├── README.md
└── Source
    ├── Shadowgun Legends 0.4.2 Dump.cs
    └── Tweak.xm


/README.md:
--------------------------------------------------------------------------------
 1 | # Shadowgun: Legends v0.4.2 Aimbot
 2 | 
 3 | ### Made by shmoo @hackedbyshmoo
 4 | 
 5 | This aimbot is for educational purposes only. I purposely left out class implementations for Vector3 and Quaternion. You can write those yourself. There's also implementation for Quaternion::LookRotation online.
 6 | I included the dump for reference. Enjoy!
 7 | 
 8 | See it in action:
 9 | https://www.youtube.com/watch?v=TO2CKiUsHDI
10 | 
11 | DADDYDEEEEEEEEEEEEEP WAS HERE
12 | 


--------------------------------------------------------------------------------
/Source/Tweak.xm:
--------------------------------------------------------------------------------
  1 | /*
  2 | Shadowgun: Legends v0.4.2 aimbot source code.
  3 | Made by shmoo.
  4 | Function naming conventions:
  5 |     ClassName_FunctionName(arguments)
  6 | ...for easy reference in the included dump.
  7 | */
  8 |  
  9 | #import "Macros.h"
 10 | #import "Config.h"
 11 | #import <substrate.h>
 12 | #import <mach-o/dyld.h>
 13 | 
 14 | uint64_t getRealOffset(uint64_t);
 15 | 
 16 | struct me_t {
 17 | 	void *object;
 18 | 	Vector3 location;
 19 | };
 20 | 
 21 | struct enemy_t {
 22 | 	void *object;
 23 | 	Vector3 location;
 24 | 	float distanceFromMe;
 25 | 	float health;
 26 | };
 27 | 
 28 | me_t *me;
 29 | enemy_t *currentTarget;
 30 | 
 31 | Quaternion lookRotation;
 32 | 
 33 | void *(*Component_GetTransform)(void *component) = (void *(*)(void *))getRealOffset(0x100E6CBB4);
 34 | void (*Transform_INTERNAL_GetPosition)(void *transform, Vector3 *vec) = (void (*)(void *, Vector3 *))getRealOffset(0x100ECE7E4);
 35 | 
 36 | void *(*ComponentPlayer_GetOwner)(void *componentPlayer) = (void *(*)(void *))getRealOffset(0x1001CB318);
 37 | 
 38 | void (*ComponentPlayer_LateUpdate)(void *componentPlayer);
 39 | 
 40 | void _ComponentPlayer_LateUpdate(void *componentPlayer){
 41 | 	if(!me){
 42 | 		me = new me_t();
 43 | 	}
 44 | 	else{
 45 | 		me->object = componentPlayer;
 46 | 
 47 | 		void *myTransform = Component_GetTransform(me->object);
 48 | 		Vector3 myLocation;
 49 | 
 50 | 		Transform_INTERNAL_GetPosition(myTransform, &myLocation);
 51 | 
 52 | 		me->location = myLocation;
 53 | 	}
 54 | 
 55 | 	ComponentPlayer_LateUpdate(componentPlayer);
 56 | }
 57 | 
 58 | float (*ComponentEnemy_GetCurrentHealth)(void *componentEnemy) = (float (*)(void *))getRealOffset(0x1001F3FA4);
 59 | 
 60 | void (*ComponentEnemy_Update)(void *componentEnemy);
 61 | 
 62 | void _ComponentEnemy_Update(void *componentEnemy){
 63 | 	if(!currentTarget){
 64 | 		currentTarget = new enemy_t();
 65 | 	}
 66 | 	//we need to have a non-null me object in order to get my location
 67 | 	else if(me && currentTarget){
 68 | 		//before we go out to find a potential target, make sure that potential target meets these conditions
 69 | 		//first, get health to check if this potential target is dead
 70 | 		float firstTargetHealth = -1.0f;
 71 | 		bool dead = false;
 72 | 
 73 | 		firstTargetHealth = ComponentEnemy_GetCurrentHealth(componentEnemy);
 74 | 
 75 | 		dead = firstTargetHealth < 1;
 76 | 
 77 | 		//first time initialization of currentTarget's object, so assign it to whoever we find first
 78 | 		if(!currentTarget->object && !dead){
 79 | 			currentTarget->object = componentEnemy;
 80 | 			currentTarget->health = firstTargetHealth;
