Hacker Fail (04-29-2013),lol121lol1 (04-07-2012),R3dLine (01-16-2012)
Everything I post is asm, I also had the mem for everything except for anti afk and opk, but I lost them >.<
Addresses:
Stamina:Code:#define MEM_STAMINA 0x00C35FFC #define MEM_GODMODE 0x00C32948//int #define MEM_SPEED 0x00C1CB68//float #define MEM_POSX 0x00C1BFD4//float #define MEM_POSY 0x00C1BFD8//float #define MEM_POSZ 0x00C1BFDC//float #define MEM_GRAVITYX 0x00C1BFE4//float #define MEM_GRAVITYY 0x00C1BFE8//float #define MEM_GRAVITYZ 0x00C1BFEC//float #define ADR_STAMINA1 0x00483EF0 #define ADR_STAMINA2 0x00483EF5 #define ADR_ANTIAFK 0x006382AD #define ADR_OPKX 0x00461970 #define ADR_OPKY 0x0046197A #define ADR_OPKZ 0x00461980 #define ADR_CODECAVEOPK 0x00702000 #define MEM_OPKCCPOSX 0x00701000// use for the position you want the players to teleport to(x) #define MEM_OPKCCPOSY 0x00701004// use for the position you want the players to teleport to(y) #define MEM_OPKCCPOSZ 0x00701008// use for the position you want the players to teleport to(z) #define ADR_BACK2LOBBY 0x00405C5E #define ADR_NORELOAD 0x0048C6C7 #define ADR_WEAPONSWITCH 0x00535F9A #define ADR_GUNMODE1 0x004893F6//primary gun #define ADR_GUNMODE2 0x0048C0D7//secondary+grenades #define ADR_QUICKDRAW1 0x00536383 #define ADR_QUICKDRAW2 0x0053661B #define ADR_NODELAY 0x0049128B #define MEM_NODELAY 0x00A199E0//0
Anti Afk:Code:if(item.stamina==1) { ctool->WriteAsm((void*)ADR_STAMINA1,(LPBYTE)"\x83\x3F\x32",3); ctool->WriteAsm((void*)ADR_STAMINA2,(LPBYTE)"\xC7\x07\x4B\x00\x00\x00",6); } else { ctool->WriteAsm((void*)ADR_STAMINA1,(LPBYTE)"\x83\x3F\x01",3); ctool->WriteAsm((void*)ADR_STAMINA2,(LPBYTE)"\xC7\x07\x01\x00\x00\x00",6); }
No Delay:Code:if(item.antiafk==1) { ctool->WriteAsm((void*)ADR_ANTIAFK,(LPBYTE)"\x90",1); } else { ctool->WriteAsm((void*)ADR_ANTIAFK,(LPBYTE)"\xC3",1); }
Quick Draw:Code:if(item.nodelay==1){ ctool->WriteAsm((void*)ADR_NODELAY,(LPBYTE)"\xC7\x80\x40\x02\x00\x00\x00\x00\x00\x00\x90\x90\x90\x90\x90\x90",16);//mov [eax+00000240],00000000 + nop 6x }else{ ctool->WriteAsm((void*)ADR_NODELAY,(LPBYTE)"\x74\x05\x8B\x51\x08\xEB\x03\x8B\x51\x04\x89\x90\x40\x02\x00\x00",16); }
Gun Mode(1 shot, 2shots, 3 shots, automatic):Code:if(item.quickdraw==1){ ctool->WriteAsm((void*)ADR_QUICKDRAW1,(LPBYTE)"\x0F\x8D\x84\x00\x00\x00",6);//zoom in ctool->WriteAsm((void*)ADR_QUICKDRAW2,(LPBYTE)"\x0F\x8D\x85\x00\x00\x00",6);//zoom out }else{ ctool->WriteAsm((void*)ADR_QUICKDRAW1,(LPBYTE)"\x0F\x8E\x84\x00\x00\x00",6); ctool->WriteAsm((void*)ADR_QUICKDRAW2,(LPBYTE)"\x0F\x8E\x85\x00\x00\x00",6); }
