- Sponsored Advertisement -
Welcome to the UnKnoWnCheaTs - Multiplayer Game Hacks and Cheats.
You have to register
Call of Duty 6: Modern Warfare 2 hacks cheats tutorials downloads source code
You are Unregistered, please register
Kick a player
#1 retired moderator
Join Date: Nov 2007
Location: London
Posts: 1,360
Reputation: 10674 Rep Power: 185
Kick a player I just sent this as a PM to someone then figured I'd just put it here as it would get better responses(i hope).
By the way, this is pretty long, but please read this as it may be useful, here goes:
Quote:
I do not have COD MW2 and have never attempted to hack it before, but was just looking through the EXE uploaded to the UC database and whilst having a look in Ollydbg i saw this text string: Code:
00624C43 PUSH OFFSET iw4mp.00709938 ASCII "%s (guid "%s") was kicked for cheating
" So i clicked it and pressed enter and ended up here: Code:
Address Hex dump Command Comments
00624C20 /. 83EC 54 SUB ESP,54
00624C23 |. 8D0424 LEA EAX,[LOCAL.20]
00624C26 |. 50 PUSH EAX ; /Arg3 => OFFSET LOCAL.20
00624C27 |. 8D4C24 18 LEA ECX,[LOCAL.15] ; |
00624C2B |. 6A 40 PUSH 40 ; |Arg2 = 40
00624C2D |. 51 PUSH ECX ; |Arg1 => OFFSET LOCAL.15
00624C2E |. E8 3DFEFFFF CALL 00624A70 ; \iw4mp.00624A70
00624C33 |. 83C4 0C ADD ESP,0C
00624C36 |. 85C0 TEST EAX,EAX
00624C38 |. 74 22 JE SHORT 00624C5C
00624C3A |. 8D1424 LEA EDX,[LOCAL.20]
00624C3D |. 52 PUSH EDX
00624C3E |. 8D4424 18 LEA EAX,[LOCAL.15]
00624C42 |. 50 PUSH EAX
00624C43 |. 68 38997000 PUSH OFFSET iw4mp.00709938 ; ASCII "%s (guid "%s") was kicked for cheating
" <---This is the line
00624C48 |. 6A 00 PUSH 0
00624C4A |. E8 B1D8DDFF CALL 00402500
00624C4F |. 8D4C24 10 LEA ECX,[LOCAL.20]
00624C53 |. 51 PUSH ECX
00624C54 |. E8 67C4EAFF CALL 004D10C0
00624C59 |. 83C4 14 ADD ESP,14
00624C5C |> 83C4 54 ADD ESP,54
00624C5F \. C3 RETN However, it was this part of the code that interested me: Code:
00624C23 |. 8D0424 LEA EAX,[LOCAL.20]
00624C26 |. 50 PUSH EAX ; /Arg3 => OFFSET LOCAL.20
00624C27 |. 8D4C24 18 LEA ECX,[LOCAL.15] ; |
00624C2B |. 6A 40 PUSH 40 ; |Arg2 = 40
00624C2D |. 51 PUSH ECX ; |Arg1 => OFFSET LOCAL.15
00624C2E |. E8 3DFEFFFF CALL 00624A70 ; \iw4mp.00624A70 i clicked on line 00624C2E and hit enter and it took me here: Code:
Address Hex dump Command Comments
00624A70 /$ A1 3479AD01 MOV EAX,DWORD PTR DS:[1AD7934] ; iw4mp.00624A70(guessed Arg1,Arg2,Arg3)
00624A75 |. 8078 10 00 CMP BYTE PTR DS:[EAX+10],0
00624A79 |. 75 12 JNE SHORT 00624A8D
00624A7B |. 68 9C846F00 PUSH OFFSET iw4mp.006F849C ; ASCII "Server is not running.
