scroll little up in the disassembly
I need help with bypassing client error 28_3.
i have backup the original reload values for each gun
I think the answer lies hereCode:#include <Windows.h> #define WeaponPointer 0xCB9984 #define WeaponReload 0xC38 void run(); struct wBackup { float reload; }; wBackup wProp[746]; BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpReserved) { switch(fdwReason) { case 1: run(); break; } } void run() { DWORD cshell=(DWORD)(GetModuleHandle("CShell.dll")); int i = 0; if(cshell!=0) { DWORD pWeapons = *(DWORD*)(cshell + WeaponPointer); if(pWeapons!=NULL) { int maxWeapons = *(int*)(pWeapons-8); while(i<maxWeapons) { DWORD pWeapon = *(DWORD*)(pWeapons + (i*4)); if(pWeapon!=0) { *(float*)(pWeapon+WeaponReload) = 100.0f; } i++; } } } }
but i'm not too sure, can someone help?
@derh.acker
@~FALLEN~
@giniyat101
Last edited by dakr54; 12-31-2012 at 05:51 PM.
scroll little up in the disassembly
[img]https://i43.photobucke*****m/albums/e367/DeteSting/Steam-update.gif[/img]
i assume this has something to do with it?
I'm still pretty confused about this..anyone wanna chime in?
U go overly up :P ( I think , u change function )
Code:102F44C0 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+4] 102F44C4 81EC A0000000 SUB ESP,0A0 102F44CA 83F8 FF CMP EAX,-1 102F44CD 0F84 F7010000 JE CshellNa.102F46CA 102F44D3 56 PUSH ESI 102F44D4 50 PUSH EAX 102F44D5 E8 F61FEBFF CALL CshellNa.101A64D0 102F44DA 8BF0 MOV ESI,EAX 102F44DC 83C4 04 ADD ESP,4 102F44DF 85F6 TEST ESI,ESI 102F44E1 0F84 E2010000 JE CshellNa.102F46C9
dakr54 (01-05-2013)
I don't understand what that call do it bring me hereCode:102F45CD 0F84 F7010000 JE CShell.102F47CA 102F45D3 56 PUSH ESI 102F45D4 50 PUSH EAX 102F45D5 E8 0621EBFF CALL CShell.101A66E0 102F45DA 8BF0 MOV ESI,EAX 102F45DC 83C4 04 ADD ESP,4 102F45DF 85F6 TEST ESI,ESI 102F45E1 0F84 E2010000 JE CShell.102F47C9
Code:101A66B9 72 08 JB SHORT CShell.101A66C3 101A66BB FFD5 CALL EBP 101A66BD 8B0D 8499CB10 MOV ECX,DWORD PTR DS:[10CB9984] 101A66C3 893CB1 MOV DWORD PTR DS:[ECX+ESI*4],EDI 101A66C6 83C6 01 ADD ESI,1 101A66C9 81C7 283E0000 ADD EDI,3E28 101A66CF 81FE 00040000 CMP ESI,400 101A66D5 ^72 CC JB SHORT CShell.101A66A3 101A66D7 5F POP EDI 101A66D8 5D POP EBP 101A66D9 5E POP ESI 101A66DA 8AC3 MOV AL,BL 101A66DC 5B POP EBX 101A66DD C3 RETN 101A66DE CC INT3 101A66DF CC INT3 101A66E0 66:8B5424 04 MOV DX,WORD PTR SS:[ESP+4] 101A66E5 33C0 XOR EAX,EAX 101A66E7 66:85D2 TEST DX,DX 101A66EA 7C 26 JL SHORT CShell.101A6712 101A66EC 56 PUSH ESI 101A66ED 8B35 7899CB10 MOV ESI,DWORD PTR DS:[10CB9978] 101A66F3 0FBFCA MOVSX ECX,DX 101A66F6 83C6 FF ADD ESI,-1 101A66F9 3BCE CMP ECX,ESI 101A66FB 5E POP ESI 101A66FC 7F 14 JG SHORT CShell.101A6712 101A66FE 66:81FA FF03 CMP DX,3FF 101A6703 7F 0D JG SHORT CShell.101A6712 101A6705 51 PUSH ECX 101A6706 B9 8099CB10 MOV ECX,CShell.10CB9980 101A670B E8 00FFFFFF CALL CShell.101A6610 101A6710 8B00 MOV EAX,DWORD PTR DS:[EAX] 101A6712 C3 RETN
If cshell store the offsets in esp+0xofs (you'll need to know esi to know for sure , i 'll do a logger with breakpoint here) , u need only to jmp in theory so cshell restore the old value and the game continue
just ignore those newbies and pm me a picture of the whole function (its surrounded by blocks of INT3s)
[img]https://i43.photobucke*****m/albums/e367/DeteSting/Steam-update.gif[/img]