Tutorial How to find GetInaccuracy Index

  • Downloading from our site will require you to have a paid membership. Upgrade to a Premium Membership today!

    Dont forget read our Rules! Also anyone caught Sharing this content will be banned. By using this site you are agreeing to our rules so read them. Saying I did not know is simply not an excuse! You have been warned.

Radio

    Status
    Not open for further replies.

    ven0m

    Administrator
    Staff member
    Administrator
    Moderator
    Platinum
    xenForo 2.x.x
    xenForo 1.x.x
    Contributor
    vBulletin All Access Pass
    The Chest
    Verified
    Ultra Platinum VIP
    Platinum VIP
    Gold VIP
    Silver VIP
    Premium
    Member
    Jul 17, 2005
    20,466
    7,708
    321
    localhost
    Code:
            How to get the GetInaccuracy Index:
            string search: "whiteAdditive" and xref it
    
            Note: v2 = vtable
    
            .text:105EEA6B 68 D0 D7 B8 10                          push    offset aWhiteadditive ; "whiteAdditive"
            .text:105EEA70 B9 F4 C5 CE 10                          mov     ecx, offset byte_10CEC5F4
            .text:105EEA75 E8 06 79 CB FF                          call    sub_102A6380
            .text:105EEA7A                         ; 229:                 if ( v7 )
            .text:105EEA7A 85 C0                                   test    eax, eax
            .text:105EEA7C 74 0C                                   jz      short loc_105EEA8A
            .text:105EEA7E                         ; 230:                   v2[3260] = *(float *)(v7 + 136);
            .text:105EEA7E 8B 80 88 00 00 00                       mov     eax, [eax+88h]
            .text:105EEA84 89 86 F0 32 00 00                       mov     [esi+32F0h], eax
            .text:105EEA8A                         ; 232:               if ( ((int (__thiscall *)(void ***))off_10D0B178[13])(&off_10D0B178) || *((_BYTE *)v4 + 41865) )
            .text:105EEA8A
            .text:105EEA8A                         loc_105EEA8A:                           ; CODE XREF: sub_105EE840+229↑j
            .text:105EEA8A                                                                 ; sub_105EE840+23C↑j
            .text:105EEA8A A1 78 B1 D0 10                          mov     eax, off_10D0B178
            .text:105EEA8F B9 78 B1 D0 10                          mov     ecx, offset off_10D0B178
            .text:105EEA94 8B 40 34                                mov     eax, [eax+34h]
            .text:105EEA97 FF D0                                   call    eax
            .text:105EEA99 85 C0                                   test    eax, eax
            .text:105EEA9B 75 2B                                   jnz     short loc_105EEAC8
            .text:105EEA9D 38 87 89 A3 00 00                       cmp     [edi+0A389h], al
            .text:105EEAA3 75 23                                   jnz     short loc_105EEAC8
            .text:105EEAA5                         ; 239:                 (*(void (__stdcall **)(_DWORD))(*(_DWORD *)dword_1522B7EC + 152))(*((_DWORD *)v2 + 3260));
            .text:105EEAA5 8B 0D EC B7 22 15                       mov     ecx, dword_1522B7EC
            .text:105EEAAB FF B6 F0 32 00 00                       push    dword ptr [esi+32F0h]
            .text:105EEAB1                         ; 238:                 v96 = 1;
            .text:105EEAB1 C6 44 24 0C 01                          mov     byte ptr [esp+84h+var_78], 1
            .text:105EEAB6 8B 01                                   mov     eax, [ecx]
            .text:105EEAB8 FF 90 98 00 00 00                       call    dword ptr [eax+98h]
            .text:105EEABE                         ; 240:                 v100 = 200;
            .text:105EEABE C7 44 24 1C C8 00 00 00                 mov     [esp+80h+var_64], 0C8h
            .text:105EEAC6 EB 05                                   jmp     short loc_105EEACD
            .text:105EEAC8                         ; ---------------------------------------------------------------------------
            .text:105EEAC8                         ; 234:                 v96 = 0;
            .text:105EEAC8
            .text:105EEAC8                         loc_105EEAC8:                           ; CODE XREF: sub_105EE840+25B↑j
            .text:105EEAC8                                                                 ; sub_105EE840+263↑j
            .text:105EEAC8 C6 44 24 08 00                          mov     byte ptr [esp+80h+var_78], 0
            .text:105EEACD                         ; 242:               if ( sub_105F2E80(v2) && !((int (__thiscall *)(void ***))off_10D0B960[13])(&off_10D0B960) )
            .text:105EEACD
            .text:105EEACD                         loc_105EEACD:                           ; CODE XREF: sub_105EE840+286↑j
            .text:105EEACD 8B CE                                   mov     ecx, esi
            .text:105EEACF E8 AC 43 00 00                          call    sub_105F2E80
            .text:105EEAD4 85 C0                                   test    eax, eax
            .text:105EEAD6 74 30                                   jz      short loc_105EEB08
            .text:105EEAD8 A1 60 B9 D0 10                          mov     eax, off_10D0B960
            .text:105EEADD B9 60 B9 D0 10                          mov     ecx, offset off_10D0B960
            .text:105EEAE2 8B 40 34                                mov     eax, [eax+34h]
            .text:105EEAE5 FF D0                                   call    eax
            .text:105EEAE7 85 C0                                   test    eax, eax
            .text:105EEAE9 75 1D                                   jnz     short loc_105EEB08
            .text:105EEAEB                         ; 244:                 v8 = sub_105F2E80(v2);
            .text:105EEAEB 8B CE                                   mov     ecx, esi
            .text:105EEAED E8 8E 43 00 00                          call    sub_105F2E80
            .text:105EEAF2                         ; 245:                 v9 = sub_105F9240(v8);
            .text:105EEAF2 8B C8                                   mov     ecx, eax
            .text:105EEAF4 E8 47 A7 00 00                          call    sub_105F9240
            .text:105EEAF9                         ; 246:                 v10 = v100;
            .text:105EEAF9 8B 4C 24 1C                             mov     ecx, [esp+80h+var_64]
            .text:105EEAFD                         ; 247:                 if ( v9 )
            .text:105EEAFD 33 D2                                   xor     edx, edx
            .text:105EEAFF 84 C0                                   test    al, al
            .text:105EEB01                         ; 248:                   v10 = 0;
            .text:105EEB01 0F 45 CA                                cmovnz  ecx, edx
            .text:105EEB04                         ; 249:                 v100 = v10;
            .text:105EEB04 89 4C 24 1C                             mov     [esp+80h+var_64], ecx
            .text:105EEB08                         ; 251:               result = (*(int (__thiscall **)(float *))(*(_DWORD *)v2 + 1792))(v2);
            .text:105EEB08
            .text:105EEB08                         loc_105EEB08:                           ; CODE XREF: sub_105EE840+296↑j
            .text:105EEB08                                                                 ; sub_105EE840+2A9↑j
            .text:105EEB08 8B 06                                   mov     eax, [esi]
            .text:105EEB0A 8B CE                                   mov     ecx, esi
            .text:105EEB0C 8B 80 00 07 00 00                       mov     eax, [eax+700h]
            .text:105EEB12 FF D0                                   call    eax
            .text:105EEB14                         ; 252:               if ( result != 15 )
            .text:105EEB14 83 F8 0F                                cmp     eax, 0Fh
            .text:105EEB17 0F 84 76 15 00 00                       jz      loc_105F0093
            .text:105EEB1D                         ; 254:                 result = (*(int (__thiscall **)(float *))(*(_DWORD *)v2 + 1792))(v2);
            .text:105EEB1D 8B 06                                   mov     eax, [esi]
            .text:105EEB1F 8B CE                                   mov     ecx, esi
            .text:105EEB21 8B 80 00 07 00 00                       mov     eax, [eax+700h]
            .text:105EEB27 FF D0                                   call    eax
            .text:105EEB29                         ; 255:                 if ( result != 12 )
            .text:105EEB29 83 F8 0C                                cmp     eax, 0Ch
            .text:105EEB2C 0F 84 61 15 00 00                       jz      loc_105F0093
            .text:105EEB32                         ; 257:                   result = (*(int (__thiscall **)(float *))(*(_DWORD *)v2 + 1792))(v2);
            .text:105EEB32 8B 06                                   mov     eax, [esi]
            .text:105EEB34 8B CE                                   mov     ecx, esi
            .text:105EEB36 8B 80 00 07 00 00                       mov     eax, [eax+700h]
            .text:105EEB3C FF D0                                   call    eax
            .text:105EEB3E                         ; 258:                   if ( result != 17 )
            .text:105EEB3E 83 F8 11                                cmp     eax, 11h
            .text:105EEB41 0F 84 4C 15 00 00                       jz      loc_105F0093
            .text:105EEB47                         ; 260:                     if ( (*(int (__thiscall **)(float *))(*(_DWORD *)v2 + 1792))(v2) != 5
            .text:105EEB47                         ; 261:                       || (result = ((int (__thiscall *)(void ***))off_10D0B960[13])(&off_10D0B960)) != 0 )
            .text:105EEB47 8B 06                                   mov     eax, [esi]
            .text:105EEB49 8B CE                                   mov     ecx, esi
            .text:105EEB4B 8B 80 00 07 00 00                       mov     eax, [eax+700h]
            .text:105EEB51 FF D0                                   call    eax
            .text:105EEB53 83 F8 05                                cmp     eax, 5
            .text:105EEB56 75 17                                   jnz     short loc_105EEB6F
            .text:105EEB58 A1 60 B9 D0 10                          mov     eax, off_10D0B960
            .text:105EEB5D B9 60 B9 D0 10                          mov     ecx, offset off_10D0B960
            .text:105EEB62 8B 40 34                                mov     eax, [eax+34h]
            .text:105EEB65 FF D0                                   call    eax
            .text:105EEB67 85 C0                                   test    eax, eax
            .text:105EEB69 0F 84 24 15 00 00                       jz      loc_105F0093
            .text:105EEB6F                         ; 263:                       (*((void (__thiscall **)(void **))*v4 + 328))(v4);
            .text:105EEB6F
            .text:105EEB6F                         loc_105EEB6F:                           ; CODE XREF: sub_105EE840+316↑j
            .text:105EEB6F 8B 07                                   mov     eax, [edi]
            .text:105EEB71 8B CF                                   mov     ecx, edi
            .text:105EEB73 8B 80 20 05 00 00                       mov     eax, [eax+520h]
            .text:105EEB79 FF D0                                   call    eax
            .text:105EEB7B                         ; 264:                       v11 = a2 * 0.0087266462;
            .text:105EEB7B D8 0D 9C D7 C2 10                       fmul    ds:dword_10C2D79C
            .text:105EEB81                         ; 266:                       (*(void (__thiscall **)(float *))(*(_DWORD *)v2 + 1904))(v2);
            .text:105EEB81 8B CE                                   mov     ecx, esi
            .text:105EEB83 8B 06                                   mov     eax, [esi]
            .text:105EEB85 8B 80 70 07 00 00                       mov     eax, [eax+770h] <---------- this ( divided by 4 = vtable index)
     
    Status
    Not open for further replies.