Post: RPC [ Remote Procedure Call ] + G_Client + Cheat protection + Dvars Dum
Options
03-21-2016, 09:06 PM
#1
Indie Developer
Reverse Engineer
Dvar Dump : You must login or register to view this content. --> Remember for use non-host dvars like cg_fov , camera_thirdperson and other things you need to Disable Dvar Cheat Protection , i also release the address + byte at the bottom of page :p
Remote Procedure Call
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using PS3Lib;
using System.Threading;
using Demonware_v3;
namespace Demonware_v3
{
class RPC
{
public static PS3API PS3 = new PS3API();
public static uint function_address = 0x3D0388;
public static int Init()
{
if (function_address == 0) return -1;
Enable_RPC();
return 0;
}
public static void Enable_RPC()
{
PS3.SetMemory(function_address, new byte[] { 0x4E, 0x80, 0x00, 0x20 });
System.Threading.Thread.Sleep(20);
byte[] func = new byte[] { 0x7C, 0x08, 0x02, 0xA6, 0xF8, 0x01, 0x00, 0x80, 0x3C, 0x60, 0x10, 0x05, 0x81, 0x83, 0x00, 0x4C, 0x2C, 0x0C, 0x00, 0x00, 0x41, 0x82, 0x00, 0x64, 0x80, 0x83, 0x00, 0x04, 0x80, 0xA3, 0x00, 0x08, 0x80, 0xC3, 0x00, 0x0C, 0x80, 0xE3, 0x00, 0x10, 0x81, 0x03, 0x00, 0x14, 0x81, 0x23, 0x00, 0x18, 0x81, 0x43, 0x00, 0x1C, 0x81, 0x63, 0x00, 0x20, 0xC0, 0x23, 0x00, 0x24, 0xC0, 0x43, 0x00, 0x28, 0xC0, 0x63, 0x00, 0x2C, 0xC0, 0x83, 0x00, 0x30, 0xC0, 0xA3, 0x00, 0x34, 0xC0, 0xC3, 0x00, 0x38, 0xC0, 0xE3, 0x00, 0x3C, 0xC1, 0x03, 0x00, 0x40, 0xC1, 0x23, 0x00, 0x48, 0x80, 0x63, 0x00, 0x00, 0x7D, 0x89, 0x03, 0xA6, 0x4E, 0x80, 0x04, 0x21, 0x3C, 0x80, 0x10, 0x05, 0x38, 0xA0, 0x00, 0x00, 0x90, 0xA4, 0x00, 0x4C, 0x90, 0x64, 0x00, 0x50, 0xE8, 0x01, 0x00, 0x80, 0x7C, 0x08, 0x03, 0xA6, 0x38, 0x21, 0x00, 0x70, 0x4E, 0x80, 0x00, 0x20 };
PS3.SetMemory(function_address + 0x4, func);
PS3.SetMemory(0x10050000, new byte[0x2854]);
PS3.SetMemory(function_address, new byte[] { 0xF8, 0x21, 0xFF, 0x91 });
}
public static int Call(uint func_address, params object[] parameters)
{
int num_params = parameters.Length;
uint num_floats = 0;
for (uint i = 0; i < num_params; i++)
{
if (parameters[i] is int)
{
byte[] val = BitConverter.GetBytes((int)parameters[i]);
Array.Reverse(val);
PS3.SetMemory(0x10050000 + (i + num_floats) * 4, val);
}
else if (parameters[i] is uint)
{
byte[] val = BitConverter.GetBytes((uint)parameters[i]);
Array.Reverse(val);
PS3.SetMemory(0x10050000 + (i + num_floats) * 4, val);
}
else if (parameters[i] is string)
{
byte[] str = Encoding.UTF8.GetBytes(Convert.ToString(parameters[i]) + "\0");
PS3.SetMemory(0x10050054 + i * 0x400, str);
uint addr = 0x10050054 + i * 0x400;
byte[] address = BitConverter.GetBytes(addr);
Array.Reverse(address);
PS3.SetMemory(0x10050000 + (i + num_floats) * 4, address);
}
else if (parameters[i] is float)
{
num_floats++;
byte[] val = BitConverter.GetBytes((float)parameters[i]);
Array.Reverse(val);
PS3.SetMemory(0x10050024 + ((num_floats - 1) * 0x4), val);
}
}
