Hack Source Codes
today I found some Source Codes for CA Hacks, and I want to share it with you.
Local Player Structs
Code:
377B0858 // Local Pointer for CA NA
class Main;
class Info;
class Stats;
class WepInfo;
class Something;
class Main
{
public:
Info* goToInfoClass; //0000
};
class Info
{
public:
char unknown0[8];
__int32 Unknown1; //0008
__int32 iCurrentHealth; //000C
char unknown2[4];
__int32 iMaxHealth; //0014
char unknown3[4];
WepInfo* goToWepInfo;//001C
Something* goToSomething; //0020
char unknown4[348];
float fStamina; //0180
char unknown5[8];
__int32 iWeaponSlotInUse; //018C
float fCameraSomething; //0190
float fCameraSomething2; //0194
float fCameraSomething3; //0198
char unknown6[32];
Stats* goToStats; //01BC
};
class WepInfo
{
public:
__int32 iBackPackABulletsLeft; //0000
__int32 i2ndaryBulletsLeft; //0004
__int32 Unknown0; //0008
__int32 iGrenadesLeft; //000C
__int32 iBackPackBBulletsLeft; //0010
};
class Stats
{
public:
char unknown0[16];
char szLocalNameChangesInKill[16]; //0010
char unknown1[12];
__int32 iKills; //002C
__int32 iDeaths; //0030
char unknown2[44];
__int32 iHeadShots; //0060
};
class Something
{
public:
BYTE bIsAlive; //0000
};
Windowed mode, Speed/Jump, No Recoil
Code:
typedef void (*SetConsoleCmdInt_t)(char* Cmd, int myint);
SetConsoleCmdInt_t SetConsoleCmdInt;
DWORD NORECOIL = 0x5C0EF2;
DWORD dwCShell = NULL;
while ( dwCShell == NULL )
{
dwCShell = ( DWORD ) GetModuleHandle( "CShell.dll" );
Sleep( 250 );
}
SetConsoleCmdInt= (SetConsoleCmdInt_t) (dwCShell + (0x583F60-0x420000));
SetConsoleCmdInt("windowed",1);
//nametags
MemWrite(( void* )( dwCShell + 0x63990 ), "\xE9\xB6\x00\x00\x00\x90", 6 );
//recoil
MemWrite(( void* )( dwCShell + (NORECOIL-0x420000) ), "\x90\x90\x90\x90\x90", 5 );
SetConsoleCmdInt("FallDamageMin",0);
SetConsoleCmdInt("FallDamageMax",0);
bool MemWrite( void * pDest, char * szPatch, size_t sSize )
{
DWORD dwOrgProtect = NULL;
if ( !VirtualProtect ( pDest, sSize, PAGE_EXECUTE_READWRITE, &dwOrgProtect ))
return FALSE;
memcpy( pDest, szPatch, sSize );
VirtualProtect( pDest, sSize, dwOrgProtect, NULL );
return TRUE;
}
Windowed Mode
Code:
// Global
CILTClient * gILTClient = ( CILTClient* ) NULL;
// Function
void _cdecl hConsoleCMD( const char * szCommand )
{
_asm
{
MOV EAX, DWORD PTR DS:[g_pILTClient];
PUSH szCommand;
CALL DWORD PTR [EAX + 0x208];
ADD ESP, 0x4;
}
}
// Thread
DWORD WINAPI dwSleepThread( LPVOID lpArgs )
{
DWORD dwCShell = NULL;
while ( !dwCShell )
{
Sleep( 100 );
dwCShell = ( DWORD ) GetModuleHandle( "CShell.dll" );
}
if ( gILTClient == NULL )
{
MemRead(( void* )( dwCShell + ( 0x803050 - 0x420000 )), &gILTClient, 4 );
}
Sleep( 1500 );
while ( gILTClient != NULL )
{
static bool bDoOnce = TRUE;
if ( bDoOnce == TRUE )
{
bDoOnce = FALSE;
hConsoleCMD( "windowed 1" );
AddLog( "ILTClient: 0x%.8X", ( DWORD ) gILTClient );
}
}
return FALSE;
}
Weapon/Rank/Character Hack
Code:
if((*(BYTE *)GameStatus == 1)){
Msg.Writeuint8(114);
Msg.Writeuint8(0); //1
Msg.Writeuint8(0); //2
Msg.Writeuint8(0); //3
Msg.Writeuint8(0); //4
Msg.Writeuint8(0); //5
Msg.Writeuint8(0); //6
Msg.Writeuint8(0); //7
Msg.Writeuint8(0); //8
Msg.Writeuint8(0); //9
Msg.Writeuint8(0); //10
Msg.Writeuint8(0); //11
Msg.Writeuint8(0); //12
Msg.Writeuint8(0); //13
Msg.Writeuint8(0); //14
Msg.Writeuint8(0); //15
Msg.Writeuint8(23); //16 Character //23 is viper // Character by mmbob or DrUnKeN ChEeTaH
Msg.Writeuint8(1);
Msg.Writeuint8(0);
Msg.Writeuint8(51); //19 Rank // Rank by mmbob or DrUnKeN ChEeTaH
Msg.Writeuint8(1); // 20
Msg.Writeuint8(0); // 21
Msg.Writeuint8(0);
Msg.Writeuint8(0);
Msg.Writeuint8(3);
Msg.Writeuint8(1);
Msg.Writeuint8(255);
Msg.Writeuint8(3);
Msg.Writeuint8(0);
Msg.Writeuint8(255);
Msg.Writeuint8(0);
Msg.Writeuint8(0);
Msg.Writeuint8(255);
Msg.Writeuint8(0);
Msg.Writeuint8(0);
Msg.Writeuint8(255);
Msg.Writeuint8(0);
Msg.Writeuint8(0);
Msg.Writeuint8(0);
Msg.Writeuint8(0);
Msg.Writeuint8(3);
Msg.Writeuint8(19);
Msg.Writeuint8(0);
Msg.Writeuint8(0);
Msg.Writeuint8(47);
Msg.Writeuint8(68);
Msg.Writeuint8(114);
Msg.Writeuint8(89);
Msg.Writeuint8(3);
Msg.Writeuint8(0);
Msg.Writeuint8(4);
Msg.Writeuint8(106);
Msg.Writeuint8(0);
Msg.Writeuint8(255);
Msg.Writeuint8(255);
Msg.Writeuint8(255);
Msg.Writeuint8(254);
Msg.Writeuint8(255);
Msg.Writeuint8(254);
Msg.Writeuint8(255);
Msg.Writeuint8(254);
Msg.Writeuint8(255);
Msg.Writeuint8(24);
Msg.Writeuint8(0);
Msg.Writeuint8(255);
Msg.Writeuint8(1);
Msg.Writeuint16(209); // Weapon Spawn by PerfecBR
pSendToServer(Msg.Read(), MESSAGE_GUARANTEED);
}
if you want to use another character, change the value in //16, starting at 0 to 60 or lower value to ensure the security of your account. to use a rank higher than is just visual, change the value //19, starting at 0 to 58 if I remember well, in 58 it seems that GM is shown. in the last parameter, change the value 209 for a value less than or greater and the weapon will be changed.
each time you make a change it will be necessary to send the ID with the changes in parameters.
you change the 209 with the weapon you want, equally the old weapon.
Invisible(ghost) Mode
Code:
void cServerExploits::SpamMessage( char *title, char *message )
{
if( !eng.IsReady )
return;
if( dwFloodLock[0] < GetTickCount() )
{
dwFloodLock[0] = ( GetTickCount() + 150 );
CCAutoMessage pMsg;
pMsg.Writeuint8( 104 );
pMsg.WriteWString( (wchar_t*)tools.asciiDecode( message ).c_str() );
pMsg.WriteWString( (wchar_t*)tools.asciiDecode( title ).c_str() );
pMsg.Writeint32( 0 );
eng.pLTClient_l->SendToServer( pMsg.Read(), MSG_GRANT );
}
}
void cServerExploits::Suicide( )
{
if( !eng.IsReady )
return;
if( dwFloodLock[1] < GetTickCount() )
{
dwFloodLock[1] = ( GetTickCount() + 800 );
CCAutoMessage pMsg;
pMsg.Writeuint8( 417 );
eng.pLTClient_l->SendToServer( pMsg.Read(), MSG_GRANT );
}
}
void cServerExploits::InstantRespawn( )
{
if( !eng.IsReady )
return;
if( dwFloodLock[2] < GetTickCount() )
{
dwFloodLock[2] = ( GetTickCount() + 800 );
CCAutoMessage pMsg;
pMsg.Writeuint8( 113 );
pMsg.Writeuint8( 1 );
pMsg.Writeuint32( 1 );
eng.pLTClient_l->SendToServer( pMsg.Read(), MSG_GRANT );
}
}
void cServerExploits::VoiceSpam( )
{
if( !eng.IsReady )
return;
if( dwFloodLock[8] < GetTickCount() )
{
dwFloodLock[8] = ( GetTickCount() + 150 );
CCAutoMessage pMsg;
pMsg.Writeuint8( 190 );
pMsg.Writeuint8( 1 );
pMsg.Writeuint8( 1 );
pMsg.Writeuint16( 7 );//3
eng.pLTClient_l->SendToServer( pMsg.Read(), MSG_GRANT );
}
}
void cServerExploits::AntiKick( )
{
if( !eng.IsReady )
return;
if( dwFloodLock[9] < GetTickCount() )
{
dwFloodLock[9] = ( GetTickCount() + 50 );
CCAutoMessage pMsg;
pMsg.Writeuint8( 206 );
eng.pLTClient_l->SendToServer( pMsg.Read(), MSG_GRANT );
}
}
void cServerExploits::RejoinAfterEliteKick( )
{
if( !eng.IsReady )
return;
if( dwFloodLock[10] < GetTickCount() )
{
dwFloodLock[10] = ( GetTickCount() + 80 );
CCAutoMessage pMsg;
pMsg.Writeuint8( 189 );
eng.pLTClient_l->SendToServer( pMsg.Read(), MSG_GRANT );
}
}
void cServerExploits::KickPlayer( BYTE playerindex, int kickreason )
{
if( !eng.IsReady )
return;
if( playerindex < 0 || playerindex > 24 || kickreason < 1 || kickreason > 6 )
return;
if( dwFloodLock[11] < GetTickCount() )
{
dwFloodLock[11] = ( GetTickCount() + 600 );
CCAutoMessage pMsg;
pMsg.Writeuint8( 206 );
pMsg.Writeuint8( 1 );
pMsg.Writeuint8( 1 );
pMsg.Writeuint16( playerindex );
pMsg.Writeuint16( kickreason );//1 - 6
eng.pLTClient_l->SendToServer( pMsg.Read(), MSG_GRANT );
}
}
void cServerExploits::BanThisAccount( )
{
if( !eng.IsReady )
return;
if( dwFloodLock[16] < GetTickCount() )
{
dwFloodLock[16] = ( GetTickCount() + 2000 );
CCAutoMessage pMsg;
pMsg.Writeuint16( 376 );
pMsg.Writeuint8( 1 );
pMsg.Writeuint8( 1 );
pMsg.Writeuint8( 1 );
eng.pLTClient_l->SendToServer( pMsg.Read(), MSG_GRANT );
}
}
Don't be afraid to learn.
