engine exe is a lil hard but heres a section of the memory i was able to capture before it locks up the debugger
Code:
00858000 | F4 | HLT |
00858001 | 24 12 | AND AL, 12 |
00858003 | 9C | PUSHFD |
00858004 | B2 37 | MOV DL, 37 |
00858006 | 04 00 | ADD AL, 0 |
00858008 | 13D9 | ADC EBX, ECX |
0085800A | 0900 | OR DWORD PTR [EAX], EAX |
0085800C | 72 61 | JB 0085806F |
0085800E | 3C 00 | CMP AL, 0 |
00858010 | 0000 | ADD BYTE PTR [EAX], AL |
00858012 | 0000 | ADD BYTE PTR [EAX], AL |
00858014 | B8 00000000 | MOV EAX, 0 |
00858019 | 60 | PUSHAD |
0085801A | 0BC0 | OR EAX, EAX |
0085801C | 74 68 | JE 00858086 |
0085801E | E8 00000000 | CALL 00858023 |
00858023 | 58 | POP EAX |
00858024 | 05 53000000 | ADD EAX, 53 |
00858029 | 8038 E9 | CMP BYTE PTR [EAX], E9 |
0085802C | 75 13 | JNZ 00858041 |
0085802E | 61 | POPAD |
0085802F | EB 45 | JMP 00858076 |
00858031 | DB2D 37808500 | FLD TBYTE PTR [858037] |
--
--
--
--
--
00858040 | 40 | INC EAX |
00858041 | E8 00000000 | CALL 00858046 |
00858046 | 58 | POP EAX |
00858047 | 25 00F0FFFF | AND EAX, FFFFF000 |
0085804C | 33FF | XOR EDI, EDI |
0085804E | 66:BB 195A | MOV BX, 5A19 |
00858052 | 66:83C3 34 | ADD BX, 34 |
00858056 | 66:3918 | CMP WORD PTR [EAX], BX |
00858059 | 75 12 | JNZ 0085806D |
0085805B | 0FB750 3C | MOVZX EDX, WORD PTR [EAX+3C] |
0085805F | 03D0 | ADD EDX, EAX |
00858061 | BB E9440000 | MOV EBX, 44E9 |
00858066 | 83C3 67 | ADD EBX, 67 |
00858069 | 391A | CMP DWORD PTR [EDX], EBX |
0085806B | 74 07 | JE 00858074 |
0085806D | 2D 00100000 | SUB EAX, 1000 |
00858072 | EB DA | JMP 0085804E |
00858074 | 8BF8 | MOV EDI, EAX |
00858076 | B8 1ED34800 | MOV EAX, 48D31E |
0085807B | 03C7 | ADD EAX, EDI |
0085807D | B9 6D823F00 | MOV ECX, 3F826D |
00858082 | 03CF | ADD ECX, EDI |
00858084 | EB 0A | JMP 00858090 |
00858086 | B8 1ED38E00 | MOV EAX, 8ED31E |
0085808B | B9 6D828500 | MOV ECX, 85826D |
00858090 | 50 | PUSH EAX |
00858091 | 51 | PUSH ECX |
00858092 | E8 87000000 | CALL 0085811E |
00858097 | E8 00000000 | CALL 0085809C |
0085809C | 58 | POP EAX |
0085809D | 2D 26000000 | SUB EAX, 26 |
008580A2 | B9 88FD6300 | MOV ECX, 63FD88 |
008580A7 | 81E9 9BFB6300 | SUB ECX, 63FB9B |
008580AD | 8948 01 | MOV DWORD PTR [EAX+1], ECX |
008580B0 | C600 E9 | MOV BYTE PTR [EAX], E9 |
008580B3 | 61 | POPAD |
008580B4 | E9 AF010000 | JMP 00858268 |
Originally Posted by
ryansasz
yea what does this do?
can you explain a little more?
for somone who codes they can use the info to write a bypass
to everyone else this information is useless
crap sorry i dbl posted