yanguangshaonian
/
apex_dma_kvm_pub
mirror of https://github.com/MisterY52/apex_dma_kvm_pub.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

dtb fix

Browse Source 
Fix for the dtb value that changes while the process is running.
Currently only windows 10 >= 20H1 is supported.
master
MisterY52 2 months ago
parent 185e0b5509
commit 684a0a797c
4 changed files with 335 additions and 316 deletions
Show Stats Download Patch File Download Diff File

258
apex_dma/apex_dma.cpp
Unescape Escape View File

@ -18,7 +18,7 @@ uintptr_t aimentity = 0;
uintptr_t tmp_aimentity = 0; uintptr_t tmp_aimentity = 0;
uintptr_t lastaimentity = 0; uintptr_t lastaimentity = 0;
float max = 999.0f; float max = 999.0f;
float max_dist = 200.0f*40.0f; float max_dist = 200.0f * 40.0f;
int team_player = 0; int team_player = 0;
float max_fov = 15; float max_fov = 15;
const int toRead = 100; const int toRead = 100;
@ -28,11 +28,11 @@ bool item_glow = false;
bool player_glow = false; bool player_glow = false;
extern bool aim_no_recoil; extern bool aim_no_recoil;
bool aiming = false; bool aiming = false;
bool shooting = false;
extern float smooth; extern float smooth;
extern int bone; extern int bone;
bool thirdperson = false; bool thirdperson = false;
bool chargerifle = false; bool chargerifle = false;
bool shooting = false;
bool actions_t = false; bool actions_t = false;
bool esp_t = false; bool esp_t = false;
@ -59,8 +59,8 @@ typedef struct player
bool visible = false; bool visible = false;
int health = 0; int health = 0;
int shield = 0; int shield = 0;
char name[33] = { 0 }; char name[33] = {0};
}player; } player;
struct Matrix struct Matrix
{ {
@ -75,13 +75,16 @@ int tmp_all_spec = 0, allied_spectators = 0;
////////////////////////////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////////////////////////////
void ProcessPlayer(Entity& LPlayer, Entity& target, uint64_t entitylist, int index) void ProcessPlayer(Entity &LPlayer, Entity &target, uint64_t entitylist, int index)
{ {
char name[33];
target.get_name(g_Base, index - 1, name);
int entity_team = target.getTeamId(); int entity_team = target.getTeamId();
if (!target.isAlive()) if (!target.isAlive())
{ {
if(target.Observing(LPlayer.ptr)) if (target.Observing(LPlayer.ptr))
{ {
if (LPlayer.getTeamId() == entity_team) if (LPlayer.getTeamId() == entity_team)
tmp_all_spec++; tmp_all_spec++;
@ -94,14 +97,16 @@ void ProcessPlayer(Entity& LPlayer, Entity& target, uint64_t entitylist, int ind
Vector EntityPosition = target.getPosition(); Vector EntityPosition = target.getPosition();
Vector LocalPlayerPosition = LPlayer.getPosition(); Vector LocalPlayerPosition = LPlayer.getPosition();
float dist = LocalPlayerPosition.DistTo(EntityPosition); float dist = LocalPlayerPosition.DistTo(EntityPosition);
if (dist > max_dist) return; if (dist > max_dist)
return;
if(!firing_range) if (!firing_range)
if (entity_team < 0 || entity_team>50 || entity_team == team_player) return; if (entity_team < 0 || entity_team > 50 || entity_team == team_player)
return;
if(aim==2) if (aim == 2)
{ {
if((target.lastVisTime() > lastvis_aim[index])) if ((target.lastVisTime() > lastvis_aim[index]))
{ {
float fov = CalculateFov(LPlayer, target); float fov = CalculateFov(LPlayer, target);
if (fov < max) if (fov < max)
@ -112,9 +117,9 @@ void ProcessPlayer(Entity& LPlayer, Entity& target, uint64_t entitylist, int ind
} }
else else
{ {
if(aimentity==target.ptr) if (aimentity == target.ptr)
{ {
aimentity=tmp_aimentity=lastaimentity=0; aimentity = tmp_aimentity = lastaimentity = 0;
} }
} }
} }
@ -139,41 +144,22 @@ void DoActions()
bool tmp_thirdperson = false; bool tmp_thirdperson = false;
bool tmp_chargerifle = false; bool tmp_chargerifle = false;
while (g_Base!=0 && c_Base!=0) while (g_Base != 0 && c_Base != 0)
{ {
std::this_thread::sleep_for(std::chrono::milliseconds(30)); std::this_thread::sleep_for(std::chrono::milliseconds(30));
uint64_t LocalPlayer = 0; uint64_t LocalPlayer = 0;
apex_mem.Read<uint64_t>(g_Base + OFFSET_LOCAL_ENT, LocalPlayer); apex_mem.Read<uint64_t>(g_Base + OFFSET_LOCAL_ENT, LocalPlayer);
if (LocalPlayer == 0) continue; if (LocalPlayer == 0)
continue;
Entity LPlayer = getEntity(LocalPlayer); Entity LPlayer = getEntity(LocalPlayer);
team_player = LPlayer.getTeamId(); team_player = LPlayer.getTeamId();
if (team_player < 0 || team_player>50) if (team_player < 0 || team_player > 50)
{ {
continue; continue;
} }
if(thirdperson && !tmp_thirdperson)
{
if(!aiming)
{
apex_mem.Write<int>(g_Base + OFFSET_THIRDPERSON, 1);
apex_mem.Write<int>(LPlayer.ptr + OFFSET_THIRDPERSON_SV, 1);
tmp_thirdperson = true;
}
}
else if((!thirdperson && tmp_thirdperson) || aiming)
{
if(tmp_thirdperson)
{
apex_mem.Write<int>(g_Base + OFFSET_THIRDPERSON, -1);
apex_mem.Write<int>(LPlayer.ptr + OFFSET_THIRDPERSON_SV, 0);
tmp_thirdperson = false;
}
}
uint64_t entitylist = g_Base + OFFSET_ENTITYLIST; uint64_t entitylist = g_Base + OFFSET_ENTITYLIST;
uint64_t baseent = 0; uint64_t baseent = 0;
@ -187,15 +173,17 @@ void DoActions()
tmp_aimentity = 0; tmp_aimentity = 0;
tmp_spec = 0; tmp_spec = 0;
tmp_all_spec = 0; tmp_all_spec = 0;
if(firing_range) if (firing_range)
{ {