byte[] fadd = BitConverter.GetBytes(func_address);
Array.Reverse(fadd);
PS3.SetMemory(0x1005004C, fadd);
System.Threading.Thread.Sleep(20);
byte[] ret = PS3.Extension.ReadBytes(0x10050050, 4);
Array.Reverse(ret);
return BitConverter.ToInt32(ret, 0);
}
public static void iPrintln(int client, string text)
{
SV_GameSendServerCommand(client, "< \"" + text + "\"");
}
public static void iPrintlnBold(int client, string text)
{
SV_GameSendServerCommand(client, "O \"" + text + "\"");
}
public static void SV_GameSendServerCommand(int client, string command)
{
object[] parameters = new object[] { client, 0, command + "\"" };
Call(0x5E96B4, parameters);
}
public static void Cbuf_AddText(String Command)
{
Call(0x5AE95C, 0, Command);
}
}
}
Mirror : You must login or register to view this content.
G_Client Hax :
G_Client : 0x18C6220
ClientInterval : 0x6200
G_Name : 0x5D24
Speed : 0x18CAE18 OFF 0x3F , 0x80
ammoPrimary : 0x018C556A
ammoPrimary : 0x018C55A6
ammoSecondary : 0x018C556E
ammoSecondary : 0x018C55AA
Tactical : 0x018C55AF
Lethal : 0x018C55B3
Lag : 0x18CAD47
Invisible : 0x18C567B
Uav : 0x18CAF1F
Freeze : 0x18C5024
changeWeapon : 0x18C532B
Usefull Address Multiplayer :
Cbuf_AddText : 0x5AE95C
R_SetFrameFog : 0x3D0388
Sv_GameSendServerCommand : 0x5E96B4
Sv_MapRestart : 0x5E2044
SetClientViewAngle : 0x2EF250
G_SetModel : 0x38F454
Src_PlayerKilled : 0x314898
G_Spawn : 0x391F9C
G_Entity : 0x17FE420 Size : 0x350Usefull Address :
opd_s AimTarget_isTargetVisible_t = { 0x00036700, TOC }; // 1.06
opd_s AimTarget_GetTagPos_t = { 0x00036458 / 0x0003BEAC, TOC }; // 1.06
opd_s SL_GetString_t = { 0x001B5B28, TOC }; // 1.06
opd_s CG_IsEntityFriendlyNotEnemy_t = { 0x00089BD8, TOC }; // 1.06
opd_s Material_RegisterHandle_t = { Addr::Material_RegisterHandle, TOC }; // 1.04
opd_s R_RegisterFont_t = { Addr::R_RegisterFont, TOC }; // 1.04
opd_s Cbuf_AddText_t = { 0x005AE95C, TOC }; // 1.06
opd_s R_AddCmdDrawStretchPicRotateXY_t = { Addr::R_AddCmdDrawStretchPicRotateXY, TOC }; // 1.04
opd_s R_AddCmdDrawTextInternal_t = { Addr::R_AddCmdDrawText, TOC }; // 1.04
opd_s R_AddCmdDrawStretchPicInternal_t = { Addr::R_AddCmdDrawStretchPic, TOC }; // 1.04
opd_s Atan_t = { 0x00913998, TOC }; // 1.06
opd_s WorldPosToScreenPos_t = { 0x000B8E68, TOC }; // 1.06
enum Addresses
{
R_SetFrameFog = 0x3D0B28 , // 1.06
R_RegisterFont = 0x00400C94, // 1.06
Material_RegisterHandle = 0x00409C5C, // 1.06
R_AddCmdDrawStretchPic = 0x00411100 / / 0x00411298, // 1.06
R_AddCmdDrawText = 0x00411550, // 1.06
R_AddCmdDrawStretchPicRotateXY = 0x00411100 / 0x00411298, // 1.06
Key_IsDown = 0x001D6654, // 1.06Cheat Protection Multiplayer :
0x630E4C // 38 60 00 00
0x630E24 // 60 00 00 00
0x6281D4 // 60 00 00 00Credits :
Indie Developer : A lot of Hax
NickBeHaxing : Zombie Cheat Protection 1.04 ( Thank you , i update for Zombie 1.06 and port it for Multiplayer )
Sabotage & John: Addresses
Choco: RPC
Last edited by
Indie Developer ; 04-05-2016 at 12:41 PM.
The following 4 users say thank you to Indie Developer for this useful post:
03-21-2016, 09:34 PM
#2
PSNServices
Are you high?
03-21-2016, 10:09 PM
#3
Indie Developer
Reverse Engineer
03-21-2016, 10:09 PM
#4
PSNServices
Are you high?
The following user thanked Indie Developer for this useful post:
03-25-2016, 12:11 AM
#7
Kas
Guest
Originally posted by Indie
After my tool is cracked , i think it's time to release a lot of address and function , for the good of all
Dvar Dump : You must login or register to view this content. --> Remember for use non-host dvars like cg_fov , camera_thirdperson and other things you need to Disable Dvar Cheat Protection , i also release the address + byte at the bottom of page :p
Remote Procedure Call
Mirror : You must login or register to view this content.
G_Client Hax :
Usefull Address Multiplayer :
Usefull Address :
Cheat Protection Multiplayer :
Demonware Antiban
Credits :
Indie Developer : A lot of Hax
NickBeHaxing : Zombie Cheat Protection 1.04 ( Thank you , i update for Zombie 1.06 and port it for Multiplayer )
Sabotage & John: Addresses
Choco: RPC
Dvar Dump : You must login or register to view this content. --> Remember for use non-host dvars like cg_fov , camera_thirdperson and other things you need to Disable Dvar Cheat Protection , i also release the address + byte at the bottom of page :p
Remote Procedure Call
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using PS3Lib;
using System.Threading;
using Demonware_v3;
namespace Demonware_v3
{
class RPC
{
public static PS3API PS3 = new PS3API();
public static uint function_address = 0x3D0388;
public static int Init()
{
if (function_address == 0) return -1;
Enable_RPC();
return 0;
}
public static void Enable_RPC()
{
PS3.SetMemory(function_address, new byte[] { 0x4E, 0x80, 0x00, 0x20 });
System.Threading.Thread.Sleep(20);
byte[] func = new byte[] { 0x7C, 0x08, 0x02, 0xA6, 0xF8, 0x01, 0x00, 0x80, 0x3C, 0x60, 0x10, 0x05, 0x81, 0x83, 0x00, 0x4C, 0x2C, 0x0C, 0x00, 0x00, 0x41, 0x82, 0x00, 0x64, 0x80, 0x83, 0x00, 0x04, 0x80, 0xA3, 0x00, 0x08, 0x80, 0xC3, 0x00, 0x0C, 0x80, 0xE3, 0x00, 0x10, 0x81, 0x03, 0x00, 0x14, 0x81, 0x23, 0x00, 0x18, 0x81, 0x43, 0x00, 0x1C, 0x81, 0x63, 0x00, 0x20, 0xC0, 0x23, 0x00, 0x24, 0xC0, 0x43, 0x00, 0x28, 0xC0, 0x63, 0x00, 0x2C, 0xC0, 0x83, 0x00, 0x30, 0xC0, 0xA3, 0x00, 0x34, 