cardoow Wrote:Well since the radar is drawn locally you can manipulate it like a boss, saw people draw their own radar + use rotatedpic, but i personally like to use the engine to achieve my wishes. So since its almost christmas i have some Advanced UAV code for you guys.
this function does it all
Code:
void __cdecl sub_47F690(int a1, int a2, int a3, int a4, int a5)it loops trough a struct of 18 big, as far as i know its not clientinfo or entity, feel free to reverse it
Code:
v7 = (char *)&unk_8F2938 + 3640 * a1;
v52 = 18;
do
{
.....
v7 += 140; //see here the struct size = 0x8C = 140 dec
}
while ( v52-- != 1 );now we're heading to some more important stuff
at the bottom of the function we see a call to drawrotatedpic
Code:
sub_40D420(v51, v55, v56, v48, v47, *(_BYTE *)(a4 + 16), *(_BYTE *)(a4 + 17), v44, (int)&v58, v31);and we see that v31 holds the shader.
if we scroll up a bit we see this piece of code
Code:
if ( dword_8FF284 || v10 ) // 0x8FF080 is cg_t, means cg_t + 0x204 holds the advanced uav value
{
if ( !v45 || !dword_A041F8 || (v31 = dword_A041F8, sub_4F5920(dword_A041F8)) )
v31 = dword_A04184; // here v31 will hold compassping_enemyfacingdirection
}so we now know where to toggle the advanced uav, but now we only see the shaders when people shoot. We want those shaders at all time.
Now if we take a look at the top of the function we will find this
Code:
if ( v7[56] & 1 )//guess here they check for isalive
{
v8 = *((_DWORD *)v7 + 16);
v10 = (unsigned __int16)((_WORD)v8 >> 16);
v9 = (*((_DWORD *)v7 + 16) >> 17) & 1;
if ( v43 || v9 || (_WORD)v8 >> 16 || (unsigned __int16)(v8 & 0x8000) )
{
//we need to make sure this if is true
//we can do hard stuff with shifts or bitwise ands, or just take the easy way and pick v43
v12 = dword_96A1DC;
v11 = 1;
if ( *(_DWORD *)v7 > LODWORD(dword_96A1DC) )
*(_DWORD *)v7 = 0;
if ( *(_DWORD *)v7 < LODWORD(v12) - 500 )
goto LABEL_71;
}
else
{
v11 = 0;
}if we look something above that code we will find this
Code:
v43 = *(_BYTE *)(dword_1C2C39C + 12);hey! that looks like a cvar! + 0xC is the value, hmm lets make it have a value! (this is g_compassShowEnemies)
Code:
void AdvancedUAV()
{
cg_t->uav = 1; //the 0x8FF284 we found before in cg_t
*(BYTE*)(*(DWORD*)(0x1C2C39C) + 0xC) = 1; // the cvar
}call this every frame and you will have advanced uav at all time, have fun!
![[Image: eQkFUW.png]](http://screensnapr.com/e/eQkFUW.png)
hexrays
Spoiler (Click to View)
Code:
void __cdecl sub_47F690(int a1, int a2, int a3, int a4, int a5)
{
int *v5; // edi@1
int v6; // eax@1
char *v7; // edi@4
int v8; // eax@6
int v9; // ebx@6
int v10; // ebp@6
signed int v11; // esi@10
float v12; // eax@11
int v13; // ecx@14
double v14; // st6@14
char v15; // dl@16
char v16; // al@19
int v17; // ecx@20
double v18; // st7@20
int v19; // eax@31
double v20; // st7@33
int v21; // eax@35
double v22; // st7@36
double v23; // st7@40
double v24; // st7@43
float v25; // ST3C_4@44
float v26; // ST3C_4@45
double v27; // st7@46
float v28; // ST3C_4@47
