COD4 Field of View (fov) increase detected by PB

get your superiourity here ! be an offline or online GOD of the game. infinite ammo, unlimited nitro, turbo boost, god mode, you name it !
Post Reply
Genocide
Newbie..
Newbie..
Posts: 16
Joined: Wed Jan 06, 2010 12:23 pm

Re: COD4 Field of View (fov) increase detected by PB

Post by Genocide »

Sethioz wrote: here's one crazy idea. as far as i know, PB is not local. it sends info back to some PB server and based on that it will either kick or ban. my tought is to fool PB somehow, so you actually close PB down, but make server think that you are still running it (actually i think this is the method that this bypass was based on).
I can understand the concept there of sending dummy packets but I honestly have no idea how I would do that at this time.

Again I understand what Retox was saying with the code cave example, I jump to another area where my modified code resides or I call my modified code instead of the original code its just finding where I need to implement this. In fact I have tried this with the piece of code which writes to the base address for fov and it worked.

The problem at the minute is my lack of knowledge, changing a simple decimal value in a memory scanner is easy enough but manipulating code in a disassembler is something else.

Edit: This is the write address
0056B586 |. 8977 0C MOV DWORD PTR DS:[EDI+C],ESI
but where do I go from here?
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: COD4 Field of View (fov) increase detected by PB

Post by Sethioz »

about the code cave and writing your own code, there are some very good examples in Tsearch's tutorial. it is included inside of tsearch. try reading that.
I am not interested in PB, so i can't give you exact examples, but if you write your own code, you can just put it into random place. in Tsearch just open the memory viewer/editor and look for empty place, this is where you can write it.
you don't even need olly for that, you can use Tsearch's easywrite interpreter. it is very easy to use.

i have done few things with easywrite, you should read this thread > Resident Evil 5 - hacks & stuff [PC]
use your brower's search and search for "easywrite". i have few examples there on how to use it, i wrote my own code in RE5, using easywrite. it might help you out on how to use it and jump to your own code.
TeamRetox
Allie
Allie
Posts: 222
Joined: Sat Jun 06, 2009 3:48 pm

Re: COD4 Field of View (fov) increase detected by PB

Post by TeamRetox »

Genocide wrote:
Sethioz wrote: here's one crazy idea. as far as i know, PB is not local. it sends info back to some PB server and based on that it will either kick or ban. my tought is to fool PB somehow, so you actually close PB down, but make server think that you are still running it (actually i think this is the method that this bypass was based on).
I can understand the concept there of sending dummy packets but I honestly have no idea how I would do that at this time.

Again I understand what Retox was saying with the code cave example, I jump to another area where my modified code resides or I call my modified code instead of the original code its just finding where I need to implement this. In fact I have tried this with the piece of code which writes to the base address for fov and it worked.

The problem at the minute is my lack of knowledge, changing a simple decimal value in a memory scanner is easy enough but manipulating code in a disassembler is something else.

Edit: This is the write address
0056B586 |. 8977 0C MOV DWORD PTR DS:[EDI+C],ESI
but where do I go from here?
MOV DWORD PTR DS:[EDI+C],ESI
MOVe
DWORD pointer, ds is a register
EDI+C = Address of EDI+C, the [] around it means the value memory location pointed to by what is inside the []
ESI is a register

in this case, they move(copy) ESI into the address pointed to by EDI+C
put a breakpoint on it, run CoD4 and change the fov, see if the breakpoint triggers, and see what value ESI is.

I asume ESI is the fov, and [EDI+C] is either the D3D location that contains the fov, or part of a punkbuster scan.
if ESI is indeed the fov try replacing the command with MOV DWORD PTR:DS[EDI+C], 0x5A
Genocide
Newbie..
Newbie..
Posts: 16
Joined: Wed Jan 06, 2010 12:23 pm

Re: COD4 Field of View (fov) increase detected by PB

Post by Genocide »

Thanks for your patience Retox I know it can be frustrating helping someone like myself at times.

Using ollydbg I set a breakpoint on
0056B586 |. 8977 0C MOV DWORD PTR DS:[EDI+C],ESI
yet when I changed fov via console it doesn't break?

I'm not sure if this helps but when setting a breakpoint on
0CBAF114 0000 ADD BYTE PTR DS:[EAX],AL

the value of ESI at break is , 42A00000
TeamRetox
Allie
Allie
Posts: 222
Joined: Sat Jun 06, 2009 3:48 pm

Re: COD4 Field of View (fov) increase detected by PB

Post by TeamRetox »

See what happens if you NOP the mov DWORD PTR DS:[EDI+C], ESI
Try changing the fov, if it wont change its the correct line, if it does changes its another line that handles fov
Genocide
Newbie..
Newbie..
Posts: 16
Joined: Wed Jan 06, 2010 12:23 pm

Re: COD4 Field of View (fov) increase detected by PB

Post by Genocide »

Yeah I did NOP that line and then when I change the fov via the console it doesn't change. However under the cg_fov command as well as stating the default value 65 it also then states latched value which is the value I tried to set but it no longer changes. I also redirected this line of code to another area for a little practice with codecaves, when doing so I was able to change fov fine then once again when I NOP the line in the code cave can no longer change and have latched value.
SageR
Newbie..
Newbie..
Posts: 4
Joined: Fri Jan 14, 2011 4:22 am

Re: COD4 Field of View (fov) increase detected by PB

Post by SageR »

Could you use Proxocket on Punkbuster to record a long session of gaming, and when you're done playing, block Punkbuster and replay the data recorded by Proxocket with a packet sender to the Punkbuster server, and then muck about for as long as the long session of gaming lasted? Seems logical, but somehow unlikely. I know I'm missing some variables in there. Tell me what you think.
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: COD4 Field of View (fov) increase detected by PB

Post by Sethioz »

proxocket captures only the process, which means you have to first put proxocket into PB folder and then into game folder.
my idea would be fake packet. if pb says "busted" then using a filter in proxocket, it would say "clean"

but why you want to send the long game session ? anyways im not the right person to talk about PB, i never done any research on it. PB only fucks my pc up, cuz of my custom XP. it doesnt like it, everything conflicts and it crashes ..etc
SageR
Newbie..
Newbie..
Posts: 4
Joined: Fri Jan 14, 2011 4:22 am

Re: COD4 Field of View (fov) increase detected by PB

Post by SageR »

Remember in the movie Speed they fool the bad guy by putting the footage on a loop? That's what I was thinking, only more of a one-shot deal. Still learning as I go. The filter approach seems like the best bet. Punkbuster, to the best of my knowledge, scans only apps that interact with its games, not PB itself. Whether it keeps an eye on itself remains to be seen.

I'm curious: what decent MMO games are there with no cheat protection that can be used as practise? These days it seems like everyone's got their backs up about cheating that there's no latitude for educational exploration. That sounds horribly off-topic, but my rationale is: practise first, spoof Punkbuster later.
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: COD4 Field of View (fov) increase detected by PB

Post by Sethioz »

those theorys about PB are interesting, but not in this topic.
if you wish to discuss how to bypass PB, make a new thread under pc hacking or game hacking, PB could be both.
Post Reply