What's new

Code [All TU] Managed Code List [Community]

  • Thread starter Parse
  • Start date
  • Views 154,948
Parse

Parse

Enthusiast
Stickied
Messages
270
Reaction score
103
Points
155
Sin$
7
Ghosts All TU Code List

I take no Credit for any of these, im just creating this
"For Educational Purposes Only" - lol xD

I will try to Keep this as up to date as possible ..

If you want to find something then use the se7ensinns search and in options click "this thread only", this thread will have most things you want

TU17
Offsets
GSC Functions - OPCode
:tongue:

Codes
G_SetModelHook - imGol2den
C:
// For finding a brushmodel dynamically
DWORD Brushmodel = NULL;
short (__cdecl *G_ModelIndex)(PCHAR ModelName) = (short (__cdecl *)(PCHAR))0x822554E8;
VOID G_SetModelHook(INT Entity, PCHAR ModelName)
{
  if(*(BYTE*)(Entity + 0x101) == 4 && Brushmodel == NULL)
  {
  Brushmodel = Entity;
  }

  *(short*)(Entity + 0x170) = G_ModelIndex(ModelName);
}

SpawnFXOnCoords - Parse Parse
Code:
void SpawnFxOnPos(int client,int FxID, float x, float y, float z)
{
  int Ent = G_Spawn();
  *(float*)(Ent + 0x138) = x;
  *(float*)(Ent + 0x13C) = y;
  *(float*)(Ent + 0x140) = z;
  float origin[] = { x, y, z};
  PlayFX(origin,FxID);
}

SpawnTurret - imGol2den
C:
VOID GScr_SpawnTurret(PCHAR ModelName, PCHAR WeaponInfoName, float *Position, float *Angles)
{
  INT TurretEntity = G_Spawn();
  *(float*)(TurretEntity + 0x138) = Position[0];
  *(float*)(TurretEntity + 0x13C) = Position[1];
  *(float*)(TurretEntity + 0x140) = Position[2];
  *(float*)(TurretEntity + 0x144) = Angles[0];
  *(float*)(TurretEntity + 0x148) = Angles[1];
  *(float*)(TurretEntity + 0x14C) = Angles[2];
  G_SetModel(TurretEntity, ModelName);
  G_SpawnTurret(TurretEntity, WeaponInfoName);
}

// This is a little crude compared to other things but its like my entity spawning n what not.
// Only the stuff that matters. Plus look at the function, this is pretty much it.
// e.g. GScr_SpawnTurret("weapon_sentry_chaingun", "a10_30mm_turret_mp", Position, Angles);

Set Stance
C:
typedef enum : int { STAND = 6, CROUCH, PRONE }stanceType_t;
void setStance( int clientIndex, char * stanceAlias )
{
  if(!strncmp( stanceAlias, "stand", 0x5))
  {
  *(int*)(getPlayerState(clientIndex) + 0x190) = sub_unk();
  *(int*)(getPlayerState(clientIndex) + 0xC) &= 0xFFFFFFFC;
  G_AddEvent(getEntity(clientIndex), STAND, 0);
  }
  else if(!strncmp( stanceAlias,"crouch", 0x6))
  {
  *(int*)(getPlayerState(clientIndex) + 0x190) = 0x28;
  *(int*)(getPlayerState(clientIndex) + 0xC) = (*(int*)(getPlayerState(clientIndex) + 0xC) &  ~0x300000000) | (((1 << 1) | (1 >> 63)) & 0x300000000);
  G_AddEvent(getEntity(clientIndex), CROUCH, 0);
  }
  else if(!strncmp( stanceAlias, "prone", 0x5))
  {
  if(*(int*)(getPlayerState(clientIndex) + 0xC) & 1)
  *(float*)(getPlayerState(clientIndex) + 0x1D8) = *(float*)(getPlayerState(clientIndex) + 0x188);
  *(int*)(getPlayerState(clientIndex) + 0x190) = 0xB;
  *(int*)(getPlayerState(clientIndex) + 0xC) = (*(int*)(getPlayerState(clientIndex) + 0xC) & 0xFFFFFFFC) | 1;
  G_AddEvent(getEntity(clientIndex), PRONE, 0);
  }
}
  }
}

Scr_Notify - imGol2den
C:
VOID Scr_Notifty(INT gentity_s, short StringValue, UINT32 ParamCount)
{
  PCHAR String = SL_ConvertToString(StringValue);
  if(strstr(String, "spawned_player")
  {
  // Do mods and stuff
  }

  Scr_NotifyNum(*(INT*)gentity_s, NULL, StringValue, ParamCount);
}

PatchInJump((PDWORD)Offsets, (DWORD)Scr_Notifty, FALSE);

Sessionstate - B1TW153 B1TW153
C:
char*getSessionState(int clientIndex)
{
  if(!*(int*)(gClient(clientIndex) + 0x2F80)) return "playing";
  if(*(int*)(gClient(clientIndex) + 0x2F80)) return "dead";
  if(*(int*)(gClient(clientIndex) + 0x2F80) & 2) return "spectating";
  if(*(int*)(gClient(clientIndex) + 0x2F80) & 3) return "intermission";
}
C:
void setSessionState(int clientIndex, char*state)
{
  int id;
  if(!strcmp(state,"playing"))id=0;
  if(!strcmp(state,"dead"))id=1;
  if(!strcmp(state,"spectating"))id=2
  if(!strcmp(state,"intermission"))id=3; *(int*)(gClient(clientIndex) + 0x124) ^= 2;
  *(int*)(gClient(clientIndex) + 0x2F80) = id;
}

GetTagangles & GetTagAngles - OpLogic
C:
void Scr_GetLowercaseString(char*str, void*out)
{
  char* buffer = new char[strlen(str)];
  for(int i = 0; i < 3; i++)
  buffer[i] = (char)tolower(str[i]);
  memcpy(out, (void*)buffer, 0x4);
  delete[] buffer;
}

C:
void getTagOrigin(int clientIndex, char*tagName)
{
  destionation dest;
  int entity = getEntity(clientIndex), level = 0x833738A8 + (clientIndex * 0x3700), tagIndex = 0, entityNum = 0;
  float*tagMat[3];
  Scr_GetLowercaseString(tagName, &tagIndex);
  if(*(int*)(level + 0x2894) != *(int*)entity || *(int*)(level + 0x540) != *(int*)(level + 0x2890))
  if(SV_DObjExists(ent))
  memcpy((void*)tagMat, (void*)(level + 0x289C), 0xC);
  if(!G_DObjGetWordTagMatrix(ent, tagIndex, tagMat))
  memcpy((void*)dest.Vector3, (void*)(level + 0x28C0), 0xC);
  else
  *(int*)(level + 0x2894) = *(int*)entity;
  *(int*)(level + 0x2890) = *(int*)(level + 0x540);
  else
  memcpy((void*)dest.Vector3, (void*)(level + 0x28C0), 0xC);
  else
  memcpy((void*)dest.Vector3, (void*)(level + 0x28C0), 0xC);
  if(*(short*)(level + 0x2898) & (short)tagIndex)
  memcpy((void*)dest.Vector3, (void*)(level + 0x28C0), 0xC);
}

C:
void getTagAngles(int clientIndex, char*tagName)
{
  destionation dest;
  int entity = getEntity(clientIndex), level = 0x833738A8 + (clientIndex * 0x3700), tagIndex = 0, entityNum = 0;
  float*tagMat[3], *angles[3];
  Scr_GetLowercaseString(tagName, &tagIndex);
  if(*(int*)(level + 0x2894) != *(int*)entity || *(int*)(level + 0x540) != *(int*)(level + 0x2890))
  if(SV_DObjExists(entity))
  memcpy((void*)tagMat, (void*)(level + 0x289C), 0xC);
  if(!G_DObjGetWorldTagMatrix(ent, tagIndex, tagMat)) AxisToAngles(tagMat, angles); memcpy((void*)dest.Vector3, (void*)angles, 0xC);
  else
  *(int*)(level + 0x2894) = *(int*)entity;
  *(int*)(level + 0x2890) = *(int*)(level + 0x540);
  else AxisToAngles(tagMat, angles); memcpy((void*)dest.Vector3, (void*)angles, 0xC);
  else AxisToAngles(tagMat, angles); memcpy((void*)dest.Vector3, (void*)angles, 0xC);
  if(*(short*)(level + 0x2898) & (short)tagIndex)
  AxisToAngles(tagMat, angles); memcpy((void*)dest.Vector3, (void*)angles, 0xC);
}

Solid - B1TW153 B1TW153
C:
void Solid(int entity)
{
while((*(short*)(entity + 0x17A) != *(short*)0x834D9128))
{
  if(*(short*)(entity + 0x17A) & *(short*)(0x834D9126)) *(int*)(entity + 0x11C) = 0x2080;
  else *(int*)(entity + 0x08) &= ~0x01; *(int*)(entity + 0x11C) = 1;
  SV_LinkEntity(entity);
}
}

ActionSlots - B1TW153 B1TW153
Code:
void SetActionSlot(int clientIndex, int slot, actionSlot_t ac)
{
  *(int*)(getPlayerState(clientIndex) + (0x298 << 2) + (slot*4)) |= ac;
}
void UnsetActionSlot(int clientIndex, int slot, actionSlot_t ac)
{
  *(int*)(getPlayerState(clientIndex) + (0x298 << 2) + (slot*4)) &= ~ac;
}
void ClearActionSlots(int clientIndex)
{
  for(int i = 0; i <= 3; i++)
  {
  *(int*)(getPlayerState(clientIndex) + (0x298 << 2) + (i*4)) &= ~(*(int*)(getPlayerState(clientIndex) + (0x298 << 2) + (i*4)));
  }
}
bool checkActionSlot(int clientIndex, int slot, actionSlot_t ac)
{
  return (*(int*)(getPlayerState(clientIndex) + (0x298 << 2) + (slot*4)) & ac);
}
Code:
typedef enum : int { NONE, WEAPON, ALTMODE, NIGHTVISION } actionSlot_t;
And call like so...
Code:
if(checkActionSlot(0, 0, NIGHTVISION)) UnsetActionSlot(0, 0, NIGHTVISION);
SetActionSlot(0, 0, NIGHTVISION);

PS Stuff(ps, char commands) - Bitwise
Code:
ps + 0x3054 = G_ModelIndex(modelName); // view model
ps + 0x420 |= 0x80; //I assumed 0x420 to be wFlags (weapon flags) But I could be wrong, if I am right I think this is disable weapons
ps + 0x420 |= 0x800; //This threw me off the belif it was wFlags, but then this is ghosts...who knows what new crap is in here...no idea what this is.
ps + 0x420 |= 0x1000; // I think, enable weapons (if they have been disabled)
ps + 0x428 //float
ps + 0x430 //int
ps + 0x434 //int
ps + 0x2F9C //this remember be off teams, but I honestly have 0 idea what it could be. It is seen alot near the "o" character command
u %i %i %i //a character command used in SV_GSSC, something to do with "splashtables" whatever they are?
ps + 0x3120 //again, no idea XD
ps + 0x331C //I thought I have seen this before, but don't know. OR it with 0x04 for something...and again with 0x08 for something

Earthquake - B1TW153 B1TW153 (needs testing)
Code:
void quake(float scale, int duration, float*source, int radius)
{
  int entity = G_Temp(source, 0x65);
  *(int*)(entity + 0x5C) = radius;
  *(float*)(entity + 0x54) = scale;
  *(float*)(entity + 0x58) = (float)duration;
  *(int*)(entity + 0xD4) = 0x00;
}
Code:
void doEarthQUAKE(int clientIndex)
{
float origin[3] = { *(float*)(ps(clientIndex) + 0x1C), *(float*)(ps(clientIndex) + 0x20), *(float*)(ps(clientIndex) + 0x24) };
earthQuake(0.3, 3, &origin, 850);
}

Play FX - B1TW153 B1TW153
Code:
void playFx(float*source, int effectIndex)
{
  int entity = G_Temp(&source, 0x5B);
  *(int*)(entity + 0x9C) = effectIndex;
  *(int*)(entity + 0xD4) = 0x00;
  *(float*)(entity + 0x40) = 0.00f;
  *(float*)(entity + 0x44) = 0.00f;
  *(float*)(entity + 0x3C) = 270.0f;
}

void playFx(int clientIndex, char*tag, char*effect)
{
  float *vec3[3];
  getTagOrigin(clientIndex, tag, &vec3);
  playFx(&vec3, effect);
}

All Client Cheevos - SC58
Code:
JtaG.Call(SV, client, 0, "3 LEVEL_1"
Others...
Code:
LEVEL_1
LEVEL_1A
LEVEL_2
LEVEL_2A
LEVEL_3
LEVEL_3A
LEVEL_4
LEVEL_4A
LEVEL_5
LEVEL_5A
LEVEL_6
LEVEL_6A
LEVEL_7
LEVEL_7A
LEVEL_7B
LEVEL_8
LEVEL_8A
LEVEL_9
LEVEL_9A
LEVEL_10
LEVEL_10A
LEVEL_11
LEVEL_11A
LEVEL_11B
LEVEL_12
LEVEL_12A
LEVEL_13
LEVEL_13A
LEVEL_14
LEVEL_14A
LEVEL_15
LEVEL_15A
LEVEL_16
LEVEL_16A
LEVEL_17
LEVEL_17A
LEVEL_18
LEVEL_18A
EXT_1
ESCAPE_ALL_PLAYERS
ESCAPE_IN_TIME
ESCAPE_1ST_TIME
ESCAPE_ALL_CHALLENGE
REACH_CABIN
REACH_CITY
KILL_WITH_TRAP
SCAVENGE_ITEM
ESCAPE_WITH_NERF_ON
EXTRA1
EXTRA2
REACH_COMPOUND
REACH_FACILITY
KILLBOSS_1ST_TIME
KILLBOSS_IN_TIME
KILL_WITH_SWEAPON
COMPLETE_ALL_CHALLENGE
KILLBOSS_WITH_RELIC
KILL_PHANTOMS
KILL_RHINO_PISTOL
FOUND_ALL_INTELS
GOT_THEEGGSTRA_XP
REACH_CARGO
REACH_DECK
KILL_KRAKEN_1ST_TIME
KILL_KRAKEN_WITH_RELIC
KILL_KRAKEN_AND_ALL_CHALLENGES
FOUND_ALL_INTELS_MAYDAY
KILL_SEEDER_TURRETS
HYPNO_TRAP_RHINO
GOT_THEEGGSTRA_XP_DLC2
CRAFT_ALL_ITEMS
FINISH_GATE
EXTEND_THE_BRIDGE
AWAKENING_ESCAPE
AWAKENING_RELIC_ESCAPE
AWAKENING_ALL_CHALLENGES_ESCAPE
AWAKENING_ALL_INTEL
KILL_GARG_WITH_VANGUARD
GOT_THEEGGSTRA_XP_DLC3
LIKE_A_GLOVE
AWAKENING_4_CLASS_ESCAPE
LAST_COMPLETED
LAST_RELIC_COMPLETED
LAST_ALL_CHALLENGES_COMPLETED
LAST_ALL_INTEL
LAST_COMPLETE_AN_OUTPOST
GOT_THEEGGSTRA_XP_DLC4
TIMING_IS_EVERYTHING
YOU_WISH
ALWAYS_HARD
HAT_TRICK
:smile:

DeleteHudElem - B1TW153 B1TW153
C:
void (*Scr_NotifyNum)(int entnum, unsigned int classnum, unsigned short stringValue, unsigned int paramcount) = (void(__cdecl*)(int,unsigned int, unsigned short, unsigned int))0x82496EB8;
void (*Scr_FreeHudElemConstStrings)(int hud) = (void(__cdecl*)(int))0x823E9330;
void (*Scr_FreeEntityNum)(int entnum, unsigned int classnum) = (void(__cdecl*)(int,unsigned int))0x82493A10;
C:
void deleteHudElement(int hud)
{
int index = (0x8327ED28 - hud) / 0xBB;
Scr_NotifyNum(index, 1, *(short*)0x834D90AE, 0);
Scr_FreeHudElemConstStrings(elem);
Scr_FreeEntityNum(index, 1);
}

AttachEntity - Bitwise
Code:
void (*G_EntityAttach)(__int32 entity, char*modelName, int tagId, int r6) = (void(__cdecl*)(__int32,char*,int,int))0x82428710;//tu10
void (*G_EntityDetach)(__int32 entity, char*modelName, int tagId) (void(__cdecl*)(__int32,char*,int))0x82428848;/tu10
//examples
void toggleAttach(int clientIndex, char*model, int tag)
{
  attach[clientIndex] ^= true;
  if(attach[clientIndex]) { G_EntityAttach(getEntity(clientIndex), model, tag, 0x00); }
  if(!attach[clientIndex]) { G_EntityDetach(getEntity(clientIndex), model, tag); }
}
G_EntityAttach(getEntity(clientToAttachTo), "script_model", G_TagIndex("j_head"), 0x00);
G_EntityDetach(getEntity(clientToAttachTo), "script_model", G_TagIndex("j_head"));

Closest Client
Code:
#include "data.h"
#include "mod.h"
int closestClient(int clientIndex)
{
Mod client(clientIndex);
int cl;
float flt = 3.4 * (10^38);//149.6
for(int i = 0; i < (strstr(Dvar_GetString("g_gametype"),"ffa") ? 0x7 : 0xC)/*Declare Dvar_GetString yourself*/; i++)
{
Mod lol(i);
if(!lol.Alive() || i == hostIndex || data().ReadInt32(lol.playerState() + 0x28F0) == data().ReadInt32(client.playerState() + 0x28F0) || i == clientIndex) continue;
Mod clients(i);
if(sqrt((client.bit.origin[0] - clients.bit.origin[0]) * (client.bit.origin[0] - client.bit.origin[0])) < flt)
cl = i;
}
return cl;
}
Code:
void aimAtCC(int clientIndex)
{
Mod client(clientIndex);
Mod inf(closestClient(clientIndex));
data().Origin2Angles(inf.bit.origin, client.bit.angle);
client.setAngles(client.bit.angle);
}

Map Material - KYZA
Code:
SV_SetConfigstring(0x43B, "rank_prestige1");

Manipulation - uSkeezR
SV_SetConfigstring(0xBFF, "j_spine4"); // use any of tag names


Setting Fog - Thanks 0x0
// guess this would be the same on tu7, just update the SV_SetConfigstring
SV_SetConfigstring(0x6, "0 .1*5 .1*1 .3*2 .4*3 .8*4");
*1 = R
*2 = G
*3 = B
*4 = strength
*5 = fog on(1) off(0)

SetGameTime()
Code:
//replace gametime with your int
SV_SetConfigString(0x7, gametime);

Set FPSText
Code:
void setFPS(const char*text = "fps: %f\n")
{
*(int*)FPSOffset = 0x4800; // enable the text
char buffer[0x1000]; sprintf(buffer, "%X\n", text);
strcpy((char*)(FPSTexOffset), buffer);
}

Team Changer - Xx jAmes t xX
Code:
enum TeamType
{
Axis,
Allies,
Auto,
Spectator
};
Code:
void ChangeTeam(int client, TeamType Team)
{
char Buff[0x100];
sprintf(Buff, "lui 60 %i %i", Team, SV_ExecuteClientCommandValue[0]);
bool Switch = false;
int iTeam = *(int *)(getPlayerState(client) + 0x2F60);
switch(Team)
{
case TeamType::Auto: Switch = true; break;
case TeamType::Allies: if(iTeam != 2){Switch = true;} break;
case TeamType::Axis: if(iTeam != 1){Switch = true;} break;
case TeamType::Spectator: if(iTeam != 3){Switch = true;} break;
}
if(Switch)
SV_ExecuteClientCommand(client_s(client), Buff, true);
}

Bullet Trace - Xx jAmes t xX , therifboy
Code:
enum TraceHitType
{
TRACE_HITTYPE_NONE,
TRACE_HITTYPE_ENTITY,
TRACE_HITTYPE_DYNENT_MODEL,
TRACE_HITTYPE_DYNENT_BRUSH,
TRACE_HITTYPE_UNKNOWN
};
struct trace_t
{
float fraction;
float normal[3];
int surfaceFlags;
int contents;
const char *material;
TraceHitType hitType;
unsigned short hitId;
unsigned short modelIndex;
unsigned short partName;
unsigned short partGroup;
bool allsolid;
bool startsolid;
bool walkable;
};
Code:
struct BulletTraceType
{
short EntityNumber;
float Position[3];
};
void BulletTrace(BulletTraceType* Type, float* Start, float* End, int Client)
{
trace_t trace;
G_LocationalTrace(&trace, Start, End, Client, 0x80A831, 0);
for(int i = 0; i < 3; i++)
Type->Position[i] = (((End[i]-Start[i]) * trace.fraction) + Start[i]);
short Entity = (Trace_GetEntityHitId(&trace) & 0xFFFF);
if(Entity < 0x7FE)
Type->EntityNumber = Entity;
}

Structs
client_t Struct - XeClutch

HudElem Struct


Code:
struct game_hudelem_s
{
  hudelem_s elem;
  int clientIndex;
  int teamIndex;
  int archived;
};
Code:
struct hudelem_color
{
  char red;
  char green;
  char blue;
  char alpha;
}

Code:
void setHudText(game_hudelem_s*element, int font,float fontScale,float x,float y,int alignOrg,int alignScreen,float sort = 1,char rgba[])
{
  element->elem.type = 0x01;
  element->elem.text = G_LocalizedStringIndex(text);
  element->elem.font = font;
  element->elem.fontScale = fontScale;
  element->elem.x = x;
  element->elem.y = y;
  element->elem.aliginOrg = alignOrg;
  element->elem.aliginScreen = alignScreen;
  element->elem.sort = sort;
  element->elem.glowColor.red = rgba[0];
  element->elem.glowColor.green = rgba[1];
  element->elem.glowColor.blue = rgba[2];
  element->elem.glowColor.alpha = rgba[3];
}
void setHudMaterial(game_hudelem_s*element, const char*materialName,float x,float y,int width,int height,int alignOrg,int alignScreen,float sort = 0, char rgba[])
{
  element->elem.type = 0x04;
  element->elem.materialIndex = G_MaterialIndex(materialName);
  element->elem.x = x;
  element->elem.y = y;
  element->elem.width = width;
  element->elem.height = height;
  element->elem.aliginOrg = alignOrg;
  element->elem.aliginScreen = alignScreen;
  element->elem.sort = sort;
  element->elem.color.red = rgba[0];
  element->elem.color.green = rgba[1];
  element->elem.color.blue = rgba[2];
  element->elem.color.alpha = rgba[3];
}


Stats - imGol2den
Code:
private enum Stats : uint
{
ACCURACY = STATS_DELTA + 0x29,
ASSISTS = STATS_DELTA + 0x2D,
CAPTURES = STATS_DELTA + 0x51,
CONFIRMED = STATS_DELTA + 0x55,
DEATHS = STATS_DELTA + 0x5D,
DEFENDS = STATS_DELTA + 0x61,
DEFUSES = STATS_DELTA + 0x65,
DENIED = STATS_DELTA + 0x69,
DESTRUCTIONS = STATS_DELTA + 0x6D,
GAMES_PLAYED = STATS_DELTA + 0x75,
HEADSHOTS = STATS_DELTA + 0x79,
HITS = STATS_DELTA + 0x7D,
KILLS_DEATHS_RATIO = STATS_DELTA + 0x81,
KILLS = STATS_DELTA + 0x85,
KILLSTREAK = STATS_DELTA + 0x89,
LOSSES = STATS_DELTA + 0x8D,
MISSES = STATS_DELTA + 0x92,
PRESTIGE = STATS_DELTA + 0x4F28,
RETURNS = STATS_DELTA + 0xAA,
SCORE = STATS_DELTA + 0xAE,
SUICIDES = STATS_DELTA + 0xB2,
TIES = STATS_DELTA + 0xBA,
TOTAL_SHOTS = STATS_DELTA + 0xCE,
WINS = STATS_DELTA + 0xE2,
SQUAD_MEMBER_LEVEL = STATS_DELTA + 0x570,
SQUAD_MEMBERS = STATS_DELTA + 0xCC4,
SQUAD_MEMBER_XP = STATS_DELTA + 0x32E,
SQUAD_POINTS = STATS_DELTA + 0x4C30,
WIN_LOSS_RATIO = STATS_DELTA + 0xD2,
WINSTREAK = STATS_DELTA + 0xDA
};
private void WriteStat(Stats STAT, decimal VALUE)
{
  Buffer = BitConverter.GetBytes((int)VALUE);
  Xbox.SetMemory((uint)STAT, Buffer);
}


Engine Text - uSkeezR
Code:
typedef void (_cdecl *R_AddCmdDrawStretchPic_t)(float x, float y, float width, float height, float xScale, float yScale, float xay, float yay, const float *color, void *material);
R_AddCmdDrawStretchPic_t R_AddCmdDrawStretchPic = (R_AddCmdDrawStretchPic_t)0x8264CAE0;
typedef void (*R_AddCmdDrawText_t)(const char *text, int maxChars, void *font, float x, float y, float xScale, float yScale, float rotation, const float *color, int style);
R_AddCmdDrawText_t R_AddCmdDrawText = (R_AddCmdDrawText_t)0x8264EA70;
typedef void (*R_AddCmdDrawTextWithEffects_t)(const char *text, int maxChars, void *font, float x, float y, float xScale, float yScale, float rotation, const float *color, int style, const float *glowColor, void *fxMaterial, void *fxMaterialGlow, int fxBirthTime, int fxLetterTime, int fxDecayStartTime, int fxDecayDuration);
R_AddCmdDrawTextWithEffects_t R_AddCmdDrawTextWithEffects = (R_AddCmdDrawTextWithEffects_t)0x8264ED88;
typedef void *(*Material_RegisterHandle_t)(const char *name, int imageTrack);
Material_RegisterHandle_t R_RegisterShader = (Material_RegisterHandle_t)
typedef void *(*R_RegisterFont_t)(char *name, int imageTrack);
R_RegisterFont_t R_RegisterFont = (R_RegisterFont_t)
Code:
#define FONT_SMALL_DEV  "fonts/smallDevFont"
#define FONT_BIG_DEV  "fonts/bigDevFont"
#define FONT_CONSOLE  "fonts/consoleFont"
#define FONT_BIG  "fonts/bigFont"
#define FONT_SMALL  "fonts/smallFont"
#define FONT_BOLD  "fonts/boldFont"
#define FONT_NORMAL  "fonts/normalFont"
#define FONT_EXTRA_BIG  "fonts/extraBigFont"
#define FONT_OBJECTIVE  "fonts/objectiveFont"
#define FXMATERIAL  "fxMaterial"
#define FXGLOWMATERIAL  "fxGlowMaterial"
#define MY10THSHADER  "rank_prestige10"
float colorWhite[4] = {1.0f, 1.0f, 1.0f, 1.0f};
float colorBlack[4] = {0.0f, 0.0f, 0.0f, 1.0f};
float colorRed[4] = {1.0f, 0.0f, 0.0f, 1.0f};
float colorGreen[4] = {0.0f, 1.0f, 0.0f, 1.0f};
float colorBlue[4] = {0.0f, 0.0f, 1.0f, 1.0f};
Code:
void DrawPicture(float x, float y, float width, float height, char *material, const float *color)
{
  R_AddCmdDrawStretchPic(x, y, width, height, 0, 0, 1, 1, color, R_RegisterShader(material, 0));
}
void DrawText(const char *text, float x, float y, char *font, float fontSize)
{
  R_AddCmdDrawText(text, 0x7FFFFFFF, R_RegisterFont(font, 0), x, y, fontSize, fontSize, 0, colorWhite, 0);
}
void DrawTextWithGlow(const char *text, float x, float y, char *font, float fontSize, const float *glowColor)
{
  R_AddCmdDrawTextWithEffects(text, 0x7FFFFFFF, R_RegisterFont(font, 0), x, y, fontSize, fontSize, 0, colorWhite, 0, glowColor, R_RegisterShader(FXMATERIAL, 0), R_RegisterShader(FXGLOWMATERIAL, 0), 9999, 100, 999999, 100);
}
//Examples
DrawText("fdp :)", 200, 200, FONT_BIG, 1);
DrawTextWithGlow("fdp :)", 200, 200, FONT_BIG, 1, colorBlue);
DrawPicture(200, 200, 300, 300, MY10THSHADER, colorBlue);
Code:
Hooking
[code]
VOID PatchInJump(DWORD* Address, DWORD Destination, BOOL Linked)
{
  if(Destination & 0x8000)
  Address[0] = 0x3D600000 + (((Destination >> 16) & 0xFFFF) + 1);
  else
  Address[0] = 0x3D600000 + ((Destination >> 16) & 0xFFFF);
  Address[1] = 0x396B0000 + (Destination & 0xFFFF);
  Address[2] = 0x7D6903A6;
  if(Linked)
  Address[3] = 0x4E800421;
  else
  Address[3] = 0x4E800420;
}
HRESULT FDP()
{
DrawPicture(200, 200, 300, 300, MY10THSHADER, colorBlue);
DrawTextWithGlow("fdp :)", 200, 200, FONT_BIG, 1, colorBlue);
return S_OK;
}
PatchInJump((DWORD *)0x82521F40, (DWORD)FDP, false);//CL_DrawTextHook = 0x822CC700 - tu7, you can also hook 0x82521F40 - tu7

Learn PowerPC

Functions Labeler - Parse Parse

XexLoadImage - B1TW153 B1TW153
Code:
extern "C"
{
  void XexLoadImage(char*dir, int flag, int r5, int thread);
}
XeXLoadImage("game:\\dll_load.dll", 0x09, 0x00, 0x00);
Code:
console.Call(console.resolveFunc("xam.xex", 0x199), "game:\\dll_load.dll", 0x09, 0x00, 0x00);

Previous TU's
TU16
Offsets


Tu15
Loads of Offsets


Offsets

:smile:


TU14
Offsets - XeXGrizzly


More Offsets - Neokilla


Will Be Adding More Soon!


Tu13
Offsets - Neokilla


Offsets and Toggles

Keep dem codes coming peoples ! :smile:


TU12
More Offsets - Unsigned Chaos Neokilla
C:
FPSText = 0x8204AED4;
Laser = 0x8227C8E8;
ChromePlayers = 0x82670080;
NoRecoil = 0x822C6A54;
FPS = 0x8253B38C;
SP_script_model = 0x82422928;//think this is wrong
SV_LinkEntity = 0x824EB6C8;
SV_SetBrushModel = 0x824D45A0;
SV_UnLinkEntity = 0x824EB360;
MapBrushModel = 0x7F80;
ClientX = 0x1c;
ClientY = 0x20;
ClientZ = 0x24;
EntryStats = 0x8358044C;
Deaths = 0x5d;
Kills = 0x85;
Killstreak = 0x89;
GamePlayed = 0x75;
Losses = 0x8D;
Wins = 0xd6;
Score = 0xAE;
TimePlayed = 0xCA;
Hits = 0x6D;
Misses = 0x92;
SquadPoints = 0x4C30;
Prestige = 0x4F28;
RankXP = 0xFE6;
Ammo = 0x82245DD0;
FullyAutomaticGuns = 0x82240E14;
Redboxes = 0x8226AA04;
G_GivePlayerWeapon = 0x8242E570;
BG_GetWeaponIndexForName = 0x82247B30;
G_InitializeAmmo = 0x823EC748;
G_Spawn = 0x82429C60;
SV_GameSendServerCommand = 0x824D4460;
getPlayerStateOffset = 0x832B3680;
gEntity = 0x83378200;
Cbuf_AddText = 0x82448B28;
Gamertag_Pregame = 0x83F06BB8;
jump = 0x8201647C;
falldmgoffset = 0x8222E530;
G_SetModel = 0x82429780;
AdvancedUAV1 = 0x82262AE3;
AdvancedUAV2 = 0x82262EDB;
AdvancedUAV3 = 0x82262F47;

C:
//Main Offsets:
SV_GameSendServerCommand = 0x824D4460
Cbuf_AddText = 0x82448B28
PreGameGT = 0x83F06BBC
InGameGT = 0x8330171C
GivePlayerWeapon = 0x8242E570
InitializeAmmo = 0x823EC748
GetWeaponIndexForName = 0x82247B30
PlayerState = 0x832FE680
G_SetModel = 0x82429780
Get_entity = 0x83378200
//Off-Host Offsets:
No Recoil = 0x822C6A54
Red Boxes = 0x8226AA04
Laser = 0x8227C8E8
ChromePlayers = 0x82670080
Advanced UAV 1 = 0x82262AE3
Advanced UAV 2 = 0x82262EDB
Advanced UAV 3 = 0x82262F47
//Host Offsets:
Jump Height = 0x8201647C
Fall Damage = 0x8222E5A4
Auto Guns = 0x82240E14
Infinite Ammo = 0x82245DD0
MiniMap = 0x82448B28
//DemonWare ByPass
DemonWare_1 = 0x827BB1FC
DemonWare_2 = 0x827BB214
DemonWare_3 = 0x827BB4E0
DemonWare_4 = 0x827BB538
DemonWare_5 = 0x827BB550
DemonWare_6 = 0x827C0720
DemonWare_7 = 0x827C0734
//Stats
StatEntry = 0x82262F44
Deaths = 0x5d
Kills = 0x85
Killstreak = 0x89
GamePlayed = 0x75
Losses = 0x8D
Wins = 0xd6
Score = 0xAE
TimePlayed = 0xCA
Hits = 0x6D
Misses = 0x92
SquadPoints = 0x4C30
Prestige = 0x4F28
RankXP = 0xFE6

Offsets - Ikea Monkey
C:
0x824EB6C8 SV_LinkEntity
0x824EB360 SV_UnLinkEntity
0x8201647C Jump Height
0x8222E530 + 0x74 No Fall Damage
0x82240E14 Full Auto Guns
0x82448B28 Cbuff_AddText
0x823EC748 G_InitializeAmmo
0x82429780 G_SetModel
0x8215E7C8 G_SoundAliasIndex
0x823EBEF0 Add_Ammo
0x823E86D8 HudElem_Alloc
0x824DA7E0 Sv_SendServerCommand
0x52140000 Leveltime
0x8215E588 G_LocalizedStringIndex
0x8215C338 G_MaterialIndex
0x82449AA0 Sv_Cmd_TokenizeString
0x82449018 Sv_Cmd_EndTokenizeString
0x824D0E50 Sv_ExecuteClientCommand

