| 
					Join Date: May 2014 Posts: 411 User-Rating: | Norecoil/spread - a poor man version because you have to disable it every time you die and re-enable after spawn. I guess some bits get squished somewhere. 
 I don't think that there is anything new here coding wise to learn for those who have contributed here with their remarkable reversing skills but this might come in handy to those who have no idea how to compile with notepad.exe.
 
 Heres The One For Norecoil/Nospread
 =====================================================
 
 TEXT Code: ==============================================================================[ENABLE]//code from here to '[DISABLE]' will be used to enable the cheatalloc(newmem24,2048) //2kb should be enoughlabel(returnhere24)label(originalcode24)label(exit24) newmem24: //this is allocated memory, you have read,write,execute access//place your code here originalcode24:jmp PlanetSide2.exe+BC7B82push esimov esi,[ebx+04] exit24:jmp returnhere24 "PlanetSide2.exe"+BC7B46:jmp newmem24nopreturnhere24: alloc(newmem17,2048) //2kb should be enoughlabel(returnhere17)label(originalcode17)label(exit17) newmem17: //this is allocated memory, you have read,write,execute access//place your code here originalcode17:mov [esi+000000D4],0 exit17:jmp returnhere17 "PlanetSide2.exe"+BC658A:jmp newmem17nopreturnhere17: alloc(newmem11,2048) //2kb should be enoughlabel(returnhere11)label(originalcode11)label(exit11) newmem11: //this is allocated memory, you have read,write,execute access//place your code here originalcode11:movss xmm3,[esi+000000D4]xorps xmm3, xmm3 exit11:jmp returnhere11 "PlanetSide2.exe"+BC6533:jmp newmem11nopnopnopreturnhere11: alloc(newmem6,2048) //2kb should be enoughlabel(returnhere6)label(originalcode6)label(exit6) newmem6: //this is allocated memory, you have read,write,execute access//place your code herexorps xmm0, xmm0 originalcode6:movss [ecx+04],xmm0 exit6:jmp returnhere6 "PlanetSide2.exe"+16C7218:jmp newmem6returnhere6: alloc(newmem2,2048) //2kb should be enoughlabel(returnhere2)label(originalcode2)label(exit2) newmem2: //this is allocated memory, you have read,write,execute access//place your code herexorps xmm1, xmm1 originalcode2:ucomiss xmm1,[esi+54]lahf  exit2:jmp returnhere2 "PlanetSide2.exe"+1679954:jmp newmem2returnhere2: alloc(newmem,2048) //2kb should be enoughlabel(returnhere)label(originalcode)label(exit) newmem: //this is allocated memory, you have read,write,execute access//place your code herexorps xmm0, xmm0 originalcode:ucomiss xmm0,[esi+08]lahf  exit:jmp returnhere "PlanetSide2.exe"+C71385:jmp newmemreturnhere:--------------------------------------------------------------------[DISABLE]//code from here till the end of the code will be used to disable the cheatdealloc(newmem24)"PlanetSide2.exe"+BC7B46:jle PlanetSide2.exe+BC7B82push esimov esi,[ebx+04]//Alt: db 7E 3A 56 8B 73 04dealloc(newmem17)"PlanetSide2.exe"+BC658A:mov [esi+000000D4],edx//Alt: db 89 96 D4 00 00 00dealloc(newmem11)"PlanetSide2.exe"+BC6533:movss xmm3,[esi+000000D4]//Alt: db F3 0F 10 9E D4 00 00 00dealloc(newmem6)"PlanetSide2.exe"+16C7218:movss [ecx+04],xmm0//Alt: db F3 0F 11 41 04dealloc(newmem2)"PlanetSide2.exe"+1679954:ucomiss xmm1,[esi+54]lahf //Alt: db 0F 2E 4E 54 9Fdealloc(newmem)"PlanetSide2.exe"+C71385:ucomiss xmm0,[esi+08]lahf //Alt: db 0F 2E 46 08 9F======================================================================== And the speedhack. Haven't tested it after spawning. Change the ESP to whatever floating point value (in hex) - currently its set to 15. If you set it too high the physics engine will go nuts and kill/crash you.------------------------------------------------------------------------[ENABLE]//Speedhack//code from here to '[DISABLE]' will be used to enable the cheatalloc(newmem,2048) //2kb should be enoughlabel(returnhere)label(originalcode)label(exit) newmem: //this is allocated memory, you have read,write,execute access//place your code here //Push xmm0sub esp, 16movdqu dqword [esp], xmm0 mov [esp], 41200000 //Pop xmm0movdqu xmm0, dqword [esp]add esp, 16 originalcode:movss [esi+000000C8],xmm0 exit:jmp returnhere "PlanetSide2.exe"+BC8D86:jmp newmemnopnopnopreturnhere:-----------------------------------------------------------------------------[DISABLE]//code from here till the end of the code will be used to disable the cheatdealloc(newmem)"PlanetSide2.exe"+BC8D86:movss [esi+000000C8],xmm0//Alt: db F3 0F 11 86 C8 00 00 00
 The base address for recoil/movement speed is at PlanetSide2.exe+2A661F0
 and some other stuff (I think I saw coordinates but unsure and too
 stupid to reverse it all).
 
 
 
 Feel free to make a better sig. This one currently points to the
 instructions dealing with recoil from where you can obtain the base.
 
 
 
 Code:
 
 \x57\x51\xD9\x1C\x24\x8D\x45\xEC\xF3\x0F\x5C\xCA\x
 F3\x0F\x5C\xC3\x50\xF3\x0F\x11\x4D\xEC\xF3\x0F\x11
 \x45\xF0\xE8\x00\x00\x00\x00\x8B\x4D\xF4\x8B\x55\x
 F8\x89\x8E\x00\x00\x00\x00\x89\x96\x00\x00\x00\x00
 
 
 
					__________________ AIMBOT???? I DONT SEE ANY AIMBOT  JUST SKILLS MY FRIEND!!! |