General Coding
* CoD WaW Offsets (v1.1) Code:
cg_t = 0x95EA60
cgs_t = 0x95A488
centity_t = 0xA5F610
clientInfo_t = 0xA4543C
ViewAnglesX = 0xF39F38
ViewAnglesY = 0xF39F34
R_RenderScene = 0x6AB260
R_RegisterFont = 0x6AE740
R_RegisterShader = 0x6AF470
R_DrawStretchPic = 0x6B0F50
R_DrawString = 0x6B1500
CG_Init = 0x454BF0
CG_Shutdown = 0x455800
CG_Trace = 0x480A20
CG_Obituary = 0x448840
CG_Error = 0x55B1A0
SendConsoleCommand = 0x5558D0
Com_Printf = 0x55A8D0
unsigned char nor_Recoil[2] = { 0x74, 0x05 }; // Original Bytes
unsigned char my_Recoil[2] = { 0x75, 0x05 };
void RemoveRecoil( )
{
DWORD dwRecoil = 0x47D515;
WriteProcessMemory( GetCurrentProcess(), ( void* )dwRecoil, &my_Recoil, sizeof( my_Recoil ), 0 );
}
unsigned char nor_Dvars[4] = { 0x80, 0x7A, 0x0C, 0x00 }; // Original Bytes
unsigned char my_Dvars[4] = { 0x80, 0x7A, 0x0C, 0x01 };
void UnlockDvars( )
{
DWORD dwUnlock = 0x5BB4EA;
WriteProcessMemory( GetCurrentProcess(), ( void* )dwUnlock, &my_Dvars, sizeof( my_Dvars ), 0 );
}
* Class + Function offsets (v1.1) Code:
RenderScene = 0x6A77E0
CG_Init = 0x454590
CG_GetFont = 0x6ABE20
CG_DrawString = 0x6ADA80
CG_PredictPlayerState = 0x4600A0
CG_EchoToConsole = 0x558E70
CG_DvarSet = 0x5B8750
CG_DrawPlayerESP = 0x43CC60
CG_BoxTrace = 0x4142F0
CG_Trace = 0x4801D0
CG_DvarCreate = 0x5B9B50
CG_MapRestart = 0x46B0B2
CL_Shutdown = 0x496410
Patch_DrawEspPlayingTest = 0x43CC8D
R_Init = 0x69C140
R_RegisterGraphics = 0x451E90
CG_t = 0x9599E0
CGS_t = 0x955400
RefDef_t = 0x9B046C
cClientInfo = 0xA403BC
centity_t = 0xA5A588
IsInGame = 0x959A04
Direct3DCreate9 = 0x71DCDE
D3DXCompileShader = 0x71DCE4
DirectSoundCreate8 = 0x71DCEA
DirectSoundCaptureCreate = 0x71DCF0
Code:
typedef struct {
char* cod5Version;
DWORD cod5Crc;
DWORD R_RenderScene;
DWORD R_RegisterFont;
DWORD R_DrawString;
DWORD R_RegisterShader;
DWORD R_DrawStretchPic;
DWORD Recoil; ( From 0x74 to 0x75 )
DWORD structCG;
DWORD structCGS;
DWORD structCent;
DWORD structCI;
DWORD structWeap;
DWORD CG_Trace;
DWORD ViewAnglesX;
DWORD ViewAnglesY;
DWORD Com_Frame;
DWORD DvarUnlock; ( From 0x80, 0x79, 0x0C, 0x00 to 0x80, 0x79, 0x0C, 0x01 )
DWORD wallHack;
DWORD CG_Obituary;
DWORD CG_Init;
DWORD CG_Shutdown;
DWORD SendCommand;
DWORD Printf;
DWORD pServ;
DWORD pServName;
DWORD Error;
DWORD ShellShock;
DWORD Fog;
} codGameOffsets_t;
const static codGameOffsets_t cod5GameOffsets[] = {
{ "CoD:WaW v1 Beta", 0x952CC44D, // CRC
0x6A77E0, // RenderScene
0x6ABE20, // RegisterFont
0x6ADA80, // DrawString
0x6AB5F0, // RegisterShader
0x5F65F0, // DrawStretchPic
0x47CD45, // WeaponFireRecoil
0x9599E0, // structCG ( cg_t )
0x955400, // structCGS ( cgs_t )
0xA5A588, // structCent ( centity_t )
0xA403BC, // structCI ( clientInfo_t )
0x0, // structWeap ( cg_weapons_t )
0x4801D0, // CG_Trace
0xF34E10, // ViewAnglesX
0xF34E0C, // ViewAnglesY
0x49BB50, // Com_Frame
0x5B88DA, // unlockDvar
0x0, // wallHack
0x448240, // CG_Obituary
0x454590, // CG_Init
0x496410, // CL_Shutdown
0x553E70, // pSendCommand
0x558E70, // comPrintf
0xB9D020, // pServ
0x955440, // pServName
0x559750, // Error
0x0, // ShellShock
0x0, // Fog
},
};
* Entity and Client Info Classes (v1.1) Code:
#define ENTITY_SIZE 0x2BC
#define ENTITY_BASE 0xA5A588
class CEntity
{
public:
char cUnknown0[2]; //0x0000
__int32 nManAlive; //0x0002
char cUnknown1[32]; //0x0006
float LocationX; //0x0026
float LocationY; //0x002A
float LocationZ; //0x002E
float fPitch; //0x0032
float fYaw; //0x0036
char cUnknown2[28]; //0x003A
void * pUnknownPTR1; //0x0056
char cUnknown3[144]; //0x005A
float OLocationX; //0x00EA
float OLocationY; //0x00EE
float OLocationZ; //0x00F2
char cUnknown4[24]; //0x00F6
float ViewPitch; //0x010E
float ViewYaw; //0x0112
float ViewRoll; //0x0116
char cUnknown5[80]; //0x011A
char cUnknown6[20]; //0x016A
float OrgLocationX; //0x017E
float OrgLocationY; //0x0182
float OrgLocationZ; //0x0186
char cUnknown7[24]; //0x018A
float OrgViewPitch; //0x01A2
float OrgViewYaw; //0x01A6
float OrgViewRoll; //0x01AA
char cUnknown8[270]; //0x01AE
};
This is centity class with the correct size:
PHP Code:
class centity_t
{
public:
char unknown0[40]; //0x0000
float X; //0x0028
float Y; //0x002C
float Z; //0x0030
float pitch; //0x0034
float yaw; //0x0038
char unknown60[160]; //0x003C
__int32 PlayerPose; //0x00DC
__int32 eType; //0x00E0
char unknown228[8]; //0x00E4
float pX; //0x00EC
float pY; //0x00F0
float pZ; //0x00F4
char unknown248[24]; //0x00F8
float fPitch; //0x0110
float fYaw; //0x0114
char unknown280[16]; //0x0118
float StrafeVec; //0x0128
char unknown300[12]; //0x012C
__int32 SpeedVec; //0x0138 Goes from 90 to -90
char unknown316[52]; //0x013C
DWORD dwPlayerPose; //0x0170
char unknown372[12]; //0x0174
float cX; //0x0180
float cY; //0x0184
float cZ; //0x0188
char unknown396[24]; //0x018C
float pPitch; //0x01A4
float pYaw; //0x01A8
float pRoll; //0x01AC
char unknown432[12]; //0x01B0
float StrafeVec; //0x01BC goes from - 0.5 (left) to 0.5( right )
char unknown448[12]; //0x01C0
__int32 SpeedVec2; //0x01CC
char unknown464[128]; //0x01D0
__int32 Weapon; //0x0250
char unknown596[8]; //0x0254
__int32 MovingState1; //0x025C
__int32 MovingState2; //0x0260
char unknown612[32]; //0x0264
__int32 SpawnThing; //0x0284 Changes each time you spawn..might be a number of a spawnpoint
char unknown648[48]; //0x0288
DWORD isValid; //0x02B8 (Check if entity is valid/alive)
};//Size=0x02BC(700)
centity_t * Centity = (centity_t*)0xA5A588;
And also here is ClientInfo class with the correct size and offset:
PHP Code:
class CClientInfo
{
public:
DWORD InfoValid; //0x0000
__int32 ClientNum; //0x0004
char unknown8[4]; //0x0008
char PlayerName[16]; //0x000C
char unknown28[16]; //0x001C
__int32 iTeam; //0x002C
__int32 iTeam2; //0x0030
char unknown52[24]; //0x0034
char ClanTag[4]; //0x004C
char unknown80[16]; //0x0050
char BodyModel[32]; //0x0060
char unknown128[32]; //0x0080
char HeadModel[32]; //0x00A0
char unknown192[32]; //0x00C0
char WeaponModel[32]; //0x00E0
char unknown256[352]; //0x0100
char Tag[24]; //0x0260
char unknown632[392]; //0x0278
float SpeedVec; //0x0400 Goes from 90 to -90
float StrafeVec; //0x0404 Goes from -0.5 to 0.5
float Pitch; //0x0408
float Yaw; //0x040C
char unknown1040[140]; //0x0410
DWORD PlayerPose; //0x049C
char unknown1184[20]; //0x04A0
BYTE Shooting; //0x04B4
char unknown1205[7]; //0x04B5
BYTE isZoomed; //0x04BC
char unknown1213[83]; //0x04BD
__int32 WeaponNum; //0x0510
char unknown1300[72]; //0x0514
