CJAmper (12-16-2015),KamiTaizai (11-11-2016),paPhetss2016 (10-30-2015)
Because I'm sick and tired of payhacking sites, I'll be releasing code snippets with VIP Features in it.
Good Luck payhacking sites!
No Recoil:
Rapid Fire, Rapid Slash, & Infinite Ammo:Code:void NoRecoil() { DWORD x1 = *(PDWORD)0xE41C80; if (x1) { x1 = *(PDWORD)(x1 + 0x20); if (x1) { x1 = *(PDWORD)(x1 + 0x10); if (x1) { x1 = *(PDWORD)(x1 + 0x0); if (x1) { x1 = *(PDWORD)(x1 + 0x8); if (x1) { *(PDWORD)(x1 + 0x1B1A8) = 0; *(PDWORD)(x1 + 0x1B1AC) = 0; } } } } } }
Code:void Ammo() { DWORD x1 = *(PDWORD)0xE41EC4; if(x1) { x1 = *(PDWORD)(x1 + 0x2FFD8); if(x1) { if(ON) { *(PDWORD)(x1 + 0x2A0) = 1;//Knife *(PDWORD)(x1 + 0x130) = 59;//Ammo (59 - 29 = 30 //Your Ammo will be 30) *(PDWORD)(x1 + 0x2BC) = 10100;//Rapid Fire } } } }
Shoot Through Walls:
Speed Hack/Super Jump:Code:void ShootWalls() { //will be released after a while, I'll just update :) }
Damage Hack:Code:void Player() { DWORD x1 = *(PDWORD)0xE41C80; if(x1) { x1 = *(PDWORD)(x1 + 0x28); if(x1) { x1 = *(PDWORD)(x1 + 0x0); if(x1) { x1 = *(PDWORD)(x1 + 0x10); if(x1) { x1 = *(PDWORD)(x1 + 0x0); if(x1) { if(ON) { *(FLOAT*)(x1 + 0x1C) = 1000.0f;//Speed Hack *(FLOAT*)(x1 + 0x144) = 10;//S.Jump } } } } } } }
Kill Hack: (Found this long time ago, didn't released it cause you need to be host.)Code:void Damage() { *(double*)0xDA26C8 = 10.000000f; //Maximum, If auto on: expect lag. //Want to add hotkey? Like if you press left mouse: Apply ProxyCall to avoid detections if(ProxyCall<SHORT>(&GetAsyncKeyState,1,(void*)ADR_PROXY,VK_LBUTTON)) { *(double*)0xDA26C8 = 10.000000f; //Maximum, you can set it to 99999 if you want. } }
Code://will be released after a while, I'll just update :) and give some screenies
Weapon Unlock / Character Unlock:
Boosts:Code:void Unlock() { //will be released after a while, I'll just update :) }
Ping Hack (visual):Code:void Boost() { //SFNA EXP Hack //SFNA x2, x3, x5 //SFNA SP Hack //SFNA Double UP SP //SFNA TeamKill (set to zero) //SFNA Headshot (Max 119) //SFNA Mission //SFNA Win/Lose }
God Mode:Code:void Ping() { //will be released after a while, I'll just update :) }
I will add more just wait.Code:void Health() { //will be released after a while, I'll just update :) }
Detected? (Use SilverDeath's ProxyCall)
Most of the APIs are detected in SoldierFront 1.
How to use ProxyCall?Code:template <typename T> __declspec(naked) T _cdecl ProxyCall(LPVOID Target, UINT NumberOfParams,LPVOID ProxyFFD5, ...) { __asm mov edx, esp; // stackframe on edx - edx points now to the return adress - Target, NumberOfParams, ProxyFFD5, Params after. __asm push esp; // save esp __asm push ebp; // save ebp __asm push esi; // save esi __asm lea esi, [edx+8]; // Points to NumberOfParams __asm mov ecx, [esi]; // Get Number Of Params __asm inc ecx; // Also push ProxyFFD5 PushParams: __asm mov eax, [esi+ecx*4]; // Get Parameter from right to left __asm push eax; // and push them on the stack __asm loop PushParams; // Repeat until all params pushed (ecx != 0) - Stack is done after this __asm mov ebp, ReturnHere; // Mov Returnadress into ebp to be called by proxy __asm mov eax, [edx+4]; // Get Target __asm jmp eax; // jump to target ReturnHere: __asm add esp, 4; // remove return address from Proxy __asm pop esi; // restore esi __asm pop ebp; // restore ebp __asm pop esp; // restore stack __asm retn; // return }
Do your DllMain like this (to avoid detections):Code:Find ADR_Proxy (No worries, I'll give the updated offset) Use it like this: For Sleep: ProxyCall<void>(&Sleep,1,(void*)ADR_PROXY,100); For GetAsyncKeyState: ProxyCall<SHORT>(&GetAsyncKeyState,1,(void*)ADR_PROXY,VK_INSERT) Put this in globals: #define ADR_PROXY 0x004B0E9C
If you need any help, just comment here. I'll post loader codes,hooks, and other stuff.Code:DWORD WINAPI Main(LPVOID Param) { while(1) { //call your hax Damage(); NoRecoil(); Player(); Ammo(); ShootWalls(); ProxyCall<void>(&Sleep,1,(void*)ADR_PROXY,50); } return false; } BOOL WINAPI DllMain(HMODULE hDll,DWORD Reason,LPVOID lpReserved) { if(Reason == DLL_PROCESS_ATTACH) { CloseHandle(CreateThread(0,0,Main,0,0,0)); return TRUE; } return FALSE; }
If something's wrong with the codes, please let me know. So I can update it
Tutorial will be posted if requested!
Other features will also be posted, just comment the feature you want below!
Credits:
Start your own hack! Feel free to ask for help, I'll help you.Code:Gecko Shad0w_ Zen_Barbie / Casper / Zen Ponzi Tutorial UnknownPK SilverDeath If I forgot adding you, feel free to pm me :)
Last edited by blackgamingthesecond; 10-10-2015 at 08:09 PM.
CJAmper (12-16-2015),KamiTaizai (11-11-2016),paPhetss2016 (10-30-2015)
can you make a tutorial?cuz Im just a beginner.
I could help you Are you stuck or something? Or you just can't start coding?
If you can't start coding,
download Microsoft Visual C++. If you already downloaded Microsoft Visual C++, make a project.
How to make project?
1. Open C++
2. Press new project >> choose win32 >> Win32 Project >> Press "Okay"
3. A new window will pop up >> Press Next >> Application Type: Dll >> Additional Options: Empty Project >> Press Finish
You just started your First Project! Congratulations.
You can't understand what I just said? Click this link: https://bfy.tw/2ED3
If you know already how to make a project in C++,
We will make your own hack, how?
Here's how:
As you have finished making your own project, you will be redirected to a new window. It is where you'll be putting your codes and stuff.
1. Create your source file, right click the "Source Files" folder that you will find under your First Project. (If you can't find it, Shortcut: CTRL+SHIFT+A) >> Name.cpp, in my case I'll name it Base.cpp >> Press "Add" button
2. You will now writing your own codes, well in your case, you'll be copy&pasting codes.
For those who will try their best in writing their own code: (Full Base, all the hacks included above)
- Include windows.h
Code:#include <windows.h>// isn't that easy
- We will be declaring the proxy addy, what is this for? To avoid detections. Xigncode is detecting most of the windows api.
Code:#define ADR_Proxy 0x004B0E9C //SFNA, this is updated. If you want to update it on yourself, just search byte: FF D5
- Now adding SilverDeath's proxycall function.
