11
"Enable"
80000008
Auto Assembler Script
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscan(enableAOB0,CC 51 0F B6 41 14 89 04 24 DB 04 24 59 C3 CC CC)
label(enableAOB0_jmp)
registersymbol(enableAOB0_jmp)
label(pDeveloperMode)
registersymbol(pDeveloperMode)
label(tEBX)
registersymbol(tEBX)
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
/*label(con0)
label(con1)*/
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
//pushfd
/*cmp ebx,80E //initial
jne originalcode*/
cmp ebx,888 //Update1
jne originalcode
/*testing start*/
/*cmp [ecx+14],1
jg originalcode
cmp ecx,08000000
jl originalcode
cmp [esp+10],1
jne originalcode
cmp [esp+20],0
jne originalcode
cmp [esp+2C],0
jne originalcode
cmp [esp+5C],FFFFFFFF
jne originalcode
cmp [esp+6C],0
jne originalcode
cmp [esp+84],0
jne originalcode
cmp [esp+A0],0
jne originalcode
cmp [esp+D8],FFFFFFFF
jne originalcode
cmp [esp+E8],0
jne originalcode
cmp [ecx+14],00000000
je con0
cmp [ecx+14],00000001
je con0
jmp originalcode
con0:
cmp [tEBX],0
je con1
cmp [tEBX],ebx
jl originalcode
con1:*/
/*testing end*/
mov [tEBX],ebx
movzx eax,byte ptr [ecx+14]
mov [pDeveloperMode],ecx
originalcode:
//popfd
movzx eax,byte ptr [ecx+14]
mov [esp],eax
exit:
jmp returnhere
///
pDeveloperMode:
dd 0
tEBX:
dd 0
///
enableAOB0+2: //"replay.exe"+1FD51:
enableAOB0_jmp:
jmp newmem
nop
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
enableAOB0_jmp: //"replay.exe"+1FD51:
db 0F B6 41 14 89 04 24
//Alt: movzx eax,byte ptr [ecx+14]
//Alt: mov [esp],eax
unregistersymbol(enableAOB0_jmp)
unregistersymbol(pDeveloperMode)
unregistersymbol(tEBX)
Activate
112
0
12
"Developer Mode Switch (num1 = on, num0 = off)"
80000008
4 Bytes
pDeveloperMode
14
Set Value
97
1
0
Set Value
96
0
1
27
"tEBX"
1
80000008
4 Bytes
tEBX
dmf read1 Code :mov dl,[esi+14]
004295B6
replay.exe
295B6
4E
04
89
48
04
8A
56
14
88
50
14
5E
C2
dmf read2 Code :movzx eax,byte ptr [ecx+14]
0041FD51
replay.exe
1FD51
CC
CC
CC
CC
51
0F
B6
41
14
89
04
24
DB
04
enableAOB0_jmp
0041FD51
pDeveloperMode
09860028
tEBX
0986002C