Home › Forum › MultiPlayer Game Hacks & Cheats › Call of Duty Hacks & Cheats › Call of Duty 8 - Modern Warfare 3 (MW3) Hacks & Cheats › Call of Duty Modern Warfare 3 Coding, Programming & Source Code › VB.Net | C# | C++ {Post your Codes/Snippets}
VB.Net | C# | C++ {Post your Codes/Snippets}
VB.Net | C# | C++ {Post your Codes/Snippets}
Post your cods/snippets used for Modern Warfare 3
How to keep this clean:
First mark your thread with the language used. (Also name the title like: VB.Net - Write to Memory)
Put the code in the: [code ] *Put code here* [/code ] (Without the space)
Other post will be DELETED
How to keep this clean:
First mark your thread with the language used. (Also name the title like: VB.Net - Write to Memory)
Put the code in the: [code ] *Put code here* [/code ] (Without the space)
Other post will be DELETED
C++, Getting the entry point.
I suppose I can contribute with some basic memory editing..
Some people wondered why programs like cheat engine gives you an address like 'iw5mp.exe + 0x22311' instead of the direct address and also how one would add the 'iw5mp.exe' part in code..
Function for the example:
MW3 example:
Note From @master131
Some people wondered why programs like cheat engine gives you an address like 'iw5mp.exe + 0x22311' instead of the direct address and also how one would add the 'iw5mp.exe' part in code..
Function for the example:
Code:
BYTE* GetEntryPoint(DWORD MW3_PID)
{
MODULEENTRY32 iw5mp;
BYTE* ModuleBase = NULL;
HANDLE hSnapShot = NULL;
if(MW3_PID == 0) return 0;
iw5mp.dwSize = sizeof(iw5mp);
hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, MW3_PID);
ModuleBase = iw5mp.modBaseAddr;
CloseHandle(hSnapShot);
return ModuleBase;
}
Code:
#include <Windows.h>
#include <tlhelp32.h>
#include <process.h>
DWORD MW3_PID;
HWND MW3_HWND;
HANDLE MW3_HANDLE;
BYTE* GetEntryPoint(DWORD MW3_PID);
void Do_stuff(void*);
int main()
{
while(!(MW3_HWND = FindWindow(NULL,"Call of Duty®: Modern Warfare® 3 Multiplayer")))
Sleep(10);
while(!(GetWindowThreadProcessId(MW3_HWND,&MW3_PID)))
Sleep(10);
while(!(MW3_HANDLE = OpenProcess(PROCESS_ALL_ACCESS,false,MW3_PID)))
Sleep(10);
_beginthread(Do_stuff, 0, 0);
while(MW3_HWND = FindWindow(NULL,"Call of Duty®: Modern Warfare® 3 Multiplayer"))
{
Sleep(200);
}
return 0;
}
void Do_stuff(void*)
{
// Let's use DWORDs for the sake of clarity..
DWORD Base = (DWORD)GetEntryPoint(MW3_PID);
DWORD Address = Base + 0x22311; // iw5mp.exe + 0x22311
BYTE temp = 0;
while(1)
{
// Wait for input..
// Then do whatever you want to the address..
WriteProcessMemory(MW3_HANDLE, (PVOID)Address, &temp, 1, NULL);
SetForegroundWindow(MW3_HWND);
}
}
Just a note @aIW|Convery, using 'Call of Duty®: Modern Warfare® 3 Multiplayer' can cause some problems with people who have the ® symbol appear as a question mark. The foolproof method would be to use the window's class name which is 'IW5'.
eg. FindWindow("IW5", NULL);
eg. FindWindow("IW5", NULL);
Here is a little compilation of code snippets from @cardoow, you can find some updated addies at the bottom of this post.
World2Radar: (offsets for 1.4.382, just a note that 0x8FF100 refers to CG_T, CRadarHud struct can be found under 'Engine Radar Overlay').
Originally Posted by cardoow
************************************************** **********
Engine Radar Overlay: (offsets for 1.4.368 I think)
Originally Posted by cardoow
************************************************** **********
Thermal Overlay: (this is for 1.4.368 I think)
Originally Posted by cardoow
************************************************** **********
Advanced UAV: (this is for 1.4.368 I think)
Originally Posted by cardoow
************************************************** **********
MW3 Reversings: (this is for 1.2.358 for I think)
Originally Posted by cardoow
************************************************** **********
Updated Addresses: (1.5.387)
I couldn't find the addresses for the MW3 Reversings one because I don't have a copy of the iw5mp.exe executable for 1.2.358.
Notes:
LocalClientNum is stored @ CG_T + 0x150.
Originally Posted by cardoow
The value '0x1C2C39C' should be replaced with the address defined as ADDR_ADVANCEDUAV.
To get the weapon shader for a weapon....
Originally Posted by CypherPresents
World2Radar: (offsets for 1.4.382, just a note that 0x8FF100 refers to CG_T, CRadarHud struct can be found under 'Engine Radar Overlay').
Originally Posted by cardoow
For my external radar i totally reversed the fullmap radar, so im sharing it because
it might be usefull for some of you.
example code on how to use it
it might be usefull for some of you.
Code:
CRadarVecs * GetRadarInfo(CRadarHud * radarhud, CRadarSize radarSize)
{
float v15, v19;
CRadarVecs * radarvecs;
float v14 = radarhud->w / radarhud->h;
float v25 = *(float *)(0x8FF100 + (DWORD)487708) / *(float *)(0x8FF100 + (DWORD)487712);
float v22 = radarSize.VecA + radarhud->x;
float v23 = radarSize.Vecb + radarhud->y;
float v13 = v25;
float v12 = v14;
if ( v14 >= v25 )
{
float v27 = (v13 / v12) * radarhud->w;
float v17 = (radarhud->w * 0.5) + v22;
radarvecs->w = v17 - (0.5 * v27);
radarvecs->h = v23;
radarvecs->x = v27;
v15 = radarhud->h;
}
else
{
float v16 = (radarhud->h * 0.5) + v23;
float v26 = (v12 / v13) * radarhud->h;
radarvecs->w = v22;
radarvecs->h = v16 - (0.5 * v26);
radarvecs->x = radarhud->w;
v15 = v26;
}
radarvecs->y = v15;
float v28 = *(float *)(*(DWORD*)(0x8F16D0) + 0xC);
float v18 = radarvecs->x * 0.25;
if ( v28 <= v18 )
{
v19 = v28;
}
else
{
v19 = v18;
}
float v20 = 0.25 * radarvecs->y;
if ( v20 < v19 )
{
v19 = v20;
}
radarvecs->w = radarvecs->w + v19;
radarvecs->h = radarvecs->h + v19;
float v21 = v19 + v19;
radarvecs->x = radarvecs->x - v21;
radarvecs->y = radarvecs->y - v21;
return radarvecs;
}
Code:
float * GetRadarPos(CRadarVecs * radarvecs, Vec3 vTarget)
{
Vec3 vOrigin;
float pos[2];
vOrigin[0] = vTarget[0] - *(float *)(0x8FF100 + (DWORD)487700);
vOrigin[1] = vTarget[1] - *(float *)(0x8FF100 + (DWORD)487704);
float v18 = (*(float *)(0x8FF100 + (DWORD)487692) * vOrigin[0]) - (*(float *)(0x8FF100 + (DWORD)487688) * vOrigin[1]);
float v19 = (vOrigin[1] * -*(float *)(0x8FF100 + (DWORD)487692)) - (vOrigin[0] * *(float *)(0x8FF100 + (DWORD)487688));
float v20 = (v18 / *(float *)(0x8FF100 + (DWORD)487708)) - 0.5;
float v21 = (v19 / *(float *)(0x8FF100 + (DWORD)487712)) - 0.5;
pos[0] = radarvecs->x * v20;
pos[1] = radarvecs->y * v21;
return pos;
}
Code:
void ShowRadarPos(CRadarHud * radarhud, CRadarSize radarSize, Vec3 vTarget, int Shader)
{
float * fPos;
CRadarVecs * radarvecs = GetRadarInfo(radarhud, radarSize);
fPos = GetRadarPos(radarvecs, vTarget);
float v20 = radarhud->x + (radarhud->w * 0.5f) + fPos[0];
float v10 = radarhud->y + (radarhud->h * 0.5f) + fPos[1];
DrawPic(v20, v10, 20, 20, cWhite, Shader);
}
Code:
DrawStretchPic(radarhud.x, radarhud.y, radarhud.w, radarhud.h, 0.0f, 0.0f, 1.0f, 1.0f, cWhite, *(DWORD*)0x976210);
for(int i=0; i<1024; i++)
{
CEntity * pEnt = GetEntityByIndex(i);
if(!(pEnt->isAlive & 1))
continue;
if(pEnt->eType == ET_MISSILE)
{
char * szShader = GetWeaponShader(pEnt->WeaponNum);
if(szShader)
ShowRadarPos(&radarhud, radarsize, pEnt->vOrigin, RegisterShader(szShader, 7));
}
}
Engine Radar Overlay: (offsets for 1.4.368 I think)
Originally Posted by cardoow
Cypher Presents showed a method on how to draw your own radar
Well what he did was recreating the overlay by using drawrotatedpic
and i thought by myself this could be done easier. So here it is.
Credits:
CypherPresents
King Orgy aka heimwerker
Smoochy
Code:
class CRadarHud
{
public:
float x; //0x0000
float y; //0x0004
float w; //0x0008
float h; //0x000C
char _0x0010[12];
};
CRadarHud radarhud;
radarhud.x = x;
radarhud.y = y;
radarhud.w = w;
radarhud.h = h;
DrawEngineRadar( 0 , 0 , 0 , &radarhud, &whiteshader, color);
and i thought by myself this could be done easier. So here it is.
