Quantcast
Channel: Aimbots.net - The #1 Community For All Your Gaming Needs!
Viewing all 1717 articles
Browse latest View live

Help me I need aimbot work with cod 4 v1.8 plzzzzz

March 6, 2016, 11:30 pm
$
0
0
Help me I need aimbot work with cod 4 v1.8 plzzzzz:)
Search

Hi good day

March 10, 2016, 8:45 pm
$
0
0
Hello newbie here, im fps game fan.
I recently installed open arena and its hard to play with gamepad without assist aim,
So i came here looking for any mod/cheat or any similar that will help me to aim bot( im only using it in single player mode with bots)

certain wh i need for cod 1

March 21, 2016, 1:14 pm
$
0
0
the wallhack showed blue player models, anyone know which wh this was? i forgot it :((

Soh css v2.3

April 2, 2016, 10:09 am
$
0
0
===========================================
[SOH] CSS v2.3
===========================================
Changes:

Added OS:
- Win VISTA / 7 / 8 / 10
- Untested on XP


===========================================

Made by: SOH

Credits:
Defcon1 C4 Skin
MyDooMJr [SOH]
King-Orgy [aBnet]
Shadow [UC]
learn_more [UC]
Roverturbo [UC]
JoshRose [UC]
Drunken Cheetah [UC]
UC
GD
aB
More
...

Download: http://sonofhacks.freeforums.org/dow...ile.php?id=137
Attached Files

Aimbot for 4.2.023

April 2, 2016, 4:44 pm
$
0
0
Hello,

Is there any aimbot for this version? I was trying to find any hack, but it's so hard; nothing found, only for older versions :( I'm just looking specially for some aimbot.

Thanks.

How to Use IDA Pro Video Tutorial

April 4, 2016, 9:53 am

[HELP] WordPress Website

April 6, 2016, 7:26 am
$
0
0
Hi everyone,

It's been a while since i've been on here but i've got a question.

I'm currently working at my mother's company and i'm modifying our website http://www.lvd-publi.be/
The problem is, i've been changing some stuff in the "Editor" part of wordpress which includes all .php and .css files.

If you scroll down to the page you'll see "Contact Info" and under that our information. The thing is that it should be tabbing down each time.

WHAT IT IS RIGHT NOW
Hoeikensstraat 5 unit 17, 2830
Willebroek Phone: 03 886 88 88
E-Mail: info@lvd-publi.be Web:
http://www.lvd-publi.be/


WHAT IT SHOULD BE:
Hoeikensstraat 5 unit 17, 2830
Willebroek
Phone: 03 886 88 88
E-Mail: info@lvd-publi.be
Web: http://www.lvd-publi.be/

The thing is, before i started changing stuff it was how it should be. WordPress doesn't have an undo button or stuff like that so i can't seem to find the problem...
Would be pleasured if someone could me

Kind regards,
Schoenmakers Jonas

How to Get the Base Address of a Module External

April 7, 2016, 8:54 am
$
0
0
How To Get Module Base Address

All .exe and .dll files when loaded into memory are referred to as "modules".

When adding addresses to your Cheat Engine table, and especially when using pointers you will often find the address listed like this:


Or maybe like this:
client.dll + 004EE83

This is using relative offset from the address of a module. Too see if an address is offset from a certain module make sure you enable this:


Then in memory viewer use "Go To Address" to the address. Regardless of if it is data or code, this will tell you what module it is offset from.

To view all the modules loaded by the process in Cheat Engine and view their addresses do this:


Also you can use Dissect PE Headers to view relative information:

MZ-Start is the address of the module as it is currently loaded into memory. Preferred ImageBase is parsed straight from the PE Header and is the location that it prefers to be loaded into. If this memory address is already taken, it will relocate.


"client.dll + 004EE83" works in Cheat Engine because Cheat Engine evaluates the address of client.dll. CE will get the address of client.dll and replace it with the adress that the module is loaded.
So lets say the address of module client.dll is 0x10000000, cheat Engine will evaluate:

client.dll + 004EE83
0x10000000 + 004EE83
1004EE83

The above evaluation is done by cheat engine while the program is running.

But when you are trying to use this in an external trainer you need to evaluate "client.dll" + 004EE83 yourself. There are multiple ways of doing this and we will discuss one of them now.

To do this externally you can use this function that has been widely used named dwGetModuleBaseAddress.

