Getting VTable Offsets :S

[stumail]

Hello,

So I have been starting on my way to create an internal hack now that I have made a non c+p external hack and have ran into some barriers. I have been struggling on finding the vtable offsets for the functions I need. I am just wondering if anyone can point me in the right direction on how I obtain the vtable offsets.

Thanks!

[stumail]

Well this is as far as I have gotten:

pastebin com/6C5q0CnP

I know that:

GetPlayerInfo 8
GetLocalPlayer 12
ClientCmd 108

I really am just struggling to figure out the rest. Do they match the source sdk in order or? I am honestly willing to pay anyone who can help me understand this as I have been doing tons of research on this and maybe I am just stupid and its obvious.

[pean153]

Hello,

So I have been starting on my way to create an internal hack now that I have made a non c+p external hack and have ran into some barriers. I have been struggling on finding the vtable offsets for the functions I need. I am just wondering if anyone can point me in the right direction on how I obtain the vtable offsets.

Thanks!

what offsets do you need for what functions?

[stumail]

Generally I am looking for complete dumps for CBaseEntity (SetupBones,GetEyePosition,etc..), CEngineClient and CClientEntityList.

[pean153]

you should check the offset thread probably, Y3t1y3t's dumper has pretty much everything you need

- - - - - - Tool by Y3t1y3t - - - - - -


DT_WeaponCSBase -> m_fAccuracyPenalty: ________ 0x00001670
DT_BaseAnimating -> m_nForceBone: _____________ 0x00000A5C
DT_BaseCombatWeapon -> m_iState: ______________ 0x000015B4
DT_BaseCombatWeapon -> m_iClip1: ______________ 0x000015C0
DT_BaseCombatWeapon -> m_flNextPrimaryAttack: _ 0x00001598
DT_BaseCombatWeapon -> m_bCanReload: __________ 0x00001601
DT_BaseCombatWeapon -> m_iPrimaryAmmoType: ____ 0x000015B8
DT_BaseCombatWeapon -> m_iWeaponID: ___________ 0x00001694
DT_WeaponCSBaseGun -> m_zoomLevel: ____________ 0x000016E8
DT_BaseEntity -> m_bSpotted: __________________ 0x00000935
DT_BaseEntity -> m_bSpottedByMask: ____________ 0x00000978
DT_BaseEntity -> m_hOwnerEntity: ______________ 0x00000148
DT_BaseEntity -> m_vecOrigin: _________________ 0x00000134
DT_BaseEntity -> m_iTeamNum: __________________ 0x000000F0
DT_CSPlayer -> m_flFlashMaxAlpha: _____________ 0x00008694
DT_CSPlayer -> m_flFlashDuration: _____________ 0x00008698
DT_CSPlayer -> m_iGlowIndex: __________________ 0x000086B0
DT_CSPlayer -> m_angEyeAngles: ________________ 0x00008C98
DT_CSPlayer -> m_iAccount: ____________________ 0x00008C88
DT_CSPlayer -> m_ArmorValue: __________________ 0x00008C94
DT_CSPlayer -> m_bGunGameImmunity: ____________ 0x00001C40
DT_CSPlayer -> m_iShotsFired: _________________ 0x00008650
DT_CSPlayerResource -> CSPlayerResource: ______ 0x02EAB0DC
DT_CSPlayerResource -> m_iCompetitiveRanking: _ 0x00001A3C
DT_CSPlayerResource -> m_iCompetitiveWins: ____ 0x00001B40
DT_CSPlayerResource -> m_iKills: ______________ 0x00000BE0
DT_CSPlayerResource -> m_iAssists: ____________ 0x00000CE4
DT_CSPlayerResource -> m_iDeaths: _____________ 0x00000DE8
DT_CSPlayerResource -> m_iPing: _______________ 0x00000ADC
DT_CSPlayerResource -> m_iScore: ______________ 0x00001938
DT_CSPlayerResource -> m_szClan: ______________ 0x00004118
DT_BasePlayer -> m_lifeState: _________________ 0x0000025B
DT_BasePlayer -> m_fFlags: ____________________ 0x00000100
DT_BasePlayer -> m_iHealth: ___________________ 0x000000FC
DT_BasePlayer -> m_hLastWeapon: _______________ 0x000016B8
DT_BasePlayer -> m_hMyWeapons: ________________ 0x000011C0
DT_BasePlayer -> m_hActiveWeapon: _____________ 0x000012C0
DT_BasePlayer -> m_Local: _____________________ 0x00001378
DT_BasePlayer -> m_vecViewOffset[0]: __________ 0x00000104
DT_BasePlayer -> m_nTickBase: _________________ 0x000017DC
DT_BasePlayer -> m_vecVelocity[0]: ____________ 0x00000110
DT_BasePlayer -> m_szLastPlaceName: ___________ 0x00001960
DT_Local -> m_vecPunch: _______________________ 0x000013E8
DT_Local -> m_iCrossHairID: ___________________ 0x00008CF4
BaseEntity -> m_dwModel: ______________________ 0x0000006C
BaseEntity -> m_dwIndex: ______________________ 0x00000064
BaseEntity -> m_dwBoneMatrix: _________________ 0x00000A78
BaseEntity -> m_bMoveType: ____________________ 0x00000258
BaseEntity -> m_bDormant: _____________________ 0x000000E9
ClientState -> m_dwClientState: _______________ 0x005D3224
ClientState -> m_dwLocalPlayerIndex: __________ 0x00000160
ClientState -> m_dwInGame: ____________________ 0x000000E8
ClientState -> m_dwMaxPlayer: _________________ 0x000002F0
ClientState -> m_dwMapDirectory: ______________ 0x00000168
ClientState -> m_dwMapname: ___________________ 0x0000026C
ClientState -> m_dwPlayerInfo: ________________ 0x00005210
ClientState -> m_dwViewAngles: ________________ 0x00004CE0
EngineRender -> m_dwViewMatrix: _______________ 0x04A30F84
EngineRender -> m_dwEnginePosition: ___________ 0x0067EB24
RadarBase -> m_dwRadarBase: ___________________ 0x04A7067C
RadarBase -> m_dwRadarBasePointer: ____________ 0x00000050
LocalPlayer -> m_dwLocalPlayer: _______________ 0x00A9947C
EntityList -> m_dwEntityList: _________________ 0x04A3BA44
WeaponTable -> m_dwWeaponTable: _______________ 0x04A82ABC
WeaponTable -> m_dwWeaponTableIndex: __________ 0x0000162C
Extra -> m_dwInput: ___________________________ 0x04A86390
Extra -> m_dwGlobalVars: ______________________ 0x004F2764
Extra -> m_dwGlowObject: ______________________ 0x04B527B4
Extra -> m_dwForceJump: _______________________ 0x04AD0248
Extra -> m_dwForceAttack: _____________________ 0x02EAD958
Extra -> m_dwSensitivity: _____________________ 0x00A9EC64

[Orinion77]

This is pretty up to date:
https://******.com/MarkHC/CSGO-SDK-E...65f66/CSGO-SDK
by dude719

[stumail]

I don't know what I am doing wrong but calling some vtable funcs crash my game.

Example:

Code:

bool GetBonePosition(CBaseEntity* pPlayer, Vector& Hitbox, int Bone)
{
	matrix3x4_t MatrixArray[128];

	float Time = Interfaces.Engine->GetLastTimeStamp();
	if (Time < 0.001f)
		return false;

	if (!pPlayer->SetupBones(&MatrixArray[0], 128, 0x00000100, Time))
		return false;

	matrix3x4_t HitboxMatrix = MatrixArray[Bone];
	Hitbox = Vector(HitboxMatrix[0][3], HitboxMatrix[1][3], HitboxMatrix[2][3]);

	return true;
}

// CALLED WITH 

Vector vHead(0,0,0);
if (!GetBonePosition(Enemy,vHead,6))
      continue;

Setup Bone Code:

Code:

bool SetupBones(matrix3x4_t *pBoneToWorldOut, int nMaxBones, int boneMask, float currentTime)
{
	void *pRenderable = (void*)(this + 0x4);
	typedef bool(__thiscall* OriginalFn)(PVOID, matrix3x4_t*, int, int, float);
	return ((OriginalFn)VMT.GetFunction(pRenderable, 16))(pRenderable, pBoneToWorldOut, nMaxBones, boneMask, currentTime);
}

The offset I use for GetLastTimeStamp is:

GetLastTimeStamp = 14;


Anything wrong here?

