yanguangshaonian
/
apex_dma_kvm_pub
mirror of https://github.com/MisterY52/apex_dma_kvm_pub.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

dtb fix

Browse Source 
Fix for the dtb value that changes while the process is running.
Currently only windows 10 >= 20H1 is supported.
master
MisterY52 2 months ago
parent 185e0b5509
commit 684a0a797c
4 changed files with 335 additions and 316 deletions
Show Stats Download Patch File Download Diff File

356
apex_dma/apex_dma.cpp
Unescape Escape View File

@ -18,7 +18,7 @@ uintptr_t aimentity = 0;
uintptr_t tmp_aimentity = 0;
uintptr_t lastaimentity = 0;
float max = 999.0f;
float max_dist = 200.0f*40.0f;
float max_dist = 200.0f * 40.0f;
int team_player = 0;
float max_fov = 15;
const int toRead = 100;
@ -28,11 +28,11 @@ bool item_glow = false;
bool player_glow = false;
extern bool aim_no_recoil;
bool aiming = false;
bool shooting = false;
extern float smooth;
extern int bone;
bool thirdperson = false;
bool chargerifle = false;
bool shooting = false;
bool actions_t = false;
bool esp_t = false;
@ -59,8 +59,8 @@ typedef struct player
bool visible = false;
int health = 0;
int shield = 0;
char name[33] = { 0 };
}player;
char name[33] = {0};
} player;
struct Matrix
{
@ -75,13 +75,16 @@ int tmp_all_spec = 0, allied_spectators = 0;
//////////////////////////////////////////////////////////////////////////////////////////////////
void ProcessPlayer(Entity& LPlayer, Entity& target, uint64_t entitylist, int index)
void ProcessPlayer(Entity &LPlayer, Entity &target, uint64_t entitylist, int index)
{
char name[33];
target.get_name(g_Base, index - 1, name);
int entity_team = target.getTeamId();
if (!target.isAlive())
{
if(target.Observing(LPlayer.ptr))
if (target.Observing(LPlayer.ptr))
{
if (LPlayer.getTeamId() == entity_team)
tmp_all_spec++;
@ -94,14 +97,16 @@ void ProcessPlayer(Entity& LPlayer, Entity& target, uint64_t entitylist, int ind
Vector EntityPosition = target.getPosition();
Vector LocalPlayerPosition = LPlayer.getPosition();
float dist = LocalPlayerPosition.DistTo(EntityPosition);
if (dist > max_dist) return;
if (dist > max_dist)
return;
if(!firing_range)
if (entity_team < 0 || entity_team>50 || entity_team == team_player) return;
if(aim==2)
if (!firing_range)
if (entity_team < 0 || entity_team > 50 || entity_team == team_player)
return;
if (aim == 2)
{
if((target.lastVisTime() > lastvis_aim[index]))
if ((target.lastVisTime() > lastvis_aim[index]))
{
float fov = CalculateFov(LPlayer, target);
if (fov < max)
@ -112,9 +117,9 @@ void ProcessPlayer(Entity& LPlayer, Entity& target, uint64_t entitylist, int ind
}
else
{
if(aimentity==target.ptr)
if (aimentity == target.ptr)
{
aimentity=tmp_aimentity=lastaimentity=0;
aimentity = tmp_aimentity = lastaimentity = 0;
}
}
}
@ -139,41 +144,22 @@ void DoActions()
bool tmp_thirdperson = false;
bool tmp_chargerifle = false;
while (g_Base!=0 && c_Base!=0)
while (g_Base != 0 && c_Base != 0)
{
std::this_thread::sleep_for(std::chrono::milliseconds(30));
std::this_thread::sleep_for(std::chrono::milliseconds(30));
uint64_t LocalPlayer = 0;
apex_mem.Read<uint64_t>(g_Base + OFFSET_LOCAL_ENT, LocalPlayer);
if (LocalPlayer == 0) continue;
if (LocalPlayer == 0)
continue;
Entity LPlayer = getEntity(LocalPlayer);
team_player = LPlayer.getTeamId();
if (team_player < 0 || team_player>50)
if (team_player < 0 || team_player > 50)
{
continue;
}
if(thirdperson && !tmp_thirdperson)
{
if(!aiming)
{
apex_mem.Write<int>(g_Base + OFFSET_THIRDPERSON, 1);
apex_mem.Write<int>(LPlayer.ptr + OFFSET_THIRDPERSON_SV, 1);
tmp_thirdperson = true;
}
}
else if((!thirdperson && tmp_thirdperson) || aiming)
{
if(tmp_thirdperson)
{
apex_mem.Write<int>(g_Base + OFFSET_THIRDPERSON, -1);
apex_mem.Write<int>(LPlayer.ptr + OFFSET_THIRDPERSON_SV, 0);
tmp_thirdperson = false;
}
}
uint64_t entitylist = g_Base + OFFSET_ENTITYLIST;
uint64_t baseent = 0;
@ -187,15 +173,17 @@ void DoActions()
tmp_aimentity = 0;
tmp_spec = 0;
tmp_all_spec = 0;
if(firing_range)
if (firing_range)
{
int c=0;
int c = 0;
for (int i = 0; i < 10000; i++)
{
uint64_t centity = 0;
apex_mem.Read<uint64_t>(entitylist + ((uint64_t)i << 5), centity);
if (centity == 0) continue;
if (LocalPlayer == centity) continue;
if (centity == 0)
continue;
if (LocalPlayer == centity)
continue;
Entity Target = getEntity(centity);
if (!Target.isDummy())
@ -203,11 +191,11 @@ void DoActions()
continue;
}
if(player_glow && !Target.isGlowing())
if (player_glow && !Target.isGlowing())
{
Target.enableGlow();
}
else if(!player_glow && Target.isGlowing())
else if (!player_glow && Target.isGlowing())
{
Target.disableGlow();
}
@ -222,15 +210,18 @@ void DoActions()
{
uint64_t centity = 0;
apex_mem.Read<uint64_t>(entitylist + ((uint64_t)i << 5), centity);
if (centity == 0) continue;
if (LocalPlayer == centity) continue;
if (centity == 0)
continue;
if (LocalPlayer == centity)
continue;
Entity Target = getEntity(centity);
if (!Target.isPlayer())
{
continue;
}
ProcessPlayer(LPlayer, Target, entitylist, i);
int entity_team = Target.getTeamId();
@ -239,11 +230,11 @@ void DoActions()
continue;
}
if(player_glow && !Target.isGlowing())
if (player_glow && !Target.isGlowing())
{
Target.enableGlow();
}
else if(!player_glow && Target.isGlowing())
else if (!player_glow && Target.isGlowing())
{
Target.disableGlow();
}
@ -253,24 +244,10 @@ void DoActions()
spectators = tmp_spec;
allied_spectators = tmp_all_spec;
if(!lock)
if (!lock)
aimentity = tmp_aimentity;
else
aimentity = lastaimentity;
if(chargerifle)
{
charge_rifle_hack(LocalPlayer);
tmp_chargerifle = true;
}
else
{
if(tmp_chargerifle)
{
apex_mem.Write<float>(g_Base + OFFSET_TIMESCALE + 0x68, 1.f);
tmp_chargerifle = false;
}
}
}
}
actions_t = false;
@ -283,10 +260,10 @@ player players[toRead];
static void EspLoop()
{
esp_t = true;
while(esp_t)
while (esp_t)
{
std::this_thread::sleep_for(std::chrono::milliseconds(1));
while(g_Base!=0 && c_Base!=0)
while (g_Base != 0 && c_Base != 0)
{
std::this_thread::sleep_for(std::chrono::milliseconds(1));
if (esp)
@ -298,18 +275,19 @@ static void EspLoop()
if (LocalPlayer == 0)
{
next = true;
while(next && g_Base!=0 && c_Base!=0 && esp)
while (next && g_Base != 0 && c_Base != 0 && esp)
{
std::this_thread::sleep_for(std::chrono::milliseconds(1));
}
continue;
}
Entity LPlayer = getEntity(LocalPlayer);
int team_player = LPlayer.getTeamId();
if (team_player < 0 || team_player>50)
if (team_player < 0 || team_player > 50)
{
next = true;
while(next && g_Base!=0 && c_Base!=0 && esp)
while (next && g_Base != 0 && c_Base != 0 && esp)
{
std::this_thread::sleep_for(std::chrono::milliseconds(1));
}
@ -325,20 +303,20 @@ static void EspLoop()
apex_mem.Read<Matrix>(viewMatrix, m);
uint64_t entitylist = g_Base + OFFSET_ENTITYLIST;
memset(players,0,sizeof(players));
if(firing_range)
memset(players, 0, sizeof(players));
if (firing_range)
{
int c=0;
int c = 0;
for (int i = 0; i < 10000; i++)
{
uint64_t centity = 0;
apex_mem.Read<uint64_t>( entitylist + ((uint64_t)i << 5), centity);
apex_mem.Read<uint64_t>(entitylist + ((uint64_t)i << 5), centity);
if (centity == 0)
{
continue;
}
}
if (LocalPlayer == centity)
{
continue;
@ -360,10 +338,10 @@ static void EspLoop()
Vector EntityPosition = Target.getPosition();
float dist = LocalPlayerPosition.DistTo(EntityPosition);
if (dist > max_dist || dist < 50.0f)
{
{
continue;
}
Vector bs = Vector();
WorldToScreen(EntityPosition, m.matrix, 1920, 1080, bs);
if (bs.x > 0 && bs.y > 0)
@ -376,46 +354,45 @@ static void EspLoop()
float boxMiddle = bs.x - (width / 2.0f);
int health = Target.getHealth();
int shield = Target.getShield();
players[c] =
{
dist,
entity_team,
boxMiddle,
hs.y,
width,
height,
bs.x,
bs.y,
0,
(Target.lastVisTime() > lastvis_esp[c]),
health,
shield
};
Target.get_name(g_Base, i-1, &players[c].name[0]);
players[c] =
{
dist,
entity_team,
boxMiddle,
hs.y,
width,
height,
bs.x,
bs.y,
0,
(Target.lastVisTime() > lastvis_esp[c]),
health,
shield};
Target.get_name(g_Base, i - 1, &players[c].name[0]);
lastvis_esp[c] = Target.lastVisTime();
valid = true;
c++;
}
}
}
}
else
{
for (int i = 0; i < toRead; i++)
{
uint64_t centity = 0;
apex_mem.Read<uint64_t>( entitylist + ((uint64_t)i << 5), centity);
apex_mem.Read<uint64_t>(entitylist + ((uint64_t)i << 5), centity);
if (centity == 0)
{
continue;
}
if (LocalPlayer == centity)
{
continue;
}
Entity Target = getEntity(centity);
if (!Target.isPlayer())
{
continue;
@ -427,7 +404,7 @@ static void EspLoop()
}
int entity_team = Target.getTeamId();
if (entity_team < 0 || entity_team>50 || entity_team == team_player)
if (entity_team < 0 || entity_team > 50 || entity_team == team_player)
{
continue;
}
@ -435,7 +412,7 @@ static void EspLoop()
Vector EntityPosition = Target.getPosition();
float dist = LocalPlayerPosition.DistTo(EntityPosition);
if (dist > max_dist || dist < 50.0f)
{
{
continue;
}
@ -451,23 +428,22 @@ static void EspLoop()
float boxMiddle = bs.x - (width / 2.0f);
int health = Target.getHealth();
int shield = Target.getShield();
players[i] =
{
dist,
entity_team,
boxMiddle,
hs.y,
width,
height,
bs.x,
bs.y,
Target.isKnocked(),
(Target.lastVisTime() > lastvis_esp[i]),
health,
shield
};
Target.get_name(g_Base, i-1, &players[i].name[0]);
players[i] =
{
dist,
entity_team,
boxMiddle,
hs.y,
width,
height,
bs.x,
bs.y,
Target.isKnocked(),
(Target.lastVisTime() > lastvis_esp[i]),
health,
shield};
Target.get_name(g_Base, i - 1, &players[i].name[0]);
lastvis_esp[i] = Target.lastVisTime();
valid = true;
}
@ -475,7 +451,7 @@ static void EspLoop()
}
next = true;
while(next && g_Base!=0 && c_Base!=0 && esp)
while (next && g_Base != 0 && c_Base != 0 && esp)
{
std::this_thread::sleep_for(std::chrono::milliseconds(1));
}
@ -491,28 +467,29 @@ static void AimbotLoop()
while (aim_t)
{
std::this_thread::sleep_for(std::chrono::milliseconds(1));
while (g_Base!=0 && c_Base!=0)
while (g_Base != 0 && c_Base != 0)
{
std::this_thread::sleep_for(std::chrono::milliseconds(1));
if (aim>0)
if (aim > 0)
{
if (aimentity == 0 || !aiming)
{
lock=false;
lastaimentity=0;
lock = false;
lastaimentity = 0;
continue;
}
lock=true;
lock = true;
lastaimentity = aimentity;
uint64_t LocalPlayer = 0;
apex_mem.Read<uint64_t>(g_Base + OFFSET_LOCAL_ENT, LocalPlayer);
if (LocalPlayer == 0) continue;
if (LocalPlayer == 0)
continue;
Entity LPlayer = getEntity(LocalPlayer);
QAngle Angles = CalculateBestBoneAim(LPlayer, aimentity, max_fov);
if (Angles.x == 0 && Angles.y == 0)
{
lock=false;
lastaimentity=0;
lock = false;
lastaimentity = 0;
continue;
}
LPlayer.SetViewAngles(Angles);
@ -526,69 +503,71 @@ static void set_vars(uint64_t add_addr)
{
printf("Reading client vars...\n");
std::this_thread::sleep_for(std::chrono::milliseconds(50));
//Get addresses of client vars
// Get addresses of client vars
uint64_t check_addr = 0;
client_mem.Read<uint64_t>(add_addr, check_addr);
uint64_t aim_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t), aim_addr);
uint64_t esp_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*2, esp_addr);
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 2, esp_addr);
uint64_t aiming_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*3, aiming_addr);
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 3, aiming_addr);
uint64_t g_Base_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*4, g_Base_addr);
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 4, g_Base_addr);
uint64_t next_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*5, next_addr);
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 5, next_addr);
uint64_t player_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*6, player_addr);
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 6, player_addr);
uint64_t valid_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*7, valid_addr);
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 7, valid_addr);
uint64_t max_dist_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*8, max_dist_addr);
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 8, max_dist_addr);
uint64_t item_glow_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*9, item_glow_addr);
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 9, item_glow_addr);
uint64_t player_glow_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*10, player_glow_addr);
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 10, player_glow_addr);
uint64_t aim_no_recoil_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*11, aim_no_recoil_addr);
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 11, aim_no_recoil_addr);
uint64_t smooth_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*12, smooth_addr);
