Posts: 6,052
Threads: 429
Joined: Oct 2010
11-12-2010, 17:33
(This post was last modified: 07-23-2011, 10:59 by d0h!.)
PHP Code: ENTITY_SIZE 0x328
CLIENT_SIZE 0x5C8
CG_OFFSET 0x2AB98100
CLIENT_OFFSET 0x2ABF70E8
ENTITY_OFFSET 0x2AC840DC
REFDEF_OFFSET 0x2ABDAFC0
VIEW_OFFSET 0xE40708
PHP Code: Trace 0x53C630;
DrawStretchPic 0x6EA690;
RegisterFont 0x6E90B0;
RegisterShader 0x6CDF40;
DrawEngineText 0x6EABC0;
SendConsoleCommand 0x44DE80;
RegisterTag 0x6B1E70;
GetTagPos 0x426CA0;
GetWeaponOffset 0x4585D0;
PHP Code: void __declspec(naked) nWallhack()
{
__asm pushad
__asm cmp DWORD PTR [esp+0x20], 0x514C98
__asm je doWallhack
__asm cmp DWORD PTR [esp+0x20], 0x7C8646
__asm je doWallhack
__asm cmp DWORD PTR [esp+0x20], 0x7C89B6
__asm je doWallhack
__asm jmp doJmp
doWallhack:
__asm mov [esp+0x30], 0x12
doJmp:
__asm popad
__asm jmp[pWallhack]
}
detour at 0x6D7240
PHP Code: class CRefdef
{
public:
Vec3 refdefViewAngles; //0000
char unknown0[332];
__int32 x; //0158
__int32 y; //015C
__int32 width; //0160
__int32 height; //0164
float FovX; //0168
float FovY; //016C
float TotalFov; //0170
Vec3 vOrigin; //0174
char unknown1[4];
Vec3 vAxis[3]; //0184
};
0x2ABDAFC0 - 0x158 = 0x2ABDAE68
Credits:
cardoow UC
Posts: 6,052
Threads: 429
Joined: Oct 2010
12-16-2010, 10:04
(This post was last modified: 12-17-2010, 07:31 by d0h!.)
updated to new version
PHP Code: // Functions
CG_Trace: 0x438A60
CG_Console: 0x632210
CG_DrawString: 0x6EB610
CG_RegisterTag: 0x51A280
CG_RegisterFont: 0x6E9880
CG_GetPlayerTag: 0x4E2620
CG_GetPlayerMesh: 0x5322E0
CG_RegisterShader: 0x6CE930
CG_DrawStrectedPic: 0x6EB0E0
// Classes
#define ENTITY_SIZE 0x328
#define CLIENT_SIZE 0x5C8
#define CLIENT_BASE 0x2ABF70E8
#define ENTITY_BASE 0x2AC840DC
PHP Code: ClientFrame Offset 0x00570020
RenderScene Offset 0x006E01D0
SendCommandToConsole Offset 0x00632210
DrawStretchPic Offset 0x006EB0E0
R_RegisterFont Offset 0x006E97E0
R_RegisterShader Offset 0x006CE930
R_RegisterTag Offset 0x0051A280
R_DrawEngineText Offset 0x006EB610
CG_Trace Offset 0x0050D310
GetTagPosition Offset 0x0063B240
GetWeaponInfo Offset 0x0050F140
weapon_t Pointer 0x2AC720DC Pointer: 0x00C9D784
cg_t Offset 0x2AB98100 Pointer: 0x00D2C790
centity_t Offset 0x2AC840DC Pointer: 0x00D2F970
clientInfo_t Offset 0x2ABF70E8
refdef_t Offset 0x2ABDAFDC
viewMatrix_t Offset 0x00E4378C
mouseInfo_t Offset 0x041C2154
playerSnap_t Offset 0x00E40FA0
dog_t Offset 0x00C76038
heli_t Offset 0x00C76AB8
rcxd_plane_t: 0x00C75E78
renderer_t Offset: 0x050C4B2C
ViewAngleX Offset: 0x00E43808
ViewAngleY Offset: 0x00E43804
Mouse On/Off Byte: 0x04469C7D
PHP Code: ENTITY_SIZE 0x328
CLIENT_SIZE 0x5C8
DRAWSTRETCHPIC_OFFSET 0x6eb0e0
DRAWTEXT_OFFSET 0x6eb610
GETTAG_OFFSET 0x63b240
GETLPTAG_OFFSET 0x5322e0
REGISTERFONT_OFFSET 0x6e9880
REGISTERSHADER_OFFSET 0x6ce930
REGISTERTAG_OFFSET 0x51a280
TRACE_OFFSET 0x50d310
GETWEAPON_OFFSET 0x50f140
WEAPONNAME_OFFSET 0xc9d784
WALLHACK_OFFSET 0x6d7a30
PLAYERRETURN_OFFSET 0x61d2b8
PICKUPRETURN_OFFSET 0x7c8b06
EXPLOSIVERETURN_OFFSET 0x7c8e76
ENTITY_OFFSET 0x2ac840dc
CLIENT_OFFSET 0x2abf70e8
CG_OFFSET 0x2ab98100
REFDEF_OFFSET 0x2abdae68
CAMERA_OFFSET 0xe43790
VEHICLE_OFFSET 0x2abd8598
DOGS_OFFSET 0xc76038
HELI_OFFSET 0xc76ab8
RCXD_OFFSET 0xc75e78
SENTRY_OFFSET 0xc759f8
thx to cyberdwak & K@N@VEL & cardoow
Posts: 6,052
Threads: 429
Joined: Oct 2010
01-21-2011, 19:57
(This post was last modified: 01-23-2011, 15:27 by d0h!.)
1.05 updates
![[Image: offetsv53.png]](http://img17.imageshack.us/img17/5144/offetsv53.png)
cardoow
PHP Code: [php]MouseInfo_t* MouseInfo = (MouseInfo_t*)0x48DAC58;
PlayerSnap_t* PlayerSnap = (PlayerSnap_t*)0xE3FFA0;
PHP Code: weapon_t* (__cdecl *GetWeapon)(int num) = (weapon_t* (__cdecl *)(int))0x53E1C0;//dword_C5C218
weapon_2_t* (__cdecl *GetWeapon_2)(int num) = (weapon_2_t* (__cdecl *)(int))0x527170;//dword_C5C218 +8
PHP Code: RegisterTag: 0x00547470
GetPlayerMesh: 0x00430410
GetPlayerTag: 0x004670C0
PHP Code: void (__cdecl *CG_DrawStretchPicTheater)(Float2* Style, float x, float y, float w, float h, int a6, int a7, vec4_t color, qhandle_t shader) = (void (__cdecl *)(Float2*, float, float, float, float, int, int, vec4_t, qhandle_t ))0x005CFFB0;
PHP Code: void (*CG_Trace)(Trace* Trace, vec3_t Start, vec3_t End, int skipNumber, int mask, int a6, int a7) = (void (__cdecl *)(Trace* , vec3_t , vec3_t , int , int , int , int ))0x005FBBF0;
PHP Code: *(int *)0xE3FEA0 = 0x10;//show mouse cursor
PHP Code: void (__cdecl *SendToConsole)( int flag, char* text ) = (void (__cdecl *)( int, char* ))0x005BAAD0;
PHP Code: int (__cdecl *k_AttackOn)() = (int (__cdecl *)())0x7FD580;
int (__cdecl *k_AttackOff)() = (int (__cdecl *)())0x7FD650;
int (__cdecl *k_KnifeOn)() = (int (__cdecl *)())0x7FD900;
int (__cdecl *k_KnifeOff)() = (int (__cdecl *)())0x7FD910;
PHP Code: bool (*CG_EspIsVisible)( int noIdea, Entity *cent ) = (bool (__cdecl *)( int, Entity * ))0x00589550;
PHP Code: CG_RegisterFont:0x005C5220
CG_DrawString:0x00530140
king-orgy
PHP Code: ViewAngleX = 0xE4280C
ViewAngleY = 0xE42808
RenderDevice = 0x57DD680
ClientInfo = 0xD2B798
Entity = 0xD2E98C
raiders
Posts: 6,052
Threads: 429
Joined: Oct 2010
02-08-2011, 09:28
(This post was last modified: 02-08-2011, 10:34 by d0h!.)
