Author Topic: found so far in 1.41  (Read 644 times)

0 Members and 1 Guest are viewing this topic.

[TKC] ~<{LTC}>~

  • Master Heckler
  • *****
  • Posts: 2781
    • View Profile
found so far in 1.41
« on: January 04, 2004, 03:07:41 am »
tintin

Using artmoney you can fill every slot you have (like 10) with any weapon you want. This includes the m79. However as before the m79 does not appear to shoot . You can fill the slots with medbags and ammobags and tons of grenades tho .

I can get the superjump to work, however I cant find the the mem spots to adjust the damage you take when falling yet.

The other problem is these are all dynamic addresses, so every time you load a map you have to refind them and set them.

I have only spent a few hours on this. Hopefully I can find more stuff.

--------------------------------------------------------------------------------------
[TKC]Mullah Omar

And this is when hradba is toggled on?
If yes, have you extracted the game for the superjump?
--------------------------------------------------------------------------------------
tintin

Yes they both work with hradba running. The trick is to search for the float 4 byte values 6.5 immediately followed by a .1 . This will return values for several instances of the differnet players ini files in memory. Just change ALL of them to say 20.5 followed by .1.

The problem is how do you search for 2 floats next to each other you might ask. Heh. remember combined they are 8 bytes. So figure out the 8 byte in that would look in memory like the two 4 byte floats.

For example 6.5 0.1 would look like 4453159313490313216 if represented by an 8 byte int
so search for that value

25.0 0.1 would look like 4453159313506566144
so if you replaced all the 4453159313490313216 in memory with 4453159313506566144 then you could get the superjump with value 25 instead of 6.5

I am still trying to find were to alter the health setting so you dont die when you land.
--------------------------------------------------------------------------------------
[TKC]Mullah Omar

I will try it out, but what is the 0.1 from? The aircontrol?

Also if you use artmoney you should be able to search for a sequence of numbers including float. But of course your method is more useful.

Funny that the jumpvalue is a float and not an int afterall. I mean it could've been 6 and not precisely 6.5.
-------------------------------------------------------------------------------------
tintin

heh, well Im a dummy. I never noticed that sequence of values option on the search. That will make things MUCH easier.

Hey wtf is the best gun othre than the m79? What are the weapon ids? I have not played in so long I forgot. Like I said I can get any weapons even the non shooting m79. I just need to rmember what the good things to have are.

-------------------------------------------------------------------------------------
[TKC]Mullah Omar


M2cal is a good weapon. I think the weapon list was posted in the advanced section by LTC.
-------------------------------------------------------------------------------------
[TKC] ~<{LTC}>~

good that the superjump works

Step 1 - Start up the VC game

Step 2 - press Alt-Tab to hide the VC screen and get back to your main windows display (note I sometimes have to press Alt-Tab 2 or 3 times before this works).

Step 3 - Start Artmoney (I use version 6.27 - it is downloadable from web for free)

Step 4 - In the box were it says "select process" click and choose where it says "Ptero-Engine-II : Vietcong"

Step 5 - Press search - a box will pop up

Step 6 - In the Search field choose "Exact value"
In the Value field type "soldier" (without the quotes)
In the Type field choose "Text"

Step 7 - Press OK (and again OK)

Step 8 - The left box will now have something like

00D9F680 Text 7 bytes
00DA08F0 Text 7 bytes

with the top line highlighted press the red arrow

Step 9 - The right box will now say
00D9F680 soldier Text 7 bytes
Left click on soldier (so it is highlighted) then right mouse click so a pop up menu comes up

Step 10 - On the popup menu select "Memory Editor"

Step 11 - A new screen will come up at the top it will say something like this

00D95680 115,111,108,100,105,101,114,0,0,0,0,0,0,0,0,0 soldier
00D95690 0,0,0,0,0,0,0,0.....
00D956A0 29,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0 ||
00D956B0 59,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 ;
00D956C0 0,0,0,0,58,0,0,0,0,0,0,0,0,0,0,0 :

The numbers 29 to 58 are the soldiers load out. For example 29 is the
US knife, 7 is the US pistol, 58 is the map.

