API tools faq
paste
Advertisement
Lyut

fuck the system

Lyut
Nov 20th, 2013
1,330
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.15 KB | None | 0 0
raw download clone embed print report
  1. 31 44 43 45 49 50 51 52 54 58 60 61 63 64
  2.  
  3. Entity-table benchmarks
  4.  
  5. 0x884, _ ; // ~170 / Vehicles/Players/Zombies/Animals
  6. 0x92c, _ ; // ~400 / Vehicles/Players/Zombies/Animals
  7. 0x9d4, _ ; // ~70 / Vehicles/Players/Zombies/Animals
  8. 0xa7c, _ ; // ~140 / Vehicles/Players/Zombies/Animals
  9. 0xdcc, _ ; // ~400 / WeaponHolder etc
  10. 0xe74, _ ; // ~1500 / WeaponHolder etc
  11. 0xf1c, _ ; // ~180 / WeaponHolder etc
  12. 0xfc4 _ ; // ~856 / WeaponHolder etc
  13. // 0x106c, _ ; // ~0 / Land_A_MunicipalOffice
  14. // 0x7d8, _ ; // ~0 / Bullet/Explo ents
  15. // 0xb28, _ ; // ~50 / #Crap + B!rdz
  16. // 0xbd0, _ ; // ~50 / #Crap + B!rdz
  17. // 0xc78, _ ; // ~10 / #Crap
  18. // 0xd20 _ ; // ~30 / #Crap
  19.  
  20. fog :
  21. CurrentFog -> 0xdfcdd8] +0x13F8
  22. MaxFog -> 0xdfcdd8] +0x13F4
  23. Both are floats, MaxFog is refreshed by server, so you need to loop the writememory on the values
  24.  
  25. TP to crosshair :
  26. Allows you to get the coordinates from where you are watching ->
  27. Vec3 (x,z,y)-> 0xdfcdd8] +0x8] +0x24]
  28.  
  29. WEATHER
  30.  
  31. 0xE12C68] + 0x2FC] + 0x30] (float) = rain (its sets the amount of rain falling also if you set it completly to 1.0f you will get a big rainbow)
  32. 0xE12C68] + 0x2FC] + 0x34] (float) = something like a limit set it to 0.5f and the rain amount to 1.0f and the rain amount will drop to 0.5f
  33.  
  34. ARMA_MAIN] + 0x13E8] (float) = overcast
  35. ARMA_MAIN] + 0x13EC] (float) = 1.0f is rain and 0.0f is no rain // Im not sure about this one but it should be the rain
  36. ARMA_MAIN] + 0x13F4] (float) = fog
  37.  
  38. ARMA_MAIN] + 0x141C] (float) = count for weather change
  39. ARMA_MAIN] + 0x1420] (float) = time in seconds to next weather change (0x1420 - 0x141C = time to next weather change
  40.  
  41.  
  42. WorldName: 0xE258C4 - (char*) len = 80 // Note: for "Desert" its "Desert_E" you have to take a look which is the internal name for the map
  43.  
  44.  
  45. We can "steal" any item from the map(inside tens, weapon holders..) using a simple WPM.
  46.  
  47. How to do it:
  48. Read from "weaponHolder"+0x21C write it in "otherWeaponHolder"+0x21C
  49. Open the inventory of the second "weaponHolder"
  50.  
  51. I only got it working if i'm inside a vehicle, so i write the value of some "weaponHolder"+0x21C to localPlayer+0x21C and then open the gear of the vehicle.
  52.  
  53. when i refer to weaponHolder, i only tested for Tents and WeaponHolders, but i assume you can steal from cars as well.
  54.  
  55. It dupes the item, so if you reconnect, you can get the same items again.
  56.  
  57. Players coord X : 0x28
  58. Players coord Y : 0x30
  59. Players coord Z : 0x2C
  60.  
  61. Players HEAD coord X : 0x10C
  62. Players HEAD coord Y : 0x114
  63. Players HEAD coord Z : 0x110
  64.  
  65. Players BODY coord X : 0x118
  66. Players BODY coord Y : 0x120
  67. Players BODY coord Z : 0x11C
  68.  
  69.  
  70. These are the two arrays that contain all of the gear in a vehicle.
  71. PtrToGear = entity + 0x21c] (credit to andreb at the top of page 49) Note that this is just zero on players/NPCs
  72. PtrToGear + 0xc] array of eqiupment (guns and tools, anything you don't consume)
  73. PtrToGear + 0x10] size of equipment array
  74. PtrToGear + 0x18] array of consumables (ammo, food, parts)
  75. PtrToGear + 0x1c] size of consumable array
  76.  
  77. These are the two arrays that contain all of the gear on a player, including you.
  78. Entity + 0x688] array of equipment
  79. Entity + 0x68c] size of equip array
  80. Entity + 0x6a0] consumable array
  81. Entity + 0x6a4] size of consumable array
  82.  