No Reload:Code:if(item.gunmode==1){ if(item.gunmode1==1){ ctool->WriteAsm((void*)ADR_GUNMODE1,(LPBYTE)"\xBA\x01\x00\x00\x00\x90\x90\x90\x90",9);}//1 shot primary weapon if(item.gunmode1==2){ ctool->WriteAsm((void*)ADR_GUNMODE1,(LPBYTE)"\xBA\x02\x00\x00\x00\x90\x90\x90\x90",9);}//2 shots primary weapon if(item.gunmode1==2){ ctool->WriteAsm((void*)ADR_GUNMODE1,(LPBYTE)"\xBA\x03\x00\x00\x00\x90\x90\x90\x90",9);}//3 shots primary weapon if(item.gunmode1==2){ ctool->WriteAsm((void*)ADR_GUNMODE1,(LPBYTE)"\xBA\x04\x00\x00\x00\x90\x90\x90\x90",9);}//automatic primary weapon if(item.gunmode1==0){ ctool->WriteAsm((void*)ADR_GUNMODE1,(LPBYTE)"\x89\x86\xD4\x22\x00\x00\x8B\x51\x0C",9);}//off primary weapon if(item.gunmode2==1){ ctool->WriteAsm((void*)ADR_GUNMODE2,(LPBYTE)"\xBA\x01\x00\x00\x00\x90\x90\x90\x90",9);}//1 shot secondary weapon if(item.gunmode2==2){ ctool->WriteAsm((void*)ADR_GUNMODE2,(LPBYTE)"\xBA\x02\x00\x00\x00\x90\x90\x90\x90",9);}//2 shots secondary weapon if(item.gunmode2==2){ ctool->WriteAsm((void*)ADR_GUNMODE2,(LPBYTE)"\xBA\x03\x00\x00\x00\x90\x90\x90\x90",9);}//3 shots secondary weapon if(item.gunmode2==2){ ctool->WriteAsm((void*)ADR_GUNMODE2,(LPBYTE)"\xBA\x04\x00\x00\x00\x90\x90\x90\x90",9);}//automatic secondary weapon if(item.gunmode2==0){ ctool->WriteAsm((void*)ADR_GUNMODE2,(LPBYTE)"\x8B\x87\xD0\x11\x00\x00\x8B\x48\x0C",9);}//off secondary weapon } else { ctool->WriteAsm((void*)ADR_GUNMODE1,(LPBYTE)"\x89\x86\xD4\x22\x00\x00\x8B\x51\x0C",9);//off ctool->WriteAsm((void*)ADR_GUNMODE2,(LPBYTE)"\x8B\x87\xD0\x11\x00\x00\x8B\x48\x0C",9);//off }
Weapon Switch:Code:if(item.noreload==1) { ctool->WriteAsm((void*)ADR_NORELOAD,(LPBYTE)"\x90\x90",2); } else { ctool->WriteAsm((void*)ADR_NORELOAD,(LPBYTE)"\x89\x11",2); }
Back To Lobby:Code:if(item.weapswitch==1) { ctool->WriteAsm((void*)ADR_WEAPONSWITCH,(LPBYTE)"\xB8\x64\x00\x00\x00\x90",6); } else { ctool->WriteAsm((void*)ADR_WEAPONSWITCH,(LPBYTE)"\x8B\x86\x1C\x02\x00\x00",6); }
Opk Bytes:Code:if(item.b2l==1) { ctool->WriteAsm((void*)ADR_BACK2LOBBY,(LPBYTE)"\x90\x90",2); int b2l=0; } if(item.b2l==0) { ctool->WriteAsm((void*)ADR_BACK2LOBBY,(LPBYTE)"\x75\x09",2); }
Opk Source:Code:BYTE OPKJUMPTOCODECAVE [] = {0xE9,0x8B,0x06,0x2A,0x00};//jmp to 702000 BYTE OPKCODECAVECODE [] = {0xA1,0x04,0x10,0x70,0x00,0x81,0xC2,0xD8,0x00,0x00,0x00,0x89,0x02,0x8B,0x0D,0x08,0x10,0x70,0x00,0x89,0x4A,0x04,0xA1,0x00,0x10,0x70,0x00,0xE9,0x63,0xF9,0xD5,0xFF};//opk code BYTE OPKOFF [] = {0x8B,0x07,0x81,0xC2,0xD8,0x00,0x00,0x00};// off
Opk Screen:Code:if(item.opk==1){ *(float*)MEM_OPKCCPOSX = (*(float*)MEM_POSX)+100.0f; *(float*)MEM_OPKCCPOSY = (*(float*)MEM_POSY)-50.0f; *(float*)MEM_OPKCCPOSZ = (*(float*)MEM_POSZ)-50.0f; ctool->WriteAsm((void*)ADR_OPKX,OPKJUMPTOCODECAVE,5); ctool->WriteAsm((void*)ADR_CODECAVEOPK,OPKCODECAVECODE,32); } else { ctool->WriteAsm((void*)ADR_OPKX,OPKOFF,8); }
Credits:
Me
Cheat Engines
Ollydgb
Ida pro
Last edited by schaapjes; 12-16-2011 at 05:40 PM.
Hacker Fail (04-29-2013),lol121lol1 (04-07-2012),R3dLine (01-16-2012)
I dont know how to edit the post...
The addy's are outdated, I'm currently updating them
Whats back to lobby?
There are five possible operations for any army. If you can fight, fight; if you cannot fight, defend; if you cannot defend, flee; if you cannot flee, surrender; if you cannot surrender, die." - Sima Yi
