Tutorials Part 2

**HolyFate** · 02-19-2006

Rockets from sword:

first this drives me nuts because it shouldn't work but it does:

Part 1:Removing the Check:
first go to :472950: ZMyCharacter::OnShotRocket (83 EC 48 56 8B F1 8D 4E 64 E8 EE EE EE EE 85 )

use everything before E8:

Code:

004771B0  /$ 83EC 48        SUB ESP,48
004771B3  |. 56             PUSH ESI
004771B4  |. 8BF1           MOV ESI,ECX
004771B6  |. 8D4E 64        LEA ECX,DWORD PTR DS:[ESI+64]
004771B9  |. E8 A2ABFFFF    CALL HolyFate.00471D60
004771BE  |. 85C0           TEST EAX,EAX
004771C0  |. 0F84 5A010000  JE HolyFate.00477320
004771C6  |. 8B48 30        MOV ECX,DWORD PTR DS:[EAX+30]
004771C9  |. 85C9           TEST ECX,ECX
004771CB     0F8E 4F010000  JLE HolyFate.00477320
004771D1  |. 33C0           XOR EAX,EAX

ok so now that we see the code we NOP the jle to remove the check

Part 2:Switching the calls:
first go to local calls. you will see this:

Code:

004787D2   . E8 D9E9FFFF    CALL HolyFate.004771B0
004787D7   . 5F             POP EDI
004787D8   . 5B             POP EBX
004787D9   . 5D             POP EBP
004787DA   . 8BCE           MOV ECX,ESI
004787DC   . 5E             POP ESI
004787DD   . 83C4 04        ADD ESP,4
004787E0   .^E9 DB41FFFF    JMP HolyFate.0046C9C0
004787E5   > 8BCE           MOV ECX,ESI                              ;  Cases 1,7,C,D,E of switch 0047878A
004787E7   . E8 C4F8FFFF    CALL HolyFate.004780B0
004787EC   . 5F             POP EDI
004787ED   . 5B             POP EBX
004787EE   . 5D             POP EBP
004787EF   . 8BCE           MOV ECX,ESI
004787F1   . 5E             POP ESI
004787F2   . 83C4 04        ADD ESP,4
004787F5   .^E9 C641FFFF    JMP HolyFate.0046C9C0
004787FA   > 8BCE           MOV ECX,ESI                              ;  Default case of switch 0047878A
004787FC     E8 8FECFFFF    CALL HolyFate.00477490

change the CALL HolyFate.004780b0 to CALL HolyFate.004771b0

ok thats rockets from sword next is ghosting:
first search for binary 18 CC:

Code:

0046C940   $ 8B01           MOV EAX,DWORD PTR DS:[ECX]
0046C942   . FF60 18        JMP DWORD PTR DS:[EAX+18]

ok so nop all of the local calls on MOV EAX,DWORD PTR DS:[ECX]

ok now long wall run:
go here:
00475760 /$ 83EC 24 SUB ESP,24

now nop all of the local calls and if you want super wall jump or assassin jump

Code:

00475760  /$ 83EC 24        SUB ESP,24
00475763  |. 56             PUSH ESI
00475764  |. 8BF1           MOV ESI,ECX
00475766  |. 8A86 20060000  MOV AL,BYTE PTR DS:[ESI+620]
0047576C  |. D946 58        FLD DWORD PTR DS:[ESI+58]
0047576F  |. D946 54        FLD DWORD PTR DS:[ESI+54]
00475772  |. 24 7F          AND AL,7F
00475774  |. 8886 20060000  MOV BYTE PTR DS:[ESI+620],AL
0047577A  |. D9E0           FCHS
0047577C  |. 8A86 DC040000  MOV AL,BYTE PTR DS:[ESI+4DC]
00475782  |. D95C24 04      FSTP DWORD PTR SS:[ESP+4]
00475786  |. 24 FD          AND AL,0FD
00475788  |. 0C 10          OR AL,10
0047578A  |. D9E0           FCHS
0047578C  |. 8886 DC040000  MOV BYTE PTR DS:[ESI+4DC],AL
00475792  |. D95C24 08      FSTP DWORD PTR SS:[ESP+8]
00475796  |. 8A86 9C040000  MOV AL,BYTE PTR DS:[ESI+49C]
0047579C  |. 8D4C24 04      LEA ECX,DWORD PTR SS:[ESP+4]
004757A0  |. 51             PUSH ECX
004757A1  |. 8BD1           MOV EDX,ECX
004757A3  |. 24 BF          AND AL,0BF
004757A5  |. 52             PUSH EDX
004757A6  |. 8886 9C040000  MOV BYTE PTR DS:[ESI+49C],AL
004757AC  |. C74424 14 0000>MOV DWORD PTR SS:[ESP+14],0
004757B4  |. E8 D6090F00    CALL HolyFate.0056618F
004757B9  |. 8B8E E4040000  MOV ECX,DWORD PTR DS:[ESI+4E4]
004757BF  |. 83F9 01        CMP ECX,1
004757C2  |. 0F85 FC000000  JNZ HolyFate.004758C4
004757C8  |. 6A 00          PUSH 0
004757CA  |. E8 E10A0D00    CALL HolyFate.005462B0
004757CF  |. 8BC8           MOV ECX,EAX
004757D1  |. E8 7A0B0D00    CALL HolyFate.00546350
004757D6  |. D94424 04      FLD DWORD PTR SS:[ESP+4]
004757DA  |. 84C0           TEST AL,AL
004757DC  |. 8B46 60        MOV EAX,DWORD PTR DS:[ESI+60]
004757DF  |. 74 49          JE SHORT HolyFate.0047582A

nop the je and jnz then go to the 3rd local call and nop the jmp and je

Credits to xXzYzXx for help on rockets

**A7X Oblivian** · 02-19-2006

Holy ......****

**HolyFate** · 02-19-2006

what??? explain

**A7X Oblivian** · 02-19-2006

i meant nothing exept it was a very confusing tut until i analyzed it...i was just like WOAH and then i spammed

**HaCkErPrO** · 02-19-2006

easy tuts but thanks for the Assasin Jump. i think i have other method for ROS

**beko** · 02-19-2006

rocket from sword = rocket from smg
ghosting: not very smart since everyone can see u, when u die ur still alive but u cant reload after a short while u cant move.

**HolyFate** · 02-19-2006

*update* fixed rockets from sword

**Craig** · 02-19-2006

hey im new here i was just wondering wot programme u use to make this would it be olly??

**WertyRO** · 02-19-2006

Originally Posted by Craig

hey im new here i was just wondering wot programme u use to make this would it be olly??

Yes Olly...

**Craig** · 02-19-2006

ok thanks and what excatly is ghosting is it jus ghost hack ??

**$GHOST$** · 02-19-2006

.... ok lets see good tut lots of spam FUNNY ummm on tut intersting idea this gives me ty

**D3ATH ANG3L** · 02-19-2006

In the process of putting in 0 Delay or whichever so be expected of a change

**SpiderByte** · 02-20-2006

Well Gunz is ruined... There is a reason I didn't release this...

**SpiderByte** · 02-20-2006

Why can't I edit my fucking posts?!?!?!

**HolyFate** · 02-20-2006

hehehe it might finnaly get patched anways i love /toss command and /close

Thread: Tutorials Part 2

Thread Tools

Display

Tutorials Part 2

Similar Threads

[Tutorial]Become a MC Modder EASY [Part 2]

[C#] Tutorial: Understanding The Basics Part 1

[XNA] Developing Your First 2D Game Tutorial: Part 1

Italian Tutorial Part #1

[Tutorial]Snippets Part 3[Snip]