Code:
typedef void (__cdecl* DrawEngineRadar_ )( int a1, int a2, int a3, CRadarHud* radar, int shader, Vec4 color ); DrawEngineRadar_ DrawEngineRadar = ( DrawEngineRadar_ )0x4DE9C0; typedef void (__cdecl* OverlayPackage_ )( int a1, int a2, int a3, CRadarHud* radar, int shader, Vec4 color ); OverlayPackage_ OverlayPackage = ( OverlayPackage_ )0x4450A0; typedef void (*OverlayEnemy_)(int a1, int a2, int a3, CRadarHud* hud, Vec4 col); OverlayEnemy_ OverlayEnemy = (OverlayEnemy_)0x47F690; typedef void (*OverlayFriendly_)(int a1, int a2, int a3, CRadarHud* hud, Vec4 col); OverlayFriendly_ OverlayFriendly = (OverlayFriendly_)0x508B40; typedef void (*OverlayTurret_)(int a1, int a2, int a3, CRadarHud* hud, Vec4 col); OverlayTurret_ OverlayTurret = (OverlayTurret_)0x4A5270; typedef void (*OverlayHeli_)(int a1, int a2, int a3, CRadarHud* hud, Vec4 col); OverlayHeli_ OverlayHeli = (OverlayHeli_)0x459130; typedef void (*OverlayLocal_)(int a1, int a2, int a3, CRadarHud* hud, Vec4 col); OverlayLocal_ OverlayLocal = (OverlayLocal_)0x417570; typedef void (*OverlayPlane_)(int a1, int a2, int a3, CRadarHud* hud, Vec4 col); OverlayPlane_ OverlayPlane = (OverlayPlane_)0x4906C0;
Code:
DrawEngineRadar(0, 0, 0, &radarhud, Register.White, cWhite); OverlayPackage(0, 0, 0, &radarhud, Register.White, cWhite); OverlayEnemy(0, 0, 0, &radarhud, cWhite); OverlayFriendly(0, 0, 0, &radarhud, cWhite); OverlayLocal(0, 0, 0, &radarhud, cWhite); OverlayHeli(0, 0, 0, &radarhud, cWhite); OverlayPlane(0, 0, 0, &radarhud, cWhite); OverlayTurret(0, 0, 0, &radarhud, cWhite);
Credits:
CypherPresents
King Orgy aka heimwerker
Smoochy
Thermal Overlay: (this is for 1.4.368 I think)
Originally Posted by cardoow
make sure a1 is true then you will have thermal overlay at all time.
Code:
int __cdecl sub_426F80(char a1, int a2)
{
int result; // eax@1
byte_5F8FFC0 = a1;
result = a2;
if ( a2 )
dword_5F8FFC4 = a2;
else
dword_5F8FFC4 = dword_5F8F6E0;//glow
return result;
}
************************************************** **********
Advanced UAV: (this is for 1.4.368 I think)
Originally Posted by cardoow
Well since the radar is drawn locally you can manipulate it like a boss, saw people draw their own radar + use rotatedpic, but i personally like to use the engine to achieve my wishes. So since its almost christmas i have some Advanced UAV code for you guys.
this function does it all
it loops trough a struct of 18 big, as far as i know its not clientinfo or entity, feel free to reverse it
now we're heading to some more important stuff
at the bottom of the function we see a call to drawrotatedpic
and we see that v31 holds the shader.
if we scroll up a bit we see this piece of code
so we now know where to toggle the advanced uav, but now we only see the shaders when people shoot. We want those shaders at all time.
Now if we take a look at the top of the function we will find this
if we look something above that code we will find this
hey! that looks like a cvar! + 0xC is the value, hmm lets make it have a value! (this is g_compassShowEnemies)
call this every frame and you will have advanced uav at all time, have fun!
this function does it all
Code:
void __cdecl sub_47F690(int a1, int a2, int a3, int a4, int a5)
Code:
v7 = (char *)&unk_8F2938 + 3640 * a1;
v52 = 18;
do
{
.....
v7 += 140; //see here the struct size = 0x8C = 140 dec
}
while ( v52-- != 1 );
at the bottom of the function we see a call to drawrotatedpic
Code:
sub_40D420(v51, v55, v56, v48, v47, *(_BYTE *)(a4 + 16), *(_BYTE *)(a4 + 17), v44, (int)&v58, v31);
if we scroll up a bit we see this piece of code
Code:
if ( dword_8FF284 || v10 ) // 0x8FF080 is cg_t, means cg_t + 0x204 holds the advanced uav value
{
if ( !v45 || !dword_A041F8 || (v31 = dword_A041F8, sub_4F5920(dword_A041F8)) )
v31 = dword_A04184; // here v31 will hold compassping_enemyfacingdirection
}
Now if we take a look at the top of the function we will find this
Code:
if ( v7[56] & 1 )//guess here they check for isalive
{
v8 = *((_DWORD *)v7 + 16);
v10 = (unsigned __int16)((_WORD)v8 >> 16);
v9 = (*((_DWORD *)v7 + 16) >> 17) & 1;
if ( v43 || v9 || (_WORD)v8 >> 16 || (unsigned __int16)(v8 & 0x8000) )
{
//we need to make sure this if is true
//we can do hard stuff with shifts or bitwise ands, or just take the easy way and pick v43
v12 = dword_96A1DC;
v11 = 1;
if ( *(_DWORD *)v7 > LODWORD(dword_96A1DC) )
*(_DWORD *)v7 = 0;
if ( *(_DWORD *)v7 < LODWORD(v12) - 500 )
goto LABEL_71;
}
else
{
v11 = 0;
}
Code:
v43 = *(_BYTE *)(dword_1C2C39C + 12);
Code:
void AdvancedUAV()
{
cg_t->uav = 1; //the 0x8FF284 we found before in cg_t
*(BYTE*)(*(DWORD*)(0x1C2C39C) + 0xC) = 1; // the cvar
}
Hexrays
Code:
void __cdecl sub_47F690(int a1, int a2, int a3, int a4, int a5)
{
int *v5; // edi@1
int v6; // eax@1
char *v7; // edi@4
int v8; // eax@6
int v9; // ebx@6
int v10; // ebp@6
signed int v11; // esi@10
float v12; // eax@11
int v13; // ecx@14
double v14; // st6@14
char v15; // dl@16
char v16; // al@19
int v17; // ecx@20
double v18; // st7@20
int v19; // eax@31
double v20; // st7@33
int v21; // eax@35
double v22; // st7@36
double v23; // st7@40
double v24; // st7@43
float v25; // ST3C_4@44
float v26; // ST3C_4@45
double v27; // st7@46
float v28; // ST3C_4@47
float v29; // ST3C_4@48
float v30; // ST24_4@49
int v31; // esi@54
int v32; // edx@70
int v33; // eax@70
int v35; // [sp+4h] [bp-94h]@27
int *v36; // [sp+8h] [bp-90h]@27
float *v37; // [sp+Ch] [bp-8Ch]@27
float *v38; // [sp+10h] [bp-88h]@27
float *v39; // [sp+14h] [bp-84h]@27
int v40; // [sp+18h] [bp-80h]@27
int v41; // [sp+1Ch] [bp-7Ch]@27
float *v42; // [sp+20h] [bp-78h]@27
char v43; // [sp+37h] [bp-61h]@4
float v44; // [sp+38h] [bp-60h]@50
int v45; // [sp+3Ch] [bp-5Ch]@1
float v46; // [sp+40h] [bp-58h]@1
float v47; // [sp+44h] [bp-54h]@31
float v48; // [sp+48h] [bp-50h]@31