 81 | 
 82 | 			void *enemyTransform = Component_GetTransform(componentEnemy);
 83 | 			Vector3 enemyLocation;
 84 | 
 85 | 			Transform_INTERNAL_GetPosition(enemyTransform, &enemyLocation);
 86 | 
 87 | 			currentTarget->location = enemyLocation;
 88 | 			currentTarget->distanceFromMe = Vector3::distance(currentTarget->location, me->location);
 89 | 
 90 | 			ComponentEnemy_Update(componentEnemy);
 91 | 
 92 | 			return;
 93 | 		}
 94 | 
 95 | 		//update componentEnemy values in currentTarget
 96 | 		if(currentTarget->object == componentEnemy){
 97 | 			void *enemyTransform = Component_GetTransform(componentEnemy);
 98 | 			Vector3 enemyLocation;
 99 | 
100 | 			Transform_INTERNAL_GetPosition(enemyTransform, &enemyLocation);
101 | 
102 | 			currentTarget->location = enemyLocation;
103 | 			currentTarget->distanceFromMe = Vector3::distance(currentTarget->location, me->location);
104 | 			currentTarget->health = ComponentEnemy_GetCurrentHealth(currentTarget->object);;
105 | 		}
106 | 
107 | 		//do not track a dead enemy
108 | 		if(currentTarget->health < 1){
109 | 			//set the currentTarget to NULL to start a new search right away
110 | 			currentTarget = NULL;
111 | 
112 | 			ComponentEnemy_Update(componentEnemy);
113 | 
114 | 			return;
115 | 		}
116 | 
117 |         	//try and find another target
118 | 		float potentialTargetHealth = ComponentEnemy_GetCurrentHealth(componentEnemy);
119 | 
120 | 		void *potentialEnemyTransform = Component_GetTransform(componentEnemy);
121 | 		Vector3 potentialEnemyLocation;
122 | 
123 | 		Transform_INTERNAL_GetPosition(potentialEnemyTransform, &potentialEnemyLocation);
124 | 
125 | 		float potentialEnemyDistanceFromMe = Vector3::distance(potentialEnemyLocation, me->location);
126 | 
127 | 		//we found someone closer, update currentTarget
128 | 		if(potentialTargetHealth > 1 && potentialEnemyDistanceFromMe < currentTarget->distanceFromMe){
129 | 			currentTarget->object = componentEnemy;
130 | 			currentTarget->location = potentialEnemyLocation;
131 | 			currentTarget->distanceFromMe = potentialEnemyDistanceFromMe;
132 | 			currentTarget->health = potentialTargetHealth;
133 | 		}
134 | 
135 | 		//make the Quaternion that will hold a rotation to currentTarget
136 | 		lookRotation = Quaternion::LookRotation(currentTarget->location - me->location, Vector3(0, 1, 0));
137 | 
138 | 		//now, do some climbing to get the object we need to modify our rotation!
139 | 		void *myOwner = ComponentPlayer_GetOwner(me->object);
140 | 
141 | 		if(myOwner){
142 | 			void *blackboard = *(void **)((uint64_t)myOwner + 0x180);
143 | 
144 | 			if(blackboard){
145 | 				void *desiredData = *(void **)((uint64_t)blackboard + 0xc8);
146 | 
147 | 				if(desiredData){
148 | 					//set my rotation to face currentTarget
149 | 					*(Quaternion *)((uint64_t)desiredData + 0x30) = lookRotation;
150 | 				}
151 | 			}
152 | 		}
153 | 	}
154 | 
155 | 	ComponentEnemy_Update(componentEnemy);
156 | }
157 | 
158 | %ctor {
159 |     MSHookFunction((void *)getRealOffset(0x100200C10), (void *)_ComponentPlayer_LateUpdate, (void **)&ComponentPlayer_LateUpdate);
160 |     MSHookFunction((void *)getRealOffset(0x1001F20C4), (void *)_ComponentEnemy_Update, (void **)&ComponentEnemy_Update);
161 | }
162 | 
163 | uint64_t getRealOffset(uint64_t offset){
164 |     return _dyld_get_image_vmaddr_slide(0)+offset;
165 | }
166 | 


--------------------------------------------------------------------------------