Useful functions to hook for internal hack

[hairybastard]

Hi guys,

I've been reading around the work done on hacking CSGO so far, and there's quite a mess of information. It seems that most of the stuff built for it is "external"? In other words, the code behind it isn't designed to be injected - instead it reads/writes memory addresses as another process, and renders on top of the game. That's what I gathered with the bunch of mem.read/write calls in there.

I'm looking to build an "internal" one - one that uses the game's engine to recognize models, render, etc. (Different ESPs kind of thing is the end-goal, but I'm not looking for a finished project.) So that makes all those examples useless - and they seem to be most of the examples around the place.
After a day of reading around what I'm still unsure about is which functions in the game are the interesting ones - both to hook, and to call for parsing through entities and rendering on top of them. Last time I did this it was COD4, so I'm guessing it's similar for CSGO.

The only one I've seen come up quite a few times was this:

Code:

ClientModeShared::CreateMove(float, CUserCmd*)

I've seen people trying to hook this all over the place, but not why. Hooking it is easy, but what is it useful for? What does it do? Is that the right starting point? Is this where I should be getting access to world entities (somehow), parsing them and rendering?

Thanks for any insight you guys can give.

[Orinion77]

Internals are harder to code, and harder to make undetected again. Thats why there are so few public.
For drawing hook"PaintTraverse"
For aimbot and movement stuff hook "CreateMove" (in Clientmode or in client)
For noVisualReoil you could hook "FrameStageNotify"
Why hook CreateMove? thats the function getting called every tick. The usercmd is send to the server, and when hooking Createmove, can be modifyed. That way you can achieve silent aim.
Have fun

[hairybastard]

That's a perfect summary of everything I needed to know. Thanks so much.

The last question I have is with PaintTraverse. There are two in the symbol list:
C_CSRootPanel::PaintTraverse(bool, bool)
vgui::Panel::PaintTraverse(bool, bool)

The first one seems to be a small "wrapper" style function that calls the second one, and the second one has quite a lot of code. Is it the second one I should be hooking for drawing stuff, or the first one?

Thanks,

[Orinion77]

That's a perfect summary of everything I needed to know. Thanks so much.

The last question I have is with PaintTraverse. There are two in the symbol list:
C_CSRootPanel::PaintTraverse(bool, bool)
vgui::Panel::PaintTraverse(bool, bool)

The first one seems to be a small "wrapper" style function that calls the second one, and the second one has quite a lot of code. Is it the second one I should be hooking for drawing stuff, or the first one?

Thanks,

vgui::IPanel::PaintTravers(unsigned int vguiPanel, bool forceRepaint, bool allowForce), Index 41.
Check if the act Panel is named "FocusOverlayPanel", and draw on that.

[rwby]

Internals are harder to code, and harder to make undetected again. Thats why there are so few public.
For drawing hook"PaintTraverse"
For aimbot and movement stuff hook "CreateMove" (in Clientmode or in client)
For noVisualReoil you could hook "FrameStageNotify"
Why hook CreateMove? thats the function getting called every tick. The usercmd is send to the server, and when hooking Createmove, can be modifyed. That way you can achieve silent aim.
Have fun

You are somewhat correct he did detail what hooks do this or do that. But one thing considered Internal can be much easier then external depending on the programmer and what he desires.

You can also achieve some stuff like chams by doing DrawModelExecute or hooking RecVProp to accomplish something like knife changer or fixing sequences on knifes. If hooking RecVProp isnt your type of thing then you can also use FindMDL.

[hairybastard]

You are somewhat correct he did detail what hooks do this or do that. But one thing considered Internal can be much easier then external depending on the programmer and what he desires.

You can also achieve some stuff like chams by doing DrawModelExecute or hooking RecVProp to accomplish something like knife changer or fixing sequences on knifes. If hooking RecVProp isnt your type of thing then you can also use FindMDL.

Thanks, I personally prefer the internal route so I'll try and build something for that first. Appreciate the input on additional useful functions/entry-points!

[rwby]

Thanks, I personally prefer the internal route so I'll try and build something for that first. Appreciate the input on additional useful functions/entry-points!

All of what i said is Internal.

[viking911]

Internals are harder to code, and harder to make undetected again.

Nope, and nope.
Internal is actually easier to make.

[Orinion77]

Nope, and nope.
Internal is actually easier to make.

This is not the correct place to discuss this, but yes they are unless you are a stupid c+p skid and use a public sdk which you will have to update (nearly) every patch. Otherwise you will have to reclass the whole thing, which will take a lot of time, while when using externals you will only have to get a sig off an offset and you got it. Ofcourse you are limited bla bla bla

[gtaplayer2]

This is not the correct place to discuss this, but yes they are unless you are a stupid c+p skid and use a public sdk which you will have to update (nearly) every patch. Otherwise you will have to reclass the whole thing, which will take a lot of time, while when using externals you will only have to get a sig off an offset and you got it. Ofcourse you are limited bla bla bla

U wot m8? I have had same copy pasted hack for 3 months never had to update it.