[C++] How to make a simple external bunnyhop hack!

[Yemiez]

Hello everyone, gonna teach you guys how to make a simple bunnyhop today.
To get started you need to learn C++, if you do not know C++ i recommend you to read my Tutorial for getting started with gamehacking, which can be found Here!
Credits for helping me ALOT with game hacking: @jkfauvel

When you feel comfortable enough to create a hack you can continue with this tutorial!
First of all, you need 2 files, ProcMem.h and ProcMem.cpp.
Open a Project and Add a header file called ProcMem.h. Within this header file paste the content from this pastebin:
ProcMem.h
After that you will need to add a source file called ProcMem.cpp, paste the content from this pastebin into it:
ProcMem.cpp
After you are done copy pasting theese 2, create a new source folder and name it main.cpp, after you are done adding all of theese your project should look like this:

After you have gotten all of the things sorted, we can start working on the code!

Now we need to make our declarations!

Code:

#include "ProcMem.h" // including the header we just made!
#include <iostream> // Used for ALOT of features.
#include <Windows.h> // let us do stuff like keybd_event, sleep and alot of other stuff!
// Not gonna need to use namespace std here, we have nothing to use it on! :)
ProcMem Mem; // Shortcut for our Memory reading function!

Once thoose are done, we need to start defining some things we are gonna need, such as key codes and key scans!

Just under that type in:

Code:

#define key_space 0x20 // key_space is space button.
#define key9 0x39 // key 9 is the button 9 (Not to be confused with numpad 9)
#define key9_sc 0x0A // Scan code so we can use it in a keybd_event()
void bhopFunc(); // This is where we are going to put our bunnyhop function!

After you have gotten your declaration done, you need to get the latest offsets for csgo, you can get theese by using cheat engine or searching around! (Currently theese offsets are up to date as of 2015-02-24)

Code:

const DWORD localBase = 0xA6C90C // This is our localBase.
const DWORD flagOffset = 0x100 // This is our m_fFlags offset!

Now we have all our Offsets and declarations done, we can start working on our actual bunnyhop!
We are now gonna make our bhopFunc and start reading the games memory!

Code:

void bhopFunc() {
int FL_ONGROUND = 257; // When player is on ground this value is 257, 256 when in air.
Mem.Process("csgo.exe"); // Process we are reading from.
DWORD ClientDLL = Mem.Module("client.dll"); // This is the module we are reading from.
}

After you have choosen the Process and Module we're reading from, you wanna add this which is our localPlayer and m_fFlags:

Code:

DWORD localPlayer = Mem.Read<DWORD>(ClientDLL + localBase); // This is our local player. 
int m_fFlags = Mem.Read<DWORD>(localPlayer + flagOffset); // this is m_fFlags.

Now we have everything we need to create our bhop, we need to actually make it jump when holding space bar!

To do this we must add this line:

Code:

if (GetAsyncKeyState(key_space) & 0x8000 && m_fFlags == FL_ONGROUND) { /* If player is holding space, and m_fFlags is equal to 257 press space.*/
 keybd_event(KEY9, KEY9SC, 0, 0);

 keybd_event(KEY9, KEY9SC, KEYEVENTF_KEYUP, 0);
}

Everything we need is in the bunnyhop function, all we need to do is add a loop to our main function which calls our bhopFunc! Which can be done like this:

Code:

int main()
{
while(true) {
 bhopFunc();
}

}

Now, hopefully you have your very own working bunnyhop hack. This exact method is probably detected, but have fun creating hacks guys!
If you get banned using this method, dont blame me. I have warned you
Make sure to click that "Thanks" button if helped you!
Im gonna be heading to sleep now, if there are any issues you want help with, I'll reply tomorrow!
Edit: (Was tired when i made this, sorry for small misstakes!)
Since this only spams a bunch of 9's when holding down space you will have to open console and type the following:
1. unbind space
2. bind 9 "+jump"
3. ?
4. Profit

[jkfauvel]

Correct me if I'm wrong but from what I've seen, the cout ambiguous error is a bug that happens when you use cout too often. You are not using any iostream functions though... Consider placing credits....

[Yemiez]

Correct me if I'm wrong but from what I've seen, the cout ambiguous error is a bug that happens when you use cout too often. You are not using any iostream functions though... Consider placing credits....

I was very tired when i made this, and forgot alot of stuff, im try and edit in some stuff now before i head off to school, will do the rest later

[Requiii]

Why the fuck should you unbind space to jump and use 9 for it? You can just send space.

