ESP source code

**hovnorit** · 11-22-2014

Hello, can somebody give me link to download good ESP source code?

**Color** · 11-22-2014

//Moved and you don't need a download it can be easily done like

Code:

this.

**AutoRune** · 12-15-2014

Code:

#include "Func.h"

__int32 main()
{
	//initalize
	Engine info;
	
	while(1)
	{
		//HOTKEYS
		if(GetAsyncKeyState(VK_F1)&1)
		{
			info.tOn = !info.tOn;
			_cwprintf(L"Triggerbot Toggled\n");
		}

		if(GetAsyncKeyState(VK_F2)&1)
		{
			info.aOn = !info.aOn;
			_cwprintf(L"Aimbot Toggled\n");
		}
		
		if(GetAsyncKeyState(VK_F3)&1)
		{
			info.eOn = !info.eOn;		
			_cwprintf(L"ESP Toggled\n");
		}

		if(GetAsyncKeyState(VK_F4)&1)
			return 0;


		//MISC
		info.i_Count = 1;
		info.Reading(info.eOn || info.aOn || info.tOn);

		//FUNCTIONS
		info.Trigger();//Triggerbot, Current xhair ID
		info.ESP();	//ESP
		info.Aimbot();

	}
	system("pause");
	return 0;
}

Code:

#include "Func.h"
#include "ProcMem.h"

ProcMem mem;
Store EntList[32];

Store::Store(){
	//Constructor
};

Engine::Engine()
{
	//MISC
	//ShowWindow(FindWindowA("ConsoleWindowClass", NULL), false);

	//Initialize Variables
	tOn = false;
	eOn = false;
	aOn = false;

	//Initialize Memory
	mem.GetProcess("csgo.exe");
	dwClient = mem.Module("client.dll");
	dwPBase = mem.Read<DWORD>(dwClient + 0x99E324);	
	dwEngine = mem.Module("engine.dll");
	dwAngPtr = mem.Read<DWORD>(dwEngine + 0x52F424);

	//Initialize GDI Drawing
	TargetWnd = FindWindow(0, "Counter-Strike: Global Offensive");
	HDC_Desktop = GetDC(TargetWnd);
	GetWindowRect(FindWindow(NULL, "Counter-Strike: Global Offensive"), &m_Rect);
	EnemyBrush = CreateSolidBrush(RGB(255, 0, 0));
	TextCOLOR = RGB(255, 0, 0);
}

void Engine::Reading(bool on)	
{	
	if(on)
	{
		if(eOn || aOn)
		{
			//Read Our Info			
			EntList[0].fPos[0] = mem.Read<float>(dwPBase + 0x134);					
			EntList[0].fPos[1] = mem.Read<float>(dwPBase + 0x138);				
			EntList[0].fPos[2] = mem.Read<float>(dwPBase + 0x13C);
			W2S_M = mem.Read<WorldToScreenMatrix_t>(dwClient + 0x9A2954);
		}

		//Read our TeamNum to filter out team mates
		i_team = mem.Read<int>(dwPBase + 0xF0);

		for(int i = 1; i < 64; i++)
		{
			//Loop From Base Entity Address by 0x10 On Each Iteration
			dwEntity = mem.Read<DWORD>((dwClient + 0x9B76B4) + (i * 0x10));
 
			//Prevent Crash From Reading Null Pointer - also stop counting when weve read the last entity   
			if(!dwEntity)     
				return;
 		
			//Read Current Entity's TeamNum For Compare
			e_team = mem.Read<int>(dwEntity + 0xF0);

			//If An Enemy Has Been Found, Store Their Entity Index ID Inside Array
			if(e_team != i_team && e_team > 1)
			{
				if(tOn)	
					i_Enemies[i_Count] = mem.Read<int>(dwEntity + 0x64);//Ent ID
		
				if(eOn || aOn)
				{	
					EntList[i_Count].fPos[0] = mem.Read<float>(dwEntity + 0x134);//X			
					EntList[i_Count].fPos[1] = mem.Read<float>(dwEntity + 0x138);//Y			
					EntList[i_Count].fPos[2] = mem.Read<float>(dwEntity + 0x13C);//Z 				
					EntList[i_Count].iHealth = mem.Read<int>(dwEntity + 0xFC);//HP	
					EntList[i_Count].fFlags = mem.Read<int>(dwEntity + 0x100);//HP	
				}		
				i_Count++;
			}	
		}
	}
}

float Engine::Get3D(float X, float Y, float Z, float eX, float eY, float eZ)	
{
	return(sqrtf( (eX - X) * (eX - X) + (eY - Y) * (eY - Y) + (eZ - Z) * (eZ - Z)));
}

float Engine::CloseEnt()
{
	//Variables
	float fLowest = 100000, TMP;
	int iIndex;

	for(int i = 1; i < i_Count; i++)
	{
		//Store Distances In Array
		TMP = Get3D(EntList[0].fPos[0], EntList[0].fPos[1], EntList[0].fPos[2], EntList[i].fPos[0], EntList[i].fPos[1], EntList[i].fPos[2]);

		//If Enemy Has Lower Distance The Player 1, Replace (var)Lowest With Current Enemy Distance
		if(TMP < fLowest && EntList[i].iHealth != 0)
		{
			fLowest = TMP;	
			iIndex = i;
		}
	}
	return iIndex;
}

void Engine::Trigger()
{
	if(tOn && mem.Locate(i_Enemies, i_Count, mem.Read<int>(dwPBase + 0x23B4)))   	
	{      	
		mouse_event( MOUSEEVENTF_LEFTDOWN, 0, 0, 0, 0 );       	
		Sleep(1); //Response Time     				
		mouse_event( MOUSEEVENTF_LEFTUP, 0, 0, 0, 0 );
	}
    return;
}

//Thanks to Fleep for providing these functions in his tutorials, Ive updated as much as I can
bool Engine::WorldToScreen(float * from, float * to)
{
	to[0] = W2S_M.flMatrix[0][0] * from[0] + W2S_M.flMatrix[0][1] * from[1] + W2S_M.flMatrix[0][2] * from[2] + W2S_M.flMatrix[0][3];
	to[1] = W2S_M.flMatrix[1][0] * from[0] + W2S_M.flMatrix[1][1] * from[1] + W2S_M.flMatrix[1][2] * from[2] + W2S_M.flMatrix[1][3];

	float w = W2S_M.flMatrix[3][0] * from[0] + W2S_M.flMatrix[3][1] * from[1] + W2S_M.flMatrix[3][2] * from[2] + W2S_M.flMatrix[3][3];

	if(w < 0.01f)
		return false;

	float invw = 1.0f / w;
	to[0] *= invw;
	to[1] *= invw;

	int width = (int)(m_Rect.right - m_Rect.left);
	int height = (int)(m_Rect.bottom - m_Rect.top);

	float x = width/2;
	float y = height/2;

	x += 0.5 * to[0] * width + 0.5;
	y -= 0.5 * to[1] * height + 0.5;

	to[0] = x + m_Rect.left;
	to[1] = y + m_Rect.top;

	return true;
}

void Engine::DrawFilledRect(int x, int y, int w, int h)
{
	RECT rect = { x, y, x + w, y + h }; 
	FillRect(HDC_Desktop, &rect, EnemyBrush);
}

void Engine::DrawBorderBox(int x, int y, int w, int h, int thickness)
{
	//Top horiz line
	DrawFilledRect(x, y, w, thickness);
	//Left vertical line
	DrawFilledRect( x, y, thickness, h);
	//right vertical line
	DrawFilledRect((x + w), y, thickness, h);
	//bottom horiz line
	DrawFilledRect(x, y + h, w+thickness, thickness);
}

void Engine::DrawString(int x, int y, COLORREF color, const char* text)
{	
	SetTextAlign(HDC_Desktop,TA_CENTER|TA_NOUPDATECP);

	SetBkColor(HDC_Desktop,RGB(0,0,0));
	SetBkMode(HDC_Desktop,TRANSPARENT);

	SetTextColor(HDC_Desktop,color);

	SelectObject(HDC_Desktop,Font);

	TextOutA(HDC_Desktop,x,y,text,strlen(text));

	DeleteObject(Font);
}

void Engine::DrawESP(int x, int y, float distance, int Health, int fFlags)
{
	//ESP RECTANGLE
	int width = 18100/distance;
	int height = 36000/distance;

	if(fFlags == 775)
	{
		width = 10950/distance;
	    height = 14000/distance;
	}

	DrawBorderBox(x-(width/2), y-(height+30), width, height, 2);

	std::stringstream ss, hp;
	ss << (int)distance/3;
	hp << Health;

	char * distanceInfo = new char[ss.str().size()+1];
	strcpy(distanceInfo, ss.str().c_str());

	char * HealthInfo = new char[hp.str().size()+1];
	strcpy(HealthInfo, hp.str().c_str());

	DrawString(x - 10, y-(height+50), TextCOLOR, "HP:");
	DrawString(x + 15, y-(height+50), TextCOLOR, HealthInfo);
	
	DrawString(x - 10, y-30, TextCOLOR, "Dist:");
	DrawString(x + 20, y-30, TextCOLOR, distanceInfo);

	delete [] HealthInfo, distanceInfo;

}

void Engine::ESP()
{
	if(eOn)
		for(int i = 1; i < i_Count; i ++)
		{
			float EnemyXY[3];
			
			if(EntList[i].iHealth != 0 && WorldToScreen(EntList[i].fPos, EnemyXY))
				DrawESP(EnemyXY[0] - m_Rect.left, EnemyXY[1] - m_Rect.top, Get3D(EntList[0].fPos[0], EntList[0].fPos[1], EntList[0].fPos[2], EntList[i].fPos[0], EntList[i].fPos[1], EntList[i].fPos[2]), EntList[i].iHealth, EntList[i].fFlags);	
		}
}

void Engine::CalcAngle( float *src, float *dst, float *angles , int fFlags)
{
	double delta[3] = { (src[0]-dst[0]), (src[1]-dst[1]), (src[2]-dst[2]) };
	double hyp = sqrt(delta[0]*delta[0] + delta[1]*delta[1]);
	angles[0] = (float) (asinf(delta[2]/hyp) * 57.295779513082f);
	angles[1] = (float) (atanf(delta[1]/delta[0]) * 57.295779513082f);
	angles[2] = 0.0f;

	if(delta[0] >= 0.0) 
	{ 
		angles[1] += 180.0f; 
	}

	if(fFlags == 775)
		angles[0] = angles[0] + 5; 
}

void Engine::Aimbot(){

	if(GetAsyncKeyState(0x02))
	{
		//Get Closest Entity Array Index Number
		int Index = CloseEnt();

		//Calculate Angle To Closest Entity
		CalcAngle(EntList[0].fPos, EntList[Index].fPos, EntList[Index].Angle, EntList[Index].fFlags);

		//Write To AngRotation The Current Angle Of The Entity
		mem.Write<float>(dwAngPtr + 0x4C88, EntList[Index].Angle[0]);
		mem.Write<float>(dwAngPtr + 0x4C8C, EntList[Index].Angle[1]);
		//I did call the games function SetAng Here but it has bugs, Will be fixed on next release
		//Ill also add Bone-Aimbot ( i just cba to add it all in with the bulk pointers :P
	}
	
}

//De-Constructors
Store::~Store(){
	//De-Constructor
};
Engine::~Engine()
{}

Code:

#ifndef FUNC_H
#define FUNC_H

#include "Includes.h"

struct Store{
	Store();
	~Store();
public:
	bool tOn, eOn, aOn;
	int i_team, e_team, iHealth,  i_Count, fFlags;
	float fPos[3], Angle[3];
};

class Engine: public Store{
public:

#pragma region FUNCTION PROTOTYPES

	//Misc & Reading Functions
	Engine();
	float Get3D(float X, float Y, float Z, float eX, float eY, float eZ);
	void Reading(bool on);
	~Engine();

	//Triggerbot
	void Trigger();

	//ESP Prototypes
	bool WorldToScreen(float * from, float * to);
	void DrawFilledRect(int x, int y, int w, int h);
	void DrawBorderBox(int x, int y, int w, int h, int thickness);
	void DrawString(int x, int y, COLORREF color, const char* text);
	void DrawESP(int x, int y, float distance, int Health, int fFlags);
	void ESP();

	//Aim-Bot Prototypes
	void CalcAngle( float *src, float *dst, float *angles, int fFlags);
	float CloseEnt();
	void Aimbot();

#pragma endregion

#pragma region Variables

	//Misc Variables
	DWORD dwClient, dwEngine, dwPBase, dwEntity, dwBase, dwAngPtr;
	int i_Enemies[32];
	
	//ESP Variables
	RECT m_Rect; 
	HDC HDC_Desktop;//Our desktop handle
	HBRUSH EnemyBrush;//Brush to paint ESP etc
	HFONT Font; //font we use to write text with
	HWND TargetWnd, Handle;
	COLORREF TextCOLOR;
	
	//World To Screen Info
	typedef struct{
		float flMatrix [4][4];
	}WorldToScreenMatrix_t;

	WorldToScreenMatrix_t W2S_M;

#pragma endregion
};

#endif

Code:

#ifndef INCLUDES_H //Define Guard
#define INCLUDES_H
#define WIN32_LEAN_AND_MEAN //Excludes Headers We Wont Use (Increase Compile Time)

#include <windows.h> //Standard Windows Functions/Data Types
#include <algorithm>
#include <iostream> //Constains Input/Output Functions (cin/cout etc..)
#include <TlHelp32.h> //Contains Read/Write Functions
#include <string> //Support For Strings
#include <sstream> //Supports Data Conversion

#endif

Code:

#include "ProcMem.h"

using namespace std;

ProcMem::ProcMem(){
	//Constructor For Class, Do Not Remove!
}

__int32 ProcMem::GetLength(char *chArray){

	//Loop Through *chArray To Get Amount Of Bytes
	for(__int32 iLength = 1; iLength < MAX_PATH; iLength++)
		if (chArray[iLength] == '*')	
			return iLength;	

	cout << "\nLENGTH: Failed To Read Length Of Array\n";
	return 0;
} 

bool ProcMem::Locate(int *iAry, int iSize, int iVal){

	for(__int32 i = 0; i != iSize; i++)
		if(iVal == iAry[i])
			return true;

	return false;
}

void ProcMem::Patch(DWORD dwAddress, char *Patch_Bts, char *Default_Bts){
 
	//Variables
	__int32 iSize = GetLength(Default_Bts);		

	//Loop Through Addresses Writing Bytes
	if (!bPOn)
		for(__int32 i = 0; i < iSize; i++)	
			Write<BYTE>(dwAddress + i, Patch_Bts[i]);		
	else
		for(__int32 i = 0; i < iSize; i++)	 	
			Write<BYTE>(dwAddress + i, Default_Bts[i]);        		        	

	bPOn = !bPOn; 
}

void ProcMem::GetProcess(char* ProcessName){

	//Variables
	HANDLE hPID = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL); //Snapshot To View All Active Processes
	PROCESSENTRY32 pEntry;
	pEntry.dwSize = sizeof(pEntry); //Declare Structure Size And Populate It

	//Loop Through All Running Processes To Find Process
	do
	    if(!strcmp(pEntry.szExeFile, ProcessName))
		{
			//Store Process ID
			dwPID = pEntry.th32ProcessID;
			CloseHandle(hPID);

			//Give Our Handle All Access Rights 
	        hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPID); 
			return;
		}
	while(Process32Next(hPID, &pEntry));

	cout << "\nPROCESS: Process Not Found\n";
	system("pause");
    exit(0);
}

void ProcMem::Inject(DWORD dwAddress, char *Inj_Bts, char *Def_Bts, BOOL Type){
	
	//Variables
	__int32 i_ISize = GetLength(Inj_Bts);
	__int32 i_DSize = GetLength(Def_Bts); 

	if(!bIOn)
	{		
		//NOP All Bytes In The Array Past The 5th Byte	
		if(i_DSize >= 5)
			for (__int32 i = 6; i < i_DSize; i++)
				Write<BYTE>(dwAddress + i, 0x90);	
		else {cout << "\nINJECTION: Default Bytes Must Be More Than 5\n"; return;}

		//Create Codecave
		dwCaveAddress = (DWORD)VirtualAllocEx(hProcess, NULL,  i_ISize + 5, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);

		//Calculate Jmp/Return Distances In Bytes To Write
		DWORD dwRetJmp = (dwAddress + i_DSize) - dwCaveAddress - 5; //(NextInstruction - CaveAddress - 5) - is correct equation.
		DWORD dwBaseJmp = dwCaveAddress - dwAddress - 5; //Base Jmp

		//Loop Through Each Address Writing Inj_Bts Inside The Codecave
		for (__int32 i = 0; i <= i_ISize; i++)			
			Write<BYTE>(dwCaveAddress+i, Inj_Bts[i]);
		
		//Write The Return Distance In Bytes (E9 = Jmp | E8 = Call) To The Original Address
		Write<BYTE>(dwCaveAddress + i_ISize, Type ? 0xE9 : 0xE8);
		Write<DWORD>(dwCaveAddress + i_ISize + 1, dwRetJmp);
		
		//Write The Jump From The Original Address To The Codecave
		Write<BYTE>(dwAddress, Type ? 0xE9 : 0xE8);
		Write<DWORD>(dwAddress + 1, dwBaseJmp);
	}	

	if(bIOn)
	{			
		//Restore Original Bytes
		for(__int32 i = 0; i < i_DSize; i++)					
			Write<BYTE>(dwAddress + i, Def_Bts[i]);	

		//Clean Up! (DeAllocate CodeCave)
		VirtualFreeEx(hProcess, (LPVOID)dwCaveAddress, i_ISize + 5, MEM_DECOMMIT);
	}
    bIOn = !bIOn; 
} 

DWORD ProcMem::AOB_Scan(DWORD dwAddress, DWORD dwEnd, char *Bytes){

	//VARIABLES
	__int32 iBytesToRead(0);
	__int32 length = GetLength(Bytes);

	//Increase Start Address Till It Reaches The End Address
	for(;dwAddress < dwEnd; dwAddress++) 	
		if(Read<BYTE>(dwAddress) == Bytes[iBytesToRead] || Bytes[iBytesToRead] == '?') 	
			iBytesToRead++;
		else if(iBytesToRead >= length)
			return dwAddress - iBytesToRead;					
		else iBytesToRead = 0;		

	cout << "\nAOB_SCAN: Failed To Find Byte Pattern\n";
	return 0;
}

DWORD ProcMem::Module(LPSTR ModuleName){
       
	//Variables
	HANDLE hModule = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwPID); //Take A Module Snapshot Of The Process (Grab All Loaded Modules)
	MODULEENTRY32 mEntry; //Declare Module Entry Structure
	mEntry.dwSize = sizeof(mEntry); //Declare Structure Size And Populate It With Loaded Modules
	
	//Scan For Module By Name
	do 
		if(!strcmp(mEntry.szModule, ModuleName))
		{
			CloseHandle(hModule);			
			return (DWORD)mEntry.modBaseAddr;	
		}
	while(Module32Next(hModule, &mEntry));
	
	cout << "\nMODULE: Process Platform Invalid\n";
	return 0;
}

ProcMem::~ProcMem(){

	//Clean Up! (Close Handle - Not Needed Anymore)
	CloseHandle(hProcess);
}

Code:

#ifndef PROCMEM_H //If Not Defined
#define PROCMEM_H //Define Now

#include "Includes.h"

class ProcMem{

public:

	//STORAGE
	HANDLE hProcess;
	DWORD dwPID;

	//FUNCTION PROTOTYPES
	ProcMem();
	~ProcMem();
    __int32 GetLength(char *chArray);
	bool Locate(int iAry[], int iSize, int iVal);
	void Patch(DWORD dwAddress, char *Patch_Bts, char *Default_Bts);
	void GetProcess(char* ProcessName);
	void Inject(DWORD dwAddress, char *Inj_Bts, char *Def_Bts, BOOL Type);
	DWORD AOB_Scan(DWORD dwAddress, DWORD dwEnd, char *Bytes);
	DWORD Module(LPSTR ModuleName);

#pragma region TEMPLATE MEMORY FUNCTIONS

	//REMOVE READ/WRITE PROTECTION
	template <class cData>
	void Protection(DWORD dwAddress)
	{	   
		if(!bProt)
			VirtualProtectEx(hProcess, (LPVOID)dwAddress, sizeof(cData), PAGE_EXECUTE_READWRITE, &dwProtection); //Remove Read/Write Protection By Giving It New Permissions
		else
			VirtualProtectEx(hProcess, (LPVOID)dwAddress, sizeof(cData), dwProtection, &dwProtection); //Restore The Old Permissions After You Have Red The dwAddress
		
		bProt = !bProt;
	}

	//READ MEMORY 
	template <class cData>
	cData Read(DWORD dwAddress)
	{
		cData cRead; //Generic Variable To Store Data
		ReadProcessMemory(hProcess, (LPVOID)dwAddress, &cRead, sizeof(cData), NULL); //Win API - Reads Data At Specified Location 
		return cRead; //Returns Value At Specified dwAddress
	}
    	
	//READ MEMORY - Pointer
	template <class cData>
	cData Read(DWORD dwAddress, char *Offset, BOOL Type)
	{
		//Variables
		__int32 iSize = GetLength(Offset) -1; //Size Of *Array Of Offsets 
		dwAddress = Read<DWORD>(dwAddress); //HEX VAL
	
		//Loop Through Each Offset & Store Hex Value (Address) In dwTMP
		for (__int32 i = 0; i < iSize; i++)	
			dwAddress = Read<DWORD>(dwAddress + Offset[i]);

		if (!Type)
			return dwAddress + Offset[iSize]; //FALSE - Return Address
		else
			return Read<cData>(dwAddress + Offset[iSize]); //TRUE - Return Value
	}

	//WRITE MEMORY
	template <class cData>
	void Write(DWORD dwAddress, cData Value)
	{ WriteProcessMemory(hProcess, (LPVOID)dwAddress, &Value, sizeof(cData), NULL); }

	//WRITE MEMORY - Pointer
	template <class cData>
	void Write(DWORD dwAddress, char *Offset, cData Value)
	{ Write<cData>(Read<cData>(dwAddress, Offset, false), Value); }
	
#pragma endregion	

private:

	//STORAGE
    DWORD dwProtection, dwCaveAddress;

	//MISC
	BOOL bPOn, bIOn, bProt;
};
#endif

opensource, contains esp, trigger, aim. needs updated offsets.