[Information] Battlefield 2 Patch 1.5 Offsets [ON+OFF]

**KorUpt** · 03-07-2010, 11:00 PM

I know there are already threads dedicated to bf2 offsets, But i got few pm's Requesting the offsets that are not found when most people use the old sig file on Uc downloads to find them quickly

SO i have used the sig file on uc downloads for bf2
and found the missing address's are here they are both on and off

Code:

RENDDX9 = 04040000
BF2Base =  400000

MINIMAP OFF
007786D9   75 0C            JNZ SHORT BF2.007786E7
007786FF   75 0C            JNZ SHORT BF2.0077870D
00778725   0F84 1B010000    JE BF2.00778846
007787B5   75 0C            JNZ SHORT BF2.007787C3
007787DB   75 09            JNZ SHORT BF2.007787E6
007787FE   74 46            JE SHORT BF2.00778846
007836F9   75 06            JNZ SHORT BF2.00783701


ON
007786D9   74 0C            JE SHORT BF2.007786E7
007786FF   74 0C            JESHORT BF2.0077870D
00778725   0F85 1B010000    JNZ BF2.00778846
007787B5   74 0C            JE SHORT BF2.007787C3
007787DB   74 09            JE SHORT BF2.007787E6
007787FE   75 46            JNZ SHORT BF2.00778846
007836F9   74 06            JE SHORT BF2.00783701


Nametags Off
0416EDCD   0F84 18010000    JE RendDX9.0416EEEB
0416EDE3   0F84 02010000    JE RendDX9.0416EEEB
0416EDF2   0F85 F3000000    JNZ RendDX9.0416EEEB

ON
0416EDCD   0F85 18010000    JNZ RendDX9.0416EEEB
0416EDE3   0F85 02010000    JNZ RendDX9.0416EEEB
0416EDF2   0F84 F3000000    JE RendDX9.0416EEEB


PLayer dist OFF
04170363   74 70            JE SHORT RendDX9.041703D5

ON
04170363   75 70            JNZ SHORT RendDX9.041703D5

Nothing special, Have not tested throughly But from quick check while i was debugging with Olly
they work all fine, Anyone wants to add to list just post i will update this post

EDIT : This is a list of offsets including some from above

Code:

Minimap1 =  dwBF2Base + 0x3786D9 ;  

Minimap2 =  dwBF2Base + 0x3786FF ;  

Minimap3 =  dwBF2Base + 0x378725 ;  

Minimap4 =  dwBF2Base + 0x3787B5 ;  

Minimap5 =  dwBF2Base + 0x3787DB ;  

Minimap6 =  dwBF2Base + 0x3787FE ;  

Minimap7 =  dwBF2Base + 0x378818 ;  

Minimap8 =  dwBF2Base + 0x3836F9 ;  

Distance2Player =  dwRendDx9Base + 0x130363 ;  

3DMap =  dwRendDx9Base + 0x12E73D ;  

EnemyMines =  dwRendDx9Base + 0x12EA91 ;  

RadarBridgesIcons =  dwRendDx9Base + 0x1309F9 ;  

HealthArmor1 =  dwRendDx9Base + 0x1B394D ;  

HealthArmor2 =  dwRendDx9Base + 0x1B3A7E ;  

HealthArmor3 =  dwRendDx9Base + 0x1B3ACC ;  

KitIcons1 =  dwRendDx9Base + 0x12E28A ;  

KitIcons2 =  dwRendDx9Base + 0x12E2D1 ;  

KitIcons3 =  dwRendDx9Base + 0x12E2F0 ;  

LockCrosshair =  dwBF2Base + 0x20B135 ;  

Shellshock =  dwRendDx9Base + 0x4F935 ;  

TearGas =  dwRendDx9Base + 0x4FB02 ;   dwRendDx9Base + 0x4FB42 ;  

NightVision =  dwRendDx9Base + 0x4E754 ;  

ViewDistanceAddy =  dwBF2Base + 0xB1D50 ;   dwRendDx9Base + 0x111E0 ;  

TeamAddy =  dwBF2Base + 0x104AC0 ;  

Artillery =  dwBF2Base + 0x392A48 ;  

Supply =  dwBF2Base + 0x3B2941 ;  

ForceCommander2 =  dwBF2Base + 0x358A05 ;   dwRendDx9Base + 0xCADB5 ;  

ForceCommander3 =  dwBF2Base + 0x358A18 ;  

ResignCommander =  dwBF2Base + 0xE9360 ;  

SquadHijack =  dwBF2Base + 0xE8B65 ;  

MinimapKits1 =  dwBF2Base + 0x383B57 ;  

MinimapKits2 =  dwBF2Base + 0x383C52 ;  

Ammo =  dwBF2Base + 0x222E86 ;  

Stamina =  dwBF2Base + 0x26E8C1 ;   dwBF2Base + 0x26E943 ;  

GodMode/healthloss =  dwBF2Base + 0x288AE3 ;  

No water =  dwRendDx9Base + 0x2EBFB ;  

No Fog =  dwRendDx9Base + 0x506F9 ;  

No Recoil =  dwBF2Base + 0x208D06 ;

- PATCH 1.5

Enjoy,
Korupt

vendravi · 03-08-2010, 01:33 PM

how can i create a trainer with these adresses? with delphi?

**KorUpt** · 03-08-2010, 08:33 PM

Quote:

int Writted = 0;
int Nop = 0x90,0x90;

/No fog example
WriteProcessMemory(hProcess, (LPVOID) 0x04170363, &Nop, sizeof(Nop), &Writted);

U can use simple write Process memory in delphi, haven't used delphi much so google might be your best help.

EDIT : Updated post above with some more offsets

XvenDeR · 03-12-2010, 12:32 AM

Do it is posible to inject it with CheatEngine?

**KorUpt** · 03-15-2010, 06:33 AM

I used OllyDBG to get offset

use em how ever u know how to but dont expect someone to explain howto constantly throughout every topic

JasonDelife · 04-02-2010, 01:02 PM

Hello everyone.
I have a problem with this offset:

Quote:

Originally Posted by KorUpt

GodMode/healthloss = dwBF2Base + 0x288AE3 ;

I use Cheat Engine to replace the instructions with NOPs.
It works, the game doesn't crash and I don't die.
But even nobody dies, not the bots in my team, not the enemies.
Do you have the same problem?
Is it perhaps not the right instruction?

Regards JasonDelife.

**KorUpt** · 04-07-2010, 02:30 PM

Correct that may be the case, Why not See what is calling dwBF2Base + 0x288AE3 ;
or what that is calling and go from there
Also i wouldn't just NOP it.

I have forgot what it shows in OllyDBG for that offset

If you copy it here i will check it and see if i can help,Don't currently have bf2 running to debug
will debug later if some offsets need double checking

Don't forget dont just write to 0x288AE3 Its Bf2Base + 0x288AE3

JasonDelife · 04-07-2010, 07:37 PM

Thanks for your answer.
OllyDbg shows

Code:

MOV DWORD PTR DS:[EDI+10], EAX

I found three references to the procedure of BF2Base + 0x288AE3.
If I "NOPped" this one, it has the same effect like NOPping BF2Base + 0x288AE3.

Code:

BF2Base + 0x2898B3

One did nothing and the other one crashed BF2.
And, what would you do instead of filling with NOPs?
(Sorry for that stupid question but I'm pretty new in that, usually I write in high level languages)

Regards JasonDelife.

**TehExploit** · 10-17-2010, 02:58 AM

Sorry for the bump.

Im new to this and am trying to make a simple nametag hack, at this point i dont care if its detected or not. Just trying to get a proof of concept kind of thing going.

Quote:

Originally Posted by KorUpt

Code:

Nametags Off
0416EDCD   0F84 18010000    JE RendDX9.0416EEEB
0416EDE3   0F84 02010000    JE RendDX9.0416EEEB
0416EDF2   0F85 F3000000    JNZ RendDX9.0416EEEB

ON
0416EDCD   0F85 18010000    JNZ RendDX9.0416EEEB
0416EDE3   0F85 02010000    JNZ RendDX9.0416EEEB
0416EDF2   0F84 F3000000    JE RendDX9.0416EEEB

I am wondering how do i convert the above code to this: ( Got this from an old source here)

Code:

BYTE Tag[6] = {0xE9, 0xF4, 0x00, 0x00, 0x00, 0x90};

I know c++ enough to make a dll. I know how to use ollydbg, ie: finding and using the renddx9 base + Offset. Ive been trying to figure this out for about 2 weeks and have come for help.

Thanks.

**leopard** · 10-17-2010, 09:55 AM

Put this in your profile.con folder and you done

NameTags.MaxEnemyDistance 999999
NameTags.EnemyDotLimit 0
NameTags.EnemyTagDelayTime 0
NameTags.EnemyTagFadeInTime 0
NameTags.EnemyTagFadeOutTime 999999

**disavow** · 10-17-2010, 10:02 AM

Quote:

Originally Posted by TehExploit

Sorry for the bump.

Im new to this and am trying to make a simple nametag hack, at this point i dont care if its detected or not. Just trying to get a proof of concept kind of thing going.

I am wondering how do i convert the above code to this: ( Got this from an old source here)

Code:

BYTE Tag[6] = {0xE9, 0xF4, 0x00, 0x00, 0x00, 0x90};

I know c++ enough to make a dll. I know how to use ollydbg, ie: finding and using the renddx9 base + Offset. Ive been trying to figure this out for about 2 weeks and have come for help.

Thanks.

Learning basic assembly would do you wonders of good.
The second row are bytes.

daavve · 10-17-2010, 10:33 AM

Quote:

Originally Posted by leopard

Put this in your profile.con folder and you done

NameTags.MaxEnemyDistance 999999
NameTags.EnemyDotLimit 0
NameTags.EnemyTagDelayTime 0
NameTags.EnemyTagFadeInTime 0
NameTags.EnemyTagFadeOutTime 999999

thats detected, i got banned using that.

**leopard** · 10-17-2010, 06:27 PM

Quote:

Originally Posted by daavve

thats detected, i got banned using that.

NO thats not detected,maby by Admin bot not for punkbusterd

**Freeheadshot** · 10-18-2010, 01:15 PM

Maybe u got busted because of punkbusterscreenshots, but this is 100% not dedected

**HOOAH07** · 10-18-2010, 04:27 PM

Quote:

Originally Posted by daavve

thats detected, i got banned using that.

what was the ban/kick?

**shrooms** · 10-19-2010, 05:34 AM

Excuse me sir, but what the fk are you doing?

opsearch result:

Code:

EnemyTags1 = Not Found!
EnemyTags2 =  dwRendDX9Base + 0x12DEC3 ;  
EnemyTags3 =  dwRendDX9Base + 0x12DED2 ;

I'm pretty sure I have latest patch 1.5
BF2_Patch_1.50.exe

Here is name tags

PHP Code:

  void NameTagCheat(bool status)
{
    if ( status )
    {
        unsigned char NameTags[6] = { 0xE9, 0x19, 0x01, 0x00, 0x00, 0x00};
        patch((( DWORD )GetModuleHandle(L"RendDX9.dll") + 0x12EAAD),&NameTags, 6);
    } else {
        unsigned char NameTagsOff[6] = { 0x0F, 0x84, 0x18, 0x01, 0x00, 0x00};
        patch((( DWORD )GetModuleHandle(L"RendDX9.dll") + 0x12EAAD),&NameTagsOff, 6);
    }
}

inb4: "hay bro use ida"

basrah · 11-07-2010, 03:18 AM

OpSearcher by Kosire
Searched:
FileName: bfoclient.exe
BaseAddress: 400000
ModuleSize: 6A9000
FileName: RendDX9.dll
Started: 2010-11-03 오전 6

13

----------------------------------------

//For Battlefield 2
//Signature File Created for OpSearcher by: Chaotik
//OpSearcher Coded by: Kosire
//Addresses Credited to: Kosire, Chaotik, Sparten, Captain Cox, Dubbls, Muhko, Spontaneous, Pizza Pan, Faldo and MPC
//Updated: Patch 1.2 21/02/06
Minimap1 = Not Found!
Minimap2 = Not Found!
Minimap3 = Not Found!
Minimap4 = Not Found!
Minimap5 = Not Found!
Minimap6 = Not Found!
Minimap7 = Not Found!
MinimapKits = Not Found!
EnemyTags1 = Not Found!
EnemyTags2 = dwRendDX9Base + 0x12CC73 ;
EnemyTags3 = dwRendDX9Base + 0x12CC82 ;
EnemyTagsNoFadeDelay = dwRendDX9Base + 0x12AECD ;
Distance2Player = dwRendDX9Base + 0x12E1F3 ;
3DMap = dwRendDX9Base + 0x12C5CD ;
EnemyMines = dwRendDX9Base + 0x12C921 ;
RadarBridgesIcons = dwRendDX9Base + 0x12E889 ;
HealthArmor1 = dwRendDX9Base + 0x1B15CD ;
HealthArmor2 = dwRendDX9Base + 0x1B16FE ;
HealthArmor3 = Not Found!
KitIcons1 = dwRendDX9Base + 0x12C11A ;
KitIcons2 = dwRendDX9Base + 0x12C161 ;
KitIcons3 = Not Found!
LockCrosshair = Not Found!
TVGuidedStatic = Not Found!
Shellshock = dwRendDX9Base + 0x4E065 ;
FlashBang = Not Found!
TearGas = dwRendDX9Base + 0x4E232 ; dwRendDX9Base + 0x4E272 ;
NightVision = dwRendDX9Base + 0x4CE54 ;
//Code Cave Changes
ViewDistanceAddy = dwRendDX9Base + 0x10600 ;
NoFogAddy = dwRendDX9Base + 0x4EE29 ;
TeamAddy = Not Found!

----------------------------------------

Found 16/31 with 0 Error(s)
OpSearcher
(c) 2006 Kosire

**HOOAH07** · 11-08-2010, 11:28 AM

no calling people, guys keep it on topic please

**shrooms** · 11-08-2010, 11:18 PM

Thanks for deleting my post. Way to be a good moderator and leave the guy who posted something that is completely incorrect.

**HOOAH07** · 11-08-2010, 11:54 PM

Quote:

Originally Posted by shrooms

Thanks for deleting my post. Way to be a good moderator and leave the guy who posted something that is completely incorrect.

it may be incorrect but he didn't diss you like you dissed him

also keep to the topic,
me deleting your post could have been as simple as you sending me a PM