Results 1 to 14 of 14

Threaded View

  1. #1
    Martin4435's Avatar
    Join Date
    Sep 2014
    Gender
    male
    Posts
    12
    Reputation
    10
    Thanks
    26

    Post How to find DVAR offsets and Write them in C++ (Internal)

    First start IDA and load the iw5mp.exe





    Press SHIFT & F12 to Generate a Stringlist



    Press STRG & F and search for your dvar , I choose cg_fov



    Click on DATA XREF : sub_



    Press F5 to activate Pseudocode





    dword_B0A7A8 is the pointeroffset




    Code:
    Teknomw3 Pointer Offsets
    |
    dword_B1C9D4 = sub_4A5CF0((int)"cg_gun_x", 0.0, -3.4028235e38, 3.4028235e38, 4);
    dword_B1C9B0 = sub_4A5CF0((int)"cg_gun_y", 0.0, -3.4028235e38, 3.4028235e38, 4);
    dword_B1C9C0 = sub_4A5CF0((int)"cg_gun_z", 0.0, -3.4028235e38, 3.4028235e38, 4);
    dword_8FAB60 = sub_4A3300("cg_drawGun", 1, 4);
    dword_B0A7DC = sub_50C760("cg_cursorHints", 4, 0, 4, 1);
    dword_8FAA90 = sub_4A3300("cg_weaponHintsCoD1Style", 1, 64);
    dword_B0A7BC = sub_50C760("cg_hintFadeTime", 100, 0, 2147483647, 1);
    dword_B0A7A8 = sub_4A5CF0((int)"cg_fov", 65.0, 65.0, 80.0, 68);
    dword_B04638 = sub_4A5CF0((int)"cg_fovScale", 1.0, 0.2, 2.0, 4);
    dword_8FAA58 = sub_4A5CF0((int)"cg_fovMin", 1.0, 1.0, 160.0, 4);
    dword_8FAB28 = sub_4A5CF0((int)"cg_viewVehicleInfluence", 1.0, 0.0, 1.0, 68);
    dword_8FAB3C = sub_4A3300("cg_draw2D", 1, 4);
    dword_8FAA88 = sub_4A3300("cg_drawHealth", 0, 4);
    dword_8FAA5C = sub_4A3300("cg_drawBreathHint", 1, 1);
    dword_B04748 = sub_4A3300("cg_drawMantleHint", 1, 1);
    dword_8FAB70 = sub_4A3300("cg_drawStatsSource", 0, 1);
    dword_8FAA74 = sub_4D9310("cg_drawFPS", &off_8AE300, 0, 0);
    dword_8F87B8 = sub_4A3300("cg_drawViewpos", 0, 1);
    dword_8FAAA0 = sub_4A3300("cg_drawEffectNum", 0, 4);
    dword_B04770 = sub_4A3300("cg_drawFPSLabels", 1, 1);
    dword_B04710 = sub_4D9310("snd_drawInfo", off_8AE2EC, 0, 0);
    dword_B04688 = sub_4A3300("cg_drawScriptUsage", 0, 0);
    dword_B04704 = sub_4D9310("cg_drawMaterial", &off_8AE324, 0, 4);
    dword_8FAAF4 = sub_4A3300("cg_drawSnapshot", 0, 1);
    dword_8FAA9C = sub_4A3300("cg_drawCrosshair", 1, 4);
    dword_8FAAE8 = sub_4A3300("cg_drawTurretCrosshair", 1, 1);
    dword_B046A4 = sub_4A3300("cg_drawCrosshairNames", 1, 4);
    dword_8FAB94 = sub_50C760("cg_drawCrosshairNamesPosX", 300, 0, 640, 0);
    dword_B04760 = sub_50C760("cg_drawCrosshairNamesPosY", 180, 0, 480, 0);
    dword_B0475C = sub_4A3300("cg_drawDamageFlash", 0, 4);
    dword_8FF0F4 = sub_4A3300("cg_drawDamageDirection", 1, 4);
    dword_18A06A4 = sub_4A3300("fx_enable", 1, 4);
    dword_18A0720 = sub_4A3300("fx_draw", 1, 4);
    dword_18A06E4 = sub_4A3300("fx_draw_spotLight", 1, 4);
    dword_18A06C8 = sub_4A3300("fx_draw_omniLight", 1, 4);
    dword_18A072C = sub_4A3300("fx_cull_elem_spawn", 1, 0);
    dword_18A06DC = sub_4A3300("fx_cull_elem_draw", 1, 0);
    dword_18A0710 = sub_4A3300("fx_marks", 1, 1);
    dword_18A069C = sub_4A3300("fx_marks_smodels", 1, 1);
    dword_18A0730 = -6.8056469e38;
    dword_18A06F0 = sub_4A3300("fx_freeze", 0, 4);
    dword_18A06F4 = sub_4A5CF0((int)"fx_debugBolt", 0.0, 0.0, 1000.0, 4);
    dword_18A06F8 = sub_4A3300("fx_count", 0, 4);
    dword_18A0700 = sub_4A5CF0((int)"fx_visMinTraceDist", 80.0, 0.0, 1000.0, 4);
    dword_18A06CC = sub_4D9310("fx_profileSort", off_8B042C, 0, 4);
    dword_18A0728 = sub_50C760("fx_profileSkip", 0, 0, 1000, 4);
    dword_18A06BC = sub_4157E0("fx_profileFilter", &byte_7E0A2B, 4);
    dword_18A0724 = sub_50C760("fx_profile", 0, 0, 1, 4);
    dword_18A0698 = sub_50C760("fx_mark_profile", 0, 0, 1, 4);
    dword_18A0704 = sub_4A3300("fx_drawClouds", 1, 4);
    dword_18A0718 = sub_4A3300("fx_deferelem", 1, 4);
    dword_18A0734 = sub_4A3300("fx_draw_simd", 1, 4);
    dword_18A0738 = sub_4A3300("fx_killEffectOnRewind", 0, 4);
    dword_18A06B4 = sub_50C760("fx_alphaThreshold", 0, 0, 256, 68);
    dword_5F96C1C = sub_50C760("r_imageQuality", 1, 0, 4, 3);
    dword_5F96B34 = sub_4A3300("r_detail", 1, 0);
    dword_5F96BBC = sub_4A3300("r_normal", 1, 0);
    dword_5F969BC = sub_4A3300("r_specular", 1, 1);
    dword_5F96B38 = sub_4D9310("r_lightMap", off_8B77A4, 1, 4);
    dword_5F96BE8 = sub_4D9310("r_colorMap", off_8B77A4, 1, 4);
    dword_5F969C4 = sub_4D9310("r_detailMap", off_8B77B8, 1, 4);
    dword_5F96C4C = sub_4D9310("r_normalMap", off_8B77C4, 1, 4);
    dword_5F96B18 = sub_4D9310("r_specularMap", off_8B77A4, 1, 4);
    dword_5F96A48 = sub_4A3300("r_drawSun", 1, 1);
    dword_5F96C18 = sub_4A3300("r_drawDecals", 1, 4);
    dword_5F96B14 = sub_50C760("r_dlightLimit", 4, 0, 4, 64);
    dword_5F96AD4 = sub_4A3300("r_spotLightShadows", 1, 4);
    dword_5F96BA0 = sub_4A3300("r_spotLightEntityShadows", 1, 4);
    dword_5F96BDC = sub_4A3300("r_drawWater", 1, 1);
    dword_5F96B30 = sub_4A3300("r_lockPvs", 0, 4);
    dword_5F96BD4 = sub_4A3300("r_skipPvs", 0, 4);
    dword_1060198 = sub_50C760("cl_maxpackets", 30, 15, 100, 0);
    dword_1060190 = sub_50C760("cl_packetdup", 2, 0, 5, 1);
    dword_8DAF48 = sub_4A5CF0((int)"bg_weaponBobAmplitudeBase", 0.16, 0.0, 1.0, 0);
    dword_8DD834 = sub_48AFE0((int)"bg_weaponBobAmplitudeSprinting", 0.02, 0.014, 0.0, 1.0, 140);
    dword_8DD8FC = sub_48AFE0((int)"bg_weaponBobAmplitudeStanding", 0.055, 0.025, 0.0, 1.0, 204);
    dword_8DAF30 = sub_48AFE0((int)"bg_weaponBobAmplitudeDucked", 0.045000002, 0.025, 0.0, 1.0, 140);
    dword_8DB0C8 = sub_48AFE0((int)"bg_weaponBobAmplitudeProne", 0.02, 0.0049999999, 0.0, 1.0, 140);
    dword_8DD8A8 = sub_4A5CF0((int)"bg_weaponBobAmplitudeRoll", 1.5, 0.0, 90.0, 140);
    dword_8DAF5C = sub_4A5CF0((int)"bg_weaponBobMax", 8.0, 0.0, 36.0, 140);
    dword_8DD908 = sub_4A5CF0((int)"bg_weaponBobLag", 0.25, -1.0, 1.0, 140);
    dword_1CE77A4 = sub_50C760("com_maxfps", 85, 0, 100, 0);
    C++ Code
    Code:
    template <class Value>
    void WritePointer(DWORD pointer, DWORD pointerofs, Value value)
    {
    