[Ariaa]

you should check the offset thread probably, Y3t1y3t's dumper has pretty much everything you need

- - - - - - Tool by Y3t1y3t - - - - - -


DT_WeaponCSBase -> m_fAccuracyPenalty: ________ 0x00001670
DT_BaseAnimating -> m_nForceBone: _____________ 0x00000A5C
DT_BaseCombatWeapon -> m_iState: ______________ 0x000015B4
DT_BaseCombatWeapon -> m_iClip1: ______________ 0x000015C0
DT_BaseCombatWeapon -> m_flNextPrimaryAttack: _ 0x00001598
DT_BaseCombatWeapon -> m_bCanReload: __________ 0x00001601
DT_BaseCombatWeapon -> m_iPrimaryAmmoType: ____ 0x000015B8
DT_BaseCombatWeapon -> m_iWeaponID: ___________ 0x00001694
DT_WeaponCSBaseGun -> m_zoomLevel: ____________ 0x000016E8
DT_BaseEntity -> m_bSpotted: __________________ 0x00000935
DT_BaseEntity -> m_bSpottedByMask: ____________ 0x00000978
DT_BaseEntity -> m_hOwnerEntity: ______________ 0x00000148
DT_BaseEntity -> m_vecOrigin: _________________ 0x00000134
DT_BaseEntity -> m_iTeamNum: __________________ 0x000000F0
DT_CSPlayer -> m_flFlashMaxAlpha: _____________ 0x00008694
DT_CSPlayer -> m_flFlashDuration: _____________ 0x00008698
DT_CSPlayer -> m_iGlowIndex: __________________ 0x000086B0
DT_CSPlayer -> m_angEyeAngles: ________________ 0x00008C98
DT_CSPlayer -> m_iAccount: ____________________ 0x00008C88
DT_CSPlayer -> m_ArmorValue: __________________ 0x00008C94
DT_CSPlayer -> m_bGunGameImmunity: ____________ 0x00001C40
DT_CSPlayer -> m_iShotsFired: _________________ 0x00008650
DT_CSPlayerResource -> CSPlayerResource: ______ 0x02EAB0DC
DT_CSPlayerResource -> m_iCompetitiveRanking: _ 0x00001A3C
DT_CSPlayerResource -> m_iCompetitiveWins: ____ 0x00001B40
DT_CSPlayerResource -> m_iKills: ______________ 0x00000BE0
DT_CSPlayerResource -> m_iAssists: ____________ 0x00000CE4
DT_CSPlayerResource -> m_iDeaths: _____________ 0x00000DE8
DT_CSPlayerResource -> m_iPing: _______________ 0x00000ADC
DT_CSPlayerResource -> m_iScore: ______________ 0x00001938
DT_CSPlayerResource -> m_szClan: ______________ 0x00004118
DT_BasePlayer -> m_lifeState: _________________ 0x0000025B
DT_BasePlayer -> m_fFlags: ____________________ 0x00000100
DT_BasePlayer -> m_iHealth: ___________________ 0x000000FC
DT_BasePlayer -> m_hLastWeapon: _______________ 0x000016B8
DT_BasePlayer -> m_hMyWeapons: ________________ 0x000011C0
DT_BasePlayer -> m_hActiveWeapon: _____________ 0x000012C0
DT_BasePlayer -> m_Local: _____________________ 0x00001378
DT_BasePlayer -> m_vecViewOffset[0]: __________ 0x00000104
DT_BasePlayer -> m_nTickBase: _________________ 0x000017DC
DT_BasePlayer -> m_vecVelocity[0]: ____________ 0x00000110
DT_BasePlayer -> m_szLastPlaceName: ___________ 0x00001960
DT_Local -> m_vecPunch: _______________________ 0x000013E8
DT_Local -> m_iCrossHairID: ___________________ 0x00008CF4
BaseEntity -> m_dwModel: ______________________ 0x0000006C
BaseEntity -> m_dwIndex: ______________________ 0x00000064
BaseEntity -> m_dwBoneMatrix: _________________ 0x00000A78
BaseEntity -> m_bMoveType: ____________________ 0x00000258
BaseEntity -> m_bDormant: _____________________ 0x000000E9
ClientState -> m_dwClientState: _______________ 0x005D3224
ClientState -> m_dwLocalPlayerIndex: __________ 0x00000160
ClientState -> m_dwInGame: ____________________ 0x000000E8
ClientState -> m_dwMaxPlayer: _________________ 0x000002F0
ClientState -> m_dwMapDirectory: ______________ 0x00000168
ClientState -> m_dwMapname: ___________________ 0x0000026C
ClientState -> m_dwPlayerInfo: ________________ 0x00005210
ClientState -> m_dwViewAngles: ________________ 0x00004CE0
EngineRender -> m_dwViewMatrix: _______________ 0x04A30F84
EngineRender -> m_dwEnginePosition: ___________ 0x0067EB24
RadarBase -> m_dwRadarBase: ___________________ 0x04A7067C
RadarBase -> m_dwRadarBasePointer: ____________ 0x00000050
LocalPlayer -> m_dwLocalPlayer: _______________ 0x00A9947C
EntityList -> m_dwEntityList: _________________ 0x04A3BA44
WeaponTable -> m_dwWeaponTable: _______________ 0x04A82ABC
WeaponTable -> m_dwWeaponTableIndex: __________ 0x0000162C
Extra -> m_dwInput: ___________________________ 0x04A86390
Extra -> m_dwGlobalVars: ______________________ 0x004F2764
Extra -> m_dwGlowObject: ______________________ 0x04B527B4
Extra -> m_dwForceJump: _______________________ 0x04AD0248
Extra -> m_dwForceAttack: _____________________ 0x02EAD958
Extra -> m_dwSensitivity: _____________________ 0x00A9EC64

those are NetVar offsets, not VTable indexes

[viking911]

New VTable Indexes

Code:

void DrawSetColor(Color col)
	{
		typedef void(__thiscall* oDrawSetColor)(PVOID, Color);
		return call_vfunc< oDrawSetColor >(this, 14)(this, col);
	}
	void DrawFilledRect(int x0, int y0, int x1, int y1)
	{
		typedef void(__thiscall* oDrawSetColor)(PVOID, int, int, int, int);
		return call_vfunc< oDrawSetColor >(this, 16)(this, x0, y0, x1, y1);
	}
	void DrawOutlinedRect(int x0, int y0, int x1, int y1)
	{
		typedef void(__thiscall* oDrawOutlinedRect)(PVOID, int, int, int, int);
		return call_vfunc< oDrawOutlinedRect >(this, 18)(this, x0, y0, x1, y1);
	}
	void DrawLine(int x0, int y0, int x1, int y1)
	{
		typedef void(__thiscall* oDrawLine)(PVOID, int, int, int, int);
		return call_vfunc< oDrawLine >(this, 19)(this, x0, y0, x1, y1);
	}
	void DrawSetTextFont(unsigned long hFont)
	{
		typedef void(__thiscall* oDrawSetTextFont)(PVOID, unsigned long);
		return call_vfunc< oDrawSetTextFont >(this, 23)(this, hFont);
	}
	void DrawSetTextColor(Color col)
	{
		typedef void(__thiscall* oDrawSetTextColor)(PVOID, Color);
		return call_vfunc< oDrawSetTextColor >(this, 24)(this, col);
	}
	void DrawSetTextPos(int x, int y)
	{
		typedef void(__thiscall* oDrawSetTextPos)(PVOID, int, int);
		return call_vfunc< oDrawSetTextPos >(this, 26)(this, x, y);
	}
	void DrawPrintText(wchar_t *text, int textLen, FontDrawType_t drawType = FONT_DRAW_DEFAULT)
	{
		typedef void(__thiscall* oDrawPrintText)(PVOID, wchar_t*, int, FontDrawType_t);
		return call_vfunc< oDrawPrintText >(this, 28)(this, text, textLen, drawType);
	}

For Combat Weapon

Code:

    class C_BaseCombatWeapon
    {
    public:
    	PCHAR GetName()
    	{
    		typedef PCHAR (__thiscall* _GetName)(PVOID);
    		return Vcall<_GetName>(this, 370)(this);
    	}
     
    	PCHAR GetPrintName()
    	{
    		typedef PCHAR (__thiscall* _GetPrintName)(PVOID);
    		return Vcall<_GetPrintName>(this, 371)(this);
    	}
    };

[pean153]

rofl, missread the point, so dumb of me rip

[stumail]

New VTable Indexes

Thanks, looking at the code above do you see any reason for the game to be crashing? Is the index correct on that one?


@pean153 Kinda my fault, I used the word offset when really index is the correct thing to say.

[viking911]

Thanks, looking at the code above do you see any reason for the game to be crashing? Is the index correct on that one?


@pean153 Kinda my fault, I used the word offset when really index is the correct thing to say.

All indexes are correct that i've posted.
I just wonder, how you are hooking your PaintTraverse.

[stumail]

@viking911 Paint Traverse is for gui drawing correct? I am having issues with getting player bone positions for an aimbot.

[viking911]

@viking911 Paint Traverse is for gui drawing correct? I am having issues with getting player bone positions for an aimbot.

Check your IPanel Index. it should be "36"
Check your PaintTraverse Index. it should be "41"

[stumail]

I don't have Paint Traverse hooked. I shouldn't need this for getting bone positions or am I just mistaken?