CabConModding
Facebook
Twitter
youtube
Discord
Contact us
RSS
Menu
CabConModding
Home
New
Top
Premium
Rules
FAQ - Frequently Asked Questions
Games
Fornite
Call of Duty: Black Ops 3
Clash of Clans
Grand Theft Auto 5
Apex Legends
Assassin’s Creed Origins
Forums
Premium
Latest posts
What's new
Latest posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Log in
Register
What's new
Premium
Latest posts
Menu
Log in
Register
Navigation
Install the app
Install
More options
Dark Theme
Contact us
Close Menu
Forums
Gaming
Call of Duty Classics
Tutorial Section
How to Find Offsets
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="Gentle" data-source="post: 11417"><p style="text-align: center"><span style="font-size: 18px"><span style="color: #000000"><strong><u>I DIDN'T MAKE THIS!</u></strong></span></span></p> <p style="text-align: center"></p><p>There is a lot of information about offsets all over the forum, but not much info on how to actually find them. I'm gonna show how to find offsets searching them by strings. The same methods of finding offsets can be used in any call of duty game. These examples are based on CoD4 patch 1.7.</p><p></p><p><strong>RegisterTag:</strong></p><p>Search for string <span style="color: #ff0000">"j_helmet"</span> or <span style="color: #ff0000">"j_head"</span>.</p><p>First push is length of the string + 1(int value), in this case "j_helmet" is (strlen("j_helmet")+1)==9</p><p>Second push is also int, representing the entity type. Type 1 is human/player.</p><p>Third push is the name of the bone, string type variable.</p><p>[PHP]</p><p>004EB7C0 6A 09 PUSH 9</p><p>004EB7C2 6A 01 PUSH 1</p><p>004EB7C4 68 D0F86D00 PUSH iw3mp.006DF8D0 ; ASCII "j_helmet"</p><p>004EB7C9 66:A3 946E4001 MOV WORD PTR DS:[1406E94],AX</p><p>004EB7CF E8 BCCA0200 CALL iw3mp.00518290 '<<<--- Offset of RegisterTag function'</p><p>004EB7D4 83C4 0C ADD ESP,0C '<<<--- Size of the func.'</p><p>[/PHP]</p><p>#define OFFSET_REGISTERTAG 0x518290</p><p></p><p>//--------------------------------------------------------------------------------------------------------------------------------------------------------</p><p><strong>GetPlayerTagPos:</strong></p><p>Search for string <span style="color: #ff0000">"AimTarget_GetTagPos"</span>.</p><p>Scroll down and look for a call.</p><p>[PHP]</p><p>00402508 68 FCD16900 PUSH iw3mp.0069D1FC ; ASCII "AimTarget_GetTagPos: Cannot find tag [%s] on entity</p><p>"</p><p>0040250D 6A 01 PUSH 1</p><p>0040250F E8 1CAE0F00 CALL iw3mp.004FD330</p><p>00402514 83C4 0C ADD ESP,0C</p><p>00402517 B8 01000000 MOV EAX,1</p><p>0040251C 5F POP EDI</p><p>0040251D 59 POP ECX</p><p>0040251E C3 RETN</p><p>0040251F CC INT3</p><p>00402520 8B4C24 08 MOV ECX,DWORD PTR SS:[ESP+8]</p><p>00402524 83EC 10 SUB ESP,10</p><p>00402527 83B9 D0000000 01 CMP DWORD PTR DS:[ECX+D0],1</p><p>0040252E 56 PUSH ESI</p><p>0040252F 75 19 JNZ SHORT iw3mp.0040254A</p><p>00402531 0FB735 946E4001 MOVZX ESI,WORD PTR DS:[1406E94]</p><p>00402538 8B4424 18 MOV EAX,DWORD PTR SS:[ESP+18]</p><p>0040253C 52 PUSH EDX</p><p>0040253D E8 6EFFFFFF CALL iw3mp.004024B0 '<<<--- GetTagPosPos function offset'</p><p>[/PHP]</p><p>#define OFFSET_GETTAGPOS 0x4024B0</p><p>//--------------------------------------------------------------------------------------------------------------------------------------------------------</p><p></p><p><strong>RegisterShader:</strong></p><p>Search for string <span style="color: #ff0000">"black"</span> or <span style="color: #ff0000">"white" </span>or <span style="color: #ff0000">"compassping_grenade" </span>or <span style="color: #ff0000">"nightvision_overlay_goggles"</span> or <span style="color: #ff0000">"killiconheadshot"</span> or <span style="color: #ff0000">"voice_on"</span>.</p><p>There is a lot more strings you could look for, which this function is using, but I just list a few as reference.</p><p>[PHP]</p><p>0043EAFA B8 002A5F00 MOV EAX,iw3mp.005F2A00 '<<<<---RegisterShader function offset'</p><p>0043EAFF 6A 07 PUSH 7</p><p>0043EB01 68 F4BC6C00 PUSH iw3mp.006CBCF4 ; ASCII "compassping_enemy"</p><p>0043EB06 FFD0 CALL EAX</p><p>0043EB08 8B0D 785D4301 MOV ECX,DWORD PTR DS:[1435D78] ; iw3mp.0CBAB8EC</p><p>0043EB0E A3 48F28400 MOV DWORD PTR DS:[84F248],EAX</p><p>0043EB13 83C4 08 ADD ESP,8</p><p>[/PHP]</p><p>#define OFFSET_REGISTERSHADER 0x5F2A00</p><p>//--------------------------------------------------------------------------------------------------------------------------------------------------------</p><p></p><p><strong>RegisterFont:</strong></p><p>Search for string <span style="color: #ff0000">"fonts/smalldevFont"</span> or <span style="color: #ff0000">"fonts/bigFont"</span>.