Why! Don't release anything. I play BF4 and I would hate to see it filled with hackers.
You do realize it is already filled with hackers? That's the whole point of Punkbuster/FairFight.
Reverse engineering the game to get the offsets to variables using IDA and a dump of the game. For example, ClientGameContext has a static pointer at 0x142471d58. The PlayerManager offset from that is 0x60 so if you read in memory the pointer 0x142471d58 you get the address of ClientGameContext in the game. readInt64(pointerGameContext + 0x60) gets you the PlayerManager offset. There's an array pointer at pointerPlayerMan + 0x548 which you can loop through for all ClientPlayers. So on and so forth.
Of course there are a few tricks and alignment things sometimes and externally I can't call virtual methods but that's basically it. If I inject a DLL and hook into one of the game's functions I can build an SDK to fit the data structures of the game and then I'm able to do things easier, including calling virtual funcs.
How do you know the names/addresses and the layout of the data in the executable?