int c=0; int c = 0;
for (int i = 0; i < 10000; i++) for (int i = 0; i < 10000; i++)
{ {
uint64_t centity = 0; uint64_t centity = 0;
apex_mem.Read<uint64_t>(entitylist + ((uint64_t)i << 5), centity); apex_mem.Read<uint64_t>(entitylist + ((uint64_t)i << 5), centity);
if (centity == 0) continue; if (centity == 0)
if (LocalPlayer == centity) continue; continue;
if (LocalPlayer == centity)
continue;
Entity Target = getEntity(centity); Entity Target = getEntity(centity);
if (!Target.isDummy()) if (!Target.isDummy())
@ -203,11 +191,11 @@ void DoActions()
continue; continue;
} }
if(player_glow && !Target.isGlowing()) if (player_glow && !Target.isGlowing())
{ {
Target.enableGlow(); Target.enableGlow();
} }
else if(!player_glow && Target.isGlowing()) else if (!player_glow && Target.isGlowing())
{ {
Target.disableGlow(); Target.disableGlow();
} }
@ -222,8 +210,11 @@ void DoActions()
{ {
uint64_t centity = 0; uint64_t centity = 0;
apex_mem.Read<uint64_t>(entitylist + ((uint64_t)i << 5), centity); apex_mem.Read<uint64_t>(entitylist + ((uint64_t)i << 5), centity);
if (centity == 0) continue;
if (LocalPlayer == centity) continue; if (centity == 0)
continue;
if (LocalPlayer == centity)
continue;
Entity Target = getEntity(centity); Entity Target = getEntity(centity);
if (!Target.isPlayer()) if (!Target.isPlayer())
@ -239,11 +230,11 @@ void DoActions()
continue; continue;
} }
if(player_glow && !Target.isGlowing()) if (player_glow && !Target.isGlowing())
{ {
Target.enableGlow(); Target.enableGlow();
} }
else if(!player_glow && Target.isGlowing()) else if (!player_glow && Target.isGlowing())
{ {
Target.disableGlow(); Target.disableGlow();
} }
@ -253,24 +244,10 @@ void DoActions()
spectators = tmp_spec; spectators = tmp_spec;
allied_spectators = tmp_all_spec; allied_spectators = tmp_all_spec;
if(!lock) if (!lock)
aimentity = tmp_aimentity; aimentity = tmp_aimentity;
else else
aimentity = lastaimentity; aimentity = lastaimentity;
if(chargerifle)
{
charge_rifle_hack(LocalPlayer);
tmp_chargerifle = true;
}
else
{
if(tmp_chargerifle)
{
apex_mem.Write<float>(g_Base + OFFSET_TIMESCALE + 0x68, 1.f);
tmp_chargerifle = false;
}
}
} }
} }
actions_t = false; actions_t = false;
@ -283,10 +260,10 @@ player players[toRead];
static void EspLoop() static void EspLoop()
{ {
esp_t = true; esp_t = true;
while(esp_t) while (esp_t)
{ {
std::this_thread::sleep_for(std::chrono::milliseconds(1)); std::this_thread::sleep_for(std::chrono::milliseconds(1));
while(g_Base!=0 && c_Base!=0) while (g_Base != 0 && c_Base != 0)
{ {
std::this_thread::sleep_for(std::chrono::milliseconds(1)); std::this_thread::sleep_for(std::chrono::milliseconds(1));
if (esp) if (esp)
@ -298,18 +275,19 @@ static void EspLoop()
if (LocalPlayer == 0) if (LocalPlayer == 0)
{ {
next = true; next = true;
while(next && g_Base!=0 && c_Base!=0 && esp) while (next && g_Base != 0 && c_Base != 0 && esp)
{ {
std::this_thread::sleep_for(std::chrono::milliseconds(1)); std::this_thread::sleep_for(std::chrono::milliseconds(1));
} }
continue; continue;
} }
Entity LPlayer = getEntity(LocalPlayer); Entity LPlayer = getEntity(LocalPlayer);
int team_player = LPlayer.getTeamId(); int team_player = LPlayer.getTeamId();
if (team_player < 0 || team_player>50) if (team_player < 0 || team_player > 50)
{ {
next = true; next = true;
while(next && g_Base!=0 && c_Base!=0 && esp) while (next && g_Base != 0 && c_Base != 0 && esp)
{ {
std::this_thread::sleep_for(std::chrono::milliseconds(1)); std::this_thread::sleep_for(std::chrono::milliseconds(1));
} }
@ -326,14 +304,14 @@ static void EspLoop()
uint64_t entitylist = g_Base + OFFSET_ENTITYLIST; uint64_t entitylist = g_Base + OFFSET_ENTITYLIST;
memset(players,0,sizeof(players)); memset(players, 0, sizeof(players));
if(firing_range) if (firing_range)
{ {
int c=0; int c = 0;
for (int i = 0; i < 10000; i++) for (int i = 0; i < 10000; i++)
{ {
uint64_t centity = 0; uint64_t centity = 0;
apex_mem.Read<uint64_t>( entitylist + ((uint64_t)i << 5), centity); apex_mem.Read<uint64_t>(entitylist + ((uint64_t)i << 5), centity);
if (centity == 0) if (centity == 0)
{ {
continue; continue;
@ -389,9 +367,8 @@ static void EspLoop()
0, 0,
(Target.lastVisTime() > lastvis_esp[c]), (Target.lastVisTime() > lastvis_esp[c]),
health, health,
shield shield};
}; Target.get_name(g_Base, i - 1, &players[c].name[0]);
Target.get_name(g_Base, i-1, &players[c].name[0]);
lastvis_esp[c] = Target.lastVisTime(); lastvis_esp[c] = Target.lastVisTime();
valid = true; valid = true;
c++; c++;
@ -403,7 +380,7 @@ static void EspLoop()
for (int i = 0; i < toRead; i++) for (int i = 0; i < toRead; i++)
{ {
uint64_t centity = 0; uint64_t centity = 0;
apex_mem.Read<uint64_t>( entitylist + ((uint64_t)i << 5), centity); apex_mem.Read<uint64_t>(entitylist + ((uint64_t)i << 5), centity);
if (centity == 0) if (centity == 0)
{ {
continue; continue;
@ -427,7 +404,7 @@ static void EspLoop()
} }
int entity_team = Target.getTeamId(); int entity_team = Target.getTeamId();
if (entity_team < 0 || entity_team>50 || entity_team == team_player) if (entity_team < 0 || entity_team > 50 || entity_team == team_player)
{ {
continue; continue;
} }
@ -465,9 +442,8 @@ static void EspLoop()
