[Release]Way to NOP!

[Void]

You put virtualProtect and memset together in a function. GJ.

[budman821]

Guys, he is just posting a differen't nopping method. No need to ask why or anything else. It's not needed.

[freedompeace]

He only quit helping this site out...
He's not gonna release anything here anymore... That's what he told me.

He's here to watch any possible failures :L

Guys, he is just posting a differen't nopping method. No need to ask why or anything else. It's not needed.

Uhh, it's just a renamed method of another method that's in widespread use... What it does, and how it does it is exactly the same.

[Capevaldo]

0x90 is a reference to nothing?

[freedompeace]

0x90 is a reference to nothing?

Pretty much.

[[MPGH]Disturbed]

what does this do?? Does it have to do with the number of bytes or something ..

It tells the preprocessor to replace anything that is NOP_BYTES with 0x90 for the compiler.

Now go learn C++.

[fvestrgenrl]

LOL @ "antinoob" so fucking obvious

[DreadKyller]

LOL @ "antinoob" so fucking obvious

I agree, I barely know C++ and saw the anti-nub the first time I looked through it.

x90 is a byte for nothing

Really, I thought x00 was, strange /

[seeplusplus]

I edited it...

[Departure]

So "WriteProcessMemory" & "ReadProcessMemory" API's Does'nt work on cshell? or does it get detected?

First time here and just wanted to get heads up before I start looking into Combat Arms Hacks... Also I notice that most people hard patch there address after dumping, Is there a reason for this? does CA detect memory hacks? VirtualProtect is used for Changing the protection of a region, but i just wanted to know why you guys are using "MemSet"? I dont code in C++, but can read it fine, Just interested why you don't use WriteProcessMemory

[ac1d_buRn]

So "WriteProcessMemory" & "ReadProcessMemory" API's Does'nt work on cshell? or does it get detected?

First time here and just wanted to get heads up before I start looking into Combat Arms Hacks... Also I notice that most people hard patch there address after dumping, Is there a reason for this? does CA detect memory hacks? VirtualProtect is used for Changing the protection of a region, but i just wanted to know why you guys are using "MemSet"? I dont code in C++, but can read it fine, Just interested why you don't use WriteProcessMemory

they work just fine in cshell. Combat Arms has recently added a check when you join in game, too see if any memory is being modified and if console commands have been used.

I remember asking the same question about WPM when i started hacking CA. I think the answer was something along the lines of, "You've already hooked into CA, and can do direct memory edits, So you dont need to get the process again " or something like that. I cant remember

[Departure]

k that makes sense, I just found what this PTC is (PushToConsole).. so if they have just added these checks then how is it possible to modify memory addresses? also found an example template in C++ it was easy to understand, but does this Dll get added to the cshell IAT(Import Address Table) or does it get injected by using allocatememory? I have written 2 programs which can do both, 1 for adding any dll and its exported functions to a exe(or dll) and another that will inject a dll into a running process... But now you have said that CA searches for modified bytes so neither of these methods are of any use? does CA have some sort of integrity checking? are the hacks applyed to cshell or CombatArms.exe? you said it WPM and RPM should work fine in cshell but how is that possiable of they are checking?

[ac1d_buRn]

k that makes sense, I just found what this PTC is (PushToConsole).. so if they have just added these checks then how is it possible to modify memory addresses? also found an example template in C++ it was easy to understand, but does this Dll get added to the cshell IAT(Import Address Table) or does it get injected by using allocatememory? I have written 2 programs which can do both, 1 for adding any dll and its exported functions to a exe(or dll) and another that will inject a dll into a running process... But now you have said that CA searches for modified bytes so neither of these methods are of any use? does CA have some sort of integrity checking? are the hacks applyed to cshell or CombatArms.exe? you said it WPM and RPM should work fine in cshell but how is that possiable of they are checking?

You inject the DLL into the process.
Its possible because it only checks for memory modifications while joining a game, So if you turn all hacks off while your in the lobby, join a game, then turn them back on again, it will work.

I have been reading around on forums and a soultion would be to check if you are ingame before you push commands/ memory edits.
You would do this by seeing if LTClient + 0x8C returns 1

[Departure]

Thanks your being a great help, I have a few other questions, whats the "LTClient"? Also is there any reason we can'nt add our custom dll to the Import table? that way it loads our custom dll without injection, just as it would load any other imports... or does it have integrity check of cshell.dll? if thats the case adding the custom dll to import table wont work because of the hash will be different and size will slightly grow.

[ac1d_buRn]

Thanks your being a great help, I have a few other questions, whats the "LTClient"? Also is there any reason we can'nt add our custom dll to the Import table? that way it loads our custom dll without injection, just as it would load any other imports... or does it have integrity check of cshell.dll? if thats the case adding the custom dll to import table wont work because of the hash will be different and size will slightly grow.

No problem.
The LTClient = LithTech Client. Combat Arms is run off the Lith-Tech engine.
If you would like to get an idea of how it works, Take a look at the F.E.A.R SDK, as they both use LithTech

And as for adding the dll to the import table, I have no idea on that.