Page 2 of 2 FirstFirst 12
Results 16 to 24 of 24
  1. #16
    Mr.Magicman's Avatar
    Join Date
    Sep 2009
    Gender
    male
    Location
    Sitting in my cave full of thoughts learning Asembly
    Posts
    2,102
    Reputation
    16
    Thanks
    649
    My Mood
    Cold
    Quote Originally Posted by anaestheist View Post
    You forgot something, i don't care.
    Why replying if you dont care?

  2. #17
    Nubzgetkillz's Avatar
    Join Date
    Sep 2010
    Gender
    male
    Location
    hacktown
    Posts
    838
    Reputation
    13
    Thanks
    411
    My Mood
    Amazed
    Quote Originally Posted by Mr.Magicman View Post


    Why replying if you dont care?
    successfully anally raped by Mr.Magicman

    /yea

    Member since September 25, 2010

    Current Objectives:
    • Graduate college with a degree in Computer Science
    • Find a decent job in the Computer Science Field
    • Learn more programming languages

    Looking for Elo Boosting Job - League of Legends
    Looking for Bronze -> Gold Jobs


    Skype: whatthedream

  3. The Following 2 Users Say Thank You to Nubzgetkillz For This Useful Post:

    Mr.Magicman (11-05-2010),Stephen (11-05-2010)

  4. #18
    ppl2pass's Avatar
    Join Date
    Sep 2009
    Gender
    male
    Posts
    804
    Reputation
    5
    Thanks
    111
    My Mood
    Amused
    Quote Originally Posted by SNal2F View Post
    Fuckin obvioulsy how would i have gotten that without knowing the jmp to the real .......


    real +208
    Code:
    0046FA40   A1 3C001037      MOV EAX,DWORD PTR DS:[3710003C]
    0046FA45   8B88 2C001037    MOV ECX,DWORD PTR DS:[EAX+3710002C]
    0046FA4B   8B1424           MOV EDX,DWORD PTR SS:[ESP]
    0046FA4E   05 00001037      ADD EAX,37100000
    0046FA53   81C1 00001037    ADD ECX,37100000
    0046FA59   3BD1             CMP EDX,ECX
    0046FA5B   72 0E            JB SHORT Engine.0046FA6B
    0046FA5D   8B40 50          MOV EAX,DWORD PTR DS:[EAX+50]
    0046FA60   03C1             ADD EAX,ECX
    0046FA62   3BD0             CMP EDX,EAX
    0046FA64   73 05            JNB SHORT Engine.0046FA6B
    0046FA66   E9 A5630100      JMP Engine.00485E10 //1st one
    0046FA6B   C3               RETN
    Code:
    00485E10   8B4424 04        MOV EAX,DWORD PTR SS:[ESP+4]//can see szcommand parameter moved and pushed below
    00485E14   50               PUSH EAX
    00485E15   68 F0038000      PUSH Engine.008003F0
    00485E1A   E8 A1EDFFFF      CALL Engine.00484BC0 //sub function can do here (unsigned long, szCommand)
    00485E1F   83C4 08          ADD ESP,8
    00485E22   C3               RETN

    O no wai another way to do ooooooo itttttt
    Code:
    00484BC0   8B4424 08        MOV EAX,DWORD PTR SS:[ESP+8]
    00484BC4   8B4C24 04        MOV ECX,DWORD PTR SS:[ESP+4]
    00484BC8   6A 00            PUSH 0
    00484BCA   6A 00            PUSH 0
    00484BCC   50               PUSH EAX
    00484BCD   51               PUSH ECX
    00484BCE   E8 2DF8FFFF      CALL Engine.00484400(unsigned long,szcommand,int,int) //can do here
    00484BD3   83C4 10          ADD ESP,10
    00484BD6   C3               RETN

    Code:
    00484AB0   8B4424 0C        MOV EAX,DWORD PTR SS:[ESP+C]
    00484AB4   8B4C24 08        MOV ECX,DWORD PTR SS:[ESP+8]
    00484AB8   8B5424 04        MOV EDX,DWORD PTR SS:[ESP+4]
    00484ABC   6A 00            PUSH 0
    00484ABE   50               PUSH EAX
    00484ABF   51               PUSH ECX
    00484AC0   52               PUSH EDX
    00484AC1   E8 3AF9FFFF      CALL Engine.00484400
    00484AC6   83C4 10          ADD ESP,10
    00484AC9   C3               RETN
    pfffffffff stupid shit bro. also all of thos are faster since they are all wrapped anyways ...many more ways to do it.
    what do you mean by real+208?
    and how did you get 0046FA40 to begin with?
    i want to try to find it myself next time.
    My Unbelievable-Kill BM:
    seeplusplus - updating address
    [YOUTUBE]nWgztMVIUYY[/YOUTUBE]

  5. #19
    SNal2F's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Posts
    175
    Reputation
    30
    Thanks
    99
    real 208 is

    IltClient + 0x208, its a table of pointers and at index 0x208 is where it calls it in the engine @ 0046FA40.

  6. #20
    Mr.Magicman's Avatar
    Join Date
    Sep 2009
    Gender
    male
    Location
    Sitting in my cave full of thoughts learning Asembly
    Posts
    2,102
    Reputation
    16
    Thanks
    649
    My Mood
    Cold
    Notice that you use that offset to push things to the console in gellins method.

  7. #21
    SNal2F's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Posts
    175
    Reputation
    30
    Thanks
    99
    Quote Originally Posted by Mr.Magicman View Post
    Notice that you use that offset to push things to the console in gellins method.
    what are you talking about when you call Iltclient + 0x208 it is caling the 0046FA40.......

    also everything i posted i dont use i hook the function on the table and fix it.Then call the fixed function , hooked function. /

  8. #22
    Stephen's Avatar
    Join Date
    Jun 2009
    Gender
    male
    Location
    Engine.exe
    Posts
    4,689
    Reputation
    184
    Thanks
    1,149
    My Mood
    Aggressive
    Quote Originally Posted by anaestheist View Post
    You forgot something, i don't care.
    Please kid, I really don't give a shit by ANYTHING you say.

    You going areound like you are a pro coder.

    Code off?

    Me vs. You

    I will win.

  9. #23
    StupidLittleNoob's Avatar
    Join Date
    Aug 2010
    Gender
    female
    Posts
    60
    Reputation
    10
    Thanks
    4
    Quote Originally Posted by Stephen View Post


    Please kid, I really don't give a shit by ANYTHING you say.

    You going areound like you are a pro coder.

    Code off?

    Me vs. You

    I will win.
    K you two code me up a sammich biches.

    Then we'll see who is better.

  10. #24
    Departure's Avatar
    Join Date
    Nov 2010
    Gender
    male
    Posts
    805
    Reputation
    125
    Thanks
    1,794
    My Mood
    Doh
    Quote Originally Posted by SNal2F View Post
    Fuckin obvioulsy how would i have gotten that without knowing the jmp to the real .......


    real +208
    Code:
    0046FA40   A1 3C001037      MOV EAX,DWORD PTR DS:[3710003C]
    0046FA45   8B88 2C001037    MOV ECX,DWORD PTR DS:[EAX+3710002C]
    0046FA4B   8B1424           MOV EDX,DWORD PTR SS:[ESP]
    0046FA4E   05 00001037      ADD EAX,37100000
    0046FA53   81C1 00001037    ADD ECX,37100000
    0046FA59   3BD1             CMP EDX,ECX
    0046FA5B   72 0E            JB SHORT Engine.0046FA6B
    0046FA5D   8B40 50          MOV EAX,DWORD PTR DS:[EAX+50]
    0046FA60   03C1             ADD EAX,ECX
    0046FA62   3BD0             CMP EDX,EAX
    0046FA64   73 05            JNB SHORT Engine.0046FA6B
    0046FA66   E9 A5630100      JMP Engine.00485E10 //1st one
    0046FA6B   C3               RETN
    Code:
    00485E10   8B4424 04        MOV EAX,DWORD PTR SS:[ESP+4]//can see szcommand parameter moved and pushed below
    00485E14   50               PUSH EAX
    00485E15   68 F0038000      PUSH Engine.008003F0
    00485E1A   E8 A1EDFFFF      CALL Engine.00484BC0 //sub function can do here (unsigned long, szCommand)
    00485E1F   83C4 08          ADD ESP,8
    00485E22   C3               RETN

