[Source]Cube2 external aimbot(1v1 botmatch only)

**Hell_Demon** · 12-19-2010

Code:

#include <windows.h>
#include <iostream>
#include <math.h>
using namespace std;

class PlayerClass;

class PlayerClass
{
public:
	float pX; //0x0000  
	float pY; //0x0004  
	float pZ; //0x0008  
	float velX; //0x000C  
	float velY; //0x0010  
	float velZ; //0x0014  
	float ID03A26B40; //0x0018  
	float ID03A26AC0; //0x001C  
	float FallDist; //0x0020  
	float ID03A269C0; //0x0024  
	float ID03A26940; //0x0028  
	float ID03A268C0; //0x002C  
	float ID03A26840; //0x0030  
	float ID03A267C0; //0x0034  
	float ID03A16920; //0x0038  
	float rYaw; //0x003C  
	float rPitch; //0x0040  
	float rRoll; //0x0044  
	__int32 ID03A24040; //0x0048  
	__int32 ID03A16B20; //0x004C  
	__int32 ID03A16BA0; //0x0050  
	__int32 ID03A16C20; //0x0054  
	__int32 ID03A16CA0; //0x0058  
	__int32 ID03A16D20; //0x005C  
	__int32 ID03A16DA0; //0x0060  
	__int32 ID03A16E20; //0x0064  
	__int32 ID03A16EA0; //0x0068  
	__int32 ID03A16F20; //0x006C  
	__int32 ID03A16FA0; //0x0070  
	__int32 ID03A17020; //0x0074  
	__int32 ID03A170A0; //0x0078  
	__int32 ID03A17120; //0x007C  
	__int32 ID03A171A0; //0x0080  
	__int32 ID03A17220; //0x0084  
	__int32 ID03A172A0; //0x0088  
	__int32 ID03A17320; //0x008C  
	__int32 ID03A173A0; //0x0090  
	__int32 ID03A17420; //0x0094  
	__int32 ID03A174A0; //0x0098  
	__int32 ID03A17520; //0x009C  
	__int32 ID03A175A0; //0x00A0  
	__int32 ID03A17620; //0x00A4  
	__int32 ID03A176A0; //0x00A8  
	__int32 ID03A17720; //0x00AC  
	__int32 ID03A177A0; //0x00B0  
	__int32 ID03A17820; //0x00B4  
	__int32 ID03A20F40; //0x00B8  
	__int32 ID03A20FC0; //0x00BC  
	__int32 ID03A21040; //0x00C0  
	__int32 ID03A210C0; //0x00C4  
	__int32 ID03A21140; //0x00C8  
	__int32 ID03A211C0; //0x00CC  
	__int32 ID03A21240; //0x00D0  
	__int32 ID03A212C0; //0x00D4  
	__int32 ID03A21340; //0x00D8  
	__int32 ID03A213C0; //0x00DC  
	__int32 ID03A21440; //0x00E0  
	__int32 ID03A214C0; //0x00E4  
	__int32 ID03A21540; //0x00E8  
	__int32 ID03A215C0; //0x00EC  
	__int32 ID03A21640; //0x00F0  
	__int32 ID03A216C0; //0x00F4  
	__int32 ID03A21740; //0x00F8  
	__int32 ID03A217C0; //0x00FC  
	__int32 ID03A21840; //0x0100  
	__int32 ID03A218C0; //0x0104  
	__int32 ID03A21940; //0x0108  
	__int32 ID03A219C0; //0x010C  
	__int32 ID03A21A40; //0x0110  
	__int32 ID03A21AC0; //0x0114  