Target.isKnocked(), Target.isKnocked(),
(Target.lastVisTime() > lastvis_esp[i]), (Target.lastVisTime() > lastvis_esp[i]),
health, health,
shield shield};
}; Target.get_name(g_Base, i - 1, &players[i].name[0]);
Target.get_name(g_Base, i-1, &players[i].name[0]);
lastvis_esp[i] = Target.lastVisTime(); lastvis_esp[i] = Target.lastVisTime();
valid = true; valid = true;
} }
@ -475,7 +451,7 @@ static void EspLoop()
} }
next = true; next = true;
while(next && g_Base!=0 && c_Base!=0 && esp) while (next && g_Base != 0 && c_Base != 0 && esp)
{ {
std::this_thread::sleep_for(std::chrono::milliseconds(1)); std::this_thread::sleep_for(std::chrono::milliseconds(1));
} }
@ -491,28 +467,29 @@ static void AimbotLoop()
while (aim_t) while (aim_t)
{ {
std::this_thread::sleep_for(std::chrono::milliseconds(1)); std::this_thread::sleep_for(std::chrono::milliseconds(1));
while (g_Base!=0 && c_Base!=0) while (g_Base != 0 && c_Base != 0)
{ {
std::this_thread::sleep_for(std::chrono::milliseconds(1)); std::this_thread::sleep_for(std::chrono::milliseconds(1));
if (aim>0) if (aim > 0)
{ {
if (aimentity == 0 || !aiming) if (aimentity == 0 || !aiming)
{ {
lock=false; lock = false;
lastaimentity=0; lastaimentity = 0;
continue; continue;
} }
lock=true; lock = true;
lastaimentity = aimentity; lastaimentity = aimentity;
uint64_t LocalPlayer = 0; uint64_t LocalPlayer = 0;
apex_mem.Read<uint64_t>(g_Base + OFFSET_LOCAL_ENT, LocalPlayer); apex_mem.Read<uint64_t>(g_Base + OFFSET_LOCAL_ENT, LocalPlayer);
if (LocalPlayer == 0) continue; if (LocalPlayer == 0)
continue;
Entity LPlayer = getEntity(LocalPlayer); Entity LPlayer = getEntity(LocalPlayer);
QAngle Angles = CalculateBestBoneAim(LPlayer, aimentity, max_fov); QAngle Angles = CalculateBestBoneAim(LPlayer, aimentity, max_fov);
if (Angles.x == 0 && Angles.y == 0) if (Angles.x == 0 && Angles.y == 0)
{ {
lock=false; lock = false;
lastaimentity=0; lastaimentity = 0;
continue; continue;
} }
LPlayer.SetViewAngles(Angles); LPlayer.SetViewAngles(Angles);
@ -526,69 +503,71 @@ static void set_vars(uint64_t add_addr)
{ {
printf("Reading client vars...\n"); printf("Reading client vars...\n");
std::this_thread::sleep_for(std::chrono::milliseconds(50)); std::this_thread::sleep_for(std::chrono::milliseconds(50));
//Get addresses of client vars // Get addresses of client vars
uint64_t check_addr = 0; uint64_t check_addr = 0;
client_mem.Read<uint64_t>(add_addr, check_addr); client_mem.Read<uint64_t>(add_addr, check_addr);
uint64_t aim_addr = 0; uint64_t aim_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t), aim_addr); client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t), aim_addr);
uint64_t esp_addr = 0; uint64_t esp_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*2, esp_addr); client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 2, esp_addr);
uint64_t aiming_addr = 0; uint64_t aiming_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*3, aiming_addr); client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 3, aiming_addr);
uint64_t g_Base_addr = 0; uint64_t g_Base_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*4, g_Base_addr); client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 4, g_Base_addr);
uint64_t next_addr = 0; uint64_t next_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*5, next_addr); client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 5, next_addr);
uint64_t player_addr = 0; uint64_t player_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*6, player_addr); client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 6, player_addr);
uint64_t valid_addr = 0; uint64_t valid_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*7, valid_addr); client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 7, valid_addr);
uint64_t max_dist_addr = 0; uint64_t max_dist_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*8, max_dist_addr); client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 8, max_dist_addr);
uint64_t item_glow_addr = 0; uint64_t item_glow_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*9, item_glow_addr); client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 9, item_glow_addr);
uint64_t player_glow_addr = 0; uint64_t player_glow_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*10, player_glow_addr); client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 10, player_glow_addr);
uint64_t aim_no_recoil_addr = 0; uint64_t aim_no_recoil_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*11, aim_no_recoil_addr); client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 11, aim_no_recoil_addr);
uint64_t smooth_addr = 0; uint64_t smooth_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*12, smooth_addr); client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 12, smooth_addr);
uint64_t max_fov_addr = 0; uint64_t max_fov_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*13, max_fov_addr); client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 13, max_fov_addr);
uint64_t bone_addr = 0; uint64_t bone_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*14, bone_addr); client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 14, bone_addr);
uint64_t thirdperson_addr = 0; uint64_t thirdperson_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*15, thirdperson_addr); client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 15, thirdperson_addr);
uint64_t shooting_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 16, shooting_addr);
uint64_t chargerifle_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 17, chargerifle_addr);
uint64_t spectators_addr = 0; uint64_t spectators_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*16, spectators_addr); client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 18, spectators_addr);
uint64_t allied_spectators_addr = 0; uint64_t allied_spectators_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*17, allied_spectators_addr); client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t) * 19, allied_spectators_addr);
uint64_t chargerifle_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*18, chargerifle_addr);
uint64_t shooting_addr = 0;
client_mem.Read<uint64_t>(add_addr + sizeof(uint64_t)*19, shooting_addr);
uint32_t check = 0; uint32_t check = 0;
client_mem.Read<uint32_t>(check_addr, check); client_mem.Read<uint32_t>(check_addr, check);
if(check != 0xABCD) if (check != 0xABCD)
{ {
printf("Incorrect values read. Check if the add_off is correct. Quitting.\n"); printf("Incorrect values read. Check if the add_off is correct. Quitting.\n");
active = false; active = false;
return; return;
} }
bool new_client = true;
vars_t = true; vars_t = true;
while(vars_t) while (vars_t)
{ {
std::this_thread::sleep_for(std::chrono::milliseconds(1)); std::this_thread::sleep_for(std::chrono::milliseconds(1));
if(c_Base!=0 && g_Base!=0) if (new_client && c_Base != 0 && g_Base != 0)
{ {
client_mem.Write<uint32_t>(check_addr, 0); client_mem.Write<uint32_t>(check_addr, 0);
new_client = false;
printf("\nReady\n"); printf("\nReady\n");
} }
while(c_Base!=0 && g_Base!=0) while (c_Base != 0 && g_Base != 0)
{ {
std::this_thread::sleep_for(std::chrono::milliseconds(1)); std::this_thread::sleep_for(std::chrono::milliseconds(1));
client_mem.Write<uint64_t>(g_Base_addr, g_Base); client_mem.Write<uint64_t>(g_Base_addr, g_Base);
@ -609,19 +588,19 @@ static void set_vars(uint64_t add_addr)
client_mem.Read<bool>(shooting_addr, shooting); client_mem.Read<bool>(shooting_addr, shooting);
client_mem.Read<bool>(chargerifle_addr, chargerifle); client_mem.Read<bool>(chargerifle_addr, chargerifle);
if(esp && next) if (esp && next)
{ {
if(valid) if (valid)
client_mem.WriteArray<player>(player_addr, players, toRead); client_mem.WriteArray<player>(player_addr, players, toRead);
client_mem.Write<bool>(valid_addr, valid); client_mem.Write<bool>(valid_addr, valid);
client_mem.Write<bool>(next_addr, true); //next client_mem.Write<bool>(next_addr, true); // next
bool next_val = false; bool next_val = false;
do do
{ {
client_mem.Read<bool>(next_addr, next_val); client_mem.Read<bool>(next_addr, next_val);
std::this_thread::sleep_for(std::chrono::milliseconds(1)); std::this_thread::sleep_for(std::chrono::milliseconds(1));
} while (next_val && g_Base!=0 && c_Base!=0); } while (next_val && g_Base != 0 && c_Base != 0);
next = false; next = false;
} }
@ -633,11 +612,11 @@ static void set_vars(uint64_t add_addr)
static void item_glow_t() static void item_glow_t()
{ {
item_t = true; item_t = true;
while(item_t) while (item_t)
{ {
std::this_thread::sleep_for(std::chrono::milliseconds(1)); std::this_thread::sleep_for(std::chrono::milliseconds(1));
int k = 0; int k = 0;
while(g_Base!=0 && c_Base!=0) while (g_Base != 0 && c_Base != 0)
{ {
std::this_thread::sleep_for(std::chrono::milliseconds(1)); std::this_thread::sleep_for(std::chrono::milliseconds(1));
uint64_t entitylist = g_Base + OFFSET_ENTITYLIST; uint64_t entitylist = g_Base + OFFSET_ENTITYLIST;
@ -647,35 +626,37 @@ static void item_glow_t()
{ {
uint64_t centity = 0; uint64_t centity = 0;
apex_mem.Read<uint64_t>(entitylist + ((uint64_t)i << 5), centity); apex_mem.Read<uint64_t>(entitylist + ((uint64_t)i << 5), centity);
if (centity == 0) continue; if (centity == 0)
continue;
Item item = getItem(centity); Item item = getItem(centity);
if(item.isItem() && !item.isGlowing()) if (item.isItem() && !item.isGlowing())
{ {
item.enableGlow(); item.enableGlow();
} }
} }
k=1; k = 1;
std::this_thread::sleep_for(std::chrono::milliseconds(600)); std::this_thread::sleep_for(std::chrono::milliseconds(600));
} }
else else
{ {
if(k==1) if (k == 1)
{ {
for (int i = 0; i < 10000; i++) for (int i = 0; i < 10000; i++)
{ {
uint64_t centity = 0; uint64_t centity = 0;
apex_mem.Read<uint64_t>(entitylist + ((uint64_t)i << 5), centity); apex_mem.Read<uint64_t>(entitylist + ((uint64_t)i << 5), centity);
if (centity == 0) continue; if (centity == 0)
continue;
Item item = getItem(centity); Item item = getItem(centity);
if(item.isItem() && item.isGlowing()) if (item.isItem() && item.isGlowing())
{ {
item.disableGlow(); item.disableGlow();
} }
} }
k=0; k = 0;
} }
} }
} }
@ -694,7 +675,7 @@ int main(int argc, char *argv[])
const char* ap_proc = "r5apex.exe"; const char* ap_proc = "r5apex.exe";
