yanguangshaonian
/
apex_dma_kvm_pub
mirror of https://github.com/MisterY52/apex_dma_kvm_pub.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

dtb fix

Browse Source 
Fix for the dtb value that changes while the process is running.
Currently only windows 10 >= 20H1 is supported.
master
MisterY52 2 months ago
parent 185e0b5509
commit 684a0a797c
4 changed files with 335 additions and 316 deletions
Show Stats Download Patch File Download Diff File

104
apex_dma/apex_dma.cpp
Unescape Escape View File

@ -28,11 +28,11 @@ bool item_glow = false;
bool player_glow = false; bool player_glow = false;
extern bool aim_no_recoil; extern bool aim_no_recoil;
bool aiming = false; bool aiming = false;
bool shooting = false;
extern float smooth; extern float smooth;
extern int bone; extern int bone;
bool thirdperson = false; bool thirdperson = false;
bool chargerifle = false; bool chargerifle = false;
bool shooting = false;
bool actions_t = false; bool actions_t = false;
bool esp_t = false; bool esp_t = false;
@ -77,6 +77,9 @@ int tmp_all_spec = 0, allied_spectators = 0;
void ProcessPlayer(Entity &LPlayer, Entity &target, uint64_t entitylist, int index) void ProcessPlayer(Entity &LPlayer, Entity &target, uint64_t entitylist, int index)
{ {
char name[33];
target.get_name(g_Base, index - 1, name);
int entity_team = target.getTeamId(); int entity_team = target.getTeamId();
if (!target.isAlive()) if (!target.isAlive())
@ -94,10 +97,12 @@ void ProcessPlayer(Entity& LPlayer, Entity& target, uint64_t entitylist, int ind
Vector EntityPosition = target.getPosition(); Vector EntityPosition = target.getPosition();
Vector LocalPlayerPosition = LPlayer.getPosition(); Vector LocalPlayerPosition = LPlayer.getPosition();
float dist = LocalPlayerPosition.DistTo(EntityPosition); float dist = LocalPlayerPosition.DistTo(EntityPosition);
if (dist > max_dist) return; if (dist > max_dist)
return;
if (!firing_range) if (!firing_range)
if (entity_team < 0 || entity_team>50 || entity_team == team_player) return; if (entity_team < 0 || entity_team > 50 || entity_team == team_player)
return;
if (aim == 2) if (aim == 2)
{ {
@ -145,8 +150,8 @@ void DoActions()
uint64_t LocalPlayer = 0; uint64_t LocalPlayer = 0;
apex_mem.Read<uint64_t>(g_Base + OFFSET_LOCAL_ENT, LocalPlayer); apex_mem.Read<uint64_t>(g_Base + OFFSET_LOCAL_ENT, LocalPlayer);
if (LocalPlayer == 0) continue; if (LocalPlayer == 0)
continue;
Entity LPlayer = getEntity(LocalPlayer); Entity LPlayer = getEntity(LocalPlayer);
team_player = LPlayer.getTeamId(); team_player = LPlayer.getTeamId();
@ -155,25 +160,6 @@ void DoActions()
continue; continue;
} }
if(thirdperson && !tmp_thirdperson)
{
if(!aiming)
{
apex_mem.Write<int>(g_Base + OFFSET_THIRDPERSON, 1);
apex_mem.Write<int>(LPlayer.ptr + OFFSET_THIRDPERSON_SV, 1);
tmp_thirdperson = true;
}
}
else if((!thirdperson && tmp_thirdperson) || aiming)
{
if(tmp_thirdperson)
{
apex_mem.Write<int>(g_Base + OFFSET_THIRDPERSON, -1);
apex_mem.Write<int>(LPlayer.ptr + OFFSET_THIRDPERSON_SV, 0);
tmp_thirdperson = false;
}
}
uint64_t entitylist = g_Base + OFFSET_ENTITYLIST; uint64_t entitylist = g_Base + OFFSET_ENTITYLIST;
uint64_t baseent = 0; uint64_t baseent = 0;
@ -194,8 +180,10 @@ void DoActions()
{ {
uint64_t centity = 0; uint64_t centity = 0;
