• 1 Vote(s) - 2 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Release Self updating DLL via Sigs
#1
well thanks to monsterman for making it public.

i dont think that he would be mad if i share this here.

!THIS IS BANABLE WITH VAC!

Ok to start us off to the people who dont know me i made a hack and developed it to go further in each patch that came out with alot of help from SupernovaAO and other people such as Hell Demon and some people at GD leaving snippets and leads to new finds. i do not take Credit for all of this just spreading what i know of and helping you learn to understand how hacks work and how to create your own, With this being said "why is this not in the code section" Well my reply to that is because this isnt just code im going to be sharing with you its is infact a fully working hack that shows you how to update it for the rest of MW2's Engine days.

Step 1.
Now to start with your need a C/C++ Compiler google is your friend for this step.

Step 2.
Offsets are what we use to alter something at a particular point in the game. i am not going to explain fully how to find new offsets as that is a different post all together and alot more complicated, But what i will explain is how to update offsets VIA Signatures which i will share with you.
What is a Signature ?
Well it is a Lead of parts of address's in the games code which make a unique pattern to eventually lead to the point of offset we want to use.

Step 3.
The List.

PHP Code:
console B8 ???????? 2B05 ???????? 56 50 51 B9 ???????? BE ???????? E8 ???????? A1 ????????
Address   Hex dump          Command                                  Comments
004393E0  
/$  8B4C24 0C     MOV ECX,DWORD PTR SS:[ARG.3]


Radar1 74 ?? 8BD5 8BC3 E8 ???????? 5D 8B4C24 ?? 83F9 ?? 
Address   Hex dump          Command                                  Comments
00580701  
|. /74 09         JE SHORT 0058070C

Radar2 74 
?? 55 8B2D ???????? 8D85 ???????? 3903 7E ?? D905 ???????? 57 51
Address   Hex dump          Command                                  Comments
005806D0  
|. /74 3B         JE SHORT 0058070D

CounterUAV 75 
?? D9EE D905 ???????? D8D1 DFE0 F6C4 ?? 7B ?? 8B0D ???????? D941 ??
Address   Hex dump          Command                                  Comments
0041BDD8  
|. /75 66         JNE SHORT 0041BE40

Recoil E8 
???????? 83C4 ?? 8B15 ???????? 807A ?? ?? 8B7424 ?? 74 ??
(
check the bytes)
Address   Hex dump          Command                                  Comments
0049D327  
|.  E8 C4 53 FB FF   CALL 004526F0

Laser 74 08 C7 44 24 1C 01 00 00 00 83 7E 08 00 74 08 C7 44 24 1C 00 00 00 00 33 F6 39 74 24 28 C6 44 24 13 00 89 74 24 20
Address   Hex dump          Command                                  Comments
00477172  
|. /74 08         JE SHORT 0047717C

Coldbloodfix 75 
?? 3987 ???????? 75 ?? 8B2D ???????? 57 53 E8 ???????? D95C24 ??
Address   Hex dump          Command                                  Comments
005A00FE  
|. /75 6F         JNE SHORT 005A016F

Coldbloodfix2 74 
?? B0 ?? 83C4 ?? C3 D905 ???????? 8B8E ???????? D95C24 ?? 57 D905 ????????
Address   Hex dump          Command                                  Comments
00582AEC  
|. /74 06         JE SHORT 00582AF4

chopper  75 
?? 3805 ???????? 74 ?? 56 E8 ???????? 83C4 ??
Address   Hex dump          Command                                  Comments
0047AA80  
|. /75 23         JNE SHORT 0047AAA5

name tags 0F85 
???????? F705 ???????? ???????? 74 ?? 8B96 ???????? 3B15 ???????? 75 ??
Address   Hex dump          Command                                  Comments
00582D06  
|. /0F85 F9000000 |JNE 00582E05

drawthru walls 74 
?? B0 ?? 83C4 ?? C3 D905 ???????? 8B8E ???????? D95C24 ?? 57 D905 ????????
Address   Hex dump                     Command                                  Comments
00582AEC  
|. /74 06                    JE SHORT 00582AF4

thermal1 74 
?? B0 01 C3 F7 ?? ?? ?? ?? ??
Address   Hex dump                     Command                                  Comments
0059B0DB  
|. /74 03                    JE SHORT 0059B0E0

thermal2 74 
?? A1 ?? ?? ?? ?? 8B ?? 10 C3 F6
Address   Hex dump                     Command                                  Comments
0059B13E  
|. /74 09                    JE SHORT 0059B149