  83. Each array holds a ptr to an item class and from what I can see the game is looping over the array based on the size variable so you must increment/decrement the size if you add/remove items.
  84.  
  85. equipment class
  86. + 0x10] + 0x4] + 0x4] model name len
  87. + 0x10] + 0x4] + 0x8] model name
  88. + 0x18] + 0x4] display name len
  89. + 0x18] + 0x8] display name
  90. + 0x1c] + 0x4] type len
  91. + 0x1c] + 0x8] type
  92.  
  93. consumable class
  94. info = +0x8]
  95. info + 0xc] + 0x4] +0x4] model name len
  96. info + 0xc] + 0x4] +0x8] model name
  97. info + 0x14] + 0x4] display name len
  98. info + 0x14] + 0x8] display name
  99. info + 0x20] + 0x4] type len
  100. info + 0x20] + 0x8] type
  101.  
  102.  
  103. Backpack offset: Entity + 6ac.
  104.  
  105. delItemFrInv:
  106. WriteInt(Entity+ 0x6a4, equArS - 1, (int)ph);
  107. WriteInt(equAr - equArS * 4, equArCur, (int)ph);
  108.  
  109. Big info 1 (less big info)
  110. Entity + 0b5c] + i*4] + 0x54] + weaponID * 0x24 + 4] + 8] + 0x200]
  111.  
  112. + 0x140 for Bullet Damge
  113. + 0x198 for Bullet Range (bullet's time to live, second)
  114. + 0x144 for indirect Damage
  115. + 0x148 for indirect Damage Range
  116. + 0x188 for Explosive Bullet (Just performance, not damage. Maybe it shows only in local)
  117.  
  118. 0x18C -> bullet recoil...
  119. set it to 0(float) , and your gun will not move while shooting.
  120.  
  121. Useful to refill @ reload
  122. if (GetAsyncKeyState(0x52)) // 0x52 -> "R" -> Reload button
  123. RefillAmmo(); // your infinite ammo function
  124.  
  125.  
  126. If you set localplayer + 0xc4] = 0 you wont take fall damage (but you may start bleeding).
  127.  
  128.  
  129. SPEED OFFSETS
  130.  
  131.  
  132. Player + 0x18
  133.  
  134. (Player speed , depends of camera position)
  135. 0x54 -X( right+\left-)
  136. 0x58 -Y (up\down)
  137. 0x5C -Z (forward+)
  138.  
  139. (global acceleration)
  140. 0x48 -X
  141. 0x4C -Y
  142. 0x50 -Z
  143.  
  144.  
  145. PrtToGear + 0x38] backpack array
  146. PrtToGear + 0x3c] backpack size
  147.  
  148. backpack class
  149. + 0x3C] + 0x30] + 0x4] type len
  150. + 0x3C] + 0x30] + 0x8] type
  151.  
  152.  
  153. create your own gui (use EX_TOPMOST to keep it over the game)
  154. add WS_EX_MDICHILD with SetWindowLong to chromes hwnd
  155. set chromes parentwindow with SetParent (parent is your gui)
  156. adjust chromes position/size in your own gui to only show chromes viewport
  157.  
  158.  
  159.  
  160. class EntityInfo
  161. {
  162. public:
  163. char _0x0000[48];
  164. ArmaString* pModelName; //0x0030
  165. char _0x0034[20];
  166. DWORD classType; //0x0048
  167. char _0x004C[32];
  168. ArmaString* pClassName; //0x006C
  169. char _0x0070[1424];
  170. float maxFuelLevel; //0x0600
  171. char _0x0604[212];
  172. DWORD maxEquipmentCount; //0x06D8
  173. DWORD maxConsumablesCount; //0x06DC
  174. DWORD maxBackpacksCount; //0x06E0
  175.  
  176. };//Size=0x06E4
  177.  
  178. In your Entity class:
  179.  
  180. EntityInfo* pEntityInfo; //0x003C
  181.  
  182.  
  183.  
  184.  
  185.  
  186. speed code
  187.  
  188. ome speed offsets
  189. Code:
  190. speed.X = GetFloat(coordsPtr+0x48);
  191. speed.Y = GetFloat(coordsPtr+0x50);
  192. speed.Z = GetFloat(coordsPtr+0x4C);
  193. its work for vehicles good, but for players its allways is 0.5 (normal run speed in arma is 5.6 m/s)
  194. but, we can obtain speed scalar
  195. Code:
  196. speedLength = GetFloat(playerPtr + 0X13E4);
  197. and we also have direction (u and w from first post).
  198.  
  199. speedhacK: (he is using 0xDF5634 as base since hes strating from arma2oa base)
  200.  
  201. DWORD addy = (DWORD)GetModuleHandle ("arma2oa.exe");
  202. DWORD pointer1 = 0;
  203. DWORD pointer2 = 0;
  204. readshit(addy,0x9F5634,&pointer1);
  205. readshit(pointer1,0x18,&pointer2);
  206. writeshit(pointer2,0x228,300.0f);
  207.  
  208. 0x165 to an entity makes it invisible clientside
  209.  
  210.  
  211. Calculating map size:
  212. 0xDFCDD8] + 0x05C8] + 0x0024] (uint) @ Height map
  213. 0xDFCDD8] + 0x05C8] + 0x0034] (float) @ Cell size
  214.  
  215. Example:
  216.  
  217. Height map for Chernarus is 2048, and cell size is 7.5m.
  218.  
  219. Total height: 2048 * 7.5 = 15360
  220.  
  221.  
  222. WEAPON BIG INFO 2
  223.  
  224. +
  225. 140 hit
  226. 144 indirect hit
  227. 148 indirect hit range
  228. 150 maneuvrability
  229. 154 track oversteer
  230. 158 track lead
  231. 15C init time
  232. 160 thrust time
  233. 164 thrust
  234. 168 side air friction
  235. 170 fuse distance
  236. 174 cost
  237. 178 max speed
  238. 17C simulation step
  239. 188 explosive
  240. 18C caliber
  241. 198 time to live
  242. 19C air friction
  243. 1A0 side air friction
  244. 1AC Cm immunity
  245. 1C8 audible fire
  246. 1CC visible fire
  247. 1D0 visible fire time
  248. 2F8 tracer scale
  249. 2FC tracer start time
  250. 300 tracer end time
  251. 308 whistle dist
  252. 30C whistle on fire
  253.  
  254.  
  255.  
  256.  
  257.  
  258.  
  259.  
  260.  
  261.  
  262.  
  263.  
  264.  
  265.  
  266.  
  267.  
  268. D2 forceOptics //byte
  269. D4 showAimCursorIternal //byte
  270. E4 useAsBinocular //byte
  271. C8 fireSpreadAngle
  272.  
  273. 140 hit
  274. 144 indirect hit
  275. 148 indirect hit range
  276. 150 maneuvrability
  277. 154 track oversteer
  278. 158 track lead
  279. 15C init time
  280. 160 thrust time
  281. 164 thrust
  282. 168 side air friction
  283. 170 fuse distance
  284. 174 cost
  285. 178 max speed
  286. 17C simulation step
  287. 188 explosive
  288. 18C caliber
  289. 198 time to live
  290. 19C air friction
  291. 1A0 side air friction
  292. 1AC Cm immunity
  293. 1C8 audible fire
  294. 1CC visible fire
  295. 1D0 visible fire time
  296. 2F8 tracer scale
  297. 2FC tracer start time
  298. 300 tracer end time
  299. 308 whistle dist
  300. 30C whistle on fire// irDistance //int32
  301.  
  302. 1C0 opticsZoomMax
  303. 1C4 opticsZoomMin
  304.  
  305.  
  306. 1B4 distanceZoomMax
  307. 1B8 distanceZoomMin
  308. 1BC opticsZoomInit
  309.  
  310.  
  311. 0xE1492C]+ 0xE8]+ 0x0]+ 0x450]+ 0x5c]+0xc
  312.  
  313. objectTableAddr = 0xDFCDD8
  314. Blood Offset Chain:
  315. Code:
  316. ( [[[[[[objectTableAddr] + 0x600] + 0xDC] + 0x28] + 0x450] + 0x84] ) + ( 0xC )
  317. The value you write to the address will be a float. 12000.0 for full blood and 0.0 for...well none...aka dead. And anything in between.
  318.  
  319.  
  320.  
  321. Consciousnesses (Epi-pen) Offset Chain:
  322. Code:
  323. ( [[[[[objectTableAddr] + 0x600] + 0xE0] + 0x258] + 0xC] ) + ( 0xC )
  324. Write 0.0 (float) to become conscious and 1.0 to knock yourself out
  325.  
  326.  
  327.  
  328. Bleeding Offset Chain (Bandage):
  329. Code:
  330. ( [[[[[[objectTableAddr] + 0x600] + 0x7F4] + 0x28] + 0x510] + 0x84] ) + ( 0xC )
  331. Write 0.0 (float) to stop the bleeding and 1.0 to start bleeding. This is especially useful for the teleport workaround
  332.  
  333. DFCDD8>13a8>4>c48 - Holding breath when in scope 1- no exaustion 0.5 - maximal exaustion
  334.  
  335. pos = read(pilePtr + 0x18)
  336. write(pos + 0x28, float x)
  337. write(pos + 0x30, float y)
  338. write(pos + 0x2C, 0f)
  339.  
  340. Doesn't do anything at all. However, doing :
  341.  
  342. playcoord = read(localplayer + 0x18)
  343. write(pilePtr + 0x18, playcoord)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!