Closed sacredgeo closed 7 years ago
what was the offset that you found? I'll give this a try.
@sacredgeo you're really helping out this simple glow hack bro. Thanks a lot
@PredictEr The hack was already amazing. I'm just adding small tweaks.
@veb 0xABE4
I've been reading on unknown cheats about some offsets called flashAlpha (m_flFlashMaxAlpha) and flashDuration (m_flFlashDuration). I'm not sure if the offset I've found is one of those. If you find flashAlpha you can specify the transparency, which seems like the best option.
Perfect! Works well.
@veb Awesome. Are you good with Bit Slicer? Can you help me find the m_flFlashMaxAlpha offset? Complete no-flash isn't ideal because sometimes you won't even know if you were flashed. Overwatch will catch that. I really want it reduced by like 75%.
I read that m_flFlashMaxAlpha and m_flFlashDuration are 4 bytes apart, and found from the Local Player offset. I've found 0xABE4, 0xABE8, and 0xABEC all change when you're flashed, including a few other addresses nearby.
You can change the float value to something like 0.5f
i.e.
WriteMem(csgo, playerAddress + 0x????, 0.5f);
@ggothreau That's the first thing I tried. It didn't work.
I have one idea that might do it. Testing now.
@sacredgeo why not add it onto the one you made?
@sacredgeo Yeah, I just tested it. It will show the initial flash but not the screen overlay. It's likely a linear function that controls the screen overlay based on the initial flash (which I suspect is offset 0xABE4). There is likely another offset that controls the flash overlay, which is what we want.
@acer2245 It seems the creators didn't intend to release this with extra features so I'm honoring that. Feel free to add it yourself.
@sacredgeo Honestly that is fair enough i do see alot of people on here begging for cheats and all that so i do feel sorry for them
@ggothreau
I found it. From reading on UnknownCheats, I found that apparently m_flFlashMaxAlpha has a range of 0 - 255. And we know it's near the Local Player in memory.
In Bit Slicer I tried searching for all integers with a value of 255. Returned ~850,000. None near Local Player. No luck. So I tried looking for floats of 255. Only one was near my local player. The offset is 0xABF4, only 0x10 away from the previous value I found. I changed the value to 100 and froze it (40% flash). It worked!
m_flFlashMaxAlpha gets set to 255 the first time you get flashed on a map. If the map changes, it will get set to 255 again. It doesn't need to be done every time you're flashed. I'm using a 20% overlay and it works nicely.
Change your int to a float, read the memory as a float, and you're good. I did a simple if statement to alter it.
if(MaxFlashAlpha == 255){
WriteMem(task, playerAddress + 0xABF4, 51.0f);
}
I've noticed that m_flFlashMaxAlpha + 0x1C = m_iGlowIndex. I checked older offsets and it seems to be constant. Now we can find them easier if they're updated.
@sacredgeo GitHub is all about collaboration and such, each change you do you should push it to your forked repo. They won't mind, otherwise it wouldn't have been open sourced. :)
Get Hopper Dissambler and you never use Bit Slicer to find offsets ;-)
@sacredgeo It makes no sense if you check for flashmaxalpha to be 255.
Why don't you just check if flashmaxalpha is bigger than your "reduced flash alpha" ... makes more sense (remember what if flashmaxalpha is not 255 but u are still blind)
@aKalisch Does flashmaxalpha change? I watched it in memory and it just stayed at 255.
@aKalisch I've downloaded Hopper Disassembler. Not really sure where to go from here. I tried "Read Executable to Disassemble" and opened csgo_osx64. I've read that in Olly Dbg you can search for a string like "m_iHealth", but it's not returning any results here. Can you point me in the right direction. Thanks.
Opening csgo executeable will not work. Go by this way: Read executable to dissamble, open client.dylib, wait for hopper to dissamble the file. On the left change to the Strings Tab. Search for m_iHealth. Click on it. Then there are some XREF entries behind the found string (like sub_123456+123). Click on the 123. Then you just need to look the next line (sometimes the second next line).
Picked the m_iHealth because you already know the value for it. So it might be easier to understand where you have to look for the offset.
Ok it worked. It returned a few XREF entries: XREF=sub_361690+197, sub_5888b0+525, sub_5e2300+900.
Clicking +197 shows:
0000000000361755 lea rsi, qword [ds:0xb861dc]
000000000036175c mov edx, 0x134
0000000000361761 mov ecx, 0x4
I see the 0x134 and know LocalPlayer + 0x134 is my health. Is there a way to find the LocalPlayer from Hopper? (Currently 0x51dd828)
Thanks again. I really appreciate the help.
Edit: I just used this to find m_flFlashMaxAlpha. It took me hours in Bit Slicer, and 5 seconds in Hopper. I love it!
For fun I found m_fFlags = 0x138 and m_vecVelocity = 0x148, 0x14C, and 0x150. I'm assuming that's X, Y and Z. Maybe I'll try to add your bunnyhop.
The find the localplayer offset you just need to implement pattern scanning. There is no way to find the localPlayer Pointer like that. But u can use Hopper to find the signature for it.
But why you don't just use @gabsens pattern scanner?
@akalisch I use the pattern scanner after updates. I'm just trying to learn more.
yeah, but you could implement a pattern scanner into your hack... so you never update pointer offsets again ;-)
That's a great idea. I'll try it sometime this week. I'd have to directly copy gabsen's code though. This stuff is rather complex xD
If I find some time I'll implement pattern scanning to it. Will be a complete rollover of the old code as i also implement a better memory class and some other usefull stuff to it.
Sounds great! Looking forward to it.
I was looking into adding a radar hack. There's an offset m_bSpotted involved. Apparently you just set it to "1" for each entity and they'll appear on radar. I'll be working on that.
It will not work since Valve patched Far-ESP (Glow) The Player is only visible until he gets dormant. Then he disappears from radar.
Updated the Hack and added auto updating Pointers to localPlayer, Entitylist and GlowManager
Wow the new code looks great. Very organized. I'll try it out later. Gonna add the top enemy player glow and no flash back into it. Would you like my code for that? You could probably do it yourself in 5 minutes, but I figured I should offer.
I just realized I already have the code in the csglow I forked to my account. I'm so busy at work I can't concentrate @_@
@sacredgeo Have you added no flash to your forked account?
@sacredgeo
For fun I found m_fFlags = 0x138 and m_vecVelocity = 0x148, 0x14C, and 0x150. I'm assuming that's X, Y and Z. Maybe I'll try to add your bunnyhop.
Maybe you get an Vector3 class to just read 0x148 as Vector3 reads the following floats with it.
For example like this:
Vector3 velocity = mem->read<Vector3>(base + m_vecVelocity);
As result you can output every float as velocity.x, velocity.y, velocity.z
I couldn't get vectors to work, but this is how I did it.
float velocity[3];
for(int i = 0; i < 3; i++){
velocity[i] = mem->read<float>(playerAddress + 0x148 + 0x4 * i);
}
Basically the same thing I think.
@sacredgeo basically yes... but you read 3 times from memory.
Pick my vector3 class at https://gist.github.com/aKalisch/d57734c10ed23d68ac82961c36f8ce6d and implement it. Then you should be able to read a Vector in one call.
Okay I'll give it a shot. Thanks!
So now that I've got noflash and bunnyhop, I'm thinking what else can I try to implement. What do you think about aimbot, triggerbot, or nospread? They all seem rather complicated.
Nospread has been patched by Valve. No way to get that working.
There are 2 Types of Triggerbot.
An Aimbot is not that hard as you might think. It's just tons of math ;-) Did it on my own with some other aimbot sources for Windows. What can I say. It's still overwatch undetected.
My last trigonometry class was in 2007. I'll see what I can do :D
ok how the fuck do u add amibot
On Fri, Oct 28, 2016 at 6:39 PM, sacredgeo notifications@github.com wrote:
My last trigonometry class was in 2007. I'll see what I can do :D
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/iseekwonderful/csgoGlow/issues/155#issuecomment-257045471, or mute the thread https://github.com/notifications/unsubscribe-auth/AVzUQU6XEe-GfiFzIgF_TauCbv7WO046ks5q4nmigaJpZM4Kgu72 .
You find the enemy location, then use trigonometry to find the correct angle to aim at them.
There's more to it than that, obviously. But that's the basic idea. In game everything is represented in 3 dimensions (x, y, and z), but your screen is 2-dimensional, so you need to take that into account. Here's a good explanation: https://www.unknowncheats.me/forum/counterstrike-global-offensive/137492-math-behind-hack-1-coding-better-aimbot-stop-using-calcangle.html
I'm kind of learning as I go. So far I'm able to get the enemy locations and my location from memory. Working on the rest...
Here's what I've got so far. These are all float values.
my angles
local player + 0x160 = x
local player + 0x164 = y
my position
local player + 0x16C = x
local player + 0x170 = y
local player + 0x174 = z
Enemy position is the same offsets from entity list (we call it playerBase in this cheat).
Edit: "local player + 0x174 = z" seems to be the location (height) of my feet.
I had to add m_vecViewOffset located at 0x144 to correct for this. Now it refers to where my view is. This takes into account crouching.
So it's basically: z= float(local player + 0x174) + float(local player + 0x144)
I assume the same concept will be the location of the enemy's head.
@sacredgeo Are you planning on sharing these?
@acer2245
If I can get it working I'll tell you exactly how to do it. You should check out that tutorial on unknowncheats I posted.
@sacredgeo what is your unknowncheat username?
@gazababon123 I don't post there. I just read.
@sacredgeo oooo, kk. But eh is there anyway i can know the program u use to make the code work in game, i tried bit slicer, but i dont really get how to use it XD
sorry, yes fyi i am a stupid :(
@aKalisch eh, how do you use the vector thing?, idgi can you teach me sometime. if you dont want i also dont mind
@gazababon123
I'm using Bit Slicer and Hopper Disassembler to find the offsets. I'm using XCode to write the code. I'm using tutorials on UnknownCheats to help me.
@sacredgeo what is the code for the bhop? may i know the one that i can just type in my xcode?
@gazababon123 if you are wanting a bhop script its not that hard to find a source code for it
@columbusblue34 so what am i suppose to search?, im new to coding. sorry if im making your life hard
how to code a bhop script or source code for bhop on xcode
If this is inappropriate for github please remove it.
I've added a no-flash. Here's the code. You just need to find the flash offset. I did it with Bit Slicer in about 20 minutes.
This was much easier than I expected. I'm trying to play with the code so it doesn't completely remove the flash, but just reduces it. No luck so far.
Also, does anyone know if this method is VAC detectable? Thanks.