0
"[X] <== The Haunted Hells Reach Script"
80000008
Auto Assembler Script
{ // '{' opens a block of comments
===========================================
Game Title : The Haunted - Hells Reach (32 bits, DX9)
Game Version : 1.0.8788.0
Process Name : HauntedGame.exe
Script Version: 1.0
CE Version : 6.1
Release date : 12-Dec-2011
Author : Recifense
Features:
- God Mode
- Unlimited Ammo
===========================================
} // '}' closes a block of comments
[ENABLE]
//=========================================
// Check if script is compatible to this game version
// If false the script will not be loaded
assert(HauntedGame.exe+065121,8b c1 89 4e 08) // The script is only loaded if assert returns TRUE
assert(HauntedGame.exe+04810d,8b 44 24 10 29 03)// The script is only loaded if assert returns TRUE
//=========================================
alloc(MyCode,1024) // Allocating memory. 1024 (1Kb) is enough.
//=========================================
// Declaration section
label(_MonAmmo) // Declaring a label
label(_BackMA) // Declaring a label
label(_ExitMA) // Declaring a label
label(_GodMode) // Declaring a label
label(_GodM0) // Declaring a label
label(_GodM1) // Declaring a label
label(_BackGM) // Declaring a label
label(_ExitGM) // Declaring a label
label(pPlayer) // Declaring a label
label(pHP) // Declaring a label
label(pAmmo) // Declaring a label
label(pWeapon) // Declaring a label
label(iEnableGM) // Declaring a label
label(iEnableMA) // Declaring a label
//=========================================
// Registering Symbols
registersymbol(MyCode) // Registering "MyCode", so it can be easily find it in the memory viewer.
registersymbol(pPlayer) // Registering "pPlayer", so it can be easily used in a table or structure.
registersymbol(pHP) // Registering "pHP", so it can be easily used in a table or structure.
registersymbol(pAmmo) // Registering "pAmmo", so it can be easily used in a table or structure.
registersymbol(pWeapon) // Registering "pWeapon", so it can be easily used in a table or structure.
registersymbol(iEnableGM) // Registering "iEnableGM", so it can be easily used in a table or structure.
registersymbol(iEnableMA) // Registering "iEnableMA", so it can be easily used in a table or structure.
//=========================================
MyCode:
//=========================================
// This script will:
// 1) Check if the information is valid -> the content of offsets 009c and 00d4 are equal and not NULL (0)
// 2) Identify the addresses of Hero's HP and Ammo
// 3) If Unlimited Ammo is enabled (iEnableMA <> 0), current ammo = maximum ammo and current reserve = maximum
// ESI = Base of a structure (Don't confuse Base with Bottom. Base here is the first address of a structure)
_MonAmmo:
mov eax,[esi+0000009c] // Load register EAX with the content of offset 009c
test eax,eax // Test it
jz _ExitMA // jcc is a conditional jump. The condition here is Z (if zero).
cmp eax,[esi+000000d4] // Verify if the content of offset 00d4 is equal to that of offset 009c.
jne _ExitMA // jcc is a conditional jump. The condition here is NE (not equal to).
mov [pPlayer],eax // EAX is the base of the HP structure. Save it for debugging;
mov [pWeapon],esi // ESI is the base of the Ammo structure. Save it for debugging;
lea eax,[eax+000002dc] // Make EAX = EAX + Offset of current HP;
mov [pHP],eax // EAX points to the exact address of current HP. Save it for further use.
lea eax,[esi+000002f4] // Make EAX = ESI + Offset of current Ammo;
mov [pAmmo],eax // EAX points to the exact address of current Ammo. Save it for further use.
cmp dword ptr [iEnableMA],0 // If the content of the memory address pointed by label iEnableMA is 0...
je _ExitMA // ... the script will continue at the label _ExitMA (jcc -> E = equal to)
mov eax,[esi+000002f0] // Load EAX with the content of offset 02f0 (Maximum Ammo)
mov [esi+000002f4],eax // and copy it to the offset 02f4 (Current Ammo)
mov eax,[esi+000002d4] // Load EAX with the content of offset 02d4 (Maximum Reserve Ammo)
mov [esi+000002d0],eax // and copy it to the offset 02d0 (Current Reserve Ammo)
_ExitMA:
mov eax,ecx // Original code
mov [esi+08],ecx // Original code
jmp _BackMA // Back to main code
//=========================================
// This script will (if enabled: iEnableMA <> 0 and/or iEnableGM <> 0):
// 1) Not let the value to be decreased, if it is at Hero's HP address or at the Hero's Ammo address.
