1. Forums /
  2. Top Games /
  3. Call of Duty Series /
  4. Call of Duty: Black Ops /
  5. Black Ops Mods, Patches and Tutorials /
  6. : [C++] Explosive Bullets
Post: [C++] Explosive Bullets
10-10-2017, 05:55 PM #1
-JM-'s Avatar
-JM-
Space Ninja
(adsbygoogle = window.adsbygoogle || []).push({}); I'm back b***es!
Dear script kiddies and Hackers, I present to you Explosive Bullets in C++ for SPRX.
I googled it and never found it for SPRX so here.

But before, here's a reminder.(you can skip this)
I been quite busy with life.
However, I intend to stay active. I will try to share almost everything that I know because this can be ported to various different Games and platform.
If you need help hit me up. I am very friendly and easy going if you got the skills to pay the bills. I can't really help people with RTM(C#) on the other hand I kickass at C++, PPC,IDA,etc.
I only mod Black Ops!

Now back to the Release. As I mentioned earlier I don't have much time so the code I'm sharing today is very messy and could be optimised.
I asked 01cedricv2 to take a look if he does I'll update the thread but if not you guys can pitch in too.
The code doesn't freeze and is commented on my pastebin. Enjoy

it would be cool if someone shares the other weapondef as I don't have time to dump their offsets...




    

bool ExplosiveBullet[18];

struct weaponParms

{

char unk[0x3C];

int weapVariantDef;

int weapDef;

};

char TESTWPJM[] = { 0x3F, 0x59, 0x20, 0x22, 0xBF, 0x07, 0x9E, 0x73, 0x39, 0xD9, 0x68, 0x88, 0xBF, 0x07, 0x9E, 0x74, 0xBF, 0x59, 0x20, 0x23, 0x80, 0x00, 0x00, 0x00, 0xB9, 0xB8, 0x64, 0xE6, 0x39, 0x66, 0x59, 0x61, 0x3F, 0x7F, 0xFF, 0xFF, 0xC4, 0xC9, 0xA4, 0xA3, 0x44, 0xF4, 0x01, 0x89, 0x44, 0x15, 0x7E, 0xB9, 0x01, 0x2A, 0xB2, 0x90, 0x00, 0x00, 0x00, 0x00, 0xD0, 0x0F, 0x4F, 0xB0, 0x01, 0x17, 0x3D, 0x4C, 0x32, 0xAC, 0x2F, 0xE4};

void SetMemory(int Address,char* bytes,int length) 

{

for (int i = 0; i < length; i++)

{

*(char*)(Address + (i)) = bytes[i];

}

}





void Bullet_Fire_Stub(int attacker, float spread, weaponParms *wp, int weaponEnt, int gameTime)

{

__nop();

__nop();

__nop();

__nop();

__nop();

__nop();

__nop();

}

void Bullet_Fire_Hook(int attacker, float spread, weaponParms *wp, int weaponEnt, int gameTime)

{

int client = (attacker-0x12AB290)/0x2F8;

if(client < 1Cool Man (aka Tustin)

{

if(ExplosiveBullet[client] == true)

{

SetMemory((int)&TESTWPJM,(char*)wp,0x3C);

((void(*)(int, unsigned int, float,weaponParms *,const float *,int, const float *,int,int))&ParseAddr(0x37851Cool Man (aka Tustin))(0x12AB290 + (client * 0x2FCool Man (aka Tustin),0x0665,2,(weaponParms *)TESTWPJM,(float*)0x924700,0,0,0x13950C8+(client * 0x2A3Cool Man (aka Tustin),0x13950C8+(client * 0x2A3Cool Man (aka Tustin));

}

}

Bullet_Fire_Stub(attacker, spread, wp, weaponEnt, gameTime);

}

int32_t sys_dbg_read_process_memory(uint64_t address, void *data, size_t size)

{

system_call_4(904, (uint64_t)sys_process_getpid(), address, size, (uint64_t)data);

return_to_user_prog(int32_t);

}



template

int32_t ReadProcessMemory(uint32_t address, T data, size_t size)

{

return sys_dbg_read_process_memory(address, &data, size);

}



int32_t sys_dbg_write_process_memory(uint64_t address, const void *data, size_t size)

{

system_call_4(905, (uint64_t)sys_process_getpid(), address, size, (uint64_t)data);

return_to_user_prog(int32_t);

}



template

int32_t WriteProcessMemory(uint32_t address, const T value, size_t size)

{

return sys_dbg_write_process_memory(address, &value, size);

}

void HookFunctionStart(uint32_t functionStartAddress, uint32_t newFunction, uint32_t functionStub)

{

uint32_t normalFunctionStub[8], hookFunctionStub[4];

sys_dbg_read_process_memory(functionStartAddress, normalFunctionStub, 0x10);

normalFunctionStub[4] = 0x3D600000 + ((functionStartAddress + 0x10 >> 16) & 0xFFFF);

normalFunctionStub[5] = 0x616B0000 + (functionStartAddress + 0x10 & 0xFFFF);

normalFunctionStub[6] = 0x7D6903A6;

normalFunctionStub[7] = 0x4E800420;

sys_dbg_write_process_memory(functionStub, normalFunctionStub, 0x20);

hookFunctionStub[0] = 0x3D600000 + ((newFunction >> 16) & 0xFFFF);

hookFunctionStub[1] = 0x616B0000 + (newFunction & 0xFFFF);

hookFunctionStub[2] = 0x7D6903A6;

hookFunctionStub[3] = 0x4E800420;

sys_dbg_write_process_memory(functionStartAddress, hookFunctionStub, 0x10);

}



HookFunctionStart(0x2B8400, *(uint32_t*)Bullet_Fire_Hook, *(uint32_t*)Bullet_Fire_Stub);


here is a pastebin link where the code is commented from A to B baby Winky Winky
You must login or register to view this content.

From SC58 Full weapon def structure
You must login or register to view this content.
Last edited by -JM- ; 10-12-2017 at 02:24 PM.

The following 7 users say thank you to -JM- for this useful post:

Father Luckeyy, Hydrogen, lucasaf01, luckky.bills, S63, TheGreenPlanet, UnholyTalonTSi
10-16-2017, 07:40 AM #11
CallMeDex's Avatar
CallMeDex
Gym leader
This is sick af

The following user thanked CallMeDex for this useful post:

-JM-

Copyright © 2024, NextGenUpdate.
All Rights Reserved.

Gray NextGenUpdate Logo