NX CHAMS + NAMETAGS Combat Arms Europe

Hi,
This is just a nxchams and nametags release, that works 100% for combat arms europe.

For me it works since a few patches and I programmed it in nasm...:D
I also added the source code so that if you dont trust me you can look it up and compile it by yourself or you can learn how it works;)

you could also look it up in a disassembler because it is not to much code

(I just hooked the Endscene and the Reset d3d9 functions with a midfunction hook and I wrote a routine that should find the new nametags addys by itself)

dll and source download
[Only registered and activated users can see links. Click Here To Register...]

image download
[Only registered and activated users can see links. Click Here To Register...]

VirusTotal
[Only registered and activated users can see links. Click Here To Register...]

IT STILL WORKS BUT DO NOT TURN IT ON WHEN YOU ARE IN THE LOBBY (just in the game),
AND PLS GIFT ME THANKS WHEN YOU ARE USING IT

OMG WHY THIS SHOULD BE A FAKE???
it is all in all just 3 KB and if you would understand anything about hacks and how they work you could have looked it up and then you would have found out that it is a simple but good source code
So if you are calling this a fake, I have to think that you dont know anything about hacks and your are just spreading hacks or you are just a copy & paster.... if so have fun with this but don�t cry when you don�t understand a line at all:p

Code:

%include 'C:\Programme\asm\inc\nasmx.inc'
%include 'C:\Programme\asm\inc\kernel32.inc'
%include 'C:\Programme\asm\inc\msvcrt.inc'
%include 'C:\Programme\asm\inc\user32.inc'

extern Sleep
extern MessageBoxA

%define MessageBox MessageBoxA
%define MB_OK 0h
%define NULL 0
%define FALSE 0
%define TRUE 1
%define MB_ICONASTERISK 40h
%define MB_ICONINFORMATION MB_ICONASTERISK
%define VK_NUMPAD1 61h
%define VK_NUMPAD2 62h

entry	DllEntry

[section .text]


resethook:
mov byte [boolchams], FALSE

mov edi, edi
push ebp
mov ebp, esp
sub esp, 144h
jmp [resethookback]


d3d9hook:

cmp byte [boolchams], TRUE
jne progress
push sznxchams
call [addyrc]
add esp, 4

progress:
cmp byte [boolchams], FALSE
jne dontstop
push sznxchamsoff
call [addyrc]
add esp, 4


	mov ecx, dword [addyrc]

	mov byte [ecx+1Bh], 72h
	mov byte [ecx+1Ch], 0Eh
	mov byte [ecx+24h], 73h
	mov byte [ecx+25h], 05h


dontstop:

mov eax, [endsceneaddy]
add eax, 2
mov byte [eax], 55h
mov byte [eax+1], 8Bh
mov byte [eax+2], 0xEC
mov byte [eax+3], 6Ah
mov byte [eax+4], 0xFF


push ebp
mov ebp, esp
push 0FFFFFFFFh
jmp [rchookback]




proc attachrc
locals none


	loopwait:
	push 100
	call Sleep
	mov eax, 0
invoke GetAsyncKeyState, VK_NUMPAD1
        shl ax, 1
        jnb loopwait

	mov byte [boolchams], TRUE

invoke VirtualProtect, [addynames1], 2, 40h, NULL

	mov eax, [addynames1]
	mov byte [eax], 90h
	mov byte [eax+1], 90h

invoke VirtualProtect, [addynames2], 2, 40h, NULL

	mov eax, [addynames2]
	mov byte [eax], 90h
	mov byte [eax+1], 90h

	invoke VirtualProtect, [addyrc], 10, 40h, NULL

	mov ecx, dword [addyrc]

	mov byte [ecx+1Bh], 90h
	mov byte [ecx+1Ch], 90h
	mov byte [ecx+24h], 90h
	mov byte [ecx+25h], 90h

	mov eax, dword [endsceneaddy]	
	mov dword [moduled3d9], eax

	mov eax, [moduled3d9]
	mov dword [rchookback], eax

	add dword [rchookback], 7

	invoke VirtualProtect, [moduled3d9], 10, 40h, oldprotect
	
	add dword [moduled3d9], 2

	mov ecx, dword [moduled3d9]

	mov byte [ecx], 0xE9	
	mov eax, d3d9hook
	sub eax, dword [moduled3d9]
	sub eax, 5
	mov dword [ecx+1], eax



	loopwait2:
	push 100
	call Sleep
	cmp byte [boolchams], FALSE
	je itsnxfalse
	mov eax, 0
invoke GetAsyncKeyState, VK_NUMPAD2
        shl ax, 1
        jnb loopwait2

	itsnxfalse:

	mov byte [boolchams], FALSE

invoke VirtualProtect, [addynames1], 2, 40h, NULL

	mov eax, [addynames1]
	mov byte [eax], 75h
	mov byte [eax+1], 05h

invoke VirtualProtect, [addynames2], 2, 40h, NULL

	mov eax, [addynames2]
	mov byte [eax], 75h
	mov byte [eax+1], 05h
	

	invoke VirtualProtect, [addyrc], 10, 40h, NULL

	mov ecx, dword [addyrc]

	mov byte [ecx+1Bh], 90h
	mov byte [ecx+1Ch], 90h
	mov byte [ecx+24h], 90h
	mov byte [ecx+25h], 90h

	mov eax, dword [endsceneaddy]	
	mov dword [moduled3d9], eax

	mov eax, [moduled3d9]
	mov dword [rchookback], eax

	add dword [rchookback], 7

	invoke VirtualProtect, [moduled3d9], 10, 40h, oldprotect
	
	add dword [moduled3d9], 2

	mov ecx, dword [moduled3d9]

	mov byte [ecx], 0xE9	
	mov eax, d3d9hook
	sub eax, dword [moduled3d9]
	sub eax, 5
	mov dword [ecx+1], eax

	jmp loopwait
endproc




proc encounter
locals none
	mov eax, dword [resetaddy]	
	mov dword [moduled3d9], eax

	mov eax, [moduled3d9]
	mov dword [resethookback], eax

	add dword [resethookback], 11

	invoke VirtualProtect, [moduled3d9], 10, 40h, oldprotect
	
	add dword [moduled3d9], 2

	mov ecx, dword [moduled3d9]

	mov byte [ecx], 0xE9	
	mov eax, resethook
	sub eax, dword [moduled3d9]
	sub eax, 5
	mov dword [ecx+1], eax		
endproc



proc findaddys
locals none

	loopcshell:
	invoke GetModuleHandleA, szCshell
	cmp eax, 0
	je loopcshell

	mov [modulecshell], eax		

	loopclientfx:
	invoke GetModuleHandleA, szClientFX
	cmp eax, 0
	je loopclientfx


	loopd3d9:
	invoke GetModuleHandleA, szD3D9
	cmp eax, 0
	je loopd3d9

	mov [moduled3d9], eax


	mov ecx, [modulecshell]

	loopnames1byte:
	inc ecx

	cmp byte [ecx], 3Bh
	jne loopnames1byte
	
	cmp byte [ecx+1], 4Dh
	jne loopnames1byte	

	cmp byte [ecx+3], 75h
	jne loopnames1byte

	cmp byte [ecx+4], 05h
	jne loopnames1byte

	cmp byte [ecx+5], 0xBB
	jne loopnames1byte

	cmp byte [ecx+6], 0x01
	jne loopnames1byte

	mov dword [addynames1], ecx
	add dword [addynames1], 3


	mov ecx, [modulecshell]

	loopnames2byte:
	inc ecx

	cmp byte [ecx], 39h
	jne loopnames2byte
	
	cmp byte [ecx+1], 44h
	jne loopnames2byte

	cmp byte [ecx+2], 24h
	jne loopnames2byte

	cmp byte [ecx+4], 75h
	jne loopnames2byte

	cmp byte [ecx+5], 05h
	jne loopnames2byte

	mov dword [addynames2], ecx
	add dword [addynames2], 4


	mov ecx, [modulecshell]

	looprcbyte:
	inc ecx

	cmp byte [ecx], 0xA1
	jne looprcbyte

	cmp byte [ecx+4], 37h
	jne looprcbyte

	cmp byte [ecx+5], 8Bh
	jne looprcbyte

	cmp byte [ecx+6], 88h
	jne looprcbyte

	cmp byte [ecx+11], 68h
	jne looprcbyte

	cmp byte [ecx+15], 37h
	jne looprcbyte

	cmp byte [ecx+16], 0xFF
	jne looprcbyte

	cmp byte [ecx+17], 0xD1
	jne looprcbyte

	cmp byte [ecx+18], 59h
	jne looprcbyte

	cmp byte [ecx+19], 0xC2
	jne looprcbyte

	cmp byte [ecx+20], 10h
	jne looprcbyte

	cmp byte [ecx+21], 00h
	jne looprcbyte

	mov ebx, [ecx+7]
	mov dword [rcoffset], ebx	
	mov ebx, [ecx+1]
	mov ebx, [ebx]
	add ebx, [rcoffset]
	mov ecx, [ebx]
	mov dword [addyrc], ecx


	mov ecx, [moduled3d9]

	loopsearchd3d9:
	inc ecx

	cmp byte [ecx], 0xC7
	jne loopsearchd3d9

	cmp byte [ecx+1], 06h
	jne loopsearchd3d9

	cmp byte [ecx+6], 89h
	jne loopsearchd3d9

	cmp byte [ecx+7], 86h
	jne loopsearchd3d9

	cmp byte [ecx+12], 89h
	jne loopsearchd3d9

	cmp byte [ecx+13], 86h
	jne loopsearchd3d9

	add ecx, 2
	mov ebx, [ecx]
	add ebx, 168
	mov eax, [ebx]
	mov dword [endsceneaddy], eax

	mov ebx, [ecx]
	add ebx, 64
	mov eax, [ebx]
	mov dword [resetaddy], eax


invoke CreateThread, 0, 0, encounter, 0, 0, 0	
invoke	CreateThread, 0, 0, attachrc, 0, 0, 0
endproc



proc dllstart
locals none
	invoke	MessageBox, NULL, szContent, szTitle, MB_OK + MB_ICONINFORMATION
	invoke	CreateThread, 0, 0, findaddys, 0, 0, 0
endproc





proc   DllEntry, ptrdiff_t hinst, size_t reason, size_t reserved
locals none
	mov	ecx, 1
	cmp	[ebp+0Ch], ecx 
	jne	goon
	invoke	CreateThread, 0, 0, dllstart, 0, 0, 0
	goon:
	mov	eax, TRUE
endproc




[section .data]
    szTitle:      declare(NASMX_TCHAR) NASMX_TEXT('Badburrito Production'), 0x0
    szContent:    declare(NASMX_TCHAR) NASMX_TEXT('nxchams + nametags : Num 1&2'), 0x0
    szCshell:    declare(NASMX_TCHAR) NASMX_TEXT('cshell.dll'), 0x0
    szClientFX:    declare(NASMX_TCHAR) NASMX_TEXT('ClientFX.fxd'), 0x0
    szD3D9:    declare(NASMX_TCHAR) NASMX_TEXT('d3d9.dll'), 0x0
    sznxchams:    declare(NASMX_TCHAR) NASMX_TEXT('SkelModelStencil -1'), 0x0
    sznxchamsoff:    declare(NASMX_TCHAR) NASMX_TEXT('SkelModelStencil 0'), 0x0
 




[section .bss] 		
	addynames1 : resd 2
	addynames2 : resd 2
	modulecshell : resd 2
	addyrc : resd 2
	rcoffset : resd 2
	rchookback : resd 2
	moduled3d9 : resd 2	
	oldprotect : resd 2
	endsceneaddy : resd 2
	boolchams : resd 0
	resetaddy : resd 2
	resethookback : resd 2