//const char* ap_proc = "EasyAntiCheat_launcher.exe"; //const char* ap_proc = "EasyAntiCheat_launcher.exe";
//Client "add" offset // Client "add" offset
uint64_t add_off = 0x3f880; uint64_t add_off = 0x3f880;
std::thread aimbot_thr; std::thread aimbot_thr;
@ -702,11 +683,12 @@ int main(int argc, char *argv[])
std::thread actions_thr; std::thread actions_thr;
std::thread itemglow_thr; std::thread itemglow_thr;
std::thread vars_thr; std::thread vars_thr;
while(active) bool proc_not_found = false;
while (active)
{ {
if(apex_mem.get_proc_status() != process_status::FOUND_READY) if (apex_mem.get_proc_status() != process_status::FOUND_READY)
{ {
if(aim_t) if (aim_t)
{ {
aim_t = false; aim_t = false;
esp_t = false; esp_t = false;
@ -720,16 +702,24 @@ int main(int argc, char *argv[])
itemglow_thr.~thread(); itemglow_thr.~thread();
} }
proc_not_found = apex_mem.get_proc_status() == process_status::NOT_FOUND;
if (proc_not_found)
{
std::this_thread::sleep_for(std::chrono::seconds(1)); std::this_thread::sleep_for(std::chrono::seconds(1));
printf("Searching for apex process...\n"); printf("Searching for apex process...\n");
}
apex_mem.open_proc(ap_proc); apex_mem.open_proc(ap_proc);
if(apex_mem.get_proc_status() == process_status::FOUND_READY) if (apex_mem.get_proc_status() == process_status::FOUND_READY)
{ {
g_Base = apex_mem.get_proc_baseaddr(); g_Base = apex_mem.get_proc_baseaddr();
if (proc_not_found)
{
printf("\nApex process found\n"); printf("\nApex process found\n");
printf("Base: %lx\n", g_Base); printf("Base: %lx\n", g_Base);
}
aimbot_thr = std::thread(AimbotLoop); aimbot_thr = std::thread(AimbotLoop);
esp_thr = std::thread(EspLoop); esp_thr = std::thread(EspLoop);
@ -746,9 +736,9 @@ int main(int argc, char *argv[])
apex_mem.check_proc(); apex_mem.check_proc();
} }
if(client_mem.get_proc_status() != process_status::FOUND_READY) if (client_mem.get_proc_status() != process_status::FOUND_READY)
{ {
if(vars_t) if (vars_t)
{ {
vars_t = false; vars_t = false;
c_Base = 0; c_Base = 0;
@ -761,7 +751,7 @@ int main(int argc, char *argv[])
client_mem.open_proc(cl_proc); client_mem.open_proc(cl_proc);
if(client_mem.get_proc_status() == process_status::FOUND_READY) if (client_mem.get_proc_status() == process_status::FOUND_READY)
{ {
c_Base = client_mem.get_proc_baseaddr(); c_Base = client_mem.get_proc_baseaddr();
printf("\nClient process found\n"); printf("\nClient process found\n");

118
apex_dma/memory.cpp
Unescape Escape View File

@ -1,4 +1,5 @@
#include "memory.h" #include "memory.h"
#include <unistd.h>
// Credits: learn_more, stevemk14ebr // Credits: learn_more, stevemk14ebr
size_t findPattern(const PBYTE rangeStart, size_t len, const char *pattern) size_t findPattern(const PBYTE rangeStart, size_t len, const char *pattern)
@ -61,7 +62,7 @@ process_status Memory::get_proc_status()
void Memory::check_proc() void Memory::check_proc()
{ {
if (status == process_status::FOUND_READY) if (status == process_status::FOUND_READY || status == process_status::FOUND_NO_ACCESS)
{ {
short c; short c;
Read<short>(proc.baseaddr, c); Read<short>(proc.baseaddr, c);
@ -69,7 +70,10 @@ void Memory::check_proc()
if (c != 0x5A4D) if (c != 0x5A4D)
{ {
status = process_status::FOUND_NO_ACCESS; status = process_status::FOUND_NO_ACCESS;
close_proc(); }
else
{
status = process_status::FOUND_READY;
} }
} }
} }
@ -98,6 +102,74 @@ bool kernel_init(Inventory *inv, const char *connector_name)
return true; return true;
} }
bool Memory::testDtbValue(const uint64_t &dtb_val)
{
proc.hProcess.set_dtb(dtb_val, Address_INVALID);
check_proc();
if (status == process_status::FOUND_READY)
{
lastCorrectDtbPhysicalAddress = dtb_val;
return true;
}
return false;
}
// https://www.unknowncheats.me/forum/apex-legends/670570-quick-obtain-cr3-check.html
bool Memory::bruteforceDtb(uint64_t dtbStartPhysicalAddr, const uint64_t stepPage)
{
// eac cr3 always end with 0x-----XX000
// dtbStartPhysicalAddr should be a multiple of 0x1000
if ((dtbStartPhysicalAddr & 0xFFF) != 0)
return false;
if (dtbStartPhysicalAddr > MAX_PHYADDR)
return false;
dtbStartPhysicalAddr -= dtbStartPhysicalAddr % stepPage;
dtbStartPhysicalAddr += lastCorrectDtbPhysicalAddress % stepPage;
auto start = std::chrono::high_resolution_clock::now();
bool result = false;
uint64_t furtherDistance = GetFurtherDistance(dtbStartPhysicalAddr, 0x0, MAX_PHYADDR);
size_t maxStep = furtherDistance / stepPage;
uint64_t guessDtbAddr = 0;
for (size_t step = 0; step < maxStep; step++)
{
// bruteforce dtb from middle
guessDtbAddr = dtbStartPhysicalAddr + step * stepPage;
if (guessDtbAddr < MAX_PHYADDR)
{
if (testDtbValue(guessDtbAddr))
{
result = true;
break;
}
}
// dont forget the other side
if (dtbStartPhysicalAddr > step * stepPage)
{
guessDtbAddr = dtbStartPhysicalAddr - step * stepPage;
if (testDtbValue(guessDtbAddr))
{
result = true;
break;
}
}
}
auto end = std::chrono::high_resolution_clock::now();
auto duration = std::chrono::duration_cast<std::chrono::milliseconds>(end - start);
printf("[+] bruteforce dtb %s to find dtb:0x%lx, time:%ldms\n", result ? "success" : "failed", result ? guessDtbAddr : 0x0, duration.count());
// In case we cannot get the dtb through this shortcut method.
