Some Functions + Addy (MGAME)

**schaapjes** · 12-16-2011

Everything I post is asm, I also had the mem for everything except for anti afk and opk, but I lost them >.<

Addresses:

Code:

#define MEM_STAMINA			0x00C35FFC
#define MEM_GODMODE			0x00C32948//int
#define MEM_SPEED			0x00C1CB68//float
#define MEM_POSX			0x00C1BFD4//float
#define MEM_POSY			0x00C1BFD8//float
#define MEM_POSZ			0x00C1BFDC//float
#define MEM_GRAVITYX		0x00C1BFE4//float
#define MEM_GRAVITYY		0x00C1BFE8//float
#define MEM_GRAVITYZ		0x00C1BFEC//float
#define ADR_STAMINA1		0x00483EF0
#define ADR_STAMINA2		0x00483EF5
#define ADR_ANTIAFK			0x006382AD
#define ADR_OPKX			0x00461970
#define ADR_OPKY			0x0046197A
#define ADR_OPKZ			0x00461980
#define ADR_CODECAVEOPK	    0x00702000
#define MEM_OPKCCPOSX		0x00701000// use for the position you want the players to teleport to(x)
#define MEM_OPKCCPOSY		0x00701004// use for the position you want the players to teleport to(y)
#define MEM_OPKCCPOSZ		0x00701008// use for the position you want the players to teleport to(z)
#define ADR_BACK2LOBBY		0x00405C5E
#define ADR_NORELOAD		0x0048C6C7
#define ADR_WEAPONSWITCH	0x00535F9A
#define ADR_GUNMODE1		0x004893F6//primary gun
#define ADR_GUNMODE2		0x0048C0D7//secondary+grenades 
#define ADR_QUICKDRAW1		0x00536383
#define ADR_QUICKDRAW2		0x0053661B
#define ADR_NODELAY			0x0049128B
#define MEM_NODELAY			0x00A199E0//0

Stamina:

Code:

if(item.stamina==1)
		{
			ctool->WriteAsm((void*)ADR_STAMINA1,(LPBYTE)"\x83\x3F\x32",3);
			ctool->WriteAsm((void*)ADR_STAMINA2,(LPBYTE)"\xC7\x07\x4B\x00\x00\x00",6);
		}
		else
		{
			ctool->WriteAsm((void*)ADR_STAMINA1,(LPBYTE)"\x83\x3F\x01",3);
			ctool->WriteAsm((void*)ADR_STAMINA2,(LPBYTE)"\xC7\x07\x01\x00\x00\x00",6);
		}

Anti Afk:

Code:

if(item.antiafk==1)
		{
			ctool->WriteAsm((void*)ADR_ANTIAFK,(LPBYTE)"\x90",1);
		}
		else
		{
			ctool->WriteAsm((void*)ADR_ANTIAFK,(LPBYTE)"\xC3",1);
		}

No Delay:

Code:

if(item.nodelay==1){
	ctool->WriteAsm((void*)ADR_NODELAY,(LPBYTE)"\xC7\x80\x40\x02\x00\x00\x00\x00\x00\x00\x90\x90\x90\x90\x90\x90",16);//mov [eax+00000240],00000000	+ nop 6x
}else{
	ctool->WriteAsm((void*)ADR_NODELAY,(LPBYTE)"\x74\x05\x8B\x51\x08\xEB\x03\x8B\x51\x04\x89\x90\x40\x02\x00\x00",16);
}

Quick Draw:

Code:

if(item.quickdraw==1){
	ctool->WriteAsm((void*)ADR_QUICKDRAW1,(LPBYTE)"\x0F\x8D\x84\x00\x00\x00",6);//zoom in
	ctool->WriteAsm((void*)ADR_QUICKDRAW2,(LPBYTE)"\x0F\x8D\x85\x00\x00\x00",6);//zoom out
}else{
	ctool->WriteAsm((void*)ADR_QUICKDRAW1,(LPBYTE)"\x0F\x8E\x84\x00\x00\x00",6);
	ctool->WriteAsm((void*)ADR_QUICKDRAW2,(LPBYTE)"\x0F\x8E\x85\x00\x00\x00",6);
}