"
00624A80 |. 6A 00 PUSH 0
00624A82 |. E8 79DADDFF CALL 00402500
00624A87 |. 83C4 08 ADD ESP,8
00624A8A |. 33C0 XOR EAX,EAX
00624A8C |. C3 RETN
00624A8D |> 8B0D A0F8AC01 MOV ECX,DWORD PTR DS:[1ACF8A0]
00624A93 |. 8B048D E4F8AC MOV EAX,DWORD PTR DS:[ECX*4+1ACF8E4]
00624A9A |. 83F8 02 CMP EAX,2
00624A9D |. 7D 28 JGE SHORT 00624AC7
00624A9F |. 85C0 TEST EAX,EAX
00624AA1 |. 7E 0B JLE SHORT 00624AAE
00624AA3 |. 8B0C8D 04F9AC MOV ECX,DWORD PTR DS:[ECX*4+1ACF904]
00624AAA |. 8B01 MOV EAX,DWORD PTR DS:[ECX]
00624AAC |. EB 05 JMP SHORT 00624AB3
00624AAE |> B8 0DAC6F00 MOV EAX,OFFSET iw4mp.006FAC0D
00624AB3 |> 50 PUSH EAX
00624AB4 |. 50 PUSH EAX
00624AB5 |. 68 C8B47000 PUSH OFFSET iw4mp.0070B4C8 ; ASCII "Usage: %s <player name> <optional reason>
%s all = kick everyone
"
00624ABA |. 6A 00 PUSH 0
00624ABC |. E8 3FDADDFF CALL 00402500
00624AC1 |. 83C4 10 ADD ESP,10
00624AC4 |. 33C0 XOR EAX,EAX
00624AC6 |. C3 RETN
00624AC7 |> 83F8 03 CMP EAX,3
00624ACA |. 55 PUSH EBP
00624ACB |. 75 18 JNE SHORT 00624AE5
00624ACD |. 83F8 02 CMP EAX,2
00624AD0 |. 7E 0C JLE SHORT 00624ADE
00624AD2 |. 8B148D 04F9AC MOV EDX,DWORD PTR DS:[ECX*4+1ACF904]
00624AD9 |. 8B6A 08 MOV EBP,DWORD PTR DS:[EDX+8]
00624ADC |. EB 0C JMP SHORT 00624AEA
00624ADE |> BD 0DAC6F00 MOV EBP,OFFSET iw4mp.006FAC0D
00624AE3 |. EB 05 JMP SHORT 00624AEA
00624AE5 |> BD CC737200 MOV EBP,OFFSET iw4mp.007273CC ; ASCII "EXE_PLAYERKICKED"
00624AEA |> 56 PUSH ESI
00624AEB |. 57 PUSH EDI
00624AEC |. E8 BFF7FFFF CALL 006242B0
00624AF1 |. 85C0 TEST EAX,EAX
00624AF3 |. 75 6E JNE SHORT 00624B63
00624AF5 |. A1 A0F8AC01 MOV EAX,DWORD PTR DS:[1ACF8A0]
00624AFA |. 833C85 E4F8AC CMP DWORD PTR DS:[EAX*4+1ACF8E4],1
00624B02 |. 7E 0C JLE SHORT 00624B10
00624B04 |. 8B0485 04F9AC MOV EAX,DWORD PTR DS:[EAX*4+1ACF904]
00624B0B |. 8B40 04 MOV EAX,DWORD PTR DS:[EAX+4]
00624B0E |. EB 05 JMP SHORT 00624B15
00624B10 |> B8 0DAC6F00 MOV EAX,OFFSET iw4mp.006FAC0D
00624B15 |> 68 1CD97000 PUSH OFFSET iw4mp.0070D91C
00624B1A |. 50 PUSH EAX
00624B1B |. E8 0084EBFF CALL 004DCF20
00624B20 |. 83C4 08 ADD ESP,8
00624B23 |. 85C0 TEST EAX,EAX
00624B25 |. 75 36 JNE SHORT 00624B5D
00624B27 |. 53 PUSH EBX
00624B28 |. 33DB XOR EBX,EBX
00624B2A |. 391D 8C931D03 CMP DWORD PTR DS:[31D938C],EBX
00624B30 |. BE 90931D03 MOV ESI,OFFSET iw4mp.031D9390
00624B35 |. 7E 25 JLE SHORT 00624B5C
00624B37 |> 833E 00 /CMP DWORD PTR DS:[ESI],0
00624B3A |. 74 0F |JE SHORT 00624B4B
00624B3C |. 55 |PUSH EBP
00624B3D |. 6A 00 |PUSH 0
00624B3F |. 6A 00 |PUSH 0
00624B41 |. 33FF |XOR EDI,EDI
00624B43 |. E8 58FEFFFF |CALL 006249A0
00624B48 |. 83C4 0C |ADD ESP,0C
00624B4B |> 83C3 01 |ADD EBX,1
00624B4E |. 81C6 90670A00 |ADD ESI,0A6790
00624B54 |. 3B1D 8C931D03 |CMP EBX,DWORD PTR DS:[31D938C]
00624B5A |.^ 7C DB \JL SHORT 00624B37
00624B5C |> 5B POP EBX
00624B5D |> 5F POP EDI
00624B5E |. 5E POP ESI
00624B5F |. 33C0 XOR EAX,EAX
00624B61 |. 5D POP EBP
00624B62 |. C3 RETN
00624B63 |> 8B4C24 14 MOV ECX,DWORD PTR SS:[ARG.2]
00624B67 |. 8B5424 10 MOV EDX,DWORD PTR SS:[ARG.1]
00624B6B |. 8B7C24 18 MOV EDI,DWORD PTR SS:[ARG.3]
00624B6F |. 55 PUSH EBP
00624B70 |. 51 PUSH ECX
00624B71 |. 52 PUSH EDX
00624B72 |. 8BF0 MOV ESI,EAX
00624B74 |. E8 27FEFFFF CALL 006249A0
00624B79 |. 83C4 0C ADD ESP,0C
00624B7C |. 5F POP EDI
00624B7D |. 5E POP ESI
00624B7E |. 5D POP EBP
00624B7F \. C3 RETN To me, this would appear to be a command to kick a player(s) using: Code:
iw4mp.00624A70(guessed Arg1,Arg2,Arg3) I can't look any further in but maybe you can?
Another one i just saw is:
Code:
CPU Disasm
Address Hex dump Command Comments
00624C90 /. 83EC 54 SUB ESP,54
00624C93 |. 57 PUSH EDI
00624C94 |. 8D4424 18 LEA EAX,[LOCAL.15]
00624C98 |. 6A 40 PUSH 40
00624C9A |. 50 PUSH EAX
00624C9B |. 8D7C24 0C LEA EDI,[LOCAL.20]
00624C9F |. E8 DCFEFFFF CALL 00624B80
00624CA4 |. 83C4 08 ADD ESP,8
00624CA7 |. 85C0 TEST EAX,EAX
00624CA9 |. 5F POP EDI
00624CAA |. 74 22 JE SHORT 00624CCE
00624CAC |. 8D0C24 LEA ECX,[LOCAL.20]
00624CAF |. 51 PUSH ECX
00624CB0 |. 8D5424 18 LEA EDX,[LOCAL.15]
00624CB4 |. 52 PUSH EDX
00624CB5 |. 68 38997000 PUSH OFFSET iw4mp.00709938 ; ASCII "%s (guid "%s") was kicked for cheating
"
00624CBA |. 6A 00 PUSH 0
00624CBC |. E8 3FD8DDFF CALL 00402500
00624CC1 |. 8D4424 10 LEA EAX,[LOCAL.20]
00624CC5 |. 50 PUSH EAX
00624CC6 |. E8 F5C3EAFF CALL 004D10C0
00624CCB |. 83C4 14 ADD ESP,14
00624CCE |> 83C4 54 ADD ESP,54
00624CD1 \. C3 RETN Press enter on 00624C9F |. E8 DCFEFFFF CALL 00624B80 and you go here:
Code:
CPU Disasm
Address Hex dump Command Comments
00624B80 /$ A1 3479AD01 MOV EAX,DWORD PTR DS:[1AD7934]
00624B85 |. 8078 10 00 CMP BYTE PTR DS:[EAX+10],0
00624B89 |. 75 12 JNE SHORT 00624B9D
00624B8B |. 68 9C846F00 PUSH OFFSET iw4mp.006F849C ; ASCII "Server is not running.
"
00624B90 |. 6A 00 PUSH 0
00624B92 |. E8 69D9DDFF CALL 00402500
00624B97 |. 83C4 08 ADD ESP,8
00624B9A |. 33C0 XOR EAX,EAX
00624B9C |. C3 RETN
00624B9D |> 8B0D A0F8AC01 MOV ECX,DWORD PTR DS:[1ACF8A0]
00624BA3 |. 8B048D E4F8AC MOV EAX,DWORD PTR DS:[ECX*4+1ACF8E4]
00624BAA |. 83F8 02 CMP EAX,2
00624BAD |. 7D 27 JGE SHORT 00624BD6
00624BAF |. 85C0 TEST EAX,EAX
00624BB1 |. 7E 0B JLE SHORT 00624BBE
00624BB3 |. 8B0C8D 04F9AC MOV ECX,DWORD PTR DS:[ECX*4+1ACF904]
00624BBA |. 8B01 MOV EAX,DWORD PTR DS:[ECX]
00624BBC |. EB 05 JMP SHORT 00624BC3
00624BBE |> B8 0DAC6F00 MOV EAX,OFFSET iw4mp.006FAC0D
00624BC3 |> 50 PUSH EAX
00624BC4 |. 68 602E7200 PUSH OFFSET iw4mp.00722E60 ; ASCII "Usage: %s <client number> <optional reason>
"
00624BC9 |. 6A 00 PUSH 0
00624BCB |. E8 30D9DDFF CALL 00402500
00624BD0 |. 83C4 0C ADD ESP,0C
00624BD3 |. 33C0 XOR EAX,EAX
00624BD5 |. C3 RETN
00624BD6 |> 83F8 03 CMP EAX,3
00624BD9 |. 56 PUSH ESI
00624BDA |. 75 18 JNE SHORT 00624BF4
00624BDC |. 83F8 02 CMP EAX,2
00624BDF |. 7E 0C JLE SHORT 00624BED
00624BE1 |. 8B148D 04F9AC MOV EDX,DWORD PTR DS:[ECX*4+1ACF904]
00624BE8 |. 8B72 08 MOV ESI,DWORD PTR DS:[EDX+8]
00624BEB |. EB 0C JMP SHORT 00624BF9
00624BED |> BE 0DAC6F00 MOV ESI,OFFSET iw4mp.006FAC0D
00624BF2 |. EB 05 JMP SHORT 00624BF9
00624BF4 |> BE CC737200 MOV ESI,OFFSET iw4mp.007273CC ; ASCII "EXE_PLAYERKICKED"
00624BF9 |> E8 92F7FFFF CALL 00624390
00624BFE |. 85C0 TEST EAX,EAX
00624C00 |. 75 02 JNE SHORT 00624C04
00624C02 |. 5E POP ESI
00624C03 |. C3 RETN
00624C04 |> 8B4C24 0C MOV ECX,DWORD PTR SS:[ARG.2]
00624C08 |. 8B5424 08 MOV EDX,DWORD PTR SS:[ARG.1]
00624C0C |. 56 PUSH ESI
00624C0D |. 51 PUSH ECX
00624C0E |. 52 PUSH EDX
00624C0F |. 8BF0 MOV ESI,EAX
00624C11 |. E8 8AFDFFFF CALL 006249A0
00624C16 |. 83C4 0C ADD ESP,0C
00624C19 |. 5E POP ESI
00624C1A \. C3 RETN It appears to be almost the same and the paremeters seem to be:
Client number and optional reason.
Anyway, see what you can get.
However, i could be totally, wrong. Please no flaming
__________________
Regards and happy
Josh
__________________
Last edited by JoshRose; 11-15-2009 at 01:09 PM .
JoshRose is offline
#2 Join Date: Jul 2009
Location: California
Posts: 2,330
Reputation: 33489 Rep Power: 411
Nice dude! I would go further, but i uninstalled the game(i got like 2 FPS)
__________________
(12 uNrEaL: One man's slap in the face is another man's slit throat
CallMeEclipse is offline
#3 retired moderator
Threadstarter Join Date: Nov 2007
Location: London
Posts: 1,360
Reputation: 10674 Rep Power: 185
Quote:
Originally Posted by
CallMeEclipse Nice dude! I would go further, but i uninstalled the game(i got like 2 FPS)
Grr, i want someone to try. I figured, if did work, instead of being lame and kicking people from severs, you could just somehow hook it and check if it is you being kicked, then stop it happening before it kicks you.
__________________
Regards and happy
Josh
__________________
JoshRose is offline
#4 Join Date: Sep 2008
Location: The Netherlands
Posts: 1,752
Reputation: 9131 Rep Power: 0
VEEEEEEEEEEEEEEEEERY GOOD POST!
ultimate-tester is offline
#5 retired moderator
Threadstarter Join Date: Nov 2007
Location: London
Posts: 1,360
Reputation: 10674 Rep Power: 185
Quote:
Originally Posted by
ultimate-tester VEEEEEEEEEEEEEEEEERY GOOD POST!
Many thanks, but it maybe total bollocks, need someone with the game to look further into it
__________________
Regards and happy
Josh
__________________
JoshRose is offline
#6 Administrator
Join Date: Nov 2004
Location: In your darkest Fears you will find me!
Posts: 5,302
Reputation: 61923 Rep Power: 813
Sadly I don't believe they are reading your post, or they would notice seeking help JoshRose. Unfortunatly they are just spamming a thread with great job +rep this is usefull and other bs. I wish I had game on pc. I am just to afraid to buy it, I don't see it becoming very popular.
Alkatraz is online now
#7 Join Date: Sep 2008
Location: The Netherlands
Posts: 1,752
Reputation: 9131 Rep Power: 0
As I said, great job. I DID read the post ^^
ultimate-tester is offline
#8 Follow me children
Join Date: Aug 2003
Posts: 3,255
Reputation: 42353 Rep Power: 591
Correct me if I am wrong but I thought you couldn't get kicked out of matches anyways?
__________________Nigga who is UH. IPancakes.
Jesus. is offline
#9 retired moderator
Threadstarter Join Date: Nov 2007
Location: London
Posts: 1,360
Reputation: 10674 Rep Power: 185
Quote:
Originally Posted by
Unknownhacker Correct me if I am wrong but I thought you couldn't get kicked out of matches anyways?
No idea man, i think this is a form of detection, maybe you can hook it and make sure it is not you getting kicked.
__________________
Regards and happy
Josh
__________________
JoshRose is offline
#10 Follow me children
Join Date: Aug 2003
Posts: 3,255
Reputation: 42353 Rep Power: 591
Quote:
Originally Posted by
JoshRose No idea man, i think this is a form of detection, maybe you can hook it and make sure it is not you getting kicked.
Yeah I am pretty sure they took out vote kicking. But damn yeah it could be really usefull except for vac's hella delayed bans.
[Auto Merged - 21:16:56 UTC] Quote:
Originally Posted by
JoshRose No idea man, i think this is a form of detection, maybe you can hook it and make sure it is not you getting kicked.
Yeah I am pretty sure they took out vote kicking. But damn yeah it could be really usefull except for vac's hella delayed bans.
__________________Nigga who is UH. IPancakes.
Jesus. is offline
#11 retired moderator
Threadstarter Join Date: Nov 2007
Location: London
Posts: 1,360
Reputation: 10674 Rep Power: 185
So, is anyone going to investigate this further
__________________
Regards and happy
Josh
__________________
JoshRose is offline
#12 Join Date: May 2009
Location: Puerto rico
Posts: 463
Reputation: -12754 Rep Power: 0
i was amazed when this paysite had ripped it already with aimbots and esps
JMelendez is offline
#13 Join Date: Sep 2008
Posts: 377
Reputation: 3457 Rep Power: 82
Last Achievements Quote:
Originally Posted by
ultimate-tester VEEEEEEEEEEEEEEEEERY GOOD POST!
Good Job. +rep Maybe this will pan out soon.
If they don't want people to unlock their game, DONT LEAVE THE CODE IN IT!
d1gitalSLR is offline
#14 I see what u did there
Join Date: Jun 2009
Location: pbcl.dll
Posts: 1,183
Reputation: 36186 Rep Power: 416
Quote:
Originally Posted by
d1gitalSLR Good Job. +rep Maybe this will pan out soon.
Shhhh.. Dont tell them!
OnTopic: I really doubt that this theory would be possible, But seeing how they messed up mw2 so far it curves my thoughts to a maybe possible mindset.
Seeing as there are no dedi servers, Therefore no server->client communication other then the stuff sent from IW.Net it makes me second guess my first assumption and the loophole might be evident.
I will investigate this further once mw2 is finished installing. Cracked ver ofcourse.
scrapdizle is online now
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
All times are GMT +1. The time now is 02:36 AM .
Kick a player 
17 AM) uNrEaL: One man's slap in the face is another man's slit throat
