Originally Posted by
nomanis
nice work. ya I'm sure a lot of other hacks can work by scanning for the addy or offset. I was just thinking that weapon manager is used a lot and other addy and offset may have similar signatures so you might search for reference strings that go with them to verify what offset or addy it is. so are you telling me I can have the aobscanner or anyone can? was confused with the mention.
The one i used is a C# version. I'll post the C#/VB one.
I tested this method with the shoot through walls.
WallMgr and Texture type were needed. These can be scanned too
Full code looks like
Code:
if (Keystate(Keys.F7, 1))//Shoot Through Walls
{
int Val = B[1] ? 0 : 1;
if (WallMgr == -1)
{
int tmp = AobScan(ShellBase, 0x500000, "ffd78b0d????????8b04b1", 0);//Only one instance
if (tmp != -1)
{
WallMgr = BitConverter.ToInt32(ReadBytes(tmp + 4, 4), 0);//WallMgr is 4 bytes from first scan
int tex = AobScan(ShellBase, 0x500000, "69f6????0000578d4c", 1);//Two instances, second one was used
if (tex != -1)
Texture = BitConverter.ToInt32(ReadBytes(tex + 2, 4), 0);//Texture type is 2 bytes from second scan
}
}
if (WallMgr != -1 & Texture != 0)
{
for (int i = 0; i < 64; i++)
{
WriteInt(WallMgr + (i * Texture) + 0x4E8, Val);
WriteInt(WallMgr + (i * Texture) + 0x4EC, Val);
WriteInt(WallMgr + (i * Texture) + 0x4F0, Val);
}
B[1] = !B[1];
}
}
Iv read all this looping isnt needed. There is a single address that can do this. I believe i can find it once i get a better bypass.
I might also have the value wrong. I think people use byte.
If we had a working CE bypass and a private CF server to test on, man that would be sweet.