float v29; // ST3C_4@48
float v30; // ST24_4@49
int v31; // esi@54
int v32; // edx@70
int v33; // eax@70
int v35; // [sp+4h] [bp-94h]@27
int *v36; // [sp+8h] [bp-90h]@27
float *v37; // [sp+Ch] [bp-8Ch]@27
float *v38; // [sp+10h] [bp-88h]@27
float *v39; // [sp+14h] [bp-84h]@27
int v40; // [sp+18h] [bp-80h]@27
int v41; // [sp+1Ch] [bp-7Ch]@27
float *v42; // [sp+20h] [bp-78h]@27
char v43; // [sp+37h] [bp-61h]@4
float v44; // [sp+38h] [bp-60h]@50
int v45; // [sp+3Ch] [bp-5Ch]@1
float v46; // [sp+40h] [bp-58h]@1
float v47; // [sp+44h] [bp-54h]@31
float v48; // [sp+48h] [bp-50h]@31
float v49; // [sp+4Ch] [bp-4Ch]@14
signed int v50; // [sp+50h] [bp-48h]@14
int v51; // [sp+54h] [bp-44h]@4
int v52; // [sp+58h] [bp-40h]@4
float v53; // [sp+5Ch] [bp-3Ch]@4
float v54; // [sp+60h] [bp-38h]@4
float v55; // [sp+64h] [bp-34h]@27
float v56; // [sp+68h] [bp-30h]@31
float v57; // [sp+6Ch] [bp-2Ch]@1
int v58; // [sp+74h] [bp-24h]@4
float v59; // [sp+78h] [bp-20h]@4
float v60; // [sp+7Ch] [bp-1Ch]@4
float v61; // [sp+80h] [bp-18h]@4
float v62; // [sp+84h] [bp-14h]@4
float v63; // [sp+88h] [bp-10h]@4
float v64; // [sp+8Ch] [bp-Ch]@4
float v65; // [sp+90h] [bp-8h]@4
v6 = sub_4B9000();
v45 = (unsigned __int8)sub_534780(v6);
v5 = &dword_9FC6C8[344 * dword_8FF1D0];
sub_469FE0((int)&dword_8FF080, COERCE_FLOAT(&v57));
v46 = sub_4134A0(a1, dword_9761A4, a2);
if ( 0.0 != v46 && *v5 && v5[7] != 3 )
{
sub_4568C0((char)v5, a2, (int)&dword_8FF080, a3, a4, (int)&v62, (int)&v63, (int)&v64, (int)&v65);
v53 = v64 * 0.5 + v62;
v54 = 0.5 * v65 + v63;
*(float *)&v58 = *(float *)a5;
v59 = *(float *)(a5 + 4);
v60 = *(float *)(a5 + 8);
v61 = *(float *)(a5 + 12);
v51 = (int)sub_519480();
v43 = *(_BYTE *)(dword_1C2C39C + 12);
v7 = (char *)&unk_8F2938 + 3640 * a1;
v52 = 18;
do
{
if ( v7[56] & 1 )
{
v8 = *((_DWORD *)v7 + 16);
v10 = (unsigned __int16)((_WORD)v8 >> 16);
v9 = (*((_DWORD *)v7 + 16) >> 17) & 1;
if ( v43 || v9 || (_WORD)v8 >> 16 || (unsigned __int16)(v8 & 0x8000) )
{
v12 = dword_96A1DC;
v11 = 1;
if ( *(_DWORD *)v7 > LODWORD(dword_96A1DC) )
*(_DWORD *)v7 = 0;
if ( *(_DWORD *)v7 < LODWORD(v12) - 500 )
goto LABEL_71;
}
else
{
v11 = 0;
}
v13 = *((_DWORD *)v7 + 11);
LODWORD(v49) = *((_DWORD *)v7 + 11);
*(float *)&v50 = (double)SLODWORD(dword_96A1DC);
v14 = *(float *)&v50;
v15 = *(float *)(dword_8F15D4 + 12) * 1000.0 + (double)SLODWORD(v49) > *(float *)&v50 && v13;
if ( v11 )
{
v16 = 1;
}
else
{
v17 = *((_DWORD *)v7 + 12);
v18 = 1000.0 * *(float *)(dword_8F1598 + 12);
v50 = *((_DWORD *)v7 + 12);
v16 = v14 < v18 + (double)v50 && v17;
}
if ( v15 || v16 )
{
if ( v11 )
{
v42 = &v55;
v41 = 0;
v40 = (int)(v7 + 4);
v39 = &flt_96A218;
v38 = &v57;
v37 = &v62;
v36 = &dword_8FF080;
v35 = a2;
}
else
{
v42 = &v55;
v41 = 0;
v40 = (int)(v7 + 16);
v39 = &flt_96A218;
v38 = &v57;
v37 = &v62;
v36 = &dword_8FF080;
v35 = a2;
}
if ( !(unsigned __int8)sub_4F6860(v35, v36, v37, v38, v39, v40, v41, v42) || *(_BYTE *)(dword_8F15E4 + 12) )
{
sub_4D4A40(a2, &v48, &v47);
v19 = *((_DWORD *)v7 + 12);
v55 = v53 - v48 * 0.5 + v55;