// 2) Make the current value equal to maximum
// EBX points to the address of the value to be decreased
_GodMode:
cmp ebx,[pAmmo] // Is it the hero's ammo.
je _GodM0 // jcc is a conditional jump. The condition here is E (equal to).
cmp ebx,[pHP] // Is it the hero's HP.
jne _ExitGM // jcc is a conditional jump. The condition here is NE (NOT equal to).
cmp dword ptr [iEnableGM],0 // If the content of the memory address pointed by label iEnableGM is 0...
je _ExitGM // ... the script will continue at the label _ExitGM (jcc -> E = equal to)
mov eax,[ebx+04] // Load EAX with Maximum HP
mov [ebx],eax // and copy it to Current HP address
jmp _GodM1 // Continue at the label _GodM2
_GodM0:
cmp dword ptr [iEnableMA],0 // If the content of the memory address pointed by label iEnableMA is 0...
je _ExitGM // ... the script will continue at the label _ExitGM (jcc -> E = equal to)
mov eax,[ebx-04] // Load EAX with Maximum Ammo
mov [ebx],eax // and copy it to Current Ammo address
_GodM1:
xor eax,eax // Make EAX = 0 (A xor A = 0)
mov [esp+10],eax // Make value to be decreased at the stack offset 10 = 0
_ExitGM:
mov eax,[esp+10] // Original code (EAX = value to be decreased)
sub [ebx],eax // Original code
jmp _BackGM // Back to main code
//=========================================
db '================>' // The memory at this location is filled with this string
db 'CE6.1 Script by Recifense 121211' // The memory at this location is filled with this string
//=========================================
// Variables
// We can put the variables here, right after the last script.
iEnableGM: // The variable name followed by : (in fact, it is a lable)
dd 1 // Reserving 4 bytes and initializing its value with 1
iEnableMA: // The variable name followed by : (in fact, it is a lable)
dd 1 // Reserving 4 bytes and initializing its value with 1
pPlayer: // The variable name followed by : (in fact, it is a lable)
dd MyCode // Reserving 4 bytes and initializing its value with MyCode address value
pHP: // The variable name followed by : (in fact, it is a lable)
dd MyCode // Reserving 4 bytes and initializing its value with MyCode address value
pAmmo: // The variable name followed by : (in fact, it is a lable)
dd MyCode // Reserving 4 bytes and initializing its value with MyCode address value
pWeapon: // The variable name followed by : (in fact, it is a lable)
dd MyCode // Reserving 4 bytes and initializing its value with MyCode address value
//=========================================
// Hacking Points
// It can also be placed before the scripts. But let's put it after them, just to remind us
// that the script was created and loaded into the computer memory and now can be accessed.
HauntedGame.exe+065121: // The address to be intercepted
jmp _MonAmmo // Jumping to the script (this instruction is 5 bytes long in a 32 bits system)
_BackMA: // This label is the address to go back. It is HauntedGame.exe+065121 plus 5 bytes.
HauntedGame.exe+04810d: // The address to be intercepted
jmp _GodMode // Jumping to the script (this instruction is 5 bytes long in a 32 bits system)
nop // Adding a NOP (90h) instruction to complete 6 bytes (remember this!)
_BackGM: // This label is the address to go back. It is HauntedGame.exe+04810d plus 6 bytes.
[DISABLE]
//=========================================
// This part is performed when we disable the script by unchecking its active box.
