today I found some Source Codes for CA Hacks, and I want to share it with you.
Local Player Structs
Code:
377B0858 // Local Pointer for CA NA class Main; class Info; class Stats; class WepInfo; class Something; class Main { public: Info* goToInfoClass; //0000 }; class Info { public: char unknown0[8]; __int32 Unknown1; //0008 __int32 iCurrentHealth; //000C char unknown2[4]; __int32 iMaxHealth; //0014 char unknown3[4]; WepInfo* goToWepInfo;//001C Something* goToSomething; //0020 char unknown4[348]; float fStamina; //0180 char unknown5[8]; __int32 iWeaponSlotInUse; //018C float fCameraSomething; //0190 float fCameraSomething2; //0194 float fCameraSomething3; //0198 char unknown6[32]; Stats* goToStats; //01BC }; class WepInfo { public: __int32 iBackPackABulletsLeft; //0000 __int32 i2ndaryBulletsLeft; //0004 __int32 Unknown0; //0008 __int32 iGrenadesLeft; //000C __int32 iBackPackBBulletsLeft; //0010 }; class Stats { public: char unknown0[16]; char szLocalNameChangesInKill[16]; //0010 char unknown1[12]; __int32 iKills; //002C __int32 iDeaths; //0030 char unknown2[44]; __int32 iHeadShots; //0060 }; class Something { public: BYTE bIsAlive; //0000 };
Windowed mode, Speed/Jump, No Recoil
Code:
typedef void (*SetConsoleCmdInt_t)(char* Cmd, int myint); SetConsoleCmdInt_t SetConsoleCmdInt; DWORD NORECOIL = 0x5C0EF2; DWORD dwCShell = NULL; while ( dwCShell == NULL ) { dwCShell = ( DWORD ) GetModuleHandle( "CShell.dll" ); Sleep( 250 ); } SetConsoleCmdInt= (SetConsoleCmdInt_t) (dwCShell + (0x583F60-0x420000)); SetConsoleCmdInt("windowed",1); //nametags MemWrite(( void* )( dwCShell + 0x63990 ), "\xE9\xB6\x00\x00\x00\x90", 6 ); //recoil MemWrite(( void* )( dwCShell + (NORECOIL-0x420000) ), "\x90\x90\x90\x90\x90", 5 ); SetConsoleCmdInt("FallDamageMin",0); SetConsoleCmdInt("FallDamageMax",0); bool MemWrite( void * pDest, char * szPatch, size_t sSize ) { DWORD dwOrgProtect = NULL; if ( !VirtualProtect ( pDest, sSize, PAGE_EXECUTE_READWRITE, &dwOrgProtect )) return FALSE; memcpy( pDest, szPatch, sSize ); VirtualProtect( pDest, sSize, dwOrgProtect, NULL ); return TRUE; }
Windowed Mode
Code:
// Global CILTClient * gILTClient = ( CILTClient* ) NULL; // Function void _cdecl hConsoleCMD( const char * szCommand ) { _asm { MOV EAX, DWORD PTR DS:[g_pILTClient]; PUSH szCommand; CALL DWORD PTR [EAX + 0x208]; ADD ESP, 0x4; } } // Thread DWORD WINAPI dwSleepThread( LPVOID lpArgs ) { DWORD dwCShell = NULL; while ( !dwCShell ) { Sleep( 100 ); dwCShell = ( DWORD ) GetModuleHandle( "CShell.dll" ); } if ( gILTClient == NULL ) { MemRead(( void* )( dwCShell + ( 0x803050 - 0x420000 )), &gILTClient, 4 ); } Sleep( 1500 ); while ( gILTClient != NULL ) { static bool bDoOnce = TRUE; if ( bDoOnce == TRUE ) { bDoOnce = FALSE; hConsoleCMD( "windowed 1" ); AddLog( "ILTClient: 0x%.8X", ( DWORD ) gILTClient ); } } return FALSE; }
Weapon/Rank/Character Hack
Code:
if((*(BYTE *)GameStatus == 1)){ Msg.Writeuint8(114); Msg.Writeuint8(0); //1 Msg.Writeuint8(0); //2 Msg.Writeuint8(0); //3 Msg.Writeuint8(0); //4 Msg.Writeuint8(0); //5 Msg.Writeuint8(0); //6 Msg.Writeuint8(0); //7 Msg.Writeuint8(0); //8 Msg.Writeuint8(0); //9 Msg.Writeuint8(0); //10 Msg.Writeuint8(0); //11 Msg.Writeuint8(0); //12 Msg.Writeuint8(0); //13 Msg.Writeuint8(0); //14 Msg.Writeuint8(0); //15 Msg.Writeuint8(23); //16 Character //23 is viper // Character by mmbob or DrUnKeN ChEeTaH Msg.Writeuint8(1); Msg.Writeuint8(0); Msg.Writeuint8(51); //19 Rank // Rank by mmbob or DrUnKeN ChEeTaH Msg.Writeuint8(1); // 20 Msg.Writeuint8(0); // 21 Msg.Writeuint8(0); Msg.Writeuint8(0); Msg.Writeuint8(3); Msg.Writeuint8(1); Msg.Writeuint8(255); Msg.Writeuint8(3); Msg.Writeuint8(0); Msg.Writeuint8(255); Msg.Writeuint8(0); Msg.Writeuint8(0); Msg.Writeuint8(255); Msg.Writeuint8(0); Msg.Writeuint8(0); Msg.Writeuint8(255); Msg.Writeuint8(0); Msg.Writeuint8(0); Msg.Writeuint8(0); Msg.Writeuint8(0); Msg.Writeuint8(3); Msg.Writeuint8(19); Msg.Writeuint8(0); Msg.Writeuint8(0); Msg.Writeuint8(47); Msg.Writeuint8(68); Msg.Writeuint8(114); Msg.Writeuint8(89); Msg.Writeuint8(3); Msg.Writeuint8(0); Msg.Writeuint8(4); Msg.Writeuint8(106); Msg.Writeuint8(0); Msg.Writeuint8(255); Msg.Writeuint8(255); Msg.Writeuint8(255); Msg.Writeuint8(254); Msg.Writeuint8(255); Msg.Writeuint8(254); Msg.Writeuint8(255); Msg.Writeuint8(254); Msg.Writeuint8(255); Msg.Writeuint8(24); Msg.Writeuint8(0); Msg.Writeuint8(255); Msg.Writeuint8(1); Msg.Writeuint16(209); // Weapon Spawn by PerfecBR pSendToServer(Msg.Read(), MESSAGE_GUARANTEED); }
if you want to use another character, change the value in //16, starting at 0 to 60 or lower value to ensure the security of your account. to use a rank higher than is just visual, change the value //19, starting at 0 to 58 if I remember well, in 58 it seems that GM is shown. in the last parameter, change the value 209 for a value less than or greater and the weapon will be changed.
each time you make a change it will be necessary to send the ID with the changes in parameters.
you change the 209 with the weapon you want, equally the old weapon.
Invisible(ghost) Mode
Code:
void cServerExploits::SpamMessage( char *title, char *message ) { if( !eng.IsReady ) return; if( dwFloodLock[0] < GetTickCount() ) { dwFloodLock[0] = ( GetTickCount() + 150 ); CCAutoMessage pMsg; pMsg.Writeuint8( 104 ); pMsg.WriteWString( (wchar_t*)tools.asciiDecode( message ).c_str() ); pMsg.WriteWString( (wchar_t*)tools.asciiDecode( title ).c_str() ); pMsg.Writeint32( 0 ); eng.pLTClient_l->SendToServer( pMsg.Read(), MSG_GRANT ); } } void cServerExploits::Suicide( ) { if( !eng.IsReady ) return; if( dwFloodLock[1] < GetTickCount() ) { dwFloodLock[1] = ( GetTickCount() + 800 ); CCAutoMessage pMsg; pMsg.Writeuint8( 417 ); eng.pLTClient_l->SendToServer( pMsg.Read(), MSG_GRANT ); } } void cServerExploits::InstantRespawn( ) { if( !eng.IsReady ) return; if( dwFloodLock[2] < GetTickCount() ) { dwFloodLock[2] = ( GetTickCount() + 800 ); CCAutoMessage pMsg; pMsg.Writeuint8( 113 ); pMsg.Writeuint8( 1 ); pMsg.Writeuint32( 1 ); eng.pLTClient_l->SendToServer( pMsg.Read(), MSG_GRANT ); } } void cServerExploits::VoiceSpam( ) { if( !eng.IsReady ) return; if( dwFloodLock[8] < GetTickCount() ) { dwFloodLock[8] = ( GetTickCount() + 150 ); CCAutoMessage pMsg; pMsg.Writeuint8( 190 ); pMsg.Writeuint8( 1 ); pMsg.Writeuint8( 1 ); pMsg.Writeuint16( 7 );//3 eng.pLTClient_l->SendToServer( pMsg.Read(), MSG_GRANT ); } } void cServerExploits::AntiKick( ) { if( !eng.IsReady ) return; if( dwFloodLock[9] < GetTickCount() ) { dwFloodLock[9] = ( GetTickCount() + 50 ); CCAutoMessage pMsg; pMsg.Writeuint8( 206 ); eng.pLTClient_l->SendToServer( pMsg.Read(), MSG_GRANT ); } } void cServerExploits::RejoinAfterEliteKick( ) { if( !eng.IsReady ) return; if( dwFloodLock[10] < GetTickCount() ) { dwFloodLock[10] = ( GetTickCount() + 80 ); CCAutoMessage pMsg; pMsg.Writeuint8( 189 ); eng.pLTClient_l->SendToServer( pMsg.Read(), MSG_GRANT ); } } void cServerExploits::KickPlayer( BYTE playerindex, int kickreason ) { if( !eng.IsReady ) return; if( playerindex < 0 || playerindex > 24 || kickreason < 1 || kickreason > 6 ) return; if( dwFloodLock[11] < GetTickCount() ) { dwFloodLock[11] = ( GetTickCount() + 600 ); CCAutoMessage pMsg; pMsg.Writeuint8( 206 ); pMsg.Writeuint8( 1 ); pMsg.Writeuint8( 1 ); pMsg.Writeuint16( playerindex ); pMsg.Writeuint16( kickreason );//1 - 6 eng.pLTClient_l->SendToServer( pMsg.Read(), MSG_GRANT ); } } void cServerExploits::BanThisAccount( ) { if( !eng.IsReady ) return; if( dwFloodLock[16] < GetTickCount() ) { dwFloodLock[16] = ( GetTickCount() + 2000 ); CCAutoMessage pMsg; pMsg.Writeuint16( 376 ); pMsg.Writeuint8( 1 ); pMsg.Writeuint8( 1 ); pMsg.Writeuint8( 1 ); eng.pLTClient_l->SendToServer( pMsg.Read(), MSG_GRANT ); } }