};//Size=0x055C(1372)
CClientInfo * cClientInfo = ( CClientInfo* )0xA403BC;
I've found a little more information that may help some of your so here it is enjoy or not:
Code:
#define CG_SIZE 0x94
#define CG_BASE 0x9599E0
#define ENTITY_SIZE 0x2BC
#define ENTITY_BASE 0xA5A588
#define REFDEF_BASE 0x9B046C
#define CLIENTINFO_SIZE 0x55C
#define CLIENTINFO_BASE 0xA403BC
The CG_DrawString function is @: 0x6ADA80
and you will need to clean the stack with 0x24
The CG_GetFont function is @: 0x6ABE20
and you will need to clean the stack with 0x10
The RenderScene function is @: 0x6A77E0
Its still a void just hook acordingly
Also here is my current structs the sizes are accurate but some of the placement may be wrong as i havent examined everything very throughly:
Code:
class CEntity
{
public:
char cUnknown0[2]; //0x0000
__int32 nManAlive; //0x0002
char cUnknown1[32]; //0x0006
mVec3 mLocation; //0x0026
mVec3 mRotation; //0x0032
char cUnknown2[162]; //0x003E
__int32 nClientID; //0x00E0
char cUnknown3[472]; //0x00E4
};
//Size=0x02BC(700)
//--------------------------------------------------------------
class CClientInfo
{
public:
char cUnknown0[4]; //0x0000
char cUnknown1[8]; //0x0004
char cPlayerName[16]; //0x000C
char cUnknown2[68]; //0x001C
char cBodyModel[64]; //0x0060
char cHeadModel[64]; //0x00A0
char cWeaponModel[64]; //0x00E0
char cUnknown3[320]; //0x0120
char cModelTag[64]; //0x0260
char cUnknown4[700]; //0x02A0
};
//Size=0x055C(1372)
//--------------------------------------------------------------
class CRefDef
{
public:
char cUnknown0[8]; //0x0000
int ResolutionX; //0x0008
int ResolutionY; //0x000C
float FovX; //0x0010
float FovY; //0x0014
float TotalFov; //0x0018
mVec3 mLocation; //0x001C
char unknown40[4]; //0x0028
mVec9 mViewMatrix;
mVec3 mLocation2;
char unknown88[4]; //0x0058
__int32 nSnapshot; //0x005C
char ID02964C18[80]; //0x0060
float Pitch1; //0x00B0
float Yaw1; //0x00B4
char ID0297CBB0[28]; //0x00B8
char unknown212[4]; //0x00D4
mVec3 mRotation; //0x00D8
mVec3 mLocation3; //0x00E4
float Pitch2; //0x00F0
float Yaw2; //0x00F4
char ID02964CC0[60]; //0x00F8
__int32 nFiring; //0x0134
};
here is stats class and offset..it has'nt changed from cod4:
PHP Code:
class CStats
{
public:
__int32 Current_Xp; //0000
__int32 Current_Score; //0004
__int32 TotalKills; //0008
__int32 Best_KillStreak; //000C
__int32 TotalDeaths; //0010
__int32 Unknown5; //0014
__int32 Assists; //0018
__int32 HeadShots; //001C
__int32 Unknown8; //0020
__int32 GrenadeDeaths; //0024
__int32 Server_Time; //0028 (+4)
__int32 Unknown11; //002C
__int32 Unknown12; //0030
__int32 Snapshot_Num; //0034 (+4)
__int32 KilledBySmth; //0038
__int32 Unknown15; //003C
__int32 Total_Games; //0040
char unknown17[16];
__int32 Total_Hits; //0054
__int32 Total_Bullets_Shot; //0058
__int32 Total_Bullets_Shot2; //005C
__int32 Unknown21; //0060
char unknown22[96];
__int32 Rank; //00C4
__int32 Unknown24; //00C8
__int32 Unknown25; //00CC
__int32 Unknown26; //00D0
char unknown27[192];
__int32 Unknown28; //0194
char unknown2[852];
__int32 Knife_Kills; //04EC
};
CStats* stats = (CStats*)0xF451B08;
Edit: Adding CGS_t class. Maiby this is useful to someone.
PHP Code:
class CGS_t
{
public:
char unknown0[8]; //0x0000
__int32 screen_width; //0x0008
__int32 screen_height //0x000C
char unknown16[4]; //0x0010
__int32 CommandSequence; //0x0014
__int32 SnapShotNum; //0x0018
BYTE IsLocalServer; //0x001C
char unknown29[3]; //0x001D
char GameType[4]; //0x0020
char unknown36[28]; //0x0024
char ServerName[16]; //0x0040
char unknown80[240]; //0x0050
__int32 MaxClients; //0x0140
char MapName[64]; //0x0144
}//Size=0x0184(388)
CGS_t *CGS = (CGS_t*)0x955400;
* Console Class (v1.1) Code:
class CConsole
{
public:
CRender* Renderer; //0x0000
CMotionBlur* MotionBlur; //0x0004
};//Size=0x0008(8)
CConsole *Console = (CConsole*)0x10EF07B8 ;
class CRender
{
public:
char unknown0[12]; //0x0000
__int32 r_fog; //0x000C
char unknown16[140]; //0x0010
__int32 r_normal; //0x009C
char unknown160[68]; //0x00A0
__int32 r_envMapSpecular; //0x00E4
char unknown232[68]; //0x00E8
__int32 r_lightMap; //0x012C
char unknown304[68]; //0x0130
__int32 r_colorMap; //0x0174
char unknown376[68]; //0x0178
__int32 r_normalMap; //0x01BC
char unknown448[68]; //0x01C0
__int32 r_specularMap; //0x0204
char unknown520[228]; //0x0208
__int32 r_useLayeredMaterials; //0x02EC
char unknown752[124]; //0x02F0
__int32 r_resampleScene; //0x036C
char unknown880[68]; //0x0370
__int32 r_showPenetration; //0x03B4
char unknown952[68]; //0x03B8
__int32 r_showPixelCost; //0x03FC
char unknown1024[212]; //0x0400
__int32 r_showLightGrid; //0x04D4
char unknown1240[68]; //0x04D8
__int32 r_showMissingLightGrid; //0x051C
};//Size=0x0520(1312)
class CMotionBlur
{
public:
char unknown0[12]; //0x0000
__int32 r_motionBlurEnable; //0x000C
char unknown16[140]; //0x0010
float r_motionBlur_maxBlur; //0x009C
};//Size=0x00A0(160)
//--------Example-------------------------------------------------------------
Console->Renderer->r_fog = 0; // Removes fog
Console->MotionBlur->r_motionBlurEnable = 0; //Removes blur
* Address for Rank Hack (v1.1) Native Coding (C++)
* No Recoil Source (v1.1)
* Basic ESP Setup
* Weapon / Dog ESP
* Send Command to Console (BETA)
* Nametag Hack (BETA)
DirectX Coding (D3D)
* DirectX Device Pointer (BETA) 
[Information] - Coding/Tutorial Index 
Linear Mode
