Release Call of Duty: Modern Warfare 2 IW4x AntiCheat Bypass Script

Kontrol

Kontrol

Veteran
Messages
2
Reaction score
1
Points
558
C++: 
// The vars that our sigscans are going to be assigned to
DWORD AntiCheat, ProtectProcess[3];
DWORD Aim_TargetGetTagPosStub, DObjGetWorldTagPosStub;

void IW4x_Anticheat_Scanning()
{
    // Get the address from memory and not the binary due to the iw4x dll being loaded so the loading loc will be different each launch
    AntiCheat = FindPattern("iw4x.dll", "E8 BC 2D 00 00 ??");
    ProtectProcess[0] = FindPattern("iw4x.dll", "E8 ?? ?? FF FF 83 EC 28 8B CC C7 01 24");
    ProtectProcess[1] = FindPattern("iw4x.dll", "E8 ?? 3C F5");
    ProtectProcess[2] = FindPattern("iw4x.dll", "E9 CB DD FF FF");
    Aim_TargetGetTagPosStub = FindPattern("iw4x.dll", "E8 32 1B 00 00 6A 00 51");
    DObjGetWorldTagPosStub = FindPattern("iw4x.dll", "E8 7F 1B 00 00 6A 00 51");

    if (AntiCheat == 0 || ProtectProcess == 0 || Aim_TargetGetTagPosStub == 0 || DObjGetWorldTagPosStub == 0) return; // Check if the sigscanning worked like it was supposed to
}

void Patch_IW4x()
{
    // Call to get the addresses
    IW4x_Anticheat_Scanning();

    // Write to the found patterns
    Write<int>(AntiCheat, 5, 0x90);

    for (int i = 0; i < 3; i++)
        Write<int>(ProtectProcess[i], 5, 0x90);

    Write<int>(Aim_TargetGetTagPosStub, 5, 0x90);
    Write<int>(DObjGetWorldTagPosStub, 5, 0x90);

    /*
    _NOTES_
    1.) Due to IW4x hooking VirutalProtect, you need a VirtualProtect that changes the first 5 bytes of it. The first 5 bytes of VirtualProtect are a jump if its hooked.
    2.) You will still need a Kernel APC injector because this only allows us to be able to use functions we otherwise wouldnt be able to

    _EXTRAS_
    In a constant loop that you run somewhere (i run mine in a CreateThread), patch these bytes aswell
    Write<BYTE>(0x41BA2C, 1, 0x83);
    Write<BYTE>(0x42A667, 1, 0x56);
    Write<BYTE>(0x40797C, 1, 0x56);
    These bytes are apart of the crash method found in the IW4x source, they set the byte to 0x90 which kills the ESI when you look at the assembly (these dont need to be sigscanned as theyre apart of MW2 itself)
    */
}

This is my first post back on CCM in a while. :smile:
So this is something that i've done in my IW4x cheat, the very first thing to be exact.

1.) This will allow you to use AimTarget_GetTagPos normally and DObjGetWorldTagPos.
2.) The VirutalProtect function I use can be found here >>
Please, Log in or Register to view URLs content!
<<
 
Last edited:
AssumingAgate

AssumingAgate

Reverse Engineer
Messages
107
Reaction score
87
Points
903
i never seemed to have issues using those functions on iw4x ever, never had to do anything special for hooking either. just did everything normally
 
Kontrol

Kontrol

Veteran
Messages
2
Reaction score
1
Points
558
AssumingAgate said:
i never seemed to have issues using those functions on iw4x ever, never had to do anything special for hooking either. just did everything normally
Click to expand...
Weird, I've had numerous issues for some reason without this :thinking:

Either way, I got some anticheat knowledge from this
 
Top