buff hack tutorial from nanio :D WPE PRO

[Only registered and activated users can see links. Click Here To Register...]
i just want to share what i found
should works with all buffs :D

mas spaw
it's my interest my p0st please

my gift to you

{ Game : dekaron.exe
Version:
Date : 2020-04-13
Author : WaaaR

This script does blah blah blah
}

[ENABLE]

aobscanmodule(INJECT,dekaron.exe,83 78 08 13 75 5F) // should be unique
alloc(newmem,$1000)

label(code)
label(return)

newmem:

cmp dword ptr [eax+08],01 // checking for HP pot?
mov dword ptr[eax+08],11 // change to auto pot
cmp dword ptr [eax+08],02 // checking for MP pot?
mov dword ptr[eax+08],12 // change to auto pot

code:
cmp dword ptr [eax+08],13
jne dekaron.exe+9C5D34
jmp return

INJECT:
jmp newmem
nop
return:
registersymbol(INJECT)

[DISABLE]

INJECT:
db 83 78 08 13 75 5F

unregistersymbol(INJECT)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "dekaron.exe"+9C5CCF

"dekaron.exe"+9C5CB6: 8B 01 - mov eax,[ecx]
"dekaron.exe"+9C5CB8: FF 50 58 - call dword ptr [eax+58]
"dekaron.exe"+9C5CBB: 8B 03 - mov eax,[ebx]
"dekaron.exe"+9C5CBD: 8B CB - mov ecx,ebx
"dekaron.exe"+9C5CBF: FF 50 3C - call dword ptr [eax+3C]
"dekaron.exe"+9C5CC2: 83 78 08 0C - cmp dword ptr [eax+08],0C
"dekaron.exe"+9C5CC6: 74 0D - je dekaron.exe+9C5CD5
"dekaron.exe"+9C5CC8: 8B 03 - mov eax,[ebx]
"dekaron.exe"+9C5CCA: 8B CB - mov ecx,ebx
"dekaron.exe"+9C5CCC: FF 50 3C - call dword ptr [eax+3C]
// ---------- INJECTING HERE ----------
"dekaron.exe"+9C5CCF: 83 78 08 13 - cmp dword ptr [eax+08],13
"dekaron.exe"+9C5CD3: 75 5F - jne dekaron.exe+9C5D34
// ---------- DONE INJECTING ----------
"dekaron.exe"+9C5CD5: 8B 35 E4 AC 60 01 - mov esi,[dekaron.exe+120ACE4]
"dekaron.exe"+9C5CDB: 8B CB - mov ecx,ebx
"dekaron.exe"+9C5CDD: 8B 03 - mov eax,[ebx]
"dekaron.exe"+9C5CDF: 8B 3E - mov edi,[esi]
"dekaron.exe"+9C5CE1: FF 50 3C - call dword ptr [eax+3C]
"dekaron.exe"+9C5CE4: 8B CE - mov ecx,esi
"dekaron.exe"+9C5CE6: 0F B7 40 2B - movzx eax,word ptr [eax+2B]
"dekaron.exe"+9C5CEA: 50 - push eax
"dekaron.exe"+9C5CEB: FF 57 08 - call dword ptr [edi+08]
"dekaron.exe"+9C5CEE: 85 C0 - test eax,eax
}

Looks very nice.

this is auto pot lol

Quote:

Originally Posted by kgostosa mas spaw it's my interest my p0st please my gift to you { Game : dekaron.exe Version: Date : 2020-04-13 Author : WaaaR This script does blah blah blah } [ENABLE] aobscanmodule(INJECT,dekaron.exe,83 78 08 13 75 5F) // should be unique alloc(newmem,$1000) label(code) label(return) newmem: cmp dword ptr [eax+08],01 // checking for HP pot? mov dword ptr[eax+08],11 // change to auto pot cmp dword ptr [eax+08],02 // checking for MP pot? mov dword ptr[eax+08],12 // change to auto pot code: cmp dword ptr [eax+08],13 jne dekaron.exe+9C5D34 jmp return INJECT: jmp newmem nop return: registersymbol(INJECT) [DISABLE] INJECT: db 83 78 08 13 75 5F unregistersymbol(INJECT) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: "dekaron.exe"+9C5CCF "dekaron.exe"+9C5CB6: 8B 01 - mov eax,[ecx] "dekaron.exe"+9C5CB8: FF 50 58 - call dword ptr [eax+58] "dekaron.exe"+9C5CBB: 8B 03 - mov eax,[ebx] "dekaron.exe"+9C5CBD: 8B CB - mov ecx,ebx "dekaron.exe"+9C5CBF: FF 50 3C - call dword ptr [eax+3C] "dekaron.exe"+9C5CC2: 83 78 08 0C - cmp dword ptr [eax+08],0C "dekaron.exe"+9C5CC6: 74 0D - je dekaron.exe+9C5CD5 "dekaron.exe"+9C5CC8: 8B 03 - mov eax,[ebx] "dekaron.exe"+9C5CCA: 8B CB - mov ecx,ebx "dekaron.exe"+9C5CCC: FF 50 3C - call dword ptr [eax+3C] // ---------- INJECTING HERE ---------- "dekaron.exe"+9C5CCF: 83 78 08 13 - cmp dword ptr [eax+08],13 "dekaron.exe"+9C5CD3: 75 5F - jne dekaron.exe+9C5D34 // ---------- DONE INJECTING ---------- "dekaron.exe"+9C5CD5: 8B 35 E4 AC 60 01 - mov esi,[dekaron.exe+120ACE4] "dekaron.exe"+9C5CDB: 8B CB - mov ecx,ebx "dekaron.exe"+9C5CDD: 8B 03 - mov eax,[ebx] "dekaron.exe"+9C5CDF: 8B 3E - mov edi,[esi] "dekaron.exe"+9C5CE1: FF 50 3C - call dword ptr [eax+3C] "dekaron.exe"+9C5CE4: 8B CE - mov ecx,esi "dekaron.exe"+9C5CE6: 0F B7 40 2B - movzx eax,word ptr [eax+2B] "dekaron.exe"+9C5CEA: 50 - push eax "dekaron.exe"+9C5CEB: FF 57 08 - call dword ptr [edi+08] "dekaron.exe"+9C5CEE: 85 C0 - test eax,eax }

Weird, encryption byte changes every time you send a packet, and since you aren't re-creating the packet I guess the server should ignore it. Did they change the protocol?