Results 1 to 11 of 11
  1. #1
    Martin4435's Avatar
    Join Date
    Sep 2014
    Gender
    male
    Posts
    12
    Reputation
    10
    Thanks
    25

    Post How to find DVAR offsets and Write them in C++ (Internal)

    First start IDA and load the iw5mp.exe





    Press SHIFT & F12 to Generate a Stringlist



    Press STRG & F and search for your dvar , I choose cg_fov



    Click on DATA XREF : sub_



    Press F5 to activate Pseudocode





    dword_B0A7A8 is the pointeroffset




    Code:
    Teknomw3 Pointer Offsets
    |
    dword_B1C9D4 = sub_4A5CF0((int)"cg_gun_x", 0.0, -3.4028235e38, 3.4028235e38, 4);
    dword_B1C9B0 = sub_4A5CF0((int)"cg_gun_y", 0.0, -3.4028235e38, 3.4028235e38, 4);
    dword_B1C9C0 = sub_4A5CF0((int)"cg_gun_z", 0.0, -3.4028235e38, 3.4028235e38, 4);
    dword_8FAB60 = sub_4A3300("cg_drawGun", 1, 4);
    dword_B0A7DC = sub_50C760("cg_cursorHints", 4, 0, 4, 1);
    dword_8FAA90 = sub_4A3300("cg_weaponHintsCoD1Style", 1, 64);
    dword_B0A7BC = sub_50C760("cg_hintFadeTime", 100, 0, 2147483647, 1);
    dword_B0A7A8 = sub_4A5CF0((int)"cg_fov", 65.0, 65.0, 80.0, 68);
    dword_B04638 = sub_4A5CF0((int)"cg_fovScale", 1.0, 0.2, 2.0, 4);
    dword_8FAA58 = sub_4A5CF0((int)"cg_fovMin", 1.0, 1.0, 160.0, 4);
    dword_8FAB28 = sub_4A5CF0((int)"cg_viewVehicleInfluence", 1.0, 0.0, 1.0, 68);
    dword_8FAB3C = sub_4A3300("cg_draw2D", 1, 4);
    dword_8FAA88 = sub_4A3300("cg_drawHealth", 0, 4);
    dword_8FAA5C = sub_4A3300("cg_drawBreathHint", 1, 1);
    dword_B04748 = sub_4A3300("cg_drawMantleHint", 1, 1);
    dword_8FAB70 = sub_4A3300("cg_drawStatsSource", 0, 1);
    dword_8FAA74 = sub_4D9310("cg_drawFPS", &off_8AE300, 0, 0);
    dword_8F87B8 = sub_4A3300("cg_drawViewpos", 0, 1);
    dword_8FAAA0 = sub_4A3300("cg_drawEffectNum", 0, 4);
    dword_B04770 = sub_4A3300("cg_drawFPSLabels", 1, 1);
    dword_B04710 = sub_4D9310("snd_drawInfo", off_8AE2EC, 0, 0);
    dword_B04688 = sub_4A3300("cg_drawScriptUsage", 0, 0);
    dword_B04704 = sub_4D9310("cg_drawMaterial", &off_8AE324, 0, 4);
    dword_8FAAF4 = sub_4A3300("cg_drawSnapshot", 0, 1);
    dword_8FAA9C = sub_4A3300("cg_drawCrosshair", 1, 4);
    dword_8FAAE8 = sub_4A3300("cg_drawTurretCrosshair", 1, 1);
    dword_B046A4 = sub_4A3300("cg_drawCrosshairNames", 1, 4);
    dword_8FAB94 = sub_50C760("cg_drawCrosshairNamesPosX", 300, 0, 640, 0);
    dword_B04760 = sub_50C760("cg_drawCrosshairNamesPosY", 180, 0, 480, 0);
    dword_B0475C = sub_4A3300("cg_drawDamageFlash", 0, 4);
    dword_8FF0F4 = sub_4A3300("cg_drawDamageDirection", 1, 4);
    dword_18A06A4 = sub_4A3300("fx_enable", 1, 4);
    dword_18A0720 = sub_4A3300("fx_draw", 1, 4);
    dword_18A06E4 = sub_4A3300("fx_draw_spotLight", 1, 4);
    dword_18A06C8 = sub_4A3300("fx_draw_omniLight", 1, 4);
    dword_18A072C = sub_4A3300("fx_cull_elem_spawn", 1, 0);
    dword_18A06DC = sub_4A3300("fx_cull_elem_draw", 1, 0);
    dword_18A0710 = sub_4A3300("fx_marks", 1, 1);
    dword_18A069C = sub_4A3300("fx_marks_smodels", 1, 1);
    dword_18A0730 = -6.8056469e38;
    dword_18A06F0 = sub_4A3300("fx_freeze", 0, 4);
    dword_18A06F4 = sub_4A5CF0((int)"fx_debugBolt", 0.0, 0.0, 1000.0, 4);
    dword_18A06F8 = sub_4A3300("fx_count", 0, 4);
    dword_18A0700 = sub_4A5CF0((int)"fx_visMinTraceDist", 80.0, 0.0, 1000.0, 4);
    dword_18A06CC = sub_4D9310("fx_profileSort", off_8B042C, 0, 4);
    dword_18A0728 = sub_50C760("fx_profileSkip", 0, 0, 1000, 4);
    dword_18A06BC = sub_4157E0("fx_profileFilter", &byte_7E0A2B, 4);
    dword_18A0724 = sub_50C760("fx_profile", 0, 0, 1, 4);
    dword_18A0698 = sub_50C760("fx_mark_profile", 0, 0, 1, 4);
    dword_18A0704 = sub_4A3300("fx_drawClouds", 1, 4);
    dword_18A0718 = sub_4A3300("fx_deferelem", 1, 4);
    dword_18A0734 = sub_4A3300("fx_draw_simd", 1, 4);
    dword_18A0738 = sub_4A3300("fx_killEffectOnRewind", 0, 4);
    dword_18A06B4 = sub_50C760("fx_alphaThreshold", 0, 0, 256, 68);
    dword_5F96C1C = sub_50C760("r_imageQuality", 1, 0, 4, 3);
    dword_5F96B34 = sub_4A3300("r_detail", 1, 0);
    dword_5F96BBC = sub_4A3300("r_normal", 1, 0);
    dword_5F969BC = sub_4A3300("r_specular", 1, 1);
    dword_5F96B38 = sub_4D9310("r_lightMap", off_8B77A4, 1, 4);
    dword_5F96BE8 = sub_4D9310("r_colorMap", off_8B77A4, 1, 4);
    dword_5F969C4 = sub_4D9310("r_detailMap", off_8B77B8, 1, 4);
    dword_5F96C4C = sub_4D9310("r_normalMap", off_8B77C4, 1, 4);
    dword_5F96B18 = sub_4D9310("r_specularMap", off_8B77A4, 1, 4);
    dword_5F96A48 = sub_4A3300("r_drawSun", 1, 1);
    dword_5F96C18 = sub_4A3300("r_drawDecals", 1, 4);
    dword_5F96B14 = sub_50C760("r_dlightLimit", 4, 0, 4, 64);
    dword_5F96AD4 = sub_4A3300("r_spotLightShadows", 1, 4);
    dword_5F96BA0 = sub_4A3300("r_spotLightEntityShadows", 1, 4);
    dword_5F96BDC = sub_4A3300("r_drawWater", 1, 1);
    dword_5F96B30 = sub_4A3300("r_lockPvs", 0, 4);
    dword_5F96BD4 = sub_4A3300("r_skipPvs", 0, 4);
    dword_1060198 = sub_50C760("cl_maxpackets", 30, 15, 100, 0);
    dword_1060190 = sub_50C760("cl_packetdup", 2, 0, 5, 1);
    dword_8DAF48 = sub_4A5CF0((int)"bg_weaponBobAmplitudeBase", 0.16, 0.0, 1.0, 0);
    dword_8DD834 = sub_48AFE0((int)"bg_weaponBobAmplitudeSprinting", 0.02, 0.014, 0.0, 1.0, 140);
    dword_8DD8FC = sub_48AFE0((int)"bg_weaponBobAmplitudeStanding", 0.055, 0.025, 0.0, 1.0, 204);
    dword_8DAF30 = sub_48AFE0((int)"bg_weaponBobAmplitudeDucked", 0.045000002, 0.025, 0.0, 1.0, 140);
    dword_8DB0C8 = sub_48AFE0((int)"bg_weaponBobAmplitudeProne", 0.02, 0.0049999999, 0.0, 1.0, 140);
    dword_8DD8A8 = sub_4A5CF0((int)"bg_weaponBobAmplitudeRoll", 1.5, 0.0, 90.0, 140);
    dword_8DAF5C = sub_4A5CF0((int)"bg_weaponBobMax", 8.0, 0.0, 36.0, 140);
    dword_8DD908 = sub_4A5CF0((int)"bg_weaponBobLag", 0.25, -1.0, 1.0, 140);
    dword_1CE77A4 = sub_50C760("com_maxfps", 85, 0, 100, 0);
    C++ Code
    Code:
    template <class Value>
    void WritePointer(DWORD pointer, DWORD pointerofs, Value value)
    {
    
    	DWORD dwPointer = *(DWORD*)pointer;
    	*(Value*)(dwPointer + pointerofs) = value;
    	
    }
    Example
    Code:
    #include <Windows.h>
    #include <iostream>
    using namespace std;
    
    
    
    
    template <class Value>
    void WritePointer(DWORD pointer, DWORD pointerofs, Value value)
    {
    
    	DWORD dwPointer = *(DWORD*)pointer;
    	*(Value*)(dwPointer + pointerofs) = value;
    
    }
    
    void Writing()
    {
    	//GUN X
    	WritePointer<float>(0xB1C9D4, 0xC, 0);
    	// GUN Y
    	WritePointer<float>(0xB1C9B0, 0xC, 12.f);
    	// GUN Z
    	WritePointer<float>(0xB1C9C0, 0xC, 0);
    
    	//FOV
    	WritePointer<float>(0xB0A7A8, 0xC, 120.f);
    
    	//Draw Gun
    	WritePointer<int>(0x8FAB60, 0xC, 1);
    
    }
    
    BOOL APIENTRY DllMain(HMODULE hdll, DWORD  reason, LPVOID lpReserved) {
    	if (reason == DLL_PROCESS_ATTACH) {
    
    		Writing();
    
    
    	}
    	return TRUE;
    }
    Last edited by Martin4435; 02-23-2016 at 08:28 AM.

  2. The Following 5 Users Say Thank You to Martin4435 For This Useful Post:

    AuT03x3C (02-22-2016),[MPGH]Eithan1231 (05-05-2016),gogogokitty (09-20-2016),oschigamer (02-24-2016),shryder (02-29-2016)

  3. #2
    COD3RIN's Avatar
    Join Date
    May 2013
    Gender
    male
    Location
    Posts
    4,942
    Reputation
    315
    Thanks
    22,163
    My Mood
    Busy
    Nice tutorial...��


    Love you.
    ~Kenshit13
    Quote Originally Posted by cheaterman26 View Post
    COD3RIN PUT A BACKDOOR ON HIS OWN CHEAT HE HACK MY COMPUTER AND MY STEAM, DON'T TRUST THIS GUYS !

  4. #3
    shryder's Avatar
    Join Date
    Jul 2015
    Gender
    male
    Location
    Nuketown
    Posts
    28
    Reputation
    10
    Thanks
    11
    My Mood
    Cool
    Peeeeeeerfect , Just perfect .. its a so good tutorial for beginners , i honestly understand so much stuff from it thank you so much!

  5. #4
    Smoke's Avatar
    Join Date
    Nov 2014
    Gender
    male
    Posts
    7,036
    Reputation
    1975
    Thanks
    3,257
    My Mood
    Amazed
    This is an interesting tutorial.

    Nice job man!
    My ONLY skype is "smoke.mpgh" Please Private Message me BEFORE Buying/Selling anything from me

    Quote Originally Posted by Liz View Post
    This is my first vouch, ever. Rapidgator account worked perfectly. Would buy in the future.
    MPGH History:
    Joined- November 2014
    Donator/Premium Member- October 2015
    Steam Games Hacks & Cheats Minion- December 2015
    Blackshot Minion- January 2016
    Pharaoh of the Year- 2016
    Minion+- June 2016
    Grand Theft Auto Minion- July 2016
    Official Middleman- September 2016

  6. #5
    Clxrk's Avatar
    Join Date
    May 2016
    Gender
    male
    Location
    127.0.01
    Posts
    34
    Reputation
    10
    Thanks
    20
    Very good tutorial for!

  7. #6
    Poddzhh's Avatar
    Join Date
    Apr 2016
    Gender
    male
    Posts
    4
    Reputation
    10
    Thanks
    0
    If i press F5 the code start with "off_" why?

  8. #7
    Eithan1231's Avatar
    Join Date
    Jan 2015
    Gender
    male
    Location
    Australia
    Posts
    1,600
    Reputation
    429
    Thanks
    4,281
    My Mood
    Angelic
    Quote Originally Posted by Poddzhh View Post
    If i press F5 the code start with "off_" why?
    That doesn't make sence.

    Join my discord Click Here!

     

  9. #8
    Poddzhh's Avatar
    Join Date
    Apr 2016
    Gender
    male
    Posts
    4
    Reputation
    10
    Thanks
    0
    How I can find the ClientInfo ?

  10. #9
    flexarrr's Avatar
    Join Date
    Mar 2014
    Gender
    male
    Posts
    3
    Reputation
    10
    Thanks
    0
    When i press p5, the pseudo code looks nothing like yours. What am i doing wrong?


    This is my pseudo output -> gyazo . com / 117c3ac563093e3236b10346eb23bdbd

  11. #10
    flexarrr's Avatar
    Join Date
    Mar 2014
    Gender
    male
    Posts
    3
    Reputation
    10
    Thanks
    0
    Quote Originally Posted by Eithan1231 View Post


    That doesn't make sence.
    why does my pseudocode look nothing like OP's?
    Am i doing something wrong

  12. #11
    Eithan1231's Avatar
    Join Date
    Jan 2015
    Gender
    male
    Location
    Australia
    Posts
    1,600
    Reputation
    429
    Thanks
    4,281
    My Mood
    Angelic
    Quote Originally Posted by flexarrr View Post
    why does my pseudocode look nothing like OP's?
    Am i doing something wrong
    You dump the process?

    Join my discord Click Here!

     

Similar Threads

  1. [Tutorial] BOII how to find DVARS /w OllyDBG and CE
    By [NEWACCOUNT]Yano in forum Call of Duty Black Ops 2 Tutorials
    Replies: 7
    Last Post: 11-05-2015, 01:24 PM
  2. [Help Request] MW3 - Ollydbg explanation how to find certain Address and use them
    By Nordiii in forum Call of Duty Modern Warfare 3 Coding, Programming & Source Code
    Replies: 10
    Last Post: 07-06-2014, 04:33 PM
  3. [Help] how to find this offset in pointBlank please tell it here
    By pronten in forum Piercing Blow Hack Coding/Source Code
    Replies: 8
    Last Post: 08-16-2011, 01:17 PM
  4. How to find a NoRecoil and NoSpread in Warrock PH
    By gbjhet23 in forum WarRock Philippines Help & Discussions
    Replies: 0
    Last Post: 08-03-2011, 11:29 AM
  5. [TuT]How to find no recoil and no spread
    By Twisted_scream in forum WarRock - International Hacks
    Replies: 10
    Last Post: 06-23-2008, 12:59 PM