Post: Road to Mw3 Unlock All Clients
Options
01-04-2015, 10:37 PM
#1
mrdarkblue
Brute
There are three known ways to do this, some work some don't:
In order worse, better, best:
First: - Cheat protected and currently not working
- using SV_SendServerCommand N
SV_GameSendServerCommand(-1, 1, "N 8209 999999");
Only way to bypass it, is using a PPC script to gain access to this function.
Currently this script is unknown and just a rumour.
For give stats to a player , you must use a function with a specific letter.
N STATID VALUE
The letter N send to player stats , with an ID and a value. This work in private match and system link. The statid is an offset from the playerdata.def.
C++ code ( thx to SC58 )
Basicly this is just the reversed code - SV_GameSendServerCommand(-1, 1, "N 8209 999999");
// This method only works on Ghosts and Advanced Warfare, MW3 got patched when people where doing theater mode prestige glitch as when u watched it, it executed a server command to the client from the video and gave them whatever, but this wasn't a method it was with a cmd using cbuf_addtext that did the rank or whatever it was :p
struct msg_t
{
int overflowed;
int readOnly;
char* data;
char* splitData;
int maxsize;
int cursize;
int splitSize;
int readcount;
int bit;
int lastEntityRef;
int targetLocalNetID;
int useZlib;
};
enum svscmd_type
{
SV_CMD_IGNORE = 0x0,
SV_CMD_RELIABLE = 0x1
};
opd_s SV_SendServerCommandMsg_t = { 0x22D2E4, TOC };
void(*SV_SendServerCommandMsg)(int clientNum, svscmd_type type, msg_t * msg) = (void(*)(int, svscmd_type, msg_t *))&SV_SendServerCommandMsg_t;
opd_s SV_GetClientPersistentDataBuffer_t = { 0x2246A0, TOC };
char *(*SV_GetClientPersistentDataBuffer)(int clientNum) = (char *(*)(int))&SV_GetClientPersistentDataBuffer_t;
char * GetClientCurrentStatValue(int clientNum, int statIndex)
{
return SV_GetClientPersistentDataBuffer(clientNum) + statIndex;
}
msg_t msg;
char msgBuffer[0x400];
void AllocateMsg()
{
memset(msgBuffer, 0, 0x400);
memset(&msg, 0, 0x4
;
}
opd_s MSG_Init_t = { 0x1FBC78, TOC };
void(*MSG_Init)(msg_t *buf, char *data, int length) = (void(*)(msg_t *, char *, int))&MSG_Init_t;
opd_s MSG_WriteByte_t = { 0x1FC0F0, TOC };
void(*MSG_WriteByte)(msg_t *msg, int c) = (void(*)(msg_t *, int))&MSG_WriteByte_t;
opd_s MSG_WriteLong_t = { 0x1FC1D0, TOC };
void(*MSG_WriteLong)(msg_t *msg, int c) = (void(*)(msg_t *, int))&MSG_WriteLong_t;
opd_s MSG_WriteShort_t = { 0x1FC198, TOC };
void(*MSG_WriteShort)(msg_t *msg, int c) = (void(*)(msg_t *, int))&MSG_WriteShort_t;
opd_s MSG_WriteBits_t = { 0x1FBEEC, TOC };
void(*MSG_WriteBits)(msg_t *msg, int value, int bits) = (void(*)(msg_t *, int, int))&MSG_WriteBits_t;
opd_s MSG_WriteData_t = { 0x1FC128, TOC };
void(*MSG_WriteData)(msg_t *buf, const void *data, int length) = (void(*)(msg_t *, const void *, int))&MSG_WriteData_t;
opd_s MSG_WriteString_t = { 0x1FC27C, TOC };
void(*MSG_WriteString)(msg_t *sb, const char *s) = (void(*)(msg_t *, const char *))&MSG_WriteString_t;
int Client_t(int clientNum)
{
return *(int*)0x17BB210 + (0x68B80 * clientNum);
}
void SetStatsInt(int clientNum, int statIndex, int value)
{
AllocateMsg();
MSG_Init(&msg, msgBuffer, 0x400);
MSG_WriteByte(&msg, 0x47);
MSG_WriteShort(&msg, statIndex); // MW3 is Short, Ghosts and Advanced Warfare use MSG_WriteLong
MSG_WriteByte(&msg, sizeof(value));
MSG_WriteBits(&msg, value, 32);
SV_SendServerCommandMsg(Client_t(clientNum), SV_CMD_RELIABLE, &msg);
}
void SetStatsBytes(int clientNum, int statIndex, const void * value)
{
AllocateMsg();
MSG_Init(&msg, msgBuffer, 0x400);
MSG_WriteByte(&msg, 0x47);
MSG_WriteShort(&msg, statIndex);
MSG_WriteByte(&msg, sizeof(value));
MSG_WriteData(&msg, value, sizeof(value));
SV_SendServerCommandMsg(Client_t(clientNum), SV_CMD_RELIABLE, &msg);
}
void SetStatsString(int clientNum, int statIndex, const char * value)
{
AllocateMsg();
MSG_Init(&msg, msgBuffer, 0x400);
MSG_WriteByte(&msg, 0x47);
MSG_WriteShort(&msg, statIndex);
MSG_WriteByte(&msg, strlen(value));
MSG_WriteString(&msg, value);
SV_SendServerCommandMsg(Client_t(clientNum), SV_CMD_RELIABLE, &msg);
}
// SetStatsInt(0, 0xCA8, 10); (Prestige 10)
SV_SendServerCommand(0, "G 3240 0A000");
3240 is the ID , and 0A the value ((hex)0x0A => (dec)10) , so the player will receive the prestige 10.
Mw3 Stats Index:
Dumped by primetime43
String: ac130Ammo105mm
Address: 0x31965764
Value: 11474 (dec)
String: ac130Ammo25mm
Address: 0x31965778
Value: 11476 (dec)
String: ac130Ammo40mm
Address: 0x3196578C
Value: 11475 (dec)
String: accuracy
Address: 0x319657A0
Value: 3376 (dec)
String: assists
Address: 0x319657B4
Value: 3304 (dec)
String: attachmentNew
Address: 0x319657C8
Value: 3785 (dec)
String: attachmentsStats
Address: 0x319657DC
Value: 2252 (dec)
String: awards
Address: 0x319657F0
Value: 8 (dec)
String: bestKills
Address: 0x31965804
Value: 11113 (dec)
String: bestWeapon
Address: 0x31965818
Value: 11125 (dec)
String: bestWeaponIndex
Address: 0x3196582C
Value: 11149 (dec)
String: bestWeaponXP
Address: 0x31965840
Value: 11145 (dec)
String: bests
Address: 0x31965854
Value: 440 (dec)
String: camoNew
Address: 0x31965868
Value: 3577 (dec)
String: captures
Address: 0x3196587C
Value: 3256 (dec)
String: cardIcon
Address: 0x31965890
Value: 10402 (dec)
String: cardNameplate
Address: 0x319658A4
Value: 10410 (dec)
String: cardTitle
Address: 0x319658B8
Value: 10406 (dec)
String: challengeProgress
Address: 0x319658CC
Value: 6958 (dec)
String: challengeState
Address: 0x319658E0
Value: 6103 (dec)
String: challengeTierNew
Address: 0x319658F4
Value: 4122 (dec)
String: challengeXPMaxMultiplierTimePlayed
Address: 0x31965908
Value: 11076 (dec)
String: challengeXPMultiplier
Address: 0x3196591C
Value: 11072 (dec)
String: challengeXPMultiplierTimePlayed
Address: 0x31965930
Value: 11080 (dec)
String: confirmed
Address: 0x31965944
Value: 3280 (dec)
String: connectionIDChunkHigh
Address: 0x31965958
Value: 11157 (dec)
String: connectionIDChunkLow
Address: 0x3196596C