updated
Entities
Code: /*
00903DA7 |. 69C0 2C030000 |IMUL EAX,EAX,32C - Size
00903DAD |. 8D8408 0450F3F>|LEA EAX,DWORD PTR DS:[EAX+ECX+FFF35004]
00903DB4 |. EB 0F |JMP SHORT BlackOps.00903DC5
00903DB6 |> 8B5424 18 |MOV EDX,DWORD PTR SS:[ESP+18]
00903DBA |. 8B0495 8CF9D20>|MOV EAX,DWORD PTR DS:[EDX*4+D2F98C] Entity
00903DC1 |. 034424 1C |ADD EAX,DWORD PTR SS:[ESP+1C]
*/
ClientInfo
Weapon
Code: weapon_t* (__cdecl *GetWeapon)(int num) = (weapon_t* (__cdecl *)(int))0x00434EB0;//dword_C5C218
weapon_2_t* (__cdecl *GetWeapon_2)(int num) = (weapon_2_t* (__cdecl *)(int))0x00562C00;//dword_C5C218 +8
States
Code: MouseInfo_t* MouseInfo = (MouseInfo_t*)0x48DD0D8;
PlayerSnap_t* PlayerSnap = (PlayerSnap_t*)0xE40FA0;
PlayerState_t* PlayerState = (PlayerState_t*)0x352DA10;//finding memset(&dword_352C9E0, 0, 9948u); sub_40BEE0(14, "Delta from invalid frame (not supposed to happen!).\n");
Commands
Code: int (__cdecl *k_AttackOn)() = (int (__cdecl *)())0x7FE320;
int (__cdecl *k_AttackOff)() = (int (__cdecl *)())0x7FE3F0;
int (__cdecl *k_KnifeOn)() = (int (__cdecl *)())0x7FE6A0;
int (__cdecl *k_KnifeOff)() = (int (__cdecl *)())0x7FE6B0;
others
Code: int * ping = (int *) 0xE41020;
float *ViewAngleX = (float *)0xE4380C;
float *ViewAngleY = (float *)0xE43808;
Drawing
Code: Media_t * Media = (Media_t *) 0xD2C7A8;
CG_DrawStretchPicTheater = 0x00606110
RegisterFont = 0x005AE450
CG_DrawString = 0x00602140
Posts: 6,052
Threads: 429
Joined: Oct 2010
03-26-2011, 11:38
(This post was last modified: 03-26-2011, 11:58 by d0h!.)
1.07/7.0.90
Code: D3DRenderer: 0x590D808
Game: 0xD4E1D4
Entity: 0xD513D0
GetWeapon (+0x8): 0x453530
Trace: 0x58A650
RegisterTag: 0x5C8070
PlayerMesh: 0x46B6D0
GetBone: 0x638310
ViewAngleX: 0xE653D0
ViewAngleY: 0xE653CC
And now for the fun part!
ClientInfo Class Size: 0x5D0
EntityInfo Class Size: 0x328
ClientInfo = (Game) + 0x5F228
RefDef = (Game) + 0x43100
Posts: 6,052
Threads: 429
Joined: Oct 2010
Quote:D3DRenderer: 0x590D808
Game: 0xD4E1D4
Entity:0xD513D0
GetWeapon: 0x6B2100
Trace: 0x4358D0
RegisterTag: 0x40DB20
PlayerMesh: 0x6962F0
GetBone: 0x5A0C20
StartAttack: 0x808590
StopAttack: 0x808660
StartKnife: 0x808910
StopKnife: 0x808920
Nothing else changed... that I use.
Edit: I guess ill throw up the other offsets that didnt change for those among us that are lazy.
ViewAngleX: 0xE653D0
ViewAngleY: 0xE653CC
ClientInfo Class Size: 0x5D0
EntityInfo Class Size: 0x328
ClientInfo = (Game) + 0x5F228
RefDef = (Game) + 0x43100
thx for sharing raiders
Posts: 6,052
Threads: 429
Joined: Oct 2010
05-28-2011, 17:47
(This post was last modified: 05-28-2011, 17:49 by d0h!.)