When you turn it on you will go back to lobby..
Why not just exit game? o.O
Oh btw I used some of your code in my latest release and I'd like to thank you for that!
PM me if you would like to be interested in working with me in the future.
There are five possible operations for any army. If you can fight, fight; if you cannot fight, defend; if you cannot defend, flee; if you cannot flee, surrender; if you cannot surrender, die." - Sima Yi
Well it could be usefull if you make a bot, and it's faster if you make with hotkey..I made warrock hacks, and back 2 lobby was usefull if a gm is watching you
No problem ^^
Uhmm... I'm not very active anymore, sometimes I search things but not often..
I haven't been very active either but I'm been trying to port my hack to the EU version and also been trying to make my hacks as self updating as possible. Using some segments of your code I was able to use code signatrues to make all the asembly functions autosearch the addy thus autoupdating.
For MGAME do you have a working D3D hack? or is it all hotkeys?
There are five possible operations for any army. If you can fight, fight; if you cannot fight, defend; if you cannot defend, flee; if you cannot flee, surrender; if you cannot surrender, die." - Sima Yi
Oh Ok well, if I got MGAME working without crash and ban then I will share it with you But for now I haven't found an antiban witch you also can kill.....
I got everything working but the banning part is annoying, I have like 35 banned account >.<
But I suggest that netgame isn't using an anticheat yet?
MGAME uses GameGuard which is too hardcore of an anticheat =( I need to find a better VPN cuz all the VPN's i use don't work for gaming. When I connect from Canada i just get banned D=.
Netgame uses APR which is a piece of trash. I use Cheat Engine on it and attach debuggers all the time. It is good practice for find addies and then porting them over to MGAME.
Does MGAME detect assembly hacks? And also D3D hacks?
There are five possible operations for any army. If you can fight, fight; if you cannot fight, defend; if you cannot defend, flee; if you cannot flee, surrender; if you cannot surrender, die." - Sima Yi
I don't think MGAME uses GameGuard I've deleted gameguard folder.. nothing hapened. I checked what operation7.exe in Mgame file:
Apr_Show.dll
dbghelp.dll
fmodex.dll
d3dx9_33.dll
I disabled Apr_Show.dll, and still it detects when I changed bytes, so the detection must be in operation7
Really o.O Fake gameguard to scare people xD
Guess we need to work on a bypass ;P
There are five possible operations for any army. If you can fight, fight; if you cannot fight, defend; if you cannot defend, flee; if you cannot flee, surrender; if you cannot surrender, die." - Sima Yi
Uhu I still trying to make bypass, still some crashes :-[
I'm not that good with bypassing things
Big thanks for the opk hack, i can use it in my private aimbot !