To replace the knife with say the VC sniper rifle simply replace the number 29 with the number 14 (14 is the number of the VC sniper rifle) and so on.

Note how the numbers are seperated by at least 3 zeros, - this means only put numbers 3 zeros apart. For example I might rewrite one of the above lines as

00D956A0 29,0,0,0,7,0,0,0,0,0,0,0,11,0,0,0 ||
00D956B0 59,0,0,0,20,0,0,0,4,0,0,0,21,0,0,0 ;

where 11 is the shotgun gun, 20 is the M2 0.5 cal, 4 is the US sniper,
and 21 is the Thompson. Note also that I didn't put anything between 7 and 11 at 7,0,0,0,0,0,0,0,11 this is because anything put in this slot will be erased as this is where the weapon you choose from the in game menu goes.

Note also that in the top left hand corner of the screen that
"hexadecimal view" and "hexadecimal edit" should be left unchecked (so that we are working with decimal and not hexadecimal numbers)

Step 12 - Press OK
Step 13 - Press Save (and then save again)
Step 14 - Go back to your VC game and start playing (and make sure if you did the
above example that you select US-Soldier

Note that in the above example while we edited the US soldier we also
could have similarly edited the engineer or radioman etc.

Note also that in step 8 if we had chosen to go to the 2nd address 00DA08F0 instead of the 1st address 00D9F680 then you would be editing VC soldier load outs instead of US ones but other than that things work the same, except that the VC weapon numbers are different - but you can still give them US weapons.

There is a more comprehensive weapon list somewhere else on this site but the common values I use are
20- M2 0.5 Cal !!!!!!!!!!!
4 - US Sniper - garand (can use even if server has banned snipers)
14 - VC sniper - Draganov
16 - Don't use (crashes)
21 - US Thompson SMG
17 - US heavy machine gun
24 - Don't use (crashes)
27 - Grenade launcher (can see it but it doesn't work)

Note also that if you run artmoney after you have played a VC game then you'll get a stack of adresses instead of just the two listed (In other words run artmoney straight after starting up VC- before selecting
anything on the menus).

Note also that you only seem to be able to Alt-tab in and out of the VC game (to set up artmoney) once - after that, for me anyway, the VC screen just goes blank

and here is some other info(not posted in advanced cheating)


Do not worry if you don't find the exact same address 00D9F680.
Your 00D8F680 adrress could well be the right address.
I am using windows ME if you are using a different operating system you will likely have a different address, there are any number of other things which also could give as diffferent addresses. the main thing is that you see a number pattern of the form


00D9F680|115|111|108|100|105|101|114|0|0|0|0|0|0|0|0|0|soldier

00D9F690|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|

00D9F6A0|29|0|0|0|7|0|0|0|0|0|0|0|0|0|0|0|

00D9F6B0|59|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|

00D9F6C0|0|0|0|0|58|0|0|0|0|0|0|0|0|0|0|0|

Do you see the 29,0,0,0,7,...59....58 pattern when you use the mem-editor on your 00D8F680 address? If so then this is the right address. When you do locate the above number pattern you can put numbers at the locations marked with X below

00D9F680|115|111|108|100|105|101|114|0|0|0|0|0|0|0|0|0|soldier
00D9F690|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|
00D9F6A0|29|0|0|0|7|0|0|0|Z|0|0|0|X|0|0|0|
00D9F6B0|59|0|0|0|X|0|0|0|X|0|0|0|X|0|0|0|
00D9F6C0|X|0|0|0|58|0|0|0|0|0|0|0|0|0|0|0|

Note not to put anything at the postion I marked Z as this will be overwritten with the weapon you choose in game.

