Results 1 to 12 of 12
  1. #1
    Nordiii's Avatar
    Join Date
    Jan 2013
    Gender
    male
    Posts
    150
    Reputation
    61
    Thanks
    702
    My Mood
    Angelic

    Change to thirdPerson and only headshot Pointer problem

    Hi I have a question!

    The problem is both dvars ("scr_game_onlyheadshots", "scr_thirdPerson") have the same pointer as long as you didn't make a private lobby and enable thirdPerson or only Headshot

    Is there a way to change this so you can edit it online?

    Sincerely Nordiii
    Last edited by Nordiii; 09-14-2014 at 07:07 AM.

  2. #2
    殺す必要がある唯一のものは殺されるために準備され人 々である。
    Premium Member
    Hitokiri~'s Avatar
    Join Date
    Oct 2012
    Gender
    female
    Location
    Cancer.
    Posts
    1,195
    Reputation
    24
    Thanks
    863
    My Mood
    Bitchy
    G_FindDvar()

  3. #3
    Nordiii's Avatar
    Join Date
    Jan 2013
    Gender
    male
    Posts
    150
    Reputation
    61
    Thanks
    702
    My Mood
    Angelic
    Quote Originally Posted by Hitokiri~ View Post
    G_FindDvar()
    Okay that's confusing me right now...

    I have the dvars but they all point to the same address and only change when I select thrid person in a privat lobby and changing back after the match

    i'm not using any .dlls so what do you mean with G_FindDvar()?

    Sorry if this question is stupid

    Nordiii

  4. #4
    殺す必要がある唯一のものは殺されるために準備され人 々である。
    Premium Member
    Hitokiri~'s Avatar
    Join Date
    Oct 2012
    Gender
    female
    Location
    Cancer.
    Posts
    1,195
    Reputation
    24
    Thanks
    863
    My Mood
    Bitchy
    The game has a function that allows you to find the specific dvar in one of two ways:
    - Iterating through the single linked list dvar structure ( Next struct pointer is at +0x48 )
    - Calculating a hash value for the dvar name and performing a lookup in a pointer table.

    I'd recommend you use one of these methods as they're more reliable. Also I believe the dvar is called "cg_thirdPerson" and not "scr_thirdperson".

  5. The Following User Says Thank You to Hitokiri~ For This Useful Post:

    Nordiii (09-16-2014)

  6. #5
    Nordiii's Avatar
    Join Date
    Jan 2013
    Gender
    male
    Posts
    150
    Reputation
    61
    Thanks
    702
    My Mood
    Angelic
    Quote Originally Posted by Hitokiri~ View Post
    The game has a function that allows you to find the specific dvar in one of two ways:
    - Iterating through the single linked list dvar structure ( Next struct pointer is at +0x48 )
    - Calculating a hash value for the dvar name and performing a lookup in a pointer table.

    I'd recommend you use one of these methods as they're more reliable. Also I believe the dvar is called "cg_thirdPerson" and not "scr_thirdperson".
    Yeah there is a cg_thridPerson to but i want to enable third person for everyone

    and the server side third person has the same pointer as hardcore , only headshot and some other dvars and the pointer only change in privat lobbys and when i change the pointer by myselfe to the changed pointer the game just give a fuck

  7. #6
    殺す必要がある唯一のものは殺されるために準備され人 々である。
    Premium Member
    Hitokiri~'s Avatar
    Join Date
    Oct 2012
    Gender
    female
    Location
    Cancer.
    Posts
    1,195
    Reputation
    24
    Thanks
    863
    My Mood
    Bitchy
    Quote Originally Posted by Nordiii View Post
    Yeah there is a cg_thridPerson to but i want to enable third person for everyone

    and the server side third person has the same pointer as hardcore , only headshot and some other dvars and the pointer only change in privat lobbys and when i change the pointer by myselfe to the changed pointer the game just give a fuck
    I posted 2 solutions above, have you tried those?

  8. #7
    Nordiii's Avatar
    Join Date
    Jan 2013
    Gender
    male
    Posts
    150
    Reputation
    61
    Thanks
    702
    My Mood
    Angelic
    Quote Originally Posted by Hitokiri~ View Post

    I posted 2 solutions above, have you tried those?
    Sorry maybe im just to stupid for this because I not that used to dvars (I want to improve alot but I think no one would really put the effort into teaching me) and I didn't do a lot with hacking except my Server control and only used to java.


    So could you please explain it whats the difference between
    - Iterating through the single linked list dvar structure ( Next struct pointer is at +0x48 )

    and my current method where I loop through every singel and look if the name is equals?

    second i think is like a pattern scanner?


    Sorry I know thats really Choobisch but I really want to get deeper in this

  9. #8
    殺す必要がある唯一のものは殺されるために準備され人 々である。
    Premium Member
    Hitokiri~'s Avatar
    Join Date
    Oct 2012
    Gender
    female
    Location
    Cancer.
    Posts
    1,195
    Reputation
    24
    Thanks
    863
    My Mood
    Bitchy
    Quote Originally Posted by Nordiii View Post
    Sorry maybe im just to stupid for this because I not that used to dvars (I want to improve alot but I think no one would really put the effort into teaching me) and I didn't do a lot with hacking except my Server control and only used to java.


    So could you please explain it whats the difference between
    - Iterating through the single linked list dvar structure ( Next struct pointer is at +0x48 )

    and my current method where I loop through every singel and look if the name is equals?

    second i think is like a pattern scanner?


    Sorry I know thats really Choobisch but I really want to get deeper in this
    Are you finding these pointers dynamically? Aka upon game starting, you select the first dvar in the dvar array and scan through each?
    You say "loop" so I assume you're doing the same thing. You also didn't state how you were finding them, just that you "had them".

  10. #9
    Nordiii's Avatar
    Join Date
    Jan 2013
    Gender
    male
    Posts
    150
    Reputation
    61
    Thanks
    702
    My Mood
    Angelic
    Quote Originally Posted by Hitokiri~ View Post


    Are you finding these pointers dynamically? Aka upon game starting, you select the first dvar in the dvar array and scan through each?
    You say "loop" so I assume you're doing the same thing. You also didn't state how you were finding them, just that you "had them".
    Yeah, currently I scan through them every time the game is started or the hack get started because some addresses tend to change sometimes.


    master131 was so kind to gave me this addresses when I asked him how he managed to change the time while he is ingame.
    Code:
        Dim OFFS_DVarList As Integer = &H5AAXXXXX
        Dim OFFS_DVarList_Count As Integer = &H5AXXXXX
        Dim OFFS_DVarList_Size As Integer = &H4C
    But yeah I loop through that and check the names of the dVar and return the current address.

    So I get both dVar addresses i'm intressted in but both have the same pointer(value)


    So when I change the value of this pointer I have hardcore, third person and only headshot.

    When I creat a privat lobby and enable third person the value of the address for third person changes.



    And this changes back from 31765692 to 31765704 when I start another lobby without third person and I really don't know how I can fix this problem

    Sincerely Nordiii

  11. #10
    殺す必要がある唯一のものは殺されるために準備され人 々である。
    Premium Member
    Hitokiri~'s Avatar
    Join Date
    Oct 2012
    Gender
    female
    Location
    Cancer.
    Posts
    1,195
    Reputation
    24
    Thanks
    863
    My Mood
    Bitchy
    I'll post some info here you can use:
    Code:
    int __usercall G_FindDvar<eax>(char *dvarName<edi>)
    {
      int dvar; // esi@3
      int result; // eax@6
    
      InterlockedIncrement(&dword_5AA826C);
      while( dvarLock )             // Forget this. This is just thread safety shit
        j_Sleep(0);
      dvar = DvarHashTable[G_StringHash(dvarName)];       // G_StringHash() performs a hash on the dvar name. You can look at it to make your own then perform your own lookups. Even if the pointers change, the hash table won't.
      if ( dvar )                                   // check if dvar is valid ( Aka not a nullptr )
      {
        while ( Q_stricmp(a1, *(char **)dvar) )     // Do an insensitive string compare with the dvar's name ( First value in struct ) against the dvar we're checking against, if they match, return that else iterate to the dvar->next ( + 0x48 )
        {
          dvar = *(_DWORD *)(dvar + 0x48);          // dvar->next ( Iterates through the dvar list )
          if ( !dvar )                              // Dvar has reached the end of the list
            goto LABEL_6;
        }
        InterlockedDecrement(&dword_5AA826C);
        result = dvar;
      }
      else
      {
    LABEL_6:
        InterlockedDecrement(&dword_5AA826C);
        result = 0;
      }
      return result;
    }
    This G_FindDvar() function is located at 0x669890 on Steam iw5mp.exe

    But stupid question, the pointers you're reading, are you sure you're reading them correctly?
    Eg.
    Code:
    // I don't know VB, I'll use C#
    IntPtr cg_thirdPerson = IntPtr(0xDEADBEEF);
    int value = MemoryClass.ReadProcessMemory( handleToProc, MemoryClass.ReadProcessMemory( handleToProc, cg_thirdPerson, 4 ) + 0xC, 4 );
    ?

    Also as a very last resort, you could just read the static offsets in the game memory for them. (Eg. cg_thirdPerson is stored somewhere in the .text section ( Aka the pointer is referenced )
    Last edited by Hitokiri~; 09-17-2014 at 02:52 AM.

  12. #11
    Nordiii's Avatar
    Join Date
    Jan 2013
    Gender
    male
    Posts
    150
    Reputation
    61
    Thanks
    702
    My Mood
    Angelic
    Quote Originally Posted by Hitokiri~ View Post

    But stupid question, the pointers you're reading, are you sure you're reading them correctly?
    Eg.
    Code:
    // I don't know VB, I'll use C#
    IntPtr cg_thirdPerson = IntPtr(0xDEADBEEF);
    int value = MemoryClass.ReadProcessMemory( handleToProc, MemoryClass.ReadProcessMemory( handleToProc, cg_thirdPerson, 4 ) + 0xC, 4 );
    ?

    Also as a very last resort, you could just read the static offsets in the game memory for them. (Eg. cg_thirdPerson is stored somewhere in the .text section ( Aka the pointer is referenced )
    Yeah I'm sure that I read them right because others are working like change gametime or change the map or the gametype
    Code:
     Return IntPtr.op_Explicit(currentDvarAddress + &HC) |currentDvarAddress = Dvar name + 0xC = value
    it's the only problem that the pointer only changes when I set it in a privat lobby and when I change the pointer by myself to the correct new the game don't care.

  13. #12
    殺す必要がある唯一のものは殺されるために準備され人 々である。
    Premium Member
    Hitokiri~'s Avatar
    Join Date
    Oct 2012
    Gender
    female
    Location
    Cancer.
    Posts
    1,195
    Reputation
    24
    Thanks
    863
    My Mood
    Bitchy
    I provided you with the hash table. Those use different pointer storing. Try that.
    If that doesn't work, sorry, can't help you. Only other way would be SV_ServerSendGameCommand() or whatever it was called allowing you to tell other clients what to do. ( Aka you can tell them to change their own dvars to suit your needs ).

  14. The Following User Says Thank You to Hitokiri~ For This Useful Post:

    Nordiii (09-17-2014)

Similar Threads

  1. [Release] Only say your problem here and all will help you [ Ask in life too ] [ No Lies ]
    By anamasryaraby in forum CrossFire Discussions
    Replies: 8
    Last Post: 09-07-2012, 10:53 PM
  2. [TuT] How to change your TCP and IP on Vista
    By Kev in forum CrossFire Hacks & Cheats
    Replies: 16
    Last Post: 08-28-2009, 03:43 AM
  3. Only 1 Minor Problem With Pub Hacks
    By phantomh2o in forum Combat Arms Hacks & Cheats
    Replies: 2
    Last Post: 12-22-2008, 05:42 PM
  4. 2 Cocks and Only 1 Ball?
    By Carms in forum Spammers Corner
    Replies: 0
    Last Post: 09-10-2008, 03:24 AM
  5. The one and only waorking bypass!
    By wwechampabdel in forum WarRock - International Hacks
    Replies: 12
    Last Post: 05-30-2007, 07:40 PM