Simple Aimbot
Simple Aimbot
[PART 1]
Requirements:
Reclass / structbuild
Ollydbg
A brain
Strongly Recommended:
knowledge of asm/ reversing (watch lena151 tuts)
a knowledge of c++
Ok, so I decided to try and make a simple aimbot tutorial, because the only other one is very outdated. My sample game will be AssualtCube.
The first step to building your aimbot is to obtain the player's data. To do this, you can use a debugger or dissasembler. Im using Ollydbg.
First step : Look for logical places where data specific to each player would be needed, such as a scoreboard, team, etc. In assualtcube, i found it with a text string called "player %s disconnected".
%s is basically a string that will not remain constant. Looking above it, i see an array. arrays look like this in asm:
EAX is the index of the particular data ( like [1] or[2] ).
ofcourse it could be any registers. Right above the string i found, i see a PUSH EAX. So that means that the EAX holds the string for the players name, or %s. So im guessing that EDX is the start of the array, and EAX is the index of the player*4 (4 is the number of bytes a pointer is). So the table of all the players is stored at whatever EDX is, and in this case it's (hex )4E4E08.
For this step you will need reclass or structbuild. Attatch it to your game while in a game with other players, and add a new class, and make the address your base (4E4E08 in my case).
When i put myn in, i saw that the first line was a pointer to a place in memory, thanks to reclass's comments.
So click on the little "P" on the left side, indicating a pointer to a new class, with the line selected.
I saw an array of pointers, so i did another class pointer to a random one, and saw data that was changing, and that was float. I could tell it was float, because it wasn't huge or tiny, and it had changing values, so i could tell it was a position. I confirmed this by noticing 2 more variables directly following the first, so it would be an XYZ coordinate. So click on the "float" button to remember that it is a float, and name it X. Do the same for the following 2, but call them Y and Z.
Now if you scroll down and look at other values, you will find yaw/pitch not too far down. I will let u find those.
After we have completed reversing the player class, let's name the class's (same way u named X Y Z) and view the header.
Mine looked like this:
We have a bit of changing to do! Change the pointer to an array of pointers, my assualtcube has 32. Rename the things that were not what you wanted them to say. i renamed the cPlayer* IDEADSLEAWLwhatever to this, becuase the original name dosen't make since, and it is an array:
So you may be wondering, what are classes used for?
Well, ill give you an example. You have a player pointer at hex 12345. You need to add 123 to it to get the x position. You could make the code cleaner and easier by instead addding a class with a char array of 123 in the very front of the class, and have cast the player pointer as a type of your class.
A crucial thing to understand about classes is that it is all about the size of the member. So a float x, y, z in a row could be declared as any class with the only memebers being 3 floats. "vec" is a class that has 3 float types. THe class size is 12, and the size of float x, y,z is also 12. COMPATIBLE! same with D3DXVECTOR3. So you can change the float x, y, z to one line of D3DXVECTOR3 pos, or vec pos. (vec is a custom class, i will post it later on).[END OF PART 1]
[PART 2]So now we are finished with reversing the player table and class. We need our own class now.
Look for things unique to you.
I found a txt string in assultcube that says "your name is: %s". %s would be my name. Look above that and you'll see a string called "unarmed", which is the defualt name. Above that, we see a address of 4E4DBC. Something at address 0x4E4DBC + 0x219 is compared to 0. If it is 0, it calls a function, which im guessing is to set your name to unarmed. so 4E4DBC is your player base class, and 0x219 is the offset for your name. Now the class that 4E4DBC points to is the same as the other player's classes I found. So we don't need to open reclass up. Just remeber that 4E4DBC points to the start of our player's class.
So we now have all the data we need to make the aimbot (A way of getting other player's XYZ, our XYZ, and our pitch/yaw). My finished classes look like this:
We access our player data with this c++ code:
Im not gonna explain the syntax or anything, i suggest you experiment yourself to find out.
and for the other players:
[end of part 2]
ALL you need now is the math and the value of the # of players in the game (4E4E10).
I got 4E4E10 by looking at the cmp's, and it would compare the index of the array to 4E4E10 and jmp if it was above/below basically.
Now you can figure out ta mathz
Requirements:
Reclass / structbuild
Ollydbg
A brain
Strongly Recommended:
knowledge of asm/ reversing (watch lena151 tuts)
a knowledge of c++
Ok, so I decided to try and make a simple aimbot tutorial, because the only other one is very outdated. My sample game will be AssualtCube.
The first step to building your aimbot is to obtain the player's data. To do this, you can use a debugger or dissasembler. Im using Ollydbg.
First step : Look for logical places where data specific to each player would be needed, such as a scoreboard, team, etc. In assualtcube, i found it with a text string called "player %s disconnected".
%s is basically a string that will not remain constant. Looking above it, i see an array. arrays look like this in asm:
Code:
EDX+EAX*4
ofcourse it could be any registers. Right above the string i found, i see a PUSH EAX. So that means that the EAX holds the string for the players name, or %s. So im guessing that EDX is the start of the array, and EAX is the index of the player*4 (4 is the number of bytes a pointer is). So the table of all the players is stored at whatever EDX is, and in this case it's (hex )4E4E08.
For this step you will need reclass or structbuild. Attatch it to your game while in a game with other players, and add a new class, and make the address your base (4E4E08 in my case).
When i put myn in, i saw that the first line was a pointer to a place in memory, thanks to reclass's comments.
So click on the little "P" on the left side, indicating a pointer to a new class, with the line selected.
I saw an array of pointers, so i did another class pointer to a random one, and saw data that was changing, and that was float. I could tell it was float, because it wasn't huge or tiny, and it had changing values, so i could tell it was a position. I confirmed this by noticing 2 more variables directly following the first, so it would be an XYZ coordinate. So click on the "float" button to remember that it is a float, and name it X. Do the same for the following 2, but call them Y and Z.
Now if you scroll down and look at other values, you will find yaw/pitch not too far down. I will let u find those.
After we have completed reversing the player class, let's name the class's (same way u named X Y Z) and view the header.
Mine looked like this:
We have a bit of changing to do! Change the pointer to an array of pointers, my assualtcube has 32. Rename the things that were not what you wanted them to say. i renamed the cPlayer* IDEADSLEAWLwhatever to this, becuase the original name dosen't make since, and it is an array:
So you may be wondering, what are classes used for?
Well, ill give you an example. You have a player pointer at hex 12345. You need to add 123 to it to get the x position. You could make the code cleaner and easier by instead addding a class with a char array of 123 in the very front of the class, and have cast the player pointer as a type of your class.
Code:
class player
{
public:
char offset[123]; //chars are used, because they're 1 byte, making it easy
float x;
}
player* myplayer = (player*)0x12345;
myplayer->x = 100; // same as *(float*)(0x12345 + 123) = 100;
[PART 2]So now we are finished with reversing the player table and class. We need our own class now.
Look for things unique to you.
I found a txt string in assultcube that says "your name is: %s". %s would be my name. Look above that and you'll see a string called "unarmed", which is the defualt name. Above that, we see a address of 4E4DBC. Something at address 0x4E4DBC + 0x219 is compared to 0. If it is 0, it calls a function, which im guessing is to set your name to unarmed. so 4E4DBC is your player base class, and 0x219 is the offset for your name. Now the class that 4E4DBC points to is the same as the other player's classes I found. So we don't need to open reclass up. Just remeber that 4E4DBC points to the start of our player's class.
So we now have all the data we need to make the aimbot (A way of getting other player's XYZ, our XYZ, and our pitch/yaw). My finished classes look like this:
Code:
class cPlayer;
class cPlayerTable;
struct vec;
struct vec
{
union
{
struct { float x, y, z; };
float v[3];
int i[3];
};
vec() {}
vec(float a, float b, float c) : x(a), y(b), z(c) {}
vec(float *v) : x(v[0]), y(v[1]), z(v[2]) {}
float &operator[](int i) { return v[i]; }
float operator[](int i) const { return v[i]; }
bool iszero() const { return x==0 && y==0 && z==0; }
bool operator==(const vec &o) const { return x == o.x && y == o.y && z == o.z; }
bool operator!=(const vec &o) const { return x != o.x || y != o.y || z != o.z; }
vec operator-() const { return vec(-x, -y, -z); }
vec &mul(float f) { x *= f; y *= f; z *= f; return *this; }
vec &div(float f) { x /= f; y /= f; z /= f; return *this; }
vec &add(float f) { x += f; y += f; z += f; return *this; }
vec &sub(float f) { x -= f; y -= f; z -= f; return *this; }
vec &add(const vec &o) { x += o.x; y += o.y; z += o.z; return *this; }
vec &sub(const vec &o) { x -= o.x; y -= o.y; z -= o.z; return *this; }
float squaredlen() const { return x*x + y*y + z*z; }
float dot(const vec &o) const { return x*o.x + y*o.y + z*o.z; }
float magnitude() const { return sqrtf(squaredlen()); }
vec &normalize() { div(magnitude()); return *this; }
float dist(const vec &e) const { vec t; return dist(e, t); }
float dist(const vec &e, vec &t) const { t = *this; t.sub(e); return t.magnitude(); }
float distxy(const vec &e) const { float dx = e.x - x, dy = e.y - y; return sqrtf(dx*dx + dy*dy); }
float magnitudexy() const { return sqrtf(x*x + y*y); }
bool reject(const vec &o, float max) const { return x>o.x+max || x<o.x-max || y>o.y+max || y<o.y-max; }
vec &cross(const vec &a, const vec &b) { x = a.y*b.z-a.z*b.y; y = a.z*b.x-a.x*b.z; z = a.x*b.y-a.y*b.x; return *this; }
void rotate_around_z(float angle) { *this = vec(cosf(angle)*x-sinf(angle)*y, cosf(angle)*y+sinf(angle)*x, z); }
void rotate_around_x(float angle) { *this = vec(x, cosf(angle)*y-sinf(angle)*z, cosf(angle)*z+sinf(angle)*y); }
void rotate_around_y(float angle) { *this = vec(cosf(angle)*x-sinf(angle)*z, y, cosf(angle)*z+sinf(angle)*x); }
vec &rotate(float angle, const vec &d)
{
float c = cosf(angle), s = sinf(angle);
return rotate(c, s, d);
}
vec &rotate(float c, float s, const vec &d)
{
*this = vec(x*(d.x*d.x*(1-c)+c) + y*(d.x*d.y*(1-c)-d.z*s) + z*(d.x*d.z*(1-c)+d.y*s),
x*(d.y*d.x*(1-c)+d.z*s) + y*(d.y*d.y*(1-c)+c) + z*(d.y*d.z*(1-c)-d.x*s),
x*(d.x*d.z*(1-c)-d.y*s) + y*(d.y*d.z*(1-c)+d.x*s) + z*(d.z*d.z*(1-c)+c));
return *this;
}
void orthogonal(const vec &d)
{
int i = fabs(d.x) > fabs(d.y) ? (fabs(d.x) > fabs(d.z) ? 0 : 2) : (fabs(d.y) > fabs(d.z) ? 1 : 2);
v[i] = d[(i+1)%3];
v[(i+1)%3] = -d[i];
v[(i+2)%3] = 0;
}
};
class cPlayer
{
public:
char unknown0[4]; //0x0000
vec pos;
char unknown16[36]; //0x0010
vec footpos;
float yaw; //0x0040
float pitch; //0x0044
};//Size=0x0228(552)
class cPlayerTable
{
public:
char unknown0[4]; //0x0000
cPlayer* player[32]; //0x0004
};//Size=0x043C(1084)
Code:
cPlayer* player = *(cPlayer**)(0x4E4DBC); //to access things: player->pitch = 90; player->yaw = 90;
and for the other players:
Code:
cPlayerTable* pPlayerTable = *(cPlayerTable**)(0x4E4DBC); //to access other player's XYZ pPlayerTable->player[0]->pos; //0-31 is valid
ALL you need now is the math and the value of the # of players in the game (4E4E10).
I got 4E4E10 by looking at the cmp's, and it would compare the index of the array to 4E4E10 and jmp if it was above/below basically.
Now you can figure out ta mathz
your very good tutorial.
It will help many people!
OMG! ! !
It will help many people!
OMG! ! !
Did you really make this tut? or is this leeched?
Moved to C++ section.
@kibbles18
Anything unrelated to Combat Arms, post here.
@kibbles18
Anything unrelated to Combat Arms, post here.
YEs i MAde it, a big headache it was
Originally Posted by kibbles18
YEs i MAde it, a big headache it was
This is a great tutorial and will be very very useful to me
Ok so more on the asterkid * thing. They are used when working with and dereferencing pointers. Here is an example:
You have address 12345 in cheat engine, and it is a integer type and contains value 5.
In c++, we can change value from 5 to 10 with this line:
So using *s before the cast as int and after ( *(type*) ) gives you access to the value in that address. So when that address points to the start of
The class, like in my example, we access the starting address using *(dword*)0x12345. Now we have the start of the class! But we must declare it as a class pointer as well! So add another * after the type, like *(classtype**). Thats how i remember it.
If you had a static, or nonchanging, class we could access it with only (class*). But we didnt so we had to get the start of the class first.
You have address 12345 in cheat engine, and it is a integer type and contains value 5.
In c++, we can change value from 5 to 10 with this line:
Code:
*(int*)0x12345 = 10;
The class, like in my example, we access the starting address using *(dword*)0x12345. Now we have the start of the class! But we must declare it as a class pointer as well! So add another * after the type, like *(classtype**). Thats how i remember it.
If you had a static, or nonchanging, class we could access it with only (class*). But we didnt so we had to get the start of the class first.
nice tut but dont use assualt cube. cause the code fucks up if you use it on other computers
The aimbot i released here for acube worked for everyone
Even if that is true, this is just teaching, and is just an example for learning.
Even if that is true, this is just teaching, and is just an example for learning.
what software are you using to do this aimbot?
Look at top of post under requirements
lol nice tut...
wow thats not simple ass alll download the CUBE Aimbot.......... It is at The C++ Program Cube Hack Toturial.
Originally Posted by LegitBlackOut
wow thats not simple ass alll download the CUBE Aimbot.......... It is at The C++ Program Cube Hack Toturial.
Originally Posted by LegitBlackOut
wow thats not simple ass alll download the CUBE Aimbot.......... It is at The C++ Program Cube Hack Toturial.
Similar Threads
- 41Last post
- 8Last post
- 0Last post
- Simple aimbot source codeBy yusako in Call of Duty Modern Warfare 2 Coding / Programming / Source Code23Last post
- 1Last post