apex_mem.Read<uint64_t>(entitylist + ((uint64_t)i << 5), centity); apex_mem.Read<uint64_t>(entitylist + ((uint64_t)i << 5), centity);
if (centity == 0) continue; if (centity == 0)
if (LocalPlayer == centity) continue; continue;
if (LocalPlayer == centity)
continue;
Entity Target = getEntity(centity); Entity Target = getEntity(centity);
if (!Target.isDummy()) if (!Target.isDummy())
@ -222,8 +210,11 @@ void DoActions()
{ {
uint64_t centity = 0; uint64_t centity = 0;
apex_mem.Read<uint64_t>(entitylist + ((uint64_t)i << 5), centity); apex_mem.Read<uint64_t>(entitylist + ((uint64_t)i << 5), centity);
if (centity == 0) continue;
if (LocalPlayer == centity) continue; if (centity == 0)
continue;
if (LocalPlayer == centity)
continue;
Entity Target = getEntity(centity); Entity Target = getEntity(centity);
if (!Target.isPlayer()) if (!Target.isPlayer())
@ -257,20 +248,6 @@ void DoActions()
aimentity = tmp_aimentity; aimentity = tmp_aimentity;
else else
aimentity = lastaimentity; aimentity = lastaimentity;
if(chargerifle)
{
charge_rifle_hack(LocalPlayer);
tmp_chargerifle = true;
}
else
{
if(tmp_chargerifle)
{
apex_mem.Write<float>(g_Base + OFFSET_TIMESCALE + 0x68, 1.f);
tmp_chargerifle = false;
}
}
} }
} }
actions_t = false; actions_t = false;
@ -305,6 +282,7 @@ static void EspLoop()
continue; continue;
} }
Entity LPlayer = getEntity(LocalPlayer); Entity LPlayer = getEntity(LocalPlayer);
int team_player = LPlayer.getTeamId(); int team_player = LPlayer.getTeamId();
if (team_player < 0 || team_player > 50) if (team_player < 0 || team_player > 50)
{ {
@ -389,8 +367,7 @@ static void EspLoop()
0, 0,
(Target.lastVisTime() > lastvis_esp[c]), (Target.lastVisTime() > lastvis_esp[c]),
health, health,
shield shield};
};
Target.get_name(g_Base, i - 1, &players[c].name[0]); Target.get_name(g_Base, i - 1, &players[c].name[0]);
lastvis_esp[c] = Target.lastVisTime(); lastvis_esp[c] = Target.lastVisTime();
valid = true; valid = true;
@ -465,8 +442,7 @@ static void EspLoop()
Target.isKnocked(), Target.isKnocked(),
(Target.lastVisTime() > lastvis_esp[i]), (Target.lastVisTime() > lastvis_esp[i]),
health, health,
shield shield};
};
Target.get_name(g_Base, i - 1, &players[i].name[0]); Target.get_name(g_Base, i - 1, &players[i].name[0]);
lastvis_esp[i] = Target.lastVisTime(); lastvis_esp[i] = Target.lastVisTime();
valid = true; valid = true;
@ -506,7 +482,8 @@ static void AimbotLoop()
lastaimentity = aimentity; lastaimentity = aimentity;
uint64_t LocalPlayer = 0; uint64_t LocalPlayer = 0;
apex_mem.Read<uint64_t>(g_Base + OFFSET_LOCAL_ENT, LocalPlayer); apex_mem.Read<uint64_t>(g_Base + OFFSET_LOCAL_ENT, LocalPlayer);
if (LocalPlayer == 0) continue; if (LocalPlayer == 0)
continue;
Entity LPlayer = getEntity(LocalPlayer); Entity LPlayer = getEntity(LocalPlayer);
QAngle Angles = CalculateBestBoneAim(LPlayer, aimentity, max_fov); QAngle Angles = CalculateBestBoneAim(LPlayer, aimentity, max_fov);
if (Angles.x == 0 && Angles.y == 0) if (Angles.x == 0 && Angles.y == 0)
@ -559,15 +536,14 @@ static void set_vars(uint64_t add_addr)
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 14, bone_addr); client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 14, bone_addr);
