Hi all!
For those who have the same problem, i have found a workaround for this problem.
What i did is what follows:
1. I have found the adress of an enemy position.
2. Right click the address and click Find What Accesses This Address.
3. The disassembler will open.
4. Go back to the game and don't do anything and wait for 1 sec or 2 secs.
5. Go back to the disassembler and view the address that accesses the enemy position address.
6. Right click the address and click Go To... current tab.
7. You will see the code on the right.
8. Right click this code that accesses the enemy address and click auto-assemble
9. Go to Tools Menu -> Memory Allocator -> specified 2048 for the size and clicked Allocate It! and write down this address.
10. Then i injected this little code below. What it does is to create a counter in the first 4 bytes of this allocated memory. For the others 4 by 4 bytes, it will copy the addresses the game refers to in the game.
I my case, the allocated memory is at address [01480000].
And the code that access the players position is (fld dword ptr [esi+C0]), where it loads the Y position value.
- Code: Select all
Alloc( MyCode1, 2048 ) ; Allocate 2,048 bytes and store the allocated
Alloc( MyCode2, 2048 ) ; Allocate 2,048 bytes and store the allocated
Alloc( Continue, 2048 ) ; Allocate 2,048 bytes and store the allocated
Alloc( MyCode, 2048 ) ; Allocate 2,048 bytes and store the allocated address into MyCode, which we use as the location where our new code goes.
Label( OverwrittenCode ) ; The code that was overwritten by the JMP to MyCode will go here.
Label( Exit ) ; JMP here to exit our custom code and go back to the original code.
Label( Return ) ; The location of the next instruction of the original code.
FullAccess( CounterStrike2D.exe+0x000C3468, 2048 )
CounterStrike2D.exe+0x000C3468 :
jmp MyCode
nop
Return :
MyCode : ; The allocated address. Put your code after this.
push eax
push ebx
push ecx
xor eax, eax
xor ebx, ebx
xor ecx, ecx
mov ebx, [01480000] ;Move to EBX the value of the counter.
cmp byte ptr [01480000], F8h ;Compares is counter has reached it's limit, that is F8. (Just my choice, it can be up to 4bytes, but you won't need it to be so big.)
jbe MyCode1 ;Jump if it's below or equal
jg Continue ;Else jump to Continue
MyCode1 :
lea eax, dword ptr [esi+c0] ;Move to EAX the address at [ESI+C0]. ESI is the base pointer of a player. In this case, ESI+0C points the the Y position of the player.
cmp esi, [00595320] ;Compares to know if ESI is the same of my player. The base address of my player is 0x595320, Note that this adrress is static
je Continue ;Don't write if it's the same address.
jne MyCode2 ;If not equal, jump to the code that will write to the allocated memory.
MyCode2 :
add byte ptr [01480000], 4h ;Add 4h to the counter
mov ebx, [01480000] ;Move to EBX the value of the counter
lea ecx, dword ptr [01480000 + ebx] ;Move to ECX the address at [01440000 + value of counter]
mov dword ptr [ecx], eax ;Move to ECX the adress at [ESI+C0] (it could be just ESI, and you would be copying the base address of a player, so that the Y position would be at the [[address at ESI] + C0])
jmp Continue
Continue :
pop ebx
pop eax
pop ecx
OverwrittenCode : ; The overwritten code (code that was overwritten by the JMP to MyCode).
fld dword ptr [esi+C0]
Exit : ; Automatic JMP back to the original code, or you can JMP Return directly to avoid coming here.
jmp Return
now you just have to read the addresses in your allocated memory using a FOR, like below:
- Code: Select all
For $i=0x04 To 0xF8 Step x04
$PlayerYPositionAddr = $MemoryAllocated + $i
blablabla
Next
Everytime the game restarts, you can set the counter to Zero at the memory allocated address, and you will get the new pointers. I my case, i have to set the valou at address [01480000] to zero again.
You can try to make the auto-assemble code better by making it check to see if the address is already in the allocated memory, before writing it in the memory.
Hope it helps. It worked for me. This is the best i can do. Now everyone can make a working aimbot.