you need update pointer
======================================h.main.cpp===============================
#include <Windows.h>
#include <d3d9.h>
#include <d3dx9.h>
#include <process.h>
#include <stdio.h>
#include <fstream>
#include "hXOR.h"
#include "MakeCall.h"
#pragma comment(lib, "d3d9.lib")
#pragma comment(lib, "d3dx9.lib")
BOOL IsGameHooked ()
{
if(GetModuleHandleA(EncCShell) != NULL && GetModuleHandleA(EncClient)!= NULL)
return true;
return false;
}
bool InstantReload = true ; //False artinya Off
bool InstantChange = true ; //False artinya Off
bool NoWeaponRecoil = true ;
DWORD CShell = (DWORD) GetModuleHandleA(EncCShell);
DWORD pWeaponMgr = *(DWORD*) ( CShell + 0x104DD74 );
void HookThread ( LPVOID)
{
while (!IsGameHooked())
Sleep(250);
while ( true )
{
if (isReady == false)
{
backup(CShell,0x104DD74);
if (*(BYTE*)(CShell+0x3ABCC5))
{
MakeCall((BYTE*)(CShell+0x3ABCC5), (DWORD)bypass, 5);
isReady = true;
for(int i=0; i<999; i++)
{
DWORD WeaponHooked = *(DWORD*) ( pWeaponMgr + (4*i ) );
if (WeaponHooked)
{
if ( InstantReload ) *(float*) ( WeaponHooked + 0xC38 ) = 100;
if ( InstantChange ) *(float*) ( WeaponHooked + 0xC3C ) = 100;
for ( int y=0; y<9; y++ )
{
if ( NoWeaponRecoil )
{
*(float*) ( WeaponHooked + ( 0xEFC + (4*y))) = 0.0f;
*(float*) ( WeaponHooked + ( 0x11CC + (4*y))) = 0.0f;
*(float*) ( WeaponHooked + ( 0x1064 + (4*y))) = 0.0f;
*(float*) ( WeaponHooked + ( 0x370C + (4*y))) = 0.0f;
*(float*) ( WeaponHooked + ( 0x352C + (4*y))) = 0.0f;
*(float*) ( WeaponHooked + ( 0x53C + (4*y))) = 0.0f;
}
}
}
}
}
}
}
}
BOOL WINAPI DllMain( HMODULE hDll, DWORD dwReason, LPVOID lpReserved )
{
DisableThreadLibraryCalls( hDll );
if( dwReason == DLL_PROCESS_ATTACH )
{
MessageBox(0, "Chibi-chiber Comunity Yuzra45", "By Yuzra45", MB_OK + MB_ICONASTERISK);
CreateThread(0,0,(LPTHREAD_START_ROUTINE)HookThrea d,0,0,0);
char strDLLName [_MAX_PATH];
GetModuleFileName(hDll, strDLLName , _MAX_PATH);
if (strstr(strDLLName,"Yuzra45.dll") <= 0) {//Tuliskan sesuai nama DLL kamu!
MessageBoxA(0, "Mohon untuk mengembalikan sesuai nama aslinya! \n \n Terima Kasih : INDO-CROSSFIRE","PERINGATAN!", MB_OK + MB_ICONSTOP );
Beep (5000,500);
}
}
return TRUE;
}
======================================MakeCall.h===============================
bool isReady = false;
typedef struct
{
BYTE Data[0x3000];
} WeaponMgrCopy;
WeaponMgrCopy* Weapons[800];
void backup(DWORD CShell,DWORD WeaponMgr)
{
DWORD pWeaponMgr = *(DWORD*)(CShell+WeaponMgr );
for(int i=0;i<=800;i++)
{
DWORD Weapon = (*(DWORD*)(pWeaponMgr + (4*i)));
if (Weapon != NULL)
{
Weapons[i] = new WeaponMgrCopy;
memcpy(Weapons[i], (void*)(Weapon), 0x1400);
}
}
}
WeaponMgrCopy* bypass (int GunIndexNR)
{
return Weapons[GunIndexNR];
}
void MakeCall(BYTE* paddress, DWORD yourfunction, DWORD dwlen)
{
DWORD dwOldProtect, dwBkup, dwRelAddr;
VirtualProtect(paddress, dwlen, PAGE_EXECUTE_READWRITE, &dwOldProtect);
dwRelAddr = (DWORD) (yourfunction - (DWORD) paddress) - 5;
*paddress = 0xE8;
*((DWORD*) (paddress + 0x1)) = dwRelAddr;
for(DWORD x = 0x5; x < dwlen; x++) *(paddress + x) = 0x90;
VirtualProtect(paddress, dwlen, dwOldProtect, &dwBkup);
return;
}
HELP PLEASE ME PLEASE
WHY Noreload NOrecoil NoChange NOT WORK AFTER INJECT.
Im, after the addy look this
this is new addy:
WeaponMgr =0x104DD74 it's Right
Noreload = C38 it's Right
Nochange = C3C it's Right
Pointer Client Erorr =0x3ABCC5 it's Right
But stay Not Working
How to Fix ?
cfna addresses:
weaponMgr 0xF48EEC
ChangeWeaponAnimRatio 0xC40
ReloadAnimRatio 0xC3C
Client28_3 0x378945
too much C+P in one place
if not wrong, this is WeaponMgr for CFIN
1023B389 68 80F75310 PUSH CShell.1053F780 ; ASCII "ReloadAnimRatio"
1023B38E D998 3C0C0000 FSTP DWORD PTR DS:[EAX+C3C]
1023B394 55 PUSH EBP
1023B395 E8 B6642400 CALL CShell.10481850
1023B39A 83C4 08 ADD ESP,8
1023B39D 85C0 TEST EAX,EAX
1023B39F 74 46 JE SHORT CShell.1023B3E7
1023B3A1 8B48 04 MOV ECX,DWORD PTR DS:[EAX+4]
1023B3A4 8B51 04 MOV EDX,DWORD PTR DS:[ECX+4]
1023B3A7 8B0D 74DD0411 MOV ECX,DWORD PTR DS:[1104DD74] <== WeaponMgr 0x104DD74
1023B3AD 85C9 TEST ECX,ECX
1023B3AF 8B5A 04 MOV EBX,DWORD PTR DS:[EDX+4]
1023B3B2 74 0E JE SHORT CShell.1023B3C2
1023B3B4 A1 78DD0411 MOV EAX,DWORD PTR DS:[1104DD78]
1023B3B9 2BC1 SUB EAX,ECX
1023B3BB C1F8 02 SAR EAX,2
1023B3BE 3BF0 CMP ESI,EAX
1023B3C0 72 08 JB SHORT CShell.1023B3CA
1023B3C2 FFD7 CALL EDI
1023B3C4 8B0D 74DD0411 MOV ECX,DWORD PTR DS:[1104DD74]
1023B3CA 53 PUSH EBX
1023B3CB 8D3CB1 LEA EDI,DWORD PTR DS:[ECX+ESI*4]
1023B3CE FF15 64C34F10 CALL DWORD PTR DS:[104FC364] ; MSVCR80.atof
1023B3D4 D95C24 14 FSTP DWORD PTR SS:[ESP+14]
1023B3D8 D94424 14 FLD DWORD PTR SS:[ESP+14]
1023B3DC 8B07 MOV EAX,DWORD PTR DS:[EDI]
1023B3DE D998 3C0C0000 FSTP DWORD PTR DS:[EAX+C3C] <== NoreloadOffset 0xC3C
1023B3E4 83C4 04 ADD ESP,4
Bypass 28.3 still work fine for CFIN