[request]auto dodge script update [0320 → 0810]

kimsagi · 发表于 2018-10-20 14:11

本帖最后由 kimsagi 于 2018-10-20 21:27 编辑

auto dodge script  [03 20]

--------------
[ENABLE]

aobscanmodule(aob_grabFunc,AOT2_AS.exe,48 89 5C 24 30 49 8B 98) // should be unique

aobscanmodule(aob_dodgeBranch,AOT2_AS.exe,8B 83 30 03 00 00 D0 E8 A8 01 0F 84 12 04) // should be unique

alloc(newmem_grabFunc,$100,"AOT2_AS.exe"+82F37E)

alloc(isGrabbing,$4,"AOT2_AS.exe"+82F37E)

registersymbol(aob_grabFunc)

registersymbol(aob_dodgeBranch)

registersymbol(isGrabbing)

newmem_grabFunc:

  cmp [isGrabbing],0

  jne short @f

  mov [isGrabbing],4 // Counter for Pressing Button

@@:

  add rsp,20

  pop rdi

  pop rax

  jmp aob_dodgeBranch

isGrabbing:

  db 00 00 00 00

aob_grabFunc:

  jmp newmem_grabFunc

////////////////////////////////////////////////////////////////////////////////////////////////////

aobscanmodule(aob_hookDriveFlag,AOT2_AS.exe,48 C1 E8 16 A8 01 74 04) // should be unique

alloc(newmem_hookDriveFlag,$100,"AOT2_AS.exe"+85F3C4)

label(return_hookDriveFlag)

newmem_hookDriveFlag:

  shr rax,16

  cmp [isGrabbing],0

  je short @f

  or al,01

@@:

  test al,01

  jmp return_hookDriveFlag

aob_hookDriveFlag:

  jmp newmem_hookDriveFlag

  nop

return_hookDriveFlag:

registersymbol(aob_hookDriveFlag)

////////////////////////////////////////////////////////////////////////////////////////////////////

aobscanmodule(aob_dinputScan,AOT2_AS.exe,44 38 AC 88 FC 00 00 00) // should be unique

alloc(newmem_dinputScan,$100,"AOT2_AS.exe"+DCF2A7)

label(exit_dinputScan)

label(originalcode)

label(return_dinputScan)

newmem_dinputScan:

  cmp [isGrabbing],0

  je short originalcode

  push rbx

  mov rbx,[r12+08] //Button Settings Array

@@:

  cmp byte ptr [rbx+1C],r11l //Jump Button DInput ScanCode

  jne short @f

  cmp [rax+rcx*4+FC],80 //Button already held awaiting game read

  je short @f

  mov [rax+rcx*4+000000FC],0000000001000180

  dec [isGrabbing]

exit_dinputScan:

  pop rbx

originalcode:

  cmp [rax+rcx*4+000000FC],r13l

  jmp return_dinputScan

aob_dinputScan:

  jmp newmem_dinputScan

  nop

  nop

  nop

return_dinputScan:

registersymbol(aob_dinputScan)

[DISABLE]

aob_grabFunc:

  db 48 89 5C 24 30

unregistersymbol(aob_grabFunc)

unregistersymbol(aob_dodgeBranch)

unregistersymbol(isGrabbing)

dealloc(newmem_grabFunc)

dealloc(isGrabbing)

{

// ORIGINAL CODE - INJECTION POINT: "AOT2_AS.exe"+82F37E

"AOT2_AS.exe"+82F362: 48 83 EC 20             -  sub rsp,20

"AOT2_AS.exe"+82F366: F7 02 00 00 02 00       -  test [rdx],20000

"AOT2_AS.exe"+82F36C: 48 8B F9                -  mov rdi,rcx

"AOT2_AS.exe"+82F36F: 77 08                   -  ja AOT2_AS.exe+82F379

"AOT2_AS.exe"+82F371: 33 C0                   -  xor eax,eax

"AOT2_AS.exe"+82F373: 48 83 C4 20             -  add rsp,20

"AOT2_AS.exe"+82F377: 5F                      -  pop rdi

"AOT2_AS.exe"+82F378: C3                      -  ret

"AOT2_AS.exe"+82F379: 45 85 C9                -  test r9d,r9d

"AOT2_AS.exe"+82F37C: 75 F3                   -  jne AOT2_AS.exe+82F371

// ---------- INJECTING HERE ----------

"AOT2_AS.exe"+82F37E: 48 89 5C 24 30          -  mov [rsp+30],rbx

// ---------- DONE INJECTING  ----------

"AOT2_AS.exe"+82F383: 49 8B 98 F8 00 00 00    -  mov rbx,[r8+000000F8]

"AOT2_AS.exe"+82F38A: 8B 83 30 03 00 00       -  mov eax,[rbx+00000330]

"AOT2_AS.exe"+82F390: C0 E8 03                -  shr al,03

"AOT2_AS.exe"+82F393: A8 01                   -  test al,01

"AOT2_AS.exe"+82F395: 74 0B                   -  je AOT2_AS.exe+82F3A2

"AOT2_AS.exe"+82F397: 48 8B 83 08 02 00 00    -  mov rax,[rbx+00000208]

"AOT2_AS.exe"+82F39E: 48 8B 58 08             -  mov rbx,[rax+08]

"AOT2_AS.exe"+82F3A2: 48 8B 83 10 02 00 00    -  mov rax,[rbx+00000210]