</p><p>[PHP]</p><p>005F4F17 B8 C01E5F00 MOV EAX,iw3mp.005F1EC0 '<<<---RegisterFont offset'</p><p>005F4F1C 75 05 JNZ SHORT iw3mp.005F4F23</p><p>005F4F1E B8 201E5F00 MOV EAX,iw3mp.005F1E20</p><p>005F4F23 6A 01 PUSH 1</p><p>005F4F25 68 280D7000 PUSH iw3mp.00700D28 ; ASCII "fonts/smalldevfont"</p><p>005F4F2A FFD0 CALL EAX</p><p>005F4F2C 83C4 08 ADD ESP,8</p><p>[/PHP]</p><p>#define OFFSET_REGISTERFONT 0x5F1EC0</p><p>//--------------------------------------------------------------------------------------------------------------------------------------------------------</p><p></p><p><strong>DrawText:</strong></p><p>Search for string <span style="color: Red">"fonts/consoleFont"</span> or <span style="color: #ff0000">"Glow"</span>.</p><p>[PHP]</p><p>005F92BD 68 5C0E6D00 PUSH iw3mp.006D0E5C ; ASCII "fonts/consoleFont"</p><p>005F92C2 FFD0 CALL EAX</p><p>005F92C4 D9EE FLDZ</p><p>005F92C6 83C4 08 ADD ESP,8</p><p>005F92C9 6A 00 PUSH 0</p><p>005F92CB 83EC 14 SUB ESP,14</p><p>005F92CE D95424 10 FST DWORD PTR SS:[ESP+10]</p><p>005F92D2 B9 98456B00 MOV ECX,iw3mp.006B4598</p><p>005F92D7 D905 0C0C7000 FLD DWORD PTR DS:[700C0C]</p><p>005F92DD D95C24 0C FSTP DWORD PTR SS:[ESP+C]</p><p>005F92E1 D905 E0B47000 FLD DWORD PTR DS:[70B4E0]</p><p>005F92E7 D95C24 08 FSTP DWORD PTR SS:[ESP+8]</p><p>005F92EB D905 20BE7000 FLD DWORD PTR DS:[70BE20]</p><p>005F92F1 D95C24 04 FSTP DWORD PTR SS:[ESP+4]</p><p>005F92F5 D91C24 FSTP DWORD PTR SS:[ESP]</p><p>005F92F8 50 PUSH EAX</p><p>005F92F9 68 FFFFFF7F PUSH 7FFFFFFF</p><p>005F92FE 68 6CFB6F00 PUSH iw3mp.006FFB6C ; ASCII "GLOW"</p><p>005F9303 E8 F8D7FFFF CALL iw3mp.005F6B00 '<<<--- DrawText offset'</p><p>005F9308 83C4 24 ADD ESP,24</p><p>[/PHP]</p><p>#define OFFSET_DRAWTEXT 0x5F6B00</p><p>//--------------------------------------------------------------------------------------------------------------------------------------------------------</p><p></p><p><strong>RenderScene:</strong></p><p>Search for string <span style="color: Red">"R_RenderScene"</span>.</p><p>[PHP]</p><p>005FAF00 55 PUSH EBP '<<<---RenderScene offset'</p><p>005FAF01 8BEC MOV EBP,ESP</p><p>005FAF03 83E4 F8 AND ESP,FFFFFFF8</p><p>005FAF06 81EC A0000000 SUB ESP,0A0</p><p>005FAF0C 803D 90D2C90C 00 CMP BYTE PTR DS:[CC9D290],0</p><p>005FAF13 56 PUSH ESI</p><p>005FAF14 57 PUSH EDI</p><p>005FAF15 8BF0 MOV ESI,EAX</p><p>005FAF17 0F84 D8000000 JE iw3mp.005FAFF5</p><p>005FAF1D A1 8495560D MOV EAX,DWORD PTR DS:[D569584]</p><p>005FAF22 8078 0C 00 CMP BYTE PTR DS:[EAX+C],0</p><p>005FAF26 0F85 C9000000 JNZ iw3mp.005FAFF5</p><p>005FAF2C 8B0D F897560D MOV ECX,DWORD PTR DS:[D5697F8] ; iw3mp.0CBBDA14</p><p>005FAF32 8379 0C 00 CMP DWORD PTR DS:[ECX+C],0</p><p>005FAF36 74 0A JE SHORT iw3mp.005FAF42</p><p>005FAF38 BA E8FB6F00 MOV EDX,iw3mp.006FFBE8 ; ASCII "====== R_RenderScene ======</p><p>"</p><p>005FAF3D E8 FE1F0400 CALL iw3mp.0063CF40</p><p>005FAF42 833D 20A3C90C 00 CMP DWORD PTR DS:[CC9A320],0</p><p>005FAF49 75 0F JNZ SHORT iw3mp.005FAF5A</p><p>005FAF4B 68 08FC6F00 PUSH iw3mp.006FFC08 ; ASCII 15,"R_RenderScene: NULL w"</p><p>[/PHP]</p><p>#define OFFSET_RENDERSCENE 0x5FAF00</p><p>//--------------------------------------------------------------------------------------------------------------------------------------------------------</p><p></p><p><strong>Unlock Cheat/Write protected console commands:</strong></p><p>Search for string <span style="color: #ff0000">"cheat protected"</span> or <span style="color: #ff0000">"write protected"</span>.</p><p>Scroll few lines up and look for JNZ/JE and simply reverse them.</p><p>[PHP]</p><p>0056B358 74 19 JE SHORT iw3mp.0056B373 '<<<--Reverse this asm command, changing JE to JNZ'</p><p>0056B35A 8B0F MOV ECX,DWORD PTR DS:[EDI]</p><p>0056B35C 51 PUSH ECX</p><p>0056B35D 68 683E6F00 PUSH iw3mp.006F3E68 ; ASCII "%s is write protected.</p><p>"</p><p>0056B362 6A 10 PUSH 10</p><p>0056B364 E8 5718F9FF CALL iw3mp.004FCBC0</p><p>0056B369 83C4 0C ADD ESP,0C</p><p>0056B36C 5F POP EDI</p><p>0056B36D 5E POP ESI</p><p>0056B36E 5B POP EBX</p><p>0056B36F 8BE5 MOV ESP,EBP</p><p>0056B371 5D POP EBP</p><p>0056B372 C3 RETN</p><p>0056B373 83F9 01 CMP ECX,1</p><p>0056B376 75 29 JNZ SHORT iw3mp.0056B3A1</p><p>0056B378 84C0 TEST AL,AL</p><p>0056B37A 79 25 JNS SHORT iw3mp.0056B3A1</p><p>0056B37C 8B0D 0474BA0C MOV ECX,DWORD PTR DS:[CBA7404] ; iw3mp.0CBAB808</p><p>0056B382 8079 0C 00 CMP BYTE PTR DS:[ECX+C],0</p><p>0056B386 75 19 JNZ SHORT iw3mp.0056B3A1' <<<--Reverse this asm command, changing JNZ to JE'</p><p>0056B388 8B17 MOV EDX,DWORD PTR DS:[EDI]</p><p>0056B38A 52 PUSH EDX</p><p>0056B38B 68 803E6F00 PUSH iw3mp.006F3E80 ; ASCII "%s is cheat protected.</p><p>"</p><p>[/PHP]</p><p>#define OFFSET_WRITEPROTECTED 0x56B358</p><p>#define OFFSET_CHEATPROTECTED 0x56B386</p><p>//--------------------------------------------------------------------------------------------------------------------------------------------------------</p><p></p><p><strong>NoRecoil:</strong></p><p>Seach for string <span style="color: #ff0000">"CG_FireWeapon: weapon"</span>.</p><p>There is several ways/offsets to remove weapon recoil. I'm gonna show a few.</p><p>[PHP]</p><p>00457C8B 68 2CEA6C00 PUSH iw3mp.006CEA2C ; ASCII 15,"CG_FireWeapon: weapon"</p><p>00457C90 6A 01 PUSH 1</p><p>00457C92 E8 99560A00 CALL iw3mp.004FD330</p><p>00457C97 83C4 08 ADD ESP,8</p><p>00457C9A 5F POP EDI</p><p>00457C9B 5E POP ESI</p><p>00457C9C 5D POP EBP</p><p>00457C9D 5B POP EBX</p><p>00457C9E 83C4 18 ADD ESP,18</p><p>00457CA1 C3 RETN</p><p>00457CA2 8BD3 MOV EDX,EBX</p><p>00457CA4 C1E2 04 SHL EDX,4</p><p>00457CA7 03D3 ADD EDX,EBX</p><p>00457CA9 8D0495 58867400 LEA EAX,DWORD PTR DS:[EDX*4+748658]</p><p>00457CB0 8B149D B86D7300 MOV EDX,DWORD PTR DS:[EBX*4+736DB8]</p><p>00457CB7 C681 C1010000 01 MOV BYTE PTR DS:[ECX+1C1],1</p><p>00457CBE 894424 18 MOV DWORD PTR SS:[ESP+18],EAX</p><p>00457CC2 A1 5CE37400 MOV EAX,DWORD PTR DS:[74E35C]</p><p>00457CC7 F640 20 06 TEST BYTE PTR DS:[EAX+20],6 '<<<--- Change this value (6) to 0 to remove recoil.'</p><p>00457CCB 895424 10 MOV DWORD PTR SS:[ESP+10],EDX</p><p>00457CCF 74 12 JE SHORT iw3mp.00457CE3 '<<<<--Reverse this ( Change JE to JNZ )'</p><p>00457CD1 8B75 00 MOV ESI,DWORD PTR SS:[EBP]</p><p>00457CD4 3BB0 E8000000 CMP ESI,DWORD PTR DS:[EAX+E8]</p><p>00457CDA 75 07 JNZ SHORT iw3mp.00457CE3 '<<<<--Reverse this ( Change JNZ to JE )'</p><p>00457CDC B8 01000000 MOV EAX,1 ' <<<<---Change this value (1) to 0 to remove recoil.'</p><p>[/PHP]</p><p>#define OFFSET_NORECOIL1 0x457CC7</p><p>#define OFFSET_NORECOIL2 0x457CCF</p><p>#define OFFSET_NORECOIL3 0x457CDA</p><p>#define OFFSET_NORECOIL4 0x457CDC</p><p>//--------------------------------------------------------------------------------------------------------------------------------------------------------</p><p></p><p><strong>SendCommandToConsole:</strong></p><p>Search for string <span style="color: #ff0000">"stoprecord"</span> or <span style="color: #ff0000">"screenshot silent"</span> or <span style="color: #ff0000">"quit"</span> or <span style="color: #ff0000">"pb_sv_guidrelax"</span>.</p><p>[PHP]</p><p>0046C90F 68 400E6D00 PUSH iw3mp.006D0E40 ; ASCII "screenshot silent"</p><p>0046C914 6A 00 PUSH 0</p><p>0046C916 6A 00 PUSH 0</p><p>0046C918 E8 93D10800 CALL iw3mp.004F9AB0 '<<<--- SendCommandToConsole function offset'</p><p>0046C91D 83C4 0C ADD ESP,0C</p><p>[/PHP]</p><p>#define OFFSET_SENDCOMMAND 0x4F9AB0</p><p>//--------------------------------------------------------------------------------------------------------------------------------------------------------</p><p></p><p><strong>CG_Init:</strong></p><p>CG_Init is the struct that holds offsets to all other important classes.</p><p>Search for string <span style="color: #ff0000">"CL_InitCGame"</span>, scroll down a few lines and look for a call.</p><p>[PHP]</p><p>0045BFD3 68 E4EE6C00 PUSH iw3mp.006CEEE4 ; ASCII "Setting state to CA_LOADING in CL_InitCGame</p><p>"</p><p>0045BFD8 6A 0E PUSH 0E</p><p>0045BFDA C706 07000000 MOV DWORD PTR DS:[ESI],7</p><p>0045BFE0 E8 DB0B0A00 CALL iw3mp.004FCBC0</p><p>0045BFE5 A1 E44C8F00 MOV EAX,DWORD PTR DS:[8F4CE4]</p><p>0045BFEA 8B0D 244E9100 MOV ECX,DWORD PTR DS:[914E24]</p><p>0045BFF0 8B15 1C4E9100 MOV EDX,DWORD PTR DS:[914E1C]</p><p>0045BFF6 50 PUSH EAX</p><p>0045BFF7 51 PUSH ECX</p><p>0045BFF8 52 PUSH EDX</p><p>0045BFF9 53 PUSH EBX</p><p>0045BFFA C605 F7F8C500 01 MOV BYTE PTR DS:[C5F8F7],1</p><p>0045C001 C605 DE4C8F00 00 MOV BYTE PTR DS:[8F4CDE],0</p><p>0045C008 E8 C33AFEFF CALL iw3mp.0043FAD0 '<<<--- CG_Init class offset'</p><p>[/PHP]</p><p>#define OFFSET_CG_INIT 0x43FAD0</p><p>//--------------------------------------------------------------------------------------------------------------------------------------------------------</p><p></p><p><strong>Entity, CG, CGs classes:</strong></p><p>Now, that you have found CG_Init class offset, lets take a look for other classes inside it.