v56 = v54 - 0.5 * v47 + v56;
if ( v19 >= LODWORD(dword_96A1DC) || v11 )
{
v20 = 1.0;
}
else
{
v50 = LODWORD(dword_96A1DC) - v19;
v20 = 1.0 - (double)(LODWORD(dword_96A1DC) - v19) / (*(float *)(dword_8F1598 + 12) * 1000.0);
}
v21 = *((_DWORD *)v7 + 11);
v49 = v20;
if ( v21 < LODWORD(dword_96A1DC) )
{
v50 = LODWORD(dword_96A1DC) - v21;
v22 = 1.0 - (double)(LODWORD(dword_96A1DC) - v21) / (*(float *)(dword_8F15D4 + 12) * 1000.0);
}
else
{
v22 = 1.0;
}
*(float *)&v50 = v22;
if ( dword_8FF284 || v10 )
{
if ( a2 || !*(_BYTE *)(dword_8F15F4 + 12) )
{
v27 = flt_976184;
if ( v11 )
{
v28 = v27 - *((float *)v7 + 9);
v23 = v28;
}
else
{
v29 = v27 - *((float *)v7 + 7);
v23 = v29;
}
}
else
{
v24 = flt_96ED30;
if ( v11 )
{
v25 = v24 - *((float *)v7 + 9);
v23 = v25;
}
else
{
v26 = v24 - *((float *)v7 + 7);
v23 = v26;
}
}
v30 = v23;
sub_525CA0(v30);
}
else
{
v23 = 0.0;
}
v44 = v23;
if ( v9 )
{
v44 = 0.0;
if ( v45 && dword_A0423C && !sub_4F5920(dword_A0423C) )
v31 = dword_A0423C;
else
v31 = dword_A041C8;
}
else
{
if ( dword_8FF284 || v10 )
{
if ( !v45 || !dword_A041F8 || (v31 = dword_A041F8, sub_4F5920(dword_A041F8)) )
v31 = dword_A04184;
}
else
{
v44 = 0.0;
if ( v45 && dword_A041F4 && !sub_4F5920(dword_A041F4) )
v31 = dword_A041F4;
else
v31 = dword_A04180;
}
}
if ( v49 >= 0.0 )
{
v61 = v49 * v46;
sub_40D420(v51, v55, v56, v48, v47, *(_BYTE *)(a4 + 16), *(_BYTE *)(a4 + 17), v44, (int)&v58, v31);
}
if ( *(float *)&v50 >= 0.0 )
{
v32 = *(_BYTE *)(a4 + 17);
v33 = *(_BYTE *)(a4 + 16);
v61 = *(float *)&v50 * v46;
sub_40D420(v51, v55, v56, v48, v47, v33, v32, v44, (int)&v58, v31);
}
}
}
}
LABEL_71:
v7 += 140;
}
while ( v52-- != 1 );
}
}assembly
Spoiler (Click to View)
Code:
0047F690 $ 83EC 64 SUB ESP,64
0047F693 . 53 PUSH EBX
0047F694 . 56 PUSH ESI
0047F695 . 8B7424 70 MOV ESI,DWORD PTR SS:[ESP+70]
0047F699 . 57 PUSH EDI
0047F69A . 56 PUSH ESI
0047F69B . E8 60990300 CALL iw5mp.004B9000
0047F6A0 . 50 PUSH EAX
0047F6A1 . E8 DA500B00 CALL iw5mp.00534780
0047F6A6 . 8B3D D0F18F00 MOV EDI,DWORD PTR DS:[8FF1D0]
0047F6AC . 69FF 60050000 IMUL EDI,EDI,560
0047F6B2 . 8D4C24 4C LEA ECX,DWORD PTR SS:[ESP+4C]
0047F6B6 . 0FB6C0 MOVZX EAX,AL
0047F6B9 . 51 PUSH ECX
0047F6BA . 68 80F08F00 PUSH iw5mp.008FF080
0047F6BF . 894424 24 MOV DWORD PTR SS:[ESP+24],EAX
0047F6C3 . 81C7 C8C69F00 ADD EDI,iw5mp.009FC6C8
0047F6C9 . E8 12A9FEFF CALL iw5mp.00469FE0
0047F6CE . 8B9C24 8800000>MOV EBX,DWORD PTR SS:[ESP+88]
0047F6D5 . 8B15 A4619700 MOV EDX,DWORD PTR DS:[9761A4]
0047F6DB . 53 PUSH EBX
0047F6DC . 52 PUSH EDX
0047F6DD . 56 PUSH ESI
0047F6DE . E8 BD3DF9FF CALL iw5mp.004134A0
0047F6E3 . D95C24 34 FSTP DWORD PTR SS:[ESP+34]
0047F6E7 . 83C4 1C ADD ESP,1C
0047F6EA . D9EE FLDZ
0047F6EC . D85C24 18 FCOMP DWORD PTR SS:[ESP+18]
0047F6F0 . DFE0 FSTSW AX
0047F6F2 . F6C4 44 TEST AH,44
0047F6F5 . 0F8B C8040000 JPO iw5mp.0047FBC3
0047F6FB . 833F 00 CMP DWORD PTR DS:[EDI],0
0047F6FE . 0F84 BF040000 JE iw5mp.0047FBC3
0047F704 . 837F 1C 03 CMP DWORD PTR DS:[EDI+1C],3
0047F708 . 0F84 B5040000 JE iw5mp.0047FBC3
0047F70E . 55 PUSH EBP
0047F70F . 8D4424 6C LEA EAX,DWORD PTR SS:[ESP+6C]
0047F713 . 50 PUSH EAX
0047F714 . 8D4C24 6C LEA ECX,DWORD PTR SS:[ESP+6C]
0047F718 . 51 PUSH ECX
0047F719 . 8B8C24 8C00000>MOV ECX,DWORD PTR SS:[ESP+8C]
0047F720 . 8D5424 6C LEA EDX,DWORD PTR SS:[ESP+6C]
0047F724 . 52 PUSH EDX
0047F725 . 8B9424 8C00000>MOV EDX,DWORD PTR SS:[ESP+8C]
0047F72C . 8D4424 6C LEA EAX,DWORD PTR SS:[ESP+6C]
0047F730 . 50 PUSH EAX
0047F731 . 51 PUSH ECX
0047F732 . 52 PUSH EDX
0047F733 . 68 80F08F00 PUSH iw5mp.008FF080
0047F738 . 53 PUSH EBX
0047F739 . E8 8271FDFF CALL iw5mp.004568C0
0047F73E . D98424 8800000>FLD DWORD PTR SS:[ESP+88]
0047F745 . DD05 E8B78000 FLD QWORD PTR DS:[80B7E8]
0047F74B . 8B8424 A800000>MOV EAX,DWORD PTR SS:[ESP+A8]
0047F752 . DCC9 FMUL ST(1),ST
0047F754 . 56 PUSH ESI
0047F755 . D98424 8400000>FLD DWORD PTR SS:[ESP+84]
0047F75C . DEC2 FADDP ST(2),ST
0047F75E . D9C9 FXCH ST(1)
0047F760 . D95C24 5C FSTP DWORD PTR SS:[ESP+5C]
0047F764 . D88C24 9000000>FMUL DWORD PTR SS:[ESP+90]
0047F76B . D88424 8800000>FADD DWORD PTR SS:[ESP+88]
0047F772 . D95C24 60 FSTP DWORD PTR SS:[ESP+60]
0047F776 . D900 FLD DWORD PTR DS:[EAX]
0047F778 . D95C24 74 FSTP DWORD PTR SS:[ESP+74]
0047F77C . D940 04 FLD DWORD PTR DS:[EAX+4]
0047F77F . D95C24 78 FSTP DWORD PTR SS:[ESP+78]
0047F783 . D940 08 FLD DWORD PTR DS:[EAX+8]
0047F786 . D95C24 7C FSTP DWORD PTR SS:[ESP+7C]
0047F78A . D940 0C FLD DWORD PTR DS:[EAX+C]
0047F78D . D99C24 8000000>FSTP DWORD PTR SS:[ESP+80]
0047F794 . E8 E79C0900 CALL iw5mp.00519480
0047F799 . 69F6 380E0000 IMUL ESI,ESI,0E38
0047F79F . 894424 54 MOV DWORD PTR SS:[ESP+54],EAX
0047F7A3 . A1 9CC3C201 MOV EAX,DWORD PTR DS:[1C2C39C]
0047F7A8 . 8A48 0C MOV CL,BYTE PTR DS:[EAX+C]
0047F7AB . 83C4 24 ADD ESP,24
0047F7AE . 81C6 38298F00 ADD ESI,iw5mp.008F2938
0047F7B4 . 884C24 13 MOV BYTE PTR SS:[ESP+13],CL
0047F7B8 . 8BFE MOV EDI,ESI
0047F7BA . C74424 34 1200>MOV DWORD PTR SS:[ESP+34],12
0047F7C2 . EB 0C JMP SHORT iw5mp.0047F7D0
0047F7C4 . 8DA424 0000000>LEA ESP,DWORD PTR SS:[ESP]
0047F7CB . EB 03 JMP SHORT iw5mp.0047F7D0
0047F7CD 8D49 00 LEA ECX,DWORD PTR DS:[ECX]
0047F7D0 > F647 38 01 TEST BYTE PTR DS:[EDI+38],1
0047F7D4 . DD05 201B7F00 FLD QWORD PTR DS:[7F1B20]
0047F7DA . 0F84 CF030000 JE iw5mp.0047FBAF
0047F7E0 . 8B47 40 MOV EAX,DWORD PTR DS:[EDI+40]
0047F7E3 . 8BE8 MOV EBP,EAX
0047F7E5 . 8BD8 MOV EBX,EAX
0047F7E7 . C1ED 10 SHR EBP,10
0047F7EA . C1EB 11 SHR EBX,11
0047F7ED . 83E5 01 AND EBP,1
0047F7F0 . 83E3 01 AND EBX,1
0047F7F3 . 807C24 13 00 CMP BYTE PTR SS:[ESP+13],0
0047F7F8 . 75 13 JNZ SHORT iw5mp.0047F80D
0047F7FA . 85DB TEST EBX,EBX
0047F7FC . 75 0F JNZ SHORT iw5mp.0047F80D
0047F7FE . 85ED TEST EBP,EBP
0047F800 . 75 0B JNZ SHORT iw5mp.0047F80D
0047F802 . A9 00800000 TEST EAX,8000
0047F807 . 75 04 JNZ SHORT iw5mp.0047F80D
0047F809 . 33F6 XOR ESI,ESI
0047F80B . EB 21 JMP SHORT iw5mp.0047F82E
0047F80D > A1 DCA19600 MOV EAX,DWORD PTR DS:[96A1DC]
0047F812 . 3907 CMP DWORD PTR DS:[EDI],EAX
0047F814 . BE 01000000 MOV ESI,1