TU11
Offsets Neokilla
Code:
SV_GameSendServerCommand offset: 0x824D3A48
  Cbuf_AddText offset: 0x824482E8
  StatEntry offset: 0x83572FCC
  PreGameGT offset: 0x83EF8E38
  G_GivePlayerWeapon offset: 0x8242DD40
  G_SetModel offset: 0x82428F50
  PlayerState offset: 0x832F1200
  Get_entity offset: 0x8336AD80
  Jump Height offset: 0x82016498
  No Recoil offset: 0x822C64CC
  Red Boxes offset: 0x8226A48C
  Laser offset: 0x8227C370
  ChromePlayers offset: 0x8266EFE4
  Fall Damage offset: 0x8222E034
  Advanced UAV: 0x82262568, 0x82262960, 0x822629CC
Ban Bypass 1 offset: 0x827BA1B4
Ban Bypass 2 offset: 0x827BA1CC
Ban Bypass 3 offset: 0x827BA4E4
Ban Bypass 4 offset: 0x827BA4F0
Ban Bypass 5 offset: 0x827BA508
Ban Bypass 6 offset: 0x827BF588
Ban Bypass 7 offset: 0x827BF59C

Offsets + Unsigned Chaos
Code:
FPSText = 0x8204AE84;
AdvancedUAV1 = 0x82262568;
AdvancedUAV2 = 0x82262960;
AdvancedUAV3 = 0x822629CC;
Laser = 0x8227C370;
ChromePlayers = 0x8266EFE4;
NoRecoil = 0x822C64CC;
FPS = 0x8253A8CC;
SP_script_model = 0x824220F8;
SV_LinkEntity = 0x824EAC38;
SV_SetBrushModel = 0x824D3B88;
SV_UnLinkEntity = 0x824EA8D0;
MapBrushModel = 0x7F80;
ClientX = 0x1c;
ClientY = 0x20;
ClientZ = 0x24;
EntryStats = 0x83572FCC;
Deaths = 0x5d;
Kills = 0x85;
Killstreak = 0x89;
GamePlayed = 0x75;
Losses = 0x8D;
Wins = 0xd6;
Score = 0xAE;
TimePlayed = 0xCA;
Hits = 0x6D;
Misses = 0x92;
SquadPoints = 0x4C30;
Prestige = 0x4F28;
Ammo = 0x82245858;
FullyAutomaticGuns = 0x822408A4;
Redboxes = 0x8226A48C;
G_GivePlayerWeapon = 0x8242DD40;
BG_GetWeaponIndexForName = 0x822475B8;
G_InitializeAmmo = 0x823EBF18;
G_Spawn = 0x82429430;
SV_GameSendServerCommand = 0x824D3A48;
getPlayerStateOffset = 0x832F1200;
gEntity = 0x8336AD80;
Cbuf_AddText = 0x824482E8;
Gamertag_Pregame = 0x83EF8E38;
jump = 0x82016498;
falldmgoffset = 0x8222E034;
G_SetModel = 0x82428F50;
More Coming ...

TU10
"Offsets and Stuff" - imGol2den
Code:
http://pastebin.com/rgZVY8Fa

Toggles - KillinItYo
Code:
ChromePlayers
Jtag.SetMemory(0x8266A438, new byte[] { 0x2b, 0x0b, 0x00, 0x01 });
OrangeBox
Jtag.SetMemory(0x82268B24, new byte[] { 0x41, 0x9A, 0x00, 0x0C });
Jtag.SetMemory(0x82268B24, new byte[] { 0x60, 0x00, 0x00, 0x00 });
Adv UAV
Jtag.SetMemory(0x82260c03, new byte[] { 0x00 });
Jtag.SetMemory(0x82260ffb, new byte[] { 0x00 });
Jtag.SetMemory(0x82261067, new byte[] { 0x00 });
Jtag.SetMemory(0x82260c03, new byte[] { 0x01 });
Jtag.SetMemory(0x82260ffb, new byte[] { 0x01 });
Jtag.SetMemory(0x82261067, new byte[] { 0x01 });

DLL Load - imGol2den
Code:
.globl _start
_start:
.set DLLLoaderHook, 0x827248F0
.set LoadLibraryA, 0x82724B68
.set DLLLoaderString, 0x82000BE8
.long DLLLoaderString
.long (9f-0f)/4
0:
.string "game:\\dll_load.dll"
.align 2
9:
.long DLLLoaderHook
.long (9f-0f)/4
0:
lis %r11, DLLLoaderString@h
ori %r3, %r11, DLLLoaderString@l
bl (LoadLibraryA - (DLLLoaderHook + 0x8))
9:
.long 0xFFFFFFFF

Ban Bypass TU10
Code:
0x827B4700 - 0x4800
0x827B46E8 - 0x60000000
0x827B46DC - 0x60000000
0x827B986C - 0x4800
0x827B9854 - 0x60000000


Offsets - antisober
Code:
http://pastebin.com/9FEcrWnF
My Apologise If Any Of These Offsets Are Wrong

More Offsets - Unsigned Chaos
Code:
http://pastebin.com/grHKQfVx

TU9
Ban Bypass & client_s - B1TW153 B1TW153
Code:
Bypass update;
Code:
827A8000 - 0x4800
827A7FE8 - 0x60000000
827A7FDC - 0x60000000
827AD0A4 - 0x4800
827AD08C - 0x60000000
EXAMPLE (for n00bs) : Jtag.SetMemory(0x827AD0A4, new byte[] {0x48, 0x00});
Code:
client_s update;
Code:
839B7480 + 0x207E90 + (clientIndex * 0x6FA00)

Teleport client to crosshairs - Hacksorce
Code:
Gent:
mulli r3, r3, 0x280
lis r4, 0x8332 //we dont need to load bottom bits because they are 0 by default
add r3, r4, r3
blr
Code:
Main:
mflr r12
stw r12, -8(r1)
stwu r1, -0x80(r1)
bl Gent
lwz r8, 0x158(r3)//ps self
mr r3, r4
bl Gent
lwz r9, 0x158(r3)//ps target
mr r3, r8
addi r4, 0x40(r1)
bl 0x823CBF30 //getViewOrigin tu9
lfs f1, 0x3c(r8)
lfs f2, 0x40(r8)
lfs f3, 0x44(r8)
stfs f1, 0x50(r1)
stfs f2, 0x54(r1)
stfs f3, 0x58(r1)
li r5, 0
li r6, 0
addi r3, 0x50(r1)
addi r4, 0x60(r1)
bl 0x82541C50 //AngleVectors tu9
lfs f4, 0x60(r1)
lfs f5, 0x64(r1)
lfs f6, 0x68(r1)
li r31, 0x64
fcfid f12, r31 //thanks Therifboy for showing me this conversion :P
fmadd f1, f12, f4, f1
fmadd f2, f12, f5, f2
fmadd f3, f12, f6, f3
stfs f1, 0x1c(r9)
stfs f2, 0x20(r9)
stfs f3, 0x24(r9)

Offsets and Toggles - imGol2den
Code:
public static uint getPlayerState(int CLIENT_NUMBER)
{
return 0x832A7F80 + ((uint)CLIENT_NUMBER * 0x3700);
}
Ill add more playerState stuff later but client gamertag is + 0x301C
SV_GameSendServerCommand - 0x824C5C30
CBuf_AddText = 0x8243BDB8
JUMP - 0x82015A20
FALL - 0x82223BFC
AUTO - 0x8223664C
AMMO - 0x8223B500
JUMP Toggle - Xbox.WriteFloat(Offs.JUMP, 999); or Xbox.WriteFloat(Offs.JUMP, 39);
FALL Toggle - Xbox.SetMemory(Offs.FALL, new byte[] { 0x48, 0x00 }); or Xbox.SetMemory(Offs.FALL, new byte[] { 65, 152 });
AUTO Toggle - Xbox.SetMemory(Offs.AUTO, new byte[] { 0x39, 0x60, 0x00, 0x00 }); or Xbox.SetMemory(Offs.AUTO, new byte[] { 59, 64, 0, 1 });

le Offsets - Stubone
Code:
Player state 0x832A7F80 size index is 0x3700
crome player 0x8265E20C  2B 0B 00 01 on
UAV 822585B0  2B 07 00 01 ON and 2B 07 00 00 off
Red Boxes 0x822603A4 nop
no recoil 0x822BC694 nop
Lazer 0x82272418  38 60 00 01 on  and 38 60 00 00 off
FPS TEXT 0x8204A164 write text
brushmodel  0x8331B780
G_entity 0x83320000
jump_height 0x82015A20
fall damage 0x82223BFC
all client health 0x823D70D0
all client ammo 0x8223B500
all client movement type 0x82229DAC
player_die 0x823D99A8
Trace_GetEntityHitId 0x82433618
G_LocationalTrace  0x823E4D0E
SV_ExecuteClientCommand 0x824C2638
SV_Cmd_TokenizeString 0x8243CD30
SV_Cmd_EndTokenizedString 0x8243C2A8
G_setmodel 0x8241D3F8
sp_script_model 0x82413FB8
Edit added some more
Gravity 0x823ca56c need testing i didnt tried it
G_GivePlayerWeapon(playerState_s *pPS, int iWeaponIndex, char altModelIndex) 0x824221E8
G_GetWeaponIndexForName 0x824223F8
G_Spawn 0x8241D8D8
G_EntUnlink (gentity_s * ent) 0x82423280
G_SetClientContents (gentity_s *) 0x823C7890
G_InitializeAmmo 823E06B0
ClientEndFrame (gentity_s * ent) 0x823CA550
ClientThink_real (gentity_s * ent * usercmd_s ucmd) 0x823CAB88
SetClientViewAngle 0x823CC910
Sv_AddTestClient 0x824C5478
ClientCommand 0x823D8668
SV_LinkEntity  0x824DCBA8
SV_UnlinkEntity  0x824DC840
SV_SetBrushModel  0x824C5D70
SV_SendServerCommand  0x824CBF60
G_MaterialIndex  0x82155828
ClientSpawn 0x823CCCA8
Sv_GameSendServerCommand 0x824C5C30
SV_SendServerCommand 0x824CBF60
G_LocalizedStringIndex 0x82157A68
G_CallSpawnEntity  0x82418EC8

Adding More ASAP!

TU8
Spawn Entities - Xx jAmes t xX

Offsets - Hacksorce Ambition sG
Code:
Ban Bypass (ish) = 0x826104A0; (NOP IT) - @Hacksorce
HudElem_Alloc = 0x823DA550;
Dvar_GetBool = 0x8254A420
Dvar_GetInt =  0x8254A448

Offsets - Haldorson
Code:
Cbuf_AddText = 0x82439B90;
SV_GameSendServerCommand = 0x824C2748;
PlayerState = 0x8328F100;
gEntity = 0x83306580;
jump_height = 0x820157B4;
falldamage = 0x822227F4;
redbox = 0x8225ED6C;
allClientAmmo = 0x8223A0F0;
allClientHealth = 0x823D4FF8;
allClientMovementType = 0x822289A4;
PreGameGamertag = 0x83E6CE38;
AdvancedUAV = 0x82257000;
NoRecoil = 0x822BAE9C;
ChromePlayer = 0x82659E28;

More Offsets - Unsigned Chaos Sinize

Post Code Bellow !!

TU7
Set Velocity - xI cHOcOLaTe
Code:
class IW6PS
  {
  EndianIO IO;
  uint playerstate_t;
  public IW6PS(uint Playerstate, EndianIO io)
  {
  if (!io.Opened)
  return;
  IO = io;
  playerstate_t = Playerstate;
  }
  public decimal[] Velocity
  {
  get
  {
  decimal[] _Velocity = new decimal[3];
  IO.SeekTo(playerstate_t + 0x28);
  _Velocity[0] = decimal.Round((decimal)IO.In.ReadSingle());
  _Velocity[1] = decimal.Round((decimal)IO.In.ReadSingle());
  _Velocity[2] = decimal.Round((decimal)IO.In.ReadSingle());
  return _Velocity;
  }
  set
  {
  if (value.Length != 3)
  return;
  IO.SeekTo(playerstate_t + 0x28);
  IO.Out.Write((float)value[0]);
  IO.Out.Write((float)value[1]);
  IO.Out.Write((float)value[2]);
  }
  }
  }
Code:
  public uint GetPlayerState(uint clientNum)
  {
  return offsets._PlayerState + clientNum * offsets.s_PlayerstateSize;
  }
// On a button
IW6PS ps = new IW6PS(GetPlayerState((uint)lb_Clients.SelectedIndex), io);
decimal[] vel = new decimal[3];
ps.Velocity = new decimal[3] { vel[0], vel[1], vel[2] + 20000 };

Add Bot - Bitwise : Needs Testing
Code:
void AddBot()
{
char buffer[0x1000];
int clientIndex;
int (*AddBotz)() = (int(__cdecl*)())0x824BD4E0;
void (*SV_ECC)(void*cl, const char*s, int clientOK, int) = (void(__cdecl*)(void*,const char*,int,int))0x824BA730;
clientIndex = AddBotz();
sprintf(buffer, "lui 60 %i %i, irand(1, 3), value);
SV_ECC((void*)client_s(clientIndex), buffer, 1, 0);
Sleep(100);
sprintf(buffer, "lui 5 1 %i", value);
SV_ECC((void*)client_s(clientIndex), buffer, 1, 0);
Sleep(50);
}

UnFairAimbotV0.1 - Needs Testing : Bitwise
Code:
void unFairAimBot(int clientIndex)
{
bool unfairaimbot = true;
int damage = ((1 << (32-16)) + 0x86A0);
while(unfairaimbot)
{
for(;;)
{
if((char*)(client_s(clientIndex) + 0x31A4C) == BUTTON_RT)
player_die(getEntity(clientIndex), getEntity(closestplayer(clientIndex)), getEntity(clientIndex), damage, 0xE, 0, 0, 2, 0);
Sleep(35);
}
}
}
Also ...
Code:
int closestplayer(int clientIndex)
{
float hax = (*(float*)(getPlayerState(clientIndex) + 0x1C) + *(float*)(getPlayerState(clientIndex) + 0x20) + *(float*)(getPlayerState(clientIndex) + 0x24));
for(int cl = 0; cl < 18; cl++)
{
float hax1 = (*(float*)(getPlayerState(cl) + 0x1C) + *(float*)(getPlayerState(cl) + 0x20) + *(float*)(getPlayerState(cl) + 0x24));
if(!Alive(cl) || *(int*)(getPlayerState(cl) + 0x2f60) == *(int*)(getPlayerState(clientIndex) + 0x2f60) || cl == clientIndex)
break;
if((hax1 - hax) > 1333333337)
break;
return cl;
}
}
bool Alive(int clientIndex){
if(*(int*)(getPlayerState(clientIndex) + 0x1A8) != 0x00 || *(int*)(getEntity(clientIndex) + 0x18c) != 0x00)
return true;
return false;
}

Hacksorce :
Code:
http://pastebin.com/wtgknMjF

Player Suicide - KYZA
Code:
void Suicide(int clientIndex)
{
void (*player_die)(int self, int inflictor, int attacker, int damage, int meansOfDeath, int iWeapon, const float *vDir, int hitLoc, int psTimeOffset) = (void(__cdecl*)(int,int,int,int,int,int,const float*,int,int))0x823D5910;
player_die(getEntity(clientIndex), getEntity(clientIndex), getEntity(clientIndex), 0x186A0, 0xE, 0, 0, 0, 0);
}

Ghosts Dpad Monitoring - KYZA
Code:
=  client_s + 0x31A4C
Code:
public uint client_s(uint Client)
{
return (uint)(0x83987680 + 0x207E90) + (Client * 0x6C600);
}

Offsets - therifboy
Code:
0x823B5FA0 - Bullet_EndPos
0x823B7BA0 - Bullet_Fire
0x823B7340 - Bullet_FireExtended
0x823B7568 - Bullet_FirePenetrate
0x82259958 - CG_CheckHudHealthDisplay
0x8228C448 - CG_MenuShowNotify
0x82259400 - CG_PriorityCenterPrint
0x8225B528 - CG_ScanForCrosshairEntity
0x8226C1E0 - CG_TranslateHudElemMessage
0x823DF9A0 - CalculateRanks
0x823D4300 - ClientCommand
0x823C8410 - ClientDisconnect
0x823D8FF0 - GScr_NewClientHudElem
0x823D8FA8 - GScr_NewHudElem
0x8241BC20 - G_AntiLag_RestoreClientPos
0x8241B928 - G_AntiLagRewindClientPos
0x823D82D8 - HudElem_Alloc
0x82481170 - HudElem_ClientDisconnect
0x823D09B0 - PlayerCmd_Suicide
0x824149B8 - Scr_GetEntity
0x832FFE58 - level_locals_t
0x83302B80 - gentity_s
0x8320B9A0 - g_hudelems
0x83300398 - leveltime //level_locals_t + 0x540

More TU7 Offsets
Code:
Recoil = 0x822B92B4;
  Ammo = 0x8223894B;
  AdvUAV = 0x8225591F;
  FallDamage = 0x8222141C;
  JumpValue = 0x820155CC;
G_GivePlayerWeapon = 0x8241D8F8;
G_GetWeaponIndexForName = 0x8241DB08;
Pre-Game GT =  0x83E565BC;
RedBoxes = 0x8225D58C;
Thermal Vision = 0x8229ED0C;
Full Auto = 0x82233C4C;
Advanced UAV - 0x8225591F;

TU7 Stats ( Recovery)
( same as TU6 I believe)
Code:
  Entry = 0x834EA3A4;
  Deaths = 0x5D;
  Suicides = 0x9A;
  Kills = 0x85;
  KillStreaks = 0x89;
  GamePlayed = 0x75;
  Losses = 0x8D;
  Wins = 0xD6;
  Score = 0xAE;
  TimePlayed = 0xCA;
  Hits = 0x6D;
  Misses = 0x92;
  SquadPoints = 0x4C30;
  Prestige = 0x4F28;
  RankXP = 0x9A;
  PerSquadPlayer = 0x564;

Hud Elems Dump - Julo94 Julo94
Thanks to Julo94
Code:
HudElem_Alloc(int clientNum, int teamNum) : 0x823D82D8
HudElem_Free(game_hudelem_s *hud) : 0x823D8410
HudElem_ClientDisconnect(gentity_s *ent) : 0x823D8448
HudElem_DestroyAll() : 0x823D84A8
HudElem_SetEnumString(game_hudelem_s *hud, game_hudelem_field_t *f, const char **names, int nameCount) : 0x823D8508
HudElem_GetEnumString(game_hudelem_s *hud, game_hudelem_field_t *f, const char **names, int nameCount): 0x823D8628
HudElem_SetLocalizedString(game_hudelem_s *hud, int offset) : 0x823D8650
HudElem_SetFlagForeground(game_hudelem_s *hud, int offset) : 0x823D86B0
HudElem_GetFlagForeground(game_hudelem_s *hud, int offset) : 0x823D8788
HudElem_SetFlagHideWhenDead(game_hudelem_s *hud, int offset) : 0x823D87A8
HudElem_GetFlagHideWhenDead(game_hudelem_s *hud, int offset) : 0x823D8810
HudElem_SetFlagHideWhenInMenu(game_hudelem_s *hud, int offset) : 0x823D8830
HudElem_GetFlagHideWhenInMenu(game_hudelem_s *hud, int offset) : 0x823D8898
HudElem_SetBoolean(game_hudelem_s *hud, int offset) : 0x823D88B8
HudElem_SetFont(game_hudelem_s *hud, int offset) : 0x823D8CD0
HudElem_GetFont(game_hudelem_s *hud, int offset) : 0x823D8CF0
HudElem_SetAlignX(game_hudelem_s *hud, int offset) : 0x823D8D30
HudElem_GetAlignX(game_hudelem_s *hud, int offset) : 0x823D8D50
HudElem_SetAlignY(game_hudelem_s *hud, int offset) : 0x823D8D90
HudElem_GetAlignY(game_hudelem_s *hud, int offset) : 0x823D8DB0
HudElem_SetHorzAlign(game_hudelem_s *hud, int offset) : 0x823D8DF0
HudElem_GetHorzAlign(game_hudelem_s *hud, int offset) : 0x823D8E10
HudElem_SetVertAlign(game_hudelem_s *hud, int offset) : 0x823D8E50
HudElem_GetVertAlign(game_hudelem_s *hud, int offset) : 0x823D8E70
Scr_GetHudElemField(int entnum, int offset) : 0x823D8EB0
Scr_SetHudElemField(int entnum, int offset) : 0x821C3190
Scr_FreeHudElemConstStrings(game_hudelem_s *hud) : 0x823D8F30

MFlags - KYZA
Thanks To KYZA
Code:
const char*mflagz[] = { "normal", "noclip", "ufo", "noclip#2", "frozen" };
void ToggleMflags(int clientIndex, int value)
{
*(int*)(getPlayerState(clientIndex) + MFLAGS) ^= value;
int mflag = *(int*)(int)(getPlayerState(clientIndex) + MFLAGS) & value)
sprintf(buffer, "e \"%s %s\""", mflagz[value], (mflag) ? "on" : "off");
SV_GameSendServerCommand(clientIndex, 0, buffer);
}

Post Yours Bellow To Be Added

TU6
Offsets - Hexsorce


Offsets KYZA
HasAWeapon
Code:
bool (*HasAWeapon)(__int32 gentity) = (bool(__cdecl*)(_int32))0x823D0650;
OR
Code:
bool lol = *(bool*)(getPlayerState(clientIndex) + 0x2E80);

SetGameEndTime
Code:
SV_SetGameEndTime = 824BDCE8

void __cdecl SV_SetGameEndTime(int gameTime)
OR

Random Offsets
Code:
Ammo = 0x8223894B // 0x05  on ; 0x01 off
Fullt Autoguns = 0x822B924C // 0x41 0n ; 0x4B off
Red/Orange Boxes = 0x8225D58C; // 0x40 on ; 0x41 off
G_GivePlayerWeapon = 0x8241b050;
Cbuf_AddText = 0x82437428;
Pre-Game GT = 0x83E565B8;
JumpHeight = 0x820155C4;


B1TW153 B1TW153 Pastebin, useful stuff




IDC Generator & Script - B1TW153 B1TW153
http://o.aolcdn.com/hss/storage/fss/50763d7876580a90f99c792dcc9efded/IDCGenerator v0.0.3.exe

Code:
// please note : gEntity size is currently wrong, working on fix
#include<idc.idc>

extern function, byte, address, value;

static LabelFunction(name,binary,functionname)
{
  for(function=0;function != BADADDR;function = function + 0x04)
  {
  function = FindBinary(function,SEARCH_DOWN,binary);
  Message(".::@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@::.\n\nTrying to find function %s with binary ['%s']...\n", name, binary);
  Sleep(250);
  if(function == BADADDR)
  {
  Warning("%s could not be found in memory (%08X)\n", name, BADADDR);
  break;
  }
  else
  {
  //Message("%s\n", GetDisasm(function));
  auto math = GetFunctionAttr(function, FUNCATTR_START);
  MakeUnknown(math, GetFunctionAttr(math, FUNCATTR_END), 0x00);
  SetStatus(1);
  MakeCode(math);
  MakeFunction(math, GetFunctionAttr(math, FUNCATTR_END));
  MakeNameEx(math, name, 0x00);
  SetStatus(o);
  MakeRptCmt(math, sprintf("%s found in memory at %08X #bitwisehax", name, DecodeInstruction(math).ea));
  if(GetCharPrm(INF_COMPILER) != COMP_MS) // Thanks to Dwack
  {
  SetCharPrm(INF_COMPILER, COMP_MS);
  }
  SetType(math, sprintf("%s;", functionname));
  Jump(math);
  SetStatus(1);
  Message("%s found in memory (%08X)\nDeclariation:\n\t%s\n\n\n", name, math, GetType(math));
  SetStatus(o);
  break;
  }
  }
}

#define ADD 1
#define MINUS 2
#define FIRST_OPERAND 0
#define SECOND_OPERAND 1
#define THIRD_OPERAND 2
#define FORTH_OPERAND 3
#define FITH_OPERAND 4

static GetValue(binary, oper, offset, aom)//GetValue("39 60 00 00", SECOND_OPERAND, 0x539, ADD);
{
  for(value=0;value!=BADADDR;value=value+0x04)
  {
  value = FindBinary(value,SEARCH_DOWN,binary);
  if(value == BADADDR || GetOperandValue((aom == ADD) ? value + offset : value - offset, oper) == BADADDR || GetOpType((aom == ADD) ? value + offset : value - offset, oper) == 0)
  {
  Message("Operand %i at %08X failed...\n", oper + 1, DecodeInstruction(aom == ADD ? value + offset : value - offset).ea);
  break;
  }
  else
  {
  auto math = (aom == ADD ? value + offset : value - offset);
  if(GetOpType(math,oper) == 1) { Message("Operand %i is a GPR! Register is r%i\n", oper + 1, GetOperandValue(math, oper)); }
  if(GetOpType(math,oper) == 2) { Message("Operand %i is a Memory Referance! Address is %08X\n", oper + 1, GetOperandValue(math,oper)); }
  if(GetOpType(math,oper) >= 5) { Message("Operand %i is an Immediate! Value is %08X\n", oper + 1, GetOperandValue(math, oper)); }
  if(GetOpType(math,oper) == 8) { Message("Operand %i is a floating point register! Register is fp%i\n", oper + 1, GetOperandValue(math,oper)); }
  return GetOperandValue(math, oper);
  break;
  }
  }
}
static LabelEP(name, binary, aom, offset)
{
  for(byte=0;byte != BADADDR;byte = byte + 0x04)
  {
  byte = FindBinary(byte,SEARCH_DOWN,binary);
  if(byte == BADADDR)
  {
  Warning("%s not found in memory (%08X)\n", name, BADADDR);
  break;
  }
  else
  {
  auto addr = (aom == 1) ? byte + offset : byte - offset;
  if(CheckBpt(addr) == -1 || CheckBpt(addr) == 0)
  {
  AddBptEx(addr, 0x00, BPT_SOFT);
  }
  Message("%s found in memory. Jump to %08X and %s will be highlighted with a bp!\n", name, addr);

  Jump(addr);
  MakeRptCmt(addr, sprintf("%s EP found at %08X (%s is the dword_address or qword_address ect...) #bitwisehax", name, addr));
  break;
  }
  }
}

static getStructureSize(ps)
{
  auto test;
  for(test=0;test != BADADDR;test = test + 0x04)
  {
  test = FindBinary(test,SEARCH_DOWN,(ps == "ps") ? "7F A3 EB 78 38 80 00 00  83 6B 00 0C 93 7F 05 34" : "55 07 38 30 38 CB 01 64  7C 67 30 2E 2B 03 00 00");
  auto ret = (ps == "ps") ? GetOperandValue(test + 0x60, 2) : atol(sprintf("%X%X0", GetOperandValue(test + 0x8, 2), GetOperandValue(test + 0x12, 2)));
  return ret;
  }
}

static main()
{
  Message("IDC Script created by Bitwise has been executed!\n\nCurrent file that has been disassembled ['%s']\n\n", GetInputFile());
  Sleep(1000);
  LabelFunction("SV_GameSendServerCommand", " 7D 69 40 2E 7D 43 51 D6  7C 6A 5A 14", "void __cdecl SV_GameSendServerCommand(__int32 clientIndex, unsigned __int32 type, const char*fmt)");
  LabelFunction("SV_DropClient", "60 E6 FA 00 7D 69 40 2E  7D 43 31 D6 7C 6A 5A 14", "void __cdecl SV_GameDropClient(__int32 clientIndex, const char*fmt)");
  LabelFunction("SV_SendServerCommand", "61 6A 7E 8C 7F FF 8A 14  7D 38 50 2E 7F 13 48 00", "void __cdecl SV_SendServerCommand(__int32 client_s, unsigned int type, const char*fmt)");
  LabelFunction("AntiCheat_reportConsoleDetails", "7C 78 1B 78 90 7F 00 F4  7C 94 23 78 7C BD 2B 78", "void __cdecl AntiCheat_reportConsoleDetails(int r3, int r4, int r5, int r6, int r7, int r8, int r9, int r10)");
  LabelFunction("AntiCheat_awnserChallenges", "7C 7C 1B 78 90 7F 00 A4  7C 9B 23 78 7C BD 2B 78", "void __cdecl AntiCheat_awnserChallenges(int r3, int r4, int r5, int r6, int r7, int r8, int r9, int r10)");
  LabelFunction("AntiCheat_consoleID", "94 21 FF 90 39 60 00 08  7C 7F 1B 78 7C 9E 23 78", "void __cdecl AntiCheat_consoleID(int r3, int r4)");
  LabelEP("gentity_s", "55 07 38 30 38 CB 01 64  7C 67 30 2E 2B 03 00 00", MINUS, 0x14);
  Message("Structure size: 0x%03X\n", getStructureSize("entity"));
  LabelEP("playerState_s", "7F A3 EB 78 38 80 00 00  83 6B 00 0C 93 7F 05 34", MINUS, 0x18); // please note : gEntity size is currently wrong, working on fix
  Message("Structure size: 0x%04X\n", getStructureSize("ps"));
  //GetValue("7F A3 EB 78 38 80 00 00  83 6B 00 0C 93 7F 05 34",FIRST_OPERAND, 0x18, MINUS);
}
Output
Code:
IDC Script created by Bitwise has been executed!

Current file that has been disassembled ['ghosts_tu10.xex']

.::@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@::.

Trying to find function SV_GameSendServerCommand with binary [' 7D 69 40 2E 7D 43 51 D6  7C 6A 5A 14']...
SV_GameSendServerCommand found in memory (824D1498)
Declariation:
void __cdecl(__int32 clientIndex, unsigned __int32 type, const char *fmt)


.::@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@::.

Trying to find function SV_DropClient with binary ['60 E6 FA 00 7D 69 40 2E  7D 43 31 D6 7C 6A 5A 14']...
SV_DropClient found in memory (824D14E8)
Declariation:
void __cdecl(__int32 clientIndex, const char *fmt)


.::@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@::.

Trying to find function SV_SendServerCommand with binary ['61 6A 7E 8C 7F FF 8A 14  7D 38 50 2E 7F 13 48 00']...
SV_SendServerCommand found in memory (824D7818)
Declariation:
void __cdecl(__int32 client_s, unsigned int type, const char *fmt)


.::@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@::.

Trying to find function AntiCheat_reportConsoleDetails with binary ['7C 78 1B 78 90 7F 00 F4  7C 94 23 78 7C BD 2B 78']...
AntiCheat_reportConsoleDetails found in memory (827B44E0)
Declariation:
void __cdecl(int r3, int r4, int r5, int r6, int r7, int r8, int r9, int r10)


.::@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@::.

Trying to find function AntiCheat_awnserChallenges with binary ['7C 7C 1B 78 90 7F 00 A4  7C 9B 23 78 7C BD 2B 78']...
AntiCheat_awnserChallenges found in memory (827B4298)
Declariation:
void __cdecl(int r3, int r4, int r5, int r6, int r7, int r8, int r9, int r10)


.::@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@::.

Trying to find function AntiCheat_consoleID with binary ['94 21 FF 90 39 60 00 08  7C 7F 1B 78 7C 9E 23 78']...
AntiCheat_consoleID found in memory (827B9810)
Declariation:
void __cdecl(int r3, int r4)


gentity_s found in memory. Jump to 8215CD30 and (null) will be highlighted with a bp!
Structure size: 0x006 // wrong need to fix
playerState_s found in memory. Jump to 823EF3A0 and (null) will be highlighted with a bp!
Structure size: 0x3700
Operand 1 is a GPR! Register is r10
Ghosts title updates:

PS Class - B1TW153 B1TW153

PlayerState Stuff - additives generally stay the same
Code:
typedef enum Random : int
{
PLAYER_DEAD,
PLAYER_VISIBLE,
PLAYER_3RDPERSON,
PLAYER_LASER,
PLAYER_MFLAG,
PLAYER_VISION_THERMAL,
PLAYER_VISION_THERMAL_REDBOX
};

bool isenabled(int clientIndex, Random enabled, int truecheck, bool ps){
int index, maybe; index = enabled; bool returnz;
switch(index){
case Random::PLAYER_DEAD: index = 0x18C; break;
case Random::PLAYER_VISIBLE: index = 0x124; break;
case Random::PLAYER_3RDPERSON: index = 0x10; break;
case Random::PLAYER_LASER: index = 0x124; break;
case Random::PLAYER_MFLAG: index = 0x3218; break;
case Random::PLAYER_VISION_THERMAL: index = 0x10; break;
case Random::PLAYER_VISION_THERMAL_REDBOX: index = 0x13; break;}
maybe = (((ps) ? (getPlayerState(clientIndex) + index) : (gentity(clientIndex) + index)) & truecheck);
(maybe ? returnz = true : returnz = false);
return returnz;
}
Code:
- B1TW153

bool isvisable(int clientIndex){
int maybe = (*(int*)(getPlayerState(clientIndex) + 0x124) & 0xFFDF);
(maybe ? return false : return true);
}

Code:
  public uint ButtonPressed(int p)
  {
  return Pars.ReadUInt32(getPlayerState(p) + 0x568C);
  }
Code:
  public void GodMode(int client, bool enabled)
  {
  if (enabled)
  {
  Pars.WriteInt32(getPlayerState(client) + 0x18, 1);
  }
  else
  {
  Pars.WriteInt32(getPlayerState(client) + 0x18, ~1);
  }
  }
Code:
  public void Invisible(int client, bool enabled)
  {
  if (enabled)
  {
  Pars.AND_Int32(getPlayerState(client) + 0x124, ~0x20);
  }
  else
  {
  Pars.AND_Int32(getPlayerState(client) + 0x124, 0x20);
  }
  }
Code:
  public void ThirdPerson(int client, bool enabled)
  {
  if (enabled)
  {
  Pars.WriteUInt32(getPlayerState(client) + 0x10, 0x2);
  }
  else
  {
  Pars.WriteUInt32(getPlayerState(client) + 0x10, 0x0);
  }
  }
Code:
  public void Laser(int client, bool enabled)
  {
  if (enabled)
  {
  Pars.WriteUInt32(getPlayerState(client) + 0x124, 0x10000);
  }
  else
  {
  Pars.WriteUInt32(getPlayerState(client) + 0x124, 0x00);
  }
  }
Code:
  public void Freeze(int client, bool enabled)
  {
  if (enabled)
  {
  Pars.SetMemory(getPlayerState(client) + 0x3218, new byte[] { 0x04 });
  }
  else
  {
  Pars.SetMemory(getPlayerState(client) + 0x3218, new byte[] { 0x00 });
  }
  }
Code:
  public void UFOMode(int client, bool enabled)
  {
  if (enabled)
  {
  Pars.SetMemory(getPlayerState(client) + 0x3218, new byte[] { 0x02 });
  }
  else
  {
  Pars.SetMemory(getPlayerState(client) + 0x3218, new byte[] { 0x00 });
  }
  }
Code:
  public void NoClipping(int client, bool enabled)
  {
  if (enabled)
  {
  Pars.SetMemory(getPlayerState(client) + 0x3218, new byte[] { 0x01 });
  }
  else
  {
  Pars.SetMemory(getPlayerState(client) + 0x3218, new byte[] { 0x00 });
  }
  }
Code:
  public void NormalMovement(int client)
  {
  Pars.SetMemory(getPlayerState(client) + 0x3218, new byte[] { 0x00 });
  }
  public void MovePreGame(int client, bool enabled)
  {
  if (enabled)
  {
  Pars.SetMemory(getPlayerState(client) + 0x01, new byte[] { 0x00 });
  }
  else
  {
  Pars.SetMemory(getPlayerState(client) + 0x01, new byte[] { 0x01 });
  }
  }
Code:
  public void SetSpeed(int client, float value)
  {
  Pars.WriteFloat(getPlayerState(client) + 0x2F50, value);
  }
Code:
  public void GiveWeapon(int client, string wName)
  {
  int wIndex = (int)Pars.Call(Tu7Offsets.G_GivePlayerWeapon, new object[] { wName });
  Pars.Call(Tu7Offsets.G_GivePlayerWeapon, getPlayerState(client), wIndex, 0, 0);
  }
Code:
  public void RedBoxesThermal(int client)
  {
  Pars.SetMemory(getPlayerState(client) + 0x13, new byte[] { 0x18 });
  }
Code:
  public void ThermalVision(int client, bool enabled)
  {
  if (enabled)
  {
  Pars.WriteUInt32(getPlayerState(client) + 0x10, 0x08);
  }
  else
  {
  Pars.WriteUInt32(getPlayerState(client) + 0x10, 0x00);
  }
  }
Code:
  public void TakeAllWeapons(int client)
  {
  Pars.WriteUInt32(getPlayerState(client) + 0x41C, 0);
  for (int i = 0; i < 0xF; i++)
  Pars.WriteUInt32((uint)(getPlayerState(client) + 0x2E4 + (0x4 * i)), 0);
  }
Code:
public float x;
  public float y;
  public float z;
public void GetOrigin(int client)
  {
  x = Pos.ReadFloat(PlayerState(client) + 0x1C);
  y = Pos.ReadFloat(PlayerState(client) + 0x20);
  z = Pos.ReadFloat(PlayerState(client) + 0x24);
  }
  public void SetOrigin(int client, float Ypos, float Xpos, float Zpos)
  {
  Pos.WriteFloat(PlayerState(client) + 0x1C, Xpos);
  Pos.WriteFloat(PlayerState(client) + 0x20, Ypos);
  Pos.WriteFloat(PlayerState(client) + 0x24, Zpos);
  }
Code:
  public string GetGamertag(int Client)
  {
  if (Pars.ReadByte(getPlayerState(Client) + 0x2F9C) != 0)
  return Pars.ReadString(getPlayerState(Client) + 0x2F9C, new byte[32]);
  return "";
  }
Code:
  public void SetClantag(int client, string str)
  {
  Pars.WriteString(getPlayerState(client) + 0x300C, str + "\0");
  }
Code:
  public void SetGamertag(int Client, string Gamertag)
  {
  Pars.WriteString(getPlayerState(Client) + 0x2F9C, Gamertag + "\0");
  }
Perks Dump - KYZA


Visions
// Use like JT.Call(SV, -1, 0, " J \" ac130\"");


Models Dump

IDC Script For All Client Stats - B1TW153
NOTE :

As you should know with binary patterns, the slightest change with a byte, register or instruction, will change the binary, and result is a mismatch, so lets say if ghosts goes up to TU15+, the binary patterns in this IDC script will most likely no longer work.


#include <idc.idc>

static lol()
{
auto delta;
for(delta = 0; delta != BADADDR; delta = delta + 4)
{
delta = FindBinary(delta, SEARCH_DOWN, "3A F7 C5 45 88 D7 00 00 2B 06 00 00");
if(delta == BADADDR)
{
Message("delta not found\n");
break;
}
auto lolz;
lolz = delta + 0x1C;
Message("delta: 0x%X%X%X%X\n", Byte(lolz + 0x2), Byte(lolz + 0x3), Byte(lolz + 0x4), Byte(lolz + 0x5));
break;
}

auto gssc;
for(gssc = 0; gssc != BADADDR; gssc = gssc + 0x4)
{
gssc = FindBinary(gssc, SEARCH_DOWN, "61 48 7E 90 3C E0 00 06 3C A0 82 01");
if(gssc == BADADDR)
{
Message("GSSC not found\n");
break;
}
Message("GSSC: 0x%08X\n", gssc - 0x28);
break;
}

auto bla;
for(bla = 0; bla != BADADDR; bla = bla + 4)
{
bla = FindBinary(bla, SEARCH_DOWN, "7C 7F 1B 78 7C 95 23 78 7C BE 2B 78 38 A0 04 00");
if(bla == BADADDR)
{
Message("GSCC not found\n");
break;
}
Message("GSCC: 0x%08X\n", bla - 0x10);
break;
}
}

static main()
{
lol();
}

Auto Update Offsets - B1TW153 B1TW153
Code:
int FindOffset(const char*binary, int start)
{
for(int i = start; i < start + 0x10000; i += 0x04)
{
int temp[4] = {};
int addr[4] = {};
memcpy(&temp, &i, sizeof(temp));
memcpy(&addr, (const void*)atoi(binary), sizeof(addr));
for(int f = 0; f < 5; f++)
{
if(temp[f] == addr[f])
return i;
}
return 0;

}
}

IDC Script - therifboy
Code:
#include <idc.idc>
//IDC Made by Therifboy

static main()
{
DumpTable("Dumping CoDAnywhere functions...", "53 74 61 72 74 41 63 63 6F 75 6E 74 43 72", "CoDAnywhere_", 0);
DumpTable("Dumping Game functions...", "47 65 74 54 69 6D 65 00", "Game_", 0);
DumpTable("Dumping Clan functions...", "49 73 45 6E 61 62 6C 65 64 00", "Clan_", 0);
DumpTable("Dumping LobbyMember functions...", "53 65 6C 65 63 74 4D 65 6D 62 65 72 00", "LobbyMember_", 0);
DumpTable("Dumping Party functions...", "49 73 41 63 74 69 76 65 4D 65 6D 62 65 72", "Lobby_", 8);
DumpTable("Dumping MLG functions...", "53 65 74 4D 4C 47 41 63 74 69 76 65", "MLG_", 0);
DumpTable("Dumping Playlist functions...", "47 65 74 50 72 65 73 65 6C 65 63 74 65", "Playlist_", 0);
DumpTable("Dumping SocialFeed functions...", "47 65 74 41 72 74 69 63 6C 65 43 6F 75 6E 74 00", "SocialFeed_", 0);
DumpTable("Dumping Store functions...", "47 65 74 43 61 74 65 67 6F 72 79 49 6E 66 6F 00", "Store_", 0);
DumpTable("Dumping Squad functions...", "46 69 6E 64 4D 61 74 63 68 00", "Squad_", 0);
DumpTable("Dumping SP functions...", "69 6E 66 6F 5F 6E 6F 74 6E 75 6C 6C 00", "SP_", 0);
DumpTable("Dumping SP functions...", "74 72 69 67 67 65 72 5F 75 73 65 5F 74 6F", "SP_", 0);
DumpTable("Dumping CharacterScene functions...", "46 72 65 65 43 68 61 72 61 63 74 65 72", "CharacterScene_", 0);
DumpTable("Dumping functions...", "72 65 67 69 73 74 65 72 41 6E 69 6D 61 74", "", 0);
DumpTable("Dumping Customization functions...", "47 65 74 43 6F 6D 70 6C 65 74 65 48 65", "Customization_", 0);
DumpTable("Dumping string functions...", "62 79 74 65 00", "string_", 0);
DumpTable("Dumping profile functions...", "6D 65 6D 6F 72 79 73 74 61 74 73 00", "profile_", 16);
DumpTable("Dumping os functions...", "63 6C 6F 63 6B 00", "os_", 0);
DumpTable("Dumping io functions...", "77 72 69 74 65 00", "io_", 0);
DumpTable("Dumping havokscript functions...", "63 6F 6D 70 69 6C 65 72 53 65 74 74 69 6E", "havokscript_", 0);
DumpTable("Dumping debug functions...", "67 65 74 69 6E 66 6F 00", "debug_", 8);
DumpTable("Dumping functions...", "69 73 74 61 62 6C 65 00", "", 24);
DumpTable("Dumping math functions...", "61 62 73 00", "math_", 0);
DumpTable("Dumping coroutine functions...", "63 72 65 61 74 65 00", "coroutine_", 0);
DumpTable("Dumping os functions...", "72 65 6D 6F 76 65 00", "os_", 16);
DumpTable("Dumping table functions...", "66 6F 72 65 61 63 68 00", "table_", 0);
DumpTable("Dumping struct functions...", "74 6F 74 61 62 6C 65 00", "struct_", 0);
DumpTable("Dumping functions...", "5F 5F 74 6F 73 74 72 69 6E 67 00", "", 0);
DumpTable("Dumping functions...", "72 65 71 75 69 72 65 00", "", 0);
DumpTable("Dumping functions...", "6C 6F 61 64 6C 69 62 00", "", 0);
DumpTable("Dumping functions...", "70 72 65 6C 6F 61 64 00", "", 0);
DumpTable("Dumping serialize functions...", "75 6E 70 65 72 73 69 73 74 00", "serialize_", 8);
Message("\nFunction dumper made by Therifboy\n");
}

static FindPointer(Address)
{
auto pointer = FindBinary(Address, SEARCH_DOWN, sprintf("%08X", Address));
return pointer;
}

static ReadString(Address)
{
auto type = GetStringType(Address);
auto text = GetString(Address, -1, type);
return text;
}

static ReadPointer(Address)
{
auto sum, byte;
byte = Byte(Address);
sum = sum + (byte << 24);
byte = Byte(Address + 1);
sum = sum + (byte << 16);
byte = Byte(Address + 2);
sum = sum + (byte << 8);
byte = Byte(Address + 3);
sum = sum + byte;
return sum;
}

static AddFunction(FunctionAddr, Name)
{
MakeFunction(FunctionAddr, BADADDR);
MakeNameEx(FunctionAddr, Name, 0);
}

static DumpTable(Msg, Pattern, Prefix, Difference)
{
Message("\n%s\n", Msg);
auto stringAddr, structAddr;
auto functionName, functionAddr;

stringAddr = FindBinary(stringAddr, SEARCH_DOWN, Pattern);
if(stringAddr == BADADDR)
{
Message("Unable to find fourth entry.");
}
else
{
structAddr = FindPointer(stringAddr ) - Difference;
while (1)
{
functionName = ReadString(ReadPointer(structAddr));
functionAddr = ReadPointer(structAddr + 4);
Message("0x%08X - %s%s\n", functionAddr, Prefix, functionName);
AddFunction(functionAddr, sprintf("%s%s", Prefix, functionName));
structAddr = structAddr + 8;
functionAddr = ReadPointer(structAddr);
if (functionAddr >= 0)
{
break;
}
if (functionAddr == -1)
{
break;
}
}
}
}

Weapons Dump - CraigChrist8239

Post Your Code Bellow To Be Added!!
 
Last edited:
CreamPieHD

Archery

I just ran out of dip :(
Messages
214
Reaction score
33
Points
85
Sin$
0
Report it.

Good luck OP. :smile:
Will do, I don't think it will work considering everyone thinks XeClutch is so good, and he is helping the community which he is not one single bit.
 
Parse

Parse

Enthusiast
Stickied
Messages
270
Reaction score
103
Points
155
Sin$
7
I mean Clutch's post is 4 title updates old, which for people that dont have IDA, they have no use with those offsets

EDIT : its been unstickied :eek:
 
Last edited:
Cakes

Cakes

お前はもう死んでいる
VIP
Retired
Mythical Veteran Platinum Record End of the Year 2017
Messages
20,705
Reaction score
20,272
Points
3,870
Sin$
-7
I mean Clutch's post is 4 title updates old, which for people that dont have IDA, they have no use with those offsets

EDIT : its been unstickied :eek:
Well, if we want this to be an 'all tu' list, maybe it would be wise to grab the previous TU offsets from the old thread.
 
Parse

Parse

Enthusiast
Stickied
Messages
270
Reaction score
103
Points
155
Sin$
7
Well, if we want this to be an 'all tu' list, maybe it would be wise to grab the previous TU offsets from the old thread.
Good idea,

Shall i get TU6 offsets then aswell ?

... I'll add tu6 to this later :tongue:
 
Julo94

Julo94

Newbie
Messages
6
Reaction score
1
Points
45
Sin$
7
Tu7 : Hud functions 'dump'

HudElem_Alloc(int clientNum, int teamNum) : 0x823D82D8
HudElem_Free(game_hudelem_s *hud) : 0x823D8410
HudElem_ClientDisconnect(gentity_s *ent) : 0x823D8448
HudElem_DestroyAll() : 0x823D84A8
HudElem_SetEnumString(game_hudelem_s *hud, game_hudelem_field_t *f, const char **names, int nameCount) : 0x823D8508
HudElem_GetEnumString(game_hudelem_s *hud, game_hudelem_field_t *f, const char **names, int nameCount): 0x823D8628
HudElem_SetLocalizedString(game_hudelem_s *hud, int offset) : 0x823D8650
HudElem_SetFlagForeground(game_hudelem_s *hud, int offset) : 0x823D86B0
HudElem_GetFlagForeground(game_hudelem_s *hud, int offset) : 0x823D8788
HudElem_SetFlagHideWhenDead(game_hudelem_s *hud, int offset) : 0x823D87A8
HudElem_GetFlagHideWhenDead(game_hudelem_s *hud, int offset) : 0x823D8810
HudElem_SetFlagHideWhenInMenu(game_hudelem_s *hud, int offset) : 0x823D8830
HudElem_GetFlagHideWhenInMenu(game_hudelem_s *hud, int offset) : 0x823D8898
HudElem_SetBoolean(game_hudelem_s *hud, int offset) : 0x823D88B8
HudElem_SetFont(game_hudelem_s *hud, int offset) : 0x823D8CD0
HudElem_GetFont(game_hudelem_s *hud, int offset) : 0x823D8CF0
HudElem_SetAlignX(game_hudelem_s *hud, int offset) : 0x823D8D30
HudElem_GetAlignX(game_hudelem_s *hud, int offset) : 0x823D8D50
HudElem_SetAlignY(game_hudelem_s *hud, int offset) : 0x823D8D90
HudElem_GetAlignY(game_hudelem_s *hud, int offset) : 0x823D8DB0
HudElem_SetHorzAlign(game_hudelem_s *hud, int offset) : 0x823D8DF0
HudElem_GetHorzAlign(game_hudelem_s *hud, int offset) : 0x823D8E10
HudElem_SetVertAlign(game_hudelem_s *hud, int offset) : 0x823D8E50
HudElem_GetVertAlign(game_hudelem_s *hud, int offset) : 0x823D8E70
Scr_GetHudElemField(int entnum, int offset) : 0x823D8EB0
Scr_SetHudElemField(int entnum, int offset) : 0x821C3190
Scr_FreeHudElemConstStrings(game_hudelem_s *hud) : 0x823D8F30
 
Parse

Parse

Enthusiast
Stickied
Messages
270
Reaction score
103
Points
155
Sin$
7
Tu7 : Hud functions 'dump'
HudElem_Alloc(int clientNum, int teamNum) : 0x823D82D8
HudElem_Free(game_hudelem_s *hud) : 0x823D8410
HudElem_ClientDisconnect(gentity_s *ent) : 0x823D8448
HudElem_DestroyAll() : 0x823D84A8
HudElem_SetEnumString(game_hudelem_s *hud, game_hudelem_field_t *f, const char **names, int nameCount) : 0x823D8508
HudElem_GetEnumString(game_hudelem_s *hud, game_hudelem_field_t *f, const char **names, int nameCount): 0x823D8628
HudElem_SetLocalizedString(game_hudelem_s *hud, int offset) : 0x823D8650
HudElem_SetFlagForeground(game_hudelem_s *hud, int offset) : 0x823D86B0
HudElem_GetFlagForeground(game_hudelem_s *hud, int offset) : 0x823D8788
HudElem_SetFlagHideWhenDead(game_hudelem_s *hud, int offset) : 0x823D87A8
HudElem_GetFlagHideWhenDead(game_hudelem_s *hud, int offset) : 0x823D8810
HudElem_SetFlagHideWhenInMenu(game_hudelem_s *hud, int offset) : 0x823D8830
HudElem_GetFlagHideWhenInMenu(game_hudelem_s *hud, int offset) : 0x823D8898
HudElem_SetBoolean(game_hudelem_s *hud, int offset) : 0x823D88B8
HudElem_SetFont(game_hudelem_s *hud, int offset) : 0x823D8CD0
HudElem_GetFont(game_hudelem_s *hud, int offset) : 0x823D8CF0
HudElem_SetAlignX(game_hudelem_s *hud, int offset) : 0x823D8D30
HudElem_GetAlignX(game_hudelem_s *hud, int offset) : 0x823D8D50
HudElem_SetAlignY(game_hudelem_s *hud, int offset) : 0x823D8D90
HudElem_GetAlignY(game_hudelem_s *hud, int offset) : 0x823D8DB0
HudElem_SetHorzAlign(game_hudelem_s *hud, int offset) : 0x823D8DF0
HudElem_GetHorzAlign(game_hudelem_s *hud, int offset) : 0x823D8E10
HudElem_SetVertAlign(game_hudelem_s *hud, int offset) : 0x823D8E50
HudElem_GetVertAlign(game_hudelem_s *hud, int offset) : 0x823D8E70
Scr_GetHudElemField(int entnum, int offset) : 0x823D8EB0
Scr_SetHudElemField(int entnum, int offset) : 0x821C3190
Scr_FreeHudElemConstStrings(game_hudelem_s *hud) : 0x823D8F30


Added :tongue:
 
D

Deleted member 81360

Getting There
Messages
696
Reaction score
123
Points
210
Sin$
0
this is a useful thread worthy of a sticky. anyone else agree? just keep it updated!~ :biggrin:
 
Consine

Consine

Newbie
Messages
6
Reaction score
3
Points
45
Sin$
0
I tried to use "public void SetGamertag(int Client, string Gamertag)
{
Pars.WriteString(getPlayerState(Client) + 0x2F9C, Gamertag + "\0");
}"

But it didn't seem to work. Anyone please help!

I figured out God Mode and all of that stuff already :wink:
 
Last edited:
Parse

Parse

Enthusiast
Stickied
Messages
270
Reaction score
103
Points
155
Sin$
7
I tried to use "public void SetGamertag(int Client, string Gamertag)
{
Pars.WriteString(getPlayerState(Client) + 0x2F9C, Gamertag + "\0");
}"

But it didn't seem to work. Anyone please help!

I figured out God Mode and all of that stuff already :wink:

Do you get an error (in visual stuido) or does it just not work ?
 
B1TW153

B1TW153

Badgerwise?:O
Messages
716
Reaction score
367
Points
260
Sin$
0
Code:
typedef struct{
   const char*name[32];
   int Index;
} Achivements;

typedef struct{
   int UIndex;
   int ACIndex;
} XUSER_ACHIEVEMENT;

Achivements * ghosts_achievements = (Achivements*)0x82900C90;
void(*WriteAchive)(int a, XUSER_ACHIEVEMENT *Achiv, _XOVERLAPPED *pOverlapped) = (void(__cdecl*)(int,XUSER_ACHIEVEMENT*,_XOVERLAPPED*))0x8270A990;
XOVERLAPPED swag;


void Achivementz()
{
   XUSER_ACHIEVEMENT ACHIVEMENTZ[50];
   for(int ach = 0; ach < 50; ach++)
   {
     ACHIVEMENTZ[ach].UIndex = 0;
     ACHIVEMENTZ[ach].ACIndex = ghosts_achievements[ach].Index;
   }
   WriteAchive(50, ACHIVEMENTZ, &swag);
   Sleep(10);
}

Needs testing + updating (cbf to update)

Code:
void setFPS(const char*text = "fps: %f\n")
{
   *(int*)0x82521F6C = 0x4800; // if it doesn't work, set to 0x4000
   char buffer[0x1000]; sprintf(buffer, "%X\n", text);
   strcpy((char*)(0x820498D4), buffer);
}
^lol

Code:
#include <idc.idc>

static lol()
{
   auto delta;
  for(delta = 0; delta != BADADDR; delta = delta + 4)
  {
  delta = FindBinary(delta, SEARCH_DOWN, "3A F7 C5 45 88 D7 00 00  2B 06 00 00");
  if(delta == BADADDR)
  {
  Message("delta not found\n");
  break;
  }
     auto lolz;
     lolz = delta + 0x1C;
  Message("delta: 0x%X%X%X%X\n", Byte(lolz + 0x2), Byte(lolz + 0x3), Byte(lolz + 0x4), Byte(lolz + 0x5));
  break;
  }
  
   auto gssc;
   for(gssc = 0; gssc != BADADDR; gssc = gssc + 0x4)
   {
     gssc = FindBinary(gssc, SEARCH_DOWN, "61 48 7E 90 3C E0 00 06  3C A0 82 01");
     if(gssc == BADADDR)
     {
       Message("GSSC not found\n");
       break;
     }
     Message("GSSC: 0x%08X\n", gssc - 0x28);
     break;
   }
  
   auto bla;
   for(bla = 0; bla != BADADDR; bla = bla + 4)
   {
     bla = FindBinary(bla, SEARCH_DOWN, "7C 7F 1B 78 7C 95 23 78  7C BE 2B 78 38 A0 04 00");
     if(bla == BADADDR)
     {
       Message("GSCC not found\n");
       break;
     }
     Message("GSCC: 0x%08X\n", bla - 0x10);
     break;
   }
}

static main()
{
  lol();
}

IDC Script to update all the offsets needed for All Client Stats, no longer have to wait for someone to post it or sell it

EDIT:

As you should know with binary patterns, the slightest change with a byte, register or instruction, will change the binary, and result is a mismatch, so lets say if ghosts goes up to TU15+, the binary patterns in this IDC script will most likely no longer work.
 
Top Bottom
Login
Register