// Here we should:
// - Restore the original codes
// - Unregister the symbols
// - Deallocate (free) the memory
HauntedGame.exe+065121: // The address to restore the code
// mov eax,ecx // The code to be restored (this instruction is 2 bytes long)
// mov [esi+08],ecx // The code to be restored (this instruction is 3 bytes long)
db 8b c1 89 4e 08 // The instruction in byte sequence representation
HauntedGame.exe+04810d: // The address to restore the code
// mov eax,[esp+10] // The code to be restored (this instruction is 3 bytes long)
// sub [ebx],eax // The code to be restored (this instruction is 3 bytes long)
db 8b 44 24 10 29 03 // The instruction in byte sequence representation
//=========================================
// Unregistering Symbols
unregistersymbol(MyCode) // UNregistering "MyCode", so it cannot be accessed anymore.
unregistersymbol(iEnableGM) // UNregistering "iEnableGM", so it cannot be accessed anymore.
unregistersymbol(iEnableMA) // UNregistering "iEnableMA", so it cannot be accessed anymore.
unregistersymbol(pPlayer) // UNregistering "pPlayer", so it cannot be accessed anymore.
unregistersymbol(pHP) // UNregistering "pHP", so it cannot be accessed anymore.
unregistersymbol(pAmmo) // UNregistering "pAmmo", so it cannot be accessed anymore.
unregistersymbol(pWeapon) // UNregistering "pWeapon", so it cannot be accessed anymore.
//=========================================
dealloc(MyCode) // DE-allocating memory so the system can use it for other purposes.
//============= Scripts End ===============
// ****************************************
// NOTES
// ****************************************
{
struct WEAPON:
009c = pHero
00d4 = pHero
02d0 = current_Reserved_Ammo
02d4 = maximum_Reserved_Ammo
02f0 = maximum_Ammo_onCLIP
02f4 = current_Ammo_onCLIP
struct HERO:
00d4 = pSelf
02dc = current_HP
02e0 = maximum_HP
03c4 = pWeapon
}
1
"iEnableMA"
80000008
4 Bytes
iEnableMA
2
"iEnableGM"
80000008
4 Bytes
iEnableGM
3
"pPlayer"
1
80000008
4 Bytes
pPlayer
4
"pWeapon"
1
80000008
4 Bytes
pWeapon
6
"pAmmo"
1
80000008
4 Bytes
pAmmo
5
"pHP"
1
80000008
4 Bytes
pHP
Code :mov ecx,[eax] HP
004BA63C
HauntedGame.exe
BA63C
0F
8B
44
24
08
8B
08
8B
54
24
04
89
Code :sub [ebx],eax HP
00448111
HauntedGame.exe
48111
02
8B
44
24
10
29
03
8B
1B
8B
4C
24
Code :mov ebx,[ebx] HP
00448113
HauntedGame.exe
48113
44
24
10
29
03
8B
1B
8B
4C
24
14
5E
Code :cmp dword ptr [ecx+000002DC],00 HP