    	DWORD dwPointer = *(DWORD*)pointer;
    	*(Value*)(dwPointer + pointerofs) = value;
    	
    }
    Example
    Code:
    #include <Windows.h>
    #include <iostream>
    using namespace std;
    
    
    
    
    template <class Value>
    void WritePointer(DWORD pointer, DWORD pointerofs, Value value)
    {
    
    	DWORD dwPointer = *(DWORD*)pointer;
    	*(Value*)(dwPointer + pointerofs) = value;
    
    }
    
    void Writing()
    {
    	//GUN X
    	WritePointer<float>(0xB1C9D4, 0xC, 0);
    	// GUN Y
    	WritePointer<float>(0xB1C9B0, 0xC, 12.f);
    	// GUN Z
    	WritePointer<float>(0xB1C9C0, 0xC, 0);
    
    	//FOV
    	WritePointer<float>(0xB0A7A8, 0xC, 120.f);
    
    	//Draw Gun
    	WritePointer<int>(0x8FAB60, 0xC, 1);
    
    }
    
    BOOL APIENTRY DllMain(HMODULE hdll, DWORD  reason, LPVOID lpReserved) {
    	if (reason == DLL_PROCESS_ATTACH) {
    
    		Writing();
    
    
    	}
    	return TRUE;
    }
    Last edited by Martin4435; 02-23-2016 at 07:28 AM.

  2. The Following 6 Users Say Thank You to Martin4435 For This Useful Post:

    AuT03x3C (02-22-2016),gogogokitty (09-20-2016),oschigamer (02-24-2016),Pastershim (10-13-2018),shryder (02-29-2016),Silent (05-05-2016)

Similar Threads

  1. [Tutorial] BOII how to find DVARS /w OllyDBG and CE
    By [NEWACCOUNT]Yano in forum Call of Duty Black Ops 2 Tutorials
    Replies: 8
    Last Post: 09-17-2018, 08:38 AM
  2. [Help Request] MW3 - Ollydbg explanation how to find certain Address and use them
    By Nordiii in forum Call of Duty Modern Warfare 3 Coding, Programming & Source Code
    Replies: 10
    Last Post: 07-06-2014, 03:33 PM
  3. [Help] how to find this offset in pointBlank please tell it here
    By pronten in forum Piercing Blow Hack Coding/Source Code
    Replies: 8
    Last Post: 08-16-2011, 12:17 PM
  4. How to find a NoRecoil and NoSpread in Warrock PH
    By gbjhet23 in forum WarRock Philippines Help & Discussions
    Replies: 0
    Last Post: 08-03-2011, 10:29 AM
  5. [TuT]How to find no recoil and no spread
    By Twisted_scream in forum WarRock - International Hacks
    Replies: 10
    Last Post: 06-23-2008, 11:59 AM