	__int32 ID03A21B40; //0x0118  
	__int32 ID03A21BC0; //0x011C  
	__int32 ID03A21C40; //0x0120  
	__int32 ID03A21CC0; //0x0124  
	__int32 ID03A21D40; //0x0128  
	__int32 ID03A21DC0; //0x012C  
	__int32 ID03A21E40; //0x0130  
	__int32 ID03A21EC0; //0x0134  
	__int32 ID03A21F40; //0x0138  
	__int32 ID03A21FC0; //0x013C  
	__int32 ID03A22040; //0x0140  
	__int32 ID03A220C0; //0x0144  
	__int32 ID03A22140; //0x0148  
	__int32 ID03A221C0; //0x014C  
	__int32 ID03A22240; //0x0150  
	__int32 ID03A222C0; //0x0154  
	__int32 ID03A22340; //0x0158  
	__int32 Health; //0x015C  
	__int32 MaxHealth; //0x0160  
	__int32 Armor; //0x0164  
	__int32 ID03A22540; //0x0168  
	__int32 ID03A225C0; //0x016C  
	__int32 CurGun; //0x0170  
	__int32 ID03A226C0; //0x0174  
	__int32 ID03A22740; //0x0178  
	__int32 Gun1Ammo; //0x017C  
	__int32 Gun2Ammo; //0x0180  
	__int32 Gun3Ammo; //0x0184  
	__int32 Gun4Ammo; //0x0188  
	__int32 Gun5Ammo; //0x018C  
	__int32 Gun6Ammo; //0x0190  
	__int32 ID03A22AC0; //0x0194  
	__int32 ID03A22B40; //0x0198  
	__int32 ID03A22BC0; //0x019C  
	__int32 ID03A22C40; //0x01A0  
	__int32 ID03A22CC0; //0x01A4  
	__int32 ID03A22D40; //0x01A8  
	__int32 ID03A22DC0; //0x01AC  
	__int32 ID03A22E40; //0x01B0  
	__int32 ID03A22F40; //0x01B4  
	__int32 ID03A22FC0; //0x01B8  
	__int32 ID03A23040; //0x01BC  
	__int32 ID03A230C0; //0x01C0  
	__int32 ID03A23140; //0x01C4  
	__int32 ID03A231C0; //0x01C8  
	__int32 ID03A23240; //0x01CC  
	__int32 ID03A232C0; //0x01D0  
	__int32 ID03A23340; //0x01D4  
	__int32 ID03A233C0; //0x01D8  
	__int32 LastFiredGun; //0x01DC  
	__int32 ID03A234C0; //0x01E0  
	__int32 ID03A23540; //0x01E4  
	__int32 ID03A235C0; //0x01E8  
	__int32 ID03A23640; //0x01EC  
	__int32 ID03A236C0; //0x01F0  
	__int32 ID03A23740; //0x01F4  
	__int32 ID03A237C0; //0x01F8  
	__int32 ID03A23840; //0x01FC  
	__int32 ID03A238C0; //0x0200  
	__int32 ID03A23940; //0x0204  
	__int32 ID03A239C0; //0x0208  
	__int32 ID03A23A40; //0x020C  
	__int32 ID03A23AC0; //0x0210  
	__int32 ID03A23B40; //0x0214  
	__int32 ID03A23BC0; //0x0218  
	__int32 ID03A23C40; //0x021C  
	__int32 ID03A23CC0; //0x0220  
	__int32 ID03A23D40; //0x0224  
	__int32 ID03A23DC0; //0x0228  
	__int32 ID03A23E40; //0x022C  
	__int32 ID03A23EC0; //0x0230  
	__int32 ID03A23F40; //0x0234  
	char Name[260]; //0x0238  
	char Team[260]; //0x033C  
	char Info[260]; //0x0440  
};//Size=0x0544(1348)

