMilliseconds, checkbox_getState(frmSESettings_cbFindIntegrityCheck)==cbChecked)
10. end
11.  
12. function btnApplyClick(sender)
13. stealthedit_FindIntegrity=checkbox_getState(frmSESettings_cbFindIntegrityCheck)==cbChecked
14. stealthedit_Rewatch=checkbox_getState(frmSESettings_cbRewatch)==cbChecked
15. stealthedit_RewatchTimer=tonumber(control_getCaption(frmSESettings_edtTime))
16. end
17.  
18.  
19. createFormFromFile(stealtheditpath..'sesettings.FRM')
20. createFormFromFile(stealtheditpath..'results.FRM')
21.  
22.  
23. function ShowSEWindow()
24. if stealthedit_FindIntegrity==true then
25. form_show(frmResults)
26. end
27. end
28.  
29. stealthedit_FindIntegrity=false --this variablename is queried by the stealthedit plugin to determine if the memory should be guarded on stealthedit (don't change it)
30. --set to true if you wish it on by default. Also add this then:
31. --checkbox_setState(frmSESettings_cbFindIntegrityCheck, cbChecked)
32.  
33. stealthedit_Rewatch=false
34. stealthedit_RewatchTimer=100
35.  
36.  
37.  
38. function onreguard(sender)
39. timer_setEnabled(sender, false)
40. reguard()
41. end
42.  
43.  
44. se_events={}
45.  
46. function IntegrityUpdate(rax, rbx, rcx, rdx, rsi, rdi, rbp, rsp, rip, r8, r9, r10, r11, r12, r13, r14, r15, stackcopy, stacksize)
47. --A page that was guarded has been accessed (and made unguarded)
48. if (control_getVisible(frmResults)==false) then
49. ShowSEWindow()
50. end
51.  
52. --check if this rip address is already in the list, and if not, add it
53.  
54.  
55. if (se_events[rip]==nil) then
56. --new, add it (don't add/update any other ones with this rip, those don't come with a stackcopy/stacksize)
57. se_events[rip]={rax=rax, rbx=rbx, rcx=rcx, rdx=rdx, rsi=rsi, rdi=rdi, rbp=rbp, rsp=rsp, rip=rip, r8=r8, r9=r9, r10=r10, r11=r11, r12=r12, r13=r13, r14=r14, r15=r15, stackcopy=stackcopy, stacksize=stacksize}
58. local items=listbox_getItems(frmResults_lbAddresses)
59. strings_add(items, string.format('%08X', rip))
60.  
61. if listbox_getItemIndex(frmResults_lbAddresses)==-1 then
62. listbox_setItemIndex(frmResults_lbAddresses,0)
63. end
64. end
65.  
66.  
67.  
68. if (stealthedit_Rewatch) then
69. if (reguardtimer==nil) then
70. reguardtimer=createTimer(nil, false)
71. timer_onTimer(reguardtimer, onreguard)
72. end
73.  
74. timer_setInterval(reguardtimer, stealthedit_RewatchTimer)
75. timer_setEnabled(reguardtimer, true)
76. end
77. end
78.  
79.  
80. function lbAddressesSelectionChange(sender, user)
81. -- showMessage('selection changed')
82. -- frmResults_lbAddresses
83. -- frmResults_mData
84. local is64bit=targetIs64Bit()
85. local items=listbox_getItems(frmResults_lbAddresses)
86. local itemindex=listbox_getItemIndex(frmResults_lbAddresses)
87. local event=se_events[tonumber('0x'..strings_getString(items, itemindex))]
88.  
89. edit_clear(frmResults_mData)
90.  
91. if is64bit then
92. prefix='R'
93. else
94. prefix='E'
95. end
96.  
97.  
98. memo_append(frmResults_mData,prefix..'AX = '..string.format('%08X',event.rax))
99. memo_append(frmResults_mData,prefix..'BX = '..string.format('%08X',event.rbx))
100. memo_append(frmResults_mData,prefix..'CX = '..string.format('%08X',event.rcx))
101. memo_append(frmResults_mData,prefix..'DX = '..string.format('%08X',event.rdx))
102. memo_append(frmResults_mData,prefix..'SI = '..string.format('%08X',event.rsi))
103. memo_append(frmResults_mData,prefix..'DI = '..string.format('%08X',event.rdi))
104. memo_append(frmResults_mData,prefix..'BP = '..string.format('%08X',event.rbp))
105. memo_append(frmResults_mData,prefix..'SP = '..string.format('%08X',event.rsp))
106. memo_append(frmResults_mData,prefix..'IP = '..string.format('%08X',event.rip))
107.  
108. if is64bit then
109. memo_append(frmResults_mData,' R8 = '..string.format('%08X',event.r8))
110. memo_append(frmResults_mData,' R9 = '..string.format('%08X',event.r9))
111. memo_append(frmResults_mData,'R10 = '..string.format('%08X',event.r10))
112. memo_append(frmResults_mData,'R11 = '..string.format('%08X',event.r11))
113. memo_append(frmResults_mData,'R12 = '..string.format('%08X',event.r12))
114. memo_append(frmResults_mData,'R13 = '..string.format('%08X',event.r13))
115. memo_append(frmResults_mData,'R14 = '..string.format('%08X',event.r14))
116. memo_append(frmResults_mData,'R15 = '..string.format('%08X',event.r15))
117. end
118.  
119. memo_append(frmResults_mData,'')
120. memo_append(frmResults_mData,'Stack copy = '..string.format('%08X',event.stackcopy))
121. memo_append(frmResults_mData,'Stack size = '..string.format('%08X',event.stacksize))
122. end
123.  
124. function lbAddressesDblClick(sender)
125. local items=listbox_getItems(frmResults_lbAddresses)
126. local itemindex=listbox_getItemIndex(frmResults_lbAddresses)
127. local address=tonumber('0x'..strings_getString(items, itemindex))
128. local mb=getMemoryViewForm()
129. local dv=memoryview_getDisassemblerView(mb)
130. disassemblerview_setSelectedAddress(dv, address)
131. form_show(mb)
132. end