Thread: L T Client addy

Page 1 of 3 123 LastLast
Results 1 to 15 of 31
  1. #1
    RedThunder's Avatar
    Join Date
    Sep 2009
    Gender
    male
    Posts
    2,599
    Reputation
    84
    Thanks
    553
    My Mood
    Twisted

    L T Client addy

    does anyone know the LT Client addy if so please post it and ill give you a 50% credit if i release my hack
    TROLL MATH
    14 posts per thread per hour, even at 1 thread an hour in 5 hours, general trolling time, thats 70 posts, and seeing as i try to run it at about 3 threads at a time, then i can make 210 posts in a day which means in 10 days i could be back to where i am if i started a new account, lol so in theory in a month id have 6k posts, in 2 months id have 12k, in 3 months 18k, in 4 months id have 24k and i could have the highest post count on the forum

    14*3*5*10*3*4=highest post count on the forums in 4 months

  2. #2
    Xlilzoosk8rX's Avatar
    Join Date
    Dec 2008
    Gender
    male
    Location
    the-ville, PA
    Posts
    358
    Reputation
    24
    Thanks
    53
    HMMM.
    1. open up olly,
    2. open CShell.dll with olly
    3. stop the dissassembly around 70 - 90%
    4. right click in main window
    5. select search for from the context menu
    6. select "all referenced text strings"
    7. click the first line of the results.
    8. right click
    9. select search for text
    10. search for it.

    No one is just going to give it to you man,
    this is about as close as you will come to
    getting the addie handed to you.

  3. #3
    RedThunder's Avatar
    Join Date
    Sep 2009
    Gender
    male
    Posts
    2,599
    Reputation
    84
    Thanks
    553
    My Mood
    Twisted
    well thats actualy great, thanks im kind of new to coding and addy finding ive only ever hacked flash games like dragon fable for some friends in the past


    ok so ive got it open in olly now what exactly am i looking for

    ok i think ive got the addy, im not positive
    Code:
    Text strings referenced in CShell:.text, item 28110
     Address=3764D75A
     Disassembly=PUSH CShell.376AD9CC
     Text string=ASCII "IL***ient.Default"
    Text strings referenced in CShell:.text, item 28096

    Last edited by RedThunder; 03-14-2010 at 03:13 PM.
    TROLL MATH
    14 posts per thread per hour, even at 1 thread an hour in 5 hours, general trolling time, thats 70 posts, and seeing as i try to run it at about 3 threads at a time, then i can make 210 posts in a day which means in 10 days i could be back to where i am if i started a new account, lol so in theory in a month id have 6k posts, in 2 months id have 12k, in 3 months 18k, in 4 months id have 24k and i could have the highest post count on the forum

    14*3*5*10*3*4=highest post count on the forums in 4 months

  4. #4
    TheBigBoy's Avatar
    Join Date
    Jan 2010
    Gender
    male
    Location
    texas
    Posts
    160
    Reputation
    19
    Thanks
    115
    377338D0 :P

  5. #5
    RedThunder's Avatar
    Join Date
    Sep 2009
    Gender
    male
    Posts
    2,599
    Reputation
    84
    Thanks
    553
    My Mood
    Twisted
    oh so i did it wrong then LOL, mmk so can i just put this in gellins base adn run it, or do i have to change the detour still
    TROLL MATH
    14 posts per thread per hour, even at 1 thread an hour in 5 hours, general trolling time, thats 70 posts, and seeing as i try to run it at about 3 threads at a time, then i can make 210 posts in a day which means in 10 days i could be back to where i am if i started a new account, lol so in theory in a month id have 6k posts, in 2 months id have 12k, in 3 months 18k, in 4 months id have 24k and i could have the highest post count on the forum

    14*3*5*10*3*4=highest post count on the forums in 4 months

  6. #6
    TheBigBoy's Avatar
    Join Date
    Jan 2010
    Gender
    male
    Location
    texas
    Posts
    160
    Reputation
    19
    Thanks
    115
    i dont know anything about "gellins base" but why are u needing to add detours, and what are the current ones thats in the base now,and are you adding a menu? answer these questions and i might be able to help you.

  7. #7
    crazygamer53's Avatar
    Join Date
    Oct 2008
    Gender
    male
    Location
    Massachusetts
    Posts
    211
    Reputation
    10
    Thanks
    23
    My Mood
    Psychedelic
    Quote Originally Posted by XXGWBushXX View Post
    does anyone know the LT Client addy if so please post it and ill give you a 50% credit if i release my hack
    When you say LT, do u mean life taker?
    Quote Originally Posted by liquidforce View Post

    chuck norris is not affraid of death, death is afraid of chuck norris

    Don't be afraid to click thanks if I helped.

    P.S. I only bite on Wednesdays

    Goals = complete = not yet
    Get banned once
    Get banned three times
    Get banned 10 times
    Get a legit ultrakill
    Get a legit Fantastic
    Get a legit Unbelievable
    Own A vip hacker
    Get VIP
    Make my own mod
    Make my own hack

  8. #8
    TheBigBoy's Avatar
    Join Date
    Jan 2010
    Gender
    male
    Location
    texas
    Posts
    160
    Reputation
    19
    Thanks
    115
    no he does not he means the pointer what yall call the "Console Pointer"

  9. #9
    crazygamer53's Avatar
    Join Date
    Oct 2008
    Gender
    male
    Location
    Massachusetts
    Posts
    211
    Reputation
    10
    Thanks
    23
    My Mood
    Psychedelic
    Quote Originally Posted by TheBigBoy View Post
    no he does not he means the pointer what yall call the "Console Pointer"
    Oh, lol. What does that do?
    Quote Originally Posted by liquidforce View Post

    chuck norris is not affraid of death, death is afraid of chuck norris

    Don't be afraid to click thanks if I helped.

    P.S. I only bite on Wednesdays

    Goals = complete = not yet
    Get banned once
    Get banned three times
    Get banned 10 times
    Get a legit ultrakill
    Get a legit Fantastic
    Get a legit Unbelievable
    Own A vip hacker
    Get VIP
    Make my own mod
    Make my own hack

  10. #10
    RedThunder's Avatar
    Join Date
    Sep 2009
    Gender
    male
    Posts
    2,599
    Reputation
    84
    Thanks
    553
    My Mood
    Twisted
    Quote Originally Posted by TheBigBoy View Post
    i dont know anything about "gellins base" but why are u needing to add detours, and what are the current ones thats in the base now,and are you adding a menu? answer these questions and i might be able to help you.
    its already got a menu
    you can check it out here and download teh source aswell
    http://www.mpgh.net/forum/207-combat...arms-base.html

    this is the detours code
    Code:
    #include <windows.h>
    #include <stdio.h>
    #include <stdlib.h> 
    #include "CDetour.h"
    
    void* CDetour::memcpy_s( void* pvAddress, const void* pvBuffer, size_t stLen )
    {
    	MEMORY_BASIC_INFORMATION mbi;
    	VirtualQuery( ( void* )pvAddress, &mbi, sizeof( mbi ) );
    	VirtualProtect( mbi.BaseAddress, mbi.RegionSize, PAGE_EXECUTE_READWRITE, &mbi.Protect );
    	void* pvRetn = memcpy( ( void* )pvAddress, ( void* )pvBuffer, stLen );
    	VirtualProtect( mbi.BaseAddress, mbi.RegionSize, mbi.Protect, &mbi.Protect );
    	FlushInstructionCache( GetCurrentProcess( ), ( void* )pvAddress, stLen );
    	return pvRetn;
    }
    
    void *CDetour::Create(BYTE *orig, const BYTE *det, int iPatchType, int len)
    {
    	if( this->IsHooked == true )
    	{
    		return 0;
    	}
    
    	BYTE *jmp = NULL;
    	int iMinLen = 0;
    
    	// Get minimum bytes to overwrite
    	if(iPatchType == DETOUR_TYPE_OBS_RAND)
    		iPatchType = (rand() % (DetourRandTypeHigh - DetourRandTypeLow + 1) + DetourRandTypeLow);
    
    	if(!(iMinLen = GetDetourLen(iPatchType)))
    		return 0;
    
    	if(len != 0 && len < iMinLen)
    		return 0;
    
    	// Try and find the end of the instruction automatically
    	if(len == 0)
    	{
    		len = GetDetourLenAuto(orig, iMinLen);
    
    		if(len < iMinLen)
    			return 0;
    	}
    
    	if( !Detour( jmp, orig, det, iPatchType, len ) )
    	{
    		return 0;
    	}
    	else
    	{
    		this->IsHooked = true;
    	}
    
    	return (jmp-len);
    }
    
    bool CDetour::PatchHook( void* pvPatchAddress, void* pvBuffer, int len )
    {
    	this->memcpy_s( pvPatchAddress, pvBuffer, ( size_t )len );
    
    	if( *( BYTE* )pvPatchAddress == *( BYTE* )pvBuffer )
    	{
    		this->IsHooked = true;
    	}
    	return this->IsHooked;
    }
    
    bool CDetour::Detour(BYTE *&jmp, BYTE *&orig, const BYTE *&det, int iPatchType, int len)
    {
    	DWORD dwBack = 0;
    	int i = 0;
    	BYTE *pPatchBuf = NULL;
    
    	// Allocate space for the jump
    	jmp = (BYTE*)malloc(len+5);
    
    	// Force page protection flags to read|write
    	MEMORY_BASIC_INFORMATION mbi;
    	VirtualQuery( ( void* )orig, &mbi, sizeof( mbi ) );
    	VirtualProtect( mbi.BaseAddress, mbi.RegionSize, PAGE_READWRITE, &mbi.Protect );
    
    	// Copy the overwritten opcodes at the original to the malloced space
    	memcpy(jmp, orig, len);	
    	
    	// Increment to the end of the opcodes at the malloced space
    	jmp += len;
    	
    	// Place a jump back to the original at this point
    	jmp[0] = 0xE9;
    	*(DWORD*)(jmp+1) = (DWORD)(orig+len - jmp) - 5;
    
    	// Generate a random opcode
    	int iTmpRnd = (rand() * 0xFF) + rand();
    	BYTE bTmpRnd = (BYTE)iTmpRnd;
    
    	// Place a jump at the original to the detour function
    	pPatchBuf = new BYTE[len];
    	
    	// Pad out the bytes with NOPs so we don't have ends of intructions
    	memset(pPatchBuf, 0x90, len);
    
    	// Write the opcodes to the buffer according to patch type
    	switch(iPatchType)
    	{
    		case DETOUR_TYPE_JMP:
    			pPatchBuf[0] = '\xE9';
    			*(DWORD*)&pPatchBuf[1] = (DWORD)(det - orig) - 5;
    			break;
    
    		case DETOUR_TYPE_PUSH_RET:
    			pPatchBuf[0] = '\x68';
    			*(DWORD*)&pPatchBuf[1] = (DWORD)det;
    			pPatchBuf[5] = '\xC3';
    			break;
    
    		case DETOUR_TYPE_NOP_JMP:
    			pPatchBuf[0] = '\x90';
    			pPatchBuf[1] = '\xE9';
    			*(DWORD*)&pPatchBuf[2] = (DWORD)(det - orig) - 6;
    			break;
    
    		case DETOUR_TYPE_NOP_NOP_JMP:
    			pPatchBuf[0] = '\x90';
    			pPatchBuf[1] = '\x90';
    			pPatchBuf[2] = '\xE9';
    			*(DWORD*)&pPatchBuf[3] = (DWORD)(det - orig) - 7;
    			break;
    
    		case DETOUR_TYPE_STC_JC:
    			pPatchBuf[0] = '\xF9';
    			pPatchBuf[1] = '\x0F';
    			pPatchBuf[2] = '\x82';
    			*(DWORD*)&pPatchBuf[3] = (DWORD)(det - orig) - 7;
    			break;
    
    		case DETOUR_TYPE_CLC_JNC:
    			pPatchBuf[0] = '\xF8';
    			pPatchBuf[1] = '\x0F';
    			pPatchBuf[2] = '\x83';
    			*(DWORD*)&pPatchBuf[3] = (DWORD)(det - orig) - 7;
    			break;
    
    		case DETOUR_TYPE_OBS_ADD:
    			pPatchBuf[0] = '\xB8'; //mov eax
    			*(DWORD*)&pPatchBuf[1] = iTmpRnd;
    			pPatchBuf[5] = '\x05'; //add eax
    			*(int*)&pPatchBuf[6] = (DWORD)det - iTmpRnd;
    			pPatchBuf[10] = '\xFF'; //jmp eax
    			pPatchBuf[11] = '\xE0';
    			break;
    
    		case DETOUR_TYPE_OBS_XOR:
    			pPatchBuf[0] = '\x33'; //xor eax, eax
    			pPatchBuf[1] = '\xC0';
    			pPatchBuf[2] = '\x2D'; //sub eax
    			*(int*)&pPatchBuf[3] = (int)iTmpRnd;
    			pPatchBuf[7] = '\x35'; //xor eax
    			*(DWORD*)&pPatchBuf[8] = (DWORD)det ^ (-iTmpRnd);
    			pPatchBuf[12] = '\xFF'; //jmp eax
    			pPatchBuf[13] = '\xE0';
    			break;
    
    		case DETOUR_TYPE_OBS_STACKADD:
    			pPatchBuf[0] = '\x68'; //push
    			*(DWORD*)&pPatchBuf[1] = (DWORD)iTmpRnd;
    			pPatchBuf[5] = '\x81'; //xor dword ptr [esp]
    			pPatchBuf[6] = '\x34';
    			pPatchBuf[7] = '\x24';
    			*(DWORD*)&pPatchBuf[8] = (DWORD)det ^ iTmpRnd;
    			pPatchBuf[12] = '\xC3'; //ret
    			break;
    
    		case DETOUR_TYPE_OBS_ROR:
    			while(!(bTmpRnd % 32))
    			bTmpRnd = (BYTE)rand();
    		
    			__asm{
    				pushad
    				mov cl, bTmpRnd
    				mov eax, det
    				rol eax, cl
    				mov dword ptr det, eax
    				popad
    			}
    
    			pPatchBuf[0] = '\x51'; //push ecx
    			pPatchBuf[1] = '\xB1'; //mov cl, 
    			pPatchBuf[2] = bTmpRnd;
    			pPatchBuf[3] = '\xB8'; //mov eax
    			*(DWORD*)&pPatchBuf[4] = (DWORD)det;
    			pPatchBuf[8] = '\xD3'; //ror eax, cl
    			pPatchBuf[9] = '\xC8';
    			pPatchBuf[10] = '\x59'; //pop ecx
    			pPatchBuf[11] = '\xFF'; //jmp eax
    			pPatchBuf[12] = '\xE0';
    			break;
    
    		case DETOUR_TYPE_OBS_ADDNOT:
    			pPatchBuf[0] = '\xB8'; //mov eax
    			*(DWORD*)&pPatchBuf[1] = iTmpRnd;
    			pPatchBuf[5] = '\x05'; //add eax
    			*(int*)&pPatchBuf[6] = (~(DWORD)det) - iTmpRnd;
    			pPatchBuf[10] = '\xF7'; //not eax
    			pPatchBuf[11] = '\xD0';
    			pPatchBuf[12] = '\xFF'; //jmp eax
    			pPatchBuf[13] = '\xE0';
    			break;
    
    		default:
    			return false;
    	}
    
    	// Write the detour
    	for(i=0; i<len; i++)
    		orig[i] = pPatchBuf[i];
    
    	// Put the old page protection flags back
    	VirtualProtect( mbi.BaseAddress, mbi.RegionSize, mbi.Protect, &mbi.Protect );
    
    	FlushInstructionCache( GetCurrentProcess( ), orig, len );
    
    	return true;
    }
    
    bool CDetour::RestoreFunction( )
    {
    	if( !IsStored )
    		return false;
    
    	MEMORY_BASIC_INFORMATION mbi;
    
    	VirtualQuery( ( void* )orig_bk, &mbi, sizeof( mbi ) );
    	VirtualProtect( mbi.BaseAddress, mbi.RegionSize, PAGE_EXECUTE_READWRITE, &mbi.Protect );
    	
    	memcpy( ( void* )orig_bk, ( void* )bBackup, iBackSize );
    	
    	if( *( BYTE* )orig_bk == ( BYTE )bBackup[ 0 ] )
    	{
    		this->IsHooked = false;
    	}
    	
    	VirtualProtect( mbi.BaseAddress, mbi.RegionSize, mbi.Protect, &mbi.Protect );
    	FlushInstructionCache( GetCurrentProcess( ), ( void* )orig_bk, iBackSize );
    
    	//hooked == false, success == true
    	return !( this->IsHooked );
    }
    
    bool CDetour::BackupFunction( BYTE* func, int iSize )
    {
    	iBackSize = iSize;
    	bBackup = new BYTE[ iBackSize ];
    	orig_bk = func;
    	MEMORY_BASIC_INFORMATION mbi;
    	VirtualQuery( ( void* )func, &mbi, sizeof( mbi ) );
    	VirtualProtect( mbi.BaseAddress, mbi.RegionSize, PAGE_EXECUTE_READWRITE, &mbi.Protect );
    	memcpy( ( void* )bBackup, ( void* )func, iBackSize );
    	
    	if( ( BYTE )bBackup[ 0 ] == *( BYTE* )func )
    	{
    		this->IsStored = true;
    	}
    
    	VirtualProtect( mbi.BaseAddress, mbi.RegionSize, mbi.Protect, &mbi.Protect );
    	FlushInstructionCache( GetCurrentProcess( ), ( void* )func, iBackSize );
    
    	return this->IsStored;
    }
    
    int CDetour::GetDetourLen( int iPatchType )
    {
    	switch(iPatchType)
    	{
    		case DETOUR_TYPE_JMP:
    			return 5;
    
    		case DETOUR_TYPE_PUSH_RET:
    		case DETOUR_TYPE_NOP_JMP:
    			return 6;
    		
    		case DETOUR_TYPE_NOP_NOP_JMP:
    		case DETOUR_TYPE_STC_JC:
    		case DETOUR_TYPE_CLC_JNC:
    			return 7;
    
    		case DETOUR_TYPE_OBS_ADD:
    			return 12;
    
    		case DETOUR_TYPE_OBS_STACKADD:
    		case DETOUR_TYPE_OBS_ROR:
    			return 13;
    
    		case DETOUR_TYPE_OBS_XOR:
    		case DETOUR_TYPE_OBS_ADDNOT:
    			return 14;
    		
    		default:
    			return 0;
    	}
    }
    
    int CDetour::GetDetourLenAuto(BYTE *&orig, int iMinLen)
    {
    	int tmpLen = 0;
    	BYTE *pCurOp = orig;
    	
    	while(tmpLen < iMinLen)
    	{
    		int i = oplen(pCurOp);
    		
    		if(i == 0 || i == -1)
    			return false;
    
    		tmpLen += i;
    		pCurOp += i;
    	}
    
    	return tmpLen;
    }
    
    bool CDetour::bDataCompare( const BYTE* pData, const BYTE* bMask, const char* szMask )
    {
        for( ; *szMask; ++szMask, ++pData, ++bMask )
    	{
            if( *szMask == 'x' && *pData != *bMask ) 
    		{
                return false;
    		}
    	}
        return ( *szMask ) == NULL;
    }
    
    DWORD CDetour::FindPattern( DWORD dwAddress, DWORD dwLen, BYTE *bMask, char* szMask )
    {
        for( DWORD i=0; i < dwLen; i++ )
    	{
    		if( bDataCompare( ( BYTE* )( dwAddress + i ), bMask, szMask) )
    		{
    			return ( DWORD )( dwAddress + i );
    		}
    	}
        return 0;
    }
    TROLL MATH
    14 posts per thread per hour, even at 1 thread an hour in 5 hours, general trolling time, thats 70 posts, and seeing as i try to run it at about 3 threads at a time, then i can make 210 posts in a day which means in 10 days i could be back to where i am if i started a new account, lol so in theory in a month id have 6k posts, in 2 months id have 12k, in 3 months 18k, in 4 months id have 24k and i could have the highest post count on the forum

    14*3*5*10*3*4=highest post count on the forums in 4 months

  11. #11
    powerfear's Avatar
    Join Date
    Feb 2010
    Gender
    male
    Posts
    32
    Reputation
    12
    Thanks
    240
    CA NA current L***ient addy : 0x377981F0

    i think TheBigBoy one is for EU

  12. #12
    mmbob's Avatar
    Join Date
    Dec 2009
    Gender
    male
    Location
    ja
    Posts
    655
    Reputation
    70
    Thanks
    1,156
    My Mood
    Bitchy
    The address im using is 0x377338D0 for NA

  13. #13
    ac1d_buRn's Avatar
    Join Date
    Aug 2009
    Gender
    female
    Location
    CA Source Section
    Posts
    3,406
    Reputation
    157
    Thanks
    3,993
    My Mood
    Flirty
    Im using

    0x377981F0

    for NA in my Public..

  14. #14
    RedThunder's Avatar
    Join Date
    Sep 2009
    Gender
    male
    Posts
    2,599
    Reputation
    84
    Thanks
    553
    My Mood
    Twisted
    kk, so now what do i have to do to make teh gellins base work right
    TROLL MATH
    14 posts per thread per hour, even at 1 thread an hour in 5 hours, general trolling time, thats 70 posts, and seeing as i try to run it at about 3 threads at a time, then i can make 210 posts in a day which means in 10 days i could be back to where i am if i started a new account, lol so in theory in a month id have 6k posts, in 2 months id have 12k, in 3 months 18k, in 4 months id have 24k and i could have the highest post count on the forum

    14*3*5*10*3*4=highest post count on the forums in 4 months

  15. #15
    why06's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Location
    IBM
    Posts
    4,305
    Reputation
    170
    Thanks
    2,194
    My Mood
    Flirty
    I think there's more then one client pointer... ;l

    "Every gun that is made, every warship launched, every rocket fired signifies, in the final sense, a theft from those who hunger and are not fed, those who are cold and are not clothed. This world in arms is not spending money alone. It is spending the sweat of its laborers, the genius of its scientists, the hopes of its children. The cost of one modern heavy bomber is this: a modern brick school in more than 30 cities. It is two electric power plants, each serving a town of 60,000 population. It is two fine, fully equipped hospitals. It is some fifty miles of concrete pavement. We pay for a single fighter plane with a half million bushels of wheat. We pay for a single destroyer with new homes that could have housed more than 8,000 people. This is, I repeat, the best way of life to be found on the road the world has been taking. This is not a way of life at all, in any true sense. Under the cloud of threatening war, it is humanity hanging from a cross of iron."
    - Dwight D. Eisenhower

Page 1 of 3 123 LastLast

Similar Threads

  1. [Release] Server/Client Crasher ADDIE
    By supercarz1991 in forum Combat Arms Hack Coding / Programming / Source Code
    Replies: 9
    Last Post: 10-28-2011, 10:45 AM
  2. [Release] Newest Client Addy After Patch
    By {Banned}**HACKER** in forum CrossFire Hack Coding / Programming / Source Code
    Replies: 12
    Last Post: 06-02-2011, 03:24 PM
  3. [RELEASE] New LT.Client Addie
    By J in forum CrossFire Hack Coding / Programming / Source Code
    Replies: 39
    Last Post: 08-26-2010, 07:58 AM
  4. DOWNLOAD WoW.exe HERE! (Full Client For MPGH Server)
    By RebornAce in forum General Gaming
    Replies: 25
    Last Post: 05-14-2006, 03:54 AM
  5. where can i get older client?
    By DrKaOs in forum WarRock - International Hacks
    Replies: 5
    Last Post: 02-05-2006, 11:04 AM