Last active
March 31, 2018 13:23
-
-
Save timnew/9d6748e2ad5bd177b1d8827fe93e945d to your computer and use it in GitHub Desktop.
Creeper World 2.12 Steam Mac Version BitSlicer Scripts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Edit Infinite AC! | |
#Introduction to scripting: https://github.com/zorgiepoo/Bit-Slicer/wiki/Introduction-to-Scripting | |
from bitslicer import VirtualMemoryError, DebuggerError | |
def locateSignature(signature): | |
debug.log("Searching signature...") | |
scanResult = vm.scanByteString(signature) | |
if len(scanResult) == 0: | |
debug.log("Signature cannot be found.") | |
return None | |
debug.log("Found address: " + str(scanResult)) | |
return scanResult | |
def assembleCodeWithSize(code, size): | |
codeBuffer = bytes(debug.assemble(code)) | |
nopCount = size - len(codeBuffer) | |
if nopCount < 0: | |
raise ValueError('spaceOverflow') | |
nops = b'\x90' * nopCount | |
fullCode = codeBuffer + nops | |
return fullCode | |
def codeSizeFromSignature(signature): | |
return (len(signature) + 1) // 3 | |
class SignatureNotFound(Exception): | |
"""Signautre block cannot be found""" | |
pass | |
class CodeBlock(object): | |
SIGNATURE = '' | |
CODE_SIZE = 0 | |
HIJACK_CODE = """ """ | |
CRITICAL = True | |
def name(self): | |
return self.__class__.__name__ | |
def scan(self): | |
debug.log("Scanning " + self.name() + " ..." ) | |
self.addresses = locateSignature(self.SIGNATURE) | |
if self.CRITICAL and self.addresses is None: | |
raise SignatureNotFound | |
def backupCode(self): | |
self.originalCodes = [debug.readBytes(address, self.CODE_SIZE) for address in self.addresses] | |
def restoreCode(self): | |
for address, code in zip(self.addresses, self.originalCodes): | |
debug.writeBytes(address, code) | |
def overwriteCode(self): | |
code = assembleCodeWithSize(self.HIJACK_CODE, self.CODE_SIZE) | |
for address in self.addresses: | |
debug.writeBytes(address, code) | |
def enable(self, scan = True): | |
debug.log("Enabling " + self.name() + " ..." ) | |
if scan: | |
self.scan() | |
if self.addresses is None: | |
debug.log("[Warning] Non critical block" + self.name() + " cannot be found.") | |
debug.notify(self.name(), "Non critical block not found.") | |
return | |
self.backupCode() | |
self.overwriteCode() | |
debug.log(self.name() + " is enabled.") | |
def disable(self): | |
debug.log("Disabling " + self.name() + " ...") | |
if self.addresses is None: | |
debug.log(self.name() + "is ignored") | |
return | |
self.restoreCode() | |
debug.log(self.name() + " is disabled") | |
class MultiBlockScript(object): | |
codeBlocks = [ | |
] | |
def enable(self): | |
debug.log("Enabling...") | |
debug.log("Scanning....") | |
for block in self.codeBlocks: | |
block.scan() | |
debug.log("Apply....") | |
for block in self.codeBlocks: | |
block.enable(False) | |
debug.log("Enabled") | |
def disable(self): | |
debug.log("Disabling...") | |
for block in self.codeBlocks: | |
block.disable() | |
debug.log("Disabled") | |
def __init__(self): | |
self.enable() | |
def finish(self): | |
self.disable() | |
class Script(MultiBlockScript): | |