struct vec
{
    union
    {
        struct { float x, y, z; };
        float v[3];
    };

    vec() {}
    explicit vec(int a) : x(a), y(a), z(a) {} 
    explicit vec(float a) : x(a), y(a), z(a) {} 
    vec(float a, float b, float c) : x(a), y(b), z(c) {}
    explicit vec(int v[3]) : x(v[0]), y(v[1]), z(v[2]) {}
    explicit vec(float *v) : x(v[0]), y(v[1]), z(v[2]) {}

    vec(float yaw, float pitch) : x(-sinf(yaw)*cosf(pitch)), y(cosf(yaw)*cosf(pitch)), z(sinf(pitch)) {}

    float &operator[](int i)       { return v[i]; }
    float  operator[](int i) const { return v[i]; }
    
    vec &set(int i, float f) { v[i] = f; return *this; }

    bool operator==(const vec &o) const { return x == o.x && y == o.y && z == o.z; }
    bool operator!=(const vec &o) const { return x != o.x || y != o.y || z != o.z; }

    bool iszero() const { return x==0 && y==0 && z==0; }
    float squaredlen() const { return x*x + y*y + z*z; }
    float dot2(const vec &o) const { return x*o.x + y*o.y; }
    float dot(const vec &o) const { return x*o.x + y*o.y + z*o.z; }
    vec &mul(const vec &o)   { x *= o.x; y *= o.y; z *= o.z; return *this; }
    vec &mul(float f)        { x *= f; y *= f; z *= f; return *this; }
    vec &div(const vec &o)   { x /= o.x; y /= o.y; z /= o.z; return *this; }
    vec &div(float f)        { x /= f; y /= f; z /= f; return *this; }
    vec &add(const vec &o)   { x += o.x; y += o.y; z += o.z; return *this; }
    vec &add(float f)        { x += f; y += f; z += f; return *this; }
    vec &sub(const vec &o)   { x -= o.x; y -= o.y; z -= o.z; return *this; }
    vec &sub(float f)        { x -= f; y -= f; z -= f; return *this; }
    vec &neg2()              { x = -x; y = -y; return *this; }
    vec &neg()               { x = -x; y = -y; z = -z; return *this; }
    float magnitude2() const { return sqrtf(dot2(*this)); }
    float magnitude() const  { return sqrtf(squaredlen()); }
    vec &normalize()         { div(magnitude()); return *this; }
    bool isnormalized() const { float m = squaredlen(); return (m>0.99f && m<1.01f); }
    float squaredist(const vec &e) const { return vec(*this).sub(e).squaredlen(); }
    float dist(const vec &e) const { vec t; return dist(e, t); }
    float dist(const vec &e, vec &t) const { t = *this; t.sub(e); return t.magnitude(); }
    bool reject(const vec &o, float r) { return x>o.x+r || x<o.x-r || y>o.y+r || y<o.y-r; }
    template<class A, class B>
    vec &cross(const A &a, const B &b) { x = a.y*b.z-a.z*b.y; y = a.z*b.x-a.x*b.z; z = a.x*b.y-a.y*b.x; return *this; }
    vec &cross(const vec &o, const vec &a, const vec &b) { return cross(vec(a).sub(o), vec(b).sub(o)); }
    float scalartriple(const vec &a, const vec &b) const { return x*(a.y*b.z-a.z*b.y) + y*(a.z*b.x-a.x*b.z) + z*(a.x*b.y-a.y*b.x); }
    vec &reflectz(float rz) { z = 2*rz - z; return *this; }
    vec &reflect(const vec &n) { float k = 2*dot(n); x -= k*n.x; y -= k*n.y; z -= k*n.z; return *this; }
    vec &project(const vec &n) { float k = dot(n); x -= k*n.x; y -= k*n.y; z -= k*n.z; return *this; }
    vec &projectxydir(const vec &n) { if(n.z) z = -(x*n.x/n.z + y*n.y/n.z); return *this; }
    vec &lerp(const vec &b, float t) { x += (b.x-x)*t; y += (b.y-y)*t; z += (b.z-z)*t; return *this; }
    vec &lerp(const vec &a, const vec &b, float t) { x = a.x + (b.x-a.x)*t; y = a.y + (b.y-a.y)*t; z = a.z + (b.z-a.z)*t; return *this; }

    vec &rescale(float k)
    {
        float mag = magnitude();
        if(mag > 1e-6f) mul(k / mag);
        return *this;
    }

    vec &rotate_around_z(float angle) { *this = vec(cosf(angle)*x-sinf(angle)*y, cosf(angle)*y+sinf(angle)*x, z); return *this; }
    vec &rotate_around_x(float angle) { *this = vec(x, cosf(angle)*y-sinf(angle)*z, cosf(angle)*z+sinf(angle)*y); return *this; }
    vec &rotate_around_y(float angle) { *this = vec(cosf(angle)*x-sinf(angle)*z, y, cosf(angle)*z+sinf(angle)*x); return *this; }

    vec &rotate(float angle, const vec &d)
    {
        float c = cosf(angle), s = sinf(angle);
        return rotate(c, s, d);
    }

    vec &rotate(float c, float s, const vec &d)
    {
        *this = vec(x*(d.x*d.x*(1-c)+c) + y*(d.x*d.y*(1-c)-d.z*s) + z*(d.x*d.z*(1-c)+d.y*s),
                    x*(d.y*d.x*(1-c)+d.z*s) + y*(d.y*d.y*(1-c)+c) + z*(d.y*d.z*(1-c)-d.x*s),
                    x*(d.x*d.z*(1-c)-d.y*s) + y*(d.y*d.z*(1-c)+d.x*s) + z*(d.z*d.z*(1-c)+c));
        return *this;
    }

    void orthogonal(const vec &d)
    {
        int i = fabs(d.x) > fabs(d.y) ? (fabs(d.x) > fabs(d.z) ? 0 : 2) : (fabs(d.y) > fabs(d.z) ? 1 : 2); 
        v[i] = d[(i+1)%3];
        v[(i+1)%3] = -d[i];
        v[(i+2)%3] = 0;
    }

    void orthonormalize(vec &s, vec &t) const
    {
        s.sub(vec(*this).mul(dot(s)));
        t.sub(vec(*this).mul(dot(t)))
         .sub(vec(s).mul(s.dot(t)));
    }

    template<class T> float dist_to_bb(const T &min, const T &max) const
    {
        float sqrdist = 0;
        loopi(3)
        {
            if     (v[i] < min[i]) { float delta = v[i]-min[i]; sqrdist += delta*delta; }
            else if(v[i] > max[i]) { float delta = max[i]-v[i]; sqrdist += delta*delta; }
        }
        return sqrtf(sqrdist);
    }

    template<class T, class S> float dist_to_bb(const T &o, S size) const
    {
        return dist_to_bb(o, T(o).add(size));
    }
};

#define PI  (3.1415927f)
#define RAD (PI / 180.0f)

void getyawpitch(const vec &from, const vec &pos, float &yaw, float &pitch)
{
        float dist = from.dist(pos);
        yaw = -atan2(pos.x-from.x, pos.y-from.y)/RAD;
        pitch = asin((pos.z-from.z)/dist)/RAD;
}

int main()
{
	PlayerClass a,b;
	
	HWND WindowsHandle = FindWindow(0, L"Cube 2: Sauerbraten");
	unsigned long WindowsPID;
    if (!FindWindow(0, L"Cube 2: Sauerbraten")) { printf("Window %s not found!", "Cube 2: Sauerbraten"); cin.get(); exit(0); }
    GetWindowThreadProcessId(WindowsHandle, &WindowsPID);  /* Get windows PID from a window handle */
    HANDLE WindowsProcessHandle = OpenProcess(PROCESS_ALL_ACCESS, false, WindowsPID);
	DWORD dwa,dwa2;
	while(1)
	{
		if(GetAsyncKeyState(VK_RBUTTON))
		{
			ReadProcessMemory(WindowsProcessHandle, (LPCVOID)0x5C4900, &dwa, 4, 0);
			ReadProcessMemory(WindowsProcessHandle, (LPCVOID)(dwa+4), &dwa2, 4, 0);
			ReadProcessMemory(WindowsProcessHandle, (LPCVOID)dwa, &dwa, 4, 0);
			ReadProcessMemory(WindowsProcessHandle, (LPCVOID)dwa2, &b, 0x48, 0);
			ReadProcessMemory(WindowsProcessHandle, (LPCVOID)dwa, &a, 0x48, 0);
			vec v1(a.pX, a.pY, a.pZ), v2(b.pX+=b.velX*0.03, b.pY+=b.velY*0.03, b.pZ);
			float yaw,pitch;
			getyawpitch(v1, v2, yaw,pitch);
			a.rYaw = yaw;
			a.rPitch = pitch;
			WriteProcessMemory(WindowsProcessHandle, (LPVOID)dwa, &a, 0x48, 0);
		}
		Sleep(10);
	}
	CloseHandle(WindowsProcessHandle);
	return 1;
}

/*Player table ptr: 0x5C4900 //players
+ 0x8 - player count

Monster table ptr: 0x5C4974 //used in singleplayer
+ 0x8 - monster count

Movables table ptr: 0x5C4980 //grenades, rockets etc.
+ 0x8 - moveables count
*/

Have fun

**Hell_Demon** · 12-19-2010

Here's where I got the addies from btw:

Code:

    dynent *iterdynents(int i)
    {
        if(i<players.length()) return players[i];
        i -= players.length();
        if(i<monsters.length()) return (dynent *)monsters[i];
        i -= monsters.length();
        if(i<movables.length()) return (dynent *)movables[i];
        return NULL;
    }

Code:

004B6889  /$ 8B0D 08495C00  MOV ECX,DWORD PTR DS:[5C4908] //playercount
004B688F  |. 3BC1           CMP EAX,ECX
004B6891  |. 7D 0A          JGE SHORT sauerbra.004B689D
004B6893  |. 8B0D 00495C00  MOV ECX,DWORD PTR DS:[5C4900] //player table ptr
004B6899  |> 8B0481         MOV EAX,DWORD PTR DS:[ECX+EAX*4]
004B689C  |. C3             RETN
004B689D  |> 2BC1           SUB EAX,ECX
004B689F  |. 8B0D 7C495C00  MOV ECX,DWORD PTR DS:[5C497C] //monster count
004B68A5  |. 3BC1           CMP EAX,ECX
004B68A7  |. 7D 08          JGE SHORT sauerbra.004B68B1
004B68A9  |. 8B0D 74495C00  MOV ECX,DWORD PTR DS:[5C4974] //monster table ptr
004B68AF  |.^EB E8          JMP SHORT sauerbra.004B6899
004B68B1  |> 2BC1           SUB EAX,ECX
004B68B3  |. 3B05 88495C00  CMP EAX,DWORD PTR DS:[5C4988] //movables count
004B68B9  |. 7D 08          JGE SHORT sauerbra.004B68C3
004B68BB  |. 8B0D 80495C00  MOV ECX,DWORD PTR DS:[5C4980] //moveables table ptr
004B68C1  |.^EB D6          JMP SHORT sauerbra.004B6899
004B68C3  |> 33C0           XOR EAX,EAX
004B68C5  \. C3             RETN

