Go Back   BWHacks > StarCraft > Starcraft Hacking Related
Reload this Page 1.15.1 Offsets / Functions / Notes
Register FAQ Members List Calendar Mark Forums Read

Starcraft Hacking Related Discuss anything related to hacks for SC/BW here.

Closed Thread
Page 1 of 3 1 23 >
 
LinkBack Thread Tools

Old 08-21-2007, 02:32 PM   #1 (permalink)
LCSBSSRHXXX
The Sexy Penguin
Senior Member
Retired Staff Member

Prophet
 
LCSBSSRHXXX's Avatar
 
Join Date: Feb 2005
Location: MOTHA ****IN BOULDER COLORADO
Posts: 7,195
LCSBSSRHXXX has a reputation beyond reputeLCSBSSRHXXX has a reputation beyond reputeLCSBSSRHXXX has a reputation beyond reputeLCSBSSRHXXX has a reputation beyond reputeLCSBSSRHXXX has a reputation beyond reputeLCSBSSRHXXX has a reputation beyond reputeLCSBSSRHXXX has a reputation beyond reputeLCSBSSRHXXX has a reputation beyond reputeLCSBSSRHXXX has a reputation beyond reputeLCSBSSRHXXX has a reputation beyond repute
Send a message via AIM to LCSBSSRHXXX
Default 1.15.1 Offsets / Functions / Notes
I made this list right after the patch yesterday in about 10 min but then the site went down so I couldn't post it up.

Post 1.15.1 offsets, functions and notes here, please moderate this thread heavily, spam is not tolerated in this thread what so ever.

*If you use offsets from this thread give the person who found them full credit for what they did.


Code:
005122C8 - ver #
19044EA8 - spoofer
00596870 - HH
Public text printing function:
Code:
004F2EC0  /$ 56             PUSH ESI
004F2EC1  |. 8BF0           MOV ESI,EAX
004F2EC3  |. 0FB605 2CC1680>MOVZX EAX,BYTE PTR DS:[68C12C]
004F2ECA  |. 83E8 02        SUB EAX,2                                ;  Switch (cases 2..3)
004F2ECD  |. 57             PUSH EDI
004F2ECE  |. 66:8B3D C2F157>MOV DI,WORD PTR DS:[57F1C2]
004F2ED5  |. 74 17          JE SHORT StarCraf.004F2EEE
004F2ED7  |. 48             DEC EAX
004F2ED8  |. 75 1D          JNZ SHORT StarCraf.004F2EF7
004F2EDA  |. E8 71CBF9FF    CALL StarCraf.0048FA50                   ;  Case 3 of switch 004F2ECA
004F2EDF  |. E8 9CF1FCFF    CALL StarCraf.004C2080
004F2EE4  |. 66:893D C2F157>MOV WORD PTR DS:[57F1C2],DI
004F2EEB  |. 5F             POP EDI
004F2EEC  |. 5E             POP ESI
004F2EED  |. C3             RETN
004F2EEE  |> 66:C705 C2F157>MOV WORD PTR DS:[57F1C2],0FFFF           ;  Case 2 of switch 004F2ECA
004F2EF7  |> E8 84F1FCFF    CALL StarCraf.004C2080                   ;  Default case of switch 004F2ECA
004F2EFC  |. 66:893D C2F157>MOV WORD PTR DS:[57F1C2],DI
004F2F03  |. 5F             POP EDI
004F2F04  |. 5E             POP ESI
004F2F05  \. C3             RETN
Client-sided text printing function:
Code:
0048CD60  /$ 85FF           TEST EDI,EDI
0048CD62  |. 56             PUSH ESI
0048CD63  |. 8BF0           MOV ESI,EAX
0048CD65  |. 74 71          JE SHORT StarCraf.0048CDD8
0048CD67  |. 85F6           TEST ESI,ESI
0048CD69  |. 75 05          JNZ SHORT StarCraf.0048CD70
0048CD6B  |. BE 581B0000    MOV ESI,1B58
0048CD70  |> 6A 00          PUSH 0                                   ; /Arg3 = 00000000
0048CD72  |. FF15 C4E04F00  CALL DWORD PTR DS:[<&KERNEL32.GetTickCou>; |[GetTickCount
0048CD78  |. 03C6           ADD EAX,ESI                              ; |
0048CD7A  |. 50             PUSH EAX                                 ; |Arg2
0048CD7B  |. 6A 03          PUSH 3                                   ; |Arg1 = 00000003
0048CD7D  |. 8BC7           MOV EAX,EDI                              ; |
0048CD7F  |. E8 4CFCFFFF    CALL StarCraf.0048C9D0                   ; \StarCraf.0048C9D0
0048CD84  |. A1 CCDF6C00    MOV EAX,DWORD PTR DS:[6CDFCC]
0048CD89  |. 85C0           TEST EAX,EAX
0048CD8B  |. 74 4B          JE SHORT StarCraf.0048CDD8
0048CD8D  |. 0FB605 47C4680>MOVZX EAX,BYTE PTR DS:[68C447]
0048CD94  |. B9 63000000    MOV ECX,63
0048CD99  |. 3BC1           CMP EAX,ECX
0048CD9B  |. 7C 0F          JL SHORT StarCraf.0048CDAC
0048CD9D  |. 85C0           TEST EAX,EAX
0048CD9F  |. 7D 04          JGE SHORT StarCraf.0048CDA5
0048CDA1  |. 33C9           XOR ECX,ECX
0048CDA3  |. EB 07          JMP SHORT StarCraf.0048CDAC
0048CDA5  |> 83F8 63        CMP EAX,63
0048CDA8  |. 7C 02          JL SHORT StarCraf.0048CDAC
0048CDAA  |. 8BC8           MOV ECX,EAX
0048CDAC  |> A1 54086400    MOV EAX,DWORD PTR DS:[640854]
0048CDB1  |. 85C0           TEST EAX,EAX
0048CDB3  |. 74 12          JE SHORT StarCraf.0048CDC7
0048CDB5  |. B8 67666666    MOV EAX,66666667
0048CDBA  |. F7E9           IMUL ECX
0048CDBC  |. D1FA           SAR EDX,1
0048CDBE  |. 8BC2           MOV EAX,EDX
0048CDC0  |. C1E8 1F        SHR EAX,1F
0048CDC3  |. 03C2           ADD EAX,EDX
0048CDC5  |. 8BC8           MOV ECX,EAX
0048CDC7  |> 83F9 0A        CMP ECX,0A
0048CDCA  |. 7E 0C          JLE SHORT StarCraf.0048CDD8
0048CDCC  |. 6A 00          PUSH 0                                   ; /Arg4 = 00000000
0048CDCE  |. 6A 00          PUSH 0                                   ; |Arg3 = 00000000
0048CDD0  |. 51             PUSH ECX                                 ; |Arg2
0048CDD1  |. 6A 17          PUSH 17                                  ; |Arg1 = 00000017
0048CDD3  |. E8 18F10200    CALL StarCraf.004BBEF0                   ; \StarCraf.004BBEF0
0048CDD8  |> 5E             POP ESI
0048CDD9  \. C3             RETN
Starcraft's screen drawing function:
Code:
0048CC00  /$ 55             PUSH EBP
0048CC01  |. 8BEC           MOV EBP,ESP
0048CC03  |. 51             PUSH ECX
0048CC04  |. 8B0D E0E06C00  MOV ECX,DWORD PTR DS:[6CE0E0]
0048CC0A  |. 53             PUSH EBX
0048CC0B  |. 56             PUSH ESI
0048CC0C  |. 57             PUSH EDI
0048CC0D  |. E8 0E2FF9FF    CALL StarCraf.0041FB20
0048CC12  |. 0FB61D 400B640>MOVZX EBX,BYTE PTR DS:[640B40]
0048CC19  |. BF 70000000    MOV EDI,70
0048CC1E  |. C745 FC 0B0000>MOV DWORD PTR SS:[EBP-4],0B
0048CC25  |. BE 0A000000    MOV ESI,0A
0048CC2A  |. 8D9B 00000000  LEA EBX,DWORD PTR DS:[EBX]
0048CC30  |> 8BC3           /MOV EAX,EBX
0048CC32  |. 69C0 DA000000  |IMUL EAX,EAX,0DA
0048CC38  |. 8D90 480B6400  |LEA EDX,DWORD PTR DS:[EAX+640B48]
0048CC3E  |. 803A 00        |CMP BYTE PTR DS:[EDX],0
0048CC41  |. 74 43          |JE SHORT StarCraf.0048CC86
0048CC43  |. 8A83 5C166400  |MOV AL,BYTE PTR DS:[EBX+64165C]
0048CC49  |. E8 B229F9FF    |CALL StarCraf.0041F600
0048CC4E  |. 8B0D 54096400  |MOV ECX,DWORD PTR DS:[640954]
0048CC54  |. 0FB7C7         |MOVZX EAX,DI
0048CC57  |. 03CF           |ADD ECX,EDI
0048CC59  |. 50             |PUSH EAX                                ; /Arg1
0048CC5A  |. 8BC2           |MOV EAX,EDX                             ; |
0048CC5C  |. C605 F8E06C00 >|MOV BYTE PTR DS:[6CE0F8],11             ; |
0048CC63  |. 66:8935 B0E06C>|MOV WORD PTR DS:[6CE0B0],SI             ; |
0048CC6A  |. 66:C705 B4E06C>|MOV WORD PTR DS:[6CE0B4],276            ; |
0048CC73  |. 66:893D B2E06C>|MOV WORD PTR DS:[6CE0B2],DI             ; |
0048CC7A  |. 66:890D B6E06C>|MOV WORD PTR DS:[6CE0B6],CX             ; |
0048CC81  |. E8 1A36F9FF    |CALL StarCraf.004202A0                  ; \StarCraf.004202A0
0048CC86  |> 8B0D 080B6400  |MOV ECX,DWORD PTR DS:[640B08]
0048CC8C  |. 8D43 01        |LEA EAX,DWORD PTR DS:[EBX+1]
0048CC8F  |. 99             |CDQ
0048CC90  |. 03F9           |ADD EDI,ECX
0048CC92  |. B9 0B000000    |MOV ECX,0B
0048CC97  |. F7F9           |IDIV ECX
0048CC99  |. FF4D FC        |DEC DWORD PTR SS:[EBP-4]
0048CC9C  |. 8BDA           |MOV EBX,EDX
0048CC9E  |.^75 90          \JNZ SHORT StarCraf.0048CC30
0048CCA0  |. A0 80156400    MOV AL,BYTE PTR DS:[641580]
0048CCA5  |. 84C0           TEST AL,AL
0048CCA7  |. 74 4C          JE SHORT StarCraf.0048CCF5
0048CCA9  |. A0 68166400    MOV AL,BYTE PTR DS:[641668]
0048CCAE  |. E8 4D29F9FF    CALL StarCraf.0041F600
0048CCB3  |. 8B15 54096400  MOV EDX,DWORD PTR DS:[640954]
0048CCB9  |. 81C2 27010000  ADD EDX,127
0048CCBF  |. 68 27010000    PUSH 127                                 ; /Arg1 = 00000127
0048CCC4  |. B8 80156400    MOV EAX,StarCraf.00641580                ; |
0048CCC9  |. C605 F8E06C00 >MOV BYTE PTR DS:[6CE0F8],12              ; |
0048CCD0  |. 66:8935 B0E06C>MOV WORD PTR DS:[6CE0B0],SI              ; |
0048CCD7  |. 66:C705 B4E06C>MOV WORD PTR DS:[6CE0B4],276             ; |
0048CCE0  |. 66:C705 B2E06C>MOV WORD PTR DS:[6CE0B2],127             ; |
0048CCE9  |. 66:8915 B6E06C>MOV WORD PTR DS:[6CE0B6],DX              ; |
0048CCF0  |. E8 AB35F9FF    CALL StarCraf.004202A0                   ; \StarCraf.004202A0
0048CCF5  |> A0 A6146400    MOV AL,BYTE PTR DS:[6414A6]
0048CCFA  |. 84C0           TEST AL,AL
0048CCFC  |. 74 49          JE SHORT StarCraf.0048CD47
0048CCFE  |. A0 67166400    MOV AL,BYTE PTR DS:[641667]
0048CD03  |. E8 F828F9FF    CALL StarCraf.0041F600
0048CD08  |. A1 54096400    MOV EAX,DWORD PTR DS:[640954]
0048CD0D  |. 83C0 18        ADD EAX,18
0048CD10  |. BE A4010000    MOV ESI,1A4
0048CD15  |. 66:A3 B6E06C00 MOV WORD PTR DS:[6CE0B6],AX
0048CD1B  |. 6A 18          PUSH 18                                  ; /Arg1 = 00000018
0048CD1D  |. B8 A6146400    MOV EAX,StarCraf.006414A6                ; |
0048CD22  |. C605 F8E06C00 >MOV BYTE PTR DS:[6CE0F8],14              ; |
0048CD29  |. 66:8935 B0E06C>MOV WORD PTR DS:[6CE0B0],SI              ; |
0048CD30  |. 66:C705 B4E06C>MOV WORD PTR DS:[6CE0B4],26C             ; |
0048CD39  |. 66:C705 B2E06C>MOV WORD PTR DS:[6CE0B2],18              ; |
0048CD42  |. E8 5935F9FF    CALL StarCraf.004202A0                   ; \StarCraf.004202A0
0048CD47  |> 33C9           XOR ECX,ECX
0048CD49  |. E8 D22DF9FF    CALL StarCraf.0041FB20
0048CD4E  |. 5F             POP EDI
0048CD4F  |. 5E             POP ESI
0048CD50  |. 5B             POP EBX
0048CD51  |. 8BE5           MOV ESP,EBP
0048CD53  |. 5D             POP EBP
0048CD54  \. C3             RETN
Campaign Editor Link:
Code:
004DB0A1  |. 52             PUSH EDX                                 ; /pProcessInfo
004DB0A2  |. 8D45 AC        LEA EAX,DWORD PTR SS:[EBP-54]            ; |
004DB0A5  |. 50             PUSH EAX                                 ; |pStartupInfo
004DB0A6  |. 8D8D A8FEFFFF  LEA ECX,DWORD PTR SS:[EBP-158]           ; |
004DB0AC  |. 51             PUSH ECX                                 ; |CurrentDir
004DB0AD  |. 6A 00          PUSH 0                                   ; |pEnvironment = NULL
004DB0AF  |. 6A 20          PUSH 20                                  ; |CreationFlags = NORMAL_PRIORITY_CLASS
004DB0B1  |. 6A 00          PUSH 0                                   ; |InheritHandles = FALSE
004DB0B3  |. 6A 00          PUSH 0                                   ; |pThreadSecurity = NULL
004DB0B5  |. 6A 00          PUSH 0                                   ; |pProcessSecurity = NULL
004DB0B7  |. 8D95 A4FDFFFF  LEA EDX,DWORD PTR SS:[EBP-25C]           ; |
004DB0BD  |. 52             PUSH EDX                                 ; |CommandLine
004DB0BE  |. 6A 00          PUSH 0                                   ; |ModuleFileName = NULL
004DB0C0  |. C745 AC 440000>MOV DWORD PTR SS:[EBP-54],44             ; |
004DB0C7  |. FF15 34E14F00  CALL DWORD PTR DS:[<&KERNEL32.CreateProc>; \CreateProcessA
__________________
Quote:
Originally Posted by 707 View Post
Gotta throw the magnums down on the counter, and be like yeeeeah bitch.
we pop bitchez wit r gatz klub:
LCS, 707, BELPHEGOR

YEEEEEEEH BITCH

Quote:
Gorgy: so whats the new klub
Gorgy: poppin bitchez wit ur gat
707: WE GOT DICKS LIKE JESUS, SO WE GOTTA SPORT THE MAGS, AND BE LIKE YEEEEH BITCH
LCSBSSRHXXX 15 0FF11|\|3  
Advertisement
 
Advertisement
Advertisement Sponsored links

Old 08-21-2007, 02:34 PM   #2 (permalink)
LCSBSSRHXXX
The Sexy Penguin
Senior Member
Retired Staff Member

Prophet
 
LCSBSSRHXXX's Avatar
 
Join Date: Feb 2005
Location: MOTHA ****IN BOULDER COLORADO
Posts: 7,195
LCSBSSRHXXX has a reputation beyond reputeLCSBSSRHXXX has a reputation beyond reputeLCSBSSRHXXX has a reputation beyond reputeLCSBSSRHXXX has a reputation beyond reputeLCSBSSRHXXX has a reputation beyond reputeLCSBSSRHXXX has a reputation beyond reputeLCSBSSRHXXX has a reputation beyond reputeLCSBSSRHXXX has a reputation beyond reputeLCSBSSRHXXX has a reputation beyond reputeLCSBSSRHXXX has a reputation beyond repute
Send a message via AIM to LCSBSSRHXXX
Default
Battle.net /commands:
Code:
0047FC7D  |. 6A 00          PUSH 0                                   ; /Arg2 = 00000000
0047FC7F  |. 8D45 FC        LEA EAX,DWORD PTR SS:[EBP-4]             ; |
0047FC82  |. 8D77 01        LEA ESI,DWORD PTR DS:[EDI+1]             ; |
0047FC85  |. 50             PUSH EAX                                 ; |Arg1
0047FC86  |. B9 08000000    MOV ECX,8                                ; |
0047FC8B  |. B8 50455000    MOV EAX,StarCraf.00504550                ; |ASCII "squelch "
0047FC90  |. 8BD6           MOV EDX,ESI                              ; |
0047FC92  |. E8 A9FBFFFF    CALL StarCraf.0047F840                   ; \StarCraf.0047F840
0047FC97  |. 85C0           TEST EAX,EAX
0047FC99  |. 0F85 8E010000  JNZ StarCraf.0047FE2D
0047FC9F  |. 50             PUSH EAX                                 ; /Arg2
0047FCA0  |. 8D4D FC        LEA ECX,DWORD PTR SS:[EBP-4]             ; |
0047FCA3  |. 51             PUSH ECX                                 ; |Arg1
0047FCA4  |. B9 07000000    MOV ECX,7                                ; |
0047FCA9  |. B8 48455000    MOV EAX,StarCraf.00504548                ; |ASCII "ignore "
0047FCAE  |. 8BD6           MOV EDX,ESI                              ; |
0047FCB0  |. E8 8BFBFFFF    CALL StarCraf.0047F840                   ; \StarCraf.0047F840
0047FCB5  |. 85C0           TEST EAX,EAX
0047FCB7  |. 0F85 70010000  JNZ StarCraf.0047FE2D
0047FCBD  |. 50             PUSH EAX                                 ; /Arg2
0047FCBE  |. 8D55 FC        LEA EDX,DWORD PTR SS:[EBP-4]             ; |
0047FCC1  |. 52             PUSH EDX                                 ; |Arg1
0047FCC2  |. B9 0A000000    MOV ECX,0A                               ; |
0047FCC7  |. B8 3C455000    MOV EAX,StarCraf.0050453C                ; |ASCII "unsquelch "
0047FCCC  |. 8BD6           MOV EDX,ESI                              ; |
0047FCCE  |. E8 6DFBFFFF    CALL StarCraf.0047F840                   ; \StarCraf.0047F840
0047FCD3  |. 85C0           TEST EAX,EAX
0047FCD5  |. 0F85 CC000000  JNZ StarCraf.0047FDA7
0047FCDB  |. 50             PUSH EAX                                 ; /Arg2
0047FCDC  |. 8D45 FC        LEA EAX,DWORD PTR SS:[EBP-4]             ; |
0047FCDF  |. 50             PUSH EAX                                 ; |Arg1
0047FCE0  |. B9 09000000    MOV ECX,9                                ; |
0047FCE5  |. B8 30455000    MOV EAX,StarCraf.00504530                ; |ASCII "unignore "
0047FCEA  |. 8BD6           MOV EDX,ESI                              ; |
0047FCEC  |. E8 4FFBFFFF    CALL StarCraf.0047F840                   ; \StarCraf.0047F840
0047FCF1  |. 85C0           TEST EAX,EAX
0047FCF3  |. 0F85 AE000000  JNZ StarCraf.0047FDA7
0047FCF9  |. E8 52410400    CALL StarCraf.004C3E50
0047FCFE  |. 85C0           TEST EAX,EAX
0047FD00  |. 74 14          JE SHORT StarCraf.0047FD16
0047FD02  |. 57             PUSH EDI                                 ; /Arg1
0047FD03  |. E8 D8FCFFFF    CALL StarCraf.0047F9E0                   ; \StarCraf.0047F9E0
0047FD08  |. 5E             POP ESI
0047FD09  |. 5B             POP EBX
0047FD0A  |. B8 01000000    MOV EAX,1
0047FD0F  |. 5F             POP EDI
0047FD10  |. 8BE5           MOV ESP,EBP
0047FD12  |. 5D             POP EBP
0047FD13  |. C2 0400        RETN 4
0047FD16  |> 6A 01          PUSH 1                                   ; /Arg2 = 00000001
0047FD18  |. 8D4D FC        LEA ECX,DWORD PTR SS:[EBP-4]             ; |
0047FD1B  |. 51             PUSH ECX                                 ; |Arg1
0047FD1C  |. B9 08000000    MOV ECX,8                                ; |
0047FD21  |. B8 24455000    MOV EAX,StarCraf.00504524                ; |ASCII "whisper "
0047FD26  |. 8BD6           MOV EDX,ESI                              ; |
0047FD28  |. E8 13FBFFFF    CALL StarCraf.0047F840                   ; \StarCraf.0047F840
0047FD2D  |. 85C0           TEST EAX,EAX
0047FD2F  |. 75 55          JNZ SHORT StarCraf.0047FD86
0047FD31  |. 6A 01          PUSH 1                                   ; /Arg2 = 00000001
0047FD33  |. 8D55 FC        LEA EDX,DWORD PTR SS:[EBP-4]             ; |
0047FD36  |. 52             PUSH EDX                                 ; |Arg1
0047FD37  |. B9 04000000    MOV ECX,4                                ; |
0047FD3C  |. B8 1C455000    MOV EAX,StarCraf.0050451C                ; |ASCII "msg "
0047FD41  |. 8BD6           MOV EDX,ESI                              ; |
0047FD43  |. E8 F8FAFFFF    CALL StarCraf.0047F840                   ; \StarCraf.0047F840
0047FD48  |. 85C0           TEST EAX,EAX
0047FD4A  |. 75 3A          JNZ SHORT StarCraf.0047FD86
0047FD4C  |. 6A 01          PUSH 1                                   ; /Arg2 = 00000001
0047FD4E  |. 8D45 FC        LEA EAX,DWORD PTR SS:[EBP-4]             ; |
0047FD51  |. 50             PUSH EAX                                 ; |Arg1
0047FD52  |. B9 02000000    MOV ECX,2                                ; |
0047FD57  |. B8 18455000    MOV EAX,StarCraf.00504518                ; |ASCII "w "
0047FD5C  |. 8BD6           MOV EDX,ESI                              ; |
0047FD5E  |. E8 DDFAFFFF    CALL StarCraf.0047F840                   ; \StarCraf.0047F840
0047FD63  |. 85C0           TEST EAX,EAX
0047FD65  |. 75 1F          JNZ SHORT StarCraf.0047FD86
0047FD67  |. 6A 01          PUSH 1                                   ; /Arg2 = 00000001
0047FD69  |. 8D4D FC        LEA ECX,DWORD PTR SS:[EBP-4]             ; |
0047FD6C  |. 51             PUSH ECX                                 ; |Arg1
0047FD6D  |. B9 02000000    MOV ECX,2                                ; |
0047FD72  |. B8 14455000    MOV EAX,StarCraf.00504514                ; |ASCII "m "
0047FD77  |. 8BD6           MOV EDX,ESI                              ; |
0047FD79  |. E8 C2FAFFFF    CALL StarCraf.0047F840                   ; \StarCraf.0047F840
0047FD7E  |. 85C0           TEST EAX,EAX
0047FD80  |. 0F84 7D010000  JE StarCraf.0047FF03
0047FD86  |> 8B4D FC        MOV ECX,DWORD PTR SS:[EBP-4]
0047FD89  |. 8D14C9         LEA EDX,DWORD PTR DS:[ECX+ECX*8]
0047FD8C  |. 50             PUSH EAX                                 ; /Arg1
0047FD8D  |. 8B0495 E4EE570>MOV EAX,DWORD PTR DS:[EDX*4+57EEE4]      ; |
0047FD94  |. E8 77FDFFFF    CALL StarCraf.0047FB10                   ; \StarCraf.0047FB10
Protection:
Code:
004DFDF0  /$ 55             PUSH EBP
004DFDF1  |. 8BEC           MOV EBP,ESP
004DFDF3  |. 81EC 1C020000  SUB ESP,21C
004DFDF9  |. 53             PUSH EBX
004DFDFA  |. 33DB           XOR EBX,EBX
004DFDFC  |. 56             PUSH ESI
004DFDFD  |. 57             PUSH EDI
004DFDFE  |. 885D F4        MOV BYTE PTR SS:[EBP-C],BL
004DFE01  |. 885D F5        MOV BYTE PTR SS:[EBP-B],BL
004DFE04  |. 885D F6        MOV BYTE PTR SS:[EBP-A],BL
004DFE07  |. 885D F7        MOV BYTE PTR SS:[EBP-9],BL
004DFE0A  |. 885D F8        MOV BYTE PTR SS:[EBP-8],BL
004DFE0D  |. C645 F9 01     MOV BYTE PTR SS:[EBP-7],1
004DFE11  |. FF15 3CE24F00  CALL DWORD PTR DS:[<&KERNEL32.GetCurrent>; [GetCurrentProcess
004DFE17  |. 8BF0           MOV ESI,EAX
004DFE19  |. 8D45 EC        LEA EAX,DWORD PTR SS:[EBP-14]
004DFE1C  |. 50             PUSH EAX
004DFE1D  |. 53             PUSH EBX
004DFE1E  |. 53             PUSH EBX
004DFE1F  |. 53             PUSH EBX
004DFE20  |. 53             PUSH EBX
004DFE21  |. 53             PUSH EBX
004DFE22  |. 53             PUSH EBX
004DFE23  |. 53             PUSH EBX
004DFE24  |. 53             PUSH EBX
004DFE25  |. 6A 01          PUSH 1
004DFE27  |. 8D4D F4        LEA ECX,DWORD PTR SS:[EBP-C]
004DFE2A  |. 51             PUSH ECX
004DFE2B  |. 8975 E4        MOV DWORD PTR SS:[EBP-1C],ESI
004DFE2E  |. 895D EC        MOV DWORD PTR SS:[EBP-14],EBX
004DFE31  |. 895D FC        MOV DWORD PTR SS:[EBP-4],EBX
004DFE34  |. 895D E8        MOV DWORD PTR SS:[EBP-18],EBX
004DFE37  |. 895D F0        MOV DWORD PTR SS:[EBP-10],EBX
004DFE3A  |. FF15 14E04F00  CALL DWORD PTR DS:[<&ADVAPI32.AllocateAn>;  ADVAPI32.AllocateAndInitializeSid
004DFE40  |. 85C0           TEST EAX,EAX
004DFE42  |. 0F84 EF000000  JE StarCraf.004DFF37
004DFE48  |. 8D55 FC        LEA EDX,DWORD PTR SS:[EBP-4]
004DFE4B  |. 52             PUSH EDX                                 ; /phToken
004DFE4C  |. 6A 08          PUSH 8                                   ; |DesiredAccess = TOKEN_QUERY
004DFE4E  |. 56             PUSH ESI                                 ; |hProcess
004DFE4F  |. FF15 24E04F00  CALL DWORD PTR DS:[<&ADVAPI32.OpenProces>; \OpenProcessToken
004DFE55  |. 85C0           TEST EAX,EAX
004DFE57  |. 0F84 DA000000  JE StarCraf.004DFF37
004DFE5D  |. 8B4D FC        MOV ECX,DWORD PTR SS:[EBP-4]
004DFE60  |. 8D45 E8        LEA EAX,DWORD PTR SS:[EBP-18]
004DFE63  |. 50             PUSH EAX                                 ; /pRetLen
004DFE64  |. 53             PUSH EBX                                 ; |BufSize
004DFE65  |. 53             PUSH EBX                                 ; |Buffer
004DFE66  |. 6A 01          PUSH 1                                   ; |InfoClass = TokenUser
004DFE68  |. 51             PUSH ECX                                 ; |hToken
004DFE69  |. FF15 20E04F00  CALL DWORD PTR DS:[<&ADVAPI32.GetTokenIn>; \GetTokenInformation
004DFE6F  |. 8B75 E8        MOV ESI,DWORD PTR SS:[EBP-18]
004DFE72  |. 81FE 00040000  CMP ESI,400
004DFE78  |. 0F87 B9000000  JA StarCraf.004DFF37
004DFE7E  |. 8BC6           MOV EAX,ESI
004DFE80  |. 83C0 03        ADD EAX,3
004DFE83  |. 83E0 FC        AND EAX,FFFFFFFC
004DFE86  |. E8 F55FF2FF    CALL StarCraf.00405E80
004DFE8B  |. 8B45 FC        MOV EAX,DWORD PTR SS:[EBP-4]
004DFE8E  |. 8BFC           MOV EDI,ESP
004DFE90  |. 8D55 E8        LEA EDX,DWORD PTR SS:[EBP-18]
004DFE93  |. 52             PUSH EDX                                 ; /pRetLen
004DFE94  |. 56             PUSH ESI                                 ; |BufSize
004DFE95  |. 57             PUSH EDI                                 ; |Buffer
004DFE96  |. 6A 01          PUSH 1                                   ; |InfoClass = TokenUser
004DFE98  |. 50             PUSH EAX                                 ; |hToken
004DFE99  |. FF15 20E04F00  CALL DWORD PTR DS:[<&ADVAPI32.GetTokenIn>; \GetTokenInformation
004DFE9F  |. 85C0           TEST EAX,EAX
004DFEA1  |. 0F84 90000000  JE StarCraf.004DFF37
004DFEA7  |. 6A 02          PUSH 2
004DFEA9  |. 68 00020000    PUSH 200
004DFEAE  |. 8D8D E4FDFFFF  LEA ECX,DWORD PTR SS:[EBP-21C]
004DFEB4  |. 51             PUSH ECX
004DFEB5  |. FF15 18E04F00  CALL DWORD PTR DS:[<&ADVAPI32.Initialize>;  ADVAPI32.InitializeAcl
004DFEBB  |. 85C0           TEST EAX,EAX
004DFEBD  |. 74 78          JE SHORT StarCraf.004DFF37
004DFEBF  |. 8B55 EC        MOV EDX,DWORD PTR SS:[EBP-14]
004DFEC2  |. 52             PUSH EDX
004DFEC3  |. 68 FA000000    PUSH 0FA
004DFEC8  |. 6A 02          PUSH 2
004DFECA  |. 8D85 E4FDFFFF  LEA EAX,DWORD PTR SS:[EBP-21C]
004DFED0  |. 50             PUSH EAX
004DFED1  |. FF15 1CE04F00  CALL DWORD PTR DS:[<&ADVAPI32.AddAccessD>;  ADVAPI32.AddAccessDeniedAce
004DFED7  |. 85C0           TEST EAX,EAX
004DFED9  |. 74 5C          JE SHORT StarCraf.004DFF37
004DFEDB  |. 8B0F           MOV ECX,DWORD PTR DS:[EDI]
004DFEDD  |. 51             PUSH ECX
004DFEDE  |. 68 01071000    PUSH 100701
004DFEE3  |. 6A 02          PUSH 2
004DFEE5  |. 8D95 E4FDFFFF  LEA EDX,DWORD PTR SS:[EBP-21C]
004DFEEB  |. 52             PUSH EDX
004DFEEC  |. FF15 10E04F00  CALL DWORD PTR DS:[<&ADVAPI32.AddAccessA>;  ADVAPI32.AddAccessAllowedAce
004DFEF2  |. 85C0           TEST EAX,EAX
004DFEF4  |. 74 41          JE SHORT StarCraf.004DFF37
004DFEF6  |. 68 54F84F00    PUSH StarCraf.004FF854                   ; /pModule = "advapi32.dll"
004DFEFB  |. FF15 38E24F00  CALL DWORD PTR DS:[<&KERNEL32.GetModuleH>; \GetModuleHandleA
004DFF01  |. 3BC3           CMP EAX,EBX
004DFF03  |. 74 32          JE SHORT StarCraf.004DFF37
004DFF05  |. 68 44F84F00    PUSH StarCraf.004FF844                   ; /ProcNameOrOrdinal = "SetSecurityInfo"
004DFF0A  |. 50             PUSH EAX                                 ; |hModule
004DFF0B  |. FF15 44E24F00  CALL DWORD PTR DS:[<&KERNEL32.GetProcAdd>; \GetProcAddress
004DFF11  |. 3BC3           CMP EAX,EBX
004DFF13  |. 74 22          JE SHORT StarCraf.004DFF37
004DFF15  |. 8B55 E4        MOV EDX,DWORD PTR SS:[EBP-1C]
004DFF18  |. 53             PUSH EBX
004DFF19  |. 8D8D E4FDFFFF  LEA ECX,DWORD PTR SS:[EBP-21C]
004DFF1F  |. 51             PUSH ECX
004DFF20  |. 53             PUSH EBX
004DFF21  |. 53             PUSH EBX
004DFF22  |. 68 04000080    PUSH 80000004
004DFF27  |. 6A 06          PUSH 6
004DFF29  |. 52             PUSH EDX
004DFF2A  |. FFD0           CALL EAX
004DFF2C  |. 85C0           TEST EAX,EAX
004DFF2E  |. 75 07          JNZ SHORT StarCraf.004DFF37
004DFF30  |. C745 F0 010000>MOV DWORD PTR SS:[EBP-10],1
004DFF37  |> 8B45 FC        MOV EAX,DWORD PTR SS:[EBP-4]
004DFF3A  |. 3BC3           CMP EAX,EBX
004DFF3C  |. 74 07          JE SHORT StarCraf.004DFF45
004DFF3E  |. 50             PUSH EAX                                 ; /hObject
004DFF3F  |. FF15 18E14F00  CALL DWORD PTR DS:[<&KERNEL32.CloseHandl>; \CloseHandle
004DFF45  |> 8B45 EC        MOV EAX,DWORD PTR SS:[EBP-14]
004DFF48  |. 3BC3           CMP EAX,EBX
004DFF4A  |. 74 07          JE SHORT StarCraf.004DFF53
004DFF4C  |. 50             PUSH EAX                                 ; /pSID
004DFF4D  |. FF15 0CE04F00  CALL DWORD PTR DS:[<&ADVAPI32.FreeSid>]  ; \FreeSid
004DFF53  |> 8B45 F0        MOV EAX,DWORD PTR SS:[EBP-10]
004DFF56  |. 8DA5 D8FDFFFF  LEA ESP,DWORD PTR SS:[EBP-228]
004DFF5C  |. 5F             POP EDI
004DFF5D  |. 5E             POP ESI
004DFF5E  |. 5B             POP EBX
004DFF5F  |. 8BE5           MOV ESP,EBP
004DFF61  |. 5D             POP EBP
004DFF62  \. C3             RETN
Set Text Color Channel Names / Game Names:
Code:
00449F66  |. 68 FFFFFF00    PUSH 0FFFFFF                             ; /Color = <WHITE>
00449F6B  |. 50             PUSH EAX                                 ; |hDC
00449F6C  |. 83E7 01        AND EDI,1                                ; |
00449F6F  |. FFD3           CALL EBX                                 ; \SetTextColor
Check For Mult Instances:
Code:
004DFF74  |. 68 C8F84F00    PUSH StarCraf.004FF8C8                   ; /EventName = "Starcraft Check For Other Instances"
004DFF79  |. 6A 00          PUSH 0                                   ; |InitiallySignaled = FALSE
004DFF7B  |. 6A 00          PUSH 0                                   ; |ManualReset = FALSE
004DFF7D  |. 6A 00          PUSH 0                                   ; |pSecurity = NULL
004DFF7F  |. FF15 10E14F00  CALL DWORD PTR DS:[<&KERNEL32.CreateEven>; \CreateEventA
__________________
Quote:
Originally Posted by 707 View Post
Gotta throw the magnums down on the counter, and be like yeeeeah bitch.
we pop bitchez wit r gatz klub:
LCS, 707, BELPHEGOR

YEEEEEEEH BITCH

Quote:
Gorgy: so whats the new klub
Gorgy: poppin bitchez wit ur gat
707: WE GOT DICKS LIKE JESUS, SO WE GOTTA SPORT THE MAGS, AND BE LIKE YEEEEH BITCH
LCSBSSRHXXX 15 0FF11|\|3  

Old 08-22-2007, 03:39 AM   #3 (permalink)
ghostboy78

Disciple
 
ghostboy78's Avatar
 
Join Date: Dec 2005
Location: Oak Harbor, Washington
Posts: 504
ghostboy78 is on a distinguished road
Send a message via MSN to ghostboy78
Default
Heres what i found...

0048CE60 - Starcrafts Text Function
19044EA8 - Holds in-game user name (spoofer :P)
004D9010 - Removes chat from screen function.
00596870 - 1 = Host 0 = Not Host
004512D8 - Host Hack
00596814 - Holds host name
ghostboy78 15 0FF11|\|3  

Old 08-22-2007, 02:16 PM   #4 (permalink)
ulliklliwi

Disciple
 
ulliklliwi's Avatar
 
Join Date: May 2007
Location: The Code Cave after the JMP Gate
Posts: 546
ulliklliwi has a spectacular aura about
Send a message via MSN to ulliklliwi
Default
57EEEB - In pre-game lobby Player name Array ( just add 0x24 for next player)
57EEE4 - In pre-game lobby Player ID (Add 0x24 for next ID)
48CE60 - In Game Client-side print TEXT
4F2EC0 - In Game Sends Text
4512D8 - Host Hack (NOP 2 Bytes)
4B8BB0 - In pre-game lobby Client-side text display
470BD0 - In pre game lobby Text send Function
48A0F7 - Stay alive (NOP 5 Bytes)- if u loss
48A0F2- Stay alive (NOP 5 Bytes) - if u won/draw
4B95F4 - Start game without ppl
45022D - Download Stats (NOP 9 Bytes)
4A2FF7 - NULL Drop Timer
66FE10 - Whos host of the game in pre-game lobby
Last edited by ulliklliwi : 08-23-2007 at 01:47 PM.
ulliklliwi 15 0FF11|\|3  

Old 08-30-2007, 01:45 AM   #5 (permalink)
ghostboy78

Disciple
 
ghostboy78's Avatar
 
Join Date: Dec 2005
Location: Oak Harbor, Washington
Posts: 504
ghostboy78 is on a distinguished road
Send a message via MSN to ghostboy78
Default
Code:
void CreateUnit(DWORD Y, DWORD X, DWORD UNITID)
{
	const int BWFXN_CreateUnit = 0x4A0770;

	__asm
	{
		mov eax,Y
		push eax
		mov ecx,X
		push ecx
		mov edi,UNITID
		push edi
		call dword ptr ds:[BWFXN_CreateUnit]
	}
}
This code IS VERY UNSTABLE, it creates units. The problem is the only units is does create are black units that you cant control! But o well i thought i'd release this anyway I guess its not mine but here :D (its not mine but i did go through the work of finding this.

use decimal for the parameters, NOT HEX. (12,12,12) will work
Last edited by ghostboy78 : 08-30-2007 at 06:49 PM.
ghostboy78 15 0FF11|\|3  

Old 08-30-2007, 11:04 PM   #6 (permalink)
ghostboy78

Disciple
 
ghostboy78's Avatar
 
Join Date: Dec 2005
Location: Oak Harbor, Washington
Posts: 504
ghostboy78 is on a distinguished road
Send a message via MSN to ghostboy78
Default
0057F0D8 = Player 1 Minerals
0057F0DC = Player 2 Minerals
0057F0E0 = Player 3 Minerals
0057F0E4 = Player 4 Minerals
0057F0E8 = Player 5 Minerals
0057F0EC = Player 6 Minerals
0057F0F0 = Player 7 Minerals
0057F0F4 = Player 8 Minerals

Edit: Yes it does :P
Last edited by ghostboy78 : 08-30-2007 at 11:18 PM.
ghostboy78 15 0FF11|\|3  

Old 08-31-2007, 05:30 AM   #7 (permalink)
bLueStar
Banned

Deviant
 
bLueStar's Avatar
 
Join Date: Jun 2007
Location: Quebec, Canada
Posts: 123
bLueStar is an unknown quantity at this point
Default
Units block in memory are 336 bytes containing all info(X position , y position, direction, landing point, action, unit type, unit player id.........)

0x00628443

You must read backward, 336 bytes of distance between each unit

Units include ressource, neutral unit, player unit, player building, Special object like mineral chunk and crystaline

From what i remember, the 0xE4 0x00 0xE4 0x00 0xE4 0x00 0xE4 0x00 0xE4
are the 5 spot in a building for unit building. Even units such as a scv have those(would that be possible to make units from units ?). well i have made a Fenix out of a gateway using this function(single player of course)

Have fun exploring those chunk of huge information about the heart of the game.

Edit : Simple reason why you need to read backward : When a chunk is added, the whole stuff is expanding by its begining. The pointer at the very end is never moving.
Last edited by bLueStar : 08-31-2007 at 05:33 AM. Reason: Forgot to mention something... Damn sorry for the other post i tryed to edit -.- am a noob
bLueStar 15 0FF11|\|3  

Old 09-11-2007, 08:41 PM   #8 (permalink)
Chaoschild91

Zealot
 
Chaoschild91's Avatar
 
Join Date: Jun 2005
Posts: 740
Chaoschild91 will become famous soon enough
Send a message via AIM to Chaoschild91 Send a message via MSN to Chaoschild91 Send a message via Yahoo to Chaoschild91
Default
0058DC28=Switch 1(0=clear, 1=set)


Will edit post and post other switches.

EDIT: =( doesn't work online sadly, just checked. Thought it would desync and it did....though it can work as a game disconnect.
__________________
7 ****ing nubs in a game...7 ****ing nubs, boot one out, ban his ass 6 ****ing nubs in a game...
Last edited by Chaoschild91 : 09-11-2007 at 08:47 PM.
Chaoschild91 15 0FF11|\|3  

Old 09-11-2007, 10:47 PM   #9 (permalink)
Jiggie=#1

Advocate
 
Jiggie=#1's Avatar
 
Join Date: Jul 2006
Location: Cream
Posts: 304
Jiggie=#1 is on a distinguished road
Default
Code:
IssueCommand 4858F0
CancelUnit 423480
PrintXY 4202A0 
SetFont 41FB20
 Small  6CE0DC
 Normal 6CE0E0
 Large  6CE0E4
 Huge   6CE0E8
__________________
Jiggie=#1 15 0FF11|\|3  

Old 09-18-2007, 03:53 AM   #10 (permalink)
pnaimoli

Heretic
 
Join Date: Jul 2007
Location: Cambridge
Posts: 13
pnaimoli is on a distinguished road
Default
Quote:
Originally Posted by bLueStar View Post
Units block in memory are 336 bytes containing all info(X position , y position, direction, landing point, action, unit type, unit player id.........)

0x00628443

You must read backward, 336 bytes of distance between each unit
I'm getting 0x00628280 as the location of the first unit... where are you getting 0x00628443 from??
pnaimoli 15 0FF11|\|3  

Old 09-18-2007, 07:03 AM   #11 (permalink)
ulliklliwi

Disciple
 
ulliklliwi's Avatar
 
Join Date: May 2007
Location: The Code Cave after the JMP Gate
Posts: 546
ulliklliwi has a spectacular aura about
Send a message via MSN to ulliklliwi
Default
Quote:
Originally Posted by bLueStar View Post
Units block in memory are 336 bytes containing all info(X position , y position, direction, landing point, action, unit type, unit player id.........)
sry to say buddy, but unit blocks are from 336 bytes and or 672 bytes
ulliklliwi 15 0FF11|\|3  

Old 09-19-2007, 01:25 AM   #12 (permalink)
nilphase

Heretic
 
nilphase's Avatar
 
Join Date: Jul 2005
Location: [._.]
Posts: 10
nilphase is on a distinguished road
Default
The title of this thread includes Notes. So here is my notes about what I dug up from the unit info block.

Quick Facts:
  • I belive the highest address of the beginning of a unit info block is 628280.
  • Sometimes the first unit can be located at 59CC90 (instead of 628280)
  • I also believe the length of each unit info block is 336 bytes. (But I can be wrong.)

!! Hit points is actually 9 bytes off the beginning of the block.
But I find it easier to first locate the HP of a unit and then calculate the offsets. (In other words, the address of HP - 9 is the actual beginning of a unit info block).

!! Question marks indicate... questions. , and uncertainty, too.

PHP Code:
0000  signed?    WORD    hit points
0007  unsigned?  WORD    destination x
0009  unsigned?  WORD    destination y
000F  unsigned?  WORD    next path node? - (?1)
0011  unsigned?  WORD    next path node? - (?1)
0013  unsigned?  WORD    next path node? - (?1)
0015  unsigned?  WORD    next path node? - (?1)
001F  unsigned?  WORD    current position? - (?1)
0021  unsigned?  WORD    current position? - (?1)
0024  unsigned?  WORD    current position? - (?1