API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 28th, 2016
1,149
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 68.38 KB | None | 0 0
raw download clone embed print report
  1. #include "stdafx.h"
  2. #include "XBLExtinctionConfig.h"
  3. #include "Utilities.h"
  4. #include "titleHooks.h"
  5. #include "SystemHooks.h"
  6. #include "ServComm.h"
  7. #include "PatchData.h"
  8. #include <xbdm.h>
  9. #include <time.h>
  10. #include "AW.h"
  11. #include "BO2_game.h"
  12. #include "MSP.h"
  13. #include "HUD.h"
  14. #include "BO3Menu.h"
  15. #include "MSP.h"
  16.  
  17.  
  18. //extern _SERVER_GET_CUSTOM_RESPONCE cData;
  19.  
  20. extern HANDLE hXam;
  21. extern BOOL IsDevkit;
  22. extern BOOL dashLoaded;
  23. extern HANDLE dllHandle;
  24.  
  25. MESSAGEBOX_RESULT g_mb_result;
  26. XOVERLAPPED g_xol;
  27.  
  28. DWORD nop = 0x60000000;
  29. DWORD other = 0x38600001;
  30.  
  31. extern DWORD ApplyPatches(CHAR* FilePath, const VOID* DefaultPatches = NULL);
  32. extern void printBytes(PBYTE bytes, DWORD len);
  33.  
  34. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  35.  
  36.  
  37. VOID __cdecl APCWorker(void* Arg1, void* Arg2, void* Arg3) {
  38.  
  39. // Call our completion routine if we have one
  40. if (Arg2)
  41. ((LPOVERLAPPED_COMPLETION_ROUTINE)Arg2)((DWORD)Arg3, 0, (LPOVERLAPPED)Arg1);
  42. }
  43.  
  44. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  45.  
  46. extern "C" VOID KeSweepIcacheRange(PVOID Address, DWORD cbBytes);
  47. VOID ApplyPatchData(PBYTE pBuffer, DWORD dwLength) {
  48. PDWORD pdwData = (PDWORD)pBuffer;
  49.  
  50. // Sanity check
  51. if (pdwData[(dwLength / 4) - 1] != -1) {
  52. return;
  53. }
  54.  
  55. while (TRUE) {
  56. DWORD dwAddress = *pdwData++;
  57.  
  58. if (dwAddress == -1)
  59. break;
  60.  
  61. DWORD dwPatchCount = *pdwData++;
  62. for (DWORD i = 0; i < dwPatchCount; i++) {
  63. DWORD dwAddrToPatch = dwAddress + (i * 4);
  64. *(DWORD*)(dwAddrToPatch) = *pdwData++;
  65. }
  66.  
  67. KeSweepIcacheRange((PVOID)dwAddress, dwPatchCount * 4);
  68. }
  69. }
  70.  
  71. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  72.  
  73. extern BOOL mspSpoofEnabled;//////////////////////////////////
  74. BOOL hasMSPSpoofed = FALSE;/////////////////////////////////
  75. BOOL mspSpoofEnabled = false;/////////////////////////////
  76.  
  77. void MSPSpoof() {
  78.  
  79. MESSAGEBOX_RESULT msppSpoofResult;
  80. XOVERLAPPED msppSpoofOverlapped;
  81. LPCWSTR msppSpoofButtons[2] = { L"Yes", L"No" };
  82. //if (wcscmp(ModuleHandle->BaseDllName.Buffer, L"Guide.MP.Purchase.xex") == 0) {
  83. XShowMessageBoxUI(XUSER_INDEX_ANY, L"XBLRevolution - MSP Spoofing", L"We are about to spoof your Microsoft Points. If the content you're about to download is free, please select No so that it can download successfully.\n\nWould you like to spoof your Microsoft Points?", ARRAYSIZE(msppSpoofButtons), msppSpoofButtons, 0, XMB_ALERTICON, &msppSpoofResult, &msppSpoofOverlapped);
  84. msppSpoofResult.dwButtonPressed = -1;
  85. Sleep(1000);
  86.  
  87. int tickedamnt = 0;
  88. while (msppSpoofResult.dwButtonPressed == -1) {
  89. tickedamnt++;
  90.  
  91. if (tickedamnt > 350)
  92. msppSpoofResult.dwButtonPressed = 0;
  93.  
  94. Sleep(100);
  95. }
  96.  
  97. switch (msppSpoofResult.dwButtonPressed) {
  98. case 0: // Yes*/
  99. if (mspSpoofEnabled) {
  100. hasMSPSpoofed = TRUE;
  101. ApplyPatchData(PATCH_DATA_KXAM_MSPOINTS_RETAIL, 64);
  102. ApplyPatchData(PATCH_DATA_MPPURCHASE_MSPOINTS_RETAIL, 0x1C);
  103. XNotifyUI(L"XBLRevolution: MSP Spoofing Successful!");
  104. }
  105. else
  106. {
  107. ApplyPatchData(PATCH_DATA_KXAM_MSPOINTS_RETAIL_EMPTY, 64);
  108. ApplyPatchData(PATCH_DATA_MPPURCHASE_MSPOINTS_RETAIL_EMPTY, 0x1C);
  109. XNotifyUI(L"XBLRevolution: MSP Spoofing is Disabled!");
  110. }
  111. break;
  112. default:
  113. case 1: // No
  114. XNotifyUI(L"XBLRevolution: Microsoft Points were not spoofed!");
  115. break;
  116. }
  117. }
  118.  
  119. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  120.  
  121. DWORD XSecurityCreateProcessHook(DWORD dwHardwareThread)
  122. {
  123. return ERROR_SUCCESS;
  124. }
  125.  
  126. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  127.  
  128. unsigned long XeXGetModuleHandleHook(char* ModuleName)
  129. {
  130. if (strcmp(ModuleName, "xbdm.xex") == 0)
  131. return 0;
  132. }
  133.  
  134. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  135.  
  136. VOID XSecurityCloseProcessHook() {}
  137.  
  138. DWORD XSecurityVerifyHook(DWORD dwMilliseconds, LPOVERLAPPED lpOverlapped, LPOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine) {
  139.  
  140. // Queue our completion routine
  141. if (lpCompletionRoutine)
  142. NtQueueApcThread((HANDLE)-2, (PIO_APC_ROUTINE)APCWorker, lpOverlapped, (PIO_STATUS_BLOCK)lpCompletionRoutine, 0);
  143.  
  144. // All done
  145. return ERROR_SUCCESS;
  146. }
  147.  
  148. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  149.  
  150. DWORD XSecurityGetFailureInfoHook(PXSECURITY_FAILURE_INFORMATION pFailureInformation)
  151. {
  152. if (pFailureInformation->dwSize != 0x18) return ERROR_NOT_ENOUGH_MEMORY;
  153. pFailureInformation->dwBlocksChecked = 0;
  154. pFailureInformation->dwFailedReads = 0;
  155. pFailureInformation->dwFailedHashes = 0;
  156. pFailureInformation->dwTotalBlocks = 0;
  157. pFailureInformation->fComplete = TRUE;
  158. return ERROR_SUCCESS;
  159. }
  160.  
  161. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  162.  
  163. DWORD XexGetProcedureAddressHook(HANDLE hand, DWORD dwOrdinal, PVOID* pvAddress)
  164. {
  165. if (hand == hXam) {
  166. switch (dwOrdinal) {
  167. case 0x9BB:
  168. *pvAddress = XSecurityCreateProcessHook;
  169. return 0;
  170. case 0x9BC:
  171. *pvAddress = XSecurityCloseProcessHook;
  172. return 0;
  173. case 0x9BD:
  174. *pvAddress = XSecurityVerifyHook;
  175. return 0;
  176. case 0x9BE:
  177. *pvAddress = XSecurityGetFailureInfoHook;
  178. return 0;
  179. }
  180. }
  181. //DbgPrint("XexGetProcedureAddressHook [pvAddress]: 0x%p", pvAddress);
  182. return XexGetProcedureAddress(hand, dwOrdinal, pvAddress);
  183. }
  184.  
  185. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  186.  
  187. unsigned long XeKeysGetKeyHook(unsigned short key, unsigned char* buffer, PDWORD len)
  188. {
  189. if (key == 0x14)
  190. {
  191. srand((unsigned int)time(0));
  192. for (int i = 0x00; i < 0xC; i++) buffer[i] = rand() % 0x7F;
  193. return 0L;
  194. }
  195. return XeKeysGetKey(key, buffer, len);
  196. }
  197.  
  198. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  199.  
  200. int XNetXnAddrToMachineIdHookBO2(XNCALLER_TYPE xnc, XNADDR pxnaddr, unsigned long long MachineId)
  201. {
  202. srand((unsigned int)time(0));
  203. MachineId = 0xFA00000000000000 | (0x2000000 | rand() % 0x7FFFFF);
  204. return 0;
  205. }
  206.  
  207. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  208.  
  209. inline __declspec() bool Live_GetConsoleDetailsSavestubGhosts(bool alwaysTrue, unsigned char internalIP[4], unsigned char onlineIP[4], unsigned long long *machineIDH, unsigned long long *null, unsigned long long *enet)
  210. {
  211. __asm
  212. {
  213. nop
  214. nop
  215. nop
  216. nop
  217. nop
  218. nop
  219. nop
  220. blr
  221. }
  222. }
  223.  
  224. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  225.  
  226. bool Live_GetConsoleDetailsHookGhosts(bool alwaysTrue, unsigned char internalIP[4], unsigned char externalIP[4], unsigned long long * machineIDH, unsigned long long * machineIDL, unsigned long long *enet)
  227. {
  228. srand(time(0));
  229. int iTargetAddress = 0;
  230. __asm mflr iTargetAddress
  231. if (iTargetAddress == 0x82627564 || iTargetAddress == 0x82628888)
  232. {
  233. for (int i = 0; i < 4; i++) { internalIP[i] = rand() % 0xFF; externalIP[i] = rand() % 0xFF; }
  234. *enet = 0x001DD8000000 | rand() % 0x7FFFFF;
  235. return true;
  236. }
  237. return Live_GetConsoleDetailsSavestubGhosts(alwaysTrue, internalIP, externalIP, machineIDH, machineIDL, enet);
  238. }
  239.  
  240. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  241.  
  242. HRESULT XeKeysGetConsoleIDHook(PBYTE databuffer OPTIONAL, char* szBuffer OPTIONAL) {
  243.  
  244. XE_CONSOLE_ID consoleID;
  245. XeKeysGetConsoleID((PBYTE)&consoleID, NULL);
  246.  
  247. XUSER_SIGNIN_INFO userInfo;
  248. XamUserGetSigninInfo(0, XUSER_GET_SIGNIN_INFO_ONLINE_XUID_ONLY, &userInfo);
  249.  
  250. BYTE gamertagSha[0x10];
  251. XeCryptSha((PBYTE)userInfo.szUserName, strlen(userInfo.szUserName), NULL, NULL, NULL, NULL, gamertagSha, 0x10);
  252. consoleID.asBits.MacIndex3 = gamertagSha[0];
  253. consoleID.asBits.MacIndex4 = gamertagSha[1];
  254. consoleID.asBits.MacIndex5 = gamertagSha[2];
  255.  
  256. SetMemory(databuffer, &consoleID, 0x5);
  257. return ERROR_SUCCESS;
  258. }
  259.  
  260. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  261.  
  262. int NetDll_XNetXnAddrToMachineIdHook(XNCALLER_TYPE xnc, XNADDR * pxnaddr, ULONGLONG * pqwMachineId) {
  263.  
  264. int rett = NetDll_XNetXnAddrToMachineId(xnc, pxnaddr, pqwMachineId);
  265.  
  266. XUSER_SIGNIN_INFO userInfo;
  267. XamUserGetSigninInfo(0, XUSER_GET_SIGNIN_INFO_ONLINE_XUID_ONLY, &userInfo);
  268.  
  269. BYTE gamertagSha[0x10];
  270. XeCryptSha((PBYTE)userInfo.szUserName, strlen(userInfo.szUserName), NULL, NULL, NULL, NULL, gamertagSha, 0x10);
  271. SetMemory(pqwMachineId + 5, gamertagSha, 0x3);
  272.  
  273. return rett;
  274. }
  275.  
  276. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  277.  
  278. int XNetXnAddrToMachineIdHook(XNCALLER_TYPE xnc, XNADDR* pxnaddr, unsigned long long* qwMachineId)
  279. {
  280. srand((unsigned int)time(0));
  281. *qwMachineId = 0xFA00000002000000 | (0x2000000 | rand() % 0x7FFFFF);
  282. return 0;
  283. }
  284.  
  285. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  286.  
  287. inline __declspec() bool Live_GetConsoleDetailsSavestub(unsigned char internalIP[4], unsigned char onlineIP[4], unsigned long long *machineIDH, unsigned long long *null, unsigned long long *enet)
  288. {
  289. __asm
  290. {
  291. nop
  292. nop
  293. nop
  294. nop
  295. nop
  296. nop
  297. nop
  298. blr
  299. }
  300. }
  301.  
  302. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  303.  
  304. bool Live_GetConsoleDetailsHookAW(unsigned char internalIP[4], unsigned char onlineIP[4], unsigned long long *machineIDH, unsigned long long *null, unsigned long long *enet)
  305. {
  306. srand(time(0));
  307. int iTargetAddress = 0;
  308. __asm mflr iTargetAddress
  309. if (iTargetAddress == 0x822C9FF8 || iTargetAddress == 0x822C9908)
  310. {
  311. for (int i = 0; i < 4; i++)
  312. {
  313. internalIP[i] = rand() % 0xFF; onlineIP[i] = rand() % 0xFF;
  314. }
  315. *enet = 0x001DD8000000 | rand() % 0x7FFFFF;
  316. return true;
  317. }
  318. return Live_GetConsoleDetailsSavestub(internalIP, onlineIP, machineIDH, null, enet);
  319. }
  320.  
  321. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  322.  
  323. HRESULT XNetLogonGetMachineIDHook(QWORD* machineID) {
  324.  
  325. QWORD machID = 0;
  326. HRESULT rett = XNetLogonGetMachineID(&machID);
  327.  
  328. XUSER_SIGNIN_INFO userInfo;
  329. XamUserGetSigninInfo(0, XUSER_GET_SIGNIN_INFO_ONLINE_XUID_ONLY, &userInfo);
  330.  
  331. BYTE gamertagSha[0x10];
  332. XeCryptSha((PBYTE)userInfo.szUserName, strlen(userInfo.szUserName), NULL, NULL, NULL, NULL, gamertagSha, 0x10);
  333. SetMemory(machineID + 5, gamertagSha, 0x3);
  334.  
  335. return rett;
  336. }
  337.  
  338. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  339.  
  340. typedef HRESULT(*pXamInputGetState)(QWORD r3, QWORD r4, QWORD r5);
  341. pXamInputGetState XamInputGetState = (pXamInputGetState)ResolveFunction(NAME_XAM, 401);
  342.  
  343. static BOOL isFrozen = FALSE;
  344. HRESULT XamInputGetStateHook(QWORD r3, QWORD r4, QWORD r5) {
  345. if (isFrozen) {
  346. return 0;
  347. }
  348. HRESULT ret = XamInputGetState(r3, r4, r5);
  349. return ret;
  350. }
  351.  
  352. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  353.  
  354. static DWORD lastTitleID = 0;
  355. BYTE NOP[] = { 0x60, 0x00, 0x00, 0x00 };
  356. BYTE Branch[] = { 0x48, 0x00 };
  357. BYTE DOLONG[] = { 0x89, 0x21, 0x00, 0x50, 0x60, 0x00, 0x00, 0x00 };
  358. BYTE TEST[] = { 0x61, 0x49, 0x00, 0x00 };
  359. BYTE GHOSTS_LASER[] = { 0x38, 0x60, 0x00, 0x01 };
  360. BYTE GHOSTS_UAV[] = { 0x3B, 0x60, 0x00, 0x01 };
  361. BYTE BO2_WALL[] = { 0x34, 0xC0, 0xFF, 0xFF };
  362. BYTE AW_ENABLER[] = { 0x39, 0x60, 0x00, 0x00 };
  363. BYTE AW_ENABLER2[] = { 0x38, 0xC0, 0x00, 0x03 };
  364.  
  365. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  366.  
  367. LPCWSTR Buttons5[2] = { L"Modifications", L"Original Game" };
  368.  
  369. BYTE datamw2[4] = { 0x38, 0xC0, 0x01, 0x0F };
  370.  
  371. DWORD WINAPI MW2_Go(LPVOID lpParam)
  372. {
  373. XShowMessageBoxUI(XUSER_INDEX_ANY, L"XBLRevolution - COD: MW2", L"XBLRevolution Mods -\nPlease Select A Cheat Option\n\nModifications\n----------------\nNo Recoil= ON!\nLazer= ON!\nUAV= ON!\nRedbox= ON!\nCG Player= ON!", 2, Buttons5, 0, XMB_ALERTICON, &g_mb_result, &g_xol);
  374. while (!XHasOverlappedIoCompleted(&g_xol)) Sleep(500);
  375. if (g_mb_result.dwButtonPressed == 0) {
  376. *(int*)0x82104093 = other; //lazer
  377. *(byte *)0x82104093 = 1; //TU8 -> Modern Warfare 2
  378. *(byte *)0x820F4233 = 1; //TU8 -> Modern Warfare 2
  379. *(byte *)0x82135BE3 = 0; //TU8 -> Modern Warfare 2
  380. *(byte*)0x82104093 = 1; //TU8 -> Modern Warfare 2
  381. memcpy((void*)0x821123A4, &datamw2, 4);//CG_Player
  382. //(0, "set g_compassshowenemies 1;set activeaction \"g_compassshowenemies 1;scr_game_forceuav 1;set activeaction \\\"g_compassshowenemies 1;scr_game_forceuav 1;set activeaction g_compassshowenemies 1\\\"\"");
  383. XNotifyUI(L"COD: MW2 - Modifications Enabled");
  384. return 0;
  385. }
  386. }
  387.  
  388. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  389.  
  390.  
  391.  
  392. unsigned long XexGetModuleHandleHook(char* ModuleName) {
  393. if (strcmp(ModuleName, "xbdm.xex") == 0) {
  394. DbgPrint("Returned XBDM as 0");
  395. return 0;
  396. }
  397. else return (unsigned long)GetModuleHandle(ModuleName);
  398. }
  399.  
  400. /*byte Response[] =
  401. {
  402. 0x46, 0x7C, 0x70, 0xB0,
  403. 0xFC, 0x00, 0x00, 0x00, 0xE6, 0xA5, 0xDD, 0xD1,
  404. 0xF5, 0xD7, 0xDA, 0xF1, 0x46, 0x21, 0x01, 0x10,
  405. 0x00, 0x00, 0x00, 0x00,
  406. 0x00, 0x00, 0x00, 0x00,
  407. 0x08, 0x60,
  408. 0x03,
  409. 0x30, 0x31, 0x34, 0x32, 0x36, 0x31, 0x37, 0x39, 0x35, 0x32, 0x30, 0x37, 0x00,
  410. 0x30, 0x33, 0x32, 0x37, 0x35, 0x38, 0x31, 0x31, 0x33, 0x30, 0x35, 0x35,
  411. 0x42, 0xFE
  412. };
  413.  
  414. VOID randomizedata()
  415. {
  416. BYTE IPAddress[4], MachineId[8], Enet[8], ConsoleKey[13], ConsoleIndex[12], padding0[2], padding1[8];
  417. for (int i = 0; i < 2; i++)IPAddress = rand() % 90;
  418. for (int i = 0; i < 2; i++)MachineId = rand() % 90;
  419. for (int i = 0; i < 1; i++)Enet = rand() % 90;
  420. for (int i = 0; i < 3; i++)ConsoleIndex = rand() % 90;
  421. for (int i = 0; i < 3; i++)ConsoleKey = rand() % 90;
  422. for (int i = 0; i < 2; i++)padding0 = rand() % 90;
  423. for (int i = 0; i < 8; i++)padding1 = rand() % 90;
  424. memcpy(Response + 0x2, &IPAddress, 2);
  425. memcpy(Response + 0x6, &MachineId, 2);
  426. memcpy(Response + 0x10, &Enet, 1);
  427. memcpy(Response + 0x29, &ConsoleKey, 3);
  428. memcpy(Response + 0x33, &ConsoleIndex, 3);
  429. memcpy(Response + 0x1C, &padding0, 2);
  430. memcpy(Response + 0x14, &padding1, 8);
  431. }*/
  432.  
  433. LPCWSTR Buttons10[3] = { L"Modifications", L"Original Game", L"ModMenu with Aimbot" };
  434. DWORD WINAPI BO3_go(LPVOID lpParam)
  435. {
  436. XNotifyUI(L"COD: BO3 - Bypass Enabled!");
  437. while (XShowMessageBoxUI(XUSER_INDEX_ANY, L"XBLRevolution - COD: BO3", L"XBLRevolution Mods -\nPlease Select A Cheat Option\n\nModifications\n----------------\nNoRecoil= ON!\nRedboxes= ON!\nNoSway= OFF!\nUAV= ON!\nSmallCrosshairs= OFF!\n\n\nBO3ModMenu= ON!\n", 3, Buttons10, 0, XMB_ALERTICON, &g_mb_result, &g_xol) == ERROR_ACCESS_DENIED) Sleep(500);
  438. while (!XHasOverlappedIoCompleted(&g_xol)) Sleep(500);
  439. if (g_mb_result.dwButtonPressed == 0)
  440. {
  441. //*(int*)0x826D8E4C = other; //No Recoil //TU8==0x826D8E4C or --------> 0x82279CB8
  442. //*(int*)0x82610920 = other; //RedBoxes 1 //TU8==0x82610920
  443. //*(int*)0x82610948 = other; //RedBoxes 2 //TU8==0x82610948
  444. ////*(int*)0x82201008 = other; //NoSway //TU8==0x82201008
  445. //*(int*)0x8228BC78 = other; //UAV //TU8==0x8228BC78
  446. //*(int*)0x82099FA8 = other; //Crosshairs //TU8==0x82099FA8
  447.  
  448. *(int*)0x82610920 = 0x60000000; // Red box 1
  449. *(int*)0x82610948 = 0x60000000; // Red box 2
  450. *(int*)0x82279CB8 = 0x60000000; // Recoil
  451. *(int*)0x8228BC78 = 0x60000000; // UAV
  452. XNotifyUI(L"COD: BO3 - Modifications Enabled");
  453. }
  454. else if (g_mb_result.dwButtonPressed == 1)
  455. {
  456. //nothing
  457. }
  458. else if (g_mb_result.dwButtonPressed == 2)
  459. {
  460. DoBO3Menu();
  461. }
  462. return 0;
  463. }
  464.  
  465. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  466.  
  467. LPCWSTR Buttons0[2] = { L"Modifications", L"Original Game" };
  468.  