if (result == false && stepPage != 0x1000)
{
return bruteforceDtb(dtbStartPhysicalAddr, 0x1000);
}
return result;
}
void Memory::open_proc(const char *name) void Memory::open_proc(const char *name)
{ {
if (!conn) if (!conn)
@ -126,48 +198,48 @@ void Memory::open_proc(const char *name)
if (kernel.get()->process_info_by_name(name, &info)) if (kernel.get()->process_info_by_name(name, &info))
{ {
status = process_status::NOT_FOUND; status = process_status::NOT_FOUND;
lastCorrectDtbPhysicalAddress = 0;
return; return;
} }
ProcessInstance<> tmp_proc; close_proc();
if (kernel.get()->clone().into_process_by_info(info, &proc.hProcess))
if (kernel.get()->process_by_info(info, &tmp_proc))
{ {
status = process_status::NOT_FOUND; status = process_status::FOUND_NO_ACCESS;
printf("Error while opening process %s\n", name);
close_proc();
return; return;
} }
ModuleInfo module_info; ModuleInfo module_info;
if (proc.hProcess.module_by_name(name, &module_info))
if (tmp_proc.module_by_name(name, &module_info))
{
printf("Can't find base module info for process %s. Trying with a new dtb...\n", name);
for (size_t dtb = 0; dtb <= SIZE_MAX; dtb += 0x1000)
{ {
info.dtb1 = dtb; status = process_status::FOUND_NO_ACCESS;
kernel.get()->process_by_info(info, &tmp_proc); auto base_section = std::make_unique<char[]>(8);
uint64_t *base_section_value = (uint64_t *)base_section.get();
if (!tmp_proc.module_by_name(name, &module_info)) CSliceMut<uint8_t> slice(base_section.get(), 8);
break; uint32_t EPROCESS_SectionBaseAddress_off = 0x520; // win10 >= 20H1
kernel.get()->read_raw_into(info.address + EPROCESS_SectionBaseAddress_off, slice);
proc.baseaddr = *base_section_value;
if (dtb == SIZE_MAX) if (!bruteforceDtb(0x0, 0x100000))
{ {
printf("Access error for process %s\n", name); close_proc();
status = process_status::FOUND_NO_ACCESS;
return; return;
} }
} }
else
{
proc.baseaddr = module_info.base;
} }
kernel.get()->clone().into_process_by_info(info, &proc.hProcess);
proc.baseaddr = module_info.base;
status = process_status::FOUND_READY; status = process_status::FOUND_READY;
} }
void Memory::close_proc() void Memory::close_proc()
{ {
std::lock_guard<std::mutex> l(m);
proc.hProcess.~IntoProcessInstance();
proc.baseaddr = 0; proc.baseaddr = 0;
} }

22
apex_dma/memory.h
Unescape Escape View File

@ -17,6 +17,17 @@ typedef WORD *PWORD;
static std::unique_ptr<ConnectorInstance<>> conn = nullptr; static std::unique_ptr<ConnectorInstance<>> conn = nullptr;
static std::unique_ptr<OsInstance<>> kernel = nullptr; static std::unique_ptr<OsInstance<>> kernel = nullptr;
// set MAX_PHYADDR to a reasonable value, larger values will take more time to traverse.
constexpr uint64_t MAX_PHYADDR = 0xFFFFFFFFF;
inline uint64_t GetFurtherDistance(uint64_t A, uint64_t Min, uint64_t Max)
{
uint64_t distanceToMin = (A > Min) ? (A - Min) : (Min - A);
uint64_t distanceToMax = (A > Max) ? (A - Max) : (Max - A);
return (distanceToMin > distanceToMax) ? distanceToMin : distanceToMax;
}
inline bool isMatch(const PBYTE addr, const PBYTE pat, const PBYTE msk) inline bool isMatch(const PBYTE addr, const PBYTE pat, const PBYTE msk)
{ {
size_t n = 0; size_t n = 0;
@ -51,13 +62,10 @@ private:
Process proc; Process proc;
process_status status = process_status::NOT_FOUND; process_status status = process_status::NOT_FOUND;
std::mutex m; std::mutex m;
uint64_t lastCorrectDtbPhysicalAddress = 0x0;
public: public:
~Memory() ~Memory() = default;
{
if (kernel)
os_drop(kernel.get());
}
uint64_t get_proc_baseaddr(); uint64_t get_proc_baseaddr();
@ -82,6 +90,10 @@ public:
bool WriteArray(uint64_t address, const T value[], size_t len); bool WriteArray(uint64_t address, const T value[], size_t len);
uint64_t ScanPointer(uint64_t ptr_address, const uint32_t offsets[], int level); uint64_t ScanPointer(uint64_t ptr_address, const uint32_t offsets[], int level);
bool bruteforceDtb(uint64_t dtbStartPhysicalAddr, const uint64_t stepPage);
bool testDtbValue(const uint64_t &dtb_val);
}; };
template <typename T> template <typename T>

151
apex_dma/offsets.h
Unescape Escape View File

@ -1,103 +1,48 @@
#define ORIGIN 1 //v3.0.3.26
#define STEAM 2
#define OFFSET_ENTITYLIST 0x2022bf8
#define VERSION STEAM #define OFFSET_LOCAL_ENT 0x24F6288
#define OFFSET_NAME_LIST 0xd506390
#if VERSION == STEAM #define OFFSET_THIRDPERSON 0x01e3b190 + 0x6c // thirdperson_override + 0x6c
#define OFFSET_TIMESCALE 0x01841ee0 // host_timescale
#define OFFSET_ENTITYLIST 0x1eabd08
#define OFFSET_LOCAL_ENT 0x225a8a8 #define OFFSET_TEAM 0x0338 // m_iTeamNum
#define OFFSET_NAME_LIST 0xc7912b0 #define OFFSET_HEALTH 0x0328 // m_iHealth
#define OFFSET_THIRDPERSON 0x01e3b190 + 0x6c //thirdperson_override + 0x6c #define OFFSET_SHIELD 0x01a0 // m_shieldHealth
#define OFFSET_TIMESCALE 0x01841ee0 //host_timescale #define OFFSET_NAME 0x0481 // m_iName
#define OFFSET_SIGN_NAME 0x0478 // m_iSignifierName
#define OFFSET_TEAM 0x0328 //m_iTeamNum #define OFFSET_ABS_VELOCITY 0x0170 // m_vecAbsVelocity
#define OFFSET_HEALTH 0x0318 //m_iHealth #define OFFSET_VISIBLE_TIME 0x1990 // CPlayer!lastVisibleTime
#define OFFSET_SHIELD 0x01a0 //m_shieldHealth #define OFFSET_ZOOMING 0x1be1 // m_bZooming
#define OFFSET_NAME 0x0471 //m_iName #define OFFSET_THIRDPERSON_SV 0x36c8 // m_thirdPersonShoulderView
#define OFFSET_SIGN_NAME 0x0468 //m_iSignifierName #define OFFSET_YAW 0x223c - 0x8 // m_currentFramePlayer.m_ammoPoolCount - 0x8
#define OFFSET_ABS_VELOCITY 0x0170 //m_vecAbsVelocity
#define OFFSET_VISIBLE_TIME 0x1990 //CPlayer!lastVisibleTime #define OFFSET_LIFE_STATE 0x0690 // m_lifeState, >0 = dead
#define OFFSET_ZOOMING 0x1bd1 //m_bZooming #define OFFSET_BLEED_OUT_STATE 0x2760 // m_bleedoutState, >0 = knocked
#define OFFSET_THIRDPERSON_SV 0x36c8 //m_thirdPersonShoulderView
#define OFFSET_YAW 0x223c - 0x8 //m_currentFramePlayer.m_ammoPoolCount - 0x8 #define OFFSET_ORIGIN 0x017c // m_vecAbsOrigin
#define OFFSET_BONES 0x0da8 + 0x48 // m_nForceBone + 0x48
#define OFFSET_LIFE_STATE 0x0680 //m_lifeState, >0 = dead #define OFFSET_STUDIOHDR 0xff0 // CBaseAnimating!m_pStudioHdr
#define OFFSET_BLEED_OUT_STATE 0x26e0 //m_bleedoutState, >0 = knocked #define OFFSET_AIMPUNCH 0x2438 // m_currentFrameLocalPlayer.m_vecPunchWeapon_Angle
#define OFFSET_CAMERAPOS 0x1ee0 // CPlayer!camera_origin
#define OFFSET_ORIGIN 0x017c //m_vecAbsOrigin #define OFFSET_VIEWANGLES 0x2534 - 0x14 // m_ammoPoolCapacity - 0x14
#define OFFSET_BONES 0x0da0 + 0x48 //m_nForceBone + 0x48 #define OFFSET_BREATH_ANGLES OFFSET_VIEWANGLES - 0x10
#define OFFSET_STUDIOHDR 0xff0 //CBaseAnimating!m_pStudioHdr #define OFFSET_OBSERVER_MODE 0x34a4 // m_iObserverMode