0xC0, 0xC3, 0x00, 0x38, 0xC0, 0xE3, 0x00, 0x3C, 0xC1, 0x03, 0x00, 0x40, 0xC1, 0x23, 0x00, 0x48, 0x80, 0x63, 0x00, 0x00, 0x7D, 0x89, 0x03, 0xA6, 0x4E, 0x80, 0x04, 0x21, 0x3C, 0x80, 0x10, 0x05, 0x38, 0xA0, 0x00, 0x00, 0x90, 0xA4, 0x00, 0x4C, 0x90, 0x64, 0x00, 0x50, 0xE8, 0x01, 0x00, 0x80, 0x7C, 0x08, 0x03, 0xA6, 0x38, 0x21, 0x00, 0x70, 0x4E, 0x80, 0x00, 0x20 };
PS3.SetMemory(function_address + 0x4, func);
PS3.SetMemory(0x10050000, new byte[0x2854]);
PS3.SetMemory(function_address, new byte[] { 0xF8, 0x21, 0xFF, 0x91 });
}
public static int Call(uint func_address, params object[] parameters)
{
int num_params = parameters.Length;
uint num_floats = 0;
for (uint i = 0; i < num_params; i++)
{
if (parameters[i] is int)
{
byte[] val = BitConverter.GetBytes((int)parameters[i]);
Array.Reverse(val);
PS3.SetMemory(0x10050000 + (i + num_floats) * 4, val);
}
else if (parameters[i] is uint)
{
byte[] val = BitConverter.GetBytes((uint)parameters[i]);
Array.Reverse(val);
PS3.SetMemory(0x10050000 + (i + num_floats) * 4, val);
}
else if (parameters[i] is string)
{
byte[] str = Encoding.UTF8.GetBytes(Convert.ToString(parameters[i]) + "\0");
PS3.SetMemory(0x10050054 + i * 0x400, str);
uint addr = 0x10050054 + i * 0x400;
byte[] address = BitConverter.GetBytes(addr);
Array.Reverse(address);
PS3.SetMemory(0x10050000 + (i + num_floats) * 4, address);
}
else if (parameters[i] is float)
{
num_floats++;
byte[] val = BitConverter.GetBytes((float)parameters[i]);
Array.Reverse(val);
PS3.SetMemory(0x10050024 + ((num_floats - 1) * 0x4), val);
}
}
byte[] fadd = BitConverter.GetBytes(func_address);
Array.Reverse(fadd);
PS3.SetMemory(0x1005004C, fadd);
System.Threading.Thread.Sleep(20);
byte[] ret = PS3.Extension.ReadBytes(0x10050050, 4);
Array.Reverse(ret);
return BitConverter.ToInt32(ret, 0);
}
public static void iPrintln(int client, string text)
{
SV_GameSendServerCommand(client, "< \"" + text + "\"");
}
public static void iPrintlnBold(int client, string text)
{
SV_GameSendServerCommand(client, "O \"" + text + "\"");
}
public static void SV_GameSendServerCommand(int client, string command)
{
object[] parameters = new object[] { client, 0, command + "\"" };
Call(0x5E96B4, parameters);
}
public static void Cbuf_AddText(String Command)
{
Call(0x5AE95C, 0, Command);
}
}
}
Mirror : You must login or register to view this content.
