[Release] Wallhack method all Client / find Maparea pointer

Page 1 of 9 1 23 Last »
09/03/2012 00:43 Wayntressierts#1
For all the people who asked for it,this is my wallhack method.

This method describes how you can find out the maparea adress and pointer for your client. Its working on all clients I know and play including official servers and Mystery Cabal.


This is it step by step:

1.
Enter the Map Bloody Ice

2.
Scan "Array of Bytes":

01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 07 00 00 00 07 00 00 00 07 00 00 00 07 00 00 00 07 00 00 00 07 00 00 00 07 00 00 00 07 00 00 00 07 00 00 00 06 00 00 00 06 00 00 00 06 00 00 00 06 00 00 00 06 00 00 00 06 00 00 00 07 00 00 00 07 00 00 00 07 00 00 00 07 00 00 00 07 00 00 00 07 00 00 00 07 00 00 00 07 00 00 00 07 00 00 00 07 00 00 00 07 00 00 00 07 00 00 00 07 00 00 00 07 00 00 00 07 00 00 00 07 00 00 00 07 00 00 00 07 00 00 00 06 00 00 00 06 00 00 00 06 00 00 00 06 00 00 00 06 00 00 00 06 00 00 00 06 00 00 00 06 00 00 00 07 00 00 00 06 00 00 00 06 00 00 00 06 00 00 00 07 00 00 00 07 00 00 00 07 00 00 00 07 00 00 00 07 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00

This search matrix is complex enough to bring up only one result.

3.
Take this adress and subtract 0x42804.
This should result in an adress like 0x0???020.
This is your Maparea adress. It's changing every time the client is run.

4.
Now do a 4-Byte scan for this adress.
Cheatengine will find one green pointer for this.


btw:If you are using DE/EU Fixedmain without gameguard from our sticky thread the pointer is fixedmain.exe+C7BF80


How to wallhack:
After 0x40000 bytes of map data and visual elements you'll find another 0x40000 bytes of collision map. If you clear the complete collision map (fill with zeros) you'll have a perfectly nice wallhack that gameguard does not detect. :D


Enjoy..


And good to see you all still around here ;-)
09/03/2012 01:06 ~MooSe~#2
gonna test it now and see if it work
09/03/2012 01:20 bartbilf#3
People who want to learn will be very happy with this. It will get more views in the release section, but it is actualy a guide for the guide section.
09/03/2012 02:17 Acid#4
#moved

Worth to be sticked.
09/03/2012 03:08 1h3gam3v1ru5#5
this is great. I have been trying to figure this out ever since the mcl method was patched

thanks
09/03/2012 08:24 nawkaz#6
Quote:
Originally Posted by Wayntressierts View Post
How to wallhack:
After 0x40000 bytes of map data and visual elements you'll find another 0x40000 bytes of collision map. If you clear the complete collision map (fill with zeros) you'll have a perfectly nice wallhack that gameguard does not detect. :D
Sorry I don't really get this part.. :o
09/03/2012 10:22 Wayntressierts#7
Quote:
Originally Posted by nawkaz View Post
Sorry I don't really get this part.. :o
I will leave this for yourself to find out, but I can give you a hint:
Try: Browse Memory Region.
If you see this I'm sure you will know what to do ;)

In case this is not enought I will post you a Auto-It code from my bots if i'm back home today
09/03/2012 12:44 rhizzu#8
good guide.
09/03/2012 13:14 genesisVI#9
Quote:
Originally Posted by Wayntressierts View Post
I will leave this for yourself to find out, but I can give you a hint:
Try: Browse Memory Region.
If you see this I'm sure you will know what to do ;)

In case this is not enought I will post you a Auto-It code from my bots if i'm back home today
oh u use auto-it :D

pls post the code :handsdown:
09/03/2012 14:56 Wayntressierts#10
Quote:
Originally Posted by genesisVI View Post
oh u use auto-it :D

pls post the code :handsdown:
Why farm Dungeons yourself when you can AutoIt them while you sleep:bandit: ?

Ok as promised here are two examples of how to use it.
One is a LUA Script Function for our Cheatengine users.
Create a little GUI with a Wallhack-button and assign my function.
Next is an AutoIt example for the people who prefer to script all kinds of stuff instead of playing themself. ;)

The pointers in these examples are for Cabal EU/DE/IT/.. (cabalonline.com)
Feel free to adjust them to your Client.

LUA Script
for wallhacking with Cheatengine
Code:
function WallhackClick(sender)
  start=readInteger("fixedmain.exe+C7BF80")+0x40814
  for i=0,0x3ffff,4 do
    writeBytes(start+i,0)
  end
end

AutoIt Code
for scripts and bots
ofcourse this requires NomadMemory.au3 Plugin.

Code:
SetPrivilege("SeDebugPrivilege", 1)
#include <NomadMemory.au3>
Global $PID = ProcessExists('fixedmain.exe')
Global $proc=_MemoryOpen($PID)
Global $cabalmain = _MemoryModuleGetBaseAddress($PID,"fixedmain.exe")

(...)

Func _setwallhack()
   $wh=_MemoryRead($cabalmain+0xC7BF80,$proc,"DWORD")+0x40814;
   $test=_MemoryRead($wh,$proc,"DWORD")
   For $i=$wh to $wh+0x3ffff step 4
   	  _MemoryWrite($i,$proc,0,"DWORD")
   Next
EndFunc
I will not answer LUA-Script or AutoIt related questions.
Take this as proof of concept and feel free to play with it.

So guys enjoy your new toys, create nice hacks and bots :rolleyes:
... enough spoonfeeding for today

Remember: whenever you leave the map or enter a dungeon, the collision map is back to normal. So no more WH until you re-apply.


:mofo:
I always wanted to post this smily..
09/03/2012 17:23 nawkaz#11
Quote:
Originally Posted by Wayntressierts View Post
LUA Script
for wallhacking with Cheatengine
Code:
function WallhackClick(sender)
  start=readInteger("fixedmain.exe+C7BF80")+0x40814
  for i=0,0x3ffff,4 do
    writeBytes(start+i,0)
  end
end
So "fixedmain.exe+C7BF80" is the pointer address right? And "0x40814" is the green pointer address that we found after the 4bytes scan?
09/03/2012 18:44 Wayntressierts#12
Quote:
Originally Posted by nawkaz View Post
So "fixedmain.exe+C7BF80" is the pointer address right? And "0x40814" is the green pointer address that we found after the 4bytes scan?
Double click the green pointer to add it to your cheattable.
If you double click the adress Cheatengine resolves it as "cabalmain.exe+cXXXXX" or "fixedmain.exe+xxxxxx".
This is a little more elegant than using the plain adress...

0x40814 stays constant. It an offset to get from the maparea adress to the collision map. You do not want to remove the trees and the mountans, you want to remove the collisions.. :rolleyes:
09/03/2012 19:57 nawkaz#13
Super thanks!
Manage to get it to work :D
09/04/2012 01:04 genesisVI#14
Quote:
Originally Posted by Wayntressierts View Post
Why farm Dungeons yourself when you can AutoIt them while you sleep:bandit: ?

Ok as promised here are two examples of how to use it.
One is a LUA Script Function for our Cheatengine users.
Create a little GUI with a Wallhack-button and assign my function.
Next is an AutoIt example for the people who prefer to script all kinds of stuff instead of playing themself. ;)

The pointers in these examples are for Cabal EU/DE/IT/.. (cabalonline.com)
Feel free to adjust them to your Client.

LUA Script
for wallhacking with Cheatengine
Code:
function WallhackClick(sender)
  start=readInteger("fixedmain.exe+C7BF80")+0x40814
  for i=0,0x3ffff,4 do
    writeBytes(start+i,0)
  end
end

AutoIt Code
for scripts and bots
ofcourse this requires NomadMemory.au3 Plugin.

Code:
SetPrivilege("SeDebugPrivilege", 1)
#include <NomadMemory.au3>
Global $PID = ProcessExists('fixedmain.exe')
Global $proc=_MemoryOpen($PID)
Global $cabalmain = _MemoryModuleGetBaseAddress($PID,"fixedmain.exe")

(...)

Func _setwallhack()
   $wh=_MemoryRead($cabalmain+0xC7BF80,$proc,"DWORD")+0x40814;
   $test=_MemoryRead($wh,$proc,"DWORD")
   For $i=$wh to $wh+0x3ffff step 4
   	  _MemoryWrite($i,$proc,0,"DWORD")
   Next
EndFunc
I will not answer LUA-Script or AutoIt related questions.
Take this as proof of concept and feel free to play with it.

So guys enjoy your new toys, create nice hacks and bots :rolleyes:
... enough spoonfeeding for today

Remember: whenever you leave the map or enter a dungeon, the collision map is back to normal. So no more WH until you re-apply.


:mofo:
I always wanted to post this smily..

tnx mate my life is easier w/ autoit :handsdown:
09/04/2012 02:50 ANTEC15#15
tnx 4 this wonderful post sir,,^_^
Page 1 of 9 1 23 Last »