ahmetabdi · November 20, 2017 22:38
diff --git a/gistfile1.asm b/gistfile1.asm
 { Game   : Tabletop Simulator.exe
  Version: 
  Date   : 2017-11-20
  Author : Green

  This script gives access to all DLC
 }

 [ENABLE]

 aobscan(UnlockDLC,55 48 8B EC 48 83 EC 20 48 89 4D E8 B8) // should be unique
 alloc(newmem,$1000,3EDBBB90)

 label(code)
 label(return)

 newmem:
  mov rax,1
  ret
 code:
  jmp return

 UnlockDLC:
  jmp newmem
  nop
  nop
  nop
 return:
 registersymbol(UnlockDLC)

 [DISABLE]

 UnlockDLC:
  db 55 48 8B EC 48 83 EC 20

 unregistersymbol(UnlockDLC)
 dealloc(newmem)

 {
 // ORIGINAL CODE - INJECTION POINT: 3EDBBB90

 ""+3EDBBB7C: 01 50 00                       -  add [rax+00],edx
 ""+3EDBBB7F: 00 00                          -  add [rax],al
 ""+3EDBBB81: 00 00                          -  add [rax],al
 ""+3EDBBB83: 00 00                          -  add [rax],al
 ""+3EDBBB85: 00 00                          -  add [rax],al
 ""+3EDBBB87: 00 00                          -  add [rax],al
 ""+3EDBBB89: 00 00                          -  add [rax],al
 ""+3EDBBB8B: 00 00                          -  add [rax],al
 ""+3EDBBB8D: 00 00                          -  add [rax],al
 ""+3EDBBB8F: 00 55                          - db 00 55  // SHORTENED TO HIT INJECTION FROM:  add [rbp+48],dl
 // ---------- INJECTING HERE ----------
 ""+3EDBBB91: 48 8B EC                       -  mov rbp,rsp
 ""+3EDBBB94: 48 83 EC 20                    -  sub rsp,20
 // ---------- DONE INJECTING  ----------
 ""+3EDBBB98: 48 89 4D E8                    -  mov [rbp-18],rcx
 ""+3EDBBB9C: B8 38 6F 7D 10                 -  mov eax,107D6F38
 ""+3EDBBBA1: 48 0F B6 00                    -  movzx rax,byte ptr [rax]
 ""+3EDBBBA5: 85 C0                          -  test eax,eax
 ""+3EDBBBA7: 75 04                          -  jne SteamManager:IsSubscribedApp+1d
 ""+3EDBBBA9: 33 C0                          -  xor eax,eax
 ""+3EDBBBAB: EB 35                          -  jmp SteamManager:IsSubscribedApp+52
 ""+3EDBBBAD: C7 45 F0 00 00 00 00           -  mov [rbp-10],00000000
 ""+3EDBBBB4: 48 63 45 E8                    -  movsxd  rax,dword ptr [rbp-18]
 ""+3EDBBBB8: 89 45 F0                       -  mov [rbp-10],eax
 }
	{ Game : Tabletop Simulator.exe
	Version:
	Date : 2017-11-20
	Author : Green

	This script gives access to all DLC
	}

	[ENABLE]

	aobscan(UnlockDLC,55 48 8B EC 48 83 EC 20 48 89 4D E8 B8) // should be unique
	alloc(newmem,$1000,3EDBBB90)

	label(code)
	label(return)

	newmem:
	mov rax,1
	ret
	code:
	jmp return

	UnlockDLC:
	jmp newmem
	nop
	nop
	nop
	return:
	registersymbol(UnlockDLC)

	[DISABLE]

	UnlockDLC:
	db 55 48 8B EC 48 83 EC 20

	unregistersymbol(UnlockDLC)
	dealloc(newmem)

	{
	// ORIGINAL CODE - INJECTION POINT: 3EDBBB90

	""+3EDBBB7C: 01 50 00 - add [rax+00],edx
	""+3EDBBB7F: 00 00 - add [rax],al
	""+3EDBBB81: 00 00 - add [rax],al
	""+3EDBBB83: 00 00 - add [rax],al
	""+3EDBBB85: 00 00 - add [rax],al
	""+3EDBBB87: 00 00 - add [rax],al
	""+3EDBBB89: 00 00 - add [rax],al
	""+3EDBBB8B: 00 00 - add [rax],al
	""+3EDBBB8D: 00 00 - add [rax],al
	""+3EDBBB8F: 00 55 - db 00 55 // SHORTENED TO HIT INJECTION FROM: add [rbp+48],dl
	// ---------- INJECTING HERE ----------
	""+3EDBBB91: 48 8B EC - mov rbp,rsp
	""+3EDBBB94: 48 83 EC 20 - sub rsp,20
	// ---------- DONE INJECTING ----------
	""+3EDBBB98: 48 89 4D E8 - mov [rbp-18],rcx
	""+3EDBBB9C: B8 38 6F 7D 10 - mov eax,107D6F38
	""+3EDBBBA1: 48 0F B6 00 - movzx rax,byte ptr [rax]
	""+3EDBBBA5: 85 C0 - test eax,eax
	""+3EDBBBA7: 75 04 - jne SteamManager:IsSubscribedApp+1d
	""+3EDBBBA9: 33 C0 - xor eax,eax
	""+3EDBBBAB: EB 35 - jmp SteamManager:IsSubscribedApp+52
	""+3EDBBBAD: C7 45 F0 00 00 00 00 - mov [rbp-10],00000000
	""+3EDBBBB4: 48 63 45 E8 - movsxd rax,dword ptr [rbp-18]
	""+3EDBBBB8: 89 45 F0 - mov [rbp-10],eax
	}