Value: 11153 (dec)
String: *********ChunkHigh
Address: 0x31965980
Value: 11165 (dec)
String: *********ChunkLow
Address: 0x31965994
Value: 11161 (dec)
String: currentWinStreak
Address: 0x319659A8
Value: 3356 (dec)
String: customClasses
Address: 0x319659BC
Value: 4143 (dec)
String: dailyChallengeId
Address: 0x319659D0
Value: 10378 (dec)
String: deathStreak
Address: 0x319659E4
Value: 3300 (dec)
String: deaths
Address: 0x319659F8
Value: 3296 (dec)
String: deathstreakUnlocked
Address: 0x31965A0C
Value: 10964 (dec)
String: defends
Address: 0x31965A20
Value: 3264 (dec)
String: defuses
Address: 0x31965A34
Value: 3272 (dec)
String: denied
Address: 0x31965A48
Value: 3284 (dec)
String: destructions
Address: 0x31965A5C
Value: 3276 (dec)
String: experience
Address: 0x31965A70
Value: 2712 (dec)
String: extraCustomClassesEntitlement
Address: 0x31965A84
Value: 11027 (dec)
String: extraCustomClassesPrestige
Address: 0x31965A98
Value: 11023 (dec)
String: featureNew
Address: 0x31965AAC
Value: 4116 (dec)
String: gamesPlayed
Address: 0x31965AC0
Value: 3252 (dec)
String: headshots
Address: 0x31965AD4
Value: 3308 (dec)
String: hits
Address: 0x31965AE8
Value: 3364 (dec)
String: iconNew
Address: 0x31965AFC
Value: 10700 (dec)
String: iconUnlocked
Address: 0x31965B10
Value: 10444 (dec)
String: kdRatio
Address: 0x31965B24
Value: 3336 (dec)
String: killCamHowKilled
Address: 0x31965B38
Value: 11473 (dec)
String: killStreak
Address: 0x31965B4C
Value: 3292 (dec)
String: kills
Address: 0x31965B60
Value: 3288 (dec)
String: killstreakNew
Address: 0x31965B74
Value: 4135 (dec)
String: killstreakUnlocked
Address: 0x31965B88
Value: 10956 (dec)
String: killstreaksState
Address: 0x31965B9C
Value: 11201 (dec)
String: lastPlayedTime
Address: 0x31965BB0
Value: 3388 (dec)
String: level
Address: 0x31965BC4
Value: 3244 (dec)
String: losses
Address: 0x31965BD8
Value: 3344 (dec)
String: misses
Address: 0x31965BEC
Value: 3368 (dec)
String: money
Address: 0x31965C00
Value: 3380 (dec)
String: mostDeaths
Address: 0x31965C14
Value: 11121 (dec)
String: mostXp
Address: 0x31965C28
Value: 11117 (dec)
String: newEntitlement
Address: 0x31965C3C
Value: 11033 (dec)
String: pastTitleData
Address: 0x31965C50
Value: 11169 (dec)
String: perkNew
Address: 0x31965C64
Value: 4097 (dec)
String: persistentPerksUnlocked
Address: 0x31965C78
Value: 10996 (dec)
String: persistentWeaponsUnlocked
Address: 0x31965C8C
Value: 10983 (dec)
String: plants
Address: 0x31965CA0
Value: 3268 (dec)
String: playerXuidHigh
Address: 0x31965CB4
Value: 11197 (dec)
String: playerXuidLow
Address: 0x31965CC8
Value: 11193 (dec)
String: prestige
Address: 0x31965CDC
Value: 3240 (dec)
String: prestigeDoubleWeaponXp
Address: 0x31965CF0
Value: 88769 (dec)
String: prestigeDoubleWeaponXpMaxTimePlayed
Address: 0x31965D04
Value: 11109 (dec)
String: prestigeDoubleWeaponXpTimePlayed
Address: 0x31965D18
Value: 11105 (dec)
String: prestigeDoubleXp
Address: 0x31965D2C
Value: 88768 (dec)
String: prestigeDoubleXpMaxTimePlayed
Address: 0x31965D40
Value: 11101 (dec)
String: prestigeDoubleXpTimePlayed
Address: 0x31965D54
Value: 11097 (dec)
String: prestigeShopTokens
Address: 0x31965D68
Value: 11015 (dec)
String: prestigeShopTokensEntitlement
Address: 0x31965D7C
Value: 11019 (dec)
String: privateMatchCustomClasses
Address: 0x31965D90
Value: 5613 (dec)
String: reconDroneState
Address: 0x31965DA4
Value: 11457 (dec)
String: remoteTurretDamageFade
Address: 0x31965DB8
Value: 11478 (dec)
String: remoteTurretDamageState
Address: 0x31965DCC
Value: 11477 (dec)
String: remoteTurretDamaged
Address: 0x31965DE0
Value: 88771 (dec)
String: restXPGoal
Address: 0x31965DF4
Value: 3236 (dec)
String: returns
Address: 0x31965E08
Value: 3260 (dec)
String: round
Address: 0x31965E1C
Value: 3392 (dec)
String: score
Address: 0x31965E30
Value: 3248 (dec)
String: skills
Address: 0x31965E44
Value: 10412 (dec)
String: suicides
Address: 0x31965E58
Value: 3316 (dec)
String: teamkills
Address: 0x31965E6C
Value: 3312 (dec)
String: ties
Address: 0x31965E80
Value: 3348 (dec)
String: timePlayedAllies
Address: 0x31965E94
Value: 3320 (dec)
String: timePlayedOpfor
Address: 0x31965EA8
Value: 3324 (dec)
String: timePlayedOther
Address: 0x31965EBC
Value: 3328 (dec)
String: timePlayedTotal
Address: 0x31965ED0
Value: 3332 (dec)
String: timeSinceLastLoot
Address: 0x31965EE4
Value: 3384 (dec)
String: titleNew
Address: 0x31965EF8
Value: 10828 (dec)
String: titleUnlocked
Address: 0x31965F0C
Value: 10572 (dec)
String: totalShots
Address: 0x31965F20
Value: 3372 (dec)
String: ugvBullets
Address: 0x31965F34
Value: 11471 (dec)
String: ugvDamageFade
Address: 0x31965F48
Value: 11466 (dec)
String: ugvDamageState
Address: 0x31965F5C
Value: 11465 (dec)
String: ugvDamaged
Address: 0x31965F70
Value: 88770 (dec)
String: ugvMaxBullets
Address: 0x31965F84
Value: 11470 (dec)
String: ugvMissile
Address: 0x31965F98
Value: 11472 (dec)
String: unlockedCamo
Address: 0x31965FAC
Value: 11032 (dec)
String: unlockedReticles
Address: 0x31965FC0
Value: 11031 (dec)
String: weaponNew
Address: 0x31965FD4
Value: 3564 (dec)
String: weaponRank
Address: 0x31965FE8
Value: 3132 (dec)
String: weaponStats
Address: 0x31965FFC
Value: 872 (dec)
String: weaponXP
Address: 0x31966010
Value: 2716 (dec)
String: weaponXPMaxMultiplierTimePlayed
Address: 0x31966024
Value: 11088 (dec)
String: weaponXPMultiplier
Address: 0x31966038
Value: 11084 (dec)
String: weaponXPMultiplierTimePlayed
Address: 0x3196604C
Value: 11092 (dec)
String: weeklyChallengeId
Address: 0x31966060
Value: 10390 (dec)
String: winLossRatio
Address: 0x31966074
Value: 3360 (dec)
String: winStreak
Address: 0x31966088
Value: 3352 (dec)
String: wins
Address: 0x3196609C
Value: 3340 (dec)
String: xpMaxMultiplierTimePlayed
Address: 0x319660B0
Value: 11048 (dec)
String: xpMultiplier
Address: 0x319660C4
Value: 11036 (dec)
String: xpMultiplierTimePlayed
Address: 0x319660D8
Value: 11060 (dec)
// the playerdata.def using IDA Pro
You must login or register to view this content.