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 12, smooth_addr);
uint64_t max_fov_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*13, max_fov_addr);
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 13, max_fov_addr);
uint64_t bone_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*14, bone_addr);
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 14, bone_addr);
uint64_t thirdperson_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*15, thirdperson_addr);
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 15, thirdperson_addr);
uint64_t shooting_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 16, shooting_addr);
uint64_t chargerifle_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 17, chargerifle_addr);
uint64_t spectators_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*16, spectators_addr);
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 18, spectators_addr);
uint64_t allied_spectators_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*17, allied_spectators_addr);
uint64_t chargerifle_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*18, chargerifle_addr);
uint64_t shooting_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*19, shooting_addr);
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 19, allied_spectators_addr);
uint32_t check = 0;
client_mem.Read<uint32_t>(check_addr, check);
if(check != 0xABCD)
if (check != 0xABCD)
{
printf("Incorrect values read. Check if the add_off is correct. Quitting.\n");
active = false;
return;
}
bool new_client = true;
vars_t = true;
while(vars_t)
while (vars_t)
{
std::this_thread::sleep_for(std::chrono::milliseconds(1));
if(c_Base!=0 && g_Base!=0)
if (new_client && c_Base != 0 && g_Base != 0)
{
client_mem.Write<uint32_t>(check_addr, 0);
new_client = false;
printf("\nReady\n");
}
while(c_Base!=0 && g_Base!=0)
while (c_Base != 0 && g_Base != 0)
{
std::this_thread::sleep_for(std::chrono::milliseconds(1));
client_mem.Write<uint64_t>(g_Base_addr, g_Base);
@ -609,20 +588,20 @@ static void set_vars(uint64_t add_addr)
client_mem.Read<bool>(shooting_addr, shooting);
client_mem.Read<bool>(chargerifle_addr, chargerifle);
if(esp && next)
if (esp && next)
{
if(valid)
if (valid)
client_mem.WriteArray<player>(player_addr, players, toRead);
client_mem.Write<bool>(valid_addr, valid);
client_mem.Write<bool>(next_addr, true); //next
client_mem.Write<bool>(next_addr, true); // next
bool next_val = false;
do
{
client_mem.Read<bool>(next_addr, next_val);
std::this_thread::sleep_for(std::chrono::milliseconds(1));
} while (next_val && g_Base!=0 && c_Base!=0);
} while (next_val && g_Base != 0 && c_Base != 0);
next = false;
}
}
@ -633,11 +612,11 @@ static void set_vars(uint64_t add_addr)
static void item_glow_t()
{
item_t = true;
while(item_t)
while (item_t)
{
std::this_thread::sleep_for(std::chrono::milliseconds(1));
int k = 0;
while(g_Base!=0 && c_Base!=0)
while (g_Base != 0 && c_Base != 0)
{
std::this_thread::sleep_for(std::chrono::milliseconds(1));
uint64_t entitylist = g_Base + OFFSET_ENTITYLIST;
@ -647,37 +626,39 @@ static void item_glow_t()
{
uint64_t centity = 0;
apex_mem.Read<uint64_t>(entitylist + ((uint64_t)i << 5), centity);
if (centity == 0) continue;
if (centity == 0)
continue;
Item item = getItem(centity);
if(item.isItem() && !item.isGlowing())
if (item.isItem() && !item.isGlowing())
{
item.enableGlow();
}
}
k=1;
k = 1;
std::this_thread::sleep_for(std::chrono::milliseconds(600));
}
else
{
if(k==1)
{
if (k == 1)
{
for (int i = 0; i < 10000; i++)
{
uint64_t centity = 0;
apex_mem.Read<uint64_t>(entitylist + ((uint64_t)i << 5), centity);
if (centity == 0) continue;
if (centity == 0)
continue;
Item item = getItem(centity);
if(item.isItem() && item.isGlowing())
if (item.isItem() && item.isGlowing())
{
item.disableGlow();
}
}
k=0;
k = 0;
}
}
}
}
}
item_t = false;
@ -694,7 +675,7 @@ int main(int argc, char *argv[])
const char* ap_proc = "r5apex.exe";
//const char* ap_proc = "EasyAntiCheat_launcher.exe";
//Client "add" offset
// Client "add" offset
uint64_t add_off = 0x3f880;
std::thread aimbot_thr;
@ -702,11 +683,12 @@ int main(int argc, char *argv[])
std::thread actions_thr;
std::thread itemglow_thr;
std::thread vars_thr;
while(active)
bool proc_not_found = false;
while (active)
{
if(apex_mem.get_proc_status() != process_status::FOUND_READY)
if (apex_mem.get_proc_status() != process_status::FOUND_READY)
{
if(aim_t)
if (aim_t)
{
aim_t = false;
esp_t = false;
@ -720,16 +702,24 @@ int main(int argc, char *argv[])
itemglow_thr.~thread();
}
std::this_thread::sleep_for(std::chrono::seconds(1));
printf("Searching for apex process...\n");
proc_not_found = apex_mem.get_proc_status() == process_status::NOT_FOUND;
if (proc_not_found)
{
std::this_thread::sleep_for(std::chrono::seconds(1));
printf("Searching for apex process...\n");
}
apex_mem.open_proc(ap_proc);
if(apex_mem.get_proc_status() == process_status::FOUND_READY)
if (apex_mem.get_proc_status() == process_status::FOUND_READY)
{
g_Base = apex_mem.get_proc_baseaddr();
printf("\nApex process found\n");
printf("Base: %lx\n", g_Base);
if (proc_not_found)
{
printf("\nApex process found\n");
printf("Base: %lx\n", g_Base);
}
aimbot_thr = std::thread(AimbotLoop);
esp_thr = std::thread(EspLoop);
@ -746,22 +736,22 @@ int main(int argc, char *argv[])
apex_mem.check_proc();
}
if(client_mem.get_proc_status() != process_status::FOUND_READY)
if (client_mem.get_proc_status() != process_status::FOUND_READY)
{
if(vars_t)
if (vars_t)
{
vars_t = false;
c_Base = 0;
vars_thr.~thread();
}
std::this_thread::sleep_for(std::chrono::seconds(1));
printf("Searching for client process...\n");
client_mem.open_proc(cl_proc);
if(client_mem.get_proc_status() == process_status::FOUND_READY)
if (client_mem.get_proc_status() == process_status::FOUND_READY)
{
c_Base = client_mem.get_proc_baseaddr();
printf("\nClient process found\n");
@ -780,4 +770,4 @@ int main(int argc, char *argv[])
}
return 0;
}
}

122
apex_dma/memory.cpp
Unescape Escape View File

@ -1,4 +1,5 @@
#include "memory.h"
#include <unistd.h>
// Credits: learn_more, stevemk14ebr
size_t findPattern(const PBYTE rangeStart, size_t len, const char *pattern)
@ -61,7 +62,7 @@ process_status Memory::get_proc_status()
void Memory::check_proc()
{
if (status == process_status::FOUND_READY)
if (status == process_status::FOUND_READY || status == process_status::FOUND_NO_ACCESS)
{
short c;
Read<short>(proc.baseaddr, c);
@ -69,7 +70,10 @@ void Memory::check_proc()
if (c != 0x5A4D)
{
status = process_status::FOUND_NO_ACCESS;
close_proc();
}
else
{
status = process_status::FOUND_READY;
}
}
}
@ -98,6 +102,74 @@ bool kernel_init(Inventory *inv, const char *connector_name)
return true;
}
bool Memory::testDtbValue(const uint64_t &dtb_val)
{
proc.hProcess.set_dtb(dtb_val, Address_INVALID);
check_proc();
if (status == process_status::FOUND_READY)
{
lastCorrectDtbPhysicalAddress = dtb_val;
return true;
}
return false;
}
// https://www.unknowncheats.me/forum/apex-legends/670570-quick-obtain-cr3-check.html
bool Memory::bruteforceDtb(uint64_t dtbStartPhysicalAddr, const uint64_t stepPage)
{
// eac cr3 always end with 0x-----XX000
// dtbStartPhysicalAddr should be a multiple of 0x1000
if ((dtbStartPhysicalAddr & 0xFFF) != 0)
return false;
if (dtbStartPhysicalAddr > MAX_PHYADDR)
return false;
dtbStartPhysicalAddr -= dtbStartPhysicalAddr % stepPage;
dtbStartPhysicalAddr += lastCorrectDtbPhysicalAddress % stepPage;
auto start = std::chrono::high_resolution_clock::now();
bool result = false;
uint64_t furtherDistance = GetFurtherDistance(dtbStartPhysicalAddr, 0x0, MAX_PHYADDR);
size_t maxStep = furtherDistance / stepPage;
uint64_t guessDtbAddr = 0;
for (size_t step = 0; step < maxStep; step++)
{
// bruteforce dtb from middle
guessDtbAddr = dtbStartPhysicalAddr + step * stepPage;
if (guessDtbAddr < MAX_PHYADDR)
{
if (testDtbValue(guessDtbAddr))
{
result = true;
break;
}
}
// dont forget the other side
if (dtbStartPhysicalAddr > step * stepPage)
{
guessDtbAddr = dtbStartPhysicalAddr - step * stepPage;
if (testDtbValue(guessDtbAddr))
{
result = true;
break;
}
}
}
auto end = std::chrono::high_resolution_clock::now();
auto duration = std::chrono::duration_cast<std::chrono::milliseconds>(end - start);
printf("[+] bruteforce dtb %s to find dtb:0x%lx, time:%ldms\n", result ? "success" : "failed", result ? guessDtbAddr : 0x0, duration.count());
// In case we cannot get the dtb through this shortcut method.
if (result == false && stepPage != 0x1000)
{
return bruteforceDtb(dtbStartPhysicalAddr, 0x1000);
}
return result;
}
void Memory::open_proc(const char *name)
{
if (!conn)
@ -126,48 +198,48 @@ void Memory::open_proc(const char *name)
if (kernel.get()->process_info_by_name(name, &info))
{
status = process_status::NOT_FOUND;
lastCorrectDtbPhysicalAddress = 0;
return;
}
ProcessInstance<> tmp_proc;
if (kernel.get()->process_by_info(info, &tmp_proc))
close_proc();
if (kernel.get()->clone().into_process_by_info(info, &proc.hProcess))
{
status = process_status::NOT_FOUND;
status = process_status::FOUND_NO_ACCESS;
printf("Error while opening process %s\n", name);
close_proc();
return;
}
ModuleInfo module_info;
if (tmp_proc.module_by_name(name, &module_info))
if (proc.hProcess.module_by_name(name, &module_info))
{
printf("Can't find base module info for process %s. Trying with a new dtb...\n", name);
status = process_status::FOUND_NO_ACCESS;
auto base_section = std::make_unique<char[]>(8);
uint64_t *base_section_value = (uint64_t *)base_section.get();
CSliceMut<uint8_t> slice(base_section.get(), 8);
uint32_t EPROCESS_SectionBaseAddress_off = 0x520; // win10 >= 20H1
kernel.get()->read_raw_into(info.address + EPROCESS_SectionBaseAddress_off, slice);
proc.baseaddr = *base_section_value;
for (size_t dtb = 0; dtb <= SIZE_MAX; dtb += 0x1000)
if (!bruteforceDtb(0x0, 0x100000))
{
info.dtb1 = dtb;
kernel.get()->process_by_info(info, &tmp_proc);
if (!tmp_proc.module_by_name(name, &module_info))
break;
if (dtb == SIZE_MAX)
{
printf("Access error for process %s\n", name);
status = process_status::FOUND_NO_ACCESS;
return;
}
close_proc();
return;
}
}
else
{
proc.baseaddr = module_info.base;
}
kernel.get()->clone().into_process_by_info(info, &proc.hProcess);
proc.baseaddr = module_info.base;
status = process_status::FOUND_READY;
}
void Memory::close_proc()
{
std::lock_guard<std::mutex> l(m);
proc.hProcess.~IntoProcessInstance();
proc.baseaddr = 0;
}

22
apex_dma/memory.h
Unescape Escape View File

@ -17,6 +17,17 @@ typedef WORD *PWORD;
static std::unique_ptr<ConnectorInstance<>> conn = nullptr;
static std::unique_ptr<OsInstance<>> kernel = nullptr;
// set MAX_PHYADDR to a reasonable value, larger values will take more time to traverse.
constexpr uint64_t MAX_PHYADDR = 0xFFFFFFFFF;
inline uint64_t GetFurtherDistance(uint64_t A, uint64_t Min, uint64_t Max)
{
uint64_t distanceToMin = (A > Min) ? (A - Min) : (Min - A);
uint64_t distanceToMax = (A > Max) ? (A - Max) : (Max - A);
return (distanceToMin > distanceToMax) ? distanceToMin : distanceToMax;
}
inline bool isMatch(const PBYTE addr, const PBYTE pat, const PBYTE msk)
{
size_t n = 0;
@ -51,13 +62,10 @@ private:
Process proc;
process_status status = process_status::NOT_FOUND;
std::mutex m;
uint64_t lastCorrectDtbPhysicalAddress = 0x0;
public:
~Memory()
{
if (kernel)
os_drop(kernel.get());
}
~Memory() = default;
uint64_t get_proc_baseaddr();
@ -82,6 +90,10 @@ public:
bool WriteArray(uint64_t address, const T value[], size_t len);
uint64_t ScanPointer(uint64_t ptr_address, const uint32_t offsets[], int level);
bool bruteforceDtb(uint64_t dtbStartPhysicalAddr, const uint64_t stepPage);
bool testDtbValue(const uint64_t &dtb_val);
};
template <typename T>

151
apex_dma/offsets.h
Unescape Escape View File