#define OFFSET_AIMPUNCH 0x2438 //m_currentFrameLocalPlayer.m_vecPunchWeapon_Angle #define OFFSET_OBSERVING_TARGET 0x34b0 // m_hObserverTarget
#define OFFSET_CAMERAPOS 0x1ed0 //CPlayer!camera_origin #define OFFSET_OBSERVER_LIST 0x02022b50 + 0x20C8
#define OFFSET_VIEWANGLES 0x2534 - 0x14 //m_ammoPoolCapacity - 0x14
#define OFFSET_BREATH_ANGLES OFFSET_VIEWANGLES - 0x10 #define OFFSET_MATRIX 0x11A350
#define OFFSET_OBSERVER_MODE 0x34a4 //m_iObserverMode #define OFFSET_RENDER 0x77BD448
#define OFFSET_OBSERVING_TARGET 0x34b0 //m_hObserverTarget
#define OFFSET_OBSERVER_LIST 0x1EADD28 #define OFFSET_WEAPON 0x1934 // m_latestPrimaryWeapons
#define OFFSET_BULLET_SPEED 0x19d8 + 0x04ec // CWeaponX!m_flProjectileSpeed
#define OFFSET_MATRIX 0x11a350 #define OFFSET_BULLET_SCALE 0x19d8 + 0x04f4 // CWeaponX!m_flProjectileScale
#define OFFSET_RENDER 0x74dd028 #define OFFSET_ZOOM_FOV 0x15e0 + 0x00b8 // m_playerData + m_curZoomFOV
#define OFFSET_AMMO 0x1590 // m_ammoInClip
#define OFFSET_WEAPON 0x1934 //m_latestPrimaryWeapons
#define OFFSET_BULLET_SPEED 0x1ea4 //CWeaponX!m_flProjectileSpeed #define OFFSET_ITEM_GLOW 0x02f0 // m_highlightFunctionBits
#define OFFSET_BULLET_SCALE 0x1eac //CWeaponX!m_flProjectileScale
#define OFFSET_ZOOM_FOV 0x15d0 + 0x00b8 //m_playerData + m_curZoomFOV #define OFFSET_GLOW_T1 0x292 // 16256 = enabled, 0 = disabled
#define OFFSET_AMMO 0x1554 //m_ammoInClip #define OFFSET_GLOW_T2 0x30c // 1193322764 = enabled, 0 = disabled
#define OFFSET_GLOW_ENABLE 0x28C // 7 = enabled, 2 = disabled
#define OFFSET_ITEM_GLOW 0x02f0 //m_highlightFunctionBits #define OFFSET_GLOW_THROUGH_WALLS 0x26c // 2 = enabled, 5 = disabled
#define OFFSET_GLOW_T1 0x292 //16256 = enabled, 0 = disabled
#define OFFSET_GLOW_T2 0x30c //1193322764 = enabled, 0 = disabled
#define OFFSET_GLOW_ENABLE 0x28C //7 = enabled, 2 = disabled
#define OFFSET_GLOW_THROUGH_WALLS 0x26c //2 = enabled, 5 = disabled
#elif VERSION == ORIGIN
#define OFFSET_ENTITYLIST 0x1e743a8
#define OFFSET_LOCAL_ENT 0x2224528
#define OFFSET_NAME_LIST 0xc2b0b00
#define OFFSET_THIRDPERSON 0x01e03040 + 0x6c //thirdperson_override + 0x6c
#define OFFSET_TIMESCALE 0x017b7f60 //host_timescale
#define OFFSET_TEAM 0x0480 //m_iTeamNum
#define OFFSET_HEALTH 0x0470 //m_iHealth
#define OFFSET_SHIELD 0x01a0 //m_shieldHealth
#define OFFSET_NAME 0x05c1 //m_iName
#define OFFSET_SIGN_NAME 0x05b8 //m_iSignifierName
#define OFFSET_ABS_VELOCITY 0x0170 //m_vecAbsVelocity
#define OFFSET_VISIBLE_TIME 0x1AA0 //CPlayer!lastVisibleTime
#define OFFSET_ZOOMING 0x1c81 //m_bZooming
#define OFFSET_THIRDPERSON_SV 0x3728 //m_thirdPersonShoulderView
#define OFFSET_YAW 0x22ec - 0x8 //m_currentFramePlayer.m_ammoPoolCount - 0x8
#define OFFSET_LIFE_STATE 0x07d0 //m_lifeState, >0 = dead
#define OFFSET_BLEED_OUT_STATE 0x2790 //m_bleedoutState, >0 = knocked
#define OFFSET_ORIGIN 0x017c //m_vecAbsOrigin
#define OFFSET_BONES 0x0ec8 + 0x48 //m_nForceBone + 0x48
#define OFFSET_STUDIOHDR 0x1118 //CBaseAnimating!m_pStudioHdr
#define OFFSET_AIMPUNCH 0x24e8 //m_currentFrameLocalPlayer.m_vecPunchWeapon_Angle
#define OFFSET_CAMERAPOS 0x1f80 //CPlayer!camera_origin
#define OFFSET_VIEWANGLES 0x25e4 - 0x14 //m_ammoPoolCapacity - 0x14
#define OFFSET_BREATH_ANGLES OFFSET_VIEWANGLES - 0x10
#define OFFSET_OBSERVER_MODE 0x3534 //m_iObserverMode
#define OFFSET_OBSERVING_TARGET 0x3540 //m_hObserverTarget
#define OFFSET_MATRIX 0x11A350
#define OFFSET_RENDER 0x7472E00
#define OFFSET_WEAPON 0x1a44 //m_latestPrimaryWeapons
#define OFFSET_BULLET_SPEED 0x1F6C //CWeaponX!m_flProjectileSpeed
#define OFFSET_BULLET_SCALE 0x1F74 //CWeaponX!m_flProjectileScale
#define OFFSET_ZOOM_FOV 0x16e0 + 0xb8 //m_playerData + m_curZoomFOV
#define OFFSET_AMMO 0x1664 //m_ammoInClip
#define OFFSET_ITEM_GLOW 0x02f0 //m_highlightFunctionBits
#define OFFSET_GLOW_T1 0x292 //16256 = enabled, 0 = disabled
#define OFFSET_GLOW_T2 0x30c //1193322764 = enabled, 0 = disabled
#define OFFSET_GLOW_ENABLE 0x3f8 //7 = enabled, 2 = disabled
#define OFFSET_GLOW_THROUGH_WALLS 0x400 //2 = enabled, 5 = disabled
#endif

Write Preview
Loading…
Cancel
Save