首先感谢论坛的版主们为大家创造了这么好一个平台。
下面我介绍一下作弊思路,如果有什么写的不好的地方请大家多多指教,
这种公开的许可是没有底气的,昨天,看看了175作弊摸快对于我,技术不存在有很高的,比起 VALVE公司的VAC2 在技术上几乎还要落后10年,引用的内核引擎就是VAC1的齐品.我对CS不知道兴趣很多,只是在罗马尼亚属于中欧国家一专业counterstrike server论坛看到一帖子,心理难受很高
Subject: a love the counter strike game people of dentists come from china Sun Mar 23, 2009 7:44 am
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
I and my friends love the counter-strike game very very much . but I can`t read the language . I`m a chinese people. do you make friend with me ? my email: <<<<<
please help me . Because it is illegal in this way with you in my country
Warning: This is very dangerous in my country . my country is very poor
help me
回复
i beg you try a little more to review what you want to say because i can't understand almost a thing.If you wanna ask where the server is from i answer you: It's from Romania, a country from Europe.And what about cheating? I don't understand the question.I'm glad if i my post was in any way useful for you.
一名中国的计算机技术人员.不知你有感想 ?就算他们用了*****,也不至于把自己的如此下面夸张
我个可能没有更多的时间去写程序, 但我们的团队可以为你服务.不需要谈论金钱的问题,这样你破产的.交流一些爱好为中国人.我能为你提供一种思路.about贵颜色自描作弊工具是嵌入的方式,而不是漏洞.我认为client hook更有效以及openGL去开发他
这里我用时间写的一些,能把server信息读取到本地出来,这个是关于声音客人能读的:
Sound ESP ( s_show ) :
Current address:
0x01DA4431
Pattern:
"\x8B\x4E\x04\x8B\x16\x50\x51" "xxxxxxx"
Scan range ( in hl.exe ):
0140E000( Base ), 02116000( Size )
void __declspec( naked ) sShowFilter_Hook()
{
_asm
{
push eax
mov szBuf, eax
lea eax, dword ptr ds:[esi+0x8]
mov dwPtr, eax
mov eax, dword ptr ds:[esi]
mov iIndex, eax
}
if( strstr( szBuf, "player" ) )
{
fX = *(float*)( dwPtr );
fY = *(float*)( dwPtr + 4 );
fZ = *(float*)( dwPtr + 8 );
// do stuff here
}
_asm
{
pop eax
jmp dwOrigJump
}
}
这是内存:
01DA4431 8B4E 04 MOV ECX,DWORD PTR DS:[ESI+4]
01DA4434 8B16 MOV EDX,DWORD PTR DS:[ESI] ; player index
01DA4436 50 PUSH EAX
01DA4437 51 PUSH ECX
01DA4438 8D46 08 LEA EAX,DWORD PTR DS:[ESI+8] ; position struct
01DA443B 52 PUSH EDX
01DA443C 50 PUSH EAX
01DA443D E8 3E42F9FF CALL hl.01D38680 ; returns position string
; you may want to have a look at 01D38680 ( it shows how to access the position structure )
这是修改读出来:
; beginning of the drawing gateway function
; patch 0xC3 to stop the text from being drawn
01D3A0F0 8D4424 08 LEA EAX,DWORD PTR SS:[ESP+8]
; nop it to enable the sound loop without setting s_show to 1
01DA4402 75 63 JNZ SHORT hl.01DA4467