Gun Mode(1 shot, 2shots, 3 shots, automatic):

Code:

if(item.gunmode==1){
if(item.gunmode1==1){	ctool->WriteAsm((void*)ADR_GUNMODE1,(LPBYTE)"\xBA\x01\x00\x00\x00\x90\x90\x90\x90",9);}//1 shot primary weapon
if(item.gunmode1==2){	ctool->WriteAsm((void*)ADR_GUNMODE1,(LPBYTE)"\xBA\x02\x00\x00\x00\x90\x90\x90\x90",9);}//2 shots primary weapon
if(item.gunmode1==2){	ctool->WriteAsm((void*)ADR_GUNMODE1,(LPBYTE)"\xBA\x03\x00\x00\x00\x90\x90\x90\x90",9);}//3 shots primary weapon
if(item.gunmode1==2){	ctool->WriteAsm((void*)ADR_GUNMODE1,(LPBYTE)"\xBA\x04\x00\x00\x00\x90\x90\x90\x90",9);}//automatic primary weapon
if(item.gunmode1==0){	ctool->WriteAsm((void*)ADR_GUNMODE1,(LPBYTE)"\x89\x86\xD4\x22\x00\x00\x8B\x51\x0C",9);}//off primary weapon
if(item.gunmode2==1){	ctool->WriteAsm((void*)ADR_GUNMODE2,(LPBYTE)"\xBA\x01\x00\x00\x00\x90\x90\x90\x90",9);}//1 shot secondary weapon
if(item.gunmode2==2){	ctool->WriteAsm((void*)ADR_GUNMODE2,(LPBYTE)"\xBA\x02\x00\x00\x00\x90\x90\x90\x90",9);}//2 shots secondary weapon
if(item.gunmode2==2){	ctool->WriteAsm((void*)ADR_GUNMODE2,(LPBYTE)"\xBA\x03\x00\x00\x00\x90\x90\x90\x90",9);}//3 shots secondary weapon
if(item.gunmode2==2){	ctool->WriteAsm((void*)ADR_GUNMODE2,(LPBYTE)"\xBA\x04\x00\x00\x00\x90\x90\x90\x90",9);}//automatic secondary weapon
if(item.gunmode2==0){	ctool->WriteAsm((void*)ADR_GUNMODE2,(LPBYTE)"\x8B\x87\xD0\x11\x00\x00\x8B\x48\x0C",9);}//off secondary weapon
}
else
{
	ctool->WriteAsm((void*)ADR_GUNMODE1,(LPBYTE)"\x89\x86\xD4\x22\x00\x00\x8B\x51\x0C",9);//off
	ctool->WriteAsm((void*)ADR_GUNMODE2,(LPBYTE)"\x8B\x87\xD0\x11\x00\x00\x8B\x48\x0C",9);//off
}

No Reload:

Code:

if(item.noreload==1)
{
	ctool->WriteAsm((void*)ADR_NORELOAD,(LPBYTE)"\x90\x90",2);
}
else
{
	ctool->WriteAsm((void*)ADR_NORELOAD,(LPBYTE)"\x89\x11",2);
}

Weapon Switch:

Code:

if(item.weapswitch==1)
{
	ctool->WriteAsm((void*)ADR_WEAPONSWITCH,(LPBYTE)"\xB8\x64\x00\x00\x00\x90",6);
}
else
{
	ctool->WriteAsm((void*)ADR_WEAPONSWITCH,(LPBYTE)"\x8B\x86\x1C\x02\x00\x00",6);
}

Back To Lobby:

Code:

if(item.b2l==1)
{
	ctool->WriteAsm((void*)ADR_BACK2LOBBY,(LPBYTE)"\x90\x90",2);
	int b2l=0;
}
if(item.b2l==0)
{
	ctool->WriteAsm((void*)ADR_BACK2LOBBY,(LPBYTE)"\x75\x09",2);
}

Opk Bytes:

Code:

BYTE OPKJUMPTOCODECAVE [] = {0xE9,0x8B,0x06,0x2A,0x00};//jmp to 702000
BYTE OPKCODECAVECODE   [] = {0xA1,0x04,0x10,0x70,0x00,0x81,0xC2,0xD8,0x00,0x00,0x00,0x89,0x02,0x8B,0x0D,0x08,0x10,0x70,0x00,0x89,0x4A,0x04,0xA1,0x00,0x10,0x70,0x00,0xE9,0x63,0xF9,0xD5,0xFF};//opk code
BYTE OPKOFF			   [] = {0x8B,0x07,0x81,0xC2,0xD8,0x00,0x00,0x00};// off

Opk Source:

Code:

if(item.opk==1){
		*(float*)MEM_OPKCCPOSX = (*(float*)MEM_POSX)+100.0f;
		*(float*)MEM_OPKCCPOSY = (*(float*)MEM_POSY)-50.0f;
		*(float*)MEM_OPKCCPOSZ = (*(float*)MEM_POSZ)-50.0f;
		ctool->WriteAsm((void*)ADR_OPKX,OPKJUMPTOCODECAVE,5);
		ctool->WriteAsm((void*)ADR_CODECAVEOPK,OPKCODECAVECODE,32);
		}
		else
		{
		ctool->WriteAsm((void*)ADR_OPKX,OPKOFF,8);
		}

Opk Screen:

Credits:
Me
Cheat Engines
Ollydgb
Ida pro

**schaapjes** · 12-23-2011

I dont know how to edit the post...
The addy's are outdated, I'm currently updating them

**zhaoyun333** · 12-29-2011

Whats back to lobby?

**schaapjes** · 01-01-2012

When you turn it on you will go back to lobby..

**zhaoyun333** · 01-01-2012

Why not just exit game? o.O

Oh btw I used some of your code in my latest release and I'd like to thank you for that!

PM me if you would like to be interested in working with me in the future.

**schaapjes** · 01-03-2012

Well it could be usefull if you make a bot, and it's faster if you make with hotkey..I made warrock hacks, and back 2 lobby was usefull if a gm is watching you

No problem ^^
Uhmm... I'm not very active anymore, sometimes I search things but not often..

**zhaoyun333** · 01-03-2012

I haven't been very active either but I'm been trying to port my hack to the EU version and also been trying to make my hacks as self updating as possible. Using some segments of your code I was able to use code signatrues to make all the asembly functions autosearch the addy thus autoupdating.

For MGAME do you have a working D3D hack? or is it all hotkeys?

**schaapjes** · 01-04-2012

Oh Ok well, if I got MGAME working without crash and ban then I will share it with you

But for now I haven't found an antiban witch you also can kill.....
I got everything working but the banning part is annoying, I have like 35 banned account >.<

But I suggest that netgame isn't using an anticheat yet?

**zhaoyun333** · 01-04-2012

MGAME uses GameGuard which is too hardcore of an anticheat =( I need to find a better VPN cuz all the VPN's i use don't work for gaming. When I connect from Canada i just get banned D=.

Netgame uses APR which is a piece of trash. I use Cheat Engine on it and attach debuggers all the time. It is good practice for find addies and then porting them over to MGAME.

Does MGAME detect assembly hacks? And also D3D hacks?

**schaapjes** · 01-04-2012

I don't think MGAME uses GameGuard I've deleted gameguard folder.. nothing hapened. I checked what operation7.exe in Mgame file:
Apr_Show.dll
dbghelp.dll
fmodex.dll
d3dx9_33.dll

I disabled Apr_Show.dll, and still it detects when I changed bytes, so the detection must be in operation7

**zhaoyun333** · 01-05-2012

Really o.O Fake gameguard to scare people xD
Guess we need to work on a bypass ;P

**schaapjes** · 01-07-2012

Uhu

I still trying to make bypass, still some crashes :-[
I'm not that good with bypassing things

**wirdskins** · 01-08-2012

Big thanks for the opk hack, i can use it in my private aimbot !

**R3dLine** · 01-16-2012

@schaapjes the addies still UD buddy or ?

**schaapjes** · 01-16-2012

No those aren't UD anymore, I have updated some:
#define MEM_STAMINA 0x00C35FFC//updated
#define MEM_GODMODE 0x00C32928//int
#define MEM_SPEED 0x00C1CB28//float up
#define MEM_POSX 0x00C1BF98//float up
#define MEM_POSY 0x00C1BF9C//float up
#define MEM_POSZ 0x00C1BFA0//float up
#define MEM_YAW 0x00C1BFB0//float
#define MEM_PITCH 0x00C1BFB4//float
#define MEM_GRAVITYX 0x00C1BFA4//float up
#define MEM_GRAVITYY 0x00C1BFA8//float up
#define MEM_GRAVITYZ 0x00C1BFAC//float up
#define ADR_STAMINA1 0x00484680//updated
#define ADR_STAMINA2 0x00484685//updated
#define ADR_ANTIAFK 0x0063925D//updated
#define ADR_OPKX 0x004620D0//updated
#define ADR_OPKY 0x004620DA//updated
#define ADR_OPKZ 0x004620E0//updated
#define ADR_CODECAVEOPK 0x00702000
#define MEM_OPKCCPOSX 0x00701000// use for the position you want the players to teleport to(x)
#define MEM_OPKCCPOSY 0x00701004// use for the position you want the players to teleport to(y)
#define MEM_OPKCCPOSZ 0x00701008// use for the position you want the players to teleport to(z)
#define ADR_BACK2LOBBY 0x00405C4E//updated
#define ADR_NORELOAD 0x0048D4F7//updated
#define ADR_WEAPONSWITCH 0x0053631A//updated
#define ADR_GUNMODE1 0x00489C16//primary gun updated+byte
#define ADR_GUNMODE2 0x0048C9D7//secondary+grenades updated
#define ADR_QUICKDRAW1 0x00536703//updated
#define ADR_QUICKDRAW2 0x0053699B//updated
#define ADR_NODELAY 0x00491B8B//updated
#define MEM_USERNAME 0x0070B674//updated
#define MEM_NICKNAME 0x00C3FE34//updated
#define MEM_VERSION 0x006DC340//updated

Some bytes changed
for opk:
00702000 - A1 00107000 - mov eax,[00701000]
00702005 - 81 C2 D8000000 - add edx,000000D8
0070200B - 89 02 - mov [edx],eax
0070200D - 8B 0D 04107000 - mov ecx,[00701004]
00702013 - 89 4A 04 - mov [edx+04],ecx
00702016 - A1 08107000 - mov eax,[00701008]
0070201B - E9 C300D6FF - jmp 004620E3

004620D0 - E9 2BFF2900 - jmp 00702000

BYTE OPKJUMPTOCODECAVE [] = {0xE9,0x2B,0xFF,0x29,0x00};//jmp to 702000
BYTE OPKCODECAVECODE [] = {0xA1,0x00,0x10,0x70,0x00,0x81,0xC2,0xD8,0x00,0x00 ,0x00,0x89,0x02,0x8B,0x0D,0x04,0x10,0x70,0x00,0x89 ,0x4A,0x04,0xA1,0x08,0x10,0x70,0x00,0xE9,0xC3,0x00 ,0xD6,0xFF};//opk code
BYTE OPKOFF [] = {0x8B,0x07,0x81,0xC2,0xD8,0x00,0x00,0x00};//

some return addresses
0x52E1C6 head
0x52E265 body
0x4A6CC1 sky
0x480648 bomb

Off is making OPKX not jumping but restore it to orginal

Thread: Some Functions + Addy (MGAME)

Thread Tools

Display

Some Functions + Addy (MGAME)

The Following 3 Users Say Thank You to schaapjes For This Useful Post:

The Following User Says Thank You to schaapjes For This Useful Post:

Similar Threads

[SOLVED] [HELP] Little Server Tool - some functions not available

[Tut] Some Functions for D3D

Some new addies

Some NEW Addies

Some Extra Addies