Легенда форума
-
Автор темы
- #1
Привет. Собственно, решил поделиться с вами исходником чита для блокады.
Сам чит был в виде таблицы для Cheat Engine, но сейчас нуждается в обновлении. Думаю, кто разбирается в геймхакинге это сделать не составит труда.
Языки: LUA с asm вставками.
Сами исходники функций:
All credits to AssHack (не ручаюсь за нынешнюю администрацию)
Сам чит был в виде таблицы для Cheat Engine, но сейчас нуждается в обновлении. Думаю, кто разбирается в геймхакинге это сделать не составит труда.
Языки: LUA с asm вставками.
Сами исходники функций:
C-like:
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(aim,2048)
label(returnhere)
label(head)
label(RemotePlayersController_image)
label(RemotePlayersController_name)
label(RemotePlayersController_namespace)
label(String_image)
label(String_name)
label(String_namespace)
label(String_Format)
label(String_Format_args)
label(String_Format_arg_0)
label(String_Format_arg_1)
label(String_Format_arg_2)
label(format)
label(UnityEngine_Physics_image)
label(UnityEngine_Physics_name)
label(UnityEngine_Physics_namespace)
label(UnityEngine_Physics_Linecast)
label(UnityEngine_Physics_Linecast_args)
label(UnityEngine_Physics_Linecast_arg_0)
label(UnityEngine_Physics_Linecast_arg_1)
label(UnityEngine_Physics_Linecast_arg_2)
label(UnityEngine_Physics_Linecast_arg_3)
label(jump_for_continue)
label(jump_for_break)
label(jump_for_start)
label(System_Type_image)
label(System_Type_name)
label(System_Type_namespace)
label(HitBoxData_image)
label(HitBoxData_name)
label(HitBoxData_namespace)
label(WeaponSystem_image)
label(WeaponSystem_name)
label(WeaponSystem_namespace)
label(UnityEngine_Transform_name)
label(UnityEngine_Transform_namespace)
label(UnityEngine_Transform_image)
label(UnityEngine_Transform_LookAt)
label(UnityEngine_Transform_LookAt_args)
label(UnityEngine_Transform_LookAt_arg_0)
label(System_Reflection_MethodInfo_image)
label(System_Reflection_MethodInfo_name)
label(System_Reflection_MethodInfo_namespace)
label(System_Reflection_MethodInfo_MakeGenericMethod)
label(System_Reflection_MethodInfo_MakeGenericMethod_args)
label(System_Reflection_MethodInfo_MakeGenericMethod_arg_0)
label(formatStr)
label(RemotePlayersController_class)
label(WeaponSystem_Class)
label(HitBoxData_Class)
label(System_Type_Class)
label(vp_FPWeaponShooter_Class)
label(UnityEngine_Object_FindObjectOfType_Method)
label(NoGetRemotePlayersControllerClass)
label(NoGetWeaponSystem)
label(NoGetHitBoxData)
label(NoGetSystem_Type)
label(UnityEngine_Physics_Linecast_Method)
label(System_Reflection_MethodInfo_MakeGeneric_Method)
label(String_Format_Method)
label(UnityEngine_Transform_LookAt_Method)
label(UnityEngine_GameObject_GetComponent_Method)
label(NoGetUnityEngine_Physics_Linecast)
label(NoGetSystem_Reflection_MethodInfo_MakeGeneric)
label(NoGetString_Format)
label(NoGetUnityEngine_Transform_LookAt)
label(NoGetUnityEngine_GameObject_GetComponent)
label(NoGetUnityEngine_Object_FindObjectOfType)
//-4 myTeam
//-8 BotsGmObj
//-C PlayerObjStr
//-10 HeadStr, cameraTransform
//-14 formatStr
//-1C playerPosition, transformEulerAngles
//-28 cameraPosition
//-54 raycast
//-58 GameObjectClass, vp_camera
//-5C GetComponentMethodInfo
//-60 array
//-64 GameObject
aim:
push ebp
mov ebp,esp
sub esp,64
push esi
push edi
push ebx
mov eax,[RemotePlayersController_class]
test eax,eax
jne NoGetRemotePlayersControllerClass
push RemotePlayersController_name
push RemotePlayersController_namespace
push RemotePlayersController_image
call GetIl2CppClass
add esp,0C
mov [RemotePlayersController_class],eax
NoGetRemotePlayersControllerClass:
mov esi,[ebp+8] //vp_FPController
mov esi,[esi+74] //Client
cmp [esi+54],0
je jump_for_break
mov esi,[esi+C] //Client->myIndex
cmp esi,FFFFFFFF
je jump_for_break
mov eax,[eax+5C] //RemotePlayersController->static_fields
mov eax,[eax] //static_fields->THIS
mov edi,[eax+18] //THIS->BotsGmObj
mov [ebp-8],edi
mov edi,[eax+38] //THIS->RemoteBotsList
mov eax,[edi+esi*4+10] //RemoteBotsList->array[Client->myIndex]
mov al,[eax+88] //array[Client->myIndex]->Team
mov [ebp-4],al
xor esi,esi
jump_for_start:
cmp esi,20 //for (int i = 0; i < 32; i++)
je jump_for_break
mov ecx,[edi+esi*4+10] //RemoteBotsList->array[i]
test ecx,ecx
je jump_for_continue
mov al,[ecx+88] //array[i]->Team
mov bl,[ebp-4] //myTeam
cmp al,bl //if (myTeam == array[i]->Team)
je jump_for_continue
mov al,[ecx+18] //array[i]->Dead
cmp al,1 //if (array[i]->Dead != 1)
je jump_for_continue
mov eax,[ecx+D4] //array[i]->botPoser
mov al,[eax+50] //botPoser->isProtected
test al,al //if (!botPoser->isProtected)
jne jump_for_continue
mov eax,[ebp-8] //BotsGmObj
mov eax,[eax+esi*4+10] //BotsGmObj->array[i]
test eax,eax
je jump_for_continue
push eax
call UnityEngine.Object.get_name //BotsGmObj->array[i]->get_name()
add esp,4
mov [ebp-C],eax
push format
call GameAssembly.il2cpp_string_new //il2cpp_string_new(head)
add esp,4
mov [ebp-14],eax
push head
call GameAssembly.il2cpp_string_new //il2cpp_string_new(head)
add esp,4
mov [ebp-10],eax
mov eax,[String_Format_Method]
test eax,eax
jne NoGetString_Format
push String_name
push String_namespace
push String_image
call GetIl2CppClass
add esp,C
push String_Format_args
push String_Format
push eax
call GetIl2CppMethod
add esp,C
mov [String_Format_Method],eax
NoGetString_Format:
mov eax,[eax]
push [ebp-10]
push [ebp-C]
push [ebp-14]
call eax
add esp,8
push eax
call UnityEngine.GameObject.Find
add esp,4
push eax
call UnityEngine.GameObject.get_transform
add esp,4
push eax
lea eax,[ebp-1C]
push eax
call UnityEngine.Transform.get_position
add esp,8
call UnityEngine.Camera.get_main
add esp,4
push eax
call UnityEngine.Component.get_transform
add esp,4
push eax
lea eax,[ebp-28]
push eax
call UnityEngine.Transform.get_position
add esp,8
mov eax,[UnityEngine_Physics_Linecast_Method]
test eax,eax
jne NoGetUnityEngine_Physics_Linecast
push UnityEngine_Physics_name
push UnityEngine_Physics_namespace
push UnityEngine_Physics_image
call GetIl2CppClass
add esp,C
push UnityEngine_Physics_Linecast_args
push UnityEngine_Physics_Linecast
push eax
call GetIl2CppMethod
add esp,C
mov [UnityEngine_Physics_Linecast_Method],eax
NoGetUnityEngine_Physics_Linecast:
mov ecx,[eax]
lea eax,[ebp-54]
push 100501
push eax
push [ebp-14]
push [ebp-18]
push [ebp-1C]
push [ebp-20]
push [ebp-24]
push [ebp-28]
call ecx
add esp,20
cmp al,0
je jump_for_continue
lea eax,[ebp-54]
mov eax,[eax+28]
push eax
call UnityEngine.Object.FindObjectFromInstanceID
add esp,4
push eax
call UnityEngine.Component.get_gameObject
mov [ebp-64],eax
add esp,4
mov eax,[UnityEngine_GameObject_GetComponent_Method]
test eax,eax
jne NoGetUnityEngine_GameObject_GetComponent
push UnityEngine_GameObject_name
push UnityEngine_GameObject_namespace
push UnityEngine_GameObject_image
call GetIl2CppClass
mov [ebp-58],eax
add esp,C
push 00
push UnityEngine_GameObject_GetComponent
push eax
call GetIl2CppMethod
add esp,C
mov [UnityEngine_GameObject_GetComponent_Method],eax
NoGetUnityEngine_GameObject_GetComponent:
push [ebp-58]
push eax
call GameAssembly.il2cpp_method_get_object
add esp,8
mov [ebp-5C],eax
mov eax,[System_Type_Class]
test eax,eax
jne NoGetSystem_Type
push System_Type_name
push System_Type_namespace
push System_Type_image
mov [System_Type_Class],eax
call GetIl2CppClass
add esp,C
mov [System_Type_Class],eax
NoGetSystem_Type:
push 1
push eax
call GameAssembly.il2cpp_array_new
add esp,8
mov [ebp-60],eax
mov eax,[HitBoxData_Class]
test eax,eax
jne NoGetHitBoxData
push HitBoxData_name
push HitBoxData_namespace
push HitBoxData_image
call GetIl2CppClass
add esp,C
mov [HitBoxData_Class],eax
NoGetHitBoxData:
push eax
call GameAssembly.il2cpp_class_get_type
add esp,4
push eax
call System.Type.internal_from_handle
add esp,4
mov ecx,[ebp-60]
mov [ecx+10],eax
mov eax,[System_Reflection_MethodInfo_MakeGeneric_Method]
test eax,eax
jne NoGetSystem_Reflection_MethodInfo_MakeGeneric
push System_Reflection_MethodInfo_name
push System_Reflection_MethodInfo_namespace
push System_Reflection_MethodInfo_image
call GetIl2CppClass
add esp,C
push System_Reflection_MethodInfo_MakeGenericMethod_args
push System_Reflection_MethodInfo_MakeGenericMethod
push eax
call GetIl2CppMethod
add esp,C
mov [System_Reflection_MethodInfo_MakeGeneric_Method],eax
NoGetSystem_Reflection_MethodInfo_MakeGeneric:
push eax
push [ebp-5C]
call il2cpp_object_get_virtual_method
add esp,4
push [ebp-60]
push [ebp-5C]
mov eax,[eax]
call eax
add esp,8
push eax
call GameAssembly.il2cpp_method_get_from_reflection
add esp,4
push 0
push 0
push [ebp-64]
push eax
call GameAssembly.il2cpp_runtime_invoke
add esp,10
test eax,eax
je jump_for_continue
mov eax,[eax+0C]
cmp eax,esi
jne jump_for_continue
mov eax,[WeaponSystem_Class]
test eax,eax
jne NoGetWeaponSystem
push WeaponSystem_name
push WeaponSystem_namespace
push WeaponSystem_image
call GetIl2CppClass
add esp,C
mov [WeaponSystem_Class],eax
NoGetWeaponSystem:
mov eax,[eax+5C]
mov eax,[eax]
mov eax,[eax+14]
mov [ebp-58],eax
push eax
call UnityEngine.Component.get_transform
add esp,4
mov [ebp-10],eax
mov eax,[UnityEngine_Transform_LookAt_Method]
test eax,eax
jne NoGetUnityEngine_Transform_LookAt
push UnityEngine_Transform_name
push UnityEngine_Transform_namespace
push UnityEngine_Transform_image
call GetIl2CppClass
add esp,C
push UnityEngine_Transform_LookAt_args
push UnityEngine_Transform_LookAt
push eax
call GetIl2CppMethod
add esp,C
mov [UnityEngine_Transform_LookAt_Method],eax
NoGetUnityEngine_Transform_LookAt:
push [ebp-4C]
push [ebp-50]
push [ebp-54]
push [ebp-10]
mov eax,[eax]
call eax
add esp,10
lea eax,[ebp-1C]
push [ebp-10]
push eax
call UnityEngine.Transform.get_eulerAngles
add esp,8
push 1
push 1
push [ebp-18]
push [ebp-1C]
push [ebp-58]
call vp_FPCamera.SetRotation
add esp,14
mov eax,[UnityEngine_Object_FindObjectOfType_Method]
test eax,eax
jne NoGetUnityEngine_Object_FindObjectOfType
push UnityEngine_Object_name
push UnityEngine_Object_namespace
push UnityEngine_Object_image
call GetIl2CppClass
mov [ebp-58],eax
add esp,C
push 00
push UnityEngine_Object_FindObjectOfType
push eax
call GetIl2CppMethod
add esp,C
mov [UnityEngine_Object_FindObjectOfType_Method],eax
NoGetUnityEngine_Object_FindObjectOfType:
push [ebp-58]
push eax
call GameAssembly.il2cpp_method_get_object
add esp,8
mov [ebp-5C],eax
mov eax,[System_Type_Class]
push 1
push eax
call GameAssembly.il2cpp_array_new
add esp,8
mov [ebp-60],eax
mov eax,[vp_FPWeaponShooter_Class]
test eax,eax
jne NoGetvp_FPWeaponShooter
push vp_FPWeaponShooter_name
push vp_FPWeaponShooter_namespace
push vp_FPWeaponShooter_image
call GetIl2CppClass
add esp,C
mov [vp_FPWeaponShooter_Class],eax
NoGetvp_FPWeaponShooter:
push eax
call GameAssembly.il2cpp_class_get_type
add esp,4
push eax
call System.Type.internal_from_handle
add esp,4
mov ecx,[ebp-60]
mov [ecx+10],eax
mov eax,[System_Reflection_MethodInfo_MakeGeneric_Method]
push eax
push [ebp-5C]
call il2cpp_object_get_virtual_method
add esp,4
push [ebp-60]
push [ebp-5C]
mov eax,[eax]
call eax
add esp,8
push eax
call GameAssembly.il2cpp_method_get_from_reflection
add esp,4
push 0
push 0
push [ebp-64]
push eax
call GameAssembly.il2cpp_runtime_invoke
add esp,10
test eax,eax
je jump_for_continue
push eax
call vp_FPWeaponShooter.TryFire
add esp,4
jmp jump_for_break
jump_for_continue:
inc esi //i++
jmp jump_for_start
jump_for_break:
pop ebx
pop edi
pop esi
mov esp,ebp
pop ebp
push ebp
mov ebp,esp
push esi
mov esi,[ebp+08]
jmp returnhere
UnityEngine_Object_FindObjectOfType_Method:
dd 00000000
headStr:
dd 00000000
formatStr:
dd 00000000
vp_FPWeaponShooter_Class:
dd 00000000
HitBoxData_Class:
dd 00000000
System_Type_Class:
dd 00000000
UnityEngine_GameObject_GetComponent_Method:
dd 00000000
UnityEngine_Physics_Linecast_Method:
dd 00000000
System_Reflection_MethodInfo_MakeGeneric_Method:
dd 00000000
WeaponSystem_Class:
dd 00000000
String_Format_Method:
dd 00000000
RemotePlayersController_class:
dd 00000000
UnityEngine_Transform_LookAt_Method:
dd 00000000
vp_FPWeaponShooter_image:
db 'Assembly-CSharp.dll'
db 00
vp_FPWeaponShooter_name:
db 'vp_FPWeaponShooter'
db 00
vp_FPWeaponShooter_namespace:
db 00
WeaponSystem_image:
db 'Assembly-CSharp.dll'
db 00
WeaponSystem_name:
db 'WeaponSystem'
db 00
WeaponSystem_namespace:
db 00
System_Type_image:
db 'mscorlib.dll'
db 00
System_Type_name:
db 'Type'
db 00
System_Type_namespace:
db 'System'
db 00
HitBoxData_image:
db 'Assembly-CSharp.dll'
db 00
HitBoxData_name:
db 'HitBoxData'
db 00
HitBoxData_namespace:
db 00
UnityEngine_Transform_image:
db 'UnityEngine.CoreModule.dll'
db 00
UnityEngine_Transform_name:
db 'Transform'
db 00
UnityEngine_Transform_namespace:
db 'UnityEngine'
db 00
UnityEngine_Transform_LookAt:
db 'LookAt'
db 00
UnityEngine_Transform_LookAt_args:
db 1
dd UnityEngine_Transform_LookAt_arg_0
UnityEngine_Transform_LookAt_arg_0:
db 'UnityEngine.Vector3'
db 00
UnityEngine_GameObject_image:
db 'UnityEngine.CoreModule.dll'
db 00
UnityEngine_GameObject_name:
db 'GameObject'
db 00
UnityEngine_GameObject_namespace:
db 'UnityEngine'
db 00
UnityEngine_Object_image:
db 'UnityEngine.CoreModule.dll'
db 00
UnityEngine_Object_name:
db 'Object'
db 00
UnityEngine_Object_namespace:
db 'UnityEngine'
db 00
UnityEngine_GameObject_GetComponent:
db 'GetComponent'
db 00
UnityEngine_Object_FindObjectOfType:
db 'FindObjectOfType'
db 00
UnityEngine_Physics_image:
db 'UnityEngine.PhysicsModule.dll'
db 00
UnityEngine_Physics_name:
db 'Physics'
db 00
UnityEngine_Physics_namespace:
db 'UnityEngine'
db 00
UnityEngine_Physics_Linecast:
db 'Linecast'
db 00
UnityEngine_Physics_Linecast_args:
db 00000004
dd UnityEngine_Physics_Linecast_arg_0
dd UnityEngine_Physics_Linecast_arg_1
dd UnityEngine_Physics_Linecast_arg_2
dd UnityEngine_Physics_Linecast_arg_3
UnityEngine_Physics_Linecast_arg_0:
db 'UnityEngine.Vector3'
db 00
UnityEngine_Physics_Linecast_arg_1:
db 'UnityEngine.Vector3'
db 00
UnityEngine_Physics_Linecast_arg_2:
db 'UnityEngine.RaycastHit&'
db 00
UnityEngine_Physics_Linecast_arg_3:
db 'System.Int32'
db 00
RemotePlayersController_image:
db 'Assembly-CSharp.dll'
db 00
RemotePlayersController_name:
db 'RemotePlayersController'
db 00
RemotePlayersController_namespace:
db 00
System_Reflection_MethodInfo_image:
db 'mscorlib.dll'
db 00
System_Reflection_MethodInfo_name:
db 'MethodInfo'
db 00
System_Reflection_MethodInfo_namespace:
db 'System.Reflection'
db 00
System_Reflection_MethodInfo_MakeGenericMethod:
db 'MakeGenericMethod'
db 00
System_Reflection_MethodInfo_MakeGenericMethod_args:
db 1
dd System_Reflection_MethodInfo_MakeGenericMethod_arg_0
System_Reflection_MethodInfo_MakeGenericMethod_arg_0:
db 'System.Type[]'
db 00
String_image:
db 'mscorlib.dll'
db 00
String_name:
db 'String'
db 00
String_namespace:
db 'System'
db 00
String_Format:
db 'Format'
db 00
String_Format_args:
db 00000003
dd String_Format_arg_0
dd String_Format_arg_1
dd String_Format_arg_2
String_Format_arg_0:
db 'System.String'
db 00
String_Format_arg_1:
db 'System.Object'
db 00
String_Format_arg_2:
db 'System.Object'
db 00
format:
db '{0}{1}'
db 00
head:
db '/Bip001/Bip001 Pelvis/Bip001 Spine/Bip001 Neck/Bip001 Head/Cap'
db 00
headstr:
vp_FPController.Update:
jmp aim
nop 2
returnhere:
[DISABLE]
dealloc(aim)
vp_FPController.Update:
push ebp
mov ebp,esp
push esi
mov esi,[ebp+08]
C-like:
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(returnhere2)
label(showAllPlayer)
label(colorEsp)
label(equal)
label(nequal)
newmem:
showAllPlayer:
mov dl,[eax+88]
cmp dl,[eax+88]
jmp returnhere
colorEsp:
mov eax, [GameAssembly.dll+1e718c8] //BotsController
mov eax, [eax+5c]
mov eax, [eax]
mov eax, [eax+38]
mov ebx, [ebp+08]
mov ebx, [ebx+38]
mov ebx, [ebx+0c]
mov ebx, [eax+ebx*4+10]
mov bl, [ebx+88]
mov ecx, [ebp+0c]
mov eax, [eax+ecx*4+10]
mov al, [eax+88]
cmp al, bl
je equal
push 1
jmp nequal
equal:
push 0
nequal:
push 0
sub esp,0c
jmp returnhere2
MiniMap.UpdPlayer+17c:
jmp newmem
nop 4
returnhere:
MiniMap.UpdPlayer+30A:
jmp colorEsp
nop 2
returnhere2:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
MiniMap.UpdPlayer+17c:
mov dl,[ebp-01]
cmp dl,[eax+88]
MiniMap.UpdPlayer+30A:
push 0
push 0
sub esp,0c
//Alt: db 8A 55 FF 3A 50 14
C-like:
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode:
mov, [edi+28], 00
mov, [edi+2c], 00
movss xmm0,[edi+28]
exit:
jmp returnhere
vp_FPWeaponReloader.GUIDrawReload+3E:
jmp newmem
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
vp_FPWeaponReloader.GUIDrawReload+3E:
movss xmm0,[edi+28]
//Alt: db F3 0F 10 47 28
C-like:
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode:
mov [edi+60], 00
mov [edi+64], 00
mov [edi+74], 00
mov [edi+6c], 1000
mov esi,[edi+000000FC]
exit:
jmp returnhere
vp_FPWeaponShooter.TryFire+7f:
jmp newmem
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
vp_FPWeaponShooter.TryFire+7f:
mov esi,[edi+000000FC]
//Alt: db A1 68 32 77 7A
C-like:
[ENABLE]
APIScript.InitAPI:
ret
APIScript.Start:
ret
APIScript.UpdateMyStats:
ret
Handler.ShareScreenshot:
mov eax, 00000000
ret
[DISABLE]
C-like:
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode:
mov al,1
mov [edx+ecx+10],al
exit:
jmp returnhere
Client.send_damage+B1:
jmp newmem
nop 2
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
Client.send_damage+B1:
mov al,[ebp+14]
mov [edx+ecx+10],al
//Alt: db 8A 45 14 88 44 0A 10
C-like:
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode:
push 447a0000
call UnityEngine.RenderSettings.set_fogEndDistance
add esp, 04
mov eax,fs:[00000000]
exit:
jmp returnhere
Client.Update+A:
jmp newmem
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
Client.Update+A:
mov eax,fs:[00000000]
//Alt: db 64 A1 00 00 00 00
C-like:
[ENABLE]
alloc(newmem,2048)
label(assemblies)
label(il2cpp_init_for_jump_continue)
label(size_images)
registersymbol(assemblies)
createthread(newmem)
label(strlen)
label(strlen_for_jump_continue)
label(strcmp)
label(strcmp_for_jump_continue)
label(strcmp_jump_exit)
label(strcmp_jump_exit_false)
label(strcmp_jump_exit_true)
label(GetIl2CppClass_for_jump_continue)
label(GetIl2CppClass_for_jump_exit)
label(GetIl2CppClass_jump_exit)
label(GetIl2CppClass)
registersymbol(GetIl2CppClass)
label(GetIl2CppMethod_jump_for_continue)
label(GetIl2CppMethod_jump_arg_null)
label(GetIl2CppMethod_jump_str_equal)
label(GetIl2CppMethod_jump_exit)
label(GetIl2CppMethod_jump_while)
label(GetIl2CppMethod)
registersymbol(GetIl2CppMethod)
newmem:
push ebp
mov ebp,esp
sub esp,04
call GameAssembly.il2cpp_domain_get
lea ebx,[ebp-04]
push ebx
push eax
call GameAssembly.il2cpp_domain_get_assemblies
add esp,08
mov edi,eax
mov ebx,[ebp-04]
mov [size_images],ebx
xor esi,esi
il2cpp_init_for_jump_continue:
push [edi+esi*4]
call GameAssembly.il2cpp_assembly_get_image
add esp,04
mov [assemblies+esi*4],eax
inc esi
cmp esi,ebx
jne il2cpp_init_for_jump_continue
mov esp, ebp
pop ebp
ret
GetIl2CppMethod:
push ebp
mov ebp,esp
sub esp,08
push ebx
push esi
push edi
push ecx
mov [ebp-4],0
mov [ebp-8],0
GetIl2CppMethod_jump_while:
lea ebx,[ebp-4]
push ebx
push [ebp+8]
call GameAssembly.il2cpp_class_get_methods
add esp,8
mov esi,eax
test esi,esi
je GetIl2CppMethod_jump_exit
push [ebp+C]
mov eax,[esi+8]
push eax
call strcmp
add esp,8
cmp al,1
je GetIl2CppMethod_jump_str_equal
jmp GetIl2CppMethod_jump_while
GetIl2CppMethod_jump_str_equal:
mov eax,[ebp+10]
test eax,eax
je GetIl2CppMethod_jump_arg_null
mov al,[eax]
xor ecx,ecx
mov cl,[esi+2A]
mov [ebp-08],cl
cmp al,cl
jne GetIl2CppMethod_jump_while
xor edi,edi
GetIl2CppMethod_jump_for_continue:
mov ecx,[ebp-08]
cmp ecx,edi
je GetIl2CppMethod_jump_exit
mov ebx,edi
mov eax,10
mul ebx
mov ebx,eax
mov eax,[esi+14]
push [eax+ebx+0C]
call GameAssembly.il2cpp_type_get_name
add esp,04
push eax
mov eax,[ebp+10]
push [eax+edi*4+1]
call strcmp
add esp,08
test al,al
je GetIl2CppMethod_jump_while
inc edi
jmp GetIl2CppMethod_jump_for_continue
GetIl2CppMethod_jump_arg_null:
mov al,[esi+2A]
test al,al
je GetIl2CppMethod_jump_exit
jmp GetIl2CppMethod_jump_while
GetIl2CppMethod_jump_exit:
mov eax,esi
pop ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
ret
GetIl2CppClass:
push ebp
mov ebp,esp
push esi
xor esi,esi
GetIl2CppClass_for_jump_continue:
mov eax,[ebp+08]
push eax
mov eax,[assemblies+esi*4]
mov eax,[eax]
push eax
call strcmp
add esp,08
cmp eax,1
je GetIl2CppClass_for_jump_exit
inc esi
mov eax,[size_images]
cmp esi,eax
jne GetIl2CppClass_for_jump_continue
xor eax, eax
jmp GetIl2CppClass_jump_exit
GetIl2CppClass_for_jump_exit:
mov eax,[assemblies+esi*4]
push [ebp+10]
push [ebp+0C]
push eax
call GameAssembly.il2cpp_class_from_name
add esp,0C
GetIl2CppClass_jump_exit:
pop esi
mov esp, ebp
pop ebp
ret
strcmp:
push ebp
mov ebp,esp
push ebx
push esi
push [ebp+08]
call strlen
add esp,04
mov ebx,eax
push [ebp+0C]
call strlen
add esp,04
mov ecx,eax
cmp ebx,ecx
jne strcmp_jump_exit_false
xor esi,esi
strcmp_for_jump_continue:
mov eax,[ebp+08]
mov ebx,[ebp+0C]
mov al,[eax+esi]
mov bl,[ebx+esi]
cmp al,bl
jne strcmp_jump_exit_false
inc esi
cmp esi,ecx
jne strcmp_for_jump_continue
jmp strcmp_jump_exit_true
strcmp_jump_exit_false:
mov eax,0
jmp strcmp_jump_exit
strcmp_jump_exit_true:
mov eax,1
strcmp_jump_exit:
pop esi
pop ebx
mov esp, ebp
pop ebp
ret
strlen:
push ebp
mov ebp,esp
push ebx
xor ebx,ebx
strlen_for_jump_continue:
mov eax,[ebp+08]
mov al,[eax+ebx]
inc ebx
cmp al,00
jne strlen_for_jump_continue
mov eax,ebx
pop ebx
mov esp,ebp
pop ebp
ret
size_images:
dd 00000000
assemblies:
[DISABLE]
dealloc(newmem)
unregistersymbol(assemblies)
unregistersymbol(GetIl2CppClass)
unregistersymbol(GetIl2CppMethod)
C-like:
[ENABLE]
alloc(newmem,2048)
label(UnityEngine_Transform_name)
label(UnityEngine_Transform_namespace)
label(UnityEngine_Transform_image)
label(UnityEngine_Transform_LookAt)
label(UnityEngine_Transform_LookAt_args)
label(UnityEngine_Transform_LookAt_arg_0)
label(test)
registersymbol(test)
newmem:
test:
push ebp
mov ebp,esp
push UnityEngine_Transform_name
push UnityEngine_Transform_namespace
push UnityEngine_Transform_image
call GetIl2CppClass
add esp,C
push UnityEngine_Transform_LookAt_args
push UnityEngine_Transform_LookAt
push eax
call GetIl2CppMethod
add esp,C
mov esp,ebp
pop ebp
ret
UnityEngine_Transform_image:
db 'UnityEngine.CoreModule.dll'
db 00
UnityEngine_Transform_name:
db 'Transform'
db 00
UnityEngine_Transform_namespace:
db 'UnityEngine'
db 00
UnityEngine_Transform_LookAt:
db 'LookAt'
db 00
UnityEngine_Transform_LookAt_args:
db 1
dd UnityEngine_Transform_LookAt_arg_0
UnityEngine_Transform_LookAt_arg_0:
db 'UnityEngine.Vector3'
db 00
[DISABLE]
dealloc(newmem)
unregistersymbol(test)
C-like:
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
label(size)
label(for)
registersymbol(size)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode:
push ebp
mov ebp, esp
push esi
push eax
xor esi, esi
for:
mov eax, [GameAssembly.dll+1e718c8] //BotsController
mov eax, [eax+5c]
mov eax, [eax]
mov eax, [eax+18]
mov eax, [eax+esi*4+10]
push eax
call UnityEngine.GameObject.get_transform
add esp, 04
push [size]
push [size]
push [size]
push eax
call UnityEngine.Transform.set_localScale
add esp, 10
inc esi
cmp esi, 20
jne for
pop eax
pop esi
mov esp, ebp
pop ebp
push eax
mov fs:[00000000],esp
exit:
jmp returnhere
size:
dd 00000000
Client.Update+10:
jmp newmem
nop 3
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
Client.Update+10:
push eax
mov fs:[00000000],esp
//Alt: db 50 64 89 25 00 00 00 00
C-like:
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
label(speed)
label(gravity)
label(jumpForce)
label(jumpDumping)
registersymbol(speed)
registersymbol(gravity)
registersymbol(jumpForce)
registersymbol(jumpDumping)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode:
mov esi,[ebp+08]
mov eax,[speed]
mov [esi+160],eax
mov eax,[gravity]
mov [esi+1A8],eax
mov eax,[jumpForce]
mov [esi+178],eax
mov eax,[jumpDumping]
mov [esi+17C],eax
cmp byte ptr [esi+1C],00
exit:
jmp returnhere
speed:
dd (float)0.18
gravity:
dd (float)0.2
jumpForce:
dd (float)0.2
jumpDumping:
dd (float)0.1
vp_FPController.Update:
jmp newmem
nop 2
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
vp_FPController.Update:
mov esi,[ebp+08]
cmp byte ptr [esi+1C],00
//Alt: db 8B 75 08 80 7E 1C 00All credits to AssHack (не ручаюсь за нынешнюю администрацию)
Последнее редактирование:
