# How to make a aimbot for any FPS game '

**FoxxyStyleWC** · 09-04-2010

>>> This would work in all FPS games <<<

Hello everyone and welcome to my new tutorial on how to make a aimbot in C. I saw many people ask for aimbots, but no tutorials (at least not not D3D tutorials) on how to make them, so I thought I pour a little on the method my personal method of making them. This tutorial is not the way to make an aimbot, just my way

Tools needed:
Searcher favorite memory (I use T-Search)
Compiler C / C (I use VC)
Game with FPS-style view (This guide uses Delta Force Xtreme v1.6.5.0)

Knowledge of the following issues also help:
How memory is stored (structures of understanding within a game)
How to search for addresses
Seeking to resolve DMA pointer inside out trainer
A lot of time and patience and some knowledge of mathematics, including triganometry and common sense
Knowledge of C / C shit is VITAL

//////////////////////

Well ... to start, I guess that explains the basis of how it will work the aimbot is a good idea. I was thinking about a few different methods on how to do it, but it was a little confused about for ages. It was obvious (to me at least) that we would get the position of enemies. But it was what to do with that confused me, I did not know how to use this data to my advantage and set my sights on it ... finally thosee years of math in school came on the scene.

What we do is get our position by coordinates in X, Y and Z (or East / West, North / South and height), and the same to the enemy. With this, we can work our relative angle between the north (or a different point, that comes later), our player and enemy. So in the end all, we have our angle of pointing to (outside of North America) in order to look for the enemy. This is then used to define the look of our rotation for the enemy. Then we do the same with the height (between a point that is always ahead of us, our player, and the enemy) to get the angle we need to aim up / down.

I will probably just nailed some of your braincells trying to make you understand that, but do not worry, I hope everyone comes out a little clearer. Now, this is more theory about how it works, it's time to start actually doing it.

Like I said, this is the way * I * aimbots do, and I have to start with three functions in white:
Code:

PLAYER_DATA GetMyPlayerData (void)
PLAYER_DATA GetPlayerData (BYTE PlayerNumber)
void SetCrosshairOnEnemy (BYTE PlayerNumber)

PLAYER_DATA? Yup, to make things tidy in my schedule, I like to use some structures and functions. My PLAYER_DATA structure contains valuable information about a player. Such as:

Code
typedef struct (_PLAYER_DATA
DWORD baseadd; / address / reader base current
DWORD coordEW; / East / West (X) Co-ord
DWORD coordNS; / North / South (Y) co-ord
DWORD coordUD; / Up / Down (Z) co-ord
DWORD coordEWa / / The address of the players EW co-ord
DWORD coordNSa / / The address of the NS players co-ord
DWORD coordUDa / / The address of the players UD (up / down .. wtf was I thinking when that appointment) Co-ord
DWORD lookX / / The players look at the x-axis (which will change if you move the mouse side to side)
DWORD look / / The players look Y axis (which will change if you move the mouse forward and backward)
DWORD lookXa / / The address of the look X
Looky DWORD / / The address of the gaze Y
name char / / Store the name of the current players
DWORD NAMEA / / The address of the current players name
PLAYER_DATA);

I really do not know why I put all the addresses for all the structure, but hell, he might use when doing something one day. All things come from there to use when doing our aimbot, so here's how to search for each one (at least DFX).

The easiest is to start with the name, use the search Artmoney Text
Co-ords:
NS - Move to the north, increased demand, south movement, decline in demand
EW - Move east, seeking larger, movement to the west, declining demand
UD - Move up (a hill ladder /), seeks to increase, moving down, demand declined
LookX - Move mouse left / right, research has changed ... set the polling interval of any other addie narrow search down (this value may be different for DFX. In DFX, 0 was the east, and increased as they went anti-clockwise until you have it, shortly before the East which was 0xFFFFFFFF)
Look - Move the mouse forward / backward, search changed

You should be able to get the base address of players close enough to any of these, and a pointer to get it in the game. I use two hands, one that always points to 0 reader (or 1, the first player from memory) 's base address, and one that always points to the base address of my player. Now we can modify the functions and GetMyPlayerData GetPlayerData to bring us this information:

On top of C, which defines the bases:

You should be able to get the base address of players close enough to any of these, and a pointer to get it in the game. I use two hands, one that always points to the player 0 (or 1, the first player from memory) 's base address, and one that always points to the base address of my player. Now we can modify the functions and GetMyPlayerData GetPlayerData to bring us this information:

On top of C, which defines the bases:

Code:
# Define MBASE 0xBD63D8 / MBASE / = my base, where has my address basic players
# Define HBase 0xB0D228 / HBase / = Host Base, always have th

/ / /
PLAYER_DATA GetMyPlayerData (void)
(
PLAYER_DATA Player / / Create a blank PLAYER_DATA struct
ZeroMemory (& Player, sizeof (PLAYER_DATA)) / Started everything to 0 (by L. Spiro, this solved some problems)
Peek ((void *) MBASE, (void *) & Player.baseadd, 4); / / Get our players Base Address Pointer

Player.coordEWa Player.baseadd = 0x8 / / Get all addie for everything ... the 0x8, 0xC and shit are the offsets I found to DFX
Player.coordNSa Player.baseadd = 0xC;
Player.coordUDa Player.baseadd = 0x10;
Player.lookXa Player.baseadd = 0x14;
Player.lookYa Player.baseadd = 0x18;
Player.namea Player.baseadd = 0xF4;

Peek ((void *) Player.coordEWa, (void *) & Player.coordEW, 4) / / Now we all Addie, read all the information they
Peek ((void *) Player.coordNSa, (void *) & Player.coordNS, 4);
Peek ((void *) Player.coordUDa, (void *) & Player.coordUD, 4);
Peek ((void *) Player.lookXa, (void *) & Player.lookX, 4);
Peek ((void *) Player.lookYa, (void *) & Player.lookY, 4);
Peek ((void *) Player.namea, (void *) & Player.name, 15);

return Player / / Give our PLAYER_DATA Player, as the return value
)
/ / /
PLAYER_DATA GetPlayerData (BYTE PlayerNum) / / Takes the number of the player as a stop
(
Player PLAYER_DATA;
ZeroMemory (& Player, sizeof (PLAYER_DATA));
Peek ((void *) HBase, (void *) & Player.baseadd, 4);

Player.baseadd Player.baseadd = (PlayerNum * 0x388) / / 0x388 is the difference between the players, beginning with a player

Player.coordEWa Player.baseadd = 0x8;
Player.coordNSa Player.baseadd = 0xC;
Player.coordUDa Player.baseadd = 0x10;
Player.lookXa Player.baseadd = 0x14;
Player.lookYa Player.baseadd = 0x18;
Player.namea Player.baseadd = 0xF4;

Peek ((void *) Player.coordEWa, (void *) & Player.coordEW, 4);
Peek ((void *) Player.coordNSa, (void *) & Player.coordNS, 4);
Peek ((void *) Player.coordUDa, (void *) & Player.coordUD, 4);
Peek ((void *) Player.lookXa, (void *) & Player.lookX, 4);
Peek ((void *) Player.lookYa, (void *) & Player.lookY, 4);
Peek ((void *) Player.namea, (void *) & Player.name, 15);
Listen
Read phonetically

return Player;
)
/ / /
Now that we have done our job to collect all the data we need, it's time to get to the heart of the aimbot. I have a feeling this will be a lot of reading, so if I were you I would have a snack and a drink or something, then back

//-//-//-//-//-//-//-//-//-//-//-//-//-//-//-//-// -//-//-//-//-//-//-//-//-//-//

mathematical knowledge is required to do this! If you are useless at math and even reading, you're useless in English not to understand the requirements of knowledge at the beginning of Let's look at the top with X.

Because DFX works around the East Point (, facing directly east = 0x00000000/0xFFFFFFFF), all our calculations will be done outside. To help understand this tutorial, I'll include some snazzy little drawings photoshuppered, woo

The aimbot works in four sectors. This makes things easier when you find distances. Here are the sectors and how to determine the sector is an enemy:

Sector 1 = southeast of our position
Sector 2 = southwest of our position
Sector 3 = northwest of our position
Sector 4 = northeast of our position

So let's add these sectors to our source code. Note that we also have to tell our aimbot what to do if they are, for example, to the east of us, but the same on the NS axis. No need to put the code for if they are the same in both the NS and EW axis, otherwise you will not need it to set a goal for you, you're on them

Code:
void SetCrosshairOnEnemy (BYTE PlayerNumber)
(
PLAYER_DATA GetPlayerData PlayerNumber op = (); Player / Opposition = op
PLAYER_DATA GetMyPlayerData cP = (); / CP = Current Player (our player) .. sorry for bad var names :-)

/ * S * 1 /
if (oP.coordEW> cP.coordEW & & <= oP.coordNS cP.coordNS)
(
)

/ S * 2 * /
if (oP.coordEW <= & & cP.coordEW oP.coordNS <cP.coordNS)
(
)

/ S * 3 * /
if (oP.coordEW <cP.coordEW & &> = oP.coordNS cP.coordNS)
(
)

/ S * 4 * /
if (oP.coordEW> = & & cP.coordEW oP.coordNS> cP.coordNS)
(
)
)

Now to get the angle we need to look, we have to make a triangle between the EW axis, we and the player. So we have to find the angle that we are at the apex. Here is a snazzy little drawings:

This is a view from above:
Blue dot = Our reader
Red dot = enemy
Green = The triangle we do
Purple = The angle we need to find
Orange = The difference is that we must work out the angle

Incase you forgot Triganometry then for the next two, we can get easier, let the tangent function:
Tan (angle) = opposite / Adjacent

In all sectors, EW Adjacent is the difference, and the opposite is the difference NS. So let's add some code to our function:

Code:
void SetCrosshairOnEnemy (BYTE PlayerNumber)
(
PLAYER_DATA GetPlayerData PlayerNumber op = ();
PLAYER_DATA GetMyPlayerData cP = ();

EWdif double / / these need to be double that for our calculations Trig to work later
NSdif double;

/ * S * 1 /
if (oP.coordEW> cP.coordEW & & <= oP.coordNS cP.coordNS)
(
cP.coordEW EWdif oP.coordEW = -;
NSdif = cP.coordNS - oP.coordNS;
)

/ S * 2 * /
if (oP.coordEW <= & & cP.coordEW oP.coordNS <cP.coordNS)
(
oP.coordEW EWdif cP.coordEW = -;
NSdif = cP.coordNS - oP.coordNS;
)

/ S * 3 * /
if (oP.coordEW <cP.coordEW & &> = oP.coordNS cP.coordNS)
(
oP.coordEW EWdif cP.coordEW = -;
NSdif = oP.coordNS - cP.coordNS;
)

/ S * 4 * /
if (oP.coordEW> = & & cP.coordEW oP.coordNS> cP.coordNS)
(
cP.coordEW EWdif oP.coordEW = -;
NSdif = oP.coordNS - cP.coordNS;
)
)

Please note that in each sector, the calculations are not the same. You need to take greater the slightest hope ... that's obvious. Okay, so now we have it, we need to get the angle in degrees. For this we need to return to the formula:

Tan (angle) = opposite / Adjacent
Tan (angle) = NSdif / EWdif

We must do the inverse function of tangent, so we can get the angle rather than the tangent of the angle. The function to do this is atan (atan2 could have used but did not know that function at the time of programming). It takes a double parameter and returns a double value of the angle in radians. But that's not good for us, we want to degrees. Well, to convert radians to degrees, to a multiplication of 0.29578 '57 'as being outside the tinternet :-) Remember to include <math.h> function atan

Then, due to our X does not look with a maximum of 360, which goes upto 0xFFFFFFFF (4294967295), we find the percentage that this angle is 360. This is so that we can discover the value that we need to use, for example:
If the angle of 90 degrees
90/360 = 0.25 (decimal percentage of the angle)
0xFFFFFFFF 3FFFFFFF * 0.25 = (approx), which is the new value we need to use

Let's put this in code:

Code:
void SetCrosshairOnEnemy (BYTE PlayerNumber)
(
PLAYER_DATA GetPlayerData PlayerNumber op = ();
PLAYER_DATA GetMyPlayerData cP = ();

EWdif double;
NSdif double;
dual angle / / The angle in degrees between the enemy in the east, and we
angleP double / / The decimal percentage of the angle

/ * S * 1 /
if (oP.coordEW> cP.coordEW & & <= oP.coordNS cP.coordNS)
(
cP.coordEW EWdif oP.coordEW = -;
NSdif = cP.coordNS - oP.coordNS;
angle = atan (NSdif / EWdif) 57.29578 * / / Remember, the 57.29578 is to convert from radians to degrees :-)
angleP = (angleA/360);
)

/ S * 2 * /
if (oP.coordEW <= & & cP.coordEW oP.coordNS <cP.coordNS)
(
oP.coordEW EWdif cP.coordEW = -;
NSdif = cP.coordNS - oP.coordNS;
angle = atan (NSdif / EWdif) * 57.29578;
angleP = (angleA/360);
)

/ S * 3 * /
if (oP.coordEW <cP.coordEW & &> = oP.coordNS cP.coordNS)
(
oP.coordEW EWdif cP.coordEW = -;
NSdif = oP.coordNS - cP.coordNS;
angle = atan (NSdif / EWdif) * 57.29578;
angleP = (angleA/360);
)

/ S * 4 * /
if (oP.coordEW> = & & cP.coordEW oP.coordNS> cP.coordNS)
(
cP.coordEW EWdif oP.coordEW = -;
NSdif = oP.coordNS - cP.coordNS;
angle = atan (NSdif / EWdif) * 57.29578;
angleP = (angleA/360);
)
)
Then we need to know what to do with this code for another time ... doody design ub3r-1337!

To understand, remember that 0 in our X-Look is this ... and the values go counterclockwise. Lets go back to the sectors:

Sector 1 (SE) = 0xFFFFFFFF (east) - our new value
Sector 2 (SW) = 0xFFFFFFFF / 2 (west), our new value
Sector 3 (NW) = 0xFFFFFFFF / 2 (west) - our new value
Sector 4 (NE) = 0 (east), our new value

Before writing them, however, we must convert them back to DWORDs, doubles. Here's the new code:

Code:
void SetCrosshairOnEnemy (BYTE PlayerNumber)
(
PLAYER_DATA GetPlayerData PlayerNumber op = ();
PLAYER_DATA GetMyPlayerData cP = ();

EWdif double;
NSdif double;
double angle;
angleP double;
double newValue / / To hold our new value pair
DWORD newValue2 / / To turn our back on double DWORD ready to write

halfCircle double = 0xFFFFFFFF / 2 / / Just to make the code easier to read a little :-)

/ * S * 1 /
if (oP.coordEW> cP.coordEW & & <= oP.coordNS cP.coordNS)
(
cP.coordEW EWdif oP.coordEW = -;
NSdif = cP.coordNS - oP.coordNS;
angle = atan (NSdif / EWdif) * 57.29578;
angleP = (angleA/360);
newValue = - 0xFFFFFFFF (0xFFFFFFFF angleP *) / / As described above :-)
newValue2 newValue = / / Set it to DWORD (may get compile warnings about data loss .. that's why we're doing it :-)
Poke ((void *) & cP.lookXa newValue2, 4) / / Write the new value
)

/ S * 2 * /
if (oP.coordEW <= & & cP.coordEW oP.coordNS <cP.coordNS)
(
oP.coordEW EWdif cP.coordEW = -;
NSdif = cP.coordNS - oP.coordNS;
angle = atan (NSdif / EWdif) * 57.29578;
angleP = (angleA/360);
halfCircle newValue = (0xFFFFFFFF angleP *);
newValue2 = newValue;
Poke ((void *) & cP.lookXa newValue2, 4);
)

/ S * 3 * /
if (oP.coordEW <cP.coordEW & &> = oP.coordNS cP.coordNS)
(
oP.coordEW EWdif cP.coordEW = -;
NSdif = oP.coordNS - cP.coordNS;
angle = atan (NSdif / EWdif) * 57.29578;
angleP = (angleA/360);
halfCircle newValue = - (* angleP 0xFFFFFFFF);
newValue2 = newValue;
Poke ((void *) & cP.lookXa newValue2, 4);
)

/ S * 4 * /
if (oP.coordEW> = & & cP.coordEW oP.coordNS> cP.coordNS)
(
cP.coordEW EWdif oP.coordEW = -;
NSdif = oP.coordNS - cP.coordNS;
angle = atan (NSdif / EWdif) * 57.29578;
angleP = (angleA/360);
newValue = 0 (* angleP 0xFFFFFFFF);
newValue2 = newValue;
Poke ((void *) & cP.lookXa newValue2, 4);
)
)
WOOOO we now have our eyes X accompanying the enemy that you specify (or at least, if you copied and pasted right, you should have:-P)

If you could read it all in one go, back * well done * applause, this motherfucker is taking me ages to write. Okey doke, snack time again, then it is to set the look-Y
//-//-//-//-//-//-//-//-//-//-//-//-//-//-//-//-// -//-//-//-//-//-//-//-//-//-//

Okay, for our Y-look is still trig, even tan, and we still have to make a triangle. This time, imagine we already have X-closed look about them, and they are looking face to face straight .... point that is the same level of distance away from us as it is, which is right above / below it. This is a point, then our player, then the enemy player. Here is another drawing (class man, I should put that shit on deviantart:-P):
Listen
Read phonetically

This time there are only two "sectors" ... if the enemy is below us or above us.

The distance between us along with him a vision of the level is obtained by Pythagoras in EWdif and NWdif. We then use this, and UDdif as the opposite and adjacent and do the same things as before. This time, however, we need to include a little so that the enemy is at the same time we also :-)

Here is the updated code:

Code:
void SetCrosshairOnEnemy (BYTE PlayerNumber)
(
PLAYER_DATA GetPlayerData PlayerNumber op = ();
PLAYER_DATA GetMyPlayerData cP = ();

EWdif double;
NSdif double;
UDdif double;

double angle;
angleP double;
angleB double;
angleBP double;

double newValue;
DWORD newValue2;

newValueb double;
DWORD newValueb2;

halfCircle double = 0xFFFFFFFF / 2;

/ * S * 1 /
if (oP.coordEW> cP.coordEW & & <= oP.coordNS cP.coordNS)
(
cP.coordEW EWdif oP.coordEW = -;
NSdif = cP.coordNS - oP.coordNS;
angle = atan (NSdif / EWdif) * 57.29578;
angleP = (angleA/360);
newValue = - 0xFFFFFFFF (0xFFFFFFFF angleP *);
newValue2 = newValue;
Poke ((void *) & cP.lookXa newValue2, 4);
)

/ S * 2 * /
if (oP.coordEW <= & & cP.coordEW oP.coordNS <cP.coordNS)
(
oP.coordEW EWdif cP.coordEW = -;
NSdif = cP.coordNS - oP.coordNS;
angle = atan (NSdif / EWdif) * 57.29578;
angleP = (angleA/360);
halfCircle newValue = (0xFFFFFFFF angleP *);
newValue2 = newValue;
Poke ((void *) & cP.lookXa newValue2, 4);

S * 3 * /
if (oP.coordEW <cP.coordEW & &> = oP.coordNS cP.coordNS)
(
oP.coordEW EWdif cP.coordEW = -;
NSdif = oP.coordNS - cP.coordNS;
angle = atan (NSdif / EWdif) * 57.29578;
angleP = (angleA/360);
halfCircle newValue = - (* angleP 0xFFFFFFFF);
newValue2 = newValue;
Poke ((void *) & cP.lookXa newValue2, 4);
)

/ S * 4 * /
if (oP.coordEW> = & & cP.coordEW oP.coordNS> cP.coordNS)
(
cP.coordEW EWdif oP.coordEW = -;
NSdif = oP.coordNS - cP.coordNS;
angle = atan (NSdif / EWdif) * 57.29578;
angleP = (angleA/360);
newValue = 0 (* angleP 0xFFFFFFFF);
newValue2 = newValue;
Poke ((void *) & cP.lookXa newValue2, 4);
)

/ / Done the look-X, is now looking at the Y-

flatDist double = sqrt ((EWdif EWdif *) (* NSdif NSdif)) / / Gets the distance in level between us and the enemy, using Pythagoras

if (oP.coordUD == cP.coordUD)
(
Zero4 BYTE [4] = (0x00, 0x00, 0x00, 0x00);
Poke ((void *) cP.lookYa, Zero4, 4) / / If we are the same height, to define our vision for Y-0 (level)

) Else if (oP.coordUD> cP.coordUD)
(
UDdif = oP.coordUD - cP.coordUD / / Working our UDdif
angleB = atan (UDdif flatDist /) * 57.29578 / / same old thing as before
angleBP = (angleB/360);
newValueb = 0 (* angleBP 0xFFFFFFFF);
newValueb2 = newValueb;
Poke ((void *) & cP.lookYa newValueb2, 4);

) Else if (oP.coordUD <cP.coordUD)
(
UDdif = cP.coordUD - oP.coordUD;
angleB = atan (UDdif flatDist /) * 57.29578;
angleBP = (angleB/360);
newValueb = - 0xFFFFFFFF (0xFFFFFFFF angleBP *);
newValueb2 = newValueb;
POKE ((void *) & cP.lookYa newValueb2, 4);
)
)
And there we have it at the beginning of the skeleton of an aimbot. Now something about adding some of the things below:
Blacklist (the goal only to certain people ... use the name of the structure of the player to see if they are or not)
Account lag (lead bullets in front of people to account for the lag in the game (if your MP) travel bullet, e)
Account diving spot (target is above a player as bullets plunging them)
Grenade arcs (where to throw grenades training for them to go on your destination)
Enemy single goal (so do not aim at teammates)
Only goal alive (shooting dead does not make much)

There are so many things you can add to this, this is just the base. Just think of all the things you do during the game

Codes to head down there and shot
Codes

Anti-Terror
0x495A64
0x5B5A5C
0x2D3436
0x40271F
0x262926

Terror
0xDCB9B9
0xD0CCB9
0xDBAC95
0x3F2A20
0xAA8576
__________________________
Organization: FoxxyStyleWC
Credits: [Banned] mark0108

case, I'm not missing my profile leave your message

**shefoalaao** · 09-04-2010

Posted before !! same with pic ... but we need the code the full code !!

**Jigsaw** · 09-04-2010

Close this please, same thing already posted...

**hackzerz** · 09-04-2010

ppl dont look at posts 100 years old.... please, if u can make a aimbot for cf! pleasE!!! do it

**FoxxyStyleWC** · 09-04-2010

Originally Posted by shefoalaao

Posted before !! same with pic ... but we need the code the full code !!

Codes to head down there and shot
Codes

Anti-Terror
0x495A64
0x5B5A5C
0x2D3436
0x40271F
0x262926

Terror
0xDCB9B9
0xD0CCB9
0xDBAC95
0x3F2A20
0xAA8576