how to get this addres

**antierror** · 01-22-2021

hello guys how to get this address in IDA Pro

#define aLTClientShell
#define aLTModel 0
#define dwCPlayerStart
#define dwCPlayerSize
#define MEOffset
#define aIntersectSegment

**MemoryThePast** · 01-22-2021

try debugging or reversing in ida? btw which cf x32 or x64? i have a pattern here

**vaisefud3** · 01-22-2021

Originally Posted by MemoryThePast

try debugging or reversing in ida? btw which cf x32 or x64? i have a pattern here

If you don't mind, just tell me this, was tp patched for good now?

**MemoryThePast** · 01-22-2021

Originally Posted by vaisefud3

If you don't mind, just tell me this, was tp patched for good now?

Removed...

**vaisefud3** · 01-22-2021

Originally Posted by MemoryThePast

you mean TP = Teleport? yes its already patched last year and it cause client error 1_6 which server side compared to the original speed time in server? maybe? idk but there is a trick of it when you use ping hack and send a 1000+ms it don't cause error same as 14_0 of fast knife

o.O that's some good info, thanks! I've bypassed speedknife and I'll try to implement this 'trick'

**antierror** · 01-23-2021

Originally Posted by MemoryThePast

try debugging or reversing in ida? btw which cf x32 or x64? i have a pattern here

I do not know how to search for it. I wrote the text and nothing appeared

**MemoryThePast** · 01-23-2021

Originally Posted by antierror

I do not know how to search for it. I wrote the text and nothing appeared

bruhhh those thing doesn't have string XD

here is the pattern

Code:

NetVars::get()->Pointer.m_LTClientShell = NetVarManager::get()->GetOffset(xorstr_(_T("m_LTClientShell")), eCShell, (BYTE*)"\x8B\x0D\x00\x00\x00\x00\x3A\xC3\x6A\x00\x68\x00\x00\x00\x00\x8D\x45\xEC", "xx????xxxxx????xxx", 2);
NetVars::get()->Pointer.m_LTModel = NetVarManager::get()->GetOffset(xorstr_(_T("m_LTModel")), eCShell, (BYTE*)"\x8B\x0D\x00\x00\x00\x00\x50\xFF\x56\x00\x85\xC0\x75\x70", "xx????xxx?xxxx", 2);
NetVars::get()->Offset.m_PlayerStart = NetVarManager::get()->GetOffset(xorstr_(_T("m_PlayerStart")), eCShell, (BYTE*)"\x0F\xB6\x86\xFC\x01\x00\x00\x69\xC0\x00\x00\x00\x00\x8A\x84\x30\x04\x02\x00\x00", "xxxxxxxxx????xxxxxxx", 3);
NetVars::get()->Offset.m_PlayerSize = NetVarManager::get()->GetOffset(xorstr_(_T("m_PlayerSize")), eCShell, (BYTE*)"\x69\xC0\x00\x00\x00\x00\x8A\x84\x30\x04\x02\x00\x00\x5E", "xx????xxxxxxxx", 2);
NetVars::get()->Offset.m_LocalIndex = NetVarManager::get()->GetOffset(xorstr_(_T("m_LocalIndex")), eCShell, (BYTE*)"\x8A\x84\x30\x04\x02\x00\x00\x5E", "xxxxxxxx", 3);
NetVars::get()->Expression.m_IntersectSegmentVT = NetVarManager::get()->GetAddress(xorstr_(_T("m_IntersectSegmentVT")), eCF, (BYTE*)"\x55\x8B\xEC\x8B\x45\x0C\x50\x8B\x4D\x08\x51\x8B\x15\x00\x00\x00\x00", "xxxxxxxxxxxxx????");

**ronoazoro1231** · 01-23-2021

If you're reversing 64bit version you can simply search string "ILTClient.Default" then look for the second xref.

The BaseAddress on my screenshot is the Address you're looking for then you can use reclass to find the class instances under the BaseAddress.

#define dwCPlayerStart
#define dwCPlayerSize
#define MEOffset

These offsets are under CLTClientShell which can be found under the BaseAddress to get the dwCPlayerSize you can just subtract the next Player's ModelInstance to the first ModelInstance in the CLTClientShell. The dwCPlayerStart would be obviously the first ModelInstance in the CLTClientShell. The MeOffset is the offset above the ModelInstance.

The aIntersectSegment is a virtual function you can just call it without hard-coding the address simply walk the ICLTClient vtable and use the correct vtable index.

**antierror** · 01-23-2021

Originally Posted by MemoryThePast

bruhhh those thing doesn't have string XD

here is the pattern

Code:

NetVars::get()->Pointer.m_LTClientShell = NetVarManager::get()->GetOffset(xorstr_(_T("m_LTClientShell")), eCShell, (BYTE*)"\x8B\x0D\x00\x00\x00\x00\x3A\xC3\x6A\x00\x68\x00\x00\x00\x00\x8D\x45\xEC", "xx????xxxxx????xxx", 2);
NetVars::get()->Pointer.m_LTModel = NetVarManager::get()->GetOffset(xorstr_(_T("m_LTModel")), eCShell, (BYTE*)"\x8B\x0D\x00\x00\x00\x00\x50\xFF\x56\x00\x85\xC0\x75\x70", "xx????xxx?xxxx", 2);
NetVars::get()->Offset.m_PlayerStart = NetVarManager::get()->GetOffset(xorstr_(_T("m_PlayerStart")), eCShell, (BYTE*)"\x0F\xB6\x86\xFC\x01\x00\x00\x69\xC0\x00\x00\x00\x00\x8A\x84\x30\x04\x02\x00\x00", "xxxxxxxxx????xxxxxxx", 3);
NetVars::get()->Offset.m_PlayerSize = NetVarManager::get()->GetOffset(xorstr_(_T("m_PlayerSize")), eCShell, (BYTE*)"\x69\xC0\x00\x00\x00\x00\x8A\x84\x30\x04\x02\x00\x00\x5E", "xx????xxxxxxxx", 2);
NetVars::get()->Offset.m_LocalIndex = NetVarManager::get()->GetOffset(xorstr_(_T("m_LocalIndex")), eCShell, (BYTE*)"\x8A\x84\x30\x04\x02\x00\x00\x5E", "xxxxxxxx", 3);
NetVars::get()->Expression.m_IntersectSegmentVT = NetVarManager::get()->GetAddress(xorstr_(_T("m_IntersectSegmentVT")), eCF, (BYTE*)"\x55\x8B\xEC\x8B\x45\x0C\x50\x8B\x4D\x08\x51\x8B\x15\x00\x00\x00\x00", "xxxxxxxxxxxxx????");

u can make tutorial how to find this

**Anger5K** · 01-23-2021

Originally Posted by MemoryThePast

you mean TP = Teleport? yes its already patched last year and it cause client error 1_6 which server side compared to the original speed time in server? maybe? idk but there is a trick of it when you use ping hack and send a 1000+ms it don't cause error same as 14_0 of fast knife

Teleport is already closed in 1 month in cf west 20_0 become not working for west

about fast knive have As such, there is a way that does not cause 14_0
and bypass 14_0 is already shared

- - - Updated - - -

Originally Posted by antierror

hello guys how to get this address in IDA Pro

#define aLTClientShell
#define aLTModel 0
#define dwCPlayerStart
#define dwCPlayerSize
#define MEOffset
#define aIntersectSegment

Code:

LTClientShell = 8B 0D ?? ?? ?? ?? 3A C3 6A ?? 68 ?? ?? ?? ?? 8D 45 EB + 0x2
aLTModel = 8B 0D ?? ?? ?? ?? 50 FF 56 34 85 C0 75 70
aIntersectSegment = 5D C3 CC CC CC CC CC CC CC CC CC CC CC CC CC 55 8B EC 8B 45 0C 50 8B 4D 08 + 0xF

about

Code:

#define dwCPlayerStart
#define dwCPlayerSize
#define MEOffset

it's all update same not changed

Click Alt + B and add it's pattern you get address
after get that open Hex Calculator and past address
see up in ida iambase: copy that and Shortage address

i want in lord you understand

Enjoy

**antierror** · 01-23-2021

Thank you very much, anger, I got the addresses

**Anger5K** · 01-23-2021

thanks lord for your understand

**iamat123456** · 01-23-2021

Originally Posted by vaisefud3

If you don't mind, just tell me this, was tp patched for good now?

you can still teleport when you are dead state

, but not so useful now. looks like server side compare your last and current position now

Originally Posted by Anger5K

As such, there is a way that does not cause 14_0
and bypass 14_0 is already shared

is it an address to bypass 14_0? and where can i find if it is?

Thread: how to get this addres

Thread Tools

Display

how to get this addres

The Following User Says Thank You to Anger5K For This Useful Post:

Similar Threads

how to get this

[Request] How to get this FoV ?

How to get this stuff?

How to get this hack working for vista (32 and 64) and windows 7

how you get this gun