patch 1.09 updated sigs and patterns
Code: #ifndef _BO_OFFSETS
#define _BO_OFFSETS
#define BO_MP_BASE 0x400000
#define BO_MP_SIZE 0x4FA4000
#define BO_MP_GAME 0x2BF97B80
#define CLASS_CENTITY 0x2C083EFC
#define CLASS_CG 0x2BF97B80
#define CLASS_CGS 0x2C009500
#define CLASS_CLIENTINFO 0x2BFF6DA8
#define CLASS_REFDEF 0x2BFDAB2C (with refdefViewAngles) - 0x2BFDAC80 (without)
#define CLASS_MEDIA 0xD50E80
#define CLASS_MATRIX 0xE687CC
#define CLASS_DOGS 0xC99D78
#define CLASS_HELI 0xC9A7F8
#define CLASS_RCXD 0xC99BB8
#define CLASS_SENTRY 0xC99738
#define CENTITY_SIZE 0x328
#define CLIENTINFO_SIZE 0x5D0
#define VIEW_X 0xE68850
#define VIEW_Y 0xE6884C
#define Trace 0x557760
#define AttackOn 0x808F80
#define AttackOff 0x809050
#define KnifeOn 0x809300
#define KnifeOff 0x809310
thx to king-orgy :)
#endif
Code: D3DRenderer: 0x469E308
ClientInfo: 0xD50E74
Entity: 0xD54070
GetWeapon (+0x8): 0x5658F0
Trace: 0x557760
RegisterTag: 0x6B0500
PlayerMesh: 0x63D1F0
GetBone: 0x51D9B0
ViewAngleX: 0xE68850
ViewAngleY: 0xE6884C
+attack: 0x808F80
-attack: 0x809050
+melee: 0x809300
-melee: 0x809310
SIGS:
Code: Entity/CG Struct:
Sig: \xe8\x00\x00\x00\x00\x8b\x15\x00\x00\x00\x00\x52\x57\xe8\x00\x00\x00\x00\x83\xc4\x20
Mask: x????xx????xxx????xxx
Entity struct pointer: *(DWORD*)(RetAddr+0x2F+0x2)
CG struct pointer: *(DWORD*)(RetAddr+0x17+0x2)
DrawEngineText:
Sig: \x55\x8b\x6c\x24\x08\x80\x7d\x00\x00\x56\x57\x0f\x84\x00\x00\x00\x00\x8b\xc5\x8d\x50\x01
Mask: xxxxxxxxxxxxx????xxxxx
DrawStretchPic:
Sig: \x8b\x44\x24\x28\xd9\x44\x24\x20\x8b\x4c\x24\x24\x50\x51\x83\xec\x24\xd9\x5c\x24\x20
Mask: xxxxxxxxxxxxxxxxxxxxx
EspVisible:
Sig: \x83\xec\x30\x56\x8b\x35\x00\x00\x00\x00\xe8\x00\x00\x00\x00\x84\xc0
Mask: xxxxxx????x????xx
RegisterTag:
Sig: \x8b\x44\x24\x04\x6a\x00\x6a\x01\x50\xe8\x00\x00\x00\x00\x83\xc4\x0c\xc3
Mask: xxxxxxxxxx????xxxx
RegisterFont:
Sig: \x8b\x44\x24\x04\x6a\xff\x6a\x01\x50\x6a\x14\xe8\x00\x00\x00\x00\x83\xc4\x10
Mask: xxxxxxxxxxxx????xxx
RegisterShader:
Sig: \x8b\x4c\x24\x04\x80\x39\x00\x75\x00\xa1\x00\x00\x00\x00\xc3
Mask: xxxxxxxx?x????x
GetTagPos:
Sig: \xd9\x46\x10\x8b\x44\x24\x1c\xd9\x18\x5f\xd9\x46\x14\xd9\x58\x04\xd9\x46\x18\x5e\xd9\x58\x08\xb8\x00\x00\x00\x00\x59\xc3
Mask: xxxxxxxxxxxxxxxxxxxxxxxx????xx
RetAddr-=0x52
ViewAngles:
Sig: \x56\xe8\x00\x00\x00\x00\x83\xc4\x04\x6a\x0c\x68\x00\x00\x00\x00
Mask: xx????xxxxxx????
*(DWORD*)(RetAddr+0xB+0x1)
Code: Functions:
bool bDataCompare(const BYTE* pData,const BYTE* bMask,const char* pszMask)
{
for(;*pszMask;++pszMask,++pData,++bMask)
if(*pszMask=='x' && *pData!=*bMask)
return false;
return (*pszMask)==0;
}
DWORD dwFindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char *pszMask)
{
for(DWORD i=0;i<dwLen;i++)
if(bDataCompare((BYTE*)(dwAddress+i),bMask,pszMask))
return (DWORD)(dwAddress+i);
return 0;
}
Usage:
RetAddr=dwFindPatter(StartAddr,Length,Sig,Mask);
King Orgy
CypherPresents
raiders
godly
dom1n1k - FindPattern
and all people at UC/GD
Posts: 6,052
Threads: 429
Joined: Oct 2010
Code: D3DRenderer: 0x46A3C88
ClientInfo: 0xD52EF4
Entity: 0xD560F0
GetWeapon (+0x8): 0x5827A0
Trace: 0x6764D0
RegisterTag: 0x5A4C60
PlayerMesh: 0x533F90
GetBone: 0x553380
ViewAngleX: 0xE6E1D0
ViewAngleY: 0xE6E1CC
+attack: 0x80A540
-attack: 0x80A610
+melee: 0x80A8C0
-melee: 0x80A8D0
king-orgy
cardoow
raiders
CypherPresents
UC&GD
Posts: 6,052
Threads: 429
Joined: Oct 2010
07-13-2011, 21:08
(This post was last modified: 07-13-2011, 21:10 by d0h!.)
