Post: [IDA] Offsets Dumper for Ghosts
Options
05-17-2014, 10:56 AM
#1
iMoDz-Baptiste
Do a barrel roll!
Today, I release my offsets dumper for Ghosts.
You need IDA with PS3 Loaders (look in IDC file). I use it since version 1.07 of Ghosts.
For load the file, go in IDA -> File... -> Script file...
Download : You must login or register to view this content.
VirusTotal : You must login or register to view this content.
Credit : Seb5594 for the dump and all others who share the offsets they find.
The following 6 users say thank you to iMoDz-Baptiste for this useful post:
05-26-2014, 02:35 AM
#3
Notorious
Caprisuns Is Back
Originally posted by Baptiste
Hey NGU !
Today, I release my offsets dumper for Ghosts.
You need IDA with PS3 Loaders (look in IDC file). I use it since version 1.07 of Ghosts.
For load the file, go in IDA -> File... -> Script file...
Download : You must login or register to view this content.
VirusTotal : You must login or register to view this content.
Credit : Seb5594 for the dump and all others who share the offsets they find.
Today, I release my offsets dumper for Ghosts.
You need IDA with PS3 Loaders (look in IDC file). I use it since version 1.07 of Ghosts.
For load the file, go in IDA -> File... -> Script file...
Download : You must login or register to view this content.
VirusTotal : You must login or register to view this content.
Credit : Seb5594 for the dump and all others who share the offsets they find.
You could have made this easier if you made a function, like so:
static dumpAddress(name, binary, difference)
{
auto name;
name = FindBinary(name, SEARCH_DOWN, binary);
Message("name : 0x%06X (Double click for the offset)\n", name - difference);
}
static main()
{
dumpAddress("G_Client", "00 80 C6 00 0C 60 DE 00 00 90 DD 05 34", 19);
return 0;
}
Instead of having to repeat the coding everytime.
and you can also rename the function by using: MakeNameEx and stuff like that.
The following user thanked Notorious for this useful post:
05-26-2014, 03:44 AM
#4
iMoDz-Baptiste
Do a barrel roll!
Originally posted by Prime
You could have made this easier if you made a function, like so:
Instead of having to repeat the coding everytime.
and you can also rename the function by using: MakeNameEx and stuff like that.
static dumpAddress(name, binary, difference)
{
auto name;
name = FindBinary(name, SEARCH_DOWN, binary);
Message("name : 0x%06X (Double click for the offset)\n", name - difference);
}
static main()
{
dumpAddress("G_Client", "00 80 C6 00 0C 60 DE 00 00 90 DD 05 34", 19);
return 0;
}
Instead of having to repeat the coding everytime.
and you can also rename the function by using: MakeNameEx and stuff like that.
Thank you for your help.
05-26-2014, 10:25 AM
#5
Bitwise
Mario!
Lol that's not how angles work at all...forward is a origin formula...e-angles have pitch, yaw & roll...
But that IDC script in just terrible...You really should read an IDC documentation...If you want the best experience when creating an IDC script, download my old project. You must login or register to view this content. I gave up working on it, but v0.0.3 is good enough. I deleted my clean script, that did everything with clean as fuck code...but I posted the outdated one on 7s. So I guess you could use this to make your script better...
But that IDC script in just terrible...You really should read an IDC documentation...If you want the best experience when creating an IDC script, download my old project. You must login or register to view this content. I gave up working on it, but v0.0.3 is good enough. I deleted my clean script, that did everything with clean as fuck code...but I posted the outdated one on 7s. So I guess you could use this to make your script better...
// please note : gEntity size is currently wrong, working on fix
#include<idc.idc>
extern function, byte, address, value;
static LabelFunction(name,binary,functionname)
{
for(function=0;function != BADADDR;function = function + 0x04)
{
function = FindBinary(function,SEARCH_DOWN,binary);
Message(".:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@::.\n\nTrying to find function %s with binary ['%s']...\n", name, binary);
Sleep(250);
if(function == BADADDR)
{
Warning("%s could not be found in memory (%08X)\n", name, BADADDR);
break;
}
else
{
//Message("%s\n", GetDisasm(function));
auto math = GetFunctionAttr(function, FUNCATTR_START);
MakeUnknown(math, GetFunctionAttr(math, FUNCATTR_END), 0x00);
SetStatus(1);
MakeCode(math);
MakeFunction(math, GetFunctionAttr(math, FUNCATTR_END));
MakeNameEx(math, name, 0x00);
SetStatus(o);
MakeRptCmt(math, sprintf("%s found in memory at %08X #bitwisehax", name, DecodeInstruction(math).ea));
if(GetCharPrm(INF_COMPILER) != COMP_MS) // Thanks to Dwack
{
SetCharPrm(INF_COMPILER, COMP_MS);
}
SetType(math, sprintf("%s;", functionname));
Jump(math);
SetStatus(1);
Message("%s found in memory (%08X)\nDeclariation:\n\t%s\n\n\n", name, math, GetType(math));
SetStatus(o);
break;
}
}
}
#define ADD 1
#define MINUS 2
#define FIRST_OPERAND 0
#define SECOND_OPERAND 1
#define THIRD_OPERAND 2
#define FORTH_OPERAND 3
#define FITH_OPERAND 4
static GetValue(binary, oper, offset, aom)//GetValue("39 60 00 00", SECOND_OPERAND, 0x539, ADD);
{
for(value=0;value!=BADADDR;value=value+0x04)
{
value = FindBinary(value,SEARCH_DOWN,binary);
if(value == BADADDR || GetOperandValue((aom == ADD) ? value + offset : value - offset, oper) == BADADDR || GetOpType((aom == ADD) ? value + offset : value - offset, oper) == 0)
{
Message("Operand %i at %08X failed...\n", oper + 1, DecodeInstruction(aom == ADD ? value + offset : value - offset).ea);
break;
}
else
{
auto math = (aom == ADD ? value + offset : value - offset);
if(GetOpType(math,oper) == 1) { Message("Operand %i is a GPR! Register is r%i\n", oper + 1, GetOperandValue(math, oper)); }
if(GetOpType(math,oper) == 2) { Message("Operand %i is a Memory Referance! Address is %08X\n", oper + 1, GetOperandValue(math,oper)); }
if(GetOpType(math,oper) >= 5) { Message("Operand %i is an Immediate! Value is %08X\n", oper + 1, GetOperandValue(math, oper)); }
if(GetOpType(math,oper) == 
{ Message("Operand %i is a floating point register! Register is fp%i\n", oper + 1, GetOperandValue(math,oper)); }
return GetOperandValue(math, oper);
break;
}
}
}
static LabelEP(name, binary, aom, offset)
{
for(byte=0;byte != BADADDR;byte = byte + 0x04)
{
byte = FindBinary(byte,SEARCH_DOWN,binary);
if(byte == BADADDR)
{
Warning("%s not found in memory (%08X)\n", name, BADADDR);
break;
}
else
{
auto addr = (aom == 1) ? byte + offset : byte - offset;
if(CheckBpt(addr) == -1 || CheckBpt(addr) == 0)
{
AddBptEx(addr, 0x00, BPT_SOFT);
}
Message("%s found in memory. Jump to %08X and %s will be highlighted with a bp!\n", name, addr);
Jump(addr);
MakeRptCmt(addr, sprintf("%s EP found at %08X (%s is the dword_address or qword_address ect...) #bitwisehax", name, addr));
break;
}
}
}
static getStructureSize(ps)
{
auto test;
for(test=0;test != BADADDR;test = test + 0x04)
{
test = FindBinary(test,SEARCH_DOWN,(ps == "ps") ? "7F A3 EB 78 38 80 00 00 83 6B 00 0C 93 7F 05 34" : "55 07 38 30 38 CB 01 64 7C 67 30 2E 2B 03 00 00");
auto ret = (ps == "ps") ? GetOperandValue(test + 0x60, 2) : atol(sprintf("%X%X0", GetOperandValue(test + 0x8, 2), GetOperandValue(test + 0x12, 2)));
return ret;
}
}
static main()
{
Message("IDC Script created by Bitwise has been executed!\n\nCurrent file that has been disassembled ['%s']\n\n", GetInputFile());
Sleep(1000);
LabelFunction("SV_GameSendServerCommand", " 7D 69 40 2E 7D 43 51 D6 7C 6A 5A 14", "void __cdecl SV_GameSendServerCommand(__int32 clientIndex, unsigned __int32 type, const char*fmt)");
LabelFunction("SV_DropClient", "60 E6 FA 00 7D 69 40 2E 7D 43 31 D6 7C 6A 5A 14", "void __cdecl SV_GameDropClient(__int32 clientIndex, const char*fmt)");
LabelFunction("SV_SendServerCommand", "61 6A 7E 8C 7F FF 8A 14 7D 38 50 2E 7F 13 48 00", "void __cdecl SV_SendServerCommand(__int32 client_s, unsigned int type, const char*fmt)");
LabelFunction("AntiCheat_reportConsoleDetails", "7C 78 1B 78 90 7F 00 F4 7C 94 23 78 7C BD 2B 78", "void __cdecl AntiCheat_reportConsoleDetails(int r3, int r4, int r5, int r6, int r7, int r8, int r9, int r10)");
LabelFunction("AntiCheat_awnserChallenges", "7C 7C 1B 78 90 7F 00 A4 7C 9B 23 78 7C BD 2B 78", "void __cdecl AntiCheat_awnserChallenges(int r3, int r4, int r5, int r6, int r7, int r8, int r9, int r10)");
LabelFunction("AntiCheat_consoleID", "94 21 FF 90 39 60 00 08 7C 7F 1B 78 7C 9E 23 78", "void __cdecl AntiCheat_consoleID(int r3, int r4)");
LabelEP("gentity_s", "55 07 38 30 38 CB 01 64 7C 67 30 2E 2B 03 00 00", MINUS, 0x14);
Message("Structure size: 0x%03X\n", getStructureSize("entity"));
LabelEP("playerState_s", "7F A3 EB 78 38 80 00 00 83 6B 00 0C 93 7F 05 34", MINUS, 0x1; // please note : gEntity size is currently wrong, working on fix
Message("Structure size: 0x%04X\n", getStructureSize("ps"));
//GetValue("7F A3 EB 78 38 80 00 00 83 6B 00 0C 93 7F 05 34",FIRST_OPERAND, 0x18, MINUS);
}
DC Script created by Bitwise has been executed!
Current file that has been disassembled ['ghosts_tu10.xex']
.:@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@::.
Trying to find function SV_GameSendServerCommand with binary [' 7D 69 40 2E 7D 43 51 D6 7C 6A 5A 14']...
SV_GameSendServerCommand found in memory (824D149
Declariation:
void __cdecl(__int32 clientIndex, unsigned __int32 type, const char *fmt)
.:@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@::.
Trying to find function SV_DropClient with binary ['60 E6 FA 00 7D 69 40 2E 7D 43 31 D6 7C 6A 5A 14']...
SV_DropClient found in memory (824D14E
Declariation:
void __cdecl(__int32 clientIndex, const char *fmt)
.:@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@::.
Trying to find function SV_SendServerCommand with binary ['61 6A 7E 8C 7F FF 8A 14 7D 38 50 2E 7F 13 48 00']...
SV_SendServerCommand found in memory (824D781
Declariation:
void __cdecl(__int32 client_s, unsigned int type, const char *fmt)
.:@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@::.
Trying to find function AntiCheat_reportConsoleDetails with binary ['7C 78 1B 78 90 7F 00 F4 7C 94 23 78 7C BD 2B 78']...
AntiCheat_reportConsoleDetails found in memory (827B44E0)
Declariation:
void __cdecl(int r3, int r4, int r5, int r6, int r7, int r8, int r9, int r10)
.:@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@::.
Trying to find function AntiCheat_awnserChallenges with binary ['7C 7C 1B 78 90 7F 00 A4 7C 9B 23 78 7C BD 2B 78']...
AntiCheat_awnserChallenges found in memory (827B429
Declariation:
void __cdecl(int r3, int r4, int r5, int r6, int r7, int r8, int r9, int r10)
.:@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@::.
Trying to find function AntiCheat_consoleID with binary ['94 21 FF 90 39 60 00 08 7C 7F 1B 78 7C 9E 23 78']...
AntiCheat_consoleID found in memory (827B9810)
Declariation:
void __cdecl(int r3, int r4)
gentity_s found in memory. Jump to 8215CD30 and (null) will be highlighted with a bp!
Structure size: 0x006 // wrong need to fix
playerState_s found in memory. Jump to 823EF3A0 and (null) will be highlighted with a bp!
Structure size: 0x3700
Operand 1 is a GPR! Register is r10
Copyright © 2026, NextGenUpdate.
All Rights Reserved.