[Merccy2]

Change

Code:

m_fFlags == FL_ONGROUND

to

Code:

m_fFlags & 0x1 == 1

[jkfauvel]

Change

Code:

m_fFlags == FL_ONGROUND

to

Code:

m_fFlags & 0x1 == 1

Excuse my ignorance, but what does this changes in practical means?

[Merccy2]

Excuse my ignorance, but what does this changes in practical means?

m_fFlags is a bitmasked value.
The first bit (2 ^ 0 = 1) is the bit that is 1 when you are on the ground.
The second bit (2 ^ 1 = 2) is the bit that is 1 when you are crouching.

If you are checking m_fFlags to 257 it won't work when you are on fire (1 of the bits will change hence changing the complete value).

[Yemiez]

m_fFlags is a bitmasked value.
The first bit (2 ^ 0 = 1) is the bit that is 1 when you are on the ground.
The second bit (2 ^ 1 = 2) is the bit that is 1 when you are crouching.

If you are checking m_fFlags to 257 it won't work when you are on fire (1 of the bits will change hence changing the complete value).

I've been using a modified version of this method in my multi hack, it works, but maybe changing that will make it go faster? It does work perfectly still, so yea
Edit: Just read your post abit more, what you mean by being on fire you, do you mean stuff like a molotov?

Why the fuck should you unbind space to jump and use 9 for it? You can just send space.

Because it wont actually work with this method otherwise. if you have space bound it wont work, just sending space will do nothing, i've tried it
It does spam space, but it wont actually jump!

[Merccy2]

I've been using a modified version of this method in my multi hack, it works, but maybe changing that will make it go faster? It does work perfectly still, so yea
Edit: Just read your post abit more, what you mean by being on fire you, do you mean stuff like a molotov?


Because it wont actually work with this method otherwise. if you have space bound it wont work, just sending space will do nothing, i've tried it
It does spam space, but it wont actually jump!

Onfire, I actually have no idea :P.

Try to crouch and then bhop won't work because the second bit has changed as well.

You could just write 5 to client.dll + JUMP_OFFSET, sleep and write 4 to client.dll + JUMP_OFFSET.

[jkfauvel]

Because it wont actually work with this method otherwise. if you have space bound it wont work, just sending space will do nothing, i've tried it
It does spam space, but it wont actually jump!

That's not true. If you set the bhop to send space when player is on ground and when space key is held it will work. Yet, you need to know the scan code (0x39) and virtual key code for space (0x20) (here is a table [I usually use the hex code, even though the decimal works]) then:

Code:

keybd_event(key_code, scan_code, 0, 0);

keybd_event(key_code, scan_code, KEYEVENTF_KEYUP, 0);

Where key_code is the virtual key code you wanna use (in this case 0x20) and scan_code is the scan code for the key you wanna use (in this case 0x39). Normally we don't need the scan code when sending a key(windows that are not games often don't use DirectInput), but CS:GO uses DirectInput so we need the scan code(don't kill me if this isn't entirely wrong).
@Requiii This method works, but it's not good, it does not jump in the right time and it's slow.

The workaround I came up with was setting the jump key to a different one(you can do this in several different ways), like 9. Then send the jump key when player is on ground and when space is held, same way you did with the example I gave. This method works completely fine.

There's for sure other workarounds that are way better, but haven't got the time to think of it and it's only a bhop, this was the easiest method I found...

[PvPGod_]

so confused, how do you guys determine where all the spaces go, the ()'s etc etc. i will probs do this tut soon but it all looks so complicated

- - - Updated - - -

p.s can you post the full code below? or give a dl link so we can test it and everything

[Merccy2]

so confused, how do you guys determine where all the spaces go, the ()'s etc etc. i will probs do this tut soon but it all looks so complicated

- - - Updated - - -

p.s can you post the full code below? or give a dl link so we can test it and everything

https://www.learncpp.com/

[Orinion77]

Tip: put "-insecure" in the starting parameters of cs.
You will can not get banned that way

[Requiii]

I've been using a modified version of this method in my multi hack, it works, but maybe changing that will make it go faster? It does work perfectly still, so yea
Edit: Just read your post abit more, what you mean by being on fire you, do you mean stuff like a molotov?


Because it wont actually work with this method otherwise. if you have space bound it wont work, just sending space will do nothing, i've tried it
It does spam space, but it wont actually jump!

Why does it work with my public hack? (inb4 everybody c&p's this and complains about bans or not working)

Code:

#cs ----------------------------------------------------------------------------

 Version:		1.0.0.0
 Author:		Requi

 Script Function:
	Bunnyhop Script for CS:GO

#ce ----------------------------------------------------------------------------

#RequireAdmin
#include <SendMessage.au3>
#include <WinAPI.au3>
#include <NomadMemoryPF.au3>

$playerBase = 0x4A0E024
$flagOffset = 0x100
$pHandle = 0
$pID = 0
$clientDll = 0
$hwnd = 0
$hDLL = DllOpen("user32.dll")

$pID = ProcessExists("csgo.exe")
If $pID <> 0 Then
   $pHandle = _MemoryOpen($pID)
   $clientDll = _ProcessGetModuleBaseAddress($pID, "client.dll")
   $hwnd = WinGetHandle("Counter-Strike: Global Offensive")
   If @error Then
	  MsgBox(0, "", "An error occured getting handle of window")
   EndIf
   BunnyHop()
EndIf

Func _IsPressed($sHexKey, $vDLL = 'user32.dll')
	Local $a_R = DllCall($vDLL, "short", "GetAsyncKeyState", "int", '0x' & $sHexKey)
	If @error Then Return SetError @error, @extended, False)
	Return BitAND($a_R[0], 0x8000) <> 0
 EndFunc

Func BunnyHop()
   While True
	 If(_IsPressed("20", $hDLL)) Then
		$localPlayer = GetLocalPlayer()
		$fFlag = GetEntityFlag($localPlayer)
		If $fFlag = 257 And _WinAPI_GetForegroundWindow() = $hwnd Then
		   _SendMessageA($hwnd, 0x100, 0x20, 0x390000)
		   Sleep(30)
		   _SendMessageA($hwnd, 0x101, 0x20, 0x390000)
		   Sleep(30)
		EndIf
	 EndIf
   WEnd
EndFunc

Func GetLocalPlayer()
   Return _MemoryRead($clientDll + $playerBase, $pHandle)
EndFunc

Func GetEntityFlag($ent)
   Return _MemoryRead($ent + $flagOffset, $pHandle)
EndFunc

[Yemiez]

Why does it work with my public hack? (inb4 everybody c&p's this and complains about bans or not working)

Code:

#cs ----------------------------------------------------------------------------

 Version:		1.0.0.0
 Author:		Requi

 Script Function:
	Bunnyhop Script for CS:GO

#ce ----------------------------------------------------------------------------

#RequireAdmin
#include <SendMessage.au3>
#include <WinAPI.au3>
#include <NomadMemoryPF.au3>

$playerBase = 0x4A0E024
$flagOffset = 0x100
$pHandle = 0
$pID = 0
$clientDll = 0
$hwnd = 0
$hDLL = DllOpen("user32.dll")

$pID = ProcessExists("csgo.exe")
If $pID <> 0 Then
   $pHandle = _MemoryOpen($pID)
   $clientDll = _ProcessGetModuleBaseAddress($pID, "client.dll")
   $hwnd = WinGetHandle("Counter-Strike: Global Offensive")
   If @error Then
	  MsgBox(0, "", "An error occured getting handle of window")
   EndIf
   BunnyHop()
EndIf

Func _IsPressed($sHexKey, $vDLL = 'user32.dll')
	Local $a_R = DllCall($vDLL, "short", "GetAsyncKeyState", "int", '0x' & $sHexKey)
	If @error Then Return SetError @error, @extended, False)
	Return BitAND($a_R[0], 0x8000) <> 0
 EndFunc

Func BunnyHop()
   While True
	 If(_IsPressed("20", $hDLL)) Then
		$localPlayer = GetLocalPlayer()
		$fFlag = GetEntityFlag($localPlayer)
		If $fFlag = 257 And _WinAPI_GetForegroundWindow() = $hwnd Then
		   _SendMessageA($hwnd, 0x100, 0x20, 0x390000)
		   Sleep(30)
		   _SendMessageA($hwnd, 0x101, 0x20, 0x390000)
		   Sleep(30)
		EndIf
	 EndIf
   WEnd
EndFunc

Func GetLocalPlayer()
   Return _MemoryRead($clientDll + $playerBase, $pHandle)
EndFunc

Func GetEntityFlag($ent)
   Return _MemoryRead($ent + $flagOffset, $pHandle)
EndFunc

Did you read what jkfauvel said at all?