Code: D3DRenderer: 0x46AC208
ClientInfo: 0xD52EF4
Entity: 0xD560F0
GetWeapon (+0x8): 0x54BB40
Trace: 0x64A4E0
RegisterTag: 0x69F970
PlayerMesh: 0x5606C0
GetBone: 0x540150
ViewAngleX: 0xE6E250
ViewAngleY: 0xE6E24C
+attack: 0x80A7E0
-attack: 0x80A8B0
+melee: 0x80AB60
-melee: 0x80AB70
byteScoped: 0xE6BA00
Code: dword_D52EF4 = (void *)sub_5DC2F0(a1, 465280 * a2, 128, "cgArray");
dword_D52EC4 = (void *)sub_5DC2F0(a1, 12744 * a2, 8, "cgsArray");
dword_CC57B0 = sub_5DC2F0(a1, 415744 * a2, 4, "cg_fakeEntitiesArray");
result = sub_5DC2F0(a1, 52 * a2, 4, "cg_viewModelArray");
v3 = 0;
for ( dword_CC3540 = result; v3 < a2; ++v3 )
{
*(&dword_CC3544 + v3) = (void *)sub_5DC2F0(a1, 73728, 4, "cg_weaponsArray");
*(&dword_D560F0 + v3) = (void *)sub_5DC2F0(a1, 827392, 4, "cg_entitiesArray");
dword_D56390[v3] = sub_5DC2F0(a1, 18432, 4, "cg_entityOriginArray");
*(&dword_39ED130 + v3) = (void *)sub_5DC2F0(a1, 24768, 4, "cg_destructibles");
v4 = (void *)sub_5DC2F0(a1, 118272, 16, "ikStatesArray");
dword_D5614C[v3] = (int)v4;
memset(v4, 0, 0x1CE00u);
result = sub_5F2760(dword_D5614C[v3], v3);
}
return result;
}
Code: Structures:
CG: 0xD52EF4
Ent: 0xD560F0
ViewMatrix: 0xE6E1CC
Sentrys: 0xC9B7B8
Choppers: 0xC9C878
Dogs: 0xC9BDF8
RCXDs: 0xC9BC38
Media: 0xD52F00
MouseInfo: 0x37708F8
PlayerSnap: 0xE6B9C0
Functions:
AttackON/OFF: 0x80A7E0/0x80A8B0
MeleeON/OFF: 0x80AB60/0x80AB70
DrawEngineText: 0x6F7B40
DrawStretchPic: 0x6F7610
Draw2D_Debug_Line: 0x40B720
Draw3D_Debug_Line: 0x5442F0
CG_DrawNameTags: 0x4DF570
IsESPVisible: 0x6C20E0
CG_Trace: 0x56E0A0
GetTagPos: 0x540150
Set_Weapon_CL_Trace: 0x64A4E0
RegisterTag: 0x55F730
RegisterFont: 0x6F5AA0
RegisterShader: 0x6DA9C0
Other:
ViewAngles: 0xE6E24C
SetZoom: 0xE6BA00
Possible vars:
Primary Ammo1: 0xE6BE28
Primary Ammo2: 0xE6BDB0
Secondary Ammo1: 0xE6BE20
Secondary Ammo2: 0xE6BDA8
Lethal Ammo: 0xE6BE30
Tactical Ammo: 0xE6BE38
Equipment Ammo: 0xE6BE40
godly
raiders
King-Orgy
UC&GD
Posts: 438
Threads: 4
Joined: May 2011
Reputation:
23
I'm sorry but what exactly are these for ? Out of curiosity.
|
![[Image: bPN32KP.jpg]](http://i.imgur.com/bPN32KP.jpg)
