-
Автор темы
- #1
code:
uint64_t empty_object_manager = pattern("\x56\x8B\xF1\x8B\x86\xBC\x00\x00\x00\xC1\xE8\x1B\xA8\x01\x0F\x85\x9A\x00\x00\x00"
"\x8B\x16\xFF\x92\xF0\x00\x00\x00\x80\x7C\x24\x0C\x00\x74\x08\x84\xC0\x0F\x84\x83"
"\x00\x00\x00\x3C\x01\x75\x20\x80\x7C\x24\x14\x00\x75\x19\x8B\xCE\xE8\x83\x1A\x01"
"\x00\x85\xC0\x74\x0E\x8B\x10\x8B\xC8\xFF\x92\x08\x05\x00\x00\x84\xC0\x74\x5F\x57"
"\x6A\x01\x56\xE8\x48\xEA\x07\x00\x8B\xF8\x83\xC4\x08\x85\xFF\x74\x3D\x8B\x44\x24"
"\x0C\x50\x8B\xCF\xE8\x83\xE5\x07\x00\x68\x00\x00\x00\x08\x8B\xCE");
DWORD64 findentity(std::string arg1) {
return safe_read(empty_object_manager + 0x53F1A65 + 0x3FD1AF4 + 0x1E56D39 + 0x44 + 0x0, DWORD64);
}
void DMWsection(DWORD64 arg1,UINT64 arg2,DWORD64 arg3) {
DWORD64 x3 = safe_read(arg1 + 0x3 + 0x1 + 0x54823F3,DWORD64);
DWORD64 x6 = safe_read(x3 + arg2 + arg3 + 0x55 + 0x11481733 + 0x4 + 0x11481733, DWORD64);
DWORD64 x8 = safe_read(x6 + 0x0, DWORD64);
DWORD64 x11 = safe_read(x8 + 0x63 + 0x433, DWORD64);
DWORD64 x63 = safe_read(x11 + 0x3, DWORD64);
__asm
{
fistp qword ptr[esp - 8]
mov edx, [esp - 4]
mov eax, [esp - 8]
ret
}
__asm
{
fistp dword ptr[esp - 4]
mov eax, [esp - 4]
ret
}
__asm
{
;
; Handle shifts of 64 or more bits(all get 0)
;
cmp cl, 64
jae short RETZERO
;
; Handle shifts of between 0 and 31 bits
;
cmp cl, 32
jae short MORE32
shld edx, eax, cl
shl eax, cl
ret
;
; Handle shifts of between 32 and 63 bits
;
MORE32:
mov edx, eax
xor eax, eax
and cl, 31
shl edx, cl
ret
;
; return 0 in edx : eax
;
RETZERO:
xor eax, eax
xor edx, edx
ret
}
}
DWORD64 findclass(std::string arg1) {
int class_manager[4] = {
0x3, 0x01, /* mov bl, 01 */
0x0, 0x70 /* jmp class + 0xDB */
};
int finded_protect[] = {
0x48, 0xB8, 0x00, 0x00, 0x3E, 0x00, 0x00, 0x00, 0x00, 0x00, /* mov rax, 0x3E0000 */
0x90, /* nop */
};
return safe_read(sizeof(class_manager) + sizeof(finded_protect) + empty_object_manager + sizeof(arg1), DWORD64);
}
DWORD64 findfirstclass(std::string arg1) {
DWORD64 find_class = safe_read(gBase + 0x411, DWORD64);
DWORD64 read_class = safe_read(find_class + 0x18 + 0x3 + 0x11 + 0x97 + 0x15, DWORD64);
return findclass(arg1);
}
void exploitcmd(DWORD64 arg1,std::string arg2,std::string arg3,std::string arg4, std::string arg5) {
// dm me to get function source Eric Xariz#7728
shmiga#5700
}
void sethightvelocity(float scale) {
DWORD64 projectile_mono = findfirstclass("Bullet_prefab_velocity.properties"); // using short
DWORD64 prefab_mono_velocity_start_pos = safe_read(projectile_mono + 0x9CC501C, DWORD64);
DWORD64 prefab_mono_velocity_end_pos = safe_read(prefab_mono_velocity_start_pos + 0x36E5CAAF, DWORD64);
safe_write(prefab_mono_velocity_start_pos, scale, DWORD64);
safe_write(prefab_mono_velocity_end_pos, scale, DWORD64);
}
void setthickness(float scale) {
DWORD64 projectile_mono = findfirstclass("Bullet_prefab_thc.properties"); // using short
DWORD64 mono_dmg = safe_read(projectile_mono + 0x2570C73E + 164633236, DWORD64);
safe_write(mono_dmg, scale, DWORD64);
}
void setdamage(float scale) {
DWORD64 projectile_mono = findfirstclass("Bullet_prefab_damage.properties"); // using short
DWORD64 prefab_struct_dmg = safe_read(projectile_mono + 0x38D013F344D3,DWORD64);
safe_write(prefab_struct_dmg, scale, DWORD64);
}
int otherclass(int arg1) {// нужно обновить \ need update
DWORD64 arg2 = 0x581;
DWORD64 projectile_unk1 = safe_read(arg2 + 0x33 + 0x0,DWORD64);
DWORD64 projectile_unk2 = safe_read(projectile_unk1 + arg2 + 0x0 + 0x0 + 0x33 + 0x11 + 0x10,DWORD64);
DWORD64 projectile_struct = safe_read(projectile_unk1 + projectile_unk2, DWORD64);
return sizeof(projectile_struct);
}
void *******magicbullet(Projectile* monkey, BasePlayer* player) {
int bullet_list = safe_read(gBase + 0x00B74490, int);
for (int i = 0; i < bullet_list; i++)
{
auto expammo = findfirstclass("Explosion");
auto all_shit = monkey->otherclass(i);
DMWsection(expammo, GetHeldItem(Player2), findentity("01.rfap"));
exploitcmd(findfirstclass("ServerRpc_"), "ItemModification", "Projectile", "GameObject_", "Bullet_");
float scale = 3000.f;
sethightvelocity(scale);
setthickness(scale);
setdamage(scale);
}
}