Norecoil/spread - a poor man version because you have to disable it every time you die and re-enable after spawn. I guess some bits get squished somewhere.
I don't think that there is anything new here coding wise to learn for those who have contributed here with their remarkable reversing skills but this might come in handy to those who have no idea how to compile with notepad.exe.
Heres The One For Norecoil/Nospread
==================================================
Code:
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem24,2048) //2kb should be enough
label(returnhere24)
label(originalcode24)
label(exit24)
newmem24: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode24:
jmp PlanetSide2.exe+BC7B82
push esi
mov esi,[ebx+04]
exit24:
jmp returnhere24
"PlanetSide2.exe"+BC7B46:
jmp newmem24
nop
returnhere24:
alloc(newmem17,2048) //2kb should be enough
label(returnhere17)
label(originalcode17)
label(exit17)
newmem17: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode17:
mov [esi+000000D4],0
exit17:
jmp returnhere17
"PlanetSide2.exe"+BC658A:
jmp newmem17
nop
returnhere17:
alloc(newmem11,2048) //2kb should be enough
label(returnhere11)
label(originalcode11)
label(exit11)
newmem11: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode11:
movss xmm3,[esi+000000D4]
xorps xmm3, xmm3
exit11:
jmp returnhere11
"PlanetSide2.exe"+BC6533:
jmp newmem11
nop
nop
nop
returnhere11:
alloc(newmem6,2048) //2kb should be enough
label(returnhere6)
label(originalcode6)
label(exit6)
newmem6: //this is allocated memory, you have read,write,execute access
//place your code here
xorps xmm0, xmm0
originalcode6:
movss [ecx+04],xmm0
exit6:
jmp returnhere6
"PlanetSide2.exe"+16C7218:
jmp newmem6
returnhere6:
alloc(newmem2,2048) //2kb should be enough
label(returnhere2)
label(originalcode2)
label(exit2)
newmem2: //this is allocated memory, you have read,write,execute access
//place your code here
xorps xmm1, xmm1
originalcode2:
ucomiss xmm1,[esi+54]
lahf
exit2:
jmp returnhere2
"PlanetSide2.exe"+1679954:
jmp newmem2
returnhere2:
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
xorps xmm0, xmm0
originalcode:
ucomiss xmm0,[esi+08]
lahf
exit:
jmp returnhere
"PlanetSide2.exe"+C71385:
jmp newmem
returnhere:
Code:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem24)
"PlanetSide2.exe"+BC7B46:
jle PlanetSide2.exe+BC7B82
push esi
mov esi,[ebx+04]
//Alt: db 7E 3A 56 8B 73 04
dealloc(newmem17)
"PlanetSide2.exe"+BC658A:
mov [esi+000000D4],edx
//Alt: db 89 96 D4 00 00 00
dealloc(newmem11)
"PlanetSide2.exe"+BC6533:
movss xmm3,[esi+000000D4]
//Alt: db F3 0F 10 9E D4 00 00 00
dealloc(newmem6)
"PlanetSide2.exe"+16C7218:
movss [ecx+04],xmm0
//Alt: db F3 0F 11 41 04
dealloc(newmem2)
"PlanetSide2.exe"+1679954:
ucomiss xmm1,[esi+54]
lahf
//Alt: db 0F 2E 4E 54 9F
dealloc(newmem)
"PlanetSide2.exe"+C71385:
ucomiss xmm0,[esi+08]
lahf
//Alt: db 0F 2E 46 08 9F
=========================================
And the speedhack. Haven't tested it after spawning. Change the ESP to whatever floating point value (in hex) - currently its set to 15. If you set it too high the physics engine will go nuts and kill/crash you.
Code:
[ENABLE]
//Speedhack
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
//Push xmm0
sub esp, 16
movdqu dqword [esp], xmm0
mov [esp], 41200000
//Pop xmm0
movdqu xmm0, dqword [esp]
add esp, 16
originalcode:
movss [esi+000000C8],xmm0
exit:
jmp returnhere
"PlanetSide2.exe"+BC8D86:
jmp newmem
nop
nop
nop
returnhere:
Code:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"PlanetSide2.exe"+BC8D86:
movss [esi+000000C8],xmm0
//Alt: db F3 0F 11 86 C8 00 00 00
The base address for recoil/movement speed is at PlanetSide2.exe+2A661F0 and some other stuff (I think I saw coordinates but unsure and too stupid to reverse it all).
Feel free to make a better sig. This one currently points to the instructions dealing with recoil from where you can obtain the base.
Code:
\x57\x51\xD9\x1C\x24\x8D\x45\xEC\xF3\x0F\x5C\xCA\x F3\x0F\x5C\xC3\x50\xF3\x0F\x11\x4D\xEC\xF3\x0F\x11 \x45\xF0\xE8\x00\x00\x00\x00\x8B\x4D\xF4\x8B\x55\x F8\x89\x8E\x00\x00\x00\x00\x89\x96\x00\x00\x00\x00