WarRock - Pointer und Offsets

alfmkwndk · 08/14/2012, 02:16

help addy

OFS_NxCash

Hanfi™ · 08/14/2012, 08:24

hat wer dei ofs_playerslot addy?

bodhi12 · 08/14/2012, 10:58

somone new Ehsvc and new WR Dump ,

thanks!

Phantom. · 08/14/2012, 11:19

Quote:

Originally Posted by bodhi12

somone new Ehsvc and new WR Dump ,

thanks!

Dumped by me

bodhi12 · 08/14/2012, 11:21

Quote:

Originally Posted by TradEmArk™˟

Dumped by me

Thanks man, was realy usefull! do you have skype sir ?
can you add me ?

danewkiller.

xDaNero · 08/14/2012, 15:48

WarRock Addies Didnt Change & HS Fail Update

Pu3Mi2o · 08/14/2012, 18:51

DWORD ADR_POINTER_PLAYER = 0xA352D8;
DWORD ADR_POINTER_SERVER = 0xA35268;

Hanfi™ · 08/17/2012, 10:10

1 Log

//==================================\\
//=========== Hanf™`s =========\\
//=========== Addylogger =========\\
//=========== V.0.1 =========\\
//============= Start logging =========\\
//==================================\\

//[Pointers]
#define ADR_Playerpointer 0xA352D8
#define ADR_Serverpointer 0xA35268
#define ADR_USERBASE 0xA360A8
#define ADR_BasePointer 0xA8C178
#define ADR_WeaponPointer 0xA530FC
#define ADR_DEVICEPOINTER 0x88CE14
#define ADR_ViewAngles 0xA34E10
#define ADR_HealthPointer 0x31FB8

//[ADRESSEN]
#define ADR_PLAYERSPEED 0x890168
#define ADR_LadderQuickly 0x890128
#define ADR_PlantAnyWhere 0xA34E53
#define ADR_DefuseAnyWhere 0x8F68AC
#define ADR_AnfiAFK 0xB68C90
#define ADR_ImDrunk 0xA351D4
#define ADR_GlassWalls 0xA34F04

//[Memory]
#define MEM_BONESHOT 0x890DA8

//[Weapon]
#define ADR_SuperNoSpread 0xA39C8C
#define ADR_NoRecoil1 0xC43C
#define ADR_NoRecoil2 0xC440
#define ADR_NoRecoil3 0xC444
#define ADR_ScopeSize 0x8F68A0

//[Offsets]
#define OFS_x 0x102F8
#define OFS_Y 0x10308
#define OFS_Z 0x10300
#define OFS_NFD 0x102E0
#define OFS_1SLOT 0xC70B8
#define OFS_2SLOT 0xC70B9
#define OFS_3SLOT 0xC70BA
#define OFS_4SLOT 0xC70BB
#define OFS_5SLOT 0xC70BC
#define OFS_6SLOT 0xC70BD
#define OFS_7SLOT 0xC70BE
#define OFS_8SLOT 0xC70BF

//[Binder]
#define ADR_WeaponBase 0xA530FC
#define ADR_ServerBase 0xA35268

//[ASM]
#define ASM_Artillery1 0x45EF11

//=========================================\\
//============= End of logging =================\\
//=========================================\\

~~Supremex3~~ · 08/18/2012, 00:08

How the hell do you dump Ehsvc?

#edit
Request EngineText and how to use it

scraprecon · 08/18/2012, 01:33

How to dump EHSvc?

1) Open Kernel Detective
2) Open WarRock
3) Click on WarRock.exe Process and then click libraries ( i think thats what it was ) , its one of those tabs next to processes
4) Find HackShield / Ehsvc.dll or something like that , Click on it
5) Right click on it and click dump to file
6) Name it EHSvcDumped.dll or something like that and hit dump
7) Viola

Remember to put the dll file extension

8) Open in IDA Pro ( thats what I use ) and begin searching

Written by scraprecon :P

~~Supremex3~~ · 08/18/2012, 12:35

Interesting.. Thanks!

