Memory Hack CoD4
From UnKnoWnCheaTs Game Hacking Wiki
Posted by Strife.
- NOTE: This only works with the current pbcl version, v2.065.
This is a uc-forum.com release only.
Alright, its not to hard to add to this as long as you read the comments within the source. I've added an example in there already for no recoil.
- WARNING: If you don't understand the rest of the code except for the commented parts, don't touch it. You may risk a pb ban.*
I'm not going to spend time explaining how it works. Most of the concepts applied here have already been discussed in the Anti-Cheat Bypass section.
Note: I have only tried this out by patching memory in the iw3mp.exe.
Here's the source:
/**************************************************************\
CoD4 PB Undetected Base
By: Strife
www.uc-forum.com
MODIFICATIONS ARE REQUIRED FOR ANY OTHER PB VERSION THEN v2.065
\**************************************************************/
#include <windows.h>
#include <detours.h>
#define TABLE_BASE 0xB84A0
#define FUNC_OFFSET 0x1B1C
#define RECOIL 0x457E42
enum cheatCalls {NON_PB, PB_START, PB_END};
void HandleCheats(cheatCalls);
typedef int (__cdecl* tPB_ScanFunc)(int unknown1, int unknown2, int unknown3, int unknown4);
tPB_ScanFunc oPB_ScanFunc;
int __cdecl hkPB_ScanFunc(int unknown1, int unknown2, int unknown3, int unknown4)
{
int iRet = NULL;
HandleCheats(PB_START);
iRet = oPB_ScanFunc(unknown1,unknown2,unknown3,unknown4);
HandleCheats(PB_END);
return iRet;
}
void DetourPBTable()
{
DWORD pbclBase = (DWORD)GetModuleHandle("pbcl.dll");
DWORD Key = 0xD583834E;
DWORD oTableEntry = *(DWORD*)(pbclBase+TABLE_BASE+FUNC_OFFSET);
DWORD oAddress = Key ^ oTableEntry;
oPB_ScanFunc = (tPB_ScanFunc)oAddress;
DWORD oProtect = NULL;
VirtualProtect((void*)(pbclBase+TABLE_BASE+FUNC_OFFSET), 4, PAGE_EXECUTE_READWRITE, &oProtect);
*(DWORD*)(pbclBase+TABLE_BASE+FUNC_OFFSET) = ((DWORD)hkPB_ScanFunc) ^ Key;
VirtualProtect((void*)(pbclBase+TABLE_BASE+FUNC_OFFSET), 4, oProtect, NULL);
}
void MemCpy(void* dest, void* src, size_t size)
{
DWORD oProtect = NULL;
VirtualProtect(dest, size, PAGE_EXECUTE_READWRITE, &oProtect);
memcpy(dest, src, size);
VirtualProtect(dest, size, oProtect, NULL);
}
void HandleCheats(cheatCalls typeCall)
{
static bool scanInProgress = false;
static bool recoil = false, recoil_once = true;
if(typeCall == PB_START){
// restore all memory since pb will now be scanning
scanInProgress = true;
MemCpy((void*)RECOIL,"\x74",1);
}
else if(typeCall == PB_END){
// the pb scan is over. you can now check and restore cheats to their original state before the scan
scanInProgress = false;
if(recoil == true){
MemCpy((void*)RECOIL,"\xEB",1);
}
}
if(scanInProgress == true){
return;
}
// all non pb related function calls are dealt with down here
// NOTE: make sure you keep the ability to toggle cheats below this comment
if(GetAsyncKeyState(VK_NUMPAD1)&1) recoil = !recoil;
// ---NORECOIL---------------------------------------
if(recoil == true && recoil_once == true){
MemCpy((void*)RECOIL,"\xEB",1);
recoil_once = false;
}
else if(recoil == false && recoil_once == false){
MemCpy((void*)RECOIL,"\x74",1);
recoil_once = true;
}
// --------------------------------------------------
}
DWORD WINAPI MyThread(LPVOID)
{
while(GetModuleHandle("pbcl.dll")==NULL){
Sleep(250);
}
DetourPBTable();
while(1){
HandleCheats(NON_PB);
Sleep(250);
}
return 0;
}
BOOL WINAPI DllMain(HMODULE hModule, DWORD dwReason, LPVOID lpvReserved)
{
if(dwReason == DLL_PROCESS_ATTACH){
CreateThread(0,0,MyThread,0,0,0);
}
return TRUE;
}
Source: http://www.unknowncheats.me/forum/call-duty-4-modern-warfare/54587-cod4-memory-hack-base-pbhack.html