I took a look at this. Here's what I have so far:
(1) Notice that you actually get 2 static locations for PLAYERID: one from game.dll and one from logs.dll
(2) I traced the code all the way back to when it actually takes the PLAYERID from the network-input-buffer.
(3) Hint #1: check out the pointer at address 0xe9e9cc
(4) Hint #2: the instruction that makes this happen is mov [edx],eax -- exactly 0x6194 bytes before the instruction you mentioned
(5) Interesting side note: 0xe9f238 seems to be a network-input-buffer... changes constantly, and lots of data gets read from there.... useful for future hacks?
(6) Anyways, now we've found the exact instruction where PLAYERID is received by the client.
(7) So we modify the code to mov[edx],107 (code cave...)
(8] Now, both game.dll & logs.dll works with the 107h value
(9) When you select "US Army" and then select "Soldier"... the HOST (i.e., the SERVER) gets a SELECT WEAPON menu.
If you play around with it, there's a few other interesting things that happen. e.g., the client "stays" in the game even after you leave and rejoin (then there's 3 players).
I think this is progress... or it might just be taking us a longer route...
MrMedic or others who have done this... are we on the right track?