uint64_t thirdperson_addr = 0; uint64_t thirdperson_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 15, thirdperson_addr); client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 15, thirdperson_addr);
uint64_t shooting_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 16, shooting_addr);
uint64_t chargerifle_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 17, chargerifle_addr);
uint64_t spectators_addr = 0; uint64_t spectators_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*16, spectators_addr); client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 18, spectators_addr);
uint64_t allied_spectators_addr = 0; uint64_t allied_spectators_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*17, allied_spectators_addr); client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 19, allied_spectators_addr);
uint64_t chargerifle_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*18, chargerifle_addr);
uint64_t shooting_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*19, shooting_addr);
uint32_t check = 0; uint32_t check = 0;
client_mem.Read<uint32_t>(check_addr, check); client_mem.Read<uint32_t>(check_addr, check);
@ -578,13 +554,16 @@ static void set_vars(uint64_t add_addr)
active = false; active = false;
return; return;
} }
bool new_client = true;
vars_t = true; vars_t = true;
while (vars_t) while (vars_t)
{ {
std::this_thread::sleep_for(std::chrono::milliseconds(1)); std::this_thread::sleep_for(std::chrono::milliseconds(1));
if(c_Base!=0 && g_Base!=0) if (new_client && c_Base != 0 && g_Base != 0)
{ {
client_mem.Write<uint32_t>(check_addr, 0); client_mem.Write<uint32_t>(check_addr, 0);
new_client = false;
printf("\nReady\n"); printf("\nReady\n");
} }
@ -647,7 +626,8 @@ static void item_glow_t()
{ {
uint64_t centity = 0; uint64_t centity = 0;
apex_mem.Read<uint64_t>(entitylist + ((uint64_t)i << 5), centity); apex_mem.Read<uint64_t>(entitylist + ((uint64_t)i << 5), centity);
if (centity == 0) continue; if (centity == 0)
continue;
Item item = getItem(centity); Item item = getItem(centity);
if (item.isItem() && !item.isGlowing()) if (item.isItem() && !item.isGlowing())
@ -666,7 +646,8 @@ static void item_glow_t()
{ {
uint64_t centity = 0; uint64_t centity = 0;
apex_mem.Read<uint64_t>(entitylist + ((uint64_t)i << 5), centity); apex_mem.Read<uint64_t>(entitylist + ((uint64_t)i << 5), centity);
if (centity == 0) continue; if (centity == 0)
continue;
Item item = getItem(centity); Item item = getItem(centity);
@ -702,6 +683,7 @@ int main(int argc, char *argv[])
std::thread actions_thr; std::thread actions_thr;
std::thread itemglow_thr; std::thread itemglow_thr;
std::thread vars_thr; std::thread vars_thr;
bool proc_not_found = false;
while (active) while (active)
{ {
if (apex_mem.get_proc_status() != process_status::FOUND_READY) if (apex_mem.get_proc_status() != process_status::FOUND_READY)
@ -720,16 +702,24 @@ int main(int argc, char *argv[])
itemglow_thr.~thread(); itemglow_thr.~thread();
} }
proc_not_found = apex_mem.get_proc_status() == process_status::NOT_FOUND;
if (proc_not_found)
{
std::this_thread::sleep_for(std::chrono::seconds(1)); std::this_thread::sleep_for(std::chrono::seconds(1));
printf("Searching for apex process...\n"); printf("Searching for apex process...\n");
}
apex_mem.open_proc(ap_proc); apex_mem.open_proc(ap_proc);
if (apex_mem.get_proc_status() == process_status::FOUND_READY) if (apex_mem.get_proc_status() == process_status::FOUND_READY)
{ {
g_Base = apex_mem.get_proc_baseaddr(); g_Base = apex_mem.get_proc_baseaddr();
if (proc_not_found)
{
printf("\nApex process found\n"); printf("\nApex process found\n");
printf("Base: %lx\n", g_Base); printf("Base: %lx\n", g_Base);
}
aimbot_thr = std::thread(AimbotLoop); aimbot_thr = std::thread(AimbotLoop);
esp_thr = std::thread(EspLoop); esp_thr = std::thread(EspLoop);

118
apex_dma/memory.cpp
Unescape Escape View File

@ -1,4 +1,5 @@
#include "memory.h" #include "memory.h"
#include <unistd.h>
// Credits: learn_more, stevemk14ebr // Credits: learn_more, stevemk14ebr
size_t findPattern(const PBYTE rangeStart, size_t len, const char *pattern) size_t findPattern(const PBYTE rangeStart, size_t len, const char *pattern)
@ -61,7 +62,7 @@ process_status Memory::get_proc_status()
void Memory::check_proc() void Memory::check_proc()
{ {
if (status == process_status::FOUND_READY) if (status == process_status::FOUND_READY || status == process_status::FOUND_NO_ACCESS)
{ {
short c; short c;
Read<short>(proc.baseaddr, c); Read<short>(proc.baseaddr, c);
@ -69,7 +70,10 @@ void Memory::check_proc()
if (c != 0x5A4D) if (c != 0x5A4D)
{ {
status = process_status::FOUND_NO_ACCESS; status = process_status::FOUND_NO_ACCESS;
close_proc(); }
else
{
status = process_status::FOUND_READY;
} }
} }
} }
@ -98,6 +102,74 @@ bool kernel_init(Inventory *inv, const char *connector_name)
return true; return true;
} }
bool Memory::testDtbValue(const uint64_t &dtb_val)
{
proc.hProcess.set_dtb(dtb_val, Address_INVALID);
check_proc();
if (status == process_status::FOUND_READY)
{
lastCorrectDtbPhysicalAddress = dtb_val;
return true;
}
return false;
}
// https://www.unknowncheats.me/forum/apex-legends/670570-quick-obtain-cr3-check.html
bool Memory::bruteforceDtb(uint64_t dtbStartPhysicalAddr, const uint64_t stepPage)
{
// eac cr3 always end with 0x-----XX000
// dtbStartPhysicalAddr should be a multiple of 0x1000
if ((dtbStartPhysicalAddr & 0xFFF) != 0)
return false;
if (dtbStartPhysicalAddr > MAX_PHYADDR)
return false;
dtbStartPhysicalAddr -= dtbStartPhysicalAddr % stepPage;
dtbStartPhysicalAddr += lastCorrectDtbPhysicalAddress % stepPage;
auto start = std::chrono::high_resolution_clock::now();
bool result = false;
uint64_t furtherDistance = GetFurtherDistance(dtbStartPhysicalAddr, 0x0, MAX_PHYADDR);
size_t maxStep = furtherDistance / stepPage;
uint64_t guessDtbAddr = 0;
for (size_t step = 0; step < maxStep; step++)
{
// bruteforce dtb from middle
guessDtbAddr = dtbStartPhysicalAddr + step * stepPage;
if (guessDtbAddr < MAX_PHYADDR)
{
if (testDtbValue(guessDtbAddr))
{
result = true;
break;
}
}
// dont forget the other side
if (dtbStartPhysicalAddr > step * stepPage)
{
guessDtbAddr = dtbStartPhysicalAddr - step * stepPage;
if (testDtbValue(guessDtbAddr))
{
result = true;
break;
}
}
}
auto end = std::chrono::high_resolution_clock::now();
auto duration = std::chrono::duration_cast<std::chrono::milliseconds>(end - start);
printf("[+] bruteforce dtb %s to find dtb:0x%lx, time:%ldms\n", result ? "success" : "failed", result ? guessDtbAddr : 0x0, duration.count());
// In case we cannot get the dtb through this shortcut method.