"AOT2_AS.exe"+82F3A9: 48 83 78 38 00          -  cmp qword ptr [rax+38],00

"AOT2_AS.exe"+82F3AE: 74 0D                   -  je AOT2_AS.exe+82F3BD

}

////////////////////////////////////////////////////////////////////////////////////////////////////

aob_hookDriveFlag:

  db 48 C1 E8 16 A8 01

unregistersymbol(aob_hookDriveFlag)

dealloc(newmem_hookDriveFlag)

{

// ORIGINAL CODE - INJECTION POINT: "AOT2_AS.exe"+85F3C4

"AOT2_AS.exe"+85F39F: 74 04                         -  je AOT2_AS.exe+85F3A5

"AOT2_AS.exe"+85F3A1: 0F BA EA 09                   -  bts edx,09

"AOT2_AS.exe"+85F3A5: 48 B9 01 00 00 00 00 00 00 04  -  mov rcx,0400000000000001

"AOT2_AS.exe"+85F3AF: 49 8B C0                      -  mov rax,r8

"AOT2_AS.exe"+85F3B2: 48 23 C1                      -  and rax,rcx

"AOT2_AS.exe"+85F3B5: 8B CA                         -  mov ecx,edx

"AOT2_AS.exe"+85F3B7: 0F BA E9 0A                   -  bts ecx,0A

"AOT2_AS.exe"+85F3BB: 48 85 C0                      -  test rax,rax

"AOT2_AS.exe"+85F3BE: 49 8B C0                      -  mov rax,r8

"AOT2_AS.exe"+85F3C1: 0F 44 CA                      -  cmove ecx,edx

// ---------- INJECTING HERE ----------

"AOT2_AS.exe"+85F3C4: 48 C1 E8 16                   -  shr rax,16

"AOT2_AS.exe"+85F3C8: A8 01                         -  test al,01

// ---------- DONE INJECTING  ----------

"AOT2_AS.exe"+85F3CA: 74 04                         -  je AOT2_AS.exe+85F3D0

"AOT2_AS.exe"+85F3CC: 0F BA E9 0A                   -  bts ecx,0A

"AOT2_AS.exe"+85F3D0: 49 C1 E8 3A                   -  shr r8,3A

"AOT2_AS.exe"+85F3D4: 41 F6 C0 01                   -  test r8l,01

"AOT2_AS.exe"+85F3D8: 74 04                         -  je AOT2_AS.exe+85F3DE

"AOT2_AS.exe"+85F3DA: 0F BA E9 14                   -  bts ecx,14

"AOT2_AS.exe"+85F3DE: 8B C1                         -  mov eax,ecx

"AOT2_AS.exe"+85F3E0: C3                            -  ret

"AOT2_AS.exe"+85F3E1: CC                            -  int 3

"AOT2_AS.exe"+85F3E2: CC                            -  int 3

}

////////////////////////////////////////////////////////////////////////////////////////////////////

aob_dinputScan:

  db 44 38 AC 88 FC 00 00 00

unregistersymbol(aob_dinputScan)

dealloc(newmem_dinputScan)

{

// ORIGINAL CODE - INJECTION POINT: "AOT2_AS.exe"+DCF2A7

"AOT2_AS.exe"+DCF286: 45 8B F5                -  mov r14d,r13d

"AOT2_AS.exe"+DCF289: 45 8B FD                -  mov r15d,r13d

"AOT2_AS.exe"+DCF28C: 0F 1F 40 00             -  nop [rax+00]

"AOT2_AS.exe"+DCF290: 0F B6 45 00             -  movzx eax,byte ptr [rbp+00]

"AOT2_AS.exe"+DCF294: 45 8B CD                -  mov r9d,r13d

"AOT2_AS.exe"+DCF297: 8B 56 FC                -  mov edx,[rsi-04]

"AOT2_AS.exe"+DCF29A: 44 8B D8                -  mov r11d,eax

"AOT2_AS.exe"+DCF29D: 8B 1E                   -  mov ebx,[rsi]

"AOT2_AS.exe"+DCF29F: 48 8D 0C 40             -  lea rcx,[rax+rax*2]

"AOT2_AS.exe"+DCF2A3: 49 8B 04 24             -  mov rax,[r12]

// ---------- INJECTING HERE ----------

"AOT2_AS.exe"+DCF2A7: 44 38 AC 88 FC 00 00 00  -  cmp [rax+rcx*4+000000FC],r13l

// ---------- DONE INJECTING  ----------

"AOT2_AS.exe"+DCF2AF: 7D 6C                   -  jnl AOT2_AS.exe+DCF31D

"AOT2_AS.exe"+DCF2B1: 85 DB                   -  test ebx,ebx

"AOT2_AS.exe"+DCF2B3: 75 62                   -  jne AOT2_AS.exe+DCF317

"AOT2_AS.exe"+DCF2B5: B9 80 00 00 00          -  mov ecx,00000080

"AOT2_AS.exe"+DCF2BA: 83 FF 01                -  cmp edi,01

"AOT2_AS.exe"+DCF2BD: 74 4C                   -  je AOT2_AS.exe+DCF30B

"AOT2_AS.exe"+DCF2BF: B8 00 02 00 00          -  mov eax,00000200

"AOT2_AS.exe"+DCF2C4: 44 3B D0                -  cmp r10d,eax

"AOT2_AS.exe"+DCF2C7: 0F 44 C1                -  cmove eax,ecx

"AOT2_AS.exe"+DCF2CA: 3B D0                   -  cmp edx,eax

}

------

I want play AOT2 with auto dodgecould you update this script ?
sorry.

[游戏讨论] [request]auto dodge script update [0320 → 0810]