Updated Addresses

**Synns** · 05-26-2010

Code:

#define ADR_NORECOIL_ONE    0x3740CE89
#define ADR_NORECOIL_TWO    0x3740CE8B
#define ADR_LTTCCllient    0x377DAE88
#define ADR_ALTERNATIVE_CONSOLE    0x0046F620
#define ADR_ASUS_WALLHACK    0x0057207A
#define ADR_DEVICEPTR    0x009096F8 <--- I think? idk I don't use the device ptr.

For use of the Alternative Console, not the one in Gellin's base:

Credits to __GHOSTER__

Code:

void __cdecl SetConsoleVariable(char* szVal)
{
    void* vSetVar = (void*)ADR_ALTERNATIVE_CONSOLE;
    _asm
    {
        push szVal
        call vSetVar
        add esp, 4
    }
}

**Zoom** · 05-26-2010

Thank you so much long!

**~Stephen** · 05-26-2010

Thanks Longevity...

Also, Great shit from: ___GHOSTER___

Thanks again

**mmbob** · 05-26-2010

Why would you post these 3 hours after patch....

**ainkut** · 05-26-2010

Originally Posted by mmbob

Why would you post these 3 hours after patch....

because he's nice and deserves a thanks?

**mmbob** · 05-26-2010

If I had to use Longevity's addresses, I'd definitely thank him. But you should let the kiddies find these themselves, and maybe release them in a few weeks. And that is the correct device pointer.

**Synns** · 05-26-2010

Originally Posted by mmbob

Why would you post these 3 hours after patch....

Well, BigBoy posted a picture tutorial on how to dump files so basically everyone knows now. Finding these addresses aren't really hard to do now.

**topblast** · 05-26-2010

thanks for sharing

**God601** · 05-26-2010

how can you find that shit?

ADR_ALTERNATIVE_CONSOLE

because i searched into every files of CA and didnt finded it -.-

**Synns** · 05-26-2010

CA updated today. In Engine.exe

Look for 'CL***ient::UnregisterConsoleProgram'

Scroll down until you see:

Code:

___:0046F610 ; ---------------------------------------------------------------------------
___:0046F611                 align 10h
___:0046F620
___:0046F620 ; =============== S U B R O U T I N E =======================================
___:0046F620
___:0046F620 ; Attributes: thunk
___:0046F620
___:0046F620 sub_46F620      proc near               ; DATA XREF: sub_474930-34Eo
___:0046F620                                         ; ___:007D9200o
___:0046F620                 jmp     sub_485D40
___:0046F620 sub_46F620      endp
___:0046F620
___:0046F620 ; ---------------------------------------------------------------------------
___:0046F625                 align 10h
___:0046F630
___:0046F630 ; =============== S U B R O U T I N E =======================================

**God601** · 05-26-2010

hmm... that are very useful

better than the l***ient because it was only... weird and others thing i can't say.

**mmbob** · 05-26-2010

The alternate console is simply the address at *(*pL***ient + 0x208).

**vingadormaster** · 05-26-2010

[php]#define ADR_KDRGUARDCANA 0x3778DFFC
#define ADR_KDRGUARDCAEU 0x37750A08
#define ADR_KILLCAMCAEU 0x377502E8[/php]

killcamon put value in 0.
kdrguard put value in 0.

example:

[php]
kdrguard:

*(long*) ADR_KDRGUARDCAEU = 0;

killcamon:

bool CAMON[2]; // Credits to NeoIII

if(GetAsyncKeyState(VK_F12)&1) CAMON[0] = !CAMON[0];
if(CAMON[0] && !CAMON[1])
{
*(long*) ADR_KILLCAMCAEU = 0;
}[/php]

found in MHS, but mhs is detected in XP SP3 32bits, I had to use a old folder of HackShield, which causes "conection ended" after a few minutes.

make a findpattern to kdrguard apparently is complicated.
it changes the values constantly.

i not tryed findpattern to killcamon.

**Synns** · 05-26-2010

Originally Posted by vingadormaster

[php]#define ADR_KDRGUARDCANA 0x3778DFFC
#define ADR_KDRGUARDCAEU 0x37750A08
#define ADR_KILLCAMCAEU 0x377502E8[/php]

killcamon put value in 0.
kdrguard put value in 0.

example:

[php]
kdrguard:

*(long*) ADR_KDRGUARDCAEU = 0;

killcamon:

bool CAMON[2]; // Credits to NeoIII

if(GetAsyncKeyState(VK_F12)&1) CAMON[0] = !CAMON[0];
if(CAMON[0] && !CAMON[1])
{
*(long*) ADR_KILLCAMCAEU = 0;
}[/php]

found in MHS, but mhs is detected in XP SP3 32bits, I had to use a old folder of HackShield, which causes "conection ended" after a few minutes.

make a findpattern to kdrguard apparently is complicated.
it changes the values constantly.

i not tryed findpattern to killcamon.

For KDRGuard or Unl. Respawns whatever it is just do this:

Look for IClientShell.Default

This patch NA:

Code:

___:3778DFFC                 dd 1, 376A36E8h, 75h dup(0)
___:3778E1D8                 dd offset off_376A36E0
___:3778E1DC                 dd 0FFFFFFFFh, 2 dup(0)
___:3778E1E8                 dd 718h, 0Eh dup(0)
___:3778E224                 dd 0B01F200h, 0
___:3778E22C                 dd offset off_37775DF8
___:3778E230                 dd 0
___:3778E234                 dd offset off_376A381C
___:3778E238                 dd 0B0324h, 1, 2020202h, 536E6957h, 206B636Fh, 302E32h
___:3778E238                 dd 3Dh dup(0)
___:3778E344                 dd 6E755200h, 676E696Eh, 21h dup(0)
___:3778E3D0                 dd 11270002h, 0E6F55D0h, 2 dup(0)
___:3778E3E0                 dd 8A0h, 0Ah dup(0)
___:3778E40C                 dd offset off_376A3814
___:3778E410                 dd 8A4h, 7D4h, 8B0h, 71Ch, 6 dup(0)
___:3778E438                 dd 1, 7 dup(0)
___:3778E458                 dd 0B027218h, 0
___:3778E460                 dd offset off_37680EA4
___:3778E464                 dd 20h, 2Ah dup(0)
___:3778E510                 dd 7, 2 dup(0)
___:3778E51C                 dd 1010001h, 1, 0
___:3778E528                 dd 1, 40h dup(0)
___:3778E62C                 dd 10000h, 2 dup(0)
___:3778E638                 dd 0B02F230h, 0Ah dup(0)
___:3778E664                 dd 0B02F5A0h, 0B02F6E0h, 0B02F760h, 41Eh dup(0)
___:3778F6E8                 dd 0B017130h, 4Dh dup(0)
___:3778F820                 dd 3000605h, 1A4h, 68h dup(0)
___:3778F9C8                 dd 2 dup(0FFFFFFFFh), 6 dup(0)
___:3778F9E8                 dd 7, 0
___:3778F9F0                 dd 3 dup(0FFFFFFFFh), 6 dup(0)
___:3778FA14                 dd 7, 0
___:3778FA1C off_3778FA1C    dd offset off_37775DF8  ; DATA XREF: ___:37679590o
___:3778FA20                 dd offset aIclientshell_d ; "IClientShell.Default"

Last Patch NA:

Code:

___:37787F48                 dd 1, 3769D990h, 75h dup(0)
___:37788124                 dd offset off_3769D988
___:37788128                 dd 0FFFFFFFFh, 2 dup(0)
___:37788134                 dd 7C0h, 0Eh dup(0)
___:37788170                 dd 89E43E8h, 0
___:37788178                 dd offset off_3776FD58
___:3778817C                 align 10h
___:37788180                 dd offset off_3769DAC4
___:37788184                 dd 700DEh, 1, 2020202h, 536E6957h, 206B636Fh, 302E32h
___:37788184                 dd 3Dh dup(0)
___:37788290                 dd 6E755200h, 676E696Eh, 21h dup(0)
___:3778831C                 dd 11270002h, 0E6F55D0h, 2 dup(0)
___:3778832C                 dd 90Ch, 0Ah dup(0)
___:37788358                 dd offset off_3769DABC
___:3778835C                 dd 91Ch, 370h, 928h, 5C8h, 6 dup(0)
___:37788384                 dd 1, 7 dup(0)
___:377883A4                 dd 89EC400h, 0
___:377883AC                 dd offset off_3767AEDC
___:377883B0                 dd 20h, 2Ah dup(0)
___:3778845C                 dd 7, 2 dup(0)
___:37788468 aHttpsWww_cap_0 db 'https://www.cap.vivo*****m/api2/',0
___:37788488                 dd 39h dup(0)
___:3778856C aSipConfctl2@_0 db 'sip:confctl-2@cap.vivo*****m',0
___:37788588                 dd 3Ah dup(0)
___:37788670                 dd 1010101h, 0
___:37788678                 dd 1, 40h dup(0)
___:3778877C                 dd 10000h, 2 dup(0)
___:37788788                 dd 89E1F58h, 0Ah dup(0)
___:377887B4                 dd 89F4550h, 89F4690h, 89F4710h, 40Ah dup(0)
___:377897E8                 dd 810FFC0h, 4Dh dup(0)
___:37789920                 dd 3000605h, 1A4h, 68h dup(0)
___:37789AC8                 dd 2 dup(0FFFFFFFFh), 6 dup(0)
___:37789AE8                 dd 7, 0
___:37789AF0                 dd 3 dup(0FFFFFFFFh), 6 dup(0)
___:37789B14                 dd 7, 0
___:37789B1C off_37789B1C    dd offset off_3776FD58  ; DATA XREF: ___:376734E0o
___:37789B20                 dd offset aIclientshell_d ; "IClientShell.Default"

**vingadormaster** · 05-26-2010

Originally Posted by Longevity

For KDRGuard or Unl. Respawns whatever it is just do this:

Look for IClientShell.Default

This patch NA:

Code:

___:3778DFFC                 dd 1, 376A36E8h, 75h dup(0)
___:3778E1D8                 dd offset off_376A36E0
___:3778E1DC                 dd 0FFFFFFFFh, 2 dup(0)
___:3778E1E8                 dd 718h, 0Eh dup(0)
___:3778E224                 dd 0B01F200h, 0
___:3778E22C                 dd offset off_37775DF8
___:3778E230                 dd 0
___:3778E234                 dd offset off_376A381C
___:3778E238                 dd 0B0324h, 1, 2020202h, 536E6957h, 206B636Fh, 302E32h
___:3778E238                 dd 3Dh dup(0)
___:3778E344                 dd 6E755200h, 676E696Eh, 21h dup(0)
___:3778E3D0                 dd 11270002h, 0E6F55D0h, 2 dup(0)
___:3778E3E0                 dd 8A0h, 0Ah dup(0)
___:3778E40C                 dd offset off_376A3814
___:3778E410                 dd 8A4h, 7D4h, 8B0h, 71Ch, 6 dup(0)
___:3778E438                 dd 1, 7 dup(0)
___:3778E458                 dd 0B027218h, 0
___:3778E460                 dd offset off_37680EA4
___:3778E464                 dd 20h, 2Ah dup(0)
___:3778E510                 dd 7, 2 dup(0)
___:3778E51C                 dd 1010001h, 1, 0
___:3778E528                 dd 1, 40h dup(0)
___:3778E62C                 dd 10000h, 2 dup(0)
___:3778E638                 dd 0B02F230h, 0Ah dup(0)
___:3778E664                 dd 0B02F5A0h, 0B02F6E0h, 0B02F760h, 41Eh dup(0)
___:3778F6E8                 dd 0B017130h, 4Dh dup(0)
___:3778F820                 dd 3000605h, 1A4h, 68h dup(0)
___:3778F9C8                 dd 2 dup(0FFFFFFFFh), 6 dup(0)
___:3778F9E8                 dd 7, 0
___:3778F9F0                 dd 3 dup(0FFFFFFFFh), 6 dup(0)
___:3778FA14                 dd 7, 0
___:3778FA1C off_3778FA1C    dd offset off_37775DF8  ; DATA XREF: ___:37679590o
___:3778FA20                 dd offset aIclientshell_d ; "IClientShell.Default"