class AcCollect(CodeBlock): | |
""" | |
0x1126F2C9C movsxd rax, dword [r14+0x38] 49 63 46 38 | |
0x1126F2CA0 inc eax FF C0 | |
0x1126F2CA2 mov [r14+0x38], eax 41 89 46 38 | |
""" | |
SIGNATURE = '49 63 46 38 FF C0 41 89 46 38' | |
CODE_SIZE = codeSizeFromSignature(SIGNATURE) | |
HIJACK_CODE = """ | |
mov eax, 0xffff | |
mov [r14+0x38], eax | |
""" | |
class AcConsume(CodeBlock): | |
""" | |
0x11D984913 movsxd rax, dword [r14+0x38] 49 63 46 38 | |
0x11D984917 dec eax FF C8 | |
0x11D984919 mov [r14+0x38], eax 41 89 46 38 | |
""" | |
SIGNATURE = '49 63 46 38 FF C8 41 89 46 38' | |
CODE_SIZE = codeSizeFromSignature(SIGNATURE) | |
HIJACK_CODE = """ | |
mov eax, 0xffff | |
mov [r14+0x38], eax | |
""" | |
CRITICAL = False | |
codeBlocks = [ | |
AcCollect(), | |
AcConsume() | |
] | |
def __init__(self): | |
super().__init__() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Edit Infinite Aether! | |
#Introduction to scripting: https://github.com/zorgiepoo/Bit-Slicer/wiki/Introduction-to-Scripting | |
from bitslicer import VirtualMemoryError, DebuggerError | |
def locateSignature(signature): | |
debug.log("Searching signature...") | |
scanResult = vm.scanByteString(signature) | |
if len(scanResult) == 0: | |
debug.log("Signature cannot be found.") | |
return None | |
debug.log("Found address: " + str(scanResult)) | |
return scanResult | |
def assembleCodeWithSize(code, size): | |
codeBuffer = bytes(debug.assemble(code)) | |
nopCount = size - len(codeBuffer) | |
if nopCount < 0: | |
raise ValueError('spaceOverflow') | |
nops = b'\x90' * nopCount | |
fullCode = codeBuffer + nops | |
return fullCode | |
def codeSizeFromSignature(signature): | |
return (len(signature) + 1) // 3 | |
class SignatureNotFound(Exception): | |
"""Signautre block cannot be found""" | |
pass | |
class CodeBlock(object): | |
SIGNATURE = '' | |
CODE_SIZE = 0 | |
HIJACK_CODE = """ """ | |
CRITICAL = True | |
def name(self): | |
return self.__class__.__name__ | |
def scan(self): | |
debug.log("Scanning " + self.name() + " ..." ) | |
self.addresses = locateSignature(self.SIGNATURE) | |
if self.CRITICAL and self.addresses is None: | |
raise SignatureNotFound | |
def backupCode(self): | |
self.originalCodes = [debug.readBytes(address, self.CODE_SIZE) for address in self.addresses] | |
def restoreCode(self): | |
for address, code in zip(self.addresses, self.originalCodes): | |
debug.writeBytes(address, code) | |
def overwriteCode(self): | |
code = assembleCodeWithSize(self.HIJACK_CODE, self.CODE_SIZE) | |
for address in self.addresses: | |
debug.writeBytes(address, code) | |
def enable(self, scan = True): | |
debug.log("Enabling " + self.name() + " ..." ) | |
if scan: | |
self.scan() | |
if self.addresses is None: | |
debug.log("[Warning] Non critical block" + self.name() + " cannot be found.") | |
debug.notify(self.name(), "Non critical block not found.") | |
return | |
self.backupCode() | |
self.overwriteCode() | |
debug.log(self.name() + " is enabled.") | |
def disable(self): | |
debug.log("Disabling " + self.name() + " ...") | |
if self.addresses is None: | |