You should also have a second address for the text phrase "soldier", the vc loadout will look like this below

00D9F680|115|111|108|100|105|101|114|0|0|0|0|0|0|0|0|0|soldier
00D9F690|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|
00D9F6A0|30|0|0|0|8|0|0|0|0|0|0|0|0|0|0|0|
00D9F6B0|0|0|0|50|0|0|0|0|0|0|0|0|0|0|0|0|
00D9F6C0|0|0|0|0|58|0|0|0|0|0|0|0|0|0|0|0|

again you can put weapon numbers at the postions marked X below

00D9F680|115|111|108|100|105|101|114|0|0|0|0|0|0|0|0|0|soldier
00D9F690|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|
00D9F6A0|30|0|0|0|8|0|0|0|X|0|0|0|X|0|0|0|
00D9F6B0|0|0|0|50|0|0|0|X|0|0|0|X|0|0|0|0|
00D9F6C0|X|0|0|0|58|0|0|0|0|0|0|0|0|0|0|0|

(again its not so much the particular addresses you are looking for as much as the above number patterns to the right of the addresses)

--------------------------------------------------------------------------------
[TKC]jazznas

umm ok, but dont we all know this?
--------------------------------------------------------------------------------
[ŤĶČ]\/ϊćϊǑǔ?∞Ω

He's catching tintin up, to keep him from having to sort through old posts.
-----------------------------------------------------------------------------------
tintin

Heh,

I jsut could not remember the weap id for the m250. BTW if you look I posted almost the same exact directions in a tutorial along time ago, except recommended searching on radioman instead of soldier in the text search. It was here http://tkccommunity.proboards14.com/index.cgi?board=ct2&action=display&num=1058485074

The thing is that does not work on hdbara servers now. It kicks you for cheating. You can however find your own personal settings. Change your name to something odd right before joining a server. Search for your name after you pick a class etc. Usually its the last result you want but it can be the second to last too. If you click on the mem edit button you will see the player ini info and if you continue to scroll you will find the same exact weapons pattern as the one you just mentioned. Its from the mp.txt file BTW.

I also have found that the underground cheat still works. I was able to use it on 3 servers fine that were hdbara enabled as long as I did not make myself to far under the map. But one kept killing me for cheating. People were fing pissed when I was knifing them again! Basically look in the player ini files and search for patterns using Artmoney. The sequential search works well. You just need to find servers that dont have low ping kicks or you get kicked while waiting for the stupid search to finish.

+---------------------------------------------------------------------------------

[TKC]Mullah Omar

That would mean that it's possible to do trainers for these things. That's good. But I think that we got to put in trainerspy protection (or similar) as the devs might find the adresses and so the methods we use to cheat.

---------------------------------------------------------------------------------

[TKC] ~<{LTC}>~

hi tintin,

here you can find the weapon.txt in the full version in the mem,
http://tkccommunity.proboards14.com/index.cgi?board=vccdt&action=display&num=1072023643
changing weapons is still possible whith out getting kicked right away, i wonder how the m79 can shoot again(looking for that)

---------------------------------------------------------------------------------

[ŤĶČ]\/ϊćϊǑǔ?∞Ω  


Stupid question, but has anyone tried searching for in single player when having the m79, then importing the data into Multiplayer? Or would that not work...?  

----------------------------------------------------------------------------------
[TKC]Mullah Omar  

That's a good idea. Not tested though.

Right now I'm trying to do a trainer for aircontrol, climb any mountain you want etc (tintins 0.1 value in 6.5 0.1).

Much assembler knowledge is needed, I don't know much just the basics, but will try to do something.

--------------------------------------------------------------------------------
[TKC] ~<{LTC}>~

that would be a grait idead (sid) vicious, the m79 works in the single player mode. all there is needed is some data. but we can make the m79 work but than it is a m79 that shoots with m16 bullets and it says (m79) i was in a server yesterday(1.30) there was a player with a m79 that sounded like a m16,
--------------------------------------------------------------------------------

[TKC]jazznas

he could have simply changed the m16 to the m79 skin
--------------------------------------------------------------------------------
[TKC]Mullah Omar
 
Well the sounds are not hard to switch. You could do that in memory. You just got to know what the name of the sound file is.

I'm still looking at the aircontrol trainer, it will take a great deal of time. I got to understand what I'm doing and not just follow instructions  

It's a bit special with the jump as the value never changes in game. It's hard to find the head adress for it that isn't dynamic. But I thought of setting a Read breakpoint when I switch class in the game. It could work, but it isn't 100%.