float v49; // [sp+4Ch] [bp-4Ch]@14
signed int v50; // [sp+50h] [bp-48h]@14
int v51; // [sp+54h] [bp-44h]@4
int v52; // [sp+58h] [bp-40h]@4
float v53; // [sp+5Ch] [bp-3Ch]@4
float v54; // [sp+60h] [bp-38h]@4
float v55; // [sp+64h] [bp-34h]@27
float v56; // [sp+68h] [bp-30h]@31
float v57; // [sp+6Ch] [bp-2Ch]@1
int v58; // [sp+74h] [bp-24h]@4
float v59; // [sp+78h] [bp-20h]@4
float v60; // [sp+7Ch] [bp-1Ch]@4
float v61; // [sp+80h] [bp-18h]@4
float v62; // [sp+84h] [bp-14h]@4
float v63; // [sp+88h] [bp-10h]@4
float v64; // [sp+8Ch] [bp-Ch]@4
float v65; // [sp+90h] [bp-8h]@4
v6 = sub_4B9000();
v45 = (unsigned __int8)sub_534780(v6);
v5 = &dword_9FC6C8[344 * dword_8FF1D0];
sub_469FE0((int)&dword_8FF080, COERCE_FLOAT(&v57));
v46 = sub_4134A0(a1, dword_9761A4, a2);
if ( 0.0 != v46 && *v5 && v5[7] != 3 )
{
sub_4568C0((char)v5, a2, (int)&dword_8FF080, a3, a4, (int)&v62, (int)&v63, (int)&v64, (int)&v65);
v53 = v64 * 0.5 + v62;
v54 = 0.5 * v65 + v63;
*(float *)&v58 = *(float *)a5;
v59 = *(float *)(a5 + 4);
v60 = *(float *)(a5 + 8);
v61 = *(float *)(a5 + 12);
v51 = (int)sub_519480();
v43 = *(_BYTE *)(dword_1C2C39C + 12);
v7 = (char *)&unk_8F2938 + 3640 * a1;
v52 = 18;
do
{
if ( v7[56] & 1 )
{
v8 = *((_DWORD *)v7 + 16);
v10 = (unsigned __int16)((_WORD)v8 >> 16);
v9 = (*((_DWORD *)v7 + 16) >> 17) & 1;
if ( v43 || v9 || (_WORD)v8 >> 16 || (unsigned __int16)(v8 & 0x8000) )
{
v12 = dword_96A1DC;
v11 = 1;
if ( *(_DWORD *)v7 > LODWORD(dword_96A1DC) )
*(_DWORD *)v7 = 0;
if ( *(_DWORD *)v7 < LODWORD(v12) - 500 )
goto LABEL_71;
}
else
{
v11 = 0;
}
v13 = *((_DWORD *)v7 + 11);
LODWORD(v49) = *((_DWORD *)v7 + 11);
*(float *)&v50 = (double)SLODWORD(dword_96A1DC);
v14 = *(float *)&v50;
v15 = *(float *)(dword_8F15D4 + 12) * 1000.0 + (double)SLODWORD(v49) > *(float *)&v50 && v13;
if ( v11 )
{
v16 = 1;
}
else
{
v17 = *((_DWORD *)v7 + 12);
v18 = 1000.0 * *(float *)(dword_8F1598 + 12);
v50 = *((_DWORD *)v7 + 12);
v16 = v14 < v18 + (double)v50 && v17;
}
if ( v15 || v16 )
{
if ( v11 )
{
v42 = &v55;
v41 = 0;
v40 = (int)(v7 + 4);
v39 = &flt_96A218;
v38 = &v57;
v37 = &v62;
v36 = &dword_8FF080;
v35 = a2;
}
else
{
v42 = &v55;
v41 = 0;
v40 = (int)(v7 + 16);
v39 = &flt_96A218;
v38 = &v57;
v37 = &v62;
v36 = &dword_8FF080;
v35 = a2;
}
if ( !(unsigned __int8)sub_4F6860(v35, v36, v37, v38, v39, v40, v41, v42) || *(_BYTE *)(dword_8F15E4 + 12) )
{
sub_4D4A40(a2, &v48, &v47);
v19 = *((_DWORD *)v7 + 12);
v55 = v53 - v48 * 0.5 + v55;
v56 = v54 - 0.5 * v47 + v56;
if ( v19 >= LODWORD(dword_96A1DC) || v11 )
{
v20 = 1.0;
}
else
{
v50 = LODWORD(dword_96A1DC) - v19;
v20 = 1.0 - (double)(LODWORD(dword_96A1DC) - v19) / (*(float *)(dword_8F1598 + 12) * 1000.0);
}
v21 = *((_DWORD *)v7 + 11);
v49 = v20;
if ( v21 < LODWORD(dword_96A1DC) )
{
v50 = LODWORD(dword_96A1DC) - v21;
v22 = 1.0 - (double)(LODWORD(dword_96A1DC) - v21) / (*(float *)(dword_8F15D4 + 12) * 1000.0);
}
else
{
v22 = 1.0;
}
*(float *)&v50 = v22;
if ( dword_8FF284 || v10 )
{
if ( a2 || !*(_BYTE *)(dword_8F15F4 + 12) )
{
v27 = flt_976184;
if ( v11 )
{
v28 = v27 - *((float *)v7 + 9);
v23 = v28;
}
else
{
v29 = v27 - *((float *)v7 + 7);
v23 = v29;
}
}
else
{
v24 = flt_96ED30;
if ( v11 )
{
v25 = v24 - *((float *)v7 + 9);
v23 = v25;
}
else
{
v26 = v24 - *((float *)v7 + 7);
v23 = v26;
}
}
v30 = v23;
sub_525CA0(v30);
}
else
{
v23 = 0.0;
}
v44 = v23;
if ( v9 )
{
v44 = 0.0;
if ( v45 && dword_A0423C && !sub_4F5920(dword_A0423C) )
v31 = dword_A0423C;
else
v31 = dword_A041C8;
}
else
{
if ( dword_8FF284 || v10 )
{
if ( !v45 || !dword_A041F8 || (v31 = dword_A041F8, sub_4F5920(dword_A041F8)) )
v31 = dword_A04184;
}
else
{
v44 = 0.0;
if ( v45 && dword_A041F4 && !sub_4F5920(dword_A041F4) )
v31 = dword_A041F4;
else
v31 = dword_A04180;
}
}
if ( v49 >= 0.0 )
{
v61 = v49 * v46;
sub_40D420(v51, v55, v56, v48, v47, *(_BYTE *)(a4 + 16), *(_BYTE *)(a4 + 17), v44, (int)&v58, v31);
}
if ( *(float *)&v50 >= 0.0 )
{
v32 = *(_BYTE *)(a4 + 17);
v33 = *(_BYTE *)(a4 + 16);
v61 = *(float *)&v50 * v46;
sub_40D420(v51, v55, v56, v48, v47, v33, v32, v44, (int)&v58, v31);
}
}
}
}
LABEL_71:
v7 += 140;
}
while ( v52-- != 1 );
}
}
Assembly
Code:
0047F690 $ 83EC 64 SUB ESP,64 0047F693 . 53 PUSH EBX 0047F694 . 56 PUSH ESI 0047F695 . 8B7424 70 MOV ESI,DWORD PTR SS:[ESP+70] 0047F699 . 57 PUSH EDI 0047F69A . 56 PUSH ESI 0047F69B . E8 60990300 CALL iw5mp.004B9000 0047F6A0 . 50 PUSH EAX 0047F6A1 . E8 DA500B00 CALL iw5mp.00534780 0047F6A6 . 8B3D D0F18F00 MOV EDI,DWORD PTR DS:[8FF1D0] 0047F6AC . 69FF 60050000 IMUL EDI,EDI,560 0047F6B2 . 8D4C24 4C LEA ECX,DWORD PTR SS:[ESP+4C] 0047F6B6 . 0FB6C0 MOVZX EAX,AL 0047F6B9 . 51 PUSH ECX 0047F6BA . 68 80F08F00 PUSH iw5mp.008FF080 0047F6BF . 894424 24 MOV DWORD PTR SS:[ESP+24],EAX 0047F6C3 . 81C7 C8C69F00 ADD EDI,iw5mp.009FC6C8 0047F6C9 . E8 12A9FEFF CALL iw5mp.00469FE0 0047F6CE . 8B9C24 8800000>MOV EBX,DWORD PTR SS:[ESP+88] 0047F6D5 . 8B15 A4619700 MOV EDX,DWORD PTR DS:[9761A4] 0047F6DB . 53 PUSH EBX 0047F6DC . 52 PUSH EDX 0047F6DD . 56 PUSH ESI 0047F6DE . E8 BD3DF9FF CALL iw5mp.004134A0 0047F6E3 . D95C24 34 FSTP DWORD PTR SS:[ESP+34] 0047F6E7 . 83C4 1C ADD ESP,1C 0047F6EA . D9EE FLDZ 0047F6EC . D85C24 18 FCOMP DWORD PTR SS:[ESP+18] 0047F6F0 . DFE0 FSTSW AX 0047F6F2 . F6C4 44 TEST AH,44 0047F6F5 . 0F8B C8040000 JPO iw5mp.0047FBC3 0047F6FB . 833F 00 CMP DWORD PTR DS:[EDI],0 0047F6FE . 0F84 BF040000 JE iw5mp.0047FBC3 0047F704 . 837F 1C 03 CMP DWORD PTR DS:[EDI+1C],3 0047F708 . 0F84 B5040000 JE iw5mp.0047FBC3 0047F70E . 55 PUSH EBP 0047F70F . 8D4424 6C LEA EAX,DWORD PTR SS:[ESP+6C] 0047F713 . 50 PUSH EAX 0047F714 . 8D4C24 6C LEA ECX,DWORD PTR SS:[ESP+6C] 0047F718 . 51 PUSH ECX 0047F719 . 8B8C24 8C00000>MOV ECX,DWORD PTR SS:[ESP+8C] 0047F720 . 8D5424 6C LEA EDX,DWORD PTR SS:[ESP+6C] 0047F724 . 52 PUSH EDX 0047F725 . 8B9424 8C00000>MOV EDX,DWORD PTR SS:[ESP+8C] 0047F72C . 