Current Mem Addresses

03/24/2007 04:04 redb00mer#1
This is intended to be a community resource-sharing thread. Since distribution of trainers is getting them detected, we've all moved on to making our own trainers. Why should each person need to re-find the new addresses on their own? Please make sure the addresses you post are the locations found by AutoHack, and NOT those found by simply searching for the COF value, etc.
03/24/2007 22:22 noctorum#2
TMK code for No COF, and Infinite Afterburners;

COF Hack On:
Code:
Poke 8F6375 90 90 90 90 90 90 
Poke 8F5D8F 90 90 90 90 90 90
COF Hack Off:
Code:
Poke 8F6375 D9 9E 98 01 00 00 
Poke 8F5D8F 89 86 98 01 00 00
Infinite AB:
Code:
Poke 654A17 90 90 
Poke 654A78 90 90 
Poke 654781 90 90
Finite AB:
Code:
Poke 654A17 D9 17 
Poke 654A78 89 0F 
Poke 654781 89 17
03/25/2007 08:08 craby987#3
Quote:
Originally posted by noctorum@Mar 24 2007, 22:22
TMK code for No COF, and Infinite Afterburners;

COF Hack On:
Code:
Poke 8F6375 90 90 90 90 90 90 
Poke 8F5D8F 90 90 90 90 90 90
COF Hack Off:
Code:
Poke 8F6375 D9 9E 98 01 00 00 
Poke 8F5D8F 89 86 98 01 00 00
Infinite AB:
Code:
Poke 654A17 90 90 
Poke 654A78 90 90 
Poke 654781 90 90
Finite AB:
Code:
Poke 654A17 D9 17 
Poke 654A78 89 0F 
Poke 654781 89 17
Dont do this you will get insta-banned cause sony is back up and scanning those addresses. to avoid this you need to make a code cave! like this one
Code:
COF ON
Poke B75E69   84 C0
Poke B75E6B   74 1B
Poke B75E6D   8B CF
Poke B75E6F   E8 54 3E FB FF
Poke B75E74   25 FF 3F 00 00
Poke B75E79   D9 04 85 98 D7 CB 00
Poke B75E80   D8 0D CC BE B7 00
Poke B75E86   EB 06
Poke B75E88   D9 83 98 01 00 00
Poke B75E8E   D9 96 A8 00 00 00
Poke B75E94   8B 46 10
Poke B75E97   D8 0D C8 BE B7 00
Poke B75E9D   E9 C3 94 A3 FF
----------------------------------------------
Poke 5AF331   90 90 90 90 90 90
Poke 5AF331   E9 33 6B 5C 00
----------------------------------------------
Poke B75E88   90 90 90 90 90 90
---
---
Poke B75F83   F6 C4 05
Poke B75F86   0F 8A F6 36 D7 FF
Poke B75F8C   8B 8E 90 01 00 00
Poke B75F92   E8 C9 AD D8 FF
Poke B75F97   E9 E9 36 D7 FF
Poke B75F9C   D9 45 F4
Poke B75F9F   D8 45 FC
Poke B75FA2   C7 86 0C 02 00 00 00 00
Poke B75FAC   D9 5D FC
Poke B75FAF   D9 45 F8
Poke B75FB2   8B 87 98 01 00 00
Poke B75FB8   D8 1D 30 68 B7 00
Poke B75FBE   89 45 F4
Poke B75FC1   DF E0
Poke B75FC3   E9 E1 36 D7 FF
---------------------------------------------
Poke 8E9670   90 90 90 90 90
Poke 8E9670   E9 0E C9 28 00
---------------------------------------------
Poke B75FB2   90 90 90 90 90 90
Code:
COF OFF
Poke B75E88   D9 83 98 01 00 00
--------------------------------------
Poke B75FB2   8B 87 98 01 00 00
LOT more code but no ban!

<hr>Append on Mar 25 2007, 08:44<hr> Sorry for double posting but WE NEED the value to freeze everyone except you (does exist cause itburnz used it in a trainer once). My theory on it is that it is a simple value such a 1 or 2 but it hardly ever changes so it is hard to find. Also once you find it all you need to do is to NOP it and everyone on your screen will stop moving except you so if you are a sniper you can pick em off one by one. I think our main priority is to find this value and use it unless itburnz or red would be kind enough to provide us with it....
03/25/2007 12:54 redb00mer#4
Enemy Freeze will require NOPing three addresses; one of each controlling enemy X, Y, and Z movement. To find these, have a friend tell you his /loc coords (do X, Y, and Z separately, of course) and be sure to search for a range of (X-1)-(X+1) instead of X itself. This is because of hidden decimals.
03/25/2007 21:20 craby987#5
posible freeze addresses:
Code:
enemy move values for x
Data BreakPoint at &#58; 0x8948A6 D95EF8 fstp dword ptr &#91;esi-0x8&#93;
Data BreakPoint at &#58; 0x8C1C76 895130 mov &#91;ecx+0x30&#93;,edx
Data BreakPoint at &#58; 0x7393D3 895634 mov &#91;esi+0x34&#93;,edx
Data BreakPoint at &#58; 0x99B783 894330 mov &#91;ebx+0x30&#93;,eax
Data BreakPoint at &#58; 0x99B8A0 8DB570FFFFFF lea esi,&#91;ebp-0x90&#93;
Data BreakPoint at &#58; 0x99B8AC D95B30 fstp dword ptr &#91;ebx+0x30&#93;
Data BreakPoint at &#58; 0x99C54E D95A30 fstp dword ptr &#91;edx+0x30&#93;
 
for y
Data BreakPoint at &#58; 0x8948B8 D95EFC fstp dword ptr &#91;esi-0x4&#93;
Data BreakPoint at &#58; 0x5B927C 898180000000 mov &#91;ecx+0x80&#93;,eax
Data BreakPoint at &#58; 0x99C56A D95A34 fstp dword ptr &#91;edx+0x34&#93;
Data BreakPoint at &#58; 0x99D40C 899360020000 mov &#91;ebx+0x260&#93;,edx
Data BreakPoint at &#58; 0x99C231 D95A34 fstp dword ptr &#91;edx+0x34&#93;

FOR Z
Data BreakPoint at &#58; 0x8948CA D91E fstp dword ptr &#91;esi&#93;
Data BreakPoint at &#58; 0x9BD66B 894874 mov &#91;eax+0x74&#93;,ecx
Data BreakPoint at &#58; 0x96A230 89466C mov &#91;esi+0x6C&#93;,eax
Data BreakPoint at &#58; 0x99BC0A D919 fstp dword ptr &#91;ecx&#93;
Data BreakPoint at &#58; 0x99D412 898364020000 mov &#91;ebx+0x264&#93;,eax
03/26/2007 07:22 redb00mer#6
I'm going to temporarily close this thread in case it is causing detections. After a patch with unposted addresses, we'll see what's going on.

-red