OllyDBG - Find Speed Address (Text - Hard to Understand)

[Jorndel]

---- Uploading Video Tutorial (15 Min long)----
Covers: Speed, Jump and Gravity. (Also attempt for Health, but went wrong this time )
Mainly uses OllyDBG, but also a quick jump in IDA.



1: Get OllyDBG. [Use Google] (Since it's free )
2: Open OllyDBG as Administrator. (Just for the lolz)
3: Now you click in this order:
File->Open [Find your Black Ops II Folder, in the steam folder] {FileName: t6zm.exe} -> Open

4: Right-Click on this window:


Then click in this order:
View-> Module t6zm

5: Now Right-Click the same window as we did before.
The click in this order:
Search for -> All referenced text strings

A new window will open:


Right-Click and select: Search for text
Enter: g_speed
(Click CTRL + L to search for next) [Do this 2 times]
Until you find this:


Double Click the: g_speed
Then we will be taken to a new window. (Once again)


Now we will look for anything that is like this:
PTR DS:[???????]

The ? = Offset/Pointer value to our address. (speed isn't [offset/pointer] most others are.)
Note, everytime it will start with: MOV


Now we want to take the value inside the: [ ] (Those I made ??????)
Copy that, and insert it to cheat engine or any other hacking tool you use.

Then you read it as Integer in Cheat Engine.
Copy the value from cheat engine. (integer)

Open Windows calculator, set it to programmer mode.
Enter paste the values, change to hex.
Now + 0x88 (or: 0x18)
Copy the address, paste it in Cheat Engine.

Now the value should be: 190 (Value Type: Integer)

[[MPGH]master131]

Pretty sure that + 88 is the wrong dvar value offset.

[Jorndel]

Pretty sure that + 88 is the wrong dvar value offset.

Well, it have been working for almost any DVAR I have used so.
How I found it was by taling the fov addy +/- the one I got via OllyDBG.

If it's wrong, let me know and I will look for a fix. Still, works for sp, zm and mp.

---------- Post added at 11:04 AM ---------- Previous post was at 11:00 AM ----------

I see..

Its 0x88


can you fix?

[[MPGH]master131]

0x88 is outside the dvar_t's struct size (0x70) so that can't be it.... That would mean it's writing into the value of the next dvar...

[Jorndel]

0x88 is outside the dvar_t's struct size (0x70) so that can't be it.... That would mean it's writing into the value of the next dvar...

Strange :P

Very strange, why does it work then?
For the speed, jump, gravity, fov, fog, ai_enabled and more.

[Geomatrical the 7th]

Thanks...

[[MPGH]master131]

No idea to be honest. I know I'm not using + 0x88 to write my values and they work.

[Jorndel]

No idea to be honest. I know I'm not using + 0x88 to write my values and they work.

Suppose I get the other one then.
To check :P

[Hell_Demon]

What you're using the the offset from the DVar before the one you want. Take the MOV that comes after the call after your text pointer.
So for g_speed it's 0x227EDE0.

[Jorndel]

What you're using the the offset from the DVar before the one you want. Take the MOV that comes after the call after your text pointer.
So for g_speed it's 0x227EDE0.

Ah, thanks for clearing it up
(I think it's easier for me/others to use the addy under the string)

But, if you like to go 1 up, then why not

[renk001]

now what should i do? If i got this 004BDBC5 B8 847C6D00 MOV EAX,OFFSET 006D7C84 ASCII "g_speed" please someone help me.I need to do it in cheat engine.I have in ptr ds 70ba6c value 1145569280
Enter paste the values, change to hex.<-- thats right in hex 44480000

Now + 0x88 (or: 0x18) <-- thats not right what should i do in hex 44480000 + 0x18? =44480000???

[Lovroman]

now what should i do? If i got this 004BDBC5 B8 847C6D00 MOV EAX,OFFSET 006D7C84 ASCII "g_speed" please someone help me.I need to do it in cheat engine.I have in ptr ds 70ba6c value 1145569280
Enter paste the values, change to hex.<-- thats right in hex 44480000

Now + 0x88 (or: 0x18) <-- thats not right what should i do in hex 44480000 + 0x18? =44480000???

Offset is 0x78.

[renk001]

Offset is 0x78.

Thx but what can i do with it? I have to multiplication the 44480000 with 78?

[Lovroman]

Thx but waht can i do with it? I have to multiplication the 44480000 with 78?

Try this:
Open Cheat Engine, click "Add Address Manualy", check Pointer checkbox, paste this in textbox: 006D7C84 (I'm not sure it is correct address), write in offset textbox 78.

[renk001]

Try this:
Open Cheat Engine, click "Add Address Manualy", check Pointer checkbox, paste this in textbox: 006D7C84 (I'm not sure it is correct address), write in offset textbox 78.

thx really but how did you get this 006D7C84?