Lucas Signature Scans [21/9/2012]

[Lucas`]

// EspName1

Code:

#define EspName1_PATTERN "\xA1\x00\x00\x00\x00\x8B\x88\x00\x00\x00\x00\x68\x00\x00\x00\x00\xFF\xD1\x83\xC4\x04" 
#define EspName1_MASK      "x????xx????x????xxxxx"

// EspName2

Code:

#define EspName2_PATTERN "\xFF\xD0\x39\x44\x24\x10\x75\x05\xBB\x00\x00\x00\x00" 
#define EspName2_MASK      "xxxxxxxxx????"

// GetLocalPlayer

Code:

#define GLP_PATTERN "\x8B\x4E\x30\x3B\x4D\x58\x75\x05\xBB\x00\x00\x00\x00" 
#define GLP_MASK     "xxxxxxxxx????"

// WeaponRange1

Code:

#define WR1_PATTERN "\x8B\xCE\xD9\x5C\x24\x48\x8B\x80\x00\x00\x00\x00\x89\x44\x24\x0C" 
#define WR1_MASK      "xxxxxxxx????xxxx"

// WeaponRange2

Code:

#define WR2_PATTERN "\x8B\xCE\xD9\x5C\x24\x48\x8B\x80\x00\x00\x00\x00\x89\x44\x24\x0C\x8B\x82\x00\x00\x00\x00" 
#define WR2_MASK      "xxxxxxxx????xxxxxx????"

// SuperBullets

Code:

#define SB_PATTERN "\x85\xC0\x5F\x0F\x94\xC0\x5E" 
#define SB_MASK     "xxxxxxx"

// GCS

Code:

#define GCS_PATTERN "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x86\x80\x37\x00\x00" 
#define GCS_MASK      "xxxxxxxxxxxxxx"

// GetPlayerIndex

Code:

#define GPI_PATTERN "\xCC\xCC\x8B\x41\x04\x85\xC0\x74\x18 
#define GPI_MASK      "xxxxxxxxx"

// ClientInfoMgr

Code:

#define CIM_PATTERN "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x86\x80\x37\x00\x00" 
#define CIM_MASK      "xxxxxxxxxxxxxx"

// WeaponMgr

Code:

#define WM_PATTERN "\x00\x00\x00\x00\x00\x00\x00\x00"
#define WM_MASK     "xxxxxxxx"

//RemoteKill1

Code:

#define RK1_PATTERN "\xD9\x44\x24\x2C\xD9\x5C\x24\x44\x8B\x51\x64\xFF\xD2\x83\xC4\x08" 
#define RK1_MASK      "xxxxxxxxxxxxxxxx"

//RemoteKill2

Code:

#define RK2_PATTERN "\xD9\x44\x24\x2C\xD9\x5C\x24\x44\x8B\x51\x64\xFF\xD2\x83\xC4\x08" 
#define RK2_MASK     "xxxxxxxxxxxxxxxx"

//RemoteKill3

Code:

#define RK3_PATTERN "\xD9\x44\x24\x2C\xD9\x5C\x24\x44\x8B\x51\x64\xFF\xD2\x83\xC4\x08 
#define RK3_MASK      "xxxxxxxxxxxxxxxx"

//RemoteKill4

Code:

#define RK4_PATTERN "\xD9\x44\x24\x2C\xD9\x5C\x24\x44\x8B\x51\x64\xFF\xD2\x83\xC4\x08"
#define RK4_MASK      "xxxxxxxxxxxxxxxx"

//LocalPtr

Code:

#define LOCALPTR_PATTERN "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x90\xBE\x24\x03\x83"
#define LOCALPTR_MASK      "xxxxxxxxxxxxxx"

Some are possibly wrong

Credits:
@Nightmare (ADDRESSES)
@arun823 (ADDRESSES)

[Avery17]

I just wanna go ahead and point out, there is no way any of these work. They look terrible....