if (result == false && stepPage != 0x1000)
{
return bruteforceDtb(dtbStartPhysicalAddr, 0x1000);
}
return result;
}
void Memory::open_proc(const char *name) void Memory::open_proc(const char *name)
{ {
if (!conn) if (!conn)
@ -126,48 +198,48 @@ void Memory::open_proc(const char *name)
if (kernel.get()->process_info_by_name(name, &info)) if (kernel.get()->process_info_by_name(name, &info))
{ {
status = process_status::NOT_FOUND; status = process_status::NOT_FOUND;
lastCorrectDtbPhysicalAddress = 0;
return; return;
} }
ProcessInstance<> tmp_proc; close_proc();
if (kernel.get()->clone().into_process_by_info(info, &proc.hProcess))
if (kernel.get()->process_by_info(info, &tmp_proc))
{ {
status = process_status::NOT_FOUND; status = process_status::FOUND_NO_ACCESS;
printf("Error while opening process %s\n", name);
close_proc();
return; return;
} }
ModuleInfo module_info; ModuleInfo module_info;
if (proc.hProcess.module_by_name(name, &module_info))
if (tmp_proc.module_by_name(name, &module_info))
{
printf("Can't find base module info for process %s. Trying with a new dtb...\n", name);
for (size_t dtb = 0; dtb <= SIZE_MAX; dtb += 0x1000)
{ {
info.dtb1 = dtb; status = process_status::FOUND_NO_ACCESS;
kernel.get()->process_by_info(info, &tmp_proc); auto base_section = std::make_unique<char[]>(8);
uint64_t *base_section_value = (uint64_t *)base_section.get();
if (!tmp_proc.module_by_name(name, &module_info)) CSliceMut<uint8_t> slice(base_section.get(), 8);
break; uint32_t EPROCESS_SectionBaseAddress_off = 0x520; // win10 >= 20H1
kernel.get()->read_raw_into(info.address + EPROCESS_SectionBaseAddress_off, slice);
proc.baseaddr = *base_section_value;
if (dtb == SIZE_MAX) if (!bruteforceDtb(0x0, 0x100000))
{ {
printf("Access error for process %s\n", name); close_proc();
status = process_status::FOUND_NO_ACCESS;
return; return;
} }
} }
else
{
proc.baseaddr = module_info.base;
} }
kernel.get()->clone().into_process_by_info(info, &proc.hProcess);
proc.baseaddr = module_info.base;
status = process_status::FOUND_READY; status = process_status::FOUND_READY;
} }
void Memory::close_proc() void Memory::close_proc()
{ {
std::lock_guard<std::mutex> l(m);
proc.hProcess.~IntoProcessInstance();
proc.baseaddr = 0; proc.baseaddr = 0;
} }

22
apex_dma/memory.h
Unescape Escape View File

@ -17,6 +17,17 @@ typedef WORD *PWORD;
static std::unique_ptr<ConnectorInstance<>> conn = nullptr; static std::unique_ptr<ConnectorInstance<>> conn = nullptr;
static std::unique_ptr<OsInstance<>> kernel = nullptr; static std::unique_ptr<OsInstance<>> kernel = nullptr;
// set MAX_PHYADDR to a reasonable value, larger values will take more time to traverse.