PPC Comparison MW2/MW3
//MW2
# =============== S U B R O U T I N E =======================================
seg001:002163A8
seg001:002163A8
seg001:002163A8 sub_2163A8: # CODE XREF: sub_16A080+48C*p
seg001:002163A8 # sub_16A080+584*p ...
seg001:002163A8
seg001:002163A8 .set var_98, -0x98
seg001:002163A8 .set var_50, -0x50
seg001:002163A8 .set var_48, -0x48
seg001:002163A8 .set var_40, -0x40
seg001:002163A8 .set var_38, -0x38
seg001:002163A8 .set var_30, -0x30
seg001:002163A8 .set var_28, -0x28
seg001:002163A8 .set var_20, -0x20
seg001:002163A8 .set var_18, -0x18
seg001:002163A8 .set var_10, -0x10
seg001:002163A8 .set var_8, -8
seg001:002163A8 .set arg_10, 0x10
seg001:002163A8
seg001:002163A8 3D 20 00 09 lis r9, loc_97F80@h
seg001:002163AC 81 62 2E 94 lwz r11, off_727ACC # unk_1BF5100
seg001:002163B0 F8 21 FF 41 stdu r1, -0xC0(r1)
seg001:002163B4 7C 08 02 A6 mflr r0
seg001:002163B8 61 29 7F 80 ori r9, r9, loc_97F80@l
seg001:002163BC FB 81 00 A0 std r28, 0xC0+var_20(r1)
seg001:002163C0 FB A1 00 A8 std r29, 0xC0+var_18(r1)
seg001:002163C4 FB C1 00 B0 std r30, 0xC0+var_10(r1)
seg001:002163C8 FA C1 00 70 std r22, 0xC0+var_50(r1)
seg001:002163CC FA E1 00 78 std r23, 0xC0+var_48(r1)
seg001:002163D0 FB 01 00 80 std r24, 0xC0+var_40(r1)
seg001:002163D4 FB 21 00 88 std r25, 0xC0+var_38(r1)
seg001:002163D8 FB 41 00 90 std r26, 0xC0+var_30(r1)
seg001:002163DC FB 61 00 98 std r27, 0xC0+var_28(r1)
seg001:002163E0 FB E1 00 B8 std r31, 0xC0+var_8(r1)
seg001:002163E4 F8 01 00 D0 std r0, 0xC0+arg_10(r1)
seg001:002163E8 80 0B 40 1C lwz r0, 0x401C(r11)
seg001:002163EC 7C 7D 1B 78 mr r29, r3
seg001:002163F0 7D 23 49 D6 mullw r9, r3, r9
seg001:002163F4 7F C9 02 14 add r30, r9, r0
seg001:002163F8 7B DC 00 20 clrldi r28, r30, 32
seg001:002163FC 3D 3C 00 03 addis r9, r28, 3
seg001:00216400 88 09 3F 09 lbz r0, 0x3F09(r9)
seg001:00216404 2F 80 00 00 cmpwi cr7, r0, 0
seg001:00216408 41 9E 02 50 beq cr7, loc_216658
seg001:0021640C 80 1C 00 00 lwz r0, aTimeAfterTheLa # "Time after the last talk packet was rec"...
seg001:00216410 2F 80 00 02 cmpwi cr7, r0, 2
seg001:00216414 41 9E 02 44 beq cr7, loc_216658
seg001:00216418 83 22 2F 30 lwz r25, off_727B68 # unk_1BA57B8
seg001:0021641C 38 80 04 00 li r4, 0x400
seg001:00216420 80 A2 2F 34 lwz r5, off_727B6C # aC_3
seg001:00216424 38 C0 00 4E li r6, 0x4E # Stats command for GSSC 4E = N
seg001:00216428 7F 23 CB 78 mr r3, r25
seg001:0021642C 3B E0 00 00 li r31, 0
seg001:00216430 48 06 7E C9 bl sub_27E2F8
seg001:00216434 60 00 00 00 nop
seg001:00216438 7F A3 07 B4 extsw r3, r29
seg001:0021643C 4B FF DE 6D bl sub_2142A8
seg001:00216440 81 62 2F 38 lwz r11, off_727B70 # off_6F6924
seg001:00216444 3D 3E 00 03 addis r9, r30, 3
seg001:00216448 3B 00 00 00 li r24, 0
seg001:0021644C 7C 76 1B 78 mr r22, r3
seg001:00216450 3B 40 00 00 li r26, 0
seg001:00216454 3B 69 3B 09 addi r27, r9, 0x3B09
seg001:00216458 82 EB 00 00 lwz r23, 0(r11)
seg001:0021645C 39 00 00 00 li r8, 0
seg001:00216460 3B C0 00 01 li r30, 1
seg001:00216464 38 E0 00 00 li r7, 0
seg001:00216468
seg001:00216468 loc_216468: # CODE XREF: sub_2163A8+294*j
seg001:00216468 39 40 00 00 li r10, 0
seg001:0021646C 48 00 00 28 b loc_216494
seg001:00216470 # ---------------------------------------------------------------------------
seg001:00216470
seg001:00216470 loc_216470: # CODE XREF: sub_2163A8+114*j
seg001:00216470 2F 8A 00 00 cmpwi cr7, r10, 0
seg001:00216474 7F FA FB 78 mr r26, r31
seg001:00216478 39 00 00 00 li r8, 0
seg001:0021647C 40 9E 00 0C bne cr7, loc_216488
seg001:00216480 7F F8 FB 78 mr r24, r31
seg001:00216484 39 40 00 01 li r10, 1
seg001:00216488
seg001:00216488 loc_216488: # CODE XREF: sub_2163A8+D4*j
seg001:00216488 # sub_2163A8+128*j ...
seg001:00216488 3B FF 00 01 addi r31, r31, 1
seg001:0021648C 2B 9F 1F FB cmplwi cr7, r31, 0x1FFB
seg001:00216490 41 9D 02 90 bgt cr7, loc_216720
seg001:00216494
seg001:00216494 loc_216494: # CODE XREF: sub_2163A8+C4*j
seg001:00216494 # sub_2163A8+374*j
seg001:00216494 7F E9 1E 70 srawi r9, r31, 3
seg001:00216498 7D 29 01 94 addze r9, r9
seg001:0021649C 7D 7B 4A 14 add r11, r27, r9
seg001:002164A0 55 29 18 38 slwi r9, r9, 3
seg001:002164A4 79 6B 00 20 clrldi r11, r11, 32
seg001:002164A8 7D 29 F8 50 subf r9, r9, r31
seg001:002164AC 88 0B 00 00 lbz r0, 0(r11)
seg001:002164B0 7C 00 4E 30 sraw r0, r0, r9
seg001:002164B4 54 00 07 FE clrlwi r0, r0, 31
seg001:002164B8 2F 80 00 00 cmpwi cr7, r0, 0
seg001:002164BC 40 9E FF B4 bne cr7, loc_216470
seg001:002164C0 2F 8A 00 00 cmpwi cr7, r10, 0
seg001:002164C4 41 9E 01 CC beq cr7, loc_216690
seg001:002164C8 2F 88 00 03 cmpwi cr7, r8, 3
seg001:002164CC 39 08 00 01 addi r8, r8, 1
seg001:002164D0 40 9E FF B8 bne cr7, loc_216488
seg001:002164D4
seg001:002164D4 loc_2164D4: # CODE XREF: sub_2163A8+37C*j
seg001:002164D4 7F BE CA 14 add r29, r30, r25
seg001:002164D8 80 A2 2F 3C lwz r5, off_727B74 # aD_6
seg001:002164DC 20 9E 04 00 subfic r4, r30, 0x400
seg001:002164E0 7B BD 00 20 clrldi r29, r29, 32
seg001:002164E4 7C 84 07 B4 extsw r4, r4
seg001:002164E8 7B 06 00 20 clrldi r6, r24, 32
seg001:002164EC 7F A3 EB 78 mr r3, r29
seg001:002164F0 48 06 7E 09 bl sub_27E2F8
seg001:002164F4 60 00 00 00 nop
seg001:002164F8 7F A3 EB 78 mr r3, r29
seg001:002164FC 48 2B 07 6D bl sub_4C6C68
seg001:00216500 E8 41 00 28 ld r2, 0xC0+var_98(r1)
seg001:00216504 7F 98 D0 40 cmplw cr7, r24, r26
seg001:00216508 7F DE 1A 14 add r30, r30, r3
seg001:0021650C 41 9D 01 10 bgt cr7, loc_21661C
seg001:00216510 7F 0A C3 78 mr r10, r24
seg001:00216514 7C D6 C2 14 add r6, r22, r24
seg001:00216518 38 60 00 5A li r3, 0x5A
seg001:0021651C 3B A0 00 4F li r29, 0x4F
seg001:00216520 38 80 00 01 li r4, 1
seg001:00216524 48 00 00 4C b loc_216570
seg001:00216528 # ---------------------------------------------------------------------------
seg001:00216528
seg001:00216528 loc_216528: # CODE XREF: sub_2163A8+1DC*j
seg001:00216528 3B DE 00 01 addi r30, r30, 1
seg001:0021652C 7C 79 01 AE stbx r3, r25, r0
seg001:00216530
seg001:00216530 loc_216530: # CODE XREF: sub_2163A8+390*j
seg001:00216530 2F 9E 04 00 cmpwi cr7, r30, 0x400
seg001:00216534 7D 40 1E 70 srawi r0, r10, 3
seg001:00216538 7C 00 01 94 addze r0, r0
seg001:0021653C 38 C6 00 01 addi r6, r6, 1
seg001:00216540 41 9D 00 98 bgt cr7, loc_2165D8
seg001:00216544
seg001:00216544 loc_216544: # CODE XREF: sub_2163A8+22C*j
seg001:00216544 7D 7B 02 14 add r11, r27, r0
seg001:00216548 54 00 18 38 slwi r0, r0, 3
seg001:0021654C 79 6B 00 20 clrldi r11, r11, 32
seg001:00216550 7C 00 50 50 subf r0, r0, r10
seg001:00216554 39 4A 00 01 addi r10, r10, 1
seg001:00216558 7C 80 00 30 slw r0, r4, r0
seg001:0021655C 7F 8A D0 40 cmplw cr7, r10, r26
seg001:00216560 89 2B 00 00 lbz r9, 0(r11)
seg001:00216564 7D 20 00 78 andc r0, r9, r0
seg001:00216568 98 0B 00 00 stb r0, 0(r11)
seg001:0021656C 41 9D 00 B0 bgt cr7, loc_21661C
seg001:00216570
seg001:00216570 loc_216570: # CODE XREF: sub_2163A8+17C*j
seg001:00216570 78 C9 00 20 clrldi r9, r6, 32
seg001:00216574 7F C0 07 B4 extsw r0, r30
seg001:00216578 89 29 00 00 lbz r9, 0(r9)
seg001:0021657C 2F 89 00 00 cmpwi cr7, r9, 0
seg001:00216580 2F 09 00 01 cmpwi cr6, r9, 1
seg001:00216584 41 9E FF A4 beq cr7, loc_216528
seg001:00216588 55 20 E1 3E srwi r0, r9, 4
seg001:0021658C 55 29 07 3E clrlwi r9, r9, 28
seg001:00216590 7C 00 BA 14 add r0, r0, r23
seg001:00216594 7D 37 4A 14 add r9, r23, r9
seg001:00216598 78 08 00 20 clrldi r8, r0, 32
seg001:0021659C 38 1E 00 01 addi r0, r30, 1
seg001:002165A0 7F C7 07 B4 extsw r7, r30
seg001:002165A4 79 29 00 20 clrldi r9, r9, 32
seg001:002165A8 7C 05 07 B4 extsw r5, r0
seg001:002165AC 41 9A 01 84 beq cr6, loc_216730
seg001:002165B0 88 08 00 00 lbz r0, 0(r
seg001:002165B4 3B DE 00 02 addi r30, r30, 2
seg001:002165B8 38 C6 00 01 addi r6, r6, 1
seg001:002165BC 7C 19 39 AE stbx r0, r25, r7
seg001:002165C0 2F 9E 04 00 cmpwi cr7, r30, 0x400
seg001:002165C4 89 29 00 00 lbz r9, 0(r9)
seg001:002165C8 7D 40 1E 70 srawi r0, r10, 3
seg001:002165CC 7C 00 01 94 addze r0, r0
seg001:002165D0 7D 39 29 AE stbx r9, r25, r5
seg001:002165D4 40 9D FF 70 ble cr7, loc_216544
seg001:002165D8
seg001:002165D8 loc_2165D8: # CODE XREF: sub_2163A8+198*j
seg001:002165D8 E8 01 00 D0 ld r0, 0xC0+arg_10(r1)
seg001:002165DC 7F 83 E3 78 mr r3, r28
seg001:002165E0 EA C1 00 70 ld r22, 0xC0+var_50(r1)
seg001:002165E4 38 A0 00 01 li r5, 1
seg001:002165E8 EA E1 00 78 ld r23, 0xC0+var_48(r1)
seg001:002165EC 7C 08 03 A6 mtlr r0
seg001:002165F0 EB 01 00 80 ld r24, 0xC0+var_40(r1)
seg001:002165F4 EB 21 00 88 ld r25, 0xC0+var_38(r1)
seg001:002165F8 EB 41 00 90 ld r26, 0xC0+var_30(r1)
seg001:002165FC EB 61 00 98 ld r27, 0xC0+var_28(r1)
seg001:00216600 EB 81 00 A0 ld r28, 0xC0+var_20(r1)
seg001:00216604 EB A1 00 A8 ld r29, 0xC0+var_18(r1)
seg001:00216608 EB C1 00 B0 ld r30, 0xC0+var_10(r1)
seg001:0021660C EB E1 00 B8 ld r31, 0xC0+var_8(r1)
seg001:00216610 38 21 00 C0 addi r1, r1, 0xC0
seg001:00216614 80 82 2F 40 lwz r4, off_727B78 # aTooManyStatsCh
seg001:00216618 4B FF E9 E8 b sub_215000
seg001:0021661C # ---------------------------------------------------------------------------
seg001:0021661C
seg001:0021661C loc_21661C: # CODE XREF: sub_2163A8+164*j
seg001:0021661C # sub_2163A8+1C4*j
seg001:0021661C 7F C0 07 B4 extsw r0, r30
seg001:00216620 2B 9F 1F FB cmplwi cr7, r31, 0x1FFB
seg001:00216624 39 20 00 00 li r9, 0
seg001:00216628 38 E0 00 01 li r7, 1
seg001:0021662C 39 00 00 00 li r8, 0
seg001:00216630 7D 39 01 AE stbx r9, r25, r0
seg001:00216634 3B 40 00 00 li r26, 0
seg001:00216638 3B 00 00 00 li r24, 0
seg001:0021663C 40 9D FE 2C ble cr7, loc_216468
seg001:00216640
seg001:00216640 loc_216640: # CODE XREF: sub_2163A8+380*j
seg001:00216640 54 E0 06 3E clrlwi r0, r7, 24
seg001:00216644 2F 80 00 00 cmpwi cr7, r0, 0
seg001:00216648 40 9E 00 F4 bne cr7, loc_21673C
seg001:0021664C
seg001:0021664C loc_21664C: # CODE XREF: sub_2163A8+3A8*j
seg001:0021664C 3D 3C 00 03 addis r9, r28, 3
seg001:00216650 38 00 00 00 li r0, 0
seg001:00216654 98 09 3F 09 stb r0, 0x3F09(r9)
seg001:00216658
seg001:00216658 loc_216658: # CODE XREF: sub_2163A8+60*j
seg001:00216658 # sub_2163A8+6C*j
seg001:00216658 E8 01 00 D0 ld r0, 0xC0+arg_10(r1)
seg001:0021665C EA C1 00 70 ld r22, 0xC0+var_50(r1)
seg001:00216660 EA E1 00 78 ld r23, 0xC0+var_48(r1)
seg001:00216664 7C 08 03 A6 mtlr r0
seg001:00216668 EB 01 00 80 ld r24, 0xC0+var_40(r1)
seg001:0021666C EB 21 00 88 ld r25, 0xC0+var_38(r1)
seg001:00216670 EB 41 00 90 ld r26, 0xC0+var_30(r1)
seg001:00216674 EB 61 00 98 ld r27, 0xC0+var_28(r1)
seg001:00216678 EB 81 00 A0 ld r28, 0xC0+var_20(r1)
seg001:0021667C EB A1 00 A8 ld r29, 0xC0+var_18(r1)
seg001:00216680 EB C1 00 B0 ld r30, 0xC0+var_10(r1)
seg001:00216684 EB E1 00 B8 ld r31, 0xC0+var_8(r1)
seg001:00216688 38 21 00 C0 addi r1, r1, 0xC0
seg001:0021668C 4E 80 00 20 blr
seg001:00216690 # ---------------------------------------------------------------------------
seg001:00216690
seg001:00216690 loc_216690: # CODE XREF: sub_2163A8+11C*j
seg001:00216690 57 EB E8 FE srwi r11, r31, 3
seg001:00216694 3D 2B 00 03 addis r9, r11, 3
seg001:00216698 39 29 3B 00 addi r9, r9, 0x3B00
seg001:0021669C 7D 29 07 B4 extsw r9, r9
seg001:002166A0 7D 3C 4A 14 add r9, r28, r9
seg001:002166A4 88 09 00 09 lbz r0, 9(r9)
seg001:002166A8 2F 80 00 00 cmpwi cr7, r0, 0
seg001:002166AC 40 9E FD DC bne cr7, loc_216488
seg001:002166B0 55 6B 18 38 slwi r11, r11, 3
seg001:002166B4 40 9E 00 5C bne cr7, loc_216710
seg001:002166B8 2B 8B 1F FB cmplwi cr7, r11, 0x1FFB
seg001:002166BC 41 9D 00 54 bgt cr7, loc_216710
seg001:002166C0 21 2B 1F FB subfic r9, r11, 0x1FFB
seg001:002166C4 38 0B 00 08 addi r0, r11, 8
seg001:002166C8 55 29 E8 FE srwi r9, r9, 3
seg001:002166CC 2B 80 20 03 cmplwi cr7, r0, 0x2003
seg001:002166D0 39 29 00 01 addi r9, r9, 1
seg001:002166D4 79 29 00 20 clrldi r9, r9, 32
seg001:002166D8 7D 29 03 A6 mtctr r9
seg001:002166DC 40 FD 00 10 ble+ cr7, loc_2166EC
seg001:002166E0 48 00 00 74 b loc_216754
seg001:002166E0 # ---------------------------------------------------------------------------
seg001:002166E4 60 00 00 00 .align 3
seg001:002166E8
seg001:002166E8 loc_2166E8: # CODE XREF: sub_2163A8+364*j
seg001:002166E8 42 40 00 28 bdz loc_216710
seg001:002166EC
seg001:002166EC loc_2166EC: # CODE XREF: sub_2163A8+334*j
seg001:002166EC # sub_2163A8+3B4*j
seg001:002166EC 39 6B 00 08 addi r11, r11, 8
seg001:002166F0 55 69 E8 FE srwi r9, r11, 3
seg001:002166F4 3D 29 00 03 addis r9, r9, 3
seg001:002166F8 39 29 3B 00 addi r9, r9, 0x3B00
seg001:002166FC 7D 29 07 B4 extsw r9, r9
seg001:00216700 7D 3C 4A 14 add r9, r28, r9
seg001:00216704 88 09 00 09 lbz r0, 9(r9)
seg001:00216708 2F 80 00 00 cmpwi cr7, r0, 0
seg001:0021670C 41 9E FF DC beq cr7, loc_2166E8
seg001:00216710
seg001:00216710 loc_216710: # CODE XREF: sub_2163A8+30C*j
seg001:00216710 # sub_2163A8+314*j ...
seg001:00216710 3B EB FF FF addi r31, r11, -1
seg001:00216714 3B FF 00 01 addi r31, r31, 1
seg001:00216718 2B 9F 1F FB cmplwi cr7, r31, 0x1FFB
seg001:0021671C 40 9D FD 78 ble cr7, loc_216494
seg001:00216720
seg001:00216720 loc_216720: # CODE XREF: sub_2163A8+E8*j
seg001:00216720 2F 8A 00 00 cmpwi cr7, r10, 0
seg001:00216724 40 FE FD B0 bne+ cr7, loc_2164D4
seg001:00216728 4B FF FF 18 b loc_216640
seg001:00216728 # ---------------------------------------------------------------------------
seg001:0021672C 60 00 00 00 .align 4
seg001:00216730
seg001:00216730 loc_216730: # CODE XREF: sub_2163A8+204*j
seg001:00216730 7C 1E 03 78 mr r30, r0
seg001:00216734 7F B9 39 AE stbx r29, r25, r7
seg001:00216738 4B FF FD F8 b loc_216530
seg001:0021673C # ---------------------------------------------------------------------------
seg001:0021673C
seg001:0021673C loc_21673C: # CODE XREF: sub_2163A8+2A0*j
seg001:0021673C 7F 25 CB 78 mr r5, r25
seg001:00216740 7F 83 E3 78 mr r3, r28
seg001:00216744 38 80 00 01 li r4, 1
seg001:00216748 48 00 8F 61 bl sub_67E2F8
seg001:0021674C 60 00 00 00 nop
seg001:00216750 4B FF FE FC b loc_21664C
seg001:00216754 # ---------------------------------------------------------------------------
seg001:00216754
seg001:00216754 loc_216754: # CODE XREF: sub_2163A8+338*j
seg001:00216754 38 00 00 01 li r0, 1
seg001:00216758 7C 09 03 A6 mtctr r0
seg001:0021675C 4B FF FF 90 b loc_2166EC
seg001:0021675C # End of function sub_2163A8
seg001:0021675C
seg001:00216760
seg001:00216760 # =============== S U B R O U T I N E =======================================
//MW3
# =============== S U B R O U T I N E =======================================
seg001:00224D74
seg001:00224D74
seg001:00224D74 sub_224D74: # CODE XREF: sub_174F0C+370*p
seg001:00224D74 # sub_174F0C+3D0*p ...
seg001:00224D74
seg001:00224D74 .set var_90, -0x90
seg001:00224D74 .set var_58, -0x58
seg001:00224D74 .set var_50, -0x50
seg001:00224D74 .set var_48, -0x48
seg001:00224D74 .set var_40, -0x40
seg001:00224D74 .set var_38, -0x38
seg001:00224D74 .set var_30, -0x30
seg001:00224D74 .set var_28, -0x28
seg001:00224D74 .set var_20, -0x20
seg001:00224D74 .set var_18, -0x18
seg001:00224D74 .set var_10, -0x10
seg001:00224D74 .set var_8, -8
seg001:00224D74 .set arg_10, 0x10
seg001:00224D74
seg001:00224D74 F8 21 FF 01 stdu r1, -0x100(r1)
seg001:00224D78 7C 08 02 A6 mflr r0
seg001:00224D7C F8 01 01 10 std r0, 0x100+arg_10(r1)
seg001:00224D80 3C 80 00 06 lis r4, loc_68B80@h
seg001:00224D84 FB 21 00 C8 std r25, 0x100+var_38(r1)
seg001:00224D88 3C A0 01 7C lis r5, ((dword_17BB210+0x10000)@h)
seg001:00224D8C 60 99 8B 80 ori r25, r4, loc_68B80@l
seg001:00224D90 7F 23 C9 D6 mullw r25, r3, r25
seg001:00224D94 80 65 B2 10 lwz r3, dword_17BB210@l(r5)
seg001:00224D98 FB 01 00 C0 std r24, 0x100+var_40(r1)
seg001:00224D9C 3C 80 00 03 lis r4, byte_352E9@h
seg001:00224DA0 7F 03 C8 14 addc r24, r3, r25
seg001:00224DA4 60 84 52 E9 ori r4, r4, byte_352E9@l
seg001:00224DA8 7B 18 00 20 clrldi r24, r24, 32
seg001:00224DAC 7C 78 20 AE lbzx r3, r24, r4
seg001:00224DB0 FB E1 00 F8 std r31, 0x100+var_8(r1)
seg001:00224DB4 FB C1 00 F0 std r30, 0x100+var_10(r1)
seg001:00224DB8 FB A1 00 E8 std r29, 0x100+var_18(r1)
seg001:00224DBC FB 81 00 E0 std r28, 0x100+var_20(r1)
seg001:00224DC0 FB 61 00 D8 std r27, 0x100+var_28(r1)
seg001:00224DC4 FB 41 00 D0 std r26, 0x100+var_30(r1)
seg001:00224DC8 FA E1 00 B8 std r23, 0x100+var_48(r1)
seg001:00224DCC FA C1 00 B0 std r22, 0x100+var_50(r1)
seg001:00224DD0 FA A1 00 A8 std r21, 0x100+var_58(r1)
seg001:00224DD4 2C 03 00 00 cmpwi r3, 0
seg001:00224DD8 41 82 02 48 beq loc_225020
seg001:00224DDC 80 78 00 00 lwz r3, 0(r24)
seg001:00224DE0 2C 03 00 02 cmpwi r3, 2
seg001:00224DE4 41 82 02 3C beq loc_225020
seg001:00224DE8 33 61 00 70 addic r27, r1, 0x100+var_90
seg001:00224DEC 3C 80 01 57 lis r4, unk_15746D8@h
seg001:00224DF0 63 63 00 00 mr r3, r27
seg001:00224DF4 38 A0 03 FC li r5, 0x3FC
seg001:00224DF8 30 84 46 D8 addic r4, r4, unk_15746D8@l
seg001:00224DFC 4B FD 6E 7D bl sub_1FBC78
seg001:00224E00 63 63 00 00 mr r3, r27
seg001:00224E04 38 80 00 47 li r4, 0x47 # Stats command for GSSC 47 = G
seg001:00224E08 4B FD 72 E9 bl sub_1FC0F0
seg001:00224E0C 3C 60 01 7C lis r3, ((dword_17BB210+0x10000)@h)
seg001:00224E10 3F E0 00 03 lis r31, ((loc_34CE8+1)@h)
seg001:00224E14 3B 40 00 00 li r26, 0
seg001:00224E18 63 FF 4C E9 ori r31, r31, ((loc_34CE8+1)@l)
seg001:00224E1C 63 5C 00 00 mr r28, r26
seg001:00224E20 80 83 B2 10 lwz r4, dword_17BB210@l(r3)
seg001:00224E24 7F B8 F8 14 addc r29, r24, r31
seg001:00224E28 3B C0 00 01 li r30, 1
seg001:00224E2C 63 83 00 00 mr r3, r28
seg001:00224E30 7F 24 C8 14 addc r25, r4, r25
seg001:00224E34 7B BD 00 20 clrldi r29, r29, 32
seg001:00224E38
seg001:00224E38 loc_224E38: # CODE XREF: sub_224D74+284*j
seg001:00224E38 63 96 00 00 mr r22, r28
seg001:00224E3C 28 1A 2F FC cmplwi r26, 0x2FFC
seg001:00224E40 62 D7 00 00 mr r23, r22
seg001:00224E44 62 E4 00 00 mr r4, r23
seg001:00224E48 60 85 00 00 mr r5, r4
seg001:00224E4C 40 80 00 F4 bge loc_224F40
seg001:00224E50
seg001:00224E50 loc_224E50: # CODE XREF: sub_224D74+1C8*j
seg001:00224E50 7F 46 1E 70 srawi r6, r26, 3
seg001:00224E54 2C 85 00 00 cmpwi cr1, r5, 0
seg001:00224E58 7C C6 01 94 addze r6, r6
seg001:00224E5C 7C C7 07 B4 extsw r7, r6
seg001:00224E60 78 C6 1F 24 sldi r6, r6, 3
seg001:00224E64 7C C6 D0 10 subfc r6, r6, r26
seg001:00224E68 7C FD 38 AE lbzx r7, r29, r7
seg001:00224E6C 7F C6 30 30 slw r6, r30, r6
seg001:00224E70 7C E6 30 38 and r6, r7, r6
seg001:00224E74 2C 06 00 00 cmpwi r6, 0
seg001:00224E78 41 82 00 60 beq loc_224ED8
seg001:00224E7C 38 C0 00 00 li r6, 0
seg001:00224E80 38 80 00 00 li r4, 0
seg001:00224E84 7C C5 30 10 subfc r6, r5, r6
seg001:00224E88 7C 85 20 10 subfc r4, r5, r4
seg001:00224E8C 7C C6 00 34 cntlzw r6, r6
seg001:00224E90 7C 84 00 34 cntlzw r4, r4
seg001:00224E94 78 C6 D1 46 sldi r6, r6, 58
seg001:00224E98 38 E0 00 01 li r7, 1
seg001:00224E9C 78 84 D1 46 sldi r4, r4, 58
seg001:00224EA0 7C C6 FE 76 sradi r6, r6, 0x3F
seg001:00224EA4 7D 16 D0 10 subfc r8, r22, r26
seg001:00224EA8 7C E5 38 10 subfc r7, r5, r7
seg001:00224EAC 7C 84 FE 76 sradi r4, r4, 0x3F
seg001:00224EB0 7C C6 40 38 and r6, r6, r8
seg001:00224EB4 7C 84 38 38 and r4, r4, r7
seg001:00224EB8 7E D6 30 14 addc r22, r22, r6
seg001:00224EBC 7C A5 20 14 addc r5, r5, r4
seg001:00224EC0 7C 96 D0 10 subfc r4, r22, r26
seg001:00224EC4 28 04 00 FF cmplwi r4, 0xFF
seg001:00224EC8 40 80 00 78 bge loc_224F40
seg001:00224ECC 63 57 00 00 mr r23, r26
seg001:00224ED0 63 84 00 00 mr r4, r28
seg001:00224ED4 48 00 00 60 b loc_224F34
seg001:00224ED8 # ---------------------------------------------------------------------------
seg001:00224ED8
seg001:00224ED8 loc_224ED8: # CODE XREF: sub_224D74+104*j
seg001:00224ED8 41 86 00 14 beq cr1, loc_224EEC
seg001:00224EDC 30 84 00 01 addic r4, r4, 1
seg001:00224EE0 2C 04 00 03 cmpwi r4, 3
seg001:00224EE4 41 82 00 5C beq loc_224F40
seg001:00224EE8 48 00 00 4C b loc_224F34
seg001:00224EEC # ---------------------------------------------------------------------------
seg001:00224EEC
seg001:00224EEC loc_224EEC: # CODE XREF: sub_224D74:loc_224ED8*j
seg001:00224EEC 57 46 E8 FE srwi r6, r26, 3
seg001:00224EF0 7C D8 30 14 addc r6, r24, r6
seg001:00224EF4 78 C6 00 20 clrldi r6, r6, 32
seg001:00224EF8 7C C6 F8 AE lbzx r6, r6, r31
seg001:00224EFC 2C 06 00 00 cmpwi r6, 0
seg001:00224F00 40 82 00 34 bne loc_224F34
seg001:00224F04 57 5A 00 38 clrrwi r26, r26, 3
seg001:00224F08
seg001:00224F08 loc_224F08: # CODE XREF: sub_224D74+1B8*j
seg001:00224F08 57 46 E8 FE srwi r6, r26, 3
seg001:00224F0C 7C D8 30 14 addc r6, r24, r6
seg001:00224F10 78 C6 00 20 clrldi r6, r6, 32
seg001:00224F14 7C C6 F8 AE lbzx r6, r6, r31
seg001:00224F18 2C 06 00 00 cmpwi r6, 0
seg001:00224F1C 40 82 00 14 bne loc_224F30
seg001:00224F20 28 1A 2F FC cmplwi r26, 0x2FFC
seg001:00224F24 40 80 00 0C bge loc_224F30
seg001:00224F28 33 5A 00 08 addic r26, r26, 8
seg001:00224F2C 4B FF FF DC b loc_224F08
seg001:00224F30 # ---------------------------------------------------------------------------
seg001:00224F30
seg001:00224F30 loc_224F30: # CODE XREF: sub_224D74+1A8*j
seg001:00224F30 # sub_224D74+1B0*j
seg001:00224F30 33 5A FF FF addic r26, r26, -1
seg001:00224F34
seg001:00224F34 loc_224F34: # CODE XREF: sub_224D74+160*j
seg001:00224F34 # sub_224D74+174*j ...
seg001:00224F34 33 5A 00 01 addic r26, r26, 1
seg001:00224F38 28 1A 2F FC cmplwi r26, 0x2FFC
seg001:00224F3C 41 80 FF 14 blt loc_224E50
seg001:00224F40
seg001:00224F40 loc_224F40: # CODE XREF: sub_224D74+D8*j
seg001:00224F40 # sub_224D74+154*j ...
seg001:00224F40 2C 05 00 00 cmpwi r5, 0
seg001:00224F44 41 82 00 B8 beq loc_224FFC
seg001:00224F48 7C 76 B8 10 subfc r3, r22, r23
seg001:00224F4C 7E C4 07 B4 extsw r4, r22
seg001:00224F50 30 A3 00 01 addic r5, r3, 1
seg001:00224F54 63 63 00 00 mr r3, r27
seg001:00224F58 7C B5 07 B4 extsw r21, r5
seg001:00224F5C 4B FD 72 3D bl sub_1FC198
seg001:00224F60 63 63 00 00 mr r3, r27
seg001:00224F64 62 A4 00 00 mr r4, r21
seg001:00224F68 4B FD 71 89 bl sub_1FC0F0
seg001:00224F6C 3C 60 00 03 lis r3, ((loc_31CEC+1)@h)
seg001:00224F70 7C 99 B0 14 addc r4, r25, r22
seg001:00224F74 60 66 1C ED ori r6, r3, ((loc_31CEC+1)@l)
seg001:00224F78 63 63 00 00 mr r3, r27
seg001:00224F7C 7C 84 30 14 addc r4, r4, r6
seg001:00224F80 62 A5 00 00 mr r5, r21
seg001:00224F84 78 84 00 20 clrldi r4, r4, 32
seg001:00224F88 4B FD 71 A1 bl sub_1FC128
seg001:00224F8C 80 61 00 70 lwz r3, 0x100+var_90(r1)
seg001:00224F90 2C 03 00 00 cmpwi r3, 0
seg001:00224F94 41 82 00 1C beq loc_224FB0
seg001:00224F98 3C 80 00 55 lis r4, ((aTooManyStatsCh+0x10000)@h) # "Too many stats changed at once"
seg001:00224F9C 63 03 00 00 mr r3, r24
seg001:00224FA0 30 84 C9 F0 addic r4, r4, -0x3610 # aTooManyStatsCh
seg001:00224FA4 38 A0 00 01 li r5, 1
seg001:00224FA8 4B FF FA 55 bl sub_2249FC
seg001:00224FAC 48 00 00 74 b loc_225020
seg001:00224FB0 # ---------------------------------------------------------------------------
seg001:00224FB0
seg001:00224FB0 loc_224FB0: # CODE XREF: sub_224D74+220*j
seg001:00224FB0 7C 17 B0 40 cmplw r23, r22
seg001:00224FB4 41 80 00 40 blt loc_224FF4
seg001:00224FB8 7C 76 B8 10 subfc r3, r22, r23
seg001:00224FBC 30 63 00 01 addic r3, r3, 1
seg001:00224FC0 78 63 00 20 clrldi r3, r3, 32
seg001:00224FC4 7C 69 03 A6 mtctr r3
seg001:00224FC8
seg001:00224FC8 loc_224FC8: # CODE XREF: sub_224D74+27C*j
seg001:00224FC8 7E C3 1E 70 srawi r3, r22, 3
seg001:00224FCC 7C 63 01 94 addze r3, r3
seg001:00224FD0 7C 64 07 B4 extsw r4, r3
seg001:00224FD4 78 63 1F 24 sldi r3, r3, 3
seg001:00224FD8 7C 63 B0 10 subfc r3, r3, r22
seg001:00224FDC 32 D6 00 01 addic r22, r22, 1
seg001:00224FE0 7C BD 20 AE lbzx r5, r29, r4
seg001:00224FE4 7F C3 18 30 slw r3, r30, r3
seg001:00224FE8 7C A3 18 78 andc r3, r5, r3
seg001:00224FEC 7C 7D 21 AE stbx r3, r29, r4
seg001:00224FF0 42 00 FF D8 bdnz loc_224FC8
seg001:00224FF4
seg001:00224FF4 loc_224FF4: # CODE XREF: sub_224D74+240*j
seg001:00224FF4 63 C3 00 00 mr r3, r30
seg001:00224FF8 4B FF FE 40 b loc_224E38
seg001:00224FFC # ---------------------------------------------------------------------------
seg001:00224FFC
seg001:00224FFC loc_224FFC: # CODE XREF: sub_224D74+1D0*j
seg001:00224FFC 2C 03 00 00 cmpwi r3, 0
seg001:00225000 41 82 00 14 beq loc_225014
seg001:00225004 63 03 00 00 mr r3, r24
seg001:00225008 38 80 00 01 li r4, 1
seg001:0022500C 63 65 00 00 mr r5, r27
seg001:00225010 48 00 82 D5 bl sub_22D2E4
seg001:00225014
seg001:00225014 loc_225014: # CODE XREF: sub_224D74+28C*j
seg001:00225014 3C 60 00 03 lis r3, byte_352E9@h
seg001:00225018 60 63 52 E9 ori r3, r3, byte_352E9@l
seg001:0022501C 7F 98 19 AE stbx r28, r24, r3
seg001:00225020
seg001:00225020 loc_225020: # CODE XREF: sub_224D74+64*j
seg001:00225020 # sub_224D74+70*j ...
seg001:00225020 E8 01 01 10 ld r0, 0x100+arg_10(r1)
seg001:00225024 7C 08 03 A6 mtlr r0
seg001:00225028 EA A1 00 A8 ld r21, 0x100+var_58(r1)
seg001:0022502C EA C1 00 B0 ld r22, 0x100+var_50(r1)
seg001:00225030 EA E1 00 B8 ld r23, 0x100+var_48(r1)
seg001:00225034 EB 01 00 C0 ld r24, 0x100+var_40(r1)
seg001:00225038 EB 21 00 C8 ld r25, 0x100+var_38(r1)
seg001:0022503C EB 41 00 D0 ld r26, 0x100+var_30(r1)
seg001:00225040 EB 61 00 D8 ld r27, 0x100+var_28(r1)
seg001:00225044 EB 81 00 E0 ld r28, 0x100+var_20(r1)
seg001:00225048 EB A1 00 E8 ld r29, 0x100+var_18(r1)
seg001:0022504C EB C1 00 F0 ld r30, 0x100+var_10(r1)
seg001:00225050 EB E1 00 F8 ld r31, 0x100+var_8(r1)
seg001:00225054 38 21 01 00 addi r1, r1, 0x100
seg001:00225058 4E 80 00 20 blr
seg001:00225058 # End of function sub_224D74
useful Post: MW2/MW3 Comparison PPC (thx 2 Kiwi for sharing URL)
You must login or register to view this content.
Searching for IDA OffSets for bypass:
seg011:00535328 00000061 C Determines which time delta calculation method to use. Set true for MW2. Default is MW3 (false).
seg011:0054D674 00000042 C Max increment for delta of pings used to throttle sending packets
seg011:0052F4E1 00000046 C Received invalid stats delta: block size %d is invalid (see console)\n
seg011:0052F491 0000004B C Received invalid stats delta: byte index %d is out of range (see console)\n
seg011:0052F551 00000050 C Received invalid stats delta: message is less than block size %d (see console)\n
seg011:00535308 00000020 C cl_adjTimeDeltaCalcAlgorithmMW2
seg011:00525075 0000002F C BG_EvaluateTrajectoryDelta: unknown trType: %i
seg011:0056034C 0000001B C BD_EMPTY_STATS_SET_IGNORED
seg011:00560334 00000015 C BD_INVALID_STATS_SET
Second: - Confirmed working C# 10% (Private Class Names, Titles, Derank, ...)
- by Client_s Pointer
Not Cheat protected - but limited!
Client_s Pointer: 0x17BB210
Client Size: 0x68B80
Dpad Monitoring: 0x21022
Stats: 0x31ced
Example code (thx to xCBSKx)
public static uint GetStatAdress(uint Client, uint Index)
{
return Client_s(Client) + 0x31ced + Index;
}
Stats ACS Index:
Prestige = 0xCA8;
Experience = 0xA98;
Score = 0xcb0;
Wins = 0xd0c;
Losses = 0xd10;
Ties = 0xd14;
Win_Streak = 0xd18;
Kills = 0xcd8;
Deaths = 0xce0;
Ratio = 0xd2c;
Headshots = 0xCEC;
Accuracy = 0xd30;
Assists = 0xce8;
Kill_Streak = 0xcdc;
Time_Played1 = 0xcfa;
Time_Played2 = 0xd02;
Add_Classes = 0x2b0f;
Privatematch // Sv_SetClientStats Function: 0x22D2E4 <- XBOX
onlinematch // Stats Delta address: 0x15746D8
Third: (used by Enstone) GSC Method, C++ combined with SPRX.
Checkout Sharks MW3 GSC DUMP.
You must login or register to view this content.
Thx to SC58 for his C++ Code
void GScr_SetPlayerData(int clientNum, const char * callingFunction)
{
buffer.data = SV_GetClientPersistentDataBuffer(clientNum);
buffer.size = 0x2FFC;
GScr_SetStructuredData(StructuredDataDef_GetAsset("mp/playerdata.def", 0x2FFC), &buffer, SV_GetClientPersistentDataModifiedFlags(clientNum), callingFunction);
SV_SetClientPersistentDataModified(clientNum);
}
useful Post:
You must login or register to view this content.
useful Post:
You must login or register to view this content.
useful Post: Ghosts C# unlock all clients XBOX
You must login or register to view this content.
I'll continue my search and if i find or discover new stuff i'll post it!
If you got any good information about this subject, please post or send private message and i'll add it and give credits.
Image ACS TOOL: Second Method
You must login or register to view this content.
Update: We found out that if somebody who get's deranked by Phantom, there memory get patched somehow by phantom and if that player joins one of our lobby's we are able to set stats without using phantom.
Version 1.11 theatre mode not patched yet after that not possible only if you patch it yourself.
Version 1.11 not available for download so if anybody got old patches please send me a PM.
Last edited by
mrdarkblue ; 05-19-2016 at 02:48 PM.
Reason: Update
The following 12 users say thank you to mrdarkblue for this useful post:
07-06-2015, 12:16 AM
#39
SMT_Unbanned
Do a barrel roll!
07-06-2015, 01:03 AM
#40
zNxRo
Banned
Originally posted by Unbanned
Yeah but in Mw3 with Godmode Noobs???? I think you freeze all games :`D But i have a 100% working Anti Godmodeclass Tool so have Fun with your Freezing Warfare 3 
2000-0 SnD FH Eboot COD real time editor 30 min. round god/invis joins if you kick u freeze if you mflag the person in no clip their fuct with AntiQuit did I mention 1 billion a kill #1 Stay-Zxtn - Me #1 ffa all time Stay co-lead eXiLeModz-- your a random
Clips in the video read the beginning. Thats you and show some respect to people. GMT Anti Invisible Tool by xCSBKx look that up on google. fuck rep I got balls your a dick a castrated one.
07-06-2015, 02:35 AM
#42
SMT_Unbanned
Do a barrel roll!
Originally posted by zNxRo
Don't Sub to my channel I get my own I don't need subs from people like you. Or Followers , Or likes but I'll be happy to follow u and derank u with your god mode protection on.
First this Anti Godmode is fully buggy and your PS3 Freeze when a godmodeclass noob join to 50%
Hahahahaha you connect & attach nooby
The following user thanked SMT_Unbanned for this useful post:
07-06-2015, 04:44 PM
#43
Bitwise
Mario!
You're all clueless about this. Every single PS3 modder leeched everything related with stats from xbox. Even my good buddy BadChoiceZ wouldn't even know it existed without Const and that other PS3 guy (aresoul or something).
All client stats is basic and simple, and now old. The new hype is a method I discovered on MW3, which is a recovery without email and pass needed; work on Advanced Warfare too. It's hit #DramaAlert and the leaked version is going to be patched, it's going to be over here sooner or later so keep your eyes peeled for that. Everyone on here also doesn't know a single thing about game security, every "anti-ban" to ever exist on PS3 was ported from Xbox without any knowledge. The released "stat entry" is nothing more than a buffer version of the structures inside playerdata.def, on each cod the stat difference is different (which is also a passed command argument when used with the server command) no one knew it was using a server command until I told everyone on AIM, SC58 doesn't have enough programming knowledge to realise he was building nothing more than a string buffer to be stored in mem like any other server command. So yeah, have fun using re-use old leaked shit PS3!
All client stats is basic and simple, and now old. The new hype is a method I discovered on MW3, which is a recovery without email and pass needed; work on Advanced Warfare too. It's hit #DramaAlert and the leaked version is going to be patched, it's going to be over here sooner or later so keep your eyes peeled for that. Everyone on here also doesn't know a single thing about game security, every "anti-ban" to ever exist on PS3 was ported from Xbox without any knowledge. The released "stat entry" is nothing more than a buffer version of the structures inside playerdata.def, on each cod the stat difference is different (which is also a passed command argument when used with the server command) no one knew it was using a server command until I told everyone on AIM, SC58 doesn't have enough programming knowledge to realise he was building nothing more than a string buffer to be stored in mem like any other server command. So yeah, have fun using re-use old leaked shit PS3!
07-06-2015, 06:08 PM
#44
sleekshow
I defeated!
Originally posted by Bitwise
You're all clueless about this. Every single PS3 modder leeched everything related with stats from xbox. Even my good buddy BadChoiceZ wouldn't even know it existed without Const and that other PS3 guy (aresoul or something).
All client stats is basic and simple, and now old. The new hype is a method I discovered on MW3, which is a recovery without email and pass needed; work on Advanced Warfare too. It's hit #DramaAlert and the leaked version is going to be patched, it's going to be over here sooner or later so keep your eyes peeled for that. Everyone on here also doesn't know a single thing about game security, every "anti-ban" to ever exist on PS3 was ported from Xbox without any knowledge. The released "stat entry" is nothing more than a buffer version of the structures inside playerdata.def, on each cod the stat difference is different (which is also a passed command argument when used with the server command) no one knew it was using a server command until I told everyone on AIM, SC58 doesn't have enough programming knowledge to realise he was building nothing more than a string buffer to be stored in mem like any other server command. So yeah, have fun using re-use old leaked shit PS3!
All client stats is basic and simple, and now old. The new hype is a method I discovered on MW3, which is a recovery without email and pass needed; work on Advanced Warfare too. It's hit #DramaAlert and the leaked version is going to be patched, it's going to be over here sooner or later so keep your eyes peeled for that. Everyone on here also doesn't know a single thing about game security, every "anti-ban" to ever exist on PS3 was ported from Xbox without any knowledge. The released "stat entry" is nothing more than a buffer version of the structures inside playerdata.def, on each cod the stat difference is different (which is also a passed command argument when used with the server command) no one knew it was using a server command until I told everyone on AIM, SC58 doesn't have enough programming knowledge to realise he was building nothing more than a string buffer to be stored in mem like any other server command. So yeah, have fun using re-use old leaked shit PS3!
Seen the video on youtube pretty crazy mod account without being signed in. U shouldnt release it though
07-07-2015, 04:03 AM
#45
Cokes49
Grunt
We don't give a fuck about game security because Sony doesn't have shit....stop acting like you're some elite or some shit. Modding isn't anything special, it doesn't make you special either. It's a past time. People actually have ego's when it comes to modding fucking COD and it's fucking pathetic. Do something better with your fucking life than try to make a "name" for yourself in a fucking modding community. Yes we've all heard about this exploit, do we know how to do it? No. Will it get leaked? Yes. The original founders of the method probably have made thousands of dollars off the method already, they're fucking fine. We don't give a fuck about leeching for shit because the creators want fame. They WANT people to use their shit. Do something better with your fucking time too. You sound like you'll be flipping burgers in the near future you fucking retard.
07-07-2015, 05:14 AM
#46
SC58
Former Staff
Originally posted by Bitwise
You're all clueless about this. Every single PS3 modder leeched everything related with stats from xbox. Even my good buddy BadChoiceZ wouldn't even know it existed without Const and that other PS3 guy (aresoul or something).
All client stats is basic and simple, and now old. The new hype is a method I discovered on MW3, which is a recovery without email and pass needed; work on Advanced Warfare too. It's hit #DramaAlert and the leaked version is going to be patched, it's going to be over here sooner or later so keep your eyes peeled for that. Everyone on here also doesn't know a single thing about game security, every "anti-ban" to ever exist on PS3 was ported from Xbox without any knowledge. The released "stat entry" is nothing more than a buffer version of the structures inside playerdata.def, on each cod the stat difference is different (which is also a passed command argument when used with the server command) no one knew it was using a server command until I told everyone on AIM, SC58 doesn't have enough programming knowledge to realise he was building nothing more than a string buffer to be stored in mem like any other server command. So yeah, have fun using re-use old leaked shit PS3!
All client stats is basic and simple, and now old. The new hype is a method I discovered on MW3, which is a recovery without email and pass needed; work on Advanced Warfare too. It's hit #DramaAlert and the leaked version is going to be patched, it's going to be over here sooner or later so keep your eyes peeled for that. Everyone on here also doesn't know a single thing about game security, every "anti-ban" to ever exist on PS3 was ported from Xbox without any knowledge. The released "stat entry" is nothing more than a buffer version of the structures inside playerdata.def, on each cod the stat difference is different (which is also a passed command argument when used with the server command) no one knew it was using a server command until I told everyone on AIM, SC58 doesn't have enough programming knowledge to realise he was building nothing more than a string buffer to be stored in mem like any other server command. So yeah, have fun using re-use old leaked shit PS3!
Damn i'm sorry master that i take stuff from the cod pdb and remake it, please don't give me a C&
I'm soo sorry i leeched from your game, please dont get the head of Activision to sue me
The following 3 users say thank you to SC58 for this useful post:
Copyright © 2024, NextGenUpdate.
All Rights Reserved.
