Release Call of Duty: Modern Warfare 2 IW4x AntiCheat Bypass Script


Insane-Known Member
// The vars that our sigscans are going to be assigned to
DWORD AntiCheat, ProtectProcess[3];
DWORD Aim_TargetGetTagPosStub, DObjGetWorldTagPosStub;
void IW4x_Anticheat_Scanning()
    // Get the address from memory and not the binary due to the iw4x dll being loaded so the loading loc will be different each launch
    AntiCheat = FindPattern("iw4x.dll", "E8 BC 2D 00 00 ??");
    ProtectProcess[0] = FindPattern("iw4x.dll", "E8 ?? ?? FF FF 83 EC 28 8B CC C7 01 24");
    ProtectProcess[1] = FindPattern("iw4x.dll", "E8 ?? 3C F5");
    ProtectProcess[2] = FindPattern("iw4x.dll", "E9 CB DD FF FF");
    Aim_TargetGetTagPosStub = FindPattern("iw4x.dll", "E8 32 1B 00 00 6A 00 51");
    DObjGetWorldTagPosStub = FindPattern("iw4x.dll", "E8 7F 1B 00 00 6A 00 51");
    if (AntiCheat == 0 || ProtectProcess == 0 || Aim_TargetGetTagPosStub == 0 || DObjGetWorldTagPosStub == 0) return; // Check if the sigscanning worked like it was supposed to
void Patch_IW4x()
    // Call to get the addresses
    // Write to the found patterns
    Write<int>(AntiCheat, 5, 0x90);
    for (int i = 0; i < 3; i++)
        Write<int>(ProtectProcess[i], 5, 0x90);
    Write<int>(Aim_TargetGetTagPosStub, 5, 0x90);
    Write<int>(DObjGetWorldTagPosStub, 5, 0x90);
    1.) Due to IW4x hooking VirutalProtect, you need a VirtualProtect that changes the first 5 bytes of it. The first 5 bytes of VirtualProtect are a jump if its hooked.
    2.) You will still need a Kernel APC injector because this only allows us to be able to use functions we otherwise wouldnt be able to
    If you're going to be hooking something (i.e Menu_PaintAll), you will need to use VirtualProtect to unprotect the callback of your hook.
    Failing to do so will result in a read access violation
    In a constant loop that you run somewhere (i run mine in a CreateThread), patch these bytes aswell
    Write<BYTE>(0x41BA2C, 1, 0x83);
    Write<BYTE>(0x42A667, 1, 0x56);
    Write<BYTE>(0x40797C, 1, 0x56);
    These bytes are apart of the crash method found in the IW4x source, they set the byte to 0x90 which kills the ESI when you look at the assembly (these dont need to be sigscanned as theyre apart of MW2 itself)
This is my first post back on CCM in a while. :smile:
So this is something that i've done in my IW4x cheat, the very first thing to be exact. If you need any help with Cheat Development, add me on discord: Kontrol#9541. Anyways, Im not going to help you implement this so dont ask for that.

1.) This will allow you to use AimTarget_GetTagPos normally and DObjGetWorldTagPos.
2.) The VirutalProtect function I use can be found here >>
You do not have permission to view link Log in or register now.


Reverse Engineer
i never seemed to have issues using those functions on iw4x ever, never had to do anything special for hooking either. just did everything normally


Insane-Known Member
i never seemed to have issues using those functions on iw4x ever, never had to do anything special for hooking either. just did everything normally
Weird, I've had numerous issues for some reason without this :thinking:

Either way, I got some anticheat knowledge from this