ModelDebug_DrawBoxes Found in Engine.

**Alessandro10** · 03-02-2011

Code:

___:0076A650                 push    ebp
___:0076A651                 mov     ebp, esp
___:0076A653                 mov     off_90C394, offset off_78933C
___:0076A65D                 movss   xmm0, dword_7749E8
___:0076A665                 movss   dword_90C398, xmm0
___:0076A66D                 mov     off_90C39C, offset aModeldebug_dra ; "ModelDebug_DrawBoxes"
___:0076A677                 mov     dword_90C3A0, 0
___:0076A681                 mov     eax, off_90DDC8
___:0076A686                 mov     off_90C3A4, eax
___:0076A68B                 mov     off_90DDC8, offset off_90C394
___:0076A695                 mov     off_90C394, offset off_789320
___:0076A69F                 mov     dword_90C3A8, 0
___:0076A6A9                 pop     ebp
___:0076A6AA                 retn

Works for Me.......

Its is Easy oKKKKKKKKKKKK

**Crash** · 03-02-2011

I think I might cry.

**whit** · 03-02-2011

proof ?...

**NOOB** · 03-02-2011

I just died inside.

**Alessandro10** · 03-02-2011

I do not understand anything ...

**CAFlames** · 03-02-2011

sweet... but no one needs if we have box esp lol :P

**topblast** · 03-02-2011

K i am bad at asm... but all i can see it a bunch of MOVs what are they really doing

**whit** · 03-02-2011

Originally Posted by topblast

K i am bad at asm... but all i can see it a bunch of MOVs what are they really doing

ebp is been pushed to the stack
Then a bunch of moves..
Then ebp is being taken from the stack
And then it returns im just now getting into assembly aand reversing

**+CodeDemon+** · 03-02-2011

Thats CShell bro, not engine. Nexon removed this back in like June, didnt they? if you're a BR, which is what it seems like, they probably didnt remove it from the BR client.

**supercarz1991** · 03-02-2011

i always find this when i'm in olly with cshell, but it doesn't work if you turn it on/off

**D-Vid the DBag** · 03-02-2011

Originally Posted by +CodeDemon+

Thats CShell bro, not engine. Nexon removed this back in like June, didnt they? if you're a BR, which is what it seems like, they probably didnt remove it from the BR client.

How's that CShell?
You may know WAY more than I do, but I do know that CShell addresses are in the 37100000 - 37886FFF range.
Engine is in the 461000 - 920FFF range.

So, explain how you figure that's CShell?
It looks to me like the addresses @Alessandro10 is showing below, are from the Engine.exe...
BUT, these addresses are not present in the currently dumped Engine.exe, so they must have removed it for NA, as you're saying.
SOOO...
In conclusion, you are HALF right, @Mr. CodeDemon.

Originally Posted by Alessandro10

Code:

___:0076A650 push ebp ___:0076A651 mov ebp, esp ___:0076A653 mov off_90C394, offset off_78933C ___:0076A65D movss xmm0, dword_7749E8 ___:0076A665 movss dword_90C398, xmm0 ___:0076A66D mov off_90C39C, offset aModeldebug_dra ; "ModelDebug_DrawBoxes" ___:0076A677 mov dword_90C3A0, 0 ___:0076A681 mov eax, off_90DDC8 ___:0076A686 mov off_90C3A4, eax ___:0076A68B mov off_90DDC8, offset off_90C394 ___:0076A695 mov off_90C394, offset off_789320 ___:0076A69F mov dword_90C3A8, 0 ___:0076A6A9 pop ebp ___:0076A6AA retn

Works for Me.......

Its is Easy oKKKKKKKKKKKK

**mmbob** · 03-02-2011

Straight translation:

Code:

void InitDrawBoxes()
{
	*(DWORD*) 0x90C394 = *(DWORD*) 0x78933C;
	*(DWORD*) 0x90C398 = *(DWORD*) 0x7749E8;
	*(char**) 0x90C39C = "ModelDebug_DrawBoxes";
	*(DWORD*) 0x90C3A0 = 0;
	*(DWORD*) 0x90C3A4 = *(DWORD*) 0x90DDC8;
	*(DWORD*) 0x90DDC8 = *(DWORD*) 0x90C394;
	*(DWORD*) 0x90C394 = *(DWORD*) 0x789320;
}

Probably more close to the c++ source:

Code:

struct CEngineVar
{
	void* pOnChangeFunc;
	void* pSomething1;
	char* CommandName;
	DWORD Value;
	void* pSomething2;
}

void InitDrawBoxes()
{
	CEngineVar& DrawBoxes = (CEngineVar&) 0x90C394; 
	DrawBoxes.pOnChangeFunc = *(DWORD*) 0x78933C;
	DrawBoxes.pSomething1 = *(DWORD*) 0x7749E8;
	DrawBoxes.CommandName = "ModelDebug_DrawBoxes";
	DrawBoxes.Value = 0;
	DrawBoxes.pSomething2 = *(DWORD*) 0x90DDC8;
	*(DWORD*) 0x90DDC8 = *(DWORD*) 0x90C394;	// Some weird pointer switching or something
	*(DWORD*) 0x90C394 = *(DWORD*) 0x789320;
}

It's old and doesn't work any more. If you mess with the change function you might get it working though. I don't know.

**Alessandro10** · 03-02-2011

Originally Posted by mmbob

Straight translation:

Code:

void InitDrawBoxes()
{
	*(DWORD*) 0x90C394 = *(DWORD*) 0x78933C;
	*(DWORD*) 0x90C398 = *(DWORD*) 0x7749E8;
	*(char**) 0x90C39C = "ModelDebug_DrawBoxes";
	*(DWORD*) 0x90C3A0 = 0;
	*(DWORD*) 0x90C3A4 = *(DWORD*) 0x90DDC8;
	*(DWORD*) 0x90DDC8 = *(DWORD*) 0x90C394;
	*(DWORD*) 0x90C394 = *(DWORD*) 0x789320;
}

Probably more close to the c++ source:

Code:

struct CEngineVar
{
	void* pOnChangeFunc;
	void* pSomething1;
	char* CommandName;
	DWORD Value;
	void* pSomething2;
}

void InitDrawBoxes()
{
	CEngineVar& DrawBoxes = (CEngineVar&) 0x90C394; 
	DrawBoxes.pOnChangeFunc = *(DWORD*) 0x78933C;
	DrawBoxes.pSomething1 = *(DWORD*) 0x7749E8;
	DrawBoxes.CommandName = "ModelDebug_DrawBoxes";
	DrawBoxes.Value = 0;
	DrawBoxes.pSomething2 = *(DWORD*) 0x90DDC8;
	*(DWORD*) 0x90DDC8 = *(DWORD*) 0x90C394;	// Some weird pointer switching or something
	*(DWORD*) 0x90C394 = *(DWORD*) 0x789320;
}

It's old and doesn't work any more. If you mess with the change function you might get it working though. I don't know.

You is pro guy

**D-Vid the DBag** · 03-02-2011

Originally Posted by Alessandro10

You is pro guy

Duh!
mmbob is like the greatest. :P

**NOOBJr** · 03-04-2011

Yea tis will only work for Ca BR

Thread: ModelDebug_DrawBoxes Found in Engine.

Thread Tools

Display

ModelDebug_DrawBoxes Found in Engine.

The Following 4 Users Say Thank You to Alessandro10 For This Useful Post:

The Following 3 Users Say Thank You to mmbob For This Useful Post:

The Following User Says Thank You to D-Vid the DBag For This Useful Post: