Modern Warfare 3 Source Code / Address Thread

[mwxplayer]

for those who like spam. (CG_Obituary)

Code:

int __usercall sub_58D1D0<eax>(signed int a1<eax>, int a2<ecx>, char a3<dil>, int a4)
{
  int v4; // ebx@1
  int v5; // esi@2
  int result; // eax@3
  int v7; // ecx@5
  int v8; // eax@5
  int v9; // ecx@8
  int *v10; // edi@22
  int *v11; // esi@25
  signed int v12; // ecx@26
  int v13; // esi@31
  int v14; // eax@33
  int v15; // eax@35
  int v16; // esi@38
  int v17; // eax@40
  float v18; // [sp+0h] [bp-90h]@46
  int v19; // [sp+4h] [bp-8Ch]@11
  char v20[24]; // [sp+4h] [bp-8Ch]@46
  char v21; // [sp+8h] [bp-88h]@46
  float v22; // [sp+1Ch] [bp-74h]@1
  int v23; // [sp+20h] [bp-70h]@3
  int v24; // [sp+24h] [bp-6Ch]@1
  char v25; // [sp+28h] [bp-68h]@26
  char v26; // [sp+2Ch] [bp-64h]@1
  float v27; // [sp+30h] [bp-60h]@1
  char v28; // [sp+34h] [bp-5Ch]@23
  char v29; // [sp+38h] [bp-58h]@26
  char v30; // [sp+64h] [bp-2Ch]@23

  v22 = 1.399999976158142;
  v4 = *(_DWORD *)(a2 + 120);
  v27 = 1.399999976158142;
  v24 = *(_DWORD *)(a2 + 124);
  v26 = 0;
  if ( a1 >= 240 )
  {
    v5 = a1 - 240;
LABEL_3:
    result = sub_41B6B0("killicondied");
    v23 = result;
    goto LABEL_4;
  }
  v8 = 2 * (unsigned __int8)a1;
  v7 = *(int *)((char *)&dword_8DDF18 + 2 * v8);
  result = *(_DWORD *)(*(int *)((char *)&dword_8DDB50 + 2 * v8) + 132);
  v5 = 0;
  if ( !result )
    goto LABEL_3;
  v23 = result;
  if ( *(_BYTE *)(v7 + 1923) )
    v26 = 1;
  v9 = *(_DWORD *)(v7 + 1224);
  if ( v9 )
  {
    v22 = 2.799999952316284;
    if ( v9 != 1 )
      v27 = 0.699999988079071;
  }
LABEL_4:
  switch ( v5 )
  {
    case 8:
      v19 = (int)"killiconmelee";
      goto LABEL_18;
    case 15:
      v19 = (int)"killiconimpact";
      goto LABEL_18;
    case 9:
      v19 = (int)"killiconheadshot";
      goto LABEL_18;
    case 12:
      v19 = (int)"killiconsuicide";
      goto LABEL_18;
    case 11:
      v19 = (int)"killiconfalling";
      goto LABEL_18;
    case 10:
      v19 = (int)"killiconcrush";
      goto LABEL_18;
    case 13:
      v19 = (int)"killicondied";
LABEL_18:
      result = sub_41B6B0(v19);
      v22 = 1.399999976158142;
      v23 = result;
      break;
    default:
      break;
  }
  if ( v4 < 0 || v4 >= 18 )
    result = sub_4A6660(1, &byte_7E22C4, a3);
  v10 = &dword_9FC748[344 * v4];
  if ( *v10 )
  {
    v28 = sub_552CC0(v10[8]);
    sub_543F60(a4, v4, &v30, 0x2Au, v28);
    result = dword_902440;
    if ( dword_9FC748[344 * dword_902440] )
    {
      if ( (unsigned int)v24 > 0x11 )
      {
        v12 = 2046;
        v24 = 2046;
        v11 = 0;
        v29 = 0;
        v25 = 55;
      }
      else
      {
        v11 = &dword_9FC748[344 * v24];
        if ( !*v11 )
          return result;
        v25 = sub_552CC0(v11[8]);
        sub_543F60(a4, v24, &v29, 0x2Au, v25);
        result = dword_902440;
        v12 = v24;
      }
      if ( v12 == v4 )
      {
        v29 = 0;
      }
      else
      {
        if ( v12 == result )
        {
          v13 = v11[8];
          if ( v13 && v10[8] == v13 )
            v14 = sub_488650("CGAME_YOUKILLED", (unsigned int)&v30);
          else
            v14 = sub_488650("CGAME_YOUKILLED", (unsigned int)&v30);
          sub_4E2DE0(a4, v14, 0);
          v15 = dword_A03DCC;
          dword_A03D8C[dword_A03DCC] = v4;
          dword_A03DAC[v15] = LODWORD(dword_96A25C);
          dword_A03DCC = (v15 + 1) & 7;
        }
        else
        {
          if ( v4 == result )
          {
            if ( v11 )
            {
              v16 = v11[8];
              if ( v16 && v10[8] == v16 )
                v17 = sub_488650("CGAME_YOUWEREKILLED", (unsigned int)&v29);
              else
                v17 = sub_488650("CGAME_YOUWEREKILLED", (unsigned int)&v29);
              sub_4E2DE0(a4, v17, 0);
              dword_A03D84 = v24;
              dword_A03D88 = LODWORD(dword_96A25C);
            }
          }
        }
      }
      result = sub_4F6CF0(a4);
      if ( (_BYTE)result )
      {
        if ( dword_9762C4 )
          return result;
        if ( (unsigned int)v24 > 0x11 )
        {
          v21 = v4;
          v20[0] = v4;
          v18 = dword_96A25C;
        }
        else
        {
          v21 = v24;
          v20[0] = v4;
          v18 = dword_96A25C;
        }
        result = sub_485890(a4, LODWORD(v18), v20[0], v21);
      }
      if ( !dword_9762C4 )
        result = sub_4A8F90(a4, (int)&v29, v25, (int)&v30, v28, v23, v22, v27, v26);
    }
  }
  return result;
}

Sig :

Code:

 \x3D\x00\x00\x00\x00\xD9\x05 x????xx

Code:

char* KillSpam[] = { "say ^3Player ^5%s ^7got ^4pwned ^7with a ^1HeadShot" ,
	                     "say ^3Player ^5%s ^7got ^4pwned ^7via ^1Knife!" 
	                     "say ^3Player ^5%s ^7got ^4pwned" };
__declspec(naked) void hkCG_Obituary(signed int a1 , int a2 , char a3 , int a4) {
	EntState = NULL;
	_asm PUSHAD;
	_asm mov EntState , EAX
	
	
	char buf[130];
	if ( EntState->KillerEntNum == CG->ClientNum ) { //are you the killer.
		
	if  ( EntState->KillType == 112 ) //headshot
		sprintf_s ( buf , KillSpam[0] , Client[EntState->VictimEntNum]->Name );
	else if  ( EntState->KillType == 128 ) //knife
		sprintf_s ( buf , KillSpam[1] , Client[EntState->VictimEntNum]->Name );

	Engine.SendCommandToConsole ( buf );

	_asm mov EAX , EntState
	_asm popad;
	//_asm  JMP [CG_Obituary]
	Engine.Obituary ( a1 , a2 , a3 , a4 );
	}
}
}

---------- Post added at 06:58 AM ---------- Previous post was at 05:31 AM ----------

CG_Error :
Offset : 0x4A6660
Signature :

Code:

\xE8\x00\x00\x00\x00\x84\xC0\x74\x14\xE8\x00\x00\x00\x00\xE8\x00\x00\x00\x00\xA3\x00\x00\x00\x00\xE8\x00\x00\x00\x00\x6A\x02\xE8\x00\x00\x00\x00\x83\xC4\x04\xE8\x00\x00\x00\x00\x84\xC0\x74\x05\xE8\x00\x00\x00\x00\x83\x3D x????xxxxx????x????x????x????xxx????xxxx????xxxxx????xx

Pseudo Code :

Code:

int sub_4A6660(signed int a1, const char *a2, ...)
{
  signed int v2; // esi@10
  int result; // eax@12
  int *v4; // eax@35
  char v5; // [sp-4h] [bp-4h]@6
  va_list va; // [sp+Ch] [bp+Ch]@1

  va_start(va, a2);
  if ( (unsigned __int8)sub_429AD0() )
  {
    sub_4723D0();
    dword_1CE779C = sub_52C770();
    sub_4EC660();
  }
  sub_4D6310(2);
  if ( (unsigned __int8)sub_429AD0() )
    sub_484170();
  if ( dword_1CE7790 > 0 )
  {
    sub_4F45C0(&byte_1CE6728);
    sub_434000(*(char **)(dword_1CE77B4 + 12), v5);
  }
  if ( dword_1CE7790 > 1 )
    sub_434000(&byte_7FB8A0, (unsigned int)&byte_1CE6728);
  v2 = a1;
  if ( a1 == 7 && byte_1CE6728 )
    goto LABEL_12;
  _vsnprintf(&byte_1CE6728, 0x1000u, a2, va);
  byte_1CE7727 = 0;
  if ( (unsigned __int8)sub_5388C0() )
    sub_434000("%s", (unsigned int)&byte_1CE6728);
  if ( a1 == 4 || a1 == 6 )
  {
    if ( !dword_1CE7734 )
      sub_47D500();
    if ( dword_BA2B04 )
    {
      sub_4F45C0(&byte_1CE6728);
      Target = 1;
      if ( dword_BA2B04 )
      {
LABEL_12:
        sub_4DCF40(2);
        result = sub_429AD0();
        if ( (_BYTE)result )
        {
          sub_4149C0(0);
          result = sub_546520(dword_1CE779C);
        }
        return result;
      }
    }
    goto LABEL_30;
  }
  if ( a1 == 5 )
  {
    sub_47D500();
LABEL_30:
    v2 = 1;
    goto LABEL_31;
  }
  if ( a1 != 7 )
  {
    dword_1CE7734 = 0;
    goto LABEL_31;
  }
  dword_1CE7734 = 1;
  if ( !dword_BA2B04 || !(unsigned __int8)sub_429AD0() )
  {
LABEL_31:
    if ( (unsigned __int8)sub_54DB50() )
      sub_40CF80();
    ++dword_1CE7790;
    dword_1CE6720 = v2;
    sub_4DCF40(2);
    if ( (unsigned __int8)sub_429AD0() )
    {
      sub_4149C0(0);
      sub_546520(dword_1CE779C);
    }
    v4 = (int *)sub_471210(2);
    longjmp(v4, -1);
  }
  sub_4F45C0(&byte_1CE6728);
  sub_4408D0(0, 3);
  sub_4DCF40(2);
  result = sub_429AD0();
  if ( (_BYTE)result )
  {
    sub_4149C0(0);
    result = sub_546520(dword_1CE779C);
  }
  return result;
}

Usage :

Code:

typedef int ( * CG_Error )( signed int type, const char* szText, ...  );
CG_Error Error = ( CG_Error ) 0x4A6660;

 

Credits : CyberPresents and Master131!

---------- Post added at 07:14 AM ---------- Previous post was at 06:58 AM ----------

CG_Init : (Holds Important functions)
OFFSET : 0x476FF0
Signature :

Code:

\x83\xEC\x50\x53\x55\x56\x57\x68\x00\x00\x00\x00\x8D\x4C\x24\x1C xxxxxxxx????xxxx

How can it be useful? :

-- Open iw5mp.exe in IDA and Jump to CG_Init Function --
-- Press F5 and have a look --

Code:

int __cdecl sub_476FF0(int a1, int a2, int a3, int a4)
{
  char *v4; // ebp@1
  const char *v5; // edi@1
  signed int v6; // edi@7
  int v7; // edx@9
  float v8; // edi@9
  int v9; // ecx@9
  int v10; // ST38_4@9
  int v11; // eax@9
  int v12; // edi@11
  int v13; // eax@19
  float v15; // ecx@22
  int v16; // [sp-4h] [bp-58h]@20
  float v17; // [sp+0h] [bp-54h]@20
  int v18; // [sp+4h] [bp-50h]@9
  int v19; // [sp+8h] [bp-4Ch]@1
  char v20; // [sp+Ch] [bp-48h]@1
  char v21; // [sp+14h] [bp-40h]@13