@ -1,103 +1,48 @@
#define ORIGIN 1
#define STEAM 2
#define VERSION STEAM
#if VERSION == STEAM
#define OFFSET_ENTITYLIST 0x1eabd08
#define OFFSET_LOCAL_ENT 0x225a8a8
#define OFFSET_NAME_LIST 0xc7912b0
#define OFFSET_THIRDPERSON 0x01e3b190 + 0x6c //thirdperson_override + 0x6c
#define OFFSET_TIMESCALE 0x01841ee0 //host_timescale
#define OFFSET_TEAM 0x0328 //m_iTeamNum
#define OFFSET_HEALTH 0x0318 //m_iHealth
#define OFFSET_SHIELD 0x01a0 //m_shieldHealth
#define OFFSET_NAME 0x0471 //m_iName
#define OFFSET_SIGN_NAME 0x0468 //m_iSignifierName
#define OFFSET_ABS_VELOCITY 0x0170 //m_vecAbsVelocity
#define OFFSET_VISIBLE_TIME 0x1990 //CPlayer!lastVisibleTime
#define OFFSET_ZOOMING 0x1bd1 //m_bZooming
#define OFFSET_THIRDPERSON_SV 0x36c8 //m_thirdPersonShoulderView
#define OFFSET_YAW 0x223c - 0x8 //m_currentFramePlayer.m_ammoPoolCount - 0x8
#define OFFSET_LIFE_STATE 0x0680 //m_lifeState, >0 = dead
#define OFFSET_BLEED_OUT_STATE 0x26e0 //m_bleedoutState, >0 = knocked
#define OFFSET_ORIGIN 0x017c //m_vecAbsOrigin
#define OFFSET_BONES 0x0da0 + 0x48 //m_nForceBone + 0x48
#define OFFSET_STUDIOHDR 0xff0 //CBaseAnimating!m_pStudioHdr
#define OFFSET_AIMPUNCH 0x2438 //m_currentFrameLocalPlayer.m_vecPunchWeapon_Angle
#define OFFSET_CAMERAPOS 0x1ed0 //CPlayer!camera_origin
#define OFFSET_VIEWANGLES 0x2534 - 0x14 //m_ammoPoolCapacity - 0x14
#define OFFSET_BREATH_ANGLES OFFSET_VIEWANGLES - 0x10
#define OFFSET_OBSERVER_MODE 0x34a4 //m_iObserverMode
#define OFFSET_OBSERVING_TARGET 0x34b0 //m_hObserverTarget
#define OFFSET_OBSERVER_LIST 0x1EADD28
#define OFFSET_MATRIX 0x11a350
#define OFFSET_RENDER 0x74dd028
#define OFFSET_WEAPON 0x1934 //m_latestPrimaryWeapons
#define OFFSET_BULLET_SPEED 0x1ea4 //CWeaponX!m_flProjectileSpeed
#define OFFSET_BULLET_SCALE 0x1eac //CWeaponX!m_flProjectileScale
#define OFFSET_ZOOM_FOV 0x15d0 + 0x00b8 //m_playerData + m_curZoomFOV
#define OFFSET_AMMO 0x1554 //m_ammoInClip
#define OFFSET_ITEM_GLOW 0x02f0 //m_highlightFunctionBits
#define OFFSET_GLOW_T1 0x292 //16256 = enabled, 0 = disabled
#define OFFSET_GLOW_T2 0x30c //1193322764 = enabled, 0 = disabled
#define OFFSET_GLOW_ENABLE 0x28C //7 = enabled, 2 = disabled
#define OFFSET_GLOW_THROUGH_WALLS 0x26c //2 = enabled, 5 = disabled
#elif VERSION == ORIGIN
#define OFFSET_ENTITYLIST 0x1e743a8
#define OFFSET_LOCAL_ENT 0x2224528
#define OFFSET_NAME_LIST 0xc2b0b00
#define OFFSET_THIRDPERSON 0x01e03040 + 0x6c //thirdperson_override + 0x6c
#define OFFSET_TIMESCALE 0x017b7f60 //host_timescale
#define OFFSET_TEAM 0x0480 //m_iTeamNum
#define OFFSET_HEALTH 0x0470 //m_iHealth
#define OFFSET_SHIELD 0x01a0 //m_shieldHealth
#define OFFSET_NAME 0x05c1 //m_iName
#define OFFSET_SIGN_NAME 0x05b8 //m_iSignifierName
#define OFFSET_ABS_VELOCITY 0x0170 //m_vecAbsVelocity
#define OFFSET_VISIBLE_TIME 0x1AA0 //CPlayer!lastVisibleTime
#define OFFSET_ZOOMING 0x1c81 //m_bZooming
#define OFFSET_THIRDPERSON_SV 0x3728 //m_thirdPersonShoulderView
#define OFFSET_YAW 0x22ec - 0x8 //m_currentFramePlayer.m_ammoPoolCount - 0x8
#define OFFSET_LIFE_STATE 0x07d0 //m_lifeState, >0 = dead
#define OFFSET_BLEED_OUT_STATE 0x2790 //m_bleedoutState, >0 = knocked
#define OFFSET_ORIGIN 0x017c //m_vecAbsOrigin
#define OFFSET_BONES 0x0ec8 + 0x48 //m_nForceBone + 0x48
#define OFFSET_STUDIOHDR 0x1118 //CBaseAnimating!m_pStudioHdr
#define OFFSET_AIMPUNCH 0x24e8 //m_currentFrameLocalPlayer.m_vecPunchWeapon_Angle
#define OFFSET_CAMERAPOS 0x1f80 //CPlayer!camera_origin
#define OFFSET_VIEWANGLES 0x25e4 - 0x14 //m_ammoPoolCapacity - 0x14
#define OFFSET_BREATH_ANGLES OFFSET_VIEWANGLES - 0x10
#define OFFSET_OBSERVER_MODE 0x3534 //m_iObserverMode
#define OFFSET_OBSERVING_TARGET 0x3540 //m_hObserverTarget
#define OFFSET_MATRIX 0x11A350
#define OFFSET_RENDER 0x7472E00
#define OFFSET_WEAPON 0x1a44 //m_latestPrimaryWeapons
#define OFFSET_BULLET_SPEED 0x1F6C //CWeaponX!m_flProjectileSpeed
#define OFFSET_BULLET_SCALE 0x1F74 //CWeaponX!m_flProjectileScale
#define OFFSET_ZOOM_FOV 0x16e0 + 0xb8 //m_playerData + m_curZoomFOV
#define OFFSET_AMMO 0x1664 //m_ammoInClip
#define OFFSET_ITEM_GLOW 0x02f0 //m_highlightFunctionBits
#define OFFSET_GLOW_T1 0x292 //16256 = enabled, 0 = disabled
#define OFFSET_GLOW_T2 0x30c //1193322764 = enabled, 0 = disabled
#define OFFSET_GLOW_ENABLE 0x3f8 //7 = enabled, 2 = disabled
#define OFFSET_GLOW_THROUGH_WALLS 0x400 //2 = enabled, 5 = disabled
#endif
//v3.0.3.26
#define OFFSET_ENTITYLIST 0x2022bf8
#define OFFSET_LOCAL_ENT 0x24F6288
#define OFFSET_NAME_LIST 0xd506390
#define OFFSET_THIRDPERSON 0x01e3b190 + 0x6c // thirdperson_override + 0x6c
#define OFFSET_TIMESCALE 0x01841ee0 // host_timescale
#define OFFSET_TEAM 0x0338 // m_iTeamNum
#define OFFSET_HEALTH 0x0328 // m_iHealth
#define OFFSET_SHIELD 0x01a0 // m_shieldHealth
#define OFFSET_NAME 0x0481 // m_iName
#define OFFSET_SIGN_NAME 0x0478 // m_iSignifierName
#define OFFSET_ABS_VELOCITY 0x0170 // m_vecAbsVelocity
#define OFFSET_VISIBLE_TIME 0x1990 // CPlayer!lastVisibleTime
#define OFFSET_ZOOMING 0x1be1 // m_bZooming
#define OFFSET_THIRDPERSON_SV 0x36c8 // m_thirdPersonShoulderView
#define OFFSET_YAW 0x223c - 0x8 // m_currentFramePlayer.m_ammoPoolCount - 0x8
#define OFFSET_LIFE_STATE 0x0690 // m_lifeState, >0 = dead
#define OFFSET_BLEED_OUT_STATE 0x2760 // m_bleedoutState, >0 = knocked
#define OFFSET_ORIGIN 0x017c // m_vecAbsOrigin
#define OFFSET_BONES 0x0da8 + 0x48 // m_nForceBone + 0x48
#define OFFSET_STUDIOHDR 0xff0 // CBaseAnimating!m_pStudioHdr
#define OFFSET_AIMPUNCH 0x2438 // m_currentFrameLocalPlayer.m_vecPunchWeapon_Angle
#define OFFSET_CAMERAPOS 0x1ee0 // CPlayer!camera_origin
#define OFFSET_VIEWANGLES 0x2534 - 0x14 // m_ammoPoolCapacity - 0x14
#define OFFSET_BREATH_ANGLES OFFSET_VIEWANGLES - 0x10
#define OFFSET_OBSERVER_MODE 0x34a4 // m_iObserverMode
#define OFFSET_OBSERVING_TARGET 0x34b0 // m_hObserverTarget
#define OFFSET_OBSERVER_LIST 0x02022b50 + 0x20C8
#define OFFSET_MATRIX 0x11A350
#define OFFSET_RENDER 0x77BD448
#define OFFSET_WEAPON 0x1934 // m_latestPrimaryWeapons
#define OFFSET_BULLET_SPEED 0x19d8 + 0x04ec // CWeaponX!m_flProjectileSpeed
#define OFFSET_BULLET_SCALE 0x19d8 + 0x04f4 // CWeaponX!m_flProjectileScale
#define OFFSET_ZOOM_FOV 0x15e0 + 0x00b8 // m_playerData + m_curZoomFOV
#define OFFSET_AMMO 0x1590 // m_ammoInClip
#define OFFSET_ITEM_GLOW 0x02f0 // m_highlightFunctionBits
#define OFFSET_GLOW_T1 0x292 // 16256 = enabled, 0 = disabled
#define OFFSET_GLOW_T2 0x30c // 1193322764 = enabled, 0 = disabled
#define OFFSET_GLOW_ENABLE 0x28C // 7 = enabled, 2 = disabled
#define OFFSET_GLOW_THROUGH_WALLS 0x26c // 2 = enabled, 5 = disabled

Write Preview
Loading…
Cancel
Save