View Full Version : PB-scanned offsets
test0r
16th April 2004, 16:39
Ok guys,
I did some research on how PB works and now I got all the addresses/offsets Punkbuster scans in the BFV-process. I also found out that PB scans only one offset at one time - every 45 seconds.
But now here the offsets:
00489FA2 --- 6 bytes
00489FAD --- 2 bytes
0048C120 --- 6 bytes
0048EC54 --- 6 bytes
00530E44 --- 6 bytes
00530E4A --- 6 bytes
005314C7 --- 6 bytes
0064863F --- 6 bytes
The most offsets of my hack are detected now. Those offsets shouldnt be used in your own hack.
I will update this list if Punkbuster updates its scanning list too.
CaptainCox
16th April 2004, 16:43
Thanks for the heads up test0r
caliber1942
17th April 2004, 01:42
let's don't get too ****y or talk them down too much (just my opinion). i think punkbuster has done pretty good work on the majority of cheaters. the casual hack downloader is no longer able to cheat anymore. anyways, the scan offsets are very useful, thanks!
tommyw
17th April 2004, 16:24
but test0r, they can easily change the addresses that they scan with their Automatic Embedded Updater. You know the whole "Connecting to Master Server" and updates and shat, it's easy to change what they read. I'm also going to guess that they scan for running processes as well.
test0r
17th April 2004, 18:23
thats clear tommyw ;)
Its easy to see where they scan for running processes (with Process32First and Process32Next..).
I know that they dont need to update anything in their software too scan for new offsets and processes.
Spontaneous
17th April 2004, 22:59
Yea but the idea of the connecting to master server is you download a list of offsets to have the pb client scan. This can be different every different time it connects to the master server. You download it at 0.4kbps. When doing bf1942, you do not get the full offset list every time you connect to master server, only a partial. I do not know if its the same in vietnam yet but I am willing to say it is. Atleast that is what I have come to gather from all my reading. This is also why they can detect for new hacks without actually doing a client update of files in the HTM dir. Them updates are more for actual client updates or scanning methods not the list of offsets to scan.
test0r
18th April 2004, 15:23
found two more (look above): accuracy, and view distance console unlock, but currently not the console hack itself...
vBulletin® v3.8.4, Copyright ©2000-2009, Jelsoft Enterprises Ltd.