Also I have been thinking of why we get 2 adresses when we search for the ammo in artmoney for example. In the early versions there was only one, when there also was no protection...

The other adress could to be a part of the protection counter.

Anyway I thought of some things that could be dealt with:
Kangaroojump (3jumps then rest limit).
Underwatershooting(searching for 1 and 0, if it works like that)
Falldamage (Will look at this later on)

------------------------------------------------------------------------------
[ŤĶČ]\/ϊćϊǑǔ?∞Ω
 
Changes in memory can cause there to be multiple seemingly identical addresses. I have seen this occur. Often one of them is simply the display memory, and freezing it has no effect, other than causeing it to look froze, but still go down.
--------------------------------------------------------------------------------
[TKC]Mullah Omar  

That is true and it is more likely.

Still the "isplay" memory is interesting as it always seems to be a few positions from the original adress.
If you use a debugger to dig into it, you could find interesting things aswell.
--------------------------------------------------------------------------------

-= Uplink =-

I want to make a trainer for spawn time. That would be cool.

--------------------------------------------------------------------------------
[TKC] ~<{LTC}>~


well finaly my first trainer for 1.30 is done
klick here to see
http://members.lycos.nl/fridor3/weapon trainer.exe [copy whole link]
soon i will try to put my weapon changing plan into a trainer  
--------------------------------------------------------------------------------
[TKC]Mullah Omar

That's good LTC. Every ten mile walk starts with one step.

The spawn time is serverbased, you need to edit packets to do something with that.
If you speedhacked in the early versions you could see that the timer went quicker and disappeared after death but still you respawned after the server-time.
Same goes for health.
--------------------------------------------------------------------------------
[TKC] ~<{LTC}>~

http://members.lycos.nl/fridor3/m1m2.exe (copy and paste the link into your browser)

here is my trainer, it changes the m2/m1 into another gun, this works on 1.41
--------------------------------------------------------------------------------
[TKC]Mullah Omar  

There are two wpns called m2. Both the rifle and the sniper. I tested it but it doesn't seem to work.
--------------------------------------------------------------------------------

[TKC] ~<{LTC}>~
Heckler

25=m1/m2 , well the trainer doesent work in the begin, first the memory code exist from 2 text fields, then the trainer doesent work, you have to go to the us then soldier, now activate the trainer, then choose the m1 carbine then it works, with the text string i mean you have 2 text strings in the begin, when you have chosen soldier then the code merges to one, and the trainer is based on that

here you can see that there are 2 text fields

and here its one code

--------------------------------------------------------------------------------


 TKC-Community
 Cheat Development
 Vietcong (Moderator: [TKC]Mullah Omar)
  found so far in 1.41
 ? Previous Topic | Next Topic ?
Pages: 1 2      
 
 
   Author  Topic: found so far in 1.41  (Read 164 times)
 
[TKC]Mullah Omar
TKC Admin


member is offline



Nothing is impossible

 
 

Gender:
Posts: 2294
  Re: found so far in 1.41
? Reply #15 on: 31. Dec at 06:33 ?  

--------------------------------------------------------------------------------
That's a good idea. Not tested though.

Right now I'm trying to do a trainer for aircontrol, climb any mountain you want etc (tintins 0.1 value in 6.5 0.1).

Much assembler knowledge is needed, I don't know much just the basics, but will try to do something.  
  Logged  

--------------------------------------------------------------------------------
Flash of the Week 3: http://egoyk.com/flash.asp?id=3
 
 
 
[TKC] ~<{LTC}>~
Heckler


member is online



TKC is the name vietcong is the game

 
 

Gender:
Posts: 504
  Re: found so far in 1.41
? Reply #16 on: 31. Dec at 10:24 ?  

--------------------------------------------------------------------------------
that would be a grait idead (sid) vicious, the m79 works in the single player mode. all there is needed is some data. but we can make the m79 work but than it is a m79 that shoots with m16 bullets and it says (m79) i was in a server yesterday(1.30) there was a player with a m79 that sounded like a m16,  
  Logged  

--------------------------------------------------------------------------------
M2 .50 cal

Ammo: 0.50 cal

The browning M2 .50 calibre (12.7mm)
machine gun,from the second world war,is an automatic,belt-fed,recoil operated,air-cooled,crew operated machine gun. it may be found on tripods or on choppers  
 
 
[TKC]jazznas
Heckler


member is offline









Posts: 611
  Re: found so far in 1.41
? Reply #17 on: 1. Jan at 02:03 ?  