0047F819 . 7E 06 JLE SHORT iw5mp.0047F821
0047F81B . C707 00000000 MOV DWORD PTR DS:[EDI],0
0047F821 > 05 0CFEFFFF ADD EAX,-1F4
0047F826 . 3907 CMP DWORD PTR DS:[EDI],EAX
0047F828 . 0F8C 81030000 JL iw5mp.0047FBAF
0047F82E > DB05 DCA19600 FILD DWORD PTR DS:[96A1DC]
0047F834 . 8B15 D4158F00 MOV EDX,DWORD PTR DS:[8F15D4]
0047F83A . 8B4F 2C MOV ECX,DWORD PTR DS:[EDI+2C]
0047F83D . 894C24 28 MOV DWORD PTR SS:[ESP+28],ECX
0047F841 . D95C24 2C FSTP DWORD PTR SS:[ESP+2C]
0047F845 . D94424 2C FLD DWORD PTR SS:[ESP+2C]
0047F849 . D942 0C FLD DWORD PTR DS:[EDX+C]
0047F84C . D8CA FMUL ST,ST(2)
0047F84E . DA4424 28 FIADD DWORD PTR SS:[ESP+28]
0047F852 . D8D9 FCOMP ST(1)
0047F854 . DFE0 FSTSW AX
0047F856 . F6C4 41 TEST AH,41
0047F859 . 75 08 JNZ SHORT iw5mp.0047F863
0047F85B . 85C9 TEST ECX,ECX
0047F85D . 74 04 JE SHORT iw5mp.0047F863
0047F85F . B2 01 MOV DL,1
0047F861 . EB 02 JMP SHORT iw5mp.0047F865
0047F863 > 32D2 XOR DL,DL
0047F865 > 85F6 TEST ESI,ESI
0047F867 . 74 08 JE SHORT iw5mp.0047F871
0047F869 . DDD8 FSTP ST
0047F86B . B0 01 MOV AL,1
0047F86D . DDD8 FSTP ST
0047F86F . EB 2A JMP SHORT iw5mp.0047F89B
0047F871 > A1 98158F00 MOV EAX,DWORD PTR DS:[8F1598]
0047F876 . 8B4F 30 MOV ECX,DWORD PTR DS:[EDI+30]
0047F879 . D940 0C FLD DWORD PTR DS:[EAX+C]
0047F87C . DECA FMULP ST(2),ST
0047F87E . 894C24 2C MOV DWORD PTR SS:[ESP+2C],ECX
0047F882 . DB4424 2C FILD DWORD PTR SS:[ESP+2C]
0047F886 . DEC2 FADDP ST(2),ST
0047F888 . DED9 FCOMPP
0047F88A . DFE0 FSTSW AX
0047F88C . F6C4 05 TEST AH,5
0047F88F . 7A 08 JPE SHORT iw5mp.0047F899
0047F891 . 85C9 TEST ECX,ECX
0047F893 . 74 04 JE SHORT iw5mp.0047F899
0047F895 . B0 01 MOV AL,1
0047F897 . EB 02 JMP SHORT iw5mp.0047F89B
0047F899 > 32C0 XOR AL,AL
0047F89B > 84D2 TEST DL,DL
0047F89D . 75 08 JNZ SHORT iw5mp.0047F8A7
0047F89F . 84C0 TEST AL,AL
0047F8A1 . 0F84 0A030000 JE iw5mp.0047FBB1
0047F8A7 > 85F6 TEST ESI,ESI
0047F8A9 . 74 29 JE SHORT iw5mp.0047F8D4
0047F8AB . 8D4C24 40 LEA ECX,DWORD PTR SS:[ESP+40]
0047F8AF . 51 PUSH ECX
0047F8B0 . 6A 00 PUSH 0
0047F8B2 . 8D57 04 LEA EDX,DWORD PTR DS:[EDI+4]
0047F8B5 . 52 PUSH EDX
0047F8B6 . 8B9424 8800000>MOV EDX,DWORD PTR SS:[ESP+88]
0047F8BD . 68 18A29600 PUSH iw5mp.0096A218
0047F8C2 . 8D4424 58 LEA EAX,DWORD PTR SS:[ESP+58]
0047F8C6 . 50 PUSH EAX
0047F8C7 . 8D4C24 74 LEA ECX,DWORD PTR SS:[ESP+74]
0047F8CB . 51 PUSH ECX
0047F8CC . 68 80F08F00 PUSH iw5mp.008FF080
0047F8D1 . 52 PUSH EDX
0047F8D2 . EB 27 JMP SHORT iw5mp.0047F8FB
0047F8D4 > 8D4424 40 LEA EAX,DWORD PTR SS:[ESP+40]
0047F8D8 . 50 PUSH EAX
0047F8D9 . 6A 00 PUSH 0
0047F8DB . 8D4F 10 LEA ECX,DWORD PTR DS:[EDI+10]
0047F8DE . 51 PUSH ECX
0047F8DF . 8B8C24 8800000>MOV ECX,DWORD PTR SS:[ESP+88]
0047F8E6 . 68 18A29600 PUSH iw5mp.0096A218
0047F8EB . 8D5424 58 LEA EDX,DWORD PTR SS:[ESP+58]
0047F8EF . 52 PUSH EDX
0047F8F0 . 8D4424 74 LEA EAX,DWORD PTR SS:[ESP+74]
0047F8F4 . 50 PUSH EAX
0047F8F5 . 68 80F08F00 PUSH iw5mp.008FF080
0047F8FA . 51 PUSH ECX
0047F8FB > E8 606F0700 CALL iw5mp.004F6860
0047F900 . 83C4 20 ADD ESP,20
0047F903 . 84C0 TEST AL,AL
0047F905 . 74 10 JE SHORT iw5mp.0047F917
0047F907 . 8B15 E4158F00 MOV EDX,DWORD PTR DS:[8F15E4]
0047F90D . 807A 0C 00 CMP BYTE PTR DS:[EDX+C],0
0047F911 . 0F84 9A020000 JE iw5mp.0047FBB1
0047F917 > 8B5424 7C MOV EDX,DWORD PTR SS:[ESP+7C]
0047F91B . 8D4424 20 LEA EAX,DWORD PTR SS:[ESP+20]
0047F91F . 50 PUSH EAX
0047F920 . 8D4C24 28 LEA ECX,DWORD PTR SS:[ESP+28]
0047F924 . 51 PUSH ECX
0047F925 . 52 PUSH EDX
0047F926 . E8 15510500 CALL iw5mp.004D4A40
0047F92B . D94424 30 FLD DWORD PTR SS:[ESP+30]
0047F92F . DD05 E8B78000 FLD QWORD PTR DS:[80B7E8]
0047F935 . 8B47 30 MOV EAX,DWORD PTR DS:[EDI+30]
0047F938 . DCC9 FMUL ST(1),ST
0047F93A . 8B0D DCA19600 MOV ECX,DWORD PTR DS:[96A1DC]
0047F940 . D9C9 FXCH ST(1)
0047F942 . 83C4 0C ADD ESP,0C
0047F945 . 3BC1 CMP EAX,ECX
0047F947 . D86C24 38 FSUBR DWORD PTR SS:[ESP+38]
0047F94B . D84424 40 FADD DWORD PTR SS:[ESP+40]
0047F94F . D95C24 40 FSTP DWORD PTR SS:[ESP+40]
0047F953 . D94424 20 FLD DWORD PTR SS:[ESP+20]
0047F957 . DEC9 FMULP ST(1),ST
0047F959 . D86C24 3C FSUBR DWORD PTR SS:[ESP+3C]
0047F95D . D84424 44 FADD DWORD PTR SS:[ESP+44]
0047F961 . D95C24 44 FSTP DWORD PTR SS:[ESP+44]
0047F965 . 7D 26 JGE SHORT iw5mp.0047F98D
0047F967 . 85F6 TEST ESI,ESI
0047F969 . 75 22 JNZ SHORT iw5mp.0047F98D
0047F96B . 8BD1 MOV EDX,ECX
0047F96D . 2BD0 SUB EDX,EAX
0047F96F . A1 98158F00 MOV EAX,DWORD PTR DS:[8F1598]
0047F974 . 895424 2C MOV DWORD PTR SS:[ESP+2C],EDX
0047F978 . DB4424 2C FILD DWORD PTR SS:[ESP+2C]
0047F97C . D940 0C FLD DWORD PTR DS:[EAX+C]
0047F97F . DC0D 201B7F00 FMUL QWORD PTR DS:[7F1B20]
0047F985 . DEF9 FDIVP ST(1),ST
0047F987 . D9E8 FLD1
0047F989 . DEE1 FSUBRP ST(1),ST
0047F98B . EB 02 JMP SHORT iw5mp.0047F98F
0047F98D > D9E8 FLD1
0047F98F > 8B47 2C MOV EAX,DWORD PTR DS:[EDI+2C]
0047F992 . D95C24 28 FSTP DWORD PTR SS:[ESP+28]
0047F996 . 3BC1 CMP EAX,ECX
0047F998 . 7C 04 JL SHORT iw5mp.0047F99E
0047F99A . D9E8 FLD1
0047F99C . EB 1F JMP SHORT iw5mp.0047F9BD
0047F99E > 2BC8 SUB ECX,EAX
0047F9A0 . 894C24 2C MOV DWORD PTR SS:[ESP+2C],ECX
0047F9A4 . DB4424 2C FILD DWORD PTR SS:[ESP+2C]
0047F9A8 . 8B0D D4158F00 MOV ECX,DWORD PTR DS:[8F15D4]
0047F9AE . D941 0C FLD DWORD PTR DS:[ECX+C]
0047F9B1 . DC0D 201B7F00 FMUL QWORD PTR DS:[7F1B20]
0047F9B7 . DEF9 FDIVP ST(1),ST
0047F9B9 . D9E8 FLD1
0047F9BB . DEE1 FSUBRP ST(1),ST
0047F9BD > 833D 84F28F00 >CMP DWORD PTR DS:[8FF284],0
0047F9C4 . D95C24 2C FSTP DWORD PTR SS:[ESP+2C]
0047F9C8 . 75 08 JNZ SHORT iw5mp.0047F9D2
0047F9CA . 85ED TEST EBP,EBP
0047F9CC . 75 04 JNZ SHORT iw5mp.0047F9D2
0047F9CE . D9EE FLDZ
0047F9D0 . EB 66 JMP SHORT iw5mp.0047FA38
0047F9D2 > 837C24 7C 00 CMP DWORD PTR SS:[ESP+7C],0
0047F9D7 . 75 31 JNZ SHORT iw5mp.0047FA0A
0047F9D9 . 8B15 F4158F00 MOV EDX,DWORD PTR DS:[8F15F4]
0047F9DF . 807A 0C 00 CMP BYTE PTR DS:[EDX+C],0
0047F9E3 . 74 25 JE SHORT iw5mp.0047FA0A
0047F9E5 . D905 30ED9600 FLD DWORD PTR DS:[96ED30]
0047F9EB . 51 PUSH ECX
0047F9EC . 85F6 TEST ESI,ESI
0047F9EE . 74 0D JE SHORT iw5mp.0047F9FD
0047F9F0 . D867 24 FSUB DWORD PTR DS:[EDI+24]