Code:

#define ADR_HANDLE_CHAT 0x0050173C

Just make a detour to it. Little using example:

Code:

typedef bool (WINAPI* realHandleChatCommand)(char* pText);
realHandleChatCommand oHandleChatCommand;

DWORD dwHandleChatCommand = (DWORD)0x0050173C;
oHandleChatCommand = (realHandleChatCommand)DetourFunction((byte*)dwHandleChatCommand, (byte*)nHandleChatCommand);

bool __stdcall nHandleChatCommand(char* pText)
{
	if(!strcmp(pText, "/trolling"))
	{
		WRMessage("Hey idiot! ... Yes, you! Dumbass ... \nTROLLD!");
		return false;
	}
	else if(!strcmp(pText, "/help"))
	{
		WRMessage("These features are at work yet!");
		return false;
	}
	else
	{
		return oHandleChatCommand(pText);
	}
}

#Edit
Can someone show me how to write something into chat [EngineText]? Im trying a lot of addresses i found by my self, nothing works ( i must really be an idiot

)

~~Angel-Piece~~ · 08/18/2012, 13:49

Quote:
Originally Posted by Supremex3
Interesting.. Thanks!
Code:
#define ADR_HANDLE_CHAT 0x0050173C
Just make a detour to it. Little using example:
Code:
typedef bool (WINAPI* realHandleChatCommand)(char* pText);
realHandleChatCommand oHandleChatCommand;

DWORD dwHandleChatCommand = (DWORD)0x0050173C;
oHandleChatCommand = (realHandleChatCommand)DetourFunction((byte*)dwHandleChatCommand, (byte*)nHandleChatCommand);

bool __stdcall nHandleChatCommand(char* pText)
{
	if(!strcmp(pText, "/trolling"))
	{
		WRMessage("Hey idiot! ... Yes, you! Dumbass ... \nTROLLD!");
		return false;
	}
	else if(!strcmp(pText, "/help"))
	{
		WRMessage("These features are at work yet!");
		return false;
	}
	else
	{
		return oHandleChatCommand(pText);
	}
}
#Edit
Can someone show me how to write something into chat [EngineText]? Im trying a lot of addresses i found by my self, nothing works ( i must really be an idiot )

why don't you search this addy in the places where warrock use this?

like medic refill, adrenaline, m14 mines... o.0

you find it really easy at this places

~~Supremex3~~ · 08/18/2012, 13:57

I want to write something into Lobby Chat (not ingame) and into Room Chat (ingame).
And i dont want that "chat message" which is shown when i heal someone or what ever (this is at the top left)

~~Angel-Piece~~ · 08/18/2012, 14:16

Quote:

Originally Posted by Supremex3

I want to write something into Lobby Chat (not ingame) and into Room Chat (ingame).
And i dont want that "chat message" which is shown when i heal someone or what ever (this is at the top left)

ehm you know that the addy one and the same is o.0 ?

in server the addy write in the chat ingame the addy write at the top left, ask wr why they do this so...

alfmkwndk · 08/20/2012, 05:35

help
detected:

#define ADR_????????? 0x000
#define ADR_????????? 0x000

Quote:

DWORD dwWeaponPointer = FindPattern((PBYTE)"\x0F\xBF\x05\x00\x00\x00\x00\x 00\x68\x00\x00\x00\x00" ,"xxx?????x????",3,true);
DWORD dwViewAngles = FindPattern((PBYTE)"\xA1\x00\x00\x00\x00\xD9\x40\x 00};","x????xx?",1,true);
DWORD dwPremium = FindPattern((PBYTE)"\x89\x86\x00\x00\x00\x00\x8D\x 86\x00\x00\x00\x00\x50\xE8\x00\x00\x00\x00};", "xx??xxxx???xxx??xx", 2, true);
DWORD dwNoRecoil1 = FindPattern((PBYTE)"\x89\x87\x00\x00\x00\x00\x8B\x 06\x89\x87\x00\x00\x00\x00\x8B\x46\x00\x89\x87\x00 \x00\x00\x00};", "xx??xxxxxx??xxxx?xx??xx", 2, true);
DWORD dwNoSpread = FindPattern((PBYTE)"\xBE\x00\x00\x00\x00\x3B\xD8\x 74\x00\x8B\x9F\x00\x00\x00\x00\xE8\x00\x00\x00\x00 };", "x???xxxx?xx??xxx???? ", 1, true);
DWORD dwSlot5 = FindPattern((PBYTE)"\xC6\x83\x00\x00\x00\x00\x00\x 5F\xE9\x00\x00\x00\x00", "xx???x?xx?xxx", 2, true);
DWORD dwDinar = FindPattern((PBYTE)"\x89\x86\x00\x00\x00\x00\x8B\x 44\x24\x00", "xx???xxxx?", 2, true);
DWORD dwVJump = FindPattern((PBYTE)"\xD9\x05\x00\x00\x00\x00\xC3\x D9};" ,"xx???xxx",2,true);
DWORD dwImDrunk = FindPattern((PBYTE)"\x66\x83\x3D\x00\x00\x00\x00\x 00\x00\x74\x00\x8B\x00\x00\x00};", "xxx??????x?x???",3,true);
DWORD dwGravity = FindPattern((PBYTE)"\xD9\x83\x00\x00\x00\x00\xD9\x C2\xDE\xF9", "xx??xxxxxx", 2, true);
DWORD dwUnlAmmo = FindPattern((PBYTE)"\x56\x8B\xF0\x83\xBE\x00\x00\x 00\x00\x00\x74\x00", "xxxxx??xxxx?", 0, 0);

DWORD dwAntiAFK = FindPattern((PBYTE)"\xD9\x05\x00\x00\x00\x00\xD8\x 45\x00", "xx???xxx?", 2, true);

DWORD dwSNSpread = FindPattern((PBYTE)"\x00\x00\x00\x00\x00\x00\x14\x 40","xxxxxxxx",0 ,0);//852550=857F20
DWORD WeaponMainOffset = FindPattern((PBYTE)"\x66\x8B\x87\x00\x00\x00\x00\x 66\x89\x87\x00\x00\x00\x00\x83\xC4\x18\x8B\xC7\xE8 \x00\x00\x00\x00","xxx????xxx????xxxxxx????",3,tru e);
DWORD Weapon1Offset = WeaponMainOffset+0x0;
DWORD Weapon2Offset = WeaponMainOffset+0x2;
DWORD Weapon3Offset = WeaponMainOffset+0x4;
DWORD dwBoneShot = FindPattern((PBYTE)"\xDC\x05\x00\x00\x00\x00\xE8\x 00\x00\x00\x00","xx???xx???x",2,true);
DWORD dwWTW = FindPattern((PBYTE)"\xD9\x05\x00\x00\x00\x00\xD8\x 5E\x00","xx???xxx?",2,true);
DWORD dwSTW = FindPattern((PBYTE)"\xD8\x1D\x00\x00\x00\x00\xDF\x E0\xF6\xC4\x00\x7A\x02","xx???xxxxx?xx",2,true);
DWORD dwNoBoundsMainOffset = FindPattern((PBYTE)"\xD9\x1D\x00\x00\x00\x00\xE9\x 00\x00\x00\x00", "xx???xx??xx", 2, true );
DWORD dwNoBounds1 = dwNoBoundsMainOffset+0x0;
DWORD dwNoBounds2 = dwNoBoundsMainOffset+0x4;
DWORD dwNoBounds3 = dwNoBoundsMainOffset+0x8;
////////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////////
DWORD dwPlantAnyWhereX = FindPattern((PBYTE)"\x88\x1D\x00\00\x00\x00\x88\x1 D\x00\x00\x00\x00\x88\x1D","xx????xx????xx",2,true );
DWORD dwPlantAnyWhere = dwPlantAnyWhereX - 0x7;
DWORD dwDefuseAnyWhereX = FindPattern((PBYTE)"\x66\xA3\x00\x00\x00\x00\x66\x A3\x00\x00\x00\x00\x66\xA3\x00\x00\x00\x00\x66\xA3 ","xx????xx????xx????xx",2,true);
DWORD dwDefuseAnyWhere = dwDefuseAnyWhereX + 0x4;
////////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////////
DWORD dwWUW = FindPattern((PBYTE)"\x33\x05\x00\x00\x00\x00\x89\x 45\xFC\xD9\x45\xFC\xA1\x00\x00\x00", "xx???xxxxxxxx???", 2, true );
DWORD dwFastMedic = FindPattern((PBYTE)"\xB8\x00\x00\x00\x00\xE8\x00\x 00\x00\x00\xC6\x45\x00\x01\x8D\x75", "x???xx??xxxx?xxx", 1, true );
DWORD dwFastAmmo = FindPattern((PBYTE)"\xB8\x00\x00\x00\x00\xD9\x5D\x 00\xE8\x00\x00\x00\x00", "x???xxx?x??xx", 1, true);
DWORD dwFastRepair = FindPattern((PBYTE)"\xB8\x00\x00\x00\x00\xE8\x00\x 00\x00\x00", "x???xx??xx", 1, true);

