Red boxes and name tags

[hentaiguy669]

Hi guys,

I need some guidance in find some offsets. Nothing too fancy, just the chopper boxes and name tags.

I found the chopper box ESP address (barely) but the process I used was quite lengthy. The process was filtering changed addresses whenever you entered pred missile, chopper or AC130 using CE.

Then I faced the problem of players having the cold blooded perk and didn't have a red box around them. I've seen a couple of times people posting an address which you can 'patch' (NOP?) that supposedly does the cold blooded check before drawing the boxes.

Secondly the name tags. I found cg_drawThroughWalls quite interesting but it only draws your team's name through walls. The cg_enemyOverheadNamesFadeOut to be interesting which you can 'lock on' to enemies if you can see their overhead name.

I'm assuming that you have to patch the comparison OP code of cg_drawThroughWalls that checks which team players are on?

Can someone tell me where I'm wrong and also guide me on how people normally do it? I know I'm late to the hacking scene (like year's late lol) but, I'm just getting into game hacking so it's for my knowledge.

My knowledge of assembly constitutes of knowing various OP codes that's it. I also have some experience with OllyDBG. Please don't flame me, I'm trying :3

[CrypticMods]

Hi guys,

I need some guidance in find some offsets. Nothing too fancy, just the chopper boxes and name tags.

I found the chopper box ESP address (barely) but the process I used was quite lengthy. The process was filtering changed addresses whenever you entered pred missile, chopper or AC130 using CE.

Then I faced the problem of players having the cold blooded perk and didn't have a red box around them. I've seen a couple of times people posting an address which you can 'patch' (NOP?) that supposedly does the cold blooded check before drawing the boxes.

Secondly the name tags. I found cg_drawThroughWalls quite interesting but it only draws your team's name through walls. The cg_enemyOverheadNamesFadeOut to be interesting which you can 'lock on' to enemies if you can see their overhead name.

I'm assuming that you have to patch the comparison OP code of cg_drawThroughWalls that checks which team players are on?

Can someone tell me where I'm wrong and also guide me on how people normally do it? I know I'm late to the hacking scene (like year's late lol) but, I'm just getting into game hacking so it's for my knowledge.

My knowledge of assembly constitutes of knowing various OP codes that's it. I also have some experience with OllyDBG. Please don't flame me, I'm trying :3

I've been working on a lot of mw2 stuff over the weekend. I got working no-recoil that works without host and got chopper esp address but I'll have to look into the cold blooded and the names through walls thing.

[hentaiguy669]

I've been working on a lot of mw2 stuff over the weekend. I got working no-recoil that works without host and got chopper esp address but I'll have to look into the cold blooded and the names through walls thing.

No recoil is always client-side as far as I know and it's quite easy to find when you've located your FireWeapon() function.

As for the cold blooded fix... What I've said in my post are mere assumption based on logical reasoning, not based on someone else's answer. However, there is an answer posted by someone on _Xeno's thread (I think that's his name) which is possibly correct.

[gerherhtherherdhher]

Hi guys,

I need some guidance in find some offsets. Nothing too fancy, just the chopper boxes and name tags.

I found the chopper box ESP address (barely) but the process I used was quite lengthy. The process was filtering changed addresses whenever you entered pred missile, chopper or AC130 using CE.

Then I faced the problem of players having the cold blooded perk and didn't have a red box around them. I've seen a couple of times people posting an address which you can 'patch' (NOP?) that supposedly does the cold blooded check before drawing the boxes.

Secondly the name tags. I found cg_drawThroughWalls quite interesting but it only draws your team's name through walls. The cg_enemyOverheadNamesFadeOut to be interesting which you can 'lock on' to enemies if you can see their overhead name.

I'm assuming that you have to patch the comparison OP code of cg_drawThroughWalls that checks which team players are on?

Can someone tell me where I'm wrong and also guide me on how people normally do it? I know I'm late to the hacking scene (like year's late lol) but, I'm just getting into game hacking so it's for my knowledge.

My knowledge of assembly constitutes of knowing various OP codes that's it. I also have some experience with OllyDBG. Please don't flame me, I'm trying :3

This is probably what you've found already:


So here the game is checking whether the target box flag (0x10) is set in the "otherFlags" in predictedPlayerState (0x8A0E60).
Nop'ing the jz will ignore the comparison and always draw the boxes ->

Code:

*(WORD*) 0x00488565 = 0x9090;

Now when we look at that CG_DrawFriendOrFoeTargetBoxes function we see three calls:



Some digging around in those three calls will quickly tell you that the second function called is doing the actual drawing, alive checking, perk checking and entity type checking:



I am sure you know how to do the rest, but anyways...

Code:

*(WORD*) 0x004B74CE = 0x9090;

cg_drawThroughWalls doesn't exist in the current version of MW2 anymore. Anyways, go to the first xref of the cg_drawFriendlyNames dvar.
There you'll find the following piece of code:



Here it does some comparison, like whether the team is 0 (invalid?), 3 (spectator) or not equal to our team. We can flip that jnz to jz, so that it's only drawing enemy names (or we could write a couple of nops which would then show names for both teams).

Code:

*(BYTE*) 0x004879BD = 0x84;

There are a couple more checks in that function with stuff like whether you're flashbanged or not, in which case the names don't get drawn.
One important check though is the visibility check, which we want to remove.

A little further down the function we find a call to a function that checks for head visibility, we could simply nop the jump after that but for the educational purposes, let's make the function always return true (1).


All we have to do is write mov al, 1; ret to that address:

Code:

*(WORD*)0x004876E0 = 0x01B0; // mov al, 1
*(BYTE*)0x004876E2 = 0xC3; // ret

-- Xen0

[hentaiguy669]

Hey,

Thanks very much for taking the time to write that detailed post on how to do it, it's really appreciated! You really know what you're doing unlike me :P ^^

I'll get to doing this again when I have free time and then post back with my success

[TaBz3]

I will always be thankful for this community, as well as others like Dark Byte over at CEF for supplying bits of information to help me practise these sorts of stuff on my own, if it wasn't for the internet, I probably wouldn't have gotten into Comp Sci :')

<3

EDIT: Sorry for going off topic, I just wanted to post this to show you my appreciation, I am still learning as I go tinkering with this sort of stuff :D

[gerherhtherherdhher]

Hey,

Thanks very much for taking the time to write that detailed post on how to do it, it's really appreciated! You really know what you're doing unlike me :P ^^

I'll get to doing this again when I have free time and then post back with my success

NP, always happy to help.

I will always be thankful for this community, as well as others like Dark Byte over at CEF for supplying bits of information to help me practise these sorts of stuff on my own, if it wasn't for the internet, I probably wouldn't have gotten into Comp Sci :')

<3

EDIT: Sorry for going off topic, I just wanted to post this to show you my appreciation, I am still learning as I go tinkering with this sort of stuff

Good luck Ask me if you need any help

[NBD-emefic]

Hi guys,

I need some guidance in find some offsets. Nothing too fancy, just the chopper boxes and name tags.

I found the chopper box ESP address (barely) but the process I used was quite lengthy. The process was filtering changed addresses whenever you entered pred missile, chopper or AC130 using CE.

Then I faced the problem of players having the cold blooded perk and didn't have a red box around them. I've seen a couple of times people posting an address which you can 'patch' (NOP?) that supposedly does the cold blooded check before drawing the boxes.

Secondly the name tags. I found cg_drawThroughWalls quite interesting but it only draws your team's name through walls. The cg_enemyOverheadNamesFadeOut to be interesting which you can 'lock on' to enemies if you can see their overhead name.

I'm assuming that you have to patch the comparison OP code of cg_drawThroughWalls that checks which team players are on?

Can someone tell me where I'm wrong and also guide me on how people normally do it? I know I'm late to the hacking scene (like year's late lol) but, I'm just getting into game hacking so it's for my knowledge.

My knowledge of assembly constitutes of knowing various OP codes that's it. I also have some experience with OllyDBG. Please don't flame me, I'm trying :3

These are CFG Codes but they should
Work for CFW:

cg_drawThroughWalls "1"
cg_enemyFadeOut "9999"
cg_enemyFadeIn "5"