Results 1 to 15 of 15
  1. #1
    hoschi111's Avatar
    Join Date
    Aug 2007
    Gender
    male
    Location
    127.0.0.1
    Posts
    59
    Reputation
    10
    Thanks
    98
    My Mood
    Amazed

    On whom I aim?

    I guess this address is useless for u if you are working with classes/structs, but anyway, here is what i've just found.

    Host required?
    -No
    Private or Public Match?
    -Both

    Address:
    Code:
    iw5mp.exe+64C918 (0x00A4C918)
    What does it return as Integer?
    -> The PlayerID of the Player you are aiming at (Enemy & Friend)
    -> 0 if you are flashed
    -> 0 if you are dead

    What can i do with that address?
    As example, you could parse which ID is returned to read the PlayerName, Health, Ammo ... for an overlay.
    Hint: Every PlayerName, Health has it's own Address.
    (Example: PlayerName for Player 6: 0x01D1606C + 0x1600 (Old address (1.9.433) + updatevalue (1.9.441))

    Have Fun,
    ~ hoschi111

    Aaaand: Please apologize my english. I'm not a native english speaker
    Last edited by hoschi111; 08-23-2012 at 05:33 PM.

  2. The Following 4 Users Say Thank You to hoschi111 For This Useful Post:

    inmate (08-25-2012),rawr im a tiger (08-24-2012),rileyjstrickland (08-26-2012),stevonator (08-30-2012)

  3. #2
    rawr im a tiger's Avatar
    Join Date
    Feb 2012
    Gender
    male
    Location
    On the edge of Sanity
    Posts
    238
    Reputation
    40
    Thanks
    1,041
    My Mood
    Angelic
    Might use this for a name stealing aimbot :3

  4. #3
    hoschi111's Avatar
    Join Date
    Aug 2007
    Gender
    male
    Location
    127.0.0.1
    Posts
    59
    Reputation
    10
    Thanks
    98
    My Mood
    Amazed
    Yeah you are right. This is a wonderful idea. Maybe someone will release an external hack with that.

  5. #4
          ( ° ͜ʖ͡°)╭∩╮
    Former Staff
    MarkHC's Avatar
    Join Date
    Nov 2011
    Gender
    male
    Location
    127.0.0.1
    Posts
    2,750
    Reputation
    66
    Thanks
    14,529
    My Mood
    Angelic
    Quote Originally Posted by rawr im a tiger View Post
    Might use this for a name stealing aimbot :3
    Don't know how you're doing.. but you can steal the name when the aimbot choose the best target... like
    Code:
    for(int i = 0; i < PlayerMax; i++){ //Loop the players
         //Get Best Player to shoot here...
    
         SendCommandToConsole("userinfo \"\\name\\%s\"", Clients[i]->Name); //Where Clients[i] is the best entity
    }


    CoD Minion from 09/19/2012 to 01/10/2013

  6. #5
    hoschi111's Avatar
    Join Date
    Aug 2007
    Gender
    male
    Location
    127.0.0.1
    Posts
    59
    Reputation
    10
    Thanks
    98
    My Mood
    Amazed
    I just created an example tool which uses this address. (Attachment)
    Features:
    • Force Host
    • Return PlayerID
    • Return PlayerName
    • Return Health

    https://virusscan.jotti.org/en/scanre...b303970b47890f
    https://www.virustotal.com/file/c416...is/1345927166/

    I also found an address which returns the distance to a wall/aim/where ever your crosshair points to (centerscreen / crosshair) in (i guess) centimeters as integer (4 Byte)
    Code:
    iw5mp.exe+64C91C (0x00A4C91C)
    ~ hoschi111
    <b>Downloadable Files</b> Downloadable Files
    Last edited by Nachos; 08-25-2012 at 03:42 PM.

  7. The Following 2 Users Say Thank You to hoschi111 For This Useful Post:

    inmate (08-30-2012),stevonator (08-30-2012)

  8. #6
    Nachos's Avatar
    Join Date
    Jun 2010
    Gender
    male
    Location
    Between Equator and The North Pole
    Posts
    2,984
    Reputation
    176
    Thanks
    919
    My Mood
    Blah
    Quote Originally Posted by hoschi111 View Post
    I just created an example tool which uses this address. (Attachment)
    Features:
    • Force Host
    • Return PlayerID
    • Return PlayerName
    • Return Health

    https://www.virustotal.com/file/4cbd...is/1345924597/

    I also found an address which returns the distance to a wall/aim/where ever your crosshair points to (centerscreen / crosshair) in (i guess) centimeters as integer (4 Byte)
    Code:
    iw5mp.exe+64C91C (0x00A4C91C)
    ~ hoschi111
    Approved.
    You need 2 virusscans of the .rar, I added them this time.+
    Last edited by Nachos; 08-25-2012 at 03:43 PM.


    The lines in my Steam are i's

  9. #7
    stevonator's Avatar
    Join Date
    Nov 2011
    Gender
    male
    Posts
    83
    Reputation
    10
    Thanks
    144
    My Mood
    Stressed
    Quote Originally Posted by hoschi111 View Post
    iw5mp.exe+64C918 (0x00A4C918)
    Quote Originally Posted by hoschi111 View Post
    iw5mp.exe+64C91C (0x00A4C91C)
    ok, those adresses are really cool dude, but as for i'm c# n00b, how would i do this?
    using jorndel's memory class, would it just be:
    Code:
    ReadString(iw5mp.exe+64C918, 100);
    (for example)
    ?

  10. #8
    Jorndel's Avatar
    Join Date
    Jul 2010
    Gender
    male
    Location
    Norway
    Posts
    8,676
    Reputation
    905
    Thanks
    19,109
    My Mood
    Angelic
    Quote Originally Posted by stevonator View Post
    ok, those adresses are really cool dude, but as for i'm c# n00b, how would i do this?
    using jorndel's memory class, would it just be:
    Code:
    ReadString(iw5mp.exe+64C918, 100);
    (for example)
    ?
    Nope, then you would have tog et the base address for the module: "iw5mp.exe"

    Use what he added in the: ()



    The name length is more like 15 or 25 (15 I think..)
    Code:
    ReadString(0x00A4C918, 15);

     
    Contributor 01.27.2012 - N/A
    Donator 07-17-2012 - Current
    Editor/Manager 12-16-12 - N/A
    Minion 01-10-2013 - 07.17.13
    Former Staff 09-20-2012 - 01-10-2013 / 07-17-2013 - Current
    Cocksucker 20-04-2013 - N/A

  11. The Following User Says Thank You to Jorndel For This Useful Post:

    stevonator (08-29-2012)

  12. #9
    stevonator's Avatar
    Join Date
    Nov 2011
    Gender
    male
    Posts
    83
    Reputation
    10
    Thanks
    144
    My Mood
    Stressed
    Quote Originally Posted by Jorndel View Post
    Nope, then you would have tog et the base address for the module: "iw5mp.exe"
    Use what he added in the: ()
    The name length is more like 15 or 25 (15 I think..)
    Code:
     ReadString(0x00A4C918, 15);
    so the base address is what you told me to close the proces etc...?
    So that would be base address+offset...?

  13. #10
    hoschi111's Avatar
    Join Date
    Aug 2007
    Gender
    male
    Location
    127.0.0.1
    Posts
    59
    Reputation
    10
    Thanks
    98
    My Mood
    Amazed
    Hey,
    nice to see that someone uses my sharing

    Quote Originally Posted by stevonator View Post
    So that would be base address+offset...?
    Some people here on MPGH use a certain module of a selected process to calculate the "real" address, but you don't need the "calculation". I already did that for you.
    To read that value behind this address "iw5mp.exe+64C918 (0x00A4C918)", you need the address in "()".
    Due to the fact, the address returns an integer, you have to use it like this:
    ReadInteger(0x00A4C918, 4);

  14. #11
    stevonator's Avatar
    Join Date
    Nov 2011
    Gender
    male
    Posts
    83
    Reputation
    10
    Thanks
    144
    My Mood
    Stressed
    Quote Originally Posted by hoschi111 View Post
    Some people here on MPGH use a certain module of a selected process to calculate the "real" address, but you don't need the "calculation". I already did that for you.
    To read that value behind this address "iw5mp.exe+64C918 (0x00A4C918)", you need the address in "()".
    Due to the fact, the address returns an integer, you have to use it like this:
    ReadInteger(0x00A4C918, 4);
    ok now i get it, thx
    but... if the address contains the player you're aiming at... then its a string... or am i wrong?

  15. #12
    hoschi111's Avatar
    Join Date
    Aug 2007
    Gender
    male
    Location
    127.0.0.1
    Posts
    59
    Reputation
    10
    Thanks
    98
    My Mood
    Amazed
    Ah no, i'll explain it (with VB.Net) how i did it.
    (You've to port it in C# if needed)

    Here is my VB.Net Code:
    - Label1 is the PlayerID
    - Label2 is my CURRENT Player
    - Label3 is the LAST (if you missed the focus) Player
    - Label7 gets the Health of the LAST Player (and updates untill new Player is in your crosshair)
    - If Label2 contains a PlayerName, it changes the PlayerName of Player #1 with the name from the player you are aiming on
    Code:
    ublic Class Form1
        Dim PID As String
        Dim updateaddy As Integer = &H1600
        Dim TimerID As Integer
    
        Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
            Timer1.Start()
    
        End Sub
        Public Function ByteArrayToTextString(ByRef Barr() As Byte) As String
            Dim enc As System.Text.Encoding = System.Text.Encoding.Default
    
            Return enc.GetString(Barr)
        End Function
    
        Private Sub Timer1_Tick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Timer1.Tick
            Try
                Label1.Text = ReadMemory(Of Integer)(&HA4C918)
                Select Case Label1.Text
                       Case 1
                        getplayerdata(1)
                    Case 2
                        getplayerdata(2)
                      Case 3
                 
                        getplayerdata(3)
                    Case 4
                     
                        getplayerdata(4)
                    Case 5
                  
                        getplayerdata(5)
                    Case 6
                     
                        getplayerdata(6)
                    Case 7
                   
                        getplayerdata(7)
                    Case 8
                     
                        getplayerdata(8)
                    Case 9
                   
                        getplayerdata(9)
                    Case 10
           
                        getplayerdata(10)
                    Case 11
                     
                        getplayerdata(11)
                    Case 12
                     
                        getplayerdata(12)
                    Case 13
                    
                        getplayerdata(13)
                    Case 14
                       
                        getplayerdata(14)
                    Case 15
                     
                        getplayerdata(15)
                    Case 16
                        getplayerdata(16)
                       
                    Case 17
                        getplayerdata(17)
                     
                    Case 18
                        getplayerdata(18)
                    Case Else
                        Label2.Text = "None"
    
                End Select
            Catch ex As Exception
    
            End Try
        End Sub
    
        Private Sub Label2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Label2.Click
    
        End Sub
    
        Private Sub Label2_TextChanged(ByVal sender As Object, ByVal e As System.EventArgs) Handles Label2.TextChanged
            If Not Label2.Tex*****ntains("None") Then
                If CheckBox1.Checked = True Then
                    WriteMemory2(&H1D043D0 + &H1600, Label3.Text, False)
                End If
               End If
        End Sub
    
        Private Sub getplayerdata(ByVal pid As Integer)
            Try
                Dim dif As Integer = &H274 * pid
                Dim dif2 As Integer = &H38EC * pid
                TimerID = dif
                Label2.Text = ByteArrayToTextString(ReadMemory(&H1D043D0 + dif2 + updateaddy, 116))
                Timer2.Start()
            Catch ex As Exception
    
            End Try
    
        End Sub
    
        Private Sub Timer2_Tick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Timer2.Tick
            Try
    
                Label7.Text = ReadMemory(Of Integer)(&H1B3C144 + TimerID)
            Catch ex As Exception
            End Try
        End Sub
    
        Private Sub forcehost_Tick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles forcehost.Tick
            Try
                WriteMemory(&H5AB20BC + updateaddy, 0)
                WriteMemory(&H5AB2070 + updateaddy, 0)
                WriteMemory(&H5AB2080 + updateaddy, 0)
                WriteMemory(&H5AB36BC, 0)
                WriteMemory(&H5AB36CC, 0)
                WriteMemory(&H5AB3708, 0)
                WriteMemory(&H5AB3718, 0)
            Catch ex As Exception
            End Try
        End Sub
      End Class
    Hope you can learn from it
    If there are still any questions, ask me
    Btw: Used master131's memory module with some "modifications" by me.
    ~ hoschi111
    Last edited by hoschi111; 08-30-2012 at 11:46 AM.

  16. The Following User Says Thank You to hoschi111 For This Useful Post:

    stevonator (08-30-2012)

  17. #13
    stevonator's Avatar
    Join Date
    Nov 2011
    Gender
    male
    Posts
    83
    Reputation
    10
    Thanks
    144
    My Mood
    Stressed
    thanks, but if i understand it well, the address displays the player# you're aiming at...
    for example if it returns 1 then you're aiming at player1...?
    ok thx

  18. #14
    hoschi111's Avatar
    Join Date
    Aug 2007
    Gender
    male
    Location
    127.0.0.1
    Posts
    59
    Reputation
    10
    Thanks
    98
    My Mood
    Amazed
    Yes exactly!
    With this address you can loop through the ingame players and get the selected player like my program does.
    Calculation is in "getplayerdata".
    It's really simple if you understand the playermanagement in mw3.
    If you like my posts, i'm thankful for every Rep or Thanks.

  19. #15
    stevonator's Avatar
    Join Date
    Nov 2011
    Gender
    male
    Posts
    83
    Reputation
    10
    Thanks
    144
    My Mood
    Stressed
    Yes i understand them all, the player names, hp, ammo (you can even know when they need to reload look at there clip), etc etc
    Thanks

Similar Threads

  1. Who can give me mat automaton 1.0.0.9 aiming and updater code
    By Avenged Beats in forum Mission Against Terror Help
    Replies: 13
    Last Post: 12-27-2011, 05:12 PM
  2. who has the BEST aim bot?
    By girthboy in forum Combat Arms Discussions
    Replies: 7
    Last Post: 02-05-2010, 09:15 PM
  3. this one is for the guy who leeched the aim bot cum here
    By bigboss3 in forum CrossFire Hacks & Cheats
    Replies: 18
    Last Post: 07-26-2009, 10:04 PM
  4. "Anus who is a son of PeneTRate. "
    By Dave84311 in forum General Game Hacking
    Replies: 0
    Last Post: 12-30-2005, 12:04 PM
  5. aim bots
    By nutter in forum General Game Hacking
    Replies: 6
    Last Post: 12-27-2005, 11:56 AM