Signature:

Code:

7D 0A ?? ?? ?? ?? ?? ?? ?? ?? ?? C3 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 7D 08 ?? ?? ?? ?? ?? ?? EB E8

Have fun

**sam22** · 12-19-2010

Originally Posted by Hell_Demon

Here's where I got the addies from btw:

Code:

    dynent *iterdynents(int i)
    {
        if(i<players.length()) return players[i];
        i -= players.length();
        if(i<monsters.length()) return (dynent *)monsters[i];
        i -= monsters.length();
        if(i<movables.length()) return (dynent *)movables[i];
        return NULL;
    }

Code:

004B6889  /$ 8B0D 08495C00  MOV ECX,DWORD PTR DS:[5C4908] //playercount
004B688F  |. 3BC1           CMP EAX,ECX
004B6891  |. 7D 0A          JGE SHORT sauerbra.004B689D
004B6893  |. 8B0D 00495C00  MOV ECX,DWORD PTR DS:[5C4900] //player table ptr
004B6899  |> 8B0481         MOV EAX,DWORD PTR DS:[ECX+EAX*4]
004B689C  |. C3             RETN
004B689D  |> 2BC1           SUB EAX,ECX
004B689F  |. 8B0D 7C495C00  MOV ECX,DWORD PTR DS:[5C497C] //monster count
004B68A5  |. 3BC1           CMP EAX,ECX
004B68A7  |. 7D 08          JGE SHORT sauerbra.004B68B1
004B68A9  |. 8B0D 74495C00  MOV ECX,DWORD PTR DS:[5C4974] //monster table ptr
004B68AF  |.^EB E8          JMP SHORT sauerbra.004B6899
004B68B1  |> 2BC1           SUB EAX,ECX
004B68B3  |. 3B05 88495C00  CMP EAX,DWORD PTR DS:[5C4988] //movables count
004B68B9  |. 7D 08          JGE SHORT sauerbra.004B68C3
004B68BB  |. 8B0D 80495C00  MOV ECX,DWORD PTR DS:[5C4980] //moveables table ptr
004B68C1  |.^EB D6          JMP SHORT sauerbra.004B6899
004B68C3  |> 33C0           XOR EAX,EAX
004B68C5  \. C3             RETN

Signature:

Code:

7D 0A ?? ?? ?? ?? ?? ?? ?? ?? ?? C3 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 7D 08 ?? ?? ?? ?? ?? ?? EB E8

Have fun

good job thanks for sharing

**.::SCHiM::.** · 12-24-2010

Very nice work, I checked the video, and it looks class man

**GBot!** · 12-29-2010

Originally Posted by .::SCHiM::.

Very nice work, I checked the video, and it looks class man

Dont bump?

This looks nice and the game looks fun too

**.::SCHiM::.** · 12-29-2010

Originally Posted by sagge1

Dont bump?

This looks nice and the game looks fun too

Don't math?

1w-4d = 7d-4d = 3d = no bump?

**♪~ ᕕ(ᐛ)ᕗ** · 01-03-2011

OMG! It's just awsome! A day I really hope to be pro as you in C/C++

**Nickitee** · 11-19-2011

Sorry for up.
But how edit this source for multi-targeting?
Simple, i change:

Code:

ReadProcessMemory(WindowsProcessHandle, (LPCVOID)0x5C4900, &dwa, 4, 0);
ReadProcessMemory(WindowsProcessHandle, (LPCVOID)(dwa+4 //to dwa+8), &dwa2, 4, 0);

and i aim to another player in room (4 = 1, 8 = 2, 12 = 3...)
And, how code the multi targeting?
p.s.Sorry for my bad english

.

**Hassan** · 11-19-2011

Bumped. /Closed.
If you want to ask something, create a new thread for it.

Thread: [Source]Cube2 external aimbot(1v1 botmatch only)

Thread Tools

Display

[Source]Cube2 external aimbot(1v1 botmatch only)