debug.log(self.name() + "is ignored") | |
return | |
self.restoreCode() | |
debug.log(self.name() + " is disabled") | |
class MultiBlockScript(object): | |
codeBlocks = [ | |
] | |
def enable(self): | |
debug.log("Enabling...") | |
debug.log("Scanning....") | |
for block in self.codeBlocks: | |
block.scan() | |
debug.log("Apply....") | |
for block in self.codeBlocks: | |
block.enable(False) | |
debug.log("Enabled") | |
def disable(self): | |
debug.log("Disabling...") | |
for block in self.codeBlocks: | |
block.disable() | |
debug.log("Disabled") | |
def __init__(self): | |
self.enable() | |
def finish(self): | |
self.disable() | |
class Script(MultiBlockScript): | |
class CollectAether(CodeBlock): | |
""" | |
0x11CC5002E movsxd rcx, dword [rax+0x44c] 48 63 88 4C 04 00 00 | |
0x11CC50035 inc ecx FF C1 | |
0x11CC50037 mov [rax+0x44c], ecx 89 88 4C 04 00 00 | |
""" | |
SIGNATURE = '48 63 88 4C 04 00 00 FF C1 89 88 4C 04 00 00' | |
CODE_SIZE = codeSizeFromSignature(SIGNATURE) | |
HIJACK_CODE = """ | |
mov ecx, 0xffff | |
mov [rax+0x44c], ecx | |
""" | |
class ConsumeAether(CodeBlock): | |
""" | |
0x11CC54C9E movsxd rcx, dword [rax+0x44c] 48 63 88 4C 04 00 00 | |
0x11CC54CA5 sub ecx, r13d 41 2B CD | |
0x11CC54CA8 mov [rax+0x44c], ecx 89 88 4C 04 00 00 | |
""" | |
SIGNATURE = '48 63 88 4C 04 00 00 41 2B CD 89 88 4C 04 00 00' | |
CODE_SIZE = codeSizeFromSignature(SIGNATURE) | |
HIJACK_CODE = """ | |
mov ecx, 0xffff | |
mov [rax+0x44c], ecx | |
""" | |
CRITICAL = False | |
class SingularityWeapon(CodeBlock): | |
""" | |
0x1289300DE movsxd rcx, dword [rax+0x44c] 48 63 88 4C 04 00 00 | |
0x1289300E5 movsxd rdx, dword [r13+0x400] 49 63 95 00 04 00 00 | |
0x1289300EC sub ecx, edx 2B CA | |
0x1289300EE mov [rax+0x44c], ecx 89 88 4C 04 00 00 | |
""" | |
SIGNATURE = '48 63 88 4C 04 00 00 49 63 95 00 04 00 00 2B CA 89 88 4C 04 00 00' | |
CODE_SIZE = codeSizeFromSignature(SIGNATURE) | |
HIJACK_CODE = """ | |
mov ecx, 0xffff | |
mov [rax+0x44c], ecx | |
""" | |
CRITICAL = False | |
codeBlocks = [ | |
CollectAether(), | |
ConsumeAether(), | |
SingularityWeapon() | |
] | |
def __init__(self): | |
super().__init__() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Edit Infinite Energy! | |
#Introduction to scripting: https://github.com/zorgiepoo/Bit-Slicer/wiki/Introduction-to-Scripting | |
from bitslicer import VirtualMemoryError, DebuggerError | |
def locateSignature(signature): | |
debug.log("Searching signature...") | |
scanResult = vm.scanByteString(signature) | |
if len(scanResult) == 0: | |
debug.log("Signature cannot be found.") | |
return None | |
debug.log("Found address: " + str(scanResult)) | |
return scanResult | |
def assembleCodeWithSize(code, size): | |
codeBuffer = bytes(debug.assemble(code)) | |
nopCount = size - len(codeBuffer) | |
if nopCount < 0: | |
raise ValueError('spaceOverflow') | |
nops = b'\x90' * nopCount | |
fullCode = codeBuffer + nops | |
return fullCode | |
def codeSizeFromSignature(signature): | |
return (len(signature) + 1) // 3 | |
class SignatureNotFound(Exception): | |
"""Signautre block cannot be found""" | |