Basically it uses the windows API CreateToolhelp32Snapshot to get a snapshot of all loaded modules for the given process, it then iterates through all the loaded modules and finds the module with the module name you give it. It returns a DWORD_PTR to the module address. You input the ProcessID and the name of the module and it ouputs the address of the module.

Includes:
Code:
//Place these with your other includes
#include <tlhelp32.h>
#include <tchar.h>
Function Prototype:
Code:
//Place this in the global namespace anywhere before the function is defined and called.
DWORD_PTR dwGetModuleBaseAddress(DWORD dwProcID, TCHAR *szModuleName);
Function Definition:
Code:
//Place this anywhere in the global namespace
DWORD_PTR dwGetModuleBaseAddress(DWORD dwProcID, TCHAR *szModuleName)
{
    DWORD_PTR dwModuleBaseAddress = 0;
    HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, dwProcID);
    if (hSnapshot != INVALID_HANDLE_VALUE)
    {
        MODULEENTRY32 ModuleEntry32;
        ModuleEntry32.dwSize = sizeof(MODULEENTRY32);
        if (Module32First(hSnapshot, &ModuleEntry32))
        {
            do
            {
                if (_tcsicmp(ModuleEntry32.szModule, szModuleName) == 0)
                {
                    dwModuleBaseAddress = (DWORD_PTR)ModuleEntry32.modBaseAddr;
                    break;
                }
            } while (Module32Next(hSnapshot, &ModuleEntry32));
        }
        CloseHandle(hSnapshot);
    }
    return dwModuleBaseAddress;
}
The Function Call
Code:
DWORD clientdllBaseAddress = 0;
clientdllBaseAddress = dwGetModuleBaseAddress(dwProcId, _T("client.dll"));
1) You will need to FindWindow() to get the HANDLE to the window and pass it to GetWindowThreadProcessId() to get the dwProcId.
Search

How To Use ReClass Video Tutorial

April 7, 2016, 8:55 am

How To Find the ViewMatrix

April 9, 2016, 7:01 am
$
0
0
This should work for 99% of games. It relies on the fact that the up angle axis has to be between -1 and +1, and you find the variable by searching for those values in cheat engine.

Another good method is knowing the fact that all graphic related variables are probably declared in the same header file. For instance you know that your game resolution is 800x600. Find where your resolution is stored and search around that memory address for other related variables. You can use any starting point, FOV, resolution, etc...You can then use "What Accesses this address" to find functions that access your FOV or resolution and perhaps they also access the view matrix. Trial and error is big in reversing, especially if you don't have alot of experience.

How To Call a Game Function

April 9, 2016, 7:03 am
$
0
0
Requirements: Intermediate knowledge of ASM and C++ and the stack, internal access to process

1)Find the address of the function you want to call

Example:
If you want to call the function that does damage to players, you would find your entity address, the enemy's entity address, do a "Find what Accesses This Address" on the enemy's health. Shoot the enemy once. Find the instruction that has only been executed once. This could be the function DoDamage() or it could be a function like DecreaseHealth() that gets called by the DoDamage() function. If it's DecreaseHealth() you will have to trace backwards to the function that calls it. If it's DoDamage() you will want to right click on this instruction in Cheat Engine and click "Select Function". Scroll to the top of the selected function, the top address is the address of your function.

2)Discover the calling convention of the function

You do this by viewing how the arguments are pushed onto the stack or placed in registers by the caller before the function is called and also how they are popped off the stack by either the caller or the callee.

When a function is called the callee creates a new stack frame using EBP and ESP, each function has it's own stack frame which is local storage that the function needs.

Read about stack frames here:
https://en.wikipedia.org/wiki/Call_stack#Structure
https://en.wikibooks.org/wiki/X86_Di...d_Stack_Frames
http://www.cs.cornell.edu/courses/cs...ures/lec20.pdf


Example: For the DoDamge() function you would examine the PUSH instructions before the call and breakpoint the first instruction of the DoDamage() function and examine the registers. Find the address of your entity and of the enemy either on the stack or in the registers.

Read up on calling conventions:
http://www.codeproject.com/Articles/...ns-Demystified
http://www.codeproject.com/Articles/...ng-Conventions
http://guidedhacking.com/showthread....d-to-know-them

3) Discover the arguments and the argument types

Using IDA is the easiest. If class objects are being passed in you will need to reverse those objects and recreate them in your code. Before your function gets called, you will see arguments get pushed onto the stack, usually in right to left order.

