crash (Game instance failed) (EAC-3)
[Momentum] Arcade Clear Script
12/27/2018 20:14
emre186#61
12/27/2018 21:16
Micracoli#62
outdate
12/27/2018 22:50
emre186#63
Micracoli ???
i had to inject your dorq on CE with my bypass [Momentum] BE but don't work
its ok i have inject the dll on s4 client and i have no message but the game crash ...
i had to inject your dorq on CE with my bypass [Momentum] BE but don't work
its ok i have inject the dll on s4 client and i have no message but the game crash ...
12/28/2018 15:27
schleicher00#64
this shiet is outdated (doesnt work) and s4 doesnt even use be anymore the switched to eacQuote:
Micracoli ???
i had to inject your dorq on CE with my bypass [Momentum] BE but don't work
its ok i have inject the dll on s4 client and i have no message but the game crash ...
12/28/2018 20:35
emre186#65
so a bypass work donsn't exist now ?
12/28/2018 23:08
schleicher00#66
no there is no public bypassQuote:
12/29/2018 00:12
Micracoli#67
lol there is a easy why to bypass s4 but ok
12/29/2018 01:05
emre186#68
its easy for you not me
01/10/2019 09:11
remtomcam#69
crash (Game instance failed) (EAC-3)
not work
not work
01/10/2019 09:24
osama.yones.oy#70
play this game without any hacks and you will be happy
01/10/2019 09:24
TheBloodyReturn#71
That's why this forum is almost dead, bc doesnt have a good security xDQuote:
01/10/2019 23:44
Tabino#72
its dead because nobody would bother releasing an actual EAC bypass to some random leechers, smhQuote:
01/20/2019 21:30
kingbro123#73
:feelsbadman:
Quote:
Praise the god RingleRangleRob, son!
You need to install Cheat Engine!
Where can i get it? [Only registered and activated users can see links. Click Here To Register...]
[Tutorial]
Hint: You can remove the "BE Service Disconnect" messagebox by pressing escape (ESC)
- Start Bypass.exe
- Start S4League
- Start Cheat Engine, attach Cheat Engine to S4Client.exe and open the *.ct file
- Check the "Arcade Clear Script!"
- Create an arcade room
- Select a stage and start the match
- Wait one minute and it will end automatically
Important
To deactivate the script use the address below the script and change the value to 1
after this you can uncheck the script
If S4League starts with Battleye close the process and start the Bypass.exe at the login window (S4EuLogin.exe)
[Only registered and activated users can see links. Click Here To Register...]
[Script]
[Pseudocode]Code:[ENABLE] Alloc(Thread,512) GlobalAlloc(StopScript,4) label(continue) CreateThread(Thread) StopScript: dd 0 S4Client.exe+2D6448: // Disable the Mob Creation db EB Thread: push #10 call Kernel32.Sleep // Sleep(10); cmp [StopScript],00 je continue mov [continue],00 ret continue: mov ebx,[S4Client.exe+1749338] // CGameManager mov eax,[ebx+B8] // CGameManager->CClientRoomAgent cmp [eax+5C],00 // The user isnt in a room! je Thread mov eax,[eax+5C] // CGameManager->CClientRoomAgent->CClientRoom cmp [eax+0C],07 // Is the room a arcade room? jne Thread mov eax,[ebx+138] // MultiPlay::Mode (look in reclass for more informations ;)) cmp eax,00 je Thread mov eax,[eax+0C] // MultiPlay::Mode->MultiPlay::ModeState (CArcadeCV_Wait for example) cmp eax, 00 je Thread cmp [eax+08],02 // Is roomstate equal ingame/gameplay? jne Thread cmp [eax+24], #60000 // MultiPlay::Mode->MultiPlay::ModeState->Playtime < 1 minute jb Thread // If playertime below 60000 milliseconds (60 seonds -> 1 minute) call S4Client.exe+2D8C40 // Get the instance of // CArcadeSystem::CSceneController::CScriptHostController mov ecx,eax call S4Client.exe+2EECC0 // Send Acarde_StageClear_Req in any subfunction jmp Thread [DISABLE] Dealloc(StopScript) Dealloc(Thread) S4Client.exe+2D6448: // Enable the Mob Creation db 74
You can make it much cleaner by using:Code:auto stopScript = 0; while(stopScript == 0) { Sleep(10); if (CGameManager->ClientRoomAgent->CClientRoom) if (CGameManager->ClientRoomAgent->CClientRoom->ModeId == 7) if (CGameManager->Mode) if (CGameManager->Mode->State) if (CGameManager->Mode->State->Id == 2) if (CGameManager->Mode->State->Timer >= 60000) ArcadeSystem->SceneController->ScriptHostController->ClearStage(); }
- Functions
- Variables types like bool (true/false)
- continue keyword
...
but i just want to show you one option how it could work!
[Extension]
Instead of using CGameManager->ClientRoomAgent->CClientRoom you can use CGameManager->Mode->State->ModeCryption (State+0x34)
in ASM it will beCode:struct s_ModeCryption { uint8_t value_00; uint8_t value_01; uint8_t value_02; }; uint8_t modeId = CGameManager->Mode->State->ModeCryption.value_00 ^ CGameManager->Mode->State->ModeCryption.value_02;
Code:mov ecx,[S4Client.exe+1749338] // CGameManager mov ecx,[eax+138] // MultiPlay::Mode add ecx,34 // MultiPlay::Mode->s_ModeCryption movzx eax,byte ptr [ecx] movzx ebx,byte ptr [ecx+02] xor eax,ebx // The Mode Id is now in al
[Virustotal]
[Only registered and activated users can see links. Click Here To Register...]
[Credits]
Momentum: [Only registered and activated users can see links. Click Here To Register...], [Only registered and activated users can see links. Click Here To Register...]
[Note]
When someone make a video tutorial i will link it here :handsdown:
forgot to comment we access on MultiPlay::Mode by CGameManager
cya soon my fans
01/20/2019 23:46
Kelboas#74
Currently, doesnt work.
01/22/2019 04:21
Alize_#75
A serious case of Sherlock Holmes-itis...Quote: