uve tryed this and they work???
I tried to use a switch on the gunz.exe didnt work. but i was able 2 update addresses on some hacks for those who dont want to go thru with it.
As far as i can tell the other hacks like godmode, 0delay, nospread, and namehack havnt changed you can simple search referenced strings, but for these i updated address.
If someone can figure out how 2 beat the Xtrap then i geuss we can all use the updated addresses.
Ghosting and ROS from Holyfate
and Lawnmower from Spiderbyte
NONE OF THESE TUTES ARE MY OWN AND I GOT THEM OFF OF PEOPLE FROM THIS SITE I JUST UPDATED ADDRESSES SORRY IF I TOOK YOUR TUTE
------------------------------
ROCKET FROM SWORD
Part 1:Removing the Check:
004773F0 /$ 83EC 48 SUB ESP,48
004773F3 |. 56 PUSH ESI
004773F4 |. 8BF1 MOV ESI,ECX
004773F6 |. 8D4E 64 LEA ECX,DWORD PTR DS:[ESI+64]
004773F9 |. E8 A2ABFFFF CALL Gunz.00471F60
004773FE |. 85C0 TEST EAX,EAX
00477400 |. 0F84 5A010000 JE Gunz.00477560
00477406 |. 8B48 30 MOV ECX,DWORD PTR DS:[EAX+30]
00477409 |. 85C9 TEST ECX,ECX
0047740B 0F8E 4F010000 JLE HolyFate.00477560
00477411 |. 33C0 XOR EAX,EAX
ok so now that we see the code we NOP the jle to remove the check
Part 2:Switching the calls:
first go to local calls. you will see this:
00478A12 . E8 D9E9FFFF CALL Gunz.004773F0
00478A17 . 5F POP EDI
00478A18 . 5B POP EBX
00478A19 . 5D POP EBP
00478A1A . 8BCE MOV ECX,ESI
00478A1C . 5E POP ESI
00478A1D . 83C4 04 ADD ESP,4
00478A20 .^E9 DB41FFFF JMP Gunz.0046CBB0
00478A25 > 8BCE MOV ECX,ESI ; Cases 1,7,C,D,E of
switch 004789CA
00478A27 . E8 C4F8FFFF CALL Gunz.004782F0
00478A2C . 5F POP EDI
00478A2D . 5B POP EBX
00478A2E . 5D POP EBP
00478A2F . 8BCE MOV ECX,ESI
00478A31 . 5E POP ESI
00478A32 . 83C4 04 ADD ESP,4
00478A35 .^E9 C641FFFF JMP Gunz.0046CBB0
00478A3A > 8BCE MOV ECX,ESI ; Default case of
switch 004789CA
00478A3C E8 8FECFFFF CALL Gunz.004776D0
change the CALL Gunz.004782F0 to CALL Gunz.004773F0
------------------------------
GHOSTING
first search for binary 18 CC:
0046CB30 $ 8B01 MOV EAX,DWORD PTR DS:[ECX]
0046CB32 . FF60 18 JMP DWORD PTR DS:[EAX+18]
ok so nop all of the local calls on MOV EAX,DWORD PTR DS:[ECX]
------------------------------
Lawnmower:
Code:
00479288 . 74 6B JE SHORT GunzRunn.004792F5
00479291 . 75 62 JNZ SHORT GunzRunn.004792F5
0047929c . 75 57 JNZ SHORT GunzRunn.004792F5
MSLawnmower:
Code:
00479383 . 74 39 JE SHORT GunzRunn.0047917E
NOP THE ABOVE
------------------------------
Last edited by sp0tie; 02-22-2006 at 08:14 AM.
i cant bypass the xtrap, but the coding arrangement of the new update is nearly identical to the old, so its basically an update of addresses.
Its like putting 5 people in a line and renaming all of them but not changing the order cept maybe they all took one step to the left. so there in a diff. position.