constexpr uint64_t MAX_PHYADDR = 0xFFFFFFFFF;
inline uint64_t GetFurtherDistance(uint64_t A, uint64_t Min, uint64_t Max)
{
uint64_t distanceToMin = (A > Min) ? (A - Min) : (Min - A);
uint64_t distanceToMax = (A > Max) ? (A - Max) : (Max - A);
return (distanceToMin > distanceToMax) ? distanceToMin : distanceToMax;
}
inline bool isMatch(const PBYTE addr, const PBYTE pat, const PBYTE msk) inline bool isMatch(const PBYTE addr, const PBYTE pat, const PBYTE msk)
{ {
size_t n = 0; size_t n = 0;
@ -51,13 +62,10 @@ private:
Process proc; Process proc;
process_status status = process_status::NOT_FOUND; process_status status = process_status::NOT_FOUND;
std::mutex m; std::mutex m;
uint64_t lastCorrectDtbPhysicalAddress = 0x0;
public: public:
~Memory() ~Memory() = default;
{
if (kernel)
os_drop(kernel.get());
}
uint64_t get_proc_baseaddr(); uint64_t get_proc_baseaddr();
@ -82,6 +90,10 @@ public:
bool WriteArray(uint64_t address, const T value[], size_t len); bool WriteArray(uint64_t address, const T value[], size_t len);
uint64_t ScanPointer(uint64_t ptr_address, const uint32_t offsets[], int level); uint64_t ScanPointer(uint64_t ptr_address, const uint32_t offsets[], int level);
bool bruteforceDtb(uint64_t dtbStartPhysicalAddr, const uint64_t stepPage);
bool testDtbValue(const uint64_t &dtb_val);
}; };
template <typename T> template <typename T>

95
apex_dma/offsets.h
Unescape Escape View File

@ -1,49 +1,44 @@
#define ORIGIN 1 //v3.0.3.26
#define STEAM 2
#define VERSION STEAM #define OFFSET_ENTITYLIST 0x2022bf8
#define OFFSET_LOCAL_ENT 0x24F6288
#if VERSION == STEAM #define OFFSET_NAME_LIST 0xd506390
#define OFFSET_ENTITYLIST 0x1eabd08
#define OFFSET_LOCAL_ENT 0x225a8a8
#define OFFSET_NAME_LIST 0xc7912b0
#define OFFSET_THIRDPERSON 0x01e3b190 + 0x6c // thirdperson_override + 0x6c #define OFFSET_THIRDPERSON 0x01e3b190 + 0x6c // thirdperson_override + 0x6c
#define OFFSET_TIMESCALE 0x01841ee0 // host_timescale #define OFFSET_TIMESCALE 0x01841ee0 // host_timescale
#define OFFSET_TEAM 0x0328 //m_iTeamNum #define OFFSET_TEAM 0x0338 // m_iTeamNum
#define OFFSET_HEALTH 0x0318 //m_iHealth #define OFFSET_HEALTH 0x0328 // m_iHealth
#define OFFSET_SHIELD 0x01a0 // m_shieldHealth #define OFFSET_SHIELD 0x01a0 // m_shieldHealth
#define OFFSET_NAME 0x0471 //m_iName #define OFFSET_NAME 0x0481 // m_iName
#define OFFSET_SIGN_NAME 0x0468 //m_iSignifierName #define OFFSET_SIGN_NAME 0x0478 // m_iSignifierName
#define OFFSET_ABS_VELOCITY 0x0170 // m_vecAbsVelocity #define OFFSET_ABS_VELOCITY 0x0170 // m_vecAbsVelocity
#define OFFSET_VISIBLE_TIME 0x1990 // CPlayer!lastVisibleTime #define OFFSET_VISIBLE_TIME 0x1990 // CPlayer!lastVisibleTime