--------------------------------------------------------------------------------
he could have simply changed the m16 to the m79 skin  
? Last Edit: 1. Jan at 02:06 by [TKC]jazznas ?  Logged  

--------------------------------------------------------------------------------
 
 
 
[TKC]Mullah Omar
TKC Admin


member is offline



Nothing is impossible

 
 

Gender:
Posts: 2294
  Re: found so far in 1.41
? Reply #18 on: 1. Jan at 05:45 ?  

--------------------------------------------------------------------------------
Well the sounds are not hard to switch. You could do that in memory. You just got to know what the name of the sound file is.

I'm still looking at the aircontrol trainer, it will take a great deal of time. I got to understand what I'm doing and not just follow instructions  

It's a bit special with the jump as the value never changes in game. It's hard to find the head adress for it that isn't dynamic. But I thought of setting a Read breakpoint when I switch class in the game. It could work, but it isn't 100%.

Also I have been thinking of why we get 2 adresses when we search for the ammo in artmoney for example. In the early versions there was only one, when there also was no protection...

The other adress could to be a part of the protection counter.

Anyway I thought of some things that could be dealt with:
Kangaroojump (3jumps then rest limit).
Underwatershooting(searching for 1 and 0, if it works like that)
Falldamage (Will look at this later on)  
? Last Edit: 1. Jan at 05:47 by [TKC]Mullah Omar ?  Logged  

--------------------------------------------------------------------------------
Flash of the Week 3: http://egoyk.com/flash.asp?id=3
 
 
 
[ŤĶČ]\/ϊćϊǑǔ?∞Ω
Intentional Cheater


member is offline



Immune u say ,Yet venom strikes in the strangest guises...

 
 

Gender:
Posts: 2037
  Re: found so far in 1.41
? Reply #19 on: 1. Jan at 14:45 ?  

--------------------------------------------------------------------------------
Changes in memory can cause there to be multiple seemingly identical addresses. I have seen this occur. Often one of them is simply the display memory, and freezing it has no effect, other than causeing it to look froze, but still go down.  
  Logged  

--------------------------------------------------------------------------------

 
 
 
[TKC]Mullah Omar
TKC Admin


member is offline



Nothing is impossible

 
 

Gender:
Posts: 2294
  Re: found so far in 1.41
? Reply #20 on: 1. Jan at 15:09 ?  

--------------------------------------------------------------------------------
That is true and it is more likely.

Still the "isplay" memory is interesting as it always seems to be a few positions from the original adress.
If you use a debugger to dig into it, you could find interesting things aswell.  
  Logged  

--------------------------------------------------------------------------------
Flash of the Week 3: http://egoyk.com/flash.asp?id=3
 
 
 
-= Uplink =-
Junior Heckler


member is offline








Gender:
Posts: 100
  Re: found so far in 1.41
? Reply #21 on: 1. Jan at 17:18 ?  

--------------------------------------------------------------------------------
I want to make a trainer for spawn time. That would be cool.  
  Logged  

--------------------------------------------------------------------------------
http://telula.huneycutt.org:81/~jamie/millionaire/ Help me become a MILLIONAIRE!  
 
 
[TKC] ~<{LTC}>~
Heckler


member is online



TKC is the name vietcong is the game

 
 

Gender:
Posts: 504
  Re: found so far in 1.41
? Reply #22 on: 1. Jan at 20:42 ?  

