Thread: IW5M Dvar Dump

Results 1 to 14 of 14
  1. #1
          ( ° ͜ʖ͡°)╭∩╮
    Former Staff
    MarkHC's Avatar
    Join Date
    Nov 2011
    Gender
    male
    Location
    127.0.0.1
    Posts
    2,751
    Reputation
    66
    Thanks
    14,311
    My Mood
    Angelic

    IW5M Dvar Dump

    Just the dvars from MW3.. already posted thousands of times.. but not here on mpgh from what I know

    IW5M Dvar Dump

    Credits:

     

    As far as I tested, this works for any cod...

    Load up the CoD you want on IDA Pro and go to Search Text and search for "Can't create Dvar"

    You'll end up on something like this:

    This function has everything you need.

    Press F5 to go to PseudoCode view.

    You'll see a if testing if the dvar list is full:
    Code:
    if ( dword_59B3CA0 >= 4096 )
    in this case, dword_59B3CA0 holds the max of dvars allowed (usually 4096).

    Right after the is the pointer to the dvar struct:
    Code:
    v10 = (int)((char *)&unk_59B8CC8 + 76 * v9);
    unk_59B8CC8 is the start of the dvar list. 76(0x4C) is the size of the dvar struct. v9 is the Dvar index on the list.

    After this there's a switch testing for the dvar type and setting the value.

    Code:
    *(_BYTE *)(v10 + 8) = a2;
    
    switch ( a2 )
      {
        case 7:
          v11 = sub_42BE30(LODWORD(a4));
          *(_DWORD *)(v10 + 12) = v11;
          *(_DWORD *)(v10 + 28) = v11;
          *(_DWORD *)(v10 + 44) = v11;
          break;
          
          bla bla bla...
    }
    Hopefully, now you can already see the dvar struct (more or less)...

    This is the base struct (it has more stuff in it) for MW3:
    Code:
    class dvar_t_mw3
    {
    public:
        char* Name; //0x0000 
        char unk1[4]; //0x0004 
        BYTE bType; //0x0008 
        char unk2[3]; //0x0009 
        __int32 iValue; //0x000C 
        char unk3[60]; //0x0010 
    };//Size=0x004C
    To log all dvars you can now simply do:

    Code:
    for(int i = 0; i < *(DWORD*)0x59B3CA0; i++)
    {
    	dvar_t_mw3 *Dvar = (dvar_t_mw3*)(0x59B8CC8 + i * 0x4C);
    	if(Dvar != NULL)		
    		Log("%s 0x%.8X\n", Dvar->Name, &Dvar->iValue);
    }
    Last edited by MarkHC; 12-09-2012 at 12:58 PM.


    CoD Minion from 09/19/2012 to 01/10/2013

  2. The Following 4 Users Say Thank You to MarkHC For This Useful Post:

    [MPGH]Eithan1231 (07-06-2015),Kenshin13 (12-09-2012),mwxplayer (12-09-2012),SamTheDope (07-04-2015)

  3. #2
    mwxplayer's Avatar
    Join Date
    Aug 2012
    Gender
    male
    Location
    hax
    Posts
    584
    Reputation
    10
    Thanks
    2,665
    My Mood
    Doh
    thank you very much.

  4. #3
    Kenshin13's Avatar
    Join Date
    May 2011
    Gender
    male
    Location
    Cloud 9
    Posts
    3,473
    Reputation
    564
    Thanks
    5,883
    My Mood
    Psychedelic
    How did u find this? O_O

  5. #4
    Threadstarter
          ( ° ͜ʖ͡°)╭∩╮
    Former Staff
    MarkHC's Avatar
    Join Date
    Nov 2011
    Gender
    male
    Location
    127.0.0.1
    Posts
    2,751
    Reputation
    66
    Thanks
    14,311
    My Mood
    Angelic
    Quote Originally Posted by Kenshin13 View Post
    How did u find this? O_O
    Searching? Just find the function that creates/register the dvars and you'll find all you need.


    CoD Minion from 09/19/2012 to 01/10/2013

  6. #5
    Kenshin13's Avatar
    Join Date
    May 2011
    Gender
    male
    Location
    Cloud 9
    Posts
    3,473
    Reputation
    564
    Thanks
    5,883
    My Mood
    Psychedelic
    Lil tutorial for me?

  7. #6
    Skolino's Avatar
    Join Date
    Jul 2012
    Gender
    male
    Posts
    111
    Reputation
    10
    Thanks
    3
    whats this?

  8. #7
    Kenshin13's Avatar
    Join Date
    May 2011
    Gender
    male
    Location
    Cloud 9
    Posts
    3,473
    Reputation
    564
    Thanks
    5,883
    My Mood
    Psychedelic
    Quote Originally Posted by Skolino View Post
    whats this?
    If you have to ask that, it's not for you.
    It's for programmers.

  9. #8
    Threadstarter
          ( ° ͜ʖ͡°)╭∩╮
    Former Staff
    MarkHC's Avatar
    Join Date
    Nov 2011
    Gender
    male
    Location
    127.0.0.1
    Posts
    2,751
    Reputation
    66
    Thanks
    14,311
    My Mood
    Angelic
    Quote Originally Posted by Kenshin13 View Post
    If you have to ask that, it's not for you.
    It's for programmers.
    Actually, this is for anyone with IQ enough to use Cheat Engine.
    @Skolino This is IW5M Dvar List. Dvars are kinda the game config... more or less... you can change some of them to accomplish some things. i.e, if you set g_compassShowEnemies to 1 you *can* get Advanced UAV all the time... change cg_gun_x to some number you like to change the Gun Position (Looks cool IMO) and so on


    CoD Minion from 09/19/2012 to 01/10/2013

  10. The Following User Says Thank You to MarkHC For This Useful Post:

    Cosmo_ (05-16-2015)

  11. #9
    mwxplayer's Avatar
    Join Date
    Aug 2012
    Gender
    male
    Location
    hax
    Posts
    584
    Reputation
    10
    Thanks
    2,665
    My Mood
    Doh
    Quote Originally Posted by -InSaNe- View Post
    Actually, this is for anyone with IQ enough to use Cheat Engine.
    @Skolino This is IW5M Dvar List. Dvars are kinda the game config... more or less... you can change some of them to accomplish some things. i.e, if you set g_compassShowEnemies to 1 you *can* get Advanced UAV all the time... change cg_gun_x to some number you like to change the Gun Position (Looks cool IMO) and so on
    UAV* (not Advanced)

  12. #10
    Kenshin13's Avatar
    Join Date
    May 2011
    Gender
    male
    Location
    Cloud 9
    Posts
    3,473
    Reputation
    564
    Thanks
    5,883
    My Mood
    Psychedelic
    Quote Originally Posted by mwxplayer View Post
    UAV* (not Advanced)
    It shows Advanced UAV if you set g_compassShowEnemies to 1 and if the enemy is shooting.

    Also, -InSaNe- none of these that I tested so far works....why?
    cg_DrawFPS .... Dat bitch of a Dvar

  13. #11
    Threadstarter
          ( ° ͜ʖ͡°)╭∩╮
    Former Staff
    MarkHC's Avatar
    Join Date
    Nov 2011
    Gender
    male
    Location
    127.0.0.1
    Posts
    2,751
    Reputation
    66
    Thanks
    14,311
    My Mood
    Angelic
    Quote Originally Posted by Kenshin13 View Post
    It shows Advanced UAV if you set g_compassShowEnemies to 1 and if the enemy is shooting.

    Also, -InSaNe- none of these that I tested so far works....why?
    cg_DrawFPS .... Dat bitch of a Dvar
    =/ They might be wrong then.. lemme test and I'll see :P


    CoD Minion from 09/19/2012 to 01/10/2013

  14. #12
    Kenshin13's Avatar
    Join Date
    May 2011
    Gender
    male
    Location
    Cloud 9
    Posts
    3,473
    Reputation
    564
    Thanks
    5,883
    My Mood
    Psychedelic
    Quote Originally Posted by -InSaNe- View Post
    =/ They might be wrong then.. lemme test and I'll see :P
    Ok but is CG_DrawFPS and cg_Draw2D feature? What type is it?
    You could've printed the DVAR type with this ENUM:

    Code:
    typedef enum
    {
    	TYPE_BOOL    = 0,
    	TYPE_FLOAT    = 1,
    	TYPE_VEC2    = 2,
    	TYPE_VEC3    = 3,
    	TYPE_VEC4    = 4,
    	TYPE_INT    = 5,
    	TYPE_ENUM    = 6,
    	TYPE_STRING    = 7,
    	TYPE_COLOR    = 8,
    	TYPE_VEC3_2    = 9
    } DVAR_TYPE_FROM_HASHTABLE;
    Look at what intervention61 posted:

    Quote Originally Posted by BaberZz
    Code:
    DWORD hashTable = 0x59B7CC8; // Address for TeknoMW3 ( 1.4.382 )
    DWORD hashTable = 0x5A98A48; // Address for Steam version 1.5.388
    
    long GenerateHashValue( char* CvarName )
    {
        long    dwRet    = 0;
        char    letter    = 0;
    
        for( UINT i = 0; i < strlen( CvarName ); i++ )
        {
            letter    = tolower( CvarName[i] );
            dwRet    += ( long )( letter ) * ( 119 + i );
        }
    
        return dwRet & 0x3FF;
    }
    
    DWORD Cvar_FindVar( HANDLE hProcess, char* Name )
    {
        char    Cvar[32];
        memset( Cvar, 0, 32 );
    
        long hash = GenerateHashValue( Name );
    
        DWORD hashTable = 0x5A98A48;
        DWORD dwStruct = ( hashTable + ( 4 * (int)hash ) );
        ReadProcessMemory( hProcess, ( PVOID )dwStruct, &dwStruct, 4, 0 );
    
        DWORD dwString = 0;
        for( ;; )
        {
            if( dwString )
                ReadProcessMemory( hProcess, ( PVOID )( dwStruct + 0x48 ), &dwStruct, 4, 0 );
    
            ReadProcessMemory( hProcess, ( PVOID ) dwStruct, &dwString, 4, 0 );
            ReadProcessMemory( hProcess, ( PVOID ) dwString, &Cvar, 32, 0 );
    
            if( !dwStruct )
                return NULL;
    
            if( !_strcmp( Name, Cvar ) )
                return dwStruct;
        }
    }
    
    typedef struct
    {
        int argNum;
        char cmdName[256];
        char cmdArgs[256][256];
    
        char* CombineArgs( )
        {
            static char Args[ 256 ];
            for( int i = 0; i < argNum; i++ )
            {
                strcat_s( Args, 256, cmdArgs[i] );
                if( i != argNum-1 )
                    strcat_s( Args, 256, " ");
            }
    
            return Args;
        }
    
    } cmdline_t;
    
    void SplitCommandLine(const char *inCMDLine, cmdline_t *outInfo)
    {
        memset(outInfo, 0, sizeof(cmdline_t));
    
        int len = strlen(inCMDLine) + 1;
        char *cmdbuf = new char[len];
        memcpy(cmdbuf, inCMDLine, len);
    
        char *token = strtok(cmdbuf, " ");
    
        while (token != NULL)
        {
            int tlen = strlen(token) + 1;
    
            if (outInfo->argNum == 0)
                memcpy(outInfo->cmdName, token, tlen);
            else
                memcpy(outInfo->cmdArgs[outInfo->argNum - 1], token, tlen);
    
            token = strtok(NULL, " ");
            if (token != NULL) ++outInfo->argNum;
        }
    }
    // --------------------------------------------------------------------------------
    char* GetCvarValue( HANDLE hProcess, char* CvarName )
    {
        static char dwRet[256];
        memset( dwRet, 0, 256 );
    
        DWORD dwStruct = Cvar_FindVar( hProcess, CvarName );
        if( !dwStruct )
            return "";
    
        BYTE Type = 0;
        ReadProcessMemory( hProcess, ( PVOID )( dwStruct + 0x8 ), &Type, 1, 0 );
    
        switch( Type )
        {
        case TYPE_BOOL:
            {
                bool val = 0;
                ReadProcessMemory( hProcess, ( PVOID )( dwStruct + 0xC ), &val, 1, 0 );
                sprintf_s( dwRet, 256, "%s", ( val ) ? "1" : "0" );
            }
            break;
        case TYPE_FLOAT:
            {
                float val = 0.f;
                ReadProcessMemory( hProcess, ( PVOID )( dwStruct + 0xC ), &val, 4, 0 );
                sprintf_s( dwRet, 256, "%g", val );
            }
            break;
        case TYPE_VEC2:
            {
                float val[2];
                memset( val, 0, 8 );
                ReadProcessMemory( hProcess, ( PVOID )( dwStruct + 0xC ), &val, 8, 0 );
                sprintf_s( dwRet, 256, "%g %g", val[0], val[1] );
            }
            break;
        case TYPE_VEC3:
        case TYPE_VEC3_2:
            {
                float val[3];
                memset( val, 0, 12 );
                ReadProcessMemory( hProcess, ( PVOID )( dwStruct + 0xC ), &val, 12, 0 );
                sprintf_s( dwRet, 256, "%g %g %g", val[0], val[1], val[2] );
            }
            break;
        case TYPE_VEC4:
            {
                float val[4];
                memset( val, 0, 16 );
                ReadProcessMemory( hProcess, ( PVOID )( dwStruct + 0xC ), &val, 16, 0 );
                sprintf_s( dwRet, 256, "%g %g %g %g", val[0], val[1], val[2], val[3] );
            }
            break;
        case TYPE_INT:
        case TYPE_ENUM:
            {
                int val = 0;
                ReadProcessMemory( hProcess, ( PVOID )( dwStruct + 0xC ), &val, 4, 0 );
                sprintf_s( dwRet, 256, "%i", val );
            }
            break;
        case TYPE_STRING:
            {
                char val[256];
                memset( val, 0, 256 );
                DWORD dwPointer = 0;
                ReadProcessMemory( hProcess, ( PVOID )( dwStruct + 0xC ), &dwPointer, 4, 0 );
                ReadProcessMemory( hProcess, ( PVOID )dwPointer, &val, 256, 0 );
                sprintf_s( dwRet, 256, "%s", val );
            }
            break;
        case TYPE_COLOR:
            {
                BYTE color[4];
                float flt_color[4];
                memset( flt_color, 0, 16 );
                memset( color, 0, 4 );
    
                ReadProcessMemory( hProcess, ( PVOID )( dwStruct + 0xC ), &color, 4, 0 );
                for( int i = 0; i < 4; i++ )
                    flt_color[i] = ( float )( color[i] * 0.003921568859368563 );
                sprintf_s( dwRet, 256, "%g %g %g %g", flt_color[0], flt_color[1], flt_color[2], flt_color[3] );
            }
            break;
        default:
            sprintf_s( dwRet, 256, "" );
            break;
        }
    
        return dwRet;
    }
    
    void SetCvar( HANDLE hProcess, char* String )
    {
        cmdline_t cmdOut;
        SplitCommandLine( String, &cmdOut );
    
        DWORD dwStruct = Cvar_FindVar( hProcess, cmdOut.cmdName );
        if( !dwStruct )
            return;
    
        int NumOfArgs = cmdOut.argNum;
    
        BYTE Type = 0;
        ReadProcessMemory( hProcess, ( PVOID )( dwStruct + 0x8 ), &Type, 1, 0 );
        switch( Type )
        {
        case TYPE_BOOL:
            {
                bool val = ( strcmp( cmdOut.cmdArgs[0], "1" ) == 0 ) ? true : false;
                WriteProcessMemory( hProcess, ( PVOID )( dwStruct + 0xC ), &val, 1, 0 );
            }
            break;
        case TYPE_FLOAT:
            {
                float val = (float)atof( cmdOut.cmdArgs[0] );
                WriteProcessMemory( hProcess, ( PVOID )( dwStruct + 0xC ), &val, 4, 0 );
            }
            break;
        case TYPE_VEC2:
            {
                if( NumOfArgs >= 2 )
                {
                    float val[2];
                    memset( val, 0, 8 );
                    for( int i = 0; i < 2; i++ )
                        val[i] = (float)atof( cmdOut.cmdArgs[i] );
                    WriteProcessMemory( hProcess, ( PVOID )( dwStruct + 0xC ), &val, 8, 0 );
                }
            }
            break;
        case TYPE_VEC3:
        case TYPE_VEC3_2:
            {
                if( NumOfArgs >= 3 )
                {
                    float val[3];
                    memset( val, 0, 12 );
                    for( int i = 0; i < 3; i++ )
                        val[i] = (float)atof( cmdOut.cmdArgs[i] );
                    WriteProcessMemory( hProcess, ( PVOID )( dwStruct + 0xC ), &val, 12, 0 );
                }
            }
            break;
        case TYPE_VEC4:
            {
                if( NumOfArgs >= 4 )
                {
                    float val[4];
                    memset( val, 0, 16 );
                    for( int i = 0; i < 4; i++ )
                        val[i] = (float)atof( cmdOut.cmdArgs[i] );
                    WriteProcessMemory( hProcess, ( PVOID )( dwStruct + 0xC ), &val, 16, 0 );
                }
            }
            break;
        case TYPE_ENUM:
        case TYPE_INT:
            {
                int val = atoi( cmdOut.cmdArgs[0] );
                WriteProcessMemory( hProcess, ( PVOID )( dwStruct + 0xC ), &val, 4, 0 );
            }
            break;
        case TYPE_STRING:
            {
                void* pMem = VirtualAllocEx( hProcess, NULL, 256, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE );
                WriteProcessMemory( hProcess, pMem, cmdOut.CombineArgs( ), 256, 0 );
                WriteProcessMemory( hProcess, ( PVOID )( dwStruct + 0xC ), &pMem, 4, 0 );
            }
            break;
        case TYPE_COLOR:
            {
                BYTE  color[4];
                memset( color, 0, 4 );
                for( int i = 0; i < 4; i++ )
                {
                    color[i] = ( BYTE )( floor(atof(cmdOut.cmdArgs[i]) / 0.00392156862 + 0.5));
                }
                WriteProcessMemory( hProcess, ( PVOID )( dwStruct + 0xC ), &color, 4, 0 );
            }
            break;
        }
    
    }
    
    USAGE:
    // GetCvarValue
    printf("CG_Fov Value: %s\n", GetCvarValue( hProcess, "cg_fov" ) );
    
    // SetCvar
    // String = CvarName followed my value
    SetCvar( hProcess, "cg_fov 80" );
    SetCvar( hProcess, "g_ScoresColor_EnemyTeam 1 1 0.7 1" );
    
    // Cvar_FindVar
    printf("cg_fov struct is located at 0x%X\n", Cvar_FindVar( hProcess, "cg_fov" ) );
    I tried it before, hash table is correct but they never seemed to work :/
    Last edited by Kenshin13; 12-10-2012 at 02:06 PM.

  15. #13
    Threadstarter
          ( ° ͜ʖ͡°)╭∩╮
    Former Staff
    MarkHC's Avatar
    Join Date
    Nov 2011
    Gender
    male
    Location
    127.0.0.1
    Posts
    2,751
    Reputation
    66
    Thanks
    14,311
    My Mood
    Angelic
    Just tested, they are correct. What you should know is that just because a Dvar is on the game, it does not mean they do something... MW3 is a copy&paste from MW2 and CoD so some Dvars that were used on that games do nothing on MW3 but were not removed from the game... And most dvars are integers... or float... Draw2D and DrawFPS are integers... And I know I could print the Type.. I'm just lazy.


    CoD Minion from 09/19/2012 to 01/10/2013

  16. #14
    Kenshin13's Avatar
    Join Date
    May 2011
    Gender
    male
    Location
    Cloud 9
    Posts
    3,473
    Reputation
    564
    Thanks
    5,883
    My Mood
    Psychedelic
    So.... no cg_drawFPS?

Similar Threads

  1. Dump!
    By Flawless in forum Spammers Corner
    Replies: 20
    Last Post: 12-18-2014, 05:28 AM
  2. [Release] MW3 DVAR DUMP
    By Insane in forum Call of Duty - Modern Warfare 3 (MW3) Hacks & Cheats
    Replies: 9
    Last Post: 11-07-2011, 07:38 AM
  3. CPU Usage Dumping(now you can use images)
    By radnomguywfq3 in forum Visual Basic Programming
    Replies: 1
    Last Post: 10-10-2007, 01:38 PM
  4. MAH FOTOBUCKET IMAGE DUMP, only kewl people look
    By iverson954360 in forum General
    Replies: 15
    Last Post: 08-13-2007, 05:15 PM