#define OFFSET_ZOOMING 0x1bd1 //m_bZooming #define OFFSET_ZOOMING 0x1be1 // m_bZooming
#define OFFSET_THIRDPERSON_SV 0x36c8 // m_thirdPersonShoulderView #define OFFSET_THIRDPERSON_SV 0x36c8 // m_thirdPersonShoulderView
#define OFFSET_YAW 0x223c - 0x8 // m_currentFramePlayer.m_ammoPoolCount - 0x8 #define OFFSET_YAW 0x223c - 0x8 // m_currentFramePlayer.m_ammoPoolCount - 0x8
#define OFFSET_LIFE_STATE 0x0680 //m_lifeState, >0 = dead #define OFFSET_LIFE_STATE 0x0690 // m_lifeState, >0 = dead
#define OFFSET_BLEED_OUT_STATE 0x26e0 //m_bleedoutState, >0 = knocked #define OFFSET_BLEED_OUT_STATE 0x2760 // m_bleedoutState, >0 = knocked
#define OFFSET_ORIGIN 0x017c // m_vecAbsOrigin #define OFFSET_ORIGIN 0x017c // m_vecAbsOrigin
#define OFFSET_BONES 0x0da0 + 0x48 //m_nForceBone + 0x48 #define OFFSET_BONES 0x0da8 + 0x48 // m_nForceBone + 0x48
#define OFFSET_STUDIOHDR 0xff0 // CBaseAnimating!m_pStudioHdr #define OFFSET_STUDIOHDR 0xff0 // CBaseAnimating!m_pStudioHdr
#define OFFSET_AIMPUNCH 0x2438 // m_currentFrameLocalPlayer.m_vecPunchWeapon_Angle #define OFFSET_AIMPUNCH 0x2438 // m_currentFrameLocalPlayer.m_vecPunchWeapon_Angle
#define OFFSET_CAMERAPOS 0x1ed0 //CPlayer!camera_origin #define OFFSET_CAMERAPOS 0x1ee0 // CPlayer!camera_origin
#define OFFSET_VIEWANGLES 0x2534 - 0x14 // m_ammoPoolCapacity - 0x14 #define OFFSET_VIEWANGLES 0x2534 - 0x14 // m_ammoPoolCapacity - 0x14
#define OFFSET_BREATH_ANGLES OFFSET_VIEWANGLES - 0x10 #define OFFSET_BREATH_ANGLES OFFSET_VIEWANGLES - 0x10
#define OFFSET_OBSERVER_MODE 0x34a4 // m_iObserverMode #define OFFSET_OBSERVER_MODE 0x34a4 // m_iObserverMode
#define OFFSET_OBSERVING_TARGET 0x34b0 // m_hObserverTarget #define OFFSET_OBSERVING_TARGET 0x34b0 // m_hObserverTarget
#define OFFSET_OBSERVER_LIST 0x1EADD28 #define OFFSET_OBSERVER_LIST 0x02022b50 + 0x20C8
#define OFFSET_MATRIX 0x11a350 #define OFFSET_MATRIX 0x11A350
#define OFFSET_RENDER 0x74dd028 #define OFFSET_RENDER 0x77BD448
#define OFFSET_WEAPON 0x1934 // m_latestPrimaryWeapons #define OFFSET_WEAPON 0x1934 // m_latestPrimaryWeapons
#define OFFSET_BULLET_SPEED 0x1ea4 //CWeaponX!m_flProjectileSpeed #define OFFSET_BULLET_SPEED 0x19d8 + 0x04ec // CWeaponX!m_flProjectileSpeed
#define OFFSET_BULLET_SCALE 0x1eac //CWeaponX!m_flProjectileScale #define OFFSET_BULLET_SCALE 0x19d8 + 0x04f4 // CWeaponX!m_flProjectileScale
#define OFFSET_ZOOM_FOV 0x15d0 + 0x00b8 //m_playerData + m_curZoomFOV #define OFFSET_ZOOM_FOV 0x15e0 + 0x00b8 // m_playerData + m_curZoomFOV
#define OFFSET_AMMO 0x1554 //m_ammoInClip #define OFFSET_AMMO 0x1590 // m_ammoInClip
#define OFFSET_ITEM_GLOW 0x02f0 // m_highlightFunctionBits #define OFFSET_ITEM_GLOW 0x02f0 // m_highlightFunctionBits
@ -51,53 +46,3 @@
#define OFFSET_GLOW_T2 0x30c // 1193322764 = enabled, 0 = disabled #define OFFSET_GLOW_T2 0x30c // 1193322764 = enabled, 0 = disabled
#define OFFSET_GLOW_ENABLE 0x28C // 7 = enabled, 2 = disabled #define OFFSET_GLOW_ENABLE 0x28C // 7 = enabled, 2 = disabled
#define OFFSET_GLOW_THROUGH_WALLS 0x26c // 2 = enabled, 5 = disabled #define OFFSET_GLOW_THROUGH_WALLS 0x26c // 2 = enabled, 5 = disabled
#elif VERSION == ORIGIN
#define OFFSET_ENTITYLIST 0x1e743a8
#define OFFSET_LOCAL_ENT 0x2224528
#define OFFSET_NAME_LIST 0xc2b0b00
#define OFFSET_THIRDPERSON 0x01e03040 + 0x6c //thirdperson_override + 0x6c
#define OFFSET_TIMESCALE 0x017b7f60 //host_timescale
#define OFFSET_TEAM 0x0480 //m_iTeamNum
#define OFFSET_HEALTH 0x0470 //m_iHealth
#define OFFSET_SHIELD 0x01a0 //m_shieldHealth
#define OFFSET_NAME 0x05c1 //m_iName
#define OFFSET_SIGN_NAME 0x05b8 //m_iSignifierName
#define OFFSET_ABS_VELOCITY 0x0170 //m_vecAbsVelocity
#define OFFSET_VISIBLE_TIME 0x1AA0 //CPlayer!lastVisibleTime
#define OFFSET_ZOOMING 0x1c81 //m_bZooming
#define OFFSET_THIRDPERSON_SV 0x3728 //m_thirdPersonShoulderView
#define OFFSET_YAW 0x22ec - 0x8 //m_currentFramePlayer.m_ammoPoolCount - 0x8
#define OFFSET_LIFE_STATE 0x07d0 //m_lifeState, >0 = dead
#define OFFSET_BLEED_OUT_STATE 0x2790 //m_bleedoutState, >0 = knocked
#define OFFSET_ORIGIN 0x017c //m_vecAbsOrigin
#define OFFSET_BONES 0x0ec8 + 0x48 //m_nForceBone + 0x48
#define OFFSET_STUDIOHDR 0x1118 //CBaseAnimating!m_pStudioHdr
#define OFFSET_AIMPUNCH 0x24e8 //m_currentFrameLocalPlayer.m_vecPunchWeapon_Angle
#define OFFSET_CAMERAPOS 0x1f80 //CPlayer!camera_origin
#define OFFSET_VIEWANGLES 0x25e4 - 0x14 //m_ammoPoolCapacity - 0x14
#define OFFSET_BREATH_ANGLES OFFSET_VIEWANGLES - 0x10
#define OFFSET_OBSERVER_MODE 0x3534 //m_iObserverMode
#define OFFSET_OBSERVING_TARGET 0x3540 //m_hObserverTarget
#define OFFSET_MATRIX 0x11A350
#define OFFSET_RENDER 0x7472E00
#define OFFSET_WEAPON 0x1a44 //m_latestPrimaryWeapons
#define OFFSET_BULLET_SPEED 0x1F6C //CWeaponX!m_flProjectileSpeed
#define OFFSET_BULLET_SCALE 0x1F74 //CWeaponX!m_flProjectileScale
#define OFFSET_ZOOM_FOV 0x16e0 + 0xb8 //m_playerData + m_curZoomFOV
#define OFFSET_AMMO 0x1664 //m_ammoInClip
#define OFFSET_ITEM_GLOW 0x02f0 //m_highlightFunctionBits
#define OFFSET_GLOW_T1 0x292 //16256 = enabled, 0 = disabled
#define OFFSET_GLOW_T2 0x30c //1193322764 = enabled, 0 = disabled
#define OFFSET_GLOW_ENABLE 0x3f8 //7 = enabled, 2 = disabled
#define OFFSET_GLOW_THROUGH_WALLS 0x400 //2 = enabled, 5 = disabled
#endif
Write Preview
Loading…
Cancel
Save