G_Client Hax :
G_Client : 0x18C5020
ClientInterval : 0x6200
G_Name : 0x5D24
Speed : 0x18CAE18 OFF 0x3F , 0x80
ammoPrimary : 0x018C556A
ammoPrimary : 0x018C55A6
ammoSecondary : 0x018C556E
ammoSecondary : 0x018C55AA
Tactical : 0x018C55AF
Lethal : 0x018C55B3
Lag : 0x18CAD47
Invisible : 0x18C567B
Uav : 0x18CAF1F
Freeze : 0x18C5024
changeWeapon : 0x18C532B
Usefull Address Multiplayer :
Cbuf_AddText : 0x5AE95C
R_SetFrameFog : 0x3D0388
Sv_GameSendServerCommand : 0x5E96B4
Sv_MapRestart : 0x5E2044
SetClientViewAngle : 0x2EF250
G_SetModel : 0x38F454
Src_PlayerKilled : 0x314898
G_Spawn : 0x391F9C
G_Entity : 0x17FE420 Size : 0x350Usefull Address :
opd_s AimTarget_isTargetVisible_t = { 0x00036700, TOC }; // 1.06
opd_s AimTarget_GetTagPos_t = { 0x00036458 / 0x0003BEAC, TOC }; // 1.06
opd_s SL_GetString_t = { 0x001B5B28, TOC }; // 1.06
opd_s CG_IsEntityFriendlyNotEnemy_t = { 0x00089BD8, TOC }; // 1.06
opd_s Material_RegisterHandle_t = { Addr::Material_RegisterHandle, TOC }; // 1.04
opd_s R_RegisterFont_t = { Addr::R_RegisterFont, TOC }; // 1.04
opd_s Cbuf_AddText_t = { 0x005AE95C, TOC }; // 1.06
opd_s R_AddCmdDrawStretchPicRotateXY_t = { Addr::R_AddCmdDrawStretchPicRotateXY, TOC }; // 1.04
opd_s R_AddCmdDrawTextInternal_t = { Addr::R_AddCmdDrawText, TOC }; // 1.04
opd_s R_AddCmdDrawStretchPicInternal_t = { Addr::R_AddCmdDrawStretchPic, TOC }; // 1.04
opd_s Atan_t = { 0x00913998, TOC }; // 1.06
opd_s WorldPosToScreenPos_t = { 0x000B8E68, TOC }; // 1.06
enum Addresses
{
R_SetFrameFog = 0x000x3D0388 , // 1.06
R_RegisterFont = 0x00400C94, // 1.06
Material_RegisterHandle = 0x00409C5C, // 1.06
R_AddCmdDrawStretchPic = 0x00411100 / / 0x00411298, // 1.06
R_AddCmdDrawText = 0x00411550, // 1.06
R_AddCmdDrawStretchPicRotateXY = 0x00411100 / 0x00411298, // 1.06
Key_IsDown = 0x001D523C, // 1.06Cheat Protection Multiplayer :
0x630D84 // 60 00 00 00
0x630D5C // 60 00 00 00
0x62810C // 38 60 00 00Demonware Antiban
Antiban1 : 0x7C4758 // 60 00 00 00
Antiban2 : 0x7C4660 // 60 00 00 00Credits :
Indie Developer : A lot of Hax
NickBeHaxing : Zombie Cheat Protection 1.04 ( Thank you , i update for Zombie 1.06 and port it for Multiplayer )
Sabotage & John: Addresses
Choco: RPC
Added credits to a few people as all you did was update them and not find most of them.
03-25-2016, 09:48 AM
#8
Indie Developer
Reverse Engineer
03-31-2016, 09:50 PM
#9
FFM | iMoDzRGFR
Are you high?
Add this =>
Protection against banishment
0x7C4758 => 0x60,0,0,0
0x7C4660 => 0x60,0,0,0
Who banished the player function
0x1D956C => 0x60,0,0,0
0x63A04C => 0x60,0,0,0
= 0x554564 > 0x60,0,0,0
0x4AA268 => 0x60,0,0,0
= 0x610730 > 0x60,0,0,0
Stop Demonware the call ( the call to banishment )
0x5AE95C => 0x60,0,0,0
Protection against banishment
0x7C4758 => 0x60,0,0,0
0x7C4660 => 0x60,0,0,0
Who banished the player function
0x1D956C => 0x60,0,0,0
0x63A04C => 0x60,0,0,0
= 0x554564 > 0x60,0,0,0
0x4AA268 => 0x60,0,0,0
= 0x610730 > 0x60,0,0,0
Stop Demonware the call ( the call to banishment )
0x5AE95C => 0x60,0,0,0
The following 2 users say thank you to FFM | iMoDzRGFR for this useful post:
The following user thanked Ethen for this useful post:
Copyright © 2024, NextGenUpdate.
All Rights Reserved.
