Results 1 to 6 of 6
  1. #1
    zolferno's Avatar
    Join Date
    Aug 2011
    Gender
    male
    Posts
    349
    Reputation
    52
    Thanks
    7,263
    My Mood
    Devilish

    [Solved] Instant Kill Assembly

    Hi guys,

    Im trying to add instant kill to my next trainer and since i cant find a pointer for it but i can find the same code for it in the memory viewer of cheat engine I have gone into the code injection bit and have this for the value that turns instant kill on or off.

    this is the assembly code
    Code:
    Address - 00483DED - Bytes - 8B 56 04 - Opcode - mov edx,[esi+04]
    Address - 00483DF0 - Bytes - 83 E0 1F - Opcode - and eax,1F
    Code:
    alloc(newmem,2048) //2kb should be enough
    label(returnhere)
    label(originalcode)
    label(exit)
    
    newmem: //this is allocated memory, you have read,write,execute access
    //place your code here
    
    originalcode:
    mov edx,[esi+04]
    and eax,1F
    
    exit:
    jmp returnhere
    
    "BlackOps.exe"+83DED:
    jmp newmem
    nop
    returnhere:
    Found this In ollydbg at the address if it helps
    Code:
    00483DED   8B56 04          MOV EDX,DWORD PTR DS:[ESI+4]


    Code:
    Public Class Form1
        Dim Mem As Injection = New Injection
        Private Sub button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles button1.Click
            Mem.GetProc("BlackOps")
            Mem.Inject_Jmp(&H483DED, "8B4608", "8B5604")
        End Sub
    End Class
    Also I found
    Code:
    00483e2f
    but i think that is the shown instant kill thing not 100% sure i might have got mixed up
    This is what I have I just dont understand how to find the bytes, Would I use ollydbg and what to look for :P

    now I am starting to learn assembly with tutorials online but would anyone be able to explain how I would make this work for instant kill on or off into VB, as with the beginner tutorials which im having to start off with I dont think im close to figuring this out but I will continue to follow the tutorials I have Im just wondering if anyone can explain this situation so it would work for me.

    Kind Regards
    Zolferno


    PS: I Have no recoil working just found it, I NOP the addresses but I cant turn it off I cant undo my NOP im using the module from someones post on this forum but ofr the life of me i cant find it this is what i have atm.
    Code:
            If CheckBox13.Checked = True Then
                noph4x(&H6563F8, &H90)
                noph4x(&H6563F9, &H90)
                noph4x(&H6563FA, &H90)
                noph4x(&H6563FB, &H90)
                noph4x(&H6563FC, &H90)
                CheckBox13.ForeColor = Color.Lime
            ElseIf CheckBox13.Checked = False Then
                CheckBox13.ForeColor = Color.Red
            End If
        End Sub
    now I have tried to do this and replace the bytes with the original ones but it just doesent work as it still NOP its :P hmm I think i might jsut have to writeabyte to these address to their original value
    Last edited by zolferno; 03-23-2012 at 08:09 AM.



  2. #2
    Pingo's Avatar
    Join Date
    Apr 2010
    Gender
    male
    Posts
    687
    Reputation
    24
    Thanks
    865
    My Mood
    Blah
    What is this mov edx,[esi+04] <- health or some sort of instant kill boolean.
    If it writes to the health address, you could probably make a script like
    Code:
    [enable]
    alloc(Health,128) //create a codecave for our new code
    
    Health: //CodeCave
    mov [esi+04],0 //writes zero to the health addy
    and eax,1F //next instruction
    jmp 483DFC //jump back to next instruction 6 bytes away
    
    483DED: //Starting location
    jmp Health //jump to new code
    db 90 //nop that last byte cause 5 bytes was needed a 1 byte remained
    
    [disable]
    483DED:
    mov edx,[esi+04] //default
    and eax,1F //default
    dealloc(Health) //deallocate codecave to clean up the memory
    I cant really help you much, i dont have the game installed. But if you like, i could view your code over team viewer. ping0@hotmail.co.uk
    See if i can sort some of the scripts out.

    The address i used for instant kill was the one that accessed health when the zombies spawned. Id write zero to the health addy so it would only take one shot to kill. No point me giving the address cause i was using a different version and the instructions have changed. Just need to find it again.

