Nov 8, 2013

Im trying to make an ESP hack for starcraft 2.
So I watched Fleeps ESP hack tutorial, and there he said that the best way to find the view matrix was to find it in ollydbg.
So I opened ollydbg and attached to sc2, and then searched for all referenced strings, and found this

Text strings referenced in SC2:.text, item 25895
Disassembly=PUSH SC2.012E6740
Text string=ASCII "p_mWorldViewProj"

and now I dunno what to do next, Im totally new to ollydbg and I know little about assembler language..
So Im wondering if anyone can help me out abit, and tell me where I go from here to find the address to the view matrix?


Jul 19, 2012
If you'd show a bit more of the disassembly I might be able to help you.


Sep 3, 2012
Get Pointer to VEngineClient Func 37 is WolrdToScreenMatrix, reverse the function and you'll get the Matrix.


Nov 8, 2013
If you'd show a bit more of the disassembly I might be able to help you.
Thank you

010711AC   68 20694A01      PUSH SC2.014A6920                        ; ASCII "p_vMaskTiling"
010711B1   8D8E 44020000    LEA ECX,DWORD PTR DS:[ESI+244]
010711B7   56               PUSH ESI
010711B8   E8 C3050000      CALL SC2.01071780
010711BD   33C0             XOR EAX,EAX
010711BF   50               PUSH EAX
010711C0   6A 40            PUSH 40
010711C2   6A 01            PUSH 1
010711C4   68 40674A01      PUSH SC2.014A6740                        ; ASCII "p_mWorldViewProj"
010711C9   56               PUSH ESI
010711CA   8D8E 48020000    LEA ECX,DWORD PTR DS:[ESI+248]
010711D0   E8 AB050000      CALL SC2.01071780
010711D5   33C0             XOR EAX,EAX
010711D7   50               PUSH EAX
010711D8   6A 40            PUSH 40
010711DA   6A 01            PUSH 1
010711DC   68 0C694A01      PUSH SC2.014A690C                        ; ASCII "p_mprojectorMatrix"
010711E1   56               PUSH ESI
010711E2   8D8E 4C020000    LEA ECX,DWORD PTR DS:[ESI+24C]
010711E8   E8 93050000      CALL SC2.01071780
010711ED   33C0             XOR EAX,EAX
010711EF   50               PUSH EAX
010711F0   6A 10            PUSH 10
010711F2   6A 01            PUSH 1
010711F4   68 FC684A01      PUSH SC2.014A68FC                        ; ASCII "p_vMaskInvSize"
010711F9   56               PUSH ESI
010711FA   8D8E 50020000    LEA ECX,DWORD PTR DS:[ESI+250]
01071200   E8 7B050000      CALL SC2.01071780
01071205   33C0             XOR EAX,EAX
01071207   50               PUSH EAX
01071208   6A 0C            PUSH 0C
0107120A   6A 01            PUSH 1
0107120C   68 F0684A01      PUSH SC2.014A68F0                        ; ASCII "p_vTangent"
is this good?