0047F9F3 . D95C24 18 FSTP DWORD PTR SS:[ESP+18]
0047F9F7 . D94424 18 FLD DWORD PTR SS:[ESP+18]
0047F9FB . EB 30 JMP SHORT iw5mp.0047FA2D
0047F9FD > D867 1C FSUB DWORD PTR DS:[EDI+1C]
0047FA00 . D95C24 18 FSTP DWORD PTR SS:[ESP+18]
0047FA04 . D94424 18 FLD DWORD PTR SS:[ESP+18]
0047FA08 . EB 23 JMP SHORT iw5mp.0047FA2D
0047FA0A > D905 84619700 FLD DWORD PTR DS:[976184]
0047FA10 . 51 PUSH ECX
0047FA11 . 85F6 TEST ESI,ESI
0047FA13 . 74 0D JE SHORT iw5mp.0047FA22
0047FA15 . D867 24 FSUB DWORD PTR DS:[EDI+24]
0047FA18 . D95C24 18 FSTP DWORD PTR SS:[ESP+18]
0047FA1C . D94424 18 FLD DWORD PTR SS:[ESP+18]
0047FA20 . EB 0B JMP SHORT iw5mp.0047FA2D
0047FA22 > D867 1C FSUB DWORD PTR DS:[EDI+1C]
0047FA25 . D95C24 18 FSTP DWORD PTR SS:[ESP+18]
0047FA29 . D94424 18 FLD DWORD PTR SS:[ESP+18]
0047FA2D > D91C24 FSTP DWORD PTR SS:[ESP]
0047FA30 . E8 6B620A00 CALL iw5mp.00525CA0
0047FA35 . 83C4 04 ADD ESP,4
0047FA38 > D95C24 14 FSTP DWORD PTR SS:[ESP+14]
0047FA3C . 85DB TEST EBX,EBX
0047FA3E . 74 33 JE SHORT iw5mp.0047FA73
0047FA40 . 837C24 18 00 CMP DWORD PTR SS:[ESP+18],0
0047FA45 . D9EE FLDZ
0047FA47 . D95C24 14 FSTP DWORD PTR SS:[ESP+14]
0047FA4B . 74 1E JE SHORT iw5mp.0047FA6B
0047FA4D . A1 3C42A000 MOV EAX,DWORD PTR DS:[A0423C]
0047FA52 . 85C0 TEST EAX,EAX
0047FA54 . 74 15 JE SHORT iw5mp.0047FA6B
0047FA56 . 50 PUSH EAX
0047FA57 . E8 C45E0700 CALL iw5mp.004F5920
0047FA5C . 83C4 04 ADD ESP,4
0047FA5F . 84C0 TEST AL,AL
0047FA61 . 75 08 JNZ SHORT iw5mp.0047FA6B
0047FA63 . 8B35 3C42A000 MOV ESI,DWORD PTR DS:[A0423C]
0047FA69 . EB 70 JMP SHORT iw5mp.0047FADB
0047FA6B > 8B35 C841A000 MOV ESI,DWORD PTR DS:[A041C8]
0047FA71 . EB 68 JMP SHORT iw5mp.0047FADB
0047FA73 > 833D 84F28F00 >CMP DWORD PTR DS:[8FF284],0
0047FA7A . 75 36 JNZ SHORT iw5mp.0047FAB2
0047FA7C . 85ED TEST EBP,EBP
0047FA7E . 75 32 JNZ SHORT iw5mp.0047FAB2
0047FA80 . D9EE FLDZ
0047FA82 . D95C24 14 FSTP DWORD PTR SS:[ESP+14]
0047FA86 . 396C24 18 CMP DWORD PTR SS:[ESP+18],EBP
0047FA8A . 74 1E JE SHORT iw5mp.0047FAAA
0047FA8C . A1 F441A000 MOV EAX,DWORD PTR DS:[A041F4]
0047FA91 . 85C0 TEST EAX,EAX
0047FA93 . 74 15 JE SHORT iw5mp.0047FAAA
0047FA95 . 50 PUSH EAX
0047FA96 . E8 855E0700 CALL iw5mp.004F5920
0047FA9B . 83C4 04 ADD ESP,4
0047FA9E . 84C0 TEST AL,AL
0047FAA0 . 75 08 JNZ SHORT iw5mp.0047FAAA
0047FAA2 . 8B35 F441A000 MOV ESI,DWORD PTR DS:[A041F4]
0047FAA8 . EB 31 JMP SHORT iw5mp.0047FADB
0047FAAA > 8B35 8041A000 MOV ESI,DWORD PTR DS:[A04180]
0047FAB0 . EB 29 JMP SHORT iw5mp.0047FADB
0047FAB2 > 837C24 18 00 CMP DWORD PTR SS:[ESP+18],0
0047FAB7 . 74 1C JE SHORT iw5mp.0047FAD5
0047FAB9 . A1 F841A000 MOV EAX,DWORD PTR DS:[A041F8]
0047FABE . 85C0 TEST EAX,EAX
0047FAC0 . 74 13 JE SHORT iw5mp.0047FAD5
0047FAC2 . 50 PUSH EAX
0047FAC3 . E8 585E0700 CALL iw5mp.004F5920
0047FAC8 . 8B35 F841A000 MOV ESI,DWORD PTR DS:[A041F8]
0047FACE . 83C4 04 ADD ESP,4
0047FAD1 . 84C0 TEST AL,AL
0047FAD3 . 74 06 JE SHORT iw5mp.0047FADB
0047FAD5 > 8B35 8441A000 MOV ESI,DWORD PTR DS:[A04184]
0047FADB > D9EE FLDZ