4)Recreate the function prototype in your code and create a typedef to it and then call it

Here are some examples:
Code:
//typedef the function prototype
typedef cvar_t*(__cdecl * _Cvar_Get)(const char *var_name, const char *var_value, int flags);

//Create an instance of the function and assign it to an address
_Cvar_Get Cvar_Get = (_Cvar_Get)0x043F688;

//Call it like this
Cvar_Get("cl_gamepath", "OpenArena", 0);

//typedef the function prototype
typedef clipHandle_t(__cdecl *_CM_InlineModel)(int index);

//Create an instance of the function and assign it to an address
_CM_InlineModel CM_InlineModel = (_CM_InlineModel)0x00426a5c;

//Call it like this
CM_InlineModel(5);
Code:
//multiline method:
typedef void(__cdecl * _contoutf)(const char* string, ...);
_contoutf contoutf = (_contoutf)0x46b060;
contoutf((char*)"Hello");     
 
//one line method:
((void(__cdecl*)(const char* string))0x46b060)("do the shit");
Alternatively if the calling convention is giving you trouble you can just push the variables onto the stack and call the function using inline ASM

If you're using the wrong calling convention you will corrupt the stack and the game will crash.

How to Hook a function

April 14, 2016, 8:55 am
$
0
0
Want to do a mid function hook or hook a game function? Learn the basics here!



Code:
bool Hook(void * toHook, void * ourFunct, int len)
{
        if (len < 5) {
                return false;
        }

        DWORD curProtection;
        VirtualProtect(toHook, len, PAGE_EXECUTE_READWRITE, &curProtection);

        memset(toHook, 0x90, len);

        DWORD relativeAddress = ((DWORD)ourFunct - (DWORD)toHook) - 5;

        *(BYTE*)toHook = 0xE9;
        *(DWORD*)((DWORD)toHook + 1) = relativeAddress;

        DWORD temp;
        VirtualProtect(toHook, len, curProtection, &temp);

        return true;
}

How to find an entity base address in cheat Engine

April 14, 2016, 8:57 am

OpenArena Aimbot and ESP

April 14, 2016, 9:02 am
$
0
0


Download the game here: https://href.li/?http://www.openaren...ad.php?list.61

Features:
ESP & Aimbot

Features not included:
Visibility Check, Ballistic Projectile Compensation

Supported Mods:
version 81
version 85
version 88
Cookies
City
CTF
1v1

Known Unsupported Mods:
furious, oaster, oaplus, oaweapons, defrag

There are many mods in this game, seeing this means the current mod is NOT supported and lists some of the most common:


Instructions: If you don't do this, the hack will not work
Go to Setup->Controls->Move and disable the right mouse button keybind for "sidestep / turn"


Execute the hack and the game, the hack will be automatically injected.
[F1] Aimbot
[F2] ESP
[Right Mouse Button] Aim/Shoot
If you want to switch targets, let go of right click and press it again. You are meant to only press right click when you want to shoot the target nearest to your crosshair.

Known Bugs/Issues
ESP & Aimbot is still active on enemies a few seconds after they die or after they teleport
Report your bugs in this thread and we will attempt to fix them
If you see a mod that isn't supported, we will try to add it if possible

Community Hack Contributers:
mambda - Special Injector
Broihon - Codenz support
Kilo - GUI & codenz support
c5 - world2screen, text drawing class
Rake - Aimbot/ESP/Menu/Game Reversing
Nazalas - beta testing
Solaire - beta testing

Virus Scans:
https://www.virustotal.com/en/file/b...is/1459285157/
https://virusscan.jotti.org/en-US/fi...job/9r6v366ymo

Good RE Tutorial Link List

April 20, 2016, 1:36 pm
$
0
0
Search

C++ How to code cave / mid function hook video tutorial

April 20, 2016, 2:28 pm

OllyDBG Tutorial

April 22, 2016, 3:00 pm
$
0
0
I prefer IDA but for those needing a free debugger OllyDBG is a great option. Learn to reverse functions and make hacks using Olly here:

Any Zandro-snacks?

April 24, 2016, 11:11 pm
$
0
0
Can anybody make skullhack compatable with zandronum 2.1.2? make an offer :) pm me if you can do something similar. need an aimbot.

