Some fun with the engine

**veryboreddd** · 04-03-2020

Sad to see this section so dead, maybe some others will come back for fun when they aren't busy.

Code:

typedef LTObject* HOBJECT;
typedef LTObject* HLOCALOBJ;

struct LTVector
{
	float x, y, z; //0x0, 0x4, 0x8
};

struct ClientData {
	float m_fLastUpdatePosTime;
	LTVector lastPos; 
	LTVector lastVel; //0x10
	HLOCALOBJ ltLineSystem; //0x1C
};

struct LTObject {
	char pad[0x98];
	UINT8 m_ColorR; //0x98
	UINT8 m_ColorG; //0x99
	UINT8 m_ColorB; //0x9A
	UINT8 m_ColorA; //0x9B
	char pad1[0x8]; //0x9C
	LTVector scale; //0xA4
	char pad2[0x38];
	LTVector pos; //0xE8
	char pad3[0x10]; //F4
	LTVector vel; //0x104
	char pad4[0x1C]; //0x110
	LTVector accel; //0x12C
	char pad5[0x24];//0x138
	LTObject *standingOn;//0x15C
	ClientData clientData;
};

struct WorldClientBsp {
	char pad[0x08];
	void ** worldData;
	UINT32 numModels;
};

struct ClientShell {
	char pad[0x64];
	UINT16 objId;
};

struct LTRecord
{
	unsigned char   m_nRecordType;
	void *          m_pRecordData;
};

struct ClientMgr {
	char pad[0x0B14];
	LTRecord * map_data;
	UINT32 m_ObjectMapSize; //0xB18
	char pad2[0x38]; //B1C
	ClientShell * pClientShell;//b54
};

struct ServerMgr {
	char pad[0x738];
	LTRecord * map_data;
	UINT32 m_ObjectMapSize;
};

struct Canvas {
	char pad[0x218];
	float radius;
};

Code:

DWORD pClientshell = 0x116ABD4;
DWORD g_pServerMgr = 0x0116BB0C;

ClientMgr * pClientmgr = (ClientMgr*)(*(DWORD*)pClientshell);
ServerMgr * pServerMgr = (ServerMgr*)(*(DWORD*)g_pServerMgr);

Loop through client models:

Code:

LTObject * mPlayer = (LTObject*)pClientmgr->map_data[pClientmgr->pClientShell->objId].m_pRecordData;

				for (UINT16 id = 0; id < pClientmgr->m_ObjectMapSize; id++) {
					if (pClientmgr->map_data[id].m_nRecordType) {
						LTObject * pPlayer = (LTObject*)pClientmgr->map_data[id].m_pRecordData;

						if (pPlayer) {
							printf("Pos: %.2f %.2f %.2f \n", pPlayer->pos.x, pPlayer->pos.y, pPlayer->pos.z);
							pPlayer->m_ColorB = 0x0;
							pPlayer->m_ColorR = 0x0;
							pPlayer->m_ColorA = 0xFF;
							pPlayer->scale.x = f_scale;
							pPlayer->scale.y = f_scale;
							pPlayer->scale.z = f_scale;

						}
					}
				}

Loop server models:

Code:

for (UINT16 uId = 0; uId < pServerMgr->m_ObjectMapSize; uId++) {
					if (pServerMgr->map_data->m_nRecordType) {
						LTObject * pServerObj = (LTObject*)pServerMgr->map_data[uId].m_pRecordData;

						if (pServerObj) {
							//Do Stuff
						}
					}
				}

Example setting the players scale:
https://gyazo.com/02e9a149bb1634f083e00e44f3741e9b

**panda9510** · 04-03-2020

Dude Can u help me ? i just need
bypass 28_5

**jayjay153** · 04-03-2020

Code:

auto pClient = P::get()->g_pLTClientShell->GetPlayerMgr();
if (pClient != NULL)
{
	auto pModel = pClient->GetMoveMgr();
	if (pModel != NULL)
	{
		if (pModel->IsModel())
		{
			for (UINT16 uId = 0; uId < pServerMgr->m_ObjectMapSize; uId++)
			{
				if (pServerMgr->map_data[uId].m_nRecordType)
				{
					//LTObjects* pPlayer = (LTObjects*)pServerMgr->map_data[uId].m_pRecordData;

