130 "Teleport Hack" Auto Assembler Script [ENABLE] aobscanmodule(INJECT,re2.exe,8B 47 30 89 06) alloc(newmem,$1000,INJECT) registersymbol(INJECT flag) label(code) label(return) label(xpos) label(ypos) label(zpos) label(flag) label(load) newmem: push r14 mov r14,8000000000000000 cmp r15,r14 pop r14 jne code cmp [flag],1 je load jmp code load: mov [flag],0 push rbx mov rbx,[xpos] mov [rdi+30],rbx mov rbx,[ypos] mov [rdi+34],rbx mov rbx,[zpos] mov [rdi+38],rbx pop rbx jmp code code: mov eax,[rdi+30] mov [rsi],eax jmp return xpos: dd (float)-0.4750722945 ypos: dd (float)9.999148369 zpos: dd (float)-13.19950294 flag: dd 0 INJECT: jmp newmem return: [DISABLE] INJECT: db 8B 47 30 89 06 unregistersymbol(INJECT flag) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: re2.exe+EE0AD74 re2.exe+EE0ACF8: 0F 29 44 24 40 - movaps [rsp+40],xmm0 re2.exe+EE0ACFD: 0F 10 40 30 - movups xmm0,[rax+30] re2.exe+EE0AD01: 0F 29 44 24 50 - movaps [rsp+50],xmm0 re2.exe+EE0AD06: F3 0F 10 47 30 - movss xmm0,[rdi+30] re2.exe+EE0AD0B: 0F C6 C0 00 - shufps xmm0,xmm0,00 re2.exe+EE0AD0F: 0F 59 C8 - mulps xmm1,xmm0 re2.exe+EE0AD12: F3 0F 10 47 38 - movss xmm0,[rdi+38] re2.exe+EE0AD17: 0F C6 C0 00 - shufps xmm0,xmm0,00 re2.exe+EE0AD1B: 0F 59 44 24 40 - mulps xmm0,[rsp+40] re2.exe+EE0AD20: 0F 58 D1 - addps xmm2,xmm1 re2.exe+EE0AD23: 0F 58 D0 - addps xmm2,xmm0 re2.exe+EE0AD26: 0F 58 54 24 50 - addps xmm2,[rsp+50] re2.exe+EE0AD2B: 0F 28 C2 - movaps xmm0,xmm2 re2.exe+EE0AD2E: F3 0F 11 16 - movss [rsi],xmm2 re2.exe+EE0AD32: 0F 28 CA - movaps xmm1,xmm2 re2.exe+EE0AD35: 0F C6 C2 55 - shufps xmm0,xmm2,55 re2.exe+EE0AD39: 0F C6 CA AA - shufps xmm1,xmm2,-56 re2.exe+EE0AD3D: 0F C6 D2 FF - shufps xmm2,xmm2,-01 re2.exe+EE0AD41: F3 0F 11 56 0C - movss [rsi+0C],xmm2 re2.exe+EE0AD46: F3 0F 11 46 04 - movss [rsi+04],xmm0 re2.exe+EE0AD4B: F3 0F 11 4E 08 - movss [rsi+08],xmm1 re2.exe+EE0AD50: EB 39 - jmp re2.exe+EE0AD8B re2.exe+EE0AD52: 8B 87 B0 00 00 00 - mov eax,[rdi+000000B0] re2.exe+EE0AD58: 89 06 - mov [rsi],eax re2.exe+EE0AD5A: 8B 87 B4 00 00 00 - mov eax,[rdi+000000B4] re2.exe+EE0AD60: 89 46 04 - mov [rsi+04],eax re2.exe+EE0AD63: 8B 87 B8 00 00 00 - mov eax,[rdi+000000B8] re2.exe+EE0AD69: 89 46 08 - mov [rsi+08],eax re2.exe+EE0AD6C: 8B 87 BC 00 00 00 - mov eax,[rdi+000000BC] re2.exe+EE0AD72: EB 14 - jmp re2.exe+EE0AD88 // ---------- INJECTING HERE ---------- re2.exe+EE0AD74: 8B 47 30 - mov eax,[rdi+30] // ---------- DONE INJECTING ---------- re2.exe+EE0AD77: 89 06 - mov [rsi],eax re2.exe+EE0AD79: 8B 47 34 - mov eax,[rdi+34] re2.exe+EE0AD7C: 89 46 04 - mov [rsi+04],eax re2.exe+EE0AD7F: 8B 47 38 - mov eax,[rdi+38] re2.exe+EE0AD82: 89 46 08 - mov [rsi+08],eax re2.exe+EE0AD85: 8B 47 3C - mov eax,[rdi+3C] re2.exe+EE0AD88: 89 46 0C - mov [rsi+0C],eax re2.exe+EE0AD8B: 48 89 F0 - mov rax,rsi re2.exe+EE0AD8E: 48 8B 8C 24 E0 00 00 00 - mov rcx,[rsp+000000E0] re2.exe+EE0AD96: 48 31 E1 - xor rcx,rsp re2.exe+EE0AD99: E8 A2 8B F7 F4 - call re2.exe+3D83940 re2.exe+EE0AD9E: 48 81 C4 F0 00 00 00 - add rsp,000000F0 re2.exe+EE0ADA5: 41 5E - pop r14 re2.exe+EE0ADA7: 5F - pop rdi re2.exe+EE0ADA8: 5E - pop rsi re2.exe+EE0ADA9: C3 - ret re2.exe+EE0ADAA: CC - int 3 re2.exe+EE0ADAB: 51 - push rcx re2.exe+EE0ADAC: 48 F7 D1 - not rcx re2.exe+EE0ADAF: BE 00 00 00 00 - mov esi,00000000 re2.exe+EE0ADB4: 48 21 0C 24 - and [rsp],rcx re2.exe+EE0ADB8: 59 - pop rcx re2.exe+EE0ADB9: 48 81 F1 00 00 01 00 - xor rcx,00010000 re2.exe+EE0ADC0: 48 C1 E1 20 - shl rcx,20 re2.exe+EE0ADC4: 48 31 F1 - xor rcx,rsi re2.exe+EE0ADC7: 49 23 89 A0 03 00 00 - and rcx,[r9+000003A0] re2.exe+EE0ADCE: 6A 00 - push 00 re2.exe+EE0ADD0: 48 8B 34 24 - mov rsi,[rsp] re2.exe+EE0ADD4: 48 29 CE - sub rsi,rcx re2.exe+EE0ADD7: 48 89 34 24 - mov [rsp],rsi } 132 "F1: 女神像の上にテレポートする (警察署メインフロア)" 0 4 Bytes

flag

Set Value 112 1 0 y coord :mov eax,[rdi+34] re2.exe+EE0AD79 8B 47 30 89 06 8B 47 34 89 46 04 8B 47 体力にアクセスしている命令 :mov eax,[rax+58] re2.exe+8F11DE3 83 C4 20 5F C3 8B 40 58 48 8B 5C 24 30 弾丸にアクセスしている命令 :mov ebx,[rcx+20] re2.exe+B8BE2C5 48 85 C9 74 03 8B 59 20 85 DB 48 8B 5C