8D4424 6C LEA EAX,DWORD PTR SS:[ESP+6C] 0047F730 . 50 PUSH EAX 0047F731 . 51 PUSH ECX 0047F732 . 52 PUSH EDX 0047F733 . 68 80F08F00 PUSH iw5mp.008FF080 0047F738 . 53 PUSH EBX 0047F739 . E8 8271FDFF CALL iw5mp.004568C0 0047F73E . D98424 8800000>FLD DWORD PTR SS:[ESP+88] 0047F745 . DD05 E8B78000 FLD QWORD PTR DS:[80B7E8] 0047F74B . 8B8424 A800000>MOV EAX,DWORD PTR SS:[ESP+A8] 0047F752 . DCC9 FMUL ST(1),ST 0047F754 . 56 PUSH ESI 0047F755 . D98424 8400000>FLD DWORD PTR SS:[ESP+84] 0047F75C . DEC2 FADDP ST(2),ST 0047F75E . D9C9 FXCH ST(1) 0047F760 . D95C24 5C FSTP DWORD PTR SS:[ESP+5C] 0047F764 . D88C24 9000000>FMUL DWORD PTR SS:[ESP+90] 0047F76B . D88424 8800000>FADD DWORD PTR SS:[ESP+88] 0047F772 . D95C24 60 FSTP DWORD PTR SS:[ESP+60] 0047F776 . D900 FLD DWORD PTR DS:[EAX] 0047F778 . D95C24 74 FSTP DWORD PTR SS:[ESP+74] 0047F77C . D940 04 FLD DWORD PTR DS:[EAX+4] 0047F77F . D95C24 78 FSTP DWORD PTR SS:[ESP+78] 0047F783 . D940 08 FLD DWORD PTR DS:[EAX+8] 0047F786 . D95C24 7C FSTP DWORD PTR SS:[ESP+7C] 0047F78A . D940 0C FLD DWORD PTR DS:[EAX+C] 0047F78D . D99C24 8000000>FSTP DWORD PTR SS:[ESP+80] 0047F794 . E8 E79C0900 CALL iw5mp.00519480 0047F799 . 69F6 380E0000 IMUL ESI,ESI,0E38 0047F79F . 894424 54 MOV DWORD PTR SS:[ESP+54],EAX 0047F7A3 . A1 9CC3C201 MOV EAX,DWORD PTR DS:[1C2C39C] 0047F7A8 . 8A48 0C MOV CL,BYTE PTR DS:[EAX+C] 0047F7AB . 83C4 24 ADD ESP,24 0047F7AE . 81C6 38298F00 ADD ESI,iw5mp.008F2938 0047F7B4 . 884C24 13 MOV BYTE PTR SS:[ESP+13],CL 0047F7B8 . 8BFE MOV EDI,ESI 0047F7BA . C74424 34 1200>MOV DWORD PTR SS:[ESP+34],12 0047F7C2 . EB 0C JMP SHORT iw5mp.0047F7D0 0047F7C4 . 8DA424 0000000>LEA ESP,DWORD PTR SS:[ESP] 0047F7CB . EB 03 JMP SHORT iw5mp.0047F7D0 0047F7CD 8D49 00 LEA ECX,DWORD PTR DS:[ECX] 0047F7D0 > F647 38 01 TEST BYTE PTR DS:[EDI+38],1 0047F7D4 . DD05 201B7F00 FLD QWORD PTR DS:[7F1B20] 0047F7DA . 0F84 CF030000 JE iw5mp.0047FBAF 0047F7E0 . 8B47 40 MOV EAX,DWORD PTR DS:[EDI+40] 0047F7E3 . 8BE8 MOV EBP,EAX 0047F7E5 . 8BD8 MOV EBX,EAX 0047F7E7 . C1ED 10 SHR EBP,10 0047F7EA . C1EB 11 SHR EBX,11 0047F7ED . 83E5 01 AND EBP,1 0047F7F0 . 83E3 01 AND EBX,1 0047F7F3 . 807C24 13 00 CMP BYTE PTR SS:[ESP+13],0 0047F7F8 . 75 13 JNZ SHORT iw5mp.0047F80D 0047F7FA . 85DB TEST EBX,EBX 0047F7FC . 75 0F JNZ SHORT iw5mp.0047F80D 0047F7FE . 85ED TEST EBP,EBP 0047F800 . 75 0B JNZ SHORT iw5mp.0047F80D 0047F802 . A9 00800000 TEST EAX,8000 0047F807 . 75 04 JNZ SHORT iw5mp.0047F80D 0047F809 . 33F6 XOR ESI,ESI 0047F80B . EB 21 JMP SHORT iw5mp.0047F82E 0047F80D > A1 DCA19600 MOV EAX,DWORD PTR DS:[96A1DC] 0047F812 . 3907 CMP DWORD PTR DS:[EDI],EAX 0047F814 . BE 01000000 MOV ESI,1 0047F819 . 7E 06 JLE SHORT iw5mp.0047F821 0047F81B . C707 00000000 MOV DWORD PTR DS:[EDI],0 0047F821 > 05 0CFEFFFF ADD EAX,-1F4 0047F826 . 3907 CMP DWORD PTR DS:[EDI],EAX 0047F828 . 0F8C 81030000 JL iw5mp.0047FBAF 0047F82E > DB05 DCA19600 FILD DWORD PTR DS:[96A1DC] 0047F834 . 8B15 D4158F00 MOV EDX,DWORD PTR DS:[8F15D4] 0047F83A . 8B4F 2C MOV ECX,DWORD PTR DS:[EDI+2C] 0047F83D . 894C24 28 MOV DWORD PTR SS:[ESP+28],ECX 0047F841 . D95C24 2C FSTP DWORD PTR SS:[ESP+2C] 0047F845 . D94424 2C FLD DWORD PTR SS:[ESP+2C] 0047F849 . D942 0C FLD DWORD PTR DS:[EDX+C] 0047F84C . D8CA FMUL ST,ST(2) 0047F84E . DA4424 28 FIADD DWORD PTR SS:[ESP+28] 0047F852 . D8D9 FCOMP ST(1) 0047F854 . DFE0 FSTSW AX 0047F856 . F6C4 41 TEST AH,41 0047F859 . 75 08 JNZ SHORT iw5mp.0047F863 0047F85B . 85C9 TEST ECX,ECX 0047F85D . 74 04 JE SHORT iw5mp.0047F863 0047F85F . B2 01 MOV DL,1 0047F861 . EB 02 JMP SHORT iw5mp.0047F865 0047F863 > 32D2 XOR DL,DL 0047F865 > 85F6 TEST ESI,ESI 0047F867 . 74 08 JE SHORT iw5mp.0047F871 0047F869 . DDD8 FSTP ST 0047F86B . B0 01 MOV AL,1 0047F86D . DDD8 FSTP ST 0047F86F . EB 2A JMP SHORT iw5mp.0047F89B 0047F871 > A1 98158F00 MOV EAX,DWORD PTR DS:[8F1598] 0047F876 . 8B4F 30 MOV ECX,DWORD PTR DS:[EDI+30] 0047F879 . D940 0C FLD DWORD PTR DS:[EAX+C] 0047F87C . DECA FMULP ST(2),ST 0047F87E . 894C24 2C MOV DWORD PTR SS:[ESP+2C],ECX 0047F882 . DB4424 2C FILD DWORD PTR SS:[ESP+2C] 0047F886 . DEC2 FADDP ST(2),ST 0047F888 . DED9 FCOMPP 0047F88A . DFE0 FSTSW AX 0047F88C . F6C4 05 TEST AH,5 0047F88F . 7A 08 JPE SHORT iw5mp.0047F899 0047F891 . 85C9 TEST ECX,ECX 0047F893 . 74 04 JE SHORT iw5mp.0047F899 0047F895 . B0 01 MOV AL,1 0047F897 . EB 02 JMP SHORT iw5mp.0047F89B 0047F899 > 32C0 XOR AL,AL 0047F89B > 84D2 TEST DL,DL 0047F89D . 75 08 JNZ SHORT iw5mp.0047F8A7 0047F89F . 84C0 TEST AL,AL 0047F8A1 . 0F84 0A030000 JE iw5mp.0047FBB1 0047F8A7 > 85F6 TEST ESI,ESI 0047F8A9 . 74 29 JE SHORT iw5mp.0047F8D4 0047F8AB . 8D4C24 40 LEA ECX,DWORD PTR SS:[ESP+40] 0047F8AF . 51 PUSH ECX 0047F8B0 . 6A 00 PUSH 0 0047F8B2 . 8D57 04 LEA EDX,DWORD PTR DS:[EDI+4] 0047F8B5 . 52 PUSH EDX 0047F8B6 . 8B9424 8800000>MOV EDX,DWORD PTR SS:[ESP+88] 0047F8BD . 68 18A29600 PUSH iw5mp.0096A218 0047F8C2 . 8D4424 58 LEA EAX,DWORD PTR SS:[ESP+58] 0047F8C6 . 50 PUSH EAX 0047F8C7 . 8D4C24 74 LEA ECX,DWORD PTR SS:[ESP+74] 0047F8CB . 51 PUSH ECX 0047F8CC . 68 80F08F00 PUSH iw5mp.008FF080 0047F8D1 . 52 PUSH EDX 0047F8D2 . EB 27 JMP SHORT iw5mp.0047F8FB 0047F8D4 > 8D4424 40 LEA EAX,DWORD PTR SS:[ESP+40] 0047F8D8 . 50 PUSH EAX 0047F8D9 . 6A 00 PUSH 0 0047F8DB . 8D4F 10 LEA ECX,DWORD PTR DS:[EDI+10] 0047F8DE . 51 PUSH ECX 0047F8DF . 8B8C24 8800000>MOV ECX,DWORD PTR SS:[ESP+88] 0047F8E6 . 68 18A29600 PUSH iw5mp.0096A218 0047F8EB . 8D5424 58 LEA EDX,DWORD PTR SS:[ESP+58] 0047F8EF . 52 PUSH EDX 0047F8F0 . 8D4424 74 LEA EAX,DWORD PTR SS:[ESP+74] 0047F8F4 . 50 PUSH EAX 0047F8F5 . 68 80F08F00 PUSH iw5mp.008FF080 0047F8FA . 51 PUSH ECX 0047F8FB > E8 606F0700 CALL iw5mp.004F6860 0047F900 . 83C4 20 ADD ESP,20 0047F903 . 84C0 TEST AL,AL 0047F905 . 74 10 JE SHORT iw5mp.0047F917 0047F907 . 8B15 E4158F00 MOV EDX,DWORD PTR DS:[8F15E4] 0047F90D . 807A 0C 00 CMP BYTE PTR DS:[EDX+C],0 0047F911 . 