Join Date: May 2014
Posts: 411
User-Rating:
|
Norecoil/spread - a poor man version because you have to disable it every time you die and re-enable after spawn. I guess some bits get squished somewhere.
I don't think that there is anything new here coding wise to learn for those who have contributed here with their remarkable reversing skills but this might come in handy to those who have no idea how to compile with notepad.exe.
Heres The One For Norecoil/Nospread =====================================================
TEXT Code: [ENABLE] //code from here to '[DISABLE]' will be used to enable the cheat alloc(newmem24,2048) //2kb should be enough label(returnhere24) label(originalcode24) label(exit24) newmem24: //this is allocated memory, you have read,write,execute access //place your code here originalcode24: jmp PlanetSide2.exe+BC7B82 push esi mov esi,[ebx+04] exit24: jmp returnhere24 "PlanetSide2.exe"+BC7B46: jmp newmem24 nop returnhere24: alloc(newmem17,2048) //2kb should be enough label(returnhere17) label(originalcode17) label(exit17) newmem17: //this is allocated memory, you have read,write,execute access //place your code here originalcode17: mov [esi+000000D4],0 exit17: jmp returnhere17 "PlanetSide2.exe"+BC658A: jmp newmem17 nop returnhere17: alloc(newmem11,2048) //2kb should be enough label(returnhere11) label(originalcode11) label(exit11) newmem11: //this is allocated memory, you have read,write,execute access //place your code here originalcode11: movss xmm3,[esi+000000D4] xorps xmm3, xmm3 exit11: jmp returnhere11 "PlanetSide2.exe"+BC6533: jmp newmem11 nop nop nop returnhere11: alloc(newmem6,2048) //2kb should be enough label(returnhere6) label(originalcode6) label(exit6) newmem6: //this is allocated memory, you have read,write,execute access //place your code here xorps xmm0, xmm0 originalcode6: movss [ecx+04],xmm0 exit6: jmp returnhere6 "PlanetSide2.exe"+16C7218: jmp newmem6 returnhere6: alloc(newmem2,2048) //2kb should be enough label(returnhere2) label(originalcode2) label(exit2) newmem2: //this is allocated memory, you have read,write,execute access //place your code here xorps xmm1, xmm1 originalcode2: ucomiss xmm1,[esi+54] lahf exit2: jmp returnhere2 "PlanetSide2.exe"+1679954: jmp newmem2 returnhere2: alloc(newmem,2048) //2kb should be enough label(returnhere) label(originalcode) label(exit) newmem: //this is allocated memory, you have read,write,execute access //place your code here xorps xmm0, xmm0 originalcode: ucomiss xmm0,[esi+08] lahf exit: jmp returnhere "PlanetSide2.exe"+C71385: jmp newmem returnhere: -------------------------------------------------------------------- [DISABLE] //code from here till the end of the code will be used to disable the cheat dealloc(newmem24) "PlanetSide2.exe"+BC7B46: jle PlanetSide2.exe+BC7B82 push esi mov esi,[ebx+04] //Alt: db 7E 3A 56 8B 73 04 dealloc(newmem17) "PlanetSide2.exe"+BC658A: mov [esi+000000D4],edx //Alt: db 89 96 D4 00 00 00 dealloc(newmem11) "PlanetSide2.exe"+BC6533: movss xmm3,[esi+000000D4] //Alt: db F3 0F 10 9E D4 00 00 00 dealloc(newmem6) "PlanetSide2.exe"+16C7218: movss [ecx+04],xmm0 //Alt: db F3 0F 11 41 04 dealloc(newmem2) "PlanetSide2.exe"+1679954: ucomiss xmm1,[esi+54] lahf //Alt: db 0F 2E 4E 54 9F dealloc(newmem) "PlanetSide2.exe"+C71385: ucomiss xmm0,[esi+08] lahf //Alt: db 0F 2E 46 08 9F ======================================================================== And the speedhack. Haven't tested it after spawning. Change the ESP to whatever floating point value (in hex) - currently its set to 15. If you set it too high the physics engine will go nuts and kill/crash you. ------------------------------------------------------------------------ [ENABLE] //Speedhack //code from here to '[DISABLE]' will be used to enable the cheat alloc(newmem,2048) //2kb should be enough label(returnhere) label(originalcode) label(exit) newmem: //this is allocated memory, you have read,write,execute access //place your code here //Push xmm0 sub esp, 16 movdqu dqword [esp], xmm0 mov [esp], 41200000 //Pop xmm0 movdqu xmm0, dqword [esp] add esp, 16 originalcode: movss [esi+000000C8],xmm0 exit: jmp returnhere "PlanetSide2.exe"+BC8D86: jmp newmem nop nop nop returnhere: ----------------------------------------------------------------------------- [DISABLE] //code from here till the end of the code will be used to disable the cheat dealloc(newmem) "PlanetSide2.exe"+BC8D86: movss [esi+000000C8],xmm0 //Alt: db F3 0F 11 86 C8 00 00 00
============================================================================== The base address for recoil/movement speed is at PlanetSide2.exe+2A661F0 and some other stuff (I think I saw coordinates but unsure and too stupid to reverse it all).
Feel free to make a better sig. This one currently points to the instructions dealing with recoil from where you can obtain the base.
Code:
\x57\x51\xD9\x1C\x24\x8D\x45\xEC\xF3\x0F\x5C\xCA\x F3\x0F\x5C\xC3\x50\xF3\x0F\x11\x4D\xEC\xF3\x0F\x11 \x45\xF0\xE8\x00\x00\x00\x00\x8B\x4D\xF4\x8B\x55\x F8\x89\x8E\x00\x00\x00\x00\x89\x96\x00\x00\x00\x00
__________________
AIMBOT????I DONT SEE ANY AIMBOTJUST SKILLS MY FRIEND!!!
Last edited by KN4CK3R (Sun 27. Jul 2014, 20:07)
Reason: no reason given
|