@schaapjes the addies still UD buddy or ?
No those aren't UD anymore, I have updated some:
#define MEM_STAMINA 0x00C35FFC//updated
#define MEM_GODMODE 0x00C32928//int
#define MEM_SPEED 0x00C1CB28//float up
#define MEM_POSX 0x00C1BF98//float up
#define MEM_POSY 0x00C1BF9C//float up
#define MEM_POSZ 0x00C1BFA0//float up
#define MEM_YAW 0x00C1BFB0//float
#define MEM_PITCH 0x00C1BFB4//float
#define MEM_GRAVITYX 0x00C1BFA4//float up
#define MEM_GRAVITYY 0x00C1BFA8//float up
#define MEM_GRAVITYZ 0x00C1BFAC//float up
#define ADR_STAMINA1 0x00484680//updated
#define ADR_STAMINA2 0x00484685//updated
#define ADR_ANTIAFK 0x0063925D//updated
#define ADR_OPKX 0x004620D0//updated
#define ADR_OPKY 0x004620DA//updated
#define ADR_OPKZ 0x004620E0//updated
#define ADR_CODECAVEOPK 0x00702000
#define MEM_OPKCCPOSX 0x00701000// use for the position you want the players to teleport to(x)
#define MEM_OPKCCPOSY 0x00701004// use for the position you want the players to teleport to(y)
#define MEM_OPKCCPOSZ 0x00701008// use for the position you want the players to teleport to(z)
#define ADR_BACK2LOBBY 0x00405C4E//updated
#define ADR_NORELOAD 0x0048D4F7//updated
#define ADR_WEAPONSWITCH 0x0053631A//updated
#define ADR_GUNMODE1 0x00489C16//primary gun updated+byte
#define ADR_GUNMODE2 0x0048C9D7//secondary+grenades updated
#define ADR_QUICKDRAW1 0x00536703//updated
#define ADR_QUICKDRAW2 0x0053699B//updated
#define ADR_NODELAY 0x00491B8B//updated
#define MEM_USERNAME 0x0070B674//updated
#define MEM_NICKNAME 0x00C3FE34//updated
#define MEM_VERSION 0x006DC340//updated
Some bytes changed
for opk:
00702000 - A1 00107000 - mov eax,[00701000]
00702005 - 81 C2 D8000000 - add edx,000000D8
0070200B - 89 02 - mov [edx],eax
0070200D - 8B 0D 04107000 - mov ecx,[00701004]
00702013 - 89 4A 04 - mov [edx+04],ecx
00702016 - A1 08107000 - mov eax,[00701008]
0070201B - E9 C300D6FF - jmp 004620E3
004620D0 - E9 2BFF2900 - jmp 00702000
BYTE OPKJUMPTOCODECAVE [] = {0xE9,0x2B,0xFF,0x29,0x00};//jmp to 702000
BYTE OPKCODECAVECODE [] = {0xA1,0x00,0x10,0x70,0x00,0x81,0xC2,0xD8,0x00,0x00 ,0x00,0x89,0x02,0x8B,0x0D,0x04,0x10,0x70,0x00,0x89 ,0x4A,0x04,0xA1,0x08,0x10,0x70,0x00,0xE9,0xC3,0x00 ,0xD6,0xFF};//opk code
BYTE OPKOFF [] = {0x8B,0x07,0x81,0xC2,0xD8,0x00,0x00,0x00};//
some return addresses
0x52E1C6 head
0x52E265 body
0x4A6CC1 sky
0x480648 bomb
Off is making OPKX not jumping but restore it to orginal
R3dLine (01-17-2012)