0F84 9A020000 JE iw5mp.0047FBB1 0047F917 > 8B5424 7C MOV EDX,DWORD PTR SS:[ESP+7C] 0047F91B . 8D4424 20 LEA EAX,DWORD PTR SS:[ESP+20] 0047F91F . 50 PUSH EAX 0047F920 . 8D4C24 28 LEA ECX,DWORD PTR SS:[ESP+28] 0047F924 . 51 PUSH ECX 0047F925 . 52 PUSH EDX 0047F926 . E8 15510500 CALL iw5mp.004D4A40 0047F92B . D94424 30 FLD DWORD PTR SS:[ESP+30] 0047F92F . DD05 E8B78000 FLD QWORD PTR DS:[80B7E8] 0047F935 . 8B47 30 MOV EAX,DWORD PTR DS:[EDI+30] 0047F938 . DCC9 FMUL ST(1),ST 0047F93A . 8B0D DCA19600 MOV ECX,DWORD PTR DS:[96A1DC] 0047F940 . D9C9 FXCH ST(1) 0047F942 . 83C4 0C ADD ESP,0C 0047F945 . 3BC1 CMP EAX,ECX 0047F947 . D86C24 38 FSUBR DWORD PTR SS:[ESP+38] 0047F94B . D84424 40 FADD DWORD PTR SS:[ESP+40] 0047F94F . D95C24 40 FSTP DWORD PTR SS:[ESP+40] 0047F953 . D94424 20 FLD DWORD PTR SS:[ESP+20] 0047F957 . DEC9 FMULP ST(1),ST 0047F959 . D86C24 3C FSUBR DWORD PTR SS:[ESP+3C] 0047F95D . D84424 44 FADD DWORD PTR SS:[ESP+44] 0047F961 . D95C24 44 FSTP DWORD PTR SS:[ESP+44] 0047F965 . 7D 26 JGE SHORT iw5mp.0047F98D 0047F967 . 85F6 TEST ESI,ESI 0047F969 . 75 22 JNZ SHORT iw5mp.0047F98D 0047F96B . 8BD1 MOV EDX,ECX 0047F96D . 2BD0 SUB EDX,EAX 0047F96F . A1 98158F00 MOV EAX,DWORD PTR DS:[8F1598] 0047F974 . 895424 2C MOV DWORD PTR SS:[ESP+2C],EDX 0047F978 . DB4424 2C FILD DWORD PTR SS:[ESP+2C] 0047F97C . D940 0C FLD DWORD PTR DS:[EAX+C] 0047F97F . DC0D 201B7F00 FMUL QWORD PTR DS:[7F1B20] 0047F985 . DEF9 FDIVP ST(1),ST 0047F987 . D9E8 FLD1 0047F989 . DEE1 FSUBRP ST(1),ST 0047F98B . EB 02 JMP SHORT iw5mp.0047F98F 0047F98D > D9E8 FLD1 0047F98F > 8B47 2C MOV EAX,DWORD PTR DS:[EDI+2C] 0047F992 . D95C24 28 FSTP DWORD PTR SS:[ESP+28] 0047F996 . 3BC1 CMP EAX,ECX 0047F998 . 7C 04 JL SHORT iw5mp.0047F99E 0047F99A . D9E8 FLD1 0047F99C . EB 1F JMP SHORT iw5mp.0047F9BD 0047F99E > 2BC8 SUB ECX,EAX 0047F9A0 . 894C24 2C MOV DWORD PTR SS:[ESP+2C],ECX 0047F9A4 . DB4424 2C FILD DWORD PTR SS:[ESP+2C] 0047F9A8 . 8B0D D4158F00 MOV ECX,DWORD PTR DS:[8F15D4] 0047F9AE . D941 0C FLD DWORD PTR DS:[ECX+C] 0047F9B1 . DC0D 201B7F00 FMUL QWORD PTR DS:[7F1B20] 0047F9B7 . DEF9 FDIVP ST(1),ST 0047F9B9 . D9E8 FLD1 0047F9BB . DEE1 FSUBRP ST(1),ST 0047F9BD > 833D 84F28F00 >CMP DWORD PTR DS:[8FF284],0 0047F9C4 . D95C24 2C FSTP DWORD PTR SS:[ESP+2C] 0047F9C8 . 75 08 JNZ SHORT iw5mp.0047F9D2 0047F9CA . 85ED TEST EBP,EBP 0047F9CC . 75 04 JNZ SHORT iw5mp.0047F9D2 0047F9CE . D9EE FLDZ 0047F9D0 . EB 66 JMP SHORT iw5mp.0047FA38 0047F9D2 > 837C24 7C 00 CMP DWORD PTR SS:[ESP+7C],0 0047F9D7 . 75 31 JNZ SHORT iw5mp.0047FA0A 0047F9D9 . 8B15 F4158F00 MOV EDX,DWORD PTR DS:[8F15F4] 0047F9DF . 807A 0C 00 CMP BYTE PTR DS:[EDX+C],0 0047F9E3 . 74 25 JE SHORT iw5mp.0047FA0A 0047F9E5 . D905 30ED9600 FLD DWORD PTR DS:[96ED30] 0047F9EB . 51 PUSH ECX 0047F9EC . 85F6 TEST ESI,ESI 0047F9EE . 74 0D JE SHORT iw5mp.0047F9FD 0047F9F0 . D867 24 FSUB DWORD PTR DS:[EDI+24] 0047F9F3 . D95C24 18 FSTP DWORD PTR SS:[ESP+18] 0047F9F7 . D94424 18 FLD DWORD PTR SS:[ESP+18] 0047F9FB . EB 30 JMP SHORT iw5mp.0047FA2D 0047F9FD > D867 1C FSUB DWORD PTR DS:[EDI+1C] 0047FA00 . D95C24 18 FSTP DWORD PTR SS:[ESP+18] 0047FA04 . D94424 18 FLD DWORD PTR SS:[ESP+18] 0047FA08 . EB 23 JMP SHORT iw5mp.0047FA2D 0047FA0A > D905 84619700 FLD DWORD PTR DS:[976184] 0047FA10 . 51 PUSH ECX 0047FA11 . 85F6 TEST ESI,ESI 0047FA13 . 74 0D JE SHORT iw5mp.0047FA22 0047FA15 . D867 24 FSUB DWORD PTR DS:[EDI+24] 0047FA18 . D95C24 18 FSTP DWORD PTR SS:[ESP+18] 0047FA1C . D94424 18 FLD DWORD PTR SS:[ESP+18] 0047FA20 . EB 0B JMP SHORT iw5mp.0047FA2D 0047FA22 > D867 1C FSUB DWORD PTR DS:[EDI+1C] 0047FA25 . D95C24 18 FSTP DWORD PTR SS:[ESP+18] 0047FA29 . D94424 18 FLD DWORD PTR SS:[ESP+18] 0047FA2D > D91C24 FSTP DWORD PTR SS:[ESP] 0047FA30 . E8 6B620A00 CALL iw5mp.00525CA0 0047FA35 . 83C4 04 ADD ESP,4 0047FA38 > D95C24 14 FSTP DWORD PTR SS:[ESP+14] 0047FA3C . 85DB TEST EBX,EBX 0047FA3E . 74 33 JE SHORT iw5mp.0047FA73 0047FA40 . 837C24 18 00 CMP DWORD PTR SS:[ESP+18],0 0047FA45 . D9EE FLDZ 0047FA47 . D95C24 14 FSTP DWORD PTR SS:[ESP+14] 0047FA4B . 74 1E JE SHORT iw5mp.0047FA6B 0047FA4D . A1 3C42A000 MOV EAX,DWORD PTR DS:[A0423C] 0047FA52 . 85C0 TEST EAX,EAX 0047FA54 . 74 15 JE SHORT iw5mp.0047FA6B 0047FA56 . 50 PUSH EAX 0047FA57 . E8 C45E0700 CALL iw5mp.004F5920 0047FA5C . 83C4 04 ADD ESP,4 0047FA5F . 84C0 TEST AL,AL 0047FA61 . 75 08 JNZ SHORT iw5mp.0047FA6B 0047FA63 . 8B35 3C42A000 MOV ESI,DWORD PTR DS:[A0423C] 0047FA69 . EB 70 JMP SHORT iw5mp.0047FADB 0047FA6B > 8B35 C841A000 MOV ESI,DWORD PTR DS:[A041C8] 0047FA71 . EB 68 JMP SHORT iw5mp.0047FADB 0047FA73 > 833D 84F28F00 >CMP DWORD PTR DS:[8FF284],0 0047FA7A . 75 36 JNZ SHORT iw5mp.0047FAB2 0047FA7C . 85ED TEST EBP,EBP 0047FA7E . 75 32 JNZ SHORT iw5mp.0047FAB2 0047FA80 . D9EE FLDZ 0047FA82 . D95C24 14 FSTP DWORD PTR SS:[ESP+14] 0047FA86 . 396C24 18 CMP DWORD PTR SS:[ESP+18],EBP 0047FA8A . 74 1E JE SHORT iw5mp.0047FAAA 0047FA8C . A1 F441A000 MOV EAX,DWORD PTR DS:[A041F4] 0047FA91 . 85C0 TEST EAX,EAX 0047FA93 . 74 15 JE SHORT iw5mp.0047FAAA 0047FA95 . 50 PUSH EAX 0047FA96 . E8 855E0700 CALL iw5mp.004F5920 0047FA9B . 83C4 04 ADD ESP,4 0047FA9E . 84C0 TEST AL,AL 0047FAA0 . 75 08 JNZ SHORT iw5mp.0047FAAA 0047FAA2 . 8B35 F441A000 MOV ESI,DWORD PTR DS:[A041F4] 0047FAA8 . EB 31 JMP SHORT iw5mp.0047FADB 0047FAAA > 8B35 8041A000 MOV ESI,DWORD PTR DS:[A04180] 0047FAB0 . EB 29 JMP SHORT iw5mp.0047FADB 0047FAB2 > 837C24 18 00 CMP DWORD PTR SS:[ESP+18],0 0047FAB7 . 74 1C JE SHORT iw5mp.0047FAD5 0047FAB9 . A1 F841A000 MOV EAX,DWORD PTR DS:[A041F8] 0047FABE . 85C0 TEST EAX,EAX 0047FAC0 . 74 13 JE SHORT iw5mp.0047FAD5 0047FAC2 . 50 PUSH EAX 0047FAC3 . E8 585E0700 CALL iw5mp.004F5920 0047FAC8 . 8B35 F841A000 MOV ESI,DWORD PTR DS:[A041F8] 0047FACE . 83C4 04 ADD ESP,4 0047FAD1 . 84C0 TEST AL,AL 0047FAD3 . 74 06 JE SHORT iw5mp.0047FADB 0047FAD5 > 8B35 8441A000 MOV ESI,DWORD PTR DS:[A04184] 0047FADB > D9EE FLDZ 0047FADD . D94424 28 FLD DWORD PTR SS:[ESP+28] 0047FAE1 . D8D1 FCOM ST(1) 0047FAE3 . DFE0 FSTSW AX 0047FAE5 . DDD9 FSTP ST(1) 0047FAE7 . F6C4 01 TEST AH,1 0047FAEA . 75 58 JNZ SHORT iw5mp.0047FB44 0047FAEC . D84C24 1C FMUL DWORD PTR SS:[ESP+1C] 0047FAF0 . 56 PUSH ESI 0047FAF1 . 8D4424 54 LEA EAX,DWORD PTR SS:[ESP+54] 0047FAF5 . 50 PUSH EAX 0047FAF6 . 8B8424 8C00000>MOV EAX,DWORD PTR SS:[ESP+8C] 0047FAFD . D95C24 64 FSTP DWORD PTR SS:[ESP+64] 0047FB01 . 0FB650 10 MOVZX EDX,BYTE PTR DS:[EAX+10] 0047FB05 . D94424 1C FLD DWORD PTR SS:[ESP+1C] 0047FB09 . 51 PUSH ECX 0047FB0A . 0FB648 11 MOVZX ECX,BYTE PTR DS:[EAX+11] 0047FB0E . D91C24 FSTP DWORD PTR SS:[ESP] 0047FB11 . D94424 2C FLD DWORD PTR SS:[ESP+2C] 0047FB15 . 8B4424 3C MOV EAX,DWORD PTR SS:[ESP+3C] 0047FB19 . 51 PUSH ECX 0047FB1A . 52 PUSH EDX 0047FB1B . 83EC 10 SUB ESP,10 0047FB1E . D95C24 0C FSTP DWORD PTR SS:[ESP+C] 0047FB22 . D94424 48 FLD DWORD PTR SS:[ESP+48] 0047FB26 . D95C24 08 FSTP DWORD PTR SS:[ESP+8] 0047FB2A . D94424 68 FLD DWORD PTR SS:[ESP+68] 0047FB2E . D95C24 04 FSTP DWORD PTR SS:[ESP+4] 0047FB32 . D94424 64 FLD DWORD PTR SS:[ESP+64] 0047FB36 . D91C24 FSTP DWORD PTR SS:[ESP] 0047FB39 . 50 PUSH EAX 0047FB3A . E8 E1D8F8FF CALL iw5mp.0040D420 0047FB3F . 83C4 28 ADD ESP,28 0047FB42 . EB 02 JMP SHORT iw5mp.0047FB46 0047FB44 > DDD8 FSTP ST 0047FB46 > D9EE FLDZ 0047FB48 . D94424 2C FLD DWORD PTR SS:[ESP+2C] 0047FB4C . D8D1 FCOM ST(1) 0047FB4E . DFE0 FSTSW AX 0047FB50 . DDD9 FSTP ST(1) 0047FB52 . F6C4 01 TEST AH,1 0047FB55 . 75 58 JNZ SHORT iw5mp.0047FBAF 0047FB57 . D84C24 1C FMUL DWORD PTR SS:[ESP+1C] 0047FB5B . 8B8424 8400000>MOV EAX,DWORD PTR SS:[ESP+84] 0047FB62 . 0FB650 11 MOVZX EDX,BYTE PTR DS:[EAX+11] 0047FB66 . 0FB640 10 MOVZX EAX,BYTE PTR DS:[EAX+10] 0047FB6A . D95C24 5C FSTP DWORD PTR SS:[ESP+5C] 0047FB6E . D94424 14 FLD DWORD PTR SS:[ESP+14] 0047FB72 . 56 PUSH ESI 0047FB73 . 8D4C24 54 LEA ECX,DWORD PTR SS:[ESP+54] 0047FB77 . 51 PUSH ECX 0047FB78 . 51 PUSH ECX 0047FB79 . 8B4C24 3C MOV ECX,DWORD PTR SS:[ESP+3C] 0047FB7D . D91C24 FSTP DWORD PTR SS:[ESP] 0047FB80 . 52 PUSH EDX 0047FB81 . D94424 30 FLD DWORD PTR SS:[ESP+30] 0047FB85 . 50 PUSH EAX 0047FB86 . 83EC 10 SUB ESP,10 0047FB89 . D95C24 0C FSTP DWORD PTR SS:[ESP+C] 0047FB8D . D94424 48 FLD DWORD PTR SS:[ESP+48] 0047FB91 . D95C24 08 FSTP DWORD PTR SS:[ESP+8] 0047FB95 . D94424 68 FLD DWORD PTR SS:[ESP+68] 0047FB99 . D95C24 04 FSTP DWORD PTR SS:[ESP+4] 0047FB9D . D94424 64 FLD DWORD PTR SS:[ESP+64] 0047FBA1 . D91C24 FSTP DWORD PTR SS:[ESP] 0047FBA4 . 51 PUSH ECX 0047FBA5 . E8 76D8F8FF CALL iw5mp.0040D420 0047FBAA . 83C4 28 ADD ESP,28 0047FBAD . EB 02 JMP SHORT iw5mp.0047FBB1 0047FBAF > DDD8 FSTP ST 0047FBB1 > 81C7 8C000000 ADD EDI,8C 0047FBB7 . 836C24 34 01 SUB DWORD PTR SS:[ESP+34],1 0047FBBC .^0F85 0EFCFFFF JNZ iw5mp.0047F7D0 0047FBC2 . 5D POP EBP 0047FBC3 > 5F POP EDI 0047FBC4 . 5E POP ESI 0047FBC5 . 5B POP EBX 0047FBC6 . 83C4 64 ADD ESP,64 0047FBC9 . C3 RETN
MW3 Reversings: (this is for 1.2.358 for I think)
Originally Posted by cardoow
i saw that the addys from uc where posted here so here are some functions u can use
in combination with the posted offsets(i guess these are all outdated)
typedefs
functions
in combination with the posted offsets(i guess these are all outdated)
Code:
class w2s_t
{
public:
char unknown[0xDC];
};
Code:
typedef bool (*w2s_)(int unknown, w2s_t * w2scalc, Vec3 vPoint, float Screen[2]); w2s_ w2s = (w2s_)0x514820; typedef w2s_t *(*GetCalc_)(); GetCalc_ GetCalc = (GetCalc_)0x4CE3C0; typedef bool (*RankIcon_)(int Rank, int Prestige, DWORD ptr); RankIcon_ RankIcon = (RankIcon_)0x5330D0;
Code:
void DrawNameTags( CEntity * pEnt, float Alpha )
{
DWORD dwNameTags = 0x580C30;
__asm{
push Alpha
push pEnt
push 0x0
call [dwNameTags]
add esp, 0xC
}
}
DWORD GetWeapon(DWORD dwNum)
{
DWORD dwReturn = NULL;
__asm{
mov eax, dwNum
and eax, 0FFh
mov eax, [eax*4+0x8DAA50]
mov dwReturn, eax
}
return dwReturn;
}
char * GetWeaponName(DWORD dwNum)
{
DWORD dwReturn = NULL;
__asm{
mov eax, dwNum
and eax, 0FFh
add eax, eax
add eax, eax
mov eax,[eax+0xA011D4]
mov dwReturn, eax
}
return (char*)dwReturn;
}
void FixBlindEye()
{
CClientInfo * pLocal = GetLocalClient();
for(int i=0; i<32; i++)
{
CClientInfo * pClient = GetClientByIndex(i);
if(pClient != pLocal)
{
if(pClient->Perk & 0x20)
pClient->Perk = 0x0;
}
}
}
void ChopperBoxes()
{
DWORD dwCall = 0x5A30C0;
FixBlindEye();
__asm{
push 0x0
call [dwCall]
add esp, 0x4
}
}
char * GetRankShader(CClientInfo * pClient)
{
DWORD dwShader;
RankIcon(pClient->Rank, pClient->Prestige, dwShader);
return (char*)(*(DWORD*)(*(DWORD*)dwShader));
}
typedef void (*Wallhack_)();
Wallhack_ pWallhack;
void __declspec(naked) nWallhack()
{
__asm{
pushad
cmp DWORD PTR [esp+0x20], 0x4799C2 //player return
jne jump
mov [esp+0x30], 0x503
jump:
popad
jmp[pWallhack]
}
}
pWallhack = (Wallhack_)DetourFunction((PBYTE)0x5397F0, (PBYTE)nWallhack);
************************************************** **********
Updated Addresses: (1.5.387)
Code:
#define ADDR_CG 0x008FF420 #define ADDR_ENTITY 0xA08A28 #define ADDR_REGISTERSHADER 0x0040D270 #define ADDR_DRAWSTRETCHPIC 0x0043E160 #define ADDR_GETWEAPON 0x008DDE50 (refer to notes for gettting the weapon shader) #define ADDR_DRAWENGINERADAR 0x00508C10 #define ADDR_OVERLAYPACKAGE 0x005568D0 #define ADDR_OVERLAYFRIENDLY 0x0045C8F0 #define ADDR_OVERLAYTURRET 0x005449C0 #define ADDR_OVERLAYHELI 0x00563F30 #define ADDR_OVERLAYLOCAL 0x0044B360 #define ADDR_OVERLAYPLANE 0x005146E0 #define ADDR_THERMALOVERLAY 0x00420150 #define ADDR_ADVANCEDUAV 0x01C29564 #define ADDR_CLIENTINFO 0x009FCAF8
Notes:
LocalClientNum is stored @ CG_T + 0x150.
Originally Posted by cardoow
*(BYTE*)(*(DWORD*)(0x1C2C39C) + 0xC) = 1;
To get the weapon shader for a weapon....
