//alloc(newmem,2048,"DiabloImmortal.exe"+3BE82A)
//alloc(newmem,2048,"DiabloImmortal.exe"+3C6AFA)
//alloc(newmem,2048,"DiabloImmortal.exe"+3C150A)
//alloc(newmem,2048,"DiabloImmortal.exe"+3C264A)
alloc(newmem,2048,"DiabloImmortal.exe"+436023)


label(returnhere)
label(originalcode)
label(exit)

newmem: //this is allocated memory, you have read,write,execute access
//place your code here

originalcode:

// new func
//cmp byte ptr [r13+33],04
//jne 7FF752E16033   > je 1 + 2 moi mat hinh
//cmp [rsi+45],bl
//je 7FF752E165D5    > jne 2 + 1 moi mat hinh
//mov r9,[rsi+000000B8]
//mov [rsp+00000138],r9
//test r9,r9

cmp [7FFE0338],00002114 // $active_process
jne jne01
    cmp byte ptr [r13+33],00
    je fix01
     //jne "DiabloImmortal.exe"+72EE2E+16 > fix01
    jmp returnhere+5AD // > je 7FF752E165D5 mov r9,[rsi+000000B8]
    fix01:
cmp [rsi+45],bl
jne01:

cmp [7FFE0338],00002114 // $active_process
je je01
   cmp byte ptr [r13+33],04
   je fix02
   //jne "DiabloImmortal.exe"+72EE2E+16 > fix02
   jmp returnhere+5AD // > je 7FF752E165D5 mov r9,[rsi+000000B8]
   fix02:
cmp [rsi+45],bl
je01:


exit:
jmp returnhere


//jmp returnhere+5B2 -0x5 code jmp returnhere+5AD




//"DiabloImmortal.exe"+3BE82A:
//"DiabloImmortal.exe"+3C6AFA:
//"DiabloImmortal.exe"+3C150A:
//"DiabloImmortal.exe"+3C264A:
"DiabloImmortal.exe"+436023:


jmp newmem
returnhere: