public AddressList_244_32(MemManager manager) { FoundAddresses = false; ProcessModule exe = manager.HookedProcess.MainModule; InjectLocation = manager.SigScan(exe.BaseAddress, exe.ModuleMemorySize, 5, "E8 ????????", // call Talos.exe + 63C640 // jmp 017F0000 "??????????", // OR // mov ecx,[esi+08] // test ecx, ecx "0F84 ????????", // je Talos.exe + 641B8E "E8 ????????", // call Talos.exe + 867970 "85 C0", // test eax, eax "0F84 ????????", // je Talos.exe + 641AEC "83 3D ???????? 00" // cmp dword ptr[Talos.exe + 118860C], 00 ); if (InjectLocation == IntPtr.Zero) { return; } InjectInstructionLength = 5; IntPtr tmp = manager.SigScan(exe.BaseAddress, exe.ModuleMemorySize, 6, "F3 0F11 45 CC", // movss[ebp - 34], xmm0 "E8 ????????", // call Talos.exe + 83A330 "83 C4 14" // add esp, 14 ); if (tmp == IntPtr.Zero) { return; } DrawText = manager.ReadDisplacement(tmp, false); tmp = manager.SigScan(exe.BaseAddress, exe.ModuleMemorySize, 1, "E8 ????????", // call Talos.exe + 82FE20 "8B 4D FC", // mov ecx,[ebp - 04] "8B 15 ????????", // mov edx,[Talos.exe + 11E8A20] "0F57 C0", // xorps xmm0, xmm0 "83 C4 18" // add esp, 18 ); if (tmp == IntPtr.Zero) { return; } DrawBox = manager.ReadDisplacement(tmp, false); Viewport = manager.Read <IntPtr>(IntPtr.Add(tmp, 9)); tmp = manager.SigScan(exe.BaseAddress, exe.ModuleMemorySize, 8, "83 C4 1C", // add esp,1C "85 C0", // test eax, eax "74 ??", // je Talos.exe + 641B7E "68 ????????", // push Talos.exe + 11D6B60 "E8 ????????" // call Talos.exe + 81F230 ); if (tmp == IntPtr.Zero) { return; } Font = manager.Read <IntPtr>(tmp); SetFont = manager.ReadDisplacement(IntPtr.Add(tmp, 5), false); FoundAddresses = true; }
public AddressList_440_64(MemManager manager) { FoundAddresses = false; ProcessModule exe = manager.HookedProcess.MainModule; InjectLocation = manager.SigScan(exe.BaseAddress, exe.ModuleMemorySize, 8, "49 8B CE", // mov rcx, r14 "E8 ????????", // call Talos.exe + 69C50 // jmp 13FFF0000 "??????????????", // OR // mov rcx,[r14 + 10] // test rcx, rcx "0F84 ????????", // je Talos.exe + 688CC "83 3D ???????? 00", // cmp dword ptr [Talos.exe + 1E015B8], 00 "0F84 ????????" // je Talos.exe + 688CC ); if (InjectLocation == IntPtr.Zero) { return; } InjectInstructionLength = 7; IntPtr tmp = manager.SigScan(exe.BaseAddress, exe.ModuleMemorySize, 15, "F3 0F11 4C 24 44", // movss[rsp + 44], xmm1 "C7 44 24 48 00000000", // mov[rsp + 48], 00000000 "E8 ????????", // call Talos.exe + A4AD80 "48 8D 4C 24 50" // lea rcx,[rsp+50] ); if (tmp == IntPtr.Zero) { return; } DrawText = manager.ReadDisplacement(tmp, false); tmp = manager.SigScan(exe.BaseAddress, exe.ModuleMemorySize, 1, "E8 ????????", // call Talos.exe + A47C60 "48 8B 94 24 88000000", // mov rdx, [rsp + 00000088] "48 8B 0D ????????" // mov rcx, [Talos.exe + 1E44500] ); if (tmp == IntPtr.Zero) { return; } DrawBox = manager.ReadDisplacement(tmp, false); Viewport = manager.ReadDisplacement(IntPtr.Add(tmp, 15), false); tmp = manager.SigScan(exe.BaseAddress, exe.ModuleMemorySize, 7, "85 C0", // test eax, eax "74 4A", // je Talos.exe + 688B8 "48 8D 0D ????????", // lea rcx, [Talos.exe + 1E017C0] "E8 ????????", // call Talos.exe + A1AE80 "F3 0F10 05 ????????" // movss xmm0, [Talos.exe + 12EDAA8] ); if (tmp == IntPtr.Zero) { return; } Font = manager.ReadDisplacement(tmp, false); SetFont = manager.ReadDisplacement(IntPtr.Add(tmp, 5), false); FoundAddresses = true; }