Code:template <typename T> __declspec(naked) T _cdecl ProxyCall(LPVOID Target, UINT NumberOfParams, LPVOID ProxyFFD5, ...) { __asm mov edx, esp; // stackframe on edx - edx points now to the return adress - Target, NumberOfParams, ProxyFFD5, Params after. __asm push esp; // save esp __asm push ebp; // save ebp __asm push esi; // save esi __asm lea esi, [edx + 8]; // Points to NumberOfParams __asm mov ecx, [esi]; // Get Number Of Params __asm inc ecx; // Also push ProxyFFD5 PushParams: __asm mov eax, [esi + ecx * 4]; // Get Parameter from right to left __asm push eax; // and push them on the stack __asm loop PushParams; // Repeat until all params pushed (ecx != 0) - Stack is done after this __asm mov ebp, ReturnHere; // Mov Returnadress into ebp to be called by proxy __asm mov eax, [edx + 4]; // Get Target __asm jmp eax; // jump to target ReturnHere: __asm add esp, 4; // remove return address from Proxy __asm pop esi; // restore esi __asm pop ebp; // restore ebp __asm pop esp; // restore stack __asm retn; // return }
- Now adding the hacks given above:
Code:void NoRecoil() //Actually this is No Spread & No Recoil. { DWORD x1 = *(PDWORD)0xE41C80; //We will be making a pointer, this address is updated in SFNA. If you want to update, PM me. if (x1) { x1 = *(PDWORD)(x1 + 0x20); if (x1) { x1 = *(PDWORD)(x1 + 0x10); if (x1) { x1 = *(PDWORD)(x1 + 0x0); if (x1) { x1 = *(PDWORD)(x1 + 0x8); if (x1) { *(PDWORD)(x1 + 0x1B1A8) = 0; //Updated addy for SFNA, If you want to update PM me. *(PDWORD)(x1 + 0x1B1AC) = 0; //Updated addy for SFNA, If you want to update PM me. } } } } } } void Ammo() { DWORD x1 = *(PDWORD)0xE41EC4; if(x1) { x1 = *(PDWORD)(x1 + 0x2FFD8); if(x1) { *(PDWORD)(x1 + 0x2A0) = 1;//Knife *(PDWORD)(x1 + 0x130) = 59;//Ammo (59 - 29 = 30 //Your Ammo will be 30) *(PDWORD)(x1 + 0x2BC) = 10100;//Rapid Fire //This addies are updated in SFNA, feel free to PM me if you encounter any problems :) } } } void Player() { DWORD x1 = *(PDWORD)0xE41C80; if(x1) { x1 = *(PDWORD)(x1 + 0x28); if(x1) { x1 = *(PDWORD)(x1 + 0x0); if(x1) { x1 = *(PDWORD)(x1 + 0x10); if(x1) { x1 = *(PDWORD)(x1 + 0x0); if(x1) { if(ON) { *(FLOAT*)(x1 + 0x1C) = 1000.0f;//Speed Hack *(FLOAT*)(x1 + 0x144) = 10;//S.Jump } } } } } } } void Damage() { if(ProxyCall<SHORT>(&GetAsyncKeyState,1,(void*)ADR_PROXY,VK_LBUTTON)) // ProxyCall GetAsyncKeyState to avoid detections. As you can see, GetAsyncKeyState is detected in xigncode because it is a winapi function. //If you press the left mouse button, your damage will increase making a OHK. One hit kill { *(double*)0xDA26C8 = 10.000000f; //Updated in SFNA, PM me if you need help finding it. } }
- Call all your hacks in one thread, this will be your main thread.
Make a loop, so your hack will be constantly called.Code:DWORD WINAPI Main(LPVOID Param) //Name of your function { return false; }
Let your function suspend the execution of main thread as finish calling your hacks. Since it's in a loop, it will be constantly done. Specifically, this is for your game. To avoid hang. or Lag.Code:DWORD WINAPI Main(LPVOID Param) { while(1) { } return false; }
Call your hacks!Code:DWORD WINAPI Main(LPVOID Param) { while(1) { ProxyCall<void>(&Sleep,1,(void*)ADR_PROXY,50); //I used silverdeath's proxycall, just to make sure that there will be no detections } return false; }
Code:DWORD WINAPI Main(LPVOID Param) { while(1) { //call your hax Damage(); NoRecoil(); Player(); Ammo(); ShootWalls(); ProxyCall<void>(&Sleep,1,(void*)ADR_PROXY,50); } return false; }
- Call your hack in DllMain!
Code:BOOL WINAPI DllMain(HMODULE hDll, DWORD Reason, LPVOID lpReserved) { if (Reason == DLL_PROCESS_ATTACH) //if your dll is attached { CloseHandle(CreateThread(0, 0, Main, 0, 0, 0));//Call Main thread then close handle return TRUE; } return FALSE; }
For C&P Users: (This is only a base, add your own features)
Code:#include <windows.h> #define ADR_PROXY 0x004B0E9C template <typename T> __declspec(naked) T _cdecl ProxyCall(LPVOID Target, UINT NumberOfParams, LPVOID ProxyFFD5, ...) { __asm mov edx, esp; // stackframe on edx - edx points now to the return adress - Target, NumberOfParams, ProxyFFD5, Params after. __asm push esp; // save esp __asm push ebp; // save ebp __asm push esi; // save esi __asm lea esi, [edx + 8]; // Points to NumberOfParams __asm mov ecx, [esi]; // Get Number Of Params __asm inc ecx; // Also push ProxyFFD5 PushParams: __asm mov eax, [esi + ecx * 4]; // Get Parameter from right to left __asm push eax; // and push them on the stack __asm loop PushParams; // Repeat until all params pushed (ecx != 0) - Stack is done after this __asm mov ebp, ReturnHere; // Mov Returnadress into ebp to be called by proxy __asm mov eax, [edx + 4]; // Get Target __asm jmp eax; // jump to target ReturnHere: __asm add esp, 4; // remove return address from Proxy __asm pop esi; // restore esi __asm pop ebp; // restore ebp __asm pop esp; // restore stack __asm retn; // return } DWORD WINAPI Main(LPVOID Param) { while (1) { //call your hax ProxyCall<void>(&Sleep, 1, (void*)ADR_PROXY, 50); } return false; } BOOL WINAPI DllMain(HMODULE hDll, DWORD Reason, LPVOID lpReserved) { if (Reason == DLL_PROCESS_ATTACH) { CloseHandle(CreateThread(0, 0, Main, 0, 0, 0)); return TRUE; } return FALSE; }
I wish I helped a lot! Please press thanks
Last edited by blackgamingthesecond; 10-11-2015 at 06:00 AM.
brixs (12-14-2016),KamiTaizai (11-11-2016),Kodzolnik123 (12-17-2015),lucaspoep1 (01-16-2016),SnowPoem (10-25-2015)
It would be nice if you could upload a video tutorial.
You. are. awesome.
Thanks for this! I'm trying to create hax for SF for awhile but I pretty much suck at reversing, also I didn't know how to make it undetected.
I will get working with this ASAP :3
too awesome!
Coders please see this: https://www.mpgh.net/forum/24-hack-re...vate-hack.html
how to find offset 0x2FFD8
thankyou
Great job buddy! Thank you! I'm speechless!
Thank you for assisting us with the basics of these types of hack implementations.
I am highly interested on how to obtain the new pointers when they change. That is the key ingredient to making all this work. I tried to PM you but don't have enough posts on this forum to send e-mails to other members.
In a couple of the hack feature functions, there is an undefined "ON" variable. Is this on purpose?
who know who to find offset
BlackGaming, Kabayan, just finished putting these codes up. Im not sure how to save and get the dll though, this is the first time i've programmed. mind helping me?
I just put up all the codes there on the new added item, which I named, Base.cpp. Thats where I am right now.
And question nga pala, once we get the DLL file, we still need an undetected injector for it to work, is my understanding right?
- - - Updated - - -
Just an update, I tried pressing the Build button. And I got 5 errors, it says.
Hi bro,
I was wondering if you can teach me hacking about codes/hacks etc.
I really glad I met you, so I want to make hack for these games:
GTA V, Crossfire, Skyforge, Black Ops 3, and CSGO..
But crossfire is really my first one I want to use long time ago I used Crossfire zombie hack..
It was great you could 1 hit kill zombies and lots of points I really miss that feature..
Can you teach me how I make one? with damage hack or one hit kill hack ?
If its risky I would use it only on zombies game modes without online players.
Dude why don't u post the dll? It's too hard for me to do that!
How did you get this code ? and offset ?
Thankyou