Reverse Engineering Videos

April 27, 2016, 8:12 pm

Page Guard / VEH Hooking

April 29, 2016, 3:14 pm
$
0
0
VEH hooking is a method of hooking into your target program without having to modify any of its bytes, thus bypassing CRC checks. It's slow and cannot be used for hooks that would be called often, though it is extremely stealthy. It works by causing an exception at the desired soon-to-be-hooked address, and creating a hook within the exception handler. We cause the exception by changing the memory protection of the memory page where our desired hook address is located. (PAGE_GUARD & PAGE_NOACCESS are two memory protections that will cause an exception to be thrown whenever any of the code within the page is executed.) And the exception handler that we create, which is outside of our target program's code, catches the exception and checks to see if the address that's currently being executed is the one we want to hook. If it is, we change the EIP (instruction pointer) to point to our function instead. When our function is done, we JMP back to wherever we need to be.

Here's an example of an allocated memory page. Let's say we want to create our hook at 0x08048fb7.



With VirtualProtect() we can change that memory page's protection to include PAGE_GUARD, which will cause the exception STATUS_GUARD_PAGE_VIOLATION to be thrown whenever any of its memory is executed.

However, as you can tell from MSDN, once the exception is thrown "the system also clears the PAGE_GUARD modifier, removing the memory page's guard page status." So we'll be constantly re-applying the PAGE_GUARD modifier in order to keep getting exceptions all throughout the page, to get to the address we're specifically after.

Credits to Ch40zz from rohitlab. (I modified it as I saw needed.)
Code:

DWORD dwOld;
VirtualProtect((void*)0x08048fb7, 1, PAGE_EXECUTE | PAGE_GUARD, &dwOld); // This sets the protection for whatever memory page that 0x08048fb7 is located in to PAGE_EXECUTE & PAGE_GUARD.
                                                                          // Which is going to cause an exception for any address accessed in that memory page, including the one we're after.

AddVectoredExceptionHandler(true, (PVECTORED_EXCEPTION_HANDLER)UnhandledExceptionFilter); // Registers our vectored exception handler which is going to catch the exceptions thrown.
 
unsigned long UnhandledExceptionFilter(EXCEPTION_POINTERS *pExceptionInfo)
{
    if (pExceptionInfo->ExceptionRecord->ExceptionCode == STATUS_GUARD_PAGE_VIOLATION) // This is going to return true whenever any of our PAGE_GUARD'ed memory page is accessed.
    {
        if (pExceptionInfo->ContextRecord->Eip == 0x08048fb7) // Here we check to see if the instruction pointer is at the place where we want to hook.
        {
            dwJmpBack = (DWORD*)(pExceptionInfo->ContextRecord->Esp + 0); // Find the return address for the JMP/EIP back into the target program's code.
            dwJmpBack = (DWORD)pExceptionInfo->ContextRecord->Eip + 5; // or just skip X number of bytes.
            pExceptionInfo->ContextRecord->Eip = (DWORD)hkFunction; // Point EIP to hook handle.
        }
   
        pExceptionInfo->ContextRecord->EFlags |= 0x100; //Set single step flag, causing only one line of code to be executed and then throwing the STATUS_SINGLE_STEP exception.
   
        return EXCEPTION_CONTINUE_EXECUTION; // When we return to the page, it will no longer be PAGE_GUARD'ed, so we rely on single stepping to re-apply it. (If we re-applied it here, we'd never move forward.)
    }
   
    if (pExceptionInfo->ExceptionRecord->ExceptionCode == STATUS_SINGLE_STEP) // This is now going to return true on the next line of execution within our page, where we re-apply PAGE_GUARD and repeat.
    {
        DWORD dwOld;
        VirtualProtect((void*)0x08048fb7, 1, PAGE_EXECUTE | PAGE_GUARD, &dwOld);
   
        return EXCEPTION_CONTINUE_EXECUTION;
    }
   
    return EXCEPTION_CONTINUE_SEARCH;
}
Here's a visual of the EFlags register:



As you can see, the 8th bit activates the Trap Flag (Single-step interrupt).
0x100 to binary is 000100000000. The bitwise OR operator |: simply turns it on.

For more information on using PAGE_NOACCESS to accomplish the same thing, check out DarkstaR's blogpost and example code.

This can be used to hack any game

Originally posted @ http://guidedhacking.com/showthread....-In-depth-Look
Viewing all 1717 articles
Browse latest View live
Search