00915FD0
HauntedGame.exe
515FD0
24
0C
83
EC
0C
83
B9
DC
02
00
00
00
8B
C4
89
30
8B
Code :mov [esi+08],ecx
00465123
HauntedGame.exe
65123
DF
FF
FF
8B
C1
89
4E
08
83
E0
04
33
C9
Code :and dword ptr [esi+08],FB
004651F7
HauntedGame.exe
651F7
74
2C
8B
46
0C
83
66
08
FB
89
46
0C
8B
44
MyCode
04180000
pUnit
041800F8
pPlayer
041800FC
pHP
04180100
pAmmo
04180104
pWeapon
04180108
iEnableGM
041800F0
iEnableMA
041800F4
Hero
0
Pointer
-16
4
1
8
4
Pointer
-16
4
1
8
8
Pointer
-16
4
1
8
12
Pointer
-16
4
1
8
16
Pointer
-16
4
1
8
20
Pointer
-16
4
1
8
24
Dword
-7
4
28
Byte
-1
1
29
Byte
-1
1
30
Byte
-1
1
31
Byte
-1
1
32
Byte
-1
1
33
Byte
-1
1
34
Byte
-1
1
35
Word
-4
2
37
Byte
-1
1
38
Byte
-1
1
39
Byte
-1
1
40
Pointer
-16
4
1
8
44
Byte
-1
1
45
Byte
-1
1
46
Byte
-1
1
47
Byte
-1
1
48
Dword
-7
4
52
Pointer
-16
4
1
8
56
Pointer
-16
4
1
8
60
Pointer
-16
4
1
8
64
Dword
-7
4
68
Dword
-7
4
72
Pointer
-16
4
1
8
76
Dword
-7
4
80
Dword
-7
4
84
Float
-12
4
88
Float
-12
4
92
Float
-12
4
96
Dword
-7
4
100
Byte
-1
1
101
Byte
-1
1
102
Byte
-1
1
103
Byte
-1
1
104
Double
-13
8
112
Float
-12
4
116
Float
-12
4
120
Float
-12
4
124
Dword
-7
4
128
Dword
-7
4
132
Dword
-7
4
136
Dword
-7
4
140
Double
-13
8
148
Pointer
-16
4
1
8
152
Dword
-7
4
156
Pointer
-16
4
1
8
160
Pointer
-16
4
1
8
164
Pointer
-16
4
1
8
168
Dword
-7
4
172
Dword
-7
4
176
Pointer
-16
4
1
8
180
Byte
-1
1
181
Byte
-1
1
182
Byte
-1
1
183
Byte
-1
1
184
Pointer
-16
4
1
8
188
Dword
-7
4
192
Dword
-7
4
196
Float
-12
4
200
Float
-12
4
204
Dword
-7
4
208
Dword
-7
4
212
**pSelf
-7
4
1
8
216
Pointer
-16
4
1
8
220
Double
-13
8
228
Float
-12
4
232
Byte
-1
1
233
Byte
-1
1
234
Byte
-1
1
235
Byte
-1
1
236
Dword
-7
4
240
Dword
-7
4
244
Dword
-7
4
248
Dword
-7
4
252
Dword
-7
4
256
Dword
-7
4
260
Dword
-7
4
264
Dword
-7
4
268
Dword
-7
4
272
Pointer
-16
4
1
8
276
Dword
-7
4
280
Dword
-7
4
284
Pointer
-16
4
1
8
288
Dword
-7
4
292
Dword
-7
4
296
Dword
-7
4
300
Dword
-7
4
304
Pointer
-16
4
1
8
308
Dword
-7
4
312
Dword
-7
4
316
Dword
-7
4
320
Dword
-7
4
324
Dword
-7
4
328
Dword
-7
4
332
Dword
-7
4
336
Dword
-7
4
340
Dword
-7
4
344
Dword
-7
4
348
Dword
-7
4
352
Dword
-7
4
356
Pointer
-16
4
1
8
360
Dword
-7
4
364
Dword
-7
4
368
Float
-12
4
372
Float
-12
4
376
Float
-12
4
380
Dword
-7
4
384
Dword
-7
4
388
Dword
-7
4
392
Pointer
-16
4
1
8
396
Pointer
-16
4
1
8
400
Dword
-7
4
404
Dword
-7
4
408
Dword
-7
4
412
Dword
-7
4
416
Pointer
-16
4
1
8
420
Pointer
-16
4
1
8
424
Dword
-7
4
428
Dword
-7
4
432
Dword
-7
4
436
Dword
-7
4
440
Dword
-7
4
444
Dword
-7
4
448
Dword
-7
4
452
Dword
-7
4
456
Pointer
-16
4
1
8
460
Float
-12
4
464
Float
-12
4
468
String
-14
5
473
Byte
-1
1
474
Byte
-1
1
475
Byte
-1
1
476
Dword
-7
4
480
Dword
-7
4
484
Dword
-7
4
488
Pointer
-16
4
1
8
492
Dword
-7
4
496
Dword
-7
4
500
Dword
-7
4
504
Dword
-7
4
508
Pointer
-16
4
1
8
512
Pointer
-16
4
1
8
516
Pointer
-16
4
1
8
520
Dword
-7
4
524
Dword
-7
4
528
Float
-12
4
532
Float
-12
4
536
Double
-13
8
544
Dword
-7
4
548
Double
-13
8
556
Float
-12
4
560
Float
-12
4
564
Dword
-7
4
568
Float
-12
4
572
Dword
-7
4
576
Float
-12
4
580
Float
-12
4
584
Byte
-1
1
585
Byte
-1
1
586
Byte
-1
1
587
Byte
-1
1
588
Dword
-7
4
592
Pointer
-16
4
1
8
596
Dword
-7
4
600
Pointer
-16
4
1
8
604
Dword
-7
4
608
Float
-12
4
612
Dword
-7
4
616
Dword
-7
4
620
Dword
-7
4
624
Dword
-7
4
628
Dword
-7
4
632
Dword
-7
4
636
Double
-13
8
644
Dword
-7
4
648
Float
-12
4
652
Float
-12
4
656
Float
-12
4
660
Float
-12
4
664
Float
-12
4
668
Float
-12
4
672
Float
-12
4
676
Float
-12
4
680
Double
-13
8
688
Float
-12
4
692
Float
-12
4
696
Float
-12
4
700
Float
-12
4
704
Float
-12
4
708
Float
-12
4
712
Dword
-7
4
716
Float
-12
4
720
Float
-12
4
724
Dword
-7
4
728
Pointer
-16
4
1
8
732
**Current HP
-7
4
736
**Maximum HP
-7
4
740
Dword
-7
4
744
Dword
-7
4
748
Float
-12
4
752
Dword
-7
4
756
Dword
-7
4
760
Dword
-7
4
764
Byte
-1
1
765
Byte
-1
1
766
Word
-4
2
768
Float
-12
4
772
Float
-12
4
776
Float
-12
4
780
Float
-12
4
784
Double
-13
8
792
Float
-12
4
796
Float
-12
4
800
Float
-12
4
804
Float
-12
4
808
Double
-13
8
816
Float
-12
4
820
Float
-12
4
824
Dword
-7
4
828
Dword
-7
4
832
Dword
-7
4
836
Pointer
-16
4
1
8
840
Pointer
-16
4
1
8
844
Dword
-7
4
848
Dword
-7
4
852
Dword
-7
4
856
Dword
-7
4
860
Dword
-7
4
864
Double
-13
8
872
Dword
-7
4
876
Dword
-7
4
880
Dword
-7
4
884
Dword
-7
4
888
Dword
-7
4
892
Dword
-7
4
896
Dword
-7
4
900
Pointer
-16
4
1
8
904
Pointer
-16
4
1
8
908
Float
-12
4
912
Float
-12
4
916
Dword
-7
4
920
Byte
-1
1
921
Byte
-1
1
922
Byte
-1
1
923
Byte
-1
1
924
Float
-12
4
928
Pointer
-16
4
1
8
932
Float
-12
4
936
Float
-12
4
940
Dword
-7
4
944
Dword
-7
4
948
Byte
-1
1
949
Byte
-1
1
950
Byte
-1
1
951
Byte
-1
1
952
Dword
-7
4
956
Pointer
-16
4
1
8
960
Pointer
-16
4
1
8
964
**pAmmo
-7
4
1
8
968
Dword
-7
4
972
Dword
-7
4
976
Dword
-7
4
980
Dword
-7
4
984
Dword
-7
4
988
Dword
-7
4
992
Dword
-7
4
996
Dword
-7
4
1000
Dword
-7
4
1004
Dword
-7
4
1008
Dword
-7
4
1012
Dword
-7
4
1016
Dword
-7
4
1020
Dword
-7
4
1024
Dword
-7
4
1028
Dword
-7
4
1032
Dword
-7
4
1036
Dword
-7
4
1040
Dword
-7
4
1044
Dword
-7
4
1048
Dword
-7
4
1052
Dword
-7
4
1056
Dword
-7
4
1060
Dword
-7
4
1064
Dword
-7
4
1068
Dword
-7
4
1072
Dword
-7
4
1076
Dword
-7
4
1080
Double
-13
8
1088
Dword
-7
4
1092
Dword
-7
4
1096
Dword
-7
4
1100
Dword
-7
4
1104
Dword
-7
4
1108
Dword
-7
4
1112
Dword
-7
4
1116
Dword
-7
4
1120
Dword
-7
4
1124
Double
-13
8
1132
Dword
-7
4
1136
Dword
-7
4
1140
Dword
-7
4
1144
Dword
-7
4
1148
Dword
-7
4
1152
Dword
-7
4
1156
Dword
-7
4
1160
Dword
-7
4
1164
Float
-12
4
1168
Float
-12
4
1172
Double
-13
8
1180
Float
-12
4
1184
Float
-12
4
1188
Pointer
-16
4
1
8
1192
Byte
-1
1
1193
Byte
-1
1
1194
Byte
-1
1
1195
Byte
-1
1
1196
Dword
-7
4
1200
Float
-12
4
1204
Dword
-7
4
1208
Dword
-7
4
1212
Float
-12
4
1216
Float
-12
4
1220
Float
-12
4
1224
Dword
-7
4
1228
Dword
-7
4
1232
Dword
-7
4
1236
Float
-12
4
1240
Pointer
-16
4
1
8
1244
Dword
-7
4
1248
Dword
-7
4
1252
Dword
-7
4
1256
Dword
-7
4
1260
Pointer
-16
4
1
8
1264
Dword
-7
4
1268
Dword
-7
4
1272
Dword
-7
4
1276
Dword
-7
4
Ammo
0
Pointer
-16
4
1
8
4
Pointer
-16
4
1
8
8
Pointer
-16
4
1
8
12
Pointer
-16
4
1
8
16
Pointer
-16
4
1
8
20
Byte
-1
1
21
Byte
-1
1
22
Byte
-1
1
23
Byte
-1
1
24
Dword
-7
4
28
Byte
-1
1
29
Byte
-1
1
30
Byte
-1
1
31
Byte
-1
1
32
Byte
-1
1
33
Byte
-1
1
34
Byte
-1
1
35
Word
-4
2
37
Byte
-1
1
38
Byte
-1
1
39
Byte
-1
1
40
Pointer
-16
4
1
8
44
Byte
-1
1
45
Byte
-1
1
46
Byte
-1
1
47
Byte
-1
1
48
Dword
-7
4
52
Pointer
-16
4
1
8
56
Pointer
-16
4
1
8
60
Dword
-7
4
64
Dword
-7
4
68
Dword
-7
4
72
Dword
-7
4
76
Dword
-7
4
80
Dword
-7
4
84
Float
-12
4
88
Float
-12
4
92
Float
-12
4
96
Dword
-7
4
100
Byte
-1
1
101
Byte
-1
1
102
Byte
-1
1
103
Byte
-1
1
104
Double
-13
8
112
Float
-12
4
116
Float
-12
4
120
Float
-12
4
124
Dword
-7
4
128
Dword
-7
4
132
Dword
-7
4
136
Dword
-7
4
140
Double
-13
8
148
Pointer
-16
4
1
8
152
Dword
-7
4
156
**pHero
-7
4
1
8
160
Dword
-7
4
164
Dword
-7
4
168
Dword
-7
4
172
Dword
-7
4
176
Pointer
-16
4
1
8
180
Byte
-1
1
181
Byte
-1
1
182
Byte
-1
1
183
Byte
-1
1
184
Pointer
-16
4
1
8
188
Dword
-7
4
192
Dword
-7
4
196
Float
-12
4
200
Float
-12
4
204
Dword
-7
4
208
Dword
-7
4
212
**pHero
-7
4
1
8
216
Pointer
-16
4
1
8
220
Double
-13
8
228
Dword
-7
4
232
Byte
-1
1
233
Byte
-1
1
234
Byte
-1
1
235
Byte
-1
1
236
Dword
-7
4
240
Dword
-7
4
244
Dword
-7
4
248
Dword
-7
4
252
Dword
-7
4
256
Dword
-7
4
260
Dword
-7
4
264
Dword
-7
4
268
Dword
-7
4
272
Dword
-7
4
276
Dword
-7
4
280
Dword
-7
4
284
Dword
-7
4
288
Dword
-7
4
292
Dword
-7
4
296
Dword
-7
4
300
Dword
-7
4
304
Pointer
-16
4
1
8
308
Dword
-7
4
312
Dword
-7
4
316
Dword
-7
4
320
Dword
-7
4
324
Dword
-7
4
328
Dword
-7
4
332
Dword
-7
4
336
Dword
-7
4
340
Dword
-7
4
344
Dword
-7
4
348
Dword
-7
4
352
Dword
-7
4
356
Dword
-7
4
360
Dword
-7
4
364
Dword
-7
4
368
Dword
-7
4
372
Dword
-7
4
376
Dword
-7
4
380
Dword
-7
4
384
Dword
-7
4
388
Dword
-7
4
392
Dword
-7
4
396
Dword
-7
4
400
Dword
-7
4
404
Dword
-7
4
408
Dword
-7
4
412
Dword
-7
4
416
Pointer
-16
4
1
8
420
Pointer
-16
4
1
8
424
Dword
-7
4
428
Dword
-7
4
432
Dword
-7
4
436
Dword
-7
4
440
Dword
-7
4
444
Dword
-7
4
448
Dword
-7
4
452
Dword
-7
4
456
Pointer
-16
4
1
8
460
Pointer
-16
4
1
8
464
Pointer
-16
4
1
8
468
Dword
-7
4
472
Dword
-7
4
476
Dword
-7
4
480
Float
-12
4
484
Float
-12
4
488
Pointer
-16
4
1
8
492
Dword
-7
4
496
Dword
-7
4
500
Dword
-7
4
504
Dword
-7
4
508
Dword
-7
4
512
Dword
-7
4
516
Pointer
-16
4
1
8
520
Dword
-7
4
524
Dword
-7
4
528
Dword
-7
4
532
Dword
-7
4
536
Pointer
-16
4
1
8
540
Dword
-7
4
544
Dword
-7
4
548
Pointer
-16
4
1
8
552
Dword
-7
4
556
Dword
-7
4
560
Dword
-7
4
564
Dword
-7
4
568
Dword
-7
4
572
Pointer
-16
4
1
8
576
Dword
-7
4
580
Dword
-7
4
584
Pointer
-16
4
1
8
588
Dword
-7
4
592
Dword
-7
4
596
Pointer
-16
4
1
8
600
Dword
-7
4
604
Dword
-7
4
608
Pointer
-16
4
1
8
612
Dword
-7
4
616
Dword
-7
4
620
Pointer
-16
4
1
8
624
Dword
-7
4
628
Dword
-7
4
632
Float
-12
4
636
Dword
-7
4
640
Dword
-7
4
644
Dword
-7
4
648
Dword
-7
4
652
Dword
-7
4
656
Float
-12
4
660
Double
-13
8
668
Float
-12
4
672
Dword
-7
4
676
Dword
-7
4
680
Dword
-7
4
684
Double
-13
8
692
Dword
-7
4
696
Dword
-7
4
700
Dword
-7
4
704
Dword
-7
4
708
Dword
-7
4
712
Dword
-7
4
716
Dword
-7
4
720
**cReserved Ammo
-7
4
724
**mReserved Ammo
-7
4
728
Dword
-7
4
732
Pointer
-16
4
1
8
736
Dword
-7
4
740
Dword
-7
4
744
Dword
-7
4
748
Dword
-7
4
752
**Maximum Ammo
-7
4
756
**Currrent Ammo
-7
4
764
Dword
-7
4
768
Dword
-7
4
772
Dword
-7
4
776
Dword
-7
4
780
Dword
-7
4
784
Float
-12
4
788
Double
-13
8
796
Double
-13
8
804
Double
-13
8
812
Dword
-7
4
816
Double
-13
8
824
Float
-12
4
828
Dword
-7
4
832
Double
-13
8
840
Dword
-7
4
844
Dword
-7
4
Do it Yourself