TwMS ALL_ICS_近戰不揮空



//TwMS ALL_ICS_近戰不揮空
//Auther:HaHaYo
//Thanks:Onion & ms890110 

[Enable]

RegisterSymbol(MYNA00OnOff)
Alloc(MYNA00OnOff, 4)

RegisterSymbol(CopyMem)
Alloc(CopyMem, 128)
CreateThread(CopyMem)

RegisterSymbol(Call1Thread)
Alloc(Call1Thread, 128)
CreateThread(Call1Thread)
RegisterSymbol(Call1)
Alloc(Call1, 04)
Label(Call1SearchAOB)
Label(Call1StartHook)

RegisterSymbol(Call2Thread)
Alloc(Call2Thread, 128)
CreateThread(Call2Thread)
RegisterSymbol(Call2)
Alloc(Call2, 04)
Label(Call2SearchAOB)
Label(Call2StartHook)

RegisterSymbol(MYNAMSmemcpy)
Alloc(MYNAMSmemcpy,512)
CreateThread(MYNAMSmemcpy)
RegisterSymbol(ICSAdr)
Alloc(ICSAdr, 04)
RegisterSymbol(EspCheck)
Alloc(EspCheck, 04)
RegisterSymbol(JmpAdr)
Alloc(JmpAdr, 04)
RegisterSymbol(MYNA00)
Alloc(MYNA00, 128)
RegisterSymbol(MYNA00ICS)
Alloc(MYNA00ICS, 64)
Label(SearchAOB)
Label(StartHook)

RegisterSymbol(Finally)
Alloc(Finally, 128)
CreateThread(Finally)
RegisterSymbol(MYNA000)
Alloc(MYNA000, 64)


MYNA00OnOff:
dd 0 //0關 1開


Finally:
cmp [EspCheck],0
je Finally
cmp [Call1],0
je Finally
cmp [Call2],0
je Finally
cmp [MYNA00],0
je Finally
lea eax,[MYNA00]
add eax,23
mov byte ptr [eax],68
inc eax
lea ebx,[MYNA000]
mov dword ptr [eax],ebx
add eax,4
mov byte ptr [eax],c3
ret


MYNA000:
call [Call1]
mov ecx,eax
call [Call2]
mov [ebp-7c],eax
Push [JmpAdr]
ret

CopyMem:
cmp [EspCheck],0
je CopyMem
cmp [Call1],0
je CopyMem
cmp [Call2],0
je CopyMem
cmp [MYNA00],0
jg CopyMem
mov edi,MYNA00
mov esi,[EspCheck]
mov ecx,9
repe movsd
ret

Call1Thread:
mov eax,00400000
jmp Call1SearchAOB
ret

Call1SearchAOB: //CD 4B 54 00
cmp [eax],00544BCD
je  Call1StartHook
inc eax
cmp eax,00500000
jle Call1SearchAOB
ret

Call1StartHook:
Lea Ebx,[Eax-3D]
mov [Call1],Ebx
ret

Call2Thread:
mov eax,00500000
jmp Call2SearchAOB
ret

Call2SearchAOB: //f0 89 75 e4
cmp [eax],E47589F0
je  Call2StartHook
inc eax
cmp eax,007e0000
jle Call2SearchAOB
ret

Call2StartHook:
Lea Ebx,[Eax-13]
mov [Call2],Ebx
ret

MYNAMSmemcpy:
mov eax,00850000
jmp SearchAOB
ret

SearchAOB: //AOB: 4f 00 75 23
cmp [eax],2375004F
je  StartHook
inc eax
cmp eax,009F0000
jle SearchAOB
ret

StartHook:
Lea Ebx, [Eax-7D]
Mov [EspCheck], Ebx //EspCheck
Lea Ebx, [Eax-41]
Mov [JmpAdr],Ebx
Lea Ebx, [Eax-81]
Mov Ebx, [Ebx]
Mov [ICSAdr], Ebx   //ICSAdr
Lea Ecx,[MYNA00ICS]
Mov [Ebx],Ecx
Ret

MYNA00ICS:
cmp [MYNA00OnOff],0
je  OffsetRect
Mov Eax, [EspCheck]
Cmp [Esp], Eax
Jne OffsetRect
Mov [Esp],MYNA00
Jmp OffsetRect

[Disable]

留言

本月最夯

偷用電腦,怎知?事件檢視器全記錄!(開機時間、啟動項時間...)