  469. BYTE bo2chams[4] = { 0x38, 0xC0, 0xFF, 0xFF };
  470. BYTE bo2lazer[4] = { 0x2B, 0xB, 0x00, 0x1 };
  471. BYTE bo2esp1[4] = { 0x39, 0x40, 0xFF, 0xFF };
  472. BYTE bo2esp2[4] = { 0x3A, 0xE0, 0x0, 0x2 };
  473. BYTE bo2esp3[4] = { 0x3A, 0xE0, 0x0, 0x2 };
  474. BYTE bo2esp4[4] = { 0x40, 0x9A, 0x0, 0x18 };
  475. BYTE bo2esp5[4] = { 0x40, 0x9A, 0x0, 0x10 };
  476. //BYTE bo2force[] = { 0, "party_connectToOthers 00; partyMigrate_disabled 01; sv_endGameIfISuck 0; badhost_endgameifisuck 0​; set allowAllNAT 1" };
  477.  
  478. DWORD WINAPI BO2_go(LPVOID lpParam)
  479. {
  480. XNotifyUI(L"COD: BO2 - Bypass Enabled!");
  481. XShowMessageBoxUI(XUSER_INDEX_ANY, L"XBLRevolution - COD: BO2", L"XBLRevolution Mods -\nPlease Select A Cheat Option\n\nModifications\n------------------------------------\nRedboxes= ON! UAV= ON!\nNo Recoil= ON! LagMeter= ON!\nForceHost= OFF! Chams= OFF!\nLaser= ON! ShowHost= OFF!\nRemove Probation= ON!\nPartyChatAnywhere= ON!\nRemoveColdBlood= ON!\n ", 2, Buttons0, 0, XMB_ALERTICON, &g_mb_result, &g_xol);
  482. while (!XHasOverlappedIoCompleted(&g_xol)) Sleep(500);
  483. if (g_mb_result.dwButtonPressed == 0) {
  484. *(int*)0x821f5b7c = 0x38600001; //Redboxes
  485. *(int*)0x82259BC8 = 0x38600001; //No Recoil
  486. *(int*)0x821B8FD0 = 0x2b110001; //UAV
  487. *(int*)0x821F608C = nop;//Remove Cold Blood
  488. *(int*)0x825C536C = nop;//remove probation
  489. *(int*)0x825DCA68 = nop;//party chat anywhere
  490. *(int*)0x821C5567 = other;//lag meter
  491.  
  492. memcpy((void*)0x821FC04C, &bo2lazer, 4);//Lazer
  493. memcpy((void*)0x821FC04C, &bo2chams, 4);//chams
  494. //memcpy((void*)0x824015E0, &bo2force, 4);//ForceHost
  495.  
  496. memcpy((void*)0x821C42F8, &bo2esp1, 4);//ESP Names
  497. memcpy((void*)0x821C4CDC, &bo2esp2, 4);//ESP Names
  498. memcpy((void*)0x821C44A0, &bo2esp3, 4);//ESP Names
  499. memcpy((void*)0x821C47EC, &bo2esp4, 4);//ESP Names
  500. memcpy((void*)0x821C42FC, &bo2esp5, 4);//ESP Names
  501.  
  502. *(int*)0x821FC04C = 0x38c0ffff; //Wallhack
  503. *(int*)0x821B8FD3 = other; //V-SAT<<new
  504. *(int*)0x82254810 = other; // NoSpread1
  505. *(int*)0x821C7234 = other; // NoSpread2
  506. *(int*)0x826C6E6C = other; // WeaponSway
  507.  
  508. //Show players through walls:
  509. //0x000834D0 -> 38 C0 FF FF
  510.  
  511. XNotifyUI(L"COD: BO2 - Modifications Enabled");
  512. }
  513. return 0;
  514. }
  515.  
  516. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  517.  
  518.  
  519. LPCWSTR Buttons4[2] = { L"Modifications", L"Original Game" };
  520.  
  521. BYTE MW3_WH[] = { 0x42, 0x20, 0x00, 0x00 };
  522. BYTE MW3_BOXES[] = { 0x41, 0x9A, 0x00, 0x12 };
  523. BYTE MW3_UAV[] = { 0x3B, 0x80, 0x00, 0x01 };
  524. BYTE MW3_RECOIL[] = { 0x60, 0x00, 0x00, 0x00 };
  525. BYTE MW3_LASER[] = { 0x2F, 0x10, 0x00, 0x01 };
  526. BYTE MW3_CH[] = { 0x3B, 0x80, 0x00, 0x01 };
  527. BYTE SMALL_C[] = { 0x80, 0x70, 0x00, 0x00 };
  528.  
  529. DWORD WINAPI MW3_Go(LPVOID lpParam)
  530. {
  531. XShowMessageBoxUI(XUSER_INDEX_ANY, L"XBLRevolution - COD: MW3", L"XBLRevolution Mods -\nPlease Select A Cheat Option\n\nModifications\n----------------\nRedbox= ON!\nNo Recoil= ON!\nLazer= ON!\nUAV= ON!\nWalhack= ON!", 2, Buttons4, 0, XMB_ALERTICON, &g_mb_result, &g_xol);
  532. while (!XHasOverlappedIoCompleted(&g_xol)) Sleep(500);
  533. if (g_mb_result.dwButtonPressed == 0) {
  534. *(int*)0x821154A4 = other; //Redboxes
  535. *(int*)0x8210E58C = other; //UAV A
  536. *(int*)0x8215A2C0 = other; //Lazer
  537. *(int*)0x82001B7C = other; //Walhack
  538. *(int*)0x821614D4 = other; //No Recoil
  539. SetMemory((PVOID)0x82000B68, SMALL_C, 4);//Small Croshairs
  540. *(int*)0x82001B7C = 0x42200000;
  541. *(int*)0x821154A4 = 0x60000000;
  542. *(int*)0x8210E58C = 0x3B800001;
  543. *(int*)0x821614D4 = 0x60000000;
  544. *(int*)0x8215A2C0 = 0x2F100001;
  545. XNotifyUI(L"COD: MW3 - Modifications Enabled");
  546. return 0;
  547. }
  548. }
  549.  
  550. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  551.  
  552. void GTA5Menu() {
  553. //const size_t menu_size = 0x0;
  554. //const char *file = "HDD:\\dl02";
  555. //if (CWriteFile(file, cData.GTA5UI, menu_size) == TRUE) {
  556. // XexLoadImage(file, 8, NULL, NULL);
  557. // remove(file);
  558. //}
  559. }
  560.  
  561. LPCWSTR Buttons19[2] = { L"Modifications", L"Original Game" };
  562.  
  563. DWORD WINAPI GTA5_go(LPVOID lpParam)
  564. {
  565. XShowMessageBoxUI(XUSER_INDEX_ANY, L"XBLRevolution - GTA: 5", L"XBLRevolution Mods -\nPlease Select A Cheat Option\n\Modifications\n----------------\nGTAV Menu= OFF!\n", 2, Buttons19, 0, XMB_ALERTICON, &g_mb_result, &g_xol);
  566. while (!XHasOverlappedIoCompleted(&g_xol)) Sleep(500);
  567. if (g_mb_result.dwButtonPressed == 0)
  568. {
  569. XNotifyUI(L"GTA: 5 Menu Downloading!");
  570. XNotifyUI(L"GTA: 5 - Modifications Enabled!");
  571. GTA5Menu();
  572. }
  573. XNotifyUI(L"GTA: 5 - Bypass Enabled");
  574. return 0;
  575. }
  576.  
  577. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  578.  
  579. LPCWSTR Buttons20[2] = { L"Modifications", L"Original Game" };
  580.  
  581. DWORD WINAPI GTA4_go(LPVOID lpParam)
  582. {
  583. XShowMessageBoxUI(XUSER_INDEX_ANY, L"XBLRevolution - GTA: 4", L"XBLRevolution Mods -\nPlease Select A Cheat Option\n\Modifications\n----------------\nHealth= OFF!\nArmor= OFF!\n", 2, Buttons20, 0, XMB_ALERTICON, &g_mb_result, &g_xol);
  584. while (!XHasOverlappedIoCompleted(&g_xol)) Sleep(500);
  585. if (g_mb_result.dwButtonPressed == 0)
  586. {
  587. //reader.Position = &HD132
  588. //Health.Text = reader.ReadSingle().ToString //Health
  589. //=========
  590. //reader.Position = &HD136
  591. //Armor.Text = reader.ReadSingle().ToString //Armor
  592. XNotifyUI(L"GTA: 4 - Modifications Enabled!");
  593. }
  594. return 0;
  595. }
  596.  
  597. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  598.  
  599. LPCWSTR Buttons26[2] = { L"Modifications", L"Original Game" };
  600.  
  601. DWORD WINAPI HaloR_go(LPVOID lpParam)
  602. {
  603. XShowMessageBoxUI(XUSER_INDEX_ANY, L"XBLRevolution - Halo: Reach", L"XBLRevolution Mods -\nPlease Select A Cheat Option\n\Modifications\n----------------\nAimbot= ON!\nRapidFire= ON!\nSuperSpeed= ON!\nSuperJump= ON!\n", 2, Buttons26, 0, XMB_ALERTICON, &g_mb_result, &g_xol);
  604. while (!XHasOverlappedIoCompleted(&g_xol)) Sleep(500);
  605. if (g_mb_result.dwButtonPressed == 0)
  606. {
  607. *(int*)0x824DCD80 = 0xC01E030C;//Aimbot
  608. *(int*)0x824DCDB0 = 0xED090032;//Aimbot
  609. *(int*)0x824DCD7C = 0x3D608201;//Aimbot
  610. *(int*)0x823B9D60 = 0xC16B00A8;//RapidFire
  611. *(int*)0x8213D85F = 0x20;//SuperSpeed
  612. *(int*)0x82419A54 = 0xC3FD0558;//SuperJump
  613. XNotifyUI(L"Halo: Reach - Modifications Enabled!");
  614. }
  615. return 0;
  616. }
  617.  
  618. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  619.  
  620. LPCWSTR Buttons21[2] = { L"Modifications", L"Original Game" };
  621.  
  622. DWORD WINAPI CodClasic_go(LPVOID lpParam)
  623. {
  624. XShowMessageBoxUI(XUSER_INDEX_ANY, L"XBLRevolution - COD: Classic", L"XBLRevolution Mods -\nPlease Select A Cheat Option\n\nModifications\n----------------\n", 2, Buttons21, 0, XMB_ALERTICON, &g_mb_result, &g_xol);
  625. while (!XHasOverlappedIoCompleted(&g_xol)) Sleep(500);
  626. if (g_mb_result.dwButtonPressed == 0)
  627. {
  628. XNotifyUI(L"COD: Classic - Modifications Enabled!");
  629. }
  630. return 0;
  631. }
  632.  
  633. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  634.  
  635. LPCWSTR Buttons22[2] = { L"Modifications", L"Original Game" };
  636.  
  637. DWORD WINAPI Cod3_go(LPVOID lpParam)
  638. {
  639. XShowMessageBoxUI(XUSER_INDEX_ANY, L"XBLRevolution - COD: 3", L"XBLRevolution Mods -\nPlease Select A Cheat Option\n\nModifications\n----------------\n", 2, Buttons22, 0, XMB_ALERTICON, &g_mb_result, &g_xol);
  640. while (!XHasOverlappedIoCompleted(&g_xol)) Sleep(500);
  641. if (g_mb_result.dwButtonPressed == 0)
  642. {
  643. XNotifyUI(L"COD: 3 - Modifications Enabled!");
  644. }
  645. return 0;
  646. }
  647.  
  648. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  649.  
  650. LPCWSTR Buttons23[2] = { L"Modifications", L"Original Game" };
  651.  
  652. DWORD WINAPI Cod2_go(LPVOID lpParam)
  653. {
  654. XShowMessageBoxUI(XUSER_INDEX_ANY, L"XBLRevolution - COD: 2", L"XBLRevolution Mods -\nPlease Select A Cheat Option\n\nModifications\n----------------\n", 2, Buttons23, 0, XMB_ALERTICON, &g_mb_result, &g_xol);
  655. while (!XHasOverlappedIoCompleted(&g_xol)) Sleep(500);
  656. if (g_mb_result.dwButtonPressed == 0)
  657. {
  658. XNotifyUI(L"COD: 2 - Modifications Enabled!");
  659. }
  660. return 0;
  661. }
  662.  
  663. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  664.  
  665.  
  666. LPCWSTR Buttons6[2] = { L"Modifications", L"Original Game" };
  667.  
  668. //BYTE waw1[4] = { -1, 0, "s \"loc_warnings\"0" };
  669. //BYTE waw2[4] = { -1, 0, "s \"r_specularmap\"2" };
  670. //BYTE waw3[4] = { -1, 0, "s \"r_znear\"45" };
  671. //BYTE waw4[4] = { -1, 0, "s \"g_compassshowenemies\"1" };
  672. //BYTE waw5[4] = { -1, 0, "s \"perk_weapReloadMultiplier\"0.001" };
  673. //BYTE waw6[4] = { -1, 0, "s \"aim_autoaim_lerp\"100" };
  674. //BYTE waw7[4] = { -1, 0, "s \"laserForceOn\"1" };
  675. //BYTE waw8[4] = { -1, 0, "s \"player_burstFireCooldown\"0" };
  676.  
  677. DWORD WINAPI COD5_Go(LPVOID lpParam)
  678. {
  679. XShowMessageBoxUI(XUSER_INDEX_ANY, L"XBLRevolution - COD: WAW", L"XBLRevolution Mods -\nPlease Select A Cheat Option\n\nModifications\n----------------\nLazer= ON!\nUAV= ON!\n+ A Lot More!", 2, Buttons6, 0, XMB_ALERTICON, &g_mb_result, &g_xol);
  680. while (!XHasOverlappedIoCompleted(&g_xol)) Sleep(500);
  681. if (g_mb_result.dwButtonPressed == 0) {
  682. //*(int*)0x011c0bb7 = other; //GodMode
  683. *(int*)0x821A0BFC = 0x60000000;
  684. *(int*)0x8215C7E4 = 0x60000000;
  685. *(int*)0x821A00C0 = 0x60000000;
  686. *(int*)0x8214789C = 0x60000000;
  687. *(int*)0x8214804C = 0x60000000;
  688. *(int*)0x821548A4 = 0x3B800001;
  689. //////////////////////////////////////////////////////////////////////////
  690.  
  691. //memcpy((void*)0x82254940, &waw1, 4);
  692. //memcpy((void*)0x82254940, &waw2, 4);
  693. //memcpy((void*)0x82254940, &waw3, 4);
  694. //memcpy((void*)0x82254940, &waw4, 4);
  695. //memcpy((void*)0x82254940, &waw5, 4);
  696. //memcpy((void*)0x82254940, &waw6, 4);
  697. //memcpy((void*)0x82254940, &waw7, 4);
  698. //memcpy((void*)0x82254940, &waw8, 4);
  699.  
  700. XNotifyUI(L"COD: WAW - Modifications Enabled");
  701. return 0;
  702. }
  703. }
  704.  
  705. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  706.  
  707. bool Live_GetConsoleDetailsHook(unsigned char internalIP[4], unsigned char onlineIP[4], unsigned long long *machineIDH, unsigned long long *null, unsigned long long *enet) {
  708. srand(time(0));
  709. int iTargetAddress = 0;
  710. __asm mflr iTargetAddress
  711. if (iTargetAddress == 0X822EC08C || iTargetAddress == 0X822EB7C4) {
  712. for (int i = 0; i < 4; i++) {
  713. internalIP[i] = rand() % 0xFF; onlineIP[i] = rand() % 0xFF;
  714. }
  715. *enet = 0x001DD8000000 | rand() % 0x7FFFFF;
  716. return true;
  717. }
  718. return Live_GetConsoleDetailsSavestub(internalIP, onlineIP, machineIDH, null, enet);
  719. }
  720.  
  721. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  722.  
  723.  
  724. LPCWSTR Buttons7[2] = { L"Modifications", L"Original Game" };
  725.  
  726. DWORD WINAPI COD4_Go(LPVOID lpParam)
  727. {
  728. XShowMessageBoxUI(XUSER_INDEX_ANY, L"XBLRevolution - COD: 4", L"XBLRevolution Mods -\nPlease Select A Cheat Option\n\nModifications\n----------------\nLazer= ON!\nUAV= ON!\nRedBox= ON!\nWallhack= ON!\n+ A Lot More", 2, Buttons7, 0, XMB_ALERTICON, &g_mb_result, &g_xol);
  729. while (!XHasOverlappedIoCompleted(&g_xol)) Sleep(500);
  730. if (g_mb_result.dwButtonPressed == 0) {
  731. *(int*)0x822EDAA0 = 0x60000000;
  732. *(int*)0x822ECE14 = 0x60000000;
  733. *(int*)0x82319514 = 0x60000000;
  734. *(int*)0x8233048C = 0x60000000;
  735. *(int*)0x8233169C = 0x60000000;
  736. *(int*)0x823225C8 = 0x3B400001;
  737. //////////////////////////////////////////////////////////////////////////
  738. *(int*)0x821ffe30, 0, -1, "v cg_laserforceon 1";
  739. *(int*)0x821ffe30, 0, -1, "v g_compassShowEnemies 1 scr_force_gameuav 1";
  740. *(int*)0x821ffe30, 0, -1, "v r_znear 35";
  741. *(int*)0x821ffe30, 0, -1, "v aim_lockon_debug 1 aim_lockon_region_height 1 aim_lockon_region_width 1 cg_enemyNameFadeOut 900000 cg_enemyNameFadeIn 0 cg_drawThroughWalls 1 cg_drawShellshock 0 cg_Shellshock 0";
  742. XNotifyUI(L"COD: 4 - Modifications Enabled");
  743. return 0;
  744. }
  745. }
  746.  
  747. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  748.  
  749.  
  750. LPCWSTR Buttons8[2] = { L"Modifications", L"Original Game" };
  751.  
  752. DWORD WINAPI BO1_Go(LPVOID lpParam)
  753. {
  754. XShowMessageBoxUI(XUSER_INDEX_ANY, L"XBLRevolution - COD: BO1", L"XBLRevolution Mods -\nPlease Select A Cheat Option\n\nModifications\n----------------\nRedbox= ON!\nBlackbird= ON!\n+ More!", 2, Buttons8, 0, XMB_ALERTICON, &g_mb_result, &g_xol);
  755. while (!XHasOverlappedIoCompleted(&g_xol)) Sleep(500);
  756. if (g_mb_result.dwButtonPressed == 0) {
  757. //*(int*)0x821A819F = other; //Redbox
  758. //*(int*)0x821DA22B = other; //Blackbird
  759. *(int*)0x82227624 = 0x60000000;
  760. *(int*)0x8232786C = 0x60000000;
  761. *(int*)0x821B7C04 = 0x60000000;
  762. *(int*)0x82195200 = 0x60000000;
  763. *(int*)0x82195D1C = 0x60000000;
  764. *(int*)0x821A819C = 0x2B0B0001;
  765. XNotifyUI(L"COD: BO1 - Modifications Enabled");
  766. return 0;
  767. }
  768. }
  769.  
  770. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  771.  
  772. void Ghost() {
  773. *(PDWORD)0x8267680 = 0x4800;
  774. *(PDWORD)0x826276CC = 0x36800000;
  775. *(int*)0x826276E0 = 0x60000000;
  776. *(int*)0x826276D4 = 0x60000000;
  777. XNotifyUI(L"XBLRevolution - Ghost Bypassed [TU17] Enabled!");
  778. }
  779.  
  780. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  781.  
  782. BYTE Challenge[] = { // Challenge using random data // Using Full Challenge resp clean
  783. 0x00, 0x00, 0x00, 0x00, //IPAddress
  784. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, //Machine ID
  785. 0x00, 0x1D, 0xD8, //macCheck
  786. 0x00, 0x00, 0x00, //abEnet
  787. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x82, //Unknown
  788. 0x12, //Retail Flag
  789. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, //Console Serial
  790. 0x00, //Padding
  791. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, //Console ID
  792. 0x41, 0x74, //Kernel Version
  793. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3A //Sizeof(Challenge)
  794. };
  795.  
  796. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  797.  
  798. VOID GHOSTS_RandomizeData() {
  799. srand(time(NULL));
  800. BYTE IPAddress[4], MachineID[8], abEnet[3], ConsoleSerialNumber[12], ConsoleID[12];
  801. for (int i = 0; i < 4; i++) { IPAddress[i] = rand() % 90; }
  802. for (int i = 0; i < 3; i++) { abEnet[i] = rand() % 90; }
  803. for (int i = 0; i < 8; i++) { MachineID[i] = rand() % 90; }
  804. for (int i = 0; i < 12; i++) { ConsoleSerialNumber[i] = rand() % 90; ConsoleID[i] = rand() % 90; }
  805. }
  806.  
  807. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  808.  
  809. inline __declspec() INT answerChallenges(__int64 r3, __int64 r4, DWORD ChallengeResponse) {
  810. __asm {
  811. nop
  812. nop
  813. nop
  814. nop
  815. nop
  816. nop
  817. nop
  818. blr
  819. }
  820. }
  821.  
  822. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  823.  
  824. void answerChallengesHook(__int64 r3, __int64 r4, DWORD ChallengeResponse) { // r3, r4, r5 --> ChallengeResponse is the third argument (r5).
  825. // Set our Random Data
  826. memcpy((PVOID)(ChallengeResponse + 0x1E), &Challenge, sizeof(Challenge));
  827. // return r3, r4 and r5
  828. answerChallenges(r3, r4, ChallengeResponse);
  829. }
  830.  
  831. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  832.  
  833. inline __declspec() bool Live_GetConsoleDetailsSavestubGhost(bool alwaysTrue, unsigned char internalIP[4], unsigned char onlineIP[4], unsigned long long machineIDH, unsigned long long null, unsigned long long *enet)
  834. {
  835. __asm
  836. {
  837. nop
  838. nop
  839. nop
  840. nop
  841. nop
  842. nop
  843. nop
  844. blr
  845. }
  846. }
  847.  
  848. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  849.  
  850. typedef struct _ACStruct {
  851. BYTE OnlineIP[4]; //0x00-0x04 (Randomize)
  852. QWORD MachineId; //0x04-0x0C (Randomize)
  853. BYTE Enet; //0x0C-0x12 (Randomize)
  854. SHORT Padding1; //0x12-0x14 (0x0000)
  855. FLOAT fUnknown[2]; //0x14-0x1C (fUnknown[0] = *(float*)(0x849F6630); fUnknown[1] = *(float*)(0x849F6634);)
  856. SHORT sUnknown; //0x1C-0x1E (sUnknown = ((*(int*)0x8466D5DC) >> 10);)
  857. BYTE RetailFlag; //0x1E-0x1F (0x3)
  858. CHAR ConsoleSerial[0xC]; //0x1F-0x2B (Randomize)
  859. CHAR Padding2; //0x2B-0x2C (0x00)
  860. CHAR ConsoleId[0xC]; //0x2C-0x38 (Randomize)
  861. SHORT KernalVersion; //0x38-0x3A (0x42FE)
  862. } ACStruct, *PAW_RESP;
  863.  
  864. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  865.  
  866. BYTE IPAddress[4], ConsoleSerial[12], ConsoleIndex[12];
  867. BYTE MachineId[] = { 0xFA, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
  868. BYTE Enet[] = { 0x00, 0x1D, 0xD8, 0x00, 0x00, 0x00 };
  869.  