blackwhitefix 0F 84 
?? ?? ?? ?? 8B ?? ?? ?? ?? ?? 0F B6 49 10
Address   Hex dump                     Command                                  Comments
0050E111  
|. /0F84 BD000000            JE 0050E1D4

xhair 75 
?? DB81 ???????? D91A DB81 ???????? E9 ???????? D905 ????????
Address   Hex dump                     Command                                  Comments
00465AEF  
|. /75 13                    JNE SHORT 00465B04

noflash 833D 
???????? ?? 74 ?? 833D ???????? ?? 0F95C0 84C0 75 ??
Address   Hex dump                     Command                                  Comments
00455D50  
/$  833D A8988600 00         CMP DWORD PTR DS:[8698A8],0              iw4mp.00455D50(guessed Arg1)

Wallhack 68 ???????? 50 53 55 E8 ???????? 83C4 ??
Address   Hex dump                     Command                                  Comments
0059037D  
|.  68 04010000              PUSH 104                                 ; |Arg4 104

Get font 8B4424 
?? 894424 ?? C74424 ?? ???????? E9 ????????
Address   Hex dump                     Command                                  Comments
00506320  
/$ >8B4424 04                MOV EAX,DWORD PTR SS:[ESP+4]


draw engine text 8B4424 ?? 8038 ?? 0F84 ???????? 8D50 ?? 8A08 83C0 ??
Address   Hex dump                     Command                                  Comments
0050AC40  
/$  8B4424 04                MOV EAX,DWORD PTR SS:[ARG.1]

DETOUR 51 A1 ???????? 8378 ?? ?? 7D ?? 6A ?? E8 ???????? 83C4 ??
Address   Hex dump                     Command                                  Comments
00581700


DVAR UNLOCKER 53 D918 68 
???????? 56 E8 ????????
ADDRESS
00646F10 


Ok now you have the whole list off Signitures and offsets for the latest version 1.2.208

The signature of the Dvar unlocker looks like this :
53 D918 68 ???????? 56 E8 ????????

when used correctly in a debugger it will lead you to the offset which is this :
00646F10

The offset can then be used in source code (Which i will provide in a later step) you simply change the 0's at the start to look like this :
0x646F10

As we dont need two 0s at the start.

Step 4.
How to update the offsets via Signature.
Get ollydbg Attach the iw4mp.exe to the debugger,
Press Ctrl G Then put in the Signature it will take you to the new offset.

Say 1.3.2099 comes out tomorrow the signature will lead you to the new offset for the hack source code.


Step 5.
The source code for the hack...
To simplify this im just going to share my source as i dont wanna ramble on about two make it from scratch so the link for the source will be at the bottom.

Now that you have the source and the abilitys to update the offsets..
You now have a Forever Self updating hack.

BUT Do bare in mind with VAC Running and this hack Writing to the process memory it will get you banned.

Again i want to make this dead clear.

THIS IS BANABLE BY VAC !!!

But the good news is there is ways around VAC And also works for things that dont use VAC Like lobby tracker and other sources for banned people to play (not going in to more detail about this work it out for your selfs.)

If the game version is different just attach the game version your connecting too and update/downdate to that ones offsets.

There are ways around VAC and its Bans but you need to do your own searching and homework for this matter, but it is still possible.

Step 6.
The code. Look at the Source i posted in another Thread ~d0h!


All this information is to be used at the User Risk and is not my responsibility nor fault if it results in the loss of steam games, hair, blood or life.


To admins / Mods the advertising in the code is now invalid as the site is no longer running its just example code of how to use static text. can be easyily changed / edited to say anything.

Virus Scan:-
http://www.virustotal.com/file-scan/repo...1289060954
http://www.virustotal.com/file-scan/repo...1289061057
[-] The following 1 user says Thank You to d0h! for this post:
  • Cgallagher
  Reply
#2
Thanks for sharings
  Reply


Possibly Related Threads...
Thread Author Replies Views Last Post
Rainbow Help Server is not updating Nekochan 1 684 11-06-2012, 20:15
Last Post: JariZ
  Help My Server isnt updating by itself DeMenTor 10 1,793 06-09-2012, 19:20
Last Post: DidUknowiPwn
  [Request] Continue Updating Zombie Epidemic Mod Lemon 11 2,094 09-20-2011, 16:14
Last Post: johamort
  [News] Black Ops Patch 1.09 xD mod support Updating // 5/26/11 rotceh_dnih 16 4,703 05-28-2011, 09:19
Last Post: aosma8
  Help Bar Stopped Updating 4FunPlayin 8 1,331 04-08-2011, 12:44
Last Post: 4FunPlayin

Forum Jump:


Users browsing this thread: 1 Guest(s)