pass | |
class CodeBlock(object): | |
SIGNATURE = '' | |
CODE_SIZE = 0 | |
HIJACK_CODE = """ """ | |
CRITICAL = True | |
def name(self): | |
return self.__class__.__name__ | |
def scan(self): | |
debug.log("Scanning " + self.name() + " ..." ) | |
self.addresses = locateSignature(self.SIGNATURE) | |
if self.CRITICAL and self.addresses is None: | |
raise SignatureNotFound | |
def backupCode(self): | |
self.originalCodes = [debug.readBytes(address, self.CODE_SIZE) for address in self.addresses] | |
def restoreCode(self): | |
for address, code in zip(self.addresses, self.originalCodes): | |
debug.writeBytes(address, code) | |
def overwriteCode(self): | |
code = assembleCodeWithSize(self.HIJACK_CODE, self.CODE_SIZE) | |
for address in self.addresses: | |
debug.writeBytes(address, code) | |
def enable(self, scan = True): | |
debug.log("Enabling " + self.name() + " ..." ) | |
if scan: | |
self.scan() | |
if self.addresses is None: | |
debug.log("[Warning] Non critical block" + self.name() + " cannot be found.") | |
debug.notify(self.name(), "Non critical block not found.") | |
return | |
self.backupCode() | |
self.overwriteCode() | |
debug.log(self.name() + " is enabled.") | |
def disable(self): | |
debug.log("Disabling " + self.name() + " ...") | |
if self.addresses is None: | |
debug.log(self.name() + "is ignored") | |
return | |
self.restoreCode() | |
debug.log(self.name() + " is disabled") | |
class Script(CodeBlock): | |
""" | |
0x109596E48 mov rax, [r15+0x2b0] 49 8B 87 B0 02 00 00 | |
0x109596E4F movss xmm0, [rax+0x5c] F3 0F 10 40 5C | |
0x109596E54 cvtss2sd xmm0, xmm0 F3 0F 5A C0 | |
0x109596E58 movss xmm1, [rip+0x210] F3 0F 10 0D 10 02 00 00 | |
0x109596E60 cvtss2sd xmm1, xmm1 F3 0F 5A C9 | |
0x109596E64 movss xmm2, [rip+0x1f4] F3 0F 10 15 F4 01 00 00 | |
0x109596E6C cvtss2sd xmm2, xmm2 F3 0F 5A D2 | |
0x109596E70 mov rcx, 0x12144e304 48 B9 ?? ?? ?? ?? ?? ?? ?? ?? | |
0x109596E7A movsxd rcx, dword [rcx] 48 63 09 | |
0x109596E7D cvtsi2sd xmm3, ecx F2 0F 2A D9 | |
0x109596E81 movss xmm4, [rip+0x1c7] F3 0F 10 25 C7 01 00 00 | |
0x109596E89 cvtss2sd xmm4, xmm4 F3 0F 5A E4 | |
0x109596E8D mulsd xmm3, xmm4 F2 0F 59 DC | |
0x109596E91 addsd xmm2, xmm3 F2 0F 58 D3 | |
0x109596E95 mulsd xmm1, xmm2 F2 0F 59 CA | |
0x109596E99 addsd xmm0, xmm1 F2 0F 58 C1 | |
0x109596E9D cvtsd2ss xmm15, xmm0 F2 44 0F 5A F8 | |
0x109596EA2 movss [rax+0x5c], xmm15 F3 44 0F 11 78 5C | |
""" | |
SIGNATURE = '49 8B 87 B0 02 00 00 F3 0F 10 40 5C F3 0F 5A C0 F3 0F 10 0D 10 02 00 00 F3 0F 5A C9 F3 0F 10 15 F4 01 00 00 F3 0F 5A D2 48 B9 ?? ?? ?? ?? ?? ?? ?? ?? 48 63 09 F2 0F 2A D9 F3 0F 10 25 C7 01 00 00 F3 0F 5A E4 F2 0F 59 DC F2 0F 58 D3 F2 0F 59 CA F2 0F 58 C1 F2 44 0F 5A F8 F3 44 0F 11 78 5C' | |
CODE_SIZE = codeSizeFromSignature(SIGNATURE) | |
HIJACK_CODE = ''' | |
mov rax, [r15+0x2b0] | |
mov ecx, 0x1ff | |
cvtsi2ss xmm15, ecx | |
movss [rax+0x5c], xmm15 | |
''' | |
def __init__(self): | |
debug.log("Initializing...") | |
self.enable() | |
def finish(self): | |
debug.log("Cleaning up...") | |
self.disable() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment