#Region Decl
$targetProcess = "S4Client.exe"
Dim $iPID, $hHandle, $dwBase, $AllocStat = False, $iOPID, $dwMFunction, $dwBuffer, $dwWA_View, $dwWA_Send, $dwBindStruct, $dwHHook, $dwMessageBuffer
Dim $Array_PlayerID[20]
$Array_PlayerID[0] = 0
;REG - Offsets
$off_CGameManager = 0x16F7090
$off_CTeamManager = 0x16F8DFC
$off_CChatProxy = 0x1713080
;Pattern: 55 8B EC 83 EC 40 89 4D F4 C7 45 F8 00 00 00 00 8B 45 F4 8B 48 08 89 4D E4 8B
$off_GetPlayerIDByIndex = 0xD16030
;Pattern: 55 8B EC 83 EC 20 89 4D F0 8B 45 F0 8B 48 04 89 4D F4 8B 55 F4 8B 45 F4 8B 4A 04 2B 08 C1 F9 02 89 4D E8 C7 45 FC 00 00 00 00 EB 09 8B 55 FC 83 C2 01 89 55 FC 8B 45 FC 3B 45 E8 73 5D (2nd)
$off_GetActorClass = 0x762520
;Pattern: 55 8B EC 83 EC 3C 89 4D F4 C7 45 F8 00 00 00 00 8B 45 F4 8B 48 08 89 4D E4
$off_GetPlayerCountPerTeam = 0xD15E70
;Pattern: 55 8B EC 6A FF 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 83 EC 0C A1 ?? ?? ?? ?? 33 C5 50 8D 45 F4 64 A3 00 00 00 00 C7 45 E8 ?? ?? ?? ?? C6 (8)
$off_GetInstanceGS = 0xAF330
;Pattern: 55 8B EC 51 89 4D FC 8D 45 08 50 68 ?? ?? ?? ?? 6A 01 8B 4D FC E8 ?? ?? ?? ?? 8B C8 E8 ?? ?? ?? ?? 8B E5 5D C2 08
$off_MasterChangeReq = 0xB6E980
$off_SuicideReq = 0xB58460 ;<-
;Pattern: 55 8B EC 83 EC 44 89 4D F4 8D 45 1C 50 8D 4D 14 51
$off_KillReq = 0xB6AC70
;89 11 8B 45 A4 89 41 04 8B 55 A8 89 51 08 66 - E75
$off_SendMessage = 0x393ED0
;$off_WriteAs_ViewHook = 0x390530 ;3909B0
$off_WriteAs_ViewHook = $off_SendMessage + 0xE75
$off_WriteAs_WriteHook = $off_WriteAs_ViewHook + 0x64
$off_ViewPush = $off_WriteAs_ViewHook + 0x17
$off_WritePush = $off_WriteAs_WriteHook + 0x17
;$Spaces = _StringRepeat(" ", 350)
$Spaces = "{M-2000,0}"
;55 8B EC 6A FF 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 83 EC 0C A1 ?? ?? ?? ?? 33 C5 50 8D 45 F4 64 A3 00 00 00 00 C7 45 E8 ?? ?? ?? ?? C6 (6)
$off_GetInstanceCRoom = 0xAF150
;55 8B EC 6A FF 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 81 EC B4 00 00 00 A1 ?? ?? ?? ?? 33 C5 50 8D 45 F4 64 A3 00 00 00 00 89 4D 80 8D 8D 60 FF FF FF
$off_SendBind = 0xBCDD80
;C7 44 24 20 00 00 00 00 8B 4C 24 28 (sec)
$off_HostIDHook = 0xC344F3
$off_HostIDBJ = $off_HostIDHook + 0x8
;0F 84 ?? ?? ?? ?? 8B 95 C4 FE FF FF 83
$off_ChatBypass = 0x3945D8
;55 8B EC 51 89 4D FC 8B 45 FC 83 78 1C 00 75 07 (1)
$off_crash0 = 0xBF19A0
;74 1E 8B 4D 08 51 8B
$off_lvlcheckmain = 0x93DD27
;77 59 8B
$off_lvlchecksec = 0x38FBE0
$off_lvlcheckthrd = $off_lvlchecksec + 0xB
;89 8D 50 FE FF FF 8B 55 BC
$off_S4Bot_Hook = 0xC07EB2
;####################### Files & Settings
$KickList = @

ir & "\KickList.ini"
$dbginfo = @

ir & "\dbginfo.ini"
#EndRegion Decl
Func S4BotAntiCrash()
$page = VirtualAllocEx($hHandle, 0, 128, $MEM_COMMIT, $PAGE_EXECUTE_READWRITE)
$S4Bot_Hook = $dwBase + $off_S4Bot_Hook
$S4Bot_backJump = $S4Bot_Hook + 5
$S4Bot_endJump = $S4Bot_Hook + 0xADF
Local $wByte = "0x898D50FEFFFF83BDC4FEFFFF000F85"
$wByte &= Byte_Reverse(Calc($S4Bot_backJump, $page + 0xD)) & "E9"
$wByte &= Byte_reverse(Calc($S4Bot_endJump, $page + 0x13))
WriteProcessMemory($hHandle, $page, $wByte, "Byte[" & (StringLen($wByte) / 2) - 1 & "]")
;Detour
$wByte = "0xE9" & Byte_Reverse(Calc($page, $S4Bot_Hook)) & "90"
WriteProcessMemory($hHandle, $S4Bot_Hook, $wByte, "Byte[" & (StringLen($wByte) / 2) - 1 & "]")
EndFunc
Func WriteDbgInfo()
;FileDelete("dbginfo.ini")
IniWrite($dbginfo, "S4Client", "base", MakeHex($dwBase))
IniWrite($dbginfo, "S4Client", "ProcessID", $iOPID)
IniWrite($dbginfo, "Allocs", "dwMFunction", MakeHex($dwMFunction))
IniWrite($dbginfo, "Allocs", "dwBuffer", MakeHex($dwBuffer))
IniWrite($dbginfo, "Allocs", "dwWA_View", MakeHex($dwWA_View))
IniWrite($dbginfo, "Allocs", "dwWA_Send", MakeHex($dwWA_Send))
IniWrite($dbginfo, "Allocs", "dwBindStruct", MakeHex($dwBindStruct))
IniWrite($dbginfo, "Allocs", "dwHHook", MakeHex($dwHHook))
IniWrite($dbginfo, "Allocs", "dwMessageBuffer", MakeHex($dwMessageBuffer))
EndFunc
#Region Functions
Func TeleportTo()
$dwLocalActor = ReadProcessMemory($hHandle, $dwBase + $off_CGameManager, "dword")
$dwLocalActor = ReadProcessMemory($hHandle, $dwLocalActor + 0x124)
$dwLocalCCollision = ReadProcessMemory($hHandle, $dwLocalActor + 0x118, "dword")
$iPlayerID = GetSelectedPlayerID()
If $iPlayerID = 0 Then Return 0
$dwCTeamManager = ReadProcessMemory($hHandle, $dwBase + $off_CTeamManager, "dword")
$dwActorClass = Call_GetActorClass($dwCTeamManager, $iPlayerID)
$CCollisionObject = ReadProcessMemory($hHandle, $dwActorClass + 0x118)
$corA = ReadProcessMemory($hHandle, $CCollisionObject + 0x684, "Byte[12]")
WriteProcessMemory($hHandle, $dwLocalCCollision + 0x684, $corA, "Byte[12]")
EndFunc ;==>TeleportTo
Func CCActor()
$iPlayerID = GetSelectedPlayerID()
If $iPlayerID = 0 Then Return 0
$dwCTeamManager = ReadProcessMemory($hHandle, $dwBase + $off_CTeamManager, "dword")
ClipPut(Hex(Call_GetActorClass($dwCTeamManager, $iPlayerID),8))
EndFUnc
#EndRegion BaseFuncs
Func GetInstance()
$dwInstance = ReadProcessMemory($hHandle, $dwBase + $off_CGameManager, "dword")
$dwInstance = ReadProcessMemory($hHandle, $dwInstance + 0x138, "dword")
Return ReadProcessMemory($hHandle, $dwInstance + 0x10, "dword")
EndFunc
Func Call_GetActorClass($ecx, $iPlayerID)
#cs
Structure:
6A 00
68 <playerid>
8B 0D <Byterev: Buffer(instance)>
E8 <Byterev: Calc: GetActorClass>
A3 <Byterev: Buffer(result)>
C3
#ce
Local $wByte = "0x6A0068"
$ret = WriteProcessMemory($hHandle, $dwBuffer, "0x" & Byte_Reverse($ecx), "Byte[4]")
If $ret <> 0 Then
Return 0
EndIf
$wByte &= Byte_Reverse($iPlayerID) & "8B0D"
$wByte &= Byte_Reverse($dwBuffer)
$wByte &= "E8" & Byte_Reverse(Calc($dwBase + $off_GetActorClass, $dwMFunction + 0xD))
$wByte &= "A3" & Byte_Reverse($dwBuffer) & "C3"
$ret = WriteProcessMemory($hHandle, $dwMFunction, $wByte, "Byte[" & StringLen($wByte) / 2 - 1 & "]")
If $ret <> 0 Then
Return 0
EndIf
$ret = DllCall("kernel32.dll", "int", "CreateRemoteThread", "int", $hHandle, "ptr", 0, "int", 0, "int", $dwMFunction, "ptr", 0, "int", 0, "int", 0)
If $ret = 0 Then
Return 0
EndIf
$read = $ecx
Do
$read = ReadProcessMemory($hHandle, $dwBuffer, "int")
Until $read <> $ecx
Return $read
EndFunc ;==>Call_GetActorClass
#EndRegion S4Lib Calls
#Region Other shit
Func Calc($dwCall, $dwAddress, $i = 0)
If Not IsInt($dwCall) Then $dwCall = Dec(StringReplace($dwCall, "0x", ""))
If Not IsInt($dwAddress) Then $dwAddress = Dec(StringReplace($dwAddress, "0x", ""))
If $i = 1 Then
Local $tmp = $dwCall
$dwCall = $dwAddress
$dwAddress = $tmp
EndIf
Return Hex($dwCall - $dwAddress - 5, 8)
EndFunc ;==>Calc
Func Byte_Reverse($sBytes)
;If StringInStr($sBytes, "0x") = 1 Then StringReplace($sBytes, "0x", "")
If IsInt($sBytes) Then
$sBytes = Hex($sBytes, 8)
$sBytes = StringReplace($sBytes, "0x", "")
EndIf
$sBytes = StringReplace($sBytes, "0x", "")
Local $sReversed = ""
For $i = StringLen($sBytes) - 1 To 1 Step -2
$sReversed &= StringMid($sBytes, $i, 2)
Next
Return $sReversed
EndFunc ;==>Byte_Reverse
Func MakeHex($Val)
If StringInStr($Val, "0x") = 0 And IsInt($Val) = 0 Then Return "0x" & $Val
If IsInt($Val) Then Return "0x" & Hex($Val,8)
Return $Val
EndFunc
#EndRegion Other shit