  3. The Following User Says Thank You to Pingo For This Useful Post:

    zolferno (04-03-2012)

  4. #3
    zolferno's Avatar
    Join Date
    Aug 2011
    Gender
    male
    Posts
    349
    Reputation
    52
    Thanks
    7,263
    My Mood
    Devilish
    Okay well I found the address for the zombie hp and found what accesses it and 2 other ones came up aswell as the one i showed you before this came up on other one

    Code:
    alloc(newmem,2048) //2kb should be enough
    label(returnhere)
    label(originalcode)
    label(exit)
    
    newmem: //this is allocated memory, you have read,write,execute access
    //place your code here
    
    originalcode:
    mov ecx,[ecx+04]
    and eax,1F
    
    exit:
    jmp returnhere
    
    "BlackOps.exe"+4A9BC9:
    jmp newmem
    nop
    returnhere:
    and

    Code:
    alloc(newmem,2048) //2kb should be enough
    label(returnhere)
    label(originalcode)
    label(exit)
    
    newmem: //this is allocated memory, you have read,write,execute access
    //place your code here
    
    originalcode:
    mov [esi+04],eax
    pop esi
    ret 
    
    exit:
    jmp returnhere
    
    "BlackOps.exe"+83E2F:
    jmp newmem
    returnhere:
    ill try and figure it out but if you get online and see this could you show me what you did before :L as i dident get the 6 bytes before thing that you did for

    Code:
    jmp 483DFC //jump back to next instruction 6 bytes away
    ah i get it now count down 6 bytes and whats there is what you jump to
    Last edited by zolferno; 04-03-2012 at 10:43 AM.



  5. #4
    Pingo's Avatar
    Join Date
    Apr 2010
    Gender
    male
    Posts
    687
    Reputation
    24
    Thanks
    865
    My Mood
    Blah
    Yea 6 bytes for that because a jump needs 5 and these 2 instructions take 6 bytes total.
    If that second instruction was longer, you would need to nop more bytes.
    So you jump to the next instruction atleast 5 bytes away, and nop the rest leading up to it.
    Address - 00483DED - Bytes - 8B 56 04 - Opcode - mov edx,[esi+04]
    Address - 00483DF0 - Bytes - 83 E0 1F - Opcode - and eax,1F

  6. The Following User Says Thank You to Pingo For This Useful Post:

    zolferno (04-03-2012)

  7. #5
    zolferno's Avatar
    Join Date
    Aug 2011
    Gender
    male
    Posts
    349
    Reputation
    52
    Thanks
    7,263
    My Mood
    Devilish
    the thread can be closed now my problem has been solved DD



  8. #6
    Jorndel's Avatar
    Join Date
    Jul 2010
    Gender
    male
    Location
    Norway
    Posts
    8,676
    Reputation
    905
    Thanks
    19,109
    My Mood
    Angelic
    /Solved & Closed
    Good to see people in the BO Section

     
    Contributor 01.27.2012 - N/A
    Donator 07-17-2012 - Current
    Editor/Manager 12-16-12 - N/A
    Minion 01-10-2013 - 07.17.13
    Former Staff 09-20-2012 - 01-10-2013 / 07-17-2013 - Current
    Cocksucker 20-04-2013 - N/A

Similar Threads

  1. [Solved] Any more instant Kill mod?
    By elpisiyun in forum Vindictus Help
    Replies: 1
    Last Post: 10-24-2011, 08:25 AM
  2. [SOLVED] Instant Kill MM hack?
    By robertman20 in forum CrossFire Help
    Replies: 8
    Last Post: 09-13-2010, 01:27 AM
  3. [SOLVED] Custom Kill Sound!
    By Jazk in forum CrossFire Help
    Replies: 5
    Last Post: 08-24-2010, 08:14 AM
  4. [SOLVED] Instant Aim Down Sight?
    By HACKINGPIE in forum Call of Duty Modern Warfare 2 Help
    Replies: 4
    Last Post: 07-02-2010, 07:13 AM
  5. Using Airstrike bomb hacks, instant kills etc..
    By Ian in forum Combat Arms Discussions
    Replies: 27
    Last Post: 12-11-2009, 02:02 AM