Originally Posted by CypherPresents
CWeapon* pWeapon = GetWeapon( pEnt->Weapon );
char* szShader = GetWeaponShader( pWeapon );
// pWeapon->m_hud->m_icon->szShader
// Create this wrapper function and then check for invalid ptrs and values to prevent crashes
char* szShader = GetWeaponShader( pWeapon );
// pWeapon->m_hud->m_icon->szShader
// Create this wrapper function and then check for invalid ptrs and values to prevent crashes
VB.Net - Left Click Code
VB.Net
This code allow you to make a left click.
You can put it in a timer and make it spam left click.
Or you want to do something else.
(Yes, this was found on the web, I just made it into a small snippet for you guys.)
This code allow you to make a left click.
You can put it in a timer and make it spam left click.
Or you want to do something else.
Code:
Public Declare Sub mouse_event Lib "user32" Alias "mouse_event" (ByVal dwFlags As Integer, ByVal dx As Integer, ByVal dy As Integer, ByVal cButtons As Integer, ByVal dwExtraInfo As Integer)
Public Sub LeftClick()
mouse_event(&H2, 0, 0, 0, 0)
mouse_event(&H4, 0, 0, 0, 0)
End Sub
Check MW3 + Steam Status:
Language: C#
I made this because I haven't seen anyone checking if the Steam process is running.
This can avoid problems with private versions.
But I will add a more effective way when I get home and can check
I was inspired by @bocadecao
From:
Originally Posted by bocadecao
So thanks
Language: C#
I made this because I haven't seen anyone checking if the Steam process is running.
This can avoid problems with private versions.
But I will add a more effective way when I get home and can check
Code:
bool Status()
{
System.Diagnostics.Process[] Steam = System.Diagnostics.Process.GetProcessesByName("steam");
System.Diagnostics.Process[] MW3 = System.Diagnostics.Process.GetProcessesByName("iw5mp");
if (Steam.Length != 0)
{
if (MW3.Length != 0)
return true;
else return false;
}
else return false;
}
From:
Originally Posted by bocadecao
I tried several ways but the hacker does not change anything: s
(use MW3 Pirate)
(use MW3 Pirate)
Originally Posted by Jorndel
Check MW3 + Steam Status:
Language: C#
I made this because I haven't seen anyone checking if the Steam process is running.
This can avoid problems with private versions.
But I will add a more effective way when I get home and can check
So thanks
Language: C#
I made this because I haven't seen anyone checking if the Steam process is running.
This can avoid problems with private versions.
But I will add a more effective way when I get home and can check
So thanks
Code:
if (Steam.Length != 0 && MW3.Length != 0)
return true;
else return false;
A simple solution to most problems... Thanks
Originally Posted by General Shepherd
Hmm Nice idea... merge the 2 if's and you have a shorter code, like:
A simple solution to most problems... Thanks
Code:
if (Steam.Length != 0 && MW3.Length != 0)
return true;
else return false;
A simple solution to most problems... Thanks
It could check for the steam and you could send a message about that steam was not found.
And if not. just give the MW3 error
Time to revive this thread.
Here's what I use for External ESP boxes in C#, you'll have to tweak the numbers for your code
I use it in conjunction with @Jorndel 's C# Trainer Class (http://www.mpgh.net/forum/604-call-d...ner-class.html).
Here's what I use for External ESP boxes in C#, you'll have to tweak the numbers for your code
Code:
private Pen friend;
private Pen enemy;
private Brush enemyb;
private Brush friendb;
private System.Drawing.Graphics gr;
private Font fnt;
public overlay(Size siz)
{
this.Size = siz;
InitializeComponent();
gr = this.CreateGraphics();
enemy = new Pen(Color.Red, 3.0f);
friend = new Pen(Color.Green, 3.0f);
enemyb = new SolidBrush(Color.Red);
friendb = new SolidBrush(Color.Green);
fnt = new Font("Arial", 10.0f);
}
private void DrawRect(Pen pn, float x, float y, float width, float height)
{
gr.DrawRectangle(pn, x, y, width, height);
}
public void RefreshDraw()
{
gr.Clear(Color.White);
}
private void DrawText(string s, Brush br, Font fnt, float x, float y)
{
gr.DrawString(s, fnt, br, x, y);
}
public void DrawPlayer(string name, float x, float y, int status, float distance, bool friendly)
{
// Statuses:
// 1: Stand
// 2: Crouch
// 3: Prone
float height = 800.0f;
float width = 500.0f;
switch (status) {
case 2:
height = 600.0f;
break;
case 3:
height = 300.0f;
break;
}
height /= distance;
width /= distance;
if (friendly) {
DrawRect(friend, x, y, width, height);
DrawText(name, friendb, fnt, x + (width / 2) - (name.Length * 2.5f), y - 20);
} else {
DrawRect(enemy, x, y, width, height);
DrawText(name, enemyb, fnt, x + (width / 2) - (name.Length * 2.5f), y - 20);
}
}
@rawr im a tiger
What would you recommend I learn in order to make my own external ESP? I copy pasted yours but I get 'Method Must Have a Return Type" error. But even if that worked flawless I would much rather learn my self and create my own. What things in c# would you say are the best to learn for making a esp?
p.s. sorry about posting this here. but I cannot pm until 20 posts.
What would you recommend I learn in order to make my own external ESP? I copy pasted yours but I get 'Method Must Have a Return Type" error. But even if that worked flawless I would much rather learn my self and create my own. What things in c# would you say are the best to learn for making a esp?
p.s. sorry about posting this here. but I cannot pm until 20 posts.
Originally Posted by Randomsheit
@rawr im a tiger
What would you recommend I learn in order to make my own external ESP? I copy pasted yours but I get 'Method Must Have a Return Type" error. But even if that worked flawless I would much rather learn my self and create my own. What things in c# would you say are the best to learn for making a esp?
p.s. sorry about posting this here. but I cannot pm until 20 posts.
What would you recommend I learn in order to make my own external ESP? I copy pasted yours but I get 'Method Must Have a Return Type" error. But even if that worked flawless I would much rather learn my self and create my own. What things in c# would you say are the best to learn for making a esp?
p.s. sorry about posting this here. but I cannot pm until 20 posts.
1-) DO NOT Copy&paste others codes.. you'll not learn doing this and no one likes who do this.
2-) Learn C++ and DirectX, you can use C# as well, but C++ is better for this. Learn how do draw lines, text, etc etc with DirectX (or GDI.. but GDI is much slower than D3D)
3-) When you get to the point you can easily do hacks using offsets found by others, its time to learn reverse engineering and find the offsets by yourself.
4-) Last, google is you best friend when making hacks... search stuff that you don't know how to do (but not copy paste them
)Well, since this thread got revived, I'm gonna add some snippets too
GetTagPos, Offsets for 1.4.382 (TeknoMW3 version)
Code:
typedef int(*R_RegisterTag)(char *szName);
R_RegisterTag GetTagByName = (R_RegisterTag)0x4922E0;
bool GetTagPos(Entity_T *pEnt,char *szTag,float flOut[3])
{
WORD wTag=GetTagByName(szTag);
if(!wTag)
return false;
DWORD dwCall=0x00571790;
__asm
{
MOV ESI,pEnt;
MOVZX EDI,wTag;
PUSH flOut;
CALL dwCall;
ADD ESP,0x4
}
return true;
}
Code:
typedef void ( __cdecl *CG_Trace_t)( trace_t *tr,vec3_t start,vec3_t endpos,int Skip,int mask );
CG_Trace_t CG_Trace=(CG_Trace_t)0x55A820;
bool IsVisible(float *Point)
{
trace_t trace;
CG_Trace(&trace,RefDef->Origin,Point,Cg->ClientNumber,0x803003);
return (trace.Fraction>=0.97f);
}
Code:
typedef void* ( * tRegisterFont )( char* szName );
typedef int ( * tDrawEngineText )( char* Text, int NumOfChars, void* Font, float X, float Y, float scaleX, float scaleY, float unk1, float* Color, int unk2 );
tDrawEngineText DrawEngineText_ = ( tDrawEngineText )0x0042C970;
void DrawText(float x, float y, void* pFont, float* color, const char *Text, ... )
{
char buf[300] = "";
va_list va_alist;
va_start( va_alist, Text );
vsnprintf( buf, sizeof( buf ), Text, va_alist );
va_end( va_alist );
DrawEngineText_( ( char* )buf, 0x7FFFFFFF, pFont, x, y, 1.0f, 1.0f, 0.0f, color, 0 );
}
Code:
#define FONT_SMALL_DEV "fonts/smallDevFont" #define FONT_BIG_DEV "fonts/bigDevFont" #define FONT_CONSOLE "fonts/consoleFont" #define FONT_BIG "fonts/bigFont" #define FONT_SMALL "fonts/smallFont" #define FONT_BOLD "fonts/boldFont" #define FONT_NORMAL "fonts/normalFont" #define FONT_EXTRA_BIG "fonts/extraBigFont" #define FONT_OBJECTIVE "fonts/objectiveFont"
Well thanks @General Shepherd ;p
@Randomsheit , You'll want to paste that code into a form with no border, set to the size and location of your game window (google "GetWindowRect"), with a transparent background set to the colour you clear with. The error you're getting is due to the constructor function being placed outside of a similarly named form.
@Randomsheit , You'll want to paste that code into a form with no border, set to the size and location of your game window (google "GetWindowRect"), with a transparent background set to the colour you clear with. The error you're getting is due to the constructor function being placed outside of a similarly named form.
Dead thread D:
Level flash function:
Didn't test it though.
Level flash function:
Code:
Function LevelFlash(ByVal LevelAddress As Integer, ByVal LevelValue As Integer)
1: LevelAddress = &H1DBD238
LevelValue += 1
WriteMemory(LevelAddress, 1) 'Start from level 1.
Do Until 0 'Loop, keep adding 1 for next level.
WriteMemory(LevelAddress, LevelValue)
Loop
If ReadMemory(LevelAddress) = 80 Then 'If level reaches maximum value (80) go to 1 (beggining).
GoTo 1
End If
End Function
Universal Internal Radar [C++]:
credits : CyberPresents , -InSaNe for Scanner (and UiShowList Pattern) and master131 for 1.4.382 OFFSETS ,King Orgy aka heimwerker , Smoochy and meh for making patterns for rest addresses.
Code:
typedef void (__cdecl* tDrawEngineRadar )( int unk1, int disableRotation, int unk2, CRadarHud* radar, int* shader, Color color );
typedef void (__cdecl* OverlayPackage_ )( int a1, int a2, int a3, CRadarHud* radar, int* shader, Color color );
typedef void (*OverlayEnemy_)(int a1, int a2, int a3, CRadarHud* hud, Color col);
typedef void (*OverlayFriendly_)(int a1, int a2, int a3, CRadarHud* hud, Color col);
typedef void (*OverlayTurret_)(int a1, int a2, int a3, CRadarHud* hud, Color col);
typedef void (*OverlayHeli_)(int a1, int a2, int a3, CRadarHud* hud, Color col);
typedef void (*OverlayPlane_)(int a1, int a2, int a3, CRadarHud* hud, Color col);
typedef int* ( *R_RegisterShader ) ( char* szName );
typedef void ( __cdecl* tUiShowList ) ( int a1, int a2, int a3, int a4 );
DWORD OverlayEnemy_OFF , OverlayFriendly_OFF , OverlayLocal_OFF , OverlayPlane_OFF , OverlayHelicopter_OFF , OverlayTurret_OFF , EngineRadar_OFF , OverlayPackage_OFF , RegisterShader_OFF , UiShowList_OFF;
tDrawEngineRadar DrawEngineRadar;
OverlayPackage_ OverlayPackage;
OverlayEnemy_ OverlayEnemy ;
OverlayFriendly_ OverlayFriendly;
OverlayTurret_ OverlayTurret ;
OverlayHeli_ OverlayHeli;
OverlayPlane_ OverlayPlane;
R_RegisterShader RegisterShader_;
tUiShowList UiShowList;
void Scan()
{
EngineRadar_OFF = FindPattern ( "\x83\xEC\x2C\xA1\x00\x00\x00\x00\x53" , "xxxx????x" );
OverlayPackage_OFF = FindPattern ( "\x55\x8B\xEC\x83\xE4\xF8\x81\xEC\x00\x00\x00\x00\xA1" , "xxxxxxxx????x" );
OverlayEnemy_OFF = FindPattern ( "\x83\xEC\x64\x53\x56\x8B\x74\x24\x70" , "xxxxxxxxx" );
OverlayFriendly_OFF = FindPattern ( "\x81\xEC\x00\x00\x00\x00\xF7\x05\x00\x00\x00\x00\x00\x00\x00\x00\x75\x0D" , "xx????xx????????xx" );
OverlayTurret_OFF = FindPattern ( "\xA1\x00\x00\x00\x00\x69\xC0\x00\x00\x00\x00\x83\xEC\x68" , "x????xx????xxx" );
OverlayHelicopter_OFF = FindPattern ( "\x83\xEC\x50\x83\x3D" , "xxxxx" );
OverlayPlane_OFF = FindPattern ( "\x83\xEC\x54\xA1\x00\x00\x00\x00\x53" , "xxxx????x" );
RegisterShader_OFF = FindPattern ( "\x8b\x44\x24\x04\x80\x38\x00\x75\x00", "xxxxxxxx?" );
DrawEngineRadar = ( tDrawEngineRadar ) EngineRadar_OFF;
OverlayPackage = ( OverlayPackage_ ) OverlayPackage_OFF;
OverlayEnemy = (OverlayEnemy_) OverlayEnemy_OFF;
OverlayFriendly = (OverlayFriendly_) OverlayFriendly_OFF;
OverlayTurret = (OverlayTurret_) OverlayTurret_OFF;
OverlayHeli = (OverlayHeli_) OverlayHelicopter_OFF;
OverlayPlane = (OverlayPlane_) OverlayPlane_OFF;
RegisterShader_ = (R_RegisterShader) RegisterShader_OFF;
CRadarHud radarhud;
radarhud.x = 590;
radarhud.y = 5;
radarhud.w = 200;
radarhud.h = 200;
static int* whiteshader = RegisterShader_("white");
if ( GetAsyncKeyState ( VK_F1 ) & 1 )
hax = !hax;
if (hax)
{
DrawEngineRadar( 0 , 0 , 0 , &radarhud,whiteshader, WHITE);
OverlayPackage(0, 0, 0, &radarhud, whiteshader, WHITE);
OverlayEnemy(0, 0, 0, &radarhud, RED);
OverlayFriendly(0, 0, 0, &radarhud, BLUE );
OverlayHeli(0, 0, 0, &radarhud, WHITE );
OverlayPlane(0, 0, 0, &radarhud, GREEN );
OverlayTurret(0, 0, 0, &radarhud, WHITE);
}
}
C# | Basic memory editing to mess up the title
Let's undead this Thread
Here is some basic memory editing using Jorndel memory class
Credits to Jorndel:
And here is some basic memory editing of me
Nvm it's console style 
Here is some basic memory editing using Jorndel memory class
Credits to Jorndel:
Code:
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;
namespace TitleDestroyer
{
class Memory
{
#region Basic Stuff
[DllImport("kernel32.dll")]
private static extern Int32 ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesWritten);
[DllImport("kernel32.dll")]
private static extern Int32 WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesWritten);
IntPtr pHandel;
public bool Process_Handle(string ProcessName)
{
try
{
Process[] ProcList = Process.GetProcessesByName(ProcessName);
if (ProcList.Length == 0)
return false;
else
{
pHandel = ProcList[0].Handle;
return true;
}
}
catch (Exception ex)
{ Console.Beep(); Console.WriteLine("Process_Handle - " + ex.Message); return false; }
}
private byte[] Read(int Address, int Length)
{
byte[] Buffer = new byte[Length];
IntPtr Zero = IntPtr.Zero;
ReadProcessMemory(pHandel, (IntPtr)Address, Buffer, (UInt32)Buffer.Length, out Zero);
return Buffer;
}
private void Write(int Address, int Value)
{
byte[] Buffer = BitConverter.GetBytes(Value);
IntPtr Zero = IntPtr.Zero;
WriteProcessMemory(pHandel, (IntPtr)Address, Buffer, (UInt32)Buffer.Length, out Zero);
}
#endregion
//This is the part you want to edit
#region Write Functions (Integer & String)
public void WriteInteger(int Address, int Value)
{
Write(Address, Value);
}
public void WriteString(int Address, string Text)
{
byte[] Buffer = new ASCIIEncoding().GetBytes(Text);
IntPtr Zero = IntPtr.Zero;
WriteProcessMemory(pHandel, (IntPtr)Address, Buffer, (UInt32)Buffer.Length, out Zero);
}
public void WriteBytes(int Address, byte[] Bytes)
{
IntPtr Zero = IntPtr.Zero;
WriteProcessMemory(pHandel, (IntPtr)Address, Bytes, (uint)Bytes.Length, out Zero);
}
public void WriteNOP(int Address)
{
byte[] Buffer = new byte[] { 0x90, 0x90, 0x90, 0x90, 0x90 };
IntPtr Zero = IntPtr.Zero;
WriteProcessMemory(pHandel, (IntPtr)Address, Buffer, (UInt32)Buffer.Length, out Zero);
}
#endregion
#region Read Functions (Integer & String)
public int ReadInteger(int Address, int Length = 4)
{
return BitConverter.ToInt32(Read(Address, Length), 0);
}
public string ReadString(int Address, int Length = 4)
{
return new ASCIIEncoding().GetString(Read(Address, Length));
}
public byte[] ReadBytes(int Address, int Length)
{
return Read(Address, Length);
}
#endregion
}
}
Code:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace TitleDestroyer
{
class Program
{
static void Main(string[] args)
{
Memory Title = new Memory();
while (true) {
Console.WriteLine("To change your title type 'y',to quit 'q'");
string input = Console.ReadLine();
if (input.ToLower() == "y")
{
if (Title.Process_Handle("iw5mp") == false)
{
Console.WriteLine("Start your mw3 please");
}
else
{
break;
}
} else if (input.ToLower() == "q")
{
Console.WriteLine("Tool made by Arnie");
Console.ReadLine();
Environment.Exit(1);
}
else if (input.ToLower() == "prestige")
{
Title.WriteInteger(0x1CDBC64, 21);
Console.WriteLine("Changed Prestige");
Console.WriteLine("Tool made by Arnie");
Console.ReadLine();
Environment.Exit(1);
}
else
{
Console.WriteLine("Input could not be reconized");
}
}
Title.WriteString(0x01328D35, "$/%/()%&/(%/(%)&)%%$&$$)=/=&%(%)=&/(%&$&=`?(?(?/²³³{{³²³{{³{");
Title.WriteString(0x01328D35, " ");
while (true) {
Console.WriteLine("Do you want to edit your title and clan tag?");
Console.WriteLine("Yes'y' or No'n'");
string selection = Console.ReadLine();
if(selection.ToLower() == "y")
{
Console.WriteLine("Put your title text in");
string TitleText = Console.ReadLine();
Title.WriteString(0x01328D35, TitleText);
Console.WriteLine("Put your tag text in");
string TagText = Console.ReadLine();
Title.WriteString(0x01328D54, TagText);
break;
}
else if (selection.ToLower() == "n")
{
break;
}
else
{
Console.WriteLine("Input could not be reconized");
}
}
Console.WriteLine("Changing the title fully completed :)");
Console.WriteLine("Tool made by Arnie");
Console.ReadKey();
}
}
}
Similar Threads
- 220Last post
- A useful Snippet you kiddos can use. POST yours here to!!By Nubzgetkillz in CrossFire Hack Coding / Programming / Source Code10Last post
- 49Last post
- 3Last post