					//if (pPlayer) {
					//	printf("Pos: %.2f %.2f %.2f \n", pPlayer->pos.x, pPlayer->pos.y, pPlayer->pos.z);
					//	pPlayer->m_ColorR = 0xFF;
					//	pPlayer->m_ColorG = 0x0;
					//	pPlayer->m_ColorB = 0x0;
					//	pPlayer->m_ColorA = 0xFF;
					//	/*pPlayer->scale.x = f_scale;
					//	pPlayer->scale.y = f_scale;
					//	pPlayer->scale.z = f_scale;*/
					//}

					ModelInstance* pServerObj = (ModelInstance*)pServerMgr->map_data[uId].m_pRecordData;

					if (pServerObj)
					{
						if (pServerObj == P::get()->g_pLTClientShell->GetModelInstance(P::get()->g_pLTClientShell->GetLocalPlayerId()))
							continue;

						auto POS = pServerObj->GetPos();
						D3DXVECTOR3 ScreenPos = D3DXVECTOR3(0, 0, 0);
						if (Cheat::Utilities->WTS(POS, &ScreenPos))
						{
							if (pServerObj->ObjectType() == 1)
							{
								pServerObj->SetPos(pModel->GetPos()); //send error report ??????????

								/*ImVec2 Coord = U::GetCoordinate(Vars.ESP.Weapon.Lines.type);
								Graphics::Render->Line(Coord.x, Coord.y,
									ScreenPos.x,
									ScreenPos.y,
									Red);*/
							}
						}
					}
				}
			}
		}
	}
}

**veryboreddd** · 04-04-2020

Originally Posted by jayjay153

Code:

auto pClient = P::get()->g_pLTClientShell->GetPlayerMgr();
if (pClient != NULL)
{
	auto pModel = pClient->GetMoveMgr();
	if (pModel != NULL)
	{
		if (pModel->IsModel())
		{
			for (UINT16 uId = 0; uId < pServerMgr->m_ObjectMapSize; uId++)
			{
				if (pServerMgr->map_data[uId].m_nRecordType)
				{
					//LTObjects* pPlayer = (LTObjects*)pServerMgr->map_data[uId].m_pRecordData;

					//if (pPlayer) {
					//	printf("Pos: %.2f %.2f %.2f \n", pPlayer->pos.x, pPlayer->pos.y, pPlayer->pos.z);
					//	pPlayer->m_ColorR = 0xFF;
					//	pPlayer->m_ColorG = 0x0;
					//	pPlayer->m_ColorB = 0x0;
					//	pPlayer->m_ColorA = 0xFF;
					//	/*pPlayer->scale.x = f_scale;
					//	pPlayer->scale.y = f_scale;
					//	pPlayer->scale.z = f_scale;*/
					//}

					ModelInstance* pServerObj = (ModelInstance*)pServerMgr->map_data[uId].m_pRecordData;

					if (pServerObj)
					{
						if (pServerObj == P::get()->g_pLTClientShell->GetModelInstance(P::get()->g_pLTClientShell->GetLocalPlayerId()))
							continue;

						auto POS = pServerObj->GetPos();
						D3DXVECTOR3 ScreenPos = D3DXVECTOR3(0, 0, 0);
						if (Cheat::Utilities->WTS(POS, &ScreenPos))
						{
							if (pServerObj->ObjectType() == 1)
							{
								pServerObj->SetPos(pModel->GetPos()); //send error report ??????????

								/*ImVec2 Coord = U::GetCoordinate(Vars.ESP.Weapon.Lines.type);
								Graphics::Render->Line(Coord.x, Coord.y,
									ScreenPos.x,
									ScreenPos.y,
									Red);*/
							}
						}
					}
				}
			}
		}
	}
}

Use the client loop to accomplish this; just visual though.

**jayjay153** · 04-04-2020

Code:

this way better i think

class Link : public IBase
{
public:
    Link* m_pPrev, *m_pNext;
    void* m_pData;
};

class List
{
public:
    unsigned long m_nElements;
    Link m_Head;
};

class ObjectMgr : public WorldTreeHelper, public singleton<ObjectMgr>
{
public:
    char pad_0000[612]; //0x0264
    List m_ObjectLists[NUM_OBJECTTYPES];
public:

**TheGe2k** · 04-04-2020

This section isn't poor, If everyone share him codes .. codes will be detected and everyone can make hack and forum will be "Leechers" section not CrossFire Source coding section.

**veryboreddd** · 04-04-2020

That's true, and @jayjay153 yeah that works well too. You can also just call findobjclient and findobjserver -

Code:

typedef LTObject* (__thiscall * pFindObject)(UINT16 id);

**jayjay153** · 04-04-2020

Code:

\x55\x8B\xEC\x51\x89\x4D\xFC\x0F\xB7\x45\x08\x8B\x4D\xFC\x3B\x81\x00\x00\x00\x00\x73\x29\x0F\xB7\x55\x08\x8B\x45\xFC\x8B\x88\x00\x00\x00\x00\x0F\xB6\x14\xD1

**96neko** · 04-05-2020

since this game is dead ass already i think it's time to post something fun too , just figure out what it does and how you can make it work , @jayjay153 since you have reversed the engine i think you can figure it out fast , if you successfully manage to make it work post a feedback

, @veryboreddd maybe interesting too ?

Code:

CAutoMessage cMsg;
cMsg.Writeuint8(MID_PLAYER_CLIENTMSG);//MID
cMsg.Writeuint8(CP_DAMAGE);//MSG ID
cMsg.Writeuint8(DT_CRUSH);//DMG TYPE
cMsg.Writefloat(fDamage);//DMG AMOUNT
cMsg.Writeuint8(0);//eat da booty
cMsg.WriteObject(g_pLTClient->GetClientObject());//enemy object
g_pLTClient->SendToServer(cMsg.Read(), MESSAGE_GUARANTEED);

**jayjay153** · 04-05-2020

interesting

**vaisefud3** · 04-05-2020

Originally Posted by 96neko

since this game is dead ass already i think it's time to post something fun too , just figure out what it does and how you can make it work , @jayjay153 since you have reversed the engine i think you can figure it out fast , if you successfully manage to make it work post a feedback

, @veryboreddd maybe interesting too ?

Code:

CAutoMessage cMsg;
cMsg.Writeuint8(MID_PLAYER_CLIENTMSG);//MID
cMsg.Writeuint8(CP_DAMAGE);//MSG ID
cMsg.Writeuint8(DT_CRUSH);//DMG TYPE
cMsg.Writefloat(fDamage);//DMG AMOUNT
cMsg.Writeuint8(0);//eat da booty
cMsg.WriteObject(g_pLTClient->GetClientObject());//enemy object
g_pLTClient->SendToServer(cMsg.Read(), MESSAGE_GUARANTEED);

Damn xD, I'm almost downloading this game again to try this out

**96neko** · 04-05-2020

Originally Posted by vaisefud3

Damn xD, I'm almost downloading this game again to try this out

let's see who figure out how to make it work : you , dyon or jayjay who will be first?

**magicbloodxdddd** · 04-05-2020

nice thats goodss

**jayjay153** · 04-05-2020

Originally Posted by 96neko

let's see who figure out how to make it work : you , dyon or jayjay who will be first?

i tried but nothing's happened

**vaisefud3** · 04-05-2020

Originally Posted by 96neko

let's see who figure out how to make it work : you , dyon or jayjay who will be first?

Aight, challenge taken, gonna download it and update my stuff

Thread: Some fun with the engine

Thread Tools

Display

Some fun with the engine

The Following User Says Thank You to veryboreddd For This Useful Post:

help

The Following User Says Thank You to 96neko For This Useful Post:

n

The Following User Says Thank You to jayjay153 For This Useful Post:

The Following User Says Thank You to vaisefud3 For This Useful Post:

Similar Threads

Is there any way/command to disable some guns with the console?

[ help with the engine.exe ]

I Need some help with the hacks..

RE: Combat Arms; Having Fun With The M32

Have Fun with the Command Prompt.