  870. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  871.  
  872. DWORD GhostsBypassHook(int Unknown, int Anticheat, int StructPointer)
  873. {
  874. GHOSTS_RandomizeData();
  875. short shUnknown; float flUnknown[2];
  876. ACStruct* Response = (ACStruct*)malloc(0x3A);
  877. memset((void*)(StructPointer + 0x26), 0, 0x3A);
  878. unsigned long Data = *(int*)(0x842A1DA8);
  879. shUnknown = (Data << 16 | Data >> 16);
  880. flUnknown[0] = *(float*)(0x8452FD14);
  881. flUnknown[1] = *(float*)(0x8452FD18);
  882. memcpy(&Response->OnlineIP, IPAddress, 4);
  883. memcpy(&Response->MachineId, MachineId, 8);
  884. memcpy(&Response->Enet, Enet, 6);
  885. Response->Padding1 = 0x0000;
  886. memcpy(&Response->fUnknown, flUnknown, 8);
  887. Response->sUnknown = shUnknown;
  888. Response->RetailFlag = 0x03;
  889. memcpy(&Response->ConsoleSerial, ConsoleSerial, 12);
  890. Response->Padding2 = 0x00;
  891. memcpy(&Response->ConsoleId, ConsoleIndex, 12);
  892. Response->KernalVersion = 0x42FE;
  893. memcpy((void*)(StructPointer + 0x26), Response, 0x3A);
  894. return answerChallenges(Unknown, Anticheat, StructPointer);
  895. }
  896.  
  897. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  898.  
  899. bool Live_GetConsoleDetailsHookGhost(bool alwaysTrue, unsigned char internalIP[4], unsigned char onlineIP[4], unsigned long long machineIDH, unsigned long long null, unsigned long long *enet)
  900. {
  901. srand(time(0));
  902. int iTargetAddress = 0;
  903. __asm mflr iTargetAddress
  904. if (iTargetAddress == 0X822EC08C || iTargetAddress == 0X822EB7C4) {
  905. for (int i = 0; i < 4; i++) {
  906. internalIP[i] = rand() % 0xFF; onlineIP[i] = rand() % 0xFF;
  907. }
  908. *enet = 0x001DD8000000 | rand() % 0x7FFFFF;
  909. return true;
  910. }
  911. return Live_GetConsoleDetailsSavestubGhost(alwaysTrue, internalIP, onlineIP, machineIDH, null, enet);
  912. }
  913.  
  914. __declspec() bool Live_GetConsoleDetailsSavestub1(bool alwaysTrue, unsigned char internalIP[4], unsigned char onlineIP[4], unsigned long long *machineIDH, unsigned long long *null, unsigned long long *enet) {
  915. __asm {
  916. nop
  917. nop
  918. nop
  919. nop
  920. nop
  921. nop
  922. nop
  923. blr
  924. }
  925. }
  926.  
  927. bool Live_GetConsoleDetailsHookG(bool alwaysTrue, unsigned char internalIP[4], unsigned char onlineIP[4], unsigned long long *machineIDH, unsigned long long *null, unsigned long long *enet) {
  928. srand(time(0));
  929. int iTargetAddress = 0;
  930. __asm mflr iTargetAddress
  931. if (iTargetAddress == 0x82627564 || iTargetAddress == 0x82628888) { //cmpwi r3, 0
  932. for (int i = 0; i < 4; i++) {
  933. internalIP[i] = rand() % 0xFF; onlineIP[i] = rand() % 0xFF;
  934. }
  935. *enet = 0x001DD8000000 | rand() % 0x7FFFFF;
  936. return true;
  937. }
  938. return Live_GetConsoleDetailsSavestub1(alwaysTrue, internalIP, onlineIP, machineIDH, null, enet);
  939. }
  940.  
  941. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  942.  
  943. BYTE dataghost[4] = { 0x38, 0xC0, 0x00, 0x07 };
  944. BYTE dataghost2[4] = { 0x60, 0x00, 0x00, 0x00 };
  945. BYTE dataghostno[4] = { 0x60, 0x00, 0x00, 0x00 };
  946.  
  947. LPCWSTR Buttons1[2] = { L"Modifications", L"Original Game" };
  948.  
  949. DWORD WINAPI Ghosts_Go(LPVOID lpParam) {
  950. XNotifyUI(L"COD: Ghosts - Bypass Enabled!");
  951. XShowMessageBoxUI(XUSER_INDEX_ANY, L"XBLRevolution - COD: Ghosts", L"XBLRevolution Mods -\nPlease Select A Cheat Option\n\nModifications\n----------------\nRedbox= ON!\nNo Recoil= ON!\nLazer= ON!\nUAV= ON!", 2, Buttons1, 0, XMB_ALERTICON, &g_mb_result, &g_xol);
  952. while (!XHasOverlappedIoCompleted(&g_xol)) Sleep(500);
  953. if (g_mb_result.dwButtonPressed == 0) {
  954. *(int*)0x8226D2B4 = nop; //RedBox
  955. *(int*)0x8227F198 = other; //Lazer
  956. *(int*)0x8226539B = other; //UAV1
  957. *(int*)0x82265793 = other; //UAV2
  958. *(int*)0x822657FF = other; //UAV3
  959. memcpy((void*)0x82290494, &dataghost, 4);//CG_Player
  960. memcpy((void*)0x82673240, &dataghost2, 4);//ChromePlayers
  961. memcpy((void*)0x822C9344, &dataghostno, 4);//No Recoil
  962. XNotifyUI(L"COD: Ghosts - Modifications Enabled");
  963. }
  964. return 0;
  965. }
  966.  
  967. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  968.  
  969. LPCWSTR Buttons3[3] = { L"Modifications", L"Original Game", L"Aimbot" };
  970. DWORD AW_ChamCycle;
  971.  
  972. typedef enum _AW_RenderFlag : BYTE
  973. {
  974. OUTLINE_BLACK = 2,
  975. OUTLINE_RED = 4,
  976. OUTLINE_GREEN = 6,
  977. OUTLINE_CYAN = 8,
  978. OUTLINE_ORANGE = 10,
  979. OUTLINE_YELLOW = 12,
  980. OUTLINE_BLUE = 14,
  981. HIGHLIGHT_BLACK = 16,
  982. HIGHLIGHT_RED = 18,
  983. HIGHLIGHT_HOT = 20,
  984. HIGHLIGHT_GREEN = 22,
  985. HIGHLIGHT_CYAN = 24,
  986. HIGHLIGHT_ORANGE = 26,
  987. HIGHLIGHT_YELLOW = 28,
  988. HIGHLIGHT_BLUE = 30,
  989. } AW_RenderFlag;
  990.  
  991. bool aimbotInitialized = false;
  992. DWORD AW_Aimbot(DWORD r3, int r4, PXINPUT_STATE r5)
  993. {
  994. VOID DoAwMenu();
  995. return XInputGetState(r3, r5);
  996. }
  997.  
  998. DWORD WINAPI AW_go(LPVOID lpParam)
  999. {
  1000. XNotifyUI(L"COD: AW - Bypass Enabled");
  1001. XShowMessageBoxUI(XUSER_INDEX_ANY, L"XBLRevolution - COD: AW", L"XBLRevolution Mods -\nPlease Select A Cheat Option\n\nModifications\n----------------\nRedbox= ON!\nNo Recoil= ON!\nUAV= ON!\nFPS= OFF!\nRainbow Chams= ON!\n\n\nAimBot= ON!", 3, Buttons3, 0, XMB_ALERTICON, &g_mb_result, &g_xol);
  1002. while (!XHasOverlappedIoCompleted(&g_xol)) Sleep(500);
  1003. if (g_mb_result.dwButtonPressed == 0)
  1004. {
  1005. *(int*)0x82648CEC = nop; //no recoil
  1006. *(int*)0x8262FB0C = nop; //Redbox
  1007. //*(int*)0x823884FC = other; //FPS
  1008. *(int*)0x826352A4 = other; //UAV1
  1009. *(int*)0x826352A8 = other; //UAV2
  1010. *(int*)0x826352AC = other; //UAV3
  1011. *(int*)0x826352B0 = other; //UAV4
  1012.  
  1013. *(int*)0x8260659C = 0x38C00005;//Outline1 Person TU5 //TU17==0x8260659C
  1014. *(int*)0x82626B4C = 0x38C0000F;//Outline2 Gun TU5 //TU17==0x82626B4C
  1015. *(int*)0x8235A61C = 0x60000000;//CG_DrawFriendlyNames TU5 //TU17==0x8235A61C
  1016. *(int*)0x8261FE80 = 0x60000000;//CG_DrawCrosshairNames TU5 //TU17==0x8261FE80
  1017. *(int*)0x8274AF60 = 0x60000000;//CG_DrawOverheadNames TU5 //TU17==0x8274AF60
  1018.  
  1019. *(int*)0x824E84E4 = nop;//Run before game
  1020. *(int*)0x8260659C = nop;//Chams
  1021. *(int*)0x82626F6C = nop;//Wepon Out Line
  1022. *(int*)0x820659D8 = nop;//Croshairs
  1023. *(int*)0x826476A0 = nop;//Croshairs2
  1024. *(int*)0x8262DF68 = nop;//ESP
  1025. *(int*)0x8262E638 = nop;//ESP
  1026. *(int*)0x826347C0 = nop;//ESP
  1027.  
  1028. // Cycle chams
  1029. AW_ChamCycle++;
  1030. if (AW_ChamCycle == 1) *(DWORD*)0x825D22A0 = (0x38C00000 | AW_RenderFlag::OUTLINE_BLACK); //TU: 9 //TU: 17 0x825D22A0 //////stfs f13, 0x100+var_7C(r1)
  1031. else if (AW_ChamCycle == 2) *(DWORD*)0x825D22A0 = (0x38C00000 | AW_RenderFlag::OUTLINE_BLUE); //TU: 9
  1032. else if (AW_ChamCycle == 3) *(DWORD*)0x825D22A0 = (0x38C00000 | AW_RenderFlag::OUTLINE_CYAN); //TU: 9
  1033. else if (AW_ChamCycle == 4) *(DWORD*)0x825D22A0 = (0x38C00000 | AW_RenderFlag::OUTLINE_GREEN); //TU: 9
  1034. else if (AW_ChamCycle == 5) *(DWORD*)0x825D22A0 = (0x38C00000 | AW_RenderFlag::OUTLINE_ORANGE); //TU: 9
  1035. else if (AW_ChamCycle == 6) *(DWORD*)0x825D22A0 = (0x38C00000 | AW_RenderFlag::OUTLINE_RED); //TU: 9
  1036. else if (AW_ChamCycle == 7) *(DWORD*)0x825D22A0 = (0x38C00000 | AW_RenderFlag::OUTLINE_YELLOW); //TU: 9 //TU: 9 0x8265F1F8
  1037. if (AW_ChamCycle == 7)
  1038. AW_ChamCycle = 0;
  1039. // Cycle chams
  1040.  
  1041. XNotifyUI(L"COD: AW - Modifications Enabled");
  1042. }
  1043. else if (g_mb_result.dwButtonPressed == 1)
  1044. {
  1045. //nothing
  1046. }
  1047. else if (g_mb_result.dwButtonPressed == 2)
  1048. {
  1049. PatchInJump((DWORD*)0x82871984, (__int64)AW_Aimbot, false); //TU17==0x827C3474 or----->0x82871984
  1050. }
  1051. return 0;
  1052. }
  1053.  
  1054. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  1055.  
