• Amused
  • Angry
  • Annoyed
  • Awesome
  • Bemused
  • Cocky
  • Cool
  • Crazy
  • Crying
  • Down
  • Drunk
  • Embarrased
  • Enraged
  • Friendly
  • Geeky
  • Godly
  • Happy
  • Hateful
  • Hungry
  • Innocent
  • Meh
  • Piratey
  • Poorly
  • Sad
  • Secret
  • Shy
  • Sneaky
  • Tired
  • Wtf
  • At Work
  • CodenzHub
  • Coding
  • Deejaying
  • Donating
  • Drinking
  • Eating
  • Editing
  • Hacking
  • Hate Mailing
  • Jamin'
  • Lagging
  • Live Streaming
  • Lurking
  • No Status
  • Pawning
  • PC Gaming
  • PS Gaming
  • Raging
  • Reversing
  • Sleeping
  • Steam Gaming
  • Trolling
  • TwitchStreamer
  • Vodka!
  • Watching TV/Movie
  • Xbox Gaming
  • Youtuber
  • Zombies
  • Results 1 to 2 of 2
    1. #1
      Newbie
      Learning to hack games!
       
      Feeling Normal
       
      FazeDaFapper's Avatar
      Join Date
      Sep 2015
      Posts
      1
      Thanks (-->)
      2
      Thanks (<--)
      2

      [BASICS / TUT] Approach for Trigger Bot / Crosshair Hack ( Address )

      Cheats-n-Trainers
      In this tutorial i will show you how to find the player you select with crosshair.

      [ Made for S4League ]

      It's usefull for trigger bot, kick hacks, etc..
      You can create many things with it.

      What do you need for this ?

      Cheat Engine
      Some ASM Skills
      S4 League
      it also work for other games

      So lets start !

      For example i will use set roommaster function.
      First we need to find the id of the player who got selected cause S4 set roommaster function get called like this ->

      Code:
      SetRoommaster(Getinstance(),PlayerID,unknow_00);
      
      _asm
      {
          mov ecx,[eax+0C]
          push ecx
          mov edx,[eax+08]
          push edx
          call s4client.exe+AE3B0
          mov ecx,eax
          call s4client.exe+AF32C0
      }
      unknow_00 can be 0 ^^'

      eax+0C = unknow_00 = 0
      eax+08 = PlayerID

      Find the select player !

      Cheat Engine Scan Type = 4 bytes

      Step 1 - Select Nobody and scan 0
      Step 2 - Select Anybody and scan for changed value(s)
      Step 3 - Loop Step 1 and Step 2 until you have 20 or less addys

      I only get one result !

      http://i.imgur.com/nmy9AV6.png

      Then ->

      Step X -> Rightclick on the address and find out what writes to this address
      Step Y -> Select again anybody and show what writes.

      http://i.imgur.com/sGmBfTB.png

      First Result [ Find out what writes ]

      It's useless cause its only write 00 in our address
      Code:
      s4client.exe+3F3669 - mov [edx+00000154],00000000
      Seconds Result [ Find out what writes ]

      Code:
      s4client.exe+3F3DE6 - mov [eax+00000154],edx
      Oh its write edx in eax+154
      Lets break this and see what contains edx

      Notice [s4client.exe+3F3DE6 - mov [eax+00000154],edx] breakes only if select an enemy ( Team not )

      So do the same way for your team

      Code:
      s4client.exe+3F52CB - mov [edx+00000158],ecx
      in both storys edx and ecx contains the player class
      Player class contains infos about the player ( id, name, location etc...)

      Code:
      [edx+0x48] = Player ID
      http://i.imgur.com/Is4oWj0.png

      END

      Did an simple midfunc hook.

      Code:
      [ENABLE] // Enable
      alloc(newmem,128) // Alloc a Page [ Size = 128]
      alloc(RoomMasterFunc,64) // Alloc a Page [ Size = 64]
      label(returnhere) // Declare a label
      
      newmem: // The Code which should get execute
      mov [eax+00000154],edx
      call RoomMasterFunc
      jmp returnhere
      
      "s4client.exe"+3F3DE6: // Create the midfunc hook
      jmp newmem
      nop
      returnhere:
      
      RoomMasterFunc: // our SetRoomMasterFunc
      push 00
      mov ebx,[edx+48]
      push ebx
      call s4client.exe+AE3B0
      mov ecx,eax
      call s4client.exe+AF32C0
      retn
       
       
      [DISABLE] // Disable Code
      dealloc(newmem) // dealloc newmem
      dealloc(RoomMasterFunc) // dealloc RoomMasterFunc
      "s4client.exe"+3F3DE6: // Unhook our function
      mov [eax+00000154],edx
      http://i.imgur.com/Ngd146n.png

      Please comment what i can do better next time

    2. Thanks squeenie, flapnop thanked for this post
    3. #2
      Administrator
      Hacked By Jesus
       
      Reversing
       
      [GH]Rake's Avatar
      Join Date
      Jan 2014
      Location
      USA
      Posts
      2,871
      Thanks (-->)
      593
      Thanks (<--)
      867
      GuidedHacking Advertisements
      @FazeDaFapper welcome and thanks for the great tutorial!

    4. Thanks FazeDaFapper thanked for this post

    Similar Game Hacker Threads

    1. [Tutorial] 1337 undetectable crosshair hack
      By [GH]Rake in forum Game Hacking Tutorials
      Replies: 42
      Last Post: 12-16-2016, 07:31 PM
    2. [VideoTutorial] Operating System Basics
      By [GH]Rake in forum General Hacking Discussion
      Replies: 5
      Last Post: 10-06-2016, 08:13 PM
    3. [VideoTutorial] CoM Zombies - How To Hack Crosshair Coords in Android Games with Game Hacker
      By binomi in forum Binomi's Android Hacking
      Replies: 3
      Last Post: 04-21-2016, 10:55 AM
    4. [Help] Am I doing a correct approach?
      By louie in forum Hacking Help
      Replies: 11
      Last Post: 12-10-2015, 08:17 AM
    5. [Help] Memory Trigger or normal Trigger?
      By cleanlegend in forum Hacking Help
      Replies: 2
      Last Post: 09-23-2014, 04:48 AM