TUT-----> Learn to find Wallhack Address

[maherbrou]

plz plz plz help i search but nothing happen and what is crossfire{unpacked}????????????

[Jhem]

Thanks But I Need Help How To Find OHK? Help plss

[Pingo]

Thanks! Just used your pattern&method and the hack works perfect.
The good thing about scanning for addresses is they usually work for all versions of a game.
I'll give credits when i post it.

Code:

            if (Keystate(Keys.F6, 0))//WallHack
            {
                if (WallAddy == -1)
                {
                    int tmp = AobScan(MainBase, 0x80000, "75??830D????????01B8????????E8");
                    if (tmp != -1)
                        WallAddy = BitConverter.ToInt32(ReadBytes(tmp + 0xA, 4), 0) + 0xA4;
                }
                if (WallAddy != -1)
                {
                    byte[] byts = B[0] ? new byte[] { 00, 00, 00, 00, 00 } : new byte[] { 01, 01, 01, 01, 01 };
                    WriteBytes(WallAddy, byts);
                    B[0] = !B[0];
                }
            }

I wonder if this can be done with more hacks.

@nomanis
Just make a simple function like that but in C++.
I'v got a sweet aobscanner in C++ you can have.
It isnt coded by me though but it is from an open source d3d hack.

[nomanis]

nice work. ya I'm sure a lot of other hacks can work by scanning for the addy or offset. I was just thinking that weapon manager is used a lot and other addy and offset may have similar signatures so you might search for reference strings that go with them to verify what offset or addy it is. so are you telling me I can have the aobscanner or anyone can? was confused with the mention.

[Pingo]

nice work. ya I'm sure a lot of other hacks can work by scanning for the addy or offset. I was just thinking that weapon manager is used a lot and other addy and offset may have similar signatures so you might search for reference strings that go with them to verify what offset or addy it is. so are you telling me I can have the aobscanner or anyone can? was confused with the mention.

The one i used is a C# version. I'll post the C#/VB one.
I tested this method with the shoot through walls.
WallMgr and Texture type were needed. These can be scanned too
Full code looks like

Code:

            if (Keystate(Keys.F7, 1))//Shoot Through Walls
            {
                int Val = B[1] ? 0 : 1;
                if (WallMgr == -1)
                {
                    int tmp = AobScan(ShellBase, 0x500000, "ffd78b0d????????8b04b1", 0);//Only one instance
                    if (tmp != -1)
                    {
                        WallMgr = BitConverter.ToInt32(ReadBytes(tmp + 4, 4), 0);//WallMgr is 4 bytes from first scan
                        int tex = AobScan(ShellBase, 0x500000, "69f6????0000578d4c", 1);//Two instances, second one was used
                        if (tex != -1)
                            Texture = BitConverter.ToInt32(ReadBytes(tex + 2, 4), 0);//Texture type is 2 bytes from second scan
                    }
                }
                if (WallMgr != -1 & Texture != 0)
                {
                    for (int i = 0; i < 64; i++)
                    {
                        WriteInt(WallMgr + (i * Texture) + 0x4E8, Val);
                        WriteInt(WallMgr + (i * Texture) + 0x4EC, Val);
                        WriteInt(WallMgr + (i * Texture) + 0x4F0, Val);
                    }
                    B[1] = !B[1];
                }
            }

Iv read all this looping isnt needed. There is a single address that can do this. I believe i can find it once i get a better bypass.
I might also have the value wrong. I think people use byte.

If we had a working CE bypass and a private CF server to test on, man that would be sweet.

[nomanis]

I'm working on my own UCE. If I knew more on how to make private server I would work on that. I know it helps to be able to see the packet structure some way source or disassebly. but I guess I could create a server that listens on the ports for cf and everything, change the file that CF read to know were to connect and l log the received data.

[sabatbatu1]

thank you for tutorial