Search:

nahhh why would I recode that? I don't even know what does that function do /mmz and you didn't give enough info. Also if you want to do an asm on x64 you should use MASM instead.

I already said this on other thread also you can check it here

https://www.mpgh.net/forum/showthread.php?t=1576839

hmm why not try hook it and reverse it?

of course it disconnects you since the driver isn't running and it wasn't communicating on codehunter. like I said up here you can get the command using process hacker while crossfire is running and...

use IDA and search it as Names Window, if it doesn't show use class informer /gewd

just run the crossfire directly. How? just open process hacker and get the command how patchercf2.exe run the crossfire.exe and copy that command and paste it on new notepad then save it as...

just made your own loadlibrary that was built on x64 then dump it with scylla or any kind dumpers you know as long its x64 built in or just run the crossfire with the driver disabled so you can dump...

22_10/22_11 is modification of hitbox or nodes of player, you can bypass it via GAMEPROTO_CS_CLIENTFIRE.

-ctto awdacwadc

you shouldn't NOP because its 'CRC' boh1 so you should backup it and return it on original just like on weapon CRC AKA bypass 28_3/28_4

there is a CRC on modelnode and basicplayerinfo its easy to find though you don't need to attach debugger hmmm.
here is a tip, near the bypass of 28_3/28_4 on weapon CRC

you just need to JMP the m_Bypass19_3[0] and m_Bypass19_3[1], and in clientfire you need to hook it and do the stuffs but still useless because those function have CRC, unless you bypass it

awdacwadc already mention it on other thread that CRC was existed inside CF Kernel AC if you want to bypass it you should work at ring 0 too then do the stuffs

https://www.dropbo*****m/scl/fi/ugup67npd1iuwz1zggx81/cshell_x64_dump_11-22-2023.dll?rlkey=8u8i282ggww7vnth38d91w30y&dl=0

- - - Updated - - -



use DIP instead its safer than memory wallhack...

// ===============================================//
// --------> [ Crossfire Logs Started ] <-------- //
// ===============================================//

// Crossfire Base Address:...

CFPH Pattern x64:



NetVars::get()->Offset.m_ModelDimension = NetVarManager::get()->GetOffset(xorstr_(_T("m_ModelDimension")), eCShell,...

hmm i think you can dump the msg id on cf.exe or you could go the GAMEPROTO_CS_DAMAGE and follow the xref function and use pseudo of ida then you will see the id of that packet at the start of msgs

packet 35 = MSG_CS_CLIENTFIRE // they already patch this on other region but if you are looking autokill or killmgr for ZA Mode only you can use the
MSC_CS_DAMAGE or MSG_CS_DAMAGE_OBJECT

NetVars::get()->Pointer.m_CZoneManMgr = NetVarManager::get()->GetOffset(xorstr_(_T("m_CZoneManMgr")), eCShell, (BYTE*)"\x48\x89\x05\x00\x00\x00\x00\x48\x8B\x8A\x00\x00\x00\x00", "xxx????xxx????", 3,...

uint64_t m_CZoneManMgr = 0x2293310;
uint64_t m_NoBugDamage = 0x2FC;


CFPH Address/Offsets

have you ever tried to dump it with loadlibrary? or dump it in memory? then you can load it on ida or x64dbg

xhunter1.sys, kgds.sys and that xldr_thing.exe like i said up here i just include that xldr_thing.exe like a driver but i didn't said that thing is a driver /gewd /gewd.

you can include that xldr thing /gewd because it includes like a driver to me xd

if you can bypass that 3 driver you will be good and you can attach ce and reclass so you can do what stuff you needed

so what is the problem? DIP VTable Hooking in d3d9 still fine and its safe you can try it. but if you really don't want to hook that in d3d9 like you said there, you can use setobjectoutline for...

hmmm try DIP? i think its fine to use it because someone still using it and they don't get dc/ban