</p><p>[PHP]</p><p>0043FAD0 55 PUSH EBP</p><p>0043FAD1 8BEC MOV EBP,ESP</p><p>0043FAD3 83E4 F8 AND ESP,FFFFFFF8</p><p>0043FAD6 83EC 44 SUB ESP,44</p><p>0043FAD9 53 PUSH EBX</p><p>0043FADA 8B5D 08 MOV EBX,DWORD PTR SS:[EBP+8]</p><p>0043FADD 56 PUSH ESI</p><p>0043FADE 57 PUSH EDI</p><p>0043FADF 68 243A0000 PUSH 3A24</p><p>0043FAE4 33FF XOR EDI,EDI</p><p>0043FAE6 57 PUSH EDI</p><p>0043FAE7 68 08A97400 PUSH iw3mp.0074A908 '<<<--- CGS class offset'</p><p>0043FAEC E8 AFC92300 CALL iw3mp.0067C4A0</p><p>0043FAF1 83C4 0C ADD ESP,0C</p><p>0043FAF4 68 F0E70F00 PUSH 0FE7F0</p><p>0043FAF9 57 PUSH EDI</p><p>0043FAFA 68 38E37400 PUSH iw3mp.0074E338 '<<<--- CG class offset'</p><p>0043FAFF E8 9CC92300 CALL iw3mp.0067C4A0</p><p>0043FB04 8BC3 MOV EAX,EBX</p><p>0043FB06 69C0 78160000 IMUL EAX,EAX,1678</p><p>0043FB0C 83C4 0C A DD ESP,0C</p><p>0043FB0F 68 78160000 PUSH 1678</p><p>0043FB14 8DB0 A86F7400 LEA ESI,DWORD PTR DS:[EAX+746FA8]</p><p>0043FB1A 57 PUSH EDI</p><p>0043FB1B 56 PUSH ESI</p><p>0043FB1C 897424 18 MOV DWORD PTR SS:[ESP+18],ESI</p><p>0043FB20 E8 7BC92300 CALL iw3mp.0067C4A0</p><p>0043FB25 8BCB MOV ECX,EBX</p><p>0043FB27 69C9 00700700 IMUL ECX,ECX,77000</p><p>0043FB2D 83C4 0C ADD ESP,0C</p><p>0043FB30 68 00700700 PUSH 77000</p><p>0043FB35 81C1 D8F28400 ADD ECX,iw3mp.0084F2D8 '<<<--- Entity class offset'</p><p>0043FB3B 57 PUSH EDI</p><p>0043FB3C 51 PUSH ECX</p><p>0043FB3D E8 5EC92300 CALL iw3mp.0067C4A0</p><p>0043FB42 8BD3 MOV EDX,EBX</p><p>0043FB44 69D2 00220000 IMUL EDX,EDX,2200</p><p>0043FB4A 83C4 0C ADD ESP,0C</p><p>0043FB4D 68 00220000 PUSH 2200</p><p>[/PHP]</p><p>#define OFFSET_CENTITY 0x84F2D8 </p><p>#define OFFSET_CG 0x74E338</p><p>#define OFFSET_CGS 0x74A908</p><p>//--------------------------------------------------------------------------------------------------------------------------------------------------------</p><p></p><p><strong>ClientInfo class:</strong></p><p>Search for string <span style="color: Red">"g_TeamColor"</span> and look up a few lines.</p><p>[PHP]</p><p>00431F60 69C9 CC040000 IMUL ECX,ECX,4CC '<<<--- Size of the ClientInfo class'</p><p>00431F66 05 70928300 ADD EAX,iw3mp.00839270 '<<<---ClientInfo class offset'</p><p>00431F6B 8B40 1C MOV EAX,DWORD PTR DS:[EAX+1C]</p><p>00431F6E 81C1 70928300 ADD ECX,iw3mp.00839270'<<<---ClientInfo class offset'</p><p>00431F74 83F8 03 CMP EAX,3</p><p>00431F77 57 PUSH EDI</p><p>00431F78 75 0C JNZ SHORT iw3mp.00431F86</p><p>00431F7A 68 887D6C00 PUSH iw3mp.006C7D88 ; ASCII "g_TeamColor"</p><p>00431F7F 68 A87F6C00 PUSH iw3mp.006C7FA8 ; ASCII "%s_Spectator"</p><p>[/PHP]</p><p>#define OFFSET_CLIENTINFO 0x839270</p><p>//--------------------------------------------------------------------------------------------------------------------------------------------------------</p><p></p><p><strong>Minimap/Compass:</strong></p><p>Search for string <span style="color: Red">"g_compassShowEnemies"</span> and look for a call under it.</p><p>[PHP]</p><p>0042A080 BF 0C796C00 MOV EDI,iw3mp.006C790C; "g_compassShowEnemies"</p><p>0042A085 894424 28 MOV DWORD PTR SS:[ESP+28],EAX</p><p>0042A089 D95C24 30 FSTP DWORD PTR SS:[ESP+30]</p><p>0042A08D D84C24 64 FMUL DWORD PTR SS:[ESP+64]</p><p>0042A091 D84424 5C FADD DWORD PTR SS:[ESP+5C]</p><p>0042A095 D95C24 34 FSTP DWORD PTR SS:[ESP+34]</p><p>0042A099 D903 FLD DWORD PTR DS:[EBX]</p><p>0042A09B D95C24 48 FSTP DWORD PTR SS:[ESP+48]</p><p>0042A09F D943 04 FLD DWORD PTR DS:[EBX+4]</p><p>0042A0A2 D95C24 4C FSTP DWORD PTR SS:[ESP+4C]</p><p>0042A0A6 D943 08 FLD DWORD PTR DS:[EBX+8]</p><p>0042A0A9 D95C24 50 FSTP DWORD PTR SS:[ESP+50]</p><p>0042A0AD D943 0C FLD DWORD PTR DS:[EBX+C]</p><p>0042A0B0 D95C24 54 FSTP DWORD PTR SS:[ESP+54]</p><p>0042A0B4 E8 97151400 CALL iw3mp.0056B650 '<<<---- NOP it and enemies are visible on compass at all times.'</p><p>[/PHP]</p><p>#define OFFSET_COMPASS 0x42A0B4</p><p>//--------------------------------------------------------------------------------------------------------------------------------------------------------</p><p></p><p></p><p><strong>IsInGame:</strong></p><p>Search for strings like <span style="color: #ff0000">"+speed"</span> or <span style="color: #ff0000">"+melee" </span>or <span style="color: Red">"+speed"</span></p><p>[PHP]</p><p>0042F193 C74424 28 647E6C>MOV DWORD PTR SS:[ESP+28],iw3mp.006C7E64 ; ASCII "+toggleads_throw"</p><p>0042F19B C74424 2C 787E6C>MOV DWORD PTR SS:[ESP+2C],iw3mp.006C7E78 ; ASCII "+speed_throw"</p><p>0042F1A3 C74424 30 887E6C>MOV DWORD PTR SS:[ESP+30],iw3mp.006C7E88 ; ASCII "+speed"</p><p>0042F1AB C74424 34 907E6C>MOV DWORD PTR SS:[ESP+34],iw3mp.006C7E90 ; ASCII "toggleads"</p><p>0042F1B3 C74424 20 9C7E6C>MOV DWORD PTR SS:[ESP+20],iw3mp.006C7E9C ; ASCII "+melee"</p><p>0042F1BB C74424 24 A47E6C>MOV DWORD PTR SS:[ESP+24],iw3mp.006C7EA4 ; ASCII "+melee_breath"</p><p>0042F1C3 0F84 05020000 JE iw3mp.0042F3CE</p><p>0042F1C9 8B0D F8F8C500 MOV ECX,DWORD PTR DS:[C5F8F8]</p><p>0042F1CF C1E9 04 SHR ECX,4</p><p>0042F1D2 F6C1 01 TEST CL,1</p><p>0042F1D5 0F85 F3010000 JNZ iw3mp.0042F3CE</p><p>0042F1DB 8B3D 5CE37400 MOV EDI,DWORD PTR DS:[74E35C] '<<<---IsInGame offset '</p><p>[/PHP]</p><p>#define OFFSET_ISINGAME 0x74E35C</p><p>//--------------------------------------------------------------------------------------------------------------------------------------------------------</p><p></p><p>I wanna point out that these methods might not be universal in quake3-engine based games and for finding every func/offset there is always more than 1 way. Be creative and you should be able to find any other offset based on these examples.</p></blockquote><p></p>
[QUOTE="Gentle, post: 11417"] [CENTER][SIZE=5][COLOR=#000000][B][U]I DIDN'T MAKE THIS![/U][/B][/COLOR][/SIZE] [B][U][SIZE=5][/SIZE][/U][/B][/CENTER] There is a lot of information about offsets all over the forum, but not much info on how to actually find them. I'm gonna show how to find offsets searching them by strings. The same methods of finding offsets can be used in any call of duty game. These examples are based on CoD4 patch 1.7. [B]RegisterTag:[/B] Search for string [COLOR=#ff0000]"j_helmet"[/COLOR] or [COLOR=#ff0000]"j_head"[/COLOR]. First push is length of the string + 1(int value), in this case "j_helmet" is (strlen("j_helmet")+1)==9 Second push is also int, representing the entity type. Type 1 is human/player. Third push is the name of the bone, string type variable. [PHP] 004EB7C0 6A 09 PUSH 9 004EB7C2 6A 01 PUSH 1 004EB7C4 68 D0F86D00 PUSH iw3mp.006DF8D0 ; ASCII "j_helmet" 004EB7C9 66:A3 946E4001 MOV WORD PTR DS:[1406E94],AX 004EB7CF E8 BCCA0200 CALL iw3mp.00518290 '<<<--- Offset of RegisterTag function' 004EB7D4 83C4 0C ADD ESP,0C '<<<--- Size of the func.' [/PHP] #define OFFSET_REGISTERTAG 0x518290 //-------------------------------------------------------------------------------------------------------------------------------------------------------- [B]GetPlayerTagPos:[/B] Search for string [COLOR=#ff0000]"AimTarget_GetTagPos"[/COLOR]. Scroll down and look for a call. [PHP] 00402508 68 FCD16900 PUSH iw3mp.0069D1FC ; ASCII "AimTarget_GetTagPos: Cannot find tag [%s] on entity " 0040250D 6A 01 PUSH 1 0040250F E8 1CAE0F00 CALL iw3mp.004FD330 00402514 83C4 0C ADD ESP,0C 00402517 B8 01000000 MOV EAX,1 0040251C 5F POP EDI 0040251D 59 POP ECX 0040251E C3 RETN 0040251F CC INT3 00402520 8B4C24 08 MOV ECX,DWORD PTR SS:[ESP+8] 00402524 83EC 10 SUB ESP,10 00402527 83B9 D0000000 01 CMP DWORD PTR DS:[ECX+D0],1 0040252E 56 PUSH ESI 0040252F 75 19 JNZ SHORT iw3mp.0040254A 00402531 0FB735 946E4001 MOVZX ESI,WORD PTR DS:[1406E94] 00402538 8B4424 18 MOV EAX,DWORD PTR SS:[ESP+18] 0040253C 52 PUSH EDX 0040253D E8 6EFFFFFF CALL iw3mp.004024B0 '<<<--- GetTagPosPos function offset' [/PHP] #define OFFSET_GETTAGPOS 0x4024B0 //-------------------------------------------------------------------------------------------------------------------------------------------------------- [B]RegisterShader:[/B] Search for string [COLOR=#ff0000]"black"[/COLOR] or [COLOR=#ff0000]"white" [/COLOR]or [COLOR=#ff0000]"compassping_grenade" [/COLOR]or [COLOR=#ff0000]"nightvision_overlay_goggles"[/COLOR] or [COLOR=#ff0000]"killiconheadshot"[/COLOR] or [COLOR=#ff0000]"voice_on"[/COLOR]. There is a lot more strings you could look for, which this function is using, but I just list a few as reference. [PHP] 0043EAFA B8 002A5F00 MOV EAX,iw3mp.005F2A00 '<<<<---RegisterShader function offset' 0043EAFF 6A 07 PUSH 7 0043EB01 