Also why no specifics on whether you are extracting the address as byte code or have any offsets on the patterns? I don't know what find pattern function you guys are using but mine has 6 parameters not 4.

Code:

DWORD FindPattern(DWORD dwdwAdd, DWORD dwLen, BYTE *bMask, char * szMask, int codeOffset, bool Extract)

The last two parameters seem to be neglected on this entire forum.

[Shadow`]

I just wanna go ahead and point out, there is no way any of these work. They look terrible....

Also why no specifics on whether you are extracting the address as byte code or have any offsets on the patterns? I don't know what find pattern function you guys are using but mine has 6 parameters not 4.

Code:

DWORD FindPattern(DWORD dwdwAdd, DWORD dwLen, BYTE *bMask, char * szMask, int codeOffset, bool Extract)

The last two parameters seem to be neglected on this entire forum.

I use this:

Code:

DWORD cTools::FindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask)
{
    for(DWORD i=0; i < dwLen; i++) 
		if( bDataCompare( (BYTE*)( dwAddress+i ),bMask,szMask) ) 
            return (DWORD)(dwAddress+i); 
	
    return 0; 
}

[Departure]

I just wanna go ahead and point out, there is no way any of these work. They look terrible....

Also why no specifics on whether you are extracting the address as byte code or have any offsets on the patterns? I don't know what find pattern function you guys are using but mine has 6 parameters not 4.

Code:

DWORD FindPattern(DWORD dwdwAdd, DWORD dwLen, BYTE *bMask, char * szMask, int codeOffset, bool Extract)

The last two parameters seem to be neglected on this entire forum.

I like your ideas about coding your own classes, But its funny how you suggest that and yet have no idea what the code offset even is on your own code, If you knew what it was you wouldn't be asking for the offset because its common sense its the first section of module being scanned to the last section, or most people just start at the beginning of module to the size of module being scanned, your other "Extract" parameter makes no sense either, please explain why everyone who codes there own search function should have this boolean "Extract" parameter? quote "extracting the address as byte code" <--- are you for real? when its once again common sense to return the virtual address of found pattern. then you have the arrogance to tell shadow to follow his own advice?? wtf is "byte code" meant to mean anyway?

by the way "I just wanted to point that out" to you

[[MPGH]Flengo]

I like your ideas about coding your own classes, But its funny how you suggest that and yet have no idea what the code offset even is on your own code, If you knew what it was you wouldn't be asking for the offset because its common sense its the first section of module being scanned to the last section, or most people just start at the beginning of module to the size of module being scanned, your other "Extract" parameter makes no sense either, please explain why everyone who codes there own search function should have this boolean "Extract" parameter? quote "extracting the address as byte code" <--- are you for real? when its once again common sense to return the virtual address of found pattern. then you have the arrogance to tell shadow to follow his own advice?? wtf is "byte code" meant to mean anyway?

by the way "I just wanted to point that out" to you

His function is leeched. Here's the function he is using.

Code:

bool cTools::bCompare(const BYTE* pData, const BYTE* bMask, const char* szMask)
{
	for(;*szMask;++szMask,++pData,++bMask)
	if(*szMask=='x' && *pData!=*bMask ) return 0;
	return (*szMask) == NULL;
}

DWORD cTools::FindPattern(DWORD dwAddress, DWORD dwLen, BYTE *bMask, char * szMask, int codeOffset, BOOL extract)
{
	for(DWORD i = 0; i < dwLen; i++)
	{
		if(bCompare((BYTE*)(dwAddress + i),bMask,szMask))
		{
			if(extract)
			{
				return *(DWORD*)(dwAddress + i + codeOffset);
			}

			else 
			{
				return (DWORD)(dwAddress + i + codeOffset);
			}
		}
	}
	return NULL;
}

That's from disav0w_'s VIP Base.

[Departure]

His function is leeched. Here's the function he is using.

Code:

bool cTools::bCompare(const BYTE* pData, const BYTE* bMask, const char* szMask)
{
	for(;*szMask;++szMask,++pData,++bMask)
	if(*szMask=='x' && *pData!=*bMask ) return 0;
	return (*szMask) == NULL;
}

DWORD cTools::FindPattern(DWORD dwAddress, DWORD dwLen, BYTE *bMask, char * szMask, int codeOffset, BOOL extract)
{
	for(DWORD i = 0; i < dwLen; i++)
	{
		if(bCompare((BYTE*)(dwAddress + i),bMask,szMask))
		{
			if(extract)
			{
				return *(DWORD*)(dwAddress + i + codeOffset);
			}

			else 
			{
				return (DWORD)(dwAddress + i + codeOffset);
			}
		}
	}
	return NULL;
}

That's from disav0w_'s VIP Base.

So "extract" is a only pointer "return *(DWORD*)(dwAddress + i + codeOffset);" I don't see the big deal about it, this guy is still a muppet

[arun823]

Just wanted to point out that your ClientInfoMgr sig scan is incorrect.

[Avery17]

Code:

DWORD FindPattern(DWORD dwdwAdd, DWORD dwLen, BYTE *bMask, char * szMask, int codeOffset, bool Extract)
{
    for(DWORD i=0; i<dwLen; i++)
		if (bCompare((BYTE*)(dwdwAdd+i),bMask,szMask)){
			if(Extract)return *(DWORD*)(dwdwAdd+i+codeOffset);
			else return (DWORD)(dwdwAdd+i+codeOffset);
		}
    return 0;
}

Why does everyone use that same class for their hacks? Make your own code people, seriously!

Does anyone have the correct ClientInfoManager address or pattern?

[Shadow`]

Code:

DWORD FindPattern(DWORD dwdwAdd, DWORD dwLen, BYTE *bMask, char * szMask, int codeOffset, bool Extract)
{
    for(DWORD i=0; i<dwLen; i++)
		if (bCompare((BYTE*)(dwdwAdd+i),bMask,szMask)){
			if(Extract)return *(DWORD*)(dwdwAdd+i+codeOffset);
			else return (DWORD)(dwdwAdd+i+codeOffset);
		}
    return 0;
}

Why does everyone use that same class for their hacks? Make your own code people, seriously!

Does anyone have the correct ClientInfoManager address or pattern?

Why would you not want to use the same one, it's not going to be "detected" and it doesn't cause complications.

[Avery17]

I like the flexibility, it makes logging addresses easier? I didn't realize everyone stole the same shitty Tools class and used it in their hacks. Can no one write their own code anymore?

I remember when I used to copy and paste, and then I learned how to actually program.

BTW Are you the same shad0w from wr-source a long time ago?

[Shadow`]

I like the flexibility, it makes logging addresses easier? I didn't realize everyone stole the same shitty Tools class and used it in their hacks. Can no one write their own code anymore?

I remember when I used to copy and paste, and then I learned how to actually program.

BTW Are you the same shad0w from wr-source a long time ago?

No, I am not shad0w, I am shadow and sometimes known as shadowthief, but that's it.

[Avery17]

Found weapon manager.

Code:

Address   Hex dump          Command                                  Comments
00000019    0000            ADD BYTE PTR DS:[EAX],AL
0000001B    0000            ADD BYTE PTR DS:[EAX],AL
0000001D    0000            ADD BYTE PTR DS:[EAX],AL
0000001F    0000            ADD BYTE PTR DS:[EAX],AL

Great patterns....

[Nightmare]

Nice job brother!

[Ch40zz-C0d3r]

Simple sigscans doesnt help -.- People wont learn.
Get the references and statics and make a nice offset-sigscan

[Shadow`]

Simple sigscans doesnt help -.- People wont learn.
Get the references and statics and make a nice offset-sigscan

You know, it would be easier for him to do if he knew how... instead of saying what to do, show how to do it, lead by example. Just some helpful advice.