  1056. DWORD WINAPI AWDefault_go(LPVOID lpParam)
  1057. {
  1058. PatchInJump((PDWORD)(ResolveFunction("xam.xex", 0x195)), (DWORD)XeXGetModuleHandleHook, false);
  1059. HookFunctionStart((PDWORD)0x8233B018, (PDWORD)Live_GetConsoleDetailsSavestub, (DWORD)Live_GetConsoleDetailsHook);
  1060. PatchInJump((PDWORD)0x8219EA3C, (DWORD)XNetXnAddrToMachineIdHook, false);
  1061. *(long long*)0x822CA190 = 0x8921005060000000; //This returns xbdm as non-existent;
  1062. *(int*)0x822CA18C = 0x48000010; //Patch branch to not set dev flag
  1063. *(int*)0x822CA184 = 0x38600000; //patch subfunction to check xbdm
  1064. *(int*)0x822CA0EC = 0x3920331C; //Return answer challenges correctly
  1065. *(PBYTE)(0x8233B0E4 + 0x03) = 0x00; //Prevent blacklist in console details
  1066. XNotifyUI(L"COD: AW Zombies - Bypass Enabled");
  1067. return 0;
  1068. }
  1069.  
  1070. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  1071.  
  1072. DWORD WINAPI DestinyLaunch_Go(LPVOID lpParam) {
  1073. //=========================================================
  1074. Sleep(50);
  1075. //=========================================================
  1076. DbgPrint("Destiny Bypass successful");
  1077. //=========================================================
  1078. Sleep(50);
  1079. //=========================================================
  1080. *(DWORD*)0xD95A05AC = 0x00000001;
  1081. *(DWORD*)0xD95A05AF = 0x00000001;
  1082. *(DWORD*)0xD95A1488 = 0x00000001;
  1083. *(DWORD*)0xD95B1988 = 0x00000001;
  1084. *(DWORD*)0xD95A1487 = 0x00000001;
  1085. //=========================================================
  1086. Sleep(50);
  1087. //=========================================================
  1088. *(int*)0xD95A05AC = 1;
  1089. *(int*)0xD95A05AF = 1;
  1090. *(int*)0xD95A1488 = 1;
  1091. *(int*)0xD95B1988 = 1;
  1092. *(int*)0xD95A05AC = 1;
  1093. *(int*)0xD95A1487 = 1;
  1094. //=========================================================
  1095. Sleep(50);
  1096. //=========================================================
  1097. for (;;) {
  1098. //=========================================================
  1099. Sleep(20);
  1100. //=========================================================
  1101. *(DWORD*)0xD95A05AC = 0x00000001;
  1102. *(DWORD*)0xD95A05AF = 0x00000001;
  1103. *(DWORD*)0xD95A1488 = 0x00000001;
  1104. *(DWORD*)0xD95B1988 = 0x00000001;
  1105. *(DWORD*)0xD95A1487 = 0x00000001;
  1106. //=========================================================
  1107. Sleep(20);
  1108. //=========================================================
  1109. *(int*)0xD95A05AC = 1;
  1110. *(int*)0xD95A05AF = 1;
  1111. *(int*)0xD95A1488 = 1;
  1112. *(int*)0xD95B1988 = 1;
  1113. *(int*)0xD95A05AC = 1;
  1114. *(int*)0xD95A1487 = 1;
  1115. //=========================================================
  1116. Sleep(20);
  1117. //=========================================================
  1118. for (DWORD i = 0xD95A0000; i < 0xD95AFFFF; i++) {
  1119. if (*(int*)i)
  1120. if (*(int*)i == 0)
  1121. *(int*)i = 1;
  1122. Sleep(10);
  1123. if (*(DWORD*)i)
  1124. if (*(DWORD*)i == 0x00000000)
  1125. *(DWORD*)i = 0x00000001;
  1126. }
  1127. //=========================================================
  1128. Sleep(2);
  1129. //=========================================================
  1130. for (DWORD i = 0xD9500000; i < 0xD95FFFFF; i++) {
  1131. if (*(int*)i)
  1132. if (*(int*)i == 0)
  1133. *(int*)i = 1;
  1134. Sleep(10);
  1135. if (*(DWORD*)i)
  1136. if (*(DWORD*)i == 0x00000000)
  1137. *(DWORD*)i = 0x00000001;
  1138. }
  1139. //=========================================================
  1140. Sleep(20);
  1141. //=========================================================
  1142. XNotifyUI(L"Destiny - Bypass Enabled");
  1143. }
  1144. return 0;
  1145. }
  1146.  
  1147. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  1148.  
  1149. inline DWORD GoldSpoofHook(DWORD dwUserIndex, XPRIVILEGE_TYPE PrivilegeType, PBOOL pfResult)
  1150. {
  1151. DWORD XamUserCheckPrivilege = (DWORD)ResolveFunction("xam.xex", 0x212); // Gold Spoofing
  1152. *(int*)(XamUserCheckPrivilege + 0x140) = 0x39600001; // Gold Spoofing
  1153. *(int*)(XamUserCheckPrivilege + 0x1A0) = 0x39600001; // Gold Spoofing
  1154. *(int*)(XamUserCheckPrivilege + 0x1AC) = 0x39600001; // Gold Spoofing
  1155. *(int*)(XamUserCheckPrivilege + 0x1B4) = 0x39600001; // Gold Spoofing
  1156.  
  1157. return 0;
  1158. }
  1159.  
  1160. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  1161.  
  1162. //VOID SpoofyPatch()
  1163. //{
  1164. // // We will store the data from 0xFF90 here (0xFF90 is where spoofy stores the spoofed CPUKey)
  1165. // BYTE spoofyCheck[0x10];
  1166. //
  1167. // // Read from 0xFF90 in HV
  1168. // HvPeekBytes(0xFF90, &spoofyCheck, 0x10);
  1169. //
  1170. // // Read every byte from 0xFF90 and compare it to 0
  1171. // for(int PatchSpoofy = 0; PatchSpoofy < 0x10; PatchSpoofy++)
  1172. // {
  1173. // // Read each byte to see if there is a spoofed CPUKey
  1174. // if (spoofyCheck[PatchSpoofy] != 0)
  1175. // {
  1176. // XNotifyUI(L"Spoofing Detected, You Were Caught. Shutting Down.");
  1177. // HalReturnToFirmware(HalResetSMCRoutine);
  1178. // }
  1179. // }
  1180. //}
  1181.  
  1182. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  1183.  
  1184. //=====MSPSpoofing=====//
  1185.  
  1186. BYTE data1[28] = { 0x38, 0x80, 0x00, 0x05, 0x80, 0x63, 0x00, 0x1C, 0x90, 0x83, 0x00, 0x04, 0x38, 0x80, 0x05, 0x39, 0x90, 0x83, 0x00, 0x08, 0x38, 0x60, 0x00, 0x00, 0x4E, 0x80, 0x00, 0x20 };
  1187. BYTE data2[4] = { 0x60, 0x00, 0x00, 0x00 };
  1188. BYTE data3[4] = { 0x48, 0x00, 0x00, 0xC8 };
  1189. BYTE data4[4] = { 0x39, 0x60, 0x00, 0x00 };
  1190.  
  1191. VOID SpoofMSP()//If you need to use this for a call!
  1192. {
  1193. DbgPrint("Applied MS Points spoof patches");
  1194. SetMemory((PVOID)0x8168A6D8, data1, 28);// In Xam.xex
  1195. SetMemory((PVOID)0x818E8CFC, data2, 4);// In Xam.xex
  1196. SetMemory((PVOID)0x818ED544, data3, 4);// In Xam.xex
  1197. SetMemory((PVOID)0x9015C15C, data4, 4);// In Gudie.MP.Purchase.xex
  1198. SetMemory((PVOID)0x9015C108, data2, 4);// In Gudie.MP.Purchase.xex
  1199. }
  1200.  
  1201. //=====MSPSpoofing=====//
  1202.  
  1203. //====================================================================================================================================================================================================================================================================================================================================
  1204. //=//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////=
  1205. //=////////////////////////////////////GAMES//START//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////=
  1206. //=//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////=
  1207. //====================================================================================================================================================================================================================================================================================================================================
  1208.  
  1209. VOID InitializeTitleSpecificHooks(PLDR_DATA_TABLE_ENTRY ModuleHandle)
  1210. {
  1211. // Hook any calls to XexGetProcedureAddress
  1212.  
  1213. //#ifdef XOSC_ENABLED
  1214. PatchModuleImport(ModuleHandle, NAME_KERNEL, 407, (DWORD)XexGetProcedureAddressHook);
  1215. //#endif
  1216.  
  1217. // If this module tries to load more modules, this will let us get those as well
  1218. PatchModuleImport(ModuleHandle, NAME_KERNEL, 408, (DWORD)XexLoadExecutableHook);
  1219.  
  1220. PatchModuleImport(ModuleHandle, NAME_KERNEL, 409, (DWORD)XexLoadImageHook);
  1221.  
  1222. PatchModuleImport(ModuleHandle, NAME_XAM, 401, (DWORD)XamInputGetStateHook);
  1223.  
  1224. XEX_EXECUTION_ID* pExecutionId = (XEX_EXECUTION_ID*)RtlImageXexHeaderField(ModuleHandle->XexHeaderBase, 0x00040006);
  1225.  
  1226. if (pExecutionId == 0) return;
  1227.  
  1228. bool test = 0;
  1229.  
  1230. //====================================================================================================================================================================================================================================================================================================================================
  1231. //=//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////=
  1232. //=////////////////////////////////////GAMES/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////=
  1233. //=//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////=
  1234. //====================================================================================================================================================================================================================================================================================================================================
  1235.  
  1236. if (wcscmp(ModuleHandle->BaseDllName.Buffer, L"dash.xex") == 0 || wcscmp(ModuleHandle->BaseDllName.Buffer, L"xshell.xex") == 0 || pExecutionId->TitleID == FREESTYLEDASH)
  1237. {
  1238. dashLoaded = TRUE;
  1239. lastTitleID = pExecutionId->TitleID;
  1240. test = 0;
  1241. }
  1242.  
  1243. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  1244.  
  1245. //=====MSPSpoofing=====//
  1246.  
  1247. else if (wcscmp(ModuleHandle->BaseDllName.Buffer, L"Guide.MP.Purchase.xex") == 0 /*&& cData.days>=500*/)
  1248. {
  1249. DbgPrint("Applied MS Points spoof patches");
  1250. SetMemory((PVOID)0x8168A6D8, data1, 28);// In Xam.xex
  1251. SetMemory((PVOID)0x818E8CFC, data2, 4);// In Xam.xex
  1252. SetMemory((PVOID)0x818ED544, data3, 4);// In Xam.xex
  1253. SetMemory((PVOID)0x9015C15C, data4, 4);// In Gudie.MP.Purchase.xex
  1254. SetMemory((PVOID)0x9015C108, data2, 4);// In Gudie.MP.Purchase.xex
  1255. XNotifyUI(L"MSP - Spoofed!");
  1256.  
  1257. //ApplyPatches(NULL, IsDevkit ? PATCH_DATA_MPPURCHASE_MSPOINTS_DEVKIT : PATCH_DATA_MPPURCHASE_MSPOINTS_RETAIL);
  1258.  
  1259. //=====MSPSpoofing=====//
  1260.  
  1261. }
  1262.  
  1263. else {
  1264.  
  1265. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  1266.  
  1267.  
