google-site-verification: googlebaca44933768a824.html Patch ingame radar - Old Royal Hack Forum

Announcement

Collapse
No announcement yet.

Patch ingame radar

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Patch ingame radar

    Hey good day everyone,

    Does anyone know how to code the hack for the ingame radar, so that all players are shown permanently on it?

    I'm thankful for any information or source code I can get. =)

    Regards,

    f4k3

    #2
    i know of a way to do this, and i am unsure of where this info kame from
    i got it given from Illusion, so pls give thanks to him for the share

    Code:
    if(main.m_pCheatCvars->radar_patch)
    {
    	BYTE NULL[2] = { 0x00, 0x00 };
    	BYTE NOP[1] = { 0x90 };
    	BYTE RSpectatorCheck[2] = { 0x74, 0x07 };
    	BYTE BRadarTeamCheck[2] = { 0x75, 0x4C };
    	BYTE RTeamCheck[2] = { 0x74, 0x4C };
    	BYTE B_mp_forcecamera[2] = { 0xEB, 0x1C };
    	BYTE R_mp_forcecamera[2] = { 0x74, 0x1C };
     
    	static bool bIsPatched = false;
    
    
    	if( !bIsPatched && main.m_pCheatCvars->radar_patch )
    	{
    	                
    		main.m_pBase->MemoryCopy( "client.dll", 0x4013EC, NULL, 2 );
    		main.m_pBase->MemoryCopy( "client.dll", 0x40147C, NULL, 2 );
    	               
    		main.m_pBase->MemoryCopy( "client.dll", 0x206E3B, B_mp_forcecamera, 2 );
    	 
    		main.m_pBase->MemoryCopy( "client.dll", 0x1FF0A8, BRadarTeamCheck, 2 );
    	 
    	               
    		main.m_pBase->MemoryCopy( "client.dll", 0x207890, NOP, 1 );
    		main.m_pBase->MemoryCopy( "client.dll", 0x207891, NOP, 1 );
    	 
    		bIsPatched = true;
    	}
    	if( bIsPatched && !main.m_pCheatCvars->radar_patch )
    	{
    		main.m_pBase->MemoryCopy( "client.dll", 0x207890, RSpectatorCheck, 2 );
    	 
    		main.m_pBase->MemoryCopy( "client.dll", 0x206E3B, R_mp_forcecamera, 2 );
    	 
    		main.m_pBase->MemoryCopy( "client.dll", 0x1FF0A8, RRadarTeamCheck, 2 );
    	 
    		bIsPatched = false;
    	}
    }
    i've never used this, i prefere to keep things dynamic, and this is all preset _asm...

    anyways, enjoy and good luck

    ka0s?
    //pls remove it this is a bit too C+P yeah

    sigpic

    -=[ http://kaos.99k.org ]=-

    czkb: yay but for now i still understand half of the half of the quarter of the half of what i must know.
    [email protected] (E-mail Address Not Verified) says:
    http://www.youtube.com/user/ka0s99k#p/f/70/iK9bhyl6B_E
    J says:
    can we please accomplish something

    Comment


      #3
      Awesome man, thanks a lot chaotix!

      Now the problem is only that I don't know and can't find the definition/implementation of the MemoryCopy() function.

      I was searching through the entire SDK and other pieces of source code I have, but unfortunately this function is nowhere declared.
      Seems like it was written for the specific hook only.

      Do you have any code about this MemoryCopy() function available?


      Regards and best wishes,

      f4k3

      Comment


        #4
        Code:
        void t00ls::MemoryCopy( char* szDllName, DWORD dwOffset, PBYTE Byte, int len )
        {
        	DWORD dwOld = 0x0;
        	HANDLE hSnapShot = INVALID_HANDLE_VALUE;
        	MODULEENTRY32 module32;
        	module32.dwSize = sizeof( MODULEENTRY32 );
        	hSnapShot = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, 0 );
        	if( hSnapShot != INVALID_HANDLE_VALUE )
        	{
        		if( Module32First( hSnapShot, &module32 ) )
        		{
        			while( Module32Next( hSnapShot, &module32 ) )
        			{
        				if(!strcmp( module32.szModule, szDllName ) )
        				{
        					VirtualProtect( PVOID( ( module32.modBaseAddr + dwOffset ) ), len,PAGE_EXECUTE_READWRITE,&dwOld);
        					memcpy( PVOID( ( module32.modBaseAddr + dwOffset ) ), Byte, len);
        					VirtualProtect( PVOID( ( module32.modBaseAddr + dwOffset ) ), len,dwOld,&dwOld);
        				}
        			}
        		}
        	}
        }

        Comment


          #5
          [QUOTE=chaotix;31713][...]i am unsure of where this info kame from[..]
          It was me but the MemoryCopy function were made by v3n0m4( at least he was it who shared it with me i think )

          //e: that's what i posted at ampaste

          Code:
          //set healthtags to 0
          //client.dll+4013EC
          //set tracks to 0
          //client.dll+40147C
          BYTE SetZero[2] = { 0x00, 0x00 };
          
          BYTE JMP_NEXT[2] = { 0xEB, 0x00 };
          
          BYTE RestoreXhair[6] = { 0x0F, 0x84, 0x2B, 0x05, 0x00, 0x00 };
          
          BYTE RestoreSpectatorCheck[2] = { 0x74, 0x07 };
          
          BYTE RestoreHealthEnable[2] = { 0x74, 0x1B };
          BYTE RestoreTrackEnable[2] = { 0x74, 0x14 };
          
          //change of 241ff0a8 - 74 4c  - je 241ff0f6 ->
          //241ff0a8 - 75 4c  - jne 241ff0f6
          BYTE BypassRadarTeamCheck[2] = { 0x75, 0x4C };
          BYTE RestoreRadarTeamCheck[2] = { 0x74, 0x4C };
          //change of 24206e3b - 74 1c  - je 24206e59 ->
          //change of 24206e3b - eb 1c  - jmp 24206e59
          BYTE Bypass_mp_forcecamera[2] = { 0xEB, 0x1C };
          BYTE Restore_mp_forcecamera[2] = { 0x74, 0x1C };
          //change of 24207906 - 75 08  - jne 24207910 ->
          //change of 24207906 - eb 08  - jmp 24207910
          BYTE BypassRadarTrackTeamCheck[2] = { 0xEB, 0x08 };
          BYTE RestoreRadarTrackTeamCheck[2] = { 0x75, 0x08 };
          //241CA4B8   0F84 41050000    JE client.241CA9FF
          //241CA4B8   E9 42050000      JMP client.241CA9FF
          //241CA4BD   90               NOP
          Last edited by aVitamin; 05-04-2008, 07:35 PM.
          I 0x90 you!

          Comment


            #6
            [quote=aVitamin;31745]
            Originally posted by chaotix View Post
            [...]i am unsure of where this info kame from[..]
            It was me but the MemoryCopy function were made by v3n0m4( at least he was it who shared it with me i think )

            //e: that's what i posted at ampaste

            Code:
            //set healthtags to 0
            //client.dll+4013EC
            //set tracks to 0
            //client.dll+40147C
            BYTE SetZero[2] = { 0x00, 0x00 };
            
            BYTE JMP_NEXT[2] = { 0xEB, 0x00 };
            
            BYTE RestoreXhair[6] = { 0x0F, 0x84, 0x2B, 0x05, 0x00, 0x00 };
            
            BYTE RestoreSpectatorCheck[2] = { 0x74, 0x07 };
            
            BYTE RestoreHealthEnable[2] = { 0x74, 0x1B };
            BYTE RestoreTrackEnable[2] = { 0x74, 0x14 };
            
            //change of 241ff0a8 - 74 4c  - je 241ff0f6 ->
            //241ff0a8 - 75 4c  - jne 241ff0f6
            BYTE BypassRadarTeamCheck[2] = { 0x75, 0x4C };
            BYTE RestoreRadarTeamCheck[2] = { 0x74, 0x4C };
            //change of 24206e3b - 74 1c  - je 24206e59 ->
            //change of 24206e3b - eb 1c  - jmp 24206e59
            BYTE Bypass_mp_forcecamera[2] = { 0xEB, 0x1C };
            BYTE Restore_mp_forcecamera[2] = { 0x74, 0x1C };
            //change of 24207906 - 75 08  - jne 24207910 ->
            //change of 24207906 - eb 08  - jmp 24207910
            BYTE BypassRadarTrackTeamCheck[2] = { 0xEB, 0x08 };
            BYTE RestoreRadarTrackTeamCheck[2] = { 0x75, 0x08 };
            //241CA4B8   0F84 41050000    JE client.241CA9FF
            //241CA4B8   E9 42050000      JMP client.241CA9FF
            //241CA4BD   90               NOP

            :1wub::1wub:

            Originally posted by Dead
            8 digit steam acount willing to trade for any steam acount that everey one knows as a hacker lmao or BANNED ON ALOT OF SERVERS.

            made by kimmi

            Comment


              #7
              Good evening guys,

              I finally got it to work!! :D

              Thanks a LOT for your great help! I really do appreciate it.
              I will make sure to add all of you to the list of my credits. =)


              Hope you enjoy the rest of the weekend!

              f4k3
              Last edited by f4k3; 05-04-2008, 08:34 PM.

              Comment


                #8
                Originally posted by chaotix View Post
                [...]i am unsure of where this info kame from[..]
                It was me but the MemoryCopy function were made by v3n0m4( at least he was it who shared it with me i think )

                lol no that wasnt from me (or my brain is bugged and i dont remember),
                but yeah funny thats exact same thing as the stuff included in leaked p7 i posted "all offset & var name".

                personally i do "(DWORD)GetModuleHandle("crap.dll") + offset" && memcpy...






                gibs coins @
                1KatP9B8KG7mvcoFhdLGua1isG88nYZE8C

                Comment


                  #9
                  Originally posted by 4m0n3v View Post
                  lol no that wasnt from me (or my brain is bugged and i dont remember),
                  but yeah funny thats exact same thing as the stuff included in leaked p7 i posted "all offset & var name".

                  personally i do "(DWORD)GetModuleHandle("crap.dll") + offset" && memcpy...
                  Many ppl are using it cuz i posted it on ampaste....some noobish guys shared the link thats why some many shitty hacks got it : s
                  I 0x90 you!

                  Comment


                    #10
                    Originally posted by aVitamin View Post
                    Many ppl are using it cuz i posted it on ampaste....some noobish guys shared the link thats why some many shitty hacks got it : s
                    anyway for radar i still do same thing since pretty long time now "no game update"
                    i just display all player no extra thing.

                    Code:
                    void plugin_esp::patch_Game_Radar()
                    {
                        if ( hack_func->nActualGameMod == GAME_COUNTER_STRIKE_SOURCE )
                        {            
                            DWORD clientBase    = phoenix_memory::GetModuleBaseAdress("client.dll");
                            if (clientBase)
                            {
                                void* m_pRadarPatch        = (void*)DWORD(clientBase + 0x1FF0A8);
                                if (m_pRadarPatch)
                                {
                                    ConVar* cl_radaralpha    =  plugin_game_interface::m_pCvar->FindVar( "cl_radaralpha" );
                    
                                    static bool patchednigg = false;
                                    if ( esp_radar->GetBool() && hack_func->you_can_draw() )
                                    {
                                        if (!patchednigg)
                                        {
                                            cl_radaralpha->SetValue(128.0f);            
                                            phoenix_memory::protected_memcpy(m_pRadarPatch,PVOID("xEBx00"),2);
                                            patchednigg = true;
                                        }
                                    } 
                                    else
                                    {
                                        if (patchednigg)
                                        {
                                            cl_radaralpha->SetValue(0.0f);
                                            phoenix_memory::protected_memcpy(m_pRadarPatch,PVOID("x74x4C"),2);
                                            patchednigg = false;
                                        }
                                    }
                                }
                            }
                        }
                    }






                    gibs coins @
                    1KatP9B8KG7mvcoFhdLGua1isG88nYZE8C

                    Comment


                      #11
                      I do it like this

                      PHP Code:
                      //241ff0a8 - 74 4c  - je 241ff0f6 ->
                      //241FF0A8 - eb 00  - jmp 241ff0aa

                      void cGameRadarHack::Initializevoid )
                      {
                          if( !
                      m_bInitialized )
                          {
                              
                      m_dwClientDLLHandle = (DWORD)GetModuleHandle"client" );
                              
                      add_log"cGameRadarHack::m_dwClientDLLHandle: %.8X"m_dwClientDLLHandle );

                              
                      m_bInitialized true;
                          }
                      }

                      void cGameRadarHack::PatchGameRadarbool bEnable )
                      {
                          if( 
                      bEnable )
                          {
                              if( !
                      m_bPatchedRadar )
                              {
                                  
                      gMemoryTools._memcpy( ( m_dwClientDLLHandle 0x1FF0A8 ), PBYTE("xEBx00"), );
                                  
                      m_bPatchedRadar true;
                              }
                          }
                          else
                          {
                              if( 
                      m_bPatchedRadar )
                              {
                                  
                      gMemoryTools._memcpy( ( m_dwClientDLLHandle 0x1FF0A8 ), PBYTE("x74x4C"), );
                                  
                      m_bPatchedRadar false;
                              }
                          }

                      // edit: oO v3n posted nearly same code lul
                      I 0x90 you!

                      Comment


                        #12
                        Originally posted by aVitamin View Post
                        // edit: oO v3n posted nearly same code lul

                        this was gave to me by anubis82 like 5 months ago approx @ same time renegade & fum1n said they made visual norecoil.
                        i bet it was again steal from you but only you u know.






                        gibs coins @
                        1KatP9B8KG7mvcoFhdLGua1isG88nYZE8C

                        Comment


                          #13
                          Originally posted by 4m0n3v View Post
                          same time renegade & fum1n said they made visual norecoil.
                          Hm how is the visual NoRecoil done?
                          Last edited by f4k3; 05-14-2008, 01:30 AM.

                          Comment


                            #14
                            Originally posted by f4k3 View Post
                            Hm how is the visual NoRecoil done?
                            originally
                            like that
                            nopaste: pastebin with syntax highlighting
                            nopaste: pastebin with syntax highlighting

                            but now
                            like that

                            Code:
                            static bool Visual_recoil = true;//aim_perfect_fire
                            void drawing::patch_visual_recoil()
                            {
                                BYTE x[1]            = {0xB0};
                                BYTE y[1]            = {0xB4};
                                BYTE z[1]            = {0xB8};
                                DWORD clientBase    = phoenix_memory::GetModuleBaseAdress("client.dll");
                                if (clientBase)
                                {
                                    void*m_pRecoilPatch[3]    = {(void*)0,(void*)0,(void*)0};
                                    m_pRecoilPatch[0]        = (void*)DWORD(clientBase + 0x192B4);//X
                                    m_pRecoilPatch[1]        = (void*)DWORD(clientBase + 0x192BE);//Y
                                    m_pRecoilPatch[2]        = (void*)DWORD(clientBase + 0x192CA);//Z
                            
                                    //hack_func->add_log("recoil x: 0x%X",(DWORD)m_pRecoilPatch[0]);
                                    //hack_func->add_log("recoil y: 0x%X",(DWORD)m_pRecoilPatch[1]);
                                    //hack_func->add_log("recoil z: 0x%X",(DWORD)m_pRecoilPatch[2]);
                            
                                    if ( m_pCvars->aim_norecoil_visual->GetBool() )
                                    {
                                        if(Visual_recoil)
                                        {
                                            //remove that annoying effect
                                            for( int i = 0; i < 3; i++ )
                                                phoenix_memory::protected_memcpy(m_pRecoilPatch[i],PVOID("x48")/*hi*/,1);
                            
                                            Visual_recoil = false;
                                        }
                                    }
                                    else 
                                    {
                                        if(!Visual_recoil)
                                        {
                                            //restore original
                                            phoenix_memory::protected_memcpy(m_pRecoilPatch[0],x,1);
                                            phoenix_memory::protected_memcpy(m_pRecoilPatch[1],y,1);
                                            phoenix_memory::protected_memcpy(m_pRecoilPatch[2],z,1);
                                            Visual_recoil = true;
                                        }
                                    }
                                }
                            }
                            
                            //static bool nospread = true;//aim_perfect_fire
                            void drawing::patch_client_spread()
                            {
                            //     BYTE x[1]        =  {0x86};
                            //     BYTE y[1]        =  {0xD9};
                            //     BYTE z[1]        =  {0x96};
                            // 
                            //     BYTE Patchx[1]    =  {0x9E};
                            //     BYTE Patchy[1]    =  {0x89};
                            //     BYTE Patchz[1]    =  {0x9E};
                            // 
                            //     DWORD clientBase    = phoenix_memory::GetModuleBaseAdress("client.dll");
                            //     if (clientBase)
                            //     {
                            //         void*m_pSpreadPatch[3]    = {(void*)0,(void*)0,(void*)0};
                            //         m_pSpreadPatch[0]        = (void*)DWORD(clientBase + 0x1E170A);//X
                            //         m_pSpreadPatch[1]        = (void*)DWORD(clientBase + 0x1E16F0);//Y
                            //         m_pSpreadPatch[2]        = (void*)DWORD(clientBase + 0x1E16F1);//Z
                            // 
                            //         //hack_func->add_log("spread x: 0x%X",(DWORD)m_pRecoilPatch[0]);
                            //         //hack_func->add_log("spread y: 0x%X",(DWORD)m_pRecoilPatch[1]);
                            //         //hack_func->add_log("spread z: 0x%X",(DWORD)m_pRecoilPatch[2]);
                            // 
                            //         if ( m_pCvars->aim_nospread->GetBool() )
                            //         {
                            //             if(nospread)
                            //             {
                            //                 //remove that annoying effect
                            //                 phoenix_memory::protected_memcpy(m_pSpreadPatch[0],Patchx,1);
                            //                 phoenix_memory::protected_memcpy(m_pSpreadPatch[1],Patchy,1);
                            //                 phoenix_memory::protected_memcpy(m_pSpreadPatch[2],Patchz,1);
                            //                 nospread = false;
                            //             }
                            //         }
                            //         else 
                            //         {
                            //             if(!nospread)
                            //             {
                            //                 //restore original
                            //                 phoenix_memory::protected_memcpy(m_pSpreadPatch[0],x,1);
                            //                 phoenix_memory::protected_memcpy(m_pSpreadPatch[1],y,1);
                            //                 phoenix_memory::protected_memcpy(m_pSpreadPatch[2],z,1);
                            //                 nospread = true;
                            //             }
                            //         }
                            //     }
                            }






                            gibs coins @
                            1KatP9B8KG7mvcoFhdLGua1isG88nYZE8C

                            Comment


                              #15
                              Ah cool, looks interesting. Thanks 4m0n3v!

                              Comment


                                #16
                                i allways have to laugh when i see this variable
                                PHP Code:
                                BYTE Gepatched[6] = { 0xD90x860x480x0B0x000x00 }; 
                                in german :D:D:D remember fum1n and reneg4d3 are english or something rifk.
                                I 0x90 you!

                                Comment


                                  #17
                                  Originally posted by aVitamin View Post
                                  i allways have to laugh when i see this variable
                                  PHP Code:
                                  BYTE Gepatched[6] = { 0xD90x860x480x0B0x000x00 }; 
                                  in german :D:D:D remember fum1n and reneg4d3 are english or something rifk.

                                  hehe yay rly true.

                                  ps:
                                  patching 1 byte is better :P
                                  Code:
                                  BYTE Gepatched[1] = { 0x48 };






                                  gibs coins @
                                  1KatP9B8KG7mvcoFhdLGua1isG88nYZE8C

                                  Comment


                                    #18
                                    Originally posted by 4m0n3v View Post
                                    hehe yay rly true.

                                    ps:
                                    patching 1 byte is better :P
                                    Code:
                                    BYTE Gepatched[1] = { 0x48 };
                                    Code:
                                    void cRecoil::PatchVisualRecoil( bool bEnable )
                                    {
                                    	if( bEnable )
                                    	{
                                    		if( !m_bPatchedVisualRecoil )
                                    		{
                                    			gMemoryTools._memcpy( ( m_dwClientDLLHandle + 0x192B4 ), PBYTE("x48"), 1 );
                                    			gMemoryTools._memcpy( ( m_dwClientDLLHandle + 0x192BE ), PBYTE("x48"), 1 );
                                    			gMemoryTools._memcpy( ( m_dwClientDLLHandle + 0x192CA ), PBYTE("x48"), 1 );
                                    			m_bPatchedVisualRecoil = true;
                                    		}
                                    	}
                                    	else
                                    	{
                                    		if( m_bPatchedVisualRecoil )
                                    		{
                                    			gMemoryTools._memcpy( ( m_dwClientDLLHandle + 0x192B4 ), PBYTE("xB0"), 1 );
                                    			gMemoryTools._memcpy( ( m_dwClientDLLHandle + 0x192BE ), PBYTE("xB4"), 1 );
                                    			gMemoryTools._memcpy( ( m_dwClientDLLHandle + 0x192CA ), PBYTE("xB8"), 1 );
                                    			m_bPatchedVisualRecoil = false;
                                    		}
                                    	}
                                    }
                                    :smiley_595:
                                    I 0x90 you!

                                    Comment


                                      #19
                                      mmmm nice, sad it got leaked ^^ make a VIP section for coders? :) ... -.-...
                                      Chiroz - 41 64 61 6D

                                      Comment


                                        #20
                                        Originally posted by Chiroz View Post
                                        mmmm nice, sad it got leaked ^^ make a VIP section for coders? :) ... -.-...
                                        fuck off

                                        Comment


                                          #21
                                          Originally posted by aVitamin View Post
                                          Code:
                                          void cRecoil::PatchVisualRecoil( bool bEnable )
                                          {
                                              if( bEnable )
                                              {
                                                  if( !m_bPatchedVisualRecoil )
                                                  {
                                                      gMemoryTools._memcpy( ( m_dwClientDLLHandle + 0x192B4 ), PBYTE("x48"), 1 );
                                                      gMemoryTools._memcpy( ( m_dwClientDLLHandle + 0x192BE ), PBYTE("x48"), 1 );
                                                      gMemoryTools._memcpy( ( m_dwClientDLLHandle + 0x192CA ), PBYTE("x48"), 1 );
                                                      m_bPatchedVisualRecoil = true;
                                                  }
                                              }
                                              else
                                              {
                                                  if( m_bPatchedVisualRecoil )
                                                  {
                                                      gMemoryTools._memcpy( ( m_dwClientDLLHandle + 0x192B4 ), PBYTE("xB0"), 1 );
                                                      gMemoryTools._memcpy( ( m_dwClientDLLHandle + 0x192BE ), PBYTE("xB4"), 1 );
                                                      gMemoryTools._memcpy( ( m_dwClientDLLHandle + 0x192CA ), PBYTE("xB8"), 1 );
                                                      m_bPatchedVisualRecoil = false;
                                                  }
                                              }
                                          }
                                          :smiley_595:
                                          windows calculator -> scientific display -> hex -> d-mot == win

                                          lulz






                                          gibs coins @
                                          1KatP9B8KG7mvcoFhdLGua1isG88nYZE8C

                                          Comment


                                            #22
                                            Code:
                                            #define DWORD dmot
                                            I 0x90 you!

                                            Comment


                                              #23
                                              Originally posted by aVitamin View Post
                                              Code:
                                              #define DWORD dmot

                                              windef.h

                                              typedef unsigned long DWORD;






                                              gibs coins @
                                              1KatP9B8KG7mvcoFhdLGua1isG88nYZE8C

                                              Comment

                                              Working...
                                              X