sorry for my bad english.
i have a private hack with nametag and minimap working fine, i also hooked the pbss function and put a fake screen shot when pb get ss, it works fine too. but the problem is , in the pbss, there are some description which include the map name, so when server admin check the pbss ,he will see a dalian power plant in karkand map. so i want to identify the map in my hack and put different ss in different map. i use tsearch to find the map name in memory, i found ,the map name address is different every time i load a new map. :dead:
can anybody help me out?

sorry for my bad english.
i have a private hack with nametag and minimap working fine, i also hooked the pbss function and put a fake screen shot when pb get ss, it works fine too. but the problem is , in the pbss, there are some description which include the map name, so when server admin check the pbss ,he will see a dalian power plant in karkand map. so i want to identify the map in my hack and put different ss in different map. i use tsearch to find the map name in memory, i found ,the map name address is different every time i load a new map. :dead:
can anybody help me out?

Wow, first of all congrats on all the features you have thus far. What you can try is see what code sets the string (by putting BP) and if it changing (Dynamic), it the code might be like

MOV EBX, DWORD PTR DS: [ ECX + 15]

Where EBX is pointer to the string. So you just need to go in reverse, see what sets ECX and so on, and because bf2 is object oriented, you will see a base pointer then addition to base to get member of class & so on. The brackets mean read address

[[239232] + 15]

By reading the proper addresses you will be able to get to the string. Or what you can do is put a code cave at the

MOV EBX, DWORD PTR DS: [ ECX + 15]

-> becomes JMP somewhere

somewhere:
MOV [knownlocation],ECX
MOV EBX, DWORD PTR DS: [ ECX + 15]
JMP Back

And now you know the value of ECX, so just add 15 to get the pointer to string.

why dont u turn the hack off and back on while ss took ?

why dont u turn the hack off and back on while ss took ?

That would be the easier method if you coded all the above in your hack. Still, I'll give you credit for thing of a novel solution to the 'clean' screenshot.