68 F4BC6C00 PUSH iw3mp.006CBCF4 ; ASCII "compassping_enemy" 0043EB06 FFD0 CALL EAX 0043EB08 8B0D 785D4301 MOV ECX,DWORD PTR DS:[1435D78] ; iw3mp.0CBAB8EC 0043EB0E A3 48F28400 MOV DWORD PTR DS:[84F248],EAX 0043EB13 83C4 08 ADD ESP,8 [/PHP] #define OFFSET_REGISTERSHADER 0x5F2A00 //-------------------------------------------------------------------------------------------------------------------------------------------------------- [B]RegisterFont:[/B] Search for string [COLOR=#ff0000]"fonts/smalldevFont"[/COLOR] or [COLOR=#ff0000]"fonts/bigFont"[/COLOR]. [PHP] 005F4F17 B8 C01E5F00 MOV EAX,iw3mp.005F1EC0 '<<<---RegisterFont offset' 005F4F1C 75 05 JNZ SHORT iw3mp.005F4F23 005F4F1E B8 201E5F00 MOV EAX,iw3mp.005F1E20 005F4F23 6A 01 PUSH 1 005F4F25 68 280D7000 PUSH iw3mp.00700D28 ; ASCII "fonts/smalldevfont" 005F4F2A FFD0 CALL EAX 005F4F2C 83C4 08 ADD ESP,8 [/PHP] #define OFFSET_REGISTERFONT 0x5F1EC0 //-------------------------------------------------------------------------------------------------------------------------------------------------------- [B]DrawText:[/B] Search for string [COLOR=Red]"fonts/consoleFont"[/COLOR] or [COLOR=#ff0000]"Glow"[/COLOR]. [PHP] 005F92BD 68 5C0E6D00 PUSH iw3mp.006D0E5C ; ASCII "fonts/consoleFont" 005F92C2 FFD0 CALL EAX 005F92C4 D9EE FLDZ 005F92C6 83C4 08 ADD ESP,8 005F92C9 6A 00 PUSH 0 005F92CB 83EC 14 SUB ESP,14 005F92CE D95424 10 FST DWORD PTR SS:[ESP+10] 005F92D2 B9 98456B00 MOV ECX,iw3mp.006B4598 005F92D7 D905 0C0C7000 FLD DWORD PTR DS:[700C0C] 005F92DD D95C24 0C FSTP DWORD PTR SS:[ESP+C] 005F92E1 D905 E0B47000 FLD DWORD PTR DS:[70B4E0] 005F92E7 D95C24 08 FSTP DWORD PTR SS:[ESP+8] 005F92EB D905 20BE7000 FLD DWORD PTR DS:[70BE20] 005F92F1 D95C24 04 FSTP DWORD PTR SS:[ESP+4] 005F92F5 D91C24 FSTP DWORD PTR SS:[ESP] 005F92F8 50 PUSH EAX 005F92F9 68 FFFFFF7F PUSH 7FFFFFFF 005F92FE 68 6CFB6F00 PUSH iw3mp.006FFB6C ; ASCII "GLOW" 005F9303 E8 F8D7FFFF CALL iw3mp.005F6B00 '<<<--- DrawText offset' 005F9308 83C4 24 ADD ESP,24 [/PHP] #define OFFSET_DRAWTEXT 0x5F6B00 //-------------------------------------------------------------------------------------------------------------------------------------------------------- [B]RenderScene:[/B] Search for string [COLOR=Red]"R_RenderScene"[/COLOR]. [PHP] 005FAF00 55 PUSH EBP '<<<---RenderScene offset' 005FAF01 8BEC MOV EBP,ESP 005FAF03 83E4 F8 AND ESP,FFFFFFF8 005FAF06 81EC A0000000 SUB ESP,0A0 005FAF0C 803D 90D2C90C 00 CMP BYTE PTR DS:[CC9D290],0 005FAF13 56 PUSH ESI 005FAF14 57 PUSH EDI 005FAF15 8BF0 MOV ESI,EAX 005FAF17 0F84 D8000000 JE iw3mp.005FAFF5 005FAF1D A1 8495560D MOV EAX,DWORD PTR DS:[D569584] 005FAF22 8078 0C 00 CMP BYTE PTR DS:[EAX+C],0 005FAF26 0F85 C9000000 JNZ iw3mp.005FAFF5 005FAF2C 8B0D F897560D MOV ECX,DWORD PTR DS:[D5697F8] ; iw3mp.0CBBDA14 005FAF32 8379 0C 00 CMP DWORD PTR DS:[ECX+C],0 005FAF36 74 0A JE SHORT iw3mp.005FAF42 005FAF38 BA E8FB6F00 MOV EDX,iw3mp.006FFBE8 ; ASCII "====== R_RenderScene ====== " 005FAF3D E8 FE1F0400 CALL iw3mp.0063CF40 005FAF42 833D 20A3C90C 00 CMP DWORD PTR DS:[CC9A320],0 005FAF49 75 0F JNZ SHORT iw3mp.005FAF5A 005FAF4B 68 08FC6F00 PUSH iw3mp.006FFC08 ; ASCII 15,"R_RenderScene: NULL w" [/PHP] #define OFFSET_RENDERSCENE 0x5FAF00 //-------------------------------------------------------------------------------------------------------------------------------------------------------- [B]Unlock Cheat/Write protected console commands:[/B] Search for string [COLOR=#ff0000]"cheat protected"[/COLOR] or [COLOR=#ff0000]"write protected"[/COLOR]. Scroll few lines up and look for JNZ/JE and simply reverse them. [PHP] 0056B358 74 19 JE SHORT iw3mp.0056B373 '<<<--Reverse this asm command, changing JE to JNZ' 0056B35A 8B0F MOV ECX,DWORD PTR DS:[EDI] 0056B35C 51 PUSH ECX 0056B35D 68 683E6F00 PUSH iw3mp.006F3E68 ; ASCII "%s is write protected. " 0056B362 6A 10 PUSH 10 0056B364 E8 5718F9FF CALL iw3mp.004FCBC0 0056B369 83C4 0C ADD ESP,0C 0056B36C 5F POP EDI 0056B36D 5E POP ESI 0056B36E 5B POP EBX 0056B36F 8BE5 MOV ESP,EBP 0056B371 5D POP EBP 0056B372 C3 RETN 0056B373 83F9 01 CMP ECX,1 0056B376 75 29 JNZ SHORT iw3mp.0056B3A1 0056B378 84C0 TEST AL,AL 0056B37A 79 25 JNS SHORT iw3mp.0056B3A1 0056B37C 8B0D 0474BA0C MOV ECX,DWORD PTR DS:[CBA7404] ; iw3mp.0CBAB808 0056B382 8079 0C 00 CMP BYTE PTR DS:[ECX+C],0 0056B386 75 19 JNZ SHORT iw3mp.0056B3A1' <<<--Reverse this asm command, changing JNZ to JE' 0056B388 