  1268. if (pExecutionId->TitleID == BO2)
  1269. {
  1270. if (wcscmp(ModuleHandle->BaseDllName.Buffer, L"default_mp.xex") == 0)
  1271. {
  1272. PatchInJump((PDWORD)0x82844820, (DWORD)XNetXnAddrToMachineIdHookBO2, false);//TU18 Machine ID From XeX
  1273. BYTE Data[] = { 0x60, 0x00, 0x00, 0x00 };
  1274. LPCWSTR Buttons0[2] = { L"Modifications", L"Original Game" };
  1275. *(int*)0x825DCA68 = nop;//PartyChat //Anywhere<<new
  1276. memcpy((BYTE*)0x8259A65C, Data, 4); // Disable challenge log check
  1277. memcpy((BYTE*)0x82497EB0, Data, 4); // Disable call to protections
  1278. memcpy((BYTE*)0x82497F30, Data, 4); // Cheat
  1279. memcpy((BYTE*)0x82497EE0, Data, 4); // Write
  1280. //bybass waves 2
  1281. *(QWORD*)0x823C07C8 = 0x6000000038600000; //Demonware Be Gone
  1282. memcpy((BYTE*)0x8259A65C, Data, 4); // Disable challenge log check
  1283. memcpy((BYTE*)0x82497EB0, Data, 4); // Disable call to protections
  1284. memcpy((BYTE*)0x82497F30, Data, 4); // Cheat
  1285. memcpy((BYTE*)0x82497EE0, Data, 4); // Write
  1286. memcpy((BYTE*)0x82497EC8, Data, 4); // Read
  1287. memcpy((BYTE*)0x82599680, Data, 4); // Ban 1
  1288. memcpy((BYTE*)0x82599670, Data, 4); // Ban 2
  1289. memcpy((BYTE*)0x82599628, Data, 4); // Ban 3
  1290. memcpy((BYTE*)0x8259964C, Data, 4); // Ban 4
  1291. memcpy((BYTE*)0x825996AC, Data, 4); // Ban Checks
  1292. memcpy((BYTE*)0x825996B4, Data, 4); // Console Checks
  1293. memcpy((BYTE*)0x82599644, Data, 4); // XUID Check
  1294. memcpy((BYTE*)0x8259964C, Data, 4); // Other
  1295. //bypass wave 3
  1296. BYTE NOP[] = { 0x60, 0x00, 0x00, 0x00 };
  1297. SetMemory((PVOID*)0x82599680, Data, 4);
  1298. SetMemory((PVOID*)0x82599670, Data, 4);
  1299. SetMemory((PVOID*)0x82599628, Data, 4);
  1300. SetMemory((PVOID*)0x8259964C, Data, 4);
  1301. SetMemory((PVOID*)0x825996AC, Data, 4);
  1302. SetMemory((PVOID*)0x825996B4, Data, 4);
  1303. SetMemory((PVOID*)0x82599644, Data, 4);
  1304. SetMemory((PVOID*)0x8259964C, Data, 4);
  1305. SetMemory((PVOID)0x82259BC8, NOP, sizeof(NOP));
  1306. //bypass wave 4
  1307. *(int*)0x822D19E0 = 0x60000000; // New Ban Check 1
  1308. *(int*)0x82599630 = 0x60000000; // New Ban Check 2
  1309. *(int*)0x8259A65C = 0x60000000;
  1310. *(int*)0x825C6070 = 0x60000000;
  1311. *(int*)(0x82599680) = 0x60000000;
  1312. *(int*)(0x82599670) = 0x60000000;
  1313. *(int*)(0x8259964C) = 0x60000000;
  1314. *(int*)(0x825996AC) = 0x60000000;
  1315. *(int*)(0x825996B4) = 0x60000000;
  1316. *(int*)(0x82599644) = 0x60000000;
  1317. //bypass wave 5
  1318. memcpy((BYTE*)0x8259A65C, Data, 4); // Disable challenge log check
  1319. memcpy((BYTE*)0x82497EB0, Data, 4); // Disable call to protections
  1320. memcpy((BYTE*)0x82497F30, Data, 4); // Cheat
  1321. memcpy((BYTE*)0x82497EE0, Data, 4); // Write
  1322. memcpy((BYTE*)0x82497EC8, Data, 4); // Read
  1323. memcpy((BYTE*)0x82599680, Data, 4); // Ban 1
  1324. memcpy((BYTE*)0x82599670, Data, 4); // Ban 2
  1325. memcpy((BYTE*)0x82599628, Data, 4); // Ban 3
  1326. memcpy((BYTE*)0x8259964C, Data, 4); // Ban 4
  1327. memcpy((BYTE*)0x825996AC, Data, 4); // Ban Checks
  1328. memcpy((BYTE*)0x825996B4, Data, 4); // Console Checks
  1329. memcpy((BYTE*)0x82599644, Data, 4); // XUID Check
  1330. memcpy((BYTE*)0x8259964C, Data, 4); // Other
  1331. memcpy((BYTE*)0x822D19E0, Data, 4); //New Ban Check 1 tu18
  1332. memcpy((BYTE*)0x82599630, Data, 4); //New Ban Check 2 tu18
  1333. *(DWORD*)0x82497EB0 = 0x60000000; // TU18
  1334. *(int*)0x825C536C = nop;//remove probation*/
  1335.  
  1336. HANDLE hThread;
  1337. DWORD threadId;
  1338. ExCreateThread(&hThread, 0, &threadId, (VOID*)XapiThreadStartup, BO2_go, NULL, 0x2 | CREATE_SUSPENDED);
  1339. XSetThreadProcessor(hThread, 4);
  1340. SetThreadPriority(hThread, THREAD_PRIORITY_HIGHEST);
  1341. ResumeThread(hThread);
  1342. CloseHandle(hThread);
  1343.  
  1344. }
  1345. else if (wcscmp(ModuleHandle->BaseDllName.Buffer, L"default.xex") == 0)
  1346. {
  1347. PatchInJump((PDWORD)0x82844820, (DWORD)XNetXnAddrToMachineIdHookBO2, false);//TU18 Machine ID From XeX
  1348. BYTE Data[] = { 0x60, 0x00, 0x00, 0x00 };
  1349. SetMemory((PVOID*)0x824A7620, Data, 4); //Bypass xD
  1350. SetMemory((PVOID*)0x8248FA60, Data, 4); // Disable challenge log check
  1351. SetMemory((PVOID*)0x823B9B00, Data, 4); // Disable call to protections
  1352. SetMemory((PVOID*)0x823B99D4, Data, 4); // Cheat
  1353. SetMemory((PVOID*)0x823B99A0, Data, 4); // Write
  1354. SetMemory((PVOID*)0x823B9988, Data, 4); // Read
  1355. XNotifyUI(L"COD: BO2 - Bypass Enabled!");
  1356. Sleep(3000);
  1357. printf("BLOPS2 - Zombies Bypassed!");
  1358. }
  1359. }
  1360.  
  1361. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  1362.  
  1363. #pragma region Guide Menu
  1364. if (wcscmp(ModuleHandle->BaseDllName.Buffer, L"hud.xex") == 0 && !IsDevkit)
  1365. {
  1366. HUD_PatchLabels();
  1367. }
  1368. else if (wcscmp(ModuleHandle->BaseDllName.Buffer, L"dash.xex") == 0 || wcscmp(ModuleHandle->BaseDllName.Buffer, L"xshell.xex") == 0 || pExecutionId->TitleID == FREESTYLEDASH)
  1369. {
  1370. dashLoaded = TRUE;
  1371. lastTitleID = pExecutionId->TitleID;
  1372. }
  1373. #pragma endregion
  1374.  
  1375. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  1376.  
  1377. if (pExecutionId->TitleID == AW) {
  1378. if (wcscmp(ModuleHandle->BaseDllName.Buffer, L"default_mp.xex") == 0)
  1379. {
  1380. PatchModuleImport("default_mp.xex", NAME_KERNEL, 405, (DWORD)XexGetModuleHandleHook);
  1381. DbgPrint("Patched AW XexGetModuleHandleHook");
  1382. PatchModuleImport("default_mp.xex", NAME_XAM, 64, (DWORD)NetDll_XNetXnAddrToMachineIdHook);
  1383. DbgPrint("Patched AW NetDll_XNetXnAddrToMachineIdHook");
  1384. PatchInJump((PDWORD)(ResolveFunction("xam.xex", 0x195)), (DWORD)XeXGetModuleHandleHook, false);
  1385. HookFunctionStart((PDWORD)0x8233B018, (PDWORD)Live_GetConsoleDetailsSavestub, (DWORD)Live_GetConsoleDetailsHook);
  1386. PatchInJump((PDWORD)0x8219EA3C, (DWORD)XNetXnAddrToMachineIdHook, false);
  1387. *(long long*)0x822CA190 = 0x8921005060000000; //This returns xbdm as non-existent;
  1388. *(int*)0x822CA18C = 0x48000010; //Patch branch to not set dev flag
  1389. *(int*)0x822CA184 = 0x38600000; //patch subfunction to check xbdm
  1390. *(int*)0x822CA0EC = 0x3920331C; //Return answer challenges correctly
  1391. *(PBYTE)(0x8233B0E4 + 0x03) = 0x00; //Prevent blacklist in console details
  1392. //*(PBYTE)(0x8233B0E4 + 0x03) = 0x00; //Prevent blacklist in console details
  1393. //======================================
  1394. /*(DWORD*)0x82745A10 = 0x60000000; //TU12 //TU17==0x82745A10
  1395. *(DWORD*)0x82745A14 = 0x60000000; //TU12 //TU17==0x82745A14
  1396. *(DWORD*)0x821B0E48 = 0x60000000; //TU12 //TU17==0x821B0E48
  1397. *(DWORD*)0x821B0E4C = 0x60000000; //TU12 //TU17==0x821B0E4C
  1398. *(DWORD*)0x821B03C4 = 0x60000000; //TU12 //TU17==0x821B03C4
  1399. *(DWORD*)0x8220AD20 = 0x60000000; //TU12 //TU17==0x8220AD20
  1400. *(DWORD*)0x822AAB1C = 0x60000000; //TU12 //TU17==0x822AAB1C----
  1401. *(DWORD*)0x821D4FDC = 0x60000000; //TU12 //TU17==0x821D4FDC
  1402. *(DWORD*)0x821AFDA8 = 0x60000000; //TU12 //TU17==0x821AFDA8
  1403. //======================================*/
  1404.  
  1405. HANDLE hThread;
  1406. DWORD threadId;
  1407. ExCreateThread(&hThread, 0, &threadId, (VOID*)XapiThreadStartup, AW_go, NULL, 0x2 | CREATE_SUSPENDED);
  1408. XSetThreadProcessor(hThread, 4);
  1409. SetThreadPriority(hThread, THREAD_PRIORITY_HIGHEST);
  1410. ResumeThread(hThread);
  1411. CloseHandle(hThread);
  1412. }
  1413. else if (wcscmp(ModuleHandle->BaseDllName.Buffer, L"default.xex") == 0)
  1414. {
  1415. //nothing
  1416. }
  1417.  
  1418.  
  1419. }
  1420.  
  1421. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  1422.  
  1423. if (pExecutionId->TitleID == BO3)
  1424. {
  1425. //Bypass----
  1426. *(int*)0x822FD104 = 0x60000000; // nop link register //TU8==0x822FD104??? or ------>0x822EE49C???
  1427. *(int*)0x825887F0 = 0x60000000; // nop challenge //TU8==0x825887F0
  1428. *(int*)0x825887F8 = 0x400; // respond to challenge //TU8==0x825887F8
  1429.  
  1430. *(__int64*)0x82332018 = 0x386000014E800020; //TU8
  1431. *(int *)0x826B81D0 = 0x60000000; //TU8
  1432.  
  1433. PatchModuleImport("default.xex", NAME_KERNEL, 405, (DWORD)XexGetModuleHandleHook);
  1434. PatchModuleImport("default.xex", NAME_XAM, 64, (DWORD)NetDll_XNetXnAddrToMachineIdHook);
  1435. //----------
  1436.  
