[Release] Wallhack method all Client / find Maparea pointer

yes it's still working, i just saw the base address changed, anyway here's the base address: 0107CF90

I find this method with only one value array, but I can not get to the green value (did not get the part or subtracting this method does not work for Cabal BR)

it works for evry client just read it and follow the instruction tnx again for this ts

Yeah, sorry for my last post. Found that fixedmain.exe file was wrong; that's why I can't search. It's still working absolutely.

Quote:

Originally Posted by rantenor yes it's still working, i just saw the base address changed, anyway here's the base address: 0107CF90

could u also give the PH wh addrss.... tenxs...

4.
Now do a 4-Byte scan for this adress.
Cheatengine will find one green pointer for this.


I don't understand this step, pls make it clearly, thank :(

why i can just wallhack the Bloody Ice ???

can any one give a wallhack codes for c++ nid badly,...

I tested making a Lua Script in CE, and it works perfect,
but when I tried making an AutoIt script,
it runs and shows the GUI, but when I tried to hit START
nothing happens,
can someone help me?

#include <NomadMemory.au3>
#include <ButtonConstants.au3>
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>
Global $PID = ProcessExists('cabalmain.exe')
Global $proc=_MemoryOpen($PID)
Global $cabalmain = _MemoryGetBaseAddress($PID,"cabalmain.exe")

#Region ### START Koda GUI section ### Form=
$Form1 = GUICreate("WH Start", 248, 113, 192, 124)
$Start = GUICtrlCreateButton("Start", 32, 24, 185, 49)
GUISetState(@SW_SHOW)
#EndRegion ### END Koda GUI section ###

While 1
$nMsg = GUIGetMsg()
Switch $nMsg
Case $GUI_EVENT_CLOSE
Exit
Case $Start
_WHstart()
EndSwitch
WEnd

Func _WHstart()
$wh=_MemoryRead($cabalmain+0xABEA10,$proc,"DWORD") +0x40814
$test=_MemoryRead($wh,$proc,"DWORD")
For $i=$wh to $wh+0x3ffff step 4
_MemoryWrite($i,$proc,0,"DWORD")
Next
EndFunc

Quote:

Originally Posted by demonkid2010 $cabalmain+0xABEA10

Make sure you are using the right base address for you Cabal client.
The script itself seems okay.

You can indeed optimize the wallhack loop because writeprocessmemory is quite slow with just 4 bytes each run.

Big Apllause!!! stil working on ep10 ph here.

im using same address for my wallhack and works when it comes with autoit nothing happens :o

Sir Wayne, it gives unfefined function wid this line in autoit _MemoryModuleGetBaseAddress, even i hav the nomadmemory.au3?
Tnx.

Quote:

Originally Posted by demoneyezQ Sir Wayne, it gives unfefined function wid this line in autoit _MemoryModuleGetBaseAddress, even i hav the nomadmemory.au3? Tnx.

1. Either use Google for the au3 - you'll find the function below.
2. Or you may simply use "real" pointer address without module base address.

when you have this: cabalmail.exe + 1234abcd

simply use: 400000 + 1234abcd

----

Func _MemoryModuleGetBaseAddress($iPID, $sModule)
If Not ProcessExists($iPID) Then Return SetError(1, 0, 0)

If Not IsString($sModule) Then Return SetError(2, 0, 0)

Local $PSAPI = DllOpen("psapi.dll")

;Get Process Handle
Local $hProcess
Local $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE

If $iPID > 0 Then
Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID)
If $hProcess[0] Then
$hProcess = $hProcess[0]
EndIf
EndIf

;EnumProcessModules
Local $Modules = DllStructCreate("ptr[1024]")
Local $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0)
If $aCall[4] > 0 Then
Local $iModnum = $aCall[4] / 4
Local $aTemp
For $i = 1 To $iModnum
$aTemp = DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260)
If $aTemp[3] = $sModule Then
DllClose($PSAPI)
Return Ptr(DllStructGetData($Modules, 1, $i))
EndIf
Next
EndIf

DllClose($PSAPI)
Return SetError(-1, 0, 0)

EndFunc

Quote:

Originally Posted by Wayntressierts 1. Either use Google for the au3 - you'll find the function below. 2. Or you may simply use "real" pointer address without module base address. when you have this: cabalmail.exe + 1234abcd simply use: 400000 + 1234abcd ---- Func _MemoryModuleGetBaseAddress($iPID, $sModule) If Not ProcessExists($iPID) Then Return SetError(1, 0, 0) If Not IsString($sModule) Then Return SetError(2, 0, 0) Local $PSAPI = DllOpen("psapi.dll") ;Get Process Handle Local $hProcess Local $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE If $iPID > 0 Then Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID) If $hProcess[0] Then $hProcess = $hProcess[0] EndIf EndIf ;EnumProcessModules Local $Modules = DllStructCreate("ptr[1024]") Local $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0) If $aCall[4] > 0 Then Local $iModnum = $aCall[4] / 4 Local $aTemp For $i = 1 To $iModnum $aTemp = DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260) If $aTemp[3] = $sModule Then DllClose($PSAPI) Return Ptr(DllStructGetData($Modules, 1, $i)) EndIf Next EndIf DllClose($PSAPI) Return SetError(-1, 0, 0) EndFunc

Big Tnx! I've dl the 2 ver of the func. Dis is wat missing surely ->
simply use: 400000 + 1234abcd [Only registered and activated users can see links. Click Here To Register...]