8B17 MOV EDX,DWORD PTR DS:[EDI] 0056B38A 52 PUSH EDX 0056B38B 68 803E6F00 PUSH iw3mp.006F3E80 ; ASCII "%s is cheat protected. " [/PHP] #define OFFSET_WRITEPROTECTED 0x56B358 #define OFFSET_CHEATPROTECTED 0x56B386 //-------------------------------------------------------------------------------------------------------------------------------------------------------- [B]NoRecoil:[/B] Seach for string [COLOR=#ff0000]"CG_FireWeapon: weapon"[/COLOR]. There is several ways/offsets to remove weapon recoil. I'm gonna show a few. [PHP] 00457C8B 68 2CEA6C00 PUSH iw3mp.006CEA2C ; ASCII 15,"CG_FireWeapon: weapon" 00457C90 6A 01 PUSH 1 00457C92 E8 99560A00 CALL iw3mp.004FD330 00457C97 83C4 08 ADD ESP,8 00457C9A 5F POP EDI 00457C9B 5E POP ESI 00457C9C 5D POP EBP 00457C9D 5B POP EBX 00457C9E 83C4 18 ADD ESP,18 00457CA1 C3 RETN 00457CA2 8BD3 MOV EDX,EBX 00457CA4 C1E2 04 SHL EDX,4 00457CA7 03D3 ADD EDX,EBX 00457CA9 8D0495 58867400 LEA EAX,DWORD PTR DS:[EDX*4+748658] 00457CB0 8B149D B86D7300 MOV EDX,DWORD PTR DS:[EBX*4+736DB8] 00457CB7 C681 C1010000 01 MOV BYTE PTR DS:[ECX+1C1],1 00457CBE 894424 18 MOV DWORD PTR SS:[ESP+18],EAX 00457CC2 A1 5CE37400 MOV EAX,DWORD PTR DS:[74E35C] 00457CC7 F640 20 06 TEST BYTE PTR DS:[EAX+20],6 '<<<--- Change this value (6) to 0 to remove recoil.' 00457CCB 895424 10 MOV DWORD PTR SS:[ESP+10],EDX 00457CCF 74 12 JE SHORT iw3mp.00457CE3 '<<<<--Reverse this ( Change JE to JNZ )' 00457CD1 8B75 00 MOV ESI,DWORD PTR SS:[EBP] 00457CD4 3BB0 E8000000 CMP ESI,DWORD PTR DS:[EAX+E8] 00457CDA 75 07 JNZ SHORT iw3mp.00457CE3 '<<<<--Reverse this ( Change JNZ to JE )' 00457CDC B8 01000000 MOV EAX,1 ' <<<<---Change this value (1) to 0 to remove recoil.' [/PHP] #define OFFSET_NORECOIL1 0x457CC7 #define OFFSET_NORECOIL2 0x457CCF #define OFFSET_NORECOIL3 0x457CDA #define OFFSET_NORECOIL4 0x457CDC //-------------------------------------------------------------------------------------------------------------------------------------------------------- [B]SendCommandToConsole:[/B] Search for string [COLOR=#ff0000]"stoprecord"[/COLOR] or [COLOR=#ff0000]"screenshot silent"[/COLOR] or [COLOR=#ff0000]"quit"[/COLOR] or [COLOR=#ff0000]"pb_sv_guidrelax"[/COLOR]. [PHP] 0046C90F 68 400E6D00 PUSH iw3mp.006D0E40 ; ASCII "screenshot silent" 0046C914 6A 00 PUSH 0 0046C916 6A 00 PUSH 0 0046C918 E8 93D10800 CALL iw3mp.004F9AB0 '<<<--- SendCommandToConsole function offset' 0046C91D 83C4 0C ADD ESP,0C [/PHP] #define OFFSET_SENDCOMMAND 0x4F9AB0 //-------------------------------------------------------------------------------------------------------------------------------------------------------- [B]CG_Init:[/B] CG_Init is the struct that holds offsets to all other important classes. Search for string [COLOR=#ff0000]"CL_InitCGame"[/COLOR], scroll down a few lines and look for a call. [PHP] 0045BFD3 68 E4EE6C00 PUSH iw3mp.006CEEE4 ; ASCII "Setting state to CA_LOADING in CL_InitCGame " 0045BFD8 6A 0E PUSH 0E 0045BFDA C706 07000000 MOV DWORD PTR DS:[ESI],7 0045BFE0 E8 DB0B0A00 CALL iw3mp.004FCBC0 0045BFE5 A1 E44C8F00 MOV EAX,DWORD PTR DS:[8F4CE4] 0045BFEA 8B0D 244E9100 MOV ECX,DWORD PTR DS:[914E24] 0045BFF0 8B15 1C4E9100 MOV EDX,DWORD PTR DS:[914E1C] 0045BFF6 50 PUSH EAX 0045BFF7 51 PUSH ECX 0045BFF8 52 PUSH EDX 0045BFF9 53 PUSH EBX 0045BFFA C605 F7F8C500 01 MOV BYTE PTR DS:[C5F8F7],1 0045C001 C605 DE4C8F00 00 MOV BYTE PTR DS:[8F4CDE],0 0045C008 E8 C33AFEFF CALL iw3mp.0043FAD0 '<<<--- CG_Init class offset' [/PHP] #define OFFSET_CG_INIT 0x43FAD0 //-------------------------------------------------------------------------------------------------------------------------------------------------------- [B]Entity, CG, CGs classes:[/B] Now, that you have found CG_Init class offset, lets take a look for other classes inside it. [PHP] 0043FAD0 55 PUSH EBP 0043FAD1 8BEC MOV EBP,ESP 0043FAD3 83E4 F8 AND ESP,FFFFFFF8 0043FAD6 83EC 44 SUB ESP,44 0043FAD9 53 PUSH EBX 0043FADA 8B5D 08 MOV EBX,DWORD PTR SS:[EBP+8] 0043FADD 56 PUSH ESI 0043FADE 57 PUSH EDI 0043FADF 68 243A0000 PUSH 3A24 0043FAE4 33FF XOR EDI,EDI 0043FAE6 57 PUSH EDI 0043FAE7 68 08A97400 PUSH iw3mp.0074A908 '<<<--- CGS class offset' 0043FAEC E8 AFC92300 CALL iw3mp.0067C4A0 0043FAF1 83C4 0C ADD ESP,0C 0043FAF4 68 F0E70F00 PUSH 0FE7F0 0043FAF9 57 PUSH EDI 0043FAFA 68 38E37400 PUSH iw3mp.0074E338 '<<<--- CG class offset' 0043FAFF E8 9CC92300 CALL iw3mp.0067C4A0 0043FB04 8BC3 MOV EAX,EBX 0043FB06 69C0 78160000 IMUL EAX,EAX,1678 0043FB0C 83C4 0C A DD ESP,0C 0043FB0F 68 78160000 PUSH 1678 0043FB14 8DB0 A86F7400 LEA ESI,DWORD PTR DS:[EAX+746FA8] 0043FB1A 57 PUSH EDI 0043FB1B 56 PUSH ESI 0043FB1C 897424 18 MOV DWORD PTR SS:[ESP+18],ESI 0043FB20 E8 7BC92300 CALL iw3mp.0067C4A0 0043FB25 8BCB MOV ECX,EBX 0043FB27 69C9 00700700 IMUL ECX,ECX,77000 0043FB2D 83C4 0C ADD ESP,0C 0043FB30 68 00700700 PUSH 77000 0043FB35 81C1 D8F28400 ADD ECX,iw3mp.0084F2D8 '<<<--- Entity class offset' 0043FB3B 57 PUSH EDI 0043FB3C 51 PUSH ECX 0043FB3D E8 5EC92300 CALL iw3mp.0067C4A0 0043FB42 8BD3 MOV EDX,EBX 0043FB44 69D2 00220000 IMUL EDX,EDX,2200 0043FB4A 83C4 0C ADD ESP,0C 0043FB4D 68 00220000 PUSH 2200 [/PHP] #define OFFSET_CENTITY 0x84F2D8 #define OFFSET_CG 0x74E338 #define OFFSET_CGS 0x74A908 //-------------------------------------------------------------------------------------------------------------------------------------------------------- [B]ClientInfo class:[/B] Search for string [COLOR=Red]"g_TeamColor"[/COLOR] and look up a few lines. [PHP] 00431F60 69C9 CC040000 IMUL ECX,ECX,4CC '<<<--- Size of the ClientInfo class' 00431F66 05 70928300 ADD EAX,iw3mp.00839270 '<<<---ClientInfo class offset' 00431F6B 8B40 1C MOV EAX,DWORD PTR DS:[EAX+1C] 00431F6E 81C1 70928300 ADD ECX,iw3mp.00839270'<<<---ClientInfo class offset' 00431F74 83F8 03 CMP EAX,3 00431F77 57 PUSH EDI 00431F78 75 0C JNZ SHORT iw3mp.00431F86 00431F7A 68 887D6C00 PUSH iw3mp.006C7D88 ; ASCII "g_TeamColor" 00431F7F 68 A87F6C00 PUSH iw3mp.006C7FA8 ; ASCII "%s_Spectator" [/PHP] #define OFFSET_CLIENTINFO 0x839270 //-------------------------------------------------------------------------------------------------------------------------------------------------------- [B]Minimap/Compass:[/B] Search for string [COLOR=Red]"g_compassShowEnemies"[/COLOR] and look for a call under it. [PHP] 0042A080 BF 0C796C00 MOV EDI,iw3mp.006C790C; "g_compassShowEnemies" 0042A085 894424 28 MOV DWORD PTR SS:[ESP+28],EAX 0042A089 D95C24 30 FSTP DWORD PTR SS:[ESP+30] 0042A08D D84C24 64 FMUL DWORD PTR SS:[ESP+64] 0042A091 D84424 5C FADD DWORD PTR SS:[ESP+5C] 0042A095 D95C24 34 FSTP DWORD PTR SS:[ESP+34] 0042A099 D903 FLD DWORD PTR DS:[EBX] 0042A09B D95C24 48 FSTP DWORD PTR SS:[ESP+48] 0042A09F D943 04 FLD DWORD PTR DS:[EBX+4] 0042A0A2 D95C24 4C FSTP DWORD PTR SS:[ESP+4C] 0042A0A6 D943 08 FLD DWORD PTR DS:[EBX+8] 0042A0A9 D95C24 50 FSTP DWORD PTR SS:[ESP+50] 0042A0AD D943 0C FLD DWORD PTR DS:[EBX+C] 0042A0B0 D95C24 54 FSTP DWORD PTR SS:[ESP+54] 0042A0B4 E8 97151400 CALL iw3mp.0056B650 '<<<---- NOP it and enemies are visible on compass at all times.' [/PHP] #define OFFSET_COMPASS 0x42A0B4 //-------------------------------------------------------------------------------------------------------------------------------------------------------- [B]IsInGame:[/B] Search for strings like [COLOR=#ff0000]"+speed"[/COLOR] or [COLOR=#ff0000]"+melee" [/COLOR]or [COLOR=Red]"+speed"[/COLOR] [PHP] 0042F193 C74424 28 647E6C>MOV DWORD PTR SS:[ESP+28],iw3mp.006C7E64 ; ASCII "+toggleads_throw" 0042F19B C74424 2C 787E6C>MOV DWORD PTR SS:[ESP+2C],iw3mp.006C7E78 ; ASCII "+speed_throw" 0042F1A3 C74424 30 887E6C>MOV DWORD PTR SS:[ESP+30],iw3mp.006C7E88 ; ASCII "+speed" 0042F1AB C74424 34 907E6C>MOV DWORD PTR SS:[ESP+34],iw3mp.006C7E90 ; ASCII "toggleads" 0042F1B3 C74424 20 9C7E6C>MOV DWORD PTR SS:[ESP+20],iw3mp.006C7E9C ; ASCII "+melee" 0042F1BB C74424 24 A47E6C>MOV DWORD PTR SS:[ESP+24],iw3mp.006C7EA4 ; ASCII "+melee_breath" 0042F1C3 0F84 05020000 JE iw3mp.0042F3CE 0042F1C9 8B0D F8F8C500 MOV ECX,DWORD PTR DS:[C5F8F8] 0042F1CF C1E9 04 SHR ECX,4 0042F1D2 F6C1 01 TEST CL,1 0042F1D5 0F85 F3010000 JNZ iw3mp.0042F3CE 0042F1DB 8B3D 5CE37400 MOV EDI,DWORD PTR DS:[74E35C] '<<<---IsInGame offset ' [/PHP] #define OFFSET_ISINGAME 0x74E35C //-------------------------------------------------------------------------------------------------------------------------------------------------------- I wanna point out that these methods might not be universal in quake3-engine based games and for finding every func/offset there is always more than 1 way. Be creative and you should be able to find any other offset based on these examples. [/QUOTE]
Verification
Post reply
Forums
Gaming
Call of Duty Classics
Tutorial Section
How to Find Offsets
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.
Accept
Learn more…
Top