  1437. HANDLE hThread;
  1438. DWORD threadId;
  1439. ExCreateThread(&hThread, 0, &threadId, (VOID*)XapiThreadStartup, BO3_go, NULL, 0x2 | CREATE_SUSPENDED);
  1440. XSetThreadProcessor(hThread, 4);
  1441. SetThreadPriority(hThread, THREAD_PRIORITY_HIGHEST);
  1442. ResumeThread(hThread);
  1443. CloseHandle(hThread);
  1444. }
  1445.  
  1446. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  1447.  
  1448. DWORD rflag = 0x39200003;
  1449. QWORD dnop = 0x6000000060000000;
  1450.  
  1451. if (pExecutionId->TitleID == GHOSTS)
  1452. {
  1453. if (wcscmp(ModuleHandle->BaseDllName.Buffer, L"default_mp.xex") == 0)
  1454. {
  1455. *(int*)0x826276D4 = 0x48000010;
  1456. *(int*)0x826276CC = 0x38600000;
  1457. *(int*)0x82627670 = 0x3920331C;
  1458. PatchInJump((PDWORD)(ResolveFunction("xam.xex", 0x195)), (DWORD)XeXGetModuleHandleHook, false);
  1459. PatchInJump((PDWORD)0x8173D258, (DWORD)XNetXnAddrToMachineIdHook, false);//0x8173D258 = 0x81A717AC
  1460. GHOSTS_RandomizeData();
  1461. //////////////////////////////////////////////////////
  1462. *(int*)0x8262763C = 0x48000020; // Branch
  1463. *(int*)0x82627658 = 0x48000020; // Branch
  1464. *(int*)0x8262767C = 0x48000020; // Branch
  1465. *(int*)0x826276D4 = 0x48000020; // Branch
  1466. *(int*)0x8262A5D0 = 0x39200000;
  1467. *(int*)0x826276DC = 0x39200003;
  1468. *(int*)(0x826276D8) = 0x8921005060000000;
  1469. *(int*)(0x8214ABBC) = 0x3800002244000002;
  1470. *(int*)0x82627614 = 0x39200009;
  1471. *(int*)0x82627628 = 0x38600000;
  1472. *(int*)0x82627634 = 0x39600001;
  1473. *(int*)0x82627650 = 0x38600002;
  1474. *(int*)0x8262767C = 0x48000010;
  1475. *(int*)0x826276D4 = 0x48000010;
  1476. *(int*)(0x82627684) = 0x8921005061490000;
  1477. *(int*)(0x826276DC) = 0x8921005061490000;
  1478. *(int*)0x82265384 = 0x39200001;
  1479. *(int*)0x8226D2B4 = 0x60000000;
  1480. *(int*)0x82266448 = 0x60000000;
  1481. *(int*)0x8226C874 = 0x60000000;
  1482. *(int*)0x8226BB74 = 0x60000000;
  1483. *(int*)0x82290494 = 0x38C00005;
  1484. *(int*)0x822C9344 = 0x60000000;
  1485. *(int*)0x8262A5D0 = 0x39200000; // TU17
  1486. *(int*)0x826276D8 = 0x8921005060000000; // TU17
  1487. //////////////////////////////////////////////////////
  1488. HANDLE hThread;
  1489. DWORD threadId;
  1490. ExCreateThread(&hThread, 0, &threadId, (VOID*)XapiThreadStartup, Ghosts_Go, NULL, 0x2 | CREATE_SUSPENDED);
  1491. XSetThreadProcessor(hThread, 4);
  1492. SetThreadPriority(hThread, THREAD_PRIORITY_HIGHEST);
  1493. ResumeThread(hThread);
  1494. CloseHandle(hThread);
  1495. }
  1496.  
  1497. else if (wcscmp(ModuleHandle->BaseDllName.Buffer, L"default.xex") == 0)
  1498. {
  1499. //nothing
  1500. }
  1501.  
  1502. }
  1503.  
  1504. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  1505.  
  1506.  
  1507. if (pExecutionId->TitleID == DESTINY)
  1508. {
  1509. HANDLE hThread;
  1510. DWORD threadId;
  1511. ExCreateThread(&hThread, 0, &threadId, (VOID*)XapiThreadStartup, (LPTHREAD_START_ROUTINE)DestinyLaunch_Go, NULL, 0x2 | CREATE_SUSPENDED);
  1512. XSetThreadProcessor(hThread, 4);
  1513. SetThreadPriority(hThread, THREAD_PRIORITY_HIGHEST);
  1514. ResumeThread(hThread);
  1515. }
  1516.  
  1517. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  1518.  
  1519. if (pExecutionId->TitleID == GTAV)
  1520. {
  1521. HANDLE hThread;
  1522. DWORD threadId;
  1523. ExCreateThread(&hThread, 0, &threadId, (VOID*)XapiThreadStartup, GTA5_go, NULL, 0x2 | CREATE_SUSPENDED);
  1524. XSetThreadProcessor(hThread, 4);
  1525. SetThreadPriority(hThread, THREAD_PRIORITY_HIGHEST);
  1526. ResumeThread(hThread);
  1527. CloseHandle(hThread);
  1528. }
  1529.  
  1530. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  1531.  
  1532.  
  1533. if (pExecutionId->TitleID == MW3)
  1534. {
  1535. HANDLE hThread;
  1536. DWORD threadId;
  1537. ExCreateThread(&hThread, 0, &threadId, (VOID*)XapiThreadStartup, MW3_Go, NULL, 0x2 | CREATE_SUSPENDED);
  1538. XSetThreadProcessor(hThread, 4);
  1539. SetThreadPriority(hThread, THREAD_PRIORITY_HIGHEST);
  1540. ResumeThread(hThread);
  1541. CloseHandle(hThread);
  1542. }
  1543.  
  1544. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  1545.  
  1546.  
  1547. if (pExecutionId->TitleID == WAW)
  1548. {
  1549. HANDLE hThread;
  1550. DWORD threadId;
  1551. ExCreateThread(&hThread, 0, &threadId, (VOID*)XapiThreadStartup, COD5_Go, NULL, 0x2 | CREATE_SUSPENDED);
  1552. XSetThreadProcessor(hThread, 4);
  1553. SetThreadPriority(hThread, THREAD_PRIORITY_HIGHEST);
  1554. ResumeThread(hThread);
  1555. CloseHandle(hThread);
  1556. }
  1557.  
  1558. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  1559.  
  1560.  
  1561. if (pExecutionId->TitleID == MW1)
  1562. {
  1563. HANDLE hThread;
  1564. DWORD threadId;
  1565. ExCreateThread(&hThread, 0, &threadId, (VOID*)XapiThreadStartup, COD4_Go, NULL, 0x2 | CREATE_SUSPENDED);
  1566. XSetThreadProcessor(hThread, 4);
  1567. SetThreadPriority(hThread, THREAD_PRIORITY_HIGHEST);
  1568. ResumeThread(hThread);
  1569. CloseHandle(hThread);
  1570. }
  1571.  
  1572. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  1573.  
  1574. if (pExecutionId->TitleID == MW2)
  1575. {
  1576. HANDLE hThread;
  1577. DWORD threadId;
  1578. ExCreateThread(&hThread, 0, &threadId, (VOID*)XapiThreadStartup, MW2_Go, NULL, 0x2 | CREATE_SUSPENDED);
  1579. XSetThreadProcessor(hThread, 4);
  1580. SetThreadPriority(hThread, THREAD_PRIORITY_HIGHEST);
  1581. ResumeThread(hThread);
  1582. CloseHandle(hThread);
  1583. }
  1584.  
  1585. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  1586.  
  1587.  
  1588. if (pExecutionId->TitleID == BO1)
  1589. {
  1590. HANDLE hThread;
  1591. DWORD threadId;
  1592. ExCreateThread(&hThread, 0, &threadId, (VOID*)XapiThreadStartup, BO1_Go, NULL, 0x2 | CREATE_SUSPENDED);
  1593. XSetThreadProcessor(hThread, 4);
  1594. SetThreadPriority(hThread, THREAD_PRIORITY_HIGHEST);
  1595. ResumeThread(hThread);
  1596. CloseHandle(hThread);
  1597. }
  1598.  
  1599. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  1600.  
  1601.  
  1602. if (pExecutionId->TitleID == CODClasic)
  1603. {
  1604. HANDLE hThread;
  1605. DWORD threadId;
  1606. ExCreateThread(&hThread, 0, &threadId, (VOID*)XapiThreadStartup, CodClasic_go, NULL, 0x2 | CREATE_SUSPENDED);
  1607. XSetThreadProcessor(hThread, 4);
  1608. SetThreadPriority(hThread, THREAD_PRIORITY_HIGHEST);
  1609. ResumeThread(hThread);
  1610. CloseHandle(hThread);
  1611. }
  1612.  
  1613. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  1614.  
  1615.  
  1616. if (pExecutionId->TitleID == COD3)
  1617. {
  1618. HANDLE hThread;
  1619. DWORD threadId;
  1620. ExCreateThread(&hThread, 0, &threadId, (VOID*)XapiThreadStartup, Cod3_go, NULL, 0x2 | CREATE_SUSPENDED);
  1621. XSetThreadProcessor(hThread, 4);
  1622. SetThreadPriority(hThread, THREAD_PRIORITY_HIGHEST);
  1623. ResumeThread(hThread);
  1624. CloseHandle(hThread);
  1625. }
  1626.  
  1627. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  1628.  
  1629.  
  1630. if (pExecutionId->TitleID == COD2)
  1631. {
  1632. HANDLE hThread;
  1633. DWORD threadId;
  1634. ExCreateThread(&hThread, 0, &threadId, (VOID*)XapiThreadStartup, Cod2_go, NULL, 0x2 | CREATE_SUSPENDED);
  1635. XSetThreadProcessor(hThread, 4);
  1636. SetThreadPriority(hThread, THREAD_PRIORITY_HIGHEST);
  1637. ResumeThread(hThread);
  1638. CloseHandle(hThread);
  1639. }
  1640.  
  1641. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  1642.  
  1643. if (pExecutionId->TitleID == GTA4)
  1644. {
  1645. HANDLE hThread;
  1646. DWORD threadId;
  1647. ExCreateThread(&hThread, 0, &threadId, (VOID*)XapiThreadStartup, GTA4_go, NULL, 0x2 | CREATE_SUSPENDED);
  1648. XSetThreadProcessor(hThread, 4);
  1649. SetThreadPriority(hThread, THREAD_PRIORITY_HIGHEST);
  1650. ResumeThread(hThread);
  1651. CloseHandle(hThread);
  1652. }
  1653.  
  1654. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  1655.  
  1656. if (pExecutionId->TitleID == HaloReach)
  1657. {
  1658. HANDLE hThread;
  1659. DWORD threadId;
  1660. ExCreateThread(&hThread, 0, &threadId, (VOID*)XapiThreadStartup, HaloR_go, NULL, 0x2 | CREATE_SUSPENDED);
  1661. XSetThreadProcessor(hThread, 4);
  1662. SetThreadPriority(hThread, THREAD_PRIORITY_HIGHEST);
  1663. ResumeThread(hThread);
  1664. CloseHandle(hThread);
  1665. }
  1666.  
  1667. //====================================================================================================================================================================================================================================================================================================================================
  1668. //=//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////=
  1669. //=////////////////////////////////////GAMES//END////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////=
  1670. //=//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////=
  1671. //====================================================================================================================================================================================================================================================================================================================================
  1672. lastTitleID = pExecutionId->TitleID;
  1673. }
  1674. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!