Closed EnragedPears closed 7 years ago
The new code has got pattern scanning implemented in it courtesy of @aKalisch. This means every time you open the hack, it searches for the patterns of the offsets and then populates those offsets with the current values (in layman terms). So realistically, download the code, build it and run it... you will see the glow working in CSGO. 👍
ok, thanks.
@aKalisch
I'm trying to add the pattern scanning for CClientState. I can find the start of engine.dylib (0x10bb00000), but I get a different offset for CClientState every time I run it. Am I doing something wrong here?
off_t engineLength = 0;
mach_vm_address_t engineStartAddress;
g_cProc->getModule(mainTask, &engineStartAddress, &engineLength, "/engine.dylib");
Scanner * engineScanner = new Scanner(engineStartAddress, engineLength);
uint64_t CClientStateBase = engineScanner->getPointer(
(Byte*)"\x84\x6D\xE9\xFF\x0F\x1F\x00\x00\x55\x48\x89\xE5\x48\x8B\x05\x00\x00\x00\x00\x48\x83\xC0\x00\x5D\xC3\x66\x66\x66\x66\x66\x66\x2E\x0F\x1F\x84",
"xxxxxx??xxxxxxx????xxx?xxxxxxxxxxxx",
0xF
) + 0x4;
printf("engine: 0x%llx, cclientbase: 0x%llx \n", engineStartAddress, CClientStateBase);
The last offset was 0x835340. i just ran this code 3 times and got 3 different results: 0xf77feecd, 0xb70ecd, 0x2a84ecd.
Yes... I got the wrong signature... Pick this one: (Byte*)"\x55\x48\x89\xE5\x48\x8B\x00\x00\x00\x00\x00\x48\x83\x00\x00\x5D\xC3\x66\x66\x66\x66\x66\x66\x2E\x0F\x1F\x84\x00\x00\x00\x00\x00", "xxxxxx?????xx??xxxxxxxxxxxxxxxxx", 0x7
"engine: 0x10bb00000, cclientbase: 0x835340"
Works beautifully! You're a legend dude. As always, thank you!
One more Hint for u ;-)
uint64_t m_dwIsInGame = 0x198;
uint64_t m_dwFullUpdate = 0x204;
uint64_t m_iLocalPlayer = 0x210;
uint64_t m_szMapFile = 0x218;
uint64_t m_szMapName = 0x31C;
uint64_t m_dwGetMaxClients = 0x3A0;
uint64_t m_vecViewAngle = 0x8E20;
you may could use some of them. Remember the question about m_bSpottedByMask?
Yes I'm still planning on attempting an aimbot using m_bSpottedByMask. That's why I was adding the pattern for CClientState :-)
I'm using m_vecViewAngle already, but I don't know what the rest of those are for. I'll look into it!
uint64_t m_dwIsInGame = 0x198; // Check if you are conntected to a server (state 6 = conntected)
uint64_t m_dwFullUpdate = 0x204; // If u plan to make a SkinChanger you need this
uint64_t m_iLocalPlayer = 0x210; // Your Index on a Internet Server
uint64_t m_szMapFile = 0x218; // Path to map (for BSP Parsing)
uint64_t m_szMapName = 0x31C; // Map name for BSP Parsing Debug printing
uint64_t m_dwGetMaxClients = 0x3A0; // MaxClients to have on a server (for entityLoop)
uint64_t m_vecViewAngle = 0x8E20; // SetViewAngles method
Oh those look very useful! I assumed they're from CClientState, but just tested them all to make sure. I thought about trying a skin changer. I'd like a fancy knife haha.
So my idea for the aimbot is basically:
for (int i = 0; i < 60; i++) {
uint64_t memoryAddress = mem->read<uint64_t>(imgbase + playerBase + 0x20 * i);
check to make sure health > 0, connected, etc;
if(player is on opposite team){
check my location and view angles;
check enemy location, calc distance to them, calc angles to them;
if(enemy enemy within 20 degrees of my view angle){
if(enemy spotted){
set new view angle;
}
}
}
}
Do you think that's a decent method? I'd like to aim for the bones, but for now I'm just doing their xyz location. I add m_vecViewOffset so it aims at the head.
for (int i = 0; i < CClientState.maxClients; i++) {
uint64_t memoryAddress = mem->read<uint64_t>(imgbase + playerBase + 0x20 * i);
check to make sure health > 0, connected, etc; // don't forget about dormant ;-)
if(player is on opposite team){
check my location and view angles;
check enemy location, calc distance to them, calc angles to them;
if(enemy enemy within 20 degrees of my view angle){
if(enemy spotted){
set new view angle;
}
}
}
}
You should do it like this. What about skype chat about this. We're already spamming this issues on this repo. You can add me through aka.rissc ;-)
I tried to redownload the hack with the updated offsets, but the code for them on main.cpp was blank. How do I find the offsets if someone doesn't have them yet?