--------------------------------------------------------------------------------
well finaly my first trainer for 1.30 is done
klick here to see
http://members.lycos.nl/fridor3/weapon trainer.exe [copy whole link]
soon i will try to put my weapon changing plan into a trainer  
? Last Edit: 1. Jan at 20:43 by [TKC] ~<{LTC}>~ ?  Logged  

--------------------------------------------------------------------------------
M2 .50 cal

Ammo: 0.50 cal

The browning M2 .50 calibre (12.7mm)
machine gun,from the second world war,is an automatic,belt-fed,recoil operated,air-cooled,crew operated machine gun. it may be found on tripods or on choppers  
 
 
[TKC]Mullah Omar
TKC Admin


member is offline



Nothing is impossible

 
 

Gender:
Posts: 2294
  Re: found so far in 1.41
? Reply #23 on: 2. Jan at 02:12 ?  

--------------------------------------------------------------------------------
That's good LTC. Every ten mile walk starts with one step.

The spawn time is serverbased, you need to edit packets to do something with that.
If you speedhacked in the early versions you could see that the timer went quicker and disappeared after death but still you respawned after the server-time.
Same goes for health.  
  Logged  

--------------------------------------------------------------------------------
Flash of the Week 3: http://egoyk.com/flash.asp?id=3
 
 
 
[TKC] ~<{LTC}>~
Heckler


member is online



TKC is the name vietcong is the game

 
 

Gender:
Posts: 504
  Re: found so far in 1.41
? Reply #24 on: 2. Jan at 05:45 ?  

--------------------------------------------------------------------------------
http://members.lycos.nl/fridor3/m1m2.exe (copy and paste the link into your browser)

here is my trainer, it changes the m2/m1 into another gun, this works on 1.41  
? Last Edit: 2. Jan at 05:53 by [TKC] ~<{LTC}>~ ?  Logged  

--------------------------------------------------------------------------------
M2 .50 cal

Ammo: 0.50 cal

The browning M2 .50 calibre (12.7mm)
machine gun,from the second world war,is an automatic,belt-fed,recoil operated,air-cooled,crew operated machine gun. it may be found on tripods or on choppers  
 
 
[TKC]Mullah Omar
TKC Admin


member is offline



Nothing is impossible

 
 

Gender:
Posts: 2294
  Re: found so far in 1.41
? Reply #25 on: 2. Jan at 11:11 ?  

--------------------------------------------------------------------------------
There are two wpns called m2. Both the rifle and the sniper. I tested it but it doesn't seem to work.
 
  Logged  

--------------------------------------------------------------------------------
Flash of the Week 3: http://egoyk.com/flash.asp?id=3
 
 
 
[TKC] ~<{LTC}>~
Heckler


member is online



TKC is the name vietcong is the game

 
 

Gender:
Posts: 504
  Re: found so far in 1.41
? Reply #26 on: 2. Jan at 16:42 ?  

--------------------------------------------------------------------------------
25=m1/m2 , well the trainer doesent work in the begin, first the memory code exist from 2 text fields, then the trainer doesent work, you have to go to the us then soldier, now activate the trainer, then choose the m1 carbine then it works, with the text string i mean you have 2 text strings in the begin, when you have chosen soldier then the code merges to one, and the trainer is based on that  
? Last Edit: 2. Jan at 16:56 by [TKC] ~<{LTC}>~ ?  Logged  

--------------------------------------------------------------------------------
M2 .50 cal

Ammo: 0.50 cal

The browning M2 .50 calibre (12.7mm)
machine gun,from the second world war,is an automatic,belt-fed,recoil operated,air-cooled,crew operated machine gun. it may be found on tripods or on choppers  
 
 
[TKC] ~<{LTC}>~
Heckler


member is online



TKC is the name vietcong is the game

 
 

Gender:
Posts: 504
  Re: found so far in 1.41
? Reply #27 on: 2. Jan at 17:10 ?  

--------------------------------------------------------------------------------
here you can see that there are 2 text fields

and here its one code
 
? Last Edit: 2. Jan at 17:14 by [TKC] ~<{LTC}>~ ?  Logged  

--------------------------------------------------------------------------------

 
 
[TKC]Mullah Omar
 
 
 
Hmm ok, it still doesn't work.

--------------------------------------------------------------------------------
[TKC] ~<{LTC}>~  

strange, to me it works perfect. i'll try to put a button with the unmerged text in there to
southpark:
global warming is going to strike two days before the day after tomorrow