    O no wai another way to do ooooooo itttttt
    Code:
    00484BC0   8B4424 08        MOV EAX,DWORD PTR SS:[ESP+8]
    00484BC4   8B4C24 04        MOV ECX,DWORD PTR SS:[ESP+4]
    00484BC8   6A 00            PUSH 0
    00484BCA   6A 00            PUSH 0
    00484BCC   50               PUSH EAX
    00484BCD   51               PUSH ECX
    00484BCE   E8 2DF8FFFF      CALL Engine.00484400(unsigned long,szcommand,int,int) //can do here
    00484BD3   83C4 10          ADD ESP,10
    00484BD6   C3               RETN

    Code:
    00484AB0   8B4424 0C        MOV EAX,DWORD PTR SS:[ESP+C]
    00484AB4   8B4C24 08        MOV ECX,DWORD PTR SS:[ESP+8]
    00484AB8   8B5424 04        MOV EDX,DWORD PTR SS:[ESP+4]
    00484ABC   6A 00            PUSH 0
    00484ABE   50               PUSH EAX
    00484ABF   51               PUSH ECX
    00484AC0   52               PUSH EDX
    00484AC1   E8 3AF9FFFF      CALL Engine.00484400
    00484AC6   83C4 10          ADD ESP,10
    00484AC9   C3               RETN
    pfffffffff stupid shit bro. also all of thos are faster since they are all wrapped anyways ...many more ways to do it.

    Any of these work to pushtoconsole?

    I tryed a few diffrent ways and trying to convert your C++ to delphi and failed, also trying to mimic the assembly to Delphi but no success so far

    Example that I failed with

    Code:
    00485E10   8B4424 04        MOV EAX,DWORD PTR SS:[ESP+4]//can see szcommand parameter moved and pushed below
    00485E14   50               PUSH EAX
    00485E15   68 F0038000      PUSH Engine.008003F0
    00485E1A   E8 A1EDFFFF      CALL Engine.00484BC0 //sub function can do here (unsigned long, szCommand)
    00485E1F   83C4 08          ADD ESP,8
    00485E22   C3               RETN
    Tryed with Delphi
    Code:
    function PushIt(command: PChar):boolean;cdecl;
    begin
       asm
       Pushad               //Save all current registers to stack
        mov eax, command    //Move command to eax
        mov ecx, $00484BC0  //Move function address to ecx
        Push eax            //Push command to stack
        Push $008003F0      //Push Engine Address to stack
        call ecx           //Call ecx (our address)
        add esp, $00000008  //esp + 8
       Popad                //Replace all orginal Registers
       end;
       result := true;
    end;
    and your C++ example I tryed to convert..

    Code:
    type
      TRunConsoleCommand = function(cmd : pchar) : Integer; cdecl;
      PRunConsoleCommand = ^TRunConsoleCommand;
    
    procedure RunConsoleCommand(Const command : String);
    var
     RCC : PRunConsoleCommand;
    begin
     New(RCC);     //Allocate Mem
     RCC:= pointer($00485E10);
     RCC^(Pchar(command));
     Dispose(RCC);  //Free Mem
    end;
    That one just shut down the game without warning

    Code:
    procedure RunConsoleCommand(Const command : String);
    var
     RCC : TRunConsoleCommand;
    begin
     RCC:= TRunConsoleCommand($00485E10);
     RCC(Pchar(command));
    end;
    Did nothing

    SO i need someone who can help me create a PushToConsole Function Something undersatanable like Assembly or simple C++ as im not C++ programmers and C++ skills is limited, Also im new to game hacking and this forum so I need someone to give me details about PushToConsole and how it works..
    Last edited by Departure; 11-09-2010 at 02:59 AM.

Page 2 of 2 FirstFirst 12

Similar Threads

  1. [Info] is this the right Engine ltc
    By Mozamel in forum CrossFire Hack Coding / Programming / Source Code
    Replies: 4
    Last Post: 03-30-2011, 08:28 PM
  2. How to find Engine LTC!!
    By kainoa in forum Combat Arms Coding Help & Discussion
    Replies: 8
    Last Post: 10-28-2010, 02:18 PM
  3. CHEAT ENGINE 5.4 RELEASED!!!
    By nukeist_ in forum General Game Hacking
    Replies: 2
    Last Post: 01-11-2008, 10:13 PM
  4. [Release] SHAK3s Cheat Engine
    By Nightlord in forum Gunz Hacks
    Replies: 1
    Last Post: 06-22-2007, 10:43 PM
  5. Undetected Cheat Engine + CT 5/31 Released
    By ccuuyyjj in forum WarRock Korea Hacks
    Replies: 13
    Last Post: 06-06-2007, 03:28 PM