  sub_512820(36864);
  v19 = sub_53FEA0(&v20);
  sub_41FC00();
  memset(&dword_8FABA0, 0, 0x4548u);
  memset(&dword_8FF100, 0, 0x104CE0u);
  v4 = (char *)&unk_8F87C8 + 8848 * a1;
  memset((char *)&unk_8F87C8 + 8848 * a1, 0, 0x2290u);
  memset((char *)&unk_A08630 + 1032192 * a1, 0, 0xFC000u);
  *(&dword_B046B4 + 10 * a1) = 0;
  *(&dword_B046B8 + 10 * a1) = 0;
  dword_B046BC[10 * a1] = 0;
  dword_B046C0[10 * a1] = 0;
  dword_B046C4[10 * a1] = 0;
  dword_B046C8[10 * a1] = 0;
  dword_B046CC[10 * a1] = 0;
  dword_B046D0[10 * a1] = 0;
  dword_B046D4[10 * a1] = 0;
  dword_B046D8[10 * a1] = 0;
  *(_DWORD *)v4 = a1;
  sub_4AB980();
  sub_545C80();
  sub_463140();
  flt_96A2EC = 0.0;
  flt_96A2F0 = 0.0;
  flt_96A2F4 = 5000.0;
  flt_96A2F8 = 5000.0;
  flt_96A2FC = 6.0;
  flt_96A300 = 0.0;
  sub_4E94E0(a1);
  sub_42B620();
  sub_49BA10();
  dword_902444 = a1;
  byte_A0280A = 18;
  dword_A03DD4 = -1;
  sub_4BD070(a1, 0);
  sub_4AD3E0(a1, 0);
  byte_974E80 = 0;
  dword_9FC730 = (int)sub_590720;
  dword_9FC734 = (int)sub_590B20;
  dword_9FC738 = (int)sub_590730;
  dword_9FC740 = (int)sub_590B70;
  dword_9FC73C = (int)sub_5330A0;
  dword_902440 = a4;
  dword_9FC744 = (int)j__iswcntrl;
  dword_9FC72C = 0;
  dword_975728 = 1;
  dword_97571C = 1;
  dword_8FABBC = a2;
  dword_8FABB8 = a3;
  dword_8FABC0 = *(_BYTE *)(dword_1CE61A8 + 12);
  sub_48E440(a1);
  sub_4B0E20(a1);
  sub_4F8F40();
  sub_45DE80(a1);
  dword_A03DE0 = sub_41B6B0("white");
  dword_A04B58 = sub_522510("fonts/smallDevFont");
  dword_A04B5C = sub_522510("fonts/bigDevFont");
  sub_41B6B0("net_disconnect");
  dword_A081F8 = sub_41B6B0("nightvision_overlay_goggles");
  dword_A081FC = sub_41B6B0("hud_dpad_arrow");
  dword_A08200 = sub_41B6B0("ammo_counter_bullet_mp");
  dword_A08204 = sub_41B6B0("ammo_counter_beltbullet_mp");
  dword_A08208 = sub_41B6B0("ammo_counter_riflebullet_mp");
  dword_A0820C = sub_41B6B0("ammo_counter_rocket_mp");
  dword_A08210 = sub_41B6B0("ammo_counter_shotgunshell_mp");
  dword_A08214 = sub_41B6B0("map_location_selector_arrow");
  dword_A08218 = sub_41B6B0("hud_fofbox_hostile");
  dword_A0821C = sub_41B6B0("hud_fofbox_hostile_vehicle");
  dword_A08220 = sub_41B6B0("hud_fofbox_self");
  dword_A08224 = sub_41B6B0("hud_autospotbox");
  sub_41B6B0("killicondied");
  sub_41B6B0("killiconcrush");
  sub_41B6B0("killiconfalling");
  sub_41B6B0("killiconsuicide");
  sub_41B6B0("killiconheadshot");
  sub_41B6B0("killiconmelee");
  sub_493A30();
  flt_8FABB4 = 1.0;
  dword_8FABA0 = 0;
  sub_405560(&dword_8FABA8, &dword_8FABAC, &flt_8FABB0);
  v5 = (const char *)sub_41C270(2);
  if ( strcmp(v5, (const char *)&off_7EA514) )
    sub_4A6660(1, &byte_81EAA0, &off_7EA514, v5);
  if ( !*(_BYTE *)(dword_1CE61A8 + 12) )
    sub_552FA0(j__iswcntrl);
  if ( !dword_8DE4C8 )
  {
    sub_551820(2);
    sub_4E7410();
  }
  v6 = 1;
  do
    sub_40FAE0(a1, v6++);
  while ( (unsigned int)v6 < 0xF0 );
  sub_4180E0();
  v7 = *MK_FP(__FS__, 44);
  v8 = TlsIndex;
  *(_DWORD *)(*(_DWORD *)(*MK_FP(__FS__, 44) + 4 * LODWORD(TlsIndex)) + 4) = &unk_976360;
  sub_475DE0(v9, v7);
  v10 = *(_DWORD *)(*(_DWORD *)(*MK_FP(__FS__, 44) + 4 * LODWORD(v8)) + 4);
  v18 = 0;
  sub_4C67F0(v10, v19, &v18);
  v11 = *(_DWORD *)(*(_DWORD *)(*MK_FP(__FS__, 44) + 4 * LODWORD(v8)) + 4);
  loc_51E870(*(_DWORD *)(v11 + 549860), *(_DWORD *)(v11 + 549836));
  sub_406CB0();
  sub_45E110();
  sub_4D8D20();
  sub_590BE0();
  if ( !dword_8FABC0 )
  {
    sub_4F10C0();
    sub_54C280();
  }
  v12 = sub_4E9C20("helicopter", 2, j__iswcntrl);
  sub_537990(v12, 0, "root", 1, 1, 0);
  sub_47D800(v12, 1, "bh_rotors");
  dword_8FF0E4 = v12;
  sub_4DA520(byte_8FACF0);
  sub_4A0970(v4);
  sub_434F90(a1);
  if ( !byte_B0A7ED )
  {
    sub_520250(byte_8FACF0);
    sub_54AA60(byte_8FACF0);
    byte_B0A7ED = 1;
  }
  sub_41D780(&unk_8FACF5, &v21);
  sub_429810(a1);
  if ( (unsigned __int8)sub_402730(a1) )
    sub_47C8C0(1);
  sub_4290E0(a1);
  sub_58FD30();
  sub_5056E0();
  sub_40E6E0(a1);
  sub_590660();
  sub_50E420(a1);
  sub_4D55B0(a1);
  sub_54F270(a1);
  sub_55CB60(a1, 1);
  sub_421950(a1);
  sub_50A190(a1);
  if ( !byte_B0A7ED )
    sub_48B740(0);
  sub_4BD750(a1);
  sub_45BB10(&unk_96A3F0);
  sub_53ADA0(a1);
  if ( !byte_B0A7EC )
  {
    sub_434CC0(a1, 1070);
    sub_434CC0(a1, 1071);
    byte_B0A7EC = 1;
  }
  sub_42B700(a1);
  v13 = sub_5523C0(&v21);
  sub_411530(v13, 1);
  sub_4AD3E0(a1, 0);
  sub_541F60(a1);
  sub_525C50(a1);
  sub_4CFF80(a1);
  sub_503F20(a1);
  if ( sub_4C3F80(&v21, "mp/mp_village") )
  {
    v17 = 1.200000047683716;
    v16 = dword_65CC5B8;
  }
  else
  {
    v17 = 0.0;
    v16 = dword_65CC5B8;
  }
  sub_46EE30(v16, v17);
  v15 = TlsIndex;
  *(_DWORD *)(*(_DWORD *)(*MK_FP(__FS__, 44) + 4 * LODWORD(TlsIndex)) + 4) = 0;
  sub_4FBFD0(LODWORD(v15));
  sub_44B6B0(v18, v19);
  return sub_501B90();
}

so we found RegisterShader OFFSET :

Code:

dword_A081F8 = sub_41B6B0("nightvision_overlay_goggles");
  dword_A081FC = sub_41B6B0("hud_dpad_arrow");
  dword_A08200 = sub_41B6B0("ammo_counter_bullet_mp");
  dword_A08204 = sub_41B6B0("ammo_counter_beltbullet_mp");
  dword_A08208 = sub_41B6B0("ammo_counter_riflebullet_mp");
  dword_A0820C = sub_41B6B0("ammo_counter_rocket_mp");
  dword_A08210 = sub_41B6B0("ammo_counter_shotgunshell_mp");
  dword_A08214 = sub_41B6B0("map_location_selector_arrow");
  dword_A08218 = sub_41B6B0("hud_fofbox_hostile");
  dword_A0821C = sub_41B6B0("hud_fofbox_hostile_vehicle");
  dword_A08220 = sub_41B6B0("hud_fofbox_self");
  dword_A08224 = sub_41B6B0("hud_autospotbox");
  sub_41B6B0("killicondied");
  sub_41B6B0("killiconcrush");
  sub_41B6B0("killiconfalling");
  sub_41B6B0("killiconsuicide");
  sub_41B6B0("killiconheadshot");
  sub_41B6B0("killiconmelee");

and RegisterFont

Code:

  dword_A04B58 = sub_522510("fonts/smallDevFont");
  dword_A04B5C = sub_522510("fonts/bigDevFont");

not only that two.. but even more.. I do not have time to show all of them.

[Kenshin13]

Just something I never saw here:

Code:

class CG_T
{
public:
     char _0x0000[410];
     int Secondary_CurrentAmmo; //0x0410
     int Primary_CurrentAmmo; //0x0428
}

[mwxplayer]

Code:

 result = *(_DWORD *)(*(int *)((char *)&dword_8DDB50 + 2 * v8) + 132);

GetWeapon... (in CG_Obituary)

---------- Post added at 07:30 AM ---------- Previous post was at 07:15 AM ----------

Dunno.. but seems interesting

Code:

CPU Disasm
Address   Hex dump          Command                                  Comments
00419660  /> /68 381F7F00   PUSH OFFSET iw5mp.007F1F38               ; ASCII "Testclients will use the attack button."
00419665  |. |6A 00         PUSH 0
00419667  |. |6A 01         PUSH 1
00419669  |. |68 54248100   PUSH OFFSET iw5mp.00812454               ; ASCII "testClients_doAttack"
0041966E  |. |E8 8D9C0800   CALL 004A3300
00419673  |. |68 58FB8100   PUSH OFFSET iw5mp.0081FB58               ; ASCII "Testclients will use the movement."
00419678  |. |6A 00         PUSH 0
0041967A  |. |6A 01         PUSH 1
0041967C  |. |68 D4AA8100   PUSH OFFSET iw5mp.0081AAD4               ; ASCII "testClients_doMove"
00419681  |. |A3 18F78B05   MOV DWORD PTR DS:[58BF718],EAX           ; PTR to ASCII "testClients_doAttack"
00419686  |. |E8 759C0800   CALL 004A3300
0041968B  |. |68 10B68000   PUSH OFFSET iw5mp.0080B610               ; ASCII "Testclients will use the reload button."
00419690  |. |6A 00         PUSH 0
00419692  |. |6A 01         PUSH 1
00419694  |. |68 789F7F00   PUSH OFFSET iw5mp.007F9F78               ; ASCII "testClients_doReload"
00419699  |. |A3 28F78B05   MOV DWORD PTR DS:[58BF728],EAX           ; PTR to ASCII "testClients_doMove"
0041969E  |. |E8 5D9C0800   CALL 004A3300
004196A3  |. |68 78497E00   PUSH OFFSET iw5mp.007E4978               ; ASCII "Testclients will use the crouch button."
004196A8  |. |6A 00         PUSH 0
004196AA  |. |6A 00         PUSH 0
004196AC  |. |68 681D7E00   PUSH OFFSET iw5mp.007E1D68               ; ASCII "testClients_doCrouch"
004196B1  |. |A3 30F78B05   MOV DWORD PTR DS:[58BF730],EAX           ; PTR to ASCII "testClients_doReload"
004196B6  |. |E8 459C0800   CALL 004A3300
004196BB  |. |83C4 40       ADD ESP,40
004196BE  |. |68 48747F00   PUSH OFFSET iw5mp.007F7448               ; ASCII "Testclients will not press buttons during killcam."
004196C3  |. |6A 00         PUSH 0
004196C5  |. |6A 01         PUSH 1
004196C7  |. |68 14338200   PUSH OFFSET iw5mp.00823314               ; ASCII "testClients_watchKillcam"
004196CC  |. |A3 8C4B0F02   MOV DWORD PTR DS:[20F4B8C],EAX           ; PTR to ASCII "testClients_doCrouch"
004196D1  |. |E8 2A9C0800   CALL 004A3300
004196D6  |. |83C4 10       ADD ESP,10
004196D9  |. |A3 CC291102   MOV DWORD PTR DS:[21129CC],EAX           ; PTR to ASCII "testClients_watchKillcam"
004196DE  \. |E9 6DED1A00   JMP 005C8450

[mwxplayer]

No Idea , how to use.. but it's used to show You Were Killed by whom OR killed someone..

Code:

int sub_488650(const char *a1, ...)
{
  int v1; // eax@1
  int v2; // esi@1
  int v3; // eax@1
  int v4; // ecx@1
  char v5; // ST14_1@3
  va_list va; // [sp+Ch] [bp+8h]@1

  va_start(va, a1);
  v3 = sub_471210(1);
  v4 = *(_DWORD *)(v3 + 2048);
  *(_DWORD *)(v3 + 2048) = (v4 + 1) % 2;
  v2 = v3 + (v4 << 10);
  v1 = _vsnprintf((char *)v2, 0x400u, a1, va);
  *(_BYTE *)(v2 + 1023) = 0;
  if ( v1 < 0 || v1 >= 1024 )
    sub_4A6660(1, &byte_80B17C, v5);
  return v2;
}

Code:

 if ( v12 == result )
        {
          v13 = v11[8];
          if ( v13 && v10[8] == v13 )
            v14 = sub_488650("CGAME_YOUKILLED", (unsigned int)&v30);
          else
            v14 = sub_488650("CGAME_YOUKILLED", (unsigned int)&v30);
          sub_4E2DE0(a4, v14, 0);
          v15 = dword_A03DCC;
          dword_A03D8C[dword_A03DCC] = v4;
          dword_A03DAC[v15] = LODWORD(dword_96A25C);
          dword_A03DCC = (v15 + 1) & 7;
        }

[Kenshin13]

No Idea , how to use.. but it's used to show You Were Killed by whom OR killed someone..
codez....

Used to execute commands. Displaying text is one of those.

[Kenshin13]

Don't judge me, I'm high.

Code:

char isVisible(Entity_t* ret, int* entityNum) //54E6D0
{
  int *v4; // eax@1
  char result; // al@2

  v4 = &dword_9FC748[344 * *(_DWORD *)(entityNum+ 352)]; //Get the ClientInfo address for the entity passsed.
  if ( !*entityNum|| *((_BYTE *)entityNum+ 56) & 0x40 ) //Compare perk. if(SelectedClient->Perk & 0x40) return;
    result = 0;
  else
    result = sub_474000(ret, entityNum, (int)&unk_2807823) != 0; //Else, execute a trace using cEntity, EntityClientNum and the traceflag, here it's 0x2807823
  return result; //Then returns 1 if the Entity is visible.
}

Yea....I found this. Bite me.

naked functions format

Code:

__declspec(naked) void hookname()
{
	__asm
	{
		do origional code
		save stack
	}
	do hacks here
	__asm
	{
		restore stack
		jmp [returnaddress];
	}
}

required function

Code:

void JumpTo( BYTE* pAddress, DWORD dwJumpTo, DWORD dwLen ) {
	DWORD dwOldProtect, dwBkup, dwRelAddr;
	VirtualProtect ( pAddress, dwLen, PAGE_EXECUTE_READWRITE, &dwOldProtect );
	dwRelAddr = ( DWORD ) ( dwJumpTo - ( DWORD ) pAddress ) - 5;
	*pAddress = 0xE9;
	* ( ( DWORD * ) ( pAddress + 0x1 ) ) = dwRelAddr;
	for ( DWORD x = 0x5; x < dwLen; x++ ) * ( pAddress + x ) = 0x90;
	VirtualProtect ( pAddress, dwLen, dwOldProtect, &dwBkup );
	return;
}

common functions

Code:

DWORD writepacket_rtn = 0x00420AB5, writepacket_OFFS = 0x00420AB5, hooksize_wpkt = 0x5;
__declspec(naked) void writepacket_hook()
{
	__asm
	{
		mov eax,0x1058
		pushad
		pushfd
	}
	//Call code here
	__asm
	{
		popfd
		popad
		jmp writepacket_rtn
	}
}

DWORD obituary_rtn = 0x58D1D8, obituary_OFFS = 0x58D1D0, hooksize_obt = 0x8, version = 0x7E1218;
__declspec(naked) void obituary_hook()
{
	__asm
	{
		sub esp,0x74
		cmp eax,0xF0
		fld ds:[version]
		pushad
		pushfd
	}
	//Call code here
	__asm
	{
		popfd
		popad
		jmp obituary_rtn
	}
}

In some thread:

Code:

JumpTo((PBYTE)obituary_OFFS, (DWORD)obituary_hook, hooksize_obt);

[jakeman45]

4D1 (IW5M) Addresses (Should be Correct)

 

Level
1CDBA54

Prestige
1CDBC64

Tokens
1CDDAC3

 

Score
1CDBC6C

Wins
1CDBCC8

Losses
1CDBCCC

Ties
1CDBCD0

Kills
1CDBC94

Deaths
1CDBC9C

Assists
1CDBCA4

Killstreak
1CDBC98

Winstreak
1CDBCD4

Headshots
1CDBCA8

Barrack Play Time
1CDBCB4

I have the title text address for IW5M.dat:

Title Text: 01328D37
Data Type: String[9]
Value: (Anything you want)
Credit: @jakeman45

[Kenshin13]

I have the title text address for IW5M.dat:

Title Text: 01328D37
Data Type: String[9]
Value: (Anything you want)
Credit: @jakeman45

Really man? Like seriously..?
Tell me if you spot a difference:

This is for iw5m, Edit: Also works for Tekno

Code:

Custom Title Text
0x1328D34  /Activates blank FMG title - Must be done other wise the rest of these addresses wont work.
0x1328D35  /Through
0x1328D47  /Is where you add text
0x1328D50  /Changes title - Flags start at { 0xD8, 0x01 } and ends at { 0xFF, 0x01 }
0x1328D50  /Uses Flags - 0x01 only anything else turns title to checker board.

ELITE CLAN
0x1328D33 /Activates Clantag 
0x1328D54 /Through
0x1328D55 /
0x1328D56 /
0x1328D57 /Is where you add Text

[mwxplayer]

I have the title text address for IW5M.dat:

Title Text: 01328D37
Data Type: String[9]
Value: (Anything you want)
Credit: @jakeman45

stop posting other's work and saying you made it... credits : MassTumor

---------- Post added at 12:25 AM ---------- Previous post was at 12:24 AM ----------

Don't judge me, I'm high.

Code:

char isVisible(Entity_t* ret, int* entityNum) //54E6D0
{
  int *v4; // eax@1
  char result; // al@2

  v4 = &dword_9FC748[344 * *(_DWORD *)(entityNum+ 352)]; //Get the ClientInfo address for the entity passsed.
  if ( !*entityNum|| *((_BYTE *)entityNum+ 56) & 0x40 ) //Compare perk. if(SelectedClient->Perk & 0x40) return;
    result = 0;
  else
    result = sub_474000(ret, entityNum, (int)&unk_2807823) != 0; //Else, execute a trace using cEntity, EntityClientNum and the traceflag, here it's 0x2807823
  return result; //Then returns 1 if the Entity is visible.
}

Yea....I found this. Bite me.

naked functions format

Code:

__declspec(naked) void hookname()
{
	__asm
	{
		do origional code
		save stack
	}
	do hacks here
	__asm
	{
		restore stack
		jmp [returnaddress];
	}
}

required function

Code:

void JumpTo( BYTE* pAddress, DWORD dwJumpTo, DWORD dwLen ) {
	DWORD dwOldProtect, dwBkup, dwRelAddr;
	VirtualProtect ( pAddress, dwLen, PAGE_EXECUTE_READWRITE, &dwOldProtect );
	dwRelAddr = ( DWORD ) ( dwJumpTo - ( DWORD ) pAddress ) - 5;
	*pAddress = 0xE9;
	* ( ( DWORD * ) ( pAddress + 0x1 ) ) = dwRelAddr;
	for ( DWORD x = 0x5; x < dwLen; x++ ) * ( pAddress + x ) = 0x90;
	VirtualProtect ( pAddress, dwLen, dwOldProtect, &dwBkup );
	return;
}

common functions

Code:

DWORD writepacket_rtn = 0x00420AB5, writepacket_OFFS = 0x00420AB5, hooksize_wpkt = 0x5;
__declspec(naked) void writepacket_hook()
{
	__asm
	{
		mov eax,0x1058
		pushad
		pushfd
	}
	//Call code here
	__asm
	{
		popfd
		popad
		jmp writepacket_rtn
	}
}

DWORD obituary_rtn = 0x58D1D8, obituary_OFFS = 0x58D1D0, hooksize_obt = 0x8, version = 0x7E1218;
__declspec(naked) void obituary_hook()
{
	__asm
	{
		sub esp,0x74
		cmp eax,0xF0
		fld ds:[version]
		pushad
		pushfd
	}
	//Call code here
	__asm
	{
		popfd
		popad
		jmp obituary_rtn
	}
}

In some thread:

Code:

JumpTo((PBYTE)obituary_OFFS, (DWORD)obituary_hook, hooksize_obt);

pls need entity_t state..

[Kenshin13]

pls need entity_t state..

Entity->Flags ?

[mwxplayer]

Entity->Flags ?

EntityState is used for KillSpam.. (CG_Obituary)
example : this one is for MW2

Code:

typedef struct
{
    int VictimWeapon; //0000
    int KillerWeapon; //0004
    char unknown0[116];
    int VictimEntNum; //007C
    int KillerEntNum; //0080
    char unknown5[32];
    int KillType;     //128 == Meele   129 == HeadShot
    
}entitystate_t;

[Kenshin13]

EntityState is used for KillSpam.. (CG_Obituary)
example : this one is for MW2

Code:

typedef struct
{
    int VictimWeapon; //0000
    int KillerWeapon; //0004
    char unknown0[116];
    int VictimEntNum; //007C
    int KillerEntNum; //0080
    char unknown5[32];
    int KillType;     //128 == Meele   129 == HeadShot
    
}entitystate_t;

Then this would be killstate...
And reverse it yourself. I really am not in a coding mode lately. You wanna be l33t? Do something notable. It's not hard to reverse a structure. Reclass helps.

[cucuYeL]

I just screwed around in a private match and found a non-static ammo value- I tried changing it but it doesn't work.



Also... I see bones, and tag addresses. How do I change them so they display?

[Kenshin13]

Code:

Silent Aim Seed: 0x0096A260

Credits: InUrFace (For latest offset)

[mwxplayer]

something interesting I found ,

Code:

CPU Disasm
Address   Hex dump          Command                                  Comments
004A36DB  |.  68 8C067E00   PUSH OFFSET iw5mp.007E068C               ; ASCII "1.4"
004A36E0  |.  68 4CD83859   PUSH 5938D84C                            ; ASCII "IW5M r25
... because we can."