0047FADD . D94424 28 FLD DWORD PTR SS:[ESP+28]
0047FAE1 . D8D1 FCOM ST(1)
0047FAE3 . DFE0 FSTSW AX
0047FAE5 . DDD9 FSTP ST(1)
0047FAE7 . F6C4 01 TEST AH,1
0047FAEA . 75 58 JNZ SHORT iw5mp.0047FB44
0047FAEC . D84C24 1C FMUL DWORD PTR SS:[ESP+1C]
0047FAF0 . 56 PUSH ESI
0047FAF1 . 8D4424 54 LEA EAX,DWORD PTR SS:[ESP+54]
0047FAF5 . 50 PUSH EAX
0047FAF6 . 8B8424 8C00000>MOV EAX,DWORD PTR SS:[ESP+8C]
0047FAFD . D95C24 64 FSTP DWORD PTR SS:[ESP+64]
0047FB01 . 0FB650 10 MOVZX EDX,BYTE PTR DS:[EAX+10]
0047FB05 . D94424 1C FLD DWORD PTR SS:[ESP+1C]
0047FB09 . 51 PUSH ECX
0047FB0A . 0FB648 11 MOVZX ECX,BYTE PTR DS:[EAX+11]
0047FB0E . D91C24 FSTP DWORD PTR SS:[ESP]
0047FB11 . D94424 2C FLD DWORD PTR SS:[ESP+2C]
0047FB15 . 8B4424 3C MOV EAX,DWORD PTR SS:[ESP+3C]
0047FB19 . 51 PUSH ECX
0047FB1A . 52 PUSH EDX
0047FB1B . 83EC 10 SUB ESP,10
0047FB1E . D95C24 0C FSTP DWORD PTR SS:[ESP+C]
0047FB22 . D94424 48 FLD DWORD PTR SS:[ESP+48]
0047FB26 . D95C24 08 FSTP DWORD PTR SS:[ESP+8]
0047FB2A . D94424 68 FLD DWORD PTR SS:[ESP+68]
0047FB2E . D95C24 04 FSTP DWORD PTR SS:[ESP+4]
0047FB32 . D94424 64 FLD DWORD PTR SS:[ESP+64]
0047FB36 . D91C24 FSTP DWORD PTR SS:[ESP]
0047FB39 . 50 PUSH EAX
0047FB3A . E8 E1D8F8FF CALL iw5mp.0040D420
0047FB3F . 83C4 28 ADD ESP,28
0047FB42 . EB 02 JMP SHORT iw5mp.0047FB46
0047FB44 > DDD8 FSTP ST
0047FB46 > D9EE FLDZ
0047FB48 . D94424 2C FLD DWORD PTR SS:[ESP+2C]
0047FB4C . D8D1 FCOM ST(1)
0047FB4E . DFE0 FSTSW AX
0047FB50 . DDD9 FSTP ST(1)
0047FB52 . F6C4 01 TEST AH,1
0047FB55 . 75 58 JNZ SHORT iw5mp.0047FBAF
0047FB57 . D84C24 1C FMUL DWORD PTR SS:[ESP+1C]
0047FB5B . 8B8424 8400000>MOV EAX,DWORD PTR SS:[ESP+84]
0047FB62 . 0FB650 11 MOVZX EDX,BYTE PTR DS:[EAX+11]
0047FB66 . 0FB640 10 MOVZX EAX,BYTE PTR DS:[EAX+10]
0047FB6A . D95C24 5C FSTP DWORD PTR SS:[ESP+5C]
0047FB6E . D94424 14 FLD DWORD PTR SS:[ESP+14]
0047FB72 . 56 PUSH ESI
0047FB73 . 8D4C24 54 LEA ECX,DWORD PTR SS:[ESP+54]
0047FB77 . 51 PUSH ECX
0047FB78 . 51 PUSH ECX
0047FB79 . 8B4C24 3C MOV ECX,DWORD PTR SS:[ESP+3C]
0047FB7D . D91C24 FSTP DWORD PTR SS:[ESP]
0047FB80 . 52 PUSH EDX
0047FB81 . D94424 30 FLD DWORD PTR SS:[ESP+30]
0047FB85 . 50 PUSH EAX
0047FB86 . 83EC 10 SUB ESP,10
0047FB89 . D95C24 0C FSTP DWORD PTR SS:[ESP+C]
0047FB8D . D94424 48 FLD DWORD PTR SS:[ESP+48]
0047FB91 . D95C24 08 FSTP DWORD PTR SS:[ESP+8]
0047FB95 . D94424 68 FLD DWORD PTR SS:[ESP+68]
0047FB99 . D95C24 04 FSTP DWORD PTR SS:[ESP+4]
0047FB9D . D94424 64 FLD DWORD PTR SS:[ESP+64]
0047FBA1 . D91C24 FSTP DWORD PTR SS:[ESP]
0047FBA4 . 51 PUSH ECX
0047FBA5 . E8 76D8F8FF CALL iw5mp.0040D420
0047FBAA . 83C4 28 ADD ESP,28
0047FBAD . EB 02 JMP SHORT iw5mp.0047FBB1
0047FBAF > DDD8 FSTP ST
0047FBB1 > 81C7 8C000000 ADD EDI,8C
0047FBB7 . 836C24 34 01 SUB DWORD PTR SS:[ESP+34],1
0047FBBC .^0F85 0EFCFFFF JNZ iw5mp.0047F7D0
0047FBC2 . 5D POP EBP
0047FBC3 > 5F POP EDI
0047FBC4 . 5E POP ESI
0047FBC5 . 5B POP EBX
0047FBC6 . 83C4 64 ADD ESP,64
0047FBC9 . C3 RETNCredits:
cardoow
*UC
![[Image: lQDUjba.jpg]](http://i.imgur.com/lQDUjba.jpg)