Last Patch NA:

Code:

___:37787F48                 dd 1, 3769D990h, 75h dup(0)
___:37788124                 dd offset off_3769D988
___:37788128                 dd 0FFFFFFFFh, 2 dup(0)
___:37788134                 dd 7C0h, 0Eh dup(0)
___:37788170                 dd 89E43E8h, 0
___:37788178                 dd offset off_3776FD58
___:3778817C                 align 10h
___:37788180                 dd offset off_3769DAC4
___:37788184                 dd 700DEh, 1, 2020202h, 536E6957h, 206B636Fh, 302E32h
___:37788184                 dd 3Dh dup(0)
___:37788290                 dd 6E755200h, 676E696Eh, 21h dup(0)
___:3778831C                 dd 11270002h, 0E6F55D0h, 2 dup(0)
___:3778832C                 dd 90Ch, 0Ah dup(0)
___:37788358                 dd offset off_3769DABC
___:3778835C                 dd 91Ch, 370h, 928h, 5C8h, 6 dup(0)
___:37788384                 dd 1, 7 dup(0)
___:377883A4                 dd 89EC400h, 0
___:377883AC                 dd offset off_3767AEDC
___:377883B0                 dd 20h, 2Ah dup(0)
___:3778845C                 dd 7, 2 dup(0)
___:37788468 aHttpsWww_cap_0 db 'https://www.cap.vivo*****m/api2/',0
___:37788488                 dd 39h dup(0)
___:3778856C aSipConfctl2@_0 db 'sip:confctl-2@cap.vivo*****m',0
___:37788588                 dd 3Ah dup(0)
___:37788670                 dd 1010101h, 0
___:37788678                 dd 1, 40h dup(0)
___:3778877C                 dd 10000h, 2 dup(0)
___:37788788                 dd 89E1F58h, 0Ah dup(0)
___:377887B4                 dd 89F4550h, 89F4690h, 89F4710h, 40Ah dup(0)
___:377897E8                 dd 810FFC0h, 4Dh dup(0)
___:37789920                 dd 3000605h, 1A4h, 68h dup(0)
___:37789AC8                 dd 2 dup(0FFFFFFFFh), 6 dup(0)
___:37789AE8                 dd 7, 0
___:37789AF0                 dd 3 dup(0FFFFFFFFh), 6 dup(0)
___:37789B14                 dd 7, 0
___:37789B1C off_37789B1C    dd offset off_3776FD58  ; DATA XREF: ___:376734E0o
___:37789B20                 dd offset aIclientshell_d ; "IClientShell.Default"

thanks, but it not show in olly, I'll try to find idapro to test.

using ILocaleManager.Default and after Go to - Previus - Minus in olly apparently found.

Thread: Updated Addresses

Thread Tools

Display

Updated Addresses

The Following 20 Users Say Thank You to Synns For This Useful Post:

The Following 7 Users Say Thank You to Synns For This Useful Post:

The Following User Says Thank You to mmbob For This Useful Post:

The Following User Says Thank You to Synns For This Useful Post:

Similar Threads

Auto-Updating Addresses

[Release] Updated Addresses [CABR]

[RELEASE] - Updated Addresses

Updated Address's [2-13-08] Most Address's

Updated addresses for some hacks.