Praise the god RingleRangleRob, son!Quote:
:feelsbadman:
Faze i wanna buy you
You need to install Cheat Engine!
Where can i get it? [Only registered and activated users can see links. Click Here To Register...]
[Tutorial]
Hint: You can remove the "BE Service Disconnect" messagebox by pressing escape (ESC)
- Start Bypass.exe
- Start S4League
- Start Cheat Engine, attach Cheat Engine to S4Client.exe and open the *.ct file
- Check the "Arcade Clear Script!"
- Create an arcade room
- Select a stage and start the match
- Wait one minute and it will end automatically
Important
To deactivate the script use the address below the script and change the value to 1
after this you can uncheck the script
If S4League starts with Battleye close the process and start the Bypass.exe at the login window (S4EuLogin.exe)
|
|
[Script]
Code:
[ENABLE]
Alloc(Thread,512)
GlobalAlloc(StopScript,4)
label(continue)
CreateThread(Thread)
StopScript:
dd 0
S4Client.exe+2D6448: // Disable the Mob Creation
db EB
Thread:
push #10
call Kernel32.Sleep // Sleep(10);
cmp [StopScript],00
je continue
mov [continue],00
ret
continue:
mov ebx,[S4Client.exe+1749338] // CGameManager
mov eax,[ebx+B8] // CGameManager->CClientRoomAgent
cmp [eax+5C],00 // The user isnt in a room!
je Thread
mov eax,[eax+5C] // CGameManager->CClientRoomAgent->CClientRoom
cmp [eax+0C],07 // Is the room a arcade room?
jne Thread
mov eax,[ebx+138] // MultiPlay::Mode (look in reclass for more informations ;))
cmp eax,00
je Thread
mov eax,[eax+0C] // MultiPlay::Mode->MultiPlay::ModeState (CArcadeCV_Wait for example)
cmp eax, 00
je Thread
cmp [eax+08],02 // Is roomstate equal ingame/gameplay?
jne Thread
cmp [eax+24], #60000 // MultiPlay::Mode->MultiPlay::ModeState->Playtime < 1 minute
jb Thread // If playertime below 60000 milliseconds (60 seonds -> 1 minute)
call S4Client.exe+2D8C40 // Get the instance of
// CArcadeSystem::CSceneController::CScriptHostController
mov ecx,eax
call S4Client.exe+2EECC0 // Send Acarde_StageClear_Req in any subfunction
jmp Thread
[DISABLE]
Dealloc(StopScript)
Dealloc(Thread)
S4Client.exe+2D6448: // Enable the Mob Creation
db 74
Code:
auto stopScript = 0;
while(stopScript == 0)
{
Sleep(10);
if (CGameManager->ClientRoomAgent->CClientRoom)
if (CGameManager->ClientRoomAgent->CClientRoom->ModeId == 7)
if (CGameManager->Mode)
if (CGameManager->Mode->State)
if (CGameManager->Mode->State->Id == 2)
if (CGameManager->Mode->State->Timer >= 60000)
ArcadeSystem->SceneController->ScriptHostController->ClearStage();
}
- Functions
- Variables types like bool (true/false)
- continue keyword
...
but i just want to show you one option how it could work!
[Extension]
Instead of using CGameManager->ClientRoomAgent->CClientRoom you can use CGameManager->Mode->State->ModeCryption (State+0x34)
Code:
struct s_ModeCryption
{
uint8_t value_00;
uint8_t value_01;
uint8_t value_02;
};
uint8_t modeId = CGameManager->Mode->State->ModeCryption.value_00 ^ CGameManager->Mode->State->ModeCryption.value_02;
Code:
mov ecx,[S4Client.exe+1749338] // CGameManager mov ecx,[eax+138] // MultiPlay::Mode add ecx,34 // MultiPlay::Mode->s_ModeCryption movzx eax,byte ptr [ecx] movzx ebx,byte ptr [ecx+02] xor eax,ebx // The Mode Id is now in al
[Virustotal]
[Only registered and activated users can see links. Click Here To Register...]
[Credits]
Momentum: [Only registered and activated users can see links. Click Here To Register...], [Only registered and activated users can see links. Click Here To Register...]
[Note]
When someone make a video tutorial i will link it here :handsdown:
forgot to comment we access on MultiPlay::Mode by CGameManager
cya soon my fans