DWORD dwFastFlag = FindPattern((PBYTE)"\xB8\x00\x00\x00\x00\x89\x45\x 00\xD9\x45\x00\x00\x00\x00", "xx???xxx?xx?", 2, true);
DWORD dwDefuseAny = FindPattern((PBYTE)"\x66\xA3\x68\x38\x8B\x00};","x xxxx?",2,true);
DWORD dwPlantAny = FindPattern((PBYTE)"\x88\x1D\xFA\xD8\x9E\x00};","x xxxx?",2,true);
DWORD dwSuperSpread = FindPattern((PBYTE)"\xDC\x05\xF0\x49\x85\x00};","x xxxx?",2,true);
DWORD dwAntiAfk = FindPattern((PBYTE)"\xD9\x1D\x40\xAC\xB1\x00};","x xxxx?",2,true);
DWORD NoSpawn = FindPattern((PBYTE)"\x8B\x0D\xA4\x92\xB2\x00};","x xxxx?",2,true);
DWORD dwQuickDef = FindPattern((PBYTE)"\xD9\x1D\xDC\xD8\x9E\x00};","x xxxx?",2,true);
DWORD accuracymem = FindPattern((PBYTE)"\xBE\x04\x28\x9F\x00};","xxxx? ",1,true);
DWORD dwWTH = FindPattern((PBYTE)"\xD9\x05\x00\x00\x00\x00\x83\x C4\x00", "xx???xxx?", 2, true);
DWORD dwNade = FindPattern((PBYTE)"\xD9\x86\x00\x00\x00\x00\xD8\x C9\xDE\xC1", "xxx??xxxxx", 2, true);
DWORD dwNFD = FindPattern((PBYTE)"\x81\xC6\x00\x00\x00\x00\xD9\x 45\x00\xD9\x1C\x24\xE8\x00\x00\x00\x00", "xx???xxx?xxxx????", 2, true);
DWORD dwPlayerZ = FindPattern((PBYTE)"\x8D\x83\x00\x00\x00\x00\x8B\x 48\x00\x33\x08\x8B\x83\x00\x00\x00\x00", "xx???xxx?xxxx???x", 2, true);
DWORD dwEngineText = FindPattern((PBYTE)"\x6A\x00\xB8\x00\x00\x00\x00\x E8\x00\x00\x00\x00", "x?x???xx???x", 0, 0);
DWORD dwMessageBox = FindPattern((PBYTE)"\x33\xC0\x50\x68\x00\x00\x00\x 00", "xxxx???x", 0, 0);
DWORD dwNoSpawn1 = FindPattern((PBYTE)"\x83\x3D\x00\x00\x00\x00\x00\x 75\x00\x8B\x45\x00\xA3\x00\x00\x00\x00", "xx???xxx?xxxx???x", 2, true);
DWORD dwNoSpawn2 = FindPattern((PBYTE)"\x2B\x05\x00\x00\x00\x00\x3B\x C1\x0F\x86\x00\x00\x00\x00\xE8\x00\x00\x00\x00", "xx???xxxxx??xxx????", 2, true);
DWORD dwHighMode = FindPattern((PBYTE)"\xDC\x3D\x00\x00\x00\x00\xD8\x 8B\x00\x00\x00\x00\xDE\xD9", "xx???xxx?xxxxx", 2, true);
DWORD dwCQCProne = FindPattern((PBYTE)"\xA1\x00\x00\x00\x00\x53\x8B\x 5D\x00", "x???xxxx?", 1, true);
DWORD dwPlayerPointer = FindPattern((PBYTE)"\x8B\x0D\x00\x00\x00\x00\x66\x 83\xB9};", "xx????xxx", 2, true);
DWORD dwServerPointer = FindPattern((PBYTE)"\x83\x3D\x00\x00\x00\x00\x00\x 74\x00\xE8\x00\x00\x00\x00\xEB\x00","xx?????x?x??? ?x?",2,true); // ADR_ServerBase
DWORD dwDevicePointer = FindPattern((PBYTE)"\xC7\x06\x00\x00\x00\x00\x89\x 86\x00\x00\x00\x00\x89\x86};", "xx????xx???xxx", 2, true);
DWORD dwUserPointer = FindPattern((PBYTE)"\x0F\x8C\x00\x00\x00\x00\x8B\x 0D\x00\x00\x00\x00" ,"xx????xx????",8,true);
DWORD dwOFS_X = FindPattern((PBYTE)"\x8D\x83\xE0\x02\x01\x00\x8B\x 48\x04\x33\x08\x8B\x83\xAC\x02\x01\x00","xxxxxxxxx xxxxxxxx",2,true); //OFS_X
DWORD dwOFS_Y = FindPattern((PBYTE)"\x8D\x83\xF0\x02\x01\x00\x8B\x 48\x04\x33\x08\x8B\x83\xAC\x02\x01\x00","xxxxxxxxx xxxxxxxx",2,true); //OFS_Y
DWORD dwOFS_Z = FindPattern((PBYTE)"\x8D\x83\xE8\x02\x01\x00\x8B\x 48\x04\x33\x08\x8B\x83\xAC\x02\x01\x00","xxxxxxxxx xxxxxxxx",2,true); //OFS_Z
DWORD dwOFS_NFD = FindPattern((PBYTE)"\x81\xC6\x00\x00\x00\x00\xD9\x 45\xFC\xD9\x1C\x24\xE8\x00\x00\x00\x00","xx????xxx xxxx????",2,true); //OFS_NFD
DWORD dwOFS_Premium = FindPattern((PBYTE)"\x89\x86\x8c\x05\x00\x00\x8d\x 86\x90\x21\x10\x00\x50\xe8\x00\x00\x00\x00","xxxxx xxxxxxxxx????",2,true); //OFS_Premium
DWORD dwMemSpeed = FindPattern((PBYTE)"\xdc\x0d\x00\x00\x00\x00\x59\x 59\xd9\x5d\x08\x5e\xd9\x45\x08\x5d","xx????xxxxxxx xxx",2,true); // Speed
DWORD dwScope = FindPattern((PBYTE)"\xc7\x05\x00\x00\x00\x00\x00\x 00\x00\x00\x85\xc0\x76\x00\xbe\x00\x00\x00\x00","x x????????xxx?x????",2,true); //Scope
DWORD dwScopeSize = FindPattern((PBYTE)"\xd9\x1d\x00\x00\x00\x00\x66\x a3\x00\x00\x00\x00\xa1\x00\x00\x00\x00","xx????xx? ???x????",2,true); // Scope Size
DWORD dwInvisible = FindPattern((PBYTE)"\x8B\x88\x00\x00\x00\x00\x89\x 0F","xx???xxx",2,true);
DWORD dwVirtualJump = FindPattern((PBYTE)"\xD9\x05\x00\x00\x00\x00\xC3\x D9" ,"xx???xxx",2,true);
DWORD dwartilery2 = FindPattern((PBYTE)"\x75\x0F\x00\x46\x53\x3C\x31\x 0F","xx?xxxxx",0,0);
DWORD dwQuickSpawn = FindPattern((PBYTE)"\x83\x3D\x00\x00\x00\x00\x00\x 00\x00\x8B\x00\x00\xA3\x00\x00\x00\x00};", "xx???????x??x????",2,true);
DWORD dwASM_OPK = FindPattern((PBYTE)"\x55\x8B\xEC\x51\x51\x8B\x00\x 14\x33\x00\x10", "xxxxxx?xx?x", 0, 0 );