158 "Guga_code" 0 FF80FF 1

157 "inf_craft_equipItems" Auto Assembler Script { Game : Watch_Dogs.exe Version: Date : 2023-01-22 Author : Gustavo This script does blah blah blah } define(address,"Disrupt_b64.dll"+EB167D) define(bytes,89 42 0C B0 01) [ENABLE] assert(address,bytes) alloc(newmem,$100,"Disrupt_b64.dll"+EB167D) label(code) label(return) newmem: code: db 90 90 jmp return address: jmp newmem return: [DISABLE] address: db bytes // mov [rdx+0C],eax // mov al,01 dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: Disrupt_b64.dll+EB167D Disrupt_b64.dll+EB1664: 48 8B 74 24 48 - mov rsi,[rsp+48] Disrupt_b64.dll+EB1669: 48 83 C4 20 - add rsp,20 Disrupt_b64.dll+EB166D: 5F - pop rdi Disrupt_b64.dll+EB166E: C3 - ret Disrupt_b64.dll+EB166F: 8B 42 0C - mov eax,[rdx+0C] Disrupt_b64.dll+EB1672: 83 F8 FF - cmp eax,-01 Disrupt_b64.dll+EB1675: 74 E6 - je Disrupt_b64.dll+EB165D Disrupt_b64.dll+EB1677: 3B C7 - cmp eax,edi Disrupt_b64.dll+EB1679: 76 17 - jna Disrupt_b64.dll+EB1692 Disrupt_b64.dll+EB167B: 2B C7 - sub eax,edi // ---------- INJECTING HERE ---------- Disrupt_b64.dll+EB167D: 89 42 0C - mov [rdx+0C],eax // ---------- DONE INJECTING ---------- Disrupt_b64.dll+EB1680: B0 01 - mov al,01 Disrupt_b64.dll+EB1682: 48 8B 5C 24 40 - mov rbx,[rsp+40] Disrupt_b64.dll+EB1687: 48 8B 74 24 48 - mov rsi,[rsp+48] Disrupt_b64.dll+EB168C: 48 83 C4 20 - add rsp,20 Disrupt_b64.dll+EB1690: 5F - pop rdi Disrupt_b64.dll+EB1691: C3 - ret Disrupt_b64.dll+EB1692: 48 8B 5C 24 40 - mov rbx,[rsp+40] Disrupt_b64.dll+EB1697: 48 8B 74 24 48 - mov rsi,[rsp+48] Disrupt_b64.dll+EB169C: 33 C0 - xor eax,eax Disrupt_b64.dll+EB169E: 89 42 0C - mov [rdx+0C],eax } 154 "ammo_inf/no_reload" Auto Assembler Script { Game : Watch_Dogs.exe Version: Date : 2023-01-22 Author : Gustavo This script does blah blah blah } define(address,"Disrupt_b64.dll"+FFE99A) define(bytes,FF 8F 98 00 00 00) [ENABLE] assert(address,bytes) alloc(newmem,$100,"Disrupt_b64.dll"+FFE99A) label(code) label(return) newmem: code: db 90 90 90 jmp return address: jmp newmem nop return: [DISABLE] address: db bytes // dec [rdi+00000098] dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: Disrupt_b64.dll+FFE99A Disrupt_b64.dll+FFE96A: F3 0F 11 44 24 20 - movss [rsp+20],xmm0 Disrupt_b64.dll+FFE970: 48 8B CF - mov rcx,rdi Disrupt_b64.dll+FFE973: E8 E8 37 F6 FF - call Disrupt_b64.dll+F62160 Disrupt_b64.dll+FFE978: 48 8D 4C 24 50 - lea rcx,[rsp+50] Disrupt_b64.dll+FFE97D: E8 FE 41 F6 FF - call Disrupt_b64.dll+F62B80 Disrupt_b64.dll+FFE982: 80 BF 9C 00 00 00 00 - cmp byte ptr [rdi+0000009C],00 Disrupt_b64.dll+FFE989: 75 21 - jne Disrupt_b64.dll+FFE9AC Disrupt_b64.dll+FFE98B: 80 BF 9D 00 00 00 00 - cmp byte ptr [rdi+0000009D],00 Disrupt_b64.dll+FFE992: 74 18 - je Disrupt_b64.dll+FFE9AC Disrupt_b64.dll+FFE994: 8B 87 90 00 00 00 - mov eax,[rdi+00000090] // ---------- INJECTING HERE ---------- Disrupt_b64.dll+FFE99A: FF 8F 98 00 00 00 - dec [rdi+00000098] // ---------- DONE INJECTING ---------- Disrupt_b64.dll+FFE9A0: 85 C0 - test eax,eax Disrupt_b64.dll+FFE9A2: 7E 08 - jle Disrupt_b64.dll+FFE9AC Disrupt_b64.dll+FFE9A4: FF C8 - dec eax Disrupt_b64.dll+FFE9A6: 89 87 90 00 00 00 - mov [rdi+00000090],eax Disrupt_b64.dll+FFE9AC: 48 8B 1E - mov rbx,[rsi] Disrupt_b64.dll+FFE9AF: 4C 8B A4 24 08 01 00 00 - mov r12,[rsp+00000108] Disrupt_b64.dll+FFE9B7: 48 8B BC 24 38 01 00 00 - mov rdi,[rsp+00000138] Disrupt_b64.dll+FFE9BF: FF 4B 18 - dec [rbx+18] Disrupt_b64.dll+FFE9C2: 48 8B B4 24 30 01 00 00 - mov rsi,[rsp+00000130] Disrupt_b64.dll+FFE9CA: 48 8B AC 24 28 01 00 00 - mov rbp,[rsp+00000128] } 148 "battery_Infinite" Auto Assembler Script { Game : Watch_Dogs.exe Version: Date : 2023-01-05 Author : Gustavo This script does blah blah blah } [ENABLE] aobscanmodule(INJECT,Disrupt_b64.dll,0F 42 C2 48 8D 15 E4 D3 8A 01) // should be unique alloc(newmem,$100,INJECT) label(code) label(return) newmem: code: cmovb eax,[rcx+F4] lea rdx,[Disrupt_b64.dll+3D0DC50] jmp return INJECT: jmp newmem nop 5 return: registersymbol(INJECT) [DISABLE] INJECT: db 0F 42 C2 48 8D 15 E4 D3 8A 01 unregistersymbol(INJECT) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: Disrupt_b64.dll+1760862 Disrupt_b64.dll+176083E: CC - int 3 Disrupt_b64.dll+176083F: CC - int 3 Disrupt_b64.dll+1760840: 40 53 - push rbx Disrupt_b64.dll+1760842: 48 83 EC 50 - sub rsp,50 Disrupt_b64.dll+1760846: 48 8B D9 - mov rbx,rcx Disrupt_b64.dll+1760849: 3B 91 F8 00 00 00 - cmp edx,[rcx+000000F8] Disrupt_b64.dll+176084F: 0F 84 D3 00 00 00 - je Disrupt_b64.dll+1760928 Disrupt_b64.dll+1760855: 8B 81 F4 00 00 00 - mov eax,[rcx+000000F4] Disrupt_b64.dll+176085B: 48 89 7C 24 78 - mov [rsp+78],rdi Disrupt_b64.dll+1760860: 3B D0 - cmp edx,eax // ---------- INJECTING HERE ---------- Disrupt_b64.dll+1760862: 0F 42 C2 - cmovb eax,edx // ---------- DONE INJECTING ---------- Disrupt_b64.dll+1760865: 48 8D 15 E4 D3 8A 01 - lea rdx,[Disrupt_b64.dll+300DC50] INJECT: 89 81 F8 00 00 00 - mov [rcx+000000F8],eax Disrupt_b64.dll+1760872: 48 8D 4C 24 60 - lea rcx,[rsp+60] Disrupt_b64.dll+1760877: E8 54 63 9D FE - call Disrupt_b64.dll+136BD0 Disrupt_b64.dll+176087C: 4C 8B 5B 10 - mov r11,[rbx+10] Disrupt_b64.dll+1760880: 4C 8D 4C 24 70 - lea r9,[rsp+70] Disrupt_b64.dll+1760885: 4C 89 5C 24 70 - mov [rsp+70],r11 Disrupt_b64.dll+176088A: 41 FF 43 18 - inc [r11+18] Disrupt_b64.dll+176088E: 48 8D 54 24 60 - lea rdx,[rsp+60] Disrupt_b64.dll+1760893: 48 8D 4C 24 20 - lea rcx,[rsp+20] } Code :add [rax],al Disrupt_b64.dll+3D0DC50 00 00 00 00 00 00 00 00 00 00 00 00 Change of dec [rdi+00000098] Disrupt_b64.dll+FFE99A 87 90 00 00 00 FF 8F 98 00 00 00 85 C0 7E 08 FF _wd64Stealth_v3_aob_jmp

7FF90861C05C

_wd64Stealth_v3_aob_retaddress

7FF90861C0A9

wd64_reputation_aob_jmp

7FF90825E08B

_wd64_ptr_rep_set

7FF907C00256

_wd64_ptr_rep_load

7FF907C00266

_wd64GodMode_rl_aob_jmp

7FF90944B530