I know there's a walkthrough of all the steps but for the newer version of CE (6.2) you get a different step 9
(PW=31337157)
Dibujo0.JPG
all you got to do is this:
make a float scan for all players
you will get something like this
Dibujo1.JPG
then right click the first address and select "what writes to this address"
click Attack (in step 9 first player) double click the item you will get in the instruction list.
Dibujo2.JPG
you will see [ebx+4]
go back to CE and select the first address(or any other)
right click it >> browse this memory region (ctrl + B)>>tools>>dissect data structures
create a new structure (ctrl+n) press ok,ok, now add the other addresses (ctrl + A) (copy them from the main CE)
Dibujo3.JPG
now in that picture you can compare that teamates share 1 and the others 2
those are the way the program identifies allies and enemies: (IDs)
the first address:value belong to the ebx+4 so in order to reach to the 1s and 2s you see the offset there is C (12)
which means 4 + C(12) = 10 (16) meaning ebx+10 is where you can know if its an ally or an enemy.
This will help for the code.
now go back to main CE and select the first(or any other) address and click "find out what accesses this address"
hit attack (in step 9) and some items will come up, from those you can notice that there is one that makes
a substraction (health going down) so click that one that says
fsubr dword ptr [ebx+04] (remember [ebx+4] is the health)
>> show dissambler>>tools>> auto asembler (ctrl+A) >> template>>code injection
and copy this code:
Dibujo4.JPGCode:alloc(newmem,2048) //2kb should be enough label(returnhere) label(originalcode) label(exit) label(allies) //New label newmem: cmp [ebx+10],1 //remember [ebx+10] evaluates to 1 or 2 (allies or enemies) je allies //if comparation(ebx+10],1) is equal jump to allies jmp originalcode allies: //jump fadd dword ptr [ebx+04] //instead of decreasing health everytime the allies are attacked the health is added (fadd) fstp dword ptr [ebp-30] //Basically we copy the code below ("originalcode" but for the good of our allies) jmp returnhere //so it will be stored (fstp) where it is supposed to be "dword ptr [ebp-30] " originalcode: //This is so the enemies lose health as they would normally do. fsubr dword ptr [ebx+04] fstp dword ptr [ebp